CCDP_Arch_300-320_by_Gon_June_2018_173Q Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 CCDP_Arch_300-320_by_Gon_June_2018_170Q Number: 300-320 Passing Score: 860 Time Limit: 120 min File Version: 1.6 CCDP_ARCH_300-320_by_Pentacis_May_2018 This ls the latest updated collection gathered Starting By Veteran , Antoni , Mr.x, Pentacis, Crossbar and Madox, Baldasar, Gutsy, Red-dot... Every thing here is updated , corrected , and non-duplicated by June 2018 Exam A Sections 1. (none)
QUESTION 1 A network designer needs to explain the advantages advantages of route summarization to a client. Which two options are advantages that should be included in the explanation? (Choose two) A. B. C. D. E.
Increases security by advertising fake networks Reduce Reduces s routin routing g table table size size Advertises Advertises detailed detailed routing routing tables tables Utilizes Utilizes the the routers routers full CPU capacit capacity y Reduces Reduces the upstream upstream impact of a flapping flapping interface interface :
Correct Answer: BE Section: (none) Explanation Explanation/Reference: Correct Answer: BE Section: (none) Explanation Explanation/Reference QUESTION 2 What is the next action tak en by the Cisco NAC Appliance after it identifies vulnerability on a client device? A. B. C. D.
Denies the client network network resource access Repair Repairs s the effec effected ted devi devices ces Genera Generates tes a Syslo Syslog g message message Permits the client client but but limits limits to guest access access
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: @Zoltan From Cisco doc : NAC Appliance enforces security policies by blocking, isolating, and repairing noncompliant machines. =>(Order) Blocking > Isolating > Repairing QUESTION 3 Which of the following facts must be considered when designing for IP telephony within an Enterprise Campus network? A. Because the IP phone is a three-port switch, IP telephony telephony extends the network network edge, impacting the Distribution layer. B. Video and voice are alike in being bursty and bandwidth bandwidth intensive, and thus impose requirements to be lossless, and have minimized delay and jitter. C. IP phones have no voice and data data VLAN separation, so security policies policies must be based on upper upper layer traffic characteristics. D. Though multi-VLAN access ports are set to Dot1Q and carry more than two VLANs they are not trunk ports.
Correct Answer: A Answer: A
Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: @crossbar "The multi-VLAN access ports are not trunk ports, even though the hardware is set to the dot1q trunk. The hardware setting is used to carry more than one VLAN, but the port is still considered an access port that is able to carry one native VLAN and the auxiliary VLAN." => not more than two QUESTION 4 Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology? (Choose two) A. B. C. D. E.
redundancy bandw andwiidth dth cost delay hops
Correct Answer: BD Section: (none) Explanation Explanation/Reference: Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 5 An engineer must add a new firewall in front of the public web server infrastructure in an ACI network. network. Which ACI function is used to accomplish this requirement? A. B. C. D.
Application Network Profile Serv Servic ice e chai chaini ning ng Stat Static ic bin bindi ding ng Layer Layer 4-7 servic services es
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 6 A customer is discussing QoS requirements with a network consultant. The customer has specified that end-to- end path verification is a requirement. Which QoS architecture is most appropriate for the requested design? A. marking traffic at the access layer with DSCP to support the traffic flow
B. marking traffic traffic at the access access layer layer with CoS CoS to support the the traffic flow flow C. RSTP mdoel mdoel with PHB to support support the the traffic flows flows D. IntServ IntServ model with with RSVP RSVP to support support the traffic traffic flows flows
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 7 Which two options are characteristics of bidirectional PIM? (Choose two) A. B. C. D. E.
A registration process is required It is ideal ideal for many-to-many many-to-many host applic application ations s The creation creation of a source source tree is is required required A designate designated d forwarder forwarder is not not required required It enables enables scalabil scalability ity with a large number number of sources sources
Correct Answer: BE Section: (none) Explanation Explanation/Reference: Correct Answer: BE Section: (none) Explanation Explanation/Reference: QUESTION 8 One-to-one ratio mapping for access switches close to servers? A. B. C. D.
ToR EoR CoR Z oR
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 9 A network engineer must use an Internet connection to provide provide backup connectivity between between two sites. The backup must be encrypted and support multicast. Which technology must be used? A. DMVPN B. GRE GRE ove overr IPSe IPSec c
C. IPSec IPSec direct direct encapsu encapsulat lation ion D. GETVP TVPN
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 10 Which VPN connectivity representing both Hub-and-Spokes and Spokes-to- Spokes? A. B. C. D.
DMVPN IPSe IPSec c VPN VPN VPN VPN Rout Router er VPN Hub
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 11 A network consultant is designing an Internet Edge solution and is providing providing the details around the flow supporting a local Internet Proxy. How is on-prem ises web filtering supported? A. B. C. D.
A Cisco ASA redirects HTTP and HTTPS traffic to the W SA using WCCP A Cisco ASA ASA uses an IPS IPS module to inspect inspect HTTP and and HTTPS traffic traffic A Cisco ASA ASA redirects redirects HTTPS and HTTPS traffic traffic to CWS with a Web Security Connector Connector A Cisco ASA connects connects to the web Security Security Applian Appliance ce via TLS to monitor HTTP and HTTPS traffic traffic
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 12 What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration? A. B. C. D.
IPX Micro Microso soft ft NetB NetBIO IOS S IPv6 IPv4
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 13 A network engineer must perform posture assessments on Cisco ASA remote access VPN clients and control their network access based on the results. What mode is the Cisco best practice NAC deployment design for this situation? A. B. C. D.
Layer 2 in-band real IP gateway gateway mode Layer Layer 2 out-of-ba out-of-band nd real real IP gateway gateway mode Layer Layer 3 in-band in-band virtual virtual gateway gateway mode Layer Layer 3 out-of-band out-of-band virtual virtual gateway gateway mode mode
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 14 Two companies want to merge their OSPF networks, but they run different OSPF domains. Which option must be taken to accomplish this requirement? A. B. C. D.
OSPF virtual link to bridge the backbone areas of the two two companies together Route Route summariz summarizati ation on Stat Static ic OSPF OSPF Redistribu Redistribute te routes routes betwe between en domains domains
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: From my CCIE colleague: To join two companies probably best best to statically route between between ASBRs if the companies are to merge as one then you would merge area 0 using virtual link. QUESTION 15 An engineer is designing a multi cluster cluster BGP network, each cluster has two Route Reflectors and four Route Reflector clients. Which 2 options must be considered? (Choose two) A. Clients from all clusters should peer with all all Route Reflectors B. All Route Route Reflectors Reflectors should be be non-client non-client peers in a partially partially meshed meshed topology topology
C. All Route Route Reflectors Reflectors must be non-client non-client peers in a fully fully meshed topology topology D. Clients Clients must not peer with with iBGP speakers speakers outside outside the client router router E. Clients Clients should should peer with at least least one other client client outside outside it's cluster cluster Correct Answer: CD Section: (none) Explanation Explanation/Reference: Correct Answer: CD Section: (none) Explanation Explanation/Reference: QUESTION 16 Question about IPv4 and IPv6 on the same router (dual stack) with IS-IS A. B. C. D.
... IS-IS ... ...
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: - Cisco added m ultitopolgy support for IS-IS to increase flexibility within within dual-stack environment. - Two TLVs added: · IPv6 reachability TLV · IPv6 interface address TLV - Multi topology IS-IS: · A separate topology is kept for both IPv4 and IPv6 (some links may not be able to carry IPv6 --> Avoid traffic black-holed) · This mode removes the restriction that all interfaces on which IS-IS is configured must support the identical set of network address families. · A separate SFP per address family. · Wide metric must be used. - Single-topology IS-IS: · One SPF instance for both IPv4 and IPv6. · Easier to administer but network must be homogeneous. · Due to consistency checks, a router running IS-IS for both IPv4 and IPv6 does notform an adjacency with a router running IS-IS for IPv4 or IPv6 only. Disable consistency checks to maintain adjacencies active in heterogeneous environments. ForL1 links, this is primarily done during transition. · As in any IS-IS design, L2 routers must be contiguous. IPv6 adjacency checks are notdone on L2 links. QUESTION 17 A network Engineer is designing a hierarchical hierarchical design and needs to optimize WAN design. On what group of devices can a network engineer summarise routes to remote WAN sites? A. B. C. D. E.
Core Dist Distri ribu buti tion on Data Center Center Distribu Distribution tion WAN Edge WAN WAN Ed Edge Campus access distributio distribution n layer layer
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: Comments: Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN Edge and towards campus & data centre QUESTION 18 Which two design concerns must be addressed when designing a multicast implementation? (Choose two) A. B. C. D. E. F.
only the low-order low-order 23 bits of the MAC address are used to map IP addresses only the low-order low-order 24 bits bits of the MAC address address are used to map IP address addresses es only the high-order high-order 23 bits bits of the MAC address address are used to to map IP addresses addresses only the low-order low-order 23 bits bits of the IP address address are used to to map MAC addresses addresses the 0x01004f 0x01004f MAC address address prefix prefix is used for mapping mapping IP addresses addresses to MAC MAC addresses addresses the 0x01005e 0x01005e MAC address address prefix prefix is used for mapping mapping IP addresses addresses to MAC address addresses es
Correct Answer: DF Section: (none) Explanation Explanation/Reference: Correct Answer: DF Section: (none) Explanation Explanation/Reference: Comments: Ethernet & FDDI Multicast Addresses - The low order bit (0x01) in the first octet indicates that this packet is a Layer 2 multicast packet. Furthermore, the "0x01005e" prefix has been reserved for use in mapping L3 IP multicast addresses into L2 MAC addresses. - When mapping L3 to L2 addresses, the low order 23 bits of the L3 IP multicast address are mapped into the low order 23 bits of the IEEE MAC address. Notice that this results in 5 bits of information being lost. https://www.cisco.com/networkers/nw00/pres/3200/3200_c1_Mod2_rev1.pdf QUESTION 19 Which of the following is a result when designing multiple EIGRP autonomous systems within the Enterprise Campus network? A. B. C. D.
Improves scalability by dividing the network network using summary routes at AS boundaries Decreases complexity since EIGRP redistribution is is automatically handled in the background Reduces Reduces the volume volume of EIGRP queries queries by limiting limiting them to one EIGRP EIGRP AS Scaling is improved when when a unique AS AS is run at the Access, Distribution, and Core layers of the network
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: Comments:
Chapter 2 of CiscoPress CCDP fourth edition clearly says (there is even a test at the end of the chapter) that introducing additional ASes won't reduce the volume of EIGRP queries as these will be forwarded across the ASes. QUESTION 20 What two sensor types exist in an IDS/IPS solution? (Choose two) A. B. C. D. E.
host anoma anomaly ly base based d poli policy cy base based d netw networ ork k bas based ed sign signat atu ure
Correct Answer: AD Answer: AD Section: (none) Explanation Explanation/Reference: Correct Answer: AD Section: (none) Explanation Explanation/Reference: @Samsonite I see the confusion in this one. There are 2 types of "sensors", host-based and network-based. There are 3 types of methods/technologies for detecting bad traffic within within a sensor signature-based, anomaly-based, policy-based. https:**//www.certificationkits.com**/cisco-certification/ccna-security-certification-topics/ccna-securityimplement-ips-with-sdm/ccna-security-network-based-vs-host-based-intrusion-detection-a-prevention/ QUESTION 21 Which of this is true of IP addressing with regard to VPN termination? A. B. C. D.
IGP routing protocols will update update their routing tables over an IPsec VPN Termination Termination devices devices need need routable routable addresses addresses inside inside the VPN Addressing Addressing design design need need to allow for for summarizatio summarization n Designs should not include overlapping address address spaces between between sites, since NAT is not supported
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Comments: Best design practices say the VPN design should allow for summarization. With regards to D - sometimes you cannot avoid overlapping addresses as this is what is configured at client's end, and the only option is to hide the overlapping subnet behind NAT - based on experience (The author of this remark has 50x VPN tunnels and majority of them is using NAT, even if the subnet doesn't overlap, we want to hide our real IPs behind something else - extra security QUESTION 22 A network design team is experiencing sustained congestion congestion on access and distribution uplinks. uplinks. QoS has already been implemented and optimized, and it is no longer effective in ensuring optimal network performance. Which two actions can improve network performance? (Choose two) A. Reconfigure QoS based on the IntServ model B. Configure Configure selective selective packet packet discard discard to drop noncritical noncritical network network traffic traffic
C. Implement Implement higher-spe higher-speed ed uplink uplink interfaces interfaces D. Bundle Bundle additional additional uplinks uplinks into logical logical Ether-Channel Ether-Channels s E. Utilize Utilize random random early early detectio detection n to manage manage queues queues
Correct Answer: CD Section: (none) Explanation Explanation/Reference: Correct Answer: CD Section: (none) Explanation Explanation/Reference: QUESTION 23 Which technology is an example of the need for a designer to clearly define features and desired performance when designing advanced WAN services with a service provider? A. B. C. D.
FHRP to remote branches Layer Layer 3 MPLS MPLS VPNs secu secure re routin routing g Control Control protocols protocols (for example Spanning Spanning Tree Protocol Protocol)) for a Layer 3 MPLS service Intrusion Intrusion prevention prevention,, QoS, and stateful firewall firewall support support network wide wide
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: This answer is an example that show that the designer did not clearly defined his needs because the SP gave a L3 service when L2 was needed. In other dumps from Internet answer is B and I think it is right, because designer must be sure that SP provides secure routing service with needed performance, but how control protocols works inside SP net designer. QUESTION 24 Which option is correct when using Virtual Switching System? A. B. C. D.
Both control planes forward traffic simultaneously Only the active active switch switch forward forward traffic traffic Both data data planes planes forward forward traffic traffic simultaneous simultaneously ly Only the active active switch switch handles handles the control control plane plane
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Comments: Definitely C again Chapter 1 of CiscoPress CCDP fourth edition Distribution-to Distribution-to Distribution Interconnect with the Virtual Switch Model The virtual switch system operates differently at different planes. From a control plane point of view, the VSS peers (switches) operate in active standby redundancy mode. The switch in ac tive redundancy mode
will maintain the single configuration file for the VSS and sync it to the standby switch, and only the console interface on the active switch is accessible VSS1440 (in the book) A VSS1440 refers to the VSS formed by two Cisco Catalyst 6500 Series Switches with the Virtual Switching Supervisor 720-10GE. In a VSS, the data plane and switch fabric with capacity of 720 Gbps of supervisor engine in each chassis are active at the same time on both chassis, combining for an active 1400- Gbps switching capacity per VSS. Only one of the virtual switch members has the active control plane. Both chassis are kept in sync with the inter-chassis Stateful Switchover (SSO) mechanism along with Nonstop Forwarding (NSF) to provide nonstop communication even in the event of failure of one of the member supervisor engines or chassis. https://www.cisco.com/c/en/us/products/collateral/switches/cataly https://www.cisco.com/c/en/us/products/coll ateral/switches/catalyst-6500-virtual-switchingsy st-6500-virtual-switchingsystemstem- 1440/ prod_qas0900aecd806ed74b.html In my opinion C & D are correct. QUESTION 25 When APIC is down on cluster device ... What is the minimum number of APICs requirement for a production ACI Fabric to continue to operate? A. B. C. D.
1 2 3 4
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Comments: From Designing for Cisco Network Service Architecture Fourth Edition: The recommended minimum sizing has the following requirements: * Three or more Cisco APIC controllers that are dual connected to different leaf switches for maximum resilience. Note that the fabric is manageable even with just one controller and operational without a controller. I'm not sure what 'manageable' means, is it still an ACI fabric or does it revert to a different state. It seems weird to me you would no longer have your ACI fabric if one/ two of your three APIC's went offline. Not usually how redundancy works. This Cisco topic seems to indicate it will still work on 1 APIC https://supportforums.cisco.com/ discussion/12448836/apic-cluster-why-minimum-3-controllers discussion/12448836/apic-cluster-why -minimum-3-controllers Interesting your reasoning. "Manageable", means that you can still make changes, add/remove things, etc. So, now reading your comments, it makes sense that if the is talking about continuing to operate, the answer must be 1. I've seen 3 as the answer in all dumps but now I doubt it. QUESTION 26 Routing protocol that provides unequal cost path with different metrics for load balancing purposes? A. B. C. D. E.
OSPF EIGRP ISIS BGP RIP
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 27 What changes you should make in the design to optimize traffic?
A. B. C. D.
Choose distribution switch switch A as HSRP active Add a Laye Layer2 r2 link link between between access access switche switches s Add a Layer3 point-to-p point-to-point oint link link between distributi distribution on switches switches Configure Configure an EtherChannel EtherChannel between between distributi distribution on switches switches
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 28 Which option is the Cisco recommendation for data oversubscription for access ports on the access-to distribution uplink? A. B. C. D.
4 to 1 20 to 1 16 to 1 10 to 1
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 29 An engineer is designing a layer layer 3-enabled access layer. layer. Which design recommendation recomm endation must the engineer consider when deploying EIGRP routing within the access layer? A. B. C. D.
Implement floating static routes on access switches for redundant links Configure Configure all edge edge access layer layer switche switches s to use a stub routing routing feature feature Enable multiple uplinks from each access switch stack to the the distribution switches Use the First Hop Hop Redundancy Redundancy Protocol Protocol on access access layer layer switches switches
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 30 What are the two methods of ensuring that the RPF check passes? (Choose two) A. B. C. D. E.
implementing static mroutes implementing implementing OSPF routing routing protocol protocol impleme implementi nting ng MBGP MBGP disabling disabling the the interface interface of the router router back to the multicast multicast source source disabl disablin ing g BGP routin routing g protoco protocoll
Correct Answer: AC Answer: AC Section: (none) Explanation Explanation/Reference: Correct Answer: AC Section: (none) Explanation Explanation/Reference:
Comments: The router determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It is important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change in the unicast routing table immediately triggers an RPF recheck on most modern routers. Having OSPF routing protocol in place won't really ensure that the RPF check passes. Let's say we have implemented OSPF routing protocol within the topology below (have a look at the URL below), "R3" knows the best path to 1.1.1.0/24 is via interface F0/0 but "R3" receives multicast packet from source server (1.1.1.1/24) on interface S0/0. The RPF will fail. We can get this fixed by implementing static mroutes (static multicast-routes) to force multicast traffic to go back via interface S0/0 (ip mroute 0.0.0.0 0.0.0.0 s0/0) Having unicast routing protocol (OSPF, EIGRP, BGP, RIP, IGRP, IS-IS etc) won't necessarily mean the RPF will succeed but having a multicast routing protocol (Multipoint BGP) or dedicated multicast static routes (mroutes) will. The only which I still have is that if the multicast routing protocol relies on the underlying unicast routing table (OSPF) how does it ensure that the RPF check passes. https://supportforums.cisco.com/t5/network-infrastructure-documents/multicast-rpf-recovery-using-staticmulticast-routing/ta-p/3139007 QUESTION 31 A client requirement to separate management and control layer layer within an organization. organization. Which technology can be used to achieve this requirement while minimizing physical devices? A. B. C. D. E.
Virtual Device Context VRF Virtua Virtuall Switchi Switching ng Syste System m Virtua Virtuall Local Local Area Netw Networks orks MEC
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 32 Drag and Drop Select and Place:
A. B. C. D. Correct Answer: Section: (none) Explanation Explanation/Reference: Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 33 Which technology tec hnology will will you use to connect 2x Data Centres and extend Layer 2 VLANs? (Choose two) A. B. C. D. E.
OTV VXLAN Fabr Fabric ic Path Path IS-IS EIGRP
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 34 An engineer is designing a multitenant multitenant network that requires separate management access and must share a single physical firewall. Which two f eatures support this design? ( Choose two) A. B. C. D. E. F.
Site-to-Site VPN dynami dynamic c routin routing g protoc protocols ols multica multicast st routin routing g threa threatt detec detecti tion on qual qualit ity y of ser servi vice ce unifie unified d communic communicati ations ons
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: Comments: This one is a little bit trickier, separate management access means the multi-context mode https:// www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/hacontexts.pdf Page 14 of Guidelines for Multiple Context Mode lists unsupported features, after you cross the unsupported features out - you are left with what works on a multi-context mode firewall QUESTION 35 Which technology should a network designer combine with VSS to ensure a loop free topology with optimal convergence time? A. B. C. D.
PortFast Upli Uplink nkFa Fast st RPVST+ Multic Multichas hassis sis EtherChan EtherChannel nel
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: Comments: "C" definitely not as STP is disabled when VSS is configured at the distribution layer. MEC comes with Cisco Catalyst (VSS) like vPC comes with Cisco NX-OS. QUESTION 36 What needs to be configured to control unwanted transit traffic to not be routed to remote branches that have multiple WAN connections? A. B. C. D.
route weighting rout route e tagg taggin ing g rout route e filt filter erin ing g route route priori prioritis tising ing
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 37 One new regarding 802.1X. (Choose three) A. B. C. D. E.
Authenticates the user itself Authen Authentic ticate ates s the device device itsel itself f If the device device does not not support, support, allow the the access automati automatically cally Cisco Cisco propri proprieta etary ry Indu Indust stry ry stan standa dard rd
Correct Answer: ABE Answer: ABE Section: (none) Explanation Explanation/Reference: Correct Answer: ABE Section: (none) Explanation Explanation/Reference: QUESTION 38 What is one function of key server in Cisco GETVPN deployment? A. B. C. D.
sending the RSA certificate provi providin ding g pre-sha pre-shared red keys keys maintaining maintaining security security polices polices provi providin ding g the the group group ID ID
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Comments: Key server is responsible for maintaining security policies, authenticating the GMs and providing the session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after successful registration the GMs can participate in group SA. https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/ deployment_guide_c07_554713.html QUESTION 39 What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across the WAN? A. B. C. D.
Convergence time Low oper operati ating ng expens expense e (OpEx) (OpEx) Low Low late latenc ncy y Dynami Dynamic c fault-to fault-toler leranc ance e
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 40 An engineer has implemented a QoS architecture that requires a signalling signalling protocol to tell routers which which flows of packets require special treatment. Which two mechanisms are important to establish and maintaining QoS architecture? (Choose two) A. B. C. D. E.
Classification Tag Tagging Packet Packet Schedu Scheduli ling ng Admissi Admission on Contro Controll Resourc Resource e Reserv Reservati ation on
Correct Answer: DE Section: (none) Explanation Explanation/Reference: Correct Answer: DE Section: (none) Explanation Explanation/Reference: QUESTION 41
An engineer wants to have a resilient access layer in the Data Center so that access layer layer switches have separate physical connections to a pair of redundant distribution switches. Which technology achieves this goal? A. B. C. D. E. F.
PaGP LACP VSL EVPC VSS ECMP
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: @crossbar Enhanced vPC is a form of Multichassis Etherchannel and VSS by itself, withour MEC, doesn't provide resiliency. ECMP could also be a correct answer, assuming an L3 access layer design. But the question specifies "in the Data Centre" and most DC access layer designs are L2. Furthermore, (E)vPC is a tech exclusive to Nexus, which is marketed by Cisco as DC switches. QUESTION 42 What is advantage of using the vPC feature in Data Centre environment? A. B. C. D.
Two switches form a single control plane Utilizes Utilizes all availa available ble uplinks uplinks bandwid bandwidth th FHRP FHRP is not requir required ed A single single IP is used used for management management for both both devices devices
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 43 Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What are two advantages of using Cisco FabricPath technology? (Choose two) A. Cisco FabricPath relies on OSPF to support Layer Layer 2 forwarding between switches, switches, which allows load balancing between redundant paths. B. Cisco FabricPath FabricPath provides MAC address address scalability scalability with conversational learning. C. Loop mitigati mitigation on is provided provided by the TTL field in the the frame. D. Cisco FabricPat FabricPath h is IETF-standard IETF-standard and is not used with with Cisco products. products. E. Cisco FabricPath technology is supported in all Cisco platforms and can replace replace legacy Ethernet in all campus networks.
Correct Answer: BC Section: (none) Explanation Explanation/Reference: Correct Answer: BC Section: (none) Explanation Explanation/Reference: QUESTION 44 A client request includes a network network design that ensures all connections between between the access layer and distribution layer are active and forwarding traffic at all times. Which design approach achieves this request? A. Enable backbone fast on the two distribution distribution switches and create a port channel between between each access layer switch and both distribution switches B. Configure Configure HSRP for all all VLANs and and adjust the hello hello timer timer for faster converge convergence nce C. Configure Configure Rapid Rapid PVST+ and adjust adjust the timers timers for fast convergen convergence ce D. Create a VSS between between the two distribution switches switches and also create a MEC between the the VSS and each access layer switch.
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 45 What is the most important consideration when selecting a VPN termination device? A. B. C. D.
CPU cycles per second VPN session sessions s per per interfa interface ce Packe Packets ts per per seco second nd Bits Bits per per sec secon ond d
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 46 Which option is a design recommendation for route summarizations? A. B. C. D. E.
Filtered redistribution for the prevention of of re-advertising of routes Routin Routing g protoc protocol ol stub stub areas areas Route summariza summarization tion for scalable scalable routing routing and addressing addressing design design Defensive Defensive route filtering filtering to defence defence against inappropr inappropriate iate routing routing traffic Route summariza summarization tion to support support greater greater volumes volumes of transit traffic traffic
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 47 A company is Multi-Homed to different service providers providers running BGP. Which action ensures that the company AS does not become a transit AS? A. Create a distribute list that filters filters all routes except the default route and applies to both both BGP neighbour interfaces in the inbound direction B. Create a distribute distribute list that filters all routes except the default route and applies to a single BGP neighbour in the outbound direction C. Create prefix list list that matches the the company prefixes prefixes and applies to both BGP neighbour definitions in the outbound direction. D. Create Create a route map that matches the provider provider BGP communities communities and networks networks and applies applies to both both transit neighbour interfaces in the outbound direction.
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 48 A network engineer wants to limit limit the EIGRP query scope to avoid high high CPU and memory utilization utilization on lowend routers as well as limiting the possibility of a stuck-in-active routing event between HQ and branch offices. Which way to achieve these goals? A. Configure different Autonomous System number per each branch office and HQ and redistribute routes between autonomous systems. B. Configure all routers at branch offices as EIGRP stub stub and allow allow only directly connected networks at branch offices to be advertised to HQ C. Configure Configure all routers at at branch offices offices as EIGRP EIGRP stub stub D. Configure Configure all routers routers at HQ and branch branch offices offices as EIGRP stub stub Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 49 Which two protocols support simple plaintext and MD5 authentication? (Choose two)
A. B. C. D. E.
RIP IPv6 EIGRP BGP OSPF
Correct Answer: AE Answer: AE Section: (none) Explanation Explanation/Reference: Correct Answer: AE Section: (none) Explanation Explanation/Reference: Comments: Simple password authentication (also called plain text authentication) - supported by Integrated-System to Integrated-System (IS-IS), Open Shortest Path First (OSPF) and Routing Information Protocol Version 2 (RIPv2) MD5 authentication - supported by OSPF, RIPv2, BG P, and EIGRP QUESTION 50 A network engineer must create a backup network connection between two corporate sites over the Internet using the existing ASA firewalls. Which VPN technology best satisfies this corporate need? A. B. C. D. E. F.
VPLS DMVPN GETVP TVPN IPSec MPLS OT V
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 51 A large-scale IP SLA deployment deployment is causing memory and CPU shortages on the router in an enterprise network. Which solution can be implemented to mitigate these issues? A. B. C. D.
An offline router for disaster recovery CPE device device that that is managed managed by the the network network provider provider A shad shadow ow rout router er A standby standby router router for for failover failover operatio operation n
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C
Section: (none) Explanation Explanation/Reference: Comments: https://www.cisco.com/en/US/technologies/tk869/tk769/technologies_white_paper0900aecd806bfb52.html QUESTION 52 Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two) A. B. C. D. E. F.
Taboo contract entries are looked up with higher priority than entries in regular contracts Taboo contract entries are looked up with lower lower priority than entries in regular contracts. They are not associated associated with with one one EPG They are associa associated ted with with one one EPG Taboo contract contract entries entries are looked up based based on administrator administrator configured configured priority priority They are associa associated ted with pair of EPGs EPGs
Correct Answer: AF Answer: AF Section: (none) Explanation Explanation/Reference: Correct Answer: AF Section: (none) Explanation Explanation/Reference: Comments: There may be times when the ACI administrator might need to deny traffic that is allowed by another contract. Taboos are a special type of contract that an ACI administrator can use to deny specific traffic that would otherwise be allowed by another contract. Taboos can be used to drop traffic matching a pattern (any EPG, a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of regular contracts are applied. Taboo contracts are not recommended as part of the ACI best practices but they can be used to transition from traditional networking to ACI. To imitate the traditional networking concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain types of traffic." EPG End-Point Groups QUESTION 53 A network manager wants all remote sites to be designed to communicate dynamically dynamically with with each other using DMVPN technology without requiring much configuration on the spoke routers. Which protocol is use by DMVPN to achive this goal? A. B. C. D.
GRE NHRP SSH ARP
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 54 An organization is creating a detailed QoS plan that limits limits bandwidth to specific rates. Which three parameters can be configured when attempting to police traffic within the network? (Choose three)
A. B. C. D. E. F. G.
Conforming Viol Viola atin ting Burs Burstting ing Peak Peak inform informati ation on rate rate Committ Committed ed info informat rmation ion rate rate Exce Exceed ediing Shap Shapin ing g rat rate e
Correct Answer: ABF Answer: ABF Section: (none) Explanation Explanation/Reference: Correct Answer: ABF Section: (none) Explanation Explanation/Reference: @crossbar https:**//www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpoli.html#wp1006389 QUESTION 55 An engineer must design a Cisco VSS-based configuration within within a customer campus network. The two VSS switches are provisioned for the campus distribution layer... Which option is the primary reason to avoid plugging both VSL links into the supervisor ports? A. B. C. D.
The implementation creates a loop The design design lacks optimal optimal hardware hardware diversi diversity ty Limited Limited bandwidth bandwidth is availa available ble for VSS converge convergence nce QoS is is required required on the the VSL links
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: Comments: The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different sources. Doing this might require having one port from the supervisor and other from a Cisco 6708 line card. When configuring the VSL, note the following guidelines and restrictions: For line redundancy, we recommend configuring at least two ports per switch for the VSL. For module redundancy, the two ports can be on different switching modules in each chassis. QUESTION 56 An engineer is configuring QoS to meet the following following requirement: - all traffic that exceeds the allocated bandwidth will still traverse the infrastruc ture but will be forwarded later What will be requirements? A. Per-Hop behaviours B. Weight Weighted ed Fair Fair Queu Queuin ing g C. IP Prece Precede dence nce
D. Shap Shapin ing g
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 57 An engineer is designing a network network using RSTP. Several devices on the network network support only legacy STP. Which outcome occurs? A. B. C. D.
RSTP and STP choose the protocol with the best performance. RSTP and STP STP interoperat interoperate e and fast conver convergence gence is is achieved. achieved. RSTP and STP are not not compatible compatible and legacy legacy ports ports error disable disable.. RSTP and STP interope interoperate rate but the the fast convergence convergence is not not used.
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 58 What is the outcome when RPF check passes successfully? A. Packet is dropped because it arrived on the interface interface that used to forward the packet back to source. B. Packet is dropped dropped because because it arrived arrived on the interface interface that used to forward forward the packet back to destination. C. Packet is forwarded because it arrived arrived on the interface that used to forward the packet back to destination D. Packet is forwarded because it arrived arrived on the interface that used to forward the packet back to source Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: Comments: Routers perform a reverse path forwarding (RPF) check to ensure that arriving multicast packets were received through the interface that is on the most direct path to the source that sent the packets. An RPF check is always performed regarding the incoming interface, which is considered to be the RPF interface. The RPF check will succeed if the incoming interface is the shortest path to the source. The router determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It is important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change in the unicast routing table immediately triggers an RPF recheck on most modern routers.
QUESTION 59 Multicast PIM-Sparse mode sends traffic overload. Which feature can reduce the multicast traffic in the access layer? A. B. C. D.
IGMP snooping Filter Filter at Bounda Boundarie ries s PIM PIM Den Dense se-Mo -Mode de MSDP
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: Comments: I think solution for this one was to move STP root QUESTION 60 Refer to the exhibit. A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are currently running and all interfaces are active. Which factor determines which router becomes the active HSRP device? A. B. C. D.
the router with the highest MAC address for the respective group the router router with the highest highest interface interface bandwidt bandwidth h for the respective respective group the rout router er that that boots boots up up last last the router router with the the highest highest IP address address for the respective respective group group
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 61 When 2 distribution switches are configured for VSS, what needs to be done to extend back plane connectivity? A. ISL B. VSL C. VSS
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 62 An engineer is considering uplink uplink bandwidth over-subscription in a Layer Layer 3 network design. Which option is the Cisco recommended over-subscription ratio for uplinks between the distribution and core layers? A. B. C. D.
3 to 1 4 to 1 6 to 1 8 to 1
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: Comments: Network oversubscription refers to a point of bandwidth consolidation where the ingress bandwidth is greater than the egress bandwidth. For example, at an ISL uplink from an edge layer switch to a core, the oversubscription of the ISL is typically on the order of 7:1 or greater. In a single director fabric, the fan-out ratio of server to storage subsystem ports is directly related to the network oversubscription and is typically on the order of 10:1 or higher. Network oversubscription is normal and unavoidable-it is a direct by product of the primary purpose for deploying a SAN. An important characteristic of the network related to oversubscription is its ability to fairly allocate its bandwidth resources among all clients of the SAN. QUESTION 63 A network consultant is designing an enterprise network that includes an IPsec headend termination device. device. Which two capabilities are the most important to consider when assessing the headend device's scalability? (Choose two) A. B. C. D. E.
Packets per second processing capability CPU CPU capab capabil ilit itie ies s Number of tunnels tunnels that can be aggregated aggregated Bandwi Bandwidth dth capabil capabiliti ities es Memory Memory capabi capabili litie ties s
Correct Answer: CE Section: (none) Explanation Explanation/Reference: Correct Answer: CE Section: (none) Explanation Explanation/Reference: @skummy From Cisco "Scalability considerations" considerations" guide the order is Packets, Tunnel quantity, Gre encapsulation encapsulation and then only Routing protocols affecting the CPU. Question sound like asking for enterprise IPsec, so like anyconnect Remote-Access = no routing affected on VPN headend QUESTION 64 What protocol is used for connectivity between VSS layers? A. PAgP B. IVR
C. ISL D. VSL E. ...
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 65 Refer to the exhibit. A customer discovers router R1 remains active even when the R1 uplink (F0/1) is down. Which two commands can be applied to R1 to allow R2 to take over as the HSRP active? (Choose two) A. B. C. D. E.
track 50 ip route 10.10.10.0/24 reachability track track 50 inter interface face Fa0/ Fa0/1 1 ip routin routing g standb standby y 10 track track 50 decr decremen ementt 20 standb standby y 10 track track 50 shut shutdow down n stan standb dby y 10 10 trac track k 50
Correct Answer: BC Section: (none) Explanation Explanation/Reference: Correct Answer: BC Section: (none) Explanation Explanation/Reference: QUESTION 66 Which technology simplifies encryption management? A. B. C. D. E.
GETVPN DMVPN IPsec Easy EasyVP VPN N GRE
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 67 When a site has Internet connectivity with two different ISP's, which two strategies are recommended to avoid becoming a BGP transit site? (Choose two)
A. B. C. D. E.
Use a single service provider Filter Filter routes routes outbou outbound nd to to the ISPs Accept all inbound inbound routes routes from from the ISPs ISPs Filter Filter routes routes inbound inbound from the the ISPs ISPs Advertise Advertise all routes to both both ISPs ISPs
Correct Answer: BC Section: (none) Explanation Explanation/Reference: Correct Answer: BC Section: (none) Explanation Explanation/Reference: @crossbar B is definitely correct, but what bugs me is the "which two strategies..." formulation: it sounds to me that the two required answers would not necessarily need to be applied at the same time. If this interpretation is correct, C doesn't help at all, it actually would be the cause of the issue (this is true for E too). If it is not, C doesn't hurt, but doesn't help either. For the other answers: A would definitely work, but denies the question's supposition D your AS wouldn't be a transit transit for the filtered routes, but it doesn't make sense filter what you WANT to learn from ISP. Bottom line, I think I would answer AB. But I am not certain, let me know what you think! QUESTION 68 to use multiple path from distribution to core A. B. C. D.
install IGP ECMP RSTP+ TP+ HSRP
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 69 What is the characteristic of 802.1x (Choose two) A. B. C. D.
EAP messages in Ethernet frames and don't use PPP Works only only on on wired wired connect connection ions s It's created created by IETF It's created created by IEEE IEEE
Correct Answer: AD Answer: AD Section: (none) Explanation
Explanation/Reference: Correct Answer: AD Section: (none) Explanation Explanation/Reference: QUESTION 70 An engineer is designing an infrastructure infrastructure to use a 40 Gigabit link as the primary uplink uplink and a 10 Gigabit uplink as the alternate path. Which routing protocol allows for unequal cost load balancing? A. B. C. D. E.
OSPF RIP EIGRP BGP IS-IS
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 71 Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two) A. B. C. D.
It is assigned by the the Cisco ISE to the user or endpoint session upon login login Best practice practice dictates dictates it should should be statically statically created created on the switch switch It is removed removed by the Cisco Cisco ISE before before reaching reaching the endpoint endpoint.. Best Practice dictates dictates that deployments deployments should include a guest group allowing allowing access to minimal services E. Best Practice dictates dictates that deployments deployments should include a security group for common services such as DNS and DHCP
Correct Answer: AE Answer: AE Section: (none) Explanation Explanation/Reference: Correct Answer: AE Section: (none) Explanation Explanation/Reference: QUESTION 72 What to configure in BGP so that other BGP neighbours cannot influence the path of a route. A. B. C. D.
Lower MED Higher Higher Local Local Prefe Preferen rence ce High Higher er Weigh Weightt Lowe Lowerr Rout Router er ID ID
Correct Answer: C
Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Comments: The BGP golden rule is that nobody can say me what is have to do with my routes Weight is the only attribute which is not transmitted weight can NOT be used by any neighbor to influence me. Within my AS i can also be influenced by Loc pref. Weight is also the first in the list. I think it is weight is the right answer because it is local significant significant where nobody only only me have influence on. QUESTION 73 After an incident caused by a DDOS attack on a router, an engineer must ensure that the router is accessible and protected from future attacks without making any changes to traffic passing through the router. Which security function can be utilized to protect the router? A. B. C. D.
zone-based policy firewall access access contro controll lists lists clas class s maps maps control control plane plane polic policing ing
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 74 What are the most important scaling factors that need to be considered while selecting VPN head end device? (Choose two) A. B. C. D. E.
Memory Packe Packets ts per per sec secon ond d Conn Connec ecti tion on speed speed CPU CPU Lim Limit it Bits Bits per per sec secon ond d
Correct Answer: BD Section: (none) Explanation Explanation/Reference: Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 75 Which two statements about 802.1X are true? (Choose three) A. It is Cisco standard
B. C. D. E. F.
It can allow allow and deny deny port access access based based on device device identity identity It works works only only with wired devices devices It can allow allow and deny deny port port access based based on user identity identity EAP messages messages in Ethernet Ethernet frames and don't don't use PPP EAP messages messages in Etherne Ethernett frames frames and use PPP PPP
Correct Answer: BDE Section: (none) Explanation Explanation/Reference: Correct Answer: BDE Section: (none) Explanation Explanation/Reference: QUESTION 76 An OSPF router should have a maximum of how many adjacent neighbours? A. B. C. D.
80 50 60 100
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 77 Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups of redundant routers? A. B. C. D.
GLBP HSRP VRRP VSS
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference QUESTION 78 Which routing protocol provides the fastest convergence and greatest flexibility within a campus environment?
A. B. C. D.
OSPF IS-IS BGP EIGRP
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 79 What network technology provides Layer 2 high availability between between the access and distribution layers? A. B. C. D.
HSRP MEC EIGRP GLBP
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 80 Which option maximizes EIGRP scalability? A. B. C. D.
route redistribution rout route e redu redund ndan ancy cy rout route e filt filter erin ing g route route summariz summarizati ation on
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 81 Which two options are advantages of having a modular design instead of an EOR design in a data centre? (Choose two) A. cooling constraints B. cab cable bulk bulk
C. D. E. F.
decrea decreased sed STP STP proces processin sing g redund redundancy ancy option options s cost cost mini minimiz mizat atio ion n lowlow-ski skill lled ed manag manager er
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 82 An engineer is designing a redundant redundant dual-homed BGP solution that should prefer one specific carrier under normal conditions. Traffic should automatically fail over to a secondary carrier case of a failure. Whitch twho BGP attributes can be used to achieve this goal inbound traffic? (Choose two) A. B. C. D. E.
origin MED AS-PATH loca locall prefer preferen ence ce weight
Correct Answer: BC Section: (none) Explanation Explanation/Reference: Correct Answer: BC Section: (none) Explanation Explanation/Reference: Note : local pref and weight are for the other direction . QUESTION 83 A network team must provide a redundant secure connection between two entities using OSPF. The primary connection will be an Ethernet Private Line and the secondary connection will be a site-to-site VPN. What needs to be configured in order to support routing requirements for over the VPN connection? A. B. C. D.
GRE Tunnel HTTPS Root Root Certi Certifi fica cate te AAA AAA Serv Server er
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference:
QUESTION 84 Which configuration represents resiliency at the hardware and software layers? A. B. C. D.
multiple connections and FHRP HSRP HSRP and and GLB GLBP P redundant redundant supervi supervisor sor and power power supplies supplies dual dual uplink uplinks s and switc switches hes
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: I don't see "m ultiple connections" as hardware resiliency. They are "physical layer resiliency" resiliency" for me. QUESTION 85 Which option is the primary reason to implement security in a multicast network? A. B. C. D.
maintain network operations allow allow multicast multicast to continue continue to function function optimize optimize multicast multicast utiliz utilization ation ensure data data streams streams are sent to the intende intended d receivers receivers
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 86 A company requires redundancy for its multi-homed BGP external connections. What two features can be configured on the WAN routers to automate failover for both outbound and inbound traffic? (Choose two) A. B. C. D. E. F.
AS path prepending loca locall pre prefer feren ence ce floati floating ng stat static ic rout route e HSRP MED weight
Correct Answer: AD Answer: AD Section: (none) Explanation Explanation/Reference: Correct Answer: AD Section: (none) Explanation Explanation/Reference:
@crossbar from https:**//www.cisco.com/c/en/us/support/docs/ip/bo https:**//www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13768-hsrp-bgp.html rder-gateway-protocol-bgp/13768-hsrp-bgp.html " This document describes how to provide redundancy in a multihomed Border Gateway Protocol (BGP) network where you have connections to two separate Internet service providers (ISPs). In the event of a failure of connectivity toward one ISP, the tr affic is rerouted dynamically through the other ISP with the BGP set as- path {tag | prepend as-path-string} command and Hot Standby Router Protocol (HSRP) QUESTION 87 In what situation must spanning-tree be implemented? A. B. C. D.
when first hop redundancy protocol protocol exists with redundant Layer Layer 2 links between distribution switches switches when a VLAN spans spans access layer layer switches switches to support support business business applications applications when trunks trunks need to extend extend multiple VLANs VLANs across access access switches switches when it is necessary to speed up network convergence in case of link failure
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: @crossbar Correct answer is B See FLG 3rd Ed p38 QUESTION 88 Which option does best practice dictate for the maximum number of areas that an OSPF router should belong to for optimal performance? A. B. C. D. E.
1 2 3 4 5
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 89 Which option is an advantage of using PIM sparse mode instead of PIM dense mode? A. B. C. D.
No RP is required There is is reduced reduced congest congestion ion in the the network network IGMP IGMP is is not not requi required red It floods floods all multicast multicast traffic traffic throughout throughout the network network
Correct Answer: B Section: (none)
Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 90 Which two BGP attributes can be set with outbound policy to manipulate inbound traffic, if honoured by the remote Autonomous system? (Choose two) A. B. C. D.
Multi-exit discriminator AS pa path Loca Locall Prefer Preferen ence ce Wei Weight
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 91 An engineer has to design a multicast domain for some application. This multicast network network should be secured. Which option should he take? A. B. C. D.
PIM-SM; 232.0.0.0/8 ASM; ASM; 232 232.0 .0.0 .0.0 .0/8 /8 SSM; SSM; 224. 224.0. 0.0. 0.0/ 0/8 8 SSM; SSM; 232. 232.0. 0.0. 0.0/ 0/8 8
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 92 A company needs to configure a new firewall firewall and have only one public IP address to use. The engineer needs to configure the firewall with NAT to handle inbound traffic to the mail server in addition to internet outbound traffic. Which options could he use? (Choose two) A. B. C. D. E. F.
Static NAT for inbound traffic on port 25 Dynami Dynamic c NAT for outbo outbound und traffi traffic c Static Static NAT for for outbound outbound traffic on port port 25 Dynami Dynamic c NAT for inboun inbound d traffic traffic NAT overl overload oad for for outboun outbound d traffic traffic NAT overloa overload d for inbou inbound nd traffic traffic on port 25 25
Correct Answer: AE Answer: AE Section: (none) Explanation Explanation/Reference: Correct Answer: AE Section: (none) Explanation Explanation/Reference: QUESTION 93 As a network engineer you have have been asked to help design a new floor shop. Allocate appropriate subnet sizes on the left to the departments on the right and allow for simple summarization. (Wording may be slightly different as well as department names per number of hosts) Select and Place:
A. B. C. D. Correct Answer: Section: (none) Explanation Explanation/Reference: Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 94 Seven sites are connected via OTV, what is the best practice to connect more than three sites using OTV? A. B. C. D.
Filter MAC address at the join interface Use multica multicast-e st-enab nabled led transp transport ort Use Unicas Unicast-o t-only nly trans transpor portt Configure Configure one edge edge device device for each each data centre
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 95 An engineer chose to design an architecture where where distribution switches are in VSS and are connected to access switches using Multichassis Etherchannel. W hat is the resulting topology? A. B. C. D.
Looped Ring Hybrid Star
Correct Answer: D Section: (none)
Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 96 A company is running BGP on the edge with with multiple service providers in a primary primary and secondary role. The company wants to speed up time if a failure was to occur with the primary, but they are concerned about router resources. Which method best achieves this goal? A. B. C. D.
Utilize BFD and lower lower BGP hello interval Decrea Decrease se the BGP BGP keep-ali keep-alive ve timer timer Utilize Utilize BFD and and tune the the multiplier multiplier to to 50 Utilize Utilize BFD and keep keep the default default BGP timers timers
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 97 An engineer is designing a QoS architecture architecture for a small organization and must meet these requirements: - Guarantees resources for a new traffic flow prior to sending - Polices traffic when the flow does not conform Which QoS architecture model will accomplish this? A. B. C. D.
auto quality of of service modular modular qual qualit ity y of servi service ce differe differenti ntiate ated d services services integr integrate ated d serv service ices s
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 98 When designing data centres for multitenancy, which two benefits are provided by the implementation of VSAN and zoning? (Choose two) A. VSAN provides a means of restricting visibility visibility and connectivity among devices connected to a zone B. VSANs have have their own set of services services and address address space, which which prevents prevents an issue in one VSAN VSAN from affecting others C. Zones provide the ability ability to create many logical logical SAN fabrics on a single Cisco MDS 9100 family switch switch D. VSANs and zones zones use use separate separate fabrics fabrics E. Zones allow allow an administrato administratorr to control which which initiators initiators can see which which targets targets
Correct Answer: BE Section: (none) Explanation Explanation/Reference: Correct Answer: BE Section: (none) Explanation Explanation/Reference: QUESTION 99 A network engineer is designing a network that must incorporate active-active redundancy to eliminate disruption when a link failure occurs between the core and distribution layer. W hat two technologies will allow this? (Choose two) A. B. C. D. E.
Equal Cost Multi-Path (ECMP) Rapid Spanning Spanning Tree Tree Protocol Protocol Plus (RSTP+) Hot Standby Standby Routing Routing Protocol Protocol (HSRP) (HSRP) Rapid Spanning Spanning Tree Protoco Protocoll (RSTP) (RSTP) Ethe EtherC rCha hann nnel el (MEC) (MEC)
Correct Answer: AE Answer: AE Section: (none) Explanation Explanation/Reference: Correct Answer: AE Section: (none) Explanation Explanation/Reference: QUESTION 100 When designing layer 2 STP based LAN with FHRP, what design recommendation should be followed? A. B. C. D.
Assign STP root with active FHRP device device Assign Assign native native VLAN VLAN to lowest lowest number number in use Avoid configuring configuring router preempt Avoid modifying modifying STP & FHRP default default timers
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 101 A network engineer wants to segregate three interconnected interconnected campus network via IS-IS routing. A two-layer two-layer hierarchy must be used to support large routing domains to avoid more specific routes from each campus network being advertised to other campus network routers automatically. What two actions should be taken to accomplish this segregation? (Choose two) A. Assign a unique IS-IS NET value for each campus and configure internal campus routers with level level 1 routing. B. Designate Designate two two IS-IS routers from each campus campus to act as a Layer 1/Layer 1/Layer 2 backbone backbone routers at the
edge of each campus network. C. Designate Designate two two IS-IS routers routers as BDR routers routers at the edge edge of each campus. campus. D. Assign Assign similar similar router IDs to all all routers routers within within each campus. campus. E. Change Change the MTU sizes of the interface interface of each campus network network router router with a different different value Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 102 What command essentially turns on auto summarization for EIGRP? A. B. C. D. E.
area 0 range 10.0.0.0 255.0.0.0.0 rout router er eig eigrp rp 1 ip summary-addre summary-address ss eigrp 1 10.0.0.0 10.0.0.0 255.0.0.0 255.0.0.0 ip summary-a summary-address ddress 10.0.0.0 10.0.0.0 255.0.0 255.0.0.0 .0 eigrp igrp stub stub
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: Auto-summarization is enabled by default when you turn turn EIGRP on. QUESTION 103 What is the physical topology of ACI? A. B. C. D.
spine & leaf poin pointt to poin pointt hub hub & spok spoke e spoke spoke to spoke spoke
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 104 Which security function is inherent in an Application Centric Infrastructure network? A. Default Inter-EPG connectivity B. Intrusi Intrusion on Preven Preventio tion n
C. Intrusi Intrusion on Detect Detection ion D. Defaul Defaultt Denial Denial Netw Network ork
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: Comments: All the traffic between servers is denied (micro segmentation), to allow allow the traffic between EPGs we need to configure contracts. QUESTION 105 What security feature would require a packet to be received on the interface that the interface would use to forward the return packet? A. B. C. D.
urpf arp arp insp inspec ecti tion on vlan lan acl acl ...
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 106 What location are security policies enforced in ACI? A. B. C. D.
End Point Spine Leaf APIC
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Security policies are configured on the APIC, and enforced on the leaves QUESTION 107 What should be implemented to prevent exceeding the 50mb allowable bandwidth of internet circuit? A. policing
B. shaping C. CIR D. rate rate-l -lim imit it
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: Comments: After discussion we have agreed the answer answer A policing will will be the best choice for this question. If the ISP is policing traffic to 50MB, it would be a good practice to configure traffic shaping to 50MB in your network so the egress traffic is queued and sent rather than dropped by ISP. QUESTION 108 What multicast design would you use that cannot use rendezvous points....don't remember the complete question? A. B. C. D.
Pim bidirectional Pim Pim Spa Spars rse e Pim Pim Den Dense se Pim-S m-SSM
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 109 A company has 30 sites and wants wants allow dynamic dynamic IGP protocol, multicast and non IP traffic between sites. Which topology should the company implement? A. B. C. D.
dmvpn spoke-to-spoke dmvpn dmvpn hubhub-to to-sp -spoke oke vti p2p gre
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: Comments: Non IP traffic is not supported by DMVPN.
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class- teleworker-ecthttps://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-classsolution/prod_brochure0900aecd80582078.pdf QUESTION 110 A company security policy policy states that their data center center network must be segmented from the layer 3 perspective. The segmentation must separate various network security zones so that they do not exchange routing information and their traffic path m ust be completely segregated. which technology achieves this goal? A. B. C. D.
VPC VXLAN VRF VDC
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 111 An engineer is working for large cable TV provider that required required multicast multi sourced stream video, but must not use an RPM. Which protocol needs to be used? A. B. C. D.
ASM PIM-SM BID BIDR-P R-PIM SSM
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 112 Reduce security risk in BGP. Which option help to avoid rogue route injection, unwanted peering and malicious BGP activities? A. B. C. D.
Apply MD5 authentication authentication between all BGP peers Use Use GRE GRE tunn tunnel el Encry Encrypt pt all traffic traffic Apply route maps and policie policies s in route redistribut redistribution ion events events
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none)
Explanation Explanation/Reference: QUESTION 113 How does stub routing affect transit route in EIGRP? A. B. C. D.
Transit routes are passed from a stub network to a hub network It prevents prevents the hub router router from advertisi advertising ng networks networks learned learned from the spoke Transit routes routes are filtered filtered from stub stub networks networks to the network network hub It's designed designed to prevent prevent the distributio distribution n of external routes routes
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 114 A customer would like to implement a firewall to secure an enterprise network, network, however the customer is unable to allocate any new subnets. What type of firewall mode must be implemented? A. B. C. D. E. F.
active/standby acti active ve/a /act ctiv ive e zone one bas based ed virtu irtual al routed tran transp spar aren entt
Correct Answer: F Section: (none) Explanation Explanation/Reference: Correct Answer: F Section: (none) Explanation Explanation/Reference: QUESTION 115 A Network administrator want to increase the security level in the core layer layer and want to confirm that the users that have their default GW on an interface in the core switch can access specific networks and can't access the remaining networks. Which feature can help him to achieve this? A. B. C. D.
vlan access control list vlan vlan contr control ol acce access ss list list vlan vlan list list contro controll access access vlan vlan access access list list cont control rol
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A
Section: (none) Explanation Explanation/Reference: QUESTION 116 Which option provides software modularity in Cisco NX-OS software in the data center design? A. B. C. D.
The ip routing command enables all of the features in the Cisco NX-OS. All of the features features are enabled enabled by default default in the Cisco Cisco NX-OS. Individual Individual features features must be manually manually enabled enabled to start start the process. process. The Cisco NX-OS NX-OS has a management management VRF that that is enabled enabled by default. default.
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 117 Which technology allows multiple instances of a routing table to coexist on the same router simultaneously? A. B. C. D.
VRF Cisco Cisco virtua virtuall rout router er Instan Instanced ced virt virtuer uer route router r IS-IS
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 118 Which two features provide resiliency in a data center? (Choose two.) A. B. C. D. E.
Cisco FabricPath VT P encr encry yptio ption n vPC VRF
Correct Answer: AD Answer: AD Section: (none) Explanation Explanation/Reference: Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 119 Which network virtualization technology technology provides logical isolation of network traffic at Layer 3? A. B. C. D.
VSS VLAN VRFVRF-Li Litte MEC
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 120 Which technology extends Layer 2 LANs over any network that supports IP? A. B. C. D.
OTV VSS vPC VLAN
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 121 Two technologies that can be used to connect data centers over an IP network and provide layer 2 LAN extension A. B. C. D. E.
IS-IS VXLAN TRILL Fabr Fabric ic Path Path OTV
Correct Answer: BE Section: (none) Explanation Explanation/Reference: Correct Answer: BE Section: (none) Explanation Explanation/Reference:
QUESTION 122 Which protocol should be run on the LAN side of two edge routers (that are terminating primary and backup WAN circuits) to provide quick failover in case of primary WAN circuit failure? A. B. C. D.
VTP ST P VRRP RIP
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 123 Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario? A. B. C. D.
VRRP BGP IPsec SSL
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 124 What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be queued later ? A. B. C. D.
Shaping Poli Polici cing ng Weighted Weighted Fair Fair Queu Queuing ing Low Laten Latency cy Queui Queuing ng Correct Correct
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 125
About BGP advertising route with with using community, advertise to internet but but not advertise to inside network network A. B. C. D.
no-advertise no-ex o-expo port rt local ocal-a -as s inte nternet rnet
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 126 Which technology can block interfaces and provide a loop-free topology? A. B. C. D.
STP VSS VLAN vPC
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 127 A customer has an existing Wan circuit with a capacty 10 mbps, the circiut has 6 mbsp of varios user traffic and 5 mbps of real-time audio trafic on average. switch two measures could be taken to avoid loss of real time traffic (Choose Two) A. B. C. D. E.
Police the traffic to 5 mbps and allow excess traffic to be remarked to the default queu Configure Configure congestion congestion avoidance avoidance mechaninsm mechaninsm wred within within the proirity proirity queue Policy the traffic to 3.3 mbps and allow excess traffic to be remarked to the default queue Increase Increase the the wan wan circuit circuit bandwi bandwidth dth Ensure that that real real time traffic traffic is prorize prorized d over other other traffic traffic
Correct Answer: DE Section: (none) Explanation Explanation/Reference: Correct Answer: DE Section: (none) Explanation Explanation/Reference: QUESTION 128 An organization is adquiring adquiring another company and merging the two company company networks. No subnets overlap,
but the engineer must limit the networks advertised to the new organization. which feature implements this requierement? A. B. C. D.
Interface ACl Stu Stub are area Rout Router er filte filterin ring g Passiv Passive e interfa interface ce
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 129 When APIC is down on cluster device ... What is the minimum number of APICs requirement for a production ACI Fabric to continue to operate? A. B. C. D.
1 2 3 4
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 130 Multipath to two datacenter by L2 networks overlap addresses and must be work (2 answers) A. B. C. D. E.
vxlan OTV VRF vpn HSRP
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference: Correct Answer: AB Section: (none) Explanation Explanation/Reference: QUESTION 131
L2 extention through IP in the data center (MAC-in-IP) A. B. C. D.
fiberpath TRILL OTV Vxlan
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: @crossbar QUESTION 132 OTV to interconnect three data centers and what should there be in each data center A. VTEP B. vxlan ?
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: @crossbar I think the correct answer should be "(OTV) edge device" QUESTION 133 No question A. B. C. D. Corre Correct ct Ans Answe wer: r: Section: (none) Explanation Explanation/Reference: Correct Answer: Section: (none) Explanation Explanation/Reference:
QUESTION 134 Which one is IETF standared A. Cisco Fabric Path B. Data Data Cent Center er Bridgi Bridging ng
C. CUS D. Transparent Transparent Intercon Interconnecti nection on of Lots Lots of Links Links
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: @skummy The Data Center Bridging (DCB) architecture is based on a collection of open standards Ethernet extensions developed through the IEEE 802.1 working group to improve and expand Ethernet networking and management capabilities in the data center. https**://**www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/ieee-802-1-data-centerbridging/at_a_glance_c45-460907.pdf TRILL ("Transparent Interconnection of Lots of Links") is an IETF Standard[1] implemented by devices called RBridges (routing bridges) or TRILL Switches. https**://en.wikipedia.org/wiki/TRILL_(computing) QUESTION 135 the states that the designer want to use the three PIM-SM kinds and which one is true about bidirectional pim A. B. C. D.
three of them cannot be used at the same time source has to be expelici expelicitly tly mentioned mentioned The RP RP donot donot need need IP addr address ess the RP ip ip address address can be shared shared by other interface interface
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 136 Which two hashing distribution algorithms are available for an engineer when work with multichasis etherchannel? Choose two A. B. C. D. E.
src-dst-mac srcsrc-ds dstt-ip ip roun roundd-ro robi bin n fixed adapt daptiv ive e
Correct Answer: DE Section: (none) Explanation Explanation/Reference: Correct Answer: DE Section: (none)
Explanation Explanation/Reference: QUESTION 137 Which two modes for deploying cisco Trustsec are valid? Choose two A. B. C. D. E.
cascade lowlow-im impa pact ct open high high availa availabil bility ity mon monitor
Correct Answer: BE Section: (none) Explanation Explanation/Reference: Correct Answer: BE Section: (none) Explanation Explanation/Reference: QUESTION 138 While configuring WOS policy, analysis of the switching infrastructure indicates that the switches support 1P3Q3T egress queuning. wich option describes the egress queueing in the infrastruture? A. B. C. D.
The threshold configuration allos of inter-queq Wos by utilizing utilizing buffers The 1P3Q3T indicates indicates one priority priority queue, queue, three standard standard queues, and three threshold thresholds s The priority priority queue queue should use less less than 20% of the total bandwid bandwidth th The prority prority queue must contain contain real-time real-time traffic traffic and network network management traffic traffic
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 139 Refer to the exhibit. HSRP is running Bet SW A and Dist SW B. Which two links do the switches use to transmit HSRP mess? choose two A. B. C. D. E. F.
core Switch A, port g2/1 to distr switch switch A, port g3/1 distr Switch Switch A, port g5/1 g5/1 to distr distr swit swit B, port g5/2 g5/2 Core Switch Switch A, A, por g1/1 tp core swit swit B, port port g1/2 Core Switch Switch B, B, port g2/2 g2/2 to distr distr switch switch b, port port g3/2 Distr Switch Switch A, port port g4/1 to acc swi, swi, port port g1/0/1 g1/0/1 Distri Switch Switch B, port g4/2 g4/2 to acc acc switch, switch, port g2/0/1 g2/0/1
Correct Answer: EF Section: (none) Explanation Explanation/Reference: Correct Answer: EF
Section: (none) Explanation Explanation/Reference: QUESTION 140 An engineer set up a multicast network design using using all three Cisco supported PIM modes. Witch are two characteristics of Bidirectional PIM in this situation are true? (choose two) A. B. C. D. E.
In a Bidirectional PIM, the RP IP address does not need to be a router a Bidirectiona Bidirectionall PIM, the RP IP address can can be shared with any any other router router interface interface A cisco router router cannot cannot support all all three PIM PIM modes simultaneo simultaneously usly Membership Membership to a bidirectional bidirectional group group is signaled via explicit explicit join messages messages Bidirectio Bidirectional nal PIM is designed designed to be a used for one-to-many one-to-many applicat application ion
Correct Answer: BD Section: (none) Explanation Explanation/Reference: Correct Answer: BD Section: (none) Explanation Explanation/Reference: QUESTION 141 The network engineering team is interested in deploying NAC within the enterprise network to enhance security. What deployment model should be used if the team requests that the NAC be logically inline with clients? A. B. C. D.
Layer 2 in-band Laye Layerr 2 out-of out-of-ba -band nd Laye Layerr 3 in-b in-ban and d Layer Layer 3 outout-of-b of-band and
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 142 Which NAC design model matches the following definitions? - NAS is deployed centrally in the core or distribution layer. - Users are multiple hops away from the Cisco NAS. - After authentication and posture assessment the client traffic no longer passes through the Cisco NAS. - PBR is needed to direct the user traffic appropriately A. B. C. D.
Layer 3 in-band virtual virtual gateway Layer Layer 3 out-of-band out-of-band with addressing addressing Layer Layer 2 in-band in-band virtual virtual gatewa gateway y Layer Layer 2 out-of-b out-of-band and virtual virtual gateway gateway
Correct Answer: B Section: (none)
Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 143 Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation? A. B. C. D.
Layer 2 out-of-band Laye Layerr 2 in-b in-ban and d Layer Layer 3 outout-of-b of-band and Laye Layerr 3 in-b in-ban and d
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 144 While designing a QoS policy for an organization, a network enginer is determining the method to limit the output rate of traffice whitin the real-time queue. How must the limiting of traffic within the real-time queue occur? A. B. C. D.
The traffic must be remarked remark ed to a low pritorty to and allowed pass The traffic traffic must be policed policed and and not allow allowed ed to pass pass The traffic within within the the real-time real-time queue must not not be limited limited The traffic must be shaped shaped to allow allow for it to be transmitted after the tokens have have been replenished replenished
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 145 About readly-scale server virtualization virtualization A. Transperant interconnection of lots of links B. C. D. Corre Correct ct Ans Answe wer: r: Section: (none) Explanation Explanation/Reference: Correct Answer: A Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 146 Which option is a Fundamental proccess of the cisco TrustSec tecnology? A. B. C. D.
Marketing Detec etecti tio on Propa Propaga gati tion on Priori Prioriti tiza zati tion on
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Cisco TrustSec is defined in three phases: classification, propagation, and enforcement QUESTION 147 About how to avoid overrunning overrunning the 50 Mbps on company bandwidth bandwidth A. B. C. D. E.
CIR police sha shaping ping ACL rate rate-l -lim imit it
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: Because it is company they shape the SP police may be there is more info in the question QUESTION 148 An engineer is designing a network network with OSPF and must filter ingress routes form a partnet network that is also running OSPF. Which two desing options are available for this config? Choose two A. B. C. D. E.
Use a different routing protocol usch as EIGRP between the networks Configure a diferent diferent OSPF area that that would prevent any unwanted routes form entering the network Use a distributi distribution-li on-list st in the OSPF OSPF process to filter filter out the routes routes Use access list list on the ingress interface interface to prevent prevent the routes routes form entering entering the network network Design a filter using prefix list to ensure that the routes are filtered out at the redistribution point
Correct Answer: CE Section: (none) Explanation Explanation/Reference:
Correct Answer: CE Section: (none) Explanation Explanation/Reference: @crossbar "I would choose CE" QUESTION 149 New Question. Which desing tecnology allows two cisco catalyst chassis to use SSO and NSF to provide nonstop communication even if one of the menber chasis fails? A. B. C. D.
Auto chassis detect VSS VPc Peer Peer Gate Gatewa way y
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: A VSS operates with stateful switchover switchover (SSO) redundancy if it meets the following following requirements: -Both supervisor engines must be running the same software version. -VSL-related configuration in the two chassis must match. -PFC mode must match. -SSO and nonstop forwarding (NSF) must be configured on each chassis. QUESTION 150 New Question. While designing a backup BGP solution, a network engineer wants to ensure that a single router with multiplex connections prefers the routes from a specific connection over all others. Which BGP path selection attribute is considered first when seleccting a route? A. B. C. D. E.
As-Length Link Link Band Bandwi widt dth h Loca Locall prefe preferen rence ce Wei Weight MED
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: QUESTION 151 New Question. A data center has several bussines parthen who want to have their compute resources installed. the data center uses one vlan to support vendor equipment and requieres limited visibility and connectivity betbeen vendor servers. which segmentation concept sastisfies theses requierements? A. Ip NAT B. Priv Privat ate e vlan vlans s C. Lan Lan to to lan lan vpn vpn
D. Prote Protect cted ed vla vlans ns
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 152 New Question. Which cisco NX-OS feature can be used to build highly scalable layer 2 multipath networks without utilizing the spanning tree protocol? A. B. C. D.
OTV Fabr Fabric icPa Path th vPC MST
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: From the FLG 4th Ed. page 403: "Cisco FabricPath brings routing techniques from Layer 3 to solve Layer 2 loop problems" Layer 2 loop problems are what STP was designed to solve and the mentioned routing techniques are done by IS-IS (page 404): "Cisco FabricPath uses extensions to the Intermediate System-to-Intermediate System (IS-IS) protocol to exchange unicast and multicast location and reachability information and to forward traffic in the network using Cisco FabricPath headers. (IS-IS forms the underlay network for the FabricPath and enables the underlay fabric to be a nonblocking Layer 3-r outed network with ECMP forwarding)." QUESTION 153 New Question. How to apply firewall mode that shares ACL NAT A. Router mode B. Tran Transp spar aren entt C. D. Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: @xjuankx
QUESTION 154 New Question. All links between distribution and core layer m ust be active, how can we archive this goal? Choose two A. B. C. D. E.
Equal-cost links Uneq Unequa uall-co cost st links links HSRP IGP PVRSTP+ TP+
Correct Answer: AD Answer: AD Section: (none) Explanation Explanation/Reference: Correct Answer: AD Section: (none) Explanation Explanation/Reference: @Hlubik QUESTION 155 New Question. Something like, engineer has to deploy a firewall where the ACLs, NAT, and management are separated for his customers. Which mode do you need to run it in? A. B. C. D. E.
Transparent Mult Multic icon onte text xt Routed IPS
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 156 New Question. D&D (We need more info for add.) A. B. C. D. Corre Correct ct Ans Answe wer: r: Section: (none) Explanation Explanation/Reference: Correct Answer: Section: (none) Explanation Explanation/Reference:
QUESTION 157 New Question. During the integration of a new company, a network engineering team discovery ** ip address scape overlaps **the two company***. Which two technologies can be used to allow overlapping ip address to conec on shared nwtwork infraestructure?(chose two) A. B. C. D. E.
VRF OTV NAT HSRP VPN
Correct Answer: AC Answer: AC Section: (none) Explanation Explanation/Reference: Correct Answer: AC Section: (none) Explanation Explanation/Reference: QUESTION 158 About interconnecting with new company , both companies uses OSPF and the questions questions is about how should you filter the ingress traffic between them A. B. C. D.
Use eigrp on the other company Use distri distribut bute-l e-list ist Use Use prefi prefixx-li list st Use ACL
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 159 New Question. Where should loop guard the implemented in a campus network design? A. B. C. D.
Ports configured with port fast Altern Alternate ate ports ports only only Ports configured configured with with root root guard guard Alternate, Alternate, backup and root ports
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 160
New Question. Refer to the exhibit. An engineer must apply IP addressing to five new WAN sites and choses the new subnets pictured. The previous administrator applied the addressing at Headquarters. Whitch option is the minimum summary range to cover the existing WAN sites while also allowing for three additional WAN sites of the same size, for future growth? A. B. C. D. E.
10.0.60.0/18 10.0 10.0.6 .64. 4.0/ 0/21 21 10.0 10.0.6 .64. 4.0/ 0/17 17 10.0 10.0.0 .0.0 .0/1 /17 7 10.0 10.0.6 .64. 4.0/ 0/18 18
Correct Answer: E Section: (none) Explanation Explanation/Reference: Correct Answer: E Section: (none) Explanation Explanation/Reference: QUESTION 161 New Question. Which twho options are features of a scalable cluster design utilizing Cisco ASA firewalls? (Choose two) A. B. C. D. E.
Each cluster supports up to 10 ASA devices. The design design supports supports up to 100 Gbps Gbps of aggregate aggregate traffic. traffic. Each member member of the cluster cluster can forward forward every every traffic flow. flow. The design design supports supports up to 1 Terabyte Terabyte of aggregate aggregate traffic. traffic. The ASA cluster cluster active actively ly load load balances balances traffic traffic flows. flows.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference: Correct Answer: BC Section: (none) Explanation Explanation/Reference: QUESTION 162 New Question. Which action should be taken when implementing a preferred IPS design? A. B. C. D.
Place the management interface on a separate VLAN Place all sensors on PVLAN PVLAN community community ports Place the management management interfa interface ce on the the same VLAN VLAN Place the the monitoring monitoring interface interface on the inside inside network network
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 163 New Question. How does OTV provide ST P isolation? A. B. C. D.
By using STP root optimization optimization By usin using g BPDU BPDU gua guard rd By drop droppin ping g BPDU BPDU packet packets s By usin using g BPDU BPDU filter filtering ing
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 164 New Question.A LAN infrastructure consists of swiches from multiple vendors. Spanning Tree is used as a Layer 2 loop prevention mechanism. All configured VLANs must be grouped in two STP instances. Which standards-based Spanning Tree technology must be used? A. B. C. D.
MSTP Rapid apid PVST PVST ST P RSTP
Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference:
Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 165 New Question. A network team is designing a Layer 3 Data Center Interconnect between two data centers. There is a requirement for all links of equal bandwidth be utilized, have automatic failover, and not use any building technology. Which routing function must be used to achieve this requirement? A. B. C. D. E.
BGP router reflectors Equal Equal cost cost multipa multipath th routin routing g Virtua Virtuall private private LAN LAN service service Virtu Virtual al link links s Policy Policy-ba -based sed routin routing g
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 166 New Question. An engineer is redesigning the infrastructure for a campus enviroment. The engineer must maximize the use of the links between the core and distribution layers. By witch two methods can this usage be maximized? (choose two) A. B. C. D. E.
Design the links between the core and and distribution layers layers HSRP Design Design the links between between the core and distribu distribution tion layers layers to use an IGP Design Design the links between between the core and distribu distribution tion layers layers to use RPVSTP+ Design with with multiple equal-cost equal-cost links between between the core core and distribution distribution layers layers Design with with multiple unequal-cost links links between the core and distribution layers
Correct Answer: AD Answer: AD Section: (none) Explanation Explanation/Reference: Correct Answer: AD Section: (none) Explanation Explanation/Reference: QUESTION 167 New Question. An engineer must create this design: - Restrict cetain networks from being advertised to remote branches connected via eBGP - Prohibit advertisement of the specific prefix to external peer only Which BGP community must be configured to meet these requirements? A. B. C. D.
gshut internt local ocal-a -as s no-e no-exp xpor ortt
E. no-a no-adv dver erti tise se
Correct Answer: D Section: (none) Explanation Explanation/Reference: Correct Answer: D Section: (none) Explanation Explanation/Reference: https://learningnetwork.cisco.com/thread/58299 https://tools.ietf.org/html/rfc1997 QUESTION 168 New Question. An engineer is working on an OSPF network design and wants to minimize the failure detection time and the impact on the router CPU. Witch technology accomplishes this goal? A. B. C. D.
LSA pacing LSA delay delay interv interval al B FD Fast Fast hel hello los s
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: QUESTION 169 New Question. An engineer wants to assure that host can locate routers that can be used as a gateway to reach IPbased devices on other networks. Which first hop redundancy protocol accomplishes this goal? A. B. C. D. E.
VRRP GLBP IRDP HSRP GSLB
Correct Answer: C Section: (none) Explanation Explanation/Reference: Correct Answer: C Section: (none) Explanation Explanation/Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhpirdp.html QUESTION 170 New Question. What added enforcement feature is avaiable on IDS-based devices to terminate active malicious traffic?
A. B. C. D.
Signature detection TCP TCP rese resett SNMP SNMP aler alertt Layer Layer 4 fil filteri tering ng
Correct Answer: B Section: (none) Explanation Explanation/Reference: Correct Answer: B Section: (none) Explanation Explanation/Reference: QUESTION 171 New Question. Layer3 segmentation but I can't recall the question A. Multihop MPLS B. Hop-by Hop-by-Ho -Hop p VRF-Li VRF-Lite te C. D. Correct Answer: A Answer: A Section: (none) Explanation Explanation/Reference: Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 172 L2 covergence optimization or thereabout (choose Two) A. B. C. D.
MSTP Rapi Rapid d PVST PVST+ + Allo Allow w all all vlan vlan Prune Prune unw unwant anted ed vla vlans ns
Correct Answer: AB Answer: AB Section: (none) Explanation Explanation/Reference:
QUESTION 173 New question ACI about EPG sharing resources A. Application profile B. Contr ontra act C. D. Correct Answer: AB Answer: AB
Section: (none) Explanation Explanation/Reference: