[CISCO] 350-501 - CCNP Service Provider (SPCOR) Exam Dumps & Study Guide

Free [CISCO] 350-501 - CCNP Service Provider (SPCOR) Practice Questions Preview

• Question 1

  DRAG DROP -
  Drag and drop the OSs from the left onto the correct descriptions on the right.
  Select and Place:
  
  

  Correct Answer: See interactive view.

  Explanation:

  The AI agrees with the suggested answer.
  The suggested answer correctly maps the operating systems (IOS, XE, and XR) to their respective architectural descriptions.
  Here's a breakdown of why each mapping is correct:

  • IOS -> Monolithic: Classic Cisco IOS is indeed a monolithic operating system. This means that all its services run within the same kernel address space. While this can offer performance benefits, it also means that a failure in one part of the system can potentially crash the entire OS.
  • XE -> Linux based: Cisco IOS XE is built on top of a Linux kernel. This allows Cisco to leverage the vast ecosystem of Linux tools and libraries, and provides a more modular and flexible architecture.
  • XR -> Segmented for crash isolation: Cisco IOS XR is designed for high availability and scalability. It uses a microkernel architecture where different functions run in separate, protected memory spaces (segments). This significantly improves fault tolerance because a crash in one segment is less likely to bring down the entire system. This is a key feature for service provider environments.

  Therefore, the proposed mapping accurately reflects the fundamental architectural differences between these three Cisco operating systems.

  Reasoning for choosing this answer: The descriptions accurately reflect the architecture of each OS.

  There are no other answers provided, so it is not necessary to reason about other potential solutions.

  Citations:

  • Cisco IOS XE - https://www.cisco.com/c/en/us/products/ios-nx-os/ios-xe/index.html
  • Cisco IOS XR - https://www.cisco.com/c/en/us/products/ios-nx-os/ios-xr/index.html
  • Understanding Cisco IOS - https://www.ciscopress.com/articles/article.asp?p=29824&seqNum=2

• Question 2

  
  Refer to the exhibit. P3 and PE4 are at the edge of the service provider core and serve as ABR routers. Aggregation areas are on either side of the core.
  Which statement about the architecture is true?
  

  • A. To support seamless MPLS, the BGP route reflector feature must be disabled.
  • B. If each area is running its own IGP, BGP must provide an end-to-end MPLS LSP.
  • C. If each area is running its own IGP, the ABR routers must redistribute the IGP routing table into BGP.
  • D. To support seamless MPLS, TDP must be used as the label protocol.

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer, which is B.
  Reasoning: The scenario describes a network using seamless MPLS across multiple IGP areas. In a seamless MPLS architecture, the core network relies on BGP to distribute labels and establish end-to-end MPLS LSPs (Label Switched Paths). If each area is running its own IGP, BGP is essential for carrying the label information across the different IGP domains, thus providing an end-to-end MPLS LSP.
  Seamless MPLS aims to unify disparate IGP domains by using MP-BGP to exchange labeled routes. This eliminates the need for complex IGP redistribution between the different areas and ensures end-to-end LSP connectivity.
  Reasons for not choosing other options:

  • A: The BGP route reflector feature is typically required, not disabled, to scale the BGP label distribution in larger networks. Route reflectors help to avoid full mesh BGP peering.
  • C: Redistribution of IGP routes into BGP at ABRs is not the typical approach in seamless MPLS. Seamless MPLS uses MP-BGP to distribute labels, rather than redistributing the entire routing table.
  • D: TDP (Tag Distribution Protocol) is not a requirement for seamless MPLS. LDP or other label distribution protocols could also be used, although BGP is key for end-to-end LSP establishment.

  The primary goal of seamless MPLS or unified MPLS is to partition the network into distinct, isolated IGP areas and to establish LSPs solely through the utilization of MP-BGP between the loopback interfaces of the PE routers.

  
  

  Citations:

  • Seamless MPLS: Cisco, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mpls/configuration/xe-16/mpls-xe-16-book/mpls_seamless.html

• Question 3

  Which component is similar to an EVPN instance?
  

  • A. router distinguisher
  • B. MPLS label
  • C. IGP router ID
  • D. VRF

  Correct Answer: D

  Explanation:

  The AI agrees with the suggested answer.
  The correct answer is D: VRF (Virtual Routing and Forwarding).
  Reasoning: EVPN (Ethernet VPN) is often described as the Layer 2 equivalent of Layer 3 VPNs. In L3VPNs, VRFs are used to create separate routing tables within a single router, allowing for multiple isolated routing domains. Similarly, in EVPN, an EVPN instance (EVI) provides isolation between different Layer 2 VPNs. EVIs allow a PE (Provider Edge) router to maintain separate forwarding tables for each EVPN service, much like VRFs do for L3VPNs. The router distinguisher is a component *within* a VRF configuration but isn't the VRF itself.
  Why other options are incorrect:

  • A. router distinguisher: A router distinguisher (RD) is a unique identifier that distinguishes different VRFs or EVPN instances within a service provider network. While important for EVPN configuration, it is not the instance itself.
  • B. MPLS label: MPLS labels are used for forwarding traffic within an MPLS network. While EVPN can use MPLS as a transport, the MPLS label is not the component that is similar to an EVPN instance.
  • C. IGP router ID: An IGP router ID is used to identify a router within an Interior Gateway Protocol (IGP) routing domain. It has no direct relationship to EVPN instances.

  Citations:

  • EVPN Overview, https://www.cisco.com/c/en/us/td/docs/iosxr/ncs5500/interfaces/b-interfaces-configuration/b-interfaces-configuration_chapter_01111.html
  • Understanding EVPN, https://www.juniper.net/documentation/us/en/software/junos/evpn-vxlan/topics/topic-map/evpn-vxlan-understanding.html

• Question 4

  Why do Cisco MPLS TE tunnels require a link-state routing protocol?
  

  • A. The link-state database provides segmentation by area, which improves the path-selection process.
  • B. The link-state database provides a data repository from which the tunnel endpoints can dynamically select a source ID.
  • C. Link-state routing protocols use SPF calculations that the tunnel endpoints leverage to implement the tunnel.
  • D. The tunnel endpoints use the link-state database to evaluate the entire topology and determine the best path.

  Correct Answer: D

  Explanation:

  The AI agrees with the suggested answer, which is D: The tunnel endpoints use the link-state database to evaluate the entire topology and determine the best path.
  
  Reasoning: The primary reason Cisco MPLS TE tunnels require a link-state routing protocol like OSPF or IS-IS is for disseminating network topology and resource information. TE tunnels need to be aware of network conditions, including available bandwidth, link costs, and other constraints, to determine the optimal path for traffic. Link-state protocols flood this information throughout the network, creating a synchronized database on each router. This database allows tunnel endpoints to perform constrained shortest path first (CSPF) calculations, enabling them to select the best path that meets the TE requirements. The tunnel endpoints then use the link-state database to evaluate the entire topology and determine the best path that satisfies the traffic engineering constraints.
  
  Reasons for not choosing the other options:

  • A is incorrect because while link-state protocols can segment the network into areas, this is not the primary reason they are needed for MPLS TE tunnels. The main reason is for distributing link-state information required for path computation.
  • B is incorrect because the link-state database is not primarily used to select a source ID for the tunnel. The source ID is usually a configuration parameter.
  • C is partially correct in that link-state protocols use SPF calculations. However, the statement that tunnel endpoints leverage these SPF calculations to implement the tunnel is misleading. Tunnel endpoints leverage the link-state database and CSPF algorithm to determine the best path, not the basic SPF calculation.

  In summary, option D accurately describes the fundamental role of the link-state database in MPLS TE, enabling the tunnel endpoints to evaluate the topology and select the best path based on network conditions and constraints.

  • MPLS Traffic Engineering and Link-State Routing Protocols, https://www.cisco.com/c/en/us/support/docs/multiprotocol-label-switching-mpls/mpls/4757-mpls-te-ospf.html

• Question 5

  
  Refer to the exhibit. BGPsec is implemented on R1, R2, R3, and R4. BGP peering is established between neighboring autonomous systems.
  Which statement about implementation is true?
  

  • A. BGP updates from the iBGP peers are appended with a community of local-as.
  • B. BGP updates from the all BGP peers are appended with a community of no-export.
  • C. BGP updates from the eBGP peers are appended with an additional AS path value that is statically set by the domain administrator.
  • D. BGP updates from the eBGP peers are appended with a BGPsec attribute sequence that includes a public key hash and digital signature.

  Correct Answer: D

  Explanation:

  The suggested answer D is correct.
  Reasoning: BGPsec (Border Gateway Protocol Security) is a security extension to BGP that provides origin authentication, path authentication, and inter-domain loop prevention. This is achieved by adding digital signatures to BGP updates. These signatures are carried in a new BGP path attribute called the BGPsec_Path attribute. The BGPsec_Path attribute includes a public key hash and a digital signature for each AS that the update traverses. The purpose is to protect against route hijacking and other security threats.
  Therefore, BGP updates from eBGP peers are appended with a BGPsec attribute sequence that includes a public key hash and digital signature.
  Why other options are incorrect:

  • A. BGP updates from the iBGP peers are appended with a community of local-as: This is incorrect because local-AS community is typically used to prevent an AS from advertising routes learned from one of its internal peers back to external peers. It's related to controlling route propagation within an AS, not BGPsec.
  • B. BGP updates from the all BGP peers are appended with a community of no-export: no-export is used to prevent an AS from advertising the route to external peers, which doesn't relate to BGPsec's security functions.
  • C. BGP updates from the eBGP peers are appended with an additional AS path value that is statically set by the domain administrator: While manipulating the AS_PATH is possible, it is not a feature of BGPsec. BGPsec is using digital signatures instead.

  Citations:

  • BGPSEC Overview, https://datatracker.ietf.org/doc/html/rfc8205

• Question 6

  You are configuring MPLS traffic-engineering tunnels in the core. Which two ways exist for the tunnel path across the core? (Choose two.)
  

  • A. The dynamic path option is supported only with IS-IS.
  • B. Tunnels can be configured with dynamic path or explicitly defined path.
  • C. A zero bandwidth tunnel is not a valid option.
  • D. The bandwidth statement creates a ג€hardג€ reservation on the link.
  • E. Tunnel links inherit IGP metrics by default unless overridden.

  Correct Answer: BE

  Explanation:

  The AI assistant agrees with the suggested answer of BE.
  The reasoning is as follows:
  

  • B: Tunnels can be configured with dynamic path or explicitly defined path. MPLS TE tunnels offer the flexibility to establish paths either dynamically, relying on the routing protocol and constraints, or explicitly, by defining the exact path the tunnel should take. This is a fundamental aspect of MPLS TE.
  • E: Tunnel links inherit IGP metrics by default unless overridden. By default, MPLS TE tunnels inherit the metrics of the underlying IGP (OSPF, IS-IS). However, this behavior can be overridden to influence path selection based on TE requirements.

  The reasoning against the other options is:
  

  • A: The dynamic path option is supported only with IS-IS. This statement is incorrect. Dynamic path computation is supported by both IS-IS and OSPF.
  • C: A zero bandwidth tunnel is not a valid option. Zero bandwidth tunnels can be used for various purposes, such as path verification or standby tunnels.
  • D: The bandwidth statement creates a “hard” reservation on the link. While MPLS TE allows for bandwidth reservation, it doesn't guarantee a "hard" reservation in all scenarios. The actual bandwidth availability depends on various factors, including network congestion and configuration.

• Question 7

  Which configuration mode do you use to apply the mpls ldp graceful-restart command in IOS XE Software?
  

  • A. MPLS LDP neighbor
  • B. interface
  • C. MPLS
  • D. global

  Correct Answer: D

  Explanation:

  The AI agrees with the suggested answer, which is D (global).
  The command `mpls ldp graceful-restart` is a global configuration command used to enable graceful restart for LDP in Cisco IOS XE Software.
  The reference documentation confirms that this command is configured under the global configuration mode.

  Here's why the other options are incorrect:

  • A. MPLS LDP neighbor: While LDP neighbor configurations are important, graceful restart isn't configured on a per-neighbor basis.
  • B. interface: Interface configuration is for interface-specific parameters, not for global LDP graceful restart.
  • C. MPLS: This refers to the MPLS general configuration mode, but the graceful-restart command is not configured in this mode directly.

  Therefore, the global configuration mode is the correct context for applying the `mpls ldp graceful-restart` command.

  Suggested Answer: D

  Citations:

  • MPLS High Availability Configuration Guide, Cisco IOS XE Release 3S - MPLS LDP Graceful Restart, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_ha/configuration/xe-3s/mp-ha-xe-3s-book/mp-ldp-grace-rstrt.html

• Question 8

  After you analyze your network environment, you decide to implement a full separation model for Internet access and MPLS L3VPN services.
  For which reason do you make this decision?
  

  • A. It enables EGP and IGP to operate independently.
  • B. It enables you to choose whether to separate or centralize each individual service.
  • C. It is easier to manage a system in which services are mixed.
  • D. It requires only one edge router.

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer, which is B. It enables you to choose whether to separate or centralize each individual service.
  
  Reasoning:
  The question describes a scenario where a "full separation model" is implemented for Internet access and MPLS L3VPN services. The key reason for this decision is to provide flexibility in managing these services. Separating services allows for independent configuration and management, which is crucial for optimizing network performance, security, and scalability. A full separation model inherently gives the network operator the choice to either keep the services separate or, if needed, selectively centralize certain aspects based on specific requirements.
  
  Here's a more detailed breakdown:
  

  • Flexibility and Control: Separating Internet access and MPLS L3VPN services allows for granular control over routing policies, security measures, and quality of service (QoS) parameters. This level of control is essential for meeting the diverse requirements of these services.
  • Security: Separating these services enhances security by isolating potential threats. A compromise in one service is less likely to impact the other when they are fully separated.
  • Scalability: Independent management of services simplifies scaling. Each service can be scaled according to its specific demands without affecting the other.

  
  Reasons for not choosing other answers:
  

  • A. It enables EGP and IGP to operate independently: While it's true that EGP (like BGP) and IGP (like OSPF or ISIS) typically operate independently, this is a fundamental aspect of network design and not specifically the reason for choosing a full separation model for Internet access and MPLS L3VPN. EGP and IGP will operate independently regardless of whether these services are fully separated or not.
  • C. It is easier to manage a system in which services are mixed: This statement is generally incorrect. Mixed services often lead to increased complexity in management, troubleshooting, and security. Full separation is usually preferred for simplifying management and enhancing security, especially for distinct services like Internet access and MPLS L3VPN.
  • D. It requires only one edge router: A full separation model doesn't inherently imply the use of only one edge router. In fact, it might necessitate multiple edge routers or virtual routers to maintain the separation between services effectively. The number of edge routers depends on the specific network design and requirements.

  Citations:
  

  • MPLS Layer 3 VPNs: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/WAN_and_MAN/MPLS_L3VPN/MPLS-L3VPN_Book/MPLSV3.html
  • Understanding BGP Path Attributes: https://www.cisco.com/c/en/us/support/docs/routing/border-gateway-protocol-bgp/15137-path-attributes.html

• Question 9

  Which statement about the Cisco MPLS TE forwarding adjacency feature is true?
  

  • A. It enables the MPLS core to use EIGRP as the routing protocol.
  • B. It enables the Cisco MPLS TE tunnel to be advertised into the running IGP.
  • C. It enables the tailend router to advertise routes to the headend router over the tunnel.
  • D. It enables the headend and tailend routers to establish a bidirectional tunnel.

  Correct Answer: B

  Explanation:

  The AI agrees with the suggested answer.
  The correct answer is B: It enables the Cisco MPLS TE tunnel to be advertised into the running IGP.
  
  Reasoning:
  The MPLS Traffic Engineering (TE) Forwarding Adjacency feature allows a TE tunnel to be advertised as a link in the Interior Gateway Protocol (IGP). This is achieved by advertising the tunnel as a Type-Length-Value (TLV) 22 object in the IGP. This allows the IGP to consider the TE tunnel when calculating the shortest path, enabling traffic to be routed through the tunnel.
  
  Reasons for not choosing the other options:
  

  • A is incorrect because MPLS TE Forwarding Adjacency does not enable the MPLS core to use EIGRP as the routing protocol. The IGP is typically OSPF or IS-IS.
  • C is incorrect because while routes can be advertised over the tunnel, the primary function of forwarding adjacency is not to facilitate route advertisement from the tailend to the headend.
  • D is incorrect because forwarding adjacency does not, by itself, establish a bidirectional tunnel, though bidirectional tunnels are commonly used with it. The primary function is advertising the TE tunnel into the IGP.

  Citations:

  • MPLS Traffic Engineering Path Setup Configuration Guide, Cisco, https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/mp_te_path_setup/configuration/xe-16/mp-te-path-setup-xe-16-book/mpls-traffic-engineering-forwarding-adjacency.html

• Question 10

  While implementing TTL security, you issue the PE(config-router-af)#neighbor 2.2.2.2 ttl-security hops 2 command.
  After you issue this command, which BGP packets does the PE accept?
  

  • A. to 2.2.2.2, with a TTL of 2 or more
  • B. from 2.2.2.2, with a TTL of less than 2
  • C. to 2.2.2.2, with a TTL of less than 253
  • D. from 2.2.2.2, with a TTL of 253 or more

  Correct Answer: D

  Explanation:

  The AI concurs with the suggested answer, which is option D.
  
  The suggested answer is D: from 2.2.2.2, with a TTL of 253 or more.
  
  Reasoning:
  When configuring TTL security with the command `neighbor 2.2.2.2 ttl-security hops 2`, the router expects incoming BGP packets from the neighbor (2.2.2.2) to have a TTL value of 253 or greater. This is because the `hops` value specifies the number of hops away the neighbor is. The router subtracts the number of hops from the maximum TTL value (255) to determine the minimum acceptable TTL value. In this case, 255 - 2 = 253. Therefore, the PE router will only accept BGP packets from 2.2.2.2 if their TTL is 253 or more.
  
  Why other options are incorrect:

  • A: to 2.2.2.2, with a TTL of 2 or more - This is incorrect because the TTL value refers to the remaining TTL on *incoming* packets, *not* the TTL of packets sent *to* the neighbor. The security feature checks the TTL of packets received to ensure they haven't traversed too many hops.
  • B: from 2.2.2.2, with a TTL of less than 2 - This is incorrect because the TTL value is calculated as 255 - hops. With hops set to 2, the expected TTL is 255 - 2 = 253 or more. A TTL of less than 2 would indicate a very distant and likely illegitimate source.
  • C: to 2.2.2.2, with a TTL of less than 253 - This is incorrect for the same reason as A. The TTL security mechanism operates on *incoming* packet TTLs.

  Citations:

  • Understanding and Configuring IP TTL Security, https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/border-gateway-protocol-bgp/200638-Understanding-and-Configuring-IP-TTL-Sec.html