Multiple Choice Questions

@Charlie,

There is definitely a new ipv4 ticket, or at least a variant. It does not
seem to be port security related. It is as RB described or close. I tried
many of the same things he did, including port security checks. Seems
to be a switch issue, but something different is going on with it.

Anyway, I’m annoyed that I failed by 1%… but it wasnt just that ticket
I got wrong so more study required. This site is very helpful though.

@Charlie thak you for the update. Please note that I had the port security problem and it was very very glaring without even doing full show run. This ticket in question i spoke about is totally not what you explained. I tried to capture it as I did on other questions but it will be unclear to send the images here.

Guys look out for the ticket n question, som people dont have it on their exam queue and they come here to say all tickets are the same.

Also dont forget one particular HSRP question is 100% wron here to adjust cos it might com up for you

@ALL please how long does it take for cisco to update my ccnp profile on their tracking site? I have written the 3 exams and yet to see it updated as CNNP

—————————————————————————————————-

NETWORKTUT PLEASE UPDATE MCQs AND TICKETS. EVERYONE SAYS THERE ARE NEW QUESTIONS. WE DONT WANT TO FAIL IN EXAM !!!

—————————————————————————————————-

What is the answer to these Questions:

which 1 did you choose your answer on the access-group question:

A. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.255
B. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.3
C. permit ICMP 10.x.x.x 0.0.0.255 170.x.x.x 0.0.0.255
D. permit ICMP 10.x.x.x 0.0.0.255 host 170.x.x.x

Router L ==== Router C ==== Router R

L and R routers were showing GRE and IPSec configurations, questions is an ACL applied in router C is blocking all IP traffic, which protocol should be allowed in the ACL to allow traffic.

A. ESP
B. GRE

@Anonymous, i told you man there is no new ticket, it depends from all of you if you want to hear my opinion or not.
@Read, i wrote for that problem with that ticket and i did not mention you for anything.
@Remoo, for first Q there is none of them answers i face on exam about secocond, i choose ESP but i think was wrong.

@Remoo

@Charlie, Congrats!

What are the other options for Q11? ESP, GRE, ISAKMP ? UDP 500 ?

Thax

Eish I am writing tomorrow morning. Those who did not make it. Were you premium members?

@ReCert, to be honest with you, this question was my last Q in exam and i was sure for the previous correct questions :D so in this question i just choose ESP without any hesitation :D and i really dont remember which was the other options for this Q. Sorry. :(

@ReCert. I took my exam yesterday. Q11 not sure, I used ESP, and I got dinged on VPN 67% Sorry, I cant be more help. BUt, I passed 96x/1000. The other question was on the ACL. I choose the one that had “host”, because it is going to one ip address. The ACL was for in.

Good Luck

@Cobra2217 the 4 options are ESP, ICMP, UDP and GRE
@Charlie you don’t need to be rude. We are genuinely sharing ideas. If you feel offended pls sorry sir.

Passed today, 965/1000. All tickets I had was from premium tickets. All MCQs was from Aug apart from 2 were from Jun/ Apr. Thank you NETWORKTUT premium is 100% worth the $20. good luck everyone going for it soon.

@ALL please how long does it take for cisco to update my ccnp profile on their tracking site? I have written the 3 exams and yet to see it updated as CNNP. I have been waiting

passed ccnp tshoot today. simlet bgp and hsrp, all tickets from premium membership. one new acl MCQ was in exam. it is just like permiting icm to specific ip address. Go ahead with premium membership, all the best

Question 3:

A. UDP port 500
B. protocol ESP
C. GRE
D. protocol 47
E. TCP port 1723

I find this confusing. ignoring A and B.

GRE *is* protocol 47 and TCP 1723 is picked up by NAT automatically, so why is there a difference between C and D?

With regards to the ESP /GRE question, i think we need to look at the IPSec config and work out whether its GRE in IPSec or IPSec in GRE before deciding which protocol needs to be allowed in the ACL

Thanks Charlie, Cobra2217 n Read.
Q11
3 Steps to configure i assume GRE over IPsec
1. Create GRE Tunnel – Tunnel Source and Dest
2. Config the encrypt for GRE Tunnel – access-list 130 permit gre host 14.36.88.6 host 14.38.88.40 and ISAKMP policy
3. Config Routing Protocol – EIGRP or OSPF
For all options looks like GRE is the correct answer

I passed today. Thank you Network.tut. however there is definitely a new ticket and lot of new questions. I first got a ticket with port security problem. Both access ports were down when i checked with the command show port. I quickly answered with confidence but then boooom, i got another ticket but with the same issue, the interface were also down after entering show port. I ended up putting the same answer. It means i got one but lost one. You need to check guys when you get that ticket what really is the problem. anyway i passed, i that what matters. I wish you the best.

@Eng C,

Please clarify which ticket you have received have you made sh int fa1/0/1 and it was showing err-disable?

@Eng C: It is not a new ticket. In fact it is ticket 13 https://www.networktut.com/tshoot-ticket-13 as we mentioned:
“In this ticket you will find port-security configured on ASW1 but it is not the problem as the port-security is good (check with the “show interface fa1/0/1” command on ASW1 and you will see it is still in up/up state. Also if we use “ipconfig” command on Client1, we will see APIPA address (169.254.x.x).”

@ Eng C,

Kindly advise which ticket you received earlier for port security & whats the issue to solve.

Please guys help me unravel thiis mystry that has been bothering me since i took the Tshoot. how long does it take to issue one the certificate of CNNP as i did route on march 2016, switch august 18th 2016 and Tshoot August 15th 2019. Will i be elligible for the certification ?

@Eng C, i think you face both ticket 7 and ticket 13 :D Network Tut mention very well that we need to be carefully on these two tickets ;) I had this problem that you mention but very quickly i realised that i have to do with Helper Address issues. Do not learn these ticket like memorisation because you will probably have problems in real exam.

where is ACL question?

@networktut,

Q1) What is the answer to these Questions:

which 1 did you choose your answer on the access-group question:

A. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.255
B. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.3
C. permit ICMP 10.x.x.x 0.0.0.255 170.x.x.x 0.0.0.255
D. permit ICMP 10.x.x.x 0.0.0.255 host 170.x.x.x

—————–

Q2)
Router L ==== Router C ==== Router R

L and R routers were showing GRE and IPSec configurations, questions is an ACL applied in router C is blocking all IP traffic, which protocol should be allowed in the ACL to allow traffic.

A. ESP
B. GRE

@ Charlie,

What is ACL question that you faced in your exam?

Some shud please answer me

@Curious,

The CCNP will be valid form the last exam that you have completed the certificate in our case will be valid till 14th Aug 2022.

@Remoo, this is the correct answer for ACL question:
access-list 101 permit icmp host 172.16.1.100 10.1.1.0 0.0.0.31.

Sorry for the other options but i dont remember.

Failed by 1%. 67% at VPN technologies as well. got wrong one ticket (but the error was on R1, nothing new on the access part as people comment)and few questions, need to be more careful. got both BGP and HSRP simlet. the question for the ACL one is “what ACL line needs to be added in order to allow ping access from the local router to server 172.16.1.100”. That suggests the destination is a host, not the source.

@Curious. You need to have max 3 years between the first CCNP exam and the last one in order to get the cert. So your deadline for it was March 2019 to pass them all.

@Charlie,
the roule of acl should be:
[insert line-num] deny icmp {source-ip [wildcard] | host source-ip | any} {dest-ip [wildcard] | host
dest-ip | any} [icmp-type [code] | icmp-msg]

the source ip here should be the router and destination is the pc so I believe D is the answer

Does anyone know whether ‘show port-security’ works on ASW1 in
the actual exam simulator? On the simulator here, it works and shows
the difference between ticket 7 vs 13 very clearly.

@MiniMi thank you so much. Please what is my fate now?

Passed today, 880/1000. All tickets I had was from premium tickets. All MCQs was from Aug apart from 2 were from Jun/ Apr. D&D depg Thank you NETWORKTUT premium is 100% worth it.

Should we prepare all the MCQ’s which are here or just prepare MCQs of 2019 only?

@Charlie
One of the options was also

access-list 101 permit icmp host 172.16.1.100 10.1.1.0 0.0.0.15

I remember this because i remember working out what host ranges they both covered!

@ALL
Which is the question about VPN that everyone is wrong ?!?!

@Vip

Did you prepared only 2019 MCQs or Complete list here.

Hi,

I passed today 982 all questions from Aug and 10 tickets and bgp,HSRP simulation.

please take care on port security question you have to make sh in tf1/0/1 if you saw err-disable it will be port sequrity issue otherwise u can check another issue and most probably it will be in the DHCP
========
Q1) What is the answer to these Questions:

which 1 did you choose your answer on the access-group question:

A. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.255
B. permit ICMP host 170.x.x.x 10.x.x.x 0.0.0.3
C. permit ICMP 10.x.x.x 0.0.0.255 170.x.x.x 0.0.0.255
D. permit ICMP 10.x.x.x 0.0.0.255 host 170.x.x.x
E. access-list 101 permit icmp host 172.16.1.100 10.1.1.0 0.0.0.31
Answer: E

I suspect the best answer is D
————–

Q2)
Router L ==== Router C ==== Router R

L and R routers were showing GRE and IPSec configurations, questions is an ACL applied in router C is blocking all IP traffic, which protocol should be allowed in the ACL to allow traffic.

A. ESP
B. GRE
C. ICMP
Answer C

because Router C is blocking the packets coming inside so Router L can not reach router R in this case the tunnel will be Up/Down. when we allow the reachibilty bothe ends will reach eqch others and the tunnel will be UP.
================

I lost 1 question but I don’t know which one.

All the best to all of you

@Remoo

Did you prepare all the MCQs here or only 2019 Year MCQs.

Can Anybody please tell me. Should we prepare Full MCQs here or only MCQs of 2019 are good enough for exam?

@Rav

You can prepare only Aug,Jun and April questions for now they are very enough, BGP, HSRP Simulations and all tickets study them carefully.

normally the dump vallid for around 1 month last change hapened on 1st aug.

Passed today 965
BGP & HSRP
Aug MCQ’s and TT’s are valid
On HSRP sim – got no ospf route on R5 – ans: OSPF issue not DHCP

Please do not ask dump here, Donate to this site.
This is my recert and I donated two months even though I only need one.

Thanks again networktut!

@Remoo

Thanks Bro. That helps

@Remoo
Q2) C sure ?

Hi guys please send me August MCQ via ma email 3138480980 @ qq . com

@Tshoothelp,

I’m not totally sure but I in my opinion this is the nearest answer.

@ReCert
Thank you for your comment and advise for donate to this site.
Are you sure the answer “OSPF issue” is right?
Did you select “DHCP issue” and you lost this mark?

As I see in HSRP sim and explanation of premium membership, it must be correct the DHCP issue, because the interface without any IP can not participate an OSPF.

I should do exam for Recertifying.

Thank you for yoir rapid answer in advance.

@Remoo
Thank you for your comment too.

In HSRP sim, which answer did you select? OSPF issue or DHCP issue?

Thank you in advance.