AR550 appears to be incorrect. With standard access-lists, you can only have source addresses.  So “access-list 1 permit any any” does not work and tries to resolve the second "any" through DNS. This leaves only one other possible correct answer.  If this conclusion is wrong then please explain.  

The answer is incorrect. 

The Correct answer should be:  "It was obtained directly from the next-hop server."

Here for Reference:
https://www.cisco.com/c/en/us/td/docs/io...-nhrp.html

Flag             Description
authoritative: The mapping was obtained directly from the next-hop router or server.
implicit: The mapping was obtained from an NHRP resolution request or packet.
local: The mapping is for networks that are local to the router.
nat: The remote device supports NHRP Network Address Translation (NAT) extensions.
negative: A mapping could not be obtained for negative caching.
(no socket): IP Security (IPSec) will not set up encryption, because data traffic does not require this tunnel.
registered: The mapping was created in response to an NHRP registration.
router: The mappings for a remote router are marked with the router flag.
unique: The mapping cannot be overwritten by a different NBMA entry with the same IP address.
used: Data packets are being process-switched for the given mapping.

The given Answer is wrong. 

The correct answer should be LDP uses SSO to recover from disruption in control plane service.

"Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) uses SSO, NSF, and graceful restart to allow a Route Processor (RP) to recover from disruption in control plane service (specifically, the LDP component) without losing its MPLS forwarding state."

https://www.cisco.com/c/en/us/td/docs/io...sfsso.html

The given Answer is wrong. It deny the route with tag 200 but this is the route R1 have to redistribute. The correct answer should be: 

R1(config)#route-map CCNP permit 10
R1(config-route-map)#match tag 200
R1(config-route-map)#exit
R1(config)#router ospf 10
R1(config-router)#redistribute eigrp 100 subnets route-map CCNP

Here the route with the tag 200 is the only one which will be redistributed. This will advertise the correct subnet.

EC302 has a bug in the question. The answer is marked incorrect. Even the answer that How2pass gives is barked incorrect.

I had done a searching in this link "https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/sec-vpn/b-security-vpn/m_ipv6-src-guard-xe.html" and it stands that Ipv6 source guard and Ipv6 Prefix list are Layer 2 snooping feaures and validate the source of the traffic.

But Ipv6 prefix list are not in the correct answers. Can you explain me why please ?

Believe you would "Resolve metric differences between the peers to calculate the valid K-value" They have already been configured and do not match as the log message shows K-value mismatch.

Question: Which action implements physical access control as part of the security program of a Organization? 

Answer should be : Setting up IP cameras to monitor key infrastructure

In the question with QID AR429, in my opinion, and others that i saw on internet, AS-OVERRIDE at the PE HUB is the best answer, once It is The PE HUB which will announce to the CE a prefix which contains the oher CE AS, which is the same. Can you verify this for me please ?

Thank you !

Good Morning! Is it possible to explain the answer of QID 412 ? I did Not understand the response.

Thansks!