Vous êtes sur la page 1sur 59

CCDP_Arch_300-320_by_Gon_Oct_2018_172Q

Number: 300-320
Passing Score: 860
Time Limit: 120 min
File Version: 2.1

This ls the latest updated collection gathered Starting By Antoni , Mr.x, Pentacis,
Crossbar and Madox, Baldasar, Gutsy, Red-dot, Canelo, CCDP1, wolf...
Every thing here is updated , corrected , and non-duplicated by October 2018
Exam A

QUESTION 1
A network designer needs to explain the advantages of route summarization to a client. Which two options are
advantages that should be included in the explanation? (Choose two)

A. Increases security by advertising fake networks


B. Reduces routing table size
C. Advertises detailed routing tables
D. Utilizes the routers full CPU capacity
E. Reduces the upstream impact of a flapping interface

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 2
What is the next action taken by the Cisco NAC Appliance after it identifies vulnerability on a client device?

A. Denies the client network resource access


B. Repairs the effected devices
C. Generates a Syslog message
D. Permits the client but limits to guest access

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
@Zoltan

From Cisco doc : NAC Appliance enforces security policies by blocking, isolating, and repairing noncompliant
machines.
=>(Order) Blocking > Isolating > Repairing

QUESTION 3
Which of the following facts must be considered when designing for IP telephony within an Enterprise Campus
network?

A. Because the IP phone is a three-port switch, IP telephony extends the network edge, impacting the
Distribution layer.
B. Video and voice are alike in being bursty and bandwidth intensive, and thus impose requirements to be
lossless, and have minimized delay and jitter.
C. IP phones have no voice and data VLAN separation, so security policies must be based on upper layer
traffic characteristics.
D. Though multi-VLAN access ports are set to Dot1Q and carry more than two VLANs they are not trunk ports.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
@crossbar
“The multi-VLAN access ports are not trunk ports, even though the hardware is set to the dot1q trunk. The
hardware setting is used to carry more than one VLAN, but the port is still considered an access port that is
able to carry one native VLAN and the auxiliary VLAN.”
=> not more than two

QUESTION 4
Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology? (Choose
two)

A. redundancy
B. bandwidth
C. cost
D. delay
E. hops

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 5
An engineer must add a new firewall in front of the public web server infrastructure in an ACI network. Which
ACI function is used to accomplish this requirement?

A. Application Network Profile


B. Service chaining
C. Static binding
D. Layer 4-7 services

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 6
A customer is discussing QoS requirements with a network consultant. The customer has specified that end-to-
end path verification is a requirement. Which QoS architecture is most appropriate for the requested design?

A. marking traffic at the access layer with DSCP to support the traffic flow
B. marking traffic at the access layer with CoS to support the traffic flow
C. RSTP mdoel with PHB to support the traffic flows
D. IntServ model with RSVP to support the traffic flows

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 7
One-to-one ratio mapping for access switches close to servers?
A. ToR
B. EoR
C. …
D. …

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 8
A network engineer must use an Internet connection to provide backup connectivity between two sites. The
backup must be encrypted and support multicast. Which technology must be used?

A. DMVPN
B. GRE over IPSec
C. IPSec direct encapsulation
D. GETVPN

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 9
Which VPN connectivity representing both Hub-and-Spokes and Spokes-to- Spokes?

A. DMVPN
B. IPSec VPN
C. VPN Router
D. VPN Hub

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 10
A network consultant is designing an Internet Edge solution and is providing the details around the flow
supporting a local Internet Proxy. How is on-premises web filtering supported?

A. A Cisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP
B. A Cisco ASA uses an IPS module to inspect HTTP and HTTPS traffic
C. A Cisco ASA redirects HTTPS and HTTPS traffic to CWS with a Web Security Connector
D. A Cisco ASA connects to the web Security Appliance via TLS to monitor HTTP and HTTPS traffic

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 11
What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?

A. IPX
B. Microsoft NetBIOS
C. IPv6
D. IPv4

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 12
Two company want to merge their OSPF networks , but they run different OSPF domains , Which is option
must be created to accomplished this requirement?

A. OSPF virtual link to bridge the backbone areas of the two companies together
B. Route summarization
C. Static OSPF
D. Redistribute routes between domains

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
From my CCIE colleague:
To join two companies probably best to statically route between ASBRs – if the companies are to merge as one
then you would merge area 0 using virtual link.

QUESTION 13
An engineer is designing a multi cluster BGP network, each cluster has two Route Reflectors and four Route
Reflector clients. Which 2 options must be considered? (Choose two)

A. Clients from all clusters should peer with all Route Reflectors
B. All Route Reflectors should be non-client peers in a partially meshed topology
C. All Route Reflectors must be non-client peers in a fully meshed topology
D. Clients must not peer with iBGP speakers outside the client router
E. Clients should peer with at least one other client outside it’s cluster

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 14
A network Engineer is designing a hierarchical design and needs to optimize WAN design. On what group of
devices can a network engineer summarise routes to remote WAN sites?

A. Core
B. Distribution
C. Data Center Distribution WAN Edge
D. WAN Edge
E. Campus access distribution layer

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Comments:
Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN Edge
and towards campus & data centre

QUESTION 15
Which two design concerns must be addressed when designing a multicast implementation? (Choose two)

A. only the low-order 23 bits of the MAC address are used to map IP addresses
B. only the low-order 24 bits of the MAC address are used to map IP addresses
C. only the high-order 23 bits of the MAC address are used to map IP addresses
D. only the low-order 23 bits of the IP address are used to map MAC addresses
E. the 0x01004f MAC address prefix is used for mapping IP addresses to MAC addresses
F. the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses

Correct Answer: DF
Section: (none)
Explanation

Explanation/Reference:
Comments:
Ethernet & FDDI Multicast Addresses
- The low order bit (0x01) in the first octet indicates that this packet is a Layer 2 multicast packet. Furthermore,
the “0x01005e” prefix has been reserved for use in mapping L3 IP multicast addresses into L2 MAC addresses.
- When mapping L3 to L2 addresses, the low order 23 bits of the L3 IP multicast address are mapped into the
low order 23 bits of the IEEE MAC address. Notice that this results in 5 bits of information being lost.
https://www.cisco.com/networkers/nw00/pres/3200/3200_c1_Mod2_rev1.pdf

QUESTION 16
Which of the following is a result when designing multiple EIGRP autonomous systems within the Enterprise
Campus network?

A. Improves scalability by dividing the network using summary routes at AS boundaries


B. Decreases complexity since EIGRP redistribution is automatically handled in the background
C. Reduces the volume of EIGRP queries by limiting them to one EIGRP AS
D. Scaling is improved when a unique AS is run at the Access, Distribution, and Core layers of the network

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Comments:
Chapter 2 of CiscoPress CCDP fourth edition clearly says (there is even a test at the end of the chapter) that
introducing additional ASes won’t reduce the volume of EIGRP queries as these will be forwarded across the
ASes.

QUESTION 17
What two sensor types exist in an IDS/IPS solution? (Choose two)

A. host
B. anomaly based
C. policy based
D. network based
E. signature

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
@Samsonite

I see the confusion in this one. There are 2 types of “sensors”, host-based and network-based. There are 3
types of methods/technologies for detecting bad traffic within a sensor – signature-based, anomaly-based,
policy-based.

https:**//www.certificationkits.com**/cisco-certification/ccna-security-certification-topics/ccna-security-
implement-ips-with-sdm/ccna-security-network-based-vs-host-based-intrusion-detection-a-prevention/

QUESTION 18
Which of this is true of IP addressing with regard to VPN termination?

A. IGP routing protocols will update their routing tables over an IPsec VPN
B. Termination devices need routable addresses inside the VPN
C. Addressing design need to allow for summarization
D. Designs should not include overlapping address spaces between sites, since NAT is not supported

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Comments:
Best design practices say the VPN design should allow for summarization. With regards to D - sometimes you
cannot avoid overlapping addresses as this is what is configured at client's end, and the only option is to hide
the overlapping subnet behind NAT - based on experience (The author of this remark has 50x VPN tunnels and
majority of them is using NAT, even if the subnet doesn't overlap, we want to hide our real IPs behind
something else - extra security)

QUESTION 19
A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has
already been implemented and optimized, and it is no longer effective in ensuring optimal network performance.
Which two actions can improve network performance? (Choose two)

A. Reconfigure QoS based on the IntServ model


B. Configure selective packet discard to drop noncritical network traffic
C. Implement higher-speed uplink interfaces
D. Bundle additional uplinks into logical Ether-Channels
E. Utilize random early detection to manage queues

Correct Answer: CD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 20
Which technology is an example of the need for a designer to clearly define features and desired performance
when designing advanced WAN services with a service provider?

A. FHRP to remote branches


B. Layer 3 MPLS VPNs secure routing
C. Control protocols (for example Spanning Tree Protocol) for a Layer 3 MPLS service
D. Intrusion prevention, QoS, and stateful firewall support network wide

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
This answer is an example that show that the designer did not clearly defined his needs because the SP gave a
L3 service when L2 was needed. In other dumps from Internet answer is B and I think it is right, because
designer must be sure that SP provides secure routing service with needed performance, but how control
protocols works inside SP net designer.

QUESTION 21
Which option is correct when using Virtual Switching System?

A. Both control planes forward traffic simultaneously


B. Only the active switch forward traffic
C. Both data planes forward traffic simultaneously
D. Only the active switch handles the control plane

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Comments:
Definitely C – again Chapter 1 of CiscoPress CCDP fourth edition Distribution-to Distribution Interconnect with
the Virtual Switch Model
The virtual switch system operates differently at different planes. From a control plane point of view, the VSS
peers (switches) operate in active standby redundancy mode. The switch in active redundancy mode will
maintain the single configuration file for the VSS and sync it to the standby switch, and only the console
interface on the active switch is accessible
VSS1440 (in the book) A VSS1440 refers to the VSS formed by two Cisco Catalyst 6500 Series Switches with
the
Virtual Switching Supervisor 720-10GE. In a VSS, the data plane and switch fabric with capacity of 720 Gbps of
supervisor engine in each chassis are active at the same time on both chassis, combining for an active 1400-
Gbps switching capacity per VSS. Only one of the virtual switch members has the active control plane. Both
chassis are kept in sync with the inter-chassis Stateful Switchover (SSO) mechanism along with Nonstop
Forwarding (NSF) to provide nonstop communication even in the event of failure of one of the member
supervisor engines or chassis.
https://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-virtual-switchingsystem-
1440/prod_qas0900aecd806ed74b.html
In my opinion C & D are correct.

QUESTION 22
Routing protocol that provides unequal cost path with different metrics for load balancing purposes?

A. OSPF
B. EIGRP
C. ISIS
D. BGP
E. RIP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 23

Refer to the exhibit. An engineer must provide a redesign for the distribution and access layers of the network.
Which correction allows for a more efficient design?

A. Change the link between Distribution Switch A and Distribution Switch B to be a routed link.
B. Reconfigure the Distribution Switch A to become the HSRP Active.
C. Create an EtherChannel link between Distribution Switch A and Distribution Switch B.
D. Add a link between Access Switch A and Access Switch B.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 24
Which option is the Cisco recommendation for data oversubscription for access ports on the access-to
distribution uplink?

A. 4 to 1
B. 20 to 1
C. 16 to 1
D. 10 to 1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 25
An engineer is designing a layer 3-enabled access layer. Which design recommendation must the engineer
consider when deploying EIGRP routing within the access layer?

A. Implement floating static routes on access switches for redundant links


B. Configure all edge access layer switches to use a stub routing feature
C. Enable multiple uplinks from each access switch stack to the distribution switches
D. Use the First Hop Redundancy Protocol on access layer switches

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 26
What are the two methods of ensuring that the RPF check passes? (Choose two)

A. implementing static mroutes


B. implementing OSPF routing protocol
C. implementing MBGP
D. disabling the interface of the router back to the multicast source
E. disabling BGP routing protocol

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:
Comments:
The router determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast
routing protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It
is important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change
in the unicast routing table immediately triggers an RPF recheck on most modern routers.
Having OSPF routing protocol in place won’t really ensure that the RPF check passes.
Let’s say we have implemented OSPF routing protocol within the topology below (have a look at the URL
below), “R3” knows the best path to 1.1.1.0/24 is via interface F0/0 but “R3” receives multicast packet from
source server (1.1.1.1/24) on interface S0/0. The RPF will fail. We can get this fixed by implementing static
mroutes (static multicast-routes) to force multicast traffic to go back via interface S0/0 (ip mroute 0.0.0.0 0.0.0.0
s0/0)
Having unicast routing protocol (OSPF, EIGRP, BGP, RIP, IGRP, IS-IS etc) won't necessarily mean the RPF
will succeed but having a multicast routing protocol (Multipoint BGP) or dedicated multicast static routes
(mroutes) will. The only which I still have is that if the multicast
routing protocol relies on the underlying unicast routing table (OSPF) how does it ensure that the RPF check
passes.
https://supportforums.cisco.com/t5/network-infrastructure-documents/multicast-rpf-recovery-using-static-
multicast-routing/ta-p/3139007

QUESTION 27
A client requirement to separate management and control layer within an organization. Which technology can
be used to achieve this requirement while minimizing physical devices?

A. Virtual Device Context


B. VRF
C. Virtual Switching System
D. Virtual Local Area Networks
E. MEC

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 28
An engineer is designing a multitenant network that requires separate management access and must share a
single physical firewall. Which two features support this design? (Choose two)

A. Site-to-Site VPN
B. dynamic routing protocols
C. multicast routing
D. threat detection
E. quality of service
F. unified communications

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:
Comments:
This one is a little bit trickier, separate management access means the multi-context mode
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/ha-
contexts.pdf
Page 14 of Guidelines for Multiple Context Mode lists unsupported features, after you cross the unsupported
features out - you are left with what works on a multi-context mode firewall

QUESTION 29
Which technology should a network designer combine with VSS to ensure a loop free topology with optimal
convergence time?
A. PortFast
B. UplinkFast
C. RPVST+
D. Multichassis EtherChannel

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Comments:
"C" definitely not as STP is disabled when VSS is configured at the distribution layer.
MEC comes with Cisco Catalyst (VSS) like vPC comes with Cisco NX-OS.

QUESTION 30
What needs to be configured to control unwanted transit traffic to not be routed to remote branches that have
multiple WAN connections?

A. route weighting
B. route tagging
C. route filtering
D. route prioritising

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 31
One new regarding 802.1X. (Choose three)

A. Authenticates the user itself


B. Authenticates the device itself
C. If the device does not support, allow the access automatically
D. Cisco proprietary
E. Industry standard

Correct Answer: ABE


Section: (none)
Explanation

Explanation/Reference:

QUESTION 32
What is one function of key server in Cisco GETVPN deployment?

A. sending the RSA certificate


B. providing pre-shared keys
C. maintaining security polices
D. providing the group ID
Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Comments:
Key server is responsible for maintaining security policies, authenticating the GMs and providing the session
key for encrypting traffic. KS authenticates the individual GMs at the time of registration. Only after successful
registration the GMs can participate in group SA.
https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/
deployment_guide_c07_554713.html

QUESTION 33
What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across the
WAN?

A. Convergence time
B. Low operating expense (OpEx)
C. Low latency
D. Dynamic fault-tolerance

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 34
An engineer has implemented a QoS architecture that requires a signalling protocol to tell routers which flows
of packets require special treatment. Which two mechanisms are important to establish and maintaining QoS
architecture? (Choose two)

A. Classification
B. Tagging
C. Packet Scheduling
D. Admission Control
E. Resource Reservation

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 35
An engineer wants to have a resilient access layer in the Data Center so that access layer switches have
separate physical connections to a pair of redundant distribution switches. Which technology achieves this
goal?

A. PaGP
B. LACP
C. VSL
D. EVPC
E. VSS
F. ECMP

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
@crossbar
Enhanced vPC is a form of Multichassis Etherchannel and VSS by itself, withour MEC, doesn’t provide
resiliency.
ECMP could also be a correct answer, assuming an L3 access layer design. But the question specifies “in the
Data Centre” and most DC access layer designs are L2.
Furthermore, (E)vPC is a tech exclusive to Nexus, which is marketed by Cisco as DC switches.

QUESTION 36
What is advantage of using the vPC feature in Data Centre environment?

A. Two switches form a single control plane


B. Utilizes all available uplinks bandwidth
C. FHRP is not required
D. A single IP is used for management for both devices

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 37
Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What are
two advantages of using Cisco FabricPath technology? (Choose two)

A. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load
balancing between redundant paths.
B. Cisco FabricPath provides MAC address scalability with conversational learning.
C. Loop mitigation is provided by the TTL field in the frame.
D. Cisco FabricPath is IETF-standard and is not used with Cisco products.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all
campus networks.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 38
A client request includes a network design that ensures all connections between the access layer and
distribution layer are active and forwarding traffic at all times. Which design approach achieves this request?

A. Enable backbone fast on the two distribution switches and create a port channel between each access layer
switch and both distribution switches
B. Configure HSRP for all VLANs and adjust the hello timer for faster convergence
C. Configure Rapid PVST+ and adjust the timers for fast convergence
D. Create a VSS between the two distribution switches and also create a MEC between the VSS and each
access layer switch.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 39
What is the most important consideration when selecting a VPN termination device?

A. CPU cycles per second


B. VPN sessions per interface
C. Packets per second
D. Bits per second

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 40
Which option is a design recommendation for route summarizations?

A. Filtered redistribution for the prevention of re-advertising of routes


B. Routing protocol stub areas
C. Route summarization for scalable routing and addressing design
D. Defensive route filtering to defence against inappropriate routing traffic
E. Route summarization to support greater volumes of transit traffic

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 41
A company is Multi-Homed to different service providers running BGP. Which action ensures that the company
AS does not become a transit AS?

A. Create a distribute list that filters all routes except the default route and applies to both BGP neighbour
interfaces in the inbound direction
B. Create a distribute list that filters all routes except the default route and applies to a single BGP neighbour in
the outbound direction
C. Create prefix list that matches the company prefixes and applies to both BGP neighbour definitions in the
outbound direction.
D. Create a route map that matches the provider BGP communities and networks and applies to both transit
neighbour interfaces in the outbound direction.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 42
A network engineer wants to limit the EIGRP query scope to avoid high CPU and memory utilization on low-end
routers as well as limiting the possibility of a stuck-in-active routing event between HQ and branch offices.
Which way to achieve these goals?

A. Configure different Autonomous System number per each branch office and HQ and redistribute routes
between autonomous systems.
B. Configure all routers at branch offices as EIGRP stub and allow only directly connected networks at branch
offices to be advertised to HQ
C. Configure all routers at branch offices as EIGRP stub
D. Configure all routers at HQ and branch offices as EIGRP stub

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 43
Which two protocols support simple plaintext and MD5 authentication? (Choose two)

A. RIP
B. IPv6
C. EIGRP
D. BGP
E. OSPF

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:
Comments:
Simple password authentication (also called plain text authentication) - supported by Integrated-System to
Integrated-System (IS-IS), Open Shortest Path First (OSPF) and Routing Information Protocol Version 2
(RIPv2)
MD5 authentication - supported by OSPF, RIPv2, BGP, and EIGRP

QUESTION 44
A network engineer must create a backup network connection between two corporate sites over the Internet
using the existing ASA firewalls. Which VPN technology best satisfies this corporate need?

A. VPLS
B. DMVPN
C. GETVPN
D. IPSec
E. MPLS
F. OTV
Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 45
A large-scale IP SLA deployment is causing memory and CPU shortages on the router in an enterprise
network. Which solution can be implemented to mitigate these issues?

A. An offline router for disaster recovery


B. CPE device that is managed by the network provider
C. A shadow router
D. A standby router for failover operation

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Comments:
https://www.cisco.com/en/US/technologies/tk869/tk769/technologies_white_paper0900aecd806bfb52.html

QUESTION 46
Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two)

A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are associated with one EPG
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs

Correct Answer: AF
Section: (none)
Explanation

Explanation/Reference:
Comments:
There may be times when the ACI administrator might need to deny traffic that is allowed by another contract.
Taboos are a special type of contract that an ACI administrator can use to deny specific traffic that would
otherwise be allowed by another contract. Taboos can be used to drop traffic matching a pattern (any EPG, a
specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of
regular contracts are applied. Taboo contracts are not recommended as part of the ACI best practices but they
can be used to transition from traditional networking to ACI. To imitate the traditional networking concepts, an
"allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain types of traffic."
EPG – End-Point Groups

QUESTION 47
A network manager wants all remote sites to be designed to communicate dynamically with each other using
DMVPN technology without requiring much configuration on the spoke routers. Which protocol is use by
DMVPN to achive this goal?

A. GRE
B. NHRP
C. SSH
D. ARP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 48
An organization is creating a detailed QoS plan that limits bandwidth to specific rates. Which three parameters
can be configured when attempting to police traffic within the network? (Choose three)

A. Conforming
B. Violating
C. Bursting
D. Peak information rate
E. Committed information rate
F. Exceeding
G. Shaping rate

Correct Answer: ABF


Section: (none)
Explanation

Explanation/Reference:
@crossbar
https:**//www.cisco.com/c/en/us/td/docs/ios/12_2/qos/configuration/guide/fqos_c/qcfpoli.html#wp1006389

QUESTION 49
An engineer must design a Cisco VSS-based configuration within a customer campus network. The two VSS
switches are provisioned for the campus distribution layer… Which option is the primary reason to avoid
plugging both VSL links into the supervisor ports?

A. The implementation creates a loop


B. The design lacks optimal hardware diversity
C. Limited bandwidth is available for VSS convergence
D. QoS is required on the VSL links

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Comments:
The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different
sources. Doing this might require having one port from the supervisor and other from a Cisco 6708 line card.
When configuring the VSL, note the following guidelines and restrictions:
For line redundancy, we recommend configuring at least two ports per switch for the VSL. For
module redundancy, the two ports can be on different switching modules in each chassis.

QUESTION 50
An engineer is configuring QoS to meet the following requirement:
- all traffic that exceeds the allocated bandwidth will still traverse the infrastructure but will be forwarded later
What will be requirements?

A. Per-Hop behaviours
B. Weighted Fair Queuing
C. IP Precedence
D. Shaping

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 51
An engineer is designing a network using RSTP. Several devices on the network support only legacy STP.
Which outcome occurs?

A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate but the fast convergence is not used.

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 52
What is the outcome when RPF check passes successfully?

A. Packet is dropped because it arrived on the interface that used to forward the packet back to source.
B. Packet is dropped because it arrived on the interface that used to forward the packet back to destination.
C. Packet is forwarded because it arrived on the interface that used to forward the packet back to destination
D. Packet is forwarded because it arrived on the interface that used to forward the packet back to source

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Comments:
Routers perform a reverse path forwarding (RPF) check to ensure that arriving multicast packets were received
through the interface that is on the most direct path to the source that sent the packets. An RPF check is
always performed regarding the incoming interface, which is considered to be the RPF interface. The RPF
check will succeed if the incoming interface is the shortest path to the source. The router
determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing
protocol in cases where one exists. An example of a dedicated multicast routing protocol is MP-BGP. It is
important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change in
the unicast routing table immediately triggers an RPF recheck on most modern routers.

QUESTION 53
Multicast PIM-Sparse mode sends traffic overload. Which feature can reduce the multicast traffic in the access
layer?
A. IGMP snooping
B. Filter at Boundaries
C. PIM Dense-Mode
D. MSDP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
Comments:
I think solution for this one was to move STP root

QUESTION 54

Refer to the exhibit. A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are
currently running and all interfaces are active. Which factor determines which router becomes the active HSRP
device?

A. the router with the highest MAC address for the respective group
B. the router with the highest interface bandwidth for the respective group
C. the router that boots up last
D. the router with the highest IP address for the respective group

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 55
An engineer is considering uplink bandwidth over-subscription in a Layer 3 network design. Which option is the
Cisco recommended over-subscription ratio for uplinks between the distribution and core layers?

A. 3 to 1
B. 4 to 1
C. 6 to 1
D. 8 to 1

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Comments:
Network oversubscription refers to a point of bandwidth consolidation where the ingress bandwidth is greater
than the egress bandwidth. For example, at an ISL uplink from an edge layer switch to a core, the
oversubscription of the ISL is typically on the order of 7:1 or greater. In a single director fabric, the fan-out ratio
of server to storage subsystem ports is directly related to the network oversubscription and is typically on the
order of 10:1 or higher. Network oversubscription is normal and unavoidable-it is a direct by product of the
primary
purpose for deploying a SAN. An important characteristic of the network related to oversubscription is its ability
to fairly allocate its bandwidth
resources among all clients of the SAN.

QUESTION 56
A network consultant is designing an enterprise network that includes an IPsec headend termination device.
Which two capabilities are the most important to consider when assessing the headend device's scalability?
(Choose two)

A. Packets per second processing capability


B. Bandwidth capabilities
C. Number of tunnels that can be aggregated
D. CPU capabilities
E. Memory capabilities

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
Reference From Cisco “Scalability considerations guide the order is Packets, Tunnel quantity, Gre
encapsulation and then only Routing protocols affecting the CPU. sound like asking for enterprise IPsec, so like
anyconnect Remote-Access = no routing affected on VPN headend
Look what IPSEC VPN WAN Design guide says: Number of Tunnels May be a Factor
Each time a crypto engine encrypts or decrypts a packet, it performs mathematical computations on the IP
packet payload using the unique crypto key for the trustpoint, agreed upon by the sender and receiver. If more
than one IPsec tunnel is terminated on a router, the router has multiple trust points and therefore multiple crypto
keys. When packets are to be sent or received to a different tunnel than the last packet sent or received, the
crypto engine must swap keys to use the right key matched with the trustpoint. This key swapping can degrade
the performance of a crypto engine, depending on its architecture, and increase the router CPU utilization.

QUESTION 57
When 2 distribution switches are configured for VSS, what needs to be done to extend back plane connectivity?

A. PAgP
B. IVR
C. ISL
D. VSL

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:

QUESTION 58

Refer to the exhibit. A customer discovers router R1 remains active even when the R1 uplink (F0/1) is down.
Which two commands can be applied to R1 to allow R2 to take over as the HSRP active? (Choose two)

A. track 50 ip route 10.10.10.0/24 reachability


B. track 50 interface Fa0/1 ip routing
C. standby 10 track 50 decrement 20
D. standby 10 track 50 shutdown
E. standby 10 track 50

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 59
Which technology simplifies encryption management?

A. GETVPN
B. DMVPN
C. IPsec
D. EasyVPN
E. GRE

Correct Answer: A
Section: (none)
Explanation
Explanation/Reference:

QUESTION 60
When a site has Internet connectivity with two different ISP's, which two strategies are recommended to avoid
becoming a BGP transit site? (Choose two)

A. Use a single service provider


B. Filter routes outbound to the ISPs
C. Accept all inbound routes from the ISPs
D. Filter routes inbound from the ISPs
E. Advertise all routes to both ISPs

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
@crossbar
B is definitely correct, but what bugs me is the “which two strategies…” formulation: it sounds to me that the two
required answers would not necessarily need to be applied at the same time.
If this interpretation is correct, C doesn’t help at all, it actually would be the cause of the issue (this is true for E
too).
If it is not, C doesn’t hurt, but doesn’t help either.

For the other answers:

A – would definitely work, but denies the question’s supposition


D – your AS wouldn’t be a transit for the filtered routes, but it doesn’t make sense filter what you WANT to learn
from ISP.

Bottom line, I think I would answer AB.


But I am not certain, let me know what you think!

QUESTION 61
to use multiple path from distribution to core

A. install IGP
B. ECMP
C. RSTP+
D. HSRP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 62
What is the characteristic of 802.1x (Choose two)

A. EAP messages in Ethernet frames and don't use PPP


B. Works only on wired connections
C. It's created by IETF
D. It's created by IEEE
Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 63
An engineer is designing an infrastructure to use a 40 Gigabit link as the primary uplink and a 10 Gigabit uplink
as the alternate path. Which routing protocol allows for unequal cost load balancing?

A. OSPF
B. RIP
C. EIGRP
D. BGP
E. IS-IS

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 64
Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two)

A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
C. It is removed by the Cisco ISE before reaching the endpoint.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal services
E. Best Practice dictates that deployments should include a security group for common services such as DNS
and DHCP

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 65
After an incident caused by a DDOS attack on a router, an engineer must ensure that the router is accessible
and protected from future attacks without making any changes to traffic passing through the router. Which
security function can be utilized to protect the router?

A. zone-based policy firewall


B. access control lists
C. class maps
D. control plane policing

Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:

QUESTION 66
Which two statements about 802.1X are true? (Choose three)

A. It is Cisco standard
B. It can allow and deny port access based on device identity
C. It works only with wired devices
D. It can allow and deny port access based on user identity
E. EAP messages in Ethernet frames and don't use PPP
F. EAP messages in Ethernet frames and use PPP

Correct Answer: BDE


Section: (none)
Explanation

Explanation/Reference:

QUESTION 67
An OSPF router should have a maximum of how many adjacent neighbours?

A. 80
B. 50
C. 60
D. 100

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 68
Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups of
redundant routers?

A. GLBP
B. HSRP
C. VRRP
D. VSS

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 69
Which routing protocol provides the fastest convergence and greatest flexibility within a campus environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 70
What network technology provides Layer 2 high availability between the access and distribution layers?

A. HSRP
B. MEC
C. EIGRP
D. GLBP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 71
Which option maximizes EIGRP scalability?

A. route redistribution
B. route redundancy
C. route filtering
D. route summarization

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 72
Which two options are advantages of having a modular design instead of an EOR design in a data center?
(Choose two)

A. cooling constraints
B. cable bulk
C. decreased STP processing
D. redundancy options
E. cost minimization
F. low-skilled manager

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 73
An engineer is designing a redundant dual-homed BGP solution that should prefer one specific carrier under
normal conditions. Traffic should automatically fail over to a secondary carrier case of a failure. Whitch twho
BGP attributes can be used to achieve this goal inbound traffic? (Choose two)

A. origin
B. MED
C. AS-PATH
D. local preference
E. weight

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:
Multi-exit discriminator (MED)

QUESTION 74
A network team must provide a redundant secure connection between two entities using OSPF. The primary
connection will be an Ethernet Private Line and the secondary connection will be a site-to-site VPN. What
needs to be configured in order to support routing requirements for over the VPN connection?

A. GRE Tunnel
B. HTTPS
C. Root Certificate
D. AAA Server

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 75
Which configuration represents resiliency at the hardware and software layers?

A. multiple connections and FHRP


B. HSRP and GLBP
C. redundant supervisor and power supplies
D. dual uplinks and switches

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
I don’t see “multiple connections” as hardware resiliency. They are “physical layer resiliency” for me.
QUESTION 76
Which option is the primary reason to implement security in a multicast network?

A. maintain network operations


B. allow multicast to continue to function
C. optimize multicast utilization
D. ensure data streams are sent to the intended receivers

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 77
A company requires redundancy for its multi-homed BGP external connections. What two features can be
configured on the WAN routers to automate failover for both outbound and inbound traffic? (Choose two)

A. AS path prepending
B. local preference
C. floating static route
D. HSRP
E. MED
F. weight

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:
@crossbar

from https:**//www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13768-hsrp-bgp.html

” This document describes how to provide redundancy in a multihomed Border Gateway Protocol (BGP)
network where you have connections to two separate Internet service providers (ISPs). In the event of a failure
of connectivity toward one ISP, the traffic is rerouted dynamically through the other ISP with the BGP set as-
path {tag | prepend as-path-string} command and Hot Standby Router Protocol (HSRP)

QUESTION 78
In what situation must spanning-tree be implemented?

A. When redundant Layer 2 links, that are not part of a single EtherChannel or bundle, exist between
distribution switches
B. When redundant Layer 3 links, that are not part of a single EtherChannel or bundle, exist between
distribution switches
C. Between Distribution and Core switches when interfaces are configured with "no switchport"
D. Between Distribution and Core switches when VSS is configured

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
STP (L2 loop prevention mechanism) should be implemented in topologies where possible loops may occur
and redundant L2 links between distribution switches is a very good example as long as the links are not
changelled (PC, vPC, MEC). If the redundant L2 links between distribution switches are changelled, the
topology is loop free so no STP is required but the doesn’t say anything about that. With regards to answer “A”,
VLAN can be stretched between multiple access switches via distribution layer and still be loop free so (know
from experience).

QUESTION 79
Which option does best practice dictate for the maximum number of areas that an OSPF router should belong
to for optimal performance?

A. 1
B. 2
C. 3
D. 4
E. 5

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 80
Which option is an advantage of using PIM sparse mode instead of PIM dense mode?

A. No RP is required
B. There is reduced congestion in the network
C. IGMP is not required
D. It floods all multicast traffic throughout the network

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 81
An engineer has to design a multicast domain for some application. This multicast network should be secured.
Which option should he take?

A. PIM-SM; 232.0.0.0/8
B. ASM; 232.0.0.0/8
C. SSM; 224.0.0.0/8
D. SSM; 232.0.0.0/8

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
QUESTION 82

A company needs to configure a new firewall and have only one public IP address to use. The engineer needs
to configure the firewall with NAT to handle inbound traffic to the mail server in addition to internet outbound
traffic. Which options could he use? (Choose two)

A. Static NAT for inbound traffic on port 25


B. Dynamic NAT for outbound traffic
C. Static NAT for outbound traffic on port 25
D. Dynamic NAT for inbound traffic
E. NAT overload for outbound traffic
F. NAT overload for inbound traffic on port 25

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 83
A network engineer is using OTV to connect six data centers. Which option is preferred when deploying OTV to
more than three sites?

A. Filter MAC address at the join interface


B. Use multicast-enabled transport
C. Use Unicast-only transport
D. Configure one edge device for each data center

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 84
An engineer is designing a Multichassis Etherchannel using VSS. Which network topology is the result?

A. Looped
B. Ring
C. Hybrid
D. Star

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 85
A company is running BGP on the edge with multiple service providers in a primary and secondary role. The
company wants to speed up time if a failure was to occur with the primary, but they are concerned about router
resources. Which method best achieves this goal?

A. Utilize BFD and lower BGP hello interval


B. Decrease the BGP keep-alive timer
C. Utilize BFD and tune the multiplier to 50
D. Utilize BFD and keep the default BGP timers

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 86
An engineer is designing a QoS architecture for a small organization and must meet these requirements:
- Guarantees resources for a new traffic flow prior to sending
- Polices traffic when the flow does not conform
Which QoS architecture model will accomplish this?

A. auto quality of service


B. modular quality of service
C. differentiated services
D. integrated services

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 87
When designing data centres for multitenancy, which two benefits are provided by the implementation of VSAN
and zoning? (Choose two)

A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from
affecting others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 88
A network engineer is designing a network that must incorporate active-active redundancy to eliminate
disruption when a link failure occurs between the core and distribution layer. What two technologies will allow
this? (Choose two)

A. Equal Cost Multi-Path (ECMP)


B. Rapid Spanning Tree Protocol Plus (RSTP+)
C. Hot Standby Routing Protocol (HSRP)
D. Rapid Spanning Tree Protocol (RSTP)
E. EtherChannel (MEC)

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 89
When designing layer 2 STP based LAN with FHRP, what design recommendation should be followed?

A. Assign STP root with active FHRP device


B. Assign native VLAN to lowest number in use
C. Avoid configuring router preempt
D. Avoid modifying STP & FHRP default timers

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 90
A network engineer wants to segregate three interconnected campus network via IS-IS routing. A two-layer
hierarchy must be used to support large routing domains to avoid more specific routes from each campus
network being advertised to other campus network routers automatically. What two actions should be taken to
accomplish this segregation? (Choose two)

A. Assign a unique IS-IS NET value for each campus and configure internal campus routers with level 1
routing.
B. Designate two IS-IS routers from each campus to act as a Layer 1/Layer 2 backbone routers at the edge of
each campus network.
C. Designate two IS-IS routers as BDR routers at the edge of each campus.
D. Assign similar router IDs to all routers within each campus.
E. Change the MTU sizes of the interface of each campus network router with a different value

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 91
What command essentially turns on auto summarization for EIGRP?

A. area 0 range 10.0.0.0 255.0.0.0.0


B. router eigrp 1
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. ip summary-address 10.0.0.0 255.0.0.0
E. eigrp stub

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Auto-summarization is enabled by default when you turn EIGRP on.

QUESTION 92
What is the physical topology of ACI?

A. spine & leaf


B. point to point
C. hub & spoke
D. spoke to spoke

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 93
Which security function is inherent in an Application Centric Infrastructure network?

A. Default Inter-EPG connectivity


B. Intrusion Prevention
C. Intrusion Detection
D. Default Denial Network

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Comments:
All the traffic between servers is denied (micro segmentation), to allow the traffic between EPGs we need to
configure contracts.

QUESTION 94
What security feature would require a packet to be received on the interface that the interface would use to
forward the return packet?

A. URPF
B. arp inspection
C. vlan acl

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 95
At which layer in the ACI fabric are policies enforced?

A. End Point
B. Spine
C. Leaf
D. APIC

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Security policies are configured on the APIC, and enforced on the leaves

QUESTION 96
A customer with 30 branch offices requires dynamic IGP routing protocol, IP multicast, and non-IP protocol
support. Which solution satisfies these requirements?

A. DMVPN spoke-to-spoke
B. DMVPN hub-to-spoke
C. VTI
D. P2P GRE

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
Comments:
Non IP traffic is not supported by DMVPN.
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class-
teleworker-ect-solution/prod_brochure0900aecd80582078.pdf

QUESTION 97
A company security policy states that their data center network must be segmented from the layer 3
perspective. The segmentation must separate various network security zones so that they do not exchange
routing information and their traffic path must be completely segregated. which technology achieves this goal?

A. VPC
B. VXLAN
C. VRF
D. VDC

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 98
An engineer is working for a large scale cable TV provider that requires multicast on multisourced streaming
video, but must not use any rendezvous point mechanism. Which multicast protocol must be configured?

A. ASM
B. PIM-SM
C. BIDR-PIM
D. PIM-SSM

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 99
Reduce security risk in BGP. Which option help to avoid rogue route injection, unwanted peering and malicious
BGP activities?

A. Apply MD5 authentication between all BGP peers


B. Use GRE tunnel
C. Encrypt all traffic
D. Apply route maps and policies in route redistribution events

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 100
How does stub routing affect transit route in EIGRP?

A. Transit routes are passed from a stub network to a hub network


B. It prevents the hub router from advertising networks learned from the spoke
C. Transit routes are filtered from stub networks to the network hub
D. It’s designed to prevent the distribution of external routes

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 101
A customer would like to implement a firewall to secure an enterprise network, however the customer is unable
to allocate any new subnets. What type of firewall mode must be implemented?

A. active/standby
B. active/active
C. zone based
D. virtual
E. routed
F. transparent

Correct Answer: F
Section: (none)
Explanation

Explanation/Reference:

QUESTION 102
The network engineering team for a large university must increase the security within the core of the network by
ensuring that IP traffic only originates from a network segment that is assigned to that interface in the routing
table. Which technology must be chosen to accomplish this requirement?

A. VLAN access control lists


B. Unicast Reverse Path Forwarding
C. Intrusion prevention system
D. ARP inspection

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
ROUTE 300-101 page 714
Unicast Reverse Path Forwarding
One approach to preventing malicious traffic from entering a network is to use Unicast Reverse Path
Forwarding (uRPF) . Specifically, uRPF can help block packets having a spoofed IP address. The way that
uRPF works is to check the source IP address of a packet arriving on an interface and determine whether that
IP address is reachable, based on the router’s Forwarding Information Base (FIB) used by Cisco Express
Forwarding (CEF). Optionally, the router can also check to see whether the packet is arriving on the interface
the router would use to send traffic back to that IP address.

QUESTION 103
Which option provides software modularity in Cisco NX-OS software in the data center design?

A. The ip routing command enables all of the features in the Cisco NX-OS.
B. All of the features are enabled by default in the Cisco NX-OS.
C. Individual features must be manually enabled to start the process.
D. The Cisco NX-OS has a management VRF that is enabled by default.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 104
Which technology allows multiple instances of a routing table to coexist on the same router simultaneously?

A. VRF
B. Cisco virtual router
C. Instanced virtuer router
D. IS-IS

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 105
Which two features provide resiliency in a data center? (Choose two.)

A. Cisco FabricPath
B. VTP
C. encryption
D. vPC
E. VRF

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 106
Which network virtualization technology provides logical isolation of network traffic at Layer 3?
A. VSS
B. VLAN
C. VRF-Lite
D. MEC

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 107
Which technology extends Layer 2 LANs over any network that supports IP?

A. OTV
B. VSS
C. vPC
D. VLAN

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 108
Which two technologies can be used to interconnect data centers over an IP network and provide Layer 2 LAN
extension? (Choose two.)

A. IS-IS
B. VXLAN
C. TRILL
D. Fabric Path
E. OTV

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 109
Which protocol should be run on the LAN side of two edge routers (that are terminating primary and backup
WAN circuits) to provide quick failover in case of primary WAN circuit failure?

A. VTP
B. STP
C. VRRP
D. RIP

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 110
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?

A. VRRP
B. BGP
C. IPsec
D. SSL

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 111
What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be queued
later ?

A. Shaping
B. Policing
C. Weighted Fair Queuing
D. Low Latency Queuing Correct

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 112
Which technology can block interfaces and provide a loop-free topology?

A. STP
B. VSS
C. VLAN
D. vPC

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 113
A customer has an existing Wan circuit with a capacity 10 mbps. The circuit has 6 Mbps of various user traffic
and 5 mbps of real-time audio traffic on average. Which two measures could be taken to avoid loss of real time
Traffic? (Choose Two)
A. Police the traffic to 5 mbps and allow excess traffic to be remarked to the default queue
B. Configure congestion avoidance mechanism WRED within the priority queue
C. Policy the traffic to 3.3 mbps and allow excess traffic to be remarked to the default queue
D. Increase the wan circuit bandwidth
E. Ensure that real time traffic is prioritized over other traffic

Correct Answer: AE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 114
An organization is adquiring another company and merging the two company networks. No subnets overlap, but
the engineer must limit the networks advertised to the new organization. which feature implements this
requierement?

A. Interface ACl
B. Stub area
C. Router filtering
D. Passive interface

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 115
When APIC is down on cluster device. What is the minimum number of APICs requirement for a production
ACI Fabric to continue to operate?

A. 1
B. 2
C. 3
D. 4

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Comments:
From Designing for Cisco Network Service Architecture Fourth Edition:
The recommended minimum sizing has the following requirements:
* Three or more Cisco APIC controllers that are dual connected to different leaf switches for maximum
resilience. Note that the fabric is manageable even with just one controller and operational without a controller.
I'm not sure what 'manageable' means, is it still an ACI fabric or does it revert to a different state. It seems
weird to me you would no longer have your ACI fabric if one/ two of your three APIC's went offline. Not usually
how redundancy works.
This Cisco topic seems to indicate it will still work on 1 APIC
https://supportforums.cisco.com/discussion/12448836/apic-cluster-why-minimum-3-controllers
Interesting your reasoning. "Manageable", means that you can still make changes, add/remove things, etc. So,
now reading your comments, it makes sense that if the is talking about continuing to operate, the answer must
be 1. I've seen 3 as the answer in all dumps but now I doubt it.

QUESTION 116
L2 extention through IP in the data center (MAC-in-IP)

A. FIBERPATH
B. TRILL
C. OTV
D. VXLAN

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
@crossbar

QUESTION 117
An engineer is implementing VXLAN to extend layer 2 traffic at three geographically diverse data centers.Which
feature is required at each data center to extend traffic?

A. VTEP
B. VLSM
C. VRRP
D. VPLS
E. VRF

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 118
A data center is being deployed, and one design requirement is to be able to readily scale server virtualization.
Which IETF standard technology can provide this requirement?

A. Cisco Fabric Path


B. Data Center Bridging
C. CUS
D. Transparent Interconnection of Lots of Links

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
@skummy
The Data Center Bridging (DCB) architecture is based on a collection of open standards Ethernet extensions
developed through the IEEE 802.1 working group to improve and expand
Ethernet networking and management capabilities in the data center.

https**://**www.cisco.com/c/dam/en/us/solutions/collateral/data-center-virtualization/ieee-802-1-data-center-
bridging/at_a_glance_c45-460907.pdf
TRILL (“Transparent Interconnection of Lots of Links”) is an IETF Standard[1] implemented by devices called
RBridges (routing bridges) or TRILL Switches.
https**://en.wikipedia.org/wiki/TRILL_(computing)

QUESTION 119
the states that the designer want to use the three PIM-SM kinds and which one is true about bidirectional PIM

A. three of them cannot be used at the same time


B. source has to be expelicitly mentioned
C. The RP don't need IP address
D. the RP ip address can be shared by other interface

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 120
Which two hashing distribution algorithms are available for an engineer when work with multichasis
etherchannel? Choose two

A. src-dst-mac
B. src-dst-ip
C. round-robin
D. fixed
E. adaptive

Correct Answer: DE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 121
Which two modes for deploying cisco Trustsec are valid? (Choose two)

A. cascade
B. low-impact
C. open
D. high availability
E. monitor

Correct Answer: BE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 122
While configuring QOS policy, analysis of the switching infrastructure indicates that the switches support
1P3Q3T egress queuning. Which option describes the egress queueing in the infrastruture?
A. The threshold configuration allos of inter-queq Wos by utilizing buffers
B. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds
C. The priority queue should use less than 20% of the total bandwidth
D. The prority queue must contain real-time traffic and network management traffic

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 123
Refer to the exhibit. HSRP is running Between SW A and Distribution SW B. Which two links do the switches
use to transmit HSRP mess? Choose two

A. core Switch A, port g2/1 to distr switch A, port g3/1


B. distr Switch A, port g5/1 to distr swit B, port g5/2
C. Core Switch A, por g1/1 tp core swit B, port g1/2
D. Core Switch B, port g2/2 to distr switch b, port g3/2
E. Distr Switch A, port g4/1 to acc swi, port g1/0/1
F. Distri Switch B, port g4/2 to acc switch, port g2/0/1

Correct Answer: EF
Section: (none)
Explanation

Explanation/Reference:

QUESTION 124
An engineer set up a multicast network design using all three Cisco supported PIM modes. Which are two
characteristics of Bidirectional PIM in this situation are true? (Choose two)

A. In Bidirectional PIM, the RP IP address does not need to be a router.


B. In Bidirectional PIM, the RP IP address can be shared with any other router interface.
C. A Cisco router cannot support all three PIM modes simultaneously.
D. Membership to a bidirectional group is signaled via explicit join messages
E. Bidirectional PIM is deigned to be used for one-to-many applications.

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 125
Which NAC design model matches the following definitions?
NAS is deployed centrally in the core or distribution layer.
Users are multiple hops away from the Cisco NAS.
After authentication and posture assessment the client traffic no longer passes through the Cisco NAS.
PBR is needed to direct the user traffic appropriately

A. Layer 3 in-band virtual gateway


B. Layer 3 out-of-band with addressing
C. Layer 2 in-band virtual gateway
D. Layer 2 out-of-band virtual gateway

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 126
The network engineering team is interested in deploying NAC within the enterprise network to enhance security.
What deployment model should be used if the team requests that the NAC be logically inline with clients?

A. Layer 2 in-band
B. Layer 2 out-of-band
C. Layer 3 in-band
D. Layer 3 out-of-band

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
page 434 Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide Third Edition
Layer 2 In-Band Designs
The Layer 2 in-band topology is the most common deployment option. The Cisco NAS is logically inline with the
client traffic, but is not physically inline.

QUESTION 127
A network engineer must perform posture assessments on Cisco ASA remote access VPN clients and control
their network access based on the results. What mode is the Cisco best practice NAC deployment design for
this situation?

A. Layer 2 in-band real IP gateway mode


B. Layer 2 out-of-band real IP gateway mode
C. Layer 3 in-band virtual gateway mode
D. Layer 3 out-of-band virtual gateway mode

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 128
Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation?

A. Layer 2 out-of-band
B. Layer 2 in-band
C. Layer 3 out-of-band
D. Layer 3 in-band
Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
Layer 2 In-Band Designs
page 434 Designing Cisco Network Service Architectures (ARCH) Foundation Learning Guide
This is the most scalable design in large L2-to-distribution environments, because thiscdesign can be
transparently implemented in the existing network supporting multiplecaccess layer switches. It supports all
network infrastructure equipment. The Cisco NAS supports per-user ACLs.

QUESTION 129
While designing a QoS policy for an organization, a network engineer is determining the method to limit the
output rate of traffic whit in the real-time queue. How must the limiting of traffic within the real-time queue
occur?

A. The traffic must be remarked to a low pritorty to and allowed pass


B. The traffic must be policed and not allowed to pass
C. The traffic within the real-time queue must not be limited
D. The traffic must be shaped to allow for it to be trasnmitted after the tokens have been replenisehd

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 130
Which option is a Fundamental proccess of the cisco TrustSec tecnology?

A. Marketing
B. Detection
C. Propagation
D. Prioitization

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
Cisco TrustSec is defined in three phases: classification, propagation, and enforcement

QUESTION 131
Refer to the exhibit.
What should be implemented to prevent exceeding the 50MB allowable bandwidth of internet circuit?

A. CIR
B. police
C. shaping
D. ACL
E. rate-limit

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 132
An engineer is designing a network with OSPF and must filter ingress routes form a partner network that is also
running OSPF. Which two design options are available for this configuration? (Choose Two)

A. Use a different routing protocol usch as EIGRP between the networks


B. Configure a diferent OSPF area that would prevent any unwanted routes form entering the network
C. Use a distribution-list in the OSPF process to filter out the routes
D. Use access list on the ingress interface to prevent the routes form entering the network
E. Design a filter using prefix list to ensure that the routes are filtered out at the redistribution point

Correct Answer: CE
Section: (none)
Explanation

Explanation/Reference:

QUESTION 133
Which design technology allows two cisco catalyst chassis to use SSO and NSF to provide nonstop
communication even if one of the member chassis fails?

A. Auto chassis detect


B. VSS
C. VPC
D. Peer Gateway

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
A VSS operates with stateful switchover (SSO) redundancy if it meets the following requirements:

-Both supervisor engines must be running the same software version.


-VSL-related configuration in the two chassis must match.
-PFC mode must match.
-SSO and nonstop forwarding (NSF) must be configured on each chassis.

QUESTION 134
While designing a backup BGP solution, a network engineer wants to ensure that a single router with multiplex
connections prefers the routes from a specific connection over all others. Which BGP path selection attribute is
considered first when seleccting a route?

A. As-Length
B. Link Bandwidth
C. Local preference
D. Weight
E. MED

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 135
A data center has several business partners who want to have their compute resources installed. The data
center uses one VLAN to support vendor equipment and requires limited visibility and connectivity between
vendor servers. Which segmentation concept satisfies theses requirements?

A. IP NAT
B. Private vlans
C. Lan to lan vpn
D. Protected vlans

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 136
Which cisco NX-OS feature can be used to build highly scalable layer 2 multipath networks without utilizing the
spanning tree protocol?

A. OTV
B. FabricPath
C. vPC
D. MST

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:
From the FLG 4th Ed. page 403:

“Cisco FabricPath brings routing techniques from Layer 3 to solve Layer 2 loop problems”

Layer 2 loop problems are what STP was designed to solve and the mentioned routing techniques are done by
IS-IS (page 404):

“Cisco FabricPath uses extensions to the Intermediate System-to-Intermediate System (IS-IS) protocol to
exchange
unicast and multicast location and reachability information and to forward traffic in
the network using Cisco FabricPath headers. (IS-IS forms the underlay network for the
FabricPath and enables the underlay fabric to be a nonblocking Layer 3-routed network
with ECMP forwarding).”

QUESTION 137
During an upgrade of an existing data center, a network learn must design segmentation into existing networks.
Due to legacy applications, the IP address cannot change. Which firewall deployment model these
requirement?

A. Routed mode
B. Multicontext mode
C. Transparent mode
D. Cluster mode

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 138
During the integration of a new company, a network engineering team discovers that IP address space
overlaps, between the two company networks.Which two technologies can be used to allow overlapping IP
addresses to coexist on shared network infrastructure? (Choose two)

A. VRF
B. OTV
C. NAT
D. HSRP
E. VPN

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:
QUESTION 139
Engineer wants to interconnecting with a new company, the both companies uses OSPF. How should you filter
the ingress traffic between them?

A. Use eigrp on the other company


B. Use distribute-list
C. Use prefix-list
D. Use ACL

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 140
Where should loop guard the implemented in a campus network design?

A. Ports configured with port fast


B. Alternate ports only
C. Ports configured with root guard
D. Alternate, backup and root ports

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 141
Refer to the exhibit
An engineer must apply IP addressing to five new WAN sites and choses the new subnets pictured. The
previous administrator applied the addressing at Headquarters. Whitch option is the minimum summary range
to cover the existing WAN sites while also allowing for three additional WAN sites of the same size, for future
growth?

A. 10.0.60.0/18
B. 10.0.64.0/21
C. 10.0.64.0/17
D. 10.0.0.0/17
E. 10.0.64.0/18

Correct Answer: E
Section: (none)
Explanation

Explanation/Reference:

QUESTION 142
Which two options are features of a scalable cluster design utilizing Cisco ASA firewalls? (Choose two)

A. Each cluster supports up to 10 ASA devices.


B. The design supports up to 100 Gbps of aggregate traffic.
C. Each member of the cluster can forward every traffic flow.
D. The design supports up to 1 Terabyte of aggregate traffic.
E. The ASA cluster actively load balances traffic flows.

Correct Answer: BC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 143
Which action should be taken when implementing a preferred IPS design?

A. Place the management interface on a separate VLAN


B. Place all sensors on PVLAN community ports
C. Place the management interface on the same VLAN
D. Place the monitoring interface on the inside network

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 144
How does OTV provide STP isolation?

A. By using STP root optimization


B. By using BPDU guard
C. By dropping BPDU packets
D. By using BPDU filtering

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 145
A LAN infrastructure consists of swiches from multiple vendors. Spanning Tree is used as a Layer 2 loop
prevention mechanism. All configured VLANs must be grouped in two STP instances. Which standards-based
Spanning Tree technology must be used?

A. MSTP
B. Rapid PVST
C. STP
D. RSTP

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 146
A network team is designing a Layer 3 Data Center Interconnect between two data centers. There is a
requirement for all links of equal bandwidth be utilized have automatic failover and not use any bundling
technology. Which routing function must be used to achieve this requirement?

A. BGP router reflectors


B. Equal cost multipath routing
C. Virtual private LAN service
D. Virtual links
E. Policy-based routing

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 147
An engineer is redesigning the infrastructure for a campus environment. The engineer must maximize the use
of the links between the core and distribution layers. By which two methods can this usage be maximized?
(Choose two)

A. Design the links between the core and distribution layers HSRP
B. Design the links between the core and distribution layers to use an IGP
C. Design the links between the core and distribution layers to use RPVSTP+
D. Design with multiple equal-cost links between the core and distribution layers
E. Design with multiple unequal-cost links between the core and distribution layers
Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 148
An engineer must create this design:

Restrict cetain networks from being advertised to remote branches connected via eBGP
Prohibit advertisement of the specific prefix to external peer only

Which BGP community must be configured to meet these requirements?

A. gshut
B. internt
C. local-as
D. no-export
E. no-advertise

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:
https://learningnetwork.cisco.com/thread/58299
https://tools.ietf.org/html/rfc1997

QUESTION 149
An engineer is working on an OSPF network design and wants to minimize the failure detection time and the
impact on the router CPU. Witch technology accomplishes this goal?

A. LSA pacing
B. LSA delay interval
C. BFD
D. Fast hellos

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 150
An engineer wants to assure that host can locate routers that can be used as a gateway to reach IPbased
devices on other networks. Which first hop redundancy protocol accomplishes this goal?

A. VRRP
B. GLBP
C. IRDP
D. HSRP
E. GSLB

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-irdp.html

QUESTION 151
What added enforcement feature is avaiable on IDS-based devices to terminate active malicious traffic?

A. Signature detection
B. TCP reset
C. SNMP alert
D. Layer 4 filtering

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 152
Layer3 segmentation but I can’t recall the question

A. Multihop MPLS
B. Hop-by-Hop VRF-Lite
C.
D.

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 153
Which two types of authentication mechanisms can be used by VRRP for security? (Choose two)

A. SHA-1
B. MD5
C. SHA-256
D. Plain Text
E. PEAP

Correct Answer: BD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 154
Question about Achieving Fast convergence on LAN (Choose two)
A. Enable RPVST+
B. Enable pruning for unused Vlans in switches
C. Enable MST
D. ....

Correct Answer: AC
Section: (none)
Explanation

Explanation/Reference:

QUESTION 155
An engineer has been requested to utilize a method in an ACI network that will ensure only permitted
communications are transmitted between End Point Group tier in a three tier application. Which element would
be utilized to accomplish within the fabric?

A. Contract
B. Filter
C. Subject
D. Label

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:

QUESTION 156
An engineer has to increase the security in the core network. What needs to be implemented to be sure that the
IP traffic is originating from the correct network segment?

A. IPS
B. ACL
C. VLAN access lists
D. ARP inspection

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 157
New Question. What are the two main elements used by RBAC to provide secure accees within an Enterprise?
(Choose two)

A. User Privileges
B. User Roles
C. User Profile
D. User Domains
E. User Locales
Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 158
New Question. Which two security measures must an engineer follow then implementing Layer 2 and Layer 3
network design? (Choose two)

A. Utilize the native VLAN only on trunk ports to reduce the risk of an Double-Tagged 802.1q VLAN hopping
attack
B. Utilize an access list to prevent the use of ARP to modify entries to the table
C. Utilize DHCP snooping on a per VLAN basis an apply ip dhcp snooping untrusted on all ports
D. Utilize the ARP inspection feature to help prevent the misuse of gARP
E. Utilize private VLANs an ensure that all ports are part of the isolated port group

Correct Answer: AD
Section: (none)
Explanation

Explanation/Reference:

QUESTION 159
New Question. While designing quality of services policies, which two of traffic must be prioritized as
management traffic? (choose two)

A. RADIUS
B. SSH
C. HTTPS
D. ICMP
E. SCP

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 160
New Question. Which mechanism is enabled by default in the OTV technology to conserve bandwich?

A. Unknown unicast flooding suppressed over the OTV link


B. Control plane traffic is prevented from traversing the OTV link
C. BPDUs are allowed to traverse the OTV link
D. Data plane traffic is prevented from traversing the OTV link

Correct Answer: A
Section: (none)
Explanation

Explanation/Reference:
QUESTION 161
New Question. How many multicast groups can one multicast MAC address represent?

A. 128
B. 16
C. 1
D. 32

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 162
New Question. A dual-hommed office is opposed to using path optimization by… Which feature helps
application resilency?

A. ATM
B. CEF
C. PIR
D. MLPPP

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 163
New Question. A company is building a large data center. About 80% of ints traffic will be North to South an the
other 20% will be East to West. The company is (…)expecting a signigicant amount of data center growth over
the next 5-10 years but wants to keep the cost of growth low. Which data center design is the best suited to
meet these goals?

A. Two-tier design with the layer 2 termination on data center core


B. A Spine an leaf design with layer2/3 termination on the leaf nodes
C. A Spine an leaf design with layer2/3 termination on the spine nodes
D. A three-tier design with the layer 3 termination on data center core

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 164
New Question. A company (………….). Due to limited IPv4 addres availability, the company was able to
allocate only a /24 address block. Which method must be used to ensure that the primary data center receives
all traffic unless it is offline?
A. EIGRP, Advertise two/25 address blocks to each ISP at the primary DC and a /24 at the secondary D
B. BGP, AS prepend at the secondary DC
C. OSPF, AS prepend at the secondary DC
D. BGP, Advertise two/25 address blocks to each ISP at the primary DC and a /24 at the secondary

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 165
New D&D

Select and Place:

Correct Answer:

Section: (none)
Explanation

Explanation/Reference:

QUESTION 166
New Question. Headquarters has 3 branch routers and only want one default route sent to the branch routers.
What type of area will be configure?

A. Normal Area
B. Stub Area
C. Totally stub area
D. Not-so-stubby-area

Correct Answer: D
Section: (none)
Explanation

Explanation/Reference:

QUESTION 167
New Question. Company has OSPF and 300 router inside the backbone area. how to change design. (the
question was much longer)

A. Route summarization in the backbone area


B. Breakdown area into smaller nonbackone area
C. Add virutal link
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference:

QUESTION 168
New Question. Flex links

A. does aggregation layer is aware about the state of Flex-links


B.
C.
D. vlans span to aggregation common bloc

Correct Answer:
Section: (none)
Explanation

Explanation/Reference:

QUESTION 169
New Question. Small officce with a unique link wan. What you have to do to make optimize

A. DMVPN
B. MPLS
C. WAE
D. MSE

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:
The WAN Automation Engine(WAE) is a powerful, flexible software-defined networking (SDN) platform. It
abstracts and simplifies your WAN environment while making it fully open and programmable.
The WAN Automation Engine helps ensure that the most expensive network resources are fully optimized,
assigning best load-share metrics using the Path Computation Element Communication Protocol (PCEP). You
can optimize and Automate your Network with the WAN Automation Engine.

QUESTION 170
New Question. Extensión Ethernet L2 into the a private network…with multipath…

A. MPLS
B. VPLS
C. eoEMPLS
D.

Correct Answer: C
Section: (none)
Explanation

Explanation/Reference:

QUESTION 171
New Question. What to consider when designing L3 Nwtwork convergence? (Choose two)

A. OSPF LSA updates


B. Forwarding information base update
C. loosing…
D. add…

Correct Answer: AB
Section: (none)
Explanation

Explanation/Reference:

QUESTION 172
New Question. What technique allows both IPv4 and IPv6 to run at the same time on a router?

A. IPv4 tunnelling
B. Dual Stack
C.
D.

Correct Answer: B
Section: (none)
Explanation

Explanation/Reference: