2013 Latest Cisco 350-001 Exam Section 4: Route Filtering and

Ensurepass
2013 Latest Cisco 350-001 Exam Section 4: Route Filtering and Policy Routing (5 Questions)

QUESTION NO: 1 A router is being configured to override the normal routed behavior of certain traffic types. To do this, Policy Based Routing is used. Which of the following statements is FALSE with regards to the application of policy based routing (PBR)?
A. PBR can not be used to set the IP precedence.
B. PBR can not set the DSCP in one statement.
C. PBR can be used to set the next hop IP address.
D. PBR can be used to match on the length of a packet.
E. All of the above are true
Answer: A
Explanation:
PBR gives you a flexible means of routing packets by allowing you to configure a defined policy for traffic flows, lessening reliance on routes derived from routing protocols. To this end, PBR gives you more control over routing by extending and complementing the existing mechanisms provided by routing protocols. PBR allows you to set the IP precedence. It also allows you to specify a path for certain traffic, such as priority traffic over a high-cost link. You can set up PBR as a way to route packets based on configured policies. For example, you can implement routing policies to allow or deny paths based on the identity of a particular end system, an application protocol, or the size of packets. PBR allows you to perform the following tasks:
1.
Classify traffic based on extended access list criteria. Access lists, then, establish the match criteria.
2.
Set IP Precedence bits, giving the network the ability to enable differentiated classes of service.
3.
through the network.
Policies can be based on IP address, port numbers, protocols, or size of packets. For a
use all of them.

QUESTION NO: 2
The router TK1 is being configured to filter BGP routes. In a BGP peering relationship with a customer where routing information is exchanged, which prefix list filter(s) will ensure that only class-B address space networks are accepted by the router?
A. ip prefix-list list-A permit 191.0.0.0/3 le 16
B. ip prefix-list list-B permit 0.0.0.0/0 ge 16 le 24
C. ip prefix-list list-C permit 128.0.0.0/2 ge 17
D. ip prefix-list list-D permit 0.0.0/0 ge 16 ip prefix-list list-D permit 0.0.0.0/0 le 23
E. ip prefix-list list-E permit 128.0.0.0/1 ge 16 ip prefix-list list-E permit 191.0.0.0/3 le 23
Answer: E
Explanation:
In a prefix list configuration, the “ge” keyword means greater than or equal to, while the “le” keyword means less than or equal to. Choice E correctly describes the two statements that are needed. The first line specifies that any route larger that 128.0.0.0/1 with a prefix range greater than or equal to 16 will match the filter. The second line specifies that any route less than 191.0.0.0/3 with a network mask of less than or equal to 23 will also be match. Therefore, only addresses that fall in the class B range will pass through the filter.
Incorrect Answers:

A. This will allow all class A and B networks to pass through.
B. This will permit address space from 16 to 24 bits in length from all network class ranges from passing through the filter.
C. This will allow all 128.0.0.2 prefixes with network masks greater than or equal to 17 bits in length. It is not restrictive enough to allow only class B networks.
D. This will allow all routes (from every network class) with network masks of between 16 and 23 bits in length.

QUESTION NO: 3
The Testking WAN and Internet connectivity is displayed below:

hostname TK2
!
interface Ethernet0/0

ip address 192.168.1.13 255.255.255.252
!
interface Ethernet0/1

ip address 192.168.1.9 255.255.255.252
!
interface Ethernet0/2

ip address 192.168.1.6 255.255.255.252

ip policy route-map net-200
!
router eigrp 1

network 192.168.1.0
!
access-list 101 permit ip 200.155.16.32 0.0.0.15 any
!
route-map net-200 permit 10

match ip address 101

set interface Ethernet0/1
!
route-map net-10 permit 20
!
end

It is desired that all traffic from network 200.155.16.32/28 be sent to the internal through the firewall-enabled router TK4. Router TK2 has been configured for policy-based routing as shown on the exhibit above. The policy-based configuration is not working. Debug and show commands indicate that Router TK2 has an “Incomplete” ARP entry for network 192.168.1.20. What is the best method to resolve this issue?
A. Configure a static route to the 192.168.1.20 network in router TK2
B. Configure ip proxy-arp on the router’s Ethernet 0/1 and 0/2 interface
C. Configure a static ARP entry for the 192.168.1.20 network on router TK2
D. Reconfigure the “set interface” command to “set ip next-hop” with the IP address of the firewall
E. Open the TCP ports on the firewall that are currently blocking ARP requests form router TK2
Answer: D

Explanation:
When configuring policy based routing on a multi-access network such as an Ethernet LAN, issues can arise when the interface is used as the next hop, rather than specifying the IP address. In this specific example, if we issue the “show arp” command we will see something similar to the following: Cisco_Wan_Router# show arp Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.1.9 – 00b0.64cb.eab1 ARPA Ethernet0/1 Internet 192.168.1.10 3 0010.7b81.0b19 ARPA Ethernet0/1 Internet 192.168.1.20 0 Incomplete ARPA
Router TK2 attempts to do what it was instructed and tries to put the packets directly onto the Ethernet 0/1 interface. This requires that the router send an Address Resolution Protocol (ARP) request for the destination address of 192.1.1.1, which the router realizes is not on this interface, and hence the ARP entry for this address is “Incomplete,” as seen by the show arp command. An encapsulation failure then occurs as the router is unable to put the packet on the wire with no ARP entry. By specifying the IP address of the firewall as the next-hop, we can prevent this problem and make the route-map work as intended. Configuration change should be: ! route-map net-200 permit 10 match ip address 101 set ip next-hop 192.168.1.10 !
Reference:
http://www.cisco.com/en/US/partner/tech/tk365/technologies_tech_note09186a008009481d.shtml#configf

QUESTION NO: 4
Part of the configuration for router TK1 is displayed in the diagram below:

Policy-Based routing has been configured on TK1 to sort traffic according to an
administrative policy.
Which is the result from applying this configuration to TestKing1? (Select all that
apply)

A. All Telnet traffic destined to hosts on the 172.16.1.0/24 network will be forwarded to
192.168.1.20.
B. All telnet traffic will be marked with IP Precedence Flash.
C. Telnet traffic to destinations on the 172.16.1.0/24 network initiated from console connections on the router will be policy-routed to 192.168.1.25.
D. Any telnet traffic transiting this router and exiting interface Ethernet 0/0 will be policy-routed to 192.168.1.20.
E. If an administrator Telnets to TestKing1 and then subsequently telnets to 172.168.1.55, the session will be directed to 192.168.1.25
Answer: A, E
Explanation:
Choice A correctly describes the function of the normal policy based routing part of the configuration. In addtition to this, a local policy route map has been configured. By default, packets that are originated from the router are not policy routed, unless a local policy route map is configured as shown in this example. Because this has been applied to router TestKing1, telnet traffic originated from the router as described in choice E will be policy routed to the next hop IP address of 192.168.1.25.
Incorrect Answers:
B. Only telnet traffic destined to the 172.16.1.0/24 subnet will be marked with the flash IP precedence value.
C. Only packets that originate from the router are policy routed according to the local policy. This does not apply to connections that orignate from the console interface.
D. Again, only telnet traffic that matches the reroute-acl access list will be policy routed, not all telnet traffic.

QUESTION NO: 5
The TestKing network is depicted below:

Router TestKing6 is configured as shown below:

You are required to configure redistrubition of IGP protocols to ensure full IP visability between all routers. As a safety precaution you must ensure that TestKing6 can not learn EIGRP routes it previously advertised into the RIP domain back from TestKing4. What should you do in this scenario?
A. Apply a distribute-list command to the FastEthernet and serial interfaces
B. Apply a distribute-list command to the router rip area with the serial 0/0.103 interface only
C. Apply a distribute-list command to the router EIGRP area with the serial interfaces
D. Apply a route-map to the FastEthernet interfaces
E. Apply a route-map and distribute-list command to complete the configuration
Answer: B
Explanation:
In order to prevent the EIGRP subnet routes from being advertised back to router TestKing6, we need to apply a distribute list command to the RIP routing process. The distribute list command should specify the routes that were configured in access-list 1. This will prevent the EIGRP subnets from being advertised back in via RIP. Since interface serial 0/0.103 is used as the connection to router TestKing4, the distribute list should be applied to this interface only. The other serial link to router TestKing1 does not need to be included, since this interface is specified as passive, by the “passive-interface default” configuration line.
Incorrect Answers:
A: Applying a distribute list to the fast Ethernet interfaces would result in lost
connectivity between the EIGRP routers.

C: The distribute list needs to be applied to the RIP routing process, not the EIGRP
process since you want to filter the incoming networks from the RIP network on the
frame relay network.
D, E: It is not necessary to use route-maps for simply filtering network subnets.

Ensurepass offers Latest 2013 CCIE 350-001 Real Exam Questions , help you to pass exam 100%.