Home / Cisco CCNP Route 300-101 Drag and Drop Questions 2019

Cisco CCNP Route 300-101 Drag and Drop Questions 2019

Cisco CCNP Route drag and drop 2019

Here you can find all Drag and Drop questions for Cisco CCNP Route 300-101 exam. I have collected them all in one place, so you can practice lot easier. I added some new DnDs from forum. So lets start and good luck 🙂

  1. Drag and drop for adverse network conditions.


Excessive unicast flooding condition: caused by including a host port in STP
Out-of-order packets: potential result of disabling FIFO
TCP starvation: potential effect of excessive UDP traffic on link
Asymmetric routing: cause of inconsistent traffic patterns
Latency: condition in which packets require an excessive length of time to traverse a switch

2. Drag drop the correct descriptions on the right to the Frame Relay LMI extensions on the left.


+ Address registration – It allows neighboring Cisco devices to exchange management IP addresses
+ Global addressing – It enables the Frame Relay network to identify interfaces in the same manner as a LAN
+ Multicasting – It provides the most efficient transmission of routing protocol messages and supports address resolution
+ Simple flow control – It supports devices that are unable to use congestion notification
+ Virtual circuit status messages – It prevents data from being transmitted into black holes

3. Drag the descriptions on the left to the appropriate group on the right.



+ supports a local database for device access
+ supports encryption


+ specifies a user‘s specific access privileges
+ enforces time periods during which a user can access the device


+ not supported with local AAA
+ verifies network usage

4. Drag drop about AAA commands.


+ if authenticated – It allows the user to perform the requested function once authenticated
+ none – It instructs the network access server to proceed without requesting authorization information
+ local – It provides authorization for a limited set of functions only

+ krb5-instance – It uses a defined instance for authorization
+ group radius – It uses authorization information from a standards based server
+ group tacas+ – It uses authorization information stored as attribute value pair in a Cisco proprietary server

5. Refer to the exhibit. You are configuring the R1 Serial0 interface for a multipoint connection. Drag and drop the required configuration statements from the left onto the corresponding locations from the diagram on the right.


interface Ethernet0
ip address

interface Serial0

! Serial interface config
no ip address
encapsulation frame-relay frame-relay lmi-type ansi

! subinterface config

interface Serial0.1 multipoint

ip address

frame-relay map ip 100 broadcast

6. Drag and drop the GRE features from the left onto the correct description on the right.


+ mGRE: technology that supports dynamic tunnel endpoints
+ IPSec: encryption protocol used to source tunnels
+ Keepalive: technology that prevents one side of the tunnel from going down while the other stays up
+ Tunnel Key: clear-text password that confirms the peer connection
+ MSS: configurable value that prevents an interface from sending packets that are too large for the tunnel

7. Drag and drop the AAA features from the left onto the correct description on the right.


+ Authentication: challenge and response operation
+ Accounting: feature that logs network usage
+ TACACS+: authentication method that uses TCP
+ RADIUS: authentication method that uses UDP
+ Authorization: controls specific access privileges of a user

8. Drag and drop each statement about uRPF on the left to the correct uRPF mode on the right.


Loose Modes:

+ It supports using the default route as a route reference
+ It requires the source address to be routable

Strict Modes:

+ It can drop legitimate traffic
+ It permits only packets that are received on the same interface as the exit interface for the destination address

9. Refer to the exhibit. You are configuring the R1 Serial0 interface for a point-to-point connection. Drag and drop the required configuration statements from the left onto the correct locations from the diagram on the right. Not all commands are used.


A – no ip address
B – interface serial0.1 point-to-point
C – frame-relay interface-dlci 100 ppp virtual-template1
D – ppp authentication chap

10. Drag and drop the statements from the left onto the correct IPv6 router security features on the right.


IPv6 Traffic Filter

+ It filters traffic on the interface level
+ It supports tagged ACLs

IPv6 Access Classes

+ It controls traffic to and from the router
+ It requires the destination address for inbound traffic to be a local address
+ It filters management traffic

11. Drag and drop the statements about device security from the left onto the correct description on the right


+ It protects the device against DoS attacks
+ It supports packet forwarding by reducing the load on the device
+ It uses QoS to limit the load on the device


+ It designates the permitted management interfaces on the device
+ It is enabled only when an interface is configured
+ It requires only a single command to configure

12. Drag and drop the correct description on the right onto the corresponding ACL types on the left.


+ Dynamic: ACL that uses Telnet for Authentication
+ Extended: ACL type that should be placed closest to the traffic source
+ Reflexive: ACL that must be defined with a named ACL
+ Standard: ACL numbered from 1300 through 1999
+ Time-based: ACL that applied to traffic only during specifically defined periods

13. Drag and drop the steps in the NAT process for IPv4-initiated packers from the left into the correct sequence on the right.


Step 1: The packet is routed to an NVI
Step 2: The packet is assigned a dynamic or static binding
Step 3: The IPV4 source address is translated to IPv6
Step 4: The translation information is used to create a session

14. Drag the items on the left to the proper locations on the right.


+ network-specific stateful NAT64 prefix: IPv6 prefix assigned by an organization
+ NAT64 : supports application layer gateway
+ NPTv6 : translates 2001:1::/64 to 2001:2::/64
+ well-known stateful NAT64 prefix: supports IPv6 prefix 64:FF9B::/96

15. Drag and drop the statements about NAT64 from the left onto the correct NAT64 types on the right.



+ It supports FTP64 for ALG
+ It supports PAT and overload
+ It allows IPv6 systems to use any type of IPv6 address


+ ALG is not supported
+ It supports one-to-one mapping only
+ It requires IPv6 systems to use RFC6052 IPv4-translatable addresses

16. Drag and drop the DMVPN components from the left onto the correct descriptions on the right.


hub – device that acts as the next-hop server
spoke – device that is usually identified with a dynamic address
mGRE – technology that allows one interface to support multiple tunnels NHRP – protocol that allows spokes to communicate directly with one another



The question regarding the new DHCP DnD:

ip dhcp relay information option –>automatically add the circuit identifier suboption and the remote ID suboption
ip dhcp relay information check –>check that the relay agent information option in forwarded BOOTREPLY messages is valid
ip dhcp relay informatiwon policy–>Configures the reforwarding policy for a DHCP relay agent
ip dhcp relay information subscriber-id–>enable an ISP to add a unique identifier
ip dhcp relay information trusted-sources–>configures interfaces on a router as trusted sources
ip dhcp relay information–> configured in global configuration mode applies to all interfaces


+ Use Network-specific prefix
+ Modify session during translation
+ Modify IP header in transit
+ Map one IPv6 address prefix to another IPv6 prefix


+ OpenSent: wait for an OPEN message
+ OpenConfirm: wait for a KEEPALIVE or NOTIFICATION message
+ Established: UPDATE, NOTIFICATION and KEEPALIVE messages are exchanged with peers
+ Idle: refuse connections
+ Active: listen for and accept connection
+ Connect: wait for the connection to be completed


+ Target 1: When the LCP phase is complete and CHAP is negotiated between both devices, the authenticator sends a challenge message to the peer
+ Target 2: The peer responds with a value calculated through a one-way hash function (MD5)
+ Target 3: The authenticator checks the response against its own calculation of the expected hash value if the values match the authentication is successful. Otherwise, the connection is terminated


+ SVC: A circuit that provides temporary on-demand connections between DTEs
+ LMI: A signaling mechanism for Frame Relay devices
+ DLCI: A locally significant ID
+ FECN: An indicator edof congestion on the network
+ PVC: A logical connection comprising two endpoints and a CIR

NEW FROM FORUM January 10th, 2019

New “AAA Accounting” drag & drop:


1. Auth-proxy: It returns information about hosts using proxy service
2. Commands: It returns information about individual EXEC commands and permissions associated with a privilege level.
3. Connection: It returns information about outbound communications from the network access server
4. Exec: It returns information about user EXEC terminal sessions with the network access server
5. Network: It returns information about SLIP, PPP and ARA sessions.
6. Resources: It returns information about calls that have passed and failed user authentication

Scroll To Top