Click here to access our full set of Cisco 350-601 exam dumps and practice tests.
Question 41:
In an EIGRP network, which type of route is installed in the routing table when multiple paths to the same destination exist with different metrics, and the variance command is used?
A) Successor route
B) Feasible successor route
C) Stuck-in-active route
D) Passive route
Answer: B) Feasible successor route
Explanation:
EIGRP maintains a topology table with all known routes. A successor route is the best path, while feasible successors are backup paths that satisfy the feasibility condition (their reported distance is less than the feasible distance of the successor). The variance command allows EIGRP to use unequal-cost paths, including feasible successors, for load balancing.
Enhanced Interior Gateway Routing Protocol (EIGRP) maintains a topology table containing all known routes to a destination, including metrics and status information. In EIGRP terminology, a successor route is the best path to a destination, chosen based on the lowest composite metric (which considers bandwidth, delay, load, and reliability). This route is placed in the routing table and is actively used for forwarding traffic.
A feasible successor route is a backup path that meets the feasibility condition: its reported distance (the metric reported by a neighboring router) must be less than the feasible distance of the current successor route. Feasible successors are immediately available if the primary path fails, allowing fast convergence without recalculating the entire topology. Additionally, EIGRP supports unequal-cost load balancing using the variance command, enabling traffic to be distributed across multiple feasible successors that meet the configured variance threshold, improving bandwidth utilization and redundancy.
Other EIGRP states include stuck-in-active (SIA) routes, which indicate that a route is taking too long to converge due to missing replies from neighbors, signaling potential network issues. Passive routes are stable routes with no ongoing queries, indicating that the route is fully converged and operational.
By understanding successors, feasible successors, and EIGRP route states, network engineers can optimize routing efficiency, implement fast failover, and enable intelligent load balancing, ensuring reliable and resilient network performance.
Question 42:
Which Cisco feature allows dynamic VLAN assignment for 802.1X authenticated users?
A) VTP
B) Private VLANs
C) RADIUS VLAN assignment
D) PortFast
Answer: C) RADIUS VLAN assignment
Explanation:
RADIUS VLAN assignment works with 802.1X authentication to dynamically assign VLANs to users or devices. When a device authenticates, the RADIUS server responds with the appropriate VLAN ID in the Access-Accept message. This provides central control and simplifies VLAN management. PortFast speeds up port activation but does not assign VLANs dynamically.
RADIUS VLAN assignment is a dynamic VLAN provisioning method that integrates with 802.1X authentication to assign users or devices to the appropriate VLAN upon successful authentication. When a device connects to a network port and authenticates, the RADIUS server responds with an Access-Accept message containing the VLAN ID to which the device should be placed. This approach allows centralized control of VLAN membership, enabling network administrators to enforce security policies, QoS settings, and segmentation consistently across the network without manually configuring VLANs on individual switch ports. It is especially useful in large, multi-tenant, or enterprise environments where VLAN assignments must be dynamic, policy-driven, and scalable.
Other VLAN management and access features differ in purpose. VTP (VLAN Trunking Protocol) helps propagate VLAN configuration across switches, but does not dynamically assign VLANs based on user authentication. Private VLANs (PVLANs) provide Layer 2 isolation between devices within the same VLAN for security, but they are statically configured. PortFast is a Spanning Tree Protocol feature that accelerates port activation, allowing devices to connect without waiting for STP convergence, but it does not assign VLANs or enforce policies.
By leveraging RADIUS VLAN assignment, organizations can simplify VLAN management, centralize policy enforcement, and dynamically segment users, providing both flexibility and security for modern enterprise networks.
Question 43:
Which OSPF LSA type is generated by an Area Border Router to summarize internal routes to other areas?
A) Type 1
B) Type 2
C) Type 3
D) Type 5
Answer: C) Type 3
Explanation:
Type 3 LSAs are summary LSAs generated by Area Border Routers (ABRs) to advertise networks from one area to other areas. This reduces the size of the link-state database in other areas. Type 1 and 2 LSAs describe routers and networks within an area, while Type 5 LSAs carry external routes.
In OSPF (Open Shortest Path First), different Link-State Advertisement (LSA) types are used to efficiently distribute routing information across areas and maintain a loop-free topology. Type 3 LSAs, also known as Summary LSAs, are generated by Area Border Routers (ABRs) to advertise networks from one area to other areas within the OSPF domain. By summarizing routes between areas, Type 3 LSAs help reduce the size of the link-state database in receiving areas, improving scalability and reducing memory and CPU usage on routers.
Other LSA types serve different purposes. Type 1 LSAs are Router LSAs, generated by each router to describe its interfaces, links, and status within a single areA) Type 2 LSAs are Network LSAs, generated by the Designated Router (DR) on broadcast or NBMA networks to describe all routers connected to the network segment. Both Type 1 and Type 2 LSAs operate within an area and do not propagate to other areas. Type 5 LSAs are used to advertise external routes redistributed from other routing protocols into the OSPF domain, allowing OSPF routers to reach destinations outside the autonomous system.
By using Type 3 LSAs, OSPF ensures efficient inter-area routing, reduces unnecessary flooding of detailed link-state information, and maintains scalable and optimized routing across large multi-area networks, while Type 1, 2, and 5 LSAs handle intra-area and external routing.
Question 44:
In Cisco SD-WAN, which component is responsible for secure control plane connectivity between WAN edge devices?
A) vManage
B) vSmart
C) vBond
D) vEdge
Answer: B) vSmart
Explanation:
vSmart controllers handle the control plane in Cisco SD-WAN. They establish secure overlay routing, distribute data-plane policies, and manage encrypted connections between vEdge devices. vBond assists with device onboarding, vManage handles configuration and monitoring, and vEdge routers handle data-plane traffic.
In Cisco SD-WAN, the vSmart controller is the central component responsible for managing the control plane of the overlay network. vSmart establishes secure routing connections between all vEdge devices, distributes data-plane policies, and manages encrypted tunnels across the WAN. By maintaining the control plane, vSmart ensures that all vEdge routers have consistent routing information and security policies, enabling reliable, scalable, and secure connectivity between sites.
Other components serve complementary roles. vManage is the management platform, providing a GUI for centralized configuration, monitoring, troubleshooting, and deployment of network templates and policies. vBond is responsible for device orchestration and secure onboarding; it authenticates new vEdge devices and facilitates initial connectivity to vSmart and vManage controllers. vEdge routers are the data-plane devices deployed at branch, campus, or cloud locations. They forward user traffic according to the policies distributed by vSmart and handle encryption and decryption of overlay tunnels.
Together, these components create a flexible and secure SD-WAN architecture. The vSmart controller plays a critical role by separating control and data planes, allowing centralized policy management while enabling distributed traffic forwarding. This architecture reduces complexity, improves WAN efficiency, and ensures consistent enforcement of security and routing policies across all sites in the SD-WAN network.
Question 45:
Which Cisco feature prevents routing loops in a distance-vector routing protocol by using split horizon and poison reverse?
A) OSPF
B) EIGRP
C) RIP
D) BGP
Answer: C) RIP
Explanation: RIP (Routing Information Protocol) uses split horizon to prevent a router from advertising a route back to the interface from which it was learneD. Poison reverse further marks routes as unreachable to prevent loops. OSPF and EIGRP are more advanced protocols with different loop prevention mechanisms, and BGP uses AS-path to prevent loops.
RIP (Routing Information Protocol) is one of the earliest distance-vector routing protocols, and it uses simple loop prevention mechanisms to maintain network stability. Two key techniques in RIP are split horizon and poison reverse. Split horizon prevents a router from advertising a route back out of the same interface from which it was learneD. This simple rule avoids certain types of routing loops that can occur in small networks. Poison reverse complements this by explicitly marking a route as unreachable (metric of 16 in RIP) when sending it back toward the origin interface, ensuring that other routers immediately recognize that the route is no longer valid. Together, these mechanisms reduce the likelihood of loops and help maintain consistent routing tables.
Other routing protocols use different methods for loop prevention. OSPF (Open Shortest Path First) is a link-state protocol that prevents loops by having each router maintain a complete topology map and calculating shortest paths using the Dijkstra algorithm. EIGRP is a hybrid protocol that employs the Diffusing Update Algorithm (DUAL) and the feasibility condition to ensure loop-free paths. BGP (Border Gateway Protocol) is an exterior gateway protocol that uses the AS_PATH attribute to detect and prevent loops between autonomous systems.
By using split horizon and poison reverse, RIP achieves basic loop avoidance, making it suitable for small to medium-sized networks, though more advanced protocols provide faster convergence and greater scalability.
Question 46:
Which QoS mechanism marks traffic with DSCP or IP precedence values for prioritization?
A) Shaping
B) Policing
C) Classification
D) Queueing
Answer: C) Classification
Explanation:
Classification identifies traffic flows and marks them with DSCP (Differentiated Services Code Point) or IP precedence values. Marked traffic can then be handled differently by QoS mechanisms, such as priority queuing or shaping. Policing limits traffic rates, shaping smooths bursts, and queueing determines the order of transmission.
Classification is the first step in implementing Quality of Service (QoS) on a network. It involves identifying and separating traffic flows based on attributes such as source/destination IP address, protocol, port numbers, or application type. Once classified, traffic can be marked with DSCP (Differentiated Services Code Point) or IP precedence values, which indicate the priority or treatment the traffic should receive as it traverses the network. Classification enables network devices to apply specific QoS policies to different traffic types, ensuring that critical applications, such as voice or video, receive higher priority over less sensitive traffic.
Other QoS mechanisms complement classification. Policing enforces traffic rate limits by dropping or marking excess packets that exceed a configured bandwidth, which prevents network congestion but can be harsh on bursty traffic. Shaping buffers excess packets and smooths traffic bursts to conform to a defined rate, reducing the risk of congestion and packet loss. Queueing determines the order in which packets are transmitted, using algorithms like Priority Queueing (PQ), Weighted Fair Queueing (WFQ), or Class-Based WFQ (CBWFQ) to ensure that higher-priority traffic is serviced appropriately.
By implementing classification, network administrators can segment and mark traffic effectively, enabling downstream QoS mechanisms such as policing, shaping, and queueing to optimize network performance, ensure fair bandwidth allocation, and maintain application-level service quality across the network.
Question 47:
In an OSPF network, which command allows you to redistribute BGP routes into OSPF with a default metric?
A) redistribute bgp 65001 metric 10 subnets
B) network 10.0.0.0 0.0.0.255 area 0
C) router ospf 1
D) default information originates
Answer: A) redistribute bgp 65001 metric 10 subnets
Explanation:
To redistribute BGP into OSPF, the redistribute bgp command is used along with a metric, because OSPF requires a cost for external routes. Including the subnets keyword ensures that all subnetted networks are redistributed. Network statements define OSPF area membership, while default-information originate injects a default route.
In scenarios where BGP routes need to be shared with an OSPF domain, the redistribute bgp <AS> metric <value> subnets command is used within the OSPF configuration. This command imports routes from a BGP autonomous system into OSPF, allowing OSPF routers to learn and forward traffic toward destinations advertised via BGP. The metric parameter assigns an OSPF cost to the redistributed external routes, since OSPF requires a cost for external paths to calculate optimal routing. The subnets keyword ensures that all subnetted networks, not just classful networks, are redistributed correctly, which is essential in modern IP networks that use Variable Length Subnet Masking (VLSM).
Other OSPF commands serve different purposes. The network <IP> <wildcard> area <ID> statement tells the router which interfaces to enable OSPF on and assigns them to a specific OSPF area, defining the scope of the routing domain. Router ospf <process-id> initiates OSPF on the router and enters OSPF configuration mode. Default information originates is used to inject a default route (0.0.0.0/0) into the OSPF domain, providing a route for destinations not explicitly known.
By combining redistribute bgp with appropriate metrics and subnets, network engineers can integrate BGP and OSPF domains, ensuring seamless connectivity between internal OSPF networks and external BGP-learned routes, while network and default-information originate manage OSPF participation and default routing behavior.
Question 48:
Which type of NAT is best suited for translating IPv6 traffic to IPv4 networks?
A) Static NAT
B) Dynamic NAT
C) PAT
D) NAT64
Answer: D) NAT64
Explanation:
NAT64 enables communication between IPv6 and IPv4 networks by translating IPv6 packets into IPv4. It is commonly used in environments where IPv6 hosts must access IPv4-only services. Static NAT and PAT are IPv4-based, and dynamic NAT translates IPv4 addresses within a pool.
NAT64 is a network address translation technology designed to enable communication between IPv6 and IPv4 networks. It allows IPv6-only hosts to access IPv4-only servers by translating IPv6 packets into IPv4 packets and vice versA) This translation involves mapping IPv6 addresses to IPv4 addresses and modifying the packet headers to ensure correct routing and delivery. NAT64 is particularly useful in modern networks transitioning to IPv6, where legacy IPv4 services still exist, as it provides seamless interoperability without requiring dual-stack configurations on all devices.
Other NAT mechanisms handle different scenarios. Static NAT creates a fixed one-to-one mapping between a private IPv4 address and a public IPv4 address, enabling predictable external access but limited scalability. Dynamic NAT maps private IPv4 addresses to a pool of available public IPv4 addresses, allowing multiple devices to share a smaller set of public IPs dynamically, but only while addresses are available. PAT (Port Address Translation), also called NAT overload, allows multiple private IPv4 hosts to share a single public IPv4 address by differentiating connections using unique port numbers, maximizing IP address utilization.
Unlike static NAT, dynamic NAT, or PAT—which are all IPv4-based—NAT64 specifically addresses IPv6-to-IPv4 communication, making it critical for networks migrating to IPv6 while maintaining access to IPv4 resources, ensuring compatibility and uninterrupted service for end-users.
Question 49:
Which Cisco SD-WAN component facilitates zero-touch provisioning of new devices?
A) vManage
B) vSmart
C) vBond
D) vEdge
Answer: C) vBond
Explanation:
vBond orchestrators handle zero-touch provisioning (ZTP) in SD-WAN. They authenticate devices and facilitate secure control-plane connectivity to vSmart and vManage. Once the vBond assigns certificates, devices automatically join the overlay network.
In Cisco SD-WAN, the vBond orchestrator plays a critical role in zero-touch provisioning (ZTP), enabling devices to join the SD-WAN overlay network with minimal manual configuration. When a new vEdge router or device is powered on, it initially connects to the vBond orchestrator. vBond authenticates the device, verifies credentials, and ensures that it is allowed to participate in the network. Once authenticated, vBond facilitates the establishment of secure control-plane connections between the device and the vSmart controllers as well as the vManage NMS.
This process allows devices to automatically receive certificates and policies, enabling them to join the overlay network securely without requiring manual intervention. The vManage platform then handles configuration, monitoring, and policy deployment, while vSmart controllers manage the control-plane routing and distribute data-plane policies. vEdge routers function as the actual data-plane devices, forwarding traffic according to the distributed policies.
By using vBond orchestrators, organizations can simplify network deployment, reduce configuration errors, and accelerate the rollout of SD-WAN across branch locations. vBond ensures that devices are securely onboarded, connected to the proper controllers, and ready to participate in the SD-WAN overlay, providing a scalable, automated, and secure provisioning process essential for modern enterprise networks.
Question 50:
Which command displays all VLANs currently defined and active on a Cisco switch?
A) show vlan brief
B) Show interfaces trunk
C) show running-config
D) show spanning-tree
Answer: A) show vlan brief
Explanation:
The show vlan brief command displays VLAN IDs, names, status, and ports assigned. Show interfaces trunk displays trunking information, show running-config displays the full configuration, and show spanning-tree shows STP status.
The show vlan brief command is a fundamental tool for network administrators to quickly view VLAN information on a Cisco switch. It provides a concise summary of all configured VLANs, displaying their VLAN IDs, names, operational status (active or suspended), and the ports assigned to each VLAN. This command is essential for verifying VLAN configurations, ensuring that interfaces are correctly assigned, and troubleshooting connectivity issues within VLANs. For example, if devices on a particular VLAN cannot communicate, show vlan brief helps confirm whether the VLAN exists and which ports belong to it.
Other related commands provide complementary information. The show interfaces trunk displays all trunk ports, their allowed VLANs, native VLANs, and operational status, which is critical for ensuring proper VLAN propagation across switches. Show running-config provides the complete current configuration of the switch, including VLAN settings, interface assignments, trunk configurations, and spanning-tree settings, allowing administrators to audit or verify configurations in detail. Show spanning-tree displays the status of STP (Spanning Tree Protocol), including port roles, states, and root bridge information, helping prevent loops in the network.
Together, these commands provide a comprehensive view of VLAN operation, trunking, configuration, and loop prevention. Using show vlan brief alongside the other commands allows network engineers to efficiently verify VLAN setup, troubleshoot issues, and maintain a stable and organized network infrastructure.
Question 51:
Which Cisco feature provides role-based access control by integrating with AAA servers?
A) TACACS+
B) RADIUS
C) NetFlow
D) SNMP
Answer: A) TACACS+
Explanation:
+ provides role-based CLI access, allowing administrators to define granular permissions per user. TACACS+ separates authentication, authorization, and accounting (AAA), making it more flexible than RADIUS for device management. RADIUS is primarily used for network access authentication. NetFlow and SNMP are monitoring tools.
TACACS+ (Terminal Access Controller Access-Control System Plus) is a Cisco-developed protocol that provides centralized authentication, authorization, and accounting (AAA) for network devices. It is widely used to control role-based CLI access, allowing administrators to define granular permissions for individual users or groups. For example, a junior network engineer may be granted read-only access, while a senior engineer can execute configuration commands. By separating authentication, authorization, and accounting, TACACS+ offers greater flexibility compared to RADIUS, enabling organizations to manage network device access with fine-grained control and detailed auditing capabilities.
RADIUS is another AAA protocol, but it is primarily used for network access authentication, such as verifying users connecting to VPNs, wireless networks, or switch ports. While RADIUS can provide some authorization, it is less flexible than TACACS+ in defining per-command permissions on network devices.
NetFlow and SNMP (Simple Network Management Protocol) are not AAA protocols; instead, they focus on network monitoring and management. NetFlow collects traffic statistics for bandwidth analysis, traffic engineering, and security monitoring, while SNMP allows administrators to monitor device performance, retrieve statistics, and configure devices remotely.
By using TACACS+, organizations can ensure secure, accountable, and role-specific access to network devices, reducing the risk of misconfiguration and providing a clear audit trail of administrative actions, which is critical for compliance and operational security.
Question 52:
Which command displays all OSPF routes that are internal, inter-area, or external?
A) show ip route ospf
B) show ip protocols
C) show ip ospf database
D) show ip route
Answer: A) show ip route ospf
Explanation:
Show ip route ospf filters the routing table to display OSPF-learned routes, including intra-area, inter-area, and external routes. Show ip protocols shows protocol parameters, show ip ospf database shows LSAs, and show ip route shows the full routing table.
Cisco routers provide multiple commands to monitor and troubleshoot OSPF (Open Shortest Path First) routing. The show ip route ospf command displays all routes learned via OSPF that are currently installed in the routing table. It shows the destination networks, next-hop IP addresses, outgoing interfaces, and route types (intra-area, inter-area, or external). This command is useful for verifying that OSPF-learned routes are correctly populating the routing table and for troubleshooting connectivity issues within OSPF areas.
The show ip protocols command provides an overview of all active routing protocols on the router. For OSPF, it shows information such as OSPF process ID, router ID, configured networks, timers, and neighbors, giving administrators a high-level view of OSPF operation. This helps confirm that OSPF is enabled on the expected interfaces and checks neighbor relationships.
The show ip ospf database command displays the Link-State Database (LSDB), which contains all LSAs (Link-State Advertisements) received from OSPF neighbors. It shows the topology known to the router and is essential for understanding OSPF route calculation and area summarization.
Finally, show ip route provides the complete routing table, including routes learned from OSPF, EIGRP, static routes, and directly connected networks. By using these commands together, network engineers can monitor OSPF performance, verify routing correctness, and troubleshoot issues efficiently, ensuring stable and predictable network behavior.
Question 53:
Which BGP attribute is used to select the best path when multiple paths are advertised from different autonomous systems?
A) LOCAL_PREF
B) AS_PATH
C) NEXT_HOP
D) MED
Answer: D) MED
Explanation: The Multi-Exit Discriminator (MED) is used to influence the preferred path into an AS when multiple entry points exist. Lower MED values are preferred. LOCAL_PREF is used within an AS, AS_PATH helps prevent loops, and NEXT_HOP defines the next-hop IP.
Question 54:
Which Cisco feature ensures that multicast traffic only reaches interested receivers in a LAN?
A) PIM-SM
B) IGMP Snooping
C) HSRP
D) VRRP
Answer: B) IGMP Snooping
Explanation:
IGMP Snooping listens to IGMP join and leave messages to track which ports have multicast receivers. This prevents unnecessary flooding of multicast traffic, conserving bandwidth. PIM-SM is used for routing multicast between networks. HSRP and VRRP are redundancy protocols.
IGMP Snooping is a Layer 2 feature used in Ethernet switches to intelligently manage multicast traffiC) It listens to IGMP (Internet Group Management Protocol) join and leave messages sent by hosts to indicate their interest in receiving specific multicast streams. By tracking which ports have active multicast receivers, the switch can forward multicast traffic only to the relevant ports instead of flooding it to all ports in the VLAN. This conserves bandwidth, reduces unnecessary load on hosts, and improves network efficiency, especially in environments with heavy multicast traffic, such as video streaming or IPTV deployments.
Other protocols mentioned serve different purposes. PIM-SM (Protocol Independent Multicast – Sparse Mode) is a Layer 3 protocol used to route multicast traffic between networks, building multicast distribution trees and delivering data to interested receivers across different subnets. HSRP (Hot Standby Router Protocol) and VRRP (Virtual Router Redundancy Protocol) are gateway redundancy protocols that provide failover capabilities for Layer 3 default gateways. They ensure that if a primary router fails, a backup router can take over seamlessly, but they do not manage multicast traffic or optimize bandwidth.
By implementing IGMP Snooping, network administrators can improve multicast efficiency and scalability at Layer 2 while relying on PIM-SM for inter-network multicast routing and HSRP/VRRP for gateway redundancy, creating a robust and optimized network infrastructure for both unicast and multicast traffiC)
Question 55:
Which wireless security protocol uses AES-CCMP for encryption?
A) WEP
B) WPA
C) WPA2
D) WPA3
Answer: C) WPA2
Explanation:
WPA2 uses AES-CCMP for encryption, providing strong security for WLANs. WEP is outdated and insecure, WPA uses TKIP, and WPA3 introduces more robust encryption and SAE (Simultaneous Authentication of Equals).
WPA2 (Wi-Fi Protected Access 2) is a widely adopted wireless security standard that provides strong encryption and authentication for WLANs. WPA2 uses AES (Advanced Encryption Standard) with CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) to secure wireless traffic, offering confidentiality, integrity, and protection against replay attacks. This makes WPA2 far more secure than its predecessors and suitable for enterprise and personal wireless networks.
Earlier standards had significant security limitations. WEP (Wired Equivalent Privacy) was the original Wi-Fi security protocol, but it is considered insecure due to weak key management and vulnerabilities in the RC4 encryption algorithm, allowing attackers to crack keys within minutes. WPA (Wi-Fi Protected Access) improved security by introducing TKIP (Temporal Key Integrity Protocol), which dynamically changes encryption keys, but TKIP is now outdated and considered vulnerable to attacks.
WPA3, the latest standard, builds on WPA2 by providing even stronger encryption and enhanced authentication through SAE (Simultaneous Authentication of Equals), offering resistance to offline password guessing and improved security for open networks.
Overall, WPA2 strikes a balance between robust security and wide compatibility, making it the most commonly deployed security protocol for Wi-Fi networks. While WPA3 provides the highest level of protection, WPA2 remains essential in environments where older devices must be supported, providing reliable, AES-based encryption for secure wireless communication.
Question 56:
Which protocol allows the automatic discovery of neighboring devices and their capabilities?
A) CDP
B) ARP
C) ICMP
D) OSPF
Answer: A) CDP
Explanation:
Cisco Discovery Protocol (CDP) is a Layer 2 protocol used to discover Cisco neighbors and their capabilities. It provides device ID, IP address, platform, and interface info. LLDP is a vendor-neutral alternative. ARP resolves MAC addresses, ICMP tests reachability, and OSPF is a routing protocol.
Cisco Discovery Protocol (CDP) is a Layer 2 proprietary protocol used by Cisco devices to discover directly connected neighbors and exchange information about each other. CDP provides critical details such as device ID, IP address, platform type, interface details, and software version, which are invaluable for network troubleshooting, topology mapping, and inventory management. CDP operates over Ethernet and other Layer 2 media, allowing network administrators to visualize network connectivity without relying solely on physical cabling diagrams or manual documentation.
A vendor-neutral alternative to CDP is LLDP (Link Layer Discovery Protocol), which provides similar neighbor discovery features across multi-vendor environments. Other protocols serve different purposes: ARP (Address Resolution Protocol) operates at Layer 3/Layer 2 to resolve IPv4 addresses into MAC addresses for local delivery, but it does not provide device or topology information. ICMP (Internet Control Message Protocol) is used for network diagnostics, such as checking reachability with ping or tracing routes, without providing device capability or neighbor details. OSPF (Open Shortest Path First) is a routing protocol that shares network topology information to compute optimal Layer 3 paths, but it is not designed for neighbor discovery at the Layer 2 level.
By using CDP, network engineers can quickly identify and verify device connections, detect misconfigurations, and maintain an accurate view of the network infrastructure, making it an essential tool for Cisco network management and troubleshooting.
Question 57:
In a VXLAN-based SDA deployment, which protocol is used for mapping endpoints to overlay networks?
A) BGP EVPN
B) OSPF
C) EIGRP
D) RIPv2
Answer: A) BGP EVPN
Explanation:
BGP EVPN (Ethernet VPN) provides control-plane learning for VXLAN, mapping endpoints to overlay networks. This enables Layer 2 and Layer 3 connectivity across VXLAN segments. OSPF and EIGRP are traditional routing protocols, and RIPv2 does not support EVPN.
BGP EVPN (Ethernet VPN) is a modern control-plane protocol used in VXLAN-based overlay networks to provide efficient Layer 2 and Layer 3 connectivity. In traditional VXLAN deployments, data-plane learning requires flooding unknown MAC addresses, which can cause unnecessary broadcast traffic and scalability issues. BGP EVPN overcomes this by providing control-plane learning, where endpoint information—including MAC addresses and IP addresses—is distributed across the network using BGP updates. This enables VXLAN segments to map endpoints to overlay networks, allowing switches and routers to forward traffic efficiently without relying on broadcast or unknown-unicast flooding.
Other protocols serve different purposes. OSPF and EIGRP are traditional interior gateway protocols used for dynamic Layer 3 routing within an autonomous system. They do not provide control-plane learning for VXLAN or handle MAC-to-VTEP mappings. RIPv2 is a simple distance-vector protocol with limited scalability and does not support EVPN or overlay network functionality.
By leveraging BGP EVPN, network engineers can create highly scalable, multi-tenant VXLAN overlays with predictable traffic forwarding, reduced flooding, and enhanced network efficiency. It allows organizations to extend Layer 2 and Layer 3 services across large data center or campus networks while maintaining centralized control and simplified management, making BGP EVPN the preferred choice for modern overlay deployments.
Question 58:
Which SD-WAN feature enables path selection based on application performance metrics such as jitter, latency, and loss?
A) SLA-based routing
B) Policy-based routing
C) Static routing
D) Route maps
Answer: A) SLA-based routing
Explanation:
SLA-based routing evaluates real-time network metrics like latency, jitter, and packet loss to select the best path for applications. This ensures optimal performance for critical traffiC) Policy-based routing can forward traffic based on source/destination, but does not dynamically measure performance.
SLA-based routing is an advanced network feature that allows routers to dynamically select the best path for traffic based on real-time network performance metrics. These metrics, monitored using IP Service Level Agreements (IP SLAs), include latency, jitter, packet loss, and reachability. By continuously measuring these parameters, SLA-based routing ensures that critical applications, such as voice, video, or real-time data, are sent over the most optimal path. If a monitored path does not meet the defined SLA thresholds, traffic can be rerouted automatically to an alternative path that satisfies performance requirements, enhancing application reliability and user experience.
Other routing mechanisms differ in functionality. Policy-based routing (PBR) allows administrators to forward traffic based on source, destination, or protocol, but it does not measure real-time performance metrics or adjust paths dynamically. Static routing provides fixed paths to destinations, which do not adapt to network congestion, failures, or varying performance. Route maps are configuration tools used for conditional control, such as route redistribution or PBR, but they rely on administrative rules rather than live network performance datA)
By combining IP SLA measurements with routing decisions, SLA-based routing provides a proactive and intelligent traffic management approach, ensuring optimal path selection for high-priority applications. This capability improves network reliability, reduces latency-sensitive application issues, and enhances overall performance, making SLA-based routing critical in modern enterprise networks.
SLA-based routing is an advanced network mechanism that enables routers to dynamically select the best path for traffic based on real-time network performance metrics. These metrics are monitored using IP Service Level Agreements (IP SLAs), which can measure parameters such as latency, jitter, packet loss, and reachability. By continuously evaluating these metrics, SLA-based routing ensures that critical applications, such as voice, video, or other latency-sensitive traffic, are routed over the most optimal path. If a monitored path fails to meet the defined SLA thresholds, traffic is automatically rerouted to an alternative path that satisfies performance requirements, ensuring reliability, improved application performance, and a better end-user experience.
Other routing mechanisms differ in functionality. Policy-Based Routing (PBR) allows traffic to be forwarded based on administrative rules like source, destination, or protocol, but it does not dynamically respond to changing network performance. Static routing provides fixed paths that cannot adapt to network congestion or failures, making it less suitable for critical or real-time traffiC) Route maps are configuration tools used for conditional routing or redistribution, but they rely on administrator-defined policies rather than live performance metrics.
By leveraging SLA-based routing, networks can proactively manage traffic, dynamically adapt to changing network conditions, and ensure optimal performance for high-priority applications. This makes SLA-based routing an essential tool in modern enterprise environments that require predictable, high-quality service delivery.
Question 59:
Which Cisco feature allows dynamic redistribution of routes between IPv4 and IPv6 routing protocols?
A) Route Maps
B) NAT64
C) Policy-Based Routing
D) Static Routing
Answer: A) Route Maps
Explanation:
Route maps enable conditional redistribution between routing protocols, including IPv4 and IPv6, allowing control over which routes are advertised and how metrics or attributes are applied. NAT64 translates addresses but does not redistribute routes. PBR and static routes are not dynamic redistribution mechanisms.
Route maps are a versatile and powerful tool in Cisco networks, enabling administrators to control how routing information is redistributed between different routing protocols or across different network layers, including IPv4 and IPv6. By using route maps, network engineers can apply conditional logic to redistribution, specifying which routes are advertised, modifying metrics, setting route tags, or filtering routes based on prefix, access lists, or other criteriA) For example, when redistributing routes from EIGRP into OSPF, a route map can set a default metric to prevent routing loops, ensure policy compliance, and maintain predictable routing behavior.
Other network mechanisms serve different purposes. NAT64 is used to translate IPv6 addresses to IPv4 and vice versa, enabling communication between IPv6 and IPv4 networks, but it does not perform route redistribution or control route attributes. Policy-Based Routing (PBR) allows administrators to override normal routing decisions based on source, destination, or application, influencing packet forwarding rather than the dynamic propagation of routing information. Static routing provides fixed paths to destinations and does not dynamically advertise or redistribute routes between protocols.
By leveraging route maps, network engineers gain fine-grained control over routing policies, enabling safe redistribution between protocols, consistent metric application, and filtering of undesired routes, making route maps an essential tool for complex enterprise networks that require predictable and controlled route propagation across multiple routing domains.
Route maps allow administrators to control how routing information is redistributed between protocols, including IPv4 and IPv6. They provide conditional logic to filter routes, modify metrics, set tags, or enforce policies during redistribution—for example, when moving routes from EIGRP to OSPF. NAT64 translates addresses but does not redistribute routes. Policy-Based Routing (PBR) affects packet forwarding based on criteria like source or destination, but does not dynamically advertise routes. Static routing provides fixed paths without dynamic redistribution. Using route maps ensures controlled, predictable, and policy-compliant route propagation, making them essential in complex network environments.
Question 60:
Which command verifies if a specific VLAN is allowed on a trunk interface?
A) show interfaces trunk
B) show vlan brief
C) show running-config
D) show spanning-tree
Answer: A) show interfaces trunk
Explanation:
Show interfaces trunk displays trunked interfaces, their allowed VLANs, native VLANs, and operational status. It helps troubleshoot VLAN communication across trunks. Show vlan brief lists VLANs but does not indicate trunk membership, while show running-config and show spanning-tree provide other config/status information.
In a Cisco switched network, managing trunk links is critical for ensuring proper VLAN communication across multiple switches. The command show interfaces trunk provides a detailed view of all trunked interfaces on a switch. It displays which interfaces are operating as trunks, the VLANs allowed on each trunk, the native VLAN, and the operational status. This information is essential for troubleshooting VLAN connectivity issues, verifying that trunks are configured correctly, and ensuring that VLANs are properly propagated across the network.
Other related commands serve different purposes. The show vlan brief lists all configured VLANs and their associated ports, but does not provide information about which interfaces are actively trunking or which VLANs are allowed on a trunk. Show running-config displays the complete current configuration of the device, including interface settings, VLANs, and other protocols, but it requires manual inspection to determine trunk status. Show spanning-tree provides information about spanning-tree protocol status, port roles, and state, which helps prevent loops but does not directly indicate trunk configuration or allowed VLANs.
By using the show interfaces trunk command, network administrators can quickly verify trunk links, check VLAN membership, and identify misconfigurations, making it an essential tool for ensuring that inter-switch VLAN communication functions correctly. This command helps maintain VLAN consistency, minimize broadcast issues, and troubleshoot trunk-related network problems efficiently.
The show interfaces trunk command displays all trunked interfaces on a Cisco switch, showing their allowed VLANs, native VLANs, and operational status. This is critical for troubleshooting VLAN communication across switches and verifying proper trunk configuration. While the show vlan brief lists VLANs and assigned ports, it does not indicate trunk membership or allowed VLANs. Show running-config shows the full configuration but requires manual inspection, and show spanning-tree provides STP status, not trunk details. Using the show interfaces trunk command helps network administrators ensure VLAN propagation, maintain consistency, and quickly identify misconfigurations across the network.
