300-410無料試験学習ガイド！（更新された280問あります) [Q47-Q69]

300-410無料試験学習ガイド！（更新された280問あります)

300-410問題集にはCCNP Enterprise認証済み試験問題と解答

Cisco 300-410 認定試験の出題範囲：

トピック	出題範囲
トピック 1	Ipv6ファーストホップセキュリティ機能（RAガード、DHCPガード、バインディングテーブル、NDインスペクションスヌーピング、ソースガード）について説明する
トピック 2	ループのないパスの選択（RD、FD、FC、サクセサ、フィージブルサクセサ、スタックインアクティブ） Netflowのトラブルシューティング（V5、V9、Flexible Netflow）
トピック 3	Ipv4アクセスコントロールリスト（標準、拡張、時間ベース） IOSAAAを使用したデバイスセキュリティのトラブルシューティング
トピック 4	BGP（内部および外部）のトラブルシューティング任意のルーティングプロトコル（属性、タグ付け、フィルタリング）のルートマップのトラブルシューティング
トピック 5	コントロールプレーンポリシングのトラブルシューティングルーターのセキュリティ機能のトラブルシューティングユニキャストリバースパスフォワーディング（Urpf）
トピック 6	Ipv4およびIpv6DHCPのトラブルシューティング（DHCPクライアント、IOS DHCPサーバー、DHCPリレー、DHCPオプション）
トピック 7	ループ防止メカニズムのトラブルシューティング（フィルタリング、タグ付け、スプリットホライズン、ルートポイズニング） MPLSレイヤー3VPNの説明
トピック 8	ネイバーリレーションシップと認証 MPLS操作の説明（LSR、LDP、ラベルスイッチング、LSP）
トピック 9	ルーティングプロトコルまたはルーティングソース間の再配布のトラブルシューティング OSPF（V2 V3）のトラブルシューティング
トピック 10	Cisco DNA CenterAssuranceを使用したネットワーク問題のトラブルシューティング双方向フォワーディング検出の説明
トピック 11	IP SLAを使用したネットワークパフォーマンスの問題のトラブルシューティングデバイス管理のトラブルシューティングTelnet、HTTP、HTTPS、SSH、SCP
トピック 12	ロギングを使用したネットワークの問題のトラブルシューティング（ローカル、Syslog、デバッグ、条件付きデバッグ、タイムスタンプ）

質問 47
Refer to the exhibit.

Which control plane policy limits BGP traffic that is destined to the CPU to 1 Mbps and ignores BGP traffic that is sent at higher rate?

A. policy-map LIMIT_BGP
B. policy-map SHAPE_BGP
C. policy-map POLICE_BGP
D. policy-map COPP

正解: D

質問 48
Refer to the exhibit.

Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

A. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 eq telnet
! int Gi0/0
6 / 39
Ipv6 traffic-filter Deny_Telnet in
!
B. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 ! int Gi0/0
Ipv6 traffic-filter Deny_Telnet in
!
C. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 ! int Gi0/0
Ipv6 access-map Deny_Telnet in
!
D. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 eq telnet
! int Gi0/0
Ipv6 access-map Deny_Telnet in
!

正解: A

質問 49
Drag and drop the MPLS terms from the left onto the correct definitions on the right.

正解:

解説:

質問 50
Refer to the exhibit.

A network administrator logs into the router using TACACS+ username and password credentials, but the administrator cannot run any privileged commands Which action resolves the issue?

A. Configure the username from a local database
B. Configure an authorized IP address for this user to access this router
C. Configure TACACS+ synchronization with the Active Directory admin group
D. Configure full access for the username from TACACS+ server

正解: D

質問 51
While working with software images, an engineer observes that Cisco DNA Center cannot upload its software image directly from the device. Why is the image not uploading?

A. The software image for the device is in bundle mode
B. The device must be resynced to Cisco DNA Center.
C. The device has lost connectivity to Cisco DNA Center.
D. The software image for the device is in install mode.

正解: D

解説:
Upload Software Images for Devices in Install Mode
The Image Repository page might show a software image as being in Install Mode. When a device is in Install Mode, Cisco DNA Center is unable to upload its software image directly from the device. When a device is in install mode, you must first manually upload the software image to the Cisco DNA Center repository before marking the image as golden, as shown in the following steps.
Reference:
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-andmanagement/ dna-center/1-2-10/user_guide/b_cisco_dna_center_ug_1_2_10/ b_dnac_ug_1_2_10_chapter_0100.html

質問 52
Refer to the exhibit.

The network administrator can see the DHCP discovery packet in R1. but R2 is not replying to the DHCP request. The R1 related interface is configured with the DHCP helper address. If the PC is directly connected to the FaO/1 interface on R2, the DHCP server assigns as IP address from the DHCP pool to the PC. Which two commands resolve this issue? (Choose two.)

A. ip dhcp option 82 command on R2
B. service dhcp-relay command on R1
C. ip dhcp relay information trust-all command on R2
D. service dhcp command on R1
E. ip dhcp relay information enable command on R1

正解: A,D

質問 53
Drag and drop the addresses from the left onto the correct IPv6 filter purposes on the right.

正解:

解説:

Explanation:
HTTP and HTTPs run on TCP port 80 and 443, respectively and we have to remember them.
Syslog runs on UDP port 514 while NTP runs on UDP port 123 so if we remember them we can find out the matching answers easily. But maybe there is some typos in this question as 2001:d88:800:200c::c/126 only ranges from 2001:d88:800:200c:0:0:0:c to 2001:d88:800:200c:0:0:0:f (4 hosts in total). It does not cover host 2001:0D88:0800:200c::1f. Same for 2001:D88:800:200c::e/126, which also ranges from 2001:d88:800:200c:0:0:0:c to 2001:d88:800:200c:0:0:0:f and does not cover host 2001:0D88:0800:200c::1c.

質問 54
After some changes in the routing policy, it is noticed that the router in AS 45123 is being used as a transit AS router for several service provides. Which configuration ensures that the branch router in AS 45123 advertises only the local networks to all SP neighbors?
A)

B)

C)

D)

A. Option C
B. Option B
C. Option A
D. Option D

正解: D

解説:
Explanation
By default BGP advertises all prefixes to external BGP neighbors. This means that if you are multi-homed (connected to two or more ISPs) then you might become a transit AS. For example, ISP 2 in AS 200 can send traffic to your router in AS 100 to reach ISP 3 in AS 300 because you advertised prefixes in ISP 3 to ISP 2.
This is what will be seen in the BGP routing table of ISP1:

質問 55
Refer to the exhibit.

In which circumstance does the BGP neighbor remain in the idle condition?

A. if prefixes reach the maximum limit
B. if a prefix list is applied on the inbound direction
C. if prefixes are not received from the BGP peer
D. if prefixes exceed the maximum limit

正解: A

解説:
Explanation
https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/25160-bgp-maximum-prefix.html#

質問 56
What is a limitation of IPv6 RA Guard?

A. It cannot be configured on a switch port interface in the ingress direction
B. It is not supported in hardware when TCAM is programmed
C. It does not offer protection in environments where IPv6 traffic is tunneled.
D. Packets that are dropped by IPv6 RA Guard cannot be spanned

正解: C

解説:
Explanation
Restrictions for IPv6 RA Guard
* The IPv6 RA Guard feature does not offer protection in environments where IPv6 traffic is tunneled.
* This feature is supported only in hardware when the ternary content addressable memory (TCAM) is programmed.
* This feature can be configured on a switch port interface in the ingress direction.
* This feature supports host mode and router mode.
* This feature is supported only in the ingress direction; it is not supported in the egress direction.
* This feature is not supported on EtherChannel and EtherChannel port members.
* This feature is not supported on trunk ports with merge mode.
* This feature is supported on auxiliary VLANs and private VLANs (PVLANs). In the case of PVLANs, primary VLAN features are inherited and merged with port features.
* Packets dropped by the IPv6 RA Guard feature can be spanned.

質問 57
Drag and drop the LDP features from the left onto the descriptions on the right

正解:

解説:

質問 58
Refer to the exhibit.

R1 is connected with R2 via GigabitEthernet0/0, and R2 cannot ping R1. What action will fix the issue?

A. Fix route dampening configured on the router.
B. Replace the SFP module because it is not supported.
C. Correct the IP SLA probe that failed.
D. Fix IP Event Dampening configured on the interface.

正解: D

解説:

質問 59
Drag and drop the OSPF adjacency states from the left onto the correct descriptions on the right.

正解:

解説:

Explanation
Down
This is the first OSPF neighbor state. It means that no information (hellos) has been received from this neighbor, but hello packets can still be sent to the neighbor in this state.
During the fully adjacent neighbor state, if a router doesn't receive hello packet from a neighbor within the Router Dead Interval time (RouterDeadInterval = 4*HelloInterval by default) or if the manually configured neighbor is being removed from the configuration, then the neighbor state changes from Full to Down.
Attempt
This state is only valid for manually configured neighbors in an NBMA environment. In Attempt state, the router sends unicast hello packets every poll interval to the neighbor, from which hellos have not been received within the dead interval.
Init
This state specifies that the router has received a hello packet from its neighbor, but the receiving router's ID was not included in the hello packet. When a router receives a hello packet from a neighbor, it should list the sender's router ID in its hello packet as an acknowledgment that it received a valid hello packet.
2-Way
This state designates that bi-directional communication has been established between two routers.
Bi-directional means that each router has seen the other's hello packet. This state is attained when the router receiving the hello packet sees its own Router ID within the received hello packet's neighbor field. At this state, a router decides whether to become adjacent with this neighbor. On broadcast media and non-broadcast multiaccess networks, a router becomes full only with the designated router (DR) and the backup designated router (BDR); it stays in the 2-way state with all other neighbors. On Point-to-point and Point-to-multipoint networks, a router becomes full with all connected routers.
At the end of this stage, the DR and BDR for broadcast and non-broadcast multiacess networks are elected.
For more information on the DR election process, refer to DR Election.
Note: Receiving a Database Descriptor (DBD) packet from a neighbor in the init state will also a cause a transition to 2-way state.
Exstart
Once the DR and BDR are elected, the actual process of exchanging link state information can start between the routers and their DR and BDR. (ie. Shared or NBMA networks).
In this state, the routers and their DR and BDR establish a master-slave relationship and choose the initial sequence number for adjacency formation. The router with the higher router ID becomes the master and starts the exchange, and as such, is the only router that can increment the sequence number. Note that one would logically conclude that the DR/BDR with the highest router ID will become the master during this process of master-slave relation. Remember that the DR/BDR election might be purely by virtue of a higher priority configured on the router instead of highest router ID. Thus, it is possible that a DR plays the role of slave. And also note that master/slave election is on a per-neighbor basis.
Exchange
In the exchange state, OSPF routers exchange database descriptor (DBD) packets. Database descriptors contain link-state advertisement (LSA) headers only and describe the contents of the entire link-state database.
Each DBD packet has a sequence number which can be incremented only by master which is explicitly acknowledged by slave. Routers also send link-state request packets and link-state update packets (which contain the entire LSA) in this state. The contents of the DBD received are compared to the information contained in the routers link-state database to check if new or more current link-state information is available with the neighbor.
Loading
In this state, the actual exchange of link state information occurs. Based on the information provided by the DBDs, routers send link-state request packets. The neighbor then provides the requested link-state information in link-state update packets. During the adjacency, if a router receives an outdated or missing LSA, it requests that LSA by sending a link-state request packet. All link-state update packets are acknowledged.
Full
In this state, routers are fully adjacent with each other. All the router and network LSAs are exchanged and the routers' databases are fully synchronized.
Full is the normal state for an OSPF router. If a router is stuck in another state, it is an indication that there are problems in forming adjacencies. The only exception to this is the 2-way state, which is normal in a broadcast network. Routers achieve the FULL state with their DR and BDR in NBMA/broadcast media and FULL state with every neighbor in the remaining media such as point-to-point and point-to-multipoint.
Note: The DR and BDR that achieve FULL state with every router on the segment will display FULL/DROTHER when you enter the show ip ospf neighbor command on either a DR or BDR. This simply means that the neighbor is not a DR or BDR, but since the router on which the command was entered is either a DR or BDR, this shows the neighbor as FULL/DROTHER.

質問 60
Refer to the exhibit.

Which configuration denies Telnet traffic to router 2 from 198A:0:200C::1/64?

A. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 eq telnet
! int Gi0/0
6 / 39
Ipv6 traffic-filter Deny_Telnet in
!
B. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 ! int Gi0/0
Ipv6 traffic-filter Deny_Telnet in
!
C. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 ! int Gi0/0
Ipv6 access-map Deny_Telnet in
!
D. Ipv6 access-list-Deny_Telnet sequence 10 deny tcp host 198A:0:200C::1/64 host
201A:0:205C::1/64 eq telnet
! int Gi0/0
Ipv6 access-map Deny_Telnet in
!

正解: A

質問 61
Refer to the exhibit. The engineer configured and connected Router2 to Router1. The link came up but could not establish a Telnet connection to Router1 IPv6 address of 2001:DB8::1. Which configuration allows Router2 to establish a Telnet connection to Router1?

A. permit ip any any on access list EGRESS2 on Router1
B. IPv6 address on GigabitEthernet0/0
C. permit ICMPv6 on access list INGRESS for Router2 to obtain IPv6 address
D. jpv6 unicast-routing

正解: A

質問 62
Refer to the exhibit. An engineer is trying to generate a summary route in OSPF for network 10.0.0.0/8, but the summary route does not show up in the routing table. Why is the summary route missing?

A. The summary route is visible only in the OSPF database, not in the routing table.
B. The summary route is not visible on this router, but it is visible on other OSPF routers in the same area.
C. The summary-address command is used only for summarizing prefixes between areas.
D. There is no route for a subnet inside 10.0.0.0/8, so the summary route is not generated.

正解: D

解説:
Section: Layer 3 Technologies

質問 63
Drag and drop the actions from the left into the correct order on the right to configure a policy to avoid following packet forwarding based on the normal routing path.

正解:

解説:

質問 64
Refer to the exhibit.

The ACL is placed on the inbound Gigabit 0/1 interface of the router. Host
192.168.10.10cannot SSH to host 192.168.100.10 even though the flow is permitted. Which action resolves the issue without opening full access to this router?

A. Run the show access-list FILTER command to view if the SSH entry has any hit statistic associated with it
B. Move the SSH entry to the beginning of the ACL
C. Temporarily remove the ACL from the interface to see if the flow works
D. Temporarily move the permit ip any any line to the beginning of the ACL to see if the flow works

正解: B

質問 65
Refer to the exhibit.

The network administrator configured redistribution on an ASBR to reach to all WAN networks but failed Which action resolves the issue?

A. The OSPF process must have a metric when redistributing prefixes from EIGRP.
B. The route map must have the keyword prefix-list to evaluate the prefix list entries
C. The route map EIGRP->OSPF must have the 10.0.106.0/24 entry to exist in one of the three prefix lists to pass
D. EIGRP must redistribute the 10.0.106.0/24 route instead of using the network statement

正解: B

解説:
Explanation
In order to use a prefix-list in a route-map, we must use the keyword "prefix-list" in the "match" statement. . For example:
match ip address prefix-list WAN_PREFIXES
Without this keyword, the router will try to find an access-list with the same name instead.

質問 66

Refer to the exhibit. Which action restores the routes from neighbors while still filtering 1.1.1.0/24?

A. Add a second sequence in the route map permit 20
B. Add a second line in the access list to permit any.
C. Modify the access list to deny insteac of permit it.
D. Modify the route map to permit the access list instead of deny it

正解: D

質問 67
Refer to the exhibit.

When monitoring an IPv6 access list, an engineer notices that the ACL does not have any hits and is causing unnecessary traffic to pass through the interface Which command must be configured to resolve the issue?