Introducing The New!
Surepassexam Collection
Get Unlimited Access to all
Surepassexam's PREMIUM files
Q1. Which two features can be used to extend VRFs across a campus? (Choose two.)
A. 802.1q trunks
B. LDP
C. MPLS TE
D. GRE
E. port channels
Answer: AD
Q2. You are the lead network designer hired by Service Provider XYZ to deploy CoS functionality on the core MPLS network (P routers). The goal of the network design is to provide a complete CoS solution to all customers that purchase services such as dedicated Internet access, MPLS L3VPN, and L2VPN (pseudowire). Service Provider XYZ has these design requirements:
The network supports four service queues with equal treatment for delay, jitter, and packet loss.
Queues are numbered 0-3, where 0 is the default queue.
Three queues have one treatment.
One queue has either one or two treatments.
If your design includes eight CoS queues on the Service Provider XYZ MPLS PE router ingress (CE facing) interface, how will customer traffic be classified as it enters the MLS P routers?
A. The eight CoS queues in the MPLS P router are remapped to the eight CoS queues.
B. Traffic is classified on the MPLS PE routers on core facing interface. The DSCP value is mapped into EXP field where multiple EXP settings (2+) will be assigned to a single queue throughout the MPLS P routers.
C. Discard the traffic from the eight CoS queues that does not match the four CoS queues of the MPLS P routers.
D. The 8 CoS queues in the MPLS P router are remapped to four 4 flow-label queues.
Answer: B
Q3. When adding an IPSec headend termination device to your network design, which two performance indicators are the most accurate to determine device scalability? (Choose two.)
A. CPU capabilities
B. bandwidth capabilities
C. packets per second capabilities
D. maximum tunnel termination capabilities
Answer: CD
Q4. Which three methods allow storage access across an IP network? (Choose three.)
A. FCIP
B. Fiber Channel over GRE
C. Fiber Channel over L2TPv3
D. iSCSI
E. NFS
Answer: ADE
Q5. What is a key design aspect to be considered when designing an IP network that will be carrying real-time VoIP traffic?
A. Minimizing total bidirectional end-to-end delay to 0-150 ms
B. Minimizing total unidirectional end-to-end delay to 150-500 ms
C. Minimizing total bidirectional end-to-end delay to 0-50 ms
D. Minimizing total unidirectional end-to-end delay to 0-150 ms
Answer: D
Q6. You are tasked with implementing a 1000-phone remote access solution, where phone calls will traverse a WAN edge router. Assuming all of the following features are supported in a hardware-assisted manner, which of the following will have the most negative impact
on the delay of the packet?
A. encryption
B. stateful firewall
C. MPLS encapsulation
D. GRE encapsulation
Answer: A
Q7. You are a network designer and have been asked to consult with your server operations team to further enhance the security of the network. The operations team provides you with these details about the network:
A pool of servers is accessed by numerous data centers and remote sites.
The servers are accessed via a cluster of firewalls.
The firewalls are configured properly and are not dropping traffic.
The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology would you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers?
A. Access control lists to limit sources of traffic that exits the server-facing interface of the firewall cluster
B. Poison certain subnets by adding static routes to Null0 on the server farm core switches.
C. Unicast Reverse Path Forwarding in strict mode
D. Unicast Reverse Path Forwarding in loose mode
Answer: D
Q8. Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)
A. Solution should be resistant to sensor failure.
B. Solution should allow for stream normalization.
C. Solution should not impact jitter and latency for voice traffic.
D. Solution should allow for signature-based pattern matching.
E. Solution should allow to deny packets inline.
Answer: ACD
Q9. In order to meet your service level agreement, your network designer created a design solution that includes interface dampening. In which two ways will interface dampening benefit your overall network design? (Choose two.)
A. Interface dampening uses an exponential backoff algorithm to suppress event reporting to the upper-level protocols.
B. When the interface is dampened, further link events are not reported to the upper protocol modules.
C. When the interface is dampened, further link events are reported to the upper protocol module.
D. Periodic interface flapping that affects the routing system as a whole should have a period shorter than the system convergence time.
Answer: AB
Q10. You are designing a network that will run EIGRP over a Metro Ethernet service that does not employ a link-loss technology. What will be the impact on convergence if there is a break in the end-to-end Layer 2 connectivity within the service provider network?
A. The routers will immediately lose their adjacencies and converge.
B. The routing protocol will not converge until the hold timers have expired.
C. The switch ports connected to the router will go down and the routers will immediately converge.
D. The VLAN on the switches will go inactive, the ports associated on the switch will go down, and the routers will immediately converge.
Answer: B
Q11. In an MPLS-VPN environment, what is the effect of configuring an identical set of route targets for a particular VRF, but then configuring nonidentical route distinguisher across multiple PE devices?
A. The routes will be correctly handled by the control plane, but there will be instances where routes take up twice as much memory.
B. The routes will propagate to the remote PE, but the PE will never install them in its forwarding table.
C. The routes will be rejected by the remote PE because they have a different RD than its routes.
D. The routes will not even be sent to any remote PE with a different RD.
Answer: A
Q12. A company has these requirements for access to their wireless and wired corporate LANs using 802.1x:
. Client devices that are corporate assets and have been joined to the Active
Directory domain are allowed access.
. Personal devices must not be allowed access.
. Clients and access servers must be mutually authenticated.
Which solution meets these requirements?
A. Protected Extensible Authentication Protocol/Microsoft Challenge Handshake Authentication Protocol Version 2 with user authentication
B. Extensible Authentication Protocol-Transport Layer Security with machine authentication
C. Extensible Authentication Protocol-Transport Layer Security with user authentication
D. Protected Extensible Authentication Protocol/Microsoft Challenge Handshake Authentication Protocol Version 2 with machine authentication
Answer: B
Q13. Which two aspects are considered when designing a dual hub, dual DMVPN cloud topology? (Choose two.)
A. recommended for high availability
B. requires all sites to have dual Internet connections C. spoke-to-spoke traffic will transit the hub unless spokes exchange dynamic routing directly
D. hub sites must connect to both DMVPN clouds
E. will only work with single-tier headend architecture
Answer: AE
Q14. You are designing an Out of Band Cisco Network Admission Control, Layer 3 Real-IP Gateway deployment for a customer. Which VLAN must be trunked back to the Clean Access Server from the access switch?
A. untrusted VLAN
B. user VLAN
C. management VLAN
D. authentication VLAN
Answer: A
Q15. A company wants to connect two data center sites using a hub-and-spoke design with 2000 remote sites. One design consideration is the requirement to transfer MPLS packets over the public Internet. In addition, one router at each site should be used, and the MPLS packets must be encapsulated inside IP packets because the public Internet cannot transfer native MPLS packets. Which feature can be used to simplify the network design?
A. GET VPN can be used to encrypt the MPLS packets with IPsec.
B. DMVPN can be used to build up GRE tunnels dynamically with MPLS encapsulation inside.
C. L2TPv3 can be used to encapsulate the MPLS packets.
D. Site-to-site IPsec without GRE can be used to encapsulate the MPLS packets.
E. PPPoE can be used to encapsulate the MPLS packets.
Answer: B