352-001 Exam Dumps With PDF and VCE Download (201-250)

Free VCE and PDF Exam Dumps from PassLeader
Vendor: Cisco
Exam Code: 352-001
Exam Name: CCDE Design Written Exam, v2.1
Question 201 -- Question 250
Visit PassLeader and Download Full Version 352-001 Exam Dumps
QUESTION 201
Which restriction prevents a designer from using a GDOI-based VPN to secure traffic that traverses
the Internet?
A.
B.
C.
D.
Enterprise host IP addresses are typically not routable.

GDOI is less secure than traditional IPsec.
Network address translation functions interfere with tunnel header preservation.
The use of public addresses is not supported with GDOI.
Answer: C
QUESTION 202
Refer to the exhibit. In this network, R1 is redistributing 10.1.5.0/24 into Area 1. Which LSA
containing 10.1.5.0/24 will R6 have in its database?
A.
B.
C.
D.
R6 will have an NSSA external (type 7) LSA in its local database for 10.1.5.0/24.
R6 will have an external (type 5) LSA for 10.1.5.0/24 in its local database.
R6 will have a border router (type 4) LSA in its local database for 10.1.5.0/24.
R6 will not have any LSAs containing 10.1.5.0/24.
352-001 Exam Dumps
352-001 Exam Questions 352-001 VCE Dumps 352-001 PDF Dumps

http://www.passleader.com/352-001.html

Answer: D
QUESTION 203
What is the function of the Community String field defined in a trap PDU?
A.
B.
C.
D.
enable the routing of messages

allow authentication by management station
enable reliable delivery of messages
isolate the PDU within a defined region of the network
Answer: B
QUESTION 204
Which statement is true about the RSVP protocol?
A.
B.
C.
D.
It is reserved bi-directionally by each originating node.

It is only for avoiding packet drop on collision-prone media (such as Ethernet).
It is initiated uni-directionally along the data path downstream from each requesting node.
It is only shared by pairs of peers participating in delay-sensitive, real-time applications like VoIP.
Answer: C
QUESTION 205
What is required in order to perform attack detection using anomaly detection technologies?
A.
B.
C.
D.
packet captures
exploit signatures
baseline data
syslog data
Answer: C
QUESTION 206
Your company's external routers BGP peer with multiple service providers and external
organizations. In all cases, the external routers are peered with their BGP neighbors via directlyconnected interfaces.
How does GTSM provide additional security for your BGP speakers?
A. GTSM prevents the processing of BGP packets from devices that are not on the directly-connected
interfaces.
B. GTSM prevents the formation of BGP adjacencies from unauthorized devices.
C. GTSM ensures that all BGP routing updates have been verified for secure origination.
D. GTSM replaces the TCP 3-way handshake between BGP speakers on directly connected interfaces.
E. GTSM prevents random TCP resets from being injected into the BGP data stream.
Answer: A
QUESTION 207
What are two potential effects of increasing the percentage of priority traffic? (Choose two.)
A. can increase latency and jitter for priority traffic
352-001 Exam Dumps


B.
C.
D.
E.
can increase latency and jitter for non-priority traffic

makes it impossible to bound the impact that priority traffic will have on non-priority traffic
must be avoided regardless of traffic patterns
will not ever change the performance of non-priority traffic
Answer: AB
QUESTION 208
Your customer asks you to assist with their traffic policy design. They want to guarantee a minimum
amount of bandwidth to certain traffic classes. Which technique would you advise them to
implement?
A.
B.
C.
D.
Modular QoS CLI

committed accessrRate
policy-based routing
traffic shaping
Answer: A
QUESTION 209
You are designing a network that includes IP QoS. Which two architectures could be used to ensure
that IP QoS is implemented properly? (Choose two.)
A. Differentiated Services, where the user, with the assistance of the RSVP signaling protocol, reserves
the resources end to end before sending the data
B. Integrated Services, where the user, with the assistance of the RSVP signaling protocol, reserves the
resources end to end before sending the data
C. Integrated Services, which relies on the information carried within each packet to make resource-allocation
decisions at each network node
D. Differentiated Services, which relies on the information carried within each packet to make
resource-allocation decisions at each network node
E. Integrated Services, where the user, with the assistance of the DSCP signaling protocol, reserves
the resources end to end before sending the data
Answer: BD
QUESTION 210
How should multiple OSPF areas be designed when deployed on a classic three-layer
(core/distribution/access) network hierarchy?
A. The OSPF flooding domain boundary should be at the edge of the core layer.
B. The OSPF flooding domain boundary should be within the distribution layer.
C. OSPF should generally be deployed in a three-layer domain hierarchy to align with the physical
three-layer hierarchy.
D. OSPF flooding domain boundaries should be placed with route aggregation in mind.
Answer: D
QUESTION 211
You are tasked to design a QoS policy for a service provider so they can include it in the design of
their MPLS core network. If the design must support an MPLS network with six classes, and CEs
will be managed by the service provider, which QoS policy should be recommended?
352-001 Exam Dumps


A.
B.
C.
D.
E.
map DSCP bits into the Exp field

map IP precedence bits into the DSCP field
map flow-label bits into the Exp field
map IP CoS bits into the IP Precedence field
map IP ToS bits into the Exp field
Answer: A
QUESTION 212
When network summaries are created for access networks in a network design, how does it change
the behavior of the Shortest Path First (SPF) running in a backbone area?
A.
B.
C.
D.
There would be fewer incremental SPFs.

There would be fewer partial SPFs.
There would be fewer full SPFs.
There would be no change with the SPFs.
Answer: B
QUESTION 213
Refer to the exhibit. When designing an MPLS-based LAN extension between DC-1 and DC-2,
what are three advantages of deploying VSS? (Choose three.)
A.
B.
C.
D.
E.
F.
Layers 2, 3, and 4 flow-based load balancing

native VSS and MEC failover without using scripts
sub-second failover
required to configure VPLS
failover time depends on Cisco IOS EEM and STP convergence
limited VLAN-based VPLS traffic hashing
Answer: ABC
352-001 Exam Dumps


QUESTION 214
You are the lead network designer hired by Service Provider XYZ to deploy CoS functionality on
the core MPLS network (P routers). The goal of the network design is to provide a complete CoS
solution to all customers that purchase services such as dedicated Internet access, MPLS L3VPN,
and L2VPN (pseudowire). Service Provider XYZ has these design requirements:
- The network supports four service queues with equal treatment for delay,
jitter, and packet loss.
- Queues are numbered 0-3, where 0 is the default queue.
- Three queues have one treatment.
- One queue has either one or two treatments.
If your design includes eight CoS queues on the Service Provider XYZ MPLS PE router ingress
(CE facing) interface, how will customer traffic be classified as it enters the MLS P routers?
A. The eight CoS queues in the MPLS P router are remapped to the eight CoS queues.
B. Traffic is classified on the MPLS PE routers on core facing interface. The DSCP value is mapped
into EXP field where multiple EXP settings (2+) will be assigned to a single queue throughout the
MPLS P routers.
C. Discard the traffic from the eight CoS queues that does not match the four CoS queues of the
MPLS P routers.
D. The 8 CoS queues in the MPLS P router are remapped to four 4 flow-label queues.
Answer: B
QUESTION 215
As part of the network design, ACME Corporation requires the ability to export IPv6 information to
better manage its network. Which version of NetFlow records is required to export this information?
A.
B.
C.
D.
E.
5
6
7
8
9
Answer: E
QUESTION 216
Which of these can you use to effectively and dynamically reduce IP address spoofing?
A.
B.
C.
D.
E.
Egress Packet Filtering

Ingress Packet Filtering
Egress Route Filtering
route dampening
unicast Reverse Path Forwarding
Answer: E
QUESTION 217
A certain service provider network includes IPsec tunnels between PE router loopbacks and dualhomed PE routers. The service provider is using OSPF to carry infrastructure routes and using
BGP to carry tunnel endpoints.
What could the service provider do to provide fast convergence in case of a link failure in its network?
352-001 Exam Dumps


A.
B.
C.
D.
E.
F.
tune OSPF on all routers

tune BGP on all routers
configure a full mesh of traffic engineering among PE routers
carry IPsec tunnels in GRE among PE routers
carry IPsec tunnels in L2TPv3 among PE routers
carry IPsec tunnels in VPLS among PE routers
Answer: A
QUESTION 218
Which statement about OSPF incremental SPF is true?
A.
B.
C.
D.
E.
iSPF must be enabled on all routers in the domain.

iSPF must be enabled on all routers in a particular area.
iSPF capability is advertised using Opaque LSAs.
iSPF is local to the router and does not require interoperability.
iSPF is negotiated during the OSPF adjacency process.
Answer: D
QUESTION 219
What are two components of effective change management planning? (Choose two.)
A.
B.
C.
D.
a change validation mechanism

a what-if analysis for each proposed change
an automated change management tracking system
a multi-discipline change management team
Answer: AB
QUESTION 220
Cyclic congestion spikes are causing your Telnet users to experience delays. Traffic analysis
shows minimal use of UDP. Which technology can you deploy to mitigate the problem?
A.
B.
C.
D.
Committed Access Rate

Weighted RED
Deficit Round Robin
Class Based Weighted Fair Queuing
Answer: B
QUESTION 221
Why should IGP advertisements be disabled on an access link where a host is attached?
A.
B.
C.
D.
because hosts do not run routing protocols

to prevent the injection of bad routes
to reduce router overhead
because edge hosts are statically routed
Answer: B
352-001 Exam Dumps


QUESTION 222
In a PIM sparse mode network, how is the flow of multicast traffic restored when a link fails along
a branch of a multicast distribution tree?
A. The downstream receivers notice the loss of the multicast flow and resend PIM join messages to
reestablish the tree.
B. The downstream receivers notice the loss of the multicast flow and resend IGMP Membership
Reports to reestablish the tree.
C. The traffic reverts to the shared tree while the downstream router recalculates the RPF interface
and sends a new PIM join message to the RP.
D. The router downstream of the break recalculates the RPF interface when it notices a change in
the unicast routing table and immediately sends a new PIM join message out from the new RPF.
Answer: D
QUESTION 223
A service provider is offering a QoS-based transport service. Three classes have been defined in
the core, including an Expedited Forwarding (EF) class for VoIP traffic. Which tool should be used
at the ingress for the EF class?
A.
B.
C.
D.
policing
shaping
WRED
CB-WFQ
Answer: A
QUESTION 224
What is downstream suppression?
A. the ability of a fault management tool to generate alerts for only an upstream device failure and to
suppress the alarms related to all unreachable downstream sites
B. the ability of devices to exclusively send summary routes and suppress the sending of complete
routing updates
C. the ability of a router to suppress downstream route fluctuations to avoid introducing instability into
the network core
D. the ability of a network management station to perform root cause analysis on a network fault and
remove duplicates of all other alarms resulting from fault symptoms
E. the ability of an element manager to restrict forwarding to critical performance alarms northbound to
the Manager of Managers and suppress other alarms
Answer: A
QUESTION 225
Which of these statements accurately describes MPLS-based L3VPN service?
A.
B.
C.
D.
It allows for transparent routing across the service provider.

It offloads routing between sites to the service provider.
It is independent of the routed protocol.
It improves routing protocols and network convergence.
Answer: B
352-001 Exam Dumps


QUESTION 226
Refer to the exhibit. Which configuration change would maximize the efficiency of both the routing
design and data forwarding plane in this topology?
A.
B.
C.
D.
configure Router B to advertise the more specific prefixes instead of the aggregate
configure Router B to advertise the more specific prefixes in addition to the aggregate
configure Router B with a static route for the aggregate to Null0
configure Router A to advertise 10.0.0.0/8 instead of the default route to Router B
Answer: C
QUESTION 227
An enterprise has a large number of retail locations that are currently serviced by a hub-and-spoke
Frame Relay network using OSPF as the routing protocol. The enterprise is planning to deploy a
high-bandwidth application that requires any-to-any connectivity. Which technology would provide
this enterprise with the best bandwidth utilization and greatest scalability?
A.
B.
C.
D.
pseudowires based on L2TPv3

multipoint GRE tunnels between all locations
a full mesh of IPsec tunnels between all locations
L3VPNs (RFC 2547-based) using MP-BGP
Answer: D
QUESTION 228
A service provider has an MPLS VPN network in the United States. It recently bought another
provider in India and wants to quickly integrate the newly acquired provider's network into the
existing MPLS VPN infrastructure via the Internet.
Which two technologies can the service provider use to integrate its new network? (Choose two.)
352-001 Exam Dumps


A.
B.
C.
D.
E.
MPLS over L2TPv3

MPLS over GRE
MPLS over IPsec
MPLS based VPWS
MPLS over IPv6
Answer: AB
QUESTION 229
A certain service provider offers RFC 2547-based L3VPN service. The service provider is using
OSPF to carry infrastructure routes and MP-BGP to carry customer routes. It has also deployed a
full mesh of Cisco MPLS TE tunnels with FRR for link and node protection. OSPF and BGP have
not been tuned for faster convergence.
Which three types of failure does Cisco MPLS TE FRR address in this service provider's network?
(Choose three.)
A.
B.
C.
D.
E.
P (core) node failure

PE node failure
PE-P link failure
P-P link failure
PE-CE link failure
Answer: ACD
QUESTION 230
Four routers running IS-IS are connected to a single Ethernet link. Then, a fifth router is connected,
which has a priority higher than any of the other routers connected to the network.
What will happen?
A.
B.
C.
D.
The new router will become the DIS and cause a temporary disruption in traffic through the link.
The new router will become the DIS without causing a temporary disruption in traffic through the link.
The new router will not be elected DIS unless the current DIS fails.
The new router will not be elected DIS unless it has the lowest NET ID.
Answer: B
QUESTION 231
Which tool enables a network designer to route traffic based on the source IP address?
A.
B.
C.
D.
source routing
MPLS Layer 3 VPNs
policy-based routing
unicast Reverse Path Forwarding
Answer: C
QUESTION 232
A network administrator is having problems with redistribution routing loops between two EIGRP
processes. You've looked at the configurations and determined there is no filtering configured on
the routes being redistributed. To avoid having a single point of failure, there are three routers
configured to redistribute between the two routing protocols. Which solution would you recommend
to minimize management complexity?
352-001 Exam Dumps


A.
B.
C.
D.
reduce the number of routers redistributing between the two routing processes
build and apply a route filter based on the networks being redistributed between the two processes
replace one of the EIGRP processes with an alternate IGP
use tags to control redistribution between the two processes
Answer: D
QUESTION 233
Enterprises A and B agree to merge, but keep IGP and BGP independent of each other. They are
served by a common ISP for their Internet connectivity. During the merge, A and B will provision a
point-to-point link between the two networks. What is the simplest design option that will allow data
to travel between A and B without passing through the ISP?
A. configure OSPF and make OSPF routes more attractive than the same routes learned via EBGP
from the ISP
B. configure OSPF and make OSPF routes less attractive than the same routes learned via EBGP
from the ISP
C. configure EBGP between the two networks and block each other's routes from the ISP
D. configure iBGP between the two networks and block each others route's from the ISP
E. configure OSPF between the two networks and block each others route's from the ISP
Answer: C
QUESTION 234
When using LDAP servers, you should configure the password policy to prevent _____.
A.
B.
C.
D.
DoS attacks
dictionary attacks
flood attacks
man-in-the-middle attacks
Answer: B
QUESTION 235
A client has approached you about deploying very fast IS-IS hello timers across an intercontinental
high speed SONET link.
What should you recommend?
A. Fast hello timers are a good choice for this link because on long haul SONET links the reporting
of LINE and PATH errors can take a long time.
B. Fast hello timers are not a good choice for this link because the link is physically long and the
propagation delay may cause IS-IS to believe the link has failed when it has not.
C. Fast hello timers are a good choice for this link because the length of the link indicates there will
be at least one SONET amplifier that disables PATH alarms on the circuit.
D. Fast hello timers are not a good choice for this link because SONET links provide link-down
notification much faster than IS-IS could detect a circuit failure by means of hello processing.
Answer: D
QUESTION 236
How does an OSPF ABR prevent summary route information from being readvertised from an area
352-001 Exam Dumps


into the network core (Area 0)?
A.
B.
C.
D.
It uses poison reverse and split horizon.

It compares the area number on the summary LSA to the local area.
It only sends locally originated summaries to the backbone.
It advertises only inter-area summaries to the backbone.
Answer: C
QUESTION 237
An IS-IS router is connected to four links and redistributing 75 routes from RIP.
How many LSPs will this router originate?
A. one LSP: containing the router information, internal routes, and external routes
B. two LSPs: one containing router information and internal routes and one containing external routes
C. three LSPs: one containing all links, one containing router information, and one containing external
routing information
D. six LSPs: one for each link, one containing router information, and one containing external routing
information
Answer: A
QUESTION 238
The IGP next-hop reachability for a BGP route is lost but a default route is available. Assuming that
BGP connectivity is maintained, what will happen to the BGP route?
A.
B.
C.
D.
It will be removed from the BGP table.

It will be considered invalid for traffic forwarding.
It will be considered a valid route.
It will be put in a hold-down state by BGP until the next hop has been updated.
Answer: C
QUESTION 239
Which two actions can the sinkhole technique be used to perform? (Choose two.)
A.
B.
C.
D.
delay an attack from reaching its target

redirect an attack away from its target
monitor attack noise, scans, and other activity
reverse the direction of an attack
Answer: BC
QUESTION 240
What are the two best reasons to build a flooding domain boundary in a link-state network? (Choose
two.)
A.
B.
C.
D.
to prevent the transmission of router-specific information between portions of the network

to aggregate reachability information
to increase the size of the Shortest Path First tree
to segregate complex and rapidly changing portions of the network from one another
352-001 Exam Dumps


E. to provide an administrative boundary between portions of the network
Answer: BD
QUESTION 241
You work for a financial institution that is planning to deploy a new multicast application in your
network to do real-time trading. This application will be run simultaneously by thousands of traders
located throughout your network, each a source of several IP multicast streams, to carry the "sell"
and "buy" trading bids. All routers in your network have full hardware support for all PIM multicast
modes.
Which mode should you use in order to minimize the impact of the new application on the routers
in your network?
A.
B.
C.
D.
PIM Any-Source Multicast

PIM Dense Mode
PIM Source Specific Multicast
PIM Bidirectional
Answer: D
QUESTION 242
Which three LSA types can each trigger a partial SPF? (Choose three.)
A.
B.
C.
D.
E.
type 1 LSA (Router Link Advertisements)

type 2 LSA (Network Link Advertisements)
type 3 LSA (ABR Summary Link Advertisements)
type 4 LSA (ASBR Summary Link Advertisements)
type 5 LSA (Autonomous System External Link Advertisements)
Answer: CDE
QUESTION 243
What are two valid reasons for aggregating routing information within a network? (Choose two.)
A.
B.
C.
D.
E.
to reduce the size of the output of various show commands

to reduce the impact of topology changes
to reduce the amount of information any specific router within the network must store and process
to improve optimal routing within the network
to isolate the impact of DDoS attacks
Answer: BC
QUESTION 244
What is the most effective way to improve BGP convergence in the event that a point-to-point link,
over which an EBGP session is running, fails?
A.
B.
C.
D.
reduce the keepalive timer to the minimum value allowed

configure EBGP fast external fallover
use BGP multihop
enable BGP graceful restart
Answer: B
352-001 Exam Dumps


QUESTION 245
Why does EIGRP use queries?
A.
B.
C.
D.
to withdraw routing information from the network

to find alternate loop-free paths that have been discarded due to split horizons
to test known alternate paths and determine if they are loop-free
to test for neighbor state when the network topology is in flux
Answer: B
QUESTION 246
Three routers in a single broadcast domain are connected by means of a standard Ethernet switch.
The only Layer 2 protocol running on this link is Spanning Tree Protocol. The only Layer 3 protocol
running on this link is EIGRP, which uses a standard configuration. Then, one of the three routers
is manually shut down. How will the other two routers discover the loss of this neighbor?
A. The line protocol on the remaining two routers will be brought down as soon as the carrier is lost
from the switch.
B. The switch will bring down the carrier on all ports momentarily to force all the routers connected
to the link to relearn their neighbors.
C. The EIGRP dead timers will expire due to the absence of EIGRP traffic.
D. The switch will send a reverse ARP when the router disconnects from the switch.
Answer: C
QUESTION 247
What is the best practice for tuning routing protocol hello and dead timers when deploying IGP nonstop forwarding (NSF)?
A. The hello and dead timers should be tuned to allow NSF to continue forwarding after an initial
failure detection.
B. NSF-independent timers should be used so that routing protocol timers have no effect.
C. The hello and dead timers should be tuned so the link failure is detected before NSF has the
chance to react to the failure.
D. The routing protocol hello and dead timers should be decreased to the minimum.
Answer: A
QUESTION 248
Why is H-VPLS considered more scalable than flat VPLS?
A.
B.
C.
D.
It minimizes signaling overhead by building two separate layers pseudowire meshes.

It minimizes signaling overhead by only requiring a full pseudowire mesh among N-PEs.
It eliminates signaling overhead on core devices.
It eliminates signaling overhead between the N-PE and U-PE.
Answer: AB
QUESTION 249
You are designing a NAC OOB Layer 3 Real-IP Gateway deployment for a customer. Which VLAN
must be trunked back to the Clean Access Server from the access switch?
352-001 Exam Dumps


A.
B.
C.
D.
untrusted VLAN
user VLAN
management VLAN
authentication VLAN
Answer: A
QUESTION 250
When a multiprotocol environment is designed to have several routers redistribute among the
routing domains, how can routing loops be avoided?
A.
B.
C.
D.
by using the AS-PATH attribute

by using route tags
by activating split horizon
by implementing spanning tree
Answer: B
Visit PassLeader and Download Full Version 352-001 Exam Dumps
352-001 Exam Dumps


352-001 Exam Dumps With PDF and VCE Download (201-250)

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

352-001 Exam Dumps With PDF and VCE Download (201-250)

Загружено:

Авторское право:

Доступные форматы

Free VCE and PDF Exam Dumps from PassLeader

Enterprise host IP addresses are typically not routable.