IP Services Questions
Question 1
Explanation
The switch validates DHCP packets received on the untrusted interfaces of VLANs with DHCP snooping enabled. The switch forwards the DHCP packet unless any of the following conditions occur (in which case the packet is dropped):
+ The switch receives a packet (such as a DHCPOFFER, DHCPACK, DHCPNAK, or DHCPLEASEQUERY packet) from a DHCP server outside the network or firewall.
+ The switch receives a packet on an untrusted interface, and the source MAC address and the DHCP client hardware address do not match. This check is performed only if the DHCP snooping MAC address verification option is turned on.
+ The switch receives a DHCPRELEASE or DHCPDECLINE message from an untrusted host with an entry in the DHCP snooping binding table, and the interface information in the binding table does not match the interface on which the message was received.
+ The switch receives a DHCP packet that includes a relay agent IP address that is not 0.0.0.0.
Question 2
Explanation
We can test the action of HSRP by tracking the loopback interface and decrease the HSRP priority so that the standby router can take the active role.
Question 3
Explanation
The “ip http secure-port
” is used to set the secure HTTP (HTTPS) server port number for listening.
Question 4
Explanation
This command shows IPsec Security Associations (SAs) built between peers. An example of the output of above command is shown below:
Router#show crypto ipsec sa
interface: FastEthernet0
Crypto map tag: test, local addr. 12.1.1.1
local ident (addr/mask/prot/port): (20.1.1.0/255.255.255.0/0/0)
remote ident (addr/mask/prot/port): (10.1.1.0/255.255.255.0/0/0)
current_peer: 12.1.1.2
PERMIT, flags={origin_is_acl,}
#pkts encaps: 7767918, #pkts encrypt: 7767918, #pkts digest 7767918
#pkts decaps: 7760382, #pkts decrypt: 7760382, #pkts verify 7760382
#pkts compressed: 0, #pkts decompressed: 0
#pkts not compressed: 0, #pkts compr. failed: 0,
#pkts decompress failed: 0, #send errors 1, #recv errors 0
local crypto endpt.: 12.1.1.1, remote crypto endpt.: 12.1.1.2
path mtu 1500, media mtu 1500
current outbound spi: 3D3
inbound esp sas:
spi: 0x136A010F(325714191)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3442, flow_id: 1443, crypto map: test
sa timing: remaining key lifetime (k/sec): (4608000/52)
IV size: 8 bytes
replay detection support: Y
inbound ah sas:
inbound pcp sas:
inbound pcp sas:
outbound esp sas:
spi: 0x3D3(979)
transform: esp-3des esp-md5-hmac ,
in use settings ={Tunnel, }
slot: 0, conn id: 3443, flow_id: 1444, crypto map: test
sa timing: remaining key lifetime (k/sec): (4608000/52)
IV size: 8 bytes
replay detection support: Y
outbound ah sas:
outbound pcp sas:
The first part shows the interface and cypto map name that are associated with the interface. Then the inbound and outbound SAs are shown. These are either AH or ESP SAs. In this case, because you used only ESP, there are no AH inbound or outbound SAs.
Note: Maybe “inbound crypto map” here mentions about crypto map name.
Question 5
Explanation
The Management Plane Protection (MPP) feature in Cisco IOS software provides the capability to restrict the interfaces on which network management packets are allowed to enter a device. The MPP feature allows a network operator to designate one or more router interfaces as management interfaces. Device management traffic is permitted to enter a device only through these management interfaces. After MPP is enabled, no interfaces except designated management interfaces will accept network management traffic destined to the device.
In the command management-interface interface allow protocols we can configure these protocols (to allow on the designated management interface):
+ BEEP
+ FTP
+ HTTP
+ HTTPS
+ SSH, v1 and v2
+ SNMP, all versions
+ Telnet
+ TFTP
Therefore these are also the protocols that can be affected by MPP.
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t11/htsecmpp.html
Hello – the link not works anymore.
can you please upload again?
If you are looking to pass use the 358q dumps, the only one that is valid now.
pls send 358q dumps an mail admin @ iskramedia . ru
passed today with the new 539 dumps from it-libraries.
will try to share once links are allowed
@MAJ, could you share with me the PDF from IT-Libraries
Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.
Passed, it-libraries questions are still good. check the comments on this forum for the new questions since there are a couple of them posted here.
@Darrell can you please share pdf from it-libraries to my email
I am taking test tomorrow can anyone pls provide dumps(vce or pdf) from iT-Libraries for 300-101
Sharing my collection https://drive.google.com/open?id=0B5mAFqgydmCzNno3dnFocF9HckU
Passed, if you go the exam study the 21q dumps.
Passed with the 440q dumps from it libraries.
Confirming the 21q dumps are valid.
Thanks all, done with the router. 539q dumps from IT-Libraries are valid. Practice the labs since the ips change on the exam
Smashed my route exam today, 9xx used the dumps from it libraries and tut.
Where can we find the it libraries dump? Anyone sharing?
Can anyone share dumps from it libraries?