CCDA

Question 1

Click and drag the QoS feature type on the left to the category of QoS mechanism on the right.

Answer 1

+ classification and marking: ACLs
+ congestion avoidance: WRED
+ traffic conditioners: CAR
+ congestion management: LLQ
+ link efficiency: LFI

Explanation

Classification is the process of partitioning traffic into multiple priority levels or classes of service. Information in the frame or packet header is inspected, and the frame’s priority is determined.Marking is the process of changing the priority or class of service (CoS) setting within a frame or packet to indicate its classification. Classification is usually performed with access control lists (ACL), QoS class maps, or route maps, using various match criteria.

Congestion-avoidance techniques monitor network traffic loads so that congestion can be anticipated and avoided before it becomes problematic. Congestion-avoidance techniques allow packets from streams identified as being eligible for early discard (those with lower priority) to be dropped when the queue is getting full. Congestion avoidance techniques provide preferential treatment for high priority traffic under congestion situations while maximizing network throughput and capacity utilization and minimizing packet loss and delay.

Weighted random early detection (WRED) is the Cisco implementation of the random early detection (RED) mechanism. WRED extends RED by using the IP Precedence bits in the IP packet header to determine which traffic should be dropped; the drop-selection process is weighted by the IP precedence.

Traffic conditioner consists of policing and shaping. Policing either discards the packet or modifies some aspect of it, such as its IP Precedence or CoS bits, when the policing agent determines that the packet meets a given criterion. In comparison, traffic shaping attempts to adjust the transmission rate of packets that match a certain criterion. Shaper typically delays excess traffic by using a buffer or queuing mechanism to hold packets and shape the flow when the source’s data rate is higher than expected. For example, generic traffic shaping uses a weighted fair queue to delay packets to shape the flow. Traffic conditioner is also referred to asCommitted Access Rate (CAR).

Congestion management includes two separate processes: queuing, which separates traffic into various queues or buffers, and scheduling, which decides from which queue traffic is to be sent next. There are two types of queues: the hardware queue (also called the transmit queue or TxQ) and software queues. Software queues schedule packets into the hardware queue based on the QoS requirements and include the following types: weighted fair queuing (WFQ), priority queuing (PQ), custom queuing (CQ), class-based WFQ (CBWFQ), and low latency queuing (LLQ).

LLQ is also known as Priority Queuing–Class-Based Weighted Fair Queuing (PQ-CBWFQ). LLQ provides a single priority but it’s preferred for VoIP networks because it can also configure guaranteed bandwidth for different classes of traffic queue. For example, all voice call traffic would be assigned to the priority queue, VoIP signaling and video would be assigned to a traffic class, FTP traffic would be assigned to a low-priority traffic class, and all other traffic would
be assigned to a regular class.

Link efficiency techniques, including link fragmentation and interleaving (LFI) and compression. LFI prevents small voice packets from being queued behind large data packets, which could lead to unacceptable delays on low-speed links. With LFI, the voice gateway fragments large packets into smaller equal-sized frames and interleaves them with small voice packets so that a voice packet does not have to wait until the entire large data packet is sent. LFI reduces and ensures a more predictable voice delay.

Question 2

Match the Cisco security solution on the left to its function on the right.

Answer 2

+ protects the endpoints (desktops, laptops and servers): Cisco Security Agent
+ provides multiple functions as a high performance security appliance: ASA
+ prevents DDoS attacks: Anomaly Guard and Detector
+ provides Web-Based VPN services: SSL Service Module
+ prevents attacks inline: IPS Appliance

Question 3

Answer 3

+ limits the number of frames transmitted before an acknowledgement is received: window size
+ reduces data size to save transmission time, optimizing the use of WAN bandwidth: data compression
+ allows network administrators to manage the varying demands generated by applications: queuing
+ discards packets or modifies some aspect of them (such as IP precedence): traffic policing

Question 4

Place the PPDIOO Methodology in the correct order

Optimize Step 1
Design Step 2
Prepare Step 3
Implement Step 4
Operate Step 5
Plan Step 6

Answer 4

Step 1: Prepare
Step 2: Plan
Step 3: Design
Step 4: Implement
Step 5: Operate
Step 6: Optimize

Question 5

Which of these is the equation used to derive a 64 Kbps bit rate?

A. 2×8 kHz x 4-bit code words
B. 8 kHz x 8-bit code words
C. 2 x 4-bit code words x 8 kHz
D. 2×4 kHz x 8-bit code words

Answer 5

Answer: D

Explanation

While the human ear can sense sounds from 20 to 20,000 Hz, and speech encompasses sounds from about 200 to 9000 Hz, the telephone channel was designed to operate at about 300 to 3400 Hz. This economical range carries enough fidelity to allow callers to identify the party at the far end and sense their mood. Nyquist decided to extend the digitization to 4000 Hz, to capture higher-frequency sounds that the telephone channel may deliver. Therefore, the highest frequency for voice is 4000 Hz. According to Nyquist theory, we must double the highest frequency, so 2x4kHz = 8kHz.

Each sample will be encoded into a 8-bit code. Therefore 8kHz x 8-bit code = 64 Kbps (notice about the unit Kbps: 8kHz = 8000 samples per second so 8000 x 8-bit = 64000 bit per second = 64 Kilobit per second = 64 Kbps)

Note:

Nyquist theory:

“When sampling a signal (e.g., converting from an analog signal to digital), the sampling frequency must be greater than twice the bandwidth of the input signal in order to be able to reconstruct the original perfectly from the sampled version.”

Question 6

Which three of these are components of the North American Numbering Plan? (Choose three)

A. Numbering Plan Area
B. country code
C. prefix
D. zone
E. line number
F. trunk channel

Answer 6

Answer: A C E

Explanation

NANP has the address format of NXX-NXX-XXXX, where N is any number from 2 to 9 and X is any number from 0 to 9. The first three digits identify the numbering plan area and are commonly called the area code. The address is further divided into the office code (also known as prefix) and line number. The prefix is three digits, and the line number is four digits. The line number identifies the phone.

Question 7

A customer has the following Enterprise Campus design requirements:

at least 10 Gbps of bandwidth
network runs of up to 40km
no concern for transmission medium cost

Which transmission medium should you recommend to this customer?

A. shielded twisted pair
B. unshielded twisted pair
C. multimode fiber
D. single-mode fiber
E. wireless

Answer 7

Answer: D

Explanation

Below is the comparison of transmission media

Twisted Pair: Up to 1Gbps Distance: 100m
Multimode: Up to 1Gbps Distance: 2 km (FE) 550 m (GE)
Single-mode fiber: 10 Gbps Distance: 90 km (FE) 40 km (GE)
Wireless: 54 Mbps (27Mbps effective) Distance: 500 m at 1 Mbps

(Reference from CCDA Official Exam Certification Guide. Some other books have different figures but we should answer it according to the “Official” book)

Question 8

In the Cisco branch office design, what categorizes an office as large?

A. between 50 and 100 users and a three-tier design
B. between 50 and 100 users and a single-tier design
C. between 100 and 200 users and a two-tier design
D. between 100 and 200 users and a three-tier design
E. over 200 users and a two-tier design

Answer 8

Answer: D

Question 9

Which layer is the distribution layer?

A. Layer A
B. Layer B
C. Layer C
D. Layers A and B form a consolidated core and distribution layer

Answer 9

Answer: B

Question 10

Which two implementation plan principles best describe how to deal with potential failures?(Choose two)

A. A good implementation plan.
B. A successful test network test.
C. A test should be included at every step.
D. A detailed rollback procedure for each implementation step.
E. A table of failure points, rollback steps, and estimated rollback times.

Answer 10

Answer: C D

Question 11

Refer to the exhibit.

A standard, Layer 2 campus network design is pictured. Which numbered box represents the distribution layer?

A. #1
B. #2
C. #3
D. #4

Answer 11

Answer: B

Question 12

Which three pieces of information should be documented for each step of each phase in a design implementation plan? (Choose three)

A. step description
B. design document references
C. easy guidelines in case of failure
D. estimated implementation time
E. simple implementation guidelines
F. estimated rollback time in case of failure

Answer 12

Answer: A B D

Question 13

Which three terms describe the primary functions of the distribution layer of the campus network design hierarchy? (Choose three)

A. provides end-user connectivity
B. provides high speed transport
C. provides QoS services
D. enforces security policies
E. provides WAN connections
F. connects access devices to the core backbone

Answer 13

Answer: C D F

Question 14

Refer to the exhibit

Which two statements correctly identify the layers of the Enterprise Campus module? (Choose two)

A. A is the Server Farm layer and C is the Campus Core layer.
B. A is the Server Farm layer and D is the Building Access layer.
C. B is the Campus Core layer and C is the Building Distribution layer.
D. B is the Building Distribution layer and C is the Campus Core layer.
E. A is the Internet Connectivity layer and B is the Campus Core layer.
F. B is the Building Distribution layer and D is the Building Access layer.

Answer 14

Answer: B C

Question 15

Refer to the exhibit.

Which statement accurately represents the characteristics of the core layer in this design?

A. QoS should be performed only in the core.
B. Load balancing should never be implemented or used in the core.
C. Access lists should be used in the core to perform packet manipulation.
D. It is acceptable to use a partial mesh in the core if it is connected to each device by multiple paths.

Answer 15

Answer: D

Question 16

Refer to the exhibit

Which element or elements of the existing network infrastructure does this network map emphasize?

A. network services
B. network protocols
C. the OSI data link layer
D. network applications

Answer 16

Answer: D

Question 17

Which two of the following are benefits of using a modular approach to network design? (Choose two)

A. improves flexibility
B. facilitates implementation
C. lowers implementation costs
D. improves customer participation in the design process

Answer 17

Answer: A B

Question 18

What are the modules of the Cisco Enterprise Architecture?

Answer 18

+ Enterprise Campus module
+ Enterprise Edge module
+ Enterprise WAN module
+ Enterprise Data Center module
+ Enterprise Branch module
+ Enterprise Teleworker module

Question 19

What is the purpose of the access layer, distribution layer, and core layers?

Answer 19

The purpose of the access layer is to grant end-user access to network resources.

The distribution layer provides aggregation for the access layer devices and uplinks to the core layer. It is also used to enforce policy within the network.

The core layer provides a high-speed, highly available backbone designed to switch packets as fast as possible.

Question 20

Data link switching is typically used in which Enterprise Campus Module layer?

A. Server Farm
B. Campus Core
C. Building Access
D. Building Distribution
E. Internet Connectivity

Answer 20

Answer: C

Explanation

In the most general model, the Building Access layer uses Layer 2 switching (or Data link switching), and the Building Distribution layer uses multilayer switching.

Question 21

Which two statements about designing the Enterprise Data Center Access submodule are correct? (Choose two)

A. Multiport NIC servers should each have their own IP address.
B. Layer 3 connectivity should never be used in the access layer.
C. Layer 2 connectivity is primarily implemented in the access layer.
D. Multiport NIC servers should never be used in the access layer.
E. Layer 2 clustering implementation requires servers to be Layer 2 adjacent.

Answer 21

Answer: C E

Explanation

Data link layer switches are often used to connect end devices in the access layer (while distribution and core layer typically use multilayer switches -> C is correct.

The use of Layer 2 clustering requires the servers to be Layer 2–adjacent -> E is correct.

Question 22

Which two statements about the Enterprise Data Center Aggregation submodule are correct? (Choose two)

A. it provides Layer 4 7 services
B. it should never support STP
C. it is the critical point for control and application services
D. it typically provides Layer 2 connectivity from the data center to the core

Answer 22

Answer: A C

Explanation

This submodule provides Layer 4 through Layer 7 services through security and application service devices such as load-balancing devices, SSL offloading devices, firewalls, and IDS devices.

The Data Center Aggregation (distribution) layer aggregates the uplinks from the access layer to the Data Center Core layer and is the critical point for control and application services.

Question 23

Which of the following is a modular component within the Cisco Enterprise Campus module in the Cisco Enterprise Architecture framework?

A. Teleworker
B. E-Commerce
C. Internet Connectivity
D. Building Distribution
E. WAN/MAN Site-to-Site VPN

Answer 23

Answer: D

Question 24

DataQuirk is a web-based medical transcription company for exotic-animal veterinarians. The company recently added a third ISP for international business. They are organizing the enterprise network into a fully operational Enterprise Edge. To which two modules will the three ISPs be directly related? (Choose two)

A. PSTN
B. E-Commerce
C. WAN/MAN
D. Edge Distribution
E. Internet Connectivity
F. Remote Access VPN

Answer 24

Answer: B E

Explanation

The Enterprise Edge Module consists of the following modules:

+ E-commerce module: includes the devices and services necessary for an organization to provide e-commerce applications.
+ Internet connectivity module: provides enterprise users with Internet access.
+ VPN and remote access module: terminates VPN traffic and dial-in connections from external users.
+ WAN/ MAN and site-to-site module: provides connectivity between remote sites and the central site over various WAN technologies.

In these modules, only E-Commerce and Internet Connectivity modules will be directly related to the three ISPs.

Question 25

Which statement decribes the recommended deployment of DNS and DHCP servers in the Cisco Enterprise Architecture Model?

A. Place the DHCP and DNS servers in the Enterprise Campus Access layer and Enterprise branch.
B. Place the DHCP and DNS servers in the Enterprise Campus Server Farm layer and Enterprise branch.
C. Place the DHCP server in the Enterprise Campus Core layer and Remote Access/VPN module with the DNS server in the Internet Connectivity module.
D. Place the DHCP server in the Enterprise Campus Distribution layer with the DNS server in the Internet Connectivity module.

Answer 25

Answer: B

Explanation

For the Enterprise Campus, DHCP and internal DNS servers should be located in the Server Farm and they should be redundant. External DNS servers can be placed redundantly at the service provider facility and at the Enterprise branch.

Question 26

Which two modules are found in the Enterprise Edge functional area of the Cisco Enterprise Architecture? (Choose two)

A. Teleworker
B. WAN/MAN
C. Server Farm
D. E-Commerce
E. Internet Connectivity
F. Remote Access/VPN

Answer 26

Answer: D E

Explanation

I am not sure about the answers! The Enterprise Edge functional area consists of four main modules: E-commerce module, Internet Connectivity module, Remote Access and VPN module, WAN and MAN and Site-to-Site VPN module. So B and F are correct too. Hope someone will describe this question clearly after taking the exam!

Question 27

The Cisco Data Center Network Architecture comprises which two Cisco SONA layers? (Choose two)

A. Interactive Services
B. Business Applications
C. Network Infrastructure
D. Collaboration Applications
E. WAN/Internet

Answer 27

Answer: A C

Explanation

The SONA framework defines the following three layers:

+ Networked Infrastructure layer: Where all the IT resources interconnect across a converged network foundation. The objective of this layer is to provide connectivity, anywhere and anytime.
+ Interactive Services layer: Includes both application networking services and infrastructure services. This layer enables efficient allocation of resources to applications and business processes delivered through the networked infrastructure.
+ Application layer: Includes business applications and collaboration applications. The objective of this layer is to meet business requirements and achieve efficiencies by leveraging the Interactive Services layer.

Question 28

Which three of these are layers in the Cisco SONA Architecture? (Choose three)

A. Application
B. Physical
C. Presentation
D. Integrated Transport
E. Interactive Services
F. Networked Infrastructure

Answer 28

Answer: A E F

Question 29

A Cisco SONA architecture layer is described as follows:
The layer’s IT resources are interconnected across a converged network foundation.
The layer’s IT resources include servers, storage, and clients.
The layer represents how resources exist across the network.
The customer objective for the layer is to have anywhere/anytime connectivity.

Which Cisco SONA architecture layer is being described?

A. Application
B. Physical
C. Integrated Transport
D. Interactive Services
E. Networked Infrastructure

Answer 29

Answer: E

Question 30

WHat does PPDIOO stand for?

Answer 30

Cisco has formalized a network’s life cycle into six phases: Prepare, Plan, Design, Implement, Operate, and
Optimize.

Question 31

At which stage in the PPDIOO process would you analyze a customer’s network in order to discover opportunities for network improvement?

A. Plan
B. Prepare
C. Design
D. Implement
E. Operate
F. Design Assessment

Answer 31

Answer: C

Explanation

Design phase: Developing a detailed design is essential to reducing risk, delays, and the total cost of network deployments. A design aligned with business goals and technical requirements can improve network performance while supporting high availability, reliability, security, and scalability.

(Reference: http://www.ciscozine.com/2009/01/29/the-ppdioo-network-lifecycle/)

Question 32

Which of these is the next step after the design phase in the PPDIOO process?

A. Order the equipment.
B. Develop a high-level migration plan.
C. Create a pilot or a prototype network.
D. Develop the implementation plan in as much detail as possible.
E. Identify which network management protocol will be used for which function.

Answer 32

Answer: D

Explanation

The Implement phase begins after the design phase has been finished. In this phase, new devices are installed, configured and tested according to the design specifications.

Question 33

According to Cisco, which four improvements are the main benefits of the PPDIOO lifecycle approach to network design? (Choose four)

A. faster ROI
B. improved business agility
C. increased network availability
D. faster access to applications and services
E. lower total cost of network ownership
F. better implementation team engagement

Answer 33

Answer: B C D E

Explanation

The PPDIOO life cycle provides four main benefits:

+ It improves business agility by establishing business requirements and technology strategies.
+ It increases network availability by producing a sound network design and validating the network
operation.
+ It speeds access to applications and services by improving availability, reliability, security, scalability, and
performance.
+ It lowers the total cost of ownership by validating technology requirements and planning for infrastructure
changes and resource requirements.

(Reference: Cisco CCDA Official Exam Certification Guide, 3rd Edition)

Question 34

Refer to the exhibit

During which stage of the PPDIOO process are implementation procedures prepared?

A. Prepare
B. Plan
C. Design
D. Implement
E. Operate
F. Optimize

Answer 34

Answer: C

Explanation

The Design phase includes network diagrams and an equipment list. The project plan is updated with more granular
information for implementation. This is the so-called “prepare implementation procedures”.

Question 35

Which two design methodology steps relate, at least in part, to the implement phase of the PPDIOO process? (Choose two)

A. verifying the network
B. testing design
C. determining customer requirements
D. characterizing the existing network
E. establishing the organizational requirements

Answer 35

Answer: A B

Explanation

The Implement phase relates to implement new devices, including verifying and testing so A and B are the most suitable options.

“Determining customer requirements” occurs in the Prepare phase, which identifies requirements and builds a conceptual architecture.

“Characterizing the existing network” belongs to the Plan phase; this step is performed to determine the infrastructure necessary to meet the requirements.

In the “establishing the organizational requirements” step, the network topology is designed to meet the requirements and close the network gaps identified in the previous steps. This step is related to the Design Phase of the PPDIOO process.

Question 36

Which two statements represent advantages that the top-down network design process has over the bottom-up network design process? (Choose two)

A. is able to provide the big picture
B. utilizes previous experience
C. takes less time to design a network
D. identifies appropriate technologies first
E. provides a design for current and future development

Answer 36

Answer: A E

Explanation

By incorporating the organization’s requirements, the top-down network design process provide the big picture that meets current and future requirements.

Question 37

Which statement identifies a benefit obtained when using a top-down network design plan?

A. allows quick responses to design requests
B. facilitates design based on previous experience
C. incorporates customer organizational requirements
D. is less time-consuming than using a bottom-up approach
E. provides a more detailed picture of the desired network

Answer 37

Answer: C

Explanation

The top-down approach begins with the organization’s requirements before looking at technologies. Network designs are tested using a pilot or prototype network before moving into the Implement phase.

Question 38

What are three valid methods of gathering information about an existing data network? (Choose three)

A. Use organizational input.
B. Perform a traffic analysis.
C. Analyze the user-mapping of a running application.
D. Perform a packet-level audit to verify carrier service guarantees.
E. Perform a network audit to gather more detail about the network.
F. Use reports that analyze the metrics of the customer’s existing network.

Answer 38

Answer: A B E

Question 39

Which of the following Cisco router services performs network traffic analysis to assist in documenting a customer’s existing network?

A. MRTG
B. NetMon
C. NetFlow
D. SNMP MIB compiler

Answer 39

Answer: C

Question 40

You are performing an audit of a customer’s existing network and need to obtain the following router information:
interfaces
running processes
IOS image being executed

Which command should you use?

A. show version
B. show tech-support
C. show startup-config
D. show running-config
E. show processes memory

Answer 40

Answer: B

Question 41

Which Cisco device management feature is most suited to metering network traffic and providing data for billing network usage?

A. BGP
B. Cisco Discovery Protocol
C. QoS
D. RMON
E. NetFlow

Answer 41

Answer: E

Question 42

Which network management protocol allows a network device to have vendor-specific objects for management?

A. SNMPv1
B. SNMP v2
C. SNMP v3
D. MIB
E. RMON1
F. RMON2

Answer 42

Answer: D

Question 43

Which three sources does a network designer use to collect information for characterizing an existing network? (Choose three)

A. staff input
B. visual inventory
C. network audit
D. traffic analysis
E. server statistics

Answer 43

Answer: A C D

Question 44

Which two of these are functions of an access point in a Split MAC Network Architecture? (Choose two)

A. EAP Authentication
B. MAC layer encryption or decryption
C. 802.1Q encapsulation
D. Process probe response

Answer 44

Answer: B D

Question 45

Lightweight access points are being deployed in remote locations where others are already operational.
The new access points are in a separate IP subnet from the wireless controller. OTAP has not been enabled at any locations.

Which two methods can the AP use to locate a wireless controller? (Choose two)

A. local subnet broadcast
B. NV-RAM IP address
C. DHCP
D. primary, secondary, tertiary
E. DNS
F. master

Answer 45

Answer: C E

Question 46

Which two of the following statements represent a preferred wireless LWAPP implementation? (Choose two)

A. verify open ports for:
Layer 2 LWAPP on ethertype OxABAB
Layer 3 LWAPP on TCP 12222 and TCP 12223

B. verify open ports for:
Layer 2 LWAPP on ethertype OxBBBB
Layer 3 LWAPP on UDP 12222 and UDP 12223

C. verify open ports for:
Layer 2 LWAPP on ethertype OxBABA
Layer 3 LWAPP on UDP 12222 and TCP 12223

D. use of Layer 3 LWAPP is preferred over Layer 2 LWAPP
E. use of Layer 2 LWAPP is preferred over Layer 3 LWAPP

Answer 46

Answer: B D

Question 47

A lightweight access point is added to a working network. Which sequence will it use to associate itself with a wireless LAN controller?

A. master, primary, secondary, tertiary, greatest AP capacity
B. greatest AP capacity, primary, secondary, tertiary, master
C. primary, secondary, tertiary, master, greatest AP capacity
D. primary, secondary, tertiary, greatest AP capacity, master

Answer 47

Answer: C

Question 48

Which three of these describe the best practice for Cisco wireless outdoor Mesh network deployment? (Choose three)

A. RAP implemented with 20 to 32 MAP nodes
B. RAP implemented with 20 or fewer MAP nodes
C. mesh hop counts of 8 to 4
D. mesh hop counts of 4 or fewer
E. client access via 802.11 b/g and backhaul with 802.11 a
F. client access via 802.11 a and backhaul with 802.11 b/g

Answer 48

Answer: B D E

Question 49

Which two of these represent a best practice implementation of a Split MAC LWAPP deployment in a Cisco Unified Wireless Network? (Choose two)

A. Each wireless client authentication type maps to a shared SSID which in turn maps to a common shared VLAN.
B. Each wireless client authentication type maps to a unique SSID which in turn maps to a unique VLAN.
C. Each wireless client authentication type maps to a unique SSID which in turn maps to a common shared VLAN.
D. 802.1 Q trunking extends from the wired infrastructure to the access point for translation into SSID(s).
E. 802.1 Q trunking extends from the wired infrastructure to a wireless LAN controller for translation into SSID(s).
F. 802.1 Q trunking extends from the wired infrastructure to a wireless LAN controller.
Then the 802.1 Q packet is encapsulated in LWAPP and sent to the access point for transmission over the SSID(s).

Answer 49

Answer: B E

Question 50

Which two of these are required for wireless client mobility deployment when using a Cisco Unified Wireless Network? (Choose two)

A. assigned master controller
B. matching mobility group name
C. matching RF group name
D. matching RF power
E. matching security
F. matching RF channel

Answer 50

Answer: B E

Question 51

Which two wireless attributes should be considered during a wireless site survey procedure? (Choose two)

A. encryption
B. channel
C. authentication
D. power
E. SSID

Answer 51

Answer: B D

Question 52

Which two statements best describe Cisco Wireless LAN Guest Access in a Cisco Unified Wireless Network? (Choose two)

A. Dedicated guest VLANs are extended throughout the network to the access points for path isolation.
B. Dedicated guest VLANs are only extended to the wireless controllers in the network to ensure path isolation.
C. Dedicated guest access in the DMZ extends from the origination to the termination controllers without dedicated guest VLANs.
D. Guest tunnels can originate and terminate on any wireless controller platform.
E. Guest tunnels have limitations on which wireless controllers can originate the tunnel.
F. Guest tunnels have limitations on which wireless controllers can terminate the tunnel.

Answer 52

Answer: C F

Question 53

Which type of trunk is required in order to connect a fax machine to a PBX?

A. inter-office
B. Foreign Exchange Office
C. central office
D. Foreign Exchange Station
E. intra-office

Answer 53

Answer: D

Question 54

When monitoring voice traffic on a converged network, which are the three most important QoS characteristics to pay attention to? (Choose three)

A. delay
B. jitter
C. packet loss
D. bit error rate
E. CRTP hop configuration

Answer 54

Answer: A B C

Question 55

Which H.323 protocol is responsible for the exchanging of capabilities and the opening and closing of logical channels?

A. H.225
B. H.245
C. RAS
D. RTCP

Answer 55

Answer: B

Question 56

Which statement best describes Call Admission Control?

A. It extends QoS capabilities to protect voice from excessive data traffic.
B. It provides endpoint registration control.
C. It protects voice from voice.
D. It provides endpoint bandwidth control.

Answer 56

Answer: C

Question 57

Which H.323 protocol monitors calls for factors such as packet counts, packet loss, and arrival jitter?

A. H.225
B. H.245
C. RAS
D. RTCP

Answer 57

Answer: D

Question 58

Given a VoIP network with these attributes:
Codec: G.728
Bit rate: 16 Kbps
WAN Bandwidth: 256 Kbps
Packet Header: 6 bytes
Payload: 40 bytes
CRTP: Yes

How many calls can be made?

A. 7 calls
B. 8 calls
C. 13 calls
D. 14 calls

Answer 58

Answer: C

Question 59

Which H.323 protocol controls call setup between endpoints?
A. H.225
B. H.245
C. RAS
D. RTCP

Answer 59

Answer: A

Question 60

Which two VoIP characteristics are affected most by codec choice? (Choose two)

A. voice quality
B. silent packet handling
C. voice packet header size
D. bandwidth required for voice calls

Answer 60

Answer: A D

Question 61

What are the two most likely driving forces motivating businesses to integrate voice and data into converged networks? (Choose two)

A. Voice has become the primary traffic on networks.
B. WAN costs can be reduced by migrating to converged networks.
C. Their PSTNs cannot deploy features quickly enough.
D. Data, voice, and video cannot converge on their current PSTN structures.
E. Voice networks cannot carry data unless the PRI circuits aggregate the BRI circuits.

Answer 61

Answer: D E

Question 62

Which two techniques can reduce voice packet transfer delay across a link of less than 512 kbps? (Choose two)

A. deploy LFI
B. increase queue depth
0 C. increase link bandwidth
D. extend the trust boundary
E. deploy software compression

Answer 62

Answer: A C

Question 63

Given a VoIP network with these attributes:
Codec: G.711
WAN bandwidth: 768Kbps
Packet Header: 6 bytes
Payload: 160 bytes
CRTP: No

How many calls can be made?

A. 7 calls
B. 8 calls
C. 9 calls
D. 11 calls
E. 13 calls

Answer 63

Answer: C

Question 64

What is the benefit of deploying a gatekeeper in an H.323 IP telephony network?

A. increases redundancy by allowing each gateway to maintain a copy of the dial plan
B. reduces configuration complexity by centralizing the dial plan
C. provides spatial redundancy through the use of HSRP
D. provides load balancing via GUP when alternate gatekeepers are deployed

Answer 64

Answer: B

Question 65

A customer wishes to implement VoIP using centralized call-processing. In addition, the customer wishes to establish a balance between good voice quality and good bandwidth utilization. Which codec would you suggest?

A. G.711
B. G.723.1
C. G.726
D. G.729

Answer 65

Answer: D

Question 66

Which Cisco security solution offers protection against “day zero” attacks?

A. Cisco Adaptive Security Appliance
B. Cisco Security Agent
C. Cisco IOS Firewall
D. Cisco IOS IPS
E. Cisco Traffic Anomaly Detector

Answer 66

Answer: B

Explanation

The Cisco Security Agent (CSA) software protects server and desktop endpoints from the latest threats caused by malicious network attacks. CSA can identify and prevent network attacks that are considered unknown or “Day Zero”-type threats. CSAs are packed with many features, including firewall capabilities, intrusion prevention, malicious mobile code protection, operating-system integrity assurance, and audit log consolidation.

Question 67

Which two solutions are parts of the Cisco Security Management Suite? (Choose two)

A. ASA
B. Cisco Security Agent
C. NAC Appliance
D. CSM
E. PIX
F. Cisco Security MARS

Answer 67

Answer: D F

Explanation

Solutions of the Cisco Security Management Suite are:

+ Cisco Security Manager (CSM) is an integrated solution for configuration management of firewall, VPN, router, switch module, and IPS devices.

+ Cisco Secure Access Control Server (ACS) provides centralized control for administrative access to Cisco devices and security applications.

+ Cisco Security Monitoring, Analysis, and Response System (MARS) is an appliance-based solution for network security administrators to monitor, identify, isolate, and respond to security threats.

+ Management Center for CSA (CSA MC) is an SSL web-based tool for managing Cisco Security Agent configurations.

+ Cisco Router and Security Device Manager (SDM) is a web-based tool for routers and supports a wide range of IOS software.

+ Cisco Adaptive Security Device Manager (ASDM) is a web-based tool for managing Cisco ASA 5500 series appliances, PIX 500 series appliances (version 7.0 or higher), and Cisco Catalyst 6500 Firewall Services Modules (FWSM version 3.1 or higher).

+ Cisco Intrusion Prevention System Device Manager (IDM) is a web-based application that configures and manages IPS sensors.

Question 68

A manufacturing company has decided to add a website to enhance sales. The web seivers in the E-Commerce module must be accessible without compromising network security. Which two design recommendations can be made to meet these requirements? (Choose two)

A. Use private and public key encryption.
B. Move the E-Commerce seivers to the WAN module.
C. Use intrusion detection on the E-Commerce setverfarm.
D. Limit the number of incoming connections to the E-Commerce module.
E. Place E-Commerce seivers and application seivers on isolated LANs (DMZs).

Answer 68

Answer: C E

Question 69

Which Cisco security solution can quarantine and prevent non-compliant end stations from accessing the network until they achieve security policy compliance?

A. Cisco Secure Connectivity
B. Adaptive Security Appliance
C. Access Control Server
D. Network Admission Control
E. Network Intrusion Prevention System
F. Cisco Security Monitoring, Analysis, and Response System

Answer 69

Answer: D

Explanation

The Network Admission Control protects the network from threats by enforcing security compliance on all devices attempting to access the network. It only allows access to endpoints only after they have passed authentication based on security policies.

Question 70

A Cisco Self-Defending Network has been installed, but DoS attacks are still being directed at e-commerce hosts. The connection rate at the Internet firewall was limited, but the problem persists. What more can be done?

A. Move the seivers to the DMZ.
B. Install all relevant operating system patches.
C. Block the servers’ TCP traffic at the Internet firewall.
D. Block the servers’ UDP traffic at the Internet firewall.

Answer 70

Answer: B

Question 71

Which three security measures can be used to mitigate DoS attacks that are directed at exposed hosts within the E-Commerce module? (Choose three)

A. Partition the exposed hosts into a separate LAN or VLAN.
B. Use firewalls to block all unnecessary connections to the exposed hosts.
C. Use a VPN concentrator (IPSec) to protect and verify each connection to the exposed host or hosts.
D. Use LAN switch VTP pruning to separate hosts on the same segment.
E. Use NIDSs and HIPSs to detect signs of attack and to identify potentially successful breaches.

Answer 71

Answer: A B E

Question 72

Which Cisco security management solution provides the means to identify, isolate, and counter security threats to the network?

A. Adaptive Security Device Manager
B. Intrusion Prevention Device Manager
C. Security Device Manager
D. Cisco Security Manager
E. Cisco Security Monitoring, Analysis, and Response System

Answer 72

Answer: E

Explanation

Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based solution for network security administrators to monitor, identify, isolate, and respond to security threats. MARS understands the network topology and device configurations from routers, switches, firewalls, and IPS devices. MARS also can model
packet flows on the network.

Question 73

A large enterprise requires sensitive information be transmitted over a public infrastructure. It requires confidentiality, integrity, and authenticity. Which security solution best meets these requirements?

A. Cisco IOS Firewall
B. Intrusion Prevention
C. Secure Connectivity
D. AAA
E. Traffic Guard Protector

Answer 73

Answer: C

Question 74

Which technology can ensure data confidentiality, data integrity, and authentication across a public IP network?

A. GRE
B. IPsec
C. VLANs
D. VSANs
E. VPDNs

Answer 74

Answer: B

Question 75

For which technology is IPsec required for a site-to-site enterprise WAN/MAN architecture?

A. ATM
B. ISP Service
C. Frame Relay
D. SP MPLS VPN
E. self-deployed MPLS

Answer 75

Answer: B

Question 76

A Cisco security mechanism has the following attributes:
it is a sensor appliance
it searches for potential attacks by capturing and analyzing traffic
it is a “purpose-built device”
it is installed passively
it introduces no delay or overhead

Which Cisco security mechanism is this?

A. IKE
B. PIX
C. HIPS
D. NIDS
E. HMAC

Answer 76

Answer: D

Question 77

Which of these domain-of-trust security statements is correct?

A. Segments within a network should have the same trust models.
B. An administrator should apply consistent security controls between segments.
C. Communication between trusted entities needs to be carefully managed and controlled.
D. Segment security policy decisions are based on trust.

Answer 77

Answer: D

Question 78

Which two routing protocols usually converge most quickly? (Choose two)

A. RIPv1
B. RIPv2
C. BGP
D. IGRP
E. EIGRP
F. OSPF

Answer 78

Answer: E F

Question 79

Which two statements best describe an OSPF deployment? (Choose two)

A. ABR provides automatic classful network boundary summarization.
B. ABR requires manual configuration for classful network summarization.
C. External routes are propagated into the autonomous system from stub areas via ASBR.
D. External routes are propagated into the autonomous system from regular areas or NSSA via ASBR.
E. External routes are propagated into the autonomous system from regular areas or NSSA via ABR.

Answer 79

Answer: B D

Question 80

Which two of these are the most accurate characteristics of EIGRP deployment? (Choose two)

A. Provides features for most Ethernet, Frame Relay, and dial-up network deployment types.
B. Provides routing for IPv4, IPv6, Appletalk, and IPX.
C. Provides default hierarchical routing and summarization of a VLSM IP address deployment.
D. Provides quick convergence through neighbor relationships and topology backup routes.
E. Provides the best route selection on combined default metrics of active bandwidth,delay, load, reliability, and MTU parameters.

Answer 80

Answer: B D

Question 81

Your company’s Cisco routers are operating with EIGRP. You need to join networks with an acquisition’s heterogeneous routers at 3 sites, operating with EIGRP and OSPF. Which describes the best practice for routing protocol deployment?

A. apply OSPF throughout both networks
B. apply one-way redistribution exclusively at each location
C. apply two-way redistribution exclusively at each location
D. apply two-way redistribution at each location with a route filter at only one location
E. apply two-way redistribution at each location with a route filter at each location
F. apply EIGRP with the same autonomous system throughout both networks

Answer 81

Answer: E

Question 82

A network is being designed to meet the requirements listed. Within the enterprise network:
All routers are Cisco 3800 Series routers running the latest Cisco IOS release.
The fastest convergence time possible is required.
Unequal cost load-balancing is required.
For Internet connections:
A single link is used to connect to a single ISP.

Which two routing protocols should be used?(Choose two)

A. Use OSPF as the IGP within the enterprise.
B. Use EIGRP as the IGP within the enterprise.
C. Use Internal BGP as the IGP within the enterprise.
D. Use External BGP between the enterprise and the ISP.
E. Use EIGRP between the enterprise and the ISP.
F. Use Static (Default) routing between the enterprise and the ISP.

Answer 82

Answer: B F

Question 83

Which two statements best describe intradomain route summarization? (Choose two)

A. OSPF and RIP automatically summarize at classful network boundaries.
B. EIGRP and OSPF automatically summarize at classful network boundaries.
C. EIGRP and RIP automatically summarize at classful network boundaries.
D. EIGRP and OSPF must be manually configured to summarize at non-classful boundaries.
E. EIGRP and OSPF automatically summarize at non-classful boundaries.

Answer 83

Answer: C D

Question 84

Which statement describes the recommended deployment of IPv4 addressing in the Cisco Enterprise Architecture model?

A. private addressing throughout with public addressing in the Internet Connectivity module
B. private addressing throughout with public addressing in the Internet Connectivity and E-Commerce modules
C. private addressing throughout with public addressing in the Internet Connectivity, E-Commerce, and Remove Access (VPN) modules
D. private addressing throughout with public addressing in the Internet Connectivity,E-Commerce, and Enterprise Branch modules

Answer 84

Answer: C

Question 85

Which route address is the best summary of these network addresses?

A. 192.128.0.0/24
B. 192.128.171.128/3
C. 192.128.168.0/21
D. 192.128.175.0/3
E. 192.128.0.0/16

Answer 85

Answer: C

Question 86

An internal network has servers with private IPv4 addresses that must be visible from the public network. Which kind of address translation should be used to ensure this?

A. many-to-one translation (PAT)
B. many-to-one translation (Dynamic NAT)
C. one-to-one translation (Static NAT)
D. one-to-one translation (NAT Traversal)

Answer 86

Answer: C

Question 87

You are designing IPv6 into an existing IPv4 network. Which strategy can you use to allow both address schemes to coexist, thus facilitating migration?

A. bridge between the two networks
B. deploy stateful address assignments
C. run both the IPv6 and IPv4 stacks on devices
D. redistribute between IPv6-capable and non-IPv6-capable routing protocols
E. enable anycast capability in the routing protocol

Answer 87

Answer: C

Question 88

You are designing IPv6 into an existing IPv4 network. Which two strategies can you use to allow both address schemes to coexist, thus facilitating migration? (Choose two)

A. translate one protocol into the other
B. redistribute between IPv6-capable and non-IPv6-capable routing protocols
C. encapsulate IPv6 packets within IPv4 packets
D. bridge between the IPv6 and IPv4 networks
E. enable anycast capability in the routing protocol

Answer 88

Answer: A C

Question 89

A very large organization has received its IPv6 address range from its Internet Service Provider and intends to use only IPv6 addresses internally. Employees will access the Internet using port address translation. What is a requirement for their DNS servers?

A. They no longer need DNS servers.
B. Their DNS servers need to support both IPv4 and IPv6 addresses.
C. Their DNS servers need to support only IPv6 addresses.
D. Their DNS servers need to support only IPv4 addresses.
E. They need additional DNS servers in their network just for IPv6 addresses.
F. There are no changes required to their DNS servers.

Answer 89

Answer: B

Question 90

A global corporation has an internal network with the following characteristics:
2,000,000+hosts
10,000+ routers
Internet connectivity
high traffic volumes with business partners and customers

Which statement best describes what a flexible IPv6 strategy would look like for this corporation?

A. Both hosts and routers would run dual stack.
B. Hosts would run IPv4 and routers would run native IPv6.
C. Hosts would run dual stack and routers would run IPv4 only.
D. Hosts would run IPv6 and routers would run native IPv6.

Answer 90

Answer: A

Question 91

Which two statements about IPv6 addresses are true? (Choose two)

A. Leading zeros are required.
B. Two colons (::) are used to represent successive hexadecimal fields of zeros.
C. Two colons (::) are used to separate fields.
D. A single interface will have multiple IPv6 addresses of different types.

Answer 91

Answer: B D

Question 92

Which IPv6 feature enables routing to distribute connection requests to the nearest content server?

A. Link-local
B. Site-local
C. Anycast
D. Multicast
E. Global aggregatable

Answer 92

Answer: C

Question 93

A company is designing a worldwide IPv6 network with duplicated file servers at multiple locations. Each file server contains identical reference information. Which IPv6 address type would be used to allow each end station to send a request to the nearest file server using the same destination address, regardless of the location of that end station?

A. unicast
B. anycast
C. multicast
D. broadcast

Answer 93

Answer: B

Question 94

Which two link state routing protocols support IPv6 routing? (Choose two)

A. BGP4+
B. OSPF
C. RIPng
D. EIGRP
E. IS-IS

Answer 94

Answer: B E

Question 95

Which of these is the best routing deployment for a single dedicated link to an ISP for Internet access?

A. EIGRP
B. RIP
C. BGP
D. Static

Answer 95

Answer: D

Question 96

Which two routing protocols operate over NBMA point-to-multipoint networks without the use of point-to-point subinterfaces? (Choose two)

A. RIPv1
B. RIPv2
C. IGRP
D. EIGRP
E. OSPF
F. IS-IS

Answer 96

Answer: D E

Question 97

For which network scenario is static routing most appropriate?

A. parallel WAN links
B. IPSec VPN
C. expanding networks
D. hierarchical routing

Answer 97

Answer: B

Question 98

Your company uses OSPF for internal routing. The company will be connected to VendorA via a single dedicated link and to VendorB via redundant dedicated links. Both vendors also use OSPF for internal routing. Which of the following deployments describes the best intra-domain routing practice in this situation?

A. Connect your company to both VendorA and VendorB using existing OSPF.
B. Redistribute the routes on each link between your company and the vendors to a shared EIGRP routing protocol.
C. Use IBGP to reach VendorA and EBGP to reach VendorB.
D. Use static routes to reach VendorA and EBGP to reach VendorB.
E. Use static routes to reach both VendorA and VendorB.

Answer 98

Answer: D

Question 99

Which three factors best justify WAN link redundancy between geographically dispersed sites? (Choose three)

A. important traffic flows
B. lack of speed
C. high link utilization
D. uncertain reliability
E. excessive packet transmission rate
F. high expense of transmitting data

Answer 99

Answer: A B D

Question 100

Which of these accurately describes dial backup routing?

A. it always uses distance vector routing protocols
B. it always uses permanent static routes
C. the router inflates the dial backup link when a failure is detected on the primary link
D. it is supplied by the setvice provider as a secondary PVC at no additional charge
E. once the backup link is activated it will remain active even after the primary link is restored

Answer 100

Answer: C

Question 101

Refer to the exhibit.

Which module is the Enterprise WAN module?

A. Enterprise A
B. Enterprise B
C. Enterprise C
D. Enterprise D
E. Enterprise E
F. Enterprise F

Answer 101

Answer: C

Question 102

Western Associated News Agency recently acquired a large news organization with several sites, which will allow it to expand to worldwide markets. The new acquisition includes these connectivity technologies:
Frame Relay
ATM
SONET
cable
DSL
wireless
From a Layer 1 viewpoint, which Enterprise Edge module will be most affected?

A. ISP
B. PSTN
C. E-Commerce
D. WAN/MAN
E. Edge Distribution
F. Internet Connectivity

Answer 102

Answer: D

Question 103

Which three mechanisms are required to deploy QoS on an IP WAN? (Choose three)

A. traffic classification
B. Call Admission Control
C. queuing and scheduling
D. link efficiency techniques
E. traffic shaping
F. bandwidth provisioning

Answer 103

Answer: B D E

Question 104

Which three types of WAN topologies can be deployed in the Cisco Enterprise Architecture Enterprise Edge WAN module? (Choose three)

A. ring
B. star
C. full mesh
D. core/edge
E. collapsed core
F. partial mesh

Answer 104

Answer: B C F

Question 105

Which two of these best describe the implementation of a WAN Backup design over the Internet? (Choose two)

A. a best-effort method
B. requires no ISP coordination or involvement
C. bandwidth guaranteed based on interface configuration
D. designed as an alternative to a failed WAN connection
E. implemented with a point-to-point logical link using a Layer 2 tunnel

Answer 105

Answer: A D

Question 106

Refer to the exhibit.

All primary links are T1 s. The customer wants to have a backup to each remote office from the Headquarters office. Which two types of backup links would be viable solutions? (Choose two)

A. VPDN
B. shadow SVC
C. dial backup routing
D. permanent secondary WAN link

Answer 106

Answer: C D

Question 107

When designing using the Cisco Enterprise Architecture, in which Enterprise Campus layer do the Enterprise Edge and Enterprise WAN modules establish their connection?

A. Campus Core
B. Building Access
C. Enterprise Branch
D. Building Distribution
E. Enterprise Data Center

Answer 107

Answer: A

Question 108

When designing using the Cisco Enterprise Architecture, in which Enterprise Campus layer does the Enterprise Teleworker module establish its connection?

A. Building Core
B. Building Access
C. Enterprise Branch
D. Enterprise Data Center
E. WAN/Internet

Answer 108

Answer: E

Question 109

An organization needs a WAN Transport technology that meets these criteria:
has a low initial cost
provides low-to-medium BW
has medium-to-high latency and jitter

Which technology would you suggest?

A. DSL
B. X.25
C. ISDN
D. wireless
E. analog modem

Answer 109

Answer: A

Question 110

Which two statements best describe the implementation of Overlay VPN connectivity for remote access in the Enterprise Edge WAN module? (Choose two)

A. It must use Layer 2 labels to forward packets
B. It uses dedicated point-to-point links.
C. Bandwidth is provisioned on a site-to-site basis.
D. The ISP actively participates in customer routing.
E. Optimum routing between customer sites requires a full mesh of virtual circuits.

Answer 110

Answer: C E

Question 111

Which codec does Cisco recommend for WAN links?

A. G.711
B. G.723
C. G.728
D. G.729

Answer 111

Answer: D

Question 112

Which statement accurately describes one difference between a small office and medium office topology?

A. Small offices commonly use Rapid PVST+ for Layer 3 deployments.
B. Medium offices commonly use integrated route and switching platforms.
C. Medium offices use integrated 10/100/1000 interfaces as Layer 2 trunks.
D. Medium offices use external access switches to support LAN connectivity.

Answer 112

Answer: D

Question 113

Which statement can a network designer use to describe route summarization to an IT manager?

A. It is the grouping of multiple contiguous subnets into one Class A, B, or C IP address to minimize routing table size.
B. It is the grouping of multiple discontiguous subnets to increase routing performance.
C. It is the grouping of multiple contiguous networks and advertising as one large network.
D. It is the grouping of ISP network addresses to minimize the number of routes to the Internet.

Answer 113

Answer: C

Question 114

Refer to the exhibit.

Which two statements describe why Model A is the recommended design for routing between Building Distribution switches and Campus Core switches? (Choose two)

A. It uses timer-based non-deterministic convergence.
B. It is software-based, providing fast convergence to the remaining path.
C. Routes are not summarized from distribution to the core.
D. The Layer 3 redundant equal cost links support fast convergence.
E. A link or box failure does not require routing protocol convergence.

Answer 114

Answer: D E

Question 115

RST Corporation is planning to upgrade its current network. The chief technology officer has supplied a topology diagram and an IP addressing scheme of the current network during an interview. RST has been growing at about twenty percent per year. It has been difficult to maintain customer support at a satisfactory level. Therefore, the RST board has met with and directed the chief technology officer to look into network improvements. Which two items are most relevant in documenting RST’s business requirements? (Choose two)

A. projected growth estimates
B. network performance requirements
C. existing network topologies
D. improved customer support requirements
E. the IP addresses assigned by the ISP

Answer 115

Answer: A D

Question 116

You are designing a small branch office that requires these attributes:
support for 60 users
the growth capacity to add another 15 users soon
redundant access higher bandwidth between the Layer 2 switch and routing to the WAN

Which branch office topology or technology must be used?

A. two-tier
B. loop-free
C. three-tier
D. EtherChannel
E. integrated routing and switching

Answer 116

Answer: D

Question 117

A campus network needs end-to-end QoS tools to manage traffic and ensure voice quality. Which three types of QoS tools are needed? (Choose three)

A. interface queuing and scheduling
B. congestion management
C. compression and fragmentation
D. bandwidth provisioning
E. traffic classification
F. buffer management

Answer 117

Answer: A D E

Question 118

After a period of rapid growth, FloCzar Boats is seeking better network management tools.
Managers have developed this needs list:
Move from static to dynamic device information.
Gain information to assist in long-term trend analysis.
Concentrate on Layer 4 monitoring.

Which management protocol will most help FloCzar achieve its goals?

A. Cisco Discovery Protocol
B. RMON
C. SNMP
D. RMON2
E. NetFlow

Answer 118

Answer: D

Question 119

A network design document is being prepared for a customer. Which three network design elements must be included? (Choose three)

A. data sources
B. design details
C. proof of concept
D. implementation plan
E. organizational policies

Answer 119

Answer: B C D

Question 120

A company is implementing an Identity Management solution with these characteristics:
existing Cisco ACS 4.0
Cisco Catalyst switches
minimal added investments

Which Cisco Trust and Identity solution would you recommend?

A. NAC Appliance (Cisco Clean Access)
B. Cisco IBNS
C. NAC Framework
D. Cisco Security Agent
E. CSM
F. Cisco Security MARS

Answer 120

Answer: B

Question 121

The BodMech online fitness organization specializes in creating fitness plans for senior citizens. The company recently added a health-products retail inventory. Which E-Commerce module device will allow customers to interact with the company and purchase products?

A. application server
B. database server
C. public server
D. web server
E. NIDS appliance
F. SMTP mail server

Answer 121

Answer: D

Question 122

A network design includes private addressing, but there is also a need for two or three network devices to each be assigned a unique public address so they can be accessed from the Internet. Which technique will satisfy this requirement?

A. Dynamic NAT
B. Static NAT
C. DHCP
D. VPN tunneling

Answer 122

Answer: B

Question 123

In a Cisco CatOS switch, what is the recommended practice when configuring switch-to-switch intercommunications to carry multiple VLANs for Dynamic Trunk Protocol?

A. auto to auto_negotiate
B. auto to auto_no_negotiate
C. on to on_negotiate
D. desirable to desirable_negotiate
E. desirable to desirable_no_negotiate
F. disable Dynamic Trunk Protocol when operating in the distribution layer

Answer 123

Answer: D

Question 124

The topology map in the draft design document should cover which two layers of the OSI model? (Choose two)

A. physical
B. data link
C. network
D. transport
E. session
F. application

Answer 124

Answer: A C

Question 125

Which statement correctly describes queuing in environments supporting teleworkers?

A. CQ is for time-sensitive protocols.
B. Queuing occurs on the outbound interface.
C. Priority queuing guarantees some level of sen/ice to all traffic.
D. Hardware queues are configured for appropriate PQ, CQ, or WFQ.
E. WFQ is the Cisco IOS default on all WAN links regardless of speed.

Answer 125

Answer: B

Question 126

Which two methods are used to enhance VPN performance on Cisco ISRs? (Choose two)

A. built-in hardware-based encryption acceleration
B. SSL Acceleration Network Module
C. high-performance VPN encryption AIM
D. VPN Service Adapter
E. VPN Acceleration Module
F. VPN Shared Port Adapter

Answer 126

Answer: A C

Question 127

Refer to the exhibit.

A standard Layer 2 campus network design is pictured. Which numbered box represents the core layer?

A. #1
B. #2
C. #3
D. #4
E. #5

Answer 127

Answer: C

Question 128

What is the recommended spanning tree protocol to use for all Layer 2 deployments in a branch office environment?

A. CST
B. RSPT
C. PVST
D. MISTP
E. Rapid PVST+VP

Answer 128

Answer: E

Question 129

Which two of these are scalability benefits of designing a network that utilizes VPNs?(Choose two)

A. extends the network to remote users
B. allows networks to be set up and restructured quickly
C. reduces dial infrastructure expenditures
D. reduces the number of physical connections
E. simplifies the underlying structure of a customer WAN

Answer 129

Answer: D E

Question 130

Which two capabilities of NetFlow accounting assist designers with network planning?(Choose two)

A. the decoding and analyzing of packets
B. the monitoring of processor time on network devices
C. the monitoring of user network utilization
D. the calculation of packet and byte counts of network traffic
E. the presentation of a time-based view of application usage on the network

Answer 130

Answer: C D

Question 131

Refer to the exhibit.

435 Cisco model 2800 routers
129 Cisco model 3800 routers
10 Cisco model 7500 routers

You are documenting the existing network of a customer with a large installed Cisco network. The routers listed are in use on the network. Which two additional pieces of information would be the most valuable in completing your documentation of these routers? (Choose two)

A. error statistics
B. interface options
C. software revisions
D. power requirements
E. management protocols

Answer 131

Answer: B C

Question 132

Which two design criteria require VLANs in a proposed solution? (Choose two)

A. video streaming on the LAN
B. security between departments
C. the segmenting of collision domains
D. the segmenting of broadcast domains
E. the use of multivendor equipment
F. a limited corporate budget

Answer 132

Answer: B D

Question 133

Drag the data center property on the left to the design aspect on the right it is most apt to affect

Answer 133

Answer:

Space: amount of racks, equipment, cabling, people
Weight load: rack servers vs blade servers
Power: variability of computing load, computing power and memory requirements
Cooling: arranging equipment racks face-to-face or back-to-back
Cabling: abundant, variable, well organized and easy to maintain
Security: disasters, fire suppression and alarm systems

Explanation

The data center space includes number of racks for equipment that will be installed. Other factor needs to be considered is the number of employees who will work in that data center.

Rack servers are low cost and provide high performance, unfortunately they take up space and consume a lot of energy to operate. Blade servers provide similar computing power when compared to rack mount servers, but require less space, power, and cabling. The chassis in most blade servers allows for shared power, Ethernet LAN, and Fibre Channel SAN connections, which reduce the number of cables needed.

The power in the data center facility is used to power cooling devices, servers, storage equipment, the network, and some lighting equipment. In server environments, the power usage depends on the computing load place on the server. For example, if the server needs to work harder by processing more data, it has to draw more AC power from the power supply, which in turn creates more heat that needs to be cooled down.

Cooling is used to control the temperature and humidity of the devices. The cabinets and racks should be arranged in the data center with an alternating pattern of “cold” and “hot” aisles. The cold aisle should have equipment arranged face to face, and the hot aisle should have equipment arranged back to back. In the cold aisle, there should be perforated floor tiles drawing cold air from the floor into the face of the equipment. This cold air passes through the equipment and flushes out the back into the hot aisle. The hot aisle does not have any perforated tiles, and this design prevents the hot air from mixing with the cold air.

The cabling in the data center is known as the passive infrastructure. Data center teams rely on a structured and well-organized cabling plant. It is important for cabling to be easy to maintain, abundant and capable of supporting various media types and requirements for proper data center operations.

Fire suppression and alarm systems are considered physical security and should be in place to protect equipment and data from natural disasters and theft.

Question 134

Drag the WAN characteristic on the left to the branch office model where it would most likely be used on the right

Answer 134

Answer:

Small Office:
+ redundant links
+ internet deployment model

Medium Office:
+ redundant devices
+ private WAN deployment

Large Office:
+ MPLS deployment model
+ redundant links and devices

Explanation

Small Office:

The small office is recommended for offices that have up to 50 users. The Layer 3 WAN services are based on the WAN and Internet deployment model. A T1 is used for the primary link, and an ADSL secondary link is used for backup.

Medium Office:

The medium branch design is recommended for branch offices of 50 to 100 users. Medium Offices often use redundancy gateway services like Hot Standby Router Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP).

Private WAN generally consists of Frame Relay, ATM, private lines, and other traditional WAN connections. If security is needed, private WAN connections can be used in conjunction with encryption protocols such as Digital Encryption Standard (DES), Triple DES (3DES), and Advanced Encryption Standard (AES). This technology is best suited for an enterprise with moderate growth outlook where some remote or branch offices will need to be connected in the future.

Dual Frame Relay links in medium office provide the private WAN services, which are used to connect back to the corporate offices via both of the access routers.

Large Office:

The large office supports between 100 and 1000 users. The WAN services use an MPLS deployment model with dual WAN links into the WAN cloud -> MPLS & redundant links.

(Reference: CCDA 640-864 Official Cert Guide)

Question 135

Drag the security provision on the left to the appropriate network module on the right

Answer 135

Answer:

Access:
+ Protect network services including DHCP, ARP, and IP spoofing protection
+ Protect against inadvertent loops

Distribution:
+ Protect the endpoints using network based intrusion prevention
+ Protect the infrastructure using NFP best practices

Core:
+ Does not perform security functions to mitigate transit threats
+ Filter and rate-limit control plane traffic

Explanation

Rate limiting controls the rate of bandwidth that incoming traffic is using, such as ARPs and DHCP requests.

Access layer:

Some security measures used for securing the campus access layer, including the following:
* Securing the endpoints using endpoint security software
* Securing the access infrastructure and protecting network services including DHCP, ARP, IP spoofing protection and protecting against inadvertent loops using Network Foundation Protection (NFP) best practices and Catalyst Integrated Security Features (CISF).

Distribution layer:

Security measures used for securing the campus distribution layer including the following:
* Protecting the endpoints using network-based intrusion prevention
* Protection the infrastructure using NFP best practices

Core layer:

The primary role of security in the enterprise core module is to protect the core itself, not to apply policy to mitigate transit threats traversing through the core.

The following are the key areas of the Network Foundation Protection (NFP) baseline security best practices applicable to securing the enterprise core:

* Infrastructure device access—Implement dedicated management interfaces to the out-of-band (OOB) management network, limit the accessible ports and restrict the permitted communicators and the permitted methods of access, present legal notification, authenticate and authorize access using AAA, log and account for all access, and protect locally stored sensitive data (such as local passwords) from viewing and copying.

* Routing infrastructure—Authenticate routing neighbors, implement route filtering, use default passive interfaces, and log neighbor changes.

* Device resiliency and survivability—Disable unnecessary services, filter and rate-limit control-plane traffic, and implement redundancy.

* Network telemetry—Implement NTP to synchronize time to the same network clock; maintain device global and interface traffic statistics; maintain system status information (memory, CPU, and process); and log and collect system status, traffic statistics, and device access information.

Question 136

Drag the Campus Layer Design on the left to the appropriate location on the right

Answer 136

Answer:

Access:
+ routing boundary (dynamic, summarization, static)
+ the most feature-rich parts of the campus network

Distribution:
+ enforces policy within the network
+ provide security, QoS, and IP multicast to network

Core:
+ high level of availability, scalability and fast convergence
+ provides a limited set of services

Explanation

Campus Access Layer Network Design

The access layer is the first tier or edge of the campus, where end devices such as PCs, printers, cameras, Cisco TelePresence, etc. attach to the wired portion of the campus network. The wide variety of possible types of devices that can connect and the various services and dynamic configuration mechanisms that are necessary make the access layer one of the most feature-rich parts of the campus network.

Campus Distribution Layer

The campus distribution layer provides connectivity to the enterprise core for clients in the campus access layer. It aggregates the links from the access switches and serves as an integration point for campus security services such as IPS and network policy enforcement.

Distribution layer switches perform network foundation technologies such as routing, quality of service (QoS), and security.

Core Layer

The core layer provides scalability, high availability, and fast convergence to the network. The core layer is the backbone for campus connectivity, and is the aggregation point for the other layers and modules in the Cisco Enterprise Campus Architecture. The core provides a high level of redundancy and can adapt to changes quickly. Core devices are most reliable when they can accommodate failures by rerouting traffic and can respond quickly to changes in the network topology. The core devices implement scalable protocols and technologies, alternate paths, and load balancing. The core layer helps in scalability during future growth.

The campus core is in some ways the simplest yet most critical part of the campus. It provides a very limited set of services and is designed to be highly available and operate in an “always-on” mode. In the modern business world, the core of the network must operate as a non-stop 7x24x365 service.

Note:

It is a difficult question! Some characteristics are present at more than one layer so it is difficult to classify correctly. For example, a Cisco site says:

“The campus distribution layer acts as a services and control boundary between the campus access layer and the enterprise core. It is an aggregation point for all of the access switches providing policy enforcement, access control, route and link aggregation, and the isolation demarcation point between the campus access layer and the rest of the network.”

It means that the “routing boundary” should belong to the Distribution Layer instead of Access Layer. But the Distribution Layer also “enforces policy within the network” & “provide security, QoS, and IP multicast to network”.

After a lot of research, I decide to put the “routing boundary” to the Access Layer because this feature seems to be at the border of Access & Distribution layers so we can choose either. The “provide security, QoS, and IP multicast to network” features mainly belong to the Distribution layer (the Official 640-864 CCDA mentions about QoS, Security filtering & Broadcast or multicast domain definition in the Distribution layer)

Question 137

Drag the WAN technology on the left to the most appropriate category on the right

Answer 137

Answer:

Leased:
+ TDM
+ SONET

Shared:
+ Frame-Relay
+ MPLS

Explanation

TDM & SONET are circuit-based so they are leased-line while Frame-Relay & MPLS are shared-circuit or packet-switched WAN

Question 138

Drag the technology on the left to the type of enterprise virtualization where it is most likely to be found on the right

Answer 138

Answer:

Network Virtualization:
+ VLAN
+ vPC
+ VRF

Device Virtualization:
+ ASA firewall context
+ IPS
+ VDC

Explanation

Network virtualization encompasses logical isolated network segments that share the same physical infrastructure. Each segment operates independently and is logically separate from the other segments. Each network segment appears with its own privacy, security, independent set of policies, QoS levels, and independent routing paths.

Here are some examples of network virtualization technologies:
* VLAN: Virtual local-area network
* VSAN: Virtual storage-area network
* VRF: Virtual routing and forwarding
* VPN: Virtual private network
* vPC: Virtual Port Channel

Device virtualization allows for a single physical device to act like multiple copies of itself. Device virtualization enables many logical devices to run independently of each other on the same physical piece of hardware. The software creates virtual hardware that can function just like the physical network device. Another form of device virtualization entails using multiple physical devices to act as one logical unit.

Here are some examples of device virtualization technologies:
* Server virtualization: Virtual machines (VM)
* Cisco Application Control Engine (ACE) context
* Virtual Switching System (VSS)
* Cisco Adaptive Security Appliance (ASA) firewall context
* Virtual device contexts (VDC)

Question 139

Drag the network function on the left to the functional area or module where it is most likely to be performed in the enterprise campus infrastructure on the right

Answer 139

Enterprise Campus: enables intelligent route and switch, high availability resilient multilayer design and integrated security
Enterprise Edge: aggregates connectivity to voice, video, and data outside the enterprise with Qos and security
E-Commerce: supports application traffic through the Internet, initiated outside the enterprise network
Internet Connectivity: provides internal users with external HTTP, FTP, SMTP and DNS connectivity
Remote Access and VPN: terminates traffic that is forwarded by the Internet connectivity module
Data Center: enables service-oriented architectures, virtualization and secure computing with load balancing, redundancy

Access:
+ Protect network services including DHCP, ARP, and IP spoofing protection
+ Protect against inadvertent loops

Distribution:
+ Protect the endpoints using network based intrusion prevention
+ Protect the infrastructure using NFP best practices

Core:
+ Does not perform security functions to mitigate transit threats
+ Filter and rate-limit control plane traffic

Question 140

Drag the network characteristic on the left to the design method on the right which will best ensure redundancy at the building distribution layer

Answer 140

Answer:

Layer 2 between distribution and access layers, with a Layer 3 link between the distribution switches:
FHRP for convergence, no VLANs span between access layer switches across the distribution switches

Layer 3 between distribution and access layers, with a Layer 3 link between the distribution switches:
Support Layer 2 VLANs spanning multiple access layer switches across the distribution switches

VSS: Convergence (FHRP) is not an issue

Question 141

Click and drag the QoS feature type on the left to the category of QoS mechanism on the right.

Answer 141

Answer:

+ classification and marking: ACLs
+ congestion avoidance: WRED
+ traffic conditioners: CAR
+ congestion management: LLQ
+ link efficiency: LFI

Explanation

Classification is the process of partitioning traffic into multiple priority levels or classes of service. Information in the frame or packet header is inspected, and the frame’s priority is determined.Marking is the process of changing the priority or class of service (CoS) setting within a frame or packet to indicate its classification. Classification is usually performed with access control lists (ACL), QoS class maps, or route maps, using various match criteria.

Congestion-avoidance techniques monitor network traffic loads so that congestion can be anticipated and avoided before it becomes problematic. Congestion-avoidance techniques allow packets from streams identified as being eligible for early discard (those with lower priority) to be dropped when the queue is getting full. Congestion avoidance techniques provide preferential treatment for high priority traffic under congestion situations while maximizing network throughput and capacity utilization and minimizing packet loss and delay.

Weighted random early detection (WRED) is the Cisco implementation of the random early detection (RED) mechanism. WRED extends RED by using the IP Precedence bits in the IP packet header to determine which traffic should be dropped; the drop-selection process is weighted by the IP precedence.

Traffic conditioner consists of policing and shaping. Policing either discards the packet or modifies some aspect of it, such as its IP Precedence or CoS bits, when the policing agent determines that the packet meets a given criterion. In comparison, traffic shaping attempts to adjust the transmission rate of packets that match a certain criterion. Shaper typically delays excess traffic by using a buffer or queuing mechanism to hold packets and shape the ?ow when the source’s data rate is higher than expected. For example, generic traffic shaping uses a weighted fair queue to delay packets to shape the flow. Traffic conditioner is also referred to as Committed Access Rate (CAR).

Congestion management includes two separate processes: queuing, which separates traffic into various queues or buffers, and scheduling, which decides from which queue traffic is to be sent next. There are two types of queues: the hardware queue (also called the transmit queue or TxQ) and software queues. Software queues schedule packets into the hardware queue based on the QoS requirements and include the following types: weighted fair queuing (WFQ), priority queuing (PQ), custom queuing (CQ), class-based WFQ (CBWFQ), and low latency queuing (LLQ).

LLQ is also known as Priority Queuing–Class-Based Weighted Fair Queuing (PQ-CBWFQ). LLQ provides a single priority but it’s preferred for VoIP networks because it can also configure guaranteed bandwidth for different classes of traffic queue. For example, all voice call traffic would be assigned to the priority queue, VoIP signaling and video would be assigned to a traffic class, FTP traffic would be assigned to a low-priority traffic class, and all other traffic would
be assigned to a regular class.

Link efficiency techniques, including link fragmentation and interleaving (LFI) and compression. LFI prevents small voice packets from being queued behind large data packets, which could lead to unacceptable delays on low-speed links. With LFI, the voice gateway fragments large packets into smaller equal-sized frames and interleaves them with small voice packets so that a voice packet does not have to wait until the entire large data packet is sent. LFI reduces and ensures a more predictable voice delay.

Question 142

Click and drag the Cisco Self-Defending Network term on the left to the SDN description on the right. Not all terms will be used.

Answer 142

Answer:

+ provides secure network access, isolates and controls infected devices attempting access: Trust and Identity Management
+ uses encryption and authentication to provide secure transport across untrusted networks: Secure Connectivity
+ uses security integrated into routers, switches, and appliances to defend against attacks: Threat Defense
+ integrates security into the network to identify, prevent, and adapt to threats: Cisco Self-Defending Network

Explanation

Trust and identity management solutions provide secure network access and admission at any point in the network and isolate and control infected or unpatched devices that attempt to access the network. If you are trusted, you are granted access.

We can understand “trust” is the security policy applied on two or more network entities and allows them to communicate or not in a specific circumstance. “Identity” is the “who” of a trust relationship.

The main purpose of Secure Connectivity is to protect the integrity and privacy of the information and it is mostly done by encryption and authentication. The purpose of encryption is to guarantee confidentiality; only authorized entities can encrypt and decrypt data. Authentication is used to establish the subject’s identity. For example, the users are required to provide username and password to access a resource…

Question 143

Match the Cisco security solution on the left to its function on the right.

Answer 143

Answer:

+ protects the endpoints (desktops, laptops and servers): Cisco Security Agent
+ provides multiple functions as a high performance security appliance: ASA
+ prevents DDoS attacks: Anomaly Guard and Detector
+ provides Web-Based VPN services: SSL Service Module
+ prevents attacks inline: IPS Appliance

Question 144

Answer 144

limits the number of frames transmitted before an acknowledgement is received: window size
reduces data size to save transmission time, optimizing the use of WAN bandwidth: data compression
allows network administrators to manage the varying demands generated by applications: queuing
discards packets or modifies some aspect of them (such as IP precedence): traffic policing

Question 145

Place the PPDIOO Methodology in the correct order

Optimize Step 1
Design Step 2
Prepare Step 3
Implement Step 4
Operate Step 5
Plan Step 6

Answer 145

Step 1: Prepare
Step 2: Plan
Step 3: Design
Step 4: Implement
Step 5: Operate
Step 6: Optimize

Question 146

Answer 146

Agent: generate traps of events
MIB: store information about network objects
SNMP: management transport mechanism
Manager: periodically collects object information

Explanation

The SNMP system consists of three parts: SNMP manager, SNMP agent, and MIB.

The agent is the network management software that resides in the managed device. The agent gathers the information and puts it in SNMP format. It responds to the manager’s request for information and also generates traps.

A Management Information Base (MIB) is a collection of information that is stored on the local agent of the managed device. MIBs are databases of objects organized in a tree-like structure, with each branch containing similar objects