AT5.8-1.v _q214_Crabber-special

Transcription

1 AT5.8-1.v _q214_Crabber-special Number: Passing Score: 800 Time Limit: 120 min File Version: Cisco Designing Cisco Network Service Architectures (ARCH) v2.1 Version: 5.8 Self Study v2 Refers to Cisco Press-Designing Cisco Network Service Architectures 2nd Edition - Jan2009 Cisco Exam source: Cisco.Actualtest v by.JTA.274q.vce

2 Exam A QUESTION 1 Which of these Layer 2 access designs does not support VLAN extensions? A. FlexLinks B. loop-free U C. looped square D. looped triangle Correct Answer: B /Reference: A.Self-study v2 Page 223 Refer Table C Self-study v2 Page 214 D Self-study v2 Page 213 QUESTION 2 As a critical part of the design for the Enterprise Campus network, which of the following two are true concerning intrusion detection and prevention solution? (Choose two) A. IDS is capable of both inline and promiscuous monitoring, while IPS is only capable of promiscuous monitoring B. IDS will stop malicious traffic from reaching its intended target for certain types of attacks. C. IPS processes information on Layer 3 and 4 as well as analyzing the contents and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7) D. IPS inspects traffic statefully and needs to see both sides of the connection to function properly E. IDS placement at the perimeter of Data Center outside the firewall generates many warnings that have relatively low value because no action is likely to be taken on this information Correct Answer: CD /Reference: C Self-study v2 Page 389 E Self-study v2 Page 392 (pg 444 3rd edition) C & D x (A) IPS is usually capable of both inline (IPS feature) and promiscuous (IDS feature) monitoring, but IDS is capable of promiscuous monitoring only. (C) Not only is the inline device processing information on Layers 3 and 4, but it is also analyzing the contents and payload of the packets for more sophisticated embedded attacks (Layers 3 to 7). This deeper analysis lets the system identify and stop or block attacks that would normally pass through a traditional firewall device. (D) (pg 450 3rd edition) an IPS sensor inspects traffic statefully and needs to see both sides of the connection to function properly, asymmetric traffic flows may cause valid traffic to be dropped. Maybe incorrect due to "at the perimeter of Data Center"??? I don't think the Data Center is connected to the Internet, therefore placing the IDS outside it's firewall would generate a lot of alarms. x (E) (pg 448 3rd edtion) placement outside the firewall generates many warnings that have relatively low value because no action is likely to be taken on this information. An IDS outside the firewall can detect all attacks and will generate a lot of alarms but is useful for analyzing

3 what kind of traffic is reaching the organization and how an attack is executed. QUESTION 3 OSPF stub areas are an important tool for the Network designer; which of the following two should be considered when utilizing OSPF stub areas? A. OSPF stub areas increase the size of the LSDB with the addition of Type 3 and 5 LSAs B. OSPF not so stubby areas are particularly useful as a simpler form of summarization C. OSPF stub areas are always insulated from external changes D. OSPF stub areas can distinguish among ASBRs for destinations that are external to the OSPF domain E. OSPF totally stubby cannot distinguish among ABRs for the best route to destinations outside the areas Correct Answer: CE /Reference: My opinion: I believe C & E are more relevant. x (B) (pg 117 3rd edition) The various kinds of OSPF stub areas can be thought of as a simpler form of summarization. The point of using OSPF stub areas, totally stubby areas, not-so-stubby areas (NSSA), is to reduce the amount of routing information advertised into an area My opinion: don't think they are "particularly useful", they can just be thought of as a "simpler form". (C) (pg 133 3rd edition) Stub areas, totally stubby areas, and summary routes not only reduce the size of the LSA database, but they also insulate the area from external changes My opinion: Not wild about "always" but stub areas only get a default route from external routes x (D) I don't believe stub areas know anything about ASBRs, they only get a default route from an ABR (E) (pg 135 3rd edition) Totally stubby areas cannot distinguish one ABR from another, in terms of the best route to destinations outside the area. (pg 134 3rd edition) Stub areas cannot distinguish among ABRs for destinations external to the OSPF domain (redistributed routes). Unless the ABRs are geographically far apart, this should not matter. Totally stubby areas cannot distinguish one ABR from another, in terms of the best route to destinations outside the area. Unless the ABRs are geographically far apart, this should not matter QUESTION 4 Which two statements are correct regarding Flex Links? (Choose two) A. An interface can belong to multiple Flex Links. B. Flex Links operate only over single pairs of links. C. Flex Link pairs must be of the same interface type D. Flex Links automatically disable STP so no BPDUs are propagated E. Failover from active to standby on Flex Links takes less than a second Correct Answer: BD /Reference: B Self-study v2 Page 220 D Self-study v2 Page 220 QUESTION 5

4 Which of these technologies is characterized as being a multipoint Layer 2 VPN that connects two or more customer devices using Ethernet bridging techniques? A. DPT B. MPLS C. VPLS D. CWDM E. DWDM F. SONET/SDH Correct Answer: C /Reference: C Self-study v2 Page 176 QUESTION 6 Why is STP required when VLANs span access layer switches? A. to ensure a loop-free topology B. to protect against user-side loops C. in order to support business applications D. because of the risk of lost connectivity without STP E. for the most deterministic and highly available network topology Correct Answer: A /Reference: B Self-study v2 Page 47 (pg 38 3rd edition) You may need to implement STP for several reasons: When a VLAN spans access layer switches to support business applications. To protect against user-side loops... STP is required to ensure a loop-free topology (A) To support data center applications on a server farm QUESTION 7 When designing the IP routing for the Enterprise Campus network, which of these following two ibgb considerations should be taken into account? A. ibgb dual horning with different isps puts the Enterprise at the risk of becoming a transit network B. ibgp requires a full mesh of ebgp peers C. Routers will not advertise ibgp learned routes to other ibgp peers. D. The use of route reflections or Confederation eliminate any full mesh requirement while helping to scale ibgp

5 E. igbp peers do not add any information to the AS path Correct Answer: CE /Reference: C Self-study v2 Page 145 The full mesh of IBGP routers is needed because IBGP routers do not re-advertise routes learned via IBGP to other IBGP peers D Self-study v2 Page 145 scale ibgp: route reflectors and confederations (C) Routers will not advertise ibgp learned routes to other ibgp peers (pg 145) The full mesh of IBGP routers is needed because IBGP routers do not re-advertise routes learned via IBGP to other IBGP peers x (D) Use of route reflectors or Confederation eliminate any full mesh requirement while helping to scale ibgp ( any full mesh?) (pg 145) scale ibgp: route reflectors and confederations (pg 150 3rd edition) Route reflectors must still be fully IBGP meshed with nonclients. Therefore, route reflectors reduce meshing within clusters, but all mesh links outside the cluster must be maintained on the route reflector. (E) ibpg peers do not add any information to the AS path (pg 147 3rd edition) Because IBGP peers are in the same autonomous system, they do not add anything to the autonomous system path, and they do not re-advertise routes learned via IBGP. QUESTION 8 Which virtualization technology allows multiple physical devices to be combined into a single logical device? A. device visualization B. device clustering C. server visualization D. network visualization Correct Answer: B /Reference: (pg 303 3rd edition) Device clustering allows multiple physical devices to be combined into a larger logical device QUESTION 9 Which two of these are characteristics of MPLS VPNs? (Choose two) A. Layer 3 MPLS VPNs can forward only IP packets B. Layer 2 MPLS VPNs can forward any network protocol C. MPL S label paths are automatically formed based on Layer 2 frames D. Layer 3 MPLS VPNs can forward any network protocol based on Layer 2 frames E. In Layer 2 MPLS VPNS, the service provider controls the customer Layer 3 policies Correct Answer: AB /Reference: A Self-study v2 Page 183 B Self-study v2 Page 183

6 QUESTION 10 Which technology is an example of the need for a designer to clearly define features and designed performance when designing advanced WAN services with a service provider? A. FHRP to remote branches. B. Layer 3 MPLS VPNs routing. C. Control protocols (for example Spanning Tree Protocol) for a Layer 3 MPLS service. D. Intrusion prevention, QoS, and stateful firewall support network wide. Correct Answer: B /Reference: B Self-study v2 Page 183 QUESTION 11 Which two restrictions must the Enterprise Campus network designer consider when evaluating WAN connectivity options? (Choose two) A. OSPF over multiaccess EMS or VPLS network may not have consistent broadcast or multicast performance B. IP multicast is not supported over Lover 3 MPLS VPN; instead a Layer 2 MPLS WN must be utilized with service provider support C. QoS requirements with MPLS-VPN must be implemented by the service provider D. Hierarchical VPLS designs are the least scalable E. IGMP snooping is not on option with VPLS or EMS; instead administrative scoping or allowing sufficient bandwidth for unnecessary multicast traffic at the edge links is required Correct Answer: AE /Reference: A Self-study v2 Page 181 C Self-study v2 Page 181 B - False - Self-study v2 Page 184 C - False - Self-study v2 Page 184 E - False - Self-study v2 Page 182 E is stated word by word in self study page 181, as I said C is not a must as it says in same ref page 183 Using Layer 3 VPNs allows the customer to implement QoS internally. if A in exam would be multiaccess there is no doubt that answer is A,E unless I will go with C,E, exam does say "multiaccess" (A) (pg 186 3rd edition) One concern when using the Open Shortest Path First (OSPF) routing protocol is that the multiaccess network might not have consistent broadcast or multicast performance. (E) (pg 187 3rd edition) IGMP snooping is not an option with VPLS or EMS. One conclusion is that VPLS designers with customer networks that have significant amounts of multicast need to use administrative scoping to limit the propagation of multicast packets, or else allow sufficient bandwidth for unnecessary multicast traffic at the edge links. QUESTION 12 There are 3 steps to confirm whether a range of IP address can be summarized. When of the following is used

7 in each of these 3 steps? A. The first number in the contiguous block of addresses B. The last number in the contiguous block of addresses C. The size of the contiguous block of addresses D. The subnet mask of the original network address Correct Answer: C /Reference: C Self-study v2 Page 103 A block of IP addresses might be able to be summarized if it contains sequential numbers in one of the octets QUESTION 13 Which of these recommendations is most appropriate for the core layer in the Cisco Campus Architecture? A. Utilize Layer 3 switching B. Utilize software accelerated services C. Aggregate end users and support a feature-rich environment D. Perform packet manipulation and filtering at the core layer E. Use redundant point to-point Layer 2 interconnections when where is a link or node failure. Correct Answer: A /Reference: A Self-study v2 Page 37 The core is a high-speed, Layer 3 switching environment using hardware-accelerated services... QUESTION 14 Which of the following is true concerning best design practices at the switched Access layer of the traditional layer2 Enterprise Campus Network? A. Cisco NSF with SSO and redundant supervisors has the most impact on the campus in the Access layer B. Provides host-level redundancy by connecting each end device to 2 separate Access switches C. Offer default gateway redundancy by using dual connections from Access switches to redundant Distribution layer switches using a FHRP D. Include a link between two Access switches to support summarization of routing information Correct Answer: C /Reference: C Self-study v2 Page.. (pg 66 3rd edition) In traditional Layer 2-based access-distribution block designs, an FHRP is deployed at the distribution layer to ensure that the default gateway of the end hosts remains available even when one of the two redundant distribution switches fails. QUESTION 15 Which three Layer 2 access designs have all of their uplinks in an active state? (Choose three)

8 A. Flex Links B. loop free U C. looped square D. looped triangle E. loop-tree inverted U Correct Answer: BCE /Reference: QUESTION 16 In base e-commerce module designs, where should firewall perimeters be placed? A. core layer B. Internet boundary C. aggregation layer D. aggregation and core layers E. access and aggregation layers Correct Answer: A /Reference: The right answer regarding firewall perimeters is "aggregation and core layers". In "Designing Cisco Network Service Architectures (ARCH)" the firewall layers in the E-commerce module design is placed in the core and aggregation layer. See statement on page 304, 306, 307 and review questions on page 330 (item 14). A Self-study v2 Page 345 The base e-commerce design includes firewalls only in the core layer. OR Page 318 In the base design, the core layer supports the first stage of firewalls. (pg 345 3rd edition) The base e-commerce design includes firewalls only in the core layer QUESTION 17 When an Enterprise Campus network designer is addressing the merger of two companies with different IGPs, which of the following is considering a super routing design? A. Eliminate the management and support for redistribution by choosing and cutting over to a single IGP at the time of merger B. Maintain distinct pockets across a moving boundary of routing protocols, redistributing between them C. Manipulate the administrative distance of the different IGPs to be equal throughout the network D. Leave the IGPs independent without redistribution wherever communication between company entities is not required Correct Answer: B

9 /Reference: B Self-study v2 Page 116 (pg 121 3rd edition) Experience teaches that it is much better to have distinct pockets of routing protocols and redistribute QUESTION 18 From a design perspective which two of the following OSPF Statements are most relevant? (Choose two) A. OSPF stub areas can be thought of as a simple form of summarization B. OSPF cannot filter intra area routes C. An ABR can only exist in two areas - the backbone and one adjacent area D. Performance issues in the Backbone area can be offset by allowing some traffic to transit a non-backbone area E. the size of an area (the LSDB) will be constrained by the size of the IP MTU Correct Answer: AB /Reference: A Self-study v2 Page 111 D Self-study v2 Page 111 (I disagree) (A) (pg 117 3rd edition) The various kinds of OSPF stub areas can be thought of as a simpler form of summarization. The point of using OSPF stub areas, totally stubby areas, not-so-stubby areas (NSSA), is to reduce the amount of routing information advertised into an area (B) (pg 117 3rd edition) Because OSPF cannot filter routes within an area, there still will be within-area flooding of link-state advertisements (LSA). OSPF cannot filter prefixes within an area. It only filters routes as they are passed between areas at an Area Border Router (ABR). (pg 142 3rd edition) In general, the recommendation is to avoid virtual links when you have a good alternative. OSPF virtual links depend on area robustness and therefore are less reliable than a physical link. Virtual links add complexity and fragility; if an area has a problem, the virtual link through the area has a problem. Also, if you rely too much on virtual links, you can end up with a maze of virtual links and possibly miss some virtual connections. QUESTION 19 When is a first-hop redundancy protocol needed in the distribution layer? A. when the design implements Layer 2 between the access and distribution blocks B. when multiple vendor devices need to be supported C. when preempt tuning of the default gateway is needed D. when a robust method of backing up the default gateway is needed E. when the design implements Layer 2 between the access switch and the distribution blocks F. when the design implements Layer 2 between the access and distribution blocks Correct Answer: E /Reference: x (D) (pg 66) HSRP and VRRP with Cisco enhancements both provide a robust method of backing up the default gateway

10 (E) My opinion: assuming blocks means a pair of switches QUESTION 20 Which two statements about layer 3 access designs are correct? (Choose two.) A. IP address space is difficult to manage. B. Broadcast and fault domains arc increased C. Convergence time is fractionally slower than STP D. Limits on clustering and NIC teaming are removed E. Fast uplink convergence is supported tor failover and fallback Correct Answer: AE /Reference: A Self-study v2 Page 227 E Self-study v2 Page 226 QUESTION 21 Which two statements about SCSI are true? (Choose two) A. The bus is limited to 32 devices B. It is a full duplex serial standard C. It is a half-duplex serial standard D. It allows up to 320 MB/s of shared channel bandwidth Correct Answer: CD /Reference: QUESTION 22 What are two characteristics of Server Load Balancing router mode? (Choose two) A. The design supports multiple server subnets B. An end-user sees the IP address of the real server C. SLB routes between the outside and inside subnets D. The source or destination MAC address is rewritten, but the IP addresses left alone E. SLB acts as a "bump in the wire" between servers and upstream firewall or Layer 3 devices Correct Answer: AC /Reference: A Self-study v2 Page 308 C Self-study v2 Page 308 (pg 377 3rd edition) (A) The private subnets are subnets B and C in Figure 7-8. (C) A SLB in Router Mode Routes Between Outside and Inside Subnets x (D) (pg 378 3rd edition, transparent mode) each server farm must be in one IP subnet because the SLB

11 changes the MAC address associated with the VIP to the specific MAC address of a physical server to direct traffic to the appropriate physical server. QUESTION 23 When designing the Network Admission Control (NAC) Appliance for the Enterprise Campus Network, which of the following requirements would help the designer to narrow down the NAC choices, from Virtual Gateway to Real IP Gateway, or from In-band to Out-band? A. QoS ToS/DSCP values are required to be forwarded transparently B. Device redundancy is required C. Per-user ACL support is required D. Multicast service support is required Correct Answer: C /Reference: Self-study v2 Page 375 in-band design NAS supports per-user ACLs. (pg 375 3rd edition) in-band design NAS supports per-user ACLs. QUESTION 24 Which unique characteristics of the Data Center Aggregation layer must be considered by an Enterprise Campus designer? A. Layer 3 routing between the Access and Aggregation layers facilities the ability to span VLANs across multiple access switches, which is a requirement for many server virtualization and clustering technologies. B. "East-west" server-to-server traffic can travel between aggregation modules by way of the core, but backup and replication traffic typically remains within an aggregation module. C. Load balancing, firewall service, and other network service are commonly integrated by the use of service modules that are inserted in the aggregation switched. D. Virtualization tools allow a cost effective approach for redundancy in the network design by using two or four VDCs from the same physical switch. Correct Answer: C /Reference: (pg 193 3rd edition) The aggregation layer supports integrated service modules that provide services such as security, load balancing, content switching, firewall, Secure Sockets Layer (SSL) offload, intrusion detection, and network analysis. QUESTION 25 How does the Ethernet Relay Service use the VLAN tag? A. to provide service internetworking B. to support transparency for Layer 2 frames C. as a connection identifier to indicate destination D. as a mapping to the DLCI in service internetworking E. to provide a trunk by which all VLANs can navigate from one site to one or multiple sites Correct Answer: C

12 /Reference: Self Study v2 - Page171,172 QUESTION 26 What is the most common mode for a firewall? A. routed mode B. context mode C. bridged mode D. transparent mode E. full security mode Correct Answer: A /Reference: Self Study v2 - Page303 QUESTION 27 Refer to the exhibit. The Cisco Nexus 1000v in the VMware vsphere solution effectively creates an additional access layer in the virtualized data center network, which of the following 1000v characteristics can the designer take advantage of? A. Offloads the STP requirement from the external Access layer switches B. If upstream access switches do not support vpc or VSS the dual-homed ESX host traffic can still be distributed using virtual port channel host mode using subgroups automatically discovered through CDP C. Allow transit traffic to be forwarded through the ESX host between VMNICs D. Can be divided into multiple virtual device contexts for service integration, enhanced security, administrative boundaries, and flexibility of deployment Correct Answer: B /Reference: My opinion: B - Exhibit depicts connecting to access layer switches, not functionality

13 (B) If upstream access switches do not support vpc or VSS the dual-homed ESX host traffic can still be distributed using virtual port channel host mode using subgroups automatically discovered through CDP Virtual Port Channel Host Mode Virtual Port Channel Host Mode (vpc-hm), shown in Figure 5-33, allows a port channel from the Cisco Nexus 1000V to be terminated on two separate upstream switches, even if these switches do not support a clustering technology, such as vpc or VSS. If the upstream switches do not support vpc or VSS, it is important to ensure that traffic from a specific VM is always forwarded to the same upstream access switch. Distributing traffic across the two physical access switches would cause the MAC address table entry for that VM to be continually updated, resulting in unstable MAC address tables in the upstream switches. To ensure that traffic is correctly distributed across upstream access switches, the Cisco Nexus 1000V supports vpc-hm. This allows a port channel to be created that contains links that are terminated on different physical access switches. The port channel is divided into two subgroups, one for each access switch. These subgroups can be automatically discovered through the Cisco Discovery Protocol or manually configured if the upstream switches do not support Cisco Discovery Protocol. x (D) describes VDC. Different VDC design options can use this feature for service integration, enhanced security, administrative boundaries, or flexibility of hardware deployment during changing business needs QUESTION 28 What two descriptions best define DWDM? (Choose two) A. a WDM system that is compatible with EDFA technology B. an optical technology for transmitting up to 16 channels over multiple fiber strands C. an optical technology for transmitting up to 32 channels over multiple fiber strands D. a technology for transmitting multiple optical signals using less sophisticated transceiver design then CWDM E. a technology for transmitting more closely packed optical signals using more sophisticated transceiver designs than CWDM Correct Answer: AE /Reference: Self study v2 - Page164 The tighter channel spacing in DWDM requires more sophisticated, precise, and therefore more expensive transceiver designs. Because of the EDFA compatibility of the wavelengths used, DWDM is also available over much longer distances than CDWM (pg 164 3rd edtion) The tighter channel spacing in DWDM requires more sophisticated, precise, and therefore more expensive transceiver designs. Because of the EDFA compatibility of the wavelengths used, DWDM is also available over much longer distances than CDWM QUESTION 29 Which two characteristics are true of IVRs? (Choose two) A. They are known as fabric routing B. They cannot span multiple switches C. Their connectivity is supported by Layer 2 D. They enable devices in different VSAN fabrics to communicate E. They require that multiple switch fabrics be merged before they can function Correct Answer: AD

14 /Reference: Self study v2 - Page269 QUESTION 30 Which of these is a correct description of Stateful Switchover? A. It will only become active after a software failure B. It will only become active after a hardware failure C. It requires that Cisco N3F be enabled in order to work successfully D. It synchronizes the MAC, FIB, and adjacency tables between Active and Standby Route Processors Correct Answer: D /Reference: Self Study v2 - Page42 (pg 33 3rd edition) QUESTION 31 Which technology is best suited for the most scalable means to separate the data plane for a Layers VPN? A. GRE B Q C. MPLS D. L2TPv3 Correct Answer: C /Reference: Self Study v2 - Page45 (pg 307 3rd edition) This method is the most scalable method that you can use to build end-to-end Layer 3 VPNs QUESTION 32 Refer to the exhibit.

15 Which recommended practice is applicable? A. If no core layer is deployed, the design will be easier to scale B. A dedicated campus core layer should be deployed for connecting three or more buildings C. If no core layer is deployed, the distribution switches should not be fully meshed D. A dedicated campus core layer is not needed for connecting fewer than five buildings Correct Answer: B /Reference: Self Study v2 - Page39 As a recommended practice, deploy a dedicated campus core layer to connect three or more buildings in the enterprise campus, or four or more pairs of building distribution switches in a very large campus QUESTION 33 To which switch or switches should you provide redundant links in order to achieve high availability with reliable fast convergence in the enterprise campus? A. to a core switch running Cisco NSF and SSO from redundant distribution switches connected with a Layer 2 link B. to a core switch running Cisco NSF and SSO from redundant distribution switches connected with a Layer 3 link C. to two core switches from redundant distribution switches connected with Layer 2 link D. to two core switches from redundant distribution switches connected with Layer 3 link E. to two core switches running Cisco NSF and SSO from two redundant distribution switches running Cisco NSF and SSO Correct Answer: D /Reference: Self Study v2 - Page36,37 Refer Figure2-3

16 NSF and SSO use to Access layer, use layer 3 for faster convergence QUESTION 34 The requirement for high availability within the Data Center network may cause the designer to consider which one of the following solutions? A. Construct a hierarchical network design using EtherChannel between a server and two VDCs from the same physical switch B. Utilize Cisco NSF with SSO to provide intrachassis SSO at Layers 2 to 4 C. Define the Data Center as an OSPF NSSA area, advertising a default route into the DC And summarizing the routes out of the NSSA to the Campus Core D. Implement network services for the Data Center as a separate services layer using active/active model that is more predictable in failure conditions Correct Answer: B /Reference: (B) (pg 254 3rd edition) The main objective in building a highly available data center network design is to avoid TCP session breakage while providing convergence that is unnoticeable, or as fast as possible. Cisco Nonstop Forwarding (NSF) with stateful switchover (SSO) are supervisor redundancy mechanisms that provide intrachassis SSO at Layers 2 to 4. x (D) (pg 229 3rd edition) The active/standby model is simpler to deploy and more predictable in failure conditions, QUESTION 35 Which four Cisco priority Spanning Tree Protocol enhancements are supported with rapid per- VLAN Spanning Tree? (Choose four) A. PortFast B. UplinkFast C. loop guard D. root guard E. BPDU guard F. BackboneFast Correct Answer: ACDE /Reference: Self Study v2 - Page48 PortFast*: Causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states. Use PortFast only when connecting a single end station to a Layer 2 access port. UplinkFast: Provides from three to five seconds convergence after a direct link failure and achieves load balancing between redundant Layer 2 links using uplink groups. BackboneFast: Cuts convergence time by max_age for indirect failure. BackboneFast is initiated when a root port or blocked port on a network device receives inferior bridge protocol data units (BPDU) from its designated bridge. Loop guard*: Prevents an alternate or root port from becoming designated in the absence of BPDUs. Loop

17 guard helps prevent bridging loops that could occur because of a unidirectional link failure on a point-to-point link. Root guard*: Secures the root on a specific switch by preventing external switches from becoming roots. BPDU guard*: When configured on a PortFast-enabled port, BPDU guard shuts down the port that receives a BPDU. Unidirectional Link Detection (UDLD): Note UDLD monitors the physical configuration of fiber-optic and copper connections and detects when a one-way connection exists. When a unidirectional link is detected, the interface is shut down and the system alerted QUESTION 36 When designing remote access to the Enterprise Campus network for teleworkers and mobile workers, which of the following should the designer consider? A. It is recommended to place the VPN termination device in line with the Enterprise Edge Edge firewall, with ingress traffic limited to SSL only B. Maintaining access rules, based on the source IP of the client, on an internal firewall drawn from a headend RADIUS server is the most secure deployment C. VPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended when the remote user community is small and dedicated DHCP scopes are in place D. Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick), including at Layer 7 Correct Answer: D /Reference: A- Self-study v2 Page409 ** Self study v2 Page406 ** C Self-study v2 Page409 x (A) (pg 461 3rd edition) "Both IPsec and SSL remote-access VPNs are mechanisms to provide secure communication", so shouldn't limit to SSL x (C) (pg 465 3rd edition) Smaller organizations typically configure a few static routes to point to the VPN device and do not need RRI. D (pg 466 3rd edtion) Clientless SSL VPNs can provide more granular Layer 7 access control, including URLbased access or file server directory-level access control. QUESTION 37 Which EIGRP feature should a designer consider to limit the scope of EIGRP queries and minimize convergence time? A. Using multiple EIGRP processes B. Tuning down the EIGRP delay parameter C. EIGRP stub routing

18 D. Limiting the number of EIGRP neighbor per device Correct Answer: C /Reference: Self Study v2 - Page113 use of stub networks damps unnecessary EIGRP queries, speeding network convergence. QUESTION 38 When designing the routing for an Enterprise Campus network it is important to keep while of the following filtering aspects in mind? A. Filtering is only useful when combined with route summarization B. It is best to filter (allow) the default and summary prefixes only in the Enterprise Edge to remote sites or siteto-site IPsec VPN networks C. IGPs (for example EIGRP or OSPF) are superior to route filtering in avoiding in inappropriate transit traffic through remote nodes or inaccurate or inappropriate routing updates D. The primary limitation of router filtering is that it can only be applied on outbound updates Correct Answer: B /Reference: B - Filters can then be used so that only the default and any other critical prefixes are sent to remote sites. Page 112 (pg 118 3rd edition) EIGRP networks typically configure the default route at ISP connection points. Filters can then be used so that only the default and any other critical prefixes are sent to remote sites. In many WAN designs with central Internet access, HQ just needs to advertise default to branch offices, in effect this way to the rest of the network and to the Internet. If the offices have direct Internet access, a corporate summary can work similarly, this way to the rest of the company. QUESTION 39 When considering the design of the IPv6 address plan for the Enterprise Campus network, which of the following should serve as guidance? A. All the IPv6 subnets should use a /32 prefix B. Set aside /31 prefixes to support point-to-point links and loopback interfaces C. The IPv6 address plan should be designed to support the service block model design or integration with IPv4 D. Designate 16 subnet bits to be split up intelligently, either by OSPF area. VLAN numbering, or IPv4 mapping Correct Answer: D /Reference: (pg 108 3rd edition) QUESTION 40 Which factor is least likely to affect the scalability of a VPN design? A. number of branch offices

19 B. number of IGP routing peers C. remote Office and home worker throughput bandwidth requirements D. high availability requirements E. Supported applications Correct Answer: C /Reference: E self-study v2, Page415 (pg 491 3rd edition) Carefully consider these when selecting the technologies and platforms that are most appropriate for a given VPN design: - Number of branch offices - Connection speeds and packets per second - IGP routing peers - High availability - Supported applications (pg 471 3rd edition) just a note The task of scaling large IPsec VPNs while maintaining performance and high availability (D) is challenging and requires careful planning and design. Many factors affect scalability of an IPsec VPN design, including the number of route sites (A), access connection speeds, routing peer limits (B), IPsec encryption engine throughput, features to be supported, and applications (E) that will be transported over the IPsec VPN. QUESTION 41 Which of the following is true when considering the Server load-balancing design within the E- Commerce Module of the Enterprise Campus network? A. Routed mode requires the ACE run OSPF or EIGRP B. Bridged mode switches a packet between the public and the private subnets when it sees its MAC address as the destination C. Two-armed mode will place the SLB inline to the servers, with different client-side and a server-side VLANs D. One-armed mode, which uses the same VLAN for the client, the ACE, and the servers, requires a trafficdiversion mechanism to ensure the traffic return from the server passes though the ACE Correct Answer: D /Reference: D self-study v2, Page (pg 379 3rd edtion) In the one-armed approach, the SLB VIP and the physical servers are in the same VLAN or subnet. In the two-armed approach, the SLB device routes traffic to the physical server subnet, which can be a private subnet. QUESTION 42 Which of the following is true regarding the effect of EIGRP queries on the network design? A. EIGRP queries will be the most significant issue with respect to stability and convergence B. EIGRP queries are not a consideration as long as EIGRP has a feasible successor with a next hop AD that is greater than the FD of the current successor route C. EIGRP queries will only increase the convergence time when there are no EIGRP stubs designed in the network

20 Correct Answer: A /Reference: (pg 119 3rd edition) One of the biggest stability and convergence issues with EIGRP is the propagation of EIGRP queries QUESTION 43 Which two statements correctly identify considerations to take into account when deciding on Campus QoS Design elements? (Choose two) A. Voice needs to be assigned to the hardware priority queue B. Voice needs to be assigned to the software priority queue C. Call signaling must have guaranteed bandwidth service D. Strict-priority queuing should be limited to 50 percent of the capacity of the link E. At least 33 percent or the link bandwidth should be reserved tor default best effort class Correct Answer: AC /Reference: C - Self-study v2, Page93 A - Self-study v2, Page119 (pg 93 3rd edition) Voice needs to be assigned to the hardware priority queue. VoIP deployments require provisioning-explicit priority servicing for VoIP traffic and a guaranteed bandwidth service for call-signaling traffic. Strict-priority queuing is limited to 33 percent. At least 25 percent of the bandwidth of the link is reserved for the default best-effort class QUESTION 44 Which version of spanning tree is recommended for the enterprise campus? A. CST B. MST C. STP D. PVST+ E. RPVST+ Correct Answer: E /Reference: E - Self-study v2, Page611 Review Qn.No.4 - PVRST is RPVST+ QUESTION 45 Which two design concerns must be addressed when designing a multicast implementation? (Choose two) A. only the low-order 23 bits of the MAC address are used to map IP addresses B. only the low-order 24 bits of the MAC address are used to map IP addresses C. only the high-order 23 hits of the MAC address are used to map IP address D. only the low-order 23 bits of the IP address are used to map MAC addresses

21 E. the 0x01 uu4t MAC address prefix is used for mapping IP addresses to MAC addresses F. the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses D Correct Answer: AF /Reference: A,F - Self-study v2, Page457 As you indicated in the explanation from page 457 its says map the IP to the MAC. Not MAC to IP. It s TRICKY but D actually says you are going to use the lower-order 23 bits of the IP to map the mac address into. So in english map the MAC to the IP. That is the reverse of what you are looking for. Correct answer: A: only the low-order 23 bits of the MAC address are used to map IP addresses As you study guide indicates.it answer A.Map IP to the lower 23 of the MAC. Q49 answer is A, F and NOT D, F. I m absolutely certain of this. It s in the Cisco Official Curriculum (version 2.1) word for word. Page near bottom of page. Only the low-order 23 bits of the Layer 2 MAC address are used to map Layer 3 IP addresses. (pg 3rd edition) The translation between IP multicast and Layer 2 multicast MAC addresses is achieved by the mapping of the low-order 23 bits of the IP (Layer 3) multicast address into the low-order 23 bits of the MAC (Layer 2) address. QUESTION 46 What is the recommended practice regarding UDLD when implementing it in all fiber-optic LAN ports? A. Adjust the default hello timers to three seconds for aggressive mode B. Enable it in global mode and on every interface you need to support C. Enable it in global mode to support every individual fiber-optic interface D. Enable it to create channels containing up to eight parallel links between switches Correct Answer: C /Reference: Self-study v2, Page54 You should enable UDLD in global mode so that you do not have to enable it on every individual fiber-optic interface QUESTION 47 Which of the following two statements about Cisco NSF and SSO are the most relevant to the network designer? (Choose two) A. You can reduce outage 1 to 3 seconds by using SSO in Layer 2 environment or Cisco NSF with SSO in a Layer 3 environment. B. SSO and NSF each require the device to either be graceful restart-capable or graceful-aware. C. In a fully redundant topology adding redundant supervisor a with NSF and SSO may cause longer convergence times than single supervisors with turned IGP times D. The primary deployment scenario for Cisco NSF with SSO is in the Distribution and Core layers. E. Cisco NSF-aware neighbor relationship are independent of any turned IGP times C Correct Answer: AC

22 /Reference: A - Self-study v2, Page41 You can reduce the outage to one to three seconds in this access layer by using SSO in a Layer 2 environment or Cisco NSF with SSO in a Layer 3 environment. C - Self-study v2, Page40 In a fully redundant topology with tuned IGP timers, adding redundant supervisors with Cisco NSF and SSO may cause longer convergence times than single supervisors with tuned IGP timers QUESTION 48 Which of these statements about FSPF is true? A. It supports multipath routing B. It can run any type of storage ports C. When it is used, hop-by-hop routes are based only on the switch ID D. When it is used, path status is based on the functionality of attached ports E. It runs only on a switch fabric and cannot function in a VSAN Correct Answer: A /Reference: A - Self-study v2, Page270 (pg 325 3rd edtion) It supports multipath routing Routes hop by hop, based on only the domain ID. Runs on only E_Ports or TE_Ports and provides a loop-free topology Bases path status on a link state routing protocol. Runs on a per-vsan basis QUESTION 49 Refer to the exhibit

23 Which of the following is an advantage of device clustering utilizing Virtual Port Channels (vpc)? A. A logical star topology provides a loop free environment so that all links will be used forward traffic B. Enhanced EtherChannel hashing load balancing using the vpc peer link internal to the VPC C. The control plane functions of the Nexus switches are merged to hide the use of virtualization D. Neighboring devices connect on a Layer 3 MEC for improved packet forwarding Correct Answer: A /Reference: (A) (pg 243 3rd edition) The biggest advantage of vpc is that it enables loop-free topologies where STP is no longer actively involved in maintaining the network topology and where no links between the access and aggregation layers are blocked. x (B) Two Cisco Nexus 7000 switches can be combined into a vpc domain, allowing multichassis Link Aggregation Control Protocol (LACP) port-channel connections across the pair. Note useing LACP. x (C) (pg 237 3rd edition) The concept of VPCs is similar to the Catalyst 6500 VSS (Virtual Switching System) technology. With vpcs, however, it is an active/active backplane model, whereas the Catalyst 6500 only has one supervisor active between VSS pair switches. x (D) (pg 241 3rd edition) The vpc technology enables Layer 2 Multichassis EtherChannels (MEC) to be built between the other network device and the pair of Cisco Nexus switches. Note it's Layer 2 MEC not Layer 3 QUESTION 50

24 Which three statements about firewall modes are correct? (Choose three) A. A firewall in routed mode has one IP address B. A firewall in transparent mode has one IP address C. In routed mode, the firewall is considered to be a Layer 2 device D. In routed mode, the firewall is considered to be a Layer 3 device E. In transparent mode, the firewall is considered to be a Layer 2 device F. In transparent mode, the firewall is considered to be a Layer 3 device Correct Answer: BDE /Reference: B,D,E - Self-study v2, Page303 - Ref.Figure:7.5 also Page344 : In "Designing Cisco Network Service Architectures (ARCH)" it is clearly stated on page 334: "A transparent firewall has one IP address assigned to the entire bridge group, and uses this management address as the source address for packets originated on the firewall."

25 Exam B QUESTION 1 Which one of these statements is true concerning the data center distribution (aggregation) layer design? A. With Layer 3 at the aggregation layer, the physical loops in the topology must still be managed by STP. B. The boundary between Layer 2 and Layer 3 must reside in the multilayer switches, independent of any other devices such as firewalls or content switching devices. C. A mix of both Layer 2 and Layer 3 access is sometimes the most optimal. D. In a small data center, the aggregation layer can connect directly to the campus core, exchanging IP routes and MAC address tables. Correct Answer: C /Reference: x (A) STP would be with Layer 2 x (B) (pg 214 3rd edition) Load balancing, firewall services, and other network services are commonly integrated in the aggregation layer of the data center by using service modules that are inserted in the aggregation switches (C) (pg 231 3rd edition) Support for a mix of access layer models: The three-layer approach permits a mix of both Layer 2 and Layer 3 access models with 1RU and modular platforms, permitting a more flexible solution and allowing application environments to be optimally positioned. x (D) aggregation layer to campus core would be on Layer 3, so MAC address tables will not be shared QUESTION 2 With respect to address summarization, which of the following statements concerning IPv4 and IPv6 is true? A. The potential size of the IPv6 address blocks suggests that address summarization favors IPv6 over IPv4. B. Role based addressing using wildcard masks to match multiple subnets is suitable for IPv4, but unsuitable for IPv6. C. In order to summarize, the number of subnets in the IPv4 address block should be a power of 2 while the number of subnets in the IPv6 address block should be a power of 64. D. WAN link addressing best supports summarization with a/126 subnet fir IPv4 and a/31 for IPv6. Correct Answer: B /Reference: x (A) (pg 103 3rd edtion) To an extent, routing summarization for IPv6 is simpler than for IPv4, because you do not have to consider variable-length subnet masking (VLSM). My opinion: how it favors IPv6 over IPv4 (B) It is advantageous to build a pattern into role-based addressing and other addressing schemes so that ACL wildcards can match the pattern. This in turn supports implementing simpler ACLs. For IPv6 access lists, the wildcard masks are not usually used. All source and destination addresses are notated in the form of prefixes. Therefore, it is important that subnets that are to be grouped in an access list falling within a summarized address range. x (C) (pg 103 3rd edition) Most IPv6 subnets have a prefix length of 64 bits, so again, you are looking for contiguous blocks of /64 subnets. The number of subnets in this block should be a power of 2, and the starting number should be a multiple of that same power of 2 for the block to be summarizable.

26 QUESTION 3 The Cisco Nexus 1000V is intended to address which disadvantage of the VMware vsphere solution? A. Inability to deploy new functional servers without requiring physical changes on the network B. Complexity added by the requirement for an ESX host for each virtual machine C. Network administrators lack control of the access layer of the network D. To increase the number of physical infrastructure and the virtual machines that can be managed Correct Answer: A /Reference: A - Refer - Virtual servers can now use the same network configuration, security policy, diagnostic tools, and operational models as their physical server counterparts attached to dedicated physical network ports. (A) I beleive Cisco is talking about adding DMZ to existing structure without having to make physical changes. Can be done via VLANs and using 1000v PVLANs to increase security. May have to do with the vmware virtual switch. x (B) just plain wrong x (C) Why wouldn't network administrators have control of the access layer of the network? x (D) seems like a good answer, just don't see how it helps the number of physical ** Need better reference, answer may be by process of elimination QUESTION 4 Which of the following facts must be considered when designing for IP telephony within an Enterprise Campus network? A. Because the IP phone is a three-port switch. IP telephony extends the network edge, impacting the Distribution layer. B. Video and voice are alike in being bursty and bandwidth intensive, and thus impose requirements to be lossless, and have minimized and jitter. C. IP phones have no voice and data VLAN separation, so security policies must be based on upper layer traffic characteristics. D. Though multi-vlan access ports are set to dot1q and carry more than two VLANs they are not trunk ports. Correct Answer: A /Reference: (A) it is a 3 port swtich but should only impact Access layer. Maybe it impacts the distribution layer due to multiple VLANs? (pg 85 3rd edition) Because the IP phone is a three-port switch, IP telephony services actually extend the network edge, x (B) voice is not bandwidth intensive x (C) Voice VLAN (or auxilary) provide separation x (D) (pg 89 3rd edition) The multi-vlan access ports are not trunk ports, even though the hardware is set to the dot1q trunk. The hardware setting is used to carry more than one VLAN, but the port is still considered an

27 access port that is able to carry one native VLAN and the auxiliary. My opinion: they only carry 2 VLANs no more. QUESTION 5 Support of vpc on the Cisco Nexus 5000 access switch enables various new design options for the data center Access layer, including which of the following? A. The vpc peer link is not required for Access layer control traffic, and can instead be used to span VLANs across the vpc access switches B. A single switch can associate per-interface with more than one vpc domain C. vpc can be used on both sides of the MEC, allowing a unique 16 link EtherChannel to be built between the access and aggregation switch D. Allows an EtherChannel between a server and a access switch while still maintaining the level of availability that is associated with dual-homing a server to two different access switches Correct Answer: C /Reference: C Refer Cisco_n5k_layer2_config_gd_rel_502_N1_1_chapter8.html. When you configure the EtherChannels in a vpc ªincl. the vpc peer link channel ªeach switch can have up to 16 active links in a single EthChannel. (C) (pg 243 3rd edition) Double-sided vpc: If the access switch platform also supports vpc, as does the Cisco Nexus 5000 series, vpc can be configured on both the aggregation and access layers. This configuration allows a maximum of 16 links to be bundled into a single vpc between the aggregation and access switches QUESTION 6 Cisco Express Forwarding (CEF) is mainly used to increase packet switching speed, reducing the overhead and delays introduced by other routing techniques, increasing overall performance. Which of the following concerning CEF is recommended by Cisco? A. Use default Layer 4 hash in core. B. Use default Layer 3 hash in distribution. C. Use default Layer 4 hash in distribution. D. Use default Layer 3 hash in core and Layer 3 + Layer 4 hash in distribution layer. Correct Answer: D /Reference: D - Self-study v2 - Pg.60 QUESTION 7 Which typical enterprise campus requirement ensures that the network supports the required applications and that data flows within the required time frames? A. availability B. performance C. functionality D. manageability Correct Answer: C

28 /Reference: C - Self-study v2 - Page18 (pg 18 3rd edition) Functionality: Supports the organizational requirements. Performance: Provides desired responsiveness, throughput, and utilization on a per-application basis through the network infrastructure and services. QUESTION 8 You are the Cisco Network Designer in Cisco.com. Which of these is a Layer 2 transport architecture that provides packet-based transmission optimized for data based on a dual ring topology? A. Dynamic Trunking Protocol B. Resilient Packet Ring C. Synchronous Digital Hierarchy D. Coarse Wave Division Multiplexing Correct Answer: B /Reference: Self-study v2 - Page165,166 QUESTION 9 What two choices can you make when redundancy is required from a branch office to a regional office? (Choose two.) A. multiple Frame Relay PVCs B. dual Wan links to the regional office C. dual Wan links to another branch office D. single links - one to the regional office and one to another branch office Correct Answer: BD /Reference: B,D - Practical knowledge QUESTION 10 Which one is not the feature of the Cisco Unified Wireless Network architecture? A. network unification B. remote access C. mobility services D. network management Correct Answer: B /Reference: B - Self-study v2 Pg.517,518

29 QUESTION 11 Which two of these are correct regarding the recommended practice for distribution layer design based on the following configuration? A. use a Layer 2 link between distribution switches B. use a Layer 3 link between distribution switches C. use a redundant link to the core D. use a Layer 3 link between distribution switches with route summarization Correct Answer: CD /Reference: Refer Picture Self-study v2 - Pg.41 QUESTION 12 Which VPN management feature would be considered to ensure that the network had the least disruption of service when making topology changes? A. dynamic reconfiguration B. path MTU discovery C. auto setup D. remote management Correct Answer: A /Reference: Dynamic reconfiguration: All configuration changes should take effect without requiring a reboot of the device. Disruption of service with a fully loaded VPN device can potentially impact thousands of individual users. Reference: Arch student guide p.9-17

30 QUESTION 13 Which three components are part of the Intelligent Network Services provided by the Cisco AVVID framework? (Choose three.) A. IP telephony B. security C. IP multicasting D. QoS Correct Answer: BCD /Reference: Self Study v2 - Page20,21 QUESTION 14 Cisco IDS sensors form the eyes and ears of your Cisco network intrusion detection system. Placing sensors correctly throughout your network is crucial to successfully implementing your Cisco intrusion detection system.which two of these are characteristics of an IDS sensor? (Choose two.) A. has a permissive interface that is used to monitor networks B. is an active device in the traffic path C. passively listens to network traffic D. has a promiscuous interface that is used to monitor the network Correct Answer: CD /Reference: C,D - Self-study v2 - Pg.388 (pg 444 3rd edition) IDSs passively listen to network traffic. The IDS is not in the traffic path, but listens promiscuously to copies of all traffic on the network. QUESTION 15 Which three best practices should be implemented at the campus backbone submodule to support the server farm module? (Choose three.) A. Implement highly redundant switching and links with no single points or paths of failure. B. Implement server load balancing. C. Implement the Hot Standby Router Protocol (HSRP) for failover protection. D. Implement intrusion detection with automatic notification of intrusion attempts in place. Correct Answer: ABC /Reference: A,C,D - Self-study v2 - Page 39,40 ** Not sure why it isn't A,B,C. The book seems to be about redundancy, server load balancing and FHRP. QUESTION 16

31 As an experienced technician, you are responsible for Technical Support. One of the trainees is asking your advice on VPN Termination Device and Firewall Placement. Which of the following approaches will you recommend? A. inline with a firewall B. in a DMZ outside the firewall C. parallel with a firewall D. in a DMZ behind the firewall Correct Answer: D /Reference: D - Self-study v2 - Page 409 QUESTION 17 The network administrator would like to generate synthetic traffic using the Service Assurance Agent contained in Cisco IOS. Which CiscoWorks network management application will be used to report the latency and availability for configured traffic operations on an end-to-end and hop-by- hop (router-to router) basis? A. ngenius Real-Time Monitor B. CiscoView C. Device Fault Manager D. Internetwork Performance Monitor Correct Answer: D /Reference: D - Self-study v2 - Page 609 QUESTION 18 Cisco IDS sensors form the eyes and ears of your Cisco network intrusion detection system. Placing sensors correctly throughout your network is crucial to successfully implementing your Cisco intrusion detection system. Where can an IDS sensor be placed in an enterprise network? (Choose two.) A. core layer B. bridging two VLANs on one switch C. between two Layer 2 devices with trunking D. between two Layer 2 devices without trunking Correct Answer: CD /Reference: D - Self-study v2 - Page 393 (pg 449 3rd edition) C & D Two Layer 2 Devices (No Trunk) Two Layer 3 Devices Two VLANs on the same switch Two Layer 2 Devices (Trunked), 802.1Q trunk (B) This design allows a sensor to bridge VLANs together on the same switch. The sensor brings packets in on

32 one VLAN and out a different VLAN for traffic in the same subnet. My opinion: If only two options, I'm going with C & D. If all that apply (or 3) then B,C,D QUESTION 19 Which protocol would provide block access to remote storage over WAN links? A. iscsi B. FCIP C. SCSI-FP D. escsi Correct Answer: B /Reference: A - Self-study v2 - Page 284 (pg 339 3rd edition) My opinion is B, not sure why iscsi wouldn't work. The FCIP and iscsi stacks support block-level storage for remote devices FCIP is Fibre Channel encapsulated in IP. Its purpose is to provide connectivity between two separate SANs over a WAN iscsi is a protocol used to carry SCSI commands, responses, and data over an IP network QUESTION 20 The Cisco network-based virtual firewall service solution helps service providers to deliver cost- effective, scalable, integrated security services for enterprise customers using Cisco platforms.what is a virtual firewall? A. another name for a firewall deployed in routed mode B. another name for a firewall deployed in transparent mode C. a separation of multiple firewall security contexts on a single firewall D. a firewall that, when deployed in routed mode, can support up to 1000 VLANs per context Correct Answer: C /Reference: C - Self-study v2 - Page 352 QUESTION 21 You are the Cisco Network Designer. Which of these is least important when determining how many users a NAS can support? A. bandwidth B. number of plug-ins per scan C. total number of network devices D. number of checks in each posture assessment Correct Answer: A /Reference:

33 Refer Self study v2 - Page370 (A) (pg 429 3rd edition) Interface bandwidth is the least important calculation for determining how many users a Cisco NAS can support. QUESTION 22 When designing the WAN module within the enterprise edge, which document is used to specify the connectivity and performance agreements with the service provider? A. RFP B. RFC C. SLC/SLA D. SOW Correct Answer: C /Reference: C - Self-study v2 - Page 591 QUESTION 23 Which site-to-site VPN solution allows Cisco routers, PIX Firewalls, and Cisco hardware clients to act as remote VPN clients in order to receive predefined security policies and configuration parameters from the VPN headend at the central site? A. Easy VPN B. GRE tunneling C. Virtual Tunnel Interfaces D. Dynamic Multipoint VPN E. Group Encrypted Transport VPN Correct Answer: A /Reference: A - Self-study v2 - Page 404 QUESTION 24 Which routing protocol supports a flexible area structure using routing levels one and two? A. OSPF B. EIGRP C. IS-IS D. BGP Correct Answer: C /Reference: C - Search - routing level QUESTION 25

34 Please match the Cisco STP enahancement term to its definition.(not all options will be used.) (1) BPDU guard (2) PortFast (3) BackboneFast (4) UplinkFast (5) Loop guard (a) shuts down a port that receives a BPDU when enabled (b) cuts convergence time by max-age for indirect failure (c) prevents the alternate or root port from being designated in absence of BPDUs (d) causes Layer 2 LAN interface access port to immediately enter the forwarding state (e) helps prevent bridging loops due to uni-directional link failures on point-to-point links A. (a)-(1);(b)-(2);(c)-(4);(d)-(5);(e)-(3) B. (a)-(4);(b)-(3);(c)-(2);(d)-(5);(e)-(1) C. (a)-(3);(b)-(2);(c)-(4);(d)-(5);(e)-(1) D. (a)-(1);(b)-(3);(c)-(5);(d)-(2);(e)-(4) Correct Answer: D /Reference: Self Study v2 - Page48 Cisco offers a variety of enhancements to STP: 1. PortFast: Allows an access port to bypass STPs listening and learning phases so no need to wait 50 seconds to forward data. 2. UplinkFast: Reduces STP convergence from 50 seconds to approximately 3 to 5 seconds so no need to wait 50 seconds to forward data through alternate link 3. BackboneFast: Reduces STP convergence time for an indirect link failure. 4. LoopGuard: Helps prevent loops that could occur because of a unidirectional link failure, a software failure, or a bridge protocol data unit (BPDU) loss due to congestion 5. RootGuard: Prevents an inappropriate switch from being elected as a root bridge 6. BPDUGuard: Causes a port configured for PortFast to go into the errordisable state if a BPDU is received on the port QUESTION 26 When is the site-to-site remote access model appropriate? (Choose one.) A. for multiple ISDN connections B. for modem concentrated dial-up connections C. for a group of users in the same vicinity sharing a connection D. for use by mobile users Correct Answer: C /Reference: QUESTION 27 Which two of these are recommended practices with trunks? (Choose two.) A. use ISL encapsulation B. use 802.1q encapsulation

35 C. set ISL to desirable and auto with encapsulation negotiate to support ILS protocol negotiation D. use VTP server mode to support dynamic propagation of VLAN information across the network E. set DTP to desirable and desirable with encapsulation negotiate to support DTP protocol negotiation. Correct Answer: BE /Reference: E - Self Study v2 - Pg.52 B - Self Study v2 - Pg.51 QUESTION 28 What are three primary activities in the cycle of building an enterprise security strategy? (Choose three.) A. activity audit B. administration C. policy establishment D. technology implementation Correct Answer: ACD /Reference: QUESTION 29 For acceptable voice calls, the packet error rate should be less than % A B. 0.1 C. 1 D. 2.5 Correct Answer: C /Reference: C - Self study v2 - Pg.542 QUESTION 30 What are two design guidelines for VoIP networks? (Choose two.) A. Delay should be no more than 10 ms. B. Loss should be no more than 1 percent. C. Jitter should be less then 40 ms. D. Managed bandwidth is strongly recommended for voice control traffic. Correct Answer: BD /Reference:

36 B,D - Self study v2 - Pg.542 QUESTION 31 You are the Cisco Network Designer in Cisco.com. Which of these statements is true of clientless end-user devices? A. They do not receive unique IP addresses. B. RADIUS or LDAP is required. C. They are assigned addresses from the internal DHCP pool. D. Their traffic appears to originate from the originating host network. Correct Answer: A /Reference: A - Self study v2 - Pg.406 (A) (pg 466 3rd edition) An IP address is not assigned for clientless end-user devices: QUESTION 32 Users of a site-to-site VPN are reporting performance problems. The VPN connection employs IPSec and GRE and traverses several Ethernet segments. The VPN packets are being fragmented as they traverse the links. What would be two methods to overcome this problem? (Choose two.) A. Employ path MTU discovery. B. Set the MTU higher than 1500 bytes. C. Turn off pre-fragmentation for IPSec. D. Set the MTU value to 1400 bytes. Correct Answer: AD /Reference: A,D - Self Study v2 - Pg.440,129 QUESTION 33 You are the Cisco Network Designer in Cisco.com. Which statement is correct regarding NBAR and NetFlow? A. NBAR examines data in Layers 1 and 4. B. NBAR examines data in Layers 3 and 4. C. NetFlow examines data in Layers 3 and 4. D. NBAR examines data in Layers 2 through 4. Correct Answer: C /Reference: B - Self study v2 - Pg.579,580 QUESTION 34 Lafeyette Productions is looking for a new ISP that has improved availability, load balancing, and catastrophe protection. Which type of ISP connectivity solution would be best?

37 A. single run B. multi-homed C. stub domain EBGP D. direct BGP peering Correct Answer: B /Reference: Self Study v2 - Page293.Also refer Page342 QUESTION 35 It's a configuration that experts are calling a "firewall sandwich," with the second firewall providing a second level of load balancing after traffic down. What is meant by the term "firewall sandwich"? A. single layer of firewalling B. multiple layers of firewalling C. firewall connections in either an active or standby state D. an architecture in which all traffic between firewalls goes through application-specific servers Correct Answer: B /Reference: On page 282 in "Designing Cisco Network Service Architectures (ARCH) it says: "Using a Server as an Application Gateway" "In some architectures, all traffic between the firewall layers goes through the servers". B - Self study v2 - Pg.297 QUESTION 36 To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic? A. IPSec in tunnel mode B. IPSec in transport mode C. GRE with IPSec in transport mode D. GRE with IPSec in tunnel mode Correct Answer: D /Reference: Basic IPsec designs cannot transport IGP dynamic routing protocols or IP multicast traffic. : When support for one or more of these features are required, IPsec should be used in conjunction with other technologies such as GRE. D - Self study v2 - Pg.414,415 The right answer is "GRE with IPSec in tunnel mode". In "Designing Cisco Network Service Architectures (ARCH)" is explains, that in order to transport EIGRP routing updates, it is GRE over IPsec tunnel. See page 404.

38 (pg 470 3rd edition) Most IPsec VPNs forward data across the network using IPsec tunnel mode, which encapsulates and protects an entire IP packet. Because tunnel mode encapsulates or hides the IP header of the pre-encrypted packet, a new IP header is added so that the packet can be successfully forwarded. (pg 487 3rd edtion) Under DMVPN section Use tunnel protection mode to associate a GRE tunnel with the IPsec profile on the same router. Tunnel protection mode specifies that IPsec encryption is performed after the GRE headers are added to the tunnel packet. Both ends of the tunnel need to be protected. Use IPsec in tunnel mode. QUESTION 37 When BGP tuning is used, how is packet flow into the e-commerce module controlled? A. by tracking the status of objects along the path to the e-commerce module B. by detecting undesirable conditions along the path to the e-commerce module C. by using the MED to communicate the site preferences for traffic to multiple ISPs D. by communicating the available prefixes, routing policies, and preferences of each site to its ISP E. by moving the SLB to a position where selected traffic to and from the servers does not go through the SLB Correct Answer: D /Reference: D - Self study v2 - Pg.333 QUESTION 38 Which three objectives would be met by designing Layer 3 switching in the Campus Backbone of a medium size installation? (Choose three.) A. scale to a large size B. increase router peering C. provide a flexible topology with no spanning tree loops D. control broadcasts in the backbone Correct Answer: ACD /Reference: A,C,D - Self study v2 - Pg.225 QUESTION 39 You are the Cisco Network Designer. Which is not major scaling, sizing, and performance consideration for an IPsec design? A. connection speed B. number of remote sites C. features to be supported D. types of devices at the remote site Correct Answer: D /Reference:

39 D - Study Guide v2 - Pg.415 (pg 491 3rd edition) Many factors affect scalability of an IPsec VPN design, including the number of route sites, access connection speeds, routing peer limits, IPsec encryption engine throughput, features to be supported, and applications that will be transported over the IPsec VPN. QUESTION 40 Which enterprise caching mode eliminates the need for Layer 4 switches or WCCP enabled routers to intercept user requests? A. transparent B. proxy C. reverse proxy D. direct Correct Answer: D /Reference: D - Study Guide v2 - Pg.406 In proxy mode, end-user web browsers need to be explicitly configured to the IP address or host name of the Content Engine, and there is no need for additional hardware such as Layer 4 switches or Web Cache Communication Protocol (WCCP)-enabled routers to intercept user requests, as in transparent caching. Enterprises are normally interested in deploying transparent network caching, but some enterprises may have a legacy requirement for a proxy (nontransparent) cache. Reference: Arch student guide p (D) direct, all others I believe need a router with WCCP enabled QUESTION 41 What are two considerations to using IP Multicast delivery? (Choose two.) A. no congestion avoidance B. not for bandwidth intensive applications C. no guaranteed delivery mechanism D. source sends multiple data streams out each interface Correct Answer: AC /Reference: Self study v2 - Pg. 500 (pg 3rd 511 edition) UDP s best-effort delivery results in occasional packet drops. UDP s lack of congestion control (due to not having a windowing or slow-start mechanism like TCP has) may result in network congestion QUESTION 42 Which remote access VPN addressing technique supports a static IP address to support a specific application? A. Use a static ip addresses based on incoming user policies. B. Use DHCP to assign addresses based on incoming user policies. C. Deploy a clientless model to assign a unique address to the user.

40 D. Deploy RADIUS or LDAP to assign the address to the user. Correct Answer: D /Reference: Self study v2 - Pg. 410 (D) (pg 465 3rd edition) where the remote user needs a static IP address assignment to support a specific application, organizations must deploy RADIUS or Lightweight Directory Access Protocol (LDAP) with an attribute to assign the user the same IP. In this case, RRI may be needed. QUESTION 43 Which two of these are characteristics of an IPS device? (Choose two.) A. passively listens to network traffic B. is an active device in the traffic path C. has a permissive interface that is used to monitor networks D. traffic arrives on one IPS interface and exits on another Correct Answer: BD /Reference: Self study v2 - Pg. 389 QUESTION 44 Which three LAN routing protocols would be appropriate for a small retail organization with a multi- vendor LAN infrastructure? (Choose three.) A. IGRP B. RIP C. RIPv2 D. OSPF Correct Answer: BCD /Reference: ch05.html Note - Above or not cisco.com link, but answer the question!!! My opinion: IGRP is a proprietary Cisco routing protocol QUESTION 45 One of your customer has six sites, three of which process a large amount of traffic among them. He plans to grow the number of sites in the future. Which is the most appropriate design topology? A. full mesh B. peer-to-peer C. partial mesh D. hub and spoke

41 Correct Answer: C /Reference: Self study v2 - Pg. 420 QUESTION 46 ABC Company has 1500 managed devices and 15,000 end users on a campus network. LAN Management Solution (LMS) is being deployed as the network management application. What is the recommended number of network management server(s)? A. 1 B. 2 C. 3 D. 4 Correct Answer: A /Reference: QUESTION 47 You are the network consultant from Cisco.com.Your customer has eight sites and will add in the future. Branch site to branch site traffic is approaching 30 percent. The customer's goals are to make it easier to add branch sites in the future and to reduce traffic through the hub. Which VPN topology should you recommend? A. Easy VPN B. IPsec GRE tunneling C. Virtual Tunnel Interfaces D. Dynamic Multipoint VPN Correct Answer: D /Reference: QUESTION 48 The Schuyler and Livingston Iron Works has been working on getting its network security under control. It has set up VPN with IPSec links to its suppliers. It has installed network vulnerability scanners to proactively identify areas of weakness, and it monitors and responds to security events as they occur. It also employs extensive access control lists, stateful firewall implementations, and dedicated firewall appliances. The company has been growing very fast lately and wants to make sure it is up to date on security measures. Which two areas of security would you advise the company to strengthen? (Choose two.) A. intrusion protection B. identity C. secure connectivity D. security management Correct Answer: AB

42 /Reference: : The right answer should be identity and intrusion protection (A,B) because security management is covered by the vulnerability scanner and monitor. Topic 3, Volume C QUESTION 49 Which two of these key fields are used to identify a flow in a traditional NetFlow implementation? (Choose two.) A. source port B. output interface C. next-hop IP address D. source MAC address E. destination IP address F. next-hop MAC address Correct Answer: AE /Reference: Self study v2 - Pg.570,571 QUESTION 50 Users at the Charleville Company began experiencing high network delays when Internet connectivity was enabled for all users. After investigating the traffic flow, you determine that peer- to-peer traffic from a music download site is consuming a large amount of bandwidth. Which QoS mechanism can you implement to improve the network response time? A. Use CBWFQ to queue the peer-to-peer traffic into the default traffic class. B. Use class-based WRED to randomly drop the peer-to-peer traffic during network congestions. C. Use class-based policing to limit the peer-to-peer traffic rate. D. Use class-based shaping to delay any excessive peer-to-peer traffic. Correct Answer: C /Reference:

43 Exam C QUESTION 1 You are the network consultant from Cisco.com. Please point out two statements correctly describe an IPS device? A. It resembles a Layer 2 bridge. B. Traffic flow through the IPS resembles traffic flow through a Layer 3 router. C. Inline interfaces which have no IP addresses cannot be detected. D. Malicious packets that have been detected are allowed to pass through, but all subsequent traffic is blocked. Correct Answer: AC /Reference: Self Study v2 - Pg.389 QUESTION 2 Captain Marion's Videography delivers Internet digital video using 9 MPEG video encoders and a statistical multiplexer. Channels are packed into a 6-MHz channel bandwidth.the MPEG multiplexe monitors and allocates the appropriate bandwidth. The multiplexer measures available bandwidth and feeds back signaling to the MPEG encoders. Coding rates are then increased or decreased. Packet generation from each input source is controlled such that no packets are dropped and no extra null packets can be generated. These bandwidth and traffic requirements work best with which mode of video delivery? A. fixed broadcast B. open looped C. quality equalization D. VoD delivery Correct Answer: A /Reference: QUESTION 3 Please match the Cisco NAC appliance component to its description. (1)Cisco NAS (2)Cisco NAA (3)Rule-set Lpdates (4)Cisco NAM (a) a centralized management point (b) an in-band cr out-of-band device for network access control (c) a Windows-based client which allows network access based on the tasks running (d) a status crecker for operating systems,antivirus,antispyware,etc A. (a)-(4);(b)-(1);(c)-(2);(d)-(3) B. (a)-(3);(b)-(2);(c)-(4);(d)-(1) C. (a)-(4);(b)-(3);(c)-(1);(d)-(2)

44 D. (a)-(2);(b)-(4);(c)-(3);(d)-(1) Correct Answer: A /Reference: In "Designing Cisco Network Service Architectures (ARCH)". Study Guide v2 - Pg.368 Right answer should be: (a)-(4), (b)-(1), (c)-(2), (d)-(3) QUESTION 4 What is the first step that you would use Cisco Product Advisor for when selecting a router for an Edge solution? A. determine types of protocols to be supported B. determine the environment in which the router will be used C. select the number of WAN ports required D. select the number of LAN ports required Correct Answer: B /Reference: QUESTION 5 What is a criteria of the enterprise composite network model? A. includes all modules needed to meet any network design B. defines flexible boundaries between modules for scalability requirements C. clearly defines module boundaries and demarcation points to identify where traffic is D. requires specific core, distribution, and access layer requirements to match the model Correct Answer: C /Reference: QUESTION 6 Which routing protocol best fits these requirements? - Supported by multiple router vendors - Requires minimum router CPU and memory resources - Uses a simple routing metric - Supports manual or automatic route summarization A. EIGRP B. OSPF C. IS-IS D. RIPv2

45 Correct Answer: D /Reference: QUESTION 7 Refer to the exhibit. Which two statements about the topologies shown are correct? (Choose two.) A. Design 1 is a looped triangle design. B. Design 2 is a looped triangle design. C. Design 2 achieves quick convergence using RSTP. D. Both designs support stateful services at the aggregation layer. E. Design 2 is the most widely deployed in enterprise data centers. Correct Answer: AD /Reference: Self Study v2 - Page213,214 Refer Figure:5-14 QUESTION 8 Which two of the following Cisco router platforms support Multicast Distributed Fast Switching? (Choose two.) A series B series with NSE-1 C series

46 D series Correct Answer: CD /Reference: C,D - Self Study v2 - Page144 - (Ref to BFD) QUESTION 9 Which two of these are characteristics of multicast routing? (Choose two.) A. multicast routing uses RPF. B. multicast routing is connectionless. C. In multicast routing, the source of a packet is known. D. When network topologies change, multicast distribution trees are not rebuilt, but use the original path E. Multicast routing is much like unicast routing, with the only difference being that it has a a group of receivers rather than just one destination Correct Answer: AC /Reference: A,C - Self Study v2 - Page468,469 QUESTION 10 Which IOS QoS enhancement was created to address scalability and bandwidth guarantee issues? A. DiffServ B. IntServ C. RSVP D. WFQ Correct Answer: C /Reference: Self Study v2 - Page21 QUESTION 11 Refer to the exhibit. When deploying an MSFC and an FWSM, which statement is correct?

47 A. Proper placement depends on the VLAN assignment. B. Place it outside the firewall. C. Place it inside the firewall to make design and management easier. D. Place it inside the firewall with multiple context modes connecting to all configured contexts. Correct Answer: A /Reference: Self Study v2 - Page354 (pg 414 3rd edition) The MSFC can be placed on the inside or the outside of the firewall depending on the VLANs assigned to the FWSM. QUESTION 12 Scalability is provided in the server farm module by which of the following design strategies? A. up to 10 Gbps of bandwidth at the access level B. redundant servers at the access level

48 C. modular block design at the access level D. high port densities at the access level Correct Answer: C /Reference: Self Study v2 - Page238,239 QUESTION 13 Which three of these are major scaling, sizing, and performance considerations for an IPsec design? (Choose three.) A. connection speed B. number of remote sites C. features to be supported D. types of devices at the remote site E. whether packets are encrypted using 3DES or AES F. number of routes in the routing table at the remote site Correct Answer: ABC /Reference: Self Study v2 - Page415 QUESTION 14 What is the term for a logical SAN which provides isolation among devices physically connected to the same fabric? A. ISL B. IVR C. VoQ D. VSANs E. Enhanced ISL Correct Answer: D /Reference: Self Study v2 - Pg.268 QUESTION 15 As an experienced technician, you are responsible for Technical Support. Which of the following descriptions is correct about the characteristic of SLB one arm mode? A. This out-of-band approach supports scaling B. SLB is not inline. C. Mode is not as common as bridge or routed mode. D. Return traffic requires PBR, server default gateway pointing to SLB, or client source NAT. Correct Answer: D

49 /Reference: Self Study v2 - Page307 I believe the actual question is probably multiple choice of three: A, B & D (pg 379, 380 3rd edition) (A) (in one-armed section) Another advantage is that scaling by adding SLB devices is simple. Different VIPs can be used to send traffic to different SLB devices, and PBR or client NAT can steer replies back through the correct SLB device. Server default gateways can be used to provide services using different server pools. (B) A SLB in One-Armed Mode Is Not Inline with the Traffic x (C) The one-armed (or two-armed) mode is another popular approach for deploying SLB devices. Doesn't mention anything about which is more common. (D) The simplest way to cause return traffic to go through the SLB device is to set the server default gateway to the SLB device. Use PBR to push or deflect the appropriate outbound server traffic to the SLB device as next hop. Use client NAT, in which the client source address is replaced with the SLB address. QUESTION 16 Which design topology incurs a performance penalty since there are two encryption-decryption cycles between any two remote sites? A. peer-to-peer B. peer-to-peer C. partial mesh D. hub and spoke E. full mesh Correct Answer: D /Reference: Self Study v2 - Page420 QUESTION 17 Which statement about IDS/IPS design is correct? A. An IPS should be deployed if the security policy does not support the denial of traffic. B. An IPS analyzes a copy of the monitored traffic and not the actual forwarded packet. C. An IDS analyzes a copy of the monitored traffic and not the actual forwarded packet. D. Bandwidth considerations must be taken into account since IDS is deployed inline to traffic flow. Correct Answer: C /Reference: Self Study v2 - Page391 (pg 444 3rd edition) IDSs passively listen to network traffic. The IDS is not in the traffic path, but listens

50 promiscuously to copies of all traffic on the network. QUESTION 18 What are disadvantages to storage directly attached to the application servers? (Choose three.) A. reliability B. scalability C. redundancy D. manageability Correct Answer: BCD /Reference: Answer: A,B,D Self Study v2 - Page261 (Advantages of SAN are mentioned) B: System administrators are faced with the challenging task to managing storage and making it scalable to accommodate future needs. With storage directly attached to the server, scalability is difficult. The storage expansion capability is limited to the capacity of the server (for example, as measured by the number of I/O controllers and devices per controller configured is the server). The nature of the small computer system (SCSI) bus commonly used to connect commodity disks to a commodity server makes it difficult to allocate more disk storage without interrupting and rebooting the server, and thus affecting applications. C: No redundancy is provided Reference: Arch student guide p QUESTION 19 When designing a converged network, which measures can be taken at the building access layer to help eliminate latency and ensure end-to-end quality of service can be maintained? (Choose three.) A. rate limit voice traffic B. configure spanning-tree for fast link convergence C. isolate voice traffic on separate VLANs D. classify and mark traffic close to the source Correct Answer: BCD /Reference: Self Study v2 - Page92 **Page92 covers a few points only QUESTION 20 Which two settings must be configured in order to use the GUI to configure Call Admission Control with voice applications? (Choose two.) A. QoS must be set to Platinum B. WMM must be enabled C. QoS must be set to Gold D. TSPEC must be disabled E. Cisco Compatible Extensions must be disabled Correct Answer: AB

51 /Reference: Self Study v2 - Page530 QUESTION 21 You are the Cisco Network Designer in Cisco.com. In your company site, a NAS is both physically and logically in the traffic path. The NAS identifies clients solely based on their MAC addresses. In which access mode has this NAS been configured to operate? A. Layer 2 mode B. Layer 2 Edge mode C. Layer 3 mode D. Layer 3 In-Band mode Correct Answer: A /Reference: MAC address means Layer 2 My opinion: they are asking about access mode. That's why I wouldn't select B. (pg 430 3rd edition) Layer 2 or Layer 3 client access mode:defines whether user devices are Layer 2 or Layer 3 adjacent to the Cisco NAS Central or edge physical deployment:determines whether the Cisco NAS device is physically inline with the traffic path QUESTION 22 A Fibre Channel fabric (or Fibre Channel switched fabric, FC-SW) is a switched fabric of Fibre Channel devices enabled by a Fibre Channel switch. Fabrics are normally subdivided by Fibre Channel zoning. Each fabric has a name server and provides other services. Higher redundancy over FC-AL, P2P.Which path selection protocol is used by Fibre Channel fabrics? A. OSPF B. RIP C. FSPF D. VSANs Correct Answer: C /Reference: Self Study v2 - Page270 QUESTION 23 Which two benefits does VoFR provide? (Choose two.) A. bandwidth efficiency B. cell-switching C. congestion notification D. heterogeneous network

52 Correct Answer: AC /Reference: Search for the terms ECN, bandwidth to confirm the choices of A and C QUESTION 24 Which of these statements best describes VPLS? A. Neither broadcast nor multicast traffic is ever flooded in VPLS. B. Multicast traffic is flooded but broadcast traffic is not flooded in VPLS. C. VPLS emulates an Ethernet switch, with each EMS being analogous to a VLAN. D. Because U-PE devices act as IEEE devices, the VPLS core must use STP. E. When the provider experiences an outage, IP re-routing restores PW connectivity and MAC re-learning is needed. Correct Answer: C /Reference: Self Study v2 - Page173 (C) (pg 181 3rd edition) In VPLS, the P-network emulates an IEEE 802.1D Ethernet bridge, with each EMS being analogous to a VLAN. (pg 181 3rd edition) x (A & B) Broadcast and multicast traffic would always be flooded in VPLS. x (D) To simplify processing, the VPLS core does not use STP. Instead, it uses split-horizon forwarding, so that Ethernet frames are not sent back out on the same PW on which they were received. x(e) In the event of a provider outage, IP rerouting rapidly restores PW connectivity. In such a case, no MAC aging and relearning is needed. QUESTION 25 VLAN Tagging, also known as Frame Tagging, is a method developed by Cisco to help identify packets travelling through trunk links. When an Ethernet frame traverses a trunk link, a special VLAN tag is added to the frame and sent across the trunk link.how does ERS use the VLAN tag? A. provide service internetworking B. support transparency for Layer 2 frames C. indicate destination as a connection identifier D. map to the DLCI in service internetworking Correct Answer: C /Reference: Self Study v2 - Page171,172 QUESTION 26 What is one of the reasons that custom QoS ACLs are recommended over automatic QoS when configuring ports on a Catalyst 6500 for use with IP phones? A. 79xx IP phones do not automatically mark voice packets with non-zero DSCP values.

53 B. 79xx IP phones do not mark protocol packets such as DHCP, DNS, or TFTP with non-zero DSCP values. C. 79xx IP phones do not mark voice packets with optimal DSCP values. D. 79xx IP phones use a custom protocol to communicate CDP information to the switch. Correct Answer: B /Reference: Answer: C release/notes/ol_4498.html#wp125881cisco IP Phone 79xx phone marking ªThe Cisco IP Phone 79xx does not mark its protocol packets such as DHCP, TFTP, and DNS packets with non : zero DSCP values. This causes the IP phone to see DHCP, DNS, and/or TFTP timeouts when an uplink port on a switch is oversubscribed. This results in the IP phone taking a long time to register with the Cisco CallManager or the IP phone might not register at all. QUESTION 27 Fibre Channel, or FC, is a gigabit-speed network technology primarily used for storage networking. Fibre Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information Technology Standards (INCITS), an American National Standards Institute (ANSI) Caccredited standards committee. Which two of these correctly describe Fibre Channel? (Choose two.) A. supports multiple protocols B. works only in a shared or loop environment C. allows addressing for up to 4 million nodes D. provides a high speed transport for SCSI payloads Correct Answer: AD /Reference: Self Study v2 - Page266,267 QUESTION 28 Which two are characteristics of RSVP? (Choose two.) A. RSVP itself provides bandwidth and delay guarantees. B. For RSVP to be end-to-end, all devices must support RSVP. C. RSVP reservations are maintained by a centralized reservations server. D. An RSVP compatible QoS mechanism must be used to implement guarantees according to RSVP reservations. Correct Answer: BD /Reference: Search for the words - QOS, mechanism QUESTION 29 The Cisco MDS 9000 Series Multilayer SAN Switches can help lower the total cost of ownership of the most demanding storage environments. By combining a robust and flexible hardware architecture with multiple layers of network and storage-management intelligence, the Cisco MDS 9000 Series helps you build highly available,

54 scalable storage networks with advanced security and unified management. What method does the Cisco MDS 9000 Series use to support trunking? A. ISL B. VLAN Trunk C. VoQ D. Enhanced ISL Correct Answer: D /Reference: Self Study v2 - Page269 QUESTION 30 Which QoS requirement applies to streaming video traffic? A. one-way latency of 150 ms to 200 ms B. jitter of 30 ms or less C. packet loss of 2 percent or less D. 150bps of overhead bandwidth Correct Answer: C /Reference: Refer - (or) Search for content under title Streaming Video QUESTION 31 Headend VPN Device-Serve as VPN headend termination devices at a central campus to ensure voice packets are kept within the Committed Information Rate (CIR) of a Frame Relay link, what should be used in the CPE? A. prioritization B. classification C. fragmentation D. traffic shaping Correct Answer: C /Reference: - Self Study v2 - Page413 CPE should do the fragmentation in order to achieve the CIR for voice. Reference: 4af9.shtml Fragmentation (FRF.12) A big challenge on voice-data integration is to control the maximum one way end-toend delay for time sensitive traffic such as voice. For good voice quality, this delay needs to be less than 150 ms. An important part of this delay is the serialization delay on the interface. Cisco recommends that this be 10 ms and should not exceed 20 ms. Serialization delay is the time it takes to actually place the bits onto an

55 interface. Serialization Delay = frame size (bits) / link bandwidth (bps) For example, a 1500-byte packet takes 214 ms to leave the router over a 56 Kbps link. If a non- real-time data packet of 1500 bytes is sent, real-time (voice) data packets are queued until the large data packet is transmitted. This delay is unacceptable for voice traffic. If non-real-time data packets are fragmented into smaller frames, they are interleaved with real-time (voice) frames. In this way, both voice and data frames can be carried together on low speed links without causing excessive delay to the real-time voice traffic. For more information on fragmentation, refer to Frame Relay Fragmentation for Voice. Note:In cases where you have a dedicated half T1 connection (768 kbps), you probably do not need a fragmentation feature. However, you still need a QoS mechanism (IP RTP Priority or LLQ, in this case). The half T1 or greater speeds offer enough bandwidth to allow voice packets to enter and leave the queue within the recommended serialization delay range (10 ms, no later than 20 ms). Also, you probably do not need crtp, which helps to save bandwidth by compressing IP RTP headers, in the case of a full T1. QUESTION 32 You are the Cisco Network Designer in Cisco.com. Which layer NAS operating mode are ACL filtering and bandwidth throttling only provided during posture assessment? A. Layer 2 B. Layer 3 C. Layer 4 D. out-of-band Correct Answer: D /Reference: Self Study v2 - Page372 (pg 431 3rd edition) In out-of-band traffic flow, the Cisco NAS is in the traffic path only during the posture assessment. Out-of-band mode provides VLAN port-based and role-based access control. ACL filtering and bandwidth throttling are provided only during posture assessment. Delete use Q177 QUESTION 33 A security analysis at The Potomac Canal Company recommends installing an IDS appliance and a firewall appliance. These appliances should connect directly into a Layer 3 switch. A load balancer and SSL termination have also been recommended.potomac's management have expressed concern over the cost. You suggest using integrated blades. What is one advantage and one disadvantage of your design proposal? (Choose two.) A. The data center would need several devices to achieve its goal. B. Increased usage of standalone devices is cost-effective. C. Using integrated blades would only require two devices. D. Putting all security devices in a single chassis provides a single point of failure. Correct Answer: CD /Reference:

56 Topic 4, Volume D QUESTION 34 Which technology allows centralized storage services to be shared across different VSANs? A. IVR B. FSPF C. FICON D. SANTap Correct Answer: A /Reference: Self Study v2 - Page269 QUESTION 35 Which content networking device allows bandwidth configuration settings so that streaming content will not interfere with other network traffic? A. IP/TV Control Server B. Content Distribution Manager C. Content Engine D. IP/TV Broadcast Server Correct Answer: A /Reference: QUESTION 36 What is the purpose of IGMP in a multicast implementation? A. it is not used in multicast B. it determines the virtual address group for a multicast destination C. it dynamically registers individual hosts in a multicast group on a specific LAN D. it is used on WAN connections to determine the maximum bandwidth of a connection E. it determines whether Bidirectional PIM or PIM sparse mode will be used for a multicast flow Correct Answer: C /Reference: Self Study v2 - Page462 QUESTION 37 What is high availability? A. redundant infrastructure B. clustering of computer systems C. reduced MTBF

57 D. continuous operation of computing systems Correct Answer: D /Reference: (D) (pg 3rd edition) High availability aims to prevent outages, or at least to minimize downtime. QUESTION 38 Which two characteristics are most typical of a SAN? (Choose two.) A. NICs are used for network connectivity. B. Servers request specific blocks of data. C. Storage devices are directly connected to servers. D. A fabric is used as the hardware for connecting servers to storage devices. E. The TCO is higher because of the cost of director class storage switches. Correct Answer: BD /Reference: Self Study v2 - Page261 QUESTION 39 You are the Cisco Network Designer in Cisco.com. Which of these are important when determining how many users a NAS can support? A. bandwidth B. number of plug-ins per scan C. total number of network devices D. number of checks in each posture assessment Correct Answer: BCD /Reference: Self Study v2 - Page370 QUESTION 40 Acme Costume Company is connecting its manufacturing facilties to its stores with a small point- to-multipoint Frame Relay IP WAN. Little growth is expected in the network infrastructure.up to this point the company has been using a dial-on-demand network. Dropping WAN costs, however, have led them to consider using a highspeed WAN solution to improve access. Which two routing protocols could you deploy to support the new larger network while keeping costs down? (Choose two.) A. RIP B. RIPv2 C. EIGRP D. OSPF Correct Answer: CD

58 /Reference: QUESTION 41 The VPN termination function provides the ability to connect two networks together securely over the internet. Which of these is true of IP addressing with regard to VPN termination? A. termination devices need routable addresses inside the VPN B. termination devices need not routable addresses inside the VPN C. IGP routing protocols will update their routing tables over an IPsec VPN D. addressing designs need to allow for summarization Correct Answer: D /Reference: Self Study v2 - Page107 x (A & B) The VPN termination devices need routable IP addresses for the outside Internet connection. Private IP addresses can be used on the inside of the VPN. (D) (pg 470 3rd edition) VPN address space needs to be designed to allow for network summarization. QUESTION 42 When dealing with transparent caching, where should the Content Engines be placed? A. close to the servers B. close to the end users C. at the Internet edge D. in front of web server farms Correct Answer: B /Reference: QUESTION 43 Which of these statements is true of routing protocols in a hub-and-spoke IPsec VPN topology? A. EIGRP can summarize per interface. B. OSPF router databases remain independent. C. When they are configured with stubs, EIGRP regularly floods the topology. D. OSPF topology decisions are made independent of hierarchy or area. Correct Answer: A /Reference: Self Study v2 - Page443

59 (A) (pg 497 3rd edition) EIGRP can summarize per interface. By summarizing to the core and to the spoke, the branch routers will have fewer routes in the routing table. The distance vector characteristics of EIGRP are typically better for the hub-and-spoke VPN topology: The distance vector characteristics of EIGRP are typically better for the hub-and-spoke VPN topology. x (B) OSPF needs to synchronize router databases periodically. x (C) EIGRP is a quiet protocol when it is configured with stubs. There is no need to flood the topology database with EIGRP. x (D) OSPF brings hierarchy decisions into the hub-and-spoke topology QUESTION 44 Which two characteristics are true of a firewall running in routed mode based on the following information? A. FWSM routes traffic between the VLANs. B. FWSM switches traffic between the VLANs. C. Routed mode is often called bump-in-the-wire mode. D. Routed mode firewall deployments are used most often in current designs. Correct Answer: AD /Reference: Self Study v2 - Page303 QUESTION 45 You are the Cisco Network Designer in Cisco.com. Which of these practices should you follow when designing a Layer 3 routing protocol? A. Never peer on transit links. B. Build squares for deterministic convergence. C. Build inverted U designs for deterministic convergence. D. Summarize routes at the distribution to the core to limit EIGRP queries or OSPF LSA propagation. Correct Answer: D /Reference: Self Study v2 - Page41,64 QUESTION 46

60 Which two statements are true about MLP interleaving? (Choose two.) A. It fragments and encapsulates all packets in a fragmentation header. B. Packets smaller than the fragmentation size are interleaved between the fragments of the larger packets. C. Packets larger than the fragmentation size are always fragmented, and cannot be interleaved, even if the traffic is voice traffic. D. It fragments and encapsulates packets that are longer than a configured size, but does not encapsulate smaller packets inside a fragmentation header. Correct Answer: BD /Reference: Previous implementations of Cisco IOS Multilink PPP (MLP) include support for Link Fragmentation Interleaving (LFI). This feature allows the delivery of delay-sensitive packets, such as the packets of a Voice call, to be expedited by omitting the PPP Multilink Protocol header and sending the packets as raw PPP packets in between the fragments of larger data packets. This feature works well on bundles consisting of a single link. However, when the bundle contains multiple links there is no way to keep the interleaved packets in sequence with respect to each other. Interleaving on MLP allows large packets to be multilink encapsulated and fragmented into a small enough size to satisfy the delay requirements of real-time traffic; small real-time packets are not multilink encapsulated and are transmitted between fragments of the large packets. Note: The following URL from Cisco's website explains this feature: #wp "(Optional) Configures a maximum fragment delay. If, for example, you want a voice stream to have a maximum bound on delay of 20 milliseconds (ms) and you specify 20 ms using this command, MLP will choose a fragment size based on the configured value." Packets are fragmented when they exceed the configured maximum delay. QUESTION 47 The Cisco IOS SLB feature is a Cisco IOS-based solution that provides server load balancing. This feature allows you to define a virtual server that represents a cluster of real servers, known as a server farm. When a client initiates a connection to the virtual server, the IOS SLB load balances the connection to a chosen real server, depending on the configured load balance algorithm or predictor. Which three implementation modes may be used to deploy SLB? (Choose three.) A. Router mode B. One-arm mode C. Three-arm mode D. Bridge mode inline Correct Answer: ABD /Reference: Self Study v2 - Page307 QUESTION 48 You are the Cisco Network Designer in Cisco.com. You are designing an e-commerce module, which routing statement is correct?

61 A. Routing is mostly static. B. Hardcoded IP addresses are used to support failover. C. Inbound servers use the CSM or ACE as the default gateway. D. VLANs between the access layer switches are used for FHRP protocols. Correct Answer: A /Reference: Self Study v2 - Page319,320 (A) (pg 390 3rd editionn, base) Routing in this e-commerce module design is mostly static, x (D) is incorrect (pg 394 3rd edition) - The VLANs between the aggregation layer switches are used for FHRP or failover heart- beat detection. QUESTION 49 A network vulnerability scanner is part of which critical element of network and system security? A. host security B. perimeter security C. security monitoring D. policy management Correct Answer: C /Reference: QUESTION 50 You are the Cisco Network Designer in Cisco.com. What is the term for a logical SAN which provides isolation among devices physically connected to the same fabric? A. InterSwitch Link B. Virtua LAN C. Virtual Output Queuing D. virtual storage area network Correct Answer: D /Reference: Self Study v2 - Pg.268

62 Exam D QUESTION 1 A virtual storage area network (VSAN) is a collection of ports from a set of connected Fibre Channel switches, that form a virtual fabric. Which technology allows centralized storage services to be shared across different VSANs? A. IVR B. FSPF C. FICON D. SANTap Correct Answer: A /Reference: Self Study v2 - Page269 QUESTION 2 What four functions does Web Cache Communication Protocol (WCCP) incorporate? (Choose four.) A. load balancing B. scalability C. remote management D. fault tolerance E. service assurance Correct Answer: ABDE /Reference: QUESTION 3 Which of the following is the primary consideration to scale VPNs? A. packets per second B. number of remote sites C. throughput bandwidth D. number of tunnels Correct Answer: B /Reference: (B) (pg 471 3rd edition) The number of remote sites is a primary factor in determining scalability of a design (pg 471 3rd edition) Many factors affect scalability of an IPsec VPN design, including the number of route sites, access connection speeds, routing peer limits, IPsec encryption engine throughput, features to be supported, and applications that will be transported over the IPsec VPN. However, the packets-per-second (PPS) rate matters more than throughput bandwidth (in bits per second) for the connection speeds being terminated or aggregated.

63 QUESTION 4 In which tunnel-less VPN topology do group members register with a key server in order to receive the security association necessary to communicate with the group? A. Easy VPN B. GRE tunneling C. Virtual Tunnel Interfaces D. Dynamic Multipoint VPN E. Group Encrypted Transport VPN Correct Answer: E /Reference: Self Study v2 - Page435 QUESTION 5 Which two of these are advantages of placing the VPN device in the DMZ on the firewall? (Choose two.) A. fewer devices to manage B. moderate-to-high scalability C. stateful inspection of decrypted VPN traffic D. increased bandwidth with additional interfaces E. decreased complexity as traffic is filtered from the firewall Correct Answer: BC /Reference: Self Study v2 - Page422 (pg 477 3rd edition) B & C The firewall can statefully inspect the decrypted VPN traffic. The design supports moderate-to-high scalability by adding additional VPN devices. Disadvantages: The configuration complexity increases because additional configuration on the firewall is required to support the additional interfaces. The firewall must support policy routing to differentiate VPN versus non-vpn traffic. The firewall may impose bandwidth restrictions on stacks of VPN devices. QUESTION 6 Under which two circumstances should Spanning Tree Protocol be implemented? (Choose two.) A. to ensure a loop-free topology B. to protect against user-side loops C. when a VLAN spans access layer switches D. for the most deterministic and highly available network topology E. because of the risk of lost connectivity without Spanning Tree Protocol Correct Answer: BC

64 /Reference: Self Study v2 - Page47 (pg 38 3rd edition) When a VLAN spans access layer switches to support business applications. To protect against user-side loops. To support data center applications on a server farm STP is required to ensure a loop-free topology and to protect the rest of the network from problems created in the access layer. QUESTION 7 Which two of these are advantages of placing the VPN device parallel to the firewall? (Choose two.) A. high scalability B. the design supports a layered security model C. firewall addressing does not need to change D. IPsec decrypted traffic is inspected by the firewall E. there is a centralized point for logging and content inspection Correct Answer: AC /Reference: Self Study v2 - Page421 (pg 477 3rd edition) A & C Simplified deployment because firewall addressing does not need to change. High scalability because multiple VPN devices can be deployed in parallel with the firewall. Disadvantages: IPsec decrypted traffic is not firewall inspected. This issue is a major concern if the traffic is not subject to a stateful inspection. No centralized point of logging or content inspection is implemented. QUESTION 8 What will an Easy VPN hardware client require in order to insert its protected network address when it connects using network extension mode? A. RADIUS or LDAP B. an internal router running EIGRP C. Reverse Route Injection and OSPF or RIPv2 D. the VPN appliance to be deployed in line with the firewall Correct Answer: C /Reference: Self Study v2 - Page409 **Note - Its not a complete reference to the answer, but it covers to a certain extent The reverse-route command enables Reverse Route Injection (RRI). When you enable this command, the client's internal IP address (client mode) or the client's private/inside interface network number (network extension mode) is entered as a static route in the router's routing table. You can then take these static routes

65 and redistribute them via a dynamic routing protocol with the redistribute static command within the dynamic routing protocol. This process is necessary if you have multiple Easy VPN Servers and you don't know which Server a Remote will connect to. QUESTION 9 Which two practices will avoid Cisco Express Forwarding polarization?(choose two.) A. The core layer should use default Layer 3 hash information. B. The core layer should use default Layer 4 hash information. C. The distribution layer should use default Layer 3 hash information. D. The distribution layer should use default Layer 4 hash information. E. The core layer should use Layer 3 and Layer 4 information as input to the Cisco Expressing Forwarding hashing algorithm. F. The distribution layer should use Layer 3 and Layer 4 information as input into the Cisco Expressing Forwarding hashing algorithm. Correct Answer: AF /Reference: Self Study v2 - Page59 QUESTION 10 When a router has to make a rate transition from LAN to WAN, what type of congestion needs should be considered in the network design? A. RX-queue deferred B. TX-queue deferred C. RX-queue saturation D. TX-queue saturation E. RX-queue starvation F. TX-queue starvation Correct Answer: F

66 /Reference: Self Study v2 - Page92 Search for the key-word - LAN to WAN QUESTION 11 What is the recommended practice when considering VPN termination and firewall placement? A. have the firewall and VPN appliance deployed in parallel B. place the VPN in line with the firewall, with the VPN terminating inside the firewall C. place the public side of the VPN termination device in the DMZ behind a firewall D. place the VPN in line with the firewall, with the VPN terminating outside the firewall Correct Answer: C /Reference: Self Study v2 - Page409 (pg 465 3rd edition) For best security, a recommended practice is to place the public side of the VPN termination device in a DMZ behind a firewall. QUESTION 12 Which of these statements is correct regarding SSO and Cisco NSF? A. Utilizing Cisco NSF in Layer 2 environments can reduce outages to one to three seconds. B. Utilizing SSO in Layer 3 environments can reduce outages to one to three seconds. C. Distribution switches are single points of failure causing outages for the end devices. D. Utilizing Cisco NSF and SSO in a Layer 2 environment can reduce outages to less than one second. E. NSF and SSO with redundant supervisors have the most impact on outages at the access layer. Correct Answer: E /Reference: Self Study v2 - Page41 QUESTION 13 Which of these is a correct description of SSO? A. It will only become active after a software failure. B. It will only become active after a hardware failure. C. It requires that Cisco NSF be enabled in order to work successfully. D. It synchronizes the MAC, FIB, and adjacency tables between Active and Standby Route Processors. Correct Answer: D /Reference: Self Study v2 - Page42

67 QUESTION 14 Which of these recommended designs provides the highest availability? A. map the Layer 2 VLAN number to the Layer 3 subnet B. control route propagation to edge switches using distribute lists C. use a Layer 2 distribution interconnection link with HSRP or GLBP D. use a Layer 3 distribution interconnection link with HSRP or GLBP E. use equal-cost Layer 3 load balancing on all links to limit the scope of queries in EIGRP Self Study v2 - Page75 Correct Answer: D /Reference: Self Study v2 - Page 74 (pg 72 3rd edition) Layer 3 Distribution Switch Interconnection (with HSRP). This recommended design provides the highest availability. QUESTION 15 An organization hires a contractor who only needs access to and a group calendar. They do not need administrator access to the computer. Which VPN model is the most appropriate? A. Thin Model B. Thick Client C. Port Forwarding D. Clientless Access E. Layer 3 Network Access Correct Answer: D /Reference: Self Study v2 - Page406 QUESTION 16 In which NAS operating mode are ACL filtering and bandwidth throttling only provided during posture assessment? A. Layer 2 B. Layer 3 C. in-band D. out-of-band E. edge F. central Correct Answer: D /Reference: Self Study v2 - Page372 (pg 431 3rd edition) In out-of-band traffic flow, the Cisco NAS is in the traffic path only during the posture

68 assessment. Out-of-band mode provides VLAN port-based and role-based access control. ACL filtering and bandwidth throttling are provided only during posture assessment. QUESTION 17 Which of these is a benefit of using Network Admission Control instead of Cisco Identity Based Networking Services? A. NAC can authenticate using 802.1X and IBNS cannot B. NAC can ensure only compliant machines connect and IBNS cannot C. NAC can ensure access to the correct network resources and IBNS cannot D. NAC can manage user mobility and reduce overhead costs and IBNS cannot Correct Answer: B /Reference: Self Study v2 - Page366 (pg 424 3rd edition) The Cisco IBNS framework allows enterprises to manage user mobility and reduce the overhead costs associated with granting and managing access to network resources. IEEE 802.1X authenticates clients requesting Layer 2 (data link layer) access to the network. However, with Cisco extensions to 802.1X, users and devices are authenticated and allowed admission to the networkbased on who or what they are, but not their condition. QUESTION 18 Which three of these Metro Ethernet services map to E-Line services that are defined by the MEF? (Choose three.) A. Ethernet Private Line B. Ethernet Wire Service C. Ethernet Relay Service D. Ethernet Multipoint Service E. Ethernet Relay Multipoint Service Correct Answer: ABC /Reference: Self Study v2 A - Page169 B - Page169 C - Page169 QUESTION 19 Which two of these Metro Internet services map to E-LAN services that are defined by the MEF? (Choose two.) A. Ethernet Private Line B. Ethernet Wire Service C. Ethernet Relay Service D. Ethernet Multipoint Service E. Ethernet Relay Multipoint Service Correct Answer: DE

69 /Reference: Self Study v2 D,E- Page169,173,174 QUESTION 20 Which two of these are characteristics of Metro Ethernet? (Choose two.) A. class of service B. bandwidth profiles C. user-network interface D. Ethernet LAN circuit attributes E. Ethernet virtual circuit attributes Correct Answer: CE /Reference: Self Study v2 Page169 User-network Interface - UNI QUESTION 21 Which three of these are important when determining NAS Server scaling? (Choose three.) A. interface bandwidth B. rescan timer interval C. total number of network devices D. number of new user authentications per second E. which operating system is loaded on the client F. number of checks performed in a posture assessment Correct Answer: BDF /Reference: Self Study v2 - Page370 (pg 429 3rd edition) B, D & F The number of new user authentications per second The number of posture assessments per second How many checks are in each posture assessment The number of agentless network scans per second The number of plug-ins per scan Rescan timer intervals Per-role and total online timer intervals Bandwidth controls Filters and access controls QUESTION 22 Which of these is true of a Layer 3 out-of-band NAS deployment? A. The NAS acts as a gateway for all Layer 3 traffic. B. Only the MAC address is used to identify the client device.

70 C. User traffic remains on the same VLAN for the duration of the connection. D. After authentication and posture assessment, client traffic no longer passes through the NAS. Correct Answer: D /Reference: Self Study v2 - Page372 Topic 5, Volume E QUESTION 23 Your MPLS implementation is currently using internal backdoor links. What can you do to minimize the impact of having these links? A. use BGP as the CE-PE routing protocol B. use OSPF as the CE-PE routing protocol C. use EIGRP as the CE-PE routing protocol D. use the SP to redistribute routes as external routes for OSPF and EIGRP E. use route redistribution at each location to ensure external routes are imported into the IGP Correct Answer: A /Reference: Self Study v2 - Page184 QUESTION 24 One of your customers wishes to use the NAS to perform DHCP functions and does not currently have a Layer 3 gateway in its production network. Which gateway mode is appropriate for this customer? A. Virtual Gateway B. Real-IP Gateway C. NAT Gateway D. IP-IP Gateway Correct Answer: B /Reference: Self Study v2 - Page371,372 QUESTION 25 Which of these is a benefit of ESM? A. supports multiple MIBs B. includes NetFlow, NBAR, and IP SLA software subsystems C. includes NetFlow, syslog, and IP SLA software subsystems D. includes a predefined framework for filtering and correlating messages E. supports two logging processes so output can be sent in standard and ESM format Correct Answer: D

71 /Reference: Self-study v2 - Page563 In "Designing Cisco Network Service Architectures (ARCH)", page 531. "It says, that ESM provides a programmable framework that allows a network manager to filter, escalate, correlate, route and customize system logging messages." QUESTION 26 Which of these ports does syslog use to send messages to a syslog server? A. TCP 502 B. TCP 514 C. TCP 520 D. UDP 502 E. UDP 514 F. UDP 520 Correct Answer: E /Reference: Self-study v2 - Page562 QUESTION 27 To which of these does IP multicast send packets? A. a single host B. a subset of hosts C. all hosts sequentially D. all hosts simultaneously Correct Answer: B /Reference: Self-study v2 - Page452 Refer Fig:10-2 QUESTION 28 Refer to the exhibit. Which two statements are correct regarding the creation of a multicast distribution tree? (Choose two.)

72 A. Each router determines where to send the JOIN request. B. The tree will be built based on the IP address of the E2 interface on router E. C. The best path to the source will be discovered in the unicast routing table on router B. D. The best path to the source will be discovered in the unicast routing table on router C. E. The best path to the source will be discovered in the unicast routing table on router E. Correct Answer: AE /Reference: Self-study v2 - Page467 Refer Figure:10-8 QUESTION 29 What is the default value of the SPT threshold in Cisco routers? A. 0 B. 1 C. 2 D. 4 E. 16

73 F. infinity Correct Answer: A /Reference: Self-study v2 - Page477 QUESTION 30 Which two of these multicast deployments are most susceptible to attacks from unknown sources? (Choose two.) A. ASM B. BiDir PIM C. PIM-SM RP D. RP-Switchover E. Source Specific Multicast Correct Answer: AB /Reference: Self-study v2 - Page493 QUESTION 31 Which of the following is a characteristic of a data center core? A. Server-to-server traffic always remains in the core layer. B. The recommended practice is for the core infrastructure to be in Layer 3. C. The boundary between Layer 2 and Layer 3 should be implemented in the aggregation layer. D. The Cisco Express Forwarding hashing algorithm is the default, based on the IP address and Layer 4 port. E. Core layer should run BGP along with an IGP because ibgp has a lower administrative distance than any IGP. Correct Answer: B /Reference: Self-study v2 - Page196 QUESTION 32 Which two design recommendations are most appropriate when OSPF is the data center core routing protocol? (Choose two.) A. Never use passive interfaces. B. Use NSSA areas from the core down. C. Use totally stub areas to stop type 3 LSAs. D. Use the lowest Ethernet interface IP address as the router ID. E. Tune OSPF timers to enable OSPF to achieve quicker convergence Correct Answer: BE

74 /Reference: Self-study v2 - Page197,198 (pg 3rd edition) The OSPF routing protocol design should be tuned for the data center core layer Use a not-so-stubby area (NSSA) from the core down. Use the auto-cost reference-bandwidth command to set the bandwidth to a 10 Gigabit Ethernet value and allow OSPF to differentiate the cost on higher-speed links, such as 10 Gigabit Ethernet trunk links. (E) is not an exact match, but that's what the book has. QUESTION 33 Which two design recommendations are most appropriate when EIGRP is the data center core routing protocol? (Choose two.) A. Summarize data center subnets. B. Use passive interfaces to ensure appropriate adjacencies. C. Tune the EIGRP timers to enable EIGRP to achieve quicker convergence. D. Adjust the default bandwidth value to ensure proper bandwidth on all links. E. Advertise a default summary route into the data center core from the aggregation layer. Correct Answer: AE /Reference: Self-study v2 - Page199 (pg 221 3rd edition) EIGRP Routing Protocol Design Recommendations Advertise a default summary route into the data center access layer with the ip summary-address eigrp interface command on the aggregation layer. If other default routes exist in the network, such as from the Internet edge, you might need to filter them using distribute lists Summarize the data center access layer subnets with the ip summary-address eigrp interface command from the aggregation layer Use the passive-interface default command, and advertise only on the links that need to participate in the routing process using the no passive-interface interface command. My opinion: (B) is not as appropriate as A and E QUESTION 34 Which two statements correctly describe a situation in which an Active/Standby Service Module design is being used? (Choose two.) A. Troubleshooting is more complicated. B. Service and switch modules are underutilized. C. Layer 2 adjacency is required with the servers that use this design. D. Layer 3 adjacency is required with the servers that use this design. E. Load balancing will always occur across both access layer uplinks. Correct Answer: BC /Reference: Self-study v2 - Page206

75 QUESTION 35 Which statement correctly describes a situation in which VRFs are used in the data center? A. Partitioning of network resources is enabled. B. VRFs cannot support path isolation from MAN/WAN designs. C. VRFs cannot be used to map a virtualized data center to a MPLS implementation. D. VRFs do not allow for the use of application services with multiple access topologies. E. An access design using a VRF allows for an aggregation layer service module solution. Correct Answer: A /Reference: Self-study v2 - Page209 (pg 235 3rd edition) (A) Layer 3 routing virtualization can be supported using VRFs on the MSFC in the Cisco Catalyst 6500 series. VRFs enable the logical partitioning of network resources such as the MSFC, Cisco ACE, and Catalyst 6500 series FWSM. x (B & C) VRFs can support path isolation from metropolitan-area network (MAN) and WAN designs, such as those that use Multiprotocol Label Switching (MPLS), down to the data center resources. x (D) VRFs support the provisioning of application services by context within multiple access topologies. x (E) A Layer 3 access design that uses VRF can provide an aggregation layer service module solution QUESTION 36 Which statement about data center access layer design modes is correct? A. The access layer is the first oversubscription point in a data center design. B. When using a Layer 2 loop-free design, VLANs are extended into the aggregation layer. C. When using a Layer 2 looped design, VLANs are not extended into the aggregation layer. D. When using a Layer 3 design, stateful services requiring Layer 2 connectivity are provisioned from the aggregation layer. E. The data center access layer provides the physical-level connections to the server resources and only operates at Layer 3. Correct Answer: A /Reference: Self-study v2 - Page210 (pg 245 3rd edition) (A) The data center access layer is the first oversubscription point in the data center because it aggregates the server traffic onto Gigabit EtherChannel, 10 Gigabit Ethernet, or 10 Gigabit EtherChannel uplinks to the aggregation layer. QUESTION 37 Refer to the exhibit. Which statement is correct regarding the topology shown?

76 A. It achieves quick convergence with 802.1w/s. B. It is currently the most widely deployed in enterprise data centers. C. It is a looped square that achieves resiliency with dual homing and STP. D. It is a looped triangle that achieves resiliency with dual homing and STP. Correct Answer: B /Reference: Self-study v2 - Page213 Refer Figure:5-14 The design and network layout is a looped triangle with dual uplinks and STP (Spanning Tree Protocol) to block one of the uplink from the access switch to the aggregation switch. L2 on the right switch also indicates, that it is a looped environment. However, it might be the most widely deployed layout in enterprise data centers, but "It is a looped triangle that achieves resiliency with dual homing and STP" seems to be a better answer. (B) (pg 247 3rd edition) The looped triangle topology is currently the most widely implemented in the enterprise data center. QUESTION 38 Which two statements about Network Attached Storage are correct? (Choose two.) A. Data is accessed using NFS or CIFS. B. Data is accessed at the block level. C. NAS is referred to as captive storage. D. Storage devices can be shared between users. E. A NAS implementation is not as fast as a DAS implementation. Correct Answer: AD /Reference: Self-study v2 - Page264,265

77 Incorrect answer:,,nas is referred to as captive storage." is definitely wrong. DAS, not NAS, is referred as captive storage. I think they are looking for A & D. (pg 319 3rd edition) NAS devices have direct IP capabilities that allow access at a file level using a protocol such as Network File System (NFS) or Common Internet File System (CIFS) across an IP network. Storage devices can be shared between servers and between users The block-level access operations on DAS devices are much faster than operations requiring a search of the file or directory system on a volume. My opinion: (E)'s use of the word "implementation" worries me. If implementation means installing, then it's probably not the right answer. QUESTION 39 Which two of these correctly describe Fibre Channel? (Choose two.) A. supports multiple protocols B. works only in a shared or loop environment C. allows addressing for up to 4 million nodes D. allows addressing for up to 8 million nodes E. provides a high speed transport for SCSI payloads F. may stretch to a distance of up to 100 km before needing extenders Correct Answer: AE /Reference: Self-study v2 - Page266,267 (pg 321 3rd edition) (A) Fibre Channel includes these features: Addressing for up to 16 million nodes Loop (shared) and fabric (switched) transport options Host speeds of 100 to 400MBps, or an effective throughput of 1 to 4 Gbps on the fabric Segment distances of up to 6 miles (10 km) Support for multiple protocols (E) The serial connectivity of Fibre Channel provides a mechanism for transporting SCSI information across high-speed networks. QUESTION 40 Which statement about Fibre Channel communications is correct? A. It operates much like TCP. B. Flow control is only provided by QoS. C. It must be implemented in an arbitrated loop. D. Communication methods are similar to those of an Ethernet bus. E. N_Port to N_Port connections use logical node connection points. Correct Answer: E /Reference: Self-study v2 - Page267

78 (pg 322 3rd edition) Fibre Channel communications is similar to TCP, lists 5 examples with N_port as described below Fibre Channel supports a logical node connection point between node ports (N_ports). This is similar to TCP and UDP sockets. My opinion: it may communicate similar to TCP I don t think it operates like TCP. Book has almost exact phrase for N_port QUESTION 41 Which path selection protocol is used by Fibre Channel fabrics? A. IVR B. VoQ C. FSPF D. VSANs E. SANTap Correct Answer: C /Reference: Self-study v2 - Page270 QUESTION 42 In a collapsed core design, which two benefits are provided by a second-generation Cisco MDS director? (Choose two.) A. a higher fan-out ratio B. fully redundant switches C. 100 percent port efficiency D. all ISLs contained within a single chassis E. higher latency and throughput than a core-edge design switch Correct Answer: BC /Reference: Self-study v2 - Page279 (pg 333 3rd edition) B. Second-generation MDS 9500 series director switches are fully redundant with no single point of failure with dual supervisors, crossbar switch fabrics, clock modules, or power supplies. C. This design reduces the number of ISLs required in the network so that all available ports can be deployed for host or storage connections, leading to 100 percent port design efficiency. QUESTION 43 Which two statements about FCIP and iscsi are correct? (Choose two.) A. The FCIP stack supports file-level storage for remote devices. B. Both require high throughput with low latency and low jitter. C. The purpose of FCIP is to provide connectivity between host and storage. D. The iscsi stack supports block-level storage for remote devices. E. The purpose of iscsi is to provide connectivity between separate wide-area SANs. Correct Answer: BD

79 /Reference: Self-study v2 - Page285,286 (pg 339 3rd edtion) B. Both FCIP and iscsi have demanding QoS requirements. They both need high through- put with no to very few drops, low latency, and low jitter. x C. FCIP is primarily used as a switch-to-switch protocol and is utilized as a SAN extension technology to allow a SAN to be extended to a remote data center across an IP-based core network. D. With iscsi, transport is supported over a TCP/IP network and not over a Fibre Channel network. File access is at the block level. The primary use for iscsi (which is also known as Internet SCSI) is for host-to-storage connectivity through an IP LAN FCoE was initially developed to be employed as an access layer protocol to connect hosts and storage to a Fibre Channel SAN. QUESTION 44 One of your customers has deployed a Layer 3 gateway in the untrusted network. Which gateway mode is appropriate for this customer? A. Virtual Gateway B. Real-IP Gateway C. NAT Gateway D. Central Gateway Correct Answer: A /Reference: Self-study v2 - Page371 QUESTION 45 Which two statements about zoning are correct? (Choose three.) A. Zoning increases security. B. DNS queries are used for software zoning. C. Software zoning is more secure than hardware zoning. D. When using zones and VSANs together, the zone is created first. E. Zoning requires that VSANs be established before it becomes operational. Correct Answer: ABE /Reference: Self-study v2 - Page271 (pg 326 3rd edition) Zoning increases security Software-based zoning makes use of Domain Name System (DNS) queries Hardware-based zoning is more common and more secure QUESTION 46 At a certain customer's site, a NAS is logically in the traffic path but not physically in the traffic path. The NAS identifies clients by their IP addresses. In which access mode has this NAS been configured to operate?

80 A. Layer 2 Edge mode B. Layer 2 Central mode C. Layer 2 In-Band mode D. Layer 3 mode Correct Answer: D /Reference: Self-study v2 - Page371,379 QUESTION 47 Refer to the exhibit. Which two of these are characteristics of a firewall running in transparent mode? (Choose two.) A. FWSM routes traffic between the VLANs. B. FWSM switches traffic between the VLANs. C. Transparent mode is often called bump-in-the-wire mode. D. Transparent mode firewall deployments are used most often in current designs. E. Traffic routed between VLANs is subject to state tracking and other firewall configurable options. Correct Answer: BC /Reference: Self-study v2 - Page351 Refer Figure:8-1(Left) Pic says Routed but question is Transparent QUESTION 48 What are two characteristics of the SLB One-armed mode? (Choose two.) A. It is not as common as bridge mode. B. The MSFC is not directly connected to the CSM. C. Outbound traffic from servers may need to be directed by PBR or CSNAT to the CSM. D. The SLB is moved to a position where selected inbound and outbound server traffic goes through the SLB. E. The CSM statically routes inbound server traffic to the aggregation switch FWSM, then to the connected server subnet.

81 Correct Answer: CE /Reference: Self-study v2 - Page311 (pg 395, 396 3rd edition) C & E x (B) The MSFC is directly connected to the Cisco ACE, and so RHI is possible. (C) The appropriate outbound traffic from the servers is directed by PBR or client NAT to the Cisco ACE. x (D) In a one-armed design with two firewall layers, the Cisco ACE is moved such that selected traffic to and from the servers does not go through it. (E) Inbound traffic is routed to the Cisco ACE as a connected route to the VIP of the service on the ACE. The Cisco ACE then statically routes inbound traffic to the aggregation switch FWSM, which routes it to the connected server subnet. Traffic bound directly for a real server IP address bypasses the Cisco ACE. QUESTION 49 What are two characteristics of OER? (Choose two.) A. It can take on HSRP, VRRP, and GLBP as clients. B. It provides automatic inbound route optimization. C. Path selection may be based on delay, loss, or jitter. D. The border router makes decisions about which outbound path to use. E. Automatic load distribution is provided for multiple connections. Correct Answer: CE /Reference: Self-study v2 - Page338 (pg 200 3rd edition) Performance Routing (PfR), which was formerly known as Optimized Edge Routing (OER) PfR takes into account the network performance, delay, loss, and link loading. (A) Cisco PfR allows the path selection to be based on policies that can include measured reachability, delay, loss, jitter, synthetic mean opinion score (MOS) (for voice), load, throughput, and monetary cost. (E) Cisco PfR provides automatic outbound route optimization and load distribution for multiple connections by selecting the optimal exit point. QUESTION 50 What are two characteristics of GSS? (Choose two.) A. It helps verify end-to-end path availability. B. It provides traffic rerouting in case of disaster. C. HSRP, GLBP, and VRRP can be clients of GSS. D. BGP must be the routing protocol between the distributed data centers. E. DNS responsiveness is improved by providing centralized domain management. Correct Answer: BE /Reference: Self-study v2 - Page343,344 (pg 386 3rd edition)

82 Exam E QUESTION 1 What is the traditional mode for a firewall? A. routed mode B. context mode C. bridged mode D. transparent mode E. full security mode Correct Answer: A /Reference: Self-study v2 - Page303 QUESTION 2 Which three of the following descriptions are true about the firewall modes? (Choose three.) A. Transparent mode is layer 2. B. Routed mode is layer 3. C. Routed mode has 1 IP address. D. Transparent mode has 1 IP address. Correct Answer: ABD /Reference: Self-study v2 - Page303 QUESTION 3 Which two statements about an interface configured with the asr-group command are correct? (Choose two.) A. The FWSM supports up to 16 asymmetric routing groups. B. If a matching packet is not found, the packet is dropped. C. Asymetric routing of return traffic is enabled. D. If a matching packet is found, the Layer 3 header is rewritten. E. If a matching packet is found, the Layer 3 header is rewritten and the packet is forwarded to the default gateway. Correct Answer: BC /Reference: Self-study v2 - Page358,359 Refer Figure:8-7 C is definitely correct. If exam answers say Layer 2 instead of Layer 3, then D would be correct. Otherwise B might be the correct answer.

83 (pg 417 3rd edtion) x (A) supports up to 32 ASR groups. Each ASR group supports a maximum of eight interfaces. (B) By default, the FWSM drops the return traffic because there is no connection information for the traffic received through a different interface than the interface where the traffic originated. (C) Asymmetric routing of the return traffic is supported by using the asr-group interface command. Notes: Asymmetric routing is supported in the active/active failover redundancy mode, both the routed and transparent modes of firewall operation. When an interface configured with the asr-group command receives a packet for which it has no session information, it checks the session information for the other interfaces that are in the same group. If it does not find a match, the packet is dropped. If it finds a match and the incoming traffic originated on a different interface on the same unit, some or the entire Layer 2 header is rewritten and the packet is re-injected into the stream and forwarded to the intended host. If the incoming traffic originated on a peer unit, some or all of the layer 2 header is rewritten and the packet is redirected to the other unit. This redirection continues as long as the session is active. If the incoming traffic originated on a different interface on the same unit, some or all of the layer 2 header is rewritten and the packet is reinjected into the stream. QUESTION 4 Which two of these correctly describe asymmetric routing and firewalls? (Choose two.) A. only operational in routed mode B. only operational in transparent mode C. only eight interfaces can belong to an asymmetric routing group D. operational in both failover and non-failover configurations E. only operational when the firewall has been configured for failover Correct Answer: CD /Reference: Self-study v2 - Page357 (C) The FSWM supports up to 32 ASR groups. Each ASR group supports a maximum of eight interfaces. (D) Asymmetric routing is supported in the active/active failover redundancy mode, and in designs without failover redundancy in either single mode within a virtual firewall by using ASR groups. Asymmetric routing is supported in both the routed and transparent modes of firewall operation. QUESTION 5 In which two locations in an enterprise network can an IPS sensor be placed? (Choose two.) A. bridging VLANs on two switches B. bridging two VLANs on one switch C. between two Layer 2 devices with trunking D. between two Layer 2 devices without trunking E. between a Layer 2 device and a Layer 3 device with trunking

84 Correct Answer: CD /Reference: D - Self-study v2 - Page 393 (pg 449 3rd edition) Deployments using IPS modules follow the same general guidelines as deployments for IPS appliances. Two Layer 2 devices (no trunk): typical campus design Two Layer 3 devices: common in Internet, campus, and server farm designs Two VLANs on the same switch: allows a sensor to bridge VLANs together on the same switch. Two Layer 2 devices (trunked): placement on a trunk port between switches is a common scenario providing protection of several VLANs from a single location. QUESTION 6 Which three mechanisms are used to secure management traffic from outside IPS sensors? (Choose three.) A. secure tunnels B. a separate management VLAN C. secure VLANs to isolate sensors D. an out-of-band path around the firewall E. asymmetric traffic flows to isolate sensors F. private VLANs to put all sensors on isolated ports Correct Answer: ADF /Reference: Self-study v2 - Page 395,396 (pg 451 3rd edition) A, D, & F (A) Another option for deploying IDS or IPS uses a combination of management through an OOB network and Management through secure tunnels depending on the location of the sensors x (B) A preferred design places the monitoring interface on the outside network, and the management interface on a separate inside VLAN. With this setup, the management interface is isolated by an IPS management VLAN from the rest of the inside network. (D) connect the monitoring interface to the outside network and the management interface directly to the inside network. All management is done in-band over the internal network. This type of setup is simple, but provides a path around the firewall if the sensor is compromised. This design is not recommended. (F) Using PVLANs to put all sensors on isolated ports is recommended For devices outside the perimeter firewall, the monitoring interface remains on the outside network, but the management interface is terminated on a separate DMZ. Management is supported in-band across an encrypted tunnel. For internal devices in more secure areas, management is provided through a separate management VLAN. ** While D is not recommended it is a method. I don't think a separate management VLAN will work from outside. QUESTION 7 Which two statements about Cisco Security Management Suite are correct? (Choose two.)

85 A. It should be implemented in a management VLAN. B. Its connection to managed devices should be over a data VLAN. C. It is made up of Cisco Security MARS and Clean Access software. D. It should be deployed as close to the edge of the network as possible. E. It delivers policy administration and enforcement for the Cisco Self-Defending Network. Correct Answer: AE /Reference: Self-study v2 - Page 396 QUESTION 8 To ensure quality, what is the maximum end-to-end transit time in milliseconds on a voice network? A. 50 B. 100 C. 150 D. 200 E. 250 Correct Answer: C /Reference: Self-study v2 - Page 521 QUESTION 9 Which three of these are elements of the Cisco Unified Wireless Network architecture? (Choose three) A. cell phones B. remote access C. mobility services D. network management E. network unification F. network decentralization Correct Answer: CDE /Reference: Self-study v2 - Page 518 QUESTION 10 For acceptable voice calls, the packet error rate should be no higher than what value? A. 0.1% B. 1% C. 2.5% D. 25%

86 Correct Answer: B /Reference: Self-study v2 - Page 542 QUESTION 11 During consultation, you find that a customer has multiple asset closets and will be adding more in the future. Which NAS physical deployment model would you suggest to this customer? A. edge B. central C. Layer 2 D. Layer 3 Correct Answer: B /Reference: (pg 432 3rd edition) The central deployment model is the most common option and the easiest deployment option. In this option, the Cisco NAS is logically inline but not physically inline. Edge - This deployment option can become complex when there are multiple access closets. My opinion: therefore use central if multiple access closets. QUESTION 12 The Cisco NAC Appliance is able to check which three items before allowing network access? (Choose three.) A. client antivirus software state B. personal firewall settings C. wireless cell bandwidth availability D. IOS versions for routers and switches E. appropriate client patch management level F. appropriate QoS settings for client application Correct Answer: ABE /Reference: Self-study v2 - Page 366 QUESTION 13 During consultation, you find that a customer has only a single asset closet and is looking for a solution that is easy to deploy. Which NAS physical deployment model would you suggest to this customer? A. edge B. central C. Layer 2 D. Layer 3 Correct Answer: A

87 /Reference: (pg 432 3rd edition) The edge deployment model is the easiest physical deployment option to understand. The Cisco NAS is physically and logically inline to the traffic path. VLAN IDs are passed straight through the device when in virtual gateway mode. This deployment option can become complex when there are multiple access closets. QUESTION 14 Which three routing protocols can minimize the number of routes advertised in the network? (Choose three) A. IGRP B. RIPv2 C. OSPF D. EIGRP E. BGP Correct Answer: BCD /Reference: QUESTION 15 Select and Place:

88 Correct Answer:

89 /Reference:

90 QUESTION 16 Select and Place:

91 Correct Answer: /Reference:

92 QUESTION 17 Select and Place:

93 Correct Answer:

94 /Reference: QUESTION 18 Select and Place:

95 Correct Answer:

96 /Reference:

97 QUESTION 19 Select and Place:

98 Correct Answer: /Reference:

99 QUESTION 20 Select and Place:

100 Correct Answer:

101 /Reference: QUESTION 21 Select and Place:

102 Correct Answer:

103 /Reference:

104 QUESTION 22 Select and Place:

105 Correct Answer: /Reference:

106 QUESTION 23 When is a first-hop redundancy protocol needed in the distribution layer? A. when HSRP is not supported by the design B. when multiple vendor devices need to be supported C. when preempt tuning of the default gateway is needed D. when a robust method of backing up the default gateway is needed E. when the design implements Layer 2 between the access switch and the distribution switch F. when the design implements Layer 3 between the access switch and the distribution switch Correct Answer: E /Reference: QUESTION 24 Which protocol will not adhere to the desing requirement of the control plane either separated or combanied within a virtulation technology? A. FHRP B. STP C. CEF D. NSF with SSO Correct Answer: B /Reference: QUESTION 25 Addressing QOS design in the Enterprise Campus network for ip telephony application means what? A. It is critical to identify aggregation and rate transition points in the network,where preferred traddic and congestion QOS policies should be enforced. B. Suspect traffic should be dropped closest to the source,to minimize wasting network resources. C. An edge traffic classification scheme should be mapped to the downstream queue configration. D. Application and traffic flows should be classified,marked and policed within the entreprize edge of the entreprize campus network. Correct Answer: A /Reference: QUESTION 26 which of the following two are advantage of server virtulation using VMware vsphere?

107 A. Retains the one-to-one relationship between switch ports and functional server B. Enable the live migration of a virtual server from one physical server to another without disruption to user or loss of service. C. The access layer of the network moves into the vshhere ESX server.provding streamlined vsphere management. D. Provide management function including the ability to run scripts and to install third-party agents for hardware monitoring,backup.or system management E. New functional servers can be deployed with minimal physical changes on the network. Correct Answer: BD /Reference: QUESTION 27 A well designed IP addressing scheme supporting role-based function within the subnet will result in the efficient use of which technology? A. Layer 3 switching in the Core B. Network Admission Control(NAC) C. IP telephony (Voice and Video) D. ACLs Correct Answer: D /Reference: QUESTION 28 Which of following is a result when designing multiple EIGRP autonomus system within the entreprise Campus Network? A. Improves scalability by dividing the network using summary routes at AS boundaries B. Decreases complexity since Eigrp redistributation is automatically handdled in the background C. Reduces the volume of EIGRP queries by limiting them to one EIGRP AS. D. Scaling is improved when a unique AS is run at the access Distribution and core layers of the network Correct Answer: A /Reference: QUESTION 29 The network designer needs to comsider the number of multicast applications and sources in the network to provide the most robust network possible which of the following is a consideration the designer must address? A. The IGPs should utilize authentication to avoid being the most vulnerable component B. with SSM source or receiver attacks are not possible C. with shared trees access control is always applied at the RP

108 D. limit the rate of Register message to the RP to prevent specific host from being attacked on a PIM-SM network Correct Answer: B /Reference: QUESTION 30 Select and Place: Correct Answer:

109 /Reference: