In its network design, a company lists this equipment: - Two Catalyst 4503 Layer 3 switches - One 5500 security appliance firewall - Two Catalyst 6509 switches - Two Lightweight Access Points - Two Catalyst 2960 switches Which two types of devices from the list would be appropriate to use at the access layer to provide enduser connectivity? (Choose two). A. Catalyst 4503 switches B. Cisco 5500 security appliance firewall C. Catalyst 6509 switches D. Lightweight Access Points E. Catalyst 2960 switches Answer: D, E The Cisco Catalyst 4500 is a mid-range modular chassis network switch manufactured by Cisco. A Cisco Catalyst 4500 comprises a chassis, power supplies, one or two supervisors, line cards and service modules. The Cisco Catalyst 4500 Series includes two series of Catalyst chassis: The Classic and E- Series chassis. The Classic and E-Series Catalyst 4500 chassis come in four sizes: ten-slot, seven-slot, six-slot, and three-slot. The Cisco Catalyst 4500 is capable of supporting 1+1 supervisor-engine redundancy in the "R" models (4510R+E, 4507R+E, 4510R-E, 4510R, 4507R). The Cisco Catalyst 4500 Series offers two classes of line cards: classic and E-Series. Classic line cards provide 6 gigabits of switching capacity per slot. E-Series line cards increase the per slot switching capacity to 24 gigabits or 48 gigabits depending on the line card model and supervisor. The 4500 is able to deliver high densities of Power over Ethernet across the chassis. Due to this, power supplies are a key element of configuration. The Cisco Catalyst 4500 E-Series offers AC power with several internal supplies: 1000W (data only), 1400W (data only), 1300W (data and PoE), 2800W (data and PoE), 4200W (data and PoE), and 6000W (data and PoE). The Cisco Catalyst 4500 E-Series has two DC power options - one is optimized for dataonly deployments in service provider central offices (part number PWR-C45-1400DC), and the other is used for high-power PoE deployments (PWR-C45-1400DC-P). The Catalyst 4500 supports Cisco IOS Operating System. 2013 1
As a core component of Cisco Borderless Networks, Cisco ASA 5500 Series Adaptive Security Appliances provide: Context-aware firewall capabilities; Proven firewall services; Comprehensive realtime threat defense; Effective, always-on, highly secure remote access; Highly secure communication services. Cisco adaptive security appliances integrate industry-leading firewalls, VPN technology, intrusion prevention, content security, and unified communications security, in a unified platform. These applications help: Stop attacks before they penetrate the network perimeter; Control network and application activity by using context-aware security parameters; Protect resources and data, as well as voice, video, and multimedia traffic; Reduce deployment and operational costs. The high-performing Cisco ASA 5500 Series Adaptive Security Appliances also provide: Fast throughput, high connection setup rates, and capacity for exceptional scalability and investment protection; Adaptable architecture for rapid and customized security services deployment; Versatile, always-on remote access integrated with IPS and web security for highly secure mobility and enhanced productivity. The Catalyst 6500 is a modular chassis network switch manufactured by Cisco, capable of delivering speeds of up to "400 million packets per second". A 6500 comprises a chassis, power supplies, one or two supervisors, line cards and service modules. A chassis can have 3, 4, 6, 9 or 13 slots each (Catalyst model 6503, 6504, 6506, 6509, or 6513, respectively) with the option of one or two modular power supplies. The supervisor engine provides centralized forwarding information and processing; up to two of these cards can be installed in a chassis to provide active/standby or stateful failover. The line cards provide port connectivity and service modules to allow for devices such as firewalls to be integrated within the switch. The 6500 currently supports three operating systems: CatOS, Native IOS and Modular IOS. The 6500 has five major modes of operation: Classic, cef256, dcef256, cef720 and dcef720. The 6500 is able to deliver high densities of Power over Ethernet across the chassis. Because of this, power supplies are a key element of configuration. The 6500 supports dual power supplies for redundancy. These may be run in one of two modes: redundant or combined mode. When running in Redundant mode, each power supply provides approximately 50% of its capacity to the chassis. In the event of a failure, the unaffected power supply will then provide 100% of its capacity and an alert will be generated. As there was enough to power the chassis ahead of time, there is no interruption to service in this configuration. This is also the default and recommended way to configure power supplies. In combined mode, each power supply provides approximately 83% of its capacity to the chassis. This allows for greater utilization of the power supplies and potentially increased PoE densities. In the event of a failure, all devices except the supervisor are powered down. During this time, there will be a temporary network outage while power is returned to the system.. Cisco Catalyst 2960-S Series Switches enable applications such as IP telephony, wireless, and video. These enterprise-class switches provide a borderless network experience that is easy to use and upgrade, as well as highly secure, sustainable, and available. The fixed-configuration access switches provide a lower total cost of ownership for enterprise, midmarket, and branch office networks. 10 and 1 Gb Ethernet network modules offer uplink flexibility. Connectivity: 24 or 48 ports of Gb Ethernet desktop connectivity; Power over Ethernet Plus (PoE+) with up to 30W per port; Four 1 Gb Ethernet Small Form- Factor Pluggable (SFP) or two 10 Gb Ethernet SFP+ uplinks. High Availability: Cisco FlexStack stacking for ease of operation with Cisco Catalyst Smart Operations; Cisco Smart Install for immediate availability; Cisco Auto Smartports for automatic configuration by device type. Security: Superior Layer 2 threat defense capabilities. Routing: Basic Layer 3 static routing with 16 routes. For fixedconfiguration, standalone devices with PoE, the Cisco Catalyst 2960 Series Intelligent Ethernet Switches with LAN Base software is still available. Used in entry-level networks, these switches enhance LAN services and provide desktop Fast Ethernet and Gb Ethernet connectivity. 2013 2
The Cisco Aironet 1000 Series Lightweight Access Point is an 802.11 a/b/g dual-band, zero- touch configuration and management access point that delivers secure, cost effective wireless access with advanced WLAN services for enterprise deployments. This lightweight access point provides industryleading RF capabilities with a wide breadth of deployment options to maximize wireless LAN performance, security, reliability, and scalability. This device meets and exceeds the performance requirements of the most demanding enterprise environments. The Cisco Aironet 1000 Series Lightweight Access Point works in conjunction with a Cisco Wireless LAN Controller and optional Cisco Wireless Control System (WCS) to support simultaneous data forwarding and air monitoring functions. This provides real-time RF management and intrusion protection functions in conjunction with traffic delivery. With this solution, the need for additional dedicated monitoring nodes is eliminated, thereby reducing the cost and complexity of WLAN deployment. This access point supports Wi-Fi Protected Access (WPA) and 802.11i/WPA2 for enterprise-class interoperable WLAN security. Models are available with internal antennas or connectors for external antennas to accommodate complex RF environments. A unique variant of the 1000 Series, the Cisco Aironet 1000 Series Remote Edge access point is designed to cost effectively extend intelligent WLAN services to remote offices. 2013 3
What are the responsibilities of devices that are located at the core layer of the hierarchical design model? (Choose two) A. Access list filtering B. Packet manipulation C. High-speed backbone switching D. Interconnection of distribution layer devices E. Redundancy between the core devices only Answer: C, D The primary purpose of the core is to provide fault isolation and backbone connectivity; in other words, the core must be highly reliable and switch traffic as fast as possible. Therefore, on one hand, the core must provide the appropriate level of redundancy to allow fault tolerance in case of hardware or software failure or upgrade; on the other hand, the high-end switches and high-speed cables are implemented to achieve High data transfer rates and low latency period. The core means to be simple and provides a very limited set of services. Architects and engineers shouldn't implement complex policy services or attach user/server connections directly at this layer. Examples of core layer Cisco equipment include: Cisco switches such as 7000, 7200, 7500, and 12000 (for WAN use); Catalyst switches such as 6000, 5000, and 4000 (for LAN use); T-1 and E-1 lines, Frame Relay connections, ATM networks. The distribution layer acts as an interface between the access layer and the core layer. The primary function of the distribution layer is to provide routing, filtering, and WAN access and to determine how packets can access the core, if needed. While core layer and access layer are special purpose layers, the distribution layer on the other hand serves multiple purposes. It is an aggregation point for all of the access layer switches and also participates in the core routing design. This layer includes LAN-based routers and OSI Layer 3 switches. It ensures that packets are properly routed between subnets and VLANs. The access layer is sometimes referred to as the desktop layer. The network resources and users will be available locally. The access layer is the edge of the entire network, where a wide variety of types of consumer devices such as PCs, printers, cameras attach to the wired portion of the network, various services are provided, and dynamic configuration mechanisms implemented. As a result, the access layer is most feature-rich layer of the Cisco three-layered model. The following table lists examples of the types of services and capabilities that need to be defined and supported in the access layer of the network. 2013 4
Service Requirements Service Features Discovery and Configuration Services 802.1AF, CDP, LLDP, LLDP-MED Security Services IBNS (802.1X), (CISF): port security, DHCP snooping, DAI, IPSG Network Identity and Access 802.1X, MAB, Web-Auth 802.1X, MAB, Web-Auth QoS marking, policing, queuing, deep packet inspection, etc. Intelligent Network Control Services PVST+, Rapid PVST+, EIGRP, OSPF, DTP, PAgP/LACP, UDLD, FlexLink, Portfast, UplinkFast, BackboneFast, LoopGuard, BPDUGuard, Port Security, RootGuard Physical Infrastructure Services Power over Ethernet 2013 5
A network designer must provide a rationale to a customer for a design that will move an enterprise from a flat network topology to a hierarchical network topology. Which two features of the hierarchical design make it better choice? (Choose two) A. Reduced cost B. Scalability C. Less equipment required D. Higher availability E. Lower bandwidth requirements Answer: B, D Simple flat networks have many limitations. Layer 2 netwrok are limited and do not achieve following characteristics that hierarchical model introduce: scalability, security, modularity, flexibility, resilency and high-availability. 2013 6
Refer to the exhibit. Given the traditional hierarchical design model, which set of features correctly identifies the modules of an enterprise network? A. 1. Multilayer ; 2. Edge ; 3. Security; 4. Internet Gateway B. 1. Workgroup Switch; 2. PSTN; 3. Connectivity; 4. Telecommuter Gateway C. 1. VoIP and Multilayer ; 2. PSTN Edge ; 3. Firewall; 4. Home Branch D. 1. Workgroup and VoIP; 2. Core; 3. Internet Backbone; 4. Telecommuter Edge E. 1. Building Access and Distribution; 2. Internet Connectivity; 3. Edge Distribution; 4. Remote Access and VPN Answer: E 2013 7
During an evaluation of the currently installed network, the IT stuff performs a gap analysis to determine whether the existing network infrastructure can support certain new features. At which stage of the Cisco Lifecycle Services approach does the activity occur? A. Prepare phase B. Plan phase C. Design phase D. Implement phase E. Operate phase F. Optimize phase Answer: B PPDIOO is used create, implement and optimize VLAN implementation plan. Prepare phase involves determining business requirements, developing network strategy, identifying technologies that can support needed architecture. Plan phase involves assessment of current network technology: identifies initial network requirements based on goal, facilities, user needs, performing gap analysis to determine that existing infrastructure can support proposed system, doing project plans to easy manage tasks, responsibilities, resurces, critical milestones needed to implement changes in the network. Design phase builds plans and strategies, gives detailed design that meets business and technical requirements, involving stability, reliability, security, scalability and performance. Implement phase involves using of detailed testing plan, building network according design specifications, without disturbing existing network or creating points of vulnerability. Operate phase involves everyday management and maintenance, monitoring network health (day to day operation), including maintaining high availability and reducing expenses. Fault detection, correction and performance monitoring. Optimize phase involves monitoring and improvement of network security and management, iinvolves management of the network. Goal is to identify and resolve issues that affect organization. Fault detection and correction (troubleshooting) is needed when usual management can t predict and mitigate failures. It can prompt network re-design, if network problems don t meet expectations or if new applications are needed to be implemented. 2013 8
Which phase of the Cisco Lifecycle Services strategy may prompt a network redesign if too many network problems and errors arise in the network? A. Prepare B. Plan C. Design D. Implement E. Operate F. Optimize Answer: F PPDIOO is used create, implement and optimize VLAN implementation plan. Prepare phase involves determining business requirements, developing network strategy, identifying technologies that can support needed architecture. Plan phase involves assessment of current network technology: identifies initial network requirements based on goal, facilities, user needs, performing gap analysis to determine that existing infrastructure can support proposed system, doing project plans to easy manage tasks, responsibilities, resurces, critical milestones needed to implement changes in the network. Design phase builds plans and strategies, gives detailed design that meets business and technical requirements, involving stability, reliability, security, scalability and performance. Implement phase involves using of detailed testing plan, building network according design specifications, without disturbing existing network or creating points of vulnerability. Operate phase involves everyday management and maintenance, monitoring network health (day to day operation), including maintaining high availability and reducing expenses. Fault detection, correction and performance monitoring. Optimize phase involves monitoring and improvement of network security and management, iinvolves management of the network. Goal is to identify and resolve issues that affect organization. Fault detection and correction (troubleshooting) is needed when usual management can t predict and mitigate failures. It can prompt network re-design, if network problems don t meet expectations or if new applications are needed to be implemented. 2013 9
Which portion of the enterprise network provides access to network communication services for the end users and devices that are spread over a single geographic location? A. Enterprise edge B. Campus module C. WAN module D. Internet edge E. Data center Answer: B Campus is portion of infrastructure that provides access to the network communication services and resources to the end-users and devices that are spread over a single geographic location. It might span single floor or even large group of building spread over an extended geographical area. Some networks have single campus that acts as core or backbone of the network and provides interconnectivity between other portions of the overall network. The campus core often can interconnect campus access, data center and WAN portion of the network. 2013 10