Cisco - Selftestengine.300 320.study - Guide.v2019 May 25.by - Devin.221q.vce

Certshared now are offering 100% pass ensure 300-320 dumps!
https://www.certshared.com/exam/300-320/ (425 Q&As)
Cisco
Exam Questions 300-320
Designing Cisco Network Service Architectures
Guaranteed success with Our exam guides visit - https://www.certshared.com

NEW QUESTION 1
Refer to the exhibit.
An engineering team is analyzing the WAN connection for a site that has a 50 Mbps Ethernet circuit. Which technology should be uses to keep the router from
overrunning the carrier's 50 Mbps rate?
A. shaping
B. Access Control List
C. Committed Information Rate
D. Rate-Limit
E. Policing
Answer: C
NEW QUESTION 2
Which option lists the EIGRP minimum timer settings for hello and dead timers in seconds?
A. 4 and 6
B. 2 and 4
C. 2 and 6
D. Both 6
Answer: C
NEW QUESTION 3
You need to design a network with a summary segment that supports up to 15 IP segments and all segments must be /24?
A. /20
B. /21
C. /18
D. /19
Answer: A
NEW QUESTION 4
What are two benefits of using 6to4 as an IPv6 transition method? (Choose two.)
A. 6to4 tunnels allow isolated IPv6 domains to be remotely connected over IPv4 networks.
B. Manual configuration (scalability) is easier.
C. Point-to-multipoint automatic tunneling (automatic 6to4) is available.
D. An infinite number of address spaces are allocated to an IPv6 subnet.
E. Globally unique IPv4 addresses are not required.
Answer: AC
NEW QUESTION 5
What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be
queued later?
A. Shaping
B. Policing
C. Weighted Fair Queuing
D. Low Latency Queuing
Answer: A

NEW QUESTION 6
Which action should be taken when implementing a preferred IPS design?
A. Place the management interface on a separate VLAN

B. Place all sensors on PVLAN community ports
C. Place the management interface on the same VLAN
D. Place the monitoring interface on the inside network
Answer: A
NEW QUESTION 7
NAC: Simple access control at user and device contextual level. Which features are needed ? (Choose Two)
A. secure access control

B. TrustSec
C. ISE
D. NAC agent
Answer: CD
NEW QUESTION 8
While configuring a QoS policy, analysis of the switching infrastructure indicates that the switches support 1P3Q3T egress queuing. Which option describes the
egress queuing in the infrastructure?
A. The threshold configuration allows for inter-queue QoS by utilizing buffers.

B. The priority queue must contain real-time traffic and network management traffic.
C. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds.
D. The priority queue should use less than 20% of the total bandwidth.
Answer: B
NEW QUESTION 9
Which two technologies provide web and URL filtering and mitigate zero-day malware? (Choose two)
A. Cisco CWS
B. Cisco WSA
C. Cisco GETVPN
D. Cisco ESA
E. NAT/PAT
Answer: AB
Explanation: Cisco CWS: Cisco Cloud Web Security

https://www.cisco.com/c/en/us/products/collateral/security/cloud-web-security/data_sheet_c78-729637.html Cisco WSA: Cisco Web Security Appliance
https://www.cisco.com/c/en/us/products/collateral/security/content-security-management-appliance/datasheetc7 Cisco ESA: Email Security Appliance
NEW QUESTION 10
What is one limitation of MPLS Layer 3 VPN networks?
A. They require less powerful routers with limited capabilities

B. They require the customer to control routing
C. They support only IP traffic
D. PE routers are underutilized
Answer: C
NEW QUESTION 10
An engineer is working on an OSPF network design and wants to minimize the failure detection time and the impact on the router CPU. Witch technology
accomplishes this goal?
A. LSA pacing
B. LSA delay interval
C. BFD
D. Fast hellos
Answer: C
NEW QUESTION 14
HSRP has been implemented on distribution switches but no priority has been defined. Which one of the two switches will be active ?
A. The one with the higher IP address configured on the interface

B. The one with the higher MAC address configured on the interface
C. The one which booted the last
D. The one with the higher bandwith configured on the interface

Answer: A
NEW QUESTION 18
An engineer is designing a QoS architecture for a small organization and must meet these requirements:
*Guarantees resources for a new traffic flow prior to sending
*Polices traffic when the flow does not conform
Which QoS architecture model will accomplish this?
A. auto quality of service

B. modular quality of service
C. differentiated services
D. integrated services
Answer: D
NEW QUESTION 21
Design QoS (traffic regulation mechanisms ? )(Choose Two)
A. Classification
B. Shaping
C. Policing
D. Queuing
Answer: BC
NEW QUESTION 23
Uplink floating state ( up and down ) .what you can do to solve this problem ?
A. route summary
B. Cisco Express Forwarding
C. BFD
D. UDLD
Answer: A
NEW QUESTION 25
Which two metric are used by EIGRP by default to calculate its cost ? (Choose two)
A. Bandwidth
B. Latency
C. MTU
D. Load
Answer: AB
NEW QUESTION 26
Two company want to merge their OSPF networks , but they run different OSPF domains , Which is option must be created to accomplished this requirement?
A. OSPF virtual link to bridge the backbone areas of the two company together
B. Route Summarization
C. Static OSPF
D. Redistribute routes between domains
Answer: A
NEW QUESTION 31
You need to use source specific multicast, which addressing should you use ?
A. 224.0.0.0/8
B. 232.0.0.0/8
C. 248.0.0.0/8
D. 254.0.0.0/8
E. 242.0.0.0/8
Answer: B
NEW QUESTION 36
To which network layer should Cisco Express Forwarding be tuned to support load balancing and to make more informed forwarding decisions?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6

G. Layer 7
Answer: D
NEW QUESTION 37
In which OSI layer does IS-IS operate?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Answer: B
NEW QUESTION 40
An engineer is designing an IP addressing scheme for a local company that requires multicast for its applications. For security reasons, only explicitly configured
devices can be permitted to transmit across the network. Which multicast technology and address range must the engineer select?
A. PIM-SM; 232.0.0.0/8
B. ASM; 232.0.0.0/8
C. SSM; 232.0.0.0/8
D. SSM; 224.0.0.0/8
Answer: D
NEW QUESTION 42
Which option can be implemented to manipulate the election of PIM DR to force multicast traffic to a certain path?
A. Assign a lower PIM DR priority to the PIM DR interface.

B. Assign a lower IP address to the PIM DR interface.
C. Assign a higher PIM DR priority to the PIM DR interface.
D. Increase the cost on the PIM DR interface.
Answer: C
NEW QUESTION 47
Which one of these could you implement to sustain a large DDoS attack?
A. Stateful firewall
B. uRPF
C. Connections limits and timeouts
D. Access-lists
Answer: C
NEW QUESTION 52
An engineering team must design a firewall solution with shared hardware resources but separation of features such as ACLs, NATs, and management between
the external business partners of the organization. Which ASA deployment mode meets these requirements?
A. clustering mode
B. multicontext mode
C. transparent mode
D. routed mode
Answer: B
NEW QUESTION 53
In what situation must spanning-tree be implemented?
A. When redundant Layer 2 links, that are not part of a single EtherChannel or bundle, exist between distribution switches
B. When redundant Layer 3 links, that are not part of a single EtherChannel or bundle, exist between distribution switches
C. Between Distribution and Core switches when interfaces are configured with "no switchport"
D. Between Distribution and Core switches when VSS is configured
Answer: A
NEW QUESTION 56
Transition to Named EIGRP without causing an outage?
A. router eigrp NAME

B. router eigrp 1 named NAME
C. router eigrp 1eigrp upgrade-cli NAME
D. interface fa0/1ip router eigrp 1 named NAME
Answer: C

NEW QUESTION 59
Port Security supports which type of port?
A. IEEE 802.1Q tunnel port

B. Dynamic trunk
C. Port-channel
D. Routed port
Answer: A
NEW QUESTION 64
An engineer is redesigning the infrastructure for a campus environment. The engineer must maximize the use of the links between the core and distribution layers.
By which two methods can this usage be maximized? (Choose two.)
A. Design the links between the core and distribution layers to use RPVSTP+
B. Design with multiple unequal-cost links between the core and distribution layers.
C. Design the links between the core and distribution layers to use an IGP
D. Design the links between the core and distribution layers to use HSRP.
E. Design with multiple equal-cost links between the core and distribution layers.
Answer: AD
NEW QUESTION 65
A network engineer wants to connect two sites via a WAN technology and to securely pass multicast traffic over this WAN technology. Which WAN technology
should be configured?
A. IPsec
B. GRE
C. Pure MPLS
D. GRE over IPsec
Answer: D
NEW QUESTION 66
Which interface characteristic is used to calculate cost of an interface in OSPF?
A. Bandwidth
B. Latency
C. Load
D. Reliability
Answer: A
NEW QUESTION 69
Which Cisco feature can be run on a Cisco router that terminates a WAN connection, to gather and provide WAN circuit information that helps switchover to
dynamically back up the WAN circuit?
A. Cisco Express Forwarding

B. IP SLA
C. Passive interface
D. Traffic shaping
Answer: B
NEW QUESTION 71
For which engine an IPS can use its reputation awareness? (Choose two)
A. Reputation filtering
B. Reputation subscriptions
C. Correlation rules
D. Global correlation inspection
Answer: AC
Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Correl Correlation rules -> Connection

Tracker -> URL Reputation
NEW QUESTION 76
Which two characteristics of the 802.1X standard are true? (Choose two.)
A. This standard supports only wired LANs.

B. It can package EAP messages in Ethernet frames and not use PPP.
C. It was created by IEEE
D. It was created by IETF

E. Its EAP messages always require underlying PPP protocol
Answer: BC
NEW QUESTION 80
Which two features can you implement to control which networks are advertised by a BGP router? (Choose two.)
A. prefix lists
B. route maps
C. policy maps
D. router SNMP statements
E. crypto maps
Answer: AB
NEW QUESTION 83
Which design technology allows two Cisco Catalyst chassis to use SSO and NSF to provide nonstop communication even if one of the member chassis fails?
A. peer gateway
B. VSS
C. vPC
D. auto chassis detect
Answer: B
NEW QUESTION 86
Which two options are storage topologies? (Choose two.)
A. WAS
B. DAS
C. CAS
D. NAS
Answer: BD
NEW QUESTION 88
An engineer is designing a new data center network so that the topology maintains fewer uplinks to the aggregation layer to reduce STP processing requirements.
What data center topology meets the RFP requirements?
A. mesh
B. top of rack
C. star
D. end of row
Answer: D
NEW QUESTION 90
Which QoS mechanism uses PHBs?
A. DiffServ
B. IntServ
C. CoS
D. ToS
Answer: A
NEW QUESTION 93
A company has hired an entry-level network administrator for its new data center. The company CIO wants to give the administrator limited access on the newly
configured Cisco Nexus 7000. Which feature should be used to allow limited access?
A. NAC
B. VDC
C. RBAC
D. vPC
Answer: C
NEW QUESTION 98
If your enterprise is connected to 2 ISP, which method could you use to prevent being used as a transit network? (Choose Two)
A. filter outbound
B. filter inbound
C. throw both ISP
D. choose only one ISP
E. Allow every routes inbound

Answer: AE
Explanation: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/23675-27.html
NEW QUESTION 99
You are given the 192.168.2.0/24 network and you should divide it in 4 subnets. Which statements are true regarding the first subnet? (Choose tree)
A. 62 hosts in subnet
B. 255.255.255.192 mask
C. 192.168.2.62 last host
D. 255.255.255.128 mask
E. 126 hosts in subnet
F. 192.168.2.126 last host
Answer: ABC
NEW QUESTION 104

Which two BGP attributes can be set with outbound policy to manipulate inbound traffic, if honored by the remote Autonomous system (choose two)?
A. Multi-exit discriminator (MED)

B. AS path
C. Local Preference
D. Weight
Answer: AB
NEW QUESTION 106

An Engineer is designing a Cisco Application Centric Infrastructure network ... What is the expected number of links between Spine switches?
A. 1
B. 2
C. 4
Answer: A
NEW QUESTION 110

Which two methods are available to connect a Cisco IOS device to an active directory domain for authentication? (Choose two)
A. LDAP (Lightweight Directory Access Protocol)

B. Radius
C. TACACS+
D. AAA
Answer: AB
NEW QUESTION 112

A LAN infrastructure consists of switches from multiple vendors. Spanning Tree is used as a Layer 2 loop prevention mechanism. All configured VLANs must be
grouped in two STP instances. Which standards-based Spanning Tree technology must be used?
A. MSTP
B. Rapid PVST
C. STP
D. RSTP
Answer: A
NEW QUESTION 117

When designing data centers for multitenancy, which two benefits are provided by the implementation of VSAN and zoning? (Choose two)
A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from affecting others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets
Answer: DE
NEW QUESTION 118

About DDOS attack .What you can do on device to block DDOS attack ?
A. Policy map
B. ACL
C. Control plane policy
D. Used zoned firewall on router

Answer: C
NEW QUESTION 122

Two Cisco switches with 1 SUP and many 10G line-card ports for each switch, run in VSS mode. In which case or for what reason you don't connect all VSL to
SUP?
A. The need for hardware diversity

B. Bandwidth congestion at SUP
C. In case the sup fail
D. Qos must be configured on both
Answer: A
NEW QUESTION 127

Which VPN technology supports dynamic creation of spoke-to-spoke VPN tunnels to provide a scalable design?
A. IPsec
B. GRE over IPsec
C. DMVPN
D. GRE
Answer: C
NEW QUESTION 128

Which two options are features of a scalable cluster design utilizing Cisco ASA firewalls? (Choose two)
A. Each cluster supports up to 10 ASA devices.

B. The design supports up to 100 Gbps of aggregate traffic.
C. Each member of the cluster can forward every traffic flow.
D. The design supports up to 1 Terabyte of aggregate traffic.
E. The ASA cluster actively load balances traffic flows.
Answer: BC
NEW QUESTION 130

An CSPF router should have a maximum of how many adjacent neighbors?
A. 80
B. 60
C. 100
D. 50
Answer: B
NEW QUESTION 134

Explain to a customer 2 advantages of the routing summarization.(Choose two)
A. small routing table

B. small upstream impact of a flapping interface
C. fast convergence
D. security
E. enhance view of the architecture
Answer: AB
NEW QUESTION 137

What is an advantage of using the vPC feature in a data center environment?
A. The two switches form a single control plane.

B. A single IP is used for management of both devices.
C. FHRP is not required.
D. All available uplink bandwidth is utilized.
Answer: D
NEW QUESTION 138

A company uses BGP to connect with the ISP on the enterprise network and wants to improve performance due to the increasing number of iBGP peers. Which
two design solutions address the iBGP full mesh requirement? (Choose two.)
A. Route reflectors
B. condeferations
C. AS path prepending
D. communities
E. conditional advertising

Answer: AB
NEW QUESTION 143

A link state routing protocol wants to connect tow separate domains, what should be configured (it's a question about IS-IS)?
A. Level 1 router
B. Level 1 router interface
C. Level 2 router interface
D. Level 2 router
Answer: D
NEW QUESTION 148

An engineer is trying to minimize the number of EIGRP routes within an infrastructure. Which command achieves automatic summarization?
A. ip summary-address eigrp 1 10.0.0.0 255.0.0.0

B. area 0 range 10.0.0.0 255.0.0.0
C. ip summary-address 10.0.0.0 255.0.0.0
D. router eigrp 1
E. eigrp stub
Answer: A
NEW QUESTION 149

ASA firewall cause outage....maintaining QOS in architecture ......(or)Cisco ASA in active /active mode, how to pass almost like stateful info across to the other
member?
A. ECMP
B. BFD
C. IP SLA
D. ASR groups
Answer: D
Explanation: ASR = Asymmetric routing
NEW QUESTION 151

Which OSPF concept is used to relate areas to the backbone area through another area?
A. Virtual Links
B. Backup Links
C. Inter-backbone Links
D. Point-to-point Links
Answer: A
NEW QUESTION 155

Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation?
A. Layer 2 out-of-band
B. Layer 2 in-band
C. Layer 3 out-of-band
D. Layer 3 in-band
Answer: B
Explanation: https://www.safaribooksonline.com/library/view/foundation-learning-guide/9780132652933/ch08.html "Layer 2 In-Band Designs The Layer 2 in-band

topology is the most common deployment option.
[...]
This is the most scalable design in large L2-to-distribution environments, because this design can be transparently implemented in the existing network supporting
multiple access layer switches. It supports all
network infrastructure equipment. The Cisco NAS supports per-user ACLs."
NEW QUESTION 158

On which two types of links should routing protocol peerings be established according to best practice? (Choose two.)
A. distribution links
B. end user links
C. transit links
D. core links
Answer: CD
Explanation: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html#wp110

NEW QUESTION 159

Which STP feature allows an access port to bypass the learning and listening?
A. PortFast
B. BPDU Guard
C. BPDU Filter
D. UplinkFast
Answer: A
NEW QUESTION 160

Where should loop guard the implemented in a campus network design?
A. Ports configured with port fast

B. Alternate ports only
C. Ports configured with root guard
D. Alternate, backup and root ports
Answer: D
NEW QUESTION 164

Which option is correct when using Virtual Switching System?
A. Both control planes forward traffic simultaneously

B. Only the active switch forward traffic
C. Both data planes forward traffic simultaneously
D. Only the active switch handle the control plane
Answer: C
NEW QUESTION 165

An engineer want to ensure that of the PEs are discovery in VPLS discover PS. use signaling and access to across PE router without having manually provision
VPLS neighbors, What solution must be implemented?
A. BGP autodiscovery with BGP signalling

B. BGP autodiscovery with LDP signalling
C. H-VPLS with PW-access
D. BGP-based VPLS autodiscovery
Answer: D
Explanation: https://www.cisco.com/c/en/us/td/docs/ios/12_2sr/12_2srb/feature/guide/fs_vpls.html and

https://tools.ietf.org/html/rfc4761
NEW QUESTION 167

Which ISP technology can be implemented as a service when designing a topology to perform extranet connectivity via multitenant segmentation from within a
corporate intranet?
A. Cisco Easy VPN

B. GRE over IPsec
C. MPLS
D. VTI
E. VPNaaS
Answer: C
Explanation: MPLS VPN
NEW QUESTION 168

Recently, the WAN links between the headquarters and branch offices have been slow under peak congestion, yet multiple alternate WAN paths exist that are not
always congested. What technology can allow traffic to be routed in a more informed manner to utilize transport characteristics such as delay, loss, or link load?
A. performance routing
B. static routing
C. on demand routing
D. policy based routing
Answer: A
NEW QUESTION 171

A client security policy requires separate management control planes for different divisions within the company. Which technology can be used to achieve this

requirement while minimizing physical devices?
A. Virtual routing and forwarding

B. Virtual device contexts
C. Virtual Switching System
D. Virtual Local Area Networks
E. Virtual port channels
Answer: B
NEW QUESTION 174

An organization is acquiring another company and merging two company network. No subnets overlap, but engineer must limit the networks advertised to new
organization. Which feature implements this requirement?
A. interface ACL
B. stub area
C. passive interface
D. route filtering
E. route summary
Answer: E
NEW QUESTION 176

Which option is a benefit of the vPC+ feature?
A. Cisco FabricPath is not required in the network domain.

B. This feature provides fault domain separation.
C. Nonfabric devices, such as a server or a classic Ethernet switch, can be connected to two fabric switches that are configured with vPC.
D. The control plane and management plane are combined into one logical plane.
Answer: C
NEW QUESTION 178

HSRP. Router 1 (master) and Router 2 (standby), same priority. When router 1 f0/1 (outside interface) down. With which tracking commands the Router 2 will be
able to preempt ? (Choose Two)
A. Track 50
B. Track 50 decrement 20
C. ip tracking 50 interface f0/1 reachability
D. ip tracking 50 Interface f0/1 ip routing (or line protocol)
Answer: BD
NEW QUESTION 179

Which two elements comprise the backbone area while designing a new network utilizing IS-IS as the interior gateway protocol (choose two)
A. contiguous chain of Level 2 capable routers

B. contiguous chain of Level1/Level 2 capable routers
C. set of Level 2 configured interfaces
D. contiguous Level 1 capable routers
E. set of Level 1 configured interfaces
Answer: AB
Explanation: https://www.cisco.com/en/US/products/ps6599/products_white_paper09186a00800a3e6f.shtml "Backbone IS-IS does not have a backbone area like
the OSPF area 0. The IS-IS backbone is a contiguous
collection of Level 2-capable routers, each of which can be in a different area"
http://www.ciscopress.com/articles/article.asp?p=26850&seqNum=3
"In most designs with routing hierarchy, the Level 2 routers are also Level 1 routers by virtue of their identification with a certain area. Therefore, in IS-IS, a router
can function as Level 1-only or Level 2-only and possibly as both Level 1 and Level 2 (Level 1-2). Level 1-2 routers act as border routers to their respective areas,
providing connectivity to other areas. The Level 2 backbone is essentially a virtual IS-IS area consisting of routers engaged in Level 2 routing"
NEW QUESTION 183

An engineer wants to assure that host can locate routers that can be used as a gateway to
reach IPbased devices on other networks. Which first hop redundancy protocol accomplishes this goal?
A. VRRP
B. GLBP
C. IRDP
D. HSRP
E. GSLB
Answer: C
NEW QUESTION 185

An engineer must create this design:

• Restrict certain networks from being advertised to remote branches connected via eBGP.
• Prohibit advertisement of the specific prefix to external peers only. Which BGP community must be configured to meet these requirements?
A. no-advertise
B. no-export
C. internet
D. gshut
E. local-as
Answer: B
NEW QUESTION 186

Which security Mechanism can you implement to protect the OSPF?
A. Cryptographic authentication
B. Access-lists
C. Route-maps
D. Passive interfaces
Answer: A
NEW QUESTION 188

With which technology can VSS be combined to achieve better performance?
A. MEC
B. NSF
C. BFD
D. UDLD
Answer: B
NEW QUESTION 189

The WAN link between HQ and Branch ... What Technology that to be routed in a more informed way , ...
A. Policy base routing

B. On demand routing
C. Static routing
D. Performance routing
Answer: D
NEW QUESTION 191

Which virtualization technology uses Layer 3 BFD to detect network failure between Network devices?
A. Cisco Fabric path

B. VXLAN
C. VSAN
D. VLAN
Answer: A
NEW QUESTION 192

Which L2 messaging protocol maintains VLAN configuration consistency?
A. VTP
B. STP
C. LACP
D. CDP
Answer: A
NEW QUESTION 196

An engineer is designing a redundant dual-homed BGP solution that should prefer one specific carrier under normal conditions. Traffic should automatically fail
over to a secondary carrier in case of a failure. Which two BGP attributes can be used to achieve this goal for inbound traffic?
A. AS-PATH
B. weight
C. origin
D. local preference
E. MED
Answer: AE
Explanation: Topic 2, Exam Pool B

NEW QUESTION 197

An engineer wants to have a resilient access layer in data center so that switches on the access layer have separate physical connections to a pair of redundant
distribution switches. Which technology achieves this goals?
A. PaGP
B. LACP
C. VSL
D. EVPC
E. VSS
F. ECMP
Answer: E
NEW QUESTION 200

Which technology you will use to connect 2 data centers and extend layer 2 VLANs? (Choose two)
A. OTV
B. VXLAN
C. FabricPath
D. IS-IS
Answer: AC
NEW QUESTION 205

What multicast design would you use that cannot use rendezvous points?
A. Pim bidirectional
B. Pim Sparse
C. Pim Dense
D. Pim-SSM
Answer: D
NEW QUESTION 209

Which technology you will use to connect 2x Data Centres and extend Layer 2 VLANs? (Choose two)
A. OTV
B. VXLAN
C. Fabric Path
D. IS-IS
Answer: AB
NEW QUESTION 212

What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?
A. IPX
B. microsoft Netbios
C. IPv6
D. IPv4
Answer: C
NEW QUESTION 215
Answer:

Explanation:
NEW QUESTION 220

What are the two main characteristic of 802.1x (choose 2)
A. EAP messages in Ethernet frames and don't use PPP

B. works only on wired connections
C. It's created by IETF
D. It's created by IEEE
Answer: AD
NEW QUESTION 222

A company wants to configure BGP on a router so that other BGP neighbors cannot influence the path of a particular route .which action must be taken to
accomplish this configuration ?
A. Configure a low router ID for the route

B. Configure a high local preference for the route
C. Configure a high weight for the route
D. Configure a low MED for the route
Answer: B
NEW QUESTION 226

What is the characteristic of bidirectional PIM?
Answer:
Explanation: Explicitly builds shared bidirectional trees.
NEW QUESTION 227

Which option simplifies encryption management?
A. GET VPN
B. MPLS VPN
C. IPsec VPN
D. CISCO Easy VPN
E. GRE
Answer: A
NEW QUESTION 231

Which option is a design recommendation for route summarizations?
A. Filtered redistribution for the prevention of re-advertising of routes

B. Routing protocol stub areas
C. Route summarization for scalable routing and addressing design
D. Defensive route filtering to defence against inappropriate routing traffic
E. Route summarization to support greater volumes of transit traffic
Answer: B
NEW QUESTION 232

An engineer is considering uplink bandwidth over-subscription in a Layer 3 network design. Which option is the Cisco recommended over-subscription ratio for
uplinks between the distribution and core layers?

A. 3 to 1
B. 4 to 1
C. 6 to 1
D. 8 to 1
Answer: B
NEW QUESTION 236

AConsultant has been tasked with QoS design. The customer has specified that for the application end-to-end bandwidth has to be specified. With what can you
accomplish this?
A. IntServ with RSVP

B. DiffServ
C. CoS markings
D. DSCP markings
Answer: A
NEW QUESTION 240

At which layer in the ACI fabric are policies enforced?
A. leaf
B. spine
C. APIC
D. endpoint
Answer: C
NEW QUESTION 242

What command essentially turns on auto summarization for EIGRP?
A. area 0 range 10.0.0.0 255.0.0.0.0

B. router eigrp 1
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. ip summary-address 10.0.0.0 255.0.0.0
E. eigrp stub
Answer: C
NEW QUESTION 243

What need to be added to the R1 configuration to allow R2 be the active in case of R1 failure? (Choose two)
(There is a diagram showing one switch connected with 2x links to 2x HSRP routers (R1 and R2). They are connected to two user computers. The HSRP
configuration for R1 and R2 is the same.
A. ip track 50 ip route 10.1.1.0 ...

B. ip track 50 interface f0\1 line-protocol (or ip routing)
C. track 50 decrement 20
D. track 50 shutdown
Answer: BC
NEW QUESTION 247
Answer:
Explanation:

NEW QUESTION 249

What is the preferred protocol for a router that is running an IPv4 and IPv6 dual stack configuration?
A. IPX
B. Microsoft NetBIOS
C. IPv6
D. IPv4
Answer: C
NEW QUESTION 251

Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two) (E)
A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are not associated with EPGs
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs
Answer: AF
Explanation: There may be times when the ACI administrator might need to deny traffic that is allowed by another contract. Taboos are a special type of contract
that an ACI administrator can use to deny specific traffic that would otherwise be allowed by another contract. Taboos can be used to drop traffic matching a
pattern (any EPG, a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of regular contracts are applied. Taboo
contracts are not recommended as part of the ACI best practices but they can be used to transition from traditional networking to ACI. To imitate the traditional
networking concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain types of traffic."
NEW QUESTION 256

When designing a layer 2 STP-based LAN with Layer 3 FHRP, which design recommendation should be followed?
A. Avoid modifying default STP and FHRP timers.

B. Assign the native VLAN to the lowest number in use.
C. Avoid configuring router preemption.
D. Align the STP root with the active FHRP device.
Answer: D
NEW QUESTION 257

A network manager wants all remote sites to be designed to communicate dynamically with each other using DMVPN technology without requiring much
configuration on the spoke routers. DMVPN uses which protocol to achieve this goal?
A. GRE
B. NHRP
C. SSH
D. ARP
Answer: B
NEW QUESTION 259

The Cisco ACI fabric consists of which design at the physical layer?
A. three-tier core, aggregation, and access

B. collapsed core network
C. full mesh
D. spine-and-leaf

Answer: D
NEW QUESTION 263

When you configure a multichassis setup with VSS, which link must be configured to extend the backplane between the two switches?
A. VSL
B. LCAP
C. PaGP
D. ISL
Answer: A
NEW QUESTION 264

What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across the WAN?
A. convergence time
B. low operating expense (OpEx)
C. low latency
D. dynamic fault-tolerance
Answer: B
NEW QUESTION 269

There's a requirement to separate networks within an organization. What technology can be used while preserving hardware?
A. Virtual Context
B. VRF
Answer: A
NEW QUESTION 274

Drag the IS-IS fast convergence components on the left to the order in which they occur on the right.
Answer:
Explanation: First – Failure detection time

Second – Event propagation time
Third – SPF run time
Fourth – RIB FIB update time
NEW QUESTION 275

What results to connect 2 VSS routers on 10G card over Supervisor engine ports?
A. It will cause loop

B. Design lacks of hardware diversity
Answer: B
NEW QUESTION 276

An engineer is designing a network using RSTP. Several devices on the network support only legacy STP. Which outcome occurs?
A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate, but the fast convergence is not used.
Answer: D
NEW QUESTION 279

A network engineer must use an Internet connection to provide backup connectivity between two sites. The backup must be encrypted and support multicast.
Which technology must be used?

A. DMVPN
B. GRE over IPSec
C. IPSec direct encapsulation
D. GETVPN
Answer: B
NEW QUESTION 284

Which ASA to action with Web traffic to treat both HTTP and HTTPS for local internet proxy?
A. Redirect traffic HTTP & HTTPS to WSA using wccp

B. Send traffic for inspection to CWS
C. Send traffic to a different port for http & https monitoring to WSA using L2TP.
D. Use IPS module in ASA for inspection
Answer: A
NEW QUESTION 289

Which VPN connectivity representing both Hub-and-Spokes and Spokes-to-Spokes?
A. DMVPN
B. IPSec VPN
C. VPN Router
D. VPN hub
Answer: A
NEW QUESTION 290

Which of the following EIGRP configuration recommendation in layer 3-access switch?
A. Static route...
B. EIGRP stub...
Answer: B
NEW QUESTION 291

What location are security policies enforced in ACI?
A. leaf
B. spine
C. core
D. distribution
Answer: A
NEW QUESTION 294

The network engineering team for a large university must increase the security within the core of the network by ensuring that IP traffic only originates from a
network segment that is assigned to that interface in the routing table. Which technology must be chosen to accomplish this requirement?
A. VLAN access control lists

B. Unicast Reverse Path Forwarding
C. Intrusion prevention system
D. ARP inspection
Answer: A
NEW QUESTION 296

A customer would like to implement a firewall to secure an enterprise network. However, the customer is unable to allocate any new subnets. What type of firewall
mode must be implemented?
A. routed
B. active/standby
C. transparent
D. virtual
E. active/active
F. zone based
Answer: C
NEW QUESTION 299

One-to-one ratio mapping for access switches close to servers?
A. ToR
B. EoR
C. …

D. …
Answer: A
NEW QUESTION 304

An engineer is designing a multicluster bgp network, each cluster has 2 RRs and 4 RR clients which 2 options must be considered?
A. Clients from all clusters should peer with all RRs

B. All route reflectors should be non client peers & topology partially meshed
C. All RRs must be non client peers in a fully meshed topology
D. Clients must not peer with IBGP speakers outside the client router
E. Clients should peer with at least one other client outside it’s cluster
Answer: DE
NEW QUESTION 307

A network Engineer is designing a hierarchical design and needs to optimize WAN design. On what group of devices can a network engineer summaries routes to
remote WAN sites?
A. Core
B. Distribution
C. Data Center Distribution WAN Edge
D. WAN Edge
E. Campus access distribution layer
Answer: B
Explanation: Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN Edge and towards campus & data center
NEW QUESTION 309

A network engineer wants to segregate three interconnected campus network via IS-IS
routing. A two-layer hierarchy must be used to support large routing domains to avoid more specific routes from each campus network being advertised to other
campus network routers automatically. What two actions should be taken to accomplish this segregation? (Choose two).
A. Assign a unique IS-IS NET value for each campus and configure internal campus routers with level 1 routing.
B. Designate two IS-IS routers from each campus to act as a Layer 1/Layer 2 backbone routers at the edge of each campus network.
C. Designate two IS-IS routers as BDR routers at the edge of each campus.
D. Assign similar router IDs to all routers within each campus.
E. Change the MTU sizes of the interface of each campus network router with a different value
Answer: AB
NEW QUESTION 310

Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology? (Choose two)
A. redundancy
B. bandwidth
C. cost
D. delay
E. hops
Answer: BD
NEW QUESTION 315

Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose Two.)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
C. It is removed by the Cisco ISE before reaching the endpoint.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal services
E. Best Practice dictates that deployments should include a security group for common services such as DNS and DHCP
Answer: AE
NEW QUESTION 318

An engineer is designing a multitenant network that requires separate management access and must share a single physical firewall. Which two features support
this design? (Choose 2)
A. Site-to-Site VPN
B. dynamic routing protocols
C. multicast routing
D. threat detection
E. quality of service
F. unified communications
Answer:

AE
NEW QUESTION 322
Answer:
Explanation:
NEW QUESTION 323

A network designer needs to explain the advantages of route summarization to a client. Which two options are advantages that should be included in the
explanation? (Choose Two)
A. Increases security by advertising fake networks.

B. Reduces routing table size.
C. Advertises detailed routing size
D. Utilizes the routers full CPU capacity.
E. Reduces the upstream impact of a flapping interface.
Answer: BE
NEW QUESTION 325

Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology (choose two):
A. redundancy
B. bandwidth
C. cost
D. delay
E. hops
Answer: BD
NEW QUESTION 329

A client request includes a network design that ensures all connections between the access layer and distribution layer are active and forwarding traffic at all times.
Which design approach achieves this request?
A. Enable backbone fast on the two distribution switches and create a port channel between each access layer switch and both distribution switches
B. Configure HSRP for all VLANs and adjust the hello timer for faster convergence
C. Configure Rapid PVST+ and adjust the timers for fast convergence
D. Create a VSS between the two distribution switches and also create a MEC between the VSS and each access layer switch.
Answer: D
NEW QUESTION 333

A network link is going up and down rapidly, and it is hindering network performance and routing table stability. Which option can be configure to insulate against
the performance impact of interface or link failure throughout the network?"
A. Distributed Cisco Express Forwarding switching

B. Secondary IP addressing
C. route summarization
D. default route propagation
Answer: C
NEW QUESTION 336

Which two technologies can be used to interconnect data centers over an IP network and provide Layer 2 LAN extension? (Choose two.)
A. IS-IS
B. VXLAN
C. TRILL
D. Fabric Path
E. OTV
Answer: BE
NEW QUESTION 337

A network design team tasked to address congestion, QoS has been implemented but no longer effective?
A. Bundle additional uplinks into logical etherchannels

B. Configure selective packet discard to drop non-critical network traffic
C. Implement highspeed uplink interfaces
D. Reconfigure QoS based on intserv
E. Utilize random early detection
Answer: AC
NEW QUESTION 342
Answer:
Explanation:
NEW QUESTION 346

A large-scale IP SLA deployment is causing memory and CPU shortages on the routers in an enterprise network. Which solution can be implemented to mitigate
these issues? (E)
A. An offline router for disaster recovery

B. a CPE device that is managed by the network provider
C. A shadow router
D. A standby router for failover operation
Answer: C
NEW QUESTION 351

A network engineer is designing a network that must incorporate active-active redundancyto eliminate disruption when a link failure occurs between the core and
distribution layer.
What two technologies will allow this? (Choose two.)
A. Equal Cost Multi-Path (ECMP)

B. Rapid Spanning Tree Protocol Plus (RSTP+)
C. Hot Standby Routing Protocol (HSRP)
D. Rapid Spanning Tree Protocol (RSTP)
E. EtherChannel (MEC)
Answer: CE

NEW QUESTION 355

Web server placed in front of the firewall in ACI?
A. Application profile
B. L4-L7 services
Answer: B
NEW QUESTION 356

Company has asked for an OOB management network design. Which option is one Cisco best practice parameter that must be followed?
A. Data networks must be limited to SSH, NTP, FTP, SNMP and TaCACS+ protocols
B. Data networks must never traverse the management network
C. Data networks and management networks must be in the routing table
D. Data networks must traverse the management network as a backup path
Answer: B
NEW QUESTION 359

Which option must be included in the design when implementing a triangle looped access layer design?
A. first hop redundancy protocol.

B. Single uplinks between access and distribution switches.
C. Layer 2 links between access switches.
D. Layer 3 links between distribution switches.
Answer: A
NEW QUESTION 360
Refer to the exhibit. An engineer must provide a redesign for the distribution and access layers of the network. Which correction allows for a more efficient design?
A. Change the link between Distribution Switch A and Distribution Switch B to be a routed link.
B. Reconfigure the Distribution Switch A to become the HSRP Active.
C. Create an EtherChannel link between Distribution Switch A and Distribution Switch B.
D. Add a link between Access Switch A and Access Switch B.
Answer: B
NEW QUESTION 365

A customer is discussing QoS requirements with a network consultant. The customer has specified that end-toend
path verification is a requirement. Which QoS architecture is most appropriate for the requested design?
A. marking traffic at the access layer with DSCP to support the traffic flow
B. marking traffic at the access layer with CoS to support the traffic flow
C. RSTP mdoel with PHB to support the traffic flows
D. IntServ model with RSVP to support the traffic flows
Answer: D
NEW QUESTION 368

Which technology should a network designer combine with VSS to ensure a loop free topology with optimal convergence time?
A. Portfast
B. UplinkFast
C. RPVST +
D. Multichassis EtherChannel

Answer: D
NEW QUESTION 373

What is the next action taken by the Cisco NAC Appliance after it identifies vulnerability on a client device?
A. Denies the client network resource access

B. Repairs the effected devices
C. Generates a Syslog message
D. Permits the client but limits to guest access
Answer: B
Explanation: The Cisco NAC Appliance (formerly Cisco Clean Access) is a product that allows network administrators to authenticate, authorize, evaluate, and
remediate wired, wireless, and remote users and their machines prior to allowing users onto the network. It identifies whether networked devices such as laptops,
IP phones, personal digital assistants, or printers are compliant with an organization's security policies, and repairs any vulnerabilities before permitting access to
the network. NAC Appliance lets you block access or quarantine users who do not comply with your security requirements, NAC Appliance enforces security
policies by blocking, isolating, and repairing noncompliant machines in a quarantine area without needing administrator attention. Quarantining allows remediation
servers to provide operating system patches and updates, virus definition files, or endpoint security solutions to compromised or vulnerable devices. Since there is
no any word regarding quarantine in option B, denying access to clients would be the next action by NAC Appliance.
NEW QUESTION 375

A network consultant is designing an Internet Edge solution and is providing the details around the flows supporting a local Internet Proxy. How is on-premises web
filtering supported?
A. A cisco ASA uses an IPS module to inspect HTTP and HTTPS traffic.
B. ACisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP.
C. ACisco ASA connects to the web security appliance via TLS to monitor HTTP and HTTPS traffic.
D. ACisco ASA redirects HTTP and HTTPS traffic to CWS with a Web Security Connector.
Answer: B
NEW QUESTION 377

An engineer must add a new firewall in front of the public web server infrastructure in an ACI network. Which ACI function is used to accomplish this requirement?
A. Application Network Profile

B. Service chaining
C. Static binding
D. Layer 4-7 services
Answer: D
NEW QUESTION 382

Which router device group summarizes for WAN sites on which level?
A. Core
B. Distribution
C. Access-layer within campus
D. Distribution in data center
E. WAN edge
Answer: A
NEW QUESTION 383

An engineer must design a Cisco VSS-based configuration within a customer campus network. The two VSS switches are provisioned for the campus distribution
layer and each one has a single supervisor and multiple 10 gigabit line cards. Which option is the primary reason to avoid plugging both VSL links into the
supervisor ports?
A. The implementation creates a loop

B. The design lacks optimal hardware diversity
C. Limited bandwidth is available for VSS convergence
D. QoS is required on the VSL links
Answer: B
Explanation: The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different sources. Doing this might require having one
port from the supervisor and other from a Cisco 6708 line card.
When configuring the VSL, note the following guidelines and restrictions:
For line redundancy, we recommend configuring at least two ports per switch for the VSL. For module redundancy, the two ports can be on different switching
modules in each chassis.
NEW QUESTION 387

An engineer is designing an infrastructure to use a 40 Gigabit link as the primary uplink and a 10 Gigabit uplink as the alternate path. Which Routing protocol
allows for unequal cost load balancing?

A. Ospf
B. Eigrp
C. ISIS
D. BGP
E. RIP
Answer: B
Explanation: Traffic Sharing

EIGRP not only provides unequal cost path load balancing, but also intelligent load balancing, such as traffic sharing. In order to control how traffic is distributed
among routes when there are multiple routes for the same
destination network that have different costs, use the traffic-share balanced
command. With the keyword
balanced, the router distributes traffic proportionately to the ratios of the metrics that are associated with different routes.
NEW QUESTION 390

An engineer wants to have a resilent access layer in data center so that switches on the access layer have separate physical connections to a pair of redundant
distribution switches. Which technology achieves this goals?
A. PaGP
B. LACP
C. VSL
D. EVPC
E. VSS
F. ECMP
Answer: E
NEW QUESTION 394

An OSPF router should have a maximum of how many adjacent neighbors?
A. 100
B. 80
C. 60
D. 50
Answer: C
NEW QUESTION 396

What is one function of key server in Cisco GETVPN deployment?
A. sending the RSA certificate

B. providing preshared keys
C. maintaining security polices
D. providing the group ID
Answer: C
Explanation: Key server is responsible for maintaining security policies, authenticating the GMs and providing the session key for encrypting traffic. KS
authenticates the individual GMs at the time of registration. Only after successful registration the GMs can participate in group SA.
https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transportvpn/deployment_guide_c0
NEW QUESTION 399

A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has already been implemented and optimized, and it is no
longer effective in ensuring optimal network performance. Which two actions can improve network performance? (Choose two.)
A. Reconfigure QoS based on the IntServ model.

B. Configure selective packet discard to drop noncritical network traffic.
C. Implement higher-speed uplink interfaces.
D. Bundle additional uplinks into logical EtherChannels.
E. Utilize random early detection to manage queues.
Answer: CD
NEW QUESTION 400

A company is Multi-Homed to different service providers running BGP. Which action ensures that the company AS does not become a transit AS?
A. Create a distribute list that filters all routes except the default route and applies to both BGP neighbour interfaces in the inbound direction
B. Create a distribute list that filters all routes except the default route and applies to a single BGP neighbour in the outbound direction
C. Create prefix list that matches the company prefixes and applies to both BGP neighbour definitions in the outbound direction.
D. Create a route map that matches the provider BGP communities and networks and applies to both BGP neighbour interfaces in the outbound direction.
Answer: C
NEW QUESTION 401

Which two options are characteristics of bidirectional PIM? (Choose two)
A. A registration process is required

B. It is ideal for many-to-many host applications
C. The creation of a source tree is required
D. A designated forwarder is not required
E. It enables scalability with a large number of sources
Answer: BE
NEW QUESTION 402

What is the result of a successful RFP check?
A. The packet is dropped because it arrived on the interface used to route traffic back to the source address.
B. The packet is forwarded because it arrived on the interface used to route traffic back to the source address.
C. The packet is forwarded because it arrived on the interface used to route traffic to the destination address.
D. The packet is dropped because it arrived on the interface used to route traffic to the destination address.
Answer: A
NEW QUESTION 405

Which OSPF option can you configure to connect two parts of a partitioned backbone through a nonbackbone area?
A. route summarization
B. a virtual link
C. an NSSA
D. a static OSPF neighbor
Answer: B
NEW QUESTION 408

When 2 distribution switches are configured for VSS, what needs to be done to extend back plane connectivity? (E)
A. ISL
B. VSL
C. VSS
Answer: B
NEW QUESTION 410

A network consultant is designing an Internet Edge solution and is providing the details around the flow supporting a local Internet Proxy. How is on-premises web
filtering supported?
A. ACisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP
B. ACisco ASA uses an IPS module to inspect HTTP and HTTPS traffic
C. ACisco ASA redirects HTTPS and HTTPS traffic to CWS with a Web Security Connector
D. ACisco ASA connects to the web Security Appliance via TLS to monitor HTTP and HTTPS traffic
Answer: A
NEW QUESTION 413

A network engineer must create a backup network connection between two corporate sites over the Internet using the existing ASA firewalls. Which VPN
technology best satisfies this corporate need?
A. VPLS
B. DMVPN
C. GETVPN
D. IPSec
E. MPLS
F. OTV
Answer: D
NEW QUESTION 418

Drag the task on the left to the appropriate layer category on the right.

Answer:
Explanation:
NEW QUESTION 419

A network consultant is designing an enterprise network that includes an IPsec headend termination device. Which two capabilities are the most important to
consider when assessing the headend device’s scalability? (Choose two.)
A. bandwidth capabilities
B. packets per second processing capability
C. CPU capabilities
D. number of tunnels that can be aggregated
E. memory capabilities
Answer: BD
NEW QUESTION 421

What should be implemented to prevent exceeding the 50mb allowable bandwidth of internet circuit?
A. policing
B. shaping
C. CIR
D. rate-limit
Answer: B
NEW QUESTION 422

Which two options regarding the Cisco TrusSec Security Group Tag are true? (Choose Two.)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login.
B. Best practice dictates it should be statically created on the switch.
D. Best Practice dictates that deployments should include a guest group allowing access to minimal services.
Answer: AE
NEW QUESTION 426

While designing a wide area network, the network team wants to avoid undesired transit traffic through remote branch sites with multiple WAN connections. Which
option can be used to manage traffic flows in the remote network?
A. route weighting
B. route tagging
C. route filtering
D. route leaking
Answer: C
NEW QUESTION 429

One-to-one ratio mapping for access switches close to servers.
A. ToR
B. EoR
Answer: A
Explanation: Topic 3, Exam Pool C
NEW QUESTION 434

A network team must provide a redundant secure connection between two entities using OSPF. The primary connection will be an Ethernet Private Line and the
secondary connection will be a site-to-site VPN. What needs to be configured in order to support routing requirements for over the VPN connection?
A. GRE Tunnel
B. HTTPS
C. Root Certificate
D. AAA Server
Answer: A
NEW QUESTION 437

An engineer must design a Cisco VSS-based configuration within a customer campus network. The two VSS switches are provisioned for the campus distribution
layer… Which option is the primary reason to avoid plugging both VSL links into the supervisor ports?
A. The implementation creates a loop

B. The design lacks optimal hardware diversity
C. Limited bandwidth is available for VSS convergence
D. QoS is required on the VSL links
Answer: B
Explanation: The best-practice recommendation for VSL link resiliency is to bundle two 10-Gbps ports from different sources. Doing this might require having one
port from the supervisor and other from a Cisco 6708 line card. When configuring the VSL, note the following guidelines and restrictions:
For line redundancy, we recommend configuring at least two ports per switch for the VSL. For module redundancy, the two ports can be on different switching
modules in each chassis.
NEW QUESTION 441

A network manager wants all remote sites to be designed to communicate dynamically with each other using DMVPN technology without requiring much
configuration on the spoke routers. Which protocol is use by DMVPN to achive this goal?
A. GRE
B. NHRP
C. SSH

D. ARP
Answer: B
NEW QUESTION 445

Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What are two advantages of using Cisco FabricPath
technology? (Choose two)
A. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load balancing between redundant paths.
B. Cisco FabricPath provides MAC address scalability with conversational learning.
C. Loop mitigation is provided by the TTL field in the frame.
D. Cisco FabricPath is IETF-standard and is not used with Cisco products.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all campus networks.
Answer: BC
NEW QUESTION 448

A Network administrator want to increase the security level in the core layer and want to confirm that the users that have their default GW on an interface in the
core switch can access specific networks and can’t access the remaining networks. Which feature can help him to achieve this?
A. vlan access control list

B. …
C. …
D. …
Answer: A
NEW QUESTION 449

An engineer has to deploy a firewall where the ACLs, NAT, and management are separated for his customers. Which mode do you need to run it in?
A. Transparent
B. Multicontext
C. Routed
D. IPS
Answer: B
NEW QUESTION 452

What multicast design would you use that cannot use rendezvous points....don't remember the complete
A. Pim bidirectional
B. Pim Sparse
C. Pim Dense
D. Pim-SSM
Answer: D
NEW QUESTION 455

What is the primary benefit of deployment MPLS over the WAN as opposed to extending VRF-lite across the WAN?
A. Convergence time
B. Low operating expense (OpEx)
C. Low latency
D. Dynamic fault-tolerance
Answer: B
NEW QUESTION 457

A network engineer wants to limit the EIGRP query scope to avoid high CPU and memory utilization on low-end routers as well as limiting the possibility of a stuck-
in-active routing event between HQ and branch offices. Which way to achieve these goals?
A. Configure different Autonomous System number per each branch office and HQ and redistribute routes between autonomous systems.
B. Configure all routers at branch offices as EIGRP stub and allow only directly connected networks atBranch offices to be advertised to HQ
C. Configure all routers at branch offices as EIGRP stub
D. Configure all routers at HQ and branch offices as EIGRP stub
Answer: C
NEW QUESTION 459

A customer has an existing Wan circuit with a capacity 10 mbps. The circuit has 6 Mbps of various user traffic and 5 mbps of real-time audio traffic on average.
Which two measures could be taken to avoid loss of real time Traffic? (Choose Two)
A. Police the traffic to 5 mbps and allow excess traffic to be remarked to the default queue
B. Configure congestion avoidance mechanism WRED within the priority queue
C. Policy the traffic to 3.3 mbps and allow excess traffic to be remarked to the default queue

D. Increase the wan circuit bandwidth

E. Ensure that real time traffic is prioritized over other traffic
Answer: AE
NEW QUESTION 461

"Which technology you will use to connect 2 data centers and extend layer 2 Vlans?"
A. OTV
B. VXLAN
C. FabricPath
D. IS-IS
Answer: A
NEW QUESTION 463

What security feature would require a packet to be received on the interface that the interface would use to forward the return packet?
A. urpf
B. arp inspection
C. vlan acl
D. …
Answer: A
NEW QUESTION 464

What protocol is used for connectivity between VSS layers?
A. PAgP
B. IVR
C. ISL
D. VSL
E. ...
Answer: D
NEW QUESTION 466

A network engineer is designing a dual router, dual ISP solution and must prefer one ISP for inbound traffic over the other. Which two BGP attributes can be
manipulated to accomplish this goal? (Choose two)
A. AS path
B. MED
C. local preference
D. weight
E. origin code
Answer: AB
Explanation: Note : local pref and weight are for the other direction .
NEW QUESTION 471

Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two)
A. It is assigned by the Cisco ISE to the user or endpoint session upon login
B. Best practice dictates it should be statically created on the switch
D. Best Practice dictates that deployments should include a guest group allowing access to minimal services
Answer: AE
NEW QUESTION 472

An engineer is designing a multi cluster BGP network, each cluster has two Route Reflectors and four Route Reflector clients. Which 2 options must be
considered? (Choose two)
A. Clients from all clusters should peer with all Route Reflectors
B. All Route Reflectors should be non-client peers in a partially meshed topology
C. All Route Reflectors must be non-client peers in a fully meshed topology
D. Clients must not peer with iBGP speakers outside the client router
E. Clients should peer with at least one other client outside it’s cluster
Answer: CD
NEW QUESTION 474

What is the built in native security to ACI?
A. IPS
B. Native Deny
C. EPG to EPG ...
D. ACL
Answer: B
Explanation: All the traffic between servers is denied (micro segmentation), to allow the traffic between EPGs we need to configure contracts.
NEW QUESTION 476

Which Cisco NAC Appliance design is the most scalable in large Layer 2-to-distribution implementation?
A. Layer 2 out-of-band
B. Layer 2 in-band
C. Layer 3 out-of-band
D. Layer 3 in-band
Answer: B
NEW QUESTION 479

What 2 statements are correct when it comes to PIM-BIDIR.
A. Used in many-to-many multicast implementations

B. The IP-address from any interface in a router can be used as RP-address
C. The RP address dont have to be an IP in the router
D. Explicit join-messages are used to signal grp membership in PIM-BIDIR
Answer: AB
NEW QUESTION 484

Which two BGP attributes can be set with outbound policy to manipulate inbound traffic, if honoured by the remote Autonomous system? (Choose two)
A. Multi-exit discriminator
B. AS path
C. Local Preference
D. Weight
Answer: AB
NEW QUESTION 486

All links between distribution and core layer must be active, how can we archive this goal? Choose two
A. Equal-cost links
B. Unequal-cost links
C. HSRP
D. IGP
E. PVRSTP+
Answer: AD
NEW QUESTION 488

An engineer is designing a network with OSPF and must filter ingress routes form a partner network that is also running OSPF. Which two design options are
available for this configuration? Choose two
A. Use a different routing protocol such as EIGRP between the networks

B. Configure a different OSPF area that would prevent any unwanted routes from entering the network
C. Use a distribution-list in the OSPF process to filter out the routes
D. Use access list on the ingress interface to prevent the routes from entering the network
E. Design a filter using prefix list to ensure that the routes are filtered out at the redistribution point
Answer: CE
NEW QUESTION 493

When a site has Internet connectivity with two different ISP's, which two strategies are recommended to avoid becoming a BGP transit site? (Choose two)
A. Use a single service provider

B. Filter routes outbound to the ISPs
C. Accept all inbound routes from the ISPs
D. Filter routes inbound from the ISPs
E. Advertise all routes to both ISPs
Answer: BC

Explanation: When connecting to multiple exit points from your AS and peering with multiple ISPs, there is a danger that by misconfiguration, you advertise routes
that are received from one ISP to the other ISP. Your AS can become a transit area for Internet traffic of other networks, which can cost you money and resources.
You can easily avoid this situation by advertising only your assigned address space to all adjacent ISPs (also, you can advertise only your local AS and filter out
the other ASs using BGP AS-path filter).
From a design point of view, this model (Multi-homing with Two ISPs) requires careful design consideration.
For example, to avoid making the enterprise network as a transit AS/path for the two external ISPs (for example, ISP1 and ISP2), it is recommended that you
always announce only your PI address space to the ISPs you are directly connected to. If, by mistake, you advertise routes that are received from ISP1 to ISP2,
and ISP2’s policy is not restrictive enough, your AS will start to participate in the Internet traffic exchange (become a transit AS).
In addition, if AS X, as shown in Figure 5-23, decided that the path to ISP1 from AS X is shorter through your network (via ISP2), it will start sending traffic that is
destined for ISP1 to your router. Your router will happily route the traffic to ISP1, but the problem is that this extra traffic might leave your users with no bandwidth
for themselves and, as a result, it will impact the overall user experience. Also, this situation raises a high security concern, because external traffic from an
unknown network, traffic that could be malicious, will be using your corporate network as a transit path. Therefore, you, as the network designer, need to ensure
that only the enterprise-owned PI address range is announced, combined with AS PATH filtering to permit only routes originating from the enterprise local AS to be
advertised.
To prevent your network from becoming a transit AS, make sure that you advertise only your own PI address space to both ISPs by using outbound route filtering,
BGP AS-PATH filtering, or a combination of both.
NEW QUESTION 495

An engineer set up a multicast network design using all three Cisco supported PIM modes. Which are two characteristics of Bidirectional PIM in this situation are
true?
A. In Bidirectional PIM, the RP IP address does not need to be a router.

B. Bidirectional PIM is deigned to be used for one-to-many applications.
C. In Bidirectional PIM, the RP IP address can be shared with any other router interface.
D. ACisco router cannot support all three PIM modes simultaneously.
E. Membership to be bidirectional group is signaled via explicit join messages.
Answer: CD
NEW QUESTION 498

An engineer is designing a QoS architecture for a small organization and must meet these requirements:
- Guarantees resources for a new traffic flow prior to sending
- Polices traffic when the flow does not conform Which QoS architecture model will accomplish this?
A. auto quality of service

B. modular quality of service
C. differentiated services
D. integrated services
Answer: D
NEW QUESTION 503

When designing data centres for multitenancy, which two benefits are provided by the implementation of VSAN and zoning? (Choose two)
A. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN fromaffecting others
C. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch
D. VSANs and zones use separate fabrics
E. Zones allow an administrator to control which initiators can see which targets
Answer: BE
NEW QUESTION 504

An OSPF router should have a maximum of how many adjacent neighbours?
A. 80
B. 50
C. 60
D. 100

Answer: C
NEW QUESTION 509

What is the outcome when RPF check passes successfully?
A. Packet is dropped because it arrived on the interface that used to forward the packet back to source.
B. Packet is dropped because it arrived on the interface that used to forward the packet back to destination.
C. Packet is forwarded because it arrived on the interface that used to forward the packet back to destination
D. Packet is forwarded because it arrived on the interface that used to forward the packet back to source
Answer: D
Explanation: Routers perform a reverse path forwarding (RPF) check to ensure that arriving multicast packets were received through the interface that is on the
most direct path to the source that sent the packets. An RPF check is
always performed regarding the incoming interface, which is considered to be the RPF interface. The RPF
check will succeed if the incoming interface is the shortest path to the source. The router
determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing protocol in cases where one exists. An example of a
dedicated multicast routing protocol is MP-BGP. It is important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change
in the unicast routing table immediately triggers an RPF recheck on most modern routers.
NEW QUESTION 514

During the integration of a new company, a network engineering team discovers that IP address space overlaps, between the two company networks.
Which two technologies can be used to allow overlapping IP addresses to coexist on shared network infrastructure? (Choose two)
A. OTV
B. VPN
C. HSRP
D. NAT
E. VRF
Answer: DE
NEW QUESTION 518

Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?
A. VRRP
B. BGP
C. IPsec
D. SSL
Answer: B
NEW QUESTION 520

One new regarding 802.1X. (Choose three)
A. Authenticates the user itself

B. Authenticates the device itself
C. If the device does not support, allow the access automatically
D. Cisco proprietary
E. Industry standard
Answer: ABE
NEW QUESTION 523

A company needs to configure a new firewall and have only one public IP address to use. The engineer needs to configure the firewall with NAT to handle inbound
traffic to the mail server in addition to internet outbound traffic. Which options could he use? (Choose two)
A. Static NAT for inbound traffic on port 25

B. Dynamic NAT for outbound traffic
C. Static NAT for outbound traffic on port 25
D. Dynamic NAT for inbound traffic
E. NAT overload for outbound traffic
F. NAT overload for inbound traffic on port 25
Answer: AE
NEW QUESTION 528

Multipath to two datacenter by L2 networks overlap addresses and must be work (2 answers)
A. vxlan
B. OTV
C. VRF
D. vpn
E. HSRP
Answer:

AB
NEW QUESTION 529

Multicast PIM-Sparse mode sends traffic overload. Which feature can reduce the multicast traffic in the access layer?
A. IGMP snooping
B. Filter at Boundaries
C. PIM Dense-Mode
D. MSDP
Answer: A
Explanation: I think solution for this one was to move STP root
NEW QUESTION 532

Drag & Drop question with regards to Cisco Application-Centric Infrastructure ACI.
Answer:
Explanation:
NEW QUESTION 536

After an incident caused by a DDOS attack on a router, an engineer must ensure that the router is accessible and protected from future attacks without making any
changes to traffic passing through the router. Which security function can be utilized to protect the router?
A. zone-based policy firewall

B. access control lists
C. class maps
D. control plane policing
Answer: D
NEW QUESTION 537

In what situation must spanning-tree be implemented?

A. when first hop redundancy protocol exists with redundant Layer 2 links between distribution switches
B. when a VLAN spans access layer switches to support business applications
C. when trunks need to extend multiple VLANs across access switches
D. when it is necessary to speed up network convergence in case of link failure
Answer: A
Explanation: Previous answer was “B” but that has now been changed to “A”.
STP (L2 loop prevention mechanism) should be implemented in topologies where possible loops may occur
and redundant L2 links between distribution switches is a very good example as long as the links are not channelled (PC, vPC, MEC). If the redundant L2 links
between distribution switches are channelled, the topology is loop free so no STP is required but the doesn’t say anything about that.
With regards to answer “A”, VLAN can be stretched between multiple access switches via distribution layer and still be loop free so (know from experience).
NEW QUESTION 538

What network technology provides Layer 2 high availability between the access and distribution layers?
A. HSRP
B. MEC
C. EIGRP
D. GLBP
Answer: B
NEW QUESTION 539

What to configure in BGP so that other BGP neighbours cannot influence the path of a route.
A. Lower MED
B. Higher Local Preference
C. Higher Weight
D. Lower Router ID
Answer: C
Explanation: The BGP golden rule is that nobody can say me what is have to do with my routes Weight is the only attribute which is not transmitted – weight can
NOT be used by any neighbor to influence me. Within my AS i can also be influenced by Loc pref.
Weight is also the first in the list. I think it is weight is the right answer – because it is local significant where nobody only me have influence on.
NEW QUESTION 544

Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups of redundant routers?
A. GLBP
B. HSRP
C. VRRP
D. VSS
Answer: A
NEW QUESTION 546

The network engineering team is interested in deploying NAC within the enterprise network to enhance security.
What deployment model should be used if the team requests that the NAC be logically inline with clients?
A. Layer 2 in-band
B. Layer 2 out-of-band
C. Layer 3 in-band
D. Layer 3 out-of-band
Answer: C
NEW QUESTION 551

While configuring WOS policy, analysis of the switching infrastructure indicates that the switches support 1P3Q3T egress queuning. wich option describes the
egress queueing in the infrastruture?
A. The threshold configuration allos of inter-queq Wos by utilizing buffers

B. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds
C. The priority queue should use less than 20% of the total bandwidth
D. The prority queue must contain real-time traffic and network management traffic
Answer: B
NEW QUESTION 554

What QoS technology allows traffic to pass even though it has exceeded the bandwidth limit but will be queued later ?
A. Shaping
B. Policing

C. Weighted Fair Queuing

D. Low Latency Queuing Correct
Answer: A
NEW QUESTION 559

An engineer is designing a multitenant network that requires separate management access and must share a single physical firewall. Which two features support
this design? (Choose two)
A. Site-to-Site VPN
B. dynamic routing protocols
C. multicast routing
D. threat detection
E. quality of service
F. unified communications
Answer: AB
Explanation: This one is a little bit trickier, separate management access means the multi-context mode
https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/hacontex pdf
Page 14 of Guidelines for Multiple Context Mode lists unsupported features, after you cross the unsupported features out - you are left with what works on a multi-
context mode firewall
NEW QUESTION 563

Seven sites are connected via OTV, what is the best practice to connect more than three sites using OTV?
A. Filter MAC address at the join interface

B. Use multicast-enabled transport
C. Use Unicast-only transport
D. Configure one edge device for each data centre
Answer: B
NEW QUESTION 567

What command essentially turns on auto summarization for EIGRP?
A. area 0 range 10.0.0.0 255.0.0.0.0

B. router eigrp 1
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. ip summary-address 10.0.0.0 255.0.0.0
E. eigrp stub
Answer: B
NEW QUESTION 572

Which technology is an example of the need for a designer to clearly define features and desired performance when designing advanced WAN services with a
service provider?
A. FHRP to remote branches

B. Layer 3 MPLS VPNs secure routing
C. Control protocols (for example Spanning Tree Protocol) for a Layer 3 MPLS service
D. Intrusion prevention, QoS, and stateful firewall support network wide
Answer: C
Explanation: This answer is an example that show that the designer did not clearly defined his needs because the SP gave a L3 service when L2 was needed. In
other dumps from Internet answer is B and I think it is right, because designer must be sure that SP provides secure routing service with needed performance, but
how control protocols works inside SP net designer.
NEW QUESTION 574

A network Engineer is designing a hierarchical design and needs to optimize WAN design. On what group of devices can a network engineer summarise routes to
remote WAN sites?
A. Core
B. Distribution
C. Data Center Distribution WAN Edge
D. WAN Edge
E. Campus access distribution layer
Answer: B
Explanation: Summarize at Service Distribution. It is important to force summarization at the distribution towards WAN Edge and towards campus & data centre

NEW QUESTION 575

Which option is the primary reason to implement security in a multicast network?
A. maintain network operations

B. allow multicast to continue to function
C. optimize multicast utilization
D. ensure data streams are sent to the intended receivers
Answer: A
NEW QUESTION 579

A company is running BGP on the edge with multiple service providers in a primary and secondary role. The company wants to speed up time if a failure was to
occur with the primary, but they are concerned about router resources. Which method best achieves this goal?
A. Utilize BFD and lower BGP hello interval

B. Decrease the BGP keep-alive timer
C. Utilize BFD and tune the multiplier to 50
D. Utilize BFD and keep the default BGP timers
Answer: D
NEW QUESTION 583

Refer to the exhibit.
A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are currently running and all interfaces are active. Which factor determines
which router becomes the active HSRP device?
A. the router with the highest MAC address for the respective group
B. the router with the highest interface bandwidth for the respective group
C. the router that boots up last
D. the router with the highest IP address for the respective group
Answer: D
NEW QUESTION 584

An organization is creating a detailed QoS plan that limits bandwidth to specific rates. Which three parameters can be configured when attempting to police traffic
within the network? (Choose three)
A. Conforming
B. Violating
C. Bursting
D. Peak information rate
E. Committed information rate
F. Exceeding
G. Shaping rate
Answer: CDE
NEW QUESTION 587

A client requirement to separate management and control layer within an organization. Which technology can be used to achieve this requirement while minimizing
physical devices?
A. Virtual Device Context

B. VRF
C. Virtual Switching System
D. Virtual Local Area Networks
E. MEC

Answer: A
NEW QUESTION 590

Which option is a design recommendation for route summarizations?
A. Filtered redistribution for the prevention of re-advertising of routes

B. Routing protocol stub areas
C. Route summarization for scalable routing and addressing design
D. Defensive route filtering to defence against inappropriate routing traffic
E. Route summarization to support greater volumes of transit traffic
Answer: B
NEW QUESTION 595

A data center is being deployed, and one design requirement is to be able to readily scale server virtualization. Which IETF standard technology can provide this
requirement?
A. Transparent interconnection of Lots of Links

B. data center bridging
C. cisco fabric path
D. cisco unified fabric
Answer: A
NEW QUESTION 600

Which one is IETF standared
A. Cisco Fabric Path

B. Data Center Bridging
C. CUS
D. Transparent Interconnection of Lots of Links
Answer: D
Explanation: The Data Center Bridging (DCB) architecture is based on a collection of open standards Ethernet extensions developed through the IEEE 802.1
working group to improve and expand
Ethernet networking and management capabilities in the data center. https**://**www.cisco.com/c/dam/en/us/solutions/collateral/data-center-
virtualization/ieee-802-1-data-centerbri at_a_glance_c45-460907.pdf
TRILL (“Transparent Interconnection of Lots of Links”) is an IETF Standard[1] implemented by devices called RBridges (routing bridges) or TRILL Switches.
https**://en.wikipedia.org/wiki/TRILL_(computing)
NEW QUESTION 602

What is one function of key server in Cisco GETVPN deployment?
A. sending the RSA certificate

B. providing pre-shared keys
C. maintaining security polices
D. providing the group ID
Answer: C
Explanation: Key server is responsible for maintaining security policies, authenticating the GMs and providing the session key for encrypting traffic. KS
authenticates the individual GMs at the time of registration. Only after
successful registration the GMs can participate in group SA. https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-
transportvpn/deployment_guide_c07_554713.html
NEW QUESTION 605

HSRP is running Bet SW A and Dist SW B. Which two links do the switches use to transmit HSRP mess? choose two
A. core Switch A, port g2/1 to distr switch A, port g3/1

B. distr Switch A, port g5/1 to distr swit B, port g5/2
C. Core Switch A, por g1/1 tp core swit B, port g1/2
D. Core Switch B, port g2/2 to distr switch b, port g3/2
E. Distr Switch A, port g4/1 to acc swi, port g1/0/1
F. Distri Switch B, port g4/2 to acc switch, port g2/0/1
Answer: EF
NEW QUESTION 606

Which two features provide resiliency in a data center? (Choose two.)
A. Cisco FabricPath
B. VTP
C. encryption

D. vPC
E. VRF
Answer: AD
NEW QUESTION 609

An engineer is designing an infrastructure to use a 40 Gigabit link as the primary uplink and a 10 Gigabit uplink as the alternate path. Which routing protocol allows
for unequal cost load balancing?
A. OSPF
B. RIP
C. EIGRP
D. BGP
E. IS-IS
Answer: C
NEW QUESTION 613

An engineer is designing a network using RSTP. Several devices on the network support only legacy STP. Which outcome occurs?
A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate but the fast convergence is not used.
Answer: D
NEW QUESTION 616

Which cisco NX-OS feature can be used to build highly scalable layer 2 multipath networks without utilizing the spanning tree protocol?
A. OTV
B. FabricPath
C. vPC
D. MST
Answer: C
NEW QUESTION 621

An engineer is implementing VXLAN to extend layer 2 traffic at three geographically diverse data centers. Which feature is required at each data center to extend
traffic?
A. VTEP
B. VRRP
C. VLSM
D. VPLS
E. VRF
Answer: A
NEW QUESTION 623

A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has already been implemented and optimized, and it is no
longer effective in ensuring optimal network
performance.
Which two actions can improve network performance? (Choose two)
A. Reconfigure QoS based on the IntServ model

B. Configure selective packet discard to drop noncritical network traffic
C. Implement higher-speed uplink interfaces
D. Bundle additional uplinks into logical Ether-Channels
E. Utilize random early detection to manage queues
Answer: CD
NEW QUESTION 625

Which option does best practice dictate for the maximum number of areas that an OSPF router should belong to for optimal performance?
A. 1
B. 2
C. 3
D. 4
E. 5
Answer: C
NEW QUESTION 627

What changes you should make in the design to optimize traffic?
A. Choose distribution switch A as HSRP active

B. Add a Layer2 link between access switches
C. Add a Layer3 point-to-point link between distribution switches
D. Configure an EtherChannel between distribution switches
Answer: A
NEW QUESTION 629

How does stub routing affect transit route in EIGRP?
A. Transit routes are passed from a stub network to a hub network

B. It prevents the hub router from advertising networks learned from the spoke
C. Transit routes are filtered from stub networks to the network hub
D. It’s designed to prevent the distribution of external routes
Answer: C
NEW QUESTION 631

about IPv4 and IPv6 on the same router (dual stack) with IS-IS
A. …
B. IS-IS
C. …
D. …
Answer: B
Explanation: - Cisco added multitopolgy support for IS-IS to increase flexibility within dual-stack environment.
- Two TLVs added:
• IPv6 reachability TLV
• IPv6 interface address TLV
- Multi topology IS-IS:
• A separate topology is kept for both IPv4 and IPv6 (some links may not be able to carry IPv6 --> Avoid traffic black-holed)
• This mode removes the restriction that all interfaces on which IS-IS is configured must support the identical set of network address families.
• A separate SFP per address family.
• Wide metric must be used.
- Single-topology IS-IS:
• One SPF instance for both IPv4 and IPv6.
• Easier to administer but network must be homogeneous.
• Due to consistency checks, a router running IS-IS for both IPv4 and IPv6 does notform an adjacency with a router running IS-IS for IPv4 or IPv6 only. Disable
consistency checks to maintain adjacencies active in heterogeneous environments. ForL1 links, this is primarily done during transition.
• As in any IS-IS design, L2 routers must be contiguous. IPv6 adjacency checks are notdone on L2 links.

NEW QUESTION 636

Two technologies that can be used to connect data centers over an IP network and provide layer 2 LAN extension
A. IS-IS
B. VXLAN
C. TRILL
D. Fabric Path
E. OTV
Answer: BE
NEW QUESTION 641

Which option is a Fundamental proccess of the cisco TrustSec tecnology?
A. Marketing
B. Detection
C. Propagation
D. Prioitization
Answer: C
Explanation: Cisco TrustSec is defined in three phases: classification, propagation, and enforcement
NEW QUESTION 644

Which option is an advantage of using PIM sparse mode instead of PIM dense mode?
A. No RP is required
B. There is reduced congestion in the network
C. IGMP is not required
D. It floods all multicast traffic throughout the network
Answer: B
NEW QUESTION 647

Which technology allows multiple instances of a routing table to coexist on the same router simultaneously?
A. VRF
B. Cisco virtual router
C. Instanced virtuer router
D. IS-IS
Answer: A
NEW QUESTION 648

Which NAC design model matches the following definitions?
- NAS is deployed centrally in the core or distribution layer.
- Users are multiple hops away from the Cisco NAS.
- After authentication and posture assessment the client traffic no longer passes through the Cisco NAS.
- PBR is needed to direct the user traffic appropriately
A. Layer 3 in-band virtual gateway

B. Layer 3 out-of-band with addressing
C. Layer 2 in-band virtual gateway
D. Layer 2 out-of-band virtual gateway
Answer: B
NEW QUESTION 650

Which of the following is a result when designing multiple EIGRP autonomous systems within the Enterprise Campus network?
A. Improves scalability by dividing the network using summary routes at AS boundaries

B. Decreases complexity since EIGRP redistribution is automatically handled in the background
C. Reduces the volume of EIGRP queries by limiting them to one EIGRP AS
D. Scaling is improved when a unique AS is run at the Access, Distribution, and Core layers of the network
Answer: A
Explanation: Chapter 2 of CiscoPress CCDP fourth edition clearly says (there is even a test at the end of the chapter) that introducing additional ASes won’t
reduce the volume of EIGRP queries as these will be forwarded across the ASes.
NEW QUESTION 654

An engineer has to design a multicast domain for some application. This multicast network should be secured. Which option should he take?
A. PIM-SM; 232.0.0.0/8

B. ASM; 232.0.0.0/8
C. SSM; 224.0.0.0/8
D. SSM; 232.0.0.0/8
Answer: D
NEW QUESTION 658

When 2 distribution switches are configured for VSS, what needs to be done to extend back plane connectivity?
A. ISL
B. VSL
C. VSS
Answer: B
NEW QUESTION 662

A company security policy states that their data center network must be segmented from the layer 3 perspective. The segmentation must separate various network
security zones so that they do not exchange routing information and their traffic path must be completely segregated. which technology achieves this goal?
A. VPC
B. VXLAN
C. VRF
D. VDC
Answer: C
NEW QUESTION 667

Which option maximizes EIGRP scalability?
A. route redistribution
B. route redundancy
C. route filtering
D. route summarization
Answer: D
NEW QUESTION 668

Which two modes for deploying cisco Trustsec are valid? Choose two
A. cascade
B. low-impact
C. open
D. high availability
E. monitor
Answer: BE
NEW QUESTION 673

Reduce security risk in BGP. Which option help to avoid rogue route injection, unwanted peering and malicious BGP activities?
A. Apply MD5 authentication between all BGP peers

B. Use GRE tunnel
C. Encrypt all traffic
D. Apply route maps and policies in route redistribution events
Answer: A
NEW QUESTION 676

Which two options describe how Taboo contracts differ from regular contracts in Cisco ACI? (Choose two)
A. Taboo contract entries are looked up with higher priority than entries in regular contracts
B. Taboo contract entries are looked up with lower priority than entries in regular contracts.
C. They are not associated with one EPG
D. They are associated with one EPG
E. Taboo contract entries are looked up based on administrator configured priority
F. They are associated with pair of EPGs
Answer: AF
Explanation: There may be times when the ACI administrator might need to deny traffic that is allowed by another contract. Taboos are a special type of contract
that an ACI administrator can use to deny specific traffic that would otherwise be allowed by another contract. Taboos can be used to drop traffic matching a
pattern (any EPG, a specific EPG, matching a filter, and so forth). Taboo rules are applied in the hardware before the rules of regular contracts are applied. Taboo
contracts are not recommended as part of the ACI best practices but they can be used to transition from traditional networking to ACI. To imitate the traditional
networking concepts, an "allow-all-traffic" contract can be applied, with taboo contracts configured to restrict certain types of traffic." EPG – End-Point Groups

NEW QUESTION 677

A customer would like to implement a firewall to secure an enterprise network, however the customer is unable to allocate any new subnets. What type of firewall
mode must be implemented?
A. active/standby
B. active/active
C. zone based
D. virtual
E. routed
F. transparent
Answer: F
NEW QUESTION 680

What are the two methods of ensuring that the RPF check passes? (Choose two)
A. implementing static mroutes

B. implementing OSPF routing protocol
C. implementing MBGP
D. disabling the interface of the router back to the multicast source
E. disabling BGP routing protocol
Answer: AC
Explanation: The router determines the RPF interface by the underlying unicast routing protocol or the dedicated multicast routing protocol in cases where one
exists. An example of a dedicated multicast routing protocol is MP-BGP.
It is important to note that the multicast routing protocol relies on the underlying unicast routing table. Any change in the unicast routing table immediately triggers
an RPF recheck on most modern routers. Having OSPF routing protocol in place won’t really ensure that the RPF check passes.
Let’s say we have implemented OSPF routing protocol within the topology below (have a look at the URL below), “R3” knows the best path to 1.1.1.0/24 is via
interface F0/0 but “R3” receives multicast packet from source server (1.1.1.1/24) on interface S0/0. The RPF will fail. We can get this fixed by implementing static
mroutes (static multicast-routes) to force multicast traffic to go back via interface S0/0 (ip mroute 0.0.0.0 0.0.0.0 s0/0)
Having unicast routing protocol (OSPF, EIGRP, BGP, RIP, IGRP, IS-IS etc) won't necessarily mean the RPF will succeed but having a multicast routing protocol
(Multipoint BGP) or dedicated multicast static routes (mroutes) will. The only which I still have is that if the multicast
routing protocol relies on the underlying unicast routing table (OSPF) how does it ensure that the RPF check passes.
https://supportforums.cisco.com/t5/network-infrastructure-documents/multicast-rpf-recovery-using-staticmultica routing/ta-p/3139007
NEW QUESTION 685

What is the physical topology of ACI?
A. spine & leaf

B. point to point
C. hub & spoke
D. spoke to spoke
Answer: A
NEW QUESTION 687

OTV to interconnect three data centers and what should there be in each data center
A. VTEP
B. vxlan ?
Answer: A
NEW QUESTION 688

L2 extention through IP in the data center (MAC-in-IP)
A. fiberpath
B. TRILL
C. OTV
D. Vxlan
Answer: C
NEW QUESTION 691

A network consultant is designing an enterprise network that includes an IPsec headend termination device. Which two capabilities are the most important to
consider when assessing the headend device's scalability? (Choose two)
A. Packets per second processing capability

B. CPU capabilities
C. Number of tunnels that can be aggregated
D. Bandwidth capabilities
E. Memory capabilities
Answer: AB

NEW QUESTION 693

Which configuration represents resiliency at the hardware and software layers?
A. multiple connections and FHRP

B. HSRP and GLBP
C. redundant supervisor and power supplies
D. dual uplinks and switches
Answer: C
NEW QUESTION 697

Which technology extends Layer 2 LANs over any network that supports IP?
A. OTV
B. VSS
C. vPC
D. VLAN
Answer: A
NEW QUESTION 699

An engineer chose to design an architecture where distribution switches are in VSS and are connected to access switches using Multichassis Etherchannel. What
is the resulting topology?
A. Looped
B. Ring
C. Hybrid
D. Star
Answer: D
NEW QUESTION 701

A company requires redundancy for its multi-homed BGP external connections. What two features can be configured on the WAN routers to automate failover for
both outbound and inbound traffic? (Choose two)
A. AS path prepending
B. local preference
C. floating static route
D. HSRP
E. MED
F. weight
Answer: AB
NEW QUESTION 702

About BGP advertising route with using community, advertise to internet but not advertise to inside network
A. no-advertise
B. no-export
C. local-as
D. internet
Answer: B
NEW QUESTION 703

A dual-homed office is opposed to using path optimization by flows. Which feature helps with application resiliency?
A. PfR
B. ATM
C. CEF
D. MLPPP
Answer: AD
NEW QUESTION 707

While designing quality of service policies, which two types of traffic must be prioritized as management traffic? (Choose two )
A. SCP
B. ICMP
C. RADIUS
D. HTTPS
E. SSH
Answer: DE

NEW QUESTION 710

A company is building a large data center. About 80% of its traffic will be north to South and the other 20% will be east to West. The company is also expecting a
significant amount of data center growth over the next 5-10 years but wants to keep the cost of growth low. Which data center design is best suited to meet these
goals'?
A. a spine and leaf design with Layer 2/3 termination on the leaf nodes
B. a two-tier design with the Layer 2 termination on data center core
C. a three user design with a Layer 3 termination on the data center core
D. a spine and leaf design with Layer 2/3 termination on the some nodes
Answer: B
NEW QUESTION 715

A legacy OSPF network design solution historically included a large number of routers in a single backbone area 0. The network currently has over 300 OSPF
routers How is this network redesigned to further expansion?
A. Implement route summarization on the routers in backbone area.

B. Use FIGRP routing protocol instead of OSPF.
C. Adjust OSPF timers to smaller values.
D. Break down area 0 into smaller nobackbone areas.
Answer: D
NEW QUESTION 718

An engineer is seeking to improve access layer convergence. Which two actions accomplish this goal? (Choose two.)
A. Prune unused VLANs to switches.

B. Implement MST.
C. Propagate all VLANs to switches
D. Configure storm control.
E. Utilize Rapid PVST+
Answer: AE
NEW QUESTION 722

Which feature regarding a FlexLink design is true?
A. It permits VLANs to extend across access switches that connect to a common aggregation module
B. All of the uplinks are in active state.
C. The aggregation layer is aware of FlexLinks.
D. It optimizes the access switch density.
Answer: A
NEW QUESTION 727

An engineer has been requested to utilize a method in an ACI network that will ensure only permitted communications are transmitted between each End Point
Group tier in a three tier application. Which element would be utilized to accomplish this within the fabric?
A. Contract
B. Subject
C. Label
D. Filter
Answer: A
NEW QUESTION 731

Which feature is a fundamental process of the Cisco TrustSec technology?
A. marking
B. detection
C. prioritization
D. propagation
Answer: D
NEW QUESTION 735

How many multicast groups can one multicast MAC address represent?
A. 1
B. 128
C. 16
D. 32
Answer: D

NEW QUESTION 738

An engineer has been asked to design a LAN topology with high Availability and the loop-free features of STP. It must also support Etherchannel between multiple
chassis and a separate control plane for each switch terminating these multiple connections. Which technology should the engineer recommend to be deployment
on the upstream switches?
A. StackWise
B. FEX
C. VSS
D. VPC
Answer: D
NEW QUESTION 742

......

Thank You for Trying Our Product
We offer two products:
1st - We have Practice Tests Software with Actual Exam Questions
2nd - Questons and Answers in PDF Format
300-320 Practice Exam Features:
* 300-320 Questions and Answers Updated Frequently
* 300-320 Practice Questions Verified by Expert Senior Certified Staff
* 300-320 Most Realistic Questions that Guarantee you a Pass on Your FirstTry
* 300-320 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year
100% Actual & Verified — Instant Download, Please Click

Order The 300-320 Practice Test Here

Powered by TCPDF (www.tcpdf.org)

Cisco - Selftestengine.300 320.study - Guide.v2019 May 25.by - Devin.221q.vce

Uploaded by

Copyright:

Available Formats

Cisco - Selftestengine.300 320.study - Guide.v2019 May 25.by - Devin.221q.vce

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Cisco - Selftestengine.300 320.study - Guide.v2019 May 25.by - Devin.221q.vce

Uploaded by

Copyright:

Available Formats

Certshared now are offering 100% pass ensure 300-320 dumps!

https://www.certshared.com/exam/300-320/ (425 Q&As)

Guaranteed success with Our exam guides visit - https://www.certshared.com

Guaranteed success with Our exam guides visit - https://www.certshared.com

A. Place the management interface on a separate VLAN

A. secure access control

A. The threshold configuration allows for inter-queue QoS by utilizing buffers.

Explanation: Cisco CWS: Cisco Cloud Web Security

A. They require less powerful routers with limited capabilities

A. The one with the higher IP address configured on the interface

Guaranteed success with Our exam guides visit - https://www.certshared.com

A. auto quality of service

Guaranteed success with Our exam guides visit - https://www.certshared.com

A. Assign a lower PIM DR priority to the PIM DR interface.

A. router eigrp NAME

Guaranteed success with Our exam guides visit - https://www.certshared.com

A. IEEE 802.1Q tunnel port

A. Cisco Express Forwarding

Explanation: https://www.cisco.com/c/en/us/td/docs/security/firepower/60/configuration/guide/fpmc-config-guide-v60/Correl Correlation rules -> Connection

A. This standard supports only wired LANs.

Guaranteed success with Our exam guides visit - https://www.certshared.com

E. Its EAP messages always require underlying PPP protocol

Guaranteed success with Our exam guides visit - https://www.certshared.com

NEW QUESTION 104

A. Multi-exit discriminator (MED)

NEW QUESTION 106

NEW QUESTION 110

A. LDAP (Lightweight Directory Access Protocol)

NEW QUESTION 112

NEW QUESTION 117

NEW QUESTION 118

Guaranteed success with Our exam guides visit - https://www.certshared.com

NEW QUESTION 122

A. The need for hardware diversity

NEW QUESTION 127

NEW QUESTION 128

A. Each cluster supports up to 10 ASA devices.

NEW QUESTION 130

NEW QUESTION 134

A. small routing table

NEW QUESTION 137

A. The two switches form a single control plane.

NEW QUESTION 138

Guaranteed success with Our exam guides visit - https://www.certshared.com

NEW QUESTION 143

NEW QUESTION 148

A. ip summary-address eigrp 1 10.0.0.0 255.0.0.0

NEW QUESTION 149

Explanation: ASR = Asymmetric routing

NEW QUESTION 151

NEW QUESTION 155

Explanation: https://www.safaribooksonline.com/library/view/foundation-learning-guide/9780132652933/ch08.html "Layer 2 In-Band Designs The Layer 2 in-band

NEW QUESTION 158

Guaranteed success with Our exam guides visit - https://www.certshared.com

NEW QUESTION 159

NEW QUESTION 160

A. Ports configured with port fast

NEW QUESTION 164