Home > Share your TSHOOT v2.0 Experience

Share your TSHOOT v2.0 Experience

January 22nd, 2015 in TSHOOT v2 Go to comments
Note: The last day to take this TSHOOT 300-135 exam is February 23, 2020. After this day you have to take new Enterprise exams to get new CCNP Enterprise certification. If you want to find out more about the new exams please visit here.

This article is devoted for candidates who took the TSHOOT exam to share their experience. Please tell us what are your materials, the way you learned, your feeling and experience after taking the TSHOOT v2.0 exam… But please DO NOT share any information about the detail of the exam or your personal information, your score, exam date and location, your email…

Your posts are warmly welcome!

Exam’s Structure:

+ Some Multiple choice & drag drop questions
+ 2 Simlets
+ 15 lab-sim Questions with the same network topology (15 troubleshooting tickets or you can call it one “big” question). Each lab-sim is called a ticket and you can solve them in any order you like.

Topics of the lab-sims:

1- IPv6
2- OSPF
3- OSPFv3
4- Frame Relay
5- GRE
6- EtherChannel
7- RIPng
8- EIGRP
9- Redistribution
10- NTP
11- NAT
12- BGP
13- HSRP
14- STP
15- DHCP

The problems are rather simple. For example wrong IP assignment, disable or enable a command, authentication…

In each tickets you will have to answer three types of questions:

+ Which device causes problem
+ Which technology is used
+ How to fix it

When you press Done to finish each case, you can’t go back.

A demo of the TSHOOT Exam can be found at: http://www.cisco.com/web/learning/le3/le2/le37/le10/tshoot_demo.html

Note:

+ In the new TSHOOTv2, you cannnot use the “Abort” button anymore. Therefore you cannot check the configuration of another ticket before completing the current ticket.

+ We have gathered many questions about TSHOOT exam and posted them at TSHOOT FAQs & Tips, surely you will find useful information about the TSHOOT exam there!

Below are the topologies of the real TSHOOT exam, you are allowed to study these topologies before taking the exam. It surely saves you some invaluable time when sitting in the exam room (Thanks rrg for sharing this).

IPv4 Layer 3 Topology

IPv4Layer3Topology_networktut.com.jpg

IPv6 Layer 3 Topology

IPv6Layer3Topology_networktut.com.jpg

Layer 2-3 Topology

Layer2_3_Topology.jpg

You can download the SAM strategy here (specially thanks to SAM who created this strategy):

https://www.networktut.com/download/TSHOOT_PING-plan-SAM.pdf

Comments (35) Comments
Comment pages
1 549 550 551 678
  1. sfendonas
    October 19th, 2019

    Hi everybody,

    Passed yesterday with 980. No premium, no sam, no magic. Either you know your shit, either you don’t. If you don’t, study-practice-lab harder. Crying never ever helped anyone.

    @Shaunthesheep, well-explained mate.

  2. Shit mate
    October 19th, 2019

    Guys I just wanna know how many tickets for R1?
    *BGP – wrong neighbor ip
    *IP nat – IP nat outside on correct interface
    *OSPF authentication
    *WAN ACL – missing sequence permit of 209.65.200.224 0.0.0.3

    Is there another ticket for adding sequence permit for 10.1.2.0 0.0.0.255 that is use for NAT?
    What is the ticket number for this?

  3. Marios
    October 19th, 2019

    @FINISH WWW AND ENTER DOT, stop spamming us please!

    @Shaunthesheep, i tend to agree with both explanations on GRE/IPsec questions:
    1. Protocol 47 should be the correct answer for the tunnel and firewall in the path question.
    2. For the local/remote ident question i guess ACL provided will give the correct answer

  4. Marios
    October 19th, 2019

    @ Shit mate: 4 tickets for R1. For IP NAT ticket will need to correct IP nat outside.
    As i understand in the past this (same) question was about adding sequence on NAT ACL to permit required client networks (but keep that in mind in case it appears again..)

  5. Shaunthesheep
    October 19th, 2019

    There has been a lot of confusion about IPv6 ACL question. Please bear in mind that wording here is an approximate version of the question and options are literally not the exact ones. That’s you will see some entries with leading zero and some with trailing ones. One thing which got my attention was use of the term NPD.

    Some user posted recently that one of options was, NPD will not work as NS & NA are denied. I haven’t come across any Cisco documentation where they have used NPD for neighbor discovery protocol. Awkwardly true but NPD has been used in IEFT documentation and described as Neighbor Presence Discovery. Since NPD/NDP is based on ICMPv6 and isn’t allowed so NS/NA will not work.

    Again the safest bet would be to look at the each quibble in access list with the options. If you see both “Denied entries will be logged” and NPD, choose Denied entries. If NPD is the only listed option go for it.

  6. Anonymous
    October 19th, 2019

    I failed on the 17th.
    Network Principles =100%
    Layer2 =50%
    layer3= 57%
    VPN = 50%
    Infrastructure security = 80%
    Infrastructure services=100%

    Not even sure where the tickets fail on this. I remember doing the right thing for all the 11 tickets correctly following the ping strategy

    On the BGP sim, the neighbor I removed was 209.165.227.2 and added 209.165.201.2

  7. Anonymous
    October 19th, 2019

    Please see updated strategy – I will seat for the test on Monday
    Is it IPv4 or IPv6?

    If IPv4 do the following to narrow it down:
    From Client 1, ping 10.1.1.1
    OK? = 3 tickets on R1: BGP neighbor(56-65), R1:NAT (change s0/0/1 ip nat outside) and R1:IPV4 Layer 3 (edge_security permit 209.65.200.224 0.0.0.3)
    NO? Ping 10.1.1.2
    OK? = 1 ticket on R1: IPV4 OSPF Routing (Enable OSPF authentication s0/0/0 “ip ospf authentication message-digest”
    NO? Ping 10.2.1.1 (DSW1)
    OK? = 3 tickets on R4: EIGRP Routing (‘no passive interface’), IPV4 Route Redistribute Route-map a (EIGRP->OSPF&b (deny 20 – to permit) , old (EIGRP-AS 1-10)
    NO? = 2 tickets on DSW1: VLAN Filter, DHCP Helper-address to 10.1.21.129
    OR 3 tickets on ASW1: Port Security, Switchport VLAN 10, Switchport Trunk (PO13 AND PO23) or Switchport Encapsulation

    If IPv6 do the following to narrow it down:
    From R1, ping 2026::1:2
    NO = 1 ticket on R2: IPv6 OSPF – ipv6 ospf 6 area 0 – s0/0.23
    OK? Ping 2026::34:2
    NO? = 1 ticket on R3: IPV4 – IPV6 interoper (remove ‘tunnel mode ipv6’) on R3
    OK? = 1 ticket on R4: IPV6 ( ipv6 ospf 6 process – RIP_Zone include-connected) on R4

  8. Anonymous
    October 19th, 2019

    Just FYI, not updated strategy only summary SAM strategy

  9. Anonymous
    October 19th, 2019

    Other thing that I am intend to do create a memorized list and check according solving it:
    e.g.
    R1 – NAT – ACL – BGP (56-65) – OSPF Diggest
    DSW1 – Vlan Filter – wrong ip helper address
    ASW1 – Trunk to access – access vlan 10 – Po13 and Po23 – port security
    R4 – EIGRP passive interface – A – OSPF->EIGRP – B – deny 20 to permit 20
    IPV6 – R2 – area 0/0.23 – R3 – tunnel 34 – R4 – RIP connect

  10. T-SHOOT
    October 19th, 2019

    @networktut

    There are so many comment and confusion about McQ q2, q3 and q11.
    It’s the responsibility of networktut to update with right answer.
    Because, a premium member is paying for it.

    Obviously they should update it immediately anyway

  11. m_k_h
    October 19th, 2019

    @ShaunthesheepOctober 19th, 2019
    As per the question, the ACL is permit gre any any

    so, below should be the answer…….it is my opinion also. but, all of them choose a different answer and no one achieved 100% on VPN.

    local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/47/0)
    remote ident (addr/mask/prqwot/port): (0.0.0.0/0.0.0.0/47/0)

  12. m_k_h
    October 19th, 2019

    @sfendonas October 19th, 2019

    Congratulations……….

    what was your choice of the following questions???????????

    Question 2
    Something related to a firewall in the middle of the path and how to make it reachable. Which port should be allowed?

    Question 3
    What is the output of the “show crypto ipsec sa | in indent”?

    Question 11
    Which statement about the INTERNET ACL is true?

    ipv6 access-list INTERNET
    permit ipv6 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA::/64
    permit tcp 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA13::/64 eq telnet
    permit tcp 2001:DB8:AD59:BA21::/64 any eq http
    permit ipv6 2001:DB8:AD59::/48 any
    deny ipv6 any any log

  13. HotTea
    October 19th, 2019

    Passed the exam with 9xx!!!

    Thanks networktut, Shaan and specially Shaunthesheep for your effort to expain the vpn topics.

    All MCQ and Trouble tickets are valid and thats all you need to pass the exam.

  14. CCNP_STUDY
    October 19th, 2019

    ipv6 access-list INTERNET
    permit ipv6 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA14::/64
    permit tcp 2001:DB8:AD59:BA21::/64 2001:DB8:C0AB:BA14::/64 eq telnet
    permit tcp 2001:DB8:AD59:BA21::/64 any eq http
    permit ipv6 2001:DB8:AD59::/48 any
    deny ipv6 any any log

    Which statement about the INTERNET ACL is true?
    A. The denied entries will be logged because of the explicit deny ipv6 any any log line
    B. A packet with source address of 2001:DB80:AD59:BA21:101:CAB:64:38 destined to port 80 will be permitted
    C. HTTPS traffic from the 2001:DB80:AD59:BA21::/64 subnet will automatically be permitted along with HTTP traffic
    D. A packet with source address 2001:DB8:AD59:ACC0:2020:882:DB8:1125 will be denied

    WHY ANSWER B IS WRONG ? -permit tcp 2001:DB8:AD59:BA21::/64 any eq http
    WHY all choose answer A ?

    thank !

  15. dk2019
    October 19th, 2019

    A network contains a remote tunnel interface and firewalls in the network path of each router. An attempt to ping the IP address of the remote tunnel interface fails. Which connections should be allowed through the firewalls?
    A. IP protocol 50
    B. TCP port 1723
    C. TCP port 47
    D. IP protocol 47

    PPTP tunnel based VPN uses TCP Port number 1723 and IP Protocol number 47 (GRE). Please note: The 47 is IP protocol number of GRE and not a port number inside TCP or UDP header.
    Based on this if firewall is in between it means that port to be allowed is TCP port 1723 not IP protocol 47 as it is not part of TCP or UDP header. I hope this clarifies the issue.

  16. Anono-mouse
    October 19th, 2019

    I have seen some questions about the ipv6 access-list and why B is wrong
    B is A packet with source address of 2001:DB80:AD59:BA21:101:CAB:64:38 destined to port 80 will be permitted
    The line that may permit this is
    permit tcp 2001:DB8:AD59:BA21::/64 any eq http
    but it eliminates the trailing zero in DB80, which I do not believe is permitted as to eliminate ambiguity (are we looking at 0DB8 or DB80?). You can eliminate leading zeros, but I’m not so certain about trailing zeros. This is my best guess.

  17. @Anono-mouse
    October 19th, 2019

    I think DB80 is wrong because DB8 = 0DB8 in ipv6 not is DB80

  18. PRESSURE
    October 19th, 2019

    @HotTea , kindly tells the MCQ you got for VPN TECH and answer you choose , this will be very helpful, AS your score shows you have done something good .

  19. Shaunthesheep
    October 19th, 2019

    @HotTea. Congratulations on passing Tshoot. I’m glad if i had been of any help at all. How was your score in VPN Technologies?

  20. Sims
    October 19th, 2019

    Network-tut@ Please update the MCQ i saw many students has different inputs regarding

    A. IP protocol 50
    B. TCP port 1723
    C. TCP port 47
    D. IP protocol 47

    And

    ipv6 access-list and VPN

    Please

  21. Thanks
    October 19th, 2019

    Hi All,

    can someone please help==If i answered first part of the Question of the same ticket what i have to click to take me to the 2nd question of the same ticket

    Thanks

  22. Sbhozozo
    October 20th, 2019

    I took the exam yesterday and passed with score of 8XX. I had premium membership which expired yesterday lol but I’ve cleared the exam so it doesn’t matter anymore.
    @Pixie to answer your question and everyone else on this page, Premium membership is the way to go. I find it weird that I used Sam’s strategy even on ipv6 tickets with some show commands to validate my ping replies and fails, it worked fine for me. BGP sim is exactly the same as here just a change of ip addresses but concept it still the same. I wish all the best guys I’m out. Peace

  23. Cisco Guy
    October 20th, 2019

    Hi All,

    This is my last exam to obtain ccnp r&s.

    Anyone can tell me how many question is TSHOOT has?

    Thank you guys:)

  24. HotTea
    October 20th, 2019

    @shaunthesheep

    1. I got acl with permit gre any any in question so I took this option.

    permit gre any any —> Answer will be both local and remote indent address entries as 0 and 47 in the protocol field. Like this :
    local ident (addr/mask/prot/port): (0.0.0.0/0.0.0.0/47/0)
    remote ident (addr/mask/prqwot/port): (0.0.0.0/0.0.0.0/47/0)

    2. Regarding which protocol to permit: I took IP Protocol 47

    I got 75% in VPN.

    I remember shaan took the option tcp 1723 and got only 50%.

  25. Pixie
    October 20th, 2019

    Guys, can anyone post all the latest MCQs with the correct answers. There is a lot of confusion after seeing all the comments.

    Especially for,
    A network contains a remote tunnel interface and firewalls in the network path of each router. An attempt to ping the IP address of the remote tunnel interface fails. Which connections should be allowed through the firewalls?
    A. IP protocol 50
    B. TCP port 1723
    C. TCP port 47
    D. IP protocol 47

    A topology with three routers R1, R2 and R3 connected to each other and a list of ACL statements to choose. The question ask that R3 is not able to reach R2 loop back,
    Why is it not reachable you need to choose the ACL

    And ACL permit question.

    SOMEONE PLEASE CLARIFY. I HAVE MY EXAM TOMORROW!!!

  26. M_K_H
    October 20th, 2019

    @HotTea
    Congratulations
    As per exam takers there is variety of question
    Q2:
    If the question is
    WHICH PROTOCOL then IP protocol 47
    WHICH PORT then TCP 1723
    If the question is WHICH CONNECTION then ?????

  27. M_K_H
    October 20th, 2019

    @HotTea

    What was your answer of IPv6 ACL question

    Would you please provide all MCQ with your answer like SHAAN…

  28. cisco guy
    October 20th, 2019

    Do you know guys where i can get the vce file for labs?

  29. SAM
    October 20th, 2019

    Hi team,

    For those who have already taken the exam recently, I just want to know, who so you get to know which ticket is associated with which question?or is just through troubleshooting you need to figure it out?also i have seen there are questions under each ticket as a rule of thumb, you are supposed to fix first the problem identified and then answer the questions?also after fixinf you do same procedure of saving the configs before moving to the next ticket?i think is good to understand the basics as necessary tool of doing things right.

  30. TheITCrowd
    October 20th, 2019

    @Sam – You have to troubleshoot every ticket to find the issue as every ticket question is the same! You dont fix it just enter the answers using the drop downs.

  31. WHM
    October 20th, 2019

    Failed the exam today because i didn’t notice that identifying the ticket if it’s ipV4 or IPv6 will be from the question itself not from the scenario, you will find IPV4 in the scenario but in question you will find the truth if it’s ipv4 or ipv6 , i noticed that after missing 2 IPV6 tickets . everything is still valid but watch out from doing the same mistake as me, 2 wrong tickets and you will be killed :(

  32. MOHAMM
    October 20th, 2019

    Who wants to study with me in the Riyadh region I understand all the tickets and how you know the issue Exactly by best steps . contact my email
    m.a240 Hotmail.com

  33. Anonymous
    October 20th, 2019

    This is all tickets with resolved please if any one not understand let me know
    m.a240 HOTMAIL>COM

    R1 – NAT – ACL – BGP (56-65) – OSPF Diggest
    DSW1 – Vlan Filter – wrong ip helper address
    ASW1 – Trunk to access – access vlan 10 – Po13 and Po23 – port security
    R4 – EIGRP passive interface – A – OSPF->EIGRP – B – deny 20 to permit 20
    IPV6 – R2 – area 0/0.23 – R3 – tunnel 34 – R4 – RIP connect

  34. Anonymous
    October 20th, 2019

    Which statement about the INTERNET ACL is true?
    A. The denied entries will be logged because of the explicit deny ipv6 any any log line
    B. A packet with source address of 2001:DB80:AD59:BA21:101:CAB:64:38 destined to port 80 will be permitted
    C. HTTPS traffic from the 2001:DB80:AD59:BA21::/64 subnet will automatically be permitted along with HTTP traffic
    D. A packet with source address 2001:DB8:AD59:ACC0:2020:882:DB8:1125 will be denied

    WHY ANSWER B IS WRONG ? -permit tcp 2001:DB8:AD59:BA21::/64 any eq http
    WHY all choose answer A ?….

  35. PRESSURE
    October 20th, 2019

    Question to those who have written the exam

    after clicking on “done” for a particular ticket , those it automatically take you to next ticket or you have to click on next ticket manually or ”done” can only should be used after you have finish all the 12 ticket??????????????

    I need clarification

Comment pages
1 549 550 551 678