Академический Документы
Профессиональный Документы
Культура Документы
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
CCDP_Arch_300-320_by_Gon_June_2018_170Q
Number: 300-320
Passing Score: 860
Time Limit: 120 min
File Version: 1.6
CCDP_ARCH_300-320_by_Pentacis_May_2018
This ls the latest updated collection gathered Starting By Veteran , Antoni , Mr.x, Pentacis, Crossbar and
Madox, Baldasar, Gutsy, Red-dot...
Every thing here is updated , corrected , and non-duplicated by June 2018 Exam A
Sections
1. (none)
QUESTION 1
A network designer needs to explain the advantages of route summarization to a client. Which two options
are advantages that should be included in the explanation? (Choose two)
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference
QUESTION 2
What is the next action taken by the Cisco NAC Appliance after it identifies vulnerability on a client device?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
@Zoltan
From Cisco doc : NAC Appliance enforces security policies by blocking, isolating, and repairing
noncompliant machines.
=>(Order) Blocking > Isolating > Repairing
QUESTION 3
Which of the following facts must be considered when designing for IP telephony within an Enterprise
Campus network?
A. Because the IP phone is a three-port switch, IP telephony extends the network edge, impacting the
Distribution layer.
B. Video and voice are alike in being bursty and bandwidth intensive, and thus impose requirements to be
lossless, and have minimized delay and jitter.
C. IP phones have no voice and data VLAN separation, so security policies must be based on upper layer
traffic characteristics.
D. Though multi-VLAN access ports are set to Dot1Q and carry more than two VLANs they are not trunk
ports.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
@crossbar
"The multi-VLAN access ports are not trunk ports, even though the hardware is set to the dot1q trunk. The
hardware setting is used to carry more than one VLAN, but the port is still considered an access port that is
able to carry one native VLAN and the auxiliary VLAN."
=> not more than two
QUESTION 4
Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology?
(Choose two)
A. redundancy
B. bandwidth
C. cost
D. delay
E. hops
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 5
An engineer must add a new firewall in front of the public web server infrastructure in an ACI network.
Which ACI function is used to accomplish this requirement?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 6
A customer is discussing QoS requirements with a network consultant. The customer has specified that
end-to- end path verification is a requirement. Which QoS architecture is most appropriate for the requested
design?
A. marking traffic at the access layer with DSCP to support the traffic flow
B. marking traffic at the access layer with CoS to support the traffic flow
C. RSTP mdoel with PHB to support the traffic flows
D. IntServ model with RSVP to support the traffic flows
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 7
Which two options are characteristics of bidirectional PIM? (Choose two)
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 8
One-to-one ratio mapping for access switches close to servers?
A. ToR
B. EoR
C. CoR
D. ZoR
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 9
A network engineer must use an Internet connection to provide backup connectivity between two sites. The
backup must be encrypted and support multicast. Which technology must be used?
A. DMVPN
B. GRE over IPSec
C. IPSec direct encapsulation
D. GETVPN
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 10
Which VPN connectivity representing both Hub-and-Spokes and Spokes-to- Spokes?
A. DMVPN
B. IPSec VPN
C. VPN Router
D. VPN Hub
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 11
A network consultant is designing an Internet Edge solution and is providing the details around the flow
supporting a local Internet Proxy. How is on-premises web filtering supported?
A. A Cisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP
B. A Cisco ASA uses an IPS module to inspect HTTP and HTTPS traffic
C. A Cisco ASA redirects HTTPS and HTTPS traffic to CWS with a Web Security Connector
D. A Cisco ASA connects to the web Security Appliance via TLS to monitor HTTP and HTTPS traffic
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 12
What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?
A. IPX
B. Microsoft NetBIOS
C. IPv6
D. IPv4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 13
A network engineer must perform posture assessments on Cisco ASA remote access VPN clients and
control their network access based on the results. What mode is the Cisco best practice NAC deployment
design for this situation?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 14
Two companies want to merge their OSPF networks, but they run different OSPF domains. Which option
must be taken to accomplish this requirement?
A. OSPF virtual link to bridge the backbone areas of the two companies together
B. Route summarization
C. Static OSPF
D. Redistribute routes between domains
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
From my CCIE colleague:
To join two companies probably best to statically route between ASBRs if the companies are to merge as
one then you would merge area 0 using virtual link.
QUESTION 15
An engineer is designing a multi cluster BGP network, each cluster has two Route Reflectors and four
Route Reflector clients. Which 2 options must be considered? (Choose two)
A. Clients from all clusters should peer with all Route Reflectors
B. All Route Reflectors should be non-client peers in a partially meshed topology
C. All Route Reflectors must be non-client peers in a fully meshed topology
D. Clients must not peer with iBGP speakers outside the client router
E. Clients should peer with at least one other client outside it's cluster
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 16
Question about IPv4 and IPv6 on the same router (dual stack) with IS-IS
A. ...
B. IS-IS
C. ...
D. ...
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
- Cisco added multitopolgy support for IS-IS to increase flexibility within dual-stack environment.
- Two TLVs added:
· IPv6 reachability TLV
· IPv6 interface address TLV
- Multi topology IS-IS:
· A separate topology is kept for both IPv4 and IPv6 (some links may not be able to carry IPv6 --> Avoid
traffic black-holed)
· This mode removes the restriction that all interfaces on which IS-IS is configured must support the
identical set of network address families.
· A separate SFP per address family.
· Wide metric must be used.
- Single-topology IS-IS:
· One SPF instance for both IPv4 and IPv6.
· Easier to administer but network must be homogeneous.
· Due to consistency checks, a router running IS-IS for both IPv4 and IPv6 does notform an adjacency with
a router running IS-IS for IPv4 or IPv6 only. Disable consistency checks to maintain adjacencies active in
heterogeneous environments. ForL1 links, this is primarily done during transition.
· As in any IS-IS design, L2 routers must be contiguous. IPv6 adjacency checks are notdone on L2 links.
QUESTION 17
A network Engineer is designing a hierarchical design and needs to optimize WAN design. On what group
of devices can a network engineer summarise routes to remote WAN sites?
A. Core
B. Distribution
C. Data Center Distribution WAN Edge
D. WAN Edge
E. Campus access distribution layer
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Comments:
Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN
Edge and towards campus & data centre
QUESTION 18
Which two design concerns must be addressed when designing a multicast implementation? (Choose two)
A. only the low-order 23 bits of the MAC address are used to map IP addresses
B. only the low-order 24 bits of the MAC address are used to map IP addresses
C. only the high-order 23 bits of the MAC address are used to map IP addresses
D. only the low-order 23 bits of the IP address are used to map MAC addresses
E. the 0x01004f MAC address prefix is used for mapping IP addresses to MAC addresses
F. the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses
Correct Answer: DF
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: DF
Section: (none)
Explanation
Explanation/Reference:
Comments:
Ethernet & FDDI Multicast Addresses
- The low order bit (0x01) in the first octet indicates that this packet is a Layer 2 multicast packet.
Furthermore, the "0x01005e" prefix has been reserved for use in mapping L3 IP multicast addresses into L2
MAC addresses.
- When mapping L3 to L2 addresses, the low order 23 bits of the L3 IP multicast address are mapped into
the low order 23 bits of the IEEE MAC address. Notice that this results in 5 bits of information being lost.
https://www.cisco.com/networkers/nw00/pres/3200/3200_c1_Mod2_rev1.pdf
QUESTION 19
Which of the following is a result when designing multiple EIGRP autonomous systems within the Enterprise
Campus network?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Comments:
Chapter 2 of CiscoPress CCDP fourth edition clearly says (there is even a test at the end of the chapter)
that introducing additional ASes won't reduce the volume of EIGRP queries as these will be forwarded
across the ASes.
QUESTION 20
What two sensor types exist in an IDS/IPS solution? (Choose two)
A. host
B. anomaly based
C. policy based
D. network based
E. signature
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
@Samsonite
I see the confusion in this one. There are 2 types of "sensors", host-based and network-based. There are 3
types of methods/technologies for detecting bad traffic within a sensor signature-based, anomaly-based,
policy-based.
https:**//www.certificationkits.com**/cisco-certification/ccna-security-certification-topics/ccna-security-
implement-ips-with-sdm/ccna-security-network-based-vs-host-based-intrusion-detection-a-prevention/
QUESTION 21
Which of this is true of IP addressing with regard to VPN termination?
A. IGP routing protocols will update their routing tables over an IPsec VPN
B. Termination devices need routable addresses inside the VPN
C. Addressing design need to allow for summarization
D. Designs should not include overlapping address spaces between sites, since NAT is not supported
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments:
Best design practices say the VPN design should allow for summarization. With regards to D - sometimes
you cannot avoid overlapping addresses as this is what is configured at client's end, and the only option is
to hide the overlapping subnet behind NAT - based on experience (The author of this remark has 50x VPN
tunnels and majority of them is using NAT, even if the subnet doesn't overlap, we want to hide our real IPs
behind something else - extra security
QUESTION 22
A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has
already been implemented and optimized, and it is no longer effective in ensuring optimal network
performance. Which two actions can improve network performance? (Choose two)
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 23
Which technology is an example of the need for a designer to clearly define features and desired
performance when designing advanced WAN services with a service provider?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
This answer is an example that show that the designer did not clearly defined his needs because the SP
gave a L3 service when L2 was needed. In other dumps from Internet answer is B and I think it is right,
because designer must be sure that SP provides secure routing service with needed performance, but how
control protocols works inside SP net designer.
QUESTION 24
Which option is correct when using Virtual Switching System?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments:
Definitely C again Chapter 1 of CiscoPress CCDP fourth edition Distribution-to Distribution Interconnect
with the Virtual Switch Model
The virtual switch system operates differently at different planes. From a control plane point of view, the
VSS peers (switches) operate in active standby redundancy mode. The switch in active redundancy mode
will maintain the single configuration file for the VSS and sync it to the standby switch, and only the console
interface on the active switch is accessible
VSS1440 (in the book) A VSS1440 refers to the VSS formed by two Cisco Catalyst 6500 Series Switches
with the
Virtual Switching Supervisor 720-10GE. In a VSS, the data plane and switch fabric with capacity of 720
Gbps of supervisor engine in each chassis are active at the same time on both chassis, combining for an
active 1400- Gbps switching capacity per VSS. Only one of the virtual switch members has the active
control plane. Both chassis are kept in sync with the inter-chassis Stateful Switchover (SSO) mechanism
along with Nonstop Forwarding (NSF) to provide nonstop communication even in the event of failure of one
of the member supervisor engines or chassis.
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switchingsystem- 1440/
prod_qas0900aecd806ed74b.html
In my opinion C & D are correct.
QUESTION 25
When APIC is down on cluster device ... What is the minimum number of APICs requirement for a
production ACI Fabric to continue to operate?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments:
From Designing for Cisco Network Service Architecture Fourth Edition:
The recommended minimum sizing has the following requirements:
* Three or more Cisco APIC controllers that are dual connected to different leaf switches for maximum
resilience. Note that the fabric is manageable even with just one controller and operational without a
controller.
I'm not sure what 'manageable' means, is it still an ACI fabric or does it revert to a different state. It seems
weird to me you would no longer have your ACI fabric if one/ two of your three APIC's went offline. Not
usually how redundancy works.
This Cisco topic seems to indicate it will still work on 1 APIC https://supportforums.cisco.com/
discussion/12448836/apic-cluster-why-minimum-3-controllers Interesting your reasoning. "Manageable",
means that you can still make changes, add/remove things, etc. So, now reading your comments, it makes
sense that if the is talking about continuing to operate, the answer must be 1. I've seen 3 as the answer in
all dumps but now I doubt it.
QUESTION 26
Routing protocol that provides unequal cost path with different metrics for load balancing purposes?
A. OSPF
B. EIGRP
C. ISIS
D. BGP
E. RIP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 27
What changes you should make in the design to optimize traffic?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 28
Which option is the Cisco recommendation for data oversubscription for access ports on the access-to
distribution uplink?
A. 4 to 1
B. 20 to 1
C. 16 to 1
D. 10 to 1
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 29
An engineer is designing a layer 3-enabled access layer. Which design recommendation must the engineer
consider when deploying EIGRP routing within the access layer?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 30
What are the two methods of ensuring that the RPF check passes? (Choose two)
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Comments:
The router determines the RPF interface by the underlying unicast routing protocol or the dedicated
multicast routing protocol in cases where one exists. An example of a dedicated multicast routing protocol is
MP-BGP. It is important to note that the multicast routing protocol relies on the underlying unicast routing
table. Any change in the unicast routing table immediately triggers an RPF recheck on most modern
routers.
Having OSPF routing protocol in place won't really ensure that the RPF check passes.
Let's say we have implemented OSPF routing protocol within the topology below (have a look at the URL
below), "R3" knows the best path to 1.1.1.0/24 is via interface F0/0 but "R3" receives multicast packet from
source server (1.1.1.1/24) on interface S0/0. The RPF will fail. We can get this fixed by implementing static
mroutes (static multicast-routes) to force multicast traffic to go back via interface S0/0 (ip mroute 0.0.0.0
0.0.0.0 s0/0)
Having unicast routing protocol (OSPF, EIGRP, BGP, RIP, IGRP, IS-IS etc) won't necessarily mean the
RPF will succeed but having a multicast routing protocol (Multipoint BGP) or dedicated multicast static
routes (mroutes) will. The only which I still have is that if the multicast routing protocol relies on the
underlying unicast routing table (OSPF) how does it ensure that the RPF check passes.
https://supportforums.cisco.com/t5/network-infrastructure-documents/multicast-rpf-recovery-using-static-
multicast-routing/ta-p/3139007
QUESTION 31
A client requirement to separate management and control layer within an organization. Which technology
can be used to achieve this requirement while minimizing physical devices?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 32
Drag and Drop
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 33
Which technology will you use to connect 2x Data Centres and extend Layer 2 VLANs? (Choose two)
A. OTV
B. VXLAN
C. Fabric Path
D. IS-IS
E. EIGRP
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 34
An engineer is designing a multitenant network that requires separate management access and must share
a single physical firewall. Which two features support this design? (Choose two)
A. Site-to-Site VPN
B. dynamic routing protocols
C. multicast routing
D. threat detection
E. quality of service
F. unified communications
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Comments:
This one is a little bit trickier, separate management access means the multi-context mode https://
www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/ha-
contexts.pdf
Page 14 of Guidelines for Multiple Context Mode lists unsupported features, after you cross the
unsupported features out - you are left with what works on a multi-context mode firewall
QUESTION 35
Which technology should a network designer combine with VSS to ensure a loop free topology with optimal
convergence time?
A. PortFast
B. UplinkFast
C. RPVST+
D. Multichassis EtherChannel
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Comments:
"C" definitely not as STP is disabled when VSS is configured at the distribution layer.
MEC comes with Cisco Catalyst (VSS) like vPC comes with Cisco NX-OS.
QUESTION 36
What needs to be configured to control unwanted transit traffic to not be routed to remote branches that
have multiple WAN connections?
A. route weighting
B. route tagging
C. route filtering
D. route prioritising
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 37
One new regarding 802.1X. (Choose three)
Explanation/Reference:
Correct Answer: ABE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 38
What is one function of key server in Cisco GETVPN deployment?
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments:
Key server is responsible for maintaining security policies, authenticating the GMs and providing the
session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after
successful registration the GMs can participate in group SA.
https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/
deployment_guide_c07_554713.html
QUESTION 39
What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across
the WAN?
A. Convergence time
B. Low operating expense (OpEx)
C. Low latency
D. Dynamic fault-tolerance
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 40
An engineer has implemented a QoS architecture that requires a signalling protocol to tell routers which
flows of packets require special treatment. Which two mechanisms are important to establish and
maintaining QoS architecture? (Choose two)
A. Classification
B. Tagging
C. Packet Scheduling
D. Admission Control
E. Resource Reservation
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 41
An engineer wants to have a resilient access layer in the Data Center so that access layer switches have
separate physical connections to a pair of redundant distribution switches. Which technology achieves this
goal?
A. PaGP
B. LACP
C. VSL
D. EVPC
E. VSS
F. ECMP
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
@crossbar
Enhanced vPC is a form of Multichassis Etherchannel and VSS by itself, withour MEC, doesn't provide
resiliency.
ECMP could also be a correct answer, assuming an L3 access layer design. But the question specifies "in
the Data Centre" and most DC access layer designs are L2.
Furthermore, (E)vPC is a tech exclusive to Nexus, which is marketed by Cisco as DC switches.
QUESTION 42
What is advantage of using the vPC feature in Data Centre environment?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 43
Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What
are two advantages of using Cisco FabricPath technology? (Choose two)
A. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load
balancing between redundant paths.
B. Cisco FabricPath provides MAC address scalability with conversational learning.
C. Loop mitigation is provided by the TTL field in the frame.
D. Cisco FabricPath is IETF-standard and is not used with Cisco products.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all
campus networks.
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 44
A client request includes a network design that ensures all connections between the access layer and
distribution layer are active and forwarding traffic at all times. Which design approach achieves this
request?
A. Enable backbone fast on the two distribution switches and create a port channel between each access
layer switch and both distribution switches
B. Configure HSRP for all VLANs and adjust the hello timer for faster convergence
C. Configure Rapid PVST+ and adjust the timers for fast convergence
D. Create a VSS between the two distribution switches and also create a MEC between the VSS and each
access layer switch.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 45
What is the most important consideration when selecting a VPN termination device?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 46
Which option is a design recommendation for route summarizations?
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 47
A company is Multi-Homed to different service providers running BGP. Which action ensures that the
company AS does not become a transit AS?
A. Create a distribute list that filters all routes except the default route and applies to both BGP neighbour
interfaces in the inbound direction
B. Create a distribute list that filters all routes except the default route and applies to a single BGP
neighbour in the outbound direction
C. Create prefix list that matches the company prefixes and applies to both BGP neighbour definitions in
the outbound direction.
D. Create a route map that matches the provider BGP communities and networks and applies to both
transit neighbour interfaces in the outbound direction.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 48
A network engineer wants to limit the EIGRP query scope to avoid high CPU and memory utilization on low-
end routers as well as limiting the possibility of a stuck-in-active routing event between HQ and branch
offices.
Which way to achieve these goals?
A. Configure different Autonomous System number per each branch office and HQ and redistribute routes
between autonomous systems.
B. Configure all routers at branch offices as EIGRP stub and allow only directly connected networks at
branch offices to be advertised to HQ
C. Configure all routers at branch offices as EIGRP stub
D. Configure all routers at HQ and branch offices as EIGRP stub
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 49
Which two protocols support simple plaintext and MD5 authentication? (Choose two)
A. RIP
B. IPv6
C. EIGRP
D. BGP
E. OSPF
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Comments:
Simple password authentication (also called plain text authentication) - supported by Integrated-System to
Integrated-System (IS-IS), Open Shortest Path First (OSPF) and Routing Information Protocol Version 2
(RIPv2)
MD5 authentication - supported by OSPF, RIPv2, BGP, and EIGRP
QUESTION 50
A network engineer must create a backup network connection between two corporate sites over the Internet
using the existing ASA firewalls. Which VPN technology best satisfies this corporate need?
A. VPLS
B. DMVPN
C. GETVPN
D. IPSec
E. MPLS
F. OTV
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 51
A large-scale IP SLA deployment is causing memory and CPU shortages on the router in an enterprise
network. Which solution can be implemented to mitigate these issues?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments:
https://www.cisco.com/en/US/technologies/tk869/tk769/technologies_white_paper0900aecd806bfb52.html
QUESTION 52
Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two)
A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are associated with one EPG
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs
Correct Answer: AF
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AF
Section: (none)
Explanation
Explanation/Reference:
Comments:
There may be times when the ACI administrator might need to deny traffic that is allowed by another
contract.
Taboos are a special type of contract that an ACI administrator can use to deny specific traffic that would
otherwise be allowed by another contract. Taboos can be used to drop traffic matching a pattern (any EPG,
a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of
regular contracts are applied. Taboo contracts are not recommended as part of the ACI best practices but
they can be used to transition from traditional networking to ACI. To imitate the traditional networking
concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain
types of traffic." EPG End-Point Groups
QUESTION 53
A network manager wants all remote sites to be designed to communicate dynamically with each other
using DMVPN technology without requiring much configuration on the spoke routers. Which protocol is use
by DMVPN to achive this goal?
A. GRE
B. NHRP
C. SSH
D. ARP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 54
An organization is creating a detailed QoS plan that limits bandwidth to specific rates. Which three
parameters can be configured when attempting to police traffic within the network? (Choose three)
A. Conforming
B. Violating
C. Bursting
D. Peak information rate
E. Committed information rate
F. Exceeding
G. Shaping rate
Explanation/Reference:
Correct Answer: ABF
Section: (none)
Explanation
Explanation/Reference:
@crossbar
https:**//www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpoli.html#wp1006389
QUESTION 55
An engineer must design a Cisco VSS-based configuration within a customer campus network. The two
VSS switches are provisioned for the campus distribution layer... Which option is the primary reason to
avoid plugging both VSL links into the supervisor ports?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Comments:
The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different
sources. Doing this might require having one port from the supervisor and other from a Cisco 6708 line
card.
When configuring the VSL, note the following guidelines and restrictions:
For line redundancy, we recommend configuring at least two ports per switch for the VSL. For module
redundancy, the two ports can be on different switching modules in each chassis.
QUESTION 56
An engineer is configuring QoS to meet the following requirement:
- all traffic that exceeds the allocated bandwidth will still traverse the infrastructure but will be forwarded
later What will be requirements?
A. Per-Hop behaviours
B. Weighted Fair Queuing
C. IP Precedence
D. Shaping
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 57
An engineer is designing a network using RSTP. Several devices on the network support only legacy STP.
Which outcome occurs?
A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate but the fast convergence is not used.
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 58
What is the outcome when RPF check passes successfully?
A. Packet is dropped because it arrived on the interface that used to forward the packet back to source.
B. Packet is dropped because it arrived on the interface that used to forward the packet back to
destination.
C. Packet is forwarded because it arrived on the interface that used to forward the packet back to
destination
D. Packet is forwarded because it arrived on the interface that used to forward the packet back to source
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Comments:
Routers perform a reverse path forwarding (RPF) check to ensure that arriving multicast packets were
received through the interface that is on the most direct path to the source that sent the packets. An RPF
check is always performed regarding the incoming interface, which is considered to be the RPF interface.
The RPF check will succeed if the incoming interface is the shortest path to the source. The router
determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing
protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It is
important to note that the multicast routing protocol relies on the underlying unicast routing table. Any
change in the unicast routing table immediately triggers an RPF recheck on most modern routers.
QUESTION 59
Multicast PIM-Sparse mode sends traffic overload. Which feature can reduce the multicast traffic in the
access layer?
A. IGMP snooping
B. Filter at Boundaries
C. PIM Dense-Mode
D. MSDP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Comments:
I think solution for this one was to move STP root
QUESTION 60
Refer to the exhibit. A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are
currently running and all interfaces are active. Which factor determines which router becomes the active
HSRP device?
A. the router with the highest MAC address for the respective group
B. the router with the highest interface bandwidth for the respective group
C. the router that boots up last
D. the router with the highest IP address for the respective group
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 61
When 2 distribution switches are configured for VSS, what needs to be done to extend back plane
connectivity?
A. ISL
B. VSL
C. VSS
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 62
An engineer is considering uplink bandwidth over-subscription in a Layer 3 network design. Which option is
the Cisco recommended over-subscription ratio for uplinks between the distribution and core layers?
A. 3 to 1
B. 4 to 1
C. 6 to 1
D. 8 to 1
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Comments:
Network oversubscription refers to a point of bandwidth consolidation where the ingress bandwidth is
greater than the egress bandwidth. For example, at an ISL uplink from an edge layer switch to a core, the
oversubscription of the ISL is typically on the order of 7:1 or greater. In a single director fabric, the fan-out
ratio of server to storage subsystem ports is directly related to the network oversubscription and is typically
on the order of 10:1 or higher. Network oversubscription is normal and unavoidable-it is a direct by product
of the primary
purpose for deploying a SAN. An important characteristic of the network related to oversubscription is its
ability to fairly allocate its bandwidth
resources among all clients of the SAN.
QUESTION 63
A network consultant is designing an enterprise network that includes an IPsec headend termination device.
Which two capabilities are the most important to consider when assessing the headend device's scalability?
(Choose two)
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
@skummy
From Cisco "Scalability considerations" guide the order is Packets, Tunnel quantity, Gre encapsulation and
then only Routing protocols affecting the CPU. Question sound like asking for enterprise IPsec, so like
anyconnect Remote-Access = no routing affected on VPN headend
QUESTION 64
What protocol is used for connectivity between VSS layers?
A. PAgP
B. IVR
C. ISL
D. VSL
E. ...
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 65
Refer to the exhibit. A customer discovers router R1 remains active even when the R1 uplink (F0/1) is
down. Which two commands can be applied to R1 to allow R2 to take over as the HSRP active? (Choose
two)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 66
Which technology simplifies encryption management?
A. GETVPN
B. DMVPN
C. IPsec
D. EasyVPN
E. GRE
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 67
When a site has Internet connectivity with two different ISP's, which two strategies are recommended to
avoid becoming a BGP transit site? (Choose two)
A. Use a single service provider
B. Filter routes outbound to the ISPs
C. Accept all inbound routes from the ISPs
D. Filter routes inbound from the ISPs
E. Advertise all routes to both ISPs
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
@crossbar
B is definitely correct, but what bugs me is the "which two strategies..." formulation: it sounds to me that the
two required answers would not necessarily need to be applied at the same time.
If this interpretation is correct, C doesn't help at all, it actually would be the cause of the issue (this is true
for E too).
If it is not, C doesn't hurt, but doesn't help either.
For the other answers:
A would definitely work, but denies the question's supposition D your AS wouldn't be a transit for the
filtered routes, but it doesn't make sense filter what you WANT to learn from ISP.
Bottom line, I think I would answer AB.
But I am not certain, let me know what you think!
QUESTION 68
to use multiple path from distribution to core
A. install IGP
B. ECMP
C. RSTP+
D. HSRP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 69
What is the characteristic of 802.1x (Choose two)
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 70
An engineer is designing an infrastructure to use a 40 Gigabit link as the primary uplink and a 10 Gigabit
uplink as the alternate path. Which routing protocol allows for unequal cost load balancing?
A. OSPF
B. RIP
C. EIGRP
D. BGP
E. IS-IS
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 71
Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
C. It is removed by the Cisco ISE before reaching the endpoint.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal
services
E. Best Practice dictates that deployments should include a security group for common services such as
DNS and DHCP
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 72
What to configure in BGP so that other BGP neighbours cannot influence the path of a route.
A. Lower MED
B. Higher Local Preference
C. Higher Weight
D. Lower Router ID
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Comments: The BGP golden rule is that nobody can say me what is have to do with my routes Weight is
the only attribute which is not transmitted
weight can NOT be used by any neighbor to influence me. Within my AS i can also be influenced by Loc
pref.
Weight is also the first in the list. I think it is weight
is the right answer because it is local significant where nobody only me have influence on.
QUESTION 73
After an incident caused by a DDOS attack on a router, an engineer must ensure that the router is
accessible and protected from future attacks without making any changes to traffic passing through the
router. Which security function can be utilized to protect the router?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 74
What are the most important scaling factors that need to be considered while selecting VPN head end
device? (Choose two)
A. Memory
B. Packets per second
C. Connection speed
D. CPU Limit
E. Bits per second
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 75
Which two statements about 802.1X are true? (Choose three)
A. It is Cisco standard
B. It can allow and deny port access based on device identity
C. It works only with wired devices
D. It can allow and deny port access based on user identity
E. EAP messages in Ethernet frames and don't use PPP
F. EAP messages in Ethernet frames and use PPP
Explanation/Reference:
Correct Answer: BDE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 76
An OSPF router should have a maximum of how many adjacent neighbours?
A. 80
B. 50
C. 60
D. 100
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 77
Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups
of redundant routers?
A. GLBP
B. HSRP
C. VRRP
D. VSS
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference
QUESTION 78
Which routing protocol provides the fastest convergence and greatest flexibility within a campus
environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 79
What network technology provides Layer 2 high availability between the access and distribution layers?
A. HSRP
B. MEC
C. EIGRP
D. GLBP
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 80
Which option maximizes EIGRP scalability?
A. route redistribution
B. route redundancy
C. route filtering
D. route summarization
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 81
Which two options are advantages of having a modular design instead of an EOR design in a data centre?
(Choose two)
A. cooling constraints
B. cable bulk
C. decreased STP processing
D. redundancy options
E. cost minimization
F. low-skilled manager
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 82
An engineer is designing a redundant dual-homed BGP solution that should prefer one specific carrier
under normal conditions. Traffic should automatically fail over to a secondary carrier case of a failure.
Whitch twho BGP attributes can be used to achieve this goal inbound traffic? (Choose two)
A. origin
B. MED
C. AS-PATH
D. local preference
E. weight
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Note : local pref and weight are for the other direction .
QUESTION 83
A network team must provide a redundant secure connection between two entities using OSPF. The
primary connection will be an Ethernet Private Line and the secondary connection will be a site-to-site VPN.
What needs to be configured in order to support routing requirements for over the VPN connection?
A. GRE Tunnel
B. HTTPS
C. Root Certificate
D. AAA Server
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 84
Which configuration represents resiliency at the hardware and software layers?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
I don't see "multiple connections" as hardware resiliency. They are "physical layer resiliency" for me.
QUESTION 85
Which option is the primary reason to implement security in a multicast network?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 86
A company requires redundancy for its multi-homed BGP external connections. What two features can be
configured on the WAN routers to automate failover for both outbound and inbound traffic? (Choose two)
A. AS path prepending
B. local preference
C. floating static route
D. HSRP
E. MED
F. weight
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
@crossbar
from https:**//www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13768-hsrp-bgp.html "
This document describes how to provide redundancy in a multihomed Border Gateway Protocol (BGP)
network where you have connections to two separate Internet service providers (ISPs). In the event of a
failure of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the BGP
set as- path {tag | prepend as-path-string} command and Hot Standby Router Protocol (HSRP)
QUESTION 87
In what situation must spanning-tree be implemented?
A. when first hop redundancy protocol exists with redundant Layer 2 links between distribution switches
B. when a VLAN spans access layer switches to support business applications
C. when trunks need to extend multiple VLANs across access switches
D. when it is necessary to speed up network convergence in case of link failure
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
@crossbar
Correct answer is B
See FLG 3rd Ed p38
QUESTION 88
Which option does best practice dictate for the maximum number of areas that an OSPF router should
belong to for optimal performance?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 89
Which option is an advantage of using PIM sparse mode instead of PIM dense mode?
A. No RP is required
B. There is reduced congestion in the network
C. IGMP is not required
D. It floods all multicast traffic throughout the network
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 90
Which two BGP attributes can be set with outbound policy to manipulate inbound traffic, if honoured by the
remote Autonomous system? (Choose two)
A. Multi-exit discriminator
B. AS path
C. Local Preference
D. Weight
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 91
An engineer has to design a multicast domain for some application. This multicast network should be
secured.
Which option should he take?
A. PIM-SM; 232.0.0.0/8
B. ASM; 232.0.0.0/8
C. SSM; 224.0.0.0/8
D. SSM; 232.0.0.0/8
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 92
A company needs to configure a new firewall and have only one public IP address to use. The engineer
needs to configure the firewall with NAT to handle inbound traffic to the mail server in addition to internet
outbound traffic. Which options could he use? (Choose two)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 93
As a network engineer you have been asked to help design a new floor shop. Allocate appropriate subnet
sizes on the left to the departments on the right and allow for simple summarization. (Wording may be
slightly different as well as department names per number of hosts)
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 94
Seven sites are connected via OTV, what is the best practice to connect more than three sites using OTV?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 95
An engineer chose to design an architecture where distribution switches are in VSS and are connected to
access switches using Multichassis Etherchannel. What is the resulting topology?
A. Looped
B. Ring
C. Hybrid
D. Star
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 96
A company is running BGP on the edge with multiple service providers in a primary and secondary role. The
company wants to speed up time if a failure was to occur with the primary, but they are concerned about
router resources. Which method best achieves this goal?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 97
An engineer is designing a QoS architecture for a small organization and must meet these requirements:
- Guarantees resources for a new traffic flow prior to sending
- Polices traffic when the flow does not conform
Which QoS architecture model will accomplish this?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 98
When designing data centres for multitenancy, which two benefits are provided by the implementation of
VSAN and zoning? (Choose two)
A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from
affecting others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 99
A network engineer is designing a network that must incorporate active-active redundancy to eliminate
disruption when a link failure occurs between the core and distribution layer. What two technologies will
allow this? (Choose two)
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 100
When designing layer 2 STP based LAN with FHRP, what design recommendation should be followed?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 101
A network engineer wants to segregate three interconnected campus network via IS-IS routing. A two-layer
hierarchy must be used to support large routing domains to avoid more specific routes from each campus
network being advertised to other campus network routers automatically. What two actions should be taken
to accomplish this segregation? (Choose two)
A. Assign a unique IS-IS NET value for each campus and configure internal campus routers with level 1
routing.
B. Designate two IS-IS routers from each campus to act as a Layer 1/Layer 2 backbone routers at the
edge of each campus network.
C. Designate two IS-IS routers as BDR routers at the edge of each campus.
D. Assign similar router IDs to all routers within each campus.
E. Change the MTU sizes of the interface of each campus network router with a different value
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 102
What command essentially turns on auto summarization for EIGRP?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Auto-summarization is enabled by default when you turn EIGRP on.
QUESTION 103
What is the physical topology of ACI?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 104
Which security function is inherent in an Application Centric Infrastructure network?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Comments:
All the traffic between servers is denied (micro segmentation), to allow the traffic between EPGs we need to
configure contracts.
QUESTION 105
What security feature would require a packet to be received on the interface that the interface would use to
forward the return packet?
A. urpf
B. arp inspection
C. vlan acl
D. ...
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 106
What location are security policies enforced in ACI?
A. End Point
B. Spine
C. Leaf
D. APIC
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Security policies are configured on the APIC, and enforced on the leaves
QUESTION 107
What should be implemented to prevent exceeding the 50mb allowable bandwidth of internet circuit?
A. policing
B. shaping
C. CIR
D. rate-limit
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Comments:
After discussion we have agreed the answer A policing will be the best choice for this question.
If the ISP is policing traffic to 50MB, it would be a good practice to configure traffic shaping to 50MB in your
network so the egress traffic is queued and sent rather than dropped by ISP.
QUESTION 108
What multicast design would you use that cannot use rendezvous points....don't remember the complete
question?
A. Pim bidirectional
B. Pim Sparse
C. Pim Dense
D. Pim-SSM
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 109
A company has 30 sites and wants allow dynamic IGP protocol, multicast and non IP traffic between sites.
Which topology should the company implement?
A. dmvpn spoke-to-spoke
B. dmvpn hub-to-spoke
C. vti
D. p2p gre
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Comments:
Non IP traffic is not supported by DMVPN.
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class- teleworker-ect-
solution/prod_brochure0900aecd80582078.pdf
QUESTION 110
A company security policy states that their data center network must be segmented from the layer 3
perspective. The segmentation must separate various network security zones so that they do not exchange
routing information and their traffic path must be completely segregated. which technology achieves this
goal?
A. VPC
B. VXLAN
C. VRF
D. VDC
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 111
An engineer is working for large cable TV provider that required multicast multi sourced stream video, but
must not use an RPM. Which protocol needs to be used?
A. ASM
B. PIM-SM
C. BIDR-PIM
D. SSM
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 112
Reduce security risk in BGP. Which option help to avoid rogue route injection, unwanted peering and
malicious BGP activities?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 113
How does stub routing affect transit route in EIGRP?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 114
A customer would like to implement a firewall to secure an enterprise network, however the customer is
unable to allocate any new subnets. What type of firewall mode must be implemented?
A. active/standby
B. active/active
C. zone based
D. virtual
E. routed
F. transparent
Correct Answer: F
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: F
Section: (none)
Explanation
Explanation/Reference:
QUESTION 115
A Network administrator want to increase the security level in the core layer and want to confirm that the
users that have their default GW on an interface in the core switch can access specific networks and can't
access the remaining networks. Which feature can help him to achieve this?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 116
Which option provides software modularity in Cisco NX-OS software in the data center design?
A. The ip routing command enables all of the features in the Cisco NX-OS.
B. All of the features are enabled by default in the Cisco NX-OS.
C. Individual features must be manually enabled to start the process.
D. The Cisco NX-OS has a management VRF that is enabled by default.
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 117
Which technology allows multiple instances of a routing table to coexist on the same router simultaneously?
A. VRF
B. Cisco virtual router
C. Instanced virtuer router
D. IS-IS
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 118
Which two features provide resiliency in a data center? (Choose two.)
A. Cisco FabricPath
B. VTP
C. encryption
D. vPC
E. VRF
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 119
Which network virtualization technology provides logical isolation of network traffic at Layer 3?
A. VSS
B. VLAN
C. VRF-Lite
D. MEC
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 120
Which technology extends Layer 2 LANs over any network that supports IP?
A. OTV
B. VSS
C. vPC
D. VLAN
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 121
Two technologies that can be used to connect data centers over an IP network and provide layer 2 LAN
extension
A. IS-IS
B. VXLAN
C. TRILL
D. Fabric Path
E. OTV
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 122
Which protocol should be run on the LAN side of two edge routers (that are terminating primary and backup
WAN circuits) to provide quick failover in case of primary WAN circuit failure?
A. VTP
B. STP
C. VRRP
D. RIP
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 123
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?
A. VRRP
B. BGP
C. IPsec
D. SSL
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 124
What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be
queued later ?
A. Shaping
B. Policing
C. Weighted Fair Queuing
D. Low Latency Queuing Correct
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 125
About BGP advertising route with using community, advertise to internet but not advertise to inside network
A. no-advertise
B. no-export
C. local-as
D. internet
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 126
Which technology can block interfaces and provide a loop-free topology?
A. STP
B. VSS
C. VLAN
D. vPC
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 127
A customer has an existing Wan circuit with a capacty 10 mbps, the circiut has 6 mbsp of varios user traffic
and 5 mbps of real-time audio trafic on average. switch two measures could be taken to avoid loss of real
time traffic (Choose Two)
A. Police the traffic to 5 mbps and allow excess traffic to be remarked to the default queu
B. Configure congestion avoidance mechaninsm wred within the proirity queue
C. Policy the traffic to 3.3 mbps and allow excess traffic to be remarked to the default queue
D. Increase the wan circuit bandwidth
E. Ensure that real time traffic is prorized over other traffic
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 128
An organization is adquiring another company and merging the two company networks. No subnets overlap,
but the engineer must limit the networks advertised to the new organization. which feature implements this
requierement?
A. Interface ACl
B. Stub area
C. Router filtering
D. Passive interface
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 129
When APIC is down on cluster device ... What is the minimum number of APICs requirement for a
production ACI Fabric to continue to operate?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 130
Multipath to two datacenter by L2 networks overlap addresses and must be work (2 answers)
A. vxlan
B. OTV
C. VRF
D. vpn
E. HSRP
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 131
L2 extention through IP in the data center (MAC-in-IP)
A. fiberpath
B. TRILL
C. OTV
D. Vxlan
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
@crossbar
QUESTION 132
OTV to interconnect three data centers and what should there be in each data center
A. VTEP
B. vxlan ?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
@crossbar
I think the correct answer should be "(OTV) edge device"
QUESTION 133
No question
A.
B.
C.
D. Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 134
Which one is IETF standared
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
@skummy
The Data Center Bridging (DCB) architecture is based on a collection of open standards Ethernet
extensions developed through the IEEE 802.1 working group to improve and expand Ethernet networking
and management capabilities in the data center.
https**://**www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/ieee-802-1-data-center-
bridging/at_a_glance_c45-460907.pdf
TRILL ("Transparent Interconnection of Lots of Links") is an IETF Standard[1] implemented by devices
called RBridges (routing bridges) or TRILL Switches.
https**://en.wikipedia.org/wiki/TRILL_(computing)
QUESTION 135
the states that the designer want to use the three PIM-SM kinds and which one is true about bidirectional
pim
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 136
Which two hashing distribution algorithms are available for an engineer when work with multichasis
etherchannel? Choose two
A. src-dst-mac
B. src-dst-ip
C. round-robin
D. fixed
E. adaptive
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: DE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 137
Which two modes for deploying cisco Trustsec are valid? Choose two
A. cascade
B. low-impact
C. open
D. high availability
E. monitor
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
QUESTION 138
While configuring WOS policy, analysis of the switching infrastructure indicates that the switches support
1P3Q3T egress queuning. wich option describes the egress queueing in the infrastruture?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 139
Refer to the exhibit. HSRP is running Bet SW A and Dist SW B. Which two links do the switches use to
transmit HSRP mess? choose two
Correct Answer: EF
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: EF
Section: (none)
Explanation
Explanation/Reference:
QUESTION 140
An engineer set up a multicast network design using all three Cisco supported PIM modes. Witch are two
characteristics of Bidirectional PIM in this situation are true? (choose two)
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 141
The network engineering team is interested in deploying NAC within the enterprise network to enhance
security. What deployment model should be used if the team requests that the NAC be logically inline with
clients?
A. Layer 2 in-band
B. Layer 2 out-of-band
C. Layer 3 in-band
D. Layer 3 out-of-band
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 142
Which NAC design model matches the following definitions?
- NAS is deployed centrally in the core or distribution layer.
- Users are multiple hops away from the Cisco NAS.
- After authentication and posture assessment the client traffic no longer passes through the Cisco NAS.
- PBR is needed to direct the user traffic appropriately
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 143
Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation?
A. Layer 2 out-of-band
B. Layer 2 in-band
C. Layer 3 out-of-band
D. Layer 3 in-band
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 144
While designing a QoS policy for an organization, a network enginer is determining the method to limit the
output rate of traffice whitin the real-time queue. How must the limiting of traffic within the real-time queue
occur?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 145
About readly-scale server virtualization
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 146
Which option is a Fundamental proccess of the cisco TrustSec tecnology?
A. Marketing
B. Detection
C. Propagation
D. Prioritization
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Cisco TrustSec is defined in three phases: classification, propagation, and enforcement
QUESTION 147
About how to avoid overrunning the 50 Mbps on company bandwidth
A. CIR
B. police
C. shaping
D. ACL
E. rate-limit
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Because it is company they shape the SP police may be there is more info in the question
QUESTION 148
An engineer is designing a network with OSPF and must filter ingress routes form a partnet network that is
also running OSPF. Which two desing options are available for this config? Choose two
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: CE
Section: (none)
Explanation
Explanation/Reference:
@crossbar "I would choose CE"
QUESTION 149
New Question. Which desing tecnology allows two cisco catalyst chassis to use SSO and NSF to provide
nonstop communication even if one of the menber chasis fails?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
A VSS operates with stateful switchover (SSO) redundancy if it meets the following requirements:
-Both supervisor engines must be running the same software version.
-VSL-related configuration in the two chassis must match.
-PFC mode must match.
-SSO and nonstop forwarding (NSF) must be configured on each chassis.
QUESTION 150
New Question. While designing a backup BGP solution, a network engineer wants to ensure that a single
router with multiplex connections prefers the routes from a specific connection over all others. Which BGP
path selection attribute is considered first when seleccting a route?
A. As-Length
B. Link Bandwidth
C. Local preference
D. Weight
E. MED
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 151
New Question. A data center has several bussines parthen who want to have their compute resources
installed. the data center uses one vlan to support vendor equipment and requieres limited visibility and
connectivity betbeen vendor servers. which segmentation concept sastisfies theses requierements?
A. Ip NAT
B. Private vlans
C. Lan to lan vpn
D. Protected vlans
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 152
New Question. Which cisco NX-OS feature can be used to build highly scalable layer 2 multipath networks
without utilizing the spanning tree protocol?
A. OTV
B. FabricPath
C. vPC
D. MST
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
From the FLG 4th Ed. page 403:
"Cisco FabricPath brings routing techniques from Layer 3 to solve Layer 2 loop problems" Layer 2 loop
problems are what STP was designed to solve and the mentioned routing techniques are done by IS-IS
(page 404):
"Cisco FabricPath uses extensions to the Intermediate System-to-Intermediate System (IS-IS) protocol to
exchange
unicast and multicast location and reachability information and to forward traffic in the network using Cisco
FabricPath headers. (IS-IS forms the underlay network for the FabricPath and enables the underlay fabric
to be a nonblocking Layer 3-routed network with ECMP forwarding)."
QUESTION 153
New Question. How to apply firewall mode that shares ACL NAT
A. Router mode
B. Transparent
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
@xjuankx
QUESTION 154
New Question. All links between distribution and core layer must be active, how can we archive this goal?
Choose two
A. Equal-cost links
B. Unequal-cost links
C. HSRP
D. IGP
E. PVRSTP+
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
@Hlubik
QUESTION 155
New Question. Something like, engineer has to deploy a firewall where the ACLs, NAT, and management
are separated for his customers. Which mode do you need to run it in?
A. Transparent
B. Multicontext
C. Routed
D. IPS
E.
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 156
New Question. D&D (We need more info for add.)
A.
B.
C.
D. Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
Correct Answer:
Section: (none)
Explanation
Explanation/Reference:
QUESTION 157
New Question. During the integration of a new company, a network engineering team discovery ** ip
address scape overlaps **the two company***. Which two technologies can be used to allow overlapping ip
address to conec on shared nwtwork infraestructure?(chose two)
A. VRF
B. OTV
C. NAT
D. HSRP
E. VPN
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 158
About interconnecting with new company , both companies uses OSPF and the questions is about how
should you filter the ingress traffic between them
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 159
New Question. Where should loop guard the implemented in a campus network design?
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 160
New Question. Refer to the exhibit. An engineer must apply IP addressing to five new WAN sites and
choses the new subnets pictured. The previous administrator applied the addressing at Headquarters.
Whitch option is the minimum summary range to cover the existing WAN sites while also allowing for three
additional WAN sites of the same size, for future growth?
A. 10.0.60.0/18
B. 10.0.64.0/21
C. 10.0.64.0/17
D. 10.0.0.0/17
E. 10.0.64.0/18
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: E
Section: (none)
Explanation
Explanation/Reference:
QUESTION 161
New Question. Which twho options are features of a scalable cluster design utilizing Cisco ASA firewalls?
(Choose two)
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BC
Section: (none)
Explanation
Explanation/Reference:
QUESTION 162
New Question. Which action should be taken when implementing a preferred IPS design?
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 163
New Question. How does OTV provide STP isolation?
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 164
New Question.A LAN infrastructure consists of swiches from multiple vendors. Spanning Tree is used as a
Layer 2 loop prevention mechanism. All configured VLANs must be grouped in two STP instances. Which
standards-based Spanning Tree technology must be used?
A. MSTP
B. Rapid PVST
C. STP
D. RSTP
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 165
New Question. A network team is designing a Layer 3 Data Center Interconnect between two data centers.
There is a requirement for all links of equal bandwidth be utilized, have automatic failover, and not use any
building technology. Which routing function must be used to achieve this requirement?
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 166
New Question. An engineer is redesigning the infrastructure for a campus enviroment. The engineer must
maximize the use of the links between the core and distribution layers. By witch two methods can this usage
be maximized? (choose two)
A. Design the links between the core and distribution layers HSRP
B. Design the links between the core and distribution layers to use an IGP
C. Design the links between the core and distribution layers to use RPVSTP+
D. Design with multiple equal-cost links between the core and distribution layers
E. Design with multiple unequal-cost links between the core and distribution layers
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: AD
Section: (none)
Explanation
Explanation/Reference:
QUESTION 167
New Question. An engineer must create this design:
- Restrict cetain networks from being advertised to remote branches connected via eBGP
- Prohibit advertisement of the specific prefix to external peer only
A. gshut
B. internt
C. local-as
D. no-export
E. no-advertise
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
https://learningnetwork.cisco.com/thread/58299
https://tools.ietf.org/html/rfc1997
QUESTION 168
New Question. An engineer is working on an OSPF network design and wants to minimize the failure
detection time and the impact on the router CPU. Witch technology accomplishes this goal?
A. LSA pacing
B. LSA delay interval
C. BFD
D. Fast hellos
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
QUESTION 169
New Question. An engineer wants to assure that host can locate routers that can be used as a gateway to
reach IPbased devices on other networks. Which first hop redundancy protocol accomplishes this goal?
A. VRRP
B. GLBP
C. IRDP
D. HSRP
E. GSLB
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: C
Section: (none)
Explanation
Explanation/Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-
irdp.html
QUESTION 170
New Question. What added enforcement feature is avaiable on IDS-based devices to terminate active
malicious traffic?
A. Signature detection
B. TCP reset
C. SNMP alert
D. Layer 4 filtering
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: B
Section: (none)
Explanation
Explanation/Reference:
QUESTION 171
New Question. Layer3 segmentation but I can't recall the question
A. Multihop MPLS
B. Hop-by-Hop VRF-Lite
C.
D.
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:
QUESTION 172
L2 covergence optimization or thereabout (choose Two)
A. MSTP
B. Rapid PVST+
C. Allow all vlan
D. Prune unwanted vlans
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference:
QUESTION 173
New question ACI about EPG sharing resources
A. Application profile
B. Contract
C.
D.
Correct Answer: AB
Section: (none)
Explanation
Explanation/Reference: