Click here to access our full set of Cisco 350-601 exam dumps and practice tests.
Question 101:
A network engineer wants to redistribute OSPF routes into BGP. Which command allows specifying a metric for the redistributed routes?
A) redistribute OSPF 1 metric 100
B) network 10.0.0.0 0.0.0.255
C) default-information originates
D) router bgp 65001
Answer: A) redistribute ospf 1 metric 100
Explanation:
When redistributing OSPF into BGP, a metric must be specified because BGP requires a path selection value. This ensures proper route preference. Network statements advertise networks into BGP but do not handle redistribution metrics. Default information originates a default route. When integrating OSPF routes into BGP, the redistribute ospf 1 metric 100 command is crucial because BGP requires a numeric value to determine the preference of routes received from OSPF. The metric serves as a reference for BGP to evaluate the best path for traffic forwarding. Without specifying a metric, redistributed routes may not be properly installed in the BGP table, leading to inconsistent routing behavior or suboptimal path selection. This ensures that the redistributed routes have a defined preference when BGP compares multiple paths to the same destination.
Other commands serve different purposes in this context. The network 10.0.0.0 0.0.0.255 command advertises directly connected networks into BGP but does not redistribute OSPF-learned routes or assign a metric for them. Default information originates a default route into BGP, which is useful when you want to provide a gateway of last resort, but it does not affect the redistribution of OSPF routes. Finally, router bgp 65001 is used to enter BGP configuration mode, but does not perform any redistribution or metric assignment on its own.
By using the redistribute command with a metric, network engineers ensure smooth interoperability between OSPF and BGP, allowing OSPF routes to be accurately propagated within the BGP network while maintaining predictable route selection and stability across the autonomous system.
Question 102:
In SD-WAN, which policy type enforces firewall rules and blocks or allows traffic based on source and destination?
A) Data policy
B) Control policy
C) Application-aware routing (AAR)
D) QoS trust policy
Answer: A) Data policy
Explanation:
Data policies in Cisco SD-WAN allow administrators to inspect, filter, and manipulate traffic, enforcing firewall rules, access control, or redirecting traffic. Control policies manage control-plane behavior, AAR selects paths dynamically, and QoS trust policies mark traffic only. In Cisco SD-WAN, data policies provide administrators with granular control over traffic by inspecting, filtering, and enforcing rules such as access control, firewall actions, or traffic redirection. These policies determine how user or application traffic is handled across the WAN, ensuring security and proper traffic flow. Control policies, in contrast, manage control-plane operations, such as device authentication and overlay routing behavior. Application-Aware Routing (AAR) dynamically selects the optimal path based on real-time WAN performance metrics like latency, jitter, or loss, while QoS trust policies only mark traffic for priority handling without influencing routing or enforcement decisions.
Question 103:
Which command on a Cisco switch verifies the current spanning-tree root bridge and port roles?
A) show spanning-tree
B) show vlan brief
C) show interfaces trunk
D) show running-config
Answer: A) show spanning-tree
Explanation:
Show spanning-tree displays the root bridge ID, port roles, state, and VLAN mapping. This helps verify proper root placement and detect loops. The show vlan brief shows VLANs, the show interfaces trunk shows trunk details, and the ing-config shows the configuration. The show spanning-tree command in Cisco networks is essential for verifying the status and operation of the Spanning Tree Protocol (STP) on a switch. It provides detailed information about the root bridge ID, port roles (root, designated, or blocked), port states (forwarding or blocking), and the VLANs mapped to each port. This information is crucial for ensuring that the network topology is loop-free and that the root bridge is correctly placed according to design. By monitoring STP status, administrators can detect misconfigurations, prevent broadcast storms, and ensure network stability.
In comparison, the show vlan brief lists all VLANs configured on the switch, their status (active or suspended), and the ports assigned to each VLAN. While useful for verifying VLAN configuration, it does not provide information about spanning-tree roles or loop prevention. The show interfaces trunk displays trunking details such as trunk mode, allowed VLANs, native VLAN, and operational status, which is critical for VLAN propagation between switches, but does not show STP roles. Show running-config reveals the full switch configuration, including VLANs, interfaces, and STP settings, but requires manual inspection to understand the network topology.
Together, these commands provide a comprehensive view of VLANs, trunking, and STP operation, helping administrators maintain a stable and loop-free network. Spanning-tree is specifically indispensable for monitoring STP health and ensuring proper loop prevention.
Question 104:
A network engineer notices that BGP is not advertising routes to a neighbor. Which command would verify the BGP session state?
A) show ip bgp summary
B) show ip bgp neighbors <neighbor>
C) show ip route bgp
D) show running-config
Answer: B) show ip bgp neighbors <neighbor>
Explanation:
This command provides detailed information about a BGP neighbor, including session state (Idle, Active, Established), route updates, timers, and received routes. Show ip bgp summary gives a brief overview, show ip route bgp shows installed routes, and show running-config shows config only. The show ip bgp neighbors <neighbor> command is a crucial tool in BGP troubleshooting and monitoring, providing detailed information about a specific BGP neighbor. This command displays the session state (such as Idle, Active, or Established), the number of prefixes received and advertised, BGP timers (keepalive and hold), and detailed route information learned from that neighbor. By examining this output, network administrators can identify issues such as session flaps, misconfigurations, or unestablished sessions, and ensure that routing information is correctly exchanged between peers.
In comparison, show ip bgp summary provides a concise overview of all BGP neighbors, showing session states, the number of prefixes received, and general statistics, but it does not give neighbor-specific route details or granular timer information. Show ip route bgp displays only the BGP routes that are installed in the routing table, reflecting the selected best paths but not the full set of routes received from each neighbor or their attributes. Show running-config shows the device’s configuration, including BGP neighbor definitions, policies, and route maps, but it does not provide real-time operational information or session status.
Together, these commands complement each other, but show ip bgp neighbors <neighbor> is indispensable for in-depth troubleshooting of a particular BGP session. It allows administrators to verify neighbor reachability, session establishment, and the complete set of route attributes, making it essential for maintaining BGP stability and network reachability.
Question 105:
Which MPLS label is removed by the PE router before forwarding the packet to a customer network?
A) Inner label
B) Outer label
C) Top label
D) Both labels
Answer: C) Top label
Explanation:
LER/PE routers pop the top MPLS label before sending traffic to the CE network. This exposes the original IP packet for delivery. P routers forward labels unchanged. The inner label may be part of a VPN label stack, but only the top label is removed at the edge. In an MPLS network, the concept of label stacking allows multiple labels to be assigned to a packet for different purposes, such as VPN identification or traffic engineering. LER (Label Edge Routers) or PE (Provider Edge) routers operate at the edge of the MPLS network and are responsible for pushing, swapping, or popping labels. When a packet exits the MPLS cloud towards a CE (Customer Edge) device, the top label is popped to reveal the original IP packet, which can then be routed normally in the customer network. This process ensures proper delivery while maintaining MPLS forwarding efficiency within the provider core.
P routers in the core do not remove labels; they simply forward packets based on the top label, performing label swaps as needed to maintain MPLS path forwarding. The inner label, often used for VPN identification, remains in place until it reaches the appropriate egress PE that is responsible for popping it if required. Only the top label is removed when exiting the MPLS domain to the customer network, ensuring that the original packet is delivered correctly.
This separation of roles ensures that the MPLS core operates efficiently, with P routers handling fast label-based forwarding and PE/LER routers managing edge operations and label removal. Understanding which label is popped and when is critical for troubleshooting MPLS VPNs, verifying end-to-end connectivity, and ensuring traffic reaches the intended CE devices without disruption.
Question 106:
Which Cisco wireless feature dynamically segments users based on roles without changing VLANs?
A) VLANs
B) Security Group Tags (SGTs)
C) ACLs
D) Port-based authentication
Answer: B) Security Group Tags (SGTs)
Explanation:
TrustSec SGTs allow role-based access control, dynamically segmenting traffic without relying on VLANs. ACLs filter traffic, VLANs are static, and port-based authentication controls access per port, but does not segment traffic dynamically. Cisco TrustSec introduces Security Group Tags (SGTs) as a method to enforce role-based access control and dynamic segmentation across the network. Unlike traditional VLANs, which segment traffic based on Layer 2 domains and are inherently static, SGTs assign tags to users, devices, or endpoints based on roles, departments, or security policies. These tags travel with the traffic across the network, enabling consistent policy enforcement regardless of the underlying IP addressing or physical topology. This dynamic approach simplifies network management, improves security, and allows finer-grained control over who can access which resources.
VLANs, while useful for basic segmentation, are static and require manual configuration for each switch, making them less flexible for large or dynamic environments. Access Control Lists (ACLs) filter traffic based on IP addresses, ports, or protocols, but they do not provide dynamic role-based segmentation. Port-based authentication, such as 802.1X, controls which devices can access the network at a particular port but does not inherently manage traffic segmentation beyond granting or denying access.
By combining SGTs with TrustSec enforcement points like SGT-aware switches, routers, and firewalls, administrators can implement policies that follow users and devices throughout the network, providing a secure, scalable, and flexible method of segmentation that goes beyond traditional VLANs and ACLs. This approach reduces administrative overhead, increases security posture, and enables policy consistency across complex enterprise networks.
Question 107:
A network engineer wants to prevent OSPF routing loops in a multi-area network. Which feature is most effective?
A) Stub areas
B) Route summarization
C) Authentication
D) Passive interfaces
Answer: B) Route summarization
Explanation:
Route summarization reduces the number of LSAs between areas, minimizing the risk of routing loops caused by inconsistent routing information. Stub areas restrict external routes, authentication secures OSPF, and passive interfaces prevent OSPF hello messages. In OSPF networks, managing routing information efficiently is critical to maintaining stability and preventing loops. Route summarization is a technique used to combine multiple contiguous networks into a single summary route, which is advertised between areas. This reduces the number of LSAs (Link-State Advertisements) exchanged across area boundaries, lowering routing table size and minimizing processing overhead on routers. By limiting detailed network information from propagating unnecessarily, summarization also reduces the risk of routing loops caused by inconsistent or conflicting routes between areas.
Other OSPF mechanisms serve different purposes. Stub areas are special OSPF area types that block external Type 5 LSAs, allowing only internal and summary routes to enter the area. This reduces routing table size and LSA flooding within the stub area, but it does not perform summarization. Authentication in OSPF ensures that only trusted routers can participate in the OSPF domain, protecting against malicious or accidental route injection; it secures the integrity of LSAs but does not reduce routing information. Passive interfaces prevent OSPF hello messages from being sent on a specific interface, effectively stopping neighbor relationships from forming on that link. While this improves security and reduces unnecessary OSPF traffic, it does not summarize routes or optimize LSAs.
By implementing route summarization, network engineers achieve more efficient OSPF operation, lower resource consumption, and reduced likelihood of routing inconsistencies, complementing other features like stub areas, authentication, and passive interfaces.
Question 108:
In SD-WAN, which component ensures control-plane security between vEdge routers and controllers?
A) vManage
B) vSmart
C) vBond
D) vEdge
Answer: B) vSmart
Explanation:
vSmart controllers manage secure control-plane connectivity, distributing routing and policy information between vEdge routers. vBond handles onboarding, vManage manages configuration, and vEdge handles data-plane traffic. In Cisco SD-WAN architecture, each component plays a specific role to ensure secure, efficient, and manageable connectivity across sites. vSmart controllers are the core of the control plane. They are responsible for distributing routing information, security policies, and segmentation details to all vEdge routers in the network. By centralizing control-plane decisions, vSmart ensures consistent policy enforcement, optimal path selection, and secure communication across the WAN overlay.
vBond orchestrators handle zero-touch provisioning (ZTP) and initial authentication for devices joining the SD-WAN network. They authenticate vEdge devices and facilitate secure control-plane connections to vSmart controllers. This ensures that new devices can join the overlay securely without manual configuration.
vManage is the management plane, providing a centralized GUI for configuration, template deployment, monitoring, troubleshooting, and software upgrades. It allows administrators to deploy policies, view real-time network performance, and generate reports for operational visibility.
vEdge routers are the data-plane devices that handle actual traffic forwarding between sites. They establish encrypted tunnels, implement routing decisions, enforce policies distributed by vSmart, and carry application traffic across the WAN. While vEdge devices are critical for data forwarding, they rely on vSmart for control-plane intelligence, vBond for onboarding, and vManage for centralized management.
Together, these four components create a scalable, secure, and policy-driven SD-WAN overlay, ensuring that enterprise traffic flows efficiently while maintaining visibility and control over the network.
Question 109:
Which QoS mechanism is best suited for providing guaranteed bandwidth to voice traffic?
A) Policing
B) Shaping
C) LLQ (Low Latency Queuing)
D) CBWFQ
Answer: C) LLQ (Low Latency Queuing)
Explanation:
LLQ allows priority queuing for delay-sensitive traffic like voice while providing bandwidth guarantees to other classes. CBWFQ allocates bandwidth but does not prioritize, and policing/shaping manages traffic rates but not priority. In QoS (Quality of Service) implementations on Cisco devices, Low Latency Queuing (LLQ) is specifically designed to handle delay-sensitive traffic such as voice and video while still supporting other types of traffic. LLQ combines the capabilities of Class-Based Weighted Fair Queuing (CBWFQ) with a strict priority queue. The priority queue ensures that critical traffic, like VoIP packets, is transmitted first, minimizing latency and jitter, while other traffic classes are allocated bandwidth based on configured weights. This ensures both high-priority traffic and general data flows receive appropriate treatment.
CBWFQ, in contrast, allocates bandwidth to traffic classes based on preconfigured weights but does not offer strict priority. While it ensures fair bandwidth distribution, delay-sensitive traffic may still experience latency during congestion.
Policing and traffic shaping manage traffic rates differently. Policing enforces a maximum rate by dropping or remarking excess traffic, making it useful for enforcing SLA limits but not for prioritizing packets. Shaping buffers excess traffic to smooth bursts, controlling traffic transmission over time, but it does not prioritize delay-sensitive flows.
LLQ’s combination of strict priority queuing and weighted bandwidth allocation makes it the most suitable choice for scenarios where real-time applications require minimal delay, while CBWFQ, policing, and shaping handle other traffic characteristics without providing strict prioritization for latency-sensitive applications.
Question 110:
Which command shows all OSPF LSAs received by a router?
A) show ip ospf database
B) show ip route ospf
C) show ip protocols
D) show running-config
Answer: A) show ip ospf database
Explanation:
Show ip ospf database lists all LSAs the router has received and their types (Router, Network, Summary, External), helping troubleshoot topology and routing issues. Show ip route ospf shows installed routes only. The show ip ospf database command is a crucial troubleshooting and verification tool in OSPF networks. It displays the complete Link-State Database (LSDB) that the router maintains, including all LSAs (Link-State Advertisements) received from neighboring routers. LSAs are categorized into types such as Type 1 (Router LSAs), Type 2 (Network LSAs), Type 3 (Summary LSAs), and Type 5 (External LSAs). By examining the LSDB, network engineers can verify which OSPF routes are known to the router, identify missing or incorrect LSAs, and troubleshoot OSPF topology issues.
Other related commands serve different purposes. Show ip route ospf displays only the OSPF-learned routes that have been installed into the routing table, reflecting the router’s current forwarding decisions but not the complete topology. Show ip protocols provides information about OSPF configuration parameters, such as process ID, networks being advertised, timers, and neighbor information, but does not show the LSAs themselves. Show running-config shows the router’s current configuration, including OSPF settings, but does not provide real-time information about received LSAs or the LSDB.
By using the show ip ospf database command, administrators can correlate LSAs with routing table entries, verify area summarization, check for external routes, and ensure OSPF convergence is functioning correctly. This command is essential for proactive monitoring and diagnosing complex OSPF network issues.
Question 111:
Which BGP attribute is used to prevent routing loops across multiple autonomous systems?
A) Weight
B) LOCAL_PREF
C) AS_PATH
D) MED
Answer: C) AS_PATH
Explanation:
AS_PATH lists all ASes a route traverses, preventing loops by rejecting routes containing the local AS. Weight and LOCAL_PREF are local to a router or AS, and MED influences path selection between ASes.In BGP, the AS_PATH attribute is a critical mechanism for loop prevention and path selection. AS_PATH records the sequence of Autonomous Systems (ASes) a route has traversed. When a BGP router receives a route advertisement, it examines the AS_PATH to determine whether the route has already passed through its own AS. If the local AS appears in the path, the route is rejected, preventing routing loops. This ensures stability and consistency in inter-AS routing.
Other BGP attributes play different roles in path selection. Weight is a Cisco-specific attribute local to the router; higher weight values are preferred when selecting the best path. LOCAL_PREF is used within an AS to influence the preferred outbound path, with higher values being favored. Unlike AS_PATH, LOCAL_PREF does not propagate outside the AS. MED (Multi-Exit Discriminator) suggests to neighboring ASes which entry point into the AS is preferred, with lower MED values being preferred. MED helps influence traffic between ASes but does not guarantee loop prevention.
By understanding AS_PATH along with Weight, LOCAL_PREF, and MED, network engineers can manipulate route selection and enforce policies while maintaining loop-free routing. AS_PATH’s primary role in loop prevention makes it indispensable for stable inter-AS BGP deployments, while the other attributes provide granular control over path preference and traffic engineering.
Question 112:
Which SD-WAN policy dynamically selects paths based on jitter, latency, and packet loss?
A) Control policy
B) Data policy
C) Application-aware routing (AAR)
D) QoS trust policy
Answer: C) Application-aware routing (AAR)
Explanation:
AAR selects paths dynamically by evaluating real-time SLA metrics to ensure optimal performance for critical applications. Data policies enforce routing decisions, control policies manage device behavior, and QoS trust policies mark traffic. In Cisco SD-WAN, Application-Aware Routing (AAR) is a key feature that dynamically selects the optimal path for application traffic based on real-time network performance metrics, such as latency, jitter, packet loss, and path availability. AAR continuously monitors multiple WAN links and chooses the best path to ensure that critical applications, like voice, video, or ERP traffic, meet their performance requirements. This proactive path selection enhances user experience and prevents performance degradation caused by suboptimal routes.
Data policies, in contrast, control the forwarding of traffic by defining rules based on source, destination, or application. They can enforce firewall rules, redirect traffic, or prioritize certain flows, but they do not evaluate live path performance metrics for dynamic rerouting.
Control policies manage the behavior of SD-WAN devices at the control plane level. They handle device authentication, onboarding, certificate distribution, and connectivity to vSmart controllers, ensuring secure and efficient control-plane communication.
QoS trust policies focus on marking or trusting traffic for quality of service purposes. These policies assign DSCP values or prioritize traffic classes to ensure that high-priority applications receive preferential treatment on the network, but they do not dynamically select WAN paths.
By combining AAR with data, control, and QoS policies, SD-WAN provides intelligent traffic management that guarantees application performance, enforces security and routing policies, and ensures consistent network behavior across the WAN.
Question 113:
Which command verifies which VLANs exist and are active on a Cisco switch?
A) Show interfaces trunk
B) show vlan brief
C) show spanning-tree
D) show running-config
Answer: B) show vlan brief
Explanation:
Show vlan brief lists VLAN IDs, names, status, and assigned ports. This helps verify proper VLAN creation and activity. Trunk commands show allowed VLANs across links, and spanning-tree shows loop prevention. In a Cisco switched network, managing VLANs and ensuring proper trunking is critical for maintaining network segmentation and connectivity. The command show vlan brief provides a quick overview of all VLANs configured on a switch, including their VLAN IDs, names, status (active or suspended), and the ports assigned to each VLAN. This information is essential for verifying that VLANs have been created correctly, are operational, and that devices are connected to the intended VLANs. For example, if a host cannot communicate with others in the same VLAN, show vlan brief helps confirm whether the host’s port is correctly assigned to the VLAN and whether the VLAN itself is active.
Show interfaces trunk complements this by displaying information about trunk ports, including which interfaces are configured as trunks, the allowed VLANs, the native VLAN, and the operational status. Trunking is necessary when multiple VLANs must traverse a single link between switches. This command is particularly useful for troubleshooting inter-switch VLAN propagation issues, ensuring that the correct VLANs are allowed across trunks and that mismatches do not block traffic.
Show spanning-tree provides insight into the Spanning Tree Protocol (STP) status, including root bridge election, port roles, and port states. STP prevents Layer 2 loops that can occur when redundant links exist between switches, which is crucial in networks with multiple VLANs to maintain stability and avoid broadcast storms.
Finally, show running-config displays the current configuration of the switch, including interface settings, VLANs, trunking configuration, and STP settings. While it is comprehensive, it requires manual inspection to interpret VLAN activity and trunk status compared to the targeted outputs of the other commands.
By using these commands together—show vlan brief for VLAN verification, show interfaces trunk for trunk troubleshooting, show spanning-tree for loop prevention, and show running-config for overall configuration review—network administrators can ensure VLANs are properly configured, trunks propagate traffic correctly, and the network remains loop-free and stable. This holistic approach streamlines VLAN management, troubleshooting, and network reliability.
Question 114:
Which feature allows Cisco TrustSec to enforce network access policies without relying on IP addresses?
A) VLANs
B) Security Group Tags (SGTs)
C) ACLs
D) Port-based authentication
Answer: B) Security Group Tags (SGTs)
Explanation:
SGTs abstract users and devices from IP addresses, enabling dynamic role-based access control. VLANs and ACLs can be static, while port-based authentication controls access at the interface. Cisco TrustSec is a modern network security framework that leverages Security Group Tags (SGTs) to provide dynamic, role-based access control across the network. SGTs are assigned to users or devices based on their roles, device types, or security posture, abstracting the network from relying on IP addresses or subnets for policy enforcement. This approach enables more granular and flexible security policies, allowing administrators to segment traffic and enforce access restrictions dynamically, even as devices move across the network. For example, a user tagged as “Finance” can have access to financial resources regardless of the VLAN they are connected to, while a device tagged as “Guest” may have limited network access.
VLANs provide traditional Layer 2 segmentation, separating traffic into different broadcast domains. While VLANs are effective for isolating traffic, they are static and tied to the physical or logical topology of the network. This means that any policy changes or device mobility may require manual reconfiguration of VLAN assignments, which is less flexible than SGT-based segmentation.
Access Control Lists (ACLs) filter traffic based on IP addresses, protocols, and ports. While ACLs are fundamental for enforcing security policies, they are static and do not inherently adapt to user roles or device types. Managing large networks with dynamic devices using ACLs alone can be cumbersome and error-prone.
Port-based authentication, such as 802.1X, controls network access at the switch port level, requiring devices or users to authenticate before gaining network access. While this secures the entry point, it does not provide network-wide dynamic segmentation or allow policies to follow users across VLANs or switches.
By combining SGTs with Cisco TrustSec, organizations gain a flexible, scalable, and policy-driven approach to network security. SGTs enable dynamic enforcement of access controls across the network, overcoming the limitations of static VLANs, ACLs, and port-based authentication. This ensures that policies are consistently applied based on roles rather than network topology, improving security posture while simplifying management in modern, mobile, and cloud-integrated environments.
Question 115
Which MPLS router forwards packets using only the label, without inspecting the IP header?
A) CE
B) PE
C) P
D) LER
Answer: C) P
Explanation:
P routers in the MPLS core forward packets based on the top label. They do not pop or inspect IP headers. PE routers push/pop labels, and CE routers are outside the MPLS network. In an MPLS (Multiprotocol Label Switching) network, different types of routers have distinct roles that determine how packets are handled as they traverse the network. P routers—Provider routers—are core routers within the MPLS backbone. Their primary function is to forward packets based solely on the top MPLS label without inspecting the IP header. This label-switching behavior allows P routers to efficiently move large volumes of traffic through the network while maintaining high performance and low latency. Because P routers do not push or pop labels, they do not add or remove labels; they only perform label lookup and forward packets to the next hop based on the label information.
PE routers—Provider Edge routers—operate at the edge of the MPLS network and interface directly with customer networks. PE routers are responsible for pushing labels onto incoming packets from the CE (Customer Edge) routers, effectively entering them into the MPLS domain. Similarly, when packets exit the MPLS network, PE routers pop labels to deliver the original IP packets to the CE devices. In some contexts, PE routers are also referred to as LERs (Label Edge Routers) because they perform the edge functions of pushing and popping labels and classifying traffic into Forwarding Equivalence Classes (FECs).
CE routers are customer-owned devices located at the edge of the customer network. They are outside the MPLS domain and do not handle MPLS labels. CE routers forward packets toward the PE router using traditional IP routing and rely on the MPLS network for transit.
By understanding these roles, network engineers can design MPLS networks efficiently, ensuring that label handling and forwarding responsibilities are clearly defined. P routers focus on fast label switching within the core, PE/LER routers manage the edge labeling functions and connectivity to customer networks, and CE routers maintain standard IP routing for customer traffic. This separation of roles optimizes performance, simplifies troubleshooting, and enables scalable MPLS deployments.
Question 116:
Which command displays all BGP routes received from a specific neighbor?
A) show ip bgp
B) show ip bgp summary
C) show ip bgp neighbors <neighbor> routes
D) show ip route bgp
Answer: C) show ip bgp neighbors <neighbor> routes
Explanation:
This command shows all routes received from a neighbor, including path attributes. Show ip bgp summary displays session info, show ip bgp shows all BGP routes, and show ip route bgp shows installed routes only. In Border Gateway Protocol (BGP), understanding the status of neighbor relationships and the routes exchanged is crucial for managing interdomain routing effectively. The command show ip bgp neighbors <neighbor> routes is specifically designed to display all routes that have been received from a particular BGP neighbor. This includes not only the prefixes but also essential BGP path attributes such as NEXT_HOP, AS_PATH, LOCAL_PREF, MED, and origin type. These attributes determine how BGP selects the best path to reach a destination, making this command invaluable for troubleshooting routing issues or verifying policy implementation. By examining the output, network administrators can identify if a neighbor is sending unexpected routes, if certain prefixes are missing, or if route filtering is functioning correctly.
In contrast, the show ip bgp summary command provides an overview of all BGP neighbors and their current session states. It shows the state of the TCP session (Idle, Active, Established), number of prefixes received, BGP version, AS numbers, hold timers, and uptime of each session. This high-level summary is useful for quickly verifying the overall health of BGP peerings, detecting session flaps, or confirming that neighbor relationships are stable. However, it does not provide detailed route information or attribute-level insights, which are essential for path analysis or troubleshooting policy issues.
The show ip bgp command, without specifying a neighbor, displays all routes known to the BGP process across all neighbors. This includes all prefixes received, selected, and even unreachable routes marked as suppressed. It is useful for obtaining a global view of the BGP routing table, understanding network reachability, and confirming that route selection policies are applied correctly. Unlike the neighbor-specific command, it does not isolate which routes came from which peer, which can make detailed troubleshooting of neighbor-specific issues more challenging.
Finally, the show ip route bgp command provides a view of the BGP routes that have been installed into the global routing table. While a BGP process might learn thousands of routes, only the best path for each prefix is injected into the routing table. This command is critical for verifying that BGP routes are actually being used for forwarding and are not just present in the BGP table. It is particularly useful for validating policy-based path selection, ensuring correct route propagation, and confirming the operational state of the network from a data-plane perspective.
Together, these commands provide a comprehensive toolkit for monitoring, troubleshooting, and validating BGP configurations. Show ip bgp neighbors <neighbor> routes allows in-depth inspection of received routes and path attributes, show ip bgp summary gives session health and overview, show ip bgp provides the global BGP routing table, and show ip route bgp confirms routes actually installed for forwarding. By using all four commands, network engineers can fully understand BGP behavior, isolate problems efficiently, and maintain robust interdomain routing in complex networks. This layered visibility ensures BGP stability, compliance with routing policies, and predictable network performance.
Question 117:
Which OSPF LSA type summarizes routes between areas?
A) Type 1
B) Type 2
C) Type 3
D) Type 5
Answer: C) Type 3
Explanation:
Type 3 LSAs are generated by ABRs to summarize intra-area routes for other areas. Type 5 LSAs carry external routes, Type 1 describes routers, and Type 2 describes network links. In OSPF (Open Shortest Path First), Link-State Advertisements (LSAs) are the building blocks of the link-state database, which routers use to calculate the shortest path tree and populate their routing tables. LSAs are categorized by type, each serving a specific purpose in the OSPF domain. Understanding the distinctions between these LSA types is critical for proper OSPF design, troubleshooting, and optimization.
Type 3 LSAs, also known as Summary LSAs, are generated by Area Border Routers (ABRs). Their primary purpose is to advertise routes between different OSPF areas. Since OSPF divides a large network into smaller areas to reduce the routing table size and limit LSA flooding, ABRs summarize intra-area routes from one area and propagate them to other areas using Type 3 LSAs. These LSAs carry information about networks within a specific area but do not include external routes from outside the OSPF autonomous system. By using summary LSAs, ABRs help reduce the amount of routing information exchanged across areas, improving scalability and efficiency in large OSPF deployments. For example, an ABR connecting Area 0 (backbone) to Area 1 will generate Type 3 LSAs for all networks in Area 1 and advertise them into Area 0, allowing routers in Area 0 to reach Area 1 networks without having detailed knowledge of every router in Area 1.
Type 1 LSAs, known as Router LSAs, describe the state and cost of each router’s interfaces within a particular area. Every OSPF router generates a Type 1 LSA for each area it participates in. These LSAs include information about the router’s ID, the interfaces participating in OSPF, and the cost associated with each link. Type 1 LSAs remain local to their area and are not propagated outside it. They are essential for routers within an area to build an accurate link-state database for intra-area route calculation.
Type 2 LSAs, or Network LSAs, are generated by Designated Routers (DRs) on multi-access networks such as Ethernet. Type 2 LSAs describe the routers attached to the network segment and the segment itself. This LSA allows routers in the same area to know which routers share a common network and their associated costs. Type 2 LSAs are propagated only within the area and help maintain loop-free connectivity between routers on broadcast networks.
Type 5 LSAs, referred to as External LSAs, are generated by Autonomous System Boundary Routers (ASBRs) to advertise routes from external routing protocols, such as BGP or RIP, into the OSPF domain. Type 5 LSAs allow OSPF routers to reach destinations outside the OSPF autonomous system. Unlike Type 3 LSAs, which summarize internal OSPF routes, Type 5 LSAs carry external network information and are flooded throughout non-stub areas. They play a crucial role in enabling OSPF networks to integrate with other routing domains.
In summary, OSPF uses a hierarchical LSA structure to ensure efficient routing. Type 1 LSAs describe router interfaces within an area, Type 2 LSAs describe multi-access networks, Type 3 LSAs allow inter-area routing by summarizing routes from one area to another, and Type 5 LSAs introduce external routes into the OSPF domain. Understanding these LSA types is essential for network engineers to design scalable OSPF topologies, troubleshoot routing issues, and ensure optimal routing performance across large and complex networks. Proper use of Type 3 LSAs in particular allows OSPF to maintain area separation while providing connectivity across the network efficiently, minimizing unnecessary flooding and reducing CPU and memory overhead on routers.
Question 118:
Which QoS mechanism drops packets exceeding a configured rate?
A) Shaping
B) Policing
C) LLQ
D) CBWFQ
Answer: B) Policing
Explanation:
Policing enforces rate limits by dropping or remarking excess packets. Shaping buffers packets to match rates, LLQ provides priority, and CBWFQ allocates bandwidth per class. In network traffic management, Quality of Service (QoS) mechanisms play a crucial role in controlling bandwidth usage, ensuring fairness, and prioritizing critical applications. Four common QoS mechanisms are shaping, policing, LLQ, and CBWFQ, each with a specific function and purpose.
Policing enforces a strict traffic rate by dropping or marking packets that exceed the configured bandwidth limit. It is often used to enforce service-level agreements (SLAs) or prevent a user or application from consuming more than its allocated bandwidth. Since policing immediately discards excess packets, it can cause traffic bursts to be dropped, potentially affecting latency-sensitive applications if not applied carefully.
Shaping, in contrast, does not drop excess traffic. Instead, it buffers packets temporarily and schedules their transmission to smooth out bursts and match the configured output rate. This is particularly useful for traffic flowing into a slower link, preventing congestion and ensuring a steady flow of packets without causing packet loss.
LLQ (Low Latency Queuing) provides strict priority to delay-sensitive traffic, such as voice or video, while also allowing other traffic classes to share the remaining bandwidth. It combines priority queuing with class-based queuing to ensure that critical applications receive minimal latency and jitter.
CBWFQ (Class-Based Weighted Fair Queuing) divides available bandwidth among different traffic classes according to assigned weights, ensuring fair bandwidth allocation without strict priority. While CBWFQ guarantees bandwidth for classes, it does not offer the strict low-latency prioritization that LLQ provides.
Together, these mechanisms allow network engineers to manage traffic efficiently, control congestion, and ensure optimal performance for critical applications.
Question 119:
Which wireless protocol prevents loops in AP redundancy?
A) STP
B) RSTP
C) PVST+
D) None
Answer: D) None
Explanation:
Wireless APs manage redundancy and failover internally via controllers. STP/RSTP/PVST+ are wired Layer 2 protocols, not used for wireless AP loop prevention. In wired networks, protocols such as STP (Spanning Tree Protocol), RSTP (Rapid Spanning Tree Protocol), and PVST+ (Per-VLAN Spanning Tree Plus) are designed to prevent Layer 2 loops by creating a loop-free topology. They detect redundant paths and block certain interfaces to ensure there is only a single active path between any two network devices. These protocols are essential in Ethernet switching environments where multiple links could otherwise create broadcast storms, duplicate frames, or MAC table instability.
However, in wireless LANs, redundancy and failover are handled differently. Access Points (APs) rely on wireless controllers to manage client connectivity, roaming, and load balancing. If an AP fails or a client moves, the controller dynamically redirects traffic to another AP without the need for Layer 2 spanning tree mechanisms. Wireless networks operate primarily at Layer 2 for data frames, but the loop prevention and redundancy mechanisms used in wired networks are not applicable because wireless clients do not create bridging loops in the same way as switches do.
Therefore, APs do not use STP, RSTP, or PVST+ to maintain network stability. Instead, redundancy and failover are internally managed by the wireless controller, which monitors AP health, client associations, and signal quality to ensure seamless connectivity. While STP variants are critical for wired Ethernet loop prevention, wireless networks rely on controller-managed redundancy for reliable client connectivity and seamless roaming.
Question 120:
Which SD-WAN component provides GUI-based management for configuration, monitoring, and policy deployment?
A) vSmart
B) vBond
C) vManage
D) vEdge
Answer: C) vManage
Explanation:
vManage is the centralized GUI platform for SD-WAN, allowing template deployment, monitoring, troubleshooting, and policy enforcement. vSmart handles control-plane, vBond onboarding, and vEdge handles data-plane traffic.vManage is the central management component of the Cisco SD-WAN architecture, providing a unified GUI-based dashboard for administrators to configure, monitor, and troubleshoot the entire SD-WAN fabric. It enables the creation and deployment of device templates, security policies, and routing configurations across all WAN edge devices. In contrast, vSmart handles control-plane functions such as route exchange and policy distribution. vBond manages authentication and onboarding of SD-WAN devices, ensuring secure connectivity during the initial setup. vEdge routers operate at the data plane, forwarding user traffic based on the policies received. Thus, vManage acts as the operational command center for SD-WAN.
