CCDP Arch 300-320 by Gon June 2018 173Q

CCDP_Arch_300-320_by_Gon_June_2018_173Q
Number: 000-000
Passing Score: 800
Time Limit: 120 min
File Version: 1.0
CCDP_Arch_300-320_by_Gon_June_2018_170Q
Number: 300-320
Passing Score: 860
Time Limit: 120 min
File Version: 1.6
CCDP_ARCH_300-320_by_Pentacis_May_2018
This ls the latest updated collection gathered Starting By Veteran , Antoni , Mr.x, Pentacis, Crossbar and
Madox, Baldasar, Gutsy, Red-dot...
Every thing here is updated , corrected , and non-duplicated by June 2018 Exam A
Sections
1. (none)
QUESTION 1
A network designer needs to explain the advantages of route summarization to a client. Which two options
are advantages that should be included in the explanation? (Choose two)
A. Increases security by advertising fake networks

B. Reduces routing table size
C. Advertises detailed routing tables
D. Utilizes the routers full CPU capacity
E. Reduces the upstream impact of a flapping interface
:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference:
Correct Answer: BE
Section: (none)
Explanation
Explanation/Reference
QUESTION 2
What is the next action taken by the Cisco NAC Appliance after it identifies vulnerability on a client device?
A. Denies the client network resource access

B. Repairs the effected devices
C. Generates a Syslog message
D. Permits the client but limits to guest access
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
@Zoltan
From Cisco doc : NAC Appliance enforces security policies by blocking, isolating, and repairing
noncompliant machines.
=>(Order) Blocking > Isolating > Repairing
QUESTION 3
Which of the following facts must be considered when designing for IP telephony within an Enterprise
Campus network?
A. Because the IP phone is a three-port switch, IP telephony extends the network edge, impacting the
Distribution layer.
B. Video and voice are alike in being bursty and bandwidth intensive, and thus impose requirements to be
lossless, and have minimized delay and jitter.
C. IP phones have no voice and data VLAN separation, so security policies must be based on upper layer
traffic characteristics.
D. Though multi-VLAN access ports are set to Dot1Q and carry more than two VLANs they are not trunk
ports.
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
@crossbar
"The multi-VLAN access ports are not trunk ports, even though the hardware is set to the dot1q trunk. The
hardware setting is used to carry more than one VLAN, but the port is still considered an access port that is
able to carry one native VLAN and the auxiliary VLAN."
=> not more than two
QUESTION 4
Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology?
(Choose two)
A. redundancy
B. bandwidth
C. cost
D. delay
E. hops
Correct Answer: BD
Section: (none)
Explanation
Correct Answer: BD
Section: (none)
Explanation
QUESTION 5
An engineer must add a new firewall in front of the public web server infrastructure in an ACI network.
Which ACI function is used to accomplish this requirement?
A. Application Network Profile

B. Service chaining
C. Static binding
D. Layer 4-7 services
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 6
A customer is discussing QoS requirements with a network consultant. The customer has specified that
end-to- end path verification is a requirement. Which QoS architecture is most appropriate for the requested
design?
A. marking traffic at the access layer with DSCP to support the traffic flow
B. marking traffic at the access layer with CoS to support the traffic flow
C. RSTP mdoel with PHB to support the traffic flows
D. IntServ model with RSVP to support the traffic flows
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 7
Which two options are characteristics of bidirectional PIM? (Choose two)
A. A registration process is required

B. It is ideal for many-to-many host applications
C. The creation of a source tree is required
D. A designated forwarder is not required
E. It enables scalability with a large number of sources
Correct Answer: BE
Section: (none)
Explanation
Correct Answer: BE
Section: (none)
Explanation
QUESTION 8
One-to-one ratio mapping for access switches close to servers?
A. ToR
B. EoR
C. CoR
D. ZoR
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 9
A network engineer must use an Internet connection to provide backup connectivity between two sites. The
backup must be encrypted and support multicast. Which technology must be used?
A. DMVPN
B. GRE over IPSec
C. IPSec direct encapsulation
D. GETVPN
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 10
Which VPN connectivity representing both Hub-and-Spokes and Spokes-to- Spokes?
A. DMVPN
B. IPSec VPN
C. VPN Router
D. VPN Hub
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 11
A network consultant is designing an Internet Edge solution and is providing the details around the flow
supporting a local Internet Proxy. How is on-premises web filtering supported?
A. A Cisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP
B. A Cisco ASA uses an IPS module to inspect HTTP and HTTPS traffic
C. A Cisco ASA redirects HTTPS and HTTPS traffic to CWS with a Web Security Connector
D. A Cisco ASA connects to the web Security Appliance via TLS to monitor HTTP and HTTPS traffic
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 12
What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?
A. IPX
B. Microsoft NetBIOS
C. IPv6
D. IPv4
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
A network engineer must perform posture assessments on Cisco ASA remote access VPN clients and
control their network access based on the results. What mode is the Cisco best practice NAC deployment
design for this situation?
A. Layer 2 in-band real IP gateway mode

B. Layer 2 out-of-band real IP gateway mode
C. Layer 3 in-band virtual gateway mode
D. Layer 3 out-of-band virtual gateway mode
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 14
Two companies want to merge their OSPF networks, but they run different OSPF domains. Which option
must be taken to accomplish this requirement?
A. OSPF virtual link to bridge the backbone areas of the two companies together
B. Route summarization
C. Static OSPF
D. Redistribute routes between domains
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
From my CCIE colleague:
To join two companies probably best to statically route between ASBRs if the companies are to merge as
one then you would merge area 0 using virtual link.
QUESTION 15
An engineer is designing a multi cluster BGP network, each cluster has two Route Reflectors and four
Route Reflector clients. Which 2 options must be considered? (Choose two)
A. Clients from all clusters should peer with all Route Reflectors
B. All Route Reflectors should be non-client peers in a partially meshed topology
C. All Route Reflectors must be non-client peers in a fully meshed topology
D. Clients must not peer with iBGP speakers outside the client router
E. Clients should peer with at least one other client outside it's cluster
Correct Answer: CD
Section: (none)
Explanation
Correct Answer: CD
Section: (none)
Explanation
QUESTION 16
Question about IPv4 and IPv6 on the same router (dual stack) with IS-IS
A. ...
B. IS-IS
C. ...
D. ...
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
- Cisco added multitopolgy support for IS-IS to increase flexibility within dual-stack environment.
- Two TLVs added:
· IPv6 reachability TLV
· IPv6 interface address TLV
- Multi topology IS-IS:
· A separate topology is kept for both IPv4 and IPv6 (some links may not be able to carry IPv6 --> Avoid
traffic black-holed)
· This mode removes the restriction that all interfaces on which IS-IS is configured must support the
identical set of network address families.
· A separate SFP per address family.
· Wide metric must be used.
- Single-topology IS-IS:
· One SPF instance for both IPv4 and IPv6.
· Easier to administer but network must be homogeneous.
· Due to consistency checks, a router running IS-IS for both IPv4 and IPv6 does notform an adjacency with
a router running IS-IS for IPv4 or IPv6 only. Disable consistency checks to maintain adjacencies active in
heterogeneous environments. ForL1 links, this is primarily done during transition.
· As in any IS-IS design, L2 routers must be contiguous. IPv6 adjacency checks are notdone on L2 links.
QUESTION 17
A network Engineer is designing a hierarchical design and needs to optimize WAN design. On what group
of devices can a network engineer summarise routes to remote WAN sites?
A. Core
B. Distribution
C. Data Center Distribution WAN Edge
D. WAN Edge
E. Campus access distribution layer
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
Comments:
Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN
Edge and towards campus & data centre
QUESTION 18
Which two design concerns must be addressed when designing a multicast implementation? (Choose two)
A. only the low-order 23 bits of the MAC address are used to map IP addresses
B. only the low-order 24 bits of the MAC address are used to map IP addresses
C. only the high-order 23 bits of the MAC address are used to map IP addresses
D. only the low-order 23 bits of the IP address are used to map MAC addresses
E. the 0x01004f MAC address prefix is used for mapping IP addresses to MAC addresses
F. the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses
Correct Answer: DF
Section: (none)
Explanation
Correct Answer: DF
Section: (none)
Explanation
Comments:
Ethernet & FDDI Multicast Addresses
- The low order bit (0x01) in the first octet indicates that this packet is a Layer 2 multicast packet.
Furthermore, the "0x01005e" prefix has been reserved for use in mapping L3 IP multicast addresses into L2
MAC addresses.
- When mapping L3 to L2 addresses, the low order 23 bits of the L3 IP multicast address are mapped into
the low order 23 bits of the IEEE MAC address. Notice that this results in 5 bits of information being lost.
https://www.cisco.com/networkers/nw00/pres/3200/3200_c1_Mod2_rev1.pdf
QUESTION 19
Which of the following is a result when designing multiple EIGRP autonomous systems within the Enterprise
Campus network?
A. Improves scalability by dividing the network using summary routes at AS boundaries

B. Decreases complexity since EIGRP redistribution is automatically handled in the background
C. Reduces the volume of EIGRP queries by limiting them to one EIGRP AS
D. Scaling is improved when a unique AS is run at the Access, Distribution, and Core layers of the network
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
Comments:
Chapter 2 of CiscoPress CCDP fourth edition clearly says (there is even a test at the end of the chapter)
that introducing additional ASes won't reduce the volume of EIGRP queries as these will be forwarded
across the ASes.
QUESTION 20
What two sensor types exist in an IDS/IPS solution? (Choose two)
A. host
B. anomaly based
C. policy based
D. network based
E. signature
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
@Samsonite
I see the confusion in this one. There are 2 types of "sensors", host-based and network-based. There are 3
types of methods/technologies for detecting bad traffic within a sensor signature-based, anomaly-based,
policy-based.
https:**//www.certificationkits.com**/cisco-certification/ccna-security-certification-topics/ccna-security-
implement-ips-with-sdm/ccna-security-network-based-vs-host-based-intrusion-detection-a-prevention/
QUESTION 21
Which of this is true of IP addressing with regard to VPN termination?
A. IGP routing protocols will update their routing tables over an IPsec VPN
B. Termination devices need routable addresses inside the VPN
C. Addressing design need to allow for summarization
D. Designs should not include overlapping address spaces between sites, since NAT is not supported
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments:
Best design practices say the VPN design should allow for summarization. With regards to D - sometimes
you cannot avoid overlapping addresses as this is what is configured at client's end, and the only option is
to hide the overlapping subnet behind NAT - based on experience (The author of this remark has 50x VPN
tunnels and majority of them is using NAT, even if the subnet doesn't overlap, we want to hide our real IPs
behind something else - extra security
QUESTION 22
A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has
already been implemented and optimized, and it is no longer effective in ensuring optimal network
performance. Which two actions can improve network performance? (Choose two)
A. Reconfigure QoS based on the IntServ model

B. Configure selective packet discard to drop noncritical network traffic
C. Implement higher-speed uplink interfaces
D. Bundle additional uplinks into logical Ether-Channels
E. Utilize random early detection to manage queues
Correct Answer: CD
Section: (none)
Explanation
Correct Answer: CD
Section: (none)
Explanation
QUESTION 23
Which technology is an example of the need for a designer to clearly define features and desired
performance when designing advanced WAN services with a service provider?
A. FHRP to remote branches

B. Layer 3 MPLS VPNs secure routing
C. Control protocols (for example Spanning Tree Protocol) for a Layer 3 MPLS service
D. Intrusion prevention, QoS, and stateful firewall support network wide
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
This answer is an example that show that the designer did not clearly defined his needs because the SP
gave a L3 service when L2 was needed. In other dumps from Internet answer is B and I think it is right,
because designer must be sure that SP provides secure routing service with needed performance, but how
control protocols works inside SP net designer.
QUESTION 24
Which option is correct when using Virtual Switching System?
A. Both control planes forward traffic simultaneously

B. Only the active switch forward traffic
C. Both data planes forward traffic simultaneously
D. Only the active switch handles the control plane
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments:
Definitely C again Chapter 1 of CiscoPress CCDP fourth edition Distribution-to Distribution Interconnect
with the Virtual Switch Model
The virtual switch system operates differently at different planes. From a control plane point of view, the
VSS peers (switches) operate in active standby redundancy mode. The switch in active redundancy mode
will maintain the single configuration file for the VSS and sync it to the standby switch, and only the console
interface on the active switch is accessible
VSS1440 (in the book) A VSS1440 refers to the VSS formed by two Cisco Catalyst 6500 Series Switches
with the
Virtual Switching Supervisor 720-10GE. In a VSS, the data plane and switch fabric with capacity of 720
Gbps of supervisor engine in each chassis are active at the same time on both chassis, combining for an
active 1400- Gbps switching capacity per VSS. Only one of the virtual switch members has the active
control plane. Both chassis are kept in sync with the inter-chassis Stateful Switchover (SSO) mechanism
along with Nonstop Forwarding (NSF) to provide nonstop communication even in the event of failure of one
of the member supervisor engines or chassis.
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switchingsystem- 1440/
prod_qas0900aecd806ed74b.html
In my opinion C & D are correct.
QUESTION 25
When APIC is down on cluster device ... What is the minimum number of APICs requirement for a
production ACI Fabric to continue to operate?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments:
From Designing for Cisco Network Service Architecture Fourth Edition:
The recommended minimum sizing has the following requirements:
* Three or more Cisco APIC controllers that are dual connected to different leaf switches for maximum
resilience. Note that the fabric is manageable even with just one controller and operational without a
controller.
I'm not sure what 'manageable' means, is it still an ACI fabric or does it revert to a different state. It seems
weird to me you would no longer have your ACI fabric if one/ two of your three APIC's went offline. Not
usually how redundancy works.
This Cisco topic seems to indicate it will still work on 1 APIC https://supportforums.cisco.com/
discussion/12448836/apic-cluster-why-minimum-3-controllers Interesting your reasoning. "Manageable",
means that you can still make changes, add/remove things, etc. So, now reading your comments, it makes
sense that if the is talking about continuing to operate, the answer must be 1. I've seen 3 as the answer in
all dumps but now I doubt it.
QUESTION 26
Routing protocol that provides unequal cost path with different metrics for load balancing purposes?
A. OSPF
B. EIGRP
C. ISIS
D. BGP
E. RIP
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 27
What changes you should make in the design to optimize traffic?
A. Choose distribution switch A as HSRP active

B. Add a Layer2 link between access switches
C. Add a Layer3 point-to-point link between distribution switches
D. Configure an EtherChannel between distribution switches
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 28
Which option is the Cisco recommendation for data oversubscription for access ports on the access-to
distribution uplink?
A. 4 to 1
B. 20 to 1
C. 16 to 1
D. 10 to 1
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
An engineer is designing a layer 3-enabled access layer. Which design recommendation must the engineer
consider when deploying EIGRP routing within the access layer?
A. Implement floating static routes on access switches for redundant links

B. Configure all edge access layer switches to use a stub routing feature
C. Enable multiple uplinks from each access switch stack to the distribution switches
D. Use the First Hop Redundancy Protocol on access layer switches
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 30
What are the two methods of ensuring that the RPF check passes? (Choose two)
A. implementing static mroutes

B. implementing OSPF routing protocol
C. implementing MBGP
D. disabling the interface of the router back to the multicast source
E. disabling BGP routing protocol
Correct Answer: AC
Section: (none)
Explanation
Correct Answer: AC
Section: (none)
Explanation
Comments:
The router determines the RPF interface by the underlying unicast routing protocol or the dedicated
multicast routing protocol in cases where one exists. An example of a dedicated multicast routing protocol is
MP-BGP. It is important to note that the multicast routing protocol relies on the underlying unicast routing
table. Any change in the unicast routing table immediately triggers an RPF recheck on most modern
routers.
Having OSPF routing protocol in place won't really ensure that the RPF check passes.
Let's say we have implemented OSPF routing protocol within the topology below (have a look at the URL
below), "R3" knows the best path to 1.1.1.0/24 is via interface F0/0 but "R3" receives multicast packet from
source server (1.1.1.1/24) on interface S0/0. The RPF will fail. We can get this fixed by implementing static
mroutes (static multicast-routes) to force multicast traffic to go back via interface S0/0 (ip mroute 0.0.0.0
0.0.0.0 s0/0)
Having unicast routing protocol (OSPF, EIGRP, BGP, RIP, IGRP, IS-IS etc) won't necessarily mean the
RPF will succeed but having a multicast routing protocol (Multipoint BGP) or dedicated multicast static
routes (mroutes) will. The only which I still have is that if the multicast routing protocol relies on the
underlying unicast routing table (OSPF) how does it ensure that the RPF check passes.
https://supportforums.cisco.com/t5/network-infrastructure-documents/multicast-rpf-recovery-using-static-
multicast-routing/ta-p/3139007
QUESTION 31
A client requirement to separate management and control layer within an organization. Which technology
can be used to achieve this requirement while minimizing physical devices?
A. Virtual Device Context

B. VRF
C. Virtual Switching System
D. Virtual Local Area Networks
E. MEC
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 32
Drag and Drop
Select and Place:

A.
B.
C.
D.
Correct Answer:
Section: (none)
Explanation
Correct Answer:
Section: (none)
Explanation
QUESTION 33
Which technology will you use to connect 2x Data Centres and extend Layer 2 VLANs? (Choose two)
A. OTV
B. VXLAN
C. Fabric Path
D. IS-IS
E. EIGRP
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
QUESTION 34
An engineer is designing a multitenant network that requires separate management access and must share
a single physical firewall. Which two features support this design? (Choose two)
A. Site-to-Site VPN
B. dynamic routing protocols
C. multicast routing
D. threat detection
E. quality of service
F. unified communications
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
Comments:
This one is a little bit trickier, separate management access means the multi-context mode https://
www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/ha-
contexts.pdf
Page 14 of Guidelines for Multiple Context Mode lists unsupported features, after you cross the
unsupported features out - you are left with what works on a multi-context mode firewall
QUESTION 35
Which technology should a network designer combine with VSS to ensure a loop free topology with optimal
convergence time?
A. PortFast
B. UplinkFast
C. RPVST+
D. Multichassis EtherChannel
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
Comments:
"C" definitely not as STP is disabled when VSS is configured at the distribution layer.
MEC comes with Cisco Catalyst (VSS) like vPC comes with Cisco NX-OS.
QUESTION 36
What needs to be configured to control unwanted transit traffic to not be routed to remote branches that
have multiple WAN connections?
A. route weighting
B. route tagging
C. route filtering
D. route prioritising
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 37
One new regarding 802.1X. (Choose three)
A. Authenticates the user itself

B. Authenticates the device itself
C. If the device does not support, allow the access automatically
D. Cisco proprietary
E. Industry standard
Correct Answer: ABE

Section: (none)
Explanation
Correct Answer: ABE
Section: (none)
Explanation
QUESTION 38
What is one function of key server in Cisco GETVPN deployment?
A. sending the RSA certificate

B. providing pre-shared keys
C. maintaining security polices
D. providing the group ID
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments:
Key server is responsible for maintaining security policies, authenticating the GMs and providing the
session key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after
successful registration the GMs can participate in group SA.
https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/
deployment_guide_c07_554713.html
QUESTION 39
What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across
the WAN?
A. Convergence time
B. Low operating expense (OpEx)
C. Low latency
D. Dynamic fault-tolerance
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 40
An engineer has implemented a QoS architecture that requires a signalling protocol to tell routers which
flows of packets require special treatment. Which two mechanisms are important to establish and
maintaining QoS architecture? (Choose two)
A. Classification
B. Tagging
C. Packet Scheduling
D. Admission Control
E. Resource Reservation
Correct Answer: DE
Section: (none)
Explanation
Correct Answer: DE
Section: (none)
Explanation
QUESTION 41
An engineer wants to have a resilient access layer in the Data Center so that access layer switches have
separate physical connections to a pair of redundant distribution switches. Which technology achieves this
goal?
A. PaGP
B. LACP
C. VSL
D. EVPC
E. VSS
F. ECMP
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
@crossbar
Enhanced vPC is a form of Multichassis Etherchannel and VSS by itself, withour MEC, doesn't provide
resiliency.
ECMP could also be a correct answer, assuming an L3 access layer design. But the question specifies "in
the Data Centre" and most DC access layer designs are L2.
Furthermore, (E)vPC is a tech exclusive to Nexus, which is marketed by Cisco as DC switches.
QUESTION 42
What is advantage of using the vPC feature in Data Centre environment?
A. Two switches form a single control plane

B. Utilizes all available uplinks bandwidth
C. FHRP is not required
D. A single IP is used for management for both devices
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 43
Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What
are two advantages of using Cisco FabricPath technology? (Choose two)
A. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load
balancing between redundant paths.
B. Cisco FabricPath provides MAC address scalability with conversational learning.
C. Loop mitigation is provided by the TTL field in the frame.
D. Cisco FabricPath is IETF-standard and is not used with Cisco products.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all
campus networks.
Correct Answer: BC
Section: (none)
Explanation
Correct Answer: BC
Section: (none)
Explanation
QUESTION 44
A client request includes a network design that ensures all connections between the access layer and
distribution layer are active and forwarding traffic at all times. Which design approach achieves this
request?
A. Enable backbone fast on the two distribution switches and create a port channel between each access
layer switch and both distribution switches
B. Configure HSRP for all VLANs and adjust the hello timer for faster convergence
C. Configure Rapid PVST+ and adjust the timers for fast convergence
D. Create a VSS between the two distribution switches and also create a MEC between the VSS and each
access layer switch.
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 45
What is the most important consideration when selecting a VPN termination device?
A. CPU cycles per second

B. VPN sessions per interface
C. Packets per second
D. Bits per second
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 46
Which option is a design recommendation for route summarizations?
A. Filtered redistribution for the prevention of re-advertising of routes

B. Routing protocol stub areas
C. Route summarization for scalable routing and addressing design
D. Defensive route filtering to defence against inappropriate routing traffic
E. Route summarization to support greater volumes of transit traffic
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 47
A company is Multi-Homed to different service providers running BGP. Which action ensures that the
company AS does not become a transit AS?
A. Create a distribute list that filters all routes except the default route and applies to both BGP neighbour
interfaces in the inbound direction
B. Create a distribute list that filters all routes except the default route and applies to a single BGP
neighbour in the outbound direction
C. Create prefix list that matches the company prefixes and applies to both BGP neighbour definitions in
the outbound direction.
D. Create a route map that matches the provider BGP communities and networks and applies to both
transit neighbour interfaces in the outbound direction.
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 48
A network engineer wants to limit the EIGRP query scope to avoid high CPU and memory utilization on low-
end routers as well as limiting the possibility of a stuck-in-active routing event between HQ and branch
offices.
Which way to achieve these goals?
A. Configure different Autonomous System number per each branch office and HQ and redistribute routes
between autonomous systems.
B. Configure all routers at branch offices as EIGRP stub and allow only directly connected networks at
branch offices to be advertised to HQ
C. Configure all routers at branch offices as EIGRP stub
D. Configure all routers at HQ and branch offices as EIGRP stub
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 49
Which two protocols support simple plaintext and MD5 authentication? (Choose two)
A. RIP
B. IPv6
C. EIGRP
D. BGP
E. OSPF
Correct Answer: AE
Section: (none)
Explanation
Correct Answer: AE
Section: (none)
Explanation
Comments:
Simple password authentication (also called plain text authentication) - supported by Integrated-System to
Integrated-System (IS-IS), Open Shortest Path First (OSPF) and Routing Information Protocol Version 2
(RIPv2)
MD5 authentication - supported by OSPF, RIPv2, BGP, and EIGRP
QUESTION 50
A network engineer must create a backup network connection between two corporate sites over the Internet
using the existing ASA firewalls. Which VPN technology best satisfies this corporate need?
A. VPLS
B. DMVPN
C. GETVPN
D. IPSec
E. MPLS
F. OTV
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 51
A large-scale IP SLA deployment is causing memory and CPU shortages on the router in an enterprise
network. Which solution can be implemented to mitigate these issues?
A. An offline router for disaster recovery

B. CPE device that is managed by the network provider
C. A shadow router
D. A standby router for failover operation
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments:
https://www.cisco.com/en/US/technologies/tk869/tk769/technologies_white_paper0900aecd806bfb52.html
QUESTION 52
Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two)
A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are associated with one EPG
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs
Correct Answer: AF
Section: (none)
Explanation
Correct Answer: AF
Section: (none)
Explanation
Comments:
There may be times when the ACI administrator might need to deny traffic that is allowed by another
contract.
Taboos are a special type of contract that an ACI administrator can use to deny specific traffic that would
otherwise be allowed by another contract. Taboos can be used to drop traffic matching a pattern (any EPG,
a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of
regular contracts are applied. Taboo contracts are not recommended as part of the ACI best practices but
they can be used to transition from traditional networking to ACI. To imitate the traditional networking
concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain
types of traffic." EPG End-Point Groups
QUESTION 53
A network manager wants all remote sites to be designed to communicate dynamically with each other
using DMVPN technology without requiring much configuration on the spoke routers. Which protocol is use
by DMVPN to achive this goal?
A. GRE
B. NHRP
C. SSH
D. ARP
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 54
An organization is creating a detailed QoS plan that limits bandwidth to specific rates. Which three
parameters can be configured when attempting to police traffic within the network? (Choose three)
A. Conforming
B. Violating
C. Bursting
D. Peak information rate
E. Committed information rate
F. Exceeding
G. Shaping rate
Correct Answer: ABF

Section: (none)
Explanation
Correct Answer: ABF
Section: (none)
Explanation
@crossbar
https:**//www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpoli.html#wp1006389
QUESTION 55
An engineer must design a Cisco VSS-based configuration within a customer campus network. The two
VSS switches are provisioned for the campus distribution layer... Which option is the primary reason to
avoid plugging both VSL links into the supervisor ports?
A. The implementation creates a loop

B. The design lacks optimal hardware diversity
C. Limited bandwidth is available for VSS convergence
D. QoS is required on the VSL links
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
Comments:
The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different
sources. Doing this might require having one port from the supervisor and other from a Cisco 6708 line
card.
When configuring the VSL, note the following guidelines and restrictions:
For line redundancy, we recommend configuring at least two ports per switch for the VSL. For module
redundancy, the two ports can be on different switching modules in each chassis.
QUESTION 56
An engineer is configuring QoS to meet the following requirement:
- all traffic that exceeds the allocated bandwidth will still traverse the infrastructure but will be forwarded
later What will be requirements?
A. Per-Hop behaviours
B. Weighted Fair Queuing
C. IP Precedence
D. Shaping
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 57
An engineer is designing a network using RSTP. Several devices on the network support only legacy STP.
Which outcome occurs?
A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate but the fast convergence is not used.
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 58
What is the outcome when RPF check passes successfully?
A. Packet is dropped because it arrived on the interface that used to forward the packet back to source.
B. Packet is dropped because it arrived on the interface that used to forward the packet back to
destination.
C. Packet is forwarded because it arrived on the interface that used to forward the packet back to
destination
D. Packet is forwarded because it arrived on the interface that used to forward the packet back to source
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
Comments:
Routers perform a reverse path forwarding (RPF) check to ensure that arriving multicast packets were
received through the interface that is on the most direct path to the source that sent the packets. An RPF
check is always performed regarding the incoming interface, which is considered to be the RPF interface.
The RPF check will succeed if the incoming interface is the shortest path to the source. The router
determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing
protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It is
important to note that the multicast routing protocol relies on the underlying unicast routing table. Any
change in the unicast routing table immediately triggers an RPF recheck on most modern routers.
QUESTION 59
Multicast PIM-Sparse mode sends traffic overload. Which feature can reduce the multicast traffic in the
access layer?
A. IGMP snooping
B. Filter at Boundaries
C. PIM Dense-Mode
D. MSDP
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
Comments:
I think solution for this one was to move STP root
QUESTION 60
Refer to the exhibit. A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are
currently running and all interfaces are active. Which factor determines which router becomes the active
HSRP device?
A. the router with the highest MAC address for the respective group
B. the router with the highest interface bandwidth for the respective group
C. the router that boots up last
D. the router with the highest IP address for the respective group
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 61
When 2 distribution switches are configured for VSS, what needs to be done to extend back plane
connectivity?
A. ISL
B. VSL
C. VSS
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 62
An engineer is considering uplink bandwidth over-subscription in a Layer 3 network design. Which option is
the Cisco recommended over-subscription ratio for uplinks between the distribution and core layers?
A. 3 to 1
B. 4 to 1
C. 6 to 1
D. 8 to 1
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
Comments:
Network oversubscription refers to a point of bandwidth consolidation where the ingress bandwidth is
greater than the egress bandwidth. For example, at an ISL uplink from an edge layer switch to a core, the
oversubscription of the ISL is typically on the order of 7:1 or greater. In a single director fabric, the fan-out
ratio of server to storage subsystem ports is directly related to the network oversubscription and is typically
on the order of 10:1 or higher. Network oversubscription is normal and unavoidable-it is a direct by product
of the primary
purpose for deploying a SAN. An important characteristic of the network related to oversubscription is its
ability to fairly allocate its bandwidth
resources among all clients of the SAN.
QUESTION 63
A network consultant is designing an enterprise network that includes an IPsec headend termination device.
Which two capabilities are the most important to consider when assessing the headend device's scalability?
(Choose two)
A. Packets per second processing capability

B. CPU capabilities
C. Number of tunnels that can be aggregated
D. Bandwidth capabilities
E. Memory capabilities
Correct Answer: CE
Section: (none)
Explanation
Correct Answer: CE
Section: (none)
Explanation
@skummy
From Cisco "Scalability considerations" guide the order is Packets, Tunnel quantity, Gre encapsulation and
then only Routing protocols affecting the CPU. Question sound like asking for enterprise IPsec, so like
anyconnect Remote-Access = no routing affected on VPN headend
QUESTION 64
What protocol is used for connectivity between VSS layers?
A. PAgP
B. IVR
C. ISL
D. VSL
E. ...
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 65
Refer to the exhibit. A customer discovers router R1 remains active even when the R1 uplink (F0/1) is
down. Which two commands can be applied to R1 to allow R2 to take over as the HSRP active? (Choose
two)
A. track 50 ip route 10.10.10.0/24 reachability

B. track 50 interface Fa0/1 ip routing
C. standby 10 track 50 decrement 20
D. standby 10 track 50 shutdown
E. standby 10 track 50
Correct Answer: BC
Section: (none)
Explanation
Correct Answer: BC
Section: (none)
Explanation
QUESTION 66
Which technology simplifies encryption management?
A. GETVPN
B. DMVPN
C. IPsec
D. EasyVPN
E. GRE
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 67
When a site has Internet connectivity with two different ISP's, which two strategies are recommended to
avoid becoming a BGP transit site? (Choose two)
A. Use a single service provider
B. Filter routes outbound to the ISPs
C. Accept all inbound routes from the ISPs
D. Filter routes inbound from the ISPs
E. Advertise all routes to both ISPs
Correct Answer: BC
Section: (none)
Explanation
Correct Answer: BC
Section: (none)
Explanation
@crossbar
B is definitely correct, but what bugs me is the "which two strategies..." formulation: it sounds to me that the
two required answers would not necessarily need to be applied at the same time.
If this interpretation is correct, C doesn't help at all, it actually would be the cause of the issue (this is true
for E too).
If it is not, C doesn't hurt, but doesn't help either.
For the other answers:
A would definitely work, but denies the question's supposition D your AS wouldn't be a transit for the
filtered routes, but it doesn't make sense filter what you WANT to learn from ISP.
Bottom line, I think I would answer AB.
But I am not certain, let me know what you think!
QUESTION 68
to use multiple path from distribution to core
A. install IGP
B. ECMP
C. RSTP+
D. HSRP
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 69
What is the characteristic of 802.1x (Choose two)
A. EAP messages in Ethernet frames and don't use PPP

B. Works only on wired connections
C. It's created by IETF
D. It's created by IEEE
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
QUESTION 70
An engineer is designing an infrastructure to use a 40 Gigabit link as the primary uplink and a 10 Gigabit
uplink as the alternate path. Which routing protocol allows for unequal cost load balancing?
A. OSPF
B. RIP
C. EIGRP
D. BGP
E. IS-IS
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 71
Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
C. It is removed by the Cisco ISE before reaching the endpoint.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal
services
E. Best Practice dictates that deployments should include a security group for common services such as
DNS and DHCP
Correct Answer: AE
Section: (none)
Explanation
Correct Answer: AE
Section: (none)
Explanation
QUESTION 72
What to configure in BGP so that other BGP neighbours cannot influence the path of a route.
A. Lower MED
B. Higher Local Preference
C. Higher Weight
D. Lower Router ID
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Comments: The BGP golden rule is that nobody can say me what is have to do with my routes Weight is
the only attribute which is not transmitted
weight can NOT be used by any neighbor to influence me. Within my AS i can also be influenced by Loc
pref.
Weight is also the first in the list. I think it is weight
is the right answer because it is local significant where nobody only me have influence on.
QUESTION 73
After an incident caused by a DDOS attack on a router, an engineer must ensure that the router is
accessible and protected from future attacks without making any changes to traffic passing through the
router. Which security function can be utilized to protect the router?
A. zone-based policy firewall

B. access control lists
C. class maps
D. control plane policing
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 74
What are the most important scaling factors that need to be considered while selecting VPN head end
device? (Choose two)
A. Memory
B. Packets per second
C. Connection speed
D. CPU Limit
E. Bits per second
Correct Answer: BD
Section: (none)
Explanation
Correct Answer: BD
Section: (none)
Explanation
QUESTION 75
Which two statements about 802.1X are true? (Choose three)
A. It is Cisco standard
B. It can allow and deny port access based on device identity
C. It works only with wired devices
D. It can allow and deny port access based on user identity
E. EAP messages in Ethernet frames and don't use PPP
F. EAP messages in Ethernet frames and use PPP
Correct Answer: BDE

Section: (none)
Explanation
Correct Answer: BDE
Section: (none)
Explanation
QUESTION 76
An OSPF router should have a maximum of how many adjacent neighbours?
A. 80
B. 50
C. 60
D. 100
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 77
Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups
of redundant routers?
A. GLBP
B. HSRP
C. VRRP
D. VSS
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
Explanation/Reference
QUESTION 78
Which routing protocol provides the fastest convergence and greatest flexibility within a campus
environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 79
What network technology provides Layer 2 high availability between the access and distribution layers?
A. HSRP
B. MEC
C. EIGRP
D. GLBP
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 80
Which option maximizes EIGRP scalability?
A. route redistribution
B. route redundancy
C. route filtering
D. route summarization
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 81
Which two options are advantages of having a modular design instead of an EOR design in a data centre?
(Choose two)
A. cooling constraints
B. cable bulk
C. decreased STP processing
D. redundancy options
E. cost minimization
F. low-skilled manager
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
QUESTION 82
An engineer is designing a redundant dual-homed BGP solution that should prefer one specific carrier
under normal conditions. Traffic should automatically fail over to a secondary carrier case of a failure.
Whitch twho BGP attributes can be used to achieve this goal inbound traffic? (Choose two)
A. origin
B. MED
C. AS-PATH
D. local preference
E. weight
Correct Answer: BC
Section: (none)
Explanation
Correct Answer: BC
Section: (none)
Explanation
Note : local pref and weight are for the other direction .
QUESTION 83
A network team must provide a redundant secure connection between two entities using OSPF. The
primary connection will be an Ethernet Private Line and the secondary connection will be a site-to-site VPN.
What needs to be configured in order to support routing requirements for over the VPN connection?
A. GRE Tunnel
B. HTTPS
C. Root Certificate
D. AAA Server
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 84
Which configuration represents resiliency at the hardware and software layers?
A. multiple connections and FHRP

B. HSRP and GLBP
C. redundant supervisor and power supplies
D. dual uplinks and switches
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
I don't see "multiple connections" as hardware resiliency. They are "physical layer resiliency" for me.
QUESTION 85
Which option is the primary reason to implement security in a multicast network?
A. maintain network operations

B. allow multicast to continue to function
C. optimize multicast utilization
D. ensure data streams are sent to the intended receivers
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 86
A company requires redundancy for its multi-homed BGP external connections. What two features can be
configured on the WAN routers to automate failover for both outbound and inbound traffic? (Choose two)
A. AS path prepending
B. local preference
C. floating static route
D. HSRP
E. MED
F. weight
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
@crossbar
from https:**//www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13768-hsrp-bgp.html "
This document describes how to provide redundancy in a multihomed Border Gateway Protocol (BGP)
network where you have connections to two separate Internet service providers (ISPs). In the event of a
failure of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the BGP
set as- path {tag | prepend as-path-string} command and Hot Standby Router Protocol (HSRP)
QUESTION 87
In what situation must spanning-tree be implemented?
A. when first hop redundancy protocol exists with redundant Layer 2 links between distribution switches
B. when a VLAN spans access layer switches to support business applications
C. when trunks need to extend multiple VLANs across access switches
D. when it is necessary to speed up network convergence in case of link failure
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
@crossbar
Correct answer is B
See FLG 3rd Ed p38
QUESTION 88
Which option does best practice dictate for the maximum number of areas that an OSPF router should
belong to for optimal performance?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 89
Which option is an advantage of using PIM sparse mode instead of PIM dense mode?
A. No RP is required
B. There is reduced congestion in the network
C. IGMP is not required
D. It floods all multicast traffic throughout the network
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 90
Which two BGP attributes can be set with outbound policy to manipulate inbound traffic, if honoured by the
remote Autonomous system? (Choose two)
A. Multi-exit discriminator
B. AS path
C. Local Preference
D. Weight
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
QUESTION 91
An engineer has to design a multicast domain for some application. This multicast network should be
secured.
Which option should he take?
A. PIM-SM; 232.0.0.0/8
B. ASM; 232.0.0.0/8
C. SSM; 224.0.0.0/8
D. SSM; 232.0.0.0/8
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 92
A company needs to configure a new firewall and have only one public IP address to use. The engineer
needs to configure the firewall with NAT to handle inbound traffic to the mail server in addition to internet
outbound traffic. Which options could he use? (Choose two)
A. Static NAT for inbound traffic on port 25

B. Dynamic NAT for outbound traffic
C. Static NAT for outbound traffic on port 25
D. Dynamic NAT for inbound traffic
E. NAT overload for outbound traffic
F. NAT overload for inbound traffic on port 25
Correct Answer: AE
Section: (none)
Explanation
Correct Answer: AE
Section: (none)
Explanation
QUESTION 93
As a network engineer you have been asked to help design a new floor shop. Allocate appropriate subnet
sizes on the left to the departments on the right and allow for simple summarization. (Wording may be
slightly different as well as department names per number of hosts)
Select and Place:

A.
B.
C.
D.
Correct Answer:
Section: (none)
Explanation
Correct Answer:
Section: (none)
Explanation
QUESTION 94
Seven sites are connected via OTV, what is the best practice to connect more than three sites using OTV?
A. Filter MAC address at the join interface

B. Use multicast-enabled transport
C. Use Unicast-only transport
D. Configure one edge device for each data centre
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 95
An engineer chose to design an architecture where distribution switches are in VSS and are connected to
access switches using Multichassis Etherchannel. What is the resulting topology?
A. Looped
B. Ring
C. Hybrid
D. Star
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 96
A company is running BGP on the edge with multiple service providers in a primary and secondary role. The
company wants to speed up time if a failure was to occur with the primary, but they are concerned about
router resources. Which method best achieves this goal?
A. Utilize BFD and lower BGP hello interval

B. Decrease the BGP keep-alive timer
C. Utilize BFD and tune the multiplier to 50
D. Utilize BFD and keep the default BGP timers
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 97
An engineer is designing a QoS architecture for a small organization and must meet these requirements:
- Guarantees resources for a new traffic flow prior to sending
- Polices traffic when the flow does not conform
Which QoS architecture model will accomplish this?
A. auto quality of service

B. modular quality of service
C. differentiated services
D. integrated services
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 98
When designing data centres for multitenancy, which two benefits are provided by the implementation of
VSAN and zoning? (Choose two)
A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from
affecting others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets
Correct Answer: BE
Section: (none)
Explanation
Correct Answer: BE
Section: (none)
Explanation
QUESTION 99
A network engineer is designing a network that must incorporate active-active redundancy to eliminate
disruption when a link failure occurs between the core and distribution layer. What two technologies will
allow this? (Choose two)
A. Equal Cost Multi-Path (ECMP)

B. Rapid Spanning Tree Protocol Plus (RSTP+)
C. Hot Standby Routing Protocol (HSRP)
D. Rapid Spanning Tree Protocol (RSTP)
E. EtherChannel (MEC)
Correct Answer: AE
Section: (none)
Explanation
Correct Answer: AE
Section: (none)
Explanation
QUESTION 100
When designing layer 2 STP based LAN with FHRP, what design recommendation should be followed?
A. Assign STP root with active FHRP device

B. Assign native VLAN to lowest number in use
C. Avoid configuring router preempt
D. Avoid modifying STP & FHRP default timers
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 101
A network engineer wants to segregate three interconnected campus network via IS-IS routing. A two-layer
hierarchy must be used to support large routing domains to avoid more specific routes from each campus
network being advertised to other campus network routers automatically. What two actions should be taken
to accomplish this segregation? (Choose two)
A. Assign a unique IS-IS NET value for each campus and configure internal campus routers with level 1
routing.
B. Designate two IS-IS routers from each campus to act as a Layer 1/Layer 2 backbone routers at the
edge of each campus network.
C. Designate two IS-IS routers as BDR routers at the edge of each campus.
D. Assign similar router IDs to all routers within each campus.
E. Change the MTU sizes of the interface of each campus network router with a different value
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
QUESTION 102
What command essentially turns on auto summarization for EIGRP?
A. area 0 range 10.0.0.0 255.0.0.0.0

B. router eigrp 1
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. ip summary-address 10.0.0.0 255.0.0.0
E. eigrp stub
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
Auto-summarization is enabled by default when you turn EIGRP on.
QUESTION 103
What is the physical topology of ACI?
A. spine & leaf

B. point to point
C. hub & spoke
D. spoke to spoke
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 104
Which security function is inherent in an Application Centric Infrastructure network?
A. Default Inter-EPG connectivity

B. Intrusion Prevention
C. Intrusion Detection
D. Default Denial Network
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
Comments:
All the traffic between servers is denied (micro segmentation), to allow the traffic between EPGs we need to
configure contracts.
QUESTION 105
What security feature would require a packet to be received on the interface that the interface would use to
forward the return packet?
A. urpf
B. arp inspection
C. vlan acl
D. ...
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 106
What location are security policies enforced in ACI?
A. End Point
B. Spine
C. Leaf
D. APIC
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Security policies are configured on the APIC, and enforced on the leaves
QUESTION 107
What should be implemented to prevent exceeding the 50mb allowable bandwidth of internet circuit?
A. policing
B. shaping
C. CIR
D. rate-limit
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
Comments:
After discussion we have agreed the answer A policing will be the best choice for this question.
If the ISP is policing traffic to 50MB, it would be a good practice to configure traffic shaping to 50MB in your
network so the egress traffic is queued and sent rather than dropped by ISP.
QUESTION 108
What multicast design would you use that cannot use rendezvous points....don't remember the complete
question?
A. Pim bidirectional
B. Pim Sparse
C. Pim Dense
D. Pim-SSM
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 109
A company has 30 sites and wants allow dynamic IGP protocol, multicast and non IP traffic between sites.
Which topology should the company implement?
A. dmvpn spoke-to-spoke
B. dmvpn hub-to-spoke
C. vti
D. p2p gre
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
Comments:
Non IP traffic is not supported by DMVPN.
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class- teleworker-ect-
solution/prod_brochure0900aecd80582078.pdf
QUESTION 110
A company security policy states that their data center network must be segmented from the layer 3
perspective. The segmentation must separate various network security zones so that they do not exchange
routing information and their traffic path must be completely segregated. which technology achieves this
goal?
A. VPC
B. VXLAN
C. VRF
D. VDC
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 111
An engineer is working for large cable TV provider that required multicast multi sourced stream video, but
must not use an RPM. Which protocol needs to be used?
A. ASM
B. PIM-SM
C. BIDR-PIM
D. SSM
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 112
Reduce security risk in BGP. Which option help to avoid rogue route injection, unwanted peering and
malicious BGP activities?
A. Apply MD5 authentication between all BGP peers

B. Use GRE tunnel
C. Encrypt all traffic
D. Apply route maps and policies in route redistribution events
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 113
How does stub routing affect transit route in EIGRP?
A. Transit routes are passed from a stub network to a hub network

B. It prevents the hub router from advertising networks learned from the spoke
C. Transit routes are filtered from stub networks to the network hub
D. It's designed to prevent the distribution of external routes
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 114
A customer would like to implement a firewall to secure an enterprise network, however the customer is
unable to allocate any new subnets. What type of firewall mode must be implemented?
A. active/standby
B. active/active
C. zone based
D. virtual
E. routed
F. transparent
Correct Answer: F
Section: (none)
Explanation
Correct Answer: F
Section: (none)
Explanation
QUESTION 115
A Network administrator want to increase the security level in the core layer and want to confirm that the
users that have their default GW on an interface in the core switch can access specific networks and can't
access the remaining networks. Which feature can help him to achieve this?
A. vlan access control list

B. vlan control access list
C. vlan list control access
D. vlan access list control
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 116
Which option provides software modularity in Cisco NX-OS software in the data center design?
A. The ip routing command enables all of the features in the Cisco NX-OS.
B. All of the features are enabled by default in the Cisco NX-OS.
C. Individual features must be manually enabled to start the process.
D. The Cisco NX-OS has a management VRF that is enabled by default.
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 117
Which technology allows multiple instances of a routing table to coexist on the same router simultaneously?
A. VRF
B. Cisco virtual router
C. Instanced virtuer router
D. IS-IS
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 118
Which two features provide resiliency in a data center? (Choose two.)
A. Cisco FabricPath
B. VTP
C. encryption
D. vPC
E. VRF
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
QUESTION 119
Which network virtualization technology provides logical isolation of network traffic at Layer 3?
A. VSS
B. VLAN
C. VRF-Lite
D. MEC
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 120
Which technology extends Layer 2 LANs over any network that supports IP?
A. OTV
B. VSS
C. vPC
D. VLAN
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 121
Two technologies that can be used to connect data centers over an IP network and provide layer 2 LAN
extension
A. IS-IS
B. VXLAN
C. TRILL
D. Fabric Path
E. OTV
Correct Answer: BE
Section: (none)
Explanation
Correct Answer: BE
Section: (none)
Explanation
QUESTION 122
Which protocol should be run on the LAN side of two edge routers (that are terminating primary and backup
WAN circuits) to provide quick failover in case of primary WAN circuit failure?
A. VTP
B. STP
C. VRRP
D. RIP
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 123
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?
A. VRRP
B. BGP
C. IPsec
D. SSL
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 124
What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be
queued later ?
A. Shaping
B. Policing
C. Weighted Fair Queuing
D. Low Latency Queuing Correct
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 125
About BGP advertising route with using community, advertise to internet but not advertise to inside network
A. no-advertise
B. no-export
C. local-as
D. internet
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 126
Which technology can block interfaces and provide a loop-free topology?
A. STP
B. VSS
C. VLAN
D. vPC
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 127
A customer has an existing Wan circuit with a capacty 10 mbps, the circiut has 6 mbsp of varios user traffic
and 5 mbps of real-time audio trafic on average. switch two measures could be taken to avoid loss of real
time traffic (Choose Two)
A. Police the traffic to 5 mbps and allow excess traffic to be remarked to the default queu
B. Configure congestion avoidance mechaninsm wred within the proirity queue
C. Policy the traffic to 3.3 mbps and allow excess traffic to be remarked to the default queue
D. Increase the wan circuit bandwidth
E. Ensure that real time traffic is prorized over other traffic
Correct Answer: DE
Section: (none)
Explanation
Correct Answer: DE
Section: (none)
Explanation
QUESTION 128
An organization is adquiring another company and merging the two company networks. No subnets overlap,
but the engineer must limit the networks advertised to the new organization. which feature implements this
requierement?
A. Interface ACl
B. Stub area
C. Router filtering
D. Passive interface
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 129
When APIC is down on cluster device ... What is the minimum number of APICs requirement for a
production ACI Fabric to continue to operate?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 130
Multipath to two datacenter by L2 networks overlap addresses and must be work (2 answers)
A. vxlan
B. OTV
C. VRF
D. vpn
E. HSRP
Correct Answer: AB
Section: (none)
Explanation
Correct Answer: AB
Section: (none)
Explanation
QUESTION 131
L2 extention through IP in the data center (MAC-in-IP)
A. fiberpath
B. TRILL
C. OTV
D. Vxlan
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
@crossbar
QUESTION 132
OTV to interconnect three data centers and what should there be in each data center
A. VTEP
B. vxlan ?
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
@crossbar
I think the correct answer should be "(OTV) edge device"
QUESTION 133
No question
A.
B.
C.
D. Correct Answer:
Section: (none)
Explanation
Correct Answer:
Section: (none)
Explanation
QUESTION 134
Which one is IETF standared
A. Cisco Fabric Path

B. Data Center Bridging
C. CUS
D. Transparent Interconnection of Lots of Links
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
@skummy
The Data Center Bridging (DCB) architecture is based on a collection of open standards Ethernet
extensions developed through the IEEE 802.1 working group to improve and expand Ethernet networking
and management capabilities in the data center.
https**://**www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/ieee-802-1-data-center-
bridging/at_a_glance_c45-460907.pdf
TRILL ("Transparent Interconnection of Lots of Links") is an IETF Standard[1] implemented by devices
called RBridges (routing bridges) or TRILL Switches.
https**://en.wikipedia.org/wiki/TRILL_(computing)
QUESTION 135
the states that the designer want to use the three PIM-SM kinds and which one is true about bidirectional
pim
A. three of them cannot be used at the same time

B. source has to be expelicitly mentioned
C. The RP donot need IP address
D. the RP ip address can be shared by other interface
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 136
Which two hashing distribution algorithms are available for an engineer when work with multichasis
etherchannel? Choose two
A. src-dst-mac
B. src-dst-ip
C. round-robin
D. fixed
E. adaptive
Correct Answer: DE
Section: (none)
Explanation
Correct Answer: DE
Section: (none)
Explanation
QUESTION 137
Which two modes for deploying cisco Trustsec are valid? Choose two
A. cascade
B. low-impact
C. open
D. high availability
E. monitor
Correct Answer: BE
Section: (none)
Explanation
Correct Answer: BE
Section: (none)
Explanation
QUESTION 138
While configuring WOS policy, analysis of the switching infrastructure indicates that the switches support
1P3Q3T egress queuning. wich option describes the egress queueing in the infrastruture?
A. The threshold configuration allos of inter-queq Wos by utilizing buffers

B. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds
C. The priority queue should use less than 20% of the total bandwidth
D. The prority queue must contain real-time traffic and network management traffic
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 139
Refer to the exhibit. HSRP is running Bet SW A and Dist SW B. Which two links do the switches use to
transmit HSRP mess? choose two
A. core Switch A, port g2/1 to distr switch A, port g3/1

B. distr Switch A, port g5/1 to distr swit B, port g5/2
C. Core Switch A, por g1/1 tp core swit B, port g1/2
D. Core Switch B, port g2/2 to distr switch b, port g3/2
E. Distr Switch A, port g4/1 to acc swi, port g1/0/1
F. Distri Switch B, port g4/2 to acc switch, port g2/0/1
Correct Answer: EF
Section: (none)
Explanation
Correct Answer: EF
Section: (none)
Explanation
QUESTION 140
An engineer set up a multicast network design using all three Cisco supported PIM modes. Witch are two
characteristics of Bidirectional PIM in this situation are true? (choose two)
A. In a Bidirectional PIM, the RP IP address does not need to be a router

B. a Bidirectional PIM, the RP IP address can be shared with any other router interface
C. A cisco router cannot support all three PIM modes simultaneously
D. Membership to a bidirectional group is signaled via explicit join messages
E. Bidirectional PIM is designed to be a used for one-to-many application
Correct Answer: BD
Section: (none)
Explanation
Correct Answer: BD
Section: (none)
Explanation
QUESTION 141
The network engineering team is interested in deploying NAC within the enterprise network to enhance
security. What deployment model should be used if the team requests that the NAC be logically inline with
clients?
A. Layer 2 in-band
B. Layer 2 out-of-band
C. Layer 3 in-band
D. Layer 3 out-of-band
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 142
Which NAC design model matches the following definitions?
- NAS is deployed centrally in the core or distribution layer.
- Users are multiple hops away from the Cisco NAS.
- After authentication and posture assessment the client traffic no longer passes through the Cisco NAS.
- PBR is needed to direct the user traffic appropriately
A. Layer 3 in-band virtual gateway

B. Layer 3 out-of-band with addressing
C. Layer 2 in-band virtual gateway
D. Layer 2 out-of-band virtual gateway
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 143
Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation?
A. Layer 2 out-of-band
B. Layer 2 in-band
C. Layer 3 out-of-band
D. Layer 3 in-band
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 144
While designing a QoS policy for an organization, a network enginer is determining the method to limit the
output rate of traffice whitin the real-time queue. How must the limiting of traffic within the real-time queue
occur?
A. The traffic must be remarked to a low pritorty to and allowed pass

B. The traffic must be policed and not allowed to pass
C. The traffic within the real-time queue must not be limited
D. The traffic must be shaped to allow for it to be transmitted after the tokens have been replenished
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 145
About readly-scale server virtualization
A. Transperant interconnection of lots of links

B.
C.
D. Correct Answer:
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 146
Which option is a Fundamental proccess of the cisco TrustSec tecnology?
A. Marketing
B. Detection
C. Propagation
D. Prioritization
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Cisco TrustSec is defined in three phases: classification, propagation, and enforcement
QUESTION 147
About how to avoid overrunning the 50 Mbps on company bandwidth
A. CIR
B. police
C. shaping
D. ACL
E. rate-limit
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
Because it is company they shape the SP police may be there is more info in the question
QUESTION 148
An engineer is designing a network with OSPF and must filter ingress routes form a partnet network that is
also running OSPF. Which two desing options are available for this config? Choose two
A. Use a different routing protocol usch as EIGRP between the networks

B. Configure a diferent OSPF area that would prevent any unwanted routes form entering the network
C. Use a distribution-list in the OSPF process to filter out the routes
D. Use access list on the ingress interface to prevent the routes form entering the network
E. Design a filter using prefix list to ensure that the routes are filtered out at the redistribution point
Correct Answer: CE
Section: (none)
Explanation
Correct Answer: CE
Section: (none)
Explanation
@crossbar "I would choose CE"
QUESTION 149
New Question. Which desing tecnology allows two cisco catalyst chassis to use SSO and NSF to provide
nonstop communication even if one of the menber chasis fails?
A. Auto chassis detect

B. VSS
C. VPc
D. Peer Gateway
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
A VSS operates with stateful switchover (SSO) redundancy if it meets the following requirements:
-Both supervisor engines must be running the same software version.
-VSL-related configuration in the two chassis must match.
-PFC mode must match.
-SSO and nonstop forwarding (NSF) must be configured on each chassis.
QUESTION 150
New Question. While designing a backup BGP solution, a network engineer wants to ensure that a single
router with multiplex connections prefers the routes from a specific connection over all others. Which BGP
path selection attribute is considered first when seleccting a route?
A. As-Length
B. Link Bandwidth
C. Local preference
D. Weight
E. MED
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 151
New Question. A data center has several bussines parthen who want to have their compute resources
installed. the data center uses one vlan to support vendor equipment and requieres limited visibility and
connectivity betbeen vendor servers. which segmentation concept sastisfies theses requierements?
A. Ip NAT
B. Private vlans
C. Lan to lan vpn
D. Protected vlans
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 152
New Question. Which cisco NX-OS feature can be used to build highly scalable layer 2 multipath networks
without utilizing the spanning tree protocol?
A. OTV
B. FabricPath
C. vPC
D. MST
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
From the FLG 4th Ed. page 403:
"Cisco FabricPath brings routing techniques from Layer 3 to solve Layer 2 loop problems" Layer 2 loop
problems are what STP was designed to solve and the mentioned routing techniques are done by IS-IS
(page 404):
"Cisco FabricPath uses extensions to the Intermediate System-to-Intermediate System (IS-IS) protocol to
exchange
unicast and multicast location and reachability information and to forward traffic in the network using Cisco
FabricPath headers. (IS-IS forms the underlay network for the FabricPath and enables the underlay fabric
to be a nonblocking Layer 3-routed network with ECMP forwarding)."
QUESTION 153
New Question. How to apply firewall mode that shares ACL NAT
A. Router mode
B. Transparent
C.
D.
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
@xjuankx
QUESTION 154
New Question. All links between distribution and core layer must be active, how can we archive this goal?
Choose two
A. Equal-cost links
B. Unequal-cost links
C. HSRP
D. IGP
E. PVRSTP+
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
@Hlubik
QUESTION 155
New Question. Something like, engineer has to deploy a firewall where the ACLs, NAT, and management
are separated for his customers. Which mode do you need to run it in?
A. Transparent
B. Multicontext
C. Routed
D. IPS
E.
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 156
New Question. D&D (We need more info for add.)
A.
B.
C.
D. Correct Answer:
Section: (none)
Explanation
Correct Answer:
Section: (none)
Explanation
QUESTION 157
New Question. During the integration of a new company, a network engineering team discovery ** ip
address scape overlaps **the two company***. Which two technologies can be used to allow overlapping ip
address to conec on shared nwtwork infraestructure?(chose two)
A. VRF
B. OTV
C. NAT
D. HSRP
E. VPN
Correct Answer: AC
Section: (none)
Explanation
Correct Answer: AC
Section: (none)
Explanation
QUESTION 158
About interconnecting with new company , both companies uses OSPF and the questions is about how
should you filter the ingress traffic between them
A. Use eigrp on the other company

B. Use distribute-list
C. Use prefix-list
D. Use ACL
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 159
New Question. Where should loop guard the implemented in a campus network design?
A. Ports configured with port fast

B. Alternate ports only
C. Ports configured with root guard
D. Alternate, backup and root ports
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
QUESTION 160
New Question. Refer to the exhibit. An engineer must apply IP addressing to five new WAN sites and
choses the new subnets pictured. The previous administrator applied the addressing at Headquarters.
Whitch option is the minimum summary range to cover the existing WAN sites while also allowing for three
additional WAN sites of the same size, for future growth?
A. 10.0.60.0/18
B. 10.0.64.0/21
C. 10.0.64.0/17
D. 10.0.0.0/17
E. 10.0.64.0/18
Correct Answer: E
Section: (none)
Explanation
Correct Answer: E
Section: (none)
Explanation
QUESTION 161
New Question. Which twho options are features of a scalable cluster design utilizing Cisco ASA firewalls?
(Choose two)
A. Each cluster supports up to 10 ASA devices.

B. The design supports up to 100 Gbps of aggregate traffic.
C. Each member of the cluster can forward every traffic flow.
D. The design supports up to 1 Terabyte of aggregate traffic.
E. The ASA cluster actively load balances traffic flows.
Correct Answer: BC
Section: (none)
Explanation
Correct Answer: BC
Section: (none)
Explanation
QUESTION 162
New Question. Which action should be taken when implementing a preferred IPS design?
A. Place the management interface on a separate VLAN

B. Place all sensors on PVLAN community ports
C. Place the management interface on the same VLAN
D. Place the monitoring interface on the inside network
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 163
New Question. How does OTV provide STP isolation?
A. By using STP root optimization

B. By using BPDU guard
C. By dropping BPDU packets
D. By using BPDU filtering
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 164
New Question.A LAN infrastructure consists of swiches from multiple vendors. Spanning Tree is used as a
Layer 2 loop prevention mechanism. All configured VLANs must be grouped in two STP instances. Which
standards-based Spanning Tree technology must be used?
A. MSTP
B. Rapid PVST
C. STP
D. RSTP
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 165
New Question. A network team is designing a Layer 3 Data Center Interconnect between two data centers.
There is a requirement for all links of equal bandwidth be utilized, have automatic failover, and not use any
building technology. Which routing function must be used to achieve this requirement?
A. BGP router reflectors

B. Equal cost multipath routing
C. Virtual private LAN service
D. Virtual links
E. Policy-based routing
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 166
New Question. An engineer is redesigning the infrastructure for a campus enviroment. The engineer must
maximize the use of the links between the core and distribution layers. By witch two methods can this usage
be maximized? (choose two)
A. Design the links between the core and distribution layers HSRP
B. Design the links between the core and distribution layers to use an IGP
C. Design the links between the core and distribution layers to use RPVSTP+
D. Design with multiple equal-cost links between the core and distribution layers
E. Design with multiple unequal-cost links between the core and distribution layers
Correct Answer: AD
Section: (none)
Explanation
Correct Answer: AD
Section: (none)
Explanation
QUESTION 167
New Question. An engineer must create this design:
- Restrict cetain networks from being advertised to remote branches connected via eBGP
- Prohibit advertisement of the specific prefix to external peer only
Which BGP community must be configured to meet these requirements?
A. gshut
B. internt
C. local-as
D. no-export
E. no-advertise
Correct Answer: D
Section: (none)
Explanation
Correct Answer: D
Section: (none)
Explanation
https://learningnetwork.cisco.com/thread/58299
https://tools.ietf.org/html/rfc1997
QUESTION 168
New Question. An engineer is working on an OSPF network design and wants to minimize the failure
detection time and the impact on the router CPU. Witch technology accomplishes this goal?
A. LSA pacing
B. LSA delay interval
C. BFD
D. Fast hellos
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
QUESTION 169
New Question. An engineer wants to assure that host can locate routers that can be used as a gateway to
reach IPbased devices on other networks. Which first hop redundancy protocol accomplishes this goal?
A. VRRP
B. GLBP
C. IRDP
D. HSRP
E. GSLB
Correct Answer: C
Section: (none)
Explanation
Correct Answer: C
Section: (none)
Explanation
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-
irdp.html
QUESTION 170
New Question. What added enforcement feature is avaiable on IDS-based devices to terminate active
malicious traffic?
A. Signature detection
B. TCP reset
C. SNMP alert
D. Layer 4 filtering
Correct Answer: B
Section: (none)
Explanation
Correct Answer: B
Section: (none)
Explanation
QUESTION 171
New Question. Layer3 segmentation but I can't recall the question
A. Multihop MPLS
B. Hop-by-Hop VRF-Lite
C.
D.
Correct Answer: A
Section: (none)
Explanation
Correct Answer: A
Section: (none)
Explanation
QUESTION 172
L2 covergence optimization or thereabout (choose Two)
A. MSTP
B. Rapid PVST+
C. Allow all vlan
D. Prune unwanted vlans
Correct Answer: AB
Section: (none)
Explanation
QUESTION 173
New question ACI about EPG sharing resources
A. Application profile
B. Contract
C.
D.
Correct Answer: AB
Section: (none)
Explanation

CCDP Arch 300-320 by Gon June 2018 173Q

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

CCDP Arch 300-320 by Gon June 2018 173Q

Загружено:

Авторское право:

Доступные форматы

CCDP_Arch_300-320_by_Gon_June_2018_173Q

A. Increases security by advertising fake networks

A. Denies the client network resource access

A. Application Network Profile

A. A registration process is required

A. Layer 2 in-band real IP gateway mode

A. Improves scalability by dividing the network using summary routes at AS boundaries

A. Reconfigure QoS based on the IntServ model

A. FHRP to remote branches

A. Both control planes forward traffic simultaneously

A. Choose distribution switch A as HSRP active

A. Implement floating static routes on access switches for redundant links

A. implementing static mroutes

A. Virtual Device Context

Select and Place:

A. Authenticates the user itself

Correct Answer: ABE

A. sending the RSA certificate

A. Two switches form a single control plane

A. CPU cycles per second

A. Filtered redistribution for the prevention of re-advertising of routes

A. An offline router for disaster recovery

Correct Answer: ABF

A. The implementation creates a loop

A. Packets per second processing capability

A. track 50 ip route 10.10.10.0/24 reachability

A. EAP messages in Ethernet frames and don't use PPP

A. zone-based policy firewall

Correct Answer: BDE

A. multiple connections and FHRP

A. maintain network operations

A. Static NAT for inbound traffic on port 25

Select and Place:

A. Filter MAC address at the join interface

A. Utilize BFD and lower BGP hello interval

A. auto quality of service

A. Equal Cost Multi-Path (ECMP)

A. Assign STP root with active FHRP device

A. area 0 range 10.0.0.0 255.0.0.0.0

A. spine & leaf

A. Default Inter-EPG connectivity

A. Apply MD5 authentication between all BGP peers

A. Transit routes are passed from a stub network to a hub network

A. vlan access control list

A. Cisco Fabric Path

A. three of them cannot be used at the same time

A. The threshold configuration allos of inter-queq Wos by utilizing buffers

A. core Switch A, port g2/1 to distr switch A, port g3/1

A. In a Bidirectional PIM, the RP IP address does not need to be a router

A. Layer 3 in-band virtual gateway

A. The traffic must be remarked to a low pritorty to and allowed pass

A. Transperant interconnection of lots of links

A. Use a different routing protocol usch as EIGRP between the networks

A. Auto chassis detect

A. Use eigrp on the other company

A. Ports configured with port fast

A. Each cluster supports up to 10 ASA devices.

A. Place the management interface on a separate VLAN

A. By using STP root optimization

A. BGP router reflectors

Which BGP community must be configured to meet these requirements?

Вам также может понравиться