Question 1.
DRAG DROP
You work as a network technician at ITCertKeys.com. Your boss, Mrs. ITCertKeys, in Cisco client security software applications. Match the applications with the descriptions.
 

Answer:
 

Question 2.
Which two statements about Layer 3 access designs are correct? (Choose two.)

A. Broadcast and fault domains are increased
B. Limits on clustering and NIC teaming are removed
C. Convergence time is fractionally slower than STP
D. IP Address space is difficult to manage
E. Fast uplink convergence is supported for failover and fallback

Answer: D, E

Question 3.
Which two of these key fields are used to identify a flow in a traditional NetFlow implementation? (Choose two.)

A. Destination IP Address
B. Output Interface
C. Source MAC address
D. Next-hop IP Address
E. Source Port
F. Next-hop MAC Address

Answer: A, E

Question 4.
Which of these is true of IP addressing with regard to VPN termination?

A. Termination devices need routable addresses inside the VPN
B. Designs should not include overlapping address spaces between sites, since NAT is not 
    supported
C. IGP routing protocols will update their routing tables over an IPSec VPN
D. Addressing designs need to allow for summarization

Answer: D

Question 5.
When is a first-hop redundancy protocol needed in the distribution layer?

A. When preempt tuning of the default gateway is needed
B. When the design implements Layer 2 between the access switch and the distribution switch
C. When HSRP is not supported by the design
D. When a robust method of backing up the default gateway is needed
E. When multiple vendor devices need to be supported
F. When the design implements Layer 3 between the access switch and the distribution switch

Answer: F

Question 6.
Which of these practices should you follow when designing a Layer 3 routing protocol?

A. Never peer on transit links
B. Build squares for deterministic convergence
C. Build inverted U designs for deterministic convergence
D. Summarize routes at the distribution to the core to limit EIGRP queries or OSPF LSA 
    propagation

Answer: D

Question 7.
Which two statements correctly identify considerations to take into account when deciding on Campus QoS Design elements? (Choose two.)

A. Call signaling must have guaranteed bandwidth service
B. Strict-priority queuing should be limited to 50% of the capacity of the link
C. At least 23 percent of the link bandwidth should be reserved for default best-effort class
D. Voice needs to be assigned to the hardware priority queue
E. Voice needs to be assigned to the software priority queue

Answer: A, D

Question 8.
Which statement about IDS/IPS design is correct?

A. An IPS should be deployed if the security policy does not support the denial of traffic
B. Bandwidth considerations must be taken into account since IDS is deployed inline to traffic 
    flow
C. An IDS analyze a copy of the monitored traffic and not the actual forwarded packet
D. Traffic impact considerations are increased when deploying an IDS over an IPS sensor

Answer: C

Question 9.
In which two locations in an enterprise network can an IPS sensor be placed? (Choose two.)

A. Between two layer devices without trunking
B. Between two Layer 2 devices with trunking
C. Between a Layer 2 device and a Layer 3 device with trunking
D. Bridging two VLANs on one switch
E. Bridging VLANs on two switches

Answer: A, B

Question 10.
DRAG DROP
You work as a network technician at ITCertKeys.com. Your boss, Mrs. ITCertKeys, in Cisco NAC appliance components. Match the applications with the appropriate descriptions. 
 

Answer:
 

Explanation:
Network admission control (NAC) is a collection of technologies that can be used to enhance network security services. Specifically, NAC can perform posture validation, which ensures that only permitted devices can communicate on the network. 
NAC appliance has Manager, servers and client like:
1. NAC Manager
2. NAC Server
3. NAC Profile Server
4. NAC Guest Server
5. NAC Client Agent
1. Cisco NAC Appliance Manager (Cisco NAM): Acts as a NAC Appliance administration server for defining policies
2. Cisco NAC Appliance Server (Cisco NAS): Acts as a policy enforcement server between the trusted and untrusted networks
3. Cisco NAC Appliance Agent (Cisco NAA): Acts as an optional agent for Windows-based clients
4. NAC Appliance Policy Updates: Checks the status of updates applied to operating systems, antivirus signatures, and other client software

	Web www.certsbraindumps.com