Q1. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Answer: C
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
Q2. Where in the network hierarchy should network access control be performed?
A. backbone
B. core
C. access
D. distribution
Answer: C
Q3. Multicast has been enabled and configured in the Enterprise, and PIM Sparse-mode has been enabled on all VLANs. What feature is required to stop multicast traffic from being broadcasted on the access layer switches?
A. IGMP snooping
B. Multicast boundary filter
C. PIM dense-mode
D. Dynamic ARP inspection
Answer: A
Q4. Your company's Cisco routers are operating with EIGRP. You need to join networks with an acquisition's heterogeneous routers at 3 sites, operating with EIGRP and OSPF. Which describes the best practice for routing protocol deployment?
A. Apply OSPF throughout both networks
B. Apply one-way redistribution exclusively at each location
C. Apply two-way redistribution exclusively at each location
D. Apply two-way redistribution at each location with a route filter at only one location
E. Apply two-way redistribution at each location with a route filter at each location
F. Apply EIGRP with the same autonomous system throughout both networks
Answer: E
Explanation: Without filters there is possibility of routing loops.
Link:
http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009487e.shtml
Q5. A campus network needs end-to-end QoS tools to manage traffic and ensure voice quality. Which three types of QoS tools are needed? (Choose three.)
A. interface queuing and scheduling
B. congestion management
C. compression and fragmentation
D. bandwidth provisioning
E. traffic classification
F. buffer management
Answer: A,D,E
Q6. Which three statements are true regarding the virtual interface on a Cisco Wireless LAN Controller? (Choose three.)
A. supports mobility management
B. serves as a DHCP relay
C. used for all controller to AP communication
D. supports embedded Layer 3 security
E. default for out-of-band management
F. default for in-band management
G. provides connectivity to AAA servers
Answer: A,B,D
Q7. Which consideration is the most important for the network designer when considering IP routing?
A. convergence
B. scalability
C. on-demand routing
D. redistribution
Answer: A
Q8. Which is the North American RIR for IPv4 addresses?
A. RIPE
B. ARIN
C. IANA
D. IEEE
E. APNIC
Answer: B
Q9. DRAG DROP
Answer:
Q10. A routing protocol neighbor relationship has been established between two routers across the public Internet using GRE. What technology can be used to encrypt this communication channel?
A. access lists
B. IP security
C. context based access
D. intrusion prevention system
Answer: B
Q11. You are tasked with designing a new branch office that will support 75 users with possible expansion in the future and will need a highly available network. Which of the branch design profiles should be implemented?
A. large branch design
B. medium branch design
C. teleworker design
D. small branch design
Answer: B
Explanation:
Medium Branch Design The medium branch design is recommended for branch offices of 50 to 100 users, which is similar to the small branch but with an additional access router in the WAN edge (slightly larger) allowing for redundancy services. Typically, two 2921 or 2951 routers are used to support the WAN, and separate access switches are used to provide LAN connectivity.
Q12. Which routing protocol classification should you use when full topology information is needed?
A. link-state
B. distance vector
C. stateful
D. path vector
Answer: A
Q13. A network engineer is designing an enterprise managed VPN solution for a large number of remote offices that do not have on-site IT support and communicate only with the home office. What type of VPN solution should be implemented?
A. VPLS
B. GRE
C. IPsec
D. EVPN
E. DMVPN
F. SSL client
Answer: D
Q14. Which protocol is used to reserve bandwidth for the transport of a particular application data flow across the network?
A. cRTP
B. IEEE 802.1P
C. RSVP
D. LFI
E. Auto QOS
Answer: C
Explanation:
RSVP Signaling protocol that enables end stations or applications to obtain guaranteed bandwidth and low delays for their data flows.
Q15. Which design is the recommended geometric design for routed topologies?
A. linear
B. triangular
C. rectangular
D. circular
Answer: B
Q16. What is the primary consideration when choosing a routed network design over a traditional campus network design?
A. Layer 3 service support at the network edge
B. the routing protocol choice: open (OSPF) or proprietary (EIGRP)
C. the routing abilities of the host devices
D. the need to control the broadcast domains within the campus core
Answer: A
Explanation: Layer 3 ability at network edge should be available to leverage the benefits of routed network design. Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html