PassTorrent http://www.passtorrent.com Pass your actual test with our latest and valid practice torrent at once
Exam : 352-011 Title : Cisco Certified Design Expert Practical Exam Vendor : Cisco Version : DEMO Get Latest & Valid 352-011 Exam's Question and Answers 1 from Passtorrent.com. 1
NO.1 Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.) A. Solution should be resistant to sensor failure. B. Solution should allow for signature-based pattern matching. C. Solution should allow for stream normalization. D. Solution should allow to deny packets inline. E. Solution should not impact jitter and latency for voice traffic. Answer: A,B,E NO.2 Refer to the exhibit. A customer interconnected hundreds of branch offices into a single DMVPN network, with the HUB in the main data center. Due to security policies, the customer requires that the default route for all Internet traffic from the users at the branches must go through the tunnel and the only connections that are allowed to and from the branch router over the local internet circuit are the DMVPN tunnels. Which two combined actions must you take on the branch router to address these security requirements and keep the solution scalable? (Choose two) A. Add a host route for the public IP address of each remote branch and HUB routers that points directly to the local ISP, and add a default route that points to the tunnel B. Place the WAN interface in a front-door VRF, leaving the tunnel interface in the default routing instance C. Implement a zone-based firewall that allows only IPsec-related traffic from zone UNTRUSTED to Get Latest & Valid 352-011 Exam's Question and Answers 2 from Passtorrent.com. 2
zone TRUSTED D. Protect the WAN interface by an inbound ACL that permits only IPsec-related traffic E. Use a floating default route with the preferred path over the tunnel and a backup path over the Internet natively Answer: B,D NO.3 An operations engineer asks for your help with a new switching deployment. The engineer confirms that STP is enabled on an edge switch, and a particular port is connected to another switch. The switch is not receiving configuration BPDUs, although it appears that everything is functioning correctly in the network. What is the design explanation? A. Bridge Assurance is enabled on the port B. Storm control broadcast is enabled on the port C. BPDU Guard is enabled on the port D. REP is enabled on the port Answer: D NO.4 Answer: Get Latest & Valid 352-011 Exam's Question and Answers 3 from Passtorrent.com. 3
NO.5 VPLS is implemented in a Layer 2 network with 2000 VLANs. Which must be the primary concern to ensure successful deployment of VPLS? A. PE scalability B. VLAN scalability C. Flooding is necessary to propagate MAC address reachability information D. The underlying transport mechanism Explanation [ I think B not 100% sure] NO.6 Which two options are design considerations when introducing FCoE into an existing network? (Choose two) A. The existing network must support a MTU of 3280 bytes B. The FCoE QoS markings may overlap with call signaling QoS markings C. Optical cabling is needed to transmit FCoE traffic between a server and its directly connected Ethernet switch D. Twinaxial cabling can be used to transmit FCoE traffic between a server and its directly connected Ethernet switch, if it is less than 10 meters E. All the servers in the data center must be retrofitted with converged Network Adapters Answer: B,E NO.7 What is the definition of TOGAF framework? Get Latest & Valid 352-011 Exam's Question and Answers 4 from Passtorrent.com. 4
A. An ISO framework that establishes a module for network management and contains guidelines for managing object the management database and the application entity. B. A series of tools for process improvement that uses statistical method to reduce defect in process and manufacturing. C. A five-volume framework for service management that covers design transition and delivery of service and from which the ISO 20000 was developed. D. A framework for enterprise IP address management (IPAM) based on the IANA trusted IP lease allocation scheme. E. A framework for enterprise architecture that provides a comprehensive approach for designing planning implementing and governing enterprise information architecture. Answer: E NO.8 In an OSPF network, users in a particular OSPF non-backbone area are complaining about show access speeds to a shared corporate resource in another OSPF area. Traceroutes show that the users are taking a suboptimal default route to the destinations. Which solution will improve access speed? A. Leak specific summaries on the ABRs for the remote subnets in addition to the default B. Make the area totally stubby so that the default can be followed along the best path C. Create a virtual link between the areas so that traffic can shortcut directly between them D. Implement policy routing to channel the traffic in the optimal direction Answer: A NO.9 When is it required to leak routes into an IS-IS Level 1 area? A. when a multicast RP is configured in the non-backbone area B. when unequal cost load balancing is required between the backbone and non-backbone areas C. when MPLS L3VPN PE devices are configured in the Level 1 areas D. when equal cost load balancing is required between the backbone and non-backbone areas NO.10 In a routed access hierarchical campus design, the access-to-distribution Layer 2 uplink trunks are replaced with Layer 3 point-to-point routed links. Why is it recommended that VLANs are confined on a single access switch rather than span across multiple access switches? A. to prevent routing black holes B. to allow for fault isolation C. to prevent the occurrence of Layer 2 loops D. to allow for better convergence time Answer: A NO.11 Which two statements about VXLAN are true? (Choose two) A. VXLAN uses the Spanning Tree protocol for loop prevention B. VXLAN overcomes the 802.1Q virtual LAN address space limitation C. VXLAN can be used to enforce Layer 2 isolation in a multitenant infrastructure D. VXLAN is an encapsulation method used to create a Layer 3 overlay network E. VXLAN is a Cisco proprietary solution Get Latest & Valid 352-011 Exam's Question and Answers 5 from Passtorrent.com. 5
Answer: B,D NO.12 Which two techniques are used in an OSPF network design to slow down the distribution of topology information caused by a rapidly flapping link? (Choose two) A. IP event dampening B. Link-state partial SPF C. LSA throttling D. Link-state incremental SPF E. SPF throttling Answer: A,C NO.13 Which solution prevents microloops from be formed during network convergence time? A. LFA B. RSVP-TE C. Prefix suppression D. RLFA Answer: D NO.14 Which option is a benefit of using N-Port Virtualization? A. does not need to create zoning B. reduces latency when using local switching on Fibre Channel ports C. reduces the amount of domain IDs that are used in the fabric D. allows trunking to the upstream switch E. does not need to configure the upstream switches NO.15 As a part of a network design, you should tighten security to prevent man-in-the-middle. Which two security options ensure that authorized ARP responses take place according to know IPto-MAC address mapping? (Choose two) A. Dynamic ARP Inspection B. ARP rate limiting C. DHCP snooping D. ARP spoofing E. Port security Answer: A,C NO.16 In an Ethernet link containing five routers with OSPF network interface type configured as broadcast, how many OSPF adjacencies are established on this Ethernet link? A. 6 B. 5 C. 7 D. 10 Get Latest & Valid 352-011 Exam's Question and Answers 6 from Passtorrent.com. 6
E. 20 NO.17 Which mechanism does OSPF use to prevent loops in an MPLS Layer 3 VPNS environment? A. Domain ID B. P-Bit C. Down bit D. Routing bit E. Sham link NO.18 A company requires to connect two data center sites using a hub-and-spoke design. There are 2000 remote sites. It is required to transfer MPLS labeled packets over the public Internet using one router at each remote site. These MPLS labeled packets must be encapsulated inside IP packets. Which solution must be used to simplify this network design? A. PPPoE encapsulates the MPLS packets B. DMVPN dynamically builds GRE tunnels with MPLS encapsulation inside. C. Site-to-site IPsec without GRE encapsulates the MPLS packets. D. L2TPv3 encapsulated the MPLS packets E. GET VPN encrypts the MPLS packets with IPsec. Answer: B Get Latest & Valid 352-011 Exam's Question and Answers 7 from Passtorrent.com. 7