Cisco Certified Network Professional Enterprise (CCNP 2022)

Exam 300-410
Enterprise Advanced Routing and
Services (ENARSI)
Demo Questions
300-410: Cisco Enterprise Advanced Routing and Services (Jan 2022)

QUESTION 1

Refer to the exhibit. An engineer has successfully set up a floating static route from the BRANCH router to the
HQ network using HQ_R1 as the primary default gateway. When the g0/0 goes down on HQ_R1, the branch
network cannot reach the HQ network 192.168.20.0/24. Which set of configuration resolves the issue?
A. HQ_R3(config)# ip sla responder
HQ_R3(config)# ip sla responder icmp-echo 172.16.35.1

B. HQ_R3(config)# ip sla responder

HQ_R3(config)# ip sla responder icmp-echo 172.16.35.5

C. BRANCH(config)# ip sla 1
BRANCH(config-ip-sla)# icmp-echo 192.168.100.1

D. BRANCH(config)# ip sla 1
BRANCH(config-ip-sla)# icmp-echo 192.168.100.2

Answer: C
https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I.html
QUESTION 2
What are two purposes of using IPv4 and VPNv4 address-family configurations in a Layer 3 MPLS VPN?
(Choose two)
A. RD is prepended to the IPv4 route to make it unique
B. The VPNv4 address consists of a 64-bit route distinguisher that is prepended to the IPv4 prefix
C. MP-BGP is used to allow overlapping IPv4 addresses between customers to advertise through the network
D. The IPv4 address is needed to tag the MPLS label
E. The VPNv4 address is used to advertise the MPLS VPN label

Answer: A, B
https://community.cisco.com/t5/switching/i-am-not-clear-on-the-difference-between-ipv4-and-vpnv4-address/td
-p/2463679

QUESTION 3

Refer to the exhibit. A user has set up an IP SLA probe to test if a non SLA host web server on IP address
10.1.1.1 accepts HTTP sessions prior to deployment. The probe is failing. Which action should the network
administrator recommend for the probe to succeed?
A. Add icmp-echo command for the host
B. Re-issue the ip sla schedule command
C. Modify the ip sla schedule frequency to forever
D. Add the control disable option to the tcp connect

Answer: D
https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2018/pdf/BRKNMS-3043.pdf p.28
QUESTION 4
When configuring Control Plane Policing on a router to protect it from malicious traffic, an engineer observes
that the configured routing protocols start flapping on that device. Which action in the Control Plane Policy
prevents this problem in a production environment while achieving the security objective?
A. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rate and apply
the Control Plane Policy in the output direction
B. Set the conform-action and exceed-action to transmit initially to test the ACLs and transmit rate and apply
the Control Plane Policy in the input direction
C. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rate and apply
the Control Plane Policy in the output direction
D. Set the conform-action to transmit and exceed-action to drop to test the ACLs and transmit rate and apply
the Control Plane Policy in the input direction

Answer: B

QUESTION 5
An engineer configured a company’s multiple area OSPF Head Office router and Site A Cisco routers with VRF
lite. Each site router is connected to a PE router of an MPLS backbone:

Head Office & Site A

ip cef
ip vaf abc
rd 101:101
!
interface FastEthernet0/0
ip vrf forwarding abc
ip address 172.16.16.X 255.255.255.252
!
router ospf 1 vrf abc
log-adjacency-changes
network 172.16.16.0 0.0.0.255 area 1

After finishing both site router configurations, none of the LSA 3, 4, 5, and 7 are installed at Site A router.
Which configuration resolves this issue?
A. configure capability vrf-lite on Head Office and its connected PE router under router ospf 1 vrf abc
B. configure capability vrf-lite on Site A and its connected PE router under router ospf 1 vrf abc
C. configure capability vrf-lite on Head Office and Site A routers under router ospf 1 vrf abc
D. configure capability vrf-lite on both PE routers connected to Head Office and Site A routers under router
ospf 1 vrf abc

Answer: C
QUESTION 6

Refer to the exhibit. An engineer received this error message when trying to access another router in-band from
the serial interface connected to the console of R1. Which configuration is needed on R1 to resolve this issue?
A. R1(config)# line console 0
R1(config-line)# transport output ssh
B. R1(config)# line vty 0
R1(config-line)# transport output ssh
C. R1(config)# line vty 0
R1(config-line)# transport output ssh
R1(config-line)# transport preferred ssh
D. R1(config)# line console 0
R1(config-line)# transport preferred ssh

Answer: A

QUESTION 7
What are two MPLS label characteristics? (Choose two)
A. The label edge router swaps labels on the received packets
B. Labels are imposed in packets after the Layer 3 header
C. LDP uses TCP for reliable delivery of information
D. An MPLS label is a short identifier that identifies a forwarding equivalence class
E. A maximum of two labels can be imposed on an MPLS packet

Answer: C, D
https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/4649-mpls-faq-4649.html
MPLS label is imposed between the data link layer (Layer 2) header and network layer (Layer 3) header. The
top of the label stack appears first in the packet, and the bottom appears last. The network layer packet
immediately follows the last label in the label stack. MPLS label is a short, four-byte, fixed-length,
locally-significant identifier which is used in order to identify a Forwarding Equivalence Class (FEC). The label
which is put on a particular packet represents the FEC to which that packet is assigned.
QUESTION 8

Refer to the exhibit. An engineer identified a Layer 2 loop using DNAC. Which command fixes the problem in
the SF-D9300-1 switch?
A. spanning-tree portfast bpduguard
B. no spanning-tree uplinkfast
C. spanning-tree loopguard default
D. spanning-tree backbonefast

Answer: C
https://www.cisco.com/c/en/us/support/docs/lan-switching/spanning-tree-protocol/10596-84.html
QUESTION 9

Refer to the exhibit. A user on the 192.168.1.0/24 network can successfully ping 192.168.3.1, but the
administrator cannot ping 192.168.3.1 from the LA router. Which set of configurations fixes the issue?

A. LA Router
ip route 192.168.3.0 255.255.255.0 10.1.1.1
ip route 192.168.4.0 255.255.255.0 10.1.1.1

B. Chicago Router
router eigrp 100
redistribute connected

C. Chicago Router
router eigrp 100
redistribute static metric 10 10 10 10 10

D. Chicago Router
ip route 192.168.3.0 255.255.255.0 10.1.2.2
ip route 192.168.4.0 255.255.255.0 10.1.2.2

Answer: B
QUESTION 10

Refer to the exhibit. Which interface configuration must be configured on the HUB router to enable MVPN
with mGRE mode?
A. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.1.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 172.17.0.1
ip nhrp map 10.0.0.11 172.17.0.2
ip nhrp map 10.0.0.12 172.17.0.3
tunnel mode gre

B. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel mode gre multipoint

C. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.0.0.1 255.255.255.0
ip nhrp network-id 1
tunnel source 172.17.0.1
tunnel mode gre multipoint

D. interface Tunnel0
description mGRE – DMVPN Tunnel
ip address 10.1.0.1 255.255.255.0
ip nhrp map multicast dynamic
ip nhrp network-id 1
tunnel source 10.0.0.1
tunnel destination 172.17.0.2
tunnel mode gre multipoint

Answer: C
Tunnel source IP can NOT be the IP address of the tunnel interface. The tunnel source IP should be the IP
address of the WAN interface.
QUESTION 11

Refer to the exhibit. The remote server is failing to receive the NetFlow data. Which action resolves the issue?
A. Modify the flow transport command transport udp 2055 to move under flow monitor profile
B. Modify the flow record command record v4_r1 to move under flow exporter profile
C. Modify the interface command to ip flow monitor FLOW-MONITOR-1 input
D. Modify the udp port under flow exporter profile to ip transport udp 4739

Answer: C

QUESTION 12
Which protocol does MPLS use to support traffic engineering?
A. LDP
B. TDP
C. RSVP
D. BGP

Answer: C
QUESTION 13
What are two functions of MPLS Layer 3 VPNs? (Choose two)
A. It is used for transparent point-to-multipoint connectivity between Ethernet links/sites
B. Customer traffic is encapsulated in a VPN label when it is forwarded in MPLS network
C. A packet with node segment ID is forwarded along with shortest path to destination
D. LDP and BGP can be used for Pseudowire signaling
E. BGP is used for signaling customer VPNv4 routes between PE nodes

Answer: B, E
Introduction to MPLS https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2018/pdf/BRKMPL-1100.pdf

QUESTION 14
In which two ways does the IPv6 First-Hop Security Binding Table operate? (Choose two)
A. by the recovery mechanism to recover the binding table in the event of a device reboot
B. by IPv6 HSRP to make sure neighbors are authenticated before being used as gateways
C. by various IPv6 guard features to validate the data link layer address
D. by IPv6 routing protocols to securely build neighborships without the need of authentication
E. by storing hashed keys for IPsec tunnels for the built-in IPsec features

Answer: A, C
This database, or binding table, is used by various IPv6 guard features to validate the link-layer address
(LLA), the IPv4 or IPv6 address, and the prefix binding of the neighbors to prevent spoofing and redirect
attacks. The IPv6 first-hop security binding table recovery mechanism enables the binding table to recover
in the event of a device reboot.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipv6_fhsec/configuration/15-s/ip6-fhs-bind-table.html

QUESTION 15
An engineer configured two routers connected to two different service provides using BGP with default
attributes. One of the links is presenting high delay, which causes slowness in the network. Which BGP
attribute must the engineer configure to avoid using the high-delay ISP link if the second ISP link is up?
A. MED
B. AS-PATH
C. LOCAL_PREF
D. WEIGHT

Answer: C
Three steps are by far the most important ones:
Prefer the path with the highest local preference
Prefer the path with the shortest AS path
Prefer the path with the lowest multi-exit discriminator (MED)
QUESTION 16

Refer to the exhibits. Which configuration allows spoke-to-spoke communication using loopback as a tunnel
source?
A. Configure crypto isakmp key cisco address 0.0.0.0 on the hub.
B. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the hub.
C. Configure crypto isakmp key cisco address 0.0.0.0 on the spokes
D. Configure crypto isakmp key cisco address 200.1.0.0 255.255.0.0 on the spokes.

Answer: C
https://www.cisco.com/en/US/technologies/tk583/tk372/technologies_white_paper0900aecd802b8f3c.html
QUESTION 17

Refer to the exhibit. AS 111 wanted to use AS 200 as the preferred path for 172.16.5.0/24 and AS 100 as the
backup. After the configuration, AS 100 is not used for any other routes. Which configuration resolves the
issues?
A. route-map SETLP permit 10
match ip address prefix-list PLIST1
set local-preference 110
route-map SETLP permit 20

B. route-map SETLP permit 10

match ip address prefix-list PLIST1
set local-preference 99
route-map SETLP permit 20
C. router bgp 111
no neighbor 192.168.10.1 route-map SETLP in
neighbor 192.168.10.1 route-map SETLP out

D. router bgp 111

no neighbor 192.168.10.1 route-map SETLP in
neighbor 192.168.10.1 route-map SETLP in

Answer: B
There is an implicit deny all at the end of any route-map so all other traffic that does not match 172.20.5.0/24
would be dropped. Therefore we have to add a permit sequence at the end of the route-map to allow other
traffic. The default value of Local Preference is 100 and higher value is preferred so we have to set the local
preference of AS100 lower than that of AS200.

QUESTION 18

Refer to the exhibit. An engineer configured R2 and R5 as route reflectors and noticed that not all routes are
sent to R1 to advertise to the eBGP peers. Which routers must be configured as route reflectors to advertise all
routes to restore reachability across all networks?
A. R1 and R4
B. R1 and R5
C. R2 and R5
D. R4 and R5

Answer: D
All that is needed is R4 to be a RR with R1 as its client and that gets all loopbacks in routers BGP tables. So
having R2, R5 and R4 also works. R4 and R5 is the only option that works without any other RR configuration.
So the answers assume we roll back the engineers config and take a fresh start.
QUESTION 60
Drag and drop the actions from the left into the correct order on the right to configure a policy to avoid
following based on the normal routing path.

Answer:

Reference:
https://community.cisco.com/t5/networking-documents/how-to-configure-pbr/ta-p/3122774
QUESTION 61
Drag and drop the LDP features from the left onto the descriptions on the right.

Answer:

Implicit NULL Label

The implicit NULL label is the label that has a value of 3. An egress LSR assigns the implicit NULL label to a FEC if it does not want to assign a
label to that FEC, thus requesting the upstream LSR to perform a pop operation. In the case of a plain IPv4-over-MPLS network, such as an IPv4
network in which LDP distributes labels between the LSRs, the egress LSR—running Cisco IOS—assigns the implicit NULL label to its connected
and summarized prefixes. The benefit of this is that if the egress LSR were to assign a label for these FECs, it would receive the packets with one
label on top of it. It would then have to do two lookups. First, it would have to look up the label in the LFIB, just to figure out that the label needs to
be removed; then it would have to perform an IP lookup. These are two lookups, and the first is unnecessary.

Explicit NULL Label

The use of implicit NULL adds efficiency when forwarding packets. However, it has one downside: The packet is forwarded with one label less than
it was received by the penultimate LSR or unlabeled if it was received with only one label. Besides the label value, the label also holds the
Experimental (EXP) bits. When a label is removed, the EXP bits are also removed. Because the EXP bits are exclusively used for quality of service
(QoS), the QoS part of the packet is lost when the top label is removed. In some cases, you might want to keep this QoS information and have it
delivered to the egress LSR. Implicit NULL cannot be used in that case.

Entropy label provides ways of improving load balancing by eliminating the need for DPI at transit Label Switching Routers (LSRs).

Inbound Label Binding Filtering feature can be used to control the amount of memory used to store Label DistributionProtocol (LDP) label
bindings advertised by other devices.For example, in a simple Multiprotocol LabelSwitching (MPLS) VirtualPrivate Network (VPN) environment,
the VPN provider edge (PE) devices might require label switched paths (LSPs) only to their peerPE devices (that is, they do not need LSPs to core
devices). Inbound label binding filtering enables a PE device to accept labels only from other PE devices.
https://www.ciscopress.com/articles/article.asp?p=680824&seqNum=2
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ldp/configuration/xe-16-8/mp-ldp-xe-16-8-book/mp-ldp-entropy.html