ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-410 All Questions

View all questions & answers for the 300-410 exam
Go to Exam

Exam 300-410 topic 1 question 591 discussion

Actual exam question from Cisco's 300-410
Question #: 591
Topic #: 1
[All 300-410 Questions]



Refer to the exhibit. An engineer configures router A to mark all inside to outside traffic from network 192.168.1.0. except from host 192.168.1.1. with critical IP precedence. The policy did not work as expected. Which configuration resolves the issue?

  • A.
  • B.
  • C.
  • D.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by NZhang at May 5, 2024, 2:16 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
NZhang
Highly Voted 1 year, 3 months ago
Selected Answer: D
D is correct.Other hosts in 192.168.1.0/24 also need to be marked with critical IP precedence. Route-map CCNP permit 20 is not required, as the unmatched traffic will do the normal RIB lookup.
upvoted 11 times
dapardo
1 year, 2 months ago
Agree its D
upvoted 3 times
...
...
Coffee_bean_master
Highly Voted 1 year, 2 months ago
Selected Answer: D
No need to add a route-map with sequence 20 as the "permit any any" will capture the rest of the traffic that needs to be marked critical.
upvoted 7 times
...
tsamoko
Most Recent 11 months, 1 week ago
Actually , either is a typo , or every answer is wrong. How can a number standard access-list has "permit any any"? . This is invalid. So if is a typo and the access list number is 100 ( extended) the other command is wrong . "access-list 1 deny host 192.168.1.1" it should have been " access-list 100 deny ip host 192.168.1.1 any" . So in the END every answer is wrong . If we smoke something before the exams we should put the D :D
upvoted 2 times
...
Pietjeplukgeluk
1 year, 1 month ago
Selected Answer: C
I do not agree with D as that will not allow traffic with 192.168.1.1 to be routed. That will be blocked with an implicit deny at the end of the route map. Correct one is C
upvoted 1 times
Pietjeplukgeluk
1 year, 1 month ago
Correction, I agree with B or D being "almost correct" but they are both still WRONG. D will DROP traffic for 192.168.1.1 as the “route-map” has an implicit deny at the end. This is not what the question intended, it required “route-map CCNP permit 20” to be added to be OK. B is almost OK, but lacks a “access-list 1 permit any any” at the end of the ACL. Again, as far as i can see, there are no 100% OK answer. I Think B is best, but still it will not work as the acl is incomplete.
upvoted 1 times
bk989
11 months, 2 weeks ago
parse the language carefully:An engineer configures router A to mark all inside to outside traffic from network 192.168.1.0. except from host 192.168.1.1. with critical IP precedence All inside traffic except 192.168.1.1 needs ip precedence critical A: Achieves this, but has a redundant route-map 20 B:No route is marked with precedence critical C: this is a deny statement in route-map 10: route-map 20 permits the rest without marking D: route-map 10 sets ip precedence to critical for all traffic but 192.168.1.1 Although 192.168.1.1 is not forwarded using policy based routing, it may be forwarded with the standard routing table A achieves same thing as D but has an extra not needed route-map 20
upvoted 1 times
...
Pietjeplukgeluk
1 year, 1 month ago
C has an incorrect deny in the first route-map entry, so is also wrong.
upvoted 1 times
bk989
1 year ago
this is policy based routing. This means the 192.168.1.1 is not policy routed, but normal routed. It is not ddropped. The answer is D. Answer C denies everything in sequence 10, so nothing is tagged with a precedence. Sequence 20 permits everything unmarked with dscp. So C is wrong. Same with answer B. Everything is denied in seq 10 so nothing is marked with DSCP, yet sequence 20 allows all routes to be policy routed. Since we need to mark something, B is wrong. In answer A --> First 192.168.1.1 is denied. All other routes are marked with dscp critical. Since it is denied (and not matched at all in sequence 10), it is actually matched in sequence 20. So 192.168.1.1 is marked with dscp. So answer A is wrong.
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel