350-026 CCIE SP Content Networking ENU

Page 1   
Question 1

Click the Exhibit button. In the shown scenario, the inside VIP address is translated by the
firewall into the external ip address 172.16.1.10. The CSS interface E1 IP address is
translated into 172.16.1.2. If you want to check the status of the CSS VIP from the GSS
using a keepalive of type KAL-AP, what type of configuration would be needed?


  • A. KAL-AP by TAG with Shared KAL-AP of 172.16.1.2
  • B. KAL-AP by VIP with Shared KAL-AP of 10.10.10.10
  • C. KAL-AP by VIP with Shared KAL-AP of 172.16.1.10
  • D. KAL-AP by VIP with Shared KAL-AP of 172.16.1.2
  • E. KAP by TAG with Shared KAL-AP of 172.16.1.10


Answer : A

Question 2

Click the Exhibit button.
A client at the PC is unable to browse to <http://www.foo.com>. On the firewall, what list of
traffic types needs to be passed to allow browsing?


  • A. icmp, udp 1645, tcp 8080
  • B. udp 53, tcp 80, ftp
  • C. ftp, smtp, dns
  • D. icmp, tcp 49, tcp 443
  • E. tcp 25, ssl, dns


Answer : B

Question 3

Click the Exhibit button to view the topology.
Host 1 and Host 2 are on Ethernet LANs in different buildings. A serial line is installed
between two Cisco routers using Cisco HDLC serial line encapsulation. Routers A and B
are configured to route IP traffic. Host 1 sends a packet to Host 2. What is the destination
MAC address of the packet on Host's 1 Ethernet?


  • A. Host 1
  • B. Host 2
  • C. Router A
  • D. Router B
  • E. The broadcast address


Answer : C

Question 4

Click the Exhibit button to view the configuration.
What effect will this configuration command have?
line vty 0 4
no password vtypassword


  • A. All telnet connections to the router will be denied.
  • B. Only one telnet connection at the router will be allowed at a time.
  • C. Virtual terminal sessions will not be able to enter enable mode.
  • D. Virtual terminal sessions will not be asked a user-level password.
  • E. It will have no effect.


Answer : A

Question 5

Click the Exhibit button to view the topology. L3 switches R1 and R2 are in the backbone of
the network. They are connected by a routed EtherChannel bundle consisting of eight
Gigabit Ethernet ports. The routed link is represented as subnet X.0 in the diagram. Since
X.0 is routed, it is not a VLAN trunk. How can spanning tree loops be prevented in the
backbone of this network?


  • A. Since EtherChannel X is routed there are no spanning tree loops.
  • B. Configure seven of the eight ports in the bundle as passive interfaces
  • C. Configure UplinkFast on R1 and R2
  • D. Disable Spanning Tree Protocol (STP) on R1 and R2
  • E. Disable VLAN X on seven of the eight ports in the bundle


Answer : A

Question 6

How does TACACS+ implement AAA?

  • A. Authentication, Authorization and Accounting are in separate exchanges, yet on the same TCP connection. The entire connection is encrypted.
  • B. Authentication, Authorization and Accounting are in separate exchanges and each occurs on a different TCP connection. Only the authentication connection is encrypted.
  • C. Authentication, Authorization and Accounting are in separate exchanges. Authentication and Authorization happen on the same TCP encrypted connection ; Accounting data is carried unencrypted over UDP.
  • D. Authentication, Authorization and Accounting are in separate exchanges, yet on the same TCP connection. Only passwords are encrypted.
  • E. Authentication and Authorization is combined in one exchange. Accounting happens in a separate exchange. Authentication and Authorization data are carried on a UDP transport. Only passwords are encrypted. Accounting data is carried unencrypted over another UDP transport.


Answer : A

Question 7

A router interface address is 180.60.45.96 with a mask of 255.255.255.224. What
configuration statement will allow this interface to participate in OSPF Area 0?

  • A. router ospf 1 network 180.60.45.96 255.255.255.32 area 0
  • B. router ospf 1 network 180.60.45.96 0.255.255.224 area 0
  • C. router ospf 1 network 180.60.45.96 0.0.0.31 area 0
  • D. router ospf 1 network 180.60.45.96 0.0.0.224 area 0


Answer : C

Question 8

On the CSS, how would you configure a domain name content rule for www.acme.com?

  • A. "www.acme.com/*"
  • B. "/www.acme.com/*"
  • C. url "//www.acme.com/*"
  • D. url "/www.acme.com/*"


Answer : C

Question 9

The network administrator has forgotten the enable password of the router. Luckily, no one
is currently logged into the router, but all passwords on the router are encrypted. What
should the administrator do to recover the enable password?

  • A. Call the Cisco Technical Assistance Center (TAC) for a special code that will erase the existing password.
  • B. Reboot the router, press the break key during bootup, boot the router into ROM monitor mode, and modify the configuration register so that the current configuration is ignored during normal bootup
  • C. Reboot the router, press the BREAK key during bootup, and boot the router into ROM Monitor mode to erase the configuration, and re-install the entire configuration as it was saved on a TFTP server.
  • D. Erase the configuration, boot the router into ROM Monitor mode, press the BREAK key, and overwrite the previous enable password with a new one.


Answer : B

Question 10

Routers running OSPF and sharing a common segment become neighbors on that
segment. What statement regarding OSPF neighbors is FALSE?

  • A. The Primary and Secondary addresses on an interface allow the router to belong to different areas at the same time.
  • B. All routers must agree on the stub area flag in the OSPF Hello Packets.
  • C. Neighbors will fail to form an adjacency if their Hello and Dead intervals differ.
  • D. Two routers will not become neighbors if the Area-ID and Authentication password do not match.


Answer : A

Question 11

This is the CSS11000 configuration. www.foo.com resolves to the IP address 80.80.80.80
content rule1 protocol tcp vip address 80.80.80.80 port 80 url "/*" add service web3 add
service web4 active content rule2 protocol tcp vip address 80.80.80.80 port 80 url
"/question/*" add service web1 add service web2 active A web page is not returned from
application on web servers web1 and web2. The URL the client is requesting
(http://www.foo.com) resides on web1 and web2. What configuration change is required to
return the correct page?

  • A. content rule1 url "//www.foo.com/*"
  • B. content rule2 url "//www.foo.com/question/*"
  • C. content rule1 url "//www.foo.com/picture/*"
  • D. content rule2 url "/picture/*"
  • E. content rule1E.content rule1 No url


Answer : D

Question 12

Click the Exhibit button. In the shown diagram how does WCCP on the router decide which
cache to send a request from the user?


  • A. It randomly selects a cache.
  • B. It uses the source address of the request and hashes to a cache.
  • C. It uses the destination address of the request and hashes to a cache.
  • D. It uses the source and destination address of the request and hashes to a cache.
  • E. It uses the source port of the request and hashes that to a cache.


Answer : C

Question 13

The command Rip v2 broadcast is used:

  • A. To allow rip v2 broadcasts to be be sent as broadcast packets instead of multicast packets
  • B. To send RIP broadcasts as unicast packets instead of multicast packets
  • C. To suppress rip v1 broadcasts
  • D. Both a and c


Answer : A

Question 14

What describes a technique, used to encapsulate voice (NOT data) over ATM?

  • A. RFC 1483
  • B. LANE
  • C. AAL-1
  • D. RFC 1577


Answer : C

Question 15

How does Transport Layer Security (TLS) differ from SSLv3?

  • A. TLS supports Diffie-Hellman ciphers and SSLv3 does not.
  • B. The way they derive keys from the master secret.
  • C. TLS supports client authentication and SSLv3 does not.
  • D. The way in which the Session ID is computed.
  • E. All of the above


Answer : B

Page 1