Cisco 350-501 Exam Dumps & Practice Test Questions

Question 1:

Given a network design where routers P3 and PE4 act as Area Border Routers (ABRs) positioned at the edge of a service provider core, with distinct aggregation areas on each side, which statement best describes the requirement for achieving seamless MPLS connectivity across these areas?

A. BGP route reflectors must be turned off to support seamless MPLS.
B. For each area with its own IGP, BGP must establish a complete MPLS LSP across the network.
C. If separate IGPs are used per area, ABR routers must redistribute IGP routes into BGP.
D. Seamless MPLS requires the use of TDP as the label distribution method.

Correct Answer: C

Explanation:

In service provider environments that rely on MPLS for traffic forwarding, it's common to divide the network into multiple IGP areas to maintain scalability. In such architectures, routers like P3 and PE4, which sit between these areas, function as ABRs and play a crucial role in facilitating cross-area routing.

When each area runs its own IGP, a consistent end-to-end routing and label distribution mechanism must be in place to ensure uninterrupted MPLS functionality. This is where BGP comes in. To enable seamless MPLS across different IGP domains, ABRs need to redistribute the routing information they receive from their local IGPs into BGP. This redistribution allows BGP to advertise the prefixes and associated MPLS label information across the network, beyond the confines of individual IGP areas.

Now let’s evaluate each option:

• A is incorrect because BGP route reflectors are designed to optimize route distribution and reduce the number of peerings in large-scale BGP deployments. They do not inherently conflict with seamless MPLS operations. In fact, many networks successfully use BGP route reflectors alongside MPLS.

• B implies that BGP directly creates MPLS LSPs, which is a misconception. While BGP distributes reachability information and can carry label information via extensions like BGP-LU (Label Unicast), the actual establishment of LSPs is handled by label distribution protocols like LDP or RSVP-TE.

• C is correct. ABRs must redistribute IGP routes into BGP to ensure those routes are visible and reachable across the MPLS backbone. This process enables BGP to carry the route information and distribute MPLS labels across multiple IGP domains, thereby achieving seamless MPLS.

• D is outdated. TDP (Tag Distribution Protocol) is an older protocol superseded by LDP in most modern MPLS networks. Seamless MPLS can function with either LDP or RSVP-TE; TDP is not a requirement.

Therefore, for seamless MPLS to function across multiple IGP domains, route redistribution into BGP at ABRs like P3 and PE4 is essential.

Question 2:

In EVPN-based networks, which of the following elements best corresponds in function to an EVPN instance?

A. Router Distinguisher
B. MPLS Label
C. IGP Router ID
D. Virtual Routing and Forwarding (VRF)

Correct Answer: D

Explanation:

EVPN (Ethernet VPN) is a modern and scalable control plane mechanism for Ethernet services, used in data center interconnects and provider networks. EVPN uses BGP as its control plane to distribute Layer 2 and Layer 3 reachability and supports advanced capabilities like MAC mobility, multi-homing, and integrated routing and bridging (IRB).

At the heart of EVPN is the concept of “instances” that isolate network segments, tenants, or services, similar to how VRFs function in traditional MPLS VPN architectures. A Virtual Routing and Forwarding (VRF) instance is a logical separation of routing tables, enabling the coexistence of multiple customer or tenant networks over the same physical infrastructure.

Let’s analyze the options:

• A: Router Distinguisher
  A Router Distinguisher (RD) is used in MPLS VPNs to create unique VPNv4 or VPNv6 prefixes. While RDs help identify different VPN routes within BGP, they don’t represent the actual forwarding instances. They enable multiple identical IP addresses to exist across VPNs but do not provide the forwarding context themselves.

• B: MPLS Label
  MPLS labels are used to identify forwarding equivalence classes (FECs) and direct packets through LSPs. They are essential to MPLS forwarding but are transient and stateless, unlike EVPN instances which maintain persistent state and configuration per tenant or service.

• C: IGP Router ID
  The IGP Router ID identifies a router in OSPF or IS-IS domains. It is purely related to control plane identity within a single IGP domain and does not play any role in defining forwarding or virtualized instances across a network.

• D: VRF (Virtual Routing and Forwarding)
  This is the correct choice. Like EVPN instances, VRFs enable multiple isolated routing domains on a single device. EVPN instances mirror VRFs in functionality—they segment traffic, maintain tenant isolation, and provide separate control and forwarding contexts. In EVPN, each service instance (e.g., a tenant’s Layer 2 or Layer 3 domain) maps to a VRF, making VRF the closest conceptual equivalent.

In conclusion, EVPN instances serve as the logical containers for traffic separation and tenant-specific services, much like VRFs in MPLS VPNs. Therefore, the most accurate comparison is with VRFs.

Question 3:

What is the primary reason why Cisco MPLS Traffic Engineering (TE) tunnels depend on a link-state routing protocol?

A. The link-state database supports network area segmentation, improving the efficiency of path selection.
B. The database provides a dynamic pool of source IDs for tunnel endpoint selection.
C. Link-state protocols apply SPF algorithms that tunnel endpoints use to initiate tunnels.
D. Tunnel endpoints utilize the complete topology from the link-state database to determine the optimal path.

Correct Answer: D

Explanation:

Cisco MPLS Traffic Engineering (TE) relies on creating optimal, explicitly routed Label Switched Paths (LSPs) to manage network traffic effectively. To accomplish this, routers need an accurate, comprehensive view of the entire network topology—this is precisely what link-state routing protocols offer.

Link-state routing protocols like OSPF and IS-IS construct and maintain a Link-State Database (LSDB), which stores detailed information about all routers and links in the network, including metrics such as bandwidth, delay, and administrative cost. This data is critical for MPLS TE because it enables constraint-based path computation, where traffic paths are determined not only based on distance but also on factors such as available bandwidth and policy constraints.

When an MPLS TE tunnel is established, the ingress router (tunnel headend) needs to compute the most efficient path to the egress router while satisfying constraints such as minimum bandwidth. To do this accurately, it must evaluate all possible paths within the network, which is only feasible if it has access to a full and updated topology map—provided by the link-state database. Thus, the LSDB is essential in ensuring tunnels are set up along the most optimal, non-congested, and policy-compliant routes.

Option D correctly identifies this by emphasizing that tunnel endpoints use the LSDB to assess the network topology and make intelligent routing decisions.

In contrast:

• A discusses OSPF area segmentation, which is relevant for scalability but doesn't play a direct role in MPLS TE path selection.

• B incorrectly states that the database is used for selecting dynamic source IDs, which is not how MPLS TE works—tunnel endpoints are manually configured.

• C oversimplifies by focusing on SPF usage. While SPF is involved in computing paths, it's the LSDB's complete view of the topology, not just SPF, that enables precise tunnel setup.

Ultimately, without a link-state protocol providing real-time topological awareness, MPLS TE would not be able to compute constraint-based LSPs efficiently, which would severely limit its effectiveness in managing traffic flows and ensuring service-level agreements.

Question 4:

Given that BGPsec is active on routers R1 through R4 and BGP peerings are established between external autonomous systems, what accurately describes how BGPsec modifies eBGP update messages?

A. Updates from iBGP peers automatically include a local-as community attribute.
B. Updates from any BGP peer include a no-export community to restrict propagation.
C. Updates from eBGP peers include an AS path manually inserted by the administrator.
D. Updates from eBGP peers contain a BGPsec attribute with a public key hash and a digital signature.

Correct Answer: D

Explanation:

BGPsec is an advanced security extension to the Border Gateway Protocol (BGP), designed to ensure the integrity and authenticity of routing updates as they propagate between autonomous systems (ASes). One of the primary vulnerabilities of standard BGP is its susceptibility to path manipulation attacks like prefix hijacking or AS path spoofing. BGPsec addresses these issues using cryptographic verification mechanisms.

When BGPsec is enabled, it introduces a new attribute called the "BGPsec_Path" into BGP UPDATE messages. This attribute contains two crucial elements: a public key hash and a digital signature. Each AS that forwards the route signs the update using its private key. These signatures are chained such that each AS along the path adds its own cryptographic proof. Routers that receive the update can then validate these signatures using the public keys stored in a centralized Public Key Infrastructure (PKI).

This cryptographic chain allows routers to verify that the AS path included in the BGP update is authentic and has not been tampered with. This is particularly important in inter-domain routing, where trust between administrative domains is limited.

Option D correctly identifies this behavior by stating that BGP updates from eBGP peers include a BGPsec attribute with a public key hash and a digital signature, accurately reflecting the protocol’s security mechanisms.

On the other hand:

• A refers to the local-as community, which is unrelated to BGPsec. Communities in BGP are policy tools, not security features.

• B references the no-export community, which is used to control route propagation within BGP but does not have any connection with BGPsec's cryptographic validation.

• C mentions statically set AS paths, which contradicts how BGPsec functions. In BGPsec, AS paths are built dynamically with cryptographic verification, not by manual configuration.

In conclusion, BGPsec enhances BGP security by appending verifiable digital signatures to route announcements. These additions help mitigate risks like route hijacking, providing a more secure and trustworthy inter-AS routing environment. This cryptographic approach is what differentiates BGPsec from traditional BGP implementations.

Question 5:

A network engineer is setting up MPLS Traffic Engineering (MPLS-TE) tunnels in the service provider’s core network to optimize traffic distribution and ensure bandwidth reservations. 

What are two valid characteristics of the tunnel path configuration options available for MPLS-TE? (Choose two.)

A) The dynamic path option is supported only when using IS-IS as the IGP
B) Tunnel paths can either be dynamically calculated or explicitly defined by the administrator
C) A tunnel configured with zero bandwidth is not considered a valid or functional option
D) The bandwidth command on a tunnel interface causes a strict (hard) reservation of bandwidth resources on each link
E) By default, tunnel interfaces inherit IGP link metrics unless these metrics are manually overridden

Correct Answers: B and E

Explanation:

MPLS Traffic Engineering (MPLS-TE) is designed to provide optimal traffic distribution across a service provider’s MPLS core, particularly when the shortest IGP path is not necessarily the most efficient or suitable. Tunnel path configuration is a key component of MPLS-TE, and network administrators have two primary methods for defining these paths: explicit and dynamic.

1. Dynamic Path Computation (Answer B):
   MPLS-TE supports dynamic path computation using the Constraint-Based Shortest Path First (CSPF) algorithm. CSPF considers multiple constraints such as available bandwidth, administrative link colors (affinities), and explicit exclusions when calculating a tunnel’s path through the network. These paths are automatically calculated by the headend router and can adapt when the network topology changes. The dynamic approach is supported by both OSPF and IS-IS as IGPs, which directly invalidates Option A. Therefore, Option B is correct because both dynamic and explicitly defined paths are valid and commonly used.

2. Explicit Path Configuration (also validates B):
   Administrators can manually specify a tunnel’s route using an explicit path, which includes a list of strict or loose hops (IP addresses of routers or links). This method is beneficial for deterministic routing but increases administrative overhead, especially in large, dynamic networks.

3. Metric Inheritance (Answer E):
   By default, the IGP cost associated with the underlying links is used when computing metrics for MPLS-TE tunnels. This means tunnel interfaces inherit IGP link metrics, making path selection predictable unless manually modified. This validates Option E as correct.

4. Zero Bandwidth Tunnels (Invalidates C):
   Tunnels can be configured with zero bandwidth, and they remain fully operational. This is particularly useful when administrators want to leverage MPLS-TE features such as Fast Reroute (FRR) or manual traffic engineering without consuming RSVP-signaled bandwidth. Therefore, Option C is incorrect.

5. Bandwidth Reservation Behavior (Invalidates D):
   Using the bandwidth command on a TE tunnel doesn’t cause an immediate or hard reservation. Instead, it signals to RSVP-TE the amount of bandwidth the tunnel desires. If sufficient resources are available across the computed path, RSVP attempts to reserve them. If not, the tunnel may fail to establish or operate without guarantees, depending on configuration. Thus, Option D is incorrect, as the bandwidth reservation is soft and conditional, not hard or static.

In summary, the correct answers are B and E because MPLS-TE supports both dynamic and explicit path definition, and tunnel metrics are inherited from the IGP unless overridden.

Question 6:

Which of the following technologies enables fast convergence in an MPLS network by precomputing backup paths?

A. OSPF
B. LDP
C. BFD
D. MPLS TE Fast Reroute

Correct Answer: D

Explanation:

In a service provider environment, high availability and fast convergence are essential to maintain service level agreements (SLAs). One of the technologies designed to minimize packet loss during link or node failures is MPLS Traffic Engineering (TE) Fast Reroute (FRR).

MPLS TE FRR allows for precomputed backup Label Switched Paths (LSPs) that traffic can be immediately redirected to if a failure occurs. The key benefit of FRR is that the backup path is calculated before a failure, so there’s no waiting for IGP reconvergence or re-signaling of LSPs. This provides sub-50 millisecond failover times, which is a common target in carrier-grade networks.

Let’s evaluate the incorrect options:

• A (OSPF) is an IGP used to compute routing tables. While OSPF convergence can be optimized, it typically does not achieve sub-50ms recovery by itself, especially in large networks.

• B (LDP) is the Label Distribution Protocol used to assign labels in an MPLS network, but it doesn’t provide rapid failover or backup path mechanisms on its own.

• C (BFD) or Bidirectional Forwarding Detection is a lightweight protocol used to detect path failures rapidly, but it doesn't provide traffic rerouting. Instead, it works in conjunction with protocols like OSPF or IS-IS to trigger reconvergence more quickly.

MPLS TE FRR works by defining a primary LSP and one or more backup LSPs. If a link or node fails, the traffic is locally repaired using the backup path. This is critical in environments where real-time applications such as VoIP, video conferencing, or financial transactions require minimal disruption.

Understanding MPLS TE FRR is vital for the Cisco 350-501 exam, as it tests your ability to design and troubleshoot resilient and scalable MPLS networks—a fundamental responsibility of a service provider engineer.

Question 7:

Which BGP attribute is used to influence the outbound traffic path selection for a specific AS?

A. MED
B. Local Preference
C. AS Path
D. Origin

Correct Answer: B

Explanation:

The Local Preference BGP attribute is used within an Autonomous System (AS) to influence the outbound routing path. It is a well-known, discretionary attribute that tells routers which path to prefer when forwarding traffic to a destination. A higher local preference value is preferred over a lower one.

For example, if a service provider receives routes from two upstream providers, it can assign a higher local preference to routes learned from the preferred provider. This way, all routers within the AS will prefer sending outbound traffic via that provider.

Let’s look at the other options:

• A (MED) or Multi-Exit Discriminator is used to influence inbound traffic coming into an AS, specifically when multiple links exist between two ASes. It signals to the neighboring AS which link to prefer.

• C (AS Path) is used primarily for loop prevention and path selection by preferring shorter paths. It influences inbound routing more than outbound.

• D (Origin) is a tiebreaker attribute used when all other attributes are equal. It doesn’t offer strong outbound traffic control and is rarely manipulated in modern networks.

Local Preference is critical because it is propagated throughout the AS. For instance, if a router in AS 65000 receives a prefix from two providers—one with a local preference of 100 and the other with 200—all routers in AS 65000 will choose the path with local preference 200 for outgoing traffic.

In the context of the Cisco 350-501 exam, understanding BGP attributes and their impact on routing decisions is essential. Candidates must know how to influence routing behavior using tools like route maps, prefix lists, and BGP policy constructs. Mastery of Local Preference helps ensure optimal outbound traffic engineering in large-scale networks where performance, redundancy, and cost are all considerations.

Question 8:

Which routing protocol is most commonly used in service provider networks for internal routing due to its scalability and support for multiple instances?

A) EIGRP
B) OSPF
C) IS-IS
D) BGP

Correct Answer: C

Explanation:

IS-IS (Intermediate System to Intermediate System) is often the preferred interior gateway protocol (IGP) in service provider networks due to its scalability, robustness, and ability to support multiple topology instances, such as IPv4 and IPv6, within the same routing domain. One key advantage of IS-IS is that it operates directly on Layer 2 (Data Link Layer) without requiring IP configuration, making it protocol-independent and well-suited for large and complex environments.

Unlike OSPF, which is more common in enterprise networks, IS-IS has better support for traffic engineering and MPLS integration. It also has fewer restrictions related to area design and supports faster convergence in large-scale topologies. Service providers appreciate the flexibility IS-IS offers, especially in non-contiguous backbone areas and when running dual-stack IPv4/IPv6 networks.

Let’s examine the other options:

• A) EIGRP is a Cisco proprietary protocol and generally not favored in multi-vendor or large-scale service provider environments.

• B) OSPF is widely used in enterprise environments but lacks the scalability and protocol independence of IS-IS.

• D) BGP is used for external routing (EGP), not as an internal protocol. Though it’s crucial for service providers, it handles inter-domain routing between autonomous systems.

Therefore, IS-IS is the ideal choice for internal routing in SP environments.

Question 9:

Which MPLS label distribution protocol has been largely deprecated in favor of Segment Routing in modern service provider networks?

A) RSVP
B) LDP
C) MP-BGP
D) IS-IS

Correct Answer: B

Explanation:

LDP (Label Distribution Protocol) has traditionally been the primary protocol for distributing MPLS labels in service provider networks. It automates the mapping of labels to routes and enables label-switched paths (LSPs) to be created across a network. However, with the evolution of networking and the increasing demand for simplified operations, traffic engineering, and scalability, many modern service providers are transitioning toward Segment Routing (SR) as a replacement for LDP.

Segment Routing eliminates the need for LDP by allowing routers to use IGP extensions (such as IS-IS or OSPF) to distribute labels (called Segment Identifiers or SIDs). This simplifies the control plane, reduces protocol overhead, and provides better integration with SDN (Software Defined Networking) architectures.

Let’s evaluate the other options:

• A) RSVP (Resource Reservation Protocol) is used for explicit path control and bandwidth reservation in MPLS-TE, but not for general label distribution.

• C) MP-BGP (Multiprotocol BGP) is used for distributing VPN labels and reachability in MPLS Layer 3 VPNs, not for LSP creation in the core.

• D) IS-IS is an IGP used to carry reachability information; it doesn't handle label distribution unless it's part of a Segment Routing setup.

As more networks adopt Segment Routing, LDP is being phased out, making B the correct answer.

Question 10:

In a service provider core network using MPLS, which mechanism is responsible for carrying customer traffic across provider routers without exposing customer routing information to the core?

A) VRF
B) GRE
C) Label Switching
D) NAT

Correct Answer: C

Explanation:

Label Switching is the fundamental mechanism behind MPLS (Multiprotocol Label Switching) and is crucial for efficiently transporting customer traffic across the service provider core without exposing customer routes. When a packet enters the MPLS network, it is assigned a label based on its destination or service, and this label is used by MPLS routers (LSRs - Label Switching Routers) to forward the packet through the network without performing complex IP lookups at every hop.

This process provides several benefits:

• Separation of customer and core routing: Since MPLS uses labels to forward traffic, customer routing information is not needed in the provider's core. This enhances scalability and security.

• Traffic Engineering: MPLS allows for explicit path control and quality-of-service guarantees.

• Support for VPNs: Technologies like MPLS Layer 3 VPNs rely on label switching to separate customer traffic securely across shared infrastructure.

Now let’s analyze the distractors:

• A) VRF (Virtual Routing and Forwarding) is a mechanism used at the edge of the network to segregate routing tables per customer, but it does not carry traffic across the core.

• B) GRE (Generic Routing Encapsulation) is a tunneling protocol often used in conjunction with VPNs, but not a core part of MPLS.
  
  

• D) NAT (Network Address Translation) is used to map private IP addresses to public ones, typically at network edges, and is not related to MPLS forwarding.

Therefore, Label Switching is the key component that allows MPLS to transport customer traffic across the provider core without leaking customer routing details, making C the correct answer.