21certify.com Cisco:

Cisco® Certified Internetworking Expert ( CCIE® ) Exams 350-001
Version 6.0

Jun. 17th, 2003


This 21certify Exam has been carefully written and compiled by 21certify Exams experts. It is
designed to help you learn the concepts behind the questions rather than be a strict memorization tool.
Repeated readings will increase your comprehension.

We continually add to and update our 21certify Exams with new questions, so check that you have the
latest version of this 21certify Exam right before you take your exam.

For security purposes, each PDF file is encrypted with a unique serial number associated with your
21certify Exams account information. In accordance with International Copyright Law, 21certify
Exams reserves the right to take legal action against you should we find copies of this PDF file has
been distributed to other parties.

Please tell us what you think of this 21certify Exam. We appreciate both positive and critical
comments as your feedback helps us improve future versions.

We thank you for buying our 21certify Exams and look forward to supplying you with all your
Certification training needs.

Good studying!

21certify Exams Technical and Support Team
350-001 3

21certify.com

Q.1 Load sharing of VLAN traffic over parallel ISL trunks is:
A. Not possible due to the nature of ISL.
B. Configurable on a per VLAN basis.
C. Configurable on a per packet basis.
D. Automatic due to the nature of ISL and its interaction with the IEEE Spanning Tree protocol.

new LSA information to update the neighbor about the topology change.

Q.4 In a PIMv2 Sparse Mode network, the “incoming interface” for a (*, G) mroute entry is
calculated using:
A. The address of the source.
B. The address of the PIM neighbor that send the PIM (*, G) Join message.
C. The address of a directory connected member of group “G”.
D. The address of the currently active Rendezvous Point for group “G”.
E. The address of the Mapping Agent.
Answer: C

350-001 4

21certify.com

Q.5 Exhibit: Existing ACEs in the VACL: set security acl ip Control_Access permit host
10.1.1.100 set security acl ip Control_Access deny 10.1.1.0 255.255.255.0 set security acl ip
Control_Access permit host 172.16.84.99 set security acl ip Control_Access deny 172.16.84.0
255.255.255.128 Additional ACEs to the VACL:
set security acl ip Control_Access permit host
172.16.82.3 set security acl ip Control_Access deny host
172.17.10.44 set security acl ip Control_Access permit
host 192.168.99.150 set security acl ip Control_Access
deny host 192.168.250.1
A VLAN Access Control List has been configured with the four entries shown in the exhibit.
After the addition of the next four entries, how many total mask value entries are required in
the Ternary Content Addressable Memory (TCAM) table?
A. 1
B. 2
C. 3

C. It works by exchanging protocol packets between the neighboring devices.
D. Both devices on the link must support Unidirectional Link Detection and have it enabled on
respective ports.
Answer: A
Q.9 Exhibit:
Show interface command for Serial 0:
r1#sh in
Serial0 is up, line protocol is upHardware is HD64570 MTU 1500 bytes, BW 1544 Kbit,
DLY 20000, rely 255/255, load 1/255Encapsulation FRAME-RELAY, loopback not set,
keepalive set (35 sec)LMI enq sent 7, LMI stat recvd 7, LMI upd recvd 0, DTE LMI
upLMI enq recvd 0, LMI stat sent 0, LMI upd sent 0 LMI DLCI 0 LMI type is ANSI
Annex D frame relay DTEFR SVC disabled, LAPF stat downBroadcast queue 0/64,
broadcasts sent/dropped 2/0, interface broadcast 0Last input 00:00:30, output
00:00:30, output hang neverLast clearing of “show interface” counters
neverQueuing strategy: fifoOutput queue 0/40, 0 drops; input queue 0/75, 0 drops5
minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0
packets/sec1 packets input, 24 bytes, 0 no bufferReceived 0 broadcasts, 0 runts,
0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0
abort4 packets output, 608 bytes, 0 underruns0 output errors, 0 collisions, 4
interface resets0 output buffer failures, 0 output buffers swapped out2 carrier
transitions DCD=up DSR=up DTR=up RTS=up CTS=up
Serial 0.2 is down, line protocol is downHardware is HD64570 Internet address is
172.16.1.2/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load
1/255Encapsulation FRAME-RELAY
Serial 0.3 is down, line protocol is downHardware is HD64570 Internet address is
171.16.2.1/24MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec, rely 255/255, load
1/255Encapsulation FRAME-RELAY
A serial interface is brought up, works for a short time, then goes down. According to the show
interface command what is the likely problem?
A. The encapsulation type is not set to Frame-Relay.

External Route Tag: 0
And the following from a router in the network:
RouterTK1#show ip ospf border-routers
OSPF Process 10 internal Routing Table
Codes: i-intra-area route, I-Inter-area route
I5.5.5.5(2) via 30.0.0.1, Serial0/0, ASBR, Area0, SPF 4
What is the metric for subnet 100.100.1.0/24 on Router TK1?
A. 1
B. 2
C. 18
D. 20
E. 22
Answer: E
20 + 2, 20 from Metric (external), and 2 from Inter-area.
Q.12 Which are the primary reasons to use traffic shaping? (Select two)
A. To control the maximum rate of traffic transmitted or received on an interface.
B. To control access to available bandwidth.
C. To define Layer 3 aggregate or granular incoming or outgoing bandwidth rate limits.
D. To control the average queue size by indicating to the end hosts when they should
temporarily slow down transmission of packets.
E. To ensure that traffic conforms to the policies established for it.
Answer: B, E Explanation: The primary reasons to use traffic shaping are to control access to available
bandwidth, to ensure that traffic conforms to specific policies, and to regulate the flow of traffic in order
to avoid congestion. Reference:
350-001 7

21certify.com Q.13 In a bridged network running IEEE 802.1d spanning tree, what parameter will a bridge take

350-001 8

21certify.com

ICMP messages. If so, change the filter rule to allow ICMP
Answer: A, E Explanation: Refer to " Why Can't I Browse the Internet when
Using a GRE Tunnel?"

Q.16 What command switches a SONET APS protected circuit over the back-up circuit?
A. aps force atm circuit-.number
B. aps manual circuit-number
C. redundancy force-failover
D. aps back-up circuit-number
E. aps force circuit-number
Answer: A
A is the correct command syntax.
Q.17 What is NOT a BGP attribute?
A. Origin
B. Weight
C. Local_pref
D. Community
E. Cluster_list
Answer: B
Original answer was E Cluster_List is not a BGP attribute, ABCD are.
However Actually I am not sure that weight is an attribute. It is set using the set weight command yet in
Internet routing
Architectures page 116 (I believe) it does not show weight as an attribute.
Table 5-2. Attribute Type Codes
ORIGIN Well-known mandatory, Type code 1 RFC 1771 LOCAL_PREF Well-Known discretionary, Type code 5 RFC 1771
COMMUNITY Optional transitive, Type 8 RFC 1997 Cluster List Optional nontransitive, Type code 10 RFC 1966

C. Dynamic translation for DNS “A” and “PTR” queries.
D. Inside and outside source static network translation that allows overlapping network address
spaces on the inside and the outside.
E. All of the above.
Answer: E
Q.22 Which statements about FTP are true?
A. FTP always uses two separate TCP sessions – one for control and one for data.
B. With passive mode FTP, both the control and data TCP sessions are initiated from the client.
C. With active mode FTP, the server used the “PORT” command to tell the client on which port it
wished to send the data.
D. For both active and passive mode FTP, the control session on the server always uses TCP port 21,
and the data session always uses TCP port 20.
Answer: A, B Q.23 A network administrator wants an IP static route to point to a backup link,
but only if the same route is not available via a dynamic routing protocol. How would this be
accomplished?
A. Create a static route with a lower administrative distance than the dynamic protocol.
B. Create a static route with a higher administrative distance than the dynamic protocol.
C. Create a static route with a lower metric than the dynamic protocol.
D. Create a static route with the floating-static keyword.
Answer: B
With a higher administrative distance, the dynamic routing protocol will always be the preferred route.
Q.24 In Token Ring networks, Layer 3 IP Multicast addresses are mapped into Layer 2 Token
Ring Mac addresses in which ways? (Select two)
A. All IP Multicast addresses are mapped to broadcast MAC address FFFF.FFFF.FFFF.
B. All IP Multicast addresses are mapped to Functional Address C000.0000.0001.
C. All IP Multicast addresses are mapped to Functional Address C000.0004.0000.
D. All IP Multicast addresses are mapped to MAC addresses using the same method as is used in
Ethernet networks.
E. Configure the Ring Parameter server to set the I/G address to 1.
Answer: C, D


A. dial-peer voice 3 voip
destination-pattern 7330408
session target 10.10.10.1

B. dial-peer voice 7330408 voip
destination-number 3
session-target ip 10.10.10.1

C. dial-peer voice 3 voip
350-001 11

21certify.com

destination-pattern ipv4: 10.10.10.1
session-target voice

D. dial-peer voice 3 voip
destination-pattern 7330408
session-target ipv4: 10.10.10.1

Answer: D
D is the correct syntax.
Q.28 What trunk mode combination would not produce an operational ISL trunk?
A. Local: auto Remote: auto
B. Local: on Remote: auto
C. Local: nonegotiate Remote: nonegotiate
D. Local: nonegotiate Remote: on
E. Local: auto Remote: desirable
Answer: A

D. Ring 10, and Ring 2.
E. Ring 2, Ring 200, and Ring 1.
Answer: B Explanation: Configuring SR/TLB involves the configuration of SRB and transparent
bridging An additional command ties in the SRB domain with the transparent bridged domain:
source-bridge transparent ring-group pseudo-ring bridge-number tb-group
The arguments are as follows:
. • ring-group—The virtual ring group number created with the source-bridge ring-group command.

.• pseudo-ring:—A virtual ring group number created for the transparent bridge group. The Token Ring side

.sends frames to this ring number to reach the host in the transparent bridge side.

.• bridge-number:—A bridge number is assigned for the bridge between the virtual ring group and the
pseudo

.ring.
. • tb-group:—The transparent bridge group number configured with the bridge-group command.

Reference:
/>965182EF3011}/element_id~{87AF55FC-
39FC-4347-81CC-F83DB20DB1D2}/st~{D7876506-1D0A-4E7E-ABC9-
EE82E540D178}/session_id~{5A8B4170-A0F4-
4160-B712-93C705EEEE57}/content/articlex.asp
Q.30 A network administrator wants to advertise the network 135.30.45.0/27 to an EBGP peer.
What command would be used to accomplish this?
A. network 135.30.45.0 255.255.0.0
B. network 135.30.45.0 mask 255.255.255.224
C. network 135.30.45.0
D. network 135.45.0.0
Answer: B

Signaling along the path, and an ILMI PVC are required for an SVC.

Q.34 MPLS traffic engineering routing information is carried by:
A. BGP MEDs
B. MP-BGP
C. OSPF Opaque LSAs or IS-IS TLVs
D. RTP or RTCP packets
Answer: C
Q.35 What type of EIGRP packets carry the Init flag embedded?
A. Hello
B. Update
C. Query
D. Reply
E. Ack
Answer: A
Only hello packets have the Init flag embedded.
350-001 14

21certify.com

Q.36 An AT&T 5ESS NI1 switch uses what terminal type of ISDN?
A. Terminal type A.
B. Terminal type B.
C. Terminal type C.
D. Terminal type D.
E. All of the above.
Answer: A
Q.37 Exhibit 1: Exhibit 2:

hostname RouterTK1

ipx network ACA1235
!
ipx gns-response-delay 10

interface Serial 0
encapsulation frame-relay
ipx network 100

!
frame-relay map ipx 100.1000.1000.1000
ipx router rip
no network 100

!
ipx router EIGRP 1

Will a workstation connected to Router TK1 be able to attach to a server attached to the
Ethernet interface on Router TK2, assuming that the Frame Relay PVCs are up and running?
A. No – Redistribution has not been configured between EIGRP and RIP.
B. No – EIGRP will not run correctly over the Frame Relay cloud.
C. No – The GNS response delay is configured on the wrong router.
D. No – The IPX routing command is not matching the Ethernet’s MAC address.
E. Yes.
Answer: D Explanation: IPX RIP is disabled and no network has been enabled for eigrp, then no
routing will take place.
Q.38 Which are common problems that cause clocking problems on a serial line?
A. Several cables connected together in a row.
B. Too much –db gain on the serial line.
C. Incorrect CSU configuration.
D. Impedance mismatch.

learned routes in the local routing table.
C. OSPF will not form any adjacency out of that interface.
D. OSPF will behave as a passive adjacency at the requests coming from neighbors, lying out
of the interface, ignoring all the incoming requests.
E. None of the above.
Answer: C
With passive-interface, an adjacency will never occur out of that interface.
Q.42 With respect to the ATM Reference Model what is NOT one of the ATM layers?
A. Physical layer.
B. ATM adaptation layer (AAL).
C. Generic Flow Control (GFC) layer.
350-001 17

21certify.com

D. ATM layer.
Answer: C
GFC is not a layer of the ATM model.
Q.43 Exhibit:
priority-list 1 protocol ip medium list
102priority-list 1 protocol ip normal list
103priority-list 1 protocol ip low list
104priority-list 1 default low
access-list 101 permit ip any any precedence
criticalaccess-list 102 permit ip any any precedence flash
access-list 103 permit ip any any precedence
immediateaccess-list 104 permit ip any any precedence
priority
Given the settings shown in the exhibit, which queue will a packet tagged with IP Precedence
value of 4 go into?

350-001 18

21certify.com

neighbors.
C. PSNP are used to acknowledge the receipt of the latest version of an LSP while the CSNP are
used either for synchronizing the LS Database of adjacent neighbors or to request the
retransmission of an LSP.
D. CSNP are used to acknowledge the receipt of the latest version of an LSP while the PSNP are
used either for synchronizing the LS Database of adjacent neighbors or to request the
retransmission of an LSP.
Answer: A
CSNP (Complete Sequence Number PDU) is sent by the DR to maintain DB synchronization. PSNP
(Partial Sequence Number PDU) are used to acknowledge or request one or more LSPs.
Q.47 Suppose a network access server (NAS) is configured to use TACACS+ to provide user
authentication service for remote access users. The NAS get an ERROR in response to its
authentication request when: (Select three)
A. The TACACS+ service is not running on the server.
B. The supplied user password is incorrect.
C. The username does not exist in the TACACS+ user database.
D. The NAS TACACS+ server key does not match that on the server.
E. The TACACS+ server is unreachable by the NAS.
Answer: B, C, D (?)
Q.48 Routers 1, 2, 3, and 4 are all connected to a hub via Ethernet interfaces. All routers have a
basic OSPF
configuration of a network statement for the Ethernet network.
show ip ospf neighbor on Router 2 shows 2WAY/DROTHER for its neighbor, Router 3.
Which conclusions can we dram from this?

A. R2 is the DR or BDR.

Answer: C
Q.51 A company has deployed a new e-commerce web farm. They are using teamed servers that
use multicast to maintain a heartbeat between redundant pairs. All servers are in the
192.168.202.0/24 network. For increased security, they require each pair of servers be allowed to
see multicast/broadcast traffic from their default gateway and from each other. No pair of servers
should ever see any broadcast/multicast traffic from any other pair of servers. Which is the best
mechanism for the server ports to accomplish this?
A. Isolated Ports.
B. Promiscuous Ports.
C. Community Ports.
D. Teamed Ports.
E. Span Ports.
Answer: C
Q.52 Which EIGRP packets are sent using a reliable mechanism? (Select all that apply)
A. Hello
B. Update
C. Query
D. Reply
E. Ack
Answer: B, C, D
EIGRP reliable packets are: update, query and reply. EIGRP
unreliable packets are: hello and ack.
Reference: Cisco BSCN version 1.0 study guide, pages 6-18.

Q.53 Which protocols do not need to have their own router ID reachable by other routers to have
proper network connectivity?
A. OSPF
B. BGP
C. EIGRP
D. LDP

recalculate the spanning tree.
Answer: B, C
Q.56 Which events cause the EIGRP neighbor relationship to be restarted?
A. Issuing the clear ip route command.
B. Receiving an update packet with Init flag set from a known, already established neighbor
relationship.
C. Receiving an update packet from an unknown neighbor.
D. Clearing the IP cache.
E. Clearing the IP EIGRP neighbor relationship.
Answer: E
Only E will restarts the EIGRP neighbor process.
Q.57 What protocol is NOT part of the Signaling System No. 7?
A. ISUP
350-001 21

21certify.com

B. TCAP
C. MTP
D. SIP
E. SCCP
Answer: D
Only SIP is not associated with SS7.
Q.58 By entering the IOS global configuration command aaa new-model, which authentication
protocols will be disabled?
A. TACACS
B. TACACS+
C. Extended TACACS (XTACACS)
D. Radius
E. Kerberos

setKeepalive not setFR SVC disabled, LAPF state downBroadcast queue 0/64, broadcasts
sent/dropped 37/0, interface broadcasts 37Last input 00:00:01, output 00:00:20, output hang
neverLast clearing of “show interface” counters 00:16:16Queueing strategy: dual fifoOutput
queue: high size/max/dropped 0/200/0Output queue: 0/100, 0 drops; input queue 0/75, 0 drops5
minute input rate 0 bits/sec, 0 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec39
350-001 22

21certify.com

packets input, 2995 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0
input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort39 packets output, 2975 bytes, 0
underruns0 output errors, 0 collisions, 0 interface resets0 output buffer failures, 0 output
buffers swapped out0 carrier transitions
DCD=up DSR=up DTR=up CTS=up
This serial interface:
A. Is working properly.
B. Needs to be enabled with the no shut down command.
C. Is not working properly due to telephone company service problems.
D. Is using the wrong protocol.
Answer: C
Q.62 What flag in the TCP header tells the receiver to pass all the data to the receiving application
upon arrival?
A. ACK
B. SYN
C. PSH
D. URG
E. RST
Answer: C
A PSH message tells the receiver to PUSH the data to the application.
Q.63 Routers A and B are running BGP in the same Autonomous System. Routers from Router B

Answer: C
DLSW requires a single virtual-ring.
Q.66 Exhibit:
What is correct
about the
configuration
of the Switch
with regards to
the channeling?

A. Both channels should be given the same channel-id.
B. Load balancing traffic over the channel for traffic between two servers will not work.
C. Spanning Tree needs to be disabled on the VLAN for the channel to come up.
D. Channeling to a server is not supported.
Answer: B
Ether Channel is only supported between Switches.
Q.67 Which is the protocol that On-Demand Routing relies on?
A. IP
B. TCP
C. CDP
D. UDP
E. PPP
Answer: C
ODR is based on CDP.
Q.68 Traceroute does not work on Host A (a Unix workstation) to the Internet. Currently, there is
an inbound access-list applied to the serial interface on Router 1 that says “access-list 101 permit
350-001 24

21certify.com


reconvergence of the Spanning Tree domain.
Answer: A
The syntax specified only makes TK1 root for Vlan 1.
Q.70 Exhibit:
RouterTestK#sh policy-map inter s4/0
Serial4/0
Service-policy output: SHAPE (1865)
Class-map: gold (match-all) (1866/2)
0 packets, 0 bytes
1 minute offered rate 0 bps, drop rate 0 bps
Match: ip dscp 10 12 15 (1868)
Traffic Shaping
Target Byte Sustain Excess Interval Increment Adapt
Rate Limit bits/int bits/int (ms) (bytes) (active)
1024000 3200 12800 12800 25 3299 -

Queue Packets Bytes Packets Bytes
Depth Delayed Delayed Active
0 0 0 0 no

Weighted Fair Queueing
Output Queue: Conversation 265
Bandwidth 50% Max Threshold 64 (packets)
(pkts matched/bytes matched) 0/0
(pkts discards/bytes discards/tail drops) 0/0/0

Router configuration:
ip cef
class-map match-all gold
match ip dscp 10 12 14