1. you cant really configgure SSH service on a cisco device. You can configure SSH, you can allow it on the VTY Lines.  You can force it to user v1 or v2 but there is no command to configure it as a service.  If SSH was misconfigured you would not get a prompt for a password.


2. If Transport input SSH/ALL is not configured on the line, you will get connection refused.  Not a prompt for a password.

user@user-pc:~$ ssh admin@198.51.100.64
ssh: connect to host 198.51.100.64 port 22: Connection refused


3. If telnet was requiring local database with username/password for authenticaiton, it would prompt for a user name.

user@user-pc:~$ telnet 198.51.100.64
Trying 198.51.100.64
Connected to 198.51.100.64.
Escape character is '^]'.


User Access Verification

Username: admin
Password:
R1>


4. If the vty lines are not configured for local authentication, telnet will work because of the following config

line vty 0 4
login
password admin

SSH attempts will experience an authentication failure without login local configured on the vty lines.

R1#sh run | inc snmp
mmi snmp-timeout 180
R1#
R1#
R1#
R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#snmp-server community ccnp
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active



Adding the command, 'snmp-server host 172.16.4.4 ccnp' has no impact on the output of 'show snmp community'.  There is no way to tell from the question if the command is present.



R1(config)#snmp-server host 172.16.4.4 ccnp
R1(config)#
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active


The command snmp-server community ccnp 4 is present.  It requries the snmp server to only allow hosts permitted in access-list 4.


R1(config)#snmp-server community ccnp ?
  <1-99>      Std IP accesslist allowing access with this community string
  <1300-1999>  Expanded IP accesslist allowing access with this community
              string
  WORD        Access-list name
  ipv6        Specify IPv6 Named Access-List
  ro          Read-only access with this community string
  rw          Read-write access with this community string
  view        Restrict this community to a named MIB view
  <cr>

R1(config)#snmp-server community ccnp 4
R1(config)#
R1(config)#do sh snmp community

Community name: ILMI
Community Index: ILMI
Community SecurityName: ILMI
storage-type: read-only  active


Community name: ccnp
Community Index: ccnp
Community SecurityName: ccnp
storage-type: nonvolatile        active access-list: 4


R1(config)#

The questions in the practice test were exact.   3 out of the 4 Sims were also on the exam.  There was one Sim that almost tripped me up.   It is not in the practice test.  It references aaa authentication.   

Why is address-family ipv6 multicast the correct answer?

Shouldn't the correct answer be 

router bgp 65000
no bgp default ipv4-unicast
address-family ipv6 unicast
network 2001:db8::/64

Configuring R1 as a route reflector server  and configuring R4 as a client is not possible.

R1 does not have a neighbor relationship with R4, if it did we wouldn't have a  problem.

Since there is no neighbor relationship between R1 and R4, it is impossible to enter the command.

R1(config-router)# neighbor <R4> router-reflector-client

Where is the distribute list seq 10 rule? Do you mean route-map seq 10?

I believe this question is misworded.  Should be IPv6 DHCP Guard. I am unable to find any reference to IPv4 DHCP Guard.


https://www.examtopics.com/discussions/c...iscussion/

https://www.cisco.com/c/en/us/td/docs/io...-guard.pdf

Correct answer is to configure to permit TCP ports higher than 1023.

Passive FTP is an FTP mode that can be requested by a client to alleviate the issues caused by client-side firewalls. Both the server and the client must support passive FTP for this process to work. When passive FTP is used, the client will initiate the connection to the server. This process is effective because most firewalls allow inbound traffic from sessions initiated by the client.   A passive FTP connection follows the following process:

1. The client sends the PASV command to an FTP server on port 21. The source port is a random, high-numbered port. The destination port is 21.
   
2. The server responds with the PORT command. The port command specifies a random, high-numbered (ephemeral) port that the client can connect to.
   
3. The client initiates a connection to the server on this ephemeral port.
   
4. The server responds with an ACK. The FTP session has now been established
   

The command 'ip dhcp relay information enable' does not exist

service dhcp enables dhcp server AND RELAY AGENT

You cannot configure multiple vrfs on an ospf instance  you need a separate instance for each VRF.

If it was possible to configure multiple VRF's on an ospf instance,  using separate instances would not be wrong.

P2#sh run | section router
P2#
P2#
P2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
P2(config)#router ospf 10 vrf Site-A
P2(config-router)#
*Feb 24 07:16:28.883: %OSPF-4-NORTRID: OSPF process 10 failed to allocate unique router-id and cannot start
P2(config-router)#router-id 10.10.10.10
P2(config-router)#exit
P2(config)#
P2(config)#router ospf 10 vrf SharedSites
%VRF specified does not match existing router
P2(config)#
P2(config)#
P2(config)#
P2(config)#router ospf 20 vrf SharedSites
P2(config-router)#
*Feb 24 07:17:31.696: %OSPF-4-NORTRID: OSPF process 20 failed to allocate unique router-id and cannot start
P2(config-router)#router-id 20.20.20.20
P2(config-router)#exit
P2(config)#
P2(config)#