647-874 ARCH Flashcards

Question 1

Q

When is a FHRP needed?

Answer

A

Only if the design implements Layer 2 between the access switch and the distribution switch. If Layer 3 is supported to the access switch, the default gateway for end devices is at the access level.

Question 2

Q

What are the 3 layers of the Hierarchical Network Model?

Answer

A

Access
Distribution
Core

Question 3

Q

What is the function of the Access layer in the Hierarchical network Model?

Answer

A

Grants user access to network devices.
In the WAN environment , the access layer for teleworkers or remote sites may provide entry to the corporate network across WAN technology.

Question 4

Q

What are some examples of devices that would attach to the Access layer?

Answer

A

PCs (including virtualized desktops)
IP Phones
Servers
Wireless Access Points

Question 5

Q

What are some of the functions provided by Access Layer devices and what are some generic examples of those types of devices?

Answer

A

Control traffic by localizing service requests to the access media.
Must provide connectivity without compromising network integrity.
Includes:
- WAN Routers
- Firewalls
- PSTN Gateways
- Multilayer or Layer 2 Access Switches

Question 6

Q

What is the function of the Distribution layer in the Hierarchical network Model?

Answer

A

Aggregates the wiring closets, using switches to segment workgroups and isolate network problems in a campus environment.
Aggregates WAN connections at the edge of the campus and provides policy-based connectivity.
Addresses QoS and Policy-based traffic control.

Question 7

Q

What are some of the functions provided by Distribution Layer devices and what are some generic examples of those types of devices?

Answer

A

Control access to resources that are available at the core layer and must, therefore, make efficient use of bandwidth.
Must address the quality of service (QoS) needs for different protocols by implementing policy-based traffic control to isolate backbone and local environments.
Includes:
- Multilayer Switches that connect up to Access Layer devices and down to Multilayer Core Switches.

Question 8

Q

What is the function of the Core layer in the Hierarchical network Model?

Answer

A

A high-speed backbone, designed to switch packets as fast as possible.
Must provide a high level of availability and adapt quickly to changes.
Provides scalability and fast convergence and an integration point for data center virtualization.
Provides services that optimize communication transport within the network.
Provides a high speed, layer 3 switching environment using hardware accelerated services.
Critical for connectivity.

Question 9

Q

What is another name for the Core Layer?

Question 10

Q

What are some examples of devices that would attach to the Core layer?

Answer

A

Distribution Layer Devices.

- Servers

Question 11

Q

What are some of the functions provided by Core Layer devices and what are some generic examples of those types of devices?

Answer

A

Provide services that optimize communication transport within the network.
Are expected to provide maximum availability and reliability with minimum packet processing.
Should be able to maintain connectivity when the circuits that connect them fail.

Includes:
-Multilayer Switches that connect up to Distribution Layer Multilayer Switches and down to Servers/Data Center.

Question 12

Q

What is Policy-Based Traffic Control?

Answer

A

A function of the Distribution Layer, it enables you to prioritize traffic to ensure the best performance for the most time-critical and time-dependent applications.

Question 13

Q

What are the three overlapping architectures that Cisco developed as part of a holistic approach to network architecture and design?

Answer

A

Borderless Networks
Collaboration
Virtualization (data center and desktop)

Question 14

Q

What does the Borderless Networks Architecture address?

Answer

A

-Addresses increasing worker mobility and focuses on connecting anyone from anywhere , using any device, to any resource (securely, reliably, and seamlessly).

Question 15

Q

What do the Borderless Networks technologies focus on and what are those technologies?

Answer

A

-Providing high-performance secure mobile connectivity.

Routing
Switching
Mobility
Security
Application
Performance

Question 16

Q

What does the Collaboration Architecture address?

Answer

A

-Addresses the increased need for interaction among companies, including partners and suppliers.

Question 17

Q

What do the Collaboration technologies focus on and what are those technologies?

Answer

A

-Integrating many different types of communication methods and devices.

Unified Communications
Tele???? (? is a placeholder for a variable)
Conferencing
Messaging

Question 18

Q

What are the 3 major business challenges that the Data Center Architecture addresses?

Answer

A

Business alignment
Cost and power efficiency
Risk management and compliance.

Question 19

Q

What do the Virtualization technologies focus on and what are those technologies?

Answer

A

-Provisioning data storage and computing resources to applications in a highly scalable and resilient manner by leveraging virtualization technology.

Virtualization
Unified Fabric
Unified Computing

Question 20

Q

What are 2 advantages of virtualization technology?

Answer

A

Enables more rapid application deployment and more-efficient use of resources, allowing you to do more with the same resources.
Offers better protection against disasters and outages.

Question 21

Q

What is a Medianet?

Answer

A

An intelligent network (IN) that is optimized for rich media, such as voice and video.

Question 22

Q

What are the 6 Medianet services?

Answer

A

Network Management
High Availability
QoS
IP Multicasting
Transcoding
Authentication and Encryption

Question 23

Q

What are some applications that leverage the Medianet architecture?

Answer

A

Cisco Unified Communications
Cisco Digital Media Systems
Cisco IP Video Surveillance
Cisco TelePresence

Question 24

Q

What are the 5 modules you can commonly divide a network up into in order to facilitate gradual implementation and address specific requirements of each individual part?

Answer

A

Campus
Data Center
WAN and MAN
Branch
Teleworker

Question 25

Q

What are the three overlapping Cisco network architectures for the enterprise and what does each do?

Answer

A

Borderless Networks - Solutions to increase work mobility. It focuses on connecting anyone from anywhere, using any device, to any resource (securely, reliably, and seamlessly).
Collaboration - Provides a framework that enables new applications to address the need to communicate and collaborate across corporate boundaries, companies, and continents.
Virtualization - Consolidates network, storage, and computing resources by leveraging virtualization technologies. Enables rapid deployment of new applications and services, scaling of existing services, and optimization of applications through flexible assignment of resources.

Question 26

Q

What are the three roles of the core layer in a LAN design?

Answer

A

Provides high speed data transport
Serves as a fast convergent infrastructure with a high level of redundancy.
Avoids data manipulation

Question 27

Q

What three sections provide network infrastructure and services for remote enterprise users?

Answer

A

Teleworker Branch Section
Enterprise Branch Section
Data Center Section

Question 28

Q

What are three basic steps of the design methodology under PPDIOO?

Answer

A

Identify customer requirements.
- Key decision makers identify initial requirements
- Typically done in the Prepare phase
Characterize the existing network and sites.
- Gap Analysis
- Network Audit & Analysis
- Typically done in the Plan phase
Design the network topology and solutions.
- Develop detailed design
- Maybe build a prototype network

Question 29

Q

What are three tasks that are involved in characterizing an existing network?

Answer

A

Collecting information using the existing documentation and direct organizational input.
Using tools to analyze network traffic.
Using tools for automated auditing of the network.

Question 30

Q

What are the 6 phases of the Cisco formalized Lifecycle?

Answer

A

Prepare
Plan
Design
Implement
Operate
Optimize

Question 31

Q

What is involved in the Prepare phase?

Answer

A

Establishing organizational requirements
Developing a network strategy
Proposing a high-level conceptual architecture
Identifying technologies to support the architecture
Establishing financial justification

Question 32

Q

What is involved in the Plan phase?

Answer

A

Identifying initial network requirements based on goals
Characterizing sites
Assessing existing networks
Performing Gap analysis
Creating a Project plan

Question 33

Q

What is involved in the Design phase?

Answer

A

Comprehensive, detail design that:
-  Meets current business and technical requirements
-  Incorporates specifications to support:
    -  Availability
    -  Reliability
    -  Security 
    -  Scalability
    -  Performance
Basis for implementation activities.

Question 34

Q

What is involved in the Implement phase?

Answer

A

Network components are built according to design specs.
Avoids disrupting current network if possible
Avoids creating points of vulnerability

Question 35

Q

What is involved in the Operate phase?

Answer

A

Maintain network health through day to day operations
Monitor:
- Fault detection
- Correction
- Performance

Question 36

Q

What is involved in the Optimize phase?

Answer

A

Proactive management of the network
Identify and resolve issues before they affect the organization.
May require network redesign if too many problems or errors arise.

Question 37

Q

Where does Cisco NSF with SSO and redundant supervisors have the most impact in the campus?

Answer

A

Access layer

Question 38

Q

What hardware supports Cisco IOS Software Modularity?

Answer

A

Cisco Catalyst 6500 Series

NOT
3750
4500
XR

Question 39

Q

What is NSF?

Answer

A

Nonstop Forwarding (NSF)

A Layer 3 function that works with SSO to minimize the amount of time a network is unavailable to its users following a switchover.

The main objective of Cisco NSF is to continue forwarding IP packets following an RP (Route Processor) switchover.

Question 40

Q

What routing protocols support NSF?

Answer

A

EIGRP
OSPF
IS-IS
BGP

Question 41

Q

What is SSO?

Answer

A

Stateful Switchover (SSO)

Allows the standby route processor (RP) to take control of the device after a hardware or software fault on the active RP.

SSO synchronizes startup configuration, startup variables, and running configuration; and dynamic runtime data, including Layer 2 protocol states for trunks and ports, hardware Layer 2 and Layer 3 tables (MAC, Forwarding Information Base [FIB], and adjacency tables) and access control lists (ACL) and QoS tables.

Available with these devices:
4500 switches
6500 switches
7600 switches 
Aggregation Services Routers (ASR)

Question 42

Q

What is Cisco NSF with SSO and how do they work together?

Answer

A

A supervisor redundancy mechanism in Cisco IOS Software that allows extremely fast switchover at Layers 2 to 4.

Designed to maintain a link-up Layer 3 up state during a routing convergence event.

Question 43

Q

What is the recommended version of STP to use for the enterprise campus?

Answer

A

RSTP - Rapid Spanning-Tree Protocol

Question 44

Q

What is UDLD and what is the enterprise recommendation regarding it?

Answer

A

Unidirectional Link Detection

Enables devices to monitor the physical configuration of the cables and detect when a unidirectional link exists where bidirectional communication has not been established.

Typically deployed on fiber topologies

Enable UDLD Aggressive mode in all environments where fiber-optic interconnections are used and enable it in Global mode to support every individual fiber-optic interface.

Question 45

Q

What are some routing protocol issues you may encounter when using EtherChannel?

Answer

A

OSPF on an IOS switch could detect a failed link in the bundle and increase the link cost which causes a convergence event.
EIGRP may not change the link cost if there is a failed link in a bundle.

Question 46

Q

How many links can be in a EtherChannel bundle?

Question 47

Q

What are two control mechanisms for EthernChannel?

Answer

A

LACP - Link Aggregation Control Protocol (IEEE 802.3ad)

2 PAgP - Port Aggregation Protocol (Cisco Proprietary)

Question 48

Q

What are the four modes for LACP and what do they do?

Answer

A

On - Forces it to be turned on. Only works with other ports set to On.
Active - Puts port in active negotiating state. Works with other ports set to Active or Passive.
Passive - Puts port in passive negotiating state. Works with other ports set to Active.
Off - Turns off LACP

Question 49

Q

What are the four modes for PAgP and what do they do?

Answer

A

On - Forces it to be turned on. Only works with other ports set to On.
Desirable - Puts port in active negotiating state. Works with other ports set to Desirable or Auto.
Auto - Puts port in passive negotiating state. Works with other ports set to Desirable.
Off - Turns off PAgP

Question 50

Q

What is ECMP?

Answer

A

Equal Cost Multipath

Question 51

Q

What are some details of EtherChannel load balancing?

Answer

A

Load balancing using an alternate input hash can be tuned with the port-channel load-balance command.
The default input hash value of Layer 3 for the source and destination does not load balance across the links.
To achieve the best load balancing, use two, four, or eight ports in the port channel.

Question 52

Q

What are the reasons that passive interfaces should be implemented at distribution layer ports facing the access layer?

Answer

A

To limit unnecessary peering across the access layer switches when the Layer 2 to Layer 3 boundary is in the distribution layer
To avoid transit traffic through the access layer in the event of a link or node failure

Question 53

Q

What are 3 FHRPs?

Answer

A

First Hop Redundancy Protocols (FHRPs)

HSRP - Hot Standby Router Protocol (Cisco Proprietary)
VRRP - Virtual Router Redundancy Protocol (Standards Based)
GLBP - Gateway Load Balancing Protocol (Cisco Proprietary) - Allows packet load sharing among groups of redundant routers.

GLBP can more easily achieve load balancing on the uplinks from the access layer to the distribution layer, and first- hop redundancy and failure protection.

Question 54

Q

What FHRP does Cisco recommend?

Answer

A

HSRP is the recommended protocol over VRRP because it is a Cisco-owned standard , which allows for the rapid development of new features and functionality before VRRP.

Use VRRP when needing to interoperate with other vendors.

Question 55

Q

What are some advantages of GLBP in the Distribution Layer?

Answer

A

GLBP provides all the benefits of HSRP and includes load balancing when VLANs do not span the access switches.
A convergence event on the uplink affects only half as many hosts as compared to HSRP when VLANs do not span the access switches.

Question 56

Q

What is a potential issue you may run into when daisy chaining access switches?

Answer

A

There is a danger that black holes will occur in the event of a link or node failure when the distribution interconnection is Layer 3.

Question 57

Q

What is the best mechanism to prevent unicast flooding issues?

Answer

A

Do not span VLANs across multiple access switches.

Question 58

Q

Why should you not span VLANs across multiple access switches if possible?

Answer

A

Because it is the best mechanism to prevent unicast flooding issues.

Question 59

Q

What hardware is supported by the Cisco Power Calculator?

Answer

A

Cisco Catalyst 4500 and 6500 Series

Question 60

Q

What are some features that the Cisco Catalyst Integrated Security capabilities provide?

Answer

A

DHCP snooping prevents rogue DHCP activities.
Dynamic ARP inspection adds security to ARP to minimize the impact of ARP poisoning and spoofing attacks.
IP source guard prevents IP spoofing using the dynamic ARP inspection table

Question 61

Q

Which three address blocks are summarizable?

a. 172.16.20.0/ 24 to 172.16.27.0/ 24
b. 172.16.20.0/ 24 to 172.16.23.0/ 24
c. 10.16.0.0/ 16 to 10.31.0.0/ 16
d. 10.16.0.0/ 16 to 10.47.0.0/ 16
e. 2001: 0DB8: C3B7: 10A0::/ 64 to 2001: 0DB8: C3B7: 10DF::/ 64
f. 2001: 0DB8: 1234: FB40::/ 64 to 2001: 0DB8: 1234: FB5F::/ 64
g. 10.96.0.0/ 16 to 10.159.0.0/ 16

Answer

A

b. 172.16.20.0/ 24 to 172.16.23.0/ 24
c. 10.16.0.0/ 16 to 10.31.0.0/ 16
f. 2001: 0DB8: 1234: FB40::/ 64 to 2001: 0DB8: 1234: FB5F::/ 64

Question 62

Q

What are 2 examples of what bit splitting could be used for?

Answer

A

OSPF Area Design

2. Summarizable address blocks with convenient role-based subnets

Question 63

Q

What is a recommended design approach for OSPF?

Answer

A

Originate the default at the edge and redistribute it into dynamic routing.

Question 64

Q

What is redistribution and some of its characteristics?

Answer

A

Redistribution is a powerful tool for manipulating and managing routing updates, particularly when two routing protocols are present in a network.

Easy to create routing loops
Works poorly with an arbitrary mix of routing protocols anywhere.
Works well with a limited number of redistribution points.

Answer 63

A

A routing protocol feature. The idea behind it is that it is counterproductive to advertise information back to the source of that information, because the information may be out of date or incorrect, and because the source of the information is presumed to be better informed.

Answer 64

A

Large networks.

Answer 65

A

Flooding paths and redundancy
Amount of routing information in the OSPF area or routing domain.
Number of adjacent neighbors

Answer 66

A

Distance Vector

RIPv1
RIPv2

Link State

OSPF
IS-IS

Hybrid Link State and Distance Vector
-EIGRP

Path Vector
-BGP

Answer 67

A

IBGP requires a full mesh of peers because it has no other way to prevent looping of routing information.

Answer 68

A

A BGP route reflector is an IBGP speaker that reflects or repeats routes learned from IBGP peers to some of its other IBGP peers.

Answer 69

A

Nonclient routers
Other route reflector client routers
EBGP peers

Answer 70

A

Coarse Wavelength-Division Multiplexing

An optical technology for transmitting up to 16 channels, each in a separate wavelength or color, over the same fiber strand using less-sophisticated and less-costly transceiver designs than DWDM.

Answer 71

A

Wavelength-Division Multiplexing

Uses a multiplexer (mux) at the transmitter to place multiple optical signals on a fiber and a demultiplexer (demux) at the receiver to split them off of the fiber.

Answer 72

A

Dense Wavelength-Division Multiplexing
Coarse Wavelength-Division Multiplexing

DWDM and CWDM are technologies that increase the information-carrying capacity of existing fiber-optic infrastructure by transmitting and receiving data on different light wavelengths on a single strand of fiber.

CWDM is an optical technology for transmitting up to 16 channels, each in a separate wavelength or color, over the same fiber strand using less-sophisticated and less-costly transceiver designs than DWDM.

Answer 73

A

Dense Wavelength-Division Multiplexing

A core technology in an optical transport network. The concepts of DWDM are similar to those for CWDM except DWDM spaces the wavelengths more tightly, yielding up to 160 channels. The tighter channels are more precise which is why it is more sophisticated and costly than CWDM.

Answer 74

A

Synchronous Optical Network (SONET),

A time -division multiplexing (TDM) technique for framing voice and data onto a single wavelength on fiber.

Answer 75

A

Synchronous Digital Hierarchy

Answer 76

A

It requires provisioning double the protected bandwidth. Bandwidth along SONET is committed as circuits between two points on the ring.

Answer 77

A

EPL
ERS
EWS

Answer 78

A

Ethernet Private Line

A port-based point-to-point Ethernet-line (E-line) service that maps Layer 2 traffic directly onto a TDM circuit.

Answer 79

A

Ethernet Relay Service

A point-to-point VLAN-based E-line service that is used primarily for establishing a point-to-point connection between customer routers.

Answer 80

A

Ethernet Wire Service

A point-to-point port-based E-line service that is used primarily to connect geographically remote LANs over a P-network.

Answer 81

A

Ethernet Multipoint Service

A multipoint-to-multipoint port -based emulated LAN (ELAN) service that is used for transparent LAN applications.

Some characteristics are:

The P-network acts as a virtual switch for the customer.
All customer packets are transmitted to the destination ports transparently.
Oversubscription of the P-network is handled using stat muxing.

Answer 82

A

Ethernet Relay Multipoint Service

A multipoint-to-multipoint VLAN-based ELAN service that is used primarily for establishing a multipoint-to-multipoint connection between customer routers

Answer 83

A

Ability to support multiple instances of services or EVCs (Ethernet Virtual Circuit) on a single customer UNI (User Network Interface)

Answer 84

A

Maybe add some characteristics to other Ethernet Services just like with EMS?

Answer 85

A

Pseudo Wires (PW)

Encapsulation of circuit data or PDUs at the ingress
Carries encapsulated data across the tunnel and acts as a logical wire

Answer 86

A

The variation in delay in the interval between successive packets

Answer 87

A

As a basis for design decisions.

Answer 88

A

Physical interface that is used by the WAN service.
Performance limits of the CPE device
Required additional services , such as VPN and QoS

Answer 89

A

Performance Routing (PfR) is the general term used for features that take into account diverse WAN characteristics and makes an informed-decision about the best path to reach a network or application.

Learn
Measure
Apply Policy
Optimize
Verify

Answer 90

A

Support for layer 2 domain sizing
Support for service modules
Support for a mix of access layer models
Support for NIC Teaming and HA clustering

Answer 91

A

Use NSSA from the core layer down.
Adjust the default bandwidth value with the auto-cost reference-bandwidth command.
Tune the timers with the timers throttle spf command.

Answer 92

A

Layer 2 loop-free U

Answer 93

A

Loop-free U
- VLANs are contained in switch pairs (no extension outside of switch pairs).
- No STP blocking; all uplinks are active.
- Layer 2 service modules black hole traffic on uplink failure.
Loop-free inverted U
- Supports VLAN extension.
- No STP blocking; all uplinks are active.
- Access switch uplink failure black holes single attached servers.
- ISL scaling considerations.
- Supports all service module implementations.

Characteristics of both:

Redundancy can be supported using a trunk between the access switches.
VLANs are extended to the aggregation layer.

Answer 94

A

VLANs cannot be extended between aggregation switches

2. Layer 2 service modules will black hole traffic in the event of an uplink failure.

Answer 95

A

VLANs do not extend to the aggregation layer.
All uplinks are active, and none are blocking.
Layer 2 server adjacency is supported across a single pair of access switches.

Answer 96

A

Cabling from the cabinet is minimized.
Cooling requirements are eased.
The number of devices to manage increases.

Answer 97

A

Cabling Design
Cooling Requirements
Power Requirements
Density
10 GB Ethernet and 10 GB EtherChannel Support
Resiliency features
Intended use

Answer 98

A

Cooling is less than EoR
Less cabling from the cabinet
Higher STP Processing
More devices to manage
More port density

Answer 99

A

Decreased Management
Fewer devices to manage
Lower STP Processing
Redundant switch power and CPUs

Answer 100

A

More cabling needs to be routed and managed.

- Cooling restraints due to the cable bulk coming into the cabinets and blocking airflow.

Answer 101

A

port-channel load-balance

Answer 102

A

At the aggregation layer in Layer 2 access layer designs

Answer 103

A

A per-line card value that reflects the total number of spanning-tree processing instances used on a particular line card

Answer 104

A

1RU access switch design

Answer 105

A

RSTP

As compared to:
ACE Module
FWSM
Tuned EIGRP
HSRP

Answer 106

A

Split-core topology: building two separate data center cores using a single redundant pair of Cisco Nexus 7000 switches
Consolidated aggregation : using two VDCs of a single Cisco Nexus 7000 switch as a redundant pair of aggregation switches in an aggregation block
Multiple aggregation layers: using VDCs to create separate aggregation blocks by business unit or function from a single pair of Cisco Nexus 2000 FEXs.

Answer 107

A

Full duplex
Addresses more than 16 million nodes
Segment lengths of up to 6 miles (10 km)

Answer 108

A

Virtual SAN (VSAN)

Answer 109

A

Uses a core-edge design to support much larger port densities than the collapsed-core design.
Has a lower port-density efficiency as compared to small- or medium-scale designs.

Answer 110

A

Port density and topology
Fault isolation using VSAN
Simplified SAN management through storage captivity

Answer 111

A

Reduced cabling
Fewer network port adapters per server
Power and cooling savings.

Answer 112

A

Ethernet NIC and CNA (Converged Network Adapter).

Answer 113

A

If you enable MST, you should use a separate MST instance for FCoE VLANs.
Use separate FCoE VLANs for SAN A and SAN B in dual-fabric SAN designs.
When using FCoE on the Cisco Nexus 2000 FEXs, these FEXs should be connected straight through.

Answer 114

A

802.1Qbb Priority Flow Control (PFC)
802.1Qaz Enhanced Transmission Selection (ETS)
802,1Qau Congestion Notification
802.1ab Data Center Bridging Capability Exchange (DCBX) Protocol

Answer 115

A

In the data center

Answer 116

A

Providing a public IP address or virtual IP address for each service
Rewriting source and destination IP or MAC addresses, depending on SLB mode
Supporting scaling and high availability by distributing client requests for service across active servers

Answer 117

A

The SLB VIP and the real servers are in the same VLAN or subnet.
The SLB VIP and the real servers are in the same VLAN or subnet.
Return traffic can use PBR to deflect appropriate outbound server traffic over to the SLB as next hop.

Answer 118

A

At the core layer.

Answer 119

A

The aggregation switch Cisco FWSM routes traffic to the server subnets.
The MSFC is not directly connected to the Cisco ACE.

Answer 120

A

A logical separation of multiple firewall security contexts on a single firewall

Answer 121

A

asr-group interface command on FWSM 3.0

Answer 122

A

Community VLAN
Isolated VLAN
Primary VLAN

Answer 123

A

IBNS authentication

2. NAC posture assessment

Answer 124

A

The Cisco NAS has an IP address for every managed VLAN.

2. The Cisco NAS operates as the default gateway for untrusted network clients.

Answer 125

A

Scanners

2. Printers

Answer 126

A

It is an active device in the traffic path.

2. Traffic arrives on one IPS interface and exits on another.

Answer 127

A

Supporting asymmetric traffic flows

2. Supporting failover without dropping valid traffic

Answer 128

A

A global controller to summarize multiple local controllers

Answer 129

A

Identity
Enforce
Isolate

Answer 130

A

To place the public side of the VPN termination device in a DMZ behind a firewall

Answer 131

A

Using internal address pools per VPN headend and implementing a static route for these subnets to the VPN headend

Answer 132

A

WAN replacement

2. Mandated or regulatory encryption

Answer 133

A

Remote peers connected to the central site over a shared infrastructure in a hub-and-spoke topology

Answer 134

A

Reduced management complexity for VPN deployments

2. Centralized VPN management across all Cisco VPN devices

Answer 135

A

Dynamic mesh availability with fewer active tunnels on each spoke
Spoke-to-spoke tunnel creation dynamically based on traffic requirements

Answer 136

A

It is a set of software features that provides a tunnel-less technology for end-to-end security.
It secures IP multicast group traffic or unicast traffic over a private WAN.

Answer 137

A

Use dedicated management interfaces if possible.
Use a different username for configuration management and for troubleshooting.
Use IPsec rather than SSH or SSL for access to VPN devices across the Internet.

Answer 138

A

Packets-per-second capacity from remote routers

Answer 139

A

IPsec direct encapsulation

Answer 140

A

It reduces network bandwidth consumption.

Answer 141

A

RPF - Route Path Forwarding

Answer 142

A

Forwarding multicast traffic away from the source, rather than to the receiver.

This is just the opposite of unicast routing.

Answer 143

A

Only if it is received on the upstream interface; this interface is also called the RPF interface.

Answer 144

A

The router looks up the source address in the unicast routing table to determine whether the packet has arrived on the interface that is on the reverse path back to the source.
If the packet has arrived on the interface leading back to the source, the RPF check succeeds and the packet is forwarded.
If the RPF check fails, the packet is dropped.

Answer 145

A

To join hosts in a multicast group

Answer 146

A

Internet Group Management Protocol

Used between hosts and their local router.

Hosts use IGMP to register with the router to join (and leave) specific multicast groups.

Version 1
- Has no Leave Group mechanism

Version 2

Leave Group message
Group-specific queries
Querier election mechanism
Query-interval response time

Version 3
- Adds the ability to filter multicasts based on the multicast source so that hosts can indicate that they want to receive traffic only from particular sources within a multicast group.

Answer 147

A

One-to-many applications

Answer 148

A

Deployments use shared distribution trees.
Deployments use source distribution trees.
It is the traditional form for PIM deployments.

Answer 149

A

Bidir-PIM

Answer 150

A

Auto-RP

2. BSR

Answer 151

A

It grows when sources and receivers run multicast applications.
It includes the unicast routing state information.
State changes affect CPU utilization.

Answer 152

A

At the network ingress interface on the data plane before multicast processing.

Answer 153

A

Deployments in which switches are used pervasively

2. One-to-many applications

Answer 154

A

It can take advantage of quick branch-to-branch connectivity while improving core meshing capability.
Encryption is supported for native multicast and unicast traffic with Group Encrypted Transport’s GDOI protocol.
It uses multicast to send the GET VPN packets to multiple destinations , which makes GET VPN very scalable.

Answer 155

A

Destination IP Address
Source IP Address
ToS Byte
Layer 3 Protocol Type

Answer 156

A

A unidirectional stream of packets between a given source and destination (both defined by a network layer IP address and source and destination port numbers).

Answer 157

A

IP Source Address
IP Destination Address
Source Port
Destination Port
Layer 3 Protocol Field
Type of Service (ToS) Byte
Input Interface (IfIndex)

Answer 158

A

An important embedded Cisco IOS Software technology that provides visibility into network behavior and how network assets are being used.

NetFlow answers the questions of what, when, where , and how traffic is flowing in the network.

Answer 159

A

Version 1
- The original version

Version 5 (Most Common)
 - Adds autonomous system data and sequencing information to the NetFlow Data Export

Version 7
- Supports Cisco Catalyst 6500 series switches with an MSFC on Cisco Catalyst Operating System Version 5.5( 7) and later.

Version 8
- Is for on-router aggregation. It includes a choice of 11 aggregation schemes.

Version 9
- Supports dynamically defined fields.

Answer 160

A

As the cache becomes full, a number of heuristics are applied to aggressively age groups of flows simultaneously.
Flows that have been idle for a specified time are expired and removed from the cache.
TCP connections that have reached the end-of-byte stream (FIN) are expired.

Answer 161

A

Version 9

Answer 162

A

It is the basis for IPFIX.
It can monitor a wider range of packet information than traditional NetFlow.
It can track multiple NetFlow applications simultaneously by using different flow monitors.

Answer 163

A

It can only monitor applications that are built in or that it recognizes from a PDLM.
It can monitor a wider range of packet or protocol information than traditional NetFlow.

Answer 164

A

They allow scalability with many endpoints.

2. They provide separate memory and CPU from hardware in the switching path.

Answer 165

A

A dedicated router that is used to perform the IP SLA measurement operations when the number of operations is high for an IP SLA source (such as for hundreds or thousands of measurements).

Answer 166

A

Three or more.

or four or more pairs of building distribution switches in a very large campus.

Answer 167

A

When incoming packets are received faster than outgoing packets are transmitted. Packets are queued as they wait to serialize out onto the slower link.

Answer 168

A

Use 802.1Q
Set DTP to Desirable and Desireable with Encapsulation Negotiate to support DTP negotiation.
Disable trunks on host ports because host devices do not need to negotiate trunk status. This practice speeds up PortFast and is a VLAN-hopping security measure.

Answer 169

A

Transparent because it decreases the potential for operational error.

Answer 170

A

Manually prune unused VLANS from trunked interfaces. This allows you to avoid broadcast propagation.

Answer 171

A

Server mode with no VTP domain name.

Answer 172

A

The switch you are connecting would accept the domain name of an adjacent VTP server and overwrite the local VLAN database.

Answer 173

A

Serves as the gateway to the campus core , where other campus modules connect , including the enterprise edge and WAN modules.

Answer 174

A

Layer 3
Use a distributed, low-latency forwarding architecture
Use 10 GB interfaces

Answer 175

A

Either within or below the aggregation layer modules.

Answer 176

A

No. Layer 2 should be avoided in the core because a Spanning Tree Protocol (STP) loop could cause a full data center outage.

Answer 177

A

Yes, such as OSPF or EIGRP.

Answer 178

A

Using CEF (Cisco Express Forwarding) based hashing algorithms.

mls ip cef load-sharing

Answer 179

A

Point to point
Arbitrated Loop
Switched

Answer 180

A

Similar to TCP communication in the following ways:

Point to point oriented (similar to TCP session establishment.)
Supports a logical node connection point between node ports (N_Ports). (Similar to TCP and UDP Sockets).
Supports flow control on a hop-by-hop basis using a buffer-to-buffer credit (BB_Credit) method. (Similar to TCP flow control except the receiver calls the shots and there aren’t any drops)
Supports acknowledgements for certain classes of traffic. (Similar to TCP and UDP acknowledgement models).
Enables multiple sessions to be maintained per device. (Similar to TCP and UDP Sockets).

Answer 181

A

Always use star topologies that are based on MEC (MultiChassis EtherChannels) with the VSS.
Use unique VSS domain numbers for each VSS pair in your network, even if the pairs are not directly connected to each other.
As with any EtherChannel, always use a number of links that is a power of 2 (2, 4, 8) to optimize the load balancing of traffic across the VSLs.
Do not configure switch preemption.
Do not tune the Link Management Protocol (LMP), LACP, and PAgP timers in an aggressive manner or it may adversely affect the system performance.
Enable a dual-active detection mechanism to guard against VSL (Virtual Switch Link) failures.

Answer 182

A

In the Distribution Layer

Answer 183

A

Virtual Switched System (VSS)

VSS is a network virtualization technology that combines two Cisco Catalyst 6500 switches (and other models such as the 4500) into a single logical entity.
It enables loop-free logical star designs that retain full physical redundancy.

Answer 184

A

The VSL EtherChannel should consist of at least two 10-Gbps links, which should be terminated on different line cards in the chassis for maximum availability.

Answer 185

A

Layer 2 loop-free (current best practice)
Layer 2 looped
Layer 3 routed

Answer 186

A

Access switches use layer 2 switching.
Links between the access and distribution layers are configured as layer 2 trunks.
Links between distribution layer switches are configured as Layer 3 routed links and use Etherchannel.
All ports are in the Spanning-Tree Forwarding state
Spanning-tree is not involved with load balancing or network convergence.
Some flavor FHRP is used for load balancing traffic from the access to distribution layer.
Reconvergence time in case of failure is primarily driven by the FHRP in use.
VLANs should NOT be extended across multiple access switches.

Answer 187

A

Access switches use layer 2 switching.
Links between the access and distribution layers are configured as layer 2 trunks.
Links between distribution layer switches are configured as Layer 2 trunks routed links (and I believe use Etherchannel. The book didn’t say).
Not all ports are in the Spanning-Tree Forwarding state. Some are blocking to prevent the loop.
Spanning-tree is involved with network convergence along with the FHRP being used.
Load-balancing is limited using PVST root election tuning on a VLAN-by-VLAN basis. STP will still block one of the access switch uplinks within each VLAN.
Some flavor FHRP is used
VLANs can be extended across multiple access switches.

Answer 188

A

Access switches use layer 3 routing.
Links between all switches are configured as layer 3 routed links.
No Spanning-tree on inter-switch links and spanning-tree is not involved with load balancing or network convergence.
No FHRP is in use. Hosts use access switch as their default gateway. Some flavor FHRP is used for load balancing traffic from the access to distribution layer.
Reconvergence time in case of failure is dependent on the routing protocol being used.
VLANs can NOT be extended across multiple access switches.

Answer 189

A

A Server Load Balancer (SLB), also called a content load balancer, supports both scaling and high availability by distributing client requests for service across active servers.

The SLB provides a public IP address, also called a virtual IP (VIP) address, for each service.

Answer 190

A

Router Mode - The SLB device routes between outside and inside subnets.
Bridge mode (inline): The SLB device operates in Transparent Bridging mode.

3 One-armed or two-armed mode: The one-armed or two-armed mode can be implemented in several ways such that replies from servers pass back through the SLB on their way to the end user. The server default gateway can be set to the SLB device, policy-based routing (PBR) can be used, or client NAT can be used.

Answer 191

A

Out-of-band approach
SLB connected to a switch with one or two connections.
Not directly inline with the traffic path.
SLB VIP and servers are in the same Vlan.

Brainscape's Knowledge GenomeTM

647-874 ARCH Flashcards

Brainscape's Knowledge Genome^TM