CISCO Cloud Online Test

You are a senior network engineer analyzing a BGP configuration issue in a Cisco router. The router is receiving multiple routes to a particular network, 192.168.100.0/24, from different BGP peers. Your task is to ensure that the router always prefers the path through the neighbor 10.10.10.1, irrespective of other path attributes like AS path length, MED, or local preference. Currently, the BGP configuration includes several route maps and prefix lists but doesn't enforce this specific requirement.

Given this scenario, which of the following additions to the BGP configuration would ensure that the route through 10.10.10.1 is always preferred?

A: Apply a route map to neighbor 10.10.10.1 setting a lower MED value for 192.168.100.0/24.
B: Set a higher local preference for routes received from 10.10.10.1 using a route map.
C: Use a prefix list to filter all routes to 192.168.100.0/24 except those from 10.10.10.1.
D: Implement an AS path access list to prepend fake AS numbers to routes from other neighbors.
E: Modify the existing route maps to set a higher weight for routes from 10.10.10.1.
F: Adjust the BGP router ID to a lower value than that of the other BGP peers.

In a large service provider network, five OSPF areas are configured: Area 0 (Backbone), Area 1, Area 2, Area 3, and Area 4. Area 1 is a normal area, Area 2 is configured as a stub area, Area 3 is a totally stubby area, and Area 4 is an NSSA (Not So Stubby Area). Each area has multiple routers and networks. Router X in Area 1 has an external route (E2) to the network 172.30.0.0/16 and is connected to Area 0. Router Y in Area 2 summarizes its internal routes to 192.168.0.0/18. Router Z in Area 3 has a default route to Area 0 and an external route to 10.20.0.0/16 redistributed as an N2 route in Area 4.

Given this configuration, which of the following statements is true when a packet is routed from a network in Area 4 to 172.30.0.0/16?

A: The packet will be dropped because NSSA does not allow external routes to be advertised into the area.
B: The packet will be routed to Router X via Area 1, as Area 4 allows the redistribution of external routes into the area as N2 LSAs.
C: The packet will traverse through Area 0 to reach Router X, which advertises the external route to 172.30.0.0/16.
D: The packet will take a default route from Area 3 to Area 0, as Area 3 is a totally stubby area and does not have specific route information for 172.30.0.0/16.
E: The packet will be routed directly to Router Y in Area 2 due to the summary route, which incorrectly captures the 172.30.0.0/16 network.
F: The packet will be routed to Router Z in Area 3, which has a specific external route to 172.30.0.0/16.

As a senior network engineer, you are investigating an issue in an OSPF (Open Shortest Path First) network. The network consists of various routers configured in multiple areas, with Area 0 as the backbone. Recently, intermittent routing loops and instability have been reported. Upon reviewing the configurations and logs, you notice the following key points:

1. Area 0 is functioning normally with stable LSA (Link State Advertisement) exchanges.
2. A non-backbone area (Area 1) is showing frequent LSA refreshes and topology changes.
3. Routers in Area 1 have multiple OSPF neighbors, including an ABR (Area Border Router) connecting to Area 0.
4. The ‘show ip ospf database’ command reveals numerous LSA types 3 (Summary LSAs) and 5 (External LSAs) being frequently updated in Area 1.

Which of the following actions is most likely to resolve the routing instability and loops in Area 1?

A: Redistribute static routes into the OSPF process on the ABR, focusing on stabilizing Area 1.
B: Configure Area 1 as a stub area to reduce the number of Type 5 LSAs.
C: Implement route summarization on the ABR between Area 0 and Area 1.
D: Increase the SPF algorithm calculation timers to reduce LSA refresh frequency.
E: Convert Area 1 to a Totally Stubby Area to filter out Type 3 and Type 5 LSAs.
F: Adjust OSPF priorities on routers in Area 1 to elect a more stable DR (Designated Router).

A network engineer is configuring a new routing protocol setup for a large enterprise network. The network has multiple subnets and requires both OSPF and EIGRP protocols for different segments. The primary data center uses OSPF with an OSPF area ID of 0, while branch offices use EIGRP with an autonomous system number of 100. The network requirements are as follows:

1. OSPF must have a router ID of 10.10.10.10.
2. EIGRP needs to be optimized for low bandwidth consumption.
3. Redistribution between OSPF and EIGRP is required, with route filtering to prevent routing loops.
4. OSPF areas other than area 0 will be stub areas.

Considering these requirements, which of the following configurations is most appropriate?

A: Configure OSPF area 0 with router ID 10.10.10.10 and use default EIGRP settings.
B: Configure EIGRP with bandwidth optimization and OSPF with router ID 10.10.10.10, without route redistribution.
C: Set OSPF area 0 with router ID 10.10.10.10, configure EIGRP for bandwidth optimization, and enable mutual redistribution with proper route filtering.
D: Use OSPF with area ID 100 and EIGRP with autonomous system 0, with mutual redistribution.
E: Configure OSPF in all areas as stub and set EIGRP to use the lowest bandwidth setting.
F: Implement OSPF with router ID 10.10.10.10 and EIGRP with bandwidth optimization, but without any redistribution or filtering.

Refer to the following exhibit:

Host A is sending a packet to Host B. 

1. What is the source and destination MAC address at point PA?
2. What is the source and destination IP address at point PB?

// Option A
PA: source MAC - Mac-A
PA: destination MAC - Mac-B
PB: source IP - 192.168.1.1
PB: destination IP - 192.168.3.1

// Option B
PA: source MAC - Mac-A
PA: destination MAC - Mac-RA
PB: source IP - 192.168.3.3
PB: destination IP - 192.168.3.1

// Option C
PA: source MAC - Mac-A
PA: destination MAC - Mac-B
PB: source IP - 192.168.3.3
PB: destination IP - 192.168.3.1

// Option D
PA: source MAC - Mac-A
PA: destination MAC - Mac-RA
PB: source IP - 192.168.1.1
PB: destination IP - 192.168.3.1

You work as a network administrator for a company, "example.com", that recently started experiencing issues with email spoofing. To mitigate the problem, you decide to implement DMARC (Domain-based Message Authentication, Reporting & Conformance) in addition to existing SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records.

Your current DNS records for example.com include the following:

- MX 10 mail.example.com (IP address 203.0.113.10)
- TXT "v=spf1 ip4:203.0.113.10 -all"
- TXT "v=DKIM1; k=rsa; p=public-key-here"

You add the following DMARC record:

- TXT "_dmarc.example.com" "v=DMARC1; p=quarantine; pct=100; rua=mailto:report@example.com"

After implementing the DMARC record, an external mail server sends an email to your domain. The email passes the SPF and DKIM checks but fails the DMARC check.

What will likely happen to the email?

A: The email will be accepted and delivered to the recipient's inbox.
B: The email will be rejected and returned to the sender as undeliverable.
C: The email might be delivered to the recipient's spam or junk folder.
D: The email will be accepted, but a report will be sent to the sender.
E: The email will be silently discarded, and the sender will not be notified.

Review the following exhibit:

Angelina noticed that the computers on 192.168.10.0/24 network can ping their default gateway. But they found that these computers cannot connect to any remote network resources. Which of the following is the most likely reason for this?

You are a network administrator for an e-commerce company. The company's online store allows customers to browse products and make purchases securely over the internet. The online store uses SSL/TLS for secure communication. You receive reports that some customers are seeing a security warning in their web browsers when trying to access the online store. Upon investigation, you discover the following information:

- The SSL certificate used by the online store's web server is valid for one year and is due to expire in two days.
- The web server is configured to automatically redirect HTTP traffic to HTTPS.
- The SSL certificate was issued by a trusted certificate authority (CA), and all major web browsers have the CA's root certificate in their trusted certificate stores.
- The SSL certificate includes the correct domain name for the online store.

Given the above information, which of the following steps should be taken to resolve the issue and prevent customers from seeing the security warning?

A: Extend the validity of the current SSL certificate by one year.
B: Obtain a new SSL certificate from the same CA and install it on the web server before the current certificate expires.
C: Remove the automatic redirect from HTTP to HTTPS on the web server.
D: Ask customers to ignore the security warning and proceed to the online store.
E: Replace the SSL certificate with a self-signed certificate.