New Cisco 642-885 Exam Questions Are Out – (Jan-2018 Dumps)

      Comments Off on New Cisco 642-885 Exam Questions Are Out – (Jan-2018 Dumps)

Cisco Certified Network Professional Service Provider 642-885 exam is a milestone in the industry to endorse your proficiency. Passing Cisco CCNP Service Provider 642-885 exam entitles you for the achievement of Cisco Certified Network Professional Service Provider certification exam. We at RealExamDumps provide you latest Cisco CCNP Service Provider 642-885 exam questions. The candidates those who endorse their proficiency by passing the Deploying Cisco Service Provider Advanced Routing 642-885 exam get the edge in the industry and get better employment opportunities.

642-885 exam questions, 642-885 PDF dumps; 642-885 exam dumps:: https://www.dumpsschool.com/642-885-exam-dumps.html (131 Q&A) (New Questions Are 100% Available! Also Free Practice Test Software!)

Latest and Most Accurate Cisco 642-885 Dumps Exam Questions and Answers:

Question: 21

Which two statements correctly describe the RPF check when a multicast packet arrives at a router? (Choose two.)

A. The router looks up the source address in the unicast routing table to determine if the packet has arrived on the interface that is on the reverse path back to the source
B. The router looks up the destination address in the unicast routing table to determine if the packet has arrived on the interface that is on the reverse path back to the destination
C. If the packet has arrived on the interface leading back to the destination, the RPF check passes and the packet is forwarded. If the RPF check fails, the packet is dropped
D. If the packet has arrived on the interface leading back to the source, the RPF check passes and the packet is forwarded. If the RPF check fails, the packet is dropped

Answer: A, D

Explanation:
Reverse Path Forwarding (RPF)
RPF is a fundamental concept in multicast routing that enables routers to correctly forward multicast traffic down the distribution tree. RPF makes use of the existing unicast routing table to determine the upstream and downstream neighbors. A router will only forward a multicast packet if it is received on the upstream interface.
This RPF check helps to guarantee that the distribution tree will be loop free.
RPF Check
When a multicast packet arrives at a router, the router will perform an RPF check on the packet. If the RPF check is successful, the packet will be forwarded. Otherwise it will be dropped.
For traffic flowing down a source tree, the RPF check procedure works as follows:
Step 1. Router looks up the source address in the unicast routing table to determine if it has arrived on the interface that is on the reverse path back to the source.
Step 2. If packet has arrived on the interface leading back to the source, the RPF check is successful and the packet will be forwarded.
Step 3. If the RPF check in 2 fails, the packet is dropped.

Question: 22

When enabling interdomain multicast routing, which two statements are correct? (Choose two.)

A. Multiprotocol BGP is used instead of PIM SM to build the intradomain and interdomain multicast distribution trees
B. Use MSDP to enable the RPs from different domains to exchange information about active multicast sources
C. MSDP SA packets are sent between the multiprotocol BGP peers
D. Noncongruent unicast and multicast topologies can be supported using multiprotocol BGP

Answer: B, D

Explanation:
http://prakashkalsaria.wordpress.com/2010/08/11/mbgp-msdp/
MSDP In the PIM-SM model, multicast sources and receivers must register with their local RP. Actually, the router closest to the sources or receivers registers with the RP, but the key point to note is that the RP knows about all the sources and receivers for any particular group. RPs in other domains have no way of knowing about sources located in other domains. MSDP is an elegant way to solve this problem.
MSDP is a mechanism that allows RPs to share information about active sources. RPs know about the receivers in their local domain. When RPs in remote domains hear about the active sources, they can pass on that information to their local receivers and multicast data can then be forwarded between the domains. A useful feature of MSDP is that it allows each domain to maintain an independent RP that does not rely on other domains, but it does enable RPs to forward traffic between domains. PIM-SM is used to forward the traffic between the multicast domains.
The RP in each domain establishes an MSDP peering session using a TCP connection with the RPs in other domains or with border routers leading to the other domains. When the RP learns about a new multicast source within its own domain (through the normal PIM register mechanism), the RP encapsulates the first data packet in a Source-Active (SA) message and sends the SA to all MSDP peers. The SA is forwarded by each receiving peer using a modified RPF check, until the SA reaches every MSDP router in the interconnected networks—theoretically the entire multicast internet. If the receiving MSDP peer is an RP, and the RP has a (*, G) entry for the group in the SA (there is an interested receiver), the RP creates (S, G) state for the source and joins to the shortest path tree for the source. The encapsulated data is decapsulated and forwarded down the shared tree of that RP. When the packet is received by the last hop router of the receiver, the last hop router also may join the shortest path tree to the source. The MSDP speaker periodically sends SAs that include all sources within the own domain of the RP
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.2/routing/configuration/guide/rc32bgp.html
Multiprotocol BGP
Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocols and IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast routing.
The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM) feature to build data distribution trees.
Multiprotocol BGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which resources are used for which traffic. Multiprotocol BGP allows you to have a unicast routing topology different from a multicast routing topology providing more control over your network and resources.
In BGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was in place for unicast routing. Perhaps you want all multicast traffic exchanged at one network access point (NAP).
If those routers were not multicast capable, or there were differing policies for which you wanted multicast traffic to flow, multicast routing could not be supported without multiprotocol BGP.
Note It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability information (NLRI), but you cannot connect multiprotocol BGP clouds with a BGP cloud. That is, you cannot redistribute multiprotocol BGP routes into BGP.

Question: 23

Which two BGP mechanisms are used to prevent routing loops when using a design with redundant route reflectors? (Choose two.)

A. Cluster-list
B. AS-Path
C. Originator ID
D. Community
E. Origin

Answer: A, C

Explanation:
http://www.cisco.com/en/US/docs/ios_xr_sw/iosxr_r3.7/routing/configuration/guide/rc37bgp.html
As the iBGP learned routes are reflected, routing information may loop. The route reflector model has the following mechanisms to avoid routing loops:
•Originator ID is an optional, nontransitive BGP attribute. It is a 4-byte attributed created by a route reflector.
The attribute carries the router ID of the originator of the route in the local autonomous system. Therefore, if a misconfiguration causes routing information to come back to the originator, the information is ignored.
•Cluster-list is an optional, nontransitive BGP attribute. It is a sequence of cluster IDs that the route has passed. When a route reflector reflects a route from its clients to nonclient peers, and vice versa, it appends the local cluster ID to the cluster-list. If the cluster-list is empty, a new cluster-list is created. Using this attribute, a route reflector can identify if routing information is looped back to the same cluster due to misconfiguration. If the local cluster ID is found in the cluster-list, the advertisement is ignored.

Question: 24

Which two statements correctly describe the BGP ttl-security feature? (Choose two.)

A. This feature protects the BGP processes from CPU utilization-based attacks from EBGP neighbors which can be multiple hops away
B. This feature prevents IBGP sessions with non-directly connected IBGP neighbors
C. This feature will cause the EBGP updates from the router to be sent using a TTL of 1
D. This feature needs to be configured on each participating BGP router
E. This feature is used together with the ebgp-multihop command

Answer: A, D

Explanation:
http://packetlife.net/blog/2009/nov/23/understanding-bgp-ttl-security/

Question: 25

When implementing source-based remote-triggered black hole filtering, which two configurations are required on the edge routers that are not the signaling router? (Choose two.)

A. A static route to a prefix that is not used in the network with a next hop set to the Null0 interface
B. A static route pointing to the IP address of the attacker
C. uRPF on all external facing interfaces at the edge routers
D. Redistribution into BGP of the static route that points to the IP address of the attacker
E. A route policy to set the redistributed static routes with the no-export BGP community

Answer: A, C

Explanation:
Source-Based RTBH Filtering
With destination-based black holing, all traffic to a specific destination is dropped after the black hole has been activated, regardless of where it is coming from. Obviously, this could include legitimate traffic destined for the target. Source-based black holes provide the ability to drop traffic at the network edge based on a specific source address or range of source addresses.
If the source address (or range of addresses) of the attack can be identified (spoofed or not), it would be better to drop all traffic at the edge based on the source address, regardless of the destination address. This would permit legitimate traffic from other sources to reach the target. Implementation of source-based black hole filtering depends on Unicast Reverse Path Forwarding (uRPF), most often loose mode uRPF.
Loose mode uRPF checks the packet and forwards it if there is a route entry for the source IP of the incoming packet in the router forwarding information base (FIB). If the router does not have an FIB entry for the source IP address, or if the entry points to a null interface, the Reverse Path Forwarding (RPF) check fails and the packet is dropped, as shown in Figure 2. Because uRPF validates a source IP address against its FIB entry, dropping traffic from specific source addresses is accomplished by configuring loose mode uRPF on the external interface and ensuring the RPF check fails by inserting a route to the source with a next hop of Null0.
This can be done by using a trigger device to send IBGP updates. These updates set the next hop for the source IP to an unused IP address that has a static entry at the edge, setting it to null as shown in Figure 2.

Question: 26

Refer to the topology diagram shown in the exhibit and the partial configurations shown below.

Once the attack from 209.165.201.144/28 to 209.165.202.128/28 has been detected, which additional configurations are required on the P1 IOS-XR router to implement source-based remote-triggered black hole filtering?
!
router bgp 123
address-family ipv4 unicast
redistribute static route-policy test
!

A. router static
address-family ipv4 unicast
209.165.202.128/28 null0 tag 666
192.0.2.1/32 null0 tag 667
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
endif
if tag is 667 then
set community (no-export)
endif
end-policy
!
B. router static
address-family ipv4 unicast
209.165.201.144/28 null0 tag 666
192.0.2.1/32 null0 tag 667
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
endif
if tag is 667 then
set community (no-export)
endif
end-policy
!
C. router static
address-family ipv4 unicast
209.165.201.144/28 null0 tag 666
192.0.2.1/32 null0
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
set community (no-export)
endif
end-policy
D. router static
address-family ipv4 unicast
209.165.202.128/28 null0 tag 666
192.0.2.1/32 null0
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
set community (no-export)
endif
end-policy
!

Answer: C

Explanation:
Source-Based RTBH Filtering
With destination-based black holing, all traffic to a specific destination is dropped after the black hole has been activated, regardless of where it is coming from. Obviously, this could include legitimate traffic destined for the target. Source-based black holes provide the ability to drop traffic at the network edge based on a specific source address or range of source addresses.
If the source address (or range of addresses) of the attack can be identified (spoofed or not), it would be better to drop all traffic at the edge based on the source address, regardless of the destination address. This would permit legitimate traffic from other sources to reach the target. Implementation of source-based black hole filtering depends on Unicast Reverse Path Forwarding (uRPF), most often loose mode uRPF. Loose mode uRPF checks the packet and forwards it if there is a route entry for the source IP of the incoming packet in the router forwarding information base (FIB). If the router does not have an FIB entry for the source
IP address, or if the entry points to a null interface, the Reverse Path Forwarding (RPF) check fails and the packet is dropped, as shown in Figure 2. Because uRPF validates a source IP address against its FIB entry, dropping traffic from specific source addresses is accomplished by configuring loose mode uRPF on the external interface and ensuring the RPF check fails by inserting a route to the source with a next hop of Null0. This can be done by using a trigger device to send IBGP updates. These updates set the next hop for the source IP to an unused IP address that has a static entry at the edge, setting it to null as shown in Figure 2.

New Updated 642-885 Exam Questions 642-885 PDF dumps 642-885 practice exam dumps: https://www.dumpsschool.com/642-885-exam-dumps.html