|
Question 1.
Which of the following standards allows typical office applications to have access to database management systems?
A. SQL
B. JAVA
C. ODMA
D. ActiveX
Answer: A
Question 2.
ITCertKeys has determined that it should make use of a high-volume, enterprise-SQL compliant database solution. Which of the following is the BEST appropriate choice for the company?
A. DB2
B. Oracle
C. Sybase
D. Microsoft Access
Answer: B
Question 3.
Which of the following can be referred as network topologies?
A. Star
B. Bus
C. Ring
D. All of the above
Answer: D
|
Question 2. Which Cisco ASA feature enables the ASA to do these two things? 1) Act as a proxy for the server and generate a SYN-ACK response to the client SYN request. 2) When the Cisco ASA receives an ACK back from the client, the Cisco ASA authenticates the client and allows the connection to the server. A. TCPnormalizer B. TCP state bypass C. TCP intercept D. basic threat detection E. advanced threat detection F. botnet traffic filter Answer: C Question 3. By default, which traffic can pass through a Cisco ASA that is operating in transparent mode without explicitly allowing it using an ACL? A. ARP B. BPDU C. CDP D. OSPF multicasts E. DHCP Answer: A Question 4. Refer to the exhibit. Which Cisco ASA feature can be configured using this Cisco ASDM screen? A. Cisco ASA command authorization using TACACS+ B. AAA accounting to track serial,ssh, and telnet connections to the Cisco ASA C. Exec Shell access authorization using AAA D. cut-thru proxy E. AAA authentication policy for Cisco ASDM access Answer: D Question 5. Refer to the exhibit. The Cisco ASA is dropping all the traffic that is sourced from the internet and is destined to any security context inside interface. Which configuration should be verified on the Cisco ASA to solve this problem? A. The Cisco ASA has NAT control disabled on each security context. B. The Cisco ASA is using inside dynamic NAT on each security context. C. The Cisco ASA is using a unique MAC address on each security context outside interface. D. The Cisco ASA is using a unique dynamic routing protocol process on each security context. E. The Cisco ASA packet classifier is configured to use the outside physical interface to assign The packets to each security context. Answer: C Question 6. Which four types of ACL object group are supported on the Cisco ASA (release 8.2)? (Choose four.) A. protocol B. network C. port D. service E. icmp-type F. host Answer: A, B, D, E Question 7. Refer to the exhibit. Which two CLI commands will result? (Choose two. ) A. aaa authorization network LOCAL B. aaa authorization network default authentication-server LOCAL C. aaa authorization command LOCAL D. aaa authorization exec LOCAL E. aaa authorization exec authentication-server LOCAL F. aaa authorization exec authentication-server Answer: C, D Question 8. Refer to the exhibit. Which two statements about the class maps are true? (Choose two.) A. These class maps are referenced within the global policy by default for HTTP inspection. B. These class maps are all type inspect http class maps. C. These class maps classify traffic using regular expressions. D. These class maps are Layer 3/4 class maps. E. These class maps are used within the inspection_default class map for matching the default inspection traffic. Answer: C, E Question 9. Refer to the exhibit. A Cisco ASA in transparent firewall mode generates the log messages seen in the exhibit. What should be configured on the Cisco ASA to allow the denied traffic? A. extended ACL on the outside and inside interface to permit the multicast traffic B. EtherType ACL on the outside and inside interface to permit the multicast traffic C. stateful packet inspection D. static ARP mapping E. static MAC address mapping Answer: A Question 10. The Cisco ASA must support dynamic routing and terminating VPN traffic. Which three Cisco ASA options will not support these requirements? (Choose three.) A. transparent mode B. multiple context mode C. active/standby failover mode D. active/active failover mode E. routed mode F. no NAT-control Answer: A, B, D Question 11. Refer to the exhibits. Which five options should be entered into the five fields in the Cisco ASDM Add Static Policy NAT Rule screen? (Choose five.) access-list POLICY_NAT_ACL extended permit ip host 172.16.0.10 10.0.1.0 255.255.255.0 static (dmz,outside) 192.168.2.10 access-list POLICY_NAT_ACL A. dmz = Original Interface B. outside = Original Interface C. 172.16.0.10 = Original Source D. 192.168.2.10 = Original Source E. 10.0.1.0/24 = Original Destination F. 192.168.2.10 = Original Destination G. dmz = Translated Interface H. outside = Translated Interface I. 192.168.2.10 = Translated Use IP Address J. 172.16.0.10 = Translated Use IP Address Answer: A, C, E, H, I Question 12. By default, which access rule is applied inbound to the inside interface? A. All IP traffic is denied. B. All IP traffic is permitted. C. All IP traffic sourced from any source to any less secure network destinations is permitted. D. All IP traffic sourced from any source to any more secure network destinations is permitted Answer: B
|
Question 1. Which three are global correlation network participation modes? (Choose three.) A. off B. partial participation C. reputation filtering D. detect E. full participation F. learning Answer: A, B, E Question 2. DRAG DROP Answer: Explanation: IPS AIM or IPS NME AIP-SSM IDSM-2 AIP-SSC Question 3. What are four properties of an IPS signature? (Choose four.) A. reputation rating B. fidelity rating C. summarization strategy D. signature engine E. global correlation mode F. signature ID and signature status Answer: B, C, D, F Question 4. The custom signature ID of a Cisco IPS appliance has which range of values? A. 10000 to 19999 B. 20000 to 29999 C. 50000 to 59999 D. 60000 to 65000 E. 80000 to 90000 F. 1 to 20000 Answer: D Question 5. When upgrading a Cisco IPS AIM or IPS NME using manual upgrade, what must be performed before installing the upgrade? A. Disable the heartbeat reset on the router. B. Enable fail-open IPS mode. C. Enable the Router Blade Configuration Protocol. D. Gracefully halt the operating system on the Cisco IPS AIM or IPS NME. Answer: A Question 6. Which Cisco IPS NME interface is visible to the NME module but not visible in the router configuration and acts as the sensing interface of the NME module? A. ids-sensor 0/1 interface B. ids-sensor 1/0 interface C. gigabitEthernet 0/1 D. gigabitEthernet 1/0 E. management 0/1 F. management 1/0 Answer: C Question 7. Which two methods can be used together to configure a Cisco IPS signature set into detection mode when tuning the Cisco IPS appliance to reduce false positives? (Choose two.) A. Subtract all aggressive actions using event action filters. B. Enable anomaly detection learning mode. C. Enable verbose alerts using event action overrides. D. Decrease the number of events required to trigger the signature. E. Increase the maximum inter-event interval of the signature. Answer: A, E Question 8. In which CLI configuration mode is the Cisco IPS appliance management IP address configured? A. global configuration ips(config)# B. service network-access ips(config-net)# C. service host network-settings ips(config-hos-net)# D. service interface ips(config-int)# Answer: C Question 9. Which four parameters are used to configure how often the Cisco IPS appliance generates alerts when a signature is firing? (Choose four.) A. summary mode B. summary interval C. event count key D. global summary threshold E. summary key F. event count G. summary count H. event alert mode Answer: A, B, D, F Question 10. Which three Cisco IPS cross-launch capabilities do Cisco Security Manager and Cisco Security MARS support? (Choose three.) A. Edit IPS signatures in Cisco Security Manager from a Cisco Security MARS query. B. Create custom signatures in Cisco Security Manager from a Cisco Security MARS query. C. Create event action filters in Cisco Security Manager from a Cisco Security MARS query. D. Create a Cisco Security MARS drop rule from Cisco Security Managerpolicy. E. Create a Cisco Security MARS user inspection rule from Cisco Security Managerpolicy. F. Query Cisco Security MARS from Cisco Security Managerpolicy. Answer: C, E, F
|
Question 1. Which Cisco ASA's Unified Communications proxy feature manipulates both the signaling and the media channels? A. TLS Proxy B. H.323 Proxy C. SIP Proxy D. Phone Proxy E. CUMA Proxy Answer: D Question 2. Deploying logical security controls such as firewall and IPS appliances is an example of which kind of risk-management option? A. risk avoidance B. risk transfer C. risk retention D. risk reduction E. risk removal Answer: A Question 3. DRAG DROP Answer: Explanation: Question 4. What is the benefit of the Cisco ASA phone proxy feature? A. allows businesses to securely connect their Cisco Unified Presence clients back to their enterprise networks or to share presence information between Cisco Unified Presence servers in different enterprises B. allows telecommuters to connect their IP phones to the corporate IP telephony network securely over the Internet, without the need to connect over a VPN tunnel C. allows businesses to configure granular policies for SCCP traffic, such as enforcing only registered phone calls to send traffic through the Cisco ASA security appliance and filtering on message IDs to allow or disallow specific messages D. enables deep inspection services for SIP traffic for both User Datagram Protocol (UDP) and TCP-based SIP environments, thus providing granular control for protection against unified communications attacks E. enables inspection of the RTSP protocols that are used to control communications between The client and server for streaming applications F. enables advanced H.323 inspection services that support H.323 versions 14 along with Direct Call Signaling (DCS) and Gatekeeper-Routed Call Signaling (GKRCS) to provide flexible Security integration in a variety of H.323-driven VoIP environments Answer: B Question 5. Which two protocols can be used to implement high-availability IPS design, using the Cisco IPS 4200 Series Sensor appliance? (Choose two.) A. spanning tree B. stateful failover C. EtherChannel load balancing D. WCCP E. HSRP F. SDEE Answer: A, C Question 6. What are the advantages and disadvantages of using the "Direct to tower" or PAC file methods for redirecting traffic to ScanSafe? A. Advantages: ease of deployment, especially for multiple breakout points Disadvantages: no user granularity B. Advantages: user granularity Disadvantages: requires additional hardware for each breakout point C. Advantages: no browser changes required Disadvantages: not all browsers supported Answer: A Question 7. Which statement is true? A. Three-year commitments cost less per year than three consecutive one-year commitments. B. Three consecutive one-year commitments cost less than one three-year commitment. C. Three-year commitments cost the same per year as three consecutive one-year commitments D. CiscoIronPort does not sell three-year commitments. Answer: A Question 8. Which statement regarding the Cisco ASA encrypted voice inspection capability is correct? A. The Cisco ASA decrypts, inspects, then re-encrypts voice-signaling traffic; all of the existing VoIP inspection functions for SCCP and SIP protocols are preserved. B. The Cisco ASA acts as a non-transparent TLS proxy between the Cisco IP Phone and Cisco Unified Communications Manager. C. TLS proxy applies to the encryption layer and is configured by using a Layer 3/4 inspection policy on the Cisco AS D. D. The Cisco ASA does not support PAT and NAT for SCCP inspection. E. The Cisco ASA serves as a proxy for both client and server, with the Cisco IP Phone and the Session Border Controller. Answer: A Question 9. The Cisco IPS Manager Express (IME) can be used to manage how many IPS appliances, at a maximum? A. 3 B. 5 C. 10 D. 15 E. 20 F. 25 Answer: B Question 10. Which Cisco ASA configuration is required to implement active/active failover? A. transparent firewall B. modular policy framework (MPF) C. virtual contexts D. policy-based routing E. redundant interfaces F. VLANs Answer: C
|
Question 1. You have just solved a troublesome network event. From a troubleshooting perspective, what is your next step? A. Secure the device you performed the change an. B. Document the problem and what you did to correct it. C. Close the ticket. D. Notify the service desk. Answer: B Explanation: Question 2. Which command could be used to verify that the software upgrade change was completed properly on a Cisco IOS router? A. show software version B. show version C. show disk D. show target configuration E. show upgrade complete Answer: B Explanation: Question 3. What are two valid reasons to upgrade Cisco IOS XR Software? (Choose two.) A. A few software bugs that have no service impact. B. There are no rules for this device in the policy table. C. A new line card needs to be added, and it is not supported in the current installed release. D. Current bandwidth utilization is poor, and bandwidth efficiency needs to be increased. E. Already running BGP, and need a specific BGP feature that is not supported in current installed release. Answer: C, D Explanation: Question 4. A router in your network has been reporting threshold crossing alarms over the past few weeks. Investigation into these alarms has not yielded a specific cause and end users attached to the device have not complained about access to services or their performance. What is most the most likely reason for these threshold crossing alarms? A. It is an intermittent problem and will be very difficult to troubleshoot. B. It is likely that a hardware problem will reveal itself when the hardware degrades future. C. It is likely that the threshold setting that is alarming is too low for this particularly platform in its particularly situation. D. It is likely a software or firmware problem and will fix itself in a future upgrade. Answer: C Explanation: Question 5. Which three areas could be impacted by a change in the network environment? (Chose three) A. as-built network documentation B. disaster recovery plan C. critical success factors D. service level agreements E. network management KPI Answer: A, B, D Explanation: Question 6. According to Cisco IOS Management Best Practices, which three attribute should be fulfilled in the Device Naming Convention? (Choose three) A. identify the device B. name the device C. device type D. device location E. device hierarchy Answer: A, C, D Explanation: Question 7. What are the primary areas of analysis in measuring network performance? (Choose four) A. traffic trend analysis B. service take-up trend analysis C. NetFlow analysis D. Change rate analysis E. incident rate analysis F. syslog analysis Answer: A, B, D, E Explanation: Question 8. According ITIL ® v3 framework, what is the objective of the release and deployment process? A. reduce unpredicted impact in the production services B. ensure releases are deployed an time C. reduce network outages D. ensure that devices are configured appropriately Answer: A Explanation: Question 9. Cisco IOS XR Software was designed with three partitions or separate planes. Which are the three planes? A. control, data, and management B. application, data, and management C. control, services, and management D. application, services, and data E. data, services, and control Answer: A Explanation: Question 10. You need to add a new DNS server to your Linux server. Where would you have to add the new DNS entry in the operating system? A. /etc/hosts B. /etc/hosts.conf C. /etc/sysconfig/network D. /etc/nsswitch.conf E. /etc/resolv.conf Answer: E Explanation:
|
Question 1. Refer to the exhibit. Which commands append a prefix of 3.3.3.3/32 to prefix-set “test”? A. Prefix-set test 3.3.3.3/32 End-test B. Prefix-set test Append 3.3.3.3/32 End-set C. Prefix-set test 1.1.1.1/32,2.2.2.2/32,3.3.3.3/32 End-set Answer: C Explanation: Question 2 Which statement accurately describes the BGP community filtering in Cisco IOS Software? A. can be configured for IBGP neighbors only B. can be configured for both IBGP and EBGP neighbors C. can be configured for EBGP neighbors only D. cannot be configured for IBGP or EBGP neighbors Answer: B Explanation: Question 3. What effect will the command timers throttle spf 5 1000 90000 have on an OSPF router? A. The router dynamically reduces the frequency with which it computes the SPF tree during Times of network instability. B. The command improves router performance by limiting the amount of CPU cycles that are consumed over time when calculating the SPF tree. C. When recalculating the SPF tree, the LSA update timers are changed to lessen the impact on memory and CPU usage during LSA floods. D. The command specifies the number of LSAs that must be received in a particular time frame before initiating a complete SPF recalculation. Answer: A Explanation: Question 4. While troubleshooting a loss of connectivity, you notice the log entry Mar 16 08:20:16 %OSPF-5-ADJCHG: Process 1. Nbr 1.1.1.130 on Vlan30 from FULL to EXSTART. SeqNumberMismatch After logging into the device, you notice that the router seems to be stuck in the EXSTART state When does this problem most frequently occur? A. during startup of the OSPF process B. during high CPU load on the router C. when the two routers report different versions of OSPF D. when there is a mismatch between MTU settings for neighbor router interfaces Answer: D Explanation: Question 5. Which Cisco IOS XR Software hierarchical Route Policy Language policy configuration uses the existing RPL policy “test”? A. route-policy test apply test B. route-policy new use test C. route-policy new apply test D. route-policy new use policy test Answer: C Explanation: Question 6. Refer to the exhibit. What is the about destination x from the point of view of R1 if both ASBRs are advertising Destination x as an external type route? A. R1 sees each path as equal cost and load balances data traffic on both paths. B. R1 sees each path as equal cost and choose the path through the ASBR with the lower router ID C. R1 sees each path as ASBR1 as the shortest path D. R1 sees each path as ASBR2 as the shortest path Answer: C Explanation: Question 7. How often are complete sequence number PDUs sent by an IS-IS router to its neighbor on a point to point link? A. Once when the link comes up, and every 10 seconds thereafter B. Once when the link comes up, and every 30 seconds thereafter. C. Once when the link comes up, and every 60 seconds thereafter. D. Once when the link comes up, and whenever there is a topology change Answer: A Explanation: Question 8. An ISP is using OSPF as the IGP with a single OSPF area. The router memory usage for OSPF is too high. Which method can lower the OSPF memory usage? A. implement multiple OSPF areas B. implement BGP synchronization to synchronize between OSPF and BGP C. implement OSPF sham links D. implement passive interfaces Answer: A Explanation: Question 9. Which keyword will stop further processing of the router policy language policy on a cisco IOS router? A. Stop B. Quit C. Drop D. End E. Exit Answer: D Explanation: Question 10. What is the default OSPF hello interval when configured on a point-to-point interface in cisco IOS software? A. 3 seconds B. 10 seconds C. 15 seconds D. 30 seconds Answer: B Explanation:
|
Question 1. Refer to the exhibit. The customer has an MPLS Layer 3 VPN service CE-A is not able to ping the CE-B loopback address 10.60.6.6 CE-A is able to ping the CE-B network interface address 172.16.60.66. What must be added to the configuration to allow the loopback ping to work? A. The PE-B configuration needs a neighbor 10.60.6.6 command added B. The PE-B configuration needs interface loopback0 added under vrf red area 0 C. The CE-B configuration needs to static route added for the PE-B connected interface D. The CE-B configuration needs network 10.60.6.6 under router ospf 1 Answer: D Explanation: Question 2. Refer to the exhibit. What type of MPLS LAYER 3 VPN configurations is represented? A. Simple two-VPN scenario B. Overlapping VPNs C. Central services VPNs D. Extranet VPNs Answer: C Explanation: Question 3. In a service provider layer 3 MPLS VPN implementations, what is the minimum number of routing on the PE routers? A. Three B. Four C. Five D. Six Answer: A Explanation: Question 4. Refer to the exhibit. The commands on the figure were executed from a cisco ASR 9000 series router. The remote end of ping is cisco XR 12000 series router. Which statement is true? A. The XR 12000 has an access list that blacks the MPLS pseudowire ping B. The interface connected to the XR 12000 is not running LDP C. These results will occur during convergence when MPLS LDP sync is enabled D. The MPLS pseudowire ping was not sent Answer: D Explanation: Question 5. Refer to the exhibit. The output from the debug command is from the Cisco XR12000 series Router, which statement is true? A. The output is the result of single iteration of mpls ping executed on the cisco ASR 9000 Series Router’ B. The output is the result of single iteration of mpls ping executed on the cisco ASR 9000 series Router C. The packets did not reach its destination because the control word was not found D. The output is the result of single iteration of mpls ping executed on the cisco CRS-1 carrier routing system. Answer: C Explanation: Question 6. Refer to the exhibit. The commands were exceeded on the cisco XR 12000 PE. Which statement is true? A. The outer label for prefix 10.22.22.22 is 143989. B. The outer label for prefix 10.22.22.22 is 16000. C. The outer label for prefix 10.22.22.22 is implNull. D. Prefix 10.22.22.22 has no outer label. Answer: A Explanation: Question 7. You have configured a MPLS-TE tunnel with a predefined explicit path as primary and dynamic path as the backup. The tunnel was designed to carry customer traffic from site A to site B. although the MPLS-TE tunnel is set up. It is not carrying the traffic. Traffic has to go to net work 171.68.0.0/16 connected to site B. Which three show commands would you use to identify and resolve the issue? A. Show mpls traffic-eng-link-management bandwidth to check the bandwidth is available. B. Shoe ip cef network-number to check if tabs are imposed C. Show mpls traffic-eng topology ipg-id ospf network number brief to check routing issue D. Show mpls traffic-eng autoroute to check auto routing is enabled E. Show mpls forwarding-table LABEL-number details to outgoing tags F. Show ip cef tunnel 1 to check traffic is passing through the tunnel Answer: D, E Explanation: Question 8. Refer to the exhibit. Is nonstop forwarding enabled or disabled, and which part of show command can be used to determine this? A. Enabled, graceful-restart B. Enabled, session protection C. Disabled, graceful-restart D. Disabled, session protection Answer: A Explanation: Question 9. Refer to the exhibit. What two problems are associated with this show MPLS forwarding command output; given that this command only shows forwarding information for CEs faces interfaces and associated statistics? (Choose two) A. Lin 1 and 3 indicate the problem B. Lin 2 and 4 indicate the problem C. LDP is not active on AT 12/3.1283 and se 9/0/7.0 that is why packets are sent as IP packets and no MPLS packets D. There is a possible routing loop which makes pe-1 a transit router for the VRFs which are assigned to Gi 14/.1271 and AT 12/3.1132 E. There is label corruption for VRFs where Gi 14/1.1271 and AT 12/3.1132 belong to, the value of a locally assigned label cannot be more than the value of outgoing label Answer: B, E Explanation: Question 10. You have been assigned the task of collecting the relevant information for trouble shooting a Layer 3 MPLS VPN routing issue across two (same VPN) for a customer. After initial diagnostics you have ruled out any connectivity issues and any hardware or software bugs. Which four steps should you use to collect information for troubleshooting the VPN routing issue? (Choose four) A. Redistribution of routes into MP-BGP B. Route fillers that might prevent routes from propagating C. Interface state between PE and CE devices D. VRF route target import and export details E. MPLS forwarding state between PE and core routers F. VRF route limit on the PE devices G. Interface error counters on the customer-facing PE interface Answer: A, B, D, E Explanation:
|
Question 1. Which of these correctly describes traffic classification using qos group? A. qos-group marking is automatically mapped to MPLS EXP marking. B. qos-group is only applicable to an MPLS-enabled router. C. qos-group marking value ranges from 0 to 7. D. qos-group is local to the router. Answer: D Explanation: Question 2. Which Cisco IOS command will show a summary of probes? A. show ip sla statistics B. show ip sla reponder C. show ip sla monitors D. show ip sla configuration Answer: D Explanation: Question 3. Which three match statements are valid in Cisco IOS XR Software? (Choose three.) A. match field B. match mpls experimental topmast C. match vpls D. match flow E. match qos-group F. match port-type Answer: A, B, E Explanation: Question 4. Which are the two locations where the SP network device always trusts the QoS markings neighbor? (Choose two) A. at the ingress PE B. at the engress PE C. at the SP core D. at the ingress CE E. at the engress CE Answer: A, C Explanation: Question 5. Which three benefits of IntServ and RSVP? (Choose three) A. RSVP helps network devices identify dynamic port numbers. B. IntServ networks will reject or downgrade new RSVP sessions if all reservable bandwidth is booked somewhere in a path. C. RSVP signaling is a scalable way to ensure all devices maintain an accurate picture of the network state. D. They enable the network to guarantee necessary QoS to individual data flows. E. The ItServ class-based approach is easy to design and implement. Answer: B, C, D Explanation: Question 6. Which of these describes Short Pipe made in QoS for MPLS VPN service providers? A. Service provider can remark customer DSCP values. B. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE to CE policies are based on service provider markings. C. The customer and service provider share the same DiffServ domain. D. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE to CE policies are based on customer markings. Answer: D Explanation: Question 7. A costumer reports that during peak hours, FTP performance is unacceptable. Currently, the service provider maps the customer FTP traffic into the class-default traffic class and FTP traffic is marked with MPLS XP1. The class-default class traffic is configured with MPLS EXP based WRED and also with the bandwidth command. What could be causing the FTP performance issues with the customer? A. The FTP-type bulk traffic should be mapped to MPLS EXP 5 instead of MPLS EXP 1. The improper marking of FTP packets is causing CBWFQ to assign lower priority for FTP packets within the class-default traffic class. B. The service provider is using LLQ on all the core links, but the FTP traffic is not is assigned to the priority queue. C. The bandwidth command is causing the FTP issues. It is generally not recommended to use CBWFQ for the class-default traffic class. D. FTP packets are being more randomly dropped that the other TCP traffic within the Classdefault traffic class, because the WRED thresholds for MPLS EXP 3 marked packets were configured to improper values. Answer: D Explanation: Question 8. Which is the preferred queuing method provided by Cisco IOS Software for a converged VoIP network? A. WFQ B. CBWFQ C. LLQ D. FIFO Answer: C Explanation: Question 9. What would be the first step when defining an MQC? A. Add one or mare Match commands to classify packets B. Attach the traffic policy (policy map) to the interface by using the service-policy command. C. Define a traffic class by using the class-map command. D. Apply the commands such as bandwidth, police, and set dscp to enable the QoS feature. E. Create a traffic policy by using the policy-map command. Answer: C Explanation: Question 10. When is best-effort QoS policy mast appropriate? A. when the customer has high bandwidth access to the network B. when the customer will only transport delay-tolerant data C. when the CE is self-managed and the customer provides adequate QoS marking D. when the customer plans to transport data from no more than one multimedia application Answer: B Explanation:
|
Question 1. Which method of Layer 3 switching uses a forwarding information base (FIB)? A. Topology-based switching B. Demand-based switching C. Route caching D. Flow-based switching E. None of the other alternatives apply Answer: A Explanation: The Layer 3 engine (essentially a router) maintains routing information, whether from static routes or dynamic routing protocols. Basically, the routing table is reformatted into an ordered list with the most specific route first, for each IP destination subnet in the table. The new format is called a Forwarding Information Base (FIB) and contains routing or forwarding information that the network prefix can reference. In other words, a route to 10.1.0.0/16 might be contained in the FIB, along with routes to 10.1.1.0/24 and 10.1.1.128/25, if those exist. Notice that these examples are increasingly more specific subnets. In the FIB, these would be ordered with the most specific, or longest match, first, followed by less specific subnets. When the switch receives a packet, it can easily examine the destination address and find the longest match entry in the FIB. The FIB also contains the nexthop address for each entry. When a longest match entry is found in the FIB, the Layer 3 next-hop address is found, too. Question 2. Which two statements are true about best practices in VLAN design? (Choose two.) A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer. B. Routing should always be performed at the distribution layer. C. VLANs should be localized to a switch. D. VLANs should be localized to a single switch unless voice VLANs are being utilized. E. Routing should not be performed between VLANs located on separate switches. Answer: B, C Explanation: In the distribution layer, uplinks from all access layer devices are aggregated, or come together. The distribution layer switches must be capable of processing the total volume of traffic from all the connected devices. These switches should have a port density of high-speed links to support the collection of access layer switches. VLANs and broadcast domains converge at the distribution layer, requiring routing, filtering, and security. The switches at this layer must be capable of performing multilayer switching with high throughput. Only certain Catalyst switch models can provide multilayer switching; be sure to understand which ones can do this. A switched environment offers the technology to overcome flat network limitations. Switched networks can be subdivided into VLANs. By definition, a VLAN is a single broadcast domain. All devices connected to the VLAN receive broadcasts from other VLAN members. However, devices connected to a different VLAN will not receive those same broadcasts. (Naturally, VLAN members also receive unicast packets directed toward them from other VLAN members.) A VLAN consists of defined members communicating as a logical network segment. In contrast, a physical segment consists of devices that must be connected to a physical cable segment. A VLAN can have connected members located anywhere in the campus network, as long as VLAN connectivity is provided between all members. Layer 2 switches are configured with a VLAN mapping and provide the logical connectivity between the VLAN members. Question 3. Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment? (Choose two.) A. Configure the D-SW1 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW2 switch as the standby HSRP router and backup STP root for all VLANs. B. Configure the D-SW1 switch as the standby HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the standby HSRP router and the STP root for VLANs 12 and 120. C. Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 And 120. D. Configure the D-SW2 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW1 switch as the standby HSRP router and backup STP root for all VLANs. E. Configure the D-SW1 switch as the active HSRP router and the backup STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the backup STP root for VLANs 12 and 120. F. Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12 a nd 120. Configure the D-SW2 switch as the standby HSRP router and the backup STP Root for VLANs 11 and 110. Answer: C, F Explanation: Basically, each of the routers that provides redundancy for a given gateway address is assigned to a common HSRP group. One router is elected as the primary, or active, HSRP router, another is elected as the standby HSRP router, and all the others remain in the listen HSRP state. The routers exchange HSRP hello messages at regular intervals, so they can remain aware of each other's existence, as well as that of the active router. HSRP election is based on a priority value (0 to 255) that is configured on each router in the group. By default, the priority is 100. The router with the highest priority value (255 is highest) becomes the active router for the group. If all router priorities are equal or set to the default value, the router with the highest IP address on the HSRP interface becomes the active router. To set the priority, use the following interface configuration command: Switch(config-if)# standby group priority priority When HSRP is configured on an interface, the router progresses through a series of states before becoming active. This forces a router to listen for others in a group and see where it fits into the pecking order. The HSRP state sequence is Disabled, Init, Listen, Speak, Standby, and, finally, Active. You can configure a router to preempt or immediately take over the active role if its priority is the highest at any time. Use the following interface configuration command to allow preemption: Switch(config-if)# standby group preempt [delay seconds] Question 4. If you needed to transport traffic coming from multiple VLANs (connected between switches), and your CTO was insistent on using an open standard, which protocol would you use? A. 802.11B B. spanning-tree C. 802.1Q D. ISL E. VTP F. Q.921 Answer: C Explanation: The act involved in the above question is trunking. The two trunking protocols in the answer choices are: 802.1Q and ISL. ISL is Cisco proprietary and IEEE 802.1Q is based on an open standard. When non-Cisco switches are used along with Cisco switches and trunking is required, it is best to use the 802.1Q encapsulation. Incorrect Answers: A: This standard is used in wireless networking and has nothing to do with VLAN switching. B: The Spanning Tree Protocol (STP) is used to prevent loops within a bridged network. Each VLAN runs a separate instance of the STP and this is enabled by default. D: This is the alternative Cisco proprietary method of trunking. E: VLAN Trunking Protocol (VTP) is a Layer 2 messaging protocol that manages the addition, deletion, and renaming of VLANs on a network-wide basis. It is not used to actually transport VLAN traffic. F: This is an ISDN signaling standard and is not related with VLAN switching. Question 5. Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs? A. Eighty percent of traffic on the network is destined for Internet sites. B. There are common sets of traffic filtering requirements for workgroups located in multiple buildings. C. Eighty percent of a workgroup's traffic is to the workgroup's own local server. D. Users are grouped into VLANs independent of physical location. E. None of the other alternatives apply Answer: A Explanation: This geographic location can be as large as an entire building or as small as a single switch inside a wiring closet. In a geographic VLAN structure, it is typical to find 80 percent of the traffic remote to the user (server farms and so on) and 20 percent of the traffic local to the user (local server, printers, and so on). Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 93 Question 6. What are some virtues of implementing end-to-end VLANs? (Choose two) A. End-to-end VLANs are easy to manage. B. Users are grouped into VLANs independent of a physical location. C. Each VLAN has a common set of security and resource requirements for all members. D. Resources are restricted to a single location. Answer: B, C Explanation: In an end-to-end VLAN, users are grouped into VLANs independent of physical location and dependent on group or job function. Each VLAN has a common set of security requirements for all members. Incorrect Answers: A: End to end VLANs are more difficult to manage than local VLANs, due to the physical distances that they can span. D: In an end-to-end VLAN, network resources are generally distributed across the entire enterprise wide area network. Question 7. Which of the following statements is true about the 80/20 rule (Select all that apply)? A. 20 percent of the traffic on a network segment should be local B. no more than 20 percent of the network traffic should be able to move across a backbone. C. no more than 80 percent of the network traffic should be able to move across a backbone. D. 80 percent of the traffic on a network segment should be local Answer: B, D Explanation: The 80/20 rule in network design originated from the idea that most of the traffic should remain local to the LAN, since bandwidth is plentiful compared to WAN links, and a great deal of broadcast traffic that is evident at the LAN is not passed over the backbone. Note: With the availability of inexpensive bandwidth and centralized data centers, this rule appears to have become obsolete. In fact, most networks have taken on the 20/80 rules, as opposed to the legacy 80/20 rule. Question 8. The Company LAN is becoming saturated with broadcasts and multicast traffic. What could you do to help a network with many multicasts and broadcasts? A. Creating smaller broadcast domains by implementing VLANs. B. Separate nodes into different hubs. C. Creating larger broadcast domains by implementing VLANs. D. Separate nodes into different switches. E. All of the above. Answer: A Explanation: Controlling broadcast propagation throughout the network is important to reduce the amount of overhead associated with these frames. Routers, which operate at Layer 3 of the OSI model, provide broadcast domain segmentation for each interface. Switches can also provide broadcast domain segmentation using virtual LANs (VLANs). A VLAN is a group of switch ports, within a single or multiple switches, that is defined by the switch hardware and/or software as a single broadcast domain. A VLANs goal is to group devices connected to a switch into logical broadcast domains to control the effect that broadcasts have on other connected devices. A VLAN can be characterized as a logical network. Reference: Building Cisco Multilayer Switched Networks (Cisco Press) page 8 Section 2: Create a VLAN based implementation plan (3 Questions) Question 9. The Company LAN switches are being configured to support the use of Dynamic VLANs. Which of the following are true of dynamic VLAN membership? (Select all that apply) A. VLAN membership of a user always remains the same even when he/she is moved to another location. B. VLAN membership of a user always changes when he/she is moved to another location. C. Membership can be static or dynamic. D. Membership can be static only. E. None of the other alternatives apply. Answer: A, C Explanation: Dynamic VLAN memberships are based on the users MAC address connected to the port. If you have VTP server, a VTP database file, a VTP client switch, and a dynamic port; regardless of where your physical location is, you can still remain in the same VLAN. Incorrect Answers: B: This was true before the use of Dynamic VLAN membership, as VLANs were assigned to ports, not users. D: VLAN memberships can be either static or dynamic. Question 10. The Company LAN switches are being configured to support the use of Dynamic VLANs. What should be considered when implementing a dynamic VLAN solution? (Select two) A. Each switch port is assigned to a specific VLAN. B. Dynamic VLANs require a VLAN Membership Policy Server. C. Devices are in the same VLAN regardless of which port they attach to. D. Dynamic VLAN assignments are made through the command line interface. Answer: B, C Explanation: With VLAN Membership Policy Server (VMPS), you can assign switch ports to VLANs dynamically, based on the source Media Access Control (MAC) address of the device connected to the port. When you move a host from a port on one switch in the network to a port on another switch in the network, the switch assigns the new port to the proper VLAN for that host dynamically. Note: There are two types of VLAN port configurations: static and dynamic. Incorrect Answers: A: In a static VLAN, the administrator assigns switch ports to the VLAN, and the association does not change until the administrator changes the port assignment. However, this is not the case of dynamic VLANs. D: The Command Line Interface is not used for dynamic VLAN assignments. Reference: Cisco Online, Configuring Dynamic Port VLAN Membership with VMPS Question 11. In the three-layer hierarchical network design model; what's associated with the access layer? (Select two) A. optimized transport structure B. high port density C. boundary definition D. data encryption E. local VLANs F. route summaries Answer: B, E Explanation: The access layer is the outermost layer, and it is composed of the least sophisticated network equipment. The most important function of the access layer is high port density, since these devices connect the individual end users. The access layers are also where VLANs are implemented, since VLANs are assigned on a per-port basis. Section 3: Create a VLAN based verification plan (5 Questions)
|
Question 1. Which two statements about the Cisco Aironet Desktop Utility (ADU) are true? (Select two) A. The Aironet Desktop Utility (ADU) profile manager feature can create and manage only one profile for the wireless client adapter. B. The Aironet Desktop Utility (ADU) can support only one wireless client adapter installed and used at a time. C. The Aironet Desktop Utility (ADU) can be used to establish the association between the client adapter and the access point, manage authentication to the wireless network, and enable encryption. D. The Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can be used at the same time to configure the wireless client adapter. Answer: B, C Explanation: You can configure your Cisco Aironet Wireless LAN Client Adapter through the Cisco ADU or a third-party tool, such as the Microsoft Wireless Configuration Manager. Because third-party tools may not provide all the functionality available in ADU, Cisco recommends that you use ADU. The Aironet Desktop Utility (ADU) can support only one wireless client adapter as well as Aironet Desktop Utility establish the association between the client adapter and Access Point, allows to authenticate wireless client, allows to configure encryption by setting static WEP, WPA/WPA2 passphrase. Section 3: Perform routine IOS device maintenance (0 Questions) Section 4: Isolate sub-optimal internetwork operation at the correctly defined OSI Model layer (2 Questions) Question 2. At which layer of the OSI model does the Spanning Tree Protocol (STP) operate at? A. Layer 5 B. Layer 4 C. Layer 3 D. Layer 2 E. Layer 1 Answer: D Explanation: Spanning-Tree Protocol (STP) is a Layer 2 (L2) protocol designed to run on bridges and switches. The specification for STP is called 802.1d. The main purpose of STP is to ensure that you do not run into a loop situation when you have redundant paths in your network. Loops are deadly to a network. Question 3. In computer networking a multicast address is an identifier for a group of hosts that have joined a multicast group. Multicast addressing can be used in the Link Layer (OSI Layer 2), such as Ethernet Multicast, as well as at the Internet Layer (OSI Layer 3) as IPv4 or IPv6 Multicast. Which two descriptions are correct regarding multicast addressing? A. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. B. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0. D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application. Answer: C, D Explanation: The point of this question is the form of multicast MAC address, and the conversion between the multicast MAC address and IP address. The multicast MAC address is 6 bytes(48 bits), the first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E, the last 3 bytes(24 bits) of the multicast MAC address =0 + 23 bit(the last 23 bit of the IP address). "0x01-00-5E" is a reserved value that indicates a multicast application. So option B and D are correct. Question 4. EIGRP is being used as the routing protocol on the company network. While troubleshooting some network connectivity issues, you notice a large number of EIGRP SIA (Stuck in Active) messages. What causes these SIA routes? (Select two) A. The neighboring router stops receiving ACK packets from this router. B. The neighboring router starts receiving route updates from this router. C. The neighboring router is too busy to answer the query (generally caused by high CPU utilization). D. The neighboring router is having memory problems and cannot allocate the memory to Process the query or build the reply packet. Answer: C, D Explanation: SIA routes are due to the fact that reply packets are not received. This could be caused by a router which is unable to send reply packets. The router could have reached the limit of its capacity, or it could be malfunctioning. Incorrect Answers: A: Missing replies, not missing ACKs, cause SIA. B: Routes updates do not cause SIA.Notes: If a router does not receive a reply to all outstanding queries within 3 minutes, the route goes to the stuck in active (SIA) state. The router then resets the neighbors that fail to reply by going active on all routes known through that neighbor, and it readvertises all routes to that neighbor.Reference: Enhanced Interior Gateway Routing Protocolhttp://www.cisco.com/warp/public/103/eigrp3.html Question 5. Part of the routing table of router R1 is displayed below: S 62.99.153.0/24 [1/0] via 209.177.64.130 172.209.12.0/32 is subnetted, 1 subnets D EX 172.209.1 [170/2590720] via 209.179.2.114, 06:47:28, Serial0/0/0.1239 62.113.17.0/24 is variably subnetted, 2 subnets, 2 masks D EX 99.3.215.0/24 [170/27316] via 209.180.96.45, 09:52:10, FastEthernet11/0/0 [170/27316] via 209.180.96.44, 09:52:10, FastEthernet11/0/0 25.248.17.0/24 [90/1512111] via 209.179.66.25, 10:33:13, Serial0/0/0.1400001 [90/1512111] via 209.179.66.41, 10:33:13, Serial0/0/0.1402001 62.113.1.0/24 is variably subnetted, 12 subnets, 2 masks D 62.113.1.227/32 [90/2611727] via 209.180.96.45, 10:33:13, FastEthernet1/0/0 [90/2611727] via 209.180.96.44, 10:33:13, FastEthernet1/0/0 S* 0.0.0.0/0 [1/0] via 209.180.96.14 From analyzing the above command output, what is the administrative distance of the external EIGRP routes? A. 24 B. 32 C. 90 D. 170 E. 27316 F. None of the other alternatives apply Answer: D Explanation: By default an external EIGRP route has a value of 170. By examining the exhibit we see that this default value of the external EIGRP routes (see D-EX in exhibit) indeed is set to 170. The first value within the brackets display the AD, so with a value of [170/27316] the AD is 170 and the metric of the route is 27316. Incorrect Answers: A: This is the subnet mask used for some of the routes in the table. B: This is the subnet mask used for some of the routes in the table. C: This is the AD of the internal EIGRP routes, which is the default E: This is the EIGRP metric of the external EIGRP routes. Reference: What Is Administrative Distance?http://www.cisco.com/warp/public/105/admin_distance.html Question 6. The network is shown below, along with the relevant router configurations: R1# show run interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0 ip address 172.29.1.1 255.255.255.0 media-type 10BaseT ! ! router eigrp 999 redistribute connected network 172.29.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server R2# show run interface Ethernet0 ip address 172.29.1.2 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 172.19.2.2 255.255.255.0 media-type 10BaseT ! router eigrp 999 network 172.19.0.0 network 172.29.0.0 ! ip classless no ip http server R3# show run interface Ethernet1/0 ip address 172.19.2.3 255.255.255.0 ! router eigrp 999 network 172.19.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server With the topology found in the graphic, what will the R1 loopback 0 be in the R3 routing table? A. It will show up in the routing table as D 10.0.0/8. B. It will show up in the routing table as D EX 10.0.0.0/8. C. It will show up in the routing table as D 10.0.0./24. D. It will not show up in R3 routing table because there is no network command on R1. Answer: B Explanation: Because router R1 is configured with route redistribution, it will redistribute the connected loopback network into EIGRP. Because redistributed routes will show up as external EIGRP routes in the routing table, choice B is correct. Although the loopback interface is using a /24 subnet mask, EIGRP summarizes at network boundaries by default so the network will appear as the class A network of 10.0.0.0/8 in the routing table of the other routers. Incorrect Answers: A: The route will be external, since it was redistributed into EIGRP. C: It will be external because of redistribution, and it will also be summarized since that is the default behavior of EIGRP. D: Although it was not configured under the EIGRP network command, it would be redistributed because it is a connected route. Question 7. The EIGRP network is displayed in the following topology diagram: You work as a network technician. Study the exhibits carefully. If the command "variance 3" was added to the EIGRP configuration of R5, which path or paths would be chosen to route traffic from R5 to network X? A. R5-R2-R1 B. R5-R2-R1 and R5-R3-R1. C. R5-R3-R1 and R5-R4-R1. D. R5-R2-R1,R5-R3-R1, and R5-R4-R1. Answer: B Explanation: Every routing protocol supports equal cost path load balancing. In addition, Interior Gateway Routing Protocol (IGRP) and EIGRP also support unequal cost path load balancing. Use the variance n command in order to instruct the router to include routes with a metric of less than n times the minimum metric route for that destination. The variable n can take a value between 1 and 128. The default is 1, which means equal cost load balancing. Traffic is also distributed among the links with unequal costs, proportionately, with respect to the metric. In this question the variance 3 command is used . In this instance, R5 can get to Net X using the path R5-R3 = metric of 10, and R3-R1 = 10 as well with the FD between R5 - R1 being 10 + 10 = 20. Therefore, we can load balance on any route that had an FD of 3x the successor, or 3x20, which is 60 Important Note: If a path does not meet the feasibility condition, the path is not used in load balancing. This is why chose D is wrong as this path has an Advertised Distance of 25 which is greater than the successors FD. The link below refers to an example that is nearly identical to the example in this question, except theirs used a variance of 2 and this question used a variance of 3. Reference: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009437d.shtml Question 8. The following command was issued on Router 2: Given the above output shown above, which statement is true? A. 192.168.1.0 is a redistributed route into EIGRP. B. 192.168.1.0 is a summarized route. C. 192.168.1.0 is a static route. D. 192.168.1.0 is equal path load balancing with 172.16.1.0. E. None of the other alternatives apply Answer: A Explanation: When EIGRP learns the routing information from the different routing protocol it uses D EX symbol to indicate that this routing information has learned from other routing protocol. Question 9. A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true? A. RouterA received a hello packet with mismatched metric-calculation mechanisms. B. RouterA received a hello packet with mismatched authentication parameters. C. RouterA will form an adjacency with RouterB. D. RouterA received a hello packet with mismatched autonomous system numbers. E. RouterA received a hello packet with mismatched hello timers. F. RouterA will not form an adjacency with RouterB. Answer: A, F Explanation: Metrics are the mathematics used to select a route. The higher the metric associated with a route, the less desirable it is. For EIGRP, the Bellman-Ford algorithm uses the following equation and creates the overall 24-bit metric assigned to a route: * metric = [(K1 × bandwidth) + [( K2 × bandwidth) ÷ (256 - load)] + (K3 × delay)] × [K5 ÷ (reliability + K4)] The elements in this equation are as follows: * By default, K1 = K3 = 1, K2 = K4 = K5 = 0. Therefore, by default, the metric formula reduces to: metric = (1 × bandwidth) + (1 × delay) metric = bandwidth + delay K Values should be same to become the EIGRP neighbors. Question 10. Study the exhibit below carefully: If the configuration shown below is added to Router1, which three route entries will EIGRP advertise to neighboring routers? (Select three) router eigrp 10 network 10.0.0.0 eigrp stub A. 192.168.20.0/24 B. 10.1.2.0/24 C. 10.1.1.0/24 D. 10.1.3.0/24 E. 10.0.0.0/8 Answer: C, D, E Explanation: The Enhanced Interior Gateway Routing Protocol (EIGRP) Stub Routing feature improves network stability, reduces resource utilization, and simplifies stub router configuration. Stub routing is commonly used in a hub and spoke network topology. In a hub and spoke network, one or more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only route for IP traffic to follow into the remote router is through a distribution router. This type of configuration is commonly used in WAN topologies where the distribution router is directly connected to a WAN. The distribution router can be connected to many more remote routers. Often, the distribution router will be connected to 100 or more remote routers. In a hub and spoke topology, the remote router must forward all nonlocal traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing table. Generally, the distribution router need not send anything more than a default route to the remote router. When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to use EIGRP, and to configure only the remote router as a stub. Only specified routes are propagated from the remote (stub) router. The router responds to queries for summaries, connected routes, redistributed static routes, external routes, and internal routes with the message "inaccessible." A router that is configured as a stub will send a special peer information packet to all neighboring routers to report its status as a stub router. Any neighbor that receives a packet informing it of the stub status will not query the stub router for any routes, and a router that has a stub peer will not query that peer. The stub router will depend on the distribution router to send the proper updates to all peers.
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.