Cisco Actualtests 640-864 Exam Bundle

Transcription

Cisco Actualtests 640-864 Exam Bundle
Number: 640-864
Passing Score: 800
Time Limit: 120 min
File Version: 33.2
http://www.gratisexam.com/
Cisco 640-864 Exam Bundle
Exam Name: Cisco Designing for Cisco Internetwork Solutions 2011
For Full Set of Questions please visit: http://www.actualtests.com/exam-640-864.htm
Sections
1. A
2. B
3. C
4. D
5. E
6. F
Exam A
QUESTION 1
Spanning Layer 2 across geographically separate data centers is a key consideration
for current
data center designs. Which is the name of the NX-OS technology that facilitates MAC
in IP
transport for Layer 2 VLANs across any IP network?
A.
B.
C.
D.
Overlay Transport Virtualization
Virtual Private LAN Services
Generic Routing Encapsulation
QinQ tunneling
Correct Answer: A
Section: A
Explanation
Explanation/Reference:
Q. What is Cisco Overlay Transport Virtualization?
A. Cisco® Overlay Transport Virtualization (OTV) is a "MAC in IP" technique for supporting Layer 2 Vans over
any transport.
Q. What are the OTV transport requirements for the core?
A. The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP
packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic.
Q. Does OTV require the configuration of pseudo-wires or tunnels?
A. OTV does not require the configuration of pseudo-wires or tunnels. The encapsulation of the packets sent to
the overlay is performed dynamically based on a Layer 2 address destination lookup.
Q. Is OTV a public standard?
A. OTV is not a public standard, even though the technology is based on standardized protocols. The plan is to
submit the IETF drafts toward the end of calendar year 2010 (CY2010).
Q. On which Cisco platforms will OTV be supported?
A. OTV will make its first appearance on the Cisco Nexus® 7000 Series Switches. Other platforms in the Cisco
portfolio are planning to support this technology as well.
Q. What modules of the Cisco Nexus 7000 Series will support OTV?
A. OTV is supported on all M-series modules. OTV is not supported on F1-series modules. Deployments using
F1 series can leverage VDC separation to achieve the desired combination of line cards and functionality.
Q. Does OTV affect the existing Layer 2 design at a site?
A. OTV is both core and site transparent. No changes to the Layer 2 design of the sites are needed.
Q. Does OTV require the extension of the Spanning Tree Protocol?
A. OTV can extend the Layer 2 domains across geographically distant data centers by providing built-in filtering
capabilities to localize the most common networking protocols (Spanning Tree Protocol, VLAN Trucking
Protocol [VTP], and Hot Standby Router Protocol [HSRP]) and prevent them from traversing the overlay,
therefore keeping protocol failures from propagating across sites.
With OTV, each site can have its own implementation of spanning tree as well as its own spanning tree root
device.
Q. Does OTV provide site localization for the First-Hop Routing Protocol (FHRP)?
A. OTV provides built-in filtering capabilities to localize FHRP. A single FHRP group across the extended Layer
2 domain will now have an active gateway on each site, providing optimal egress routing.
Q. How does OTV propagate the MAC addresses learned at each site?
A. Unlike traditional Layer 2 Vans, which rely on Layer 2 flooding to propagate MAC address reach ability, OTV
uses a protocol to proactively advertise the MAC addresses learned at each site. The protocol advertisement
takes place in the background, with no configuration required by the network administrator.
Q. How does OTV handle unknown Unicast flooding?
A. OTV does not require unknown Unicast flooding to propagate MAC address reach ability; thus, there is no
need to flood the unknown Unicast over the overlay, and flooding is suppressed. The endpoints connected to
the network are assumed to be neither silent nor unidirectional. OTV also provides a way to learn the MAC
addresses for unidirectional hosts.
Q. Does OTV support static MAC-to-IP address mapping?
A. OTV enables the network administrator to statically map MAC addresses to IP addresses.
Q. What are the OTV advantages for multicast traffic?
A. With OTV, the multicast traffic generated at the site is optimally replicated by the core. Head-end replication
is not performed at the site when the core provides multicast services. OTV encapsulates the multicast frame
into a multicast IP packet (after joining a multicast group in the core), which will be replicated by the core to only
those sites that are supposed to receive it. This capability is built-in to OTV and does not require any multicast
configuration at the sites.
Q. Does OTV require multicast support in the core?
A. Although desirable to fully benefit from all the optimizations that OTV can provide, multicast in the core is not
mandatory. *Starting with NX-OS 5.2* OTV also provides an elegant and dynamic solution for those cores that
do not have multicast support.
Q. Does OTV support multiple overlays?
A. OTV can support multiple concurrent overlays.
Q. Does OTV support multipoint?
A. Automatic detection of multipoint is included as part of the OTV control protocol. This feature enables
multipoint of sites without requiring any additional configuration or protocol.
Q. How does OTV provide load balancing?
A. OTV provides two levels of load balancing:
• Within the core: OTV headers are defined to allow the core to hash traffic based on five-tupples and distribute
traffic over multiple paths to avoid polarization of encapsulated traffic.
• Within the site: OTV enables effective load balancing of flows across the multiple edge devices available in an
all-active multihued deployment. Load balancing follows equal-cost multipart (ECMP) rules based on the
information provided by the OTV control protocol.
Q. What is the encapsulation used by OTV?
A. OTV uses Ethernet over Generic Router Encapsulation (GRE) and adds an OTV shim to the header to
encode VLAN information. The OTV encapsulation is 42 bytes, which is less than virtual private LAN service
(VPLS) over GRE. The encapsulation is performed entirely by the forwarding engine in hardware.
Q. How complicated is OTV configuration? A. OTV has been designed with only a few command-line interface
(CLI) and built-in automated processes. This design makes OTV extremely simple to configure.
QUESTION 2
Which three technologies are recommended to be used for WAN connectivity in
today's Enterprise
Edge designs? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
DWDM
Metro Ethernet
Frame Relay
MPLS VPN
ISDN
DSL
Wireless
Correct Answer: ABD
Section: A
Explanation
There is some discussion about whether ISDN not DWDM should be the answer but it does say TODAYS
network
QUESTION 3
Which is usually used to connect to an upstream ISP?
A.
B.
C.
D.
E.
OSPF
BGP
IS-IS
RIPv2
EIGRP
Correct Answer: B
Section: A
Explanation
QUESTION 4
At which layer of the network is route summarization recommended?
A.
B.
C.
D.
data link layer
core layer
distribution layer
access layer
Correct Answer: C
Section: A
Explanation
QUESTION 5
Which Cisco device has the sole function at looking at threat detection and mitigation
at the
Enterprise edge?
A.
B.
C.
D.
Cisco IOS router
Cisco ASA
Cisco Catalyst FWSM
Cisco IPS
Correct Answer: D
Section: A
Explanation
QUESTION 6
If a teleworker is required to access the branch office via a secure IPSEC VPN
connection, which
technology is recommended to provide the underlying transport?
A. ISDN
B. Metro Ethernet
C. Frame Relay
D. ADSL
E. ATM
Correct Answer: D
Section: A
Explanation
QUESTION 7
You are asked to design a new branch office that will need to support 25 users. These
users will
be using an ISP connection and will need to connect to the main office for network
services.
Which two Cisco devices are the most appropriate to fulfill all these requirements?
(Choose two.)
A.
B.
C.
D.
E.
Cisco IPS
Cisco ISR G2
Cisco ASA
Cisco 2960
Cisco CRS-1
F. Cisco ACS
Correct Answer: BC
Section: A
Explanation
QUESTION 8
To provide Layer 2 connectivity between the primary and remote data centers, given
that the two
data centers are using Layer 3 routed DCIs, which NX-OS technology can be used to
facilitate this
requirement?
A.
B.
C.
D.
E.
VRF
OTV
MPLS
SPT
vPC
Correct Answer: B
Section: A
Explanation
Q. What is Cisco Overlay Transport Virtualization?
A. Cisco® Overlay Transport Virtualization (OTV) is a "MAC in IP" technique for supporting Layer 2 Vans over
any transport.
Q. What are the OTV transport requirements for the core?
A. The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP
packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic.
Q. Does OTV require the configuration of pseudo-wires or tunnels?
A. OTV does not require the configuration of pseudo-wires or tunnels. The encapsulation of the packets sent to
the overlay is performed dynamically based on a Layer 2 address destination lookup.
Q. Is OTV a public standard?
A. OTV is not a public standard, even though the technology is based on standardized protocols. The plan is to
submit the IETF drafts toward the end of calendar year 2010 (CY2010).
Q. On which Cisco platforms will OTV be supported?
A. OTV will make its first appearance on the Cisco Nexus® 7000 Series Switches. Other platforms in the Cisco
portfolio are planning to support this technology as well.
Q. What modules of the Cisco Nexus 7000 Series will support OTV?
A. OTV is supported on all M-series modules. OTV is not supported on F1-series modules. Deployments using
F1 series can leverage VDC separation to achieve the desired combination of line cards and functionality.
Q. Does OTV affect the existing Layer 2 design at a site?
A. OTV is both core and site transparent. No changes to the Layer 2 design of the sites are needed.
Q. Does OTV require the extension of the Spanning Tree Protocol?
A. OTV can extend the Layer 2 domains across geographically distant data centers by providing built-in filtering
capabilities to localize the most common networking protocols (Spanning Tree Protocol, VLAN Trucking
Protocol [VTP], and Hot Standby Router Protocol [HSRP]) and prevent them from traversing the overlay,
therefore keeping protocol failures from propagating across sites.
With OTV, each site can have its own implementation of spanning tree as well as its own spanning tree root
device.
Q. Does OTV provide site localization for the First-Hop Routing Protocol (FHRP)?
A. OTV provides built-in filtering capabilities to localize FHRP. A single FHRP group across the extended Layer
2 domain will now have an active gateway on each site, providing optimal egress routing.
Q. How does OTV propagate the MAC addresses learned at each site?
A. Unlike traditional Layer 2 Vans, which rely on Layer 2 flooding to propagate MAC address reach ability, OTV
uses a protocol to proactively advertise the MAC addresses learned at each site. The protocol advertisement
takes place in the background, with no configuration required by the network administrator.
Q. How does OTV handle unknown Unicast flooding?
A. OTV does not require unknown Unicast flooding to propagate MAC address reach ability; thus, there is no
need to flood the unknown Unicast over the overlay, and flooding is suppressed. The endpoints connected to
the network are assumed to be neither silent nor unidirectional. OTV also provides a way to learn the MAC
addresses for unidirectional hosts.
Q. Does OTV support static MAC-to-IP address mapping?
A. OTV enables the network administrator to statically map MAC addresses to IP addresses.
Q. What are the OTV advantages for multicast traffic?
A. With OTV, the multicast traffic generated at the site is optimally replicated by the core. Head-end replication
is not performed at the site when the core provides multicast services. OTV encapsulates the multicast frame
into a multicast IP packet (after joining a multicast group in the core), which will be replicated by the core to only
those sites that are supposed to receive it. This capability is built-in to OTV and does not require any multicast
configuration at the sites.
Q. Does OTV require multicast support in the core?
A. Although desirable to fully benefit from all the optimizations that OTV can provide, multicast in the core is not
mandatory. *Starting with NX-OS 5.2* OTV also provides an elegant and dynamic solution for those cores that
do not have multicast support.
Q. Does OTV support multiple overlays?
A. OTV can support multiple concurrent overlays.
Q. Does OTV support multipoint?
A. Automatic detection of multipoint is included as part of the OTV control protocol. This feature enables
multipoint of sites without requiring any additional configuration or protocol.
Q. How does OTV provide load balancing?
A. OTV provides two levels of load balancing:
• Within the core: OTV headers are defined to allow the core to hash traffic based on five-tupples and distribute
traffic over multiple paths to avoid polarization of encapsulated traffic.
• Within the site: OTV enables effective load balancing of flows across the multiple edge devices available in an
all-active multihued deployment. Load balancing follows equal-cost multipart (ECMP) rules based on the
information provided by the OTV control protocol.
Q. What is the encapsulation used by OTV?
A. OTV uses Ethernet over Generic Router Encapsulation (GRE) and adds an OTV shim to the header to
encode VLAN information. The OTV encapsulation is 42 bytes, which is less than virtual private LAN service
(VPLS) over GRE. The encapsulation is performed entirely by the forwarding engine in hardware.
Q. How complicated is OTV configuration? A. OTV has been designed with only a few command-line interface
(CLI) and built-in automated processes. This design makes OTV extremely simple to configure.
QUESTION 9
Which subnet address and mask would you use for all Class D multicast addresses
to be matched
within an access list?
A.
B.
C.
D.
E.
224.0.0.0/20
224.0.0.0/4
239.0.0.0/24
239.0.0.0/8
225.0.0.0/8
Correct Answer: B
Section: A
Explanation
QUESTION 10
Which mode is used to exclusively look for unauthorized access points?
A.
B.
C.
D.
monitor mode
sniffer mode
rogue detector mode
local mode
Correct Answer: C
Section: A
Explanation
QUESTION 11
Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol.
Which other
authentication solution is used hand-in-hand with 802.1X to authenticate users for
network
access?
A.
B.
C.
D.
E.
RADIUS
LEAP
IPsec
TACACS
ISAKMP
Correct Answer: A
Section: A
Explanation
QUESTION 12
Which two devices would you place in your DMZ to ensure enterprise edge security?
(Choose
two.)
A.
B.
C.
D.
E.
IPS
NAC
ASA
ACS
WCS
Correct Answer: AC
Section: A
Explanation
QUESTION 13
Your supervisor wants you to recommend a management protocol that will allow you
to track
overall bandwidth utilization, utilization by traffic type, and utilization by source and
destination.
Which is ideally suited for this function?
A.
B.
C.
D.
MRTG
Netflow
RRD
SNMP
Correct Answer: B
Section: A
Explanation
QUESTION 14
Which WLC interface is dedicated for WLAN client data?
A.
B.
C.
D.
E.
virtual interface
dynamic interface
management interface
AP manager interface
service port interface
Correct Answer: B
Section: A
Explanation
QUESTION 15
A hierarchical design of the EIGRP domain facilitates which two of the following?
(Choose two.)
A.
B.
C.
D.
E.
route summarization
faster convergence
unequal cost load balancing
redistribution
virtual links
Correct Answer: AB
Section: A
Explanation
Hierarchical Versus Flat Routing Protocols
Some routing protocols require a network topology that must have a backbone network
defined. This network contains some, or all, of the routers in the internetwork. When the
internetwork is defined hierarchically, the backbone consists of only some devices. Backbone
routers service and coordinate the routes and traffic to or from routers not in the local
internetwork. The supported hierarchy is relatively shallow. Two levels of hierarchy are
generally sufficient to provide scalability. Selected routers forward routes into the backbone.
OSPF and IS-IS are hierarchical routing protocols. By default, EIGRP is a flat routing
protocol, but it can be configured with manual summarization to support hierarchical
designs.
Flat routing protocols do not allow a hierarchical network organization. They propagate
all routing information throughout the network without dividing or summarizing large
networks into smaller areas. Carefully designing network addressing to naturally support
aggregation within routing-protocol advertisements can provide many of the benefits offered
by hierarchical routing protocols. Every router is a peer of every other router in flat
routing protocols; no router has a special role in the internetwork. EIGRP, RIPv1, and
RIPv2 are flat routing protocols.
QUESTION 16
Which three are associated with the distribution layer within the campus design?
(Choose three.)
A.
B.
C.
D.
access layer aggregation
route summarization
network trust boundary
next-hop redundancy
E. layer 2 switching
F. port security
G. broadcast suppression
Correct Answer: ABD
Section: A
Explanation
Distribution Layer Best Practices
As shown in Figure 3-6, the distribution layer aggregates all closet switches and connects
to the core layer. Design considerations for the distribution layer include providing wirespeed
performance on all ports, link redundancy, and infrastructure services.
The distribution layer should not be limited on performance. Links to the core must be
able to support the bandwidth used by the aggregate access layer switches. Redundant
links from the access switches to the distribution layer and from the distribution layer to
the core layer allow for high availability in the event of a link failure. Infrastructure services
include quality of service (QoS) configuration, security, and policy enforcement. Access
lists are configured in the distribution layer.
The following are recommended best practices at the distribution layer:
■ Use first-hop redundancy protocols. Hot Standby Router Protocol (HSRP) or Gateway
Load Balancing Protocol (GLBP) should be used if you implement Layer 2 links
between the Layer 2 access switches and the distribution layer.
■ Use Layer 3 routing protocols between the distribution and core switches to allow for
fast convergence and load balancing.
■ Only peer on links that you intend to use as transit.
QUESTION 17
Which two methods are used to reduce the mesh links required between iBGP peers
in the same
AS? (Choose two.)
A. community
B. router reflectors
C. local preference
D. confederations
E. atomic aggregate
F. MED
Correct Answer: BD
Section: A
Explanation
Route Reflectors
iBGP requires that all routers be configured to establish a logical connection with all other
iBGP routers. The logical connection is a TCP link between all iBGP-speaking routers. The
routers in each TCP link become BGP peers. In large networks, the number of iBGPmeshed
peers can become very large. Network administrators can use route reflectors to reduce the number of required
mesh links between iBGP peers. Some routers are selected
to become the route reflectors to serve several other routers that act as route-reflector
clients. Route reflectors allow a router to advertise or reflect routes to clients. The route reflector
and its clients form a cluster. All client routers in the cluster peer with the route reflectors
within the cluster. The route reflectors also peer with all other route reflectors in
the internetwork. A cluster can have more than one route reflector.
Confederations
Another method to reduce the iBGP mesh within an autonomous system is BGP confederations.
With confederations, the autonomous system is divided into smaller, sub autonomous
systems, and the whole group is assigned a confederation ID. The sub-ASNs or
identifiers are not advertised to the Internet but are contained within the iBGP networks.
The routers within each private autonomous system are configured with the full iBGP
mesh. Each sub-autonomous system is configured with eBGP to communicate with other
sub-autonomous systems in the confederation. External autonomous systems see only the
ASN of the confederation, and this number is configured with the BGP confederation
identifier.
QUESTION 18
Which of the following three options represents the components of the Teleworker
Solution?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
Cisco Unified IP Phone
Cisco 880 Series Router
Aironet Office Extend Access Point
Catalyst 3560 Series Switch
Cisco 2900 Series Router
MPLS Layer 3 VPN
Leased lines
Correct Answer: ABC
Section: A
Explanation
A Cisco ASR is used to terminate Teleworker solutions, not a 2900 series router.
Hybrid teleworker uses Aironet,
Advanced teleworker uses 880,
both use IP phones.
google: "at_a_glance_c45-652500.pdf" for details
The Cisco Virtual Office Solution for the Enterprise Teleworker is implemented using the
Cisco 800 series ISRs. Each ISR has integrated switch ports that then connect to the user’s
broadband connection. The solution uses a permanent always-on IPsec VPN tunnel back
to the corporate network. This architecture provides for centralized IT security management,
corporate-pushed security policies, and integrated identity services. In addition,
this solution supports the enterprise teleworker needs through advanced applications such
as voice and video. For example, the enterprise teleworker can take advantage of toll bypass,
voicemail, and advanced IP phone features not available in the PSTN.
Enterprise Teleworker Module
The enterprise teleworker module consists of a small office or a mobile user who needs to
access services of the enterprise campus. As shown in Figure 2-14, mobile users connect
from their homes, hotels, or other locations using dialup or Internet access lines. VPN
clients are used to allow mobile users to securely access enterprise applications. The Cisco
Virtual Office solution provides a solution for teleworkers that is centrally managed using
small integrated service routers (ISR) in the VPN solution. IP phone capabilities are also
provided in the Cisco Virtual Office solution, providing corporate voice services for mobile
users.
QUESTION 19
Which two features are supported by single wireless controller deployments?
(Choose two.)
A.
B.
C.
D.
E.
F.
automatic detection and configuration of LWAPPs
LWAPP support across multiple floors and buildings
automatic detection and configuration of RF parameters
Layer 2 and Layer 3 roaming
controller redundancy
mobility groups
Correct Answer: AB
Section: A
Explanation
QUESTION 20
Which consideration is the most important for the network designer when
considering IP routing?
A.
B.
C.
D.
convergence
scalability
on-demand routing
redistribution
Correct Answer: A
Section: A
Explanation
QUESTION 21
Which two of these practices are considered to be best practices when designing the
access layer for the enterprise campus? (Choose two)
A. Implement all of the services (QoS, security, STP, and so on) in the access layer, offloading the work from
the distribution and core layers.
B. Always use a Spanning Tree Protocol; preferred is Rapid PVST+.
C. Use automatic VLAN pruning to prune unused VLANs from trunked interface to avoid broadcast
propagation.
D. Avoid wasted processing by disabling STP where loops are not possible.
E. Use VTP transparent mode to decrease the potential for operational error
Correct Answer: BE
Section: A
Explanation
When designing the building access layer, you must consider the number of users or ports
required to size up the LAN switch. Connectivity speed for each host should also be considered.
Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or
port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should be
considered.
The following are recommended best practices for the building access layer:
• Limit VLANs to a single closet when possible to provide the most deterministic and highly
available topology.
• Use Rapid Per-VLAN Spanning Tree Plus (RPVST+) if STP is required. It provides the faster
convergence than traditional 802.1d default timers.
• Set trunks to ON and ON with no-negotiate.
• Manually prune unused VLANs to avoid broadcast propagation (commonly done on the
distribution switch).
• Use VLAN Trunking Protocol (VTP) Transparent mode, because there is little need for a
common VLAN database in hierarchical networks.
• Disable trunking on host ports, because it is not necessary. Doing so provides more security and
speeds up PortFast.
• Consider implementing routing in the access layer to provide fast convergence and Layer 3 load
balancing.
• Use the switchport host commands on server and end-user ports to enable PortFast and
disable channeling on these ports.
• Use Cisco STP Toolkit, which provides
• PortFast: Bypass listening-learning phase for access ports
• Loop GuarD. Prevents alternate or root port from becoming designated in absence of bridge
protocol data units (BPDU)
• Root GuarD. Prevents external switches from becoming root
• BPDU GuarD. Disables PortFast-enabled port if a BPDU is received
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 3, Page 85
QUESTION 22
Which one of these statements should the designer keep in mind when considering
the advanced routing features?
A. one-way router redistribution avoids the requirement for state or default routes.
B. Redistribution, summarization, and filtering are most often applied between the campus core and enterprise
edge.
C. Filtering only occurs on the routing domain boundary using redistribution
D. Summarize routes at the core toward the distribution layer.
E. The hierarchical flexibility of IPv6 addressing avoids the requirement for routing traffic reduction using
aggregation.
Correct Answer: B
Section: A
Explanation
QUESTION 23
Which IPv6 feature enables routing to distribute connection requests to the nearest
content server?
A.
B.
C.
D.
E.
Link-local
Site-local
Anycast
Multicast
Global aggregatable
Correct Answer: C
Section: A
Explanation
Anycast is a network addressing and routing methodology in which datagrams from
a single sender are routed to the topologically nearest node in a group of potential receivers all
identified by the same destination address.
Link: http://en.wikipedia.org/wiki/Anycast
QUESTION 24
Which one of these statements is true about addressing redundancy within the WAN
environment?
A. The reliability and speed of DSL allow for cost savings by not including redundant links.
B. CAMDM and dark fiber offer advanced redundancy features such as automatic backup and repair
mechanism to cope system faults
C. An SLA is one way to eliminate the need for redundancy.
D. The failure of a single SONET/SDH link or network element does not lead to failure of the entire network.
Correct Answer: D
Section: A
Explanation
QUESTION 25
Which one of these statements is true concerning the enterprise data center?
A.
B.
C.
D.
It can be located either at the enterprise campus or at a remote branch.
Remote data center connectivity requirements align with the small office design.
The data center designs will differ substantially depending on whether the location is on campus or remote.
A remote branch with a data center becomes the enterprise campus.
Correct Answer: C
Section: A
Explanation
QUESTION 26
A global corporation has an internal network with the following characteristics:
- 2,000,000+ hosts
- 10,000 + routers
- Internal connectivity
- high traffic volumes with business partners and customers
Which statement best describes what a flexible IPv6 strategy would look like for this
corporation?
A.
B.
C.
D.
Both hosts and routers would run dual stack
Hosts would run IPv4 and routers would run native IPv6
Hosts would run dual stack and routers would run IPv4 only
Hosts would run IPv6 and routers would run native IPv6
Correct Answer: A
Section: A
Explanation
Dual-stack is the preferred, most versatile way to deploy IPv6 in existing IPv4
environments. IPv6 can be enabled wherever IPv4 is enabled along with the associated features
required to make IPv6 routable, highly available, and secure. In some cases, IPv6 is not enabled
on a specific interface or device because of the presence of legacy applications or hosts for which
IPv6 is not supported. Inversely, IPv6 may be enabled on interfaces and devices for which IPv4
support is no longer needed.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html#wp389920
Exam B
QUESTION 1
In terms of remote office design, which one of these statements is a characteristics
only of a small remote office (up to 50 user), and not of medium or remote offices?
A.
B.
C.
D.
Link redundancy to access layer switches is not possible with an integrated design.
A collapsed access and distribution layer is required.
There are no loops in the network design.
Layer 3 services such as DHCP, firewall, and NAT are provided by enterprise campus.
Correct Answer: C
Section: B
Explanation
QUESTION 2
Which two statements about the data Center Aggregation layer are correct? (Choose
two)
A.
B.
C.
D.
Layer 4 through layer 7 services are provided in that layer
STP should never be supported in that layer
That layer is the critical point for control and application services
Layer 2 connectivity is provided in that layer from the data center to the core
Correct Answer: AC
Section: B
Explanation
Data Center aggregation layer connects various network modules together.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html
QUESTION 3
With respect to IPv6 addressing, from a design perspective, which of these
statements is it important to keep in mind?
A. IPv6 addressing provides convenience of anycast addressing without any configuration requirements.
B. IPv6 does not use multicast addressing.
C. An IPv6 router will not forward packets from one link to other links if the packet has either a link- local
source or a link-local destination address.
D. Dynamic address assignment requires DHCPv6.
Correct Answer: C
Section: B
Explanation
Link local addresses are local to the LAN only, they are not communicated across
LAN boundaries.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html
QUESTION 4
What is primary consideration when choosing a routed network design over a
traditional campus network design?
A.
B.
C.
D.
Layer 3 service support at the network edge
the routing protocol choice: open (OSPF) or proprietary (EIGRP)
the routing abilities of the host devices
the need to control the broadcast domains within the campus core
Correct Answer: A
Section: B
Explanation
Layer 3 ability at network edge should be available to leverage the benefits of routed
network design.
QUESTION 5
When selecting which hardware switches to use throughout an enterprise campus
switched network, which consideration is not relevant?
A.
B.
C.
D.
whether data link layer switching based the MAC address is required
the number of shared media segments
which infrastructure service capabilities are required
whether to support Layer 3 services at the network edge.
Correct Answer: B
Section: B
Explanation
Shared media are not used in modern networks; all links are operating full-duplex
QUESTION 6
Layer 2 switching is exclusively used in which Enterprise Campus Module layer?
A.
B.
C.
D.
E.
Server Farm
Campus Core
Building Access
Building Distribution
Internet Connectivity
Correct Answer: C
Section: B
Explanation
Access layer provides network connectivity to end users which is layer 2 in nature.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html#wp708780
QUESTION 7
Which one of these statements describes why, from a design perspective, a managed
VPN approach for enterprise teleworkers is a most effective?
A. A managed VPN solution uses a cost effective, on-demand VPN tunnel back to the enterprise
B. This solution supports all teleworkers who do not require voce or video
C. This architecture provides centralized management where the enterprise can apply security policies and
push configurations.
D. It provides complete flexibility for remote access through a wireless hotspot or a guest network at a host, in
addition to a home office.
Correct Answer: C
Section: B
Explanation
Here is the answer from the Cisco Certification guide.
Enterprise Teleworker Design
Enterprise teleworkers need to be differentiated from the occasional remote worker. The full-time
enterprise teleworker has more extensive application access and requirements than the
occasional remote worker. Occasionally, remote users connect to the corporate network at a
hotspot, but generally they do not have the same application demands of an enterprise teleworker.
Generally, enterprise teleworkers connect to a local ISP through a cable or DSL connection in their
residence.’
The Cisco Virtual Office Solution for the Enterprise Teleworker is implemented using the Cisco
800 series ISRs. Each ISR has integrated switch ports that then connect to the user’s broadband
connection. The solution uses a permanent always-on IPsec VPN tunnel back to the corporate
network. This architecture provides for centralized IT security management, corporate-pushed
security policies, and integrated identity services. In addition, this solution supports the enterprise
teleworker needs through advanced applications such as voice and video. For example, the
enterprise teleworker can take advantage of toll bypass, voicemail, and advanced IP phone
features not available in the PSTN.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 7
QUESTION 8
For which network scenario is static routing most appropriate?
A.
B.
C.
D.
parallel WAN links
IPSec VPN
expanding networks
hierarchical routing
Correct Answer: B
Section: B
Explanation
IPSec VPN are point to point connections and works easily with static routes.
Link: CCDA Self Study GuidE. Diane Teare
QUESTION 9
Your company's Cisco routers are operating with EIGRP. You need to join networks
with an acquisition's heterogeneous routers at 3 sites, operating with EIGRP and
OSPF. Which describes the best practice for routing protocol deployment?
A. apply OSPF throughout both networks
B. apply one-way redistribution exclusively at each location
C.
D.
E.
F.
apply two way redistribution exclusively at each location
apply two-way redistribution at each location with a route filter at only one location
apply two-way redistribution at each location with a route filter at each location
apply EIGRP with the same autonomous system throughout both networks
Correct Answer: E
Section: B
Explanation
Without filters there is possibility of routing loops.
Link: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009487e.shtml
QUESTION 10
When considering the enterprise campus design, which network application category
most influences the network design?
A.
B.
C.
D.
peer-to-peer
client-local server
client-enterprise edge server
client-server farm
Correct Answer: D
Section: B
Explanation
There should be considerations about traffic flow between client and servers.
Link:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0
/BN_Campus_Models.html
QUESTION 11
When designing the wireless portion of an enterprise campus network, which one of
these statements should serve as a strict guideline?
A. Wireless controllers should be distributed throughout the building distribution layers
B. Dynamic controller redundancy, where the access points attempt to join the least loaded controller, is a
best-practice approach.
C. Wireless controllers should be centralized in the core layer
D. To improve the RF coverage, the controllers of any building should be put in the same mobility group.
Correct Answer: C
Section: B
Explanation
QUESTION 12
When designing using the Cisco Enterprise Architecture, in which Enterprise Campus
layer does the remote Access and VPN module establish its connection?
A.
B.
C.
D.
Building Access
Campus Core
Enterprise Branch
Enterprise Data Center
Correct Answer: B
Section: B
Explanation
All the modules must end up in the core for optimized routing & switching across the
network modules.
Link:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0
/BN_Campus_Technologies.html
QUESTION 13
Which one of these statements best describes the challenge of the designer when
dealing with IP routing?
A. OSPF supports fast convergence does not require periodic routing table updates, so the optional network
design is best simplified with the network as a single backbone area.
B. Manual summarization is limited to ABRs and ASBRs, therefore the designer must pay strict attention to the
EIGRP topology.
C. EIGRP, as a proprietary protocol, has special challenges when dealing with networks deployed with IPv6.
D. Effective scalability with OSPF requires the designer to pay strict attention to the hierarchical network
structure, localizing topology changes.
Correct Answer: D
Section: B
Explanation
OSPF demands modular design, multiple areas for functioning optimally.
Link: http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml
QUESTION 14
When designing the identity and access control portions for the enterprise campus
network, which of these solutions would be the most appropriate solution to
consider?
A.
B.
C.
D.
802.1x
ACLs in the core layer
Cisco Security MARS
NetFlow
Correct Answer: A
Section: B
Explanation
QUESTION 15
DataQuirk is a web-based medical transcription company for exotic-animal
veterinarians. The company recently added a third ISP for international business.
They are organizing the enterprise network into a fully operational Enterprise Edge.
To which two modules will the three ISPs be directly related? (Choose two.)
A.
B.
C.
D.
E.
F.
PSTN
E-commerce
WAN/MAN
Edge Distribution
internet Connectivity
Remote Access VPN
Correct Answer: BE
Section: B
Explanation
The purpose of ISP link is for serving customers & it is also providing internet
connectivity to internal & external users, thus it falls into above 2 categories.
Link: http://leaman.org/ccna4/Chap_1.pdf
QUESTION 16
Which codec does Cisco recommend for WAN links?
A. G.711
B. G.723
C. G.728
D. G.729
Correct Answer: D
Section: B
Explanation
Codec Standards
Codecs transform analog signals into a digital bit stream and digital signals back into analog
signals. Figure 14-14 shows that an analog signal is digitized with a coder for digital transport. The
decoder converts the digital signal into analog form.
Figure 14-14. Codec
Each codec provides a certain quality of speech. Each codec provides a certain level of fidelity to
the original audio, or quality of speech. The term mean opinion score (MOS) is used to rate the
fidelity for a codec. A MOS score is not a scientific measure. Instead, it is a rating determined by
sampling the output to a large group of listeners who judge the audio fidelity from 1 (bad) to 5
(best). The scores are then averaged to provide the MOS for each codec. For example, the
established MOS score for G.711 is 4.1, and G.729 is 3.92. The default codec setting for VoIP dial
peers in Cisco IOS software is G.729 (g729r8), but this can be configured with= several other
options, including G.711. Other codec standards are shown in Table 14-8. An Explanation: of the
compression techniques is beyond the scope of the CCDA test.
Table. Codec Standards
QUESTION 17
The enterprise campus core layer has requirements that are unique from the
distribution and access layers. Which of the following is true about the core layer?
A.
B.
C.
D.
The core layer provides convergence using Layer 2 and Layer 3 services and features.
The core layer provides high availability to support the distribution layer connections to the enterprise edge.
The campus core layer is optional.
The core layer requires high performance to manage the traffic policing across the backbone.
Correct Answer: C
Section: B
Explanation
QUESTION 18
Which one of these statements is true concerning the data center distribution
(aggregation) layer design?
A. With Layer 3 at the aggregation layer, the physical loops in the topology must still be managed by STP.
B. The boundary between Layer 2 and Layer 3 must reside in the multilayer switches, independent of any other
devices such as firewalls or content switching devices.
C. A mix of both Layer 2 and Layer 3 access is sometimes the most optimal.
D. In a small data center, the aggregation layer can connect directly to the campus core, exchanging IP routes
and MAC address tables.
Correct Answer: C
Section: B
Explanation
QUESTION 19
Select and Place:
Correct Answer:
Section: B
Explanation
I changed this answer to reflect CCDP explanation:
■ Layer 2 loop-free design: In this design, the access switches use Layer 2 switching.
The links between the access and distribution layers are configured as Layer 2 trunks.
The link between the distribution switches is configured as a Layer 3 routed link. An
EtherChannel is typically used for this link to increase availability. In this design,
there are no Layer 2 loops in the access-distribution block, which means that the
Spanning Tree Protocol is not involved in network convergence and load balancing.
All the ports are in the spanning-tree Forwarding state. Load balancing of the traffic
from the access to the distribution layer is based on the First Hop Router Protocol
(FHRP) that is used in this design. Reconvergence time in the case of failure is driven
primarily by FHRP reconvergence. A limitation of this solution is that it is optimal for
networks where each access layer VLAN can be constrained to a single access switch.
Stretching VLANs across multiple access switches is not recommended in this design.
■ Layer 2 looped design: The Layer 2 looped design also uses Layer 2 switching on
the access layer, and the links between the access and distribution switches are also
configured as Layer 2 trunks. However, unlike the Layer 2 loop-free design, the link
between the distribution switches is configured here as a Layer 2 trunk. This configuration
introduces a Layer 2 loop between the distribution switches and the access
switches. To eliminate this loop from the topology, the Spanning Tree Protocol
blocks one of the uplinks from the access switch to the distribution switches. This
design is recommended for networks that require an extension of VLANs across
multiple access switches. A drawback is that network convergence in the case of failure
is now dependent on spanning-tree convergence that is combined with FHRP
convergence. Another downside is limited load balancing. PVST root election tuning
can be used to balance traffic on a VLAN-by-VLAN basis. However, within each
VLAN, spanning tree always blocks one of the access switch uplinks.
■ Layer 3 routed design: The Layer 3 routed design uses Layer 3 routing on the access
switches. All links between switches are configured as Layer 3 routed links. The advantage
of this design is that it eliminates the Spanning Tree Protocol from the interswitch
links. It is still enabled on edge ports to protect against user-induced loops,
but it does not play a role in the network reconvergence in the access-distribution
block. FHRPs are also eliminated from the design, because the default gateway for
the end hosts now resides on the access switch instead of on the distribution switch.
Network reconvergence behavior is determined solely by the routing protocol being
used. Like the Layer 2 loop-free design, the Layer 3 routed design constrains VLANs
to a single access switch. Also, this design does not allow VLANs to be extended
across multiple access switches, and it requires more sophisticated hardware for the
access switches.
This WAS answer !!!!!
Layer 2 between distribution and access layers, with a Layer 3 link between the distribution
switches
-> Support Layer 2 VLANs spanning multiple access layer switches across the distribution
switches
Layer 2 between distribution and access layers, with a Layer 2 link between the distribution
switches
-> FHRP for convergence, no VLANs span between access layer switches across the distribution
switches
VSS -> Convergence (FHRP) is not an issue
The following are recommended best practices at the distribution layer:
QUESTION 20
RST Corporation is planning to upgrade its current network. The chief technology
officer has supplied a topology diagram and an IP addressing scheme of the current
network during an interview.
RST has been growing at about twenty percent per year. It has been difficult to
maintain customer support at a satisfactory level. Therefore, the RST board has met
with and directed the chief technology officer to look into network improvements.
Which two items are most relevant in documenting RST's business requirements?
(Choose two.)
A.
B.
C.
D.
E.
existing network topologies
network performance requirements
the IP addresses assigned by the ISP
improved customer support requirements
projected growth estimates
Correct Answer: DE
Section: B
Explanation
■ Growth of applications: Customers continue to ask for new products, service offerings,
improved customer service, greater security, and customization flexibility—all
at a lower cost.
QUESTION 21
Which two design criteria require VLANs in a proposed solution? (Choose two.)
A.
B.
C.
D.
E.
F.
the segmenting of collision domains
a limited corporate budget
the use of multivendor equipment
security between departments
video streaming on the LAN
the segmenting of broadcast domains
Correct Answer: DF
Section: B
Explanation
QUESTION 22
Which two methods are used to enhance VPN performance on Cisco ISRs? (Choose
two.)
A.
B.
C.
D.
E.
F.
SSL Acceleration Network Module
VPN Shared Port Adapter
VPN Acceleration Module
high-performance VPN encryption AIM
VPN Service Adapter
built-in hardware-based encryption acceleration
Correct Answer: DF
Section: B
Explanation
ISR G2 Security Hardware Options
The Cisco G2 ISRs have additional hardware options that enhance the routers’ security
capabilities. Here are some of the available hardware options:
NotE.
For a complete ISR G2 series comparison, go to
www.cisco.com/en/US/products/ps10536/prod_series_comparison.html.
QUESTION 23
Which three factors best justify WAN link redundancy between geographically
dispersed sites? (Choose three.)
A.
B.
C.
D.
high expense of transmitting data
important traffic flows
excessive packet transmission rate
uncertain reliability
E. high link utilization
F. lack of speed
Correct Answer: BDF
Section: B
Explanation
WAN Backup Design
Redundancy is critical in WAN design for the remote site because of the unreliable nature of WAN
links, when compared to LANs that they connect. Most enterprise edge solutions require high
availability between the primary and remote site. Because WAN links have lower reliability and
lack bandwidth, they are good candidates for most WAN backup designs.
Branch offices should have some type of backup strategy in the event of a primary link failure.
Backup links can be either dialup, permanent WAN, or Internet-based connections.
WAN backup options are as follows:
QUESTION 24
In a Cisco CatOS switch, what is the recommended practice when configuring switchto-switch intercommunications to carry multiple VLANs for Dynamic Trunk Protocol?
A.
B.
C.
D.
E.
F.
auto to auto_negotiate
disable Dynamic Trunk Protocol when operating in the distribution layer
auto to auto_no_negotiate
desirable to desirable_no_negotiate
on to on_negotiate
desirable to desirable_negotiate
Correct Answer: E
Section: B
Explanation
Access Layer Best Practices
When designing the building access layer, you must consider the number of users or ports
required to size up the LAN switch. Connectivity speed for each host should also be considered.
Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or
port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should be
considered. The following are recommended best practices for the building access layer:
QUESTION 25
What are the two most likely driving forces motivating businesses to integrate voice
and data into converged networks? (Choose two.)
A.
B.
C.
D.
Voice networks cannot carry data unless the PRI circuits aggregate the BRI circuits.
Their PSTNs cannot deploy features quickly enough.
Data, voice, and video cannot converge on their current PSTN structures.
Voice has become the primary traffic on networks.
E. WAN costs can be reduced by migrating to converged networks.
Correct Answer: CE
Section: B
Explanation
VoIP
VoIP provides transport of voice over the IP protocol family. IP makes voice globally available
regardless of the data-link protocol in use (Ethernet, ATM, Frame Relay). With VoIP, enterprises
do not have to build separate voice and data networks. Integrating voice and data into a single
converged network eliminates duplicate infrastructure, management, and costs.
Figure 14-7 shows a company that has separate voice and data networks. Phones connect to
local PBXs, and the PBXs are connected using TDM trunks. Off-net calls are routed to the PSTN.
The data network uses LAN switches connected to WAN routers. The WAN for data uses Frame
Relay. Separate operations and management systems are required for these networks. Each
system has its corresponding monthly WAN charges and personnel, resulting in additional costs.
With separate voice and data networks,
Figure 14-7 Separate Voice and Data Networks
QUESTION 26
Which three mechanisms are required to deploy QoS on an IP WAN? (Choose three.)
A.
B.
C.
D.
E.
F.
queuing and scheduling
Call Admission Control
traffic shaping
link efficiency techniques
traffic classification
bandwidth provisioning
Correct Answer: CDE
Section: B
Explanation
Queuing, Traffic Shaping, and Policing
Cisco has developed many different QoS mechanisms, such as queuing, policing, and traffic
shaping, to enable network operators to manage and prioritize the traffic flowing on the network.
Applications that are delay sensitive, such as VoIP, require special treatment to ensure proper
application functionality. Queuing refers to the buffering process used by routers and switching
when they receive traffic faster than can be transmitted. Different queuing mechanisms can be
implemented to influence the order in which the different queues are serviced (that is, how
different types of traffic are emptied from the queues). Table 6-6 identifies QoS considerations to
optimize bandwidth.
QUESTION 27
Which two statements best describe the implementation of Overlay VPN connectivity for remote access in the
Enterprise Edge WAN module? (Choose two.)
A.
B.
C.
D.
E.
Bandwidth is provisioned on a site-to-site basis.
It uses dedicated point-to-point links.
Optimum routing between customer sites requires a full mesh of virtual circuits.
It must use Layer 2 labels to forward packets
The ISP actively participates in customer routing.
Correct Answer: AC
Section: B
Explanation
Network-Layer VPNs
The network layer in the TCP/IP protocol suite consists of the IP routing system—how reachability
information is conveyed from one point in the network to another. There are a few methods to
construct VPNs within the network layer; each is examined in the following paragraphs. A brief
overview of non-IP VPNs is provided in Part II of this article.A brief overview of the differences in
the "peer" and "overlay" VPN models is appropriate at this point. Simply put, the "peer" VPN
model is one in which the network-layer forwarding path computation is done on a hop-by-hop
basis, where each node in the intermediate data transit path is a peer with a next-hop node.
Traditional routed networks are examples of peer models, where each router in the network path is
a peer with its next-hop adjacencies. Alternatively, the "overlay" VPN model is one in which the
network-layer forwarding path is not done on a hop-by-hop basis, but rather, the intermediate linklayer
network is used as a "cut-through" to another edge node on the other side of a large cloud.
Examples of "overlay" VPN models include ATM, Frame Relay, and tunneling
implementations.Having drawn these simple distinctions between the peer and overlay models, it
should be noted that the overlay model introduces some serious scaling concerns in cases where
large numbers of egress peers are required because the number of adjacencies increases in
direct proportion to the number of peers—the amount of computational and performance overhead
required to maintain routing state, adjacency information, and other detailed packet forwarding and
routing information for each peer becomes a liability in very large networks. If all the egress nodes
in a cut-through network become peers in an effort to make all egress nodes one "Layer 3" hop
away from one another, the scalability of the VPN overlay model is limited quite remarkably.
The Internet Protocol Journal - Volume 1, No. 1
What Is a VPN? - Part I
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/what_is_a_vpn.html
QUESTION 28
A manufacturing company has decided to add a website to enhance sales. The web servers in the ECommerce module must be accessible without compromising network security. Which two design
recommendations can be made to meet these requirements? (Choose two.)
A.
B.
C.
D.
E.
Move the E-Commerce servers to the WAN module.
Use intrusion detection on the E-Commerce server farm.
Limit the number of incoming connections to the E-Commerce module.
Use private and public key encryption.
Place E-Commerce servers and application servers on isolated LANs (DMZs).
Correct Answer: BE
Section: B
Explanation
QUESTION 29
A very large organization has received its IPv6 address range from its Internet Service
Provider and intends to use only IPv6 addresses internally. Employees will access
the Internet using port address translation. What is a requirement for their DNS
servers?
A.
B.
C.
D.
E.
F.
There are no changes required to their DNS servers.
Their DNS servers need to support only IPv6 addresses.
Their DNS servers need to support only IPv4 addresses.
They need additional DNS servers in their network just for IPv6 addresses.
They no longer need DNS servers.
Their DNS servers need to support both IPv4 and IPv6 addresses.
Correct Answer: F
Section: B
Explanation
QUESTION 30
Which two statements represent advantages that the top-down network design
process has over the bottom-up network design process? (Choose two.)
A. utilizes previous experience
B. identifies appropriate technologies first
C. is able to provide the big picture
D. takes less time to design a network
E. provides a design for current and future development
Correct Answer: CE
Section: B
Explanation
By incorporating the organization’s requirements, the top-down network design process provide
the big picture that meets current and future requirements.
QUESTION 31
Which two statements about IPv6 addresses are true? (Choose two.)
A.
B.
C.
D.
Two colons (::) are used to represent successive hexadecimal fields of zeros.
Leading zeros are required.
Two colons (::) are used to separate fields.
A single interface will have multiple IPv6 addresses of different types.
Correct Answer: AD
Section: B
Explanation
QUESTION 32
Select and Place:
Correct Answer:
Section: B
Explanation
Added a different D & D based on Secur Tut CCDA V2.1 Experience
SO IGNORE THIS ONE EXAM F
Q14
Original answer was:
Cisco Unified Communication System -> Cisco Nexus1000 and Enforcing vm Security
VSAN/VLAN -> Network and Server Virtualization
Data Center Virtualization -> Pending
ARCH guide shows for 1000V:
Virtualization: The Cisco VN-Link technology provides virtual machine-aware network
services. This technology is used in the Cisco Nexus 1000V Distributed Virtual Switch,
which integrates into the VMware vSphere virtualization platform.
Other virtualization technologies that are supported in the Cisco Nexus family of
switches are virtual port channels (vPC) and virtual device contexts (VDC).
Exam C
QUESTION 1
Characterizing an existing network requires gathering as much information about the
network as
possible. Which of these choices describes the preferred order for the informationgathering
process?
A.
B.
C.
D.
site and network audits, traffic analysis, existing documentation and organizational input
existing documentation and organizational input, site and network audits, traffic analysis
traffic analysis, existing documentation and organizational input, site and network audits
site and network audits, existing documentation and organizational input, traffic analysis
Correct Answer: B
Section: C
Explanation
This section describes the steps necessary to characterize the existing network infrastructure
and all sites. This process requires three steps:
Step 1. Gather existing documentation about the network, and query the organization
to discover additional information. Organization input, a network audit,
and traffic analysis provide the key information you need. (Note that existing
documentation may be inaccurate.)
Step 2. Perform a network audit that adds detail to the description of the network. If
possible, use traffic-analysis information to augment organizational input
when you are describing the applications and protocols used in the network.
Step 3. Based on your network characterization, write a summary report that
describes the health of the network. With this information, you can propose
hardware and software upgrades to support the network requirements and the
organizational requirements.
QUESTION 2
Which of the following is a component within the Cisco Enterprise Campus module?
A.
B.
C.
D.
E.
Teleworker
E-Commerce
WAN/MAN Site-to-Site VPN
Correct Answer: D
Section: C
Explanation
QUESTION 3
Which three types of WAN topologies can be deployed in the Service Provider
Module? (Choose
three.)
A.
B.
C.
D.
E.
F.
ring
star
full mesh
core/edge
collapsed core
partial mesh
Correct Answer: BCF
Section: C
Explanation
QUESTION 4
You need to connect to a remote branch office via an Internet connection. The remote
office does
not use Cisco equipment. This connection must be secure and must support OSPF.
Which of the following can be used to transport data to the branch office?
A.
B.
C.
D.
GRE over IPsec
IPsec
GRE
IPsec VTI
Correct Answer: A
Section: C
Explanation
QUESTION 5
When designing an EIGRP network, which two things should you take into
consideration?
(Choose two.)
A.
B.
C.
D.
E.
ASN and K values must match
The neighbor command can be used to enable unicast communication.
The neighbor diameter cannot exceed a 15-hops limit.
NSSA areas can be used to redistribute external routes.
Neighbor relationship can be established with non-Cisco routers.
Correct Answer: AB
Section: C
Explanation
QUESTION 6
Identify the three items that pertain to EIGRP. (Choose three.)
A.
B.
C.
D.
Can use multiple unequal paths
Routes are redistributed as type 2 by default.
ASN and K values must match to form neighbors.
Uses multicast address 224.0.0.9 for updates.
E. Exchanges full routing table every 30 seconds.
F. Summary routes have AD of 90.
G. External routes have AD of 170.
Correct Answer: ACG
Section: C
Explanation
QUESTION 7
Which two are characteristics of a Lightweight Access Point? (Choose two.)
A.
B.
C.
D.
E.
managed via a central wireless LAN controller
code upgrade performed via a TFTP server
CAPWAP tunnels
managed directly via CLI or web interface
facilitates the creation of its own WLANs and port mappings
Correct Answer: AC
Section: C
Explanation
Cisco Unified Wireless Network (UWN) architecture, Control
and Provisioning for Wireless Access Point (CAPWAP), WLAN controller components,
roaming, and mobility groups. Cisco UWN components provide scalable WLAN solutions
using WLAN controllers to manage LWAPs. The CCDA must understand how these
components work with each other, how they scale, and how roaming and mobility
groups work.
QUESTION 8
Which is the North American RIR for IPv4 addresses?
A.
B.
C.
D.
E.
RIPE
ARIN
IANA
IEEE
APNIC
Correct Answer: B
Section: C
Explanation
QUESTION 9
What is the most compact representation of the following IPv6 address?
2001:db8:0000:0000:cafe:0000:0000:1234
A. 2001:db8::cafe::1234
B. 2001:db8::cafe:0000:0000:1234
C. 2001:db8:0:0:cafe::1234
D. 2001:db8::cafe:0:1234
Correct Answer: C
Section: C
Explanation
QUESTION 10
Your supervisor has asked you to deploy a routing protocol within the lab
environment that will
allow for unequal cost multipath routing. Which should you choose?
A.
B.
C.
D.
EIGRP
OSPF
IS-IS
RIP
Correct Answer: A
Section: C
Explanation
QUESTION 11
Where in the Cisco Enterprise Architecture model does network management reside?
A.
B.
C.
D.
E.
Enterprise data center module
Enterprise campus module
Enterprise edge module
Service Provider edge module
Service Provider data center module
Correct Answer: B
Section: C
Explanation
QUESTION 12
Which three statements are true regarding the virtual interface on a Cisco Wireless
LAN
Controller? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
supports mobility management
serves as a DHCP relay
used for all controller to AP communication
supports embedded Layer 3 security
default for out-of-band management
default for in-band management
provides connectivity to AAA servers
Correct Answer: ABD
Section: C
Explanation
■ Virtual interface (static, configured at setup, mandatory) is used for Layer 3 security
authentication, DHCP relay support, and mobility management.
QUESTION 13
When there is a need for immunity to EMI for connecting locations that are greater
than 100
meters apart, which two solutions can be utilized? (Choose two.)
A.
B.
C.
D.
E.
F.
multimode fiber
Fibre Channel
HVDC transmission lines
single-mode fiber
serial RS-232
Gigabit Ethernet 1000BASE-CX
Correct Answer: AD
Section: C
Explanation
QUESTION 14
What does the Cisco SLM define as the component used to specify expected
performance between a pair of devices connected by a network?
A.
B.
C.
D.
CM
SLC
SLA
SAA
Correct Answer: C
Section: C
Explanation
QUESTION 15
For the following options, which International Telecommunication Union (ITU)
standard provides a framework for multimedia protocols for the transport of voice,
video, and data over packet- switched networks?
A.
B.
C.
D.
Weighted fair queuing (WFQ)
H.323
Voice over IP (VoIP)
Session Initiation Protocol (SIP)
Correct Answer: B
Section: C
Explanation
VoIP Control and Transport Protocols
A number of different protocols are used in a VoIP environment for call control, device
provisioning, and addressing.
Figure 14-15 shows those protocols focused on VoIP control and transport.
Some of the most significant protocols are
Dynamic Host Configuration Protocol (DHCP): Used to provide device configuration
parameters such as IP configuration (address, subnet mask, default gateway) and TFTP servers
(via DHCP option 150).
TFTP: To obtain ring tones, backgrounds, configuration files, and firmware files.
Skinny Client Control Protocol (SCCP): Used for call control for Cisco IP phones (Cisco
proprietary).
Real-time Transport Protocol (RTP): For voice stream (VoIP) station-to-station traffic in an
active call.
Real-time Transport Control Protocol (RTCP): For RTP control and reporting (accompanying
stream to RTP between endpoints).
Media Gateway Control Protocol (MGCP): A client/server protocol for control of endpoints and
gateways. In the MGCP model, intelligence resides on the call agent (server), and the device is
controlled by the agent.
H.323: An ITU standard for VoIP networks that is a peer-to-peer system (call processing logic is
local to each device) used for gateways and endpoints.
Session Initiation Protocol (SIP): A standard for VoIP networks defined by the IETF and used
for gateways and endpoints. SIP is feature rich (native IM, presence, and video support),
lightweight, and designed for easy troubleshooting (ASCII-based messages).
QUESTION 16
What does CDP stand for ?
A.
B.
C.
D.
Collection Device Protocol
Campus Discovery Protocol
Cisco Device Protocol
Cisco Discovery Protocol
Correct Answer: D
Section: C
Explanation
CDP
Cisco Discovery Protocol (CDP) é um protocolo proprietário da Cisco que podem ser
usados para descobrir só
Dispositivos de rede Cisco. CDP é a mídia e independente de protocolo, por isso
funciona over Ethernet, Frame
Relay, ATM, e outras mídias. A exigência é que o suporte de mídia Subnetwork
Acesso
Protocolo de encapsulamento (SNAP). CDP é executado na camada de enlace de
dados do modelo OSI. CDP usa Olá
mensagens; pacotes são trocados entre os vizinhos, mas a informação CDP não é
encaminhado. em
Além de roteadores e switches, telefones IP e Cisco Unified Communication Manager
(CUCM)
servidores também anunciar informações CDP.
Sendo protocolo e mídia independente é a maior vantagem do CDP sobre outra rede
tecnologias de gestão. CDP fornece informações importantes sobre os vizinhos,
incluindo plataformas,
capacidades e endereços IP, o que é significativo para a descoberta de rede. É útil
quando SNMP
strings de comunidade são desconhecidas ao realizar uma descoberta de rede.
Ao exibir vizinhos CDP, você pode obter as seguintes informações:
Dispositivos de gerenciamento de rede pode obter CDP informações para coleta de
dados. CDP deve ser
desativada em interfaces não confiáveis, como aqueles que enfrentam a Internet,
redes de terceiros, ou
outras redes seguras. CDP só funciona em dispositivos Cisco.
Nota. Desabilitar o CDP em interfaces para o qual você não quer dispositivos a serem
descobertas, como
Conexões com a Internet.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capítulo 15
QUESTION 17
Which H.323 protocol is in charge of call setup and signaling?
A.
B.
C.
D.
RTCP
H.245
G.711
H.225
Correct Answer: D
Section: C
Explanation
QUESTION 18
What is the reason for switching preferred on shared segments?
A.
B.
C.
D.
Switched segments provide a collision domain for each host.
Switched segments provide a broadcast domain for each host
Shared segments provide a broadcast domain for each host.
Shared segments provide a collision domain for each host.
Correct Answer: A
Section: C
Explanation
Switches usam circuitos integrados especializados para reduzir a latência comum
pontes regulares.
Switches são a evolução de pontes. Alguns switches podem funcionar em modo cutthrough, onde o
interruptor não esperar por toda a moldura para entrar no tampão, em vez disso, ele
começa a encaminhar o quadro
logo que termina de ler o endereço MAC de destino. Cut-through operação aumenta a
probabilidade de que os quadros com erros são propagados na rede, porque a frente
da armação
antes de todo o quadro é tamponado e marcada por erros. Devido a estes problemas,
a maioria
interruptores hoje realizar operação store-and-forward como pontes fazer. Switches
são exatamente os mesmos
como pontes com relação às características do domínio de colisão e domínio de
transmissão. Cada porta de uma
switch é um domínio de colisão separado. Por padrão, todas as portas em um switch
estão na mesma transmissão
domínio. Atribuição para mudanças diferentes VLANs comportamento.
QUESTION 19
SNMP is short for Simple Network Management Protocol. Which version or versions
of SNMP specify security extensions as part of the protocol definition?
A.
B.
C.
D.
SNMPv2
SNMPv4
SNMPv3
SNMPv1
Correct Answer: C
Section: C
Explanation
QUESTION 20
Which layer is in charge of fast transport in the hierarchical network model?
A.
B.
C.
D.
Network
Distribution
Access
Core
Correct Answer: D
Section: C
Explanation
Table Cisco Enterprise Architecture Model
Table Cisco Enterprise Architecture Mode
QUESTION 21
Which term accurately describes a specific measure of delay often used to describe
voice and video networks?
A.
B.
C.
D.
Jitter
Flux
Latency
Reliability
Correct Answer: A
Section: C
Explanation
QUESTION 22
What is important for the top-down design concept?
A.
B.
C.
D.
Engagement of the HR representatives during the design process
Engagement of the top executives during the design process
Engagement of the employees working on the top floors in the building during the design process
Engagement of the top executives once the design process is finalized
Correct Answer: B
Section: C
Explanation
QUESTION 23
Which method will be used to secure a network against man-in-the-middle attack?
A.
B.
C.
D.
Two-factor authentication
Management module
Encryption
Firewall
Correct Answer: C
Section: C
Explanation
QUESTION 24
Which option is not valid for using the public Internet as a backup WAN medium?
A.
B.
C.
D.
IP Security (IPSec) tunnels
Shared PVC
IP routing without constraints
Generic Routing Encapsulation (GRE) tunnels
Correct Answer: B
Section: C
Explanation
The Internet as a WAN Backup Technology
This section describes the Internet as an alternative option for a failed WAN connection. This type
of connection is considered best-effort and does not guarantee any bandwidth. Common methods
for connecting noncontiguous private networks over a public IP network include the followinG.
The following sections describe these methods.
Routing Without Constraints
When relying on the Internet to provide a backup for branch ofces, a company must fully
cooperate with the ISP and announce its networks. The backup network—the Internet—therefore
becomes aware of the company’s data, because it is sent unencrypted.
Layer 3 Tunneling with GRE and IPsec
Layer 3 tunneling uses a Layer 3 protocol to transport over another Layer 3 network. Typically,
Layer 3 tunneling is used either to connect two noncontiguous parts of a non-IP network over an
IP network or to connect two IP networks over a backbone IP network, possibly hiding the IP
addressing details of the two networks from the backbone IP network. Following are the two Layer
3 tunneling methods for connecting noncontiguous private networks over a public IP network:
GRE enables simple and exible deployment of basic IP VPNs. Deployment is easy; however,
tunnel provisioning is not very scalable in a full-mesh network because every point-to-point
association must be dened separately. The packet payload is not protected against sniffing and
unauthorized changes (no encryption is used), and no sender authentication occurs.
Using GRE tunnels as a mechanism for backup links has several drawbacks, including
administrative overhead, scaling to large numbers of tunnels, and processing overhead of the
GRE encapsulation.
Following are some features of IPsec:
Authorized Self-Study Guide Designing for Cisco Internetwork Solutions (DESGN), Second Edition
QUESTION 25
Area Border Router (ABR) is defined by which protocol?
A.
B.
C.
D.
Enhanced Interior Gateway Routing Protocol (EIGRP)
OSPF
On-Demand Routing (ODR)
IS-IS
Correct Answer: B
Section: C
Explanation
QUESTION 26
What is ASBR short for?
A.
B.
C.
D.
Area Border Router
Auxiliary System Border Router
Area System Border Router
Autonomous System Boundary Router
Correct Answer: D
Section: C
Explanation
ASBR (Autonomous System Boundary Router) - Connects the OSPF backbone to external
networks.
Routers that inject external LSAs into the OSPF database (redistribution).
Table, Major LSA Types
Type
Description
Internal Router
Any router whose interfaces all belong to the same OSPF area. These routers keep only one linkstate
database.
ABR
Routers that are connected to more than one area. These routers maintain a link-state database
for each area they belong to. These routers generate summary LSAs.
ASBR
Routers that inject external LSAs into the OSPF database (redistribution). These external routes
are learned via either other routing protocols or static routes.
Backbone router
Routers with at least one interface attached to Area 0.
Tip: An OSPF router can be an ABR, an ASBR, and a backbone router at the same time. The
router is an ABR if it has an interface on Area 0 and another interface in another area. The router
is a backbone router if it has one or more interfaces in Area 0. The router is an ASBR if it
redistributes external routes into the OSPF network.
QUESTION 27
Which advantage is of security systems that are part of the Cisco ecosystem?
A.
B.
C.
D.
There is a suite of products to choose from.
Various partners as well as supporting products increase the effectiveness of security systems.
There are no advantages.
The Cisco ecosystem ensure that partners can implement the solution.
Correct Answer: B
Section: C
Explanation
A Cisco Service Provider ecossistema foi criado para ajudar a Cisco, eo nosso
fornecedor
clientes a capitalizar sobre as grandes oportunidades de mercado criadas pelo
circuito para a transição de pacotes.
Nós temos uma forte comunidade de melhor em tecnologia e desenvolvimento de
classe parceiros de implantação
que permitem aos provedores de serviços implantar novos serviços inovadores em
suas redes novas ou existentes.
Parceiros da Cisco com integradores de sistemas, integradores de rede e
fornecedores de software independentes
(ISVs), que são líderes em Sistemas de Suporte de Operações e Sistemas de Suporte
ao Negócio para ajudar
Clientes provedores de serviços a gerenciar melhor e alavancar suas redes e
sistemas de apoio.
As vantagens dos Ecossistemas
No único fornecedor pode, eventualmente, oferecer aos prestadores de escolha e
flexibilidade que uma horizontalmente
rede estruturada de parceiros de ecossistema pode proporcionar.
Parceiros do ecossistema são escolhidos por causa de sua experiência no provedor
de serviço OSS
ambiente. Eles podem ser fornecedores de software independentes (ISVs) que
fornecem tais blocos funcionais
como faturamento ou gerenciamento de falhas, ou integradores de sistemas que
integram, projetar e implantar OSS
soluções, ou mesmo as empresas de infra-estrutura que se sentam bem no coração
da rede em termos
de provisionamento de cabeamento e eletrônicos. Todos os parceiros do
ecossistema em toda a EMEA estão sujeitos a
testes de interoperabilidade vigoroso, não apenas com a Cisco hardware e software,
mas também com
produtos complementares e aplicações fornecidas por membros outro ecossistema.
Assim que o teste
foi concluído com sucesso, um determinado produto ou aplicação é dada a Cisco
Verificado
Interoperabilidade produto Mark (VIP), que a distingue no mercado. O teste de
interoperabilidade
é também produto ou aplicação específica revisão, a fim de manter os níveis mais
elevados de
compatibilidade e é necessária antes de cada versão de lançamento do produto
parceiro recebe a Cisco
VIP Mark. Uma área-chave para a Cisco e seus parceiros de ecossistema é a
capacidade de demonstrar suficiente
pré e pós venda suporte para todos os produtos e serviços de qualificação. Todos
EMEA Ecossistema parceiros
têm de satisfazer exigências rigorosas da Cisco antes que eles podem ser
classificados como verdadeiros EMEA-gama
parceiros. A fim de manter esse nível de apoio, todos os parceiros do ecossistema
são credenciados pelo
`Teatro '- EMEA, Ásia-Pacífico, América Latina e América do Norte.
Somente se todas as exigências forem atendidas teatro pode ser qualquer parceiro
realmente classificado como Global.
Da mesma forma que a Cisco se orgulha de seu compromisso com as práticas éticas
em todas as áreas de
empresas, os parceiros dos ecossistemas são obrigados a aderir a claramente
definidas as melhores práticas no que diz respeito
a todos os compromissos com clientes.
É com confiança que os provedores de serviços podem ter certeza de que os níveis
de serviço e compromisso
de qualquer um dos parceiros da Cisco Ecossistema será fornecido com os mais
altos padrões de qualidade.
QUESTION 28
In telephony, the local loop is the physical link or circuit. Where is the local loop
located?
A.
B.
C.
D.
Between the loopback interfaces of two VoIP routers
Between phones and the central office (CO) switch
Between two PBXs
Between two PSTN switches
Correct Answer: B
Section: C
Explanation
QUESTION 29
What does ODR stand for?
A.
B.
C.
D.
Open default routing
Optical demand routing
Open dedicated routing
On-demand routing
Correct Answer: D
Section: C
Explanation
On-Demand Routing (ODR) is an enhancement to Cisco Discovery Protocol (CDP), a
protocol
used to discover other Cisco devices on either broadcast or non-broadcast media.
With the help of
CDP, it is possible to find the device type, the IP address, the Cisco IOS® version
running on the
neighbor Cisco device, the capabilities of the neighbor device, and so on. In Cisco
IOS software
release 11.2, ODR was added to CDP to advertise the connected IP prefix of a stub
router via
CDP. This feature takes an extra five bytes for each network or subnet, four bytes for
the IP
address, and one byte to advertise the subnet mask along with the IP. ODR is able to
carry
Variable Length Subnet Mask (VLSM) information
QUESTION 30
What is SLC?
A.
B.
C.
D.
Standard level contracts
Standard level configuration
Service level contracts
Service level configuration
Correct Answer: C
Section: C
Explanation
SLA Defined
A service-level agreement is a key component of a service-level contract (SLC). The
SLC
specifies connectivity and performance agreements for an end-user service from a
provider of
service. The service provider could be within the enterprise—for example the IS
organization could
be the service provider to internal departments—or an external company such as an
ISP providing
wide-area or hosted application services.
The SLC typically includes multiple SLAs. A violation of any particular SLA could create a violation
of the overall SLC. The service-level management solution needs to provide a means of managing
collections of agreements that constitute a contract with the service provider. The solution should
enable the user to monitor multiple SLCs individually, drill down into SLA details, and monitor the
percentage of SLA conformance for a given SLC.
For example, an SLC for connectivity from several branch sites to the central site may read “a
connection of 64 Kbps at a latency of no greater than 100 milliseconds averaged over one hour,
and an availability of 99.9 percent is to be provided.”
QUESTION 31
For the following options, which emerging WAN technology uses DSL coding and
digital modulation techniques with Ethernet?
A.
B.
C.
D.
Cable
SMDS
Wireless
Long-Reach Ethernet (LRE)
Correct Answer: D
Section: C
Explanation
Long Reach Ethernet (LRE) was a proprietary networking protocol developed by
Cisco Systems,
intended to support multi-megabit (5 to 15 Mbit/s) performance over telephone-grade
Category
1/2/3 wiring over distances up to 5, 000 feet (1.5 km). Supporting such great
distances, LRE is
technically classified a Metropolitan area network (MAN) technology. Technically the
protocol was
similar to VDSL.
The technology was sometimes referred to as Ethernet in the First Mile (EFM). Several
networking
vendors offered compatible networking hardware, but the technology became
obsolete.
Like standard VDSL, LRE allowed existing telephone wiring that connects an
organization's offices
to be used to network those offices together using standard Ethernet protocol
without incurring the
huge cost of deploying fiber optic cable or limiting organizations to the bandwidth
provided by
modems or xDSL devices.
Other sample applications included Ethernet access to hotel rooms or college
dormitories over
existing installed telephone wiring.
LRE was compatible with VDSL ETSI Band Plan 998.
LRE sold Cisco Catalyst model 2900 switches using Infineon PEF22822/PEB22811
VDSL QAM
(10Base-S) chipset like many other VDSL concentrators.
Cisco announced end-of-sale for the LRE products in October 2006, and its
Explanation: page
was removed from their web site in 2007. VDSL is a comparable or better solution.
QUESTION 32
You are a network technician, can you tell me how many IP addresses are available
for hosts in the subnet 198.10.100.64/27?
A.
B.
C.
D.
62
30
126
14
Correct Answer: B
Section: C
Explanation
QUESTION 33
Which two of these represent a best practice implementation of a Split MAC LWAPP
deployment in a Cisco Unified Wireless Network? (Choose two.)
A. Each wireless client authentication type maps to a unique SSID which in turn maps to a unique VLAN.
B. 802.1Q trunking extends from the wired infrastructure to the access point for translation into SSID(s).
C. 802.1Q trunking extends from the wired infrastructure to a wireless LAN controller for translation into SSID
(s).
D. Each wireless client authentication type maps to a shared SSID which in turn maps to a common shared
VLAN.
E. Each wireless client authentication type maps to a unique SSID which in turn maps to a common shared
VLAN.
F. 802.1Q trunking extends from the wired infrastructure to a wireless LAN controller. Then the 802.1Q packet
is encapsulated in LWAPP and sent to the access point for transmission over the SSID(s).
Correct Answer: AC
Section: C
Explanation
QUESTION 34
Which H.323 protocol controls call setup between endpoints?
A.
B.
C.
D.
RTCP
H.245
H.225
RAS
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
Which Cisco security solution offers protection against "day zero" attacks?
A.
B.
C.
D.
E.
Cisco IOS IPS
Cisco IOS Firewall
Cisco Traffic Anomaly Detector
Cisco Adaptive Security Appliance
Cisco Security Agent
Correct Answer: E
Section: C
Explanation
QUESTION 36
An organization needs a WAN Transport technology that meets these criteria:
has a low initial cost
provides low-to-medium BW
has medium-to-high latency and jitter
Which technology would you suggest?
A.
B.
C.
D.
E.
ISDN
X 25
analog modem
DSL
wireless
Correct Answer: D
Section: C
Explanation
WAN Comparison
QUESTION 37
What is the benefit of deploying a gatekeeper in an H.323 IP telephony network?
A.
B.
C.
D.
provides spatial redundancy through the use of HSRP
provides load balancing via GUP when alternate gatekeepers are deployed
reduces configuration complexity by centralizing the dial plan
increases redundancy by allowing each gateway to maintain a copy of the dial plan
Correct Answer: C
Section: C
Explanation
H.323
H.323 is a standard published by the ITU that works as a framework document for multimedia
protocols, including voice, video, and data conferencing, for use over packet-switched networks.
H.323 standards describe terminal (endpoints), gateway, gatekeeper, and multipoint control unit
(MCU) devices to be used in a multimedia network. As shown in Figure 14-20, H.323 includes the
following elements:
Figure 14-20. H.323 Components
Note. With a gatekeeper, each gateway contains a simpler dial plan and connects only to the
gatekeeper.
QUESTION 38
Which two of the following statements represent a preferred wireless LWAPP
implementation? (Choose two.)
A. verify open ports for:
Layer 2 LWAPP on ethertype OxBBBB
Layer 3 LWAPP on UDP 12222 and UDP 12223
B. use of Layer 3 LWAPP is preferred over Layer 2 LWAPP
C. use of Layer 2 LWAPP is preferred over Layer 3 LWAPP
"First Test, First Pass" - www.lead2pass.com 38
Cisco 640-864 Exam
D. verify open ports for:
Layer 2 LWAPP on ethertype OxABAB
Layer 3 LWAPP on TCP 12222 and TCP 12223
E. verify open ports for:
Layer 2 LWAPP on ethertype OxABAB
Layer 3 LWAPP on TCP 12222 and TCP 12223
Correct Answer: AB
Section: C
Explanation
LWAPP
Leve Access Point Protocol (LWAPP) é um projecto Internet Engineering Task Force
(IETF)
padrão para controle de mensagens para configuração, autenticação e operações
entre APs e WLAN
controladores (WLC).
Na RFC LWAPP projecto, mensagens LWAPP controle pode ser transportado na
camada 2 túneis ou
Camada 3 túneis. Camada 2 LWAPP túneis foram o primeiro método desenvolvido em
que os APs não
requerem um endereço IP. A desvantagem de Camada 2 LWAPP era que o WLC
necessários para estar em
cada sub-rede na qual o AP reside. Camada 2 LWAPP é uma solução obsoleta para a
Cisco. camada 3
LWAPP é a solução preferida. Na configuração, Camada 2 ou Camada 3 modos de
transporte pode ser
seleccionado. Quando definido Layer 3, o LWAPP usa endereços IP para se
comunicar com o acesso
pontos; estes endereços IP são coletados a partir de um servidor DHCP obrigatório.
Quando definido para a camada 2, o
LWAPP utiliza código proprietário para se comunicar com os pontos de acesso.
nota
Camada 2 LWAPP túneis usar EtherType código 0xBBBB. Camada 3 LWAPP utiliza as
portas UDP 12222
e
12223.
Exam D
QUESTION 1
Which three are security services offered through Cisco Router Security? (Choose
three.)
A.
B.
C.
D.
E.
F.
G.
Trust and Identity
Integrated Threat Control
Unified Wireless Network Security Solution
Secure Connectivity
Voice-Messaging Security
Endpoint Security
Virtual Security Gateway
Correct Answer: ABD
Section: D
Explanation
Threat Defense
■ Enabling integrated security in routers, switches, and appliances: Security
techniques enabled throughout the network, not just in point products or locations
Secure Connectivity
VPN Description VPN Name
Use AH and ESP to secure data; requires endpoints have IPsec software Standard IPsec
Secure encrypted point-to-point GRE tunnels; on-demand spoke-tospoke
connectivity
Cisco DMVPN
Enables routing and multicast traffic across an IPsec VPN; non-IP protocol
and QoS support
Cisco GRE-based
VPN
Encryption integration on IP and MPLS WANs; simplifies encryption
management using group keying; any-to-any connectivity Cisco GET VPN
Simplifies hub-and-spoke VPNs; need to reduce VPN management Cisco Easy VPN
Trust
Trust is the relationship between two or more network entities that are permitted to communicate.
Security policy decisions are largely based on this premise of trust. If you are
trusted, you are allowed to communicate as needed. However, sometimes security controls
need to apply restraint to trust relationships by limiting or preventing access to the
designated privilege level. Trust relationships can be explicit or implied by the organization.
Some trust relationships can be inherited or passed down from one system to another.
However, keep in mind that these trust relationships can also be abused.
Identity
Identity is the “who” of a trust relationship. These can be users, devices, organizations, or
all of the above. Network entities are validated by credentials. Authentication of the identity
is based on the following attributes:
■ Something the subject knows: Knowledge of a secret, password, PIN, or private key
■ Something the subject has: Possession of an item such as a token card, smartcard,
or hardware key
■ Something the subject is: Human characteristics, such as a fingerprint, retina scan,
or voice recognition
Generally, identity credentials are checked and authorized by requiring passwords, pins,
tokens, or certificates.
QUESTION 2
Which is the purpose of the Cisco NAC Profiler?
A.
B.
C.
D.
automates discovery and inventory of all LAN attached devices
generates a profile based on username and group
learns and creates a database of virus definitions based on LAN traffic
a database used to map user VPN accounts
Correct Answer: A
Section: D
Explanation
■ Cisco NAC Profiler: Enables network administrators to keep a real-time, contextual
inventory of all devices in a network. It greatly facilitates the deployment and management
of Cisco Network Admission Control (NAC) systems by discovering and
tracking the location and type of all LAN-attached endpoints, including those that
are not capable of authenticating. It also uses the information about the device to
determine the correct policies for NAC to apply.
QUESTION 3
In the enterprise data center, which are the three main components? (Choose three.)
A.
B.
C.
D.
E.
F.
Network Infrastructure
Interactive services
Data Center Management
Internet services
WAN services
VPN and remote access
Correct Answer: ABC
Section: D
Explanation
■ Network infrastructure: Gigabit and 10 Gigabit Ethernet, InfiniBand, optical transport
and storage switching
■ Interactive services: Computer infrastructure services, storage services, security,
application optimization
■ DC management: Cisco Fabric Manager and Cisco VFrame for server and service
management
QUESTION 4
You have a campus network that consists of only Cisco devices. You have been
tasked to
discover the device platforms, the IOS versions, and an IP address of each device to
map the
network. Which proprietary protocol will assist you with this task?
A.
B.
C.
D.
E.
SNMP
TCP
CDP
ICMP
LLDP
Correct Answer: C
Section: D
Explanation
QUESTION 5
Which three modular components are part of the Cisco Enterprise Edge Architecture?
(Choose
three.)
A.
B.
C.
D.
E.
F.
G.
e-commerce module
Internet connectivity module
server farm module
remote access and VPN module
PSTN services module
enterprise branch module
building distribution module
Correct Answer: ABD
Section: D
Explanation
QUESTION 6
Which three solutions are part of the Borderless Network Services? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Wireless
Routing
TrustSec
MediaNet
Switching
EnergyWise
Next-Gen WAN
Correct Answer: CDF
Section: D
Explanation
QUESTION 7
Which model of ISR is utilized for the teleworker design profile?
A.
B.
C.
D.
Cisco 1900 Series
Cisco 1800 Series
Cisco 800 Series
Cisco 500 Series
Correct Answer: C
Section: D
Explanation
A solução Cisco Virtual Office para o Teleworker Enterprise é implementado usando
a
Cisco 800 ISRs série. Cada ISR integrou portas de switch que então se conectam ao
usuário do
conexão de banda larga. A solução usa uma permanente sempre-em túnel IPSec VPN
de volta
à rede corporativa. Esta arquitetura prevê centralizado de gestão de segurança de TI,
corporativo empurrou políticas de segurança, e serviços de identidade integrados.
Além disso,
esta solução suporta as necessidades empresariais através de teletrabalho
aplicações avançadas tais
como voz e vídeo. Por exemplo, o teletrabalhador empresa pode tirar proveito de
desvio de pedágio,
correio de voz e telefone IP avançado não disponíveis no PSTN.
QUESTION 8
Which two can be used as a branch office WAN solution? (Choose two.)
A.
B.
C.
D.
E.
F.
frame relay
MPLS
Metro Ethernet
GPRS
dial-up modem
3G USB modems
Correct Answer: BC
Section: D
Explanation
frame relay is old 'shared' technology
today's sites use some flavor or Metro E or MPLS/VPN
QUESTION 9
Which three options are valid Cisco STP tools used to ensure best-practice access
layer design
for the enterprise campus? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Portfast
UDLD
Root Guard
BPDU Guard
Flex Links
SPAN
EtherChannel
Correct Answer: ACD
Section: D
Explanation
Access layer Limit VLANs to a single closet when possible to provide the most
deterministic and highly available topology.
Use RPVST+ if STP is required. It provides the best convergence.
Set trunks to ON and ON with no-negotiate
Manually prune unused VLANs to avoid broadcast propagation.
Use VTP Transparent mode, because there is little need for a common
VLAN database in hierarchical networks.
Disable trunking on host ports, because it is not necessary. Doing
so provides more security and speeds up PortFast.
Consider implementing routing in the access layer to provide fast
convergence and Layer 3 load balancing.
Use Cisco STP Toolkit, which provides PortFast, Loop Guard, Root
Guard, and BPDU Guard.
QUESTION 10
When designing a WAN backup for voice and video applications, what three types of
connections
should be used? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Private WAN
internet
ISDN
MPLS
dial-up
ATM
DSL
Correct Answer: ACD
Section: D
Explanation
Critical thing here is voice/video backup for which we need at least 768 KB/s (CCDP)
QUESTION 11
When designing using the Cisco Enterprise Architecture, in which Enterprise Campus
layer does the Enterprise Teleworker module establish its connection?
A.
B.
C.
D.
E.
Building Core
Building Access
Enterprise Branch
Enterprise Data Center
WAN/Internet
Correct Answer: E
Section: D
Explanation
Enterprise Teleworker Module
The enterprise teleworker module consists of a small office or a mobile user who needs to access
services of the enterprise campus. As shown in Figure 2-14, mobile users connect from their
homes, hotels, or other locations using dialup or Internet access lines. VPN clients are used to
allow mobile users to securely access enterprise applications. The Cisco Virtual Office solution
provides a solution for teleworkers that is centrally managed using small integrated service routers
(ISR) in the VPN solution. IP phone capabilities are also provided in the Cisco Virtual Office
solution, providing corporate voice services for mobile users.
Figure 2-14. Enterprise Teleworker Solution
Internet Connectivity Module
The Internet submodule of the enterprise edge provides services such as public servers, email,
and DNS. Connectivity to one or several Internet service providers (ISP) is also provided.
Components of this submodule include
QUESTION 12
Which two wireless attributes should be considered during a wireless site survey
procedure? (Choose two.)
A.
B.
C.
D.
E.
encryption
channel
authentication
power
SSID
Correct Answer: BD
Section: D
Explanation
RF Site Survey
Semelhante a uma avaliação para um projeto de rede com fio, pesquisas no local de
RF são feitos para
determinar parâmetros de projeto para WLANs e requisitos do cliente. Pesquisas no
local RF ajudar
determinar as áreas de cobertura e verificar se há interferência RF. Isso ajuda a
determinar o apropriado
colocação de APs sem fio.
O site survey RF tem os seguintes passos:
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capítulo
QUESTION 13
The BodMech online fitness organization specializes in creating fitness plans for
senior citizens. The company recently added a health-products retail inventory.
Which E-Commerce module device will allow customers to interact with the company
and purchase products?
A.
B.
C.
D.
E.
F.
application server
database server
public server
web server
NIDS appliance
SMTP mail server
Correct Answer: D
Section: D
Explanation
Web server can refer to either the hardware (the computer) or the software (the computer
application) that helps to deliver content that can be accessed through the Internet.
The most common use of Web servers is to host Web sites but there are other uses like data
storage or for running enterprise applications.
The primary function of a web server is to deliver web pages on the request to clients. This means
delivery of HTML documents and any additional content that may be included by a document,
such as images, style sheets and scripts.
A client, commonly a web browser or web crawler, initiates communication by making a request
for a specific resource using HTTP and the server responds with the content of that resource or an
error message if unable to do so. The resource is typically a real file on the server's secondary
memory, but this is not necessarily the case and depends on how the web server is implemented.
While the primary function is to serve content, a full implementation of HTTP also includes ways of
receiving content from clients. This feature is used for submitting web forms, including uploading
of files.
Many generic web servers also support server-side scripting, e.g., Apache HTTP Server and PHP.
This means that the behavior of the web server can be scripted in separate files, while the actual
server software remains unchanged. Usually, this function is used to create HTML documents "onthefly" as opposed to returning fixed documents. This is referred to as dynamic and static content
respectively. The former is primarily used for retrieving and/or modifying information from
databases. The latter is, however, typically much faster and more easily cached.
Web servers are not always used for serving the world wide web. They can also be found
embedded in devices such as printers, routers, webcams and serving only a local network. The
web server may then be used as a part of a system for monitoring and/or administrating the device
in question. This usually means that no additional software has to be installed on the client
computer, since only a web browser is required (which now is included with most operating
systems).
QUESTION 14
Which H.323 protocol monitors calls for factors such as packet counts, packet loss,
and arrival jitter?
A.
B.
C.
D.
H.225
H.245
RAS
RTCP
Correct Answer: D
Section: D
Explanation
QUESTION 15
Which two design methodology steps relate, at least in part, to the implement phase
of the PPDIOO process? (Choose two.)
A.
B.
C.
D.
E.
verifying the network
testing design
determining customer requirements
characterizing the existing network
establishing the organizational requirements
Correct Answer: AB
Section: D
Explanation
A fase Implement refere-se a aplicar novos dispositivos, incluindo a verificação e
ensaio de modo que A e B
são as opções mais adequadas.
"Determinar as necessidades dos clientes", ocorre na fase de preparação, que
identifica os requisitos
e constrói uma arquitetura conceitual.
"Caracterização da rede existente" pertence à fase Plano; esta etapa é realizada para
determinar a infra-estrutura necessária para atender às exigências.
No "estabelecendo os requisitos organizacionais" passo, a topologia de rede é
projetada para
satisfazer os requisitos e fechar as lacunas de rede identificados nas etapas
anteriores. Este passo é
relacionada com a fase do processo de Plano PPDIOO.
Fase de Projeto
O projeto de rede é desenvolvido com base nos requisitos técnicos e de negócios
obtidos
das fases anteriores. A especificação do projeto de rede é uma detalhada abrangente
projeto que atenda de negócios atual e requisitos técnicos. Ele oferece alta
disponibilidade, confiabilidade, segurança, escalabilidade e desempenho. O projeto
inclui a rede
diagramas e uma lista de equipamentos. O plano do projeto é atualizado com mais
informações granular
para a implementação. Após a fase de projeto é aprovado, a fase Implement começa.
implementar Fase
Novo equipamento está instalado e configurado, de acordo com as especificações do
projeto, no implemento
fase. Novos dispositivos substituir ou aumentar a infra-estrutura existente. o projeto
plano é seguido durante esta fase. Alterações na rede planejadas deverão ser
comunicadas
mudar reuniões de controle, com as aprovações necessárias para prosseguir. Cada
passo na implementação
deve incluir uma descrição, diretrizes de implementação detalhados, tempo estimado
de implementar, medidas de reversão no caso de uma falha, e qualquer informação
de referência adicional.
Como as mudanças são implementadas, elas também são testados antes de passar
para a fase de operar.
QUESTION 16
Which of the following is a modular component within the Cisco Enterprise Campus
module in the Cisco Enterprise Architecture framework?
A.
B.
C.
D.
E.
Teleworker
E-Commerce
WAN/MAN Site-to-Site VPN
Correct Answer: D
Section: D
Explanation
QUESTION 17
An internal network has servers with private IPv4 addresses that must be visible from
the public network. Which kind of address translation should be used to ensure this?
A.
B.
C.
D.
many-to-one translation (PAT)
many-to-one translation (Dynamic NAT
one-to-one translation (Static NAT)
one-to-one translation (NAT Traversal)
Correct Answer: C
Section: D
Explanation
QUESTION 18
Which three of these are components of the North American Numbering Plan?
(Choose three.)
A.
B.
C.
D.
E.
F.
Numbering Plan Area
country code
prefix
zone
line number
trunk channel
Correct Answer: ACE
Section: D
Explanation
NANP tem o formato de endereço de NXX-NXX-XXXX, onde N é qualquer número de 2 a 9 e X é
qualquer número de 0 a 9. Rst os três dígitos identificar a área de plano de numeração e são comumente
chamado de código de área. O endereço é dividido em código de escritório (também conhecido como prefixo)
e
número da linha. O prefixo é de três dígitos, e o número da linha é de quatro dígitos. Identifica o número da
linha
o telefone.
QUESTION 19
Data link switching is typically used in which Enterprise Campus Module layer?
A.
B.
C.
D.
E.
Server Farm
Campus Core
Building Access
Correct Answer: C
Section: D
Explanation
QUESTION 20
What does the Cisco security architecture called SAFE stand for?
A.
B.
C.
D.
Security Architecture for Enterprise
Standard Assessment for Enterprise
Security Analysis for Enterprise
Standard Architecture for Enterprise
Correct Answer: A
Section: D
Explanation
Cisco SAFE Architecture
Cisco Security Architecture for the Enterprise (SAFE) is a security reference architecture that
provides detailed design and implementation guidelines to assist in the development of secure and
reliable networks. Part of the SAFE architecture discusses the building blocks of secure networks
that are resilient to well-known and new forms of attack. Because enterprise networks are key
enablers of business, networks must be designed with integrated security in mind to ensure
confidentiality, integrity, and availability of network resources, especially those networks that
support critical business activity.
One key principle of Cisco SAFE architecture relates to the need for deep security and protection
from both the inside and outside of the organization, along with providing guidelines for analyzing
security requirements. The Cisco SAFE approach allows for the analysis of expected threats and
supports the design of the network security strategy. In addition, the modular nature of Cisco
SAFE allows for the security system to be expanded and scaled as the business grows.
Here are the goals of Cisco SAFE:
Here are the benefits of Cisco SAFE:
QUESTION 21
How many more bits does IPv6 use for addresses than IPv4?
A.
B.
C.
D.
32
64
96
126
Correct Answer: C
Section: D
Explanation
QUESTION 22
A common response to an attack by this device can be either to send an alert or to
take corrective action. What is this device?
A.
B.
C.
D.
Vulnerability assessment
Firewall
Intrusion-detection system (IDS)
Router
Correct Answer: C
Section: D
Explanation
Intrusion Detection Resumo Visão geral do sistema
IDS baseado em rede baseia-se na utilização de sensores estrategicamente
colocados ao longo da rede a
rede. Estas sondas monitorar e analisar todo o tráfego de rede atravessando a rede
local.
O tráfego na rede é comparada com um banco de dados de assinatura ou um perfil
definido para detectar a actividade invasiva.
Se o tráfego monitorizado corresponde a um perfil ou assinatura, é gerado um
alarme. Adicionalmente, os sensores
pode ser configurado para executar ações corretivas para parar um ataque uma vez
que foi detectado. O
vantagem de um IDS baseados em rede é a sua visão macro da rede. Um IDS
baseados em rede tem a
vantagem de visualizar toda a rede e, portanto, não se limita a visualizar apenas o
tráfego para uma
único hospedeiro. A desvantagem de um IDS baseados em rede é o seu custo. Um
IDS baseado em rede se baseia em
hardware adicional na forma de sondas de rede. Inconvenientes adicionais para IDS
baseado em rede são
o seguinte:
Embora diferentes tipos de sistemas de IDS existem, cada tipo tem de suportar, pelo
menos, uma activação
mecanismo. Mecanismos desencadeantes são simplesmente como um alarme é
gerado. Existem dois tipos de
mecanismos desencadeantes:
Anomalia sistemas baseados em usar perfis criados pelo IDS ou o administrador de
segurança. Estes
perfis são então utilizados para detectar um ataque e gerar um alarme. Padrões de
tráfego ou computador
atividade que não corresponde a um perfil definido gera um alerta. A vantagem de
anomalia
detecção é que tem a capacidade de detectar ataques anteriormente desconhecidos
ou novos tipos de ataques. O
desvantagem para detecção de anomalias é um alarme é gerado qualquer tempo ou
tráfego desvia atividade de
os definidos "normais" os padrões de tráfego ou atividade. Isto significa que é até o
administrador de segurança
descobrir por que um alarme foi gerado. Anomalia sistemas baseados têm uma maior
taxa de falso
positivos porque os alarmes são gerados a qualquer momento um desvio do normal
ocorre. Definindo normais
tráfego e da actividade pode ser uma tarefa difícil e demorada.
http://www.ciscoarticles.com/CCSP-Cisco-Certified-Security-Professional/IntrusionDetection-Apresentação do sistema summary.htmlQUESTION 23
What Cisco router configuration component does an implementer use to create a
floating static route?
A.
B.
C.
D.
Primary interface
Administrative distance
Loopback
Description
Correct Answer: B
Section: D
Explanation
Muitas vezes, links de backup usam uma tecnologia diferente. Por exemplo, uma
linha dedicada pode ser em paralelo com um
linha discada circuito de backup ou ISDN. No entanto, é mais comum o uso de linhas
DSL como backup em redes de hoje. Usando rotas estáticas flutuantes, você pode
especificar que a rota de backup têm uma
maior distância administrativa (usado pelos roteadores Cisco para selecionar
informações de roteamento), de modo que não é
normalmente utilizado se a principal via vai para baixo. Este projeto é menos
disponível do que o parcial
malha apresentada anteriormente. Normalmente, as ligações on-demand de backup
reduzir as tarifas de WAN.
QUESTION 24
NAT-PT is an IPv6-IPv4 translation mechanism. What is NAT-PT?
A. Network address translation - translates RFC 1918 addresses to public IPv4 addresses
B. Network address translation-protocol translation; translates between IPv4 and IPv6 addresses
C. Next address translation? Next port translation
D. Network addressable transparent- translates network addresses to ports
Correct Answer: B
Section: D
Explanation
RFC 2766 describes NAT-PT, which provides translation between IPv6 and IPv4 hosts. NAT-PT
operates similarly to the NAT mechanisms to translate IPv4 private addresses to public address
space. NAT-PT binds addresses in the IPv6 network to addresses in the IPv4 network and vice
versa. Figure 9-12 shows a network using NAT-PT. RFC 4699 is a recent Informational RFC that
recommends that NAT-PT be placed into historical status and recommends against its use
(although the protocol is still supported in IOS).
Figure 9-12. Network Address Translation-Protocol Translation
Cisco also introduces the Cisco 6PE for Multiprotocol Label Switching (MPLS) service providers.
Cisco 6PE allows IPv6 islands to communicate over an MPLS/IPv4 core network using MPLS
label-switched paths (LSP). The Cisco 6PE routers are dual stack. The method relies on BGP
extensions in the IPv4 6PE routers to exchange IPv6 reachability information, along with an MPLS
label for each IPv6 address prefix announced.
QUESTION 25
When building Global network businesses , which three principles should be used?
A.
B.
C.
D.
Customer focus, continuous standardization, and core versus context
Customer focus, centralization, and core versus context
Customer focus, decentralization, and core versus edge
Customer focus, decentralization, and core versus context
Correct Answer: A
Section: D
Explanation
From JollyFrog P4S
Core versus Context:
My analysis in a nutshell is that core activities are those that increase the sustainable competitive
advantage of a company. Core activities create value for customers in a way that is hard for
competitors to replicate, and by doing so increase the market power of the company. Investors notice
this, and reward the company with a higher stock price.
Of course in today's market, core doesn't stay core for very long as competitors copy successful
companies. At one point a web site to distribute marketing information was a core activity. Now it is a
context activity, something that is required by the market that does not differentiate. Political factors
also drive context to encroach on core. Everyone wants to feel important, meaning to feel like core,
even though their activities might more reasonably be considered context. In most organizations,
context activities compete for resources with core, and when they win, the company loses.
My recommendation is that companies never lose site of the distinction between core and context as
they do business. Invest as much as possible in core activities. Seek to reduce costs and outsource
context activities. If you have to cut spending in downturn, don't do it across the board, cutting core
and context by equal measures. Instead, seek to actually increase your investment in core while
making even more drastic cuts in context to achieve the total cost-reduction goal.
Reference: http://rolandtanglao.com/archives/2004/04/06/
core_versus_context_core_creates_value_that_competitors_cant_replicate
PodCast about Core versus Context by Geoffrey Moore (recommended viewing) : http://
ecorner.stanford.edu/authorMaterialInfo.html?mid=1327
QUESTION 26
Examine the following protocols, which two are used for IP Security?
A.
B.
C.
D.
Generic Routing Encapsulation (GRE) and Internetwork Packet Exchange (IPX)(EIGRP)
Border Gateway Protocol (BGP) and Enhanced Interior Gateway Routing Protocol
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Virtual Private Dial-Up Network (VPDN) and GRE
Correct Answer: C
Section: D
Explanation
QUESTION 27
Which WAN scenario might be appropriate for queuing solutions?
A. A newly implemented WAN connection has yet to demonstrate sufficient WAN statistics for congestionlevel tracking.
B. A WAN connection features consistent congestion problems, and data transfers often suffer.
C. A WAN connection is rarely congested, and data transfers never suffer.
D. A WAN connection features occasional periods of congestion, and data transfers have occasionally
suffered as a result.
Correct Answer: D
Section: D
Explanation
QUESTION 28
Which standard language will be used by SNMP to define the device information to be
stored?
A.
B.
C.
D.
SNMPv4
ASN.1
MIBs
Agents
Correct Answer: B
Section: D
Explanation
QUESTION 29
A customer has the following Enterprise Campus design requirements:
at least 10 Gbps of bandwidth
network runs of up to 40km
no concern for transmission medium cost
Which transmission medium should you recommend to this customer?
A.
B.
C.
D.
E.
unshielded twisted pair
shielded twisted pair
single-mode fiber
wireless
multimode
Correct Answer: C
Section: D
Explanation
Below is the comparison of transmission media
(Reference from CCDA Official Exam Certification Guide. Some other books have
different figures
but we should answer it according to the “Official” book)
QUESTION 30
Which statement accurately describes one difference between a small office and
medium office topology?
A.
B.
C.
D.
Medium offices commonly use integrated route and switching platforms.
Medium offices use integrated 10/100/1000 interfaces as Layer 2 trunks.
Medium offices use external access switches to support LAN connectivity.
Small offices commonly use Rapid PVST+ for Layer 3 deployments.
Correct Answer: C
Section: D
Explanation
QUESTION 31
Which three types of WAN topologies can be deployed in the Cisco Enterprise
Architecture Enterprise Edge WAN module? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
ring
full mesh
partial mesh
collapsed core
star
core
edge
Correct Answer: BCE
Section: D
Explanation
Packet and cell switcheD. Connections that use virtual circuits (PVC/SVC) established by the
SP. Packet-switched technologies include Frame Relay and cell-switched technologies such as
ATM. ATM uses cells and provides support for multiple quality of service (QoS) classes. The
virtual circuits are part of the shared ATM/Frame Relay SP backbone network. This gives the SP
greater flexibility with its service offerings.
When planning and designing a packet-switched WAN, you should become familiar with some
basic WAN topologies. These WAN topologies include hub-and-spoke, partial-mesh, and full-mesh
topologies, as shown in Figure 7-1.
Figure. WAN Topologies
QUESTION 32
A Cisco security mechanism has the following attributes:
it is a sensor appliance
it searches for potential attacks by capturing and analyzing traffic it is a "purposebuilt device"
it is installed passively
it introduces no delay or overhead
Which Cisco security mechanism is this?
A.
B.
C.
D.
E.
NIDS
PIX
IKE
HIPS
HMAC
Correct Answer: A
Section: D
Explanation
Explanation:
Inline IPS and anomaly detection: Cisco has innovated in the area of NIDS by being
the first to
incorporate NIDS into the IOS on routing and switching platforms. In addition, IPS
solutions have
inline filtering features that can remove unwanted traffic with programmable features
that classify
traffic patterns. The Cisco IPS 4200 sensor appliances, Cisco Catalyst 6500 IDSM-2,
and the
Cisco IOS IPS can identify, analyze, and stop unwanted traffic from flowing on the
network.
Another set of tools used to prevent distributed DoS (DDoS) attacks and ensure
business
continuity is the Cisco Traffic Anomaly Detector XT and Guard XT appliances, along
with the
Cisco Catalyst 6500 Traffic Anomaly Detector Module and Cisco Anomaly Guard
Module.
QUESTION 33
Which Cisco security solution can quarantine and prevent non-compliant end
stations from accessing the network until they achieve security policy compliance?
A.
B.
C.
D.
E.
F.
Cisco Security Monitoring, Analysis, and Response System
Adaptive Security Appliance
Network Intrusion Prevention System
Network Admission Control
Cisco Secure Connectivity
Access Control Server
Correct Answer: D
Section: D
Explanation
QUESTION 34
Lightweight access points are being deployed in remote locations where others are
already operational. The new access points are in a separate IP subnet from the
wireless controller. OTAP has not been enabled at any locations. Which two methods
can the AP use to locate a wireless controller? (Choose two.)
A.
B.
C.
D.
E.
F.
NV-RAM IP address
master
primary, secondary, tertiary
DHCP
local subnet broadcast
DNS
Correct Answer: DF
Section: D
Explanation
QUESTION 35
Which of the following Cisco router services performs network traffic analysis to
assist in documenting a customer's existing network?
A.
B.
C.
D.
NetMon
MRTG
SNMP MIB compiler
NetFlow
Correct Answer: D
Section: D
Explanation
Exam E
QUESTION 1
Drag the characteristics of the traditional campus network on the left to the most appropriate
hierarchical network layer on the right. Q22
Select and Place:
Correct Answer:
Section: E
Explanation
Access
Distribution
Core
Large-Building LANs
Large-building LANs are segmented by floors or departments. The building-access component
serves one or more departments or floors. The building-distribution component serves one or
more building-access components. Campus and building backbone devices connect the data
center, building-distribution components, and the enterprise edge-distribution component. The
access layer typically uses Layer 2 switches to contain costs, with more expensive Layer 3
switches in the distribution layer to provide policy enforcement. Current best practice is to also
deploy multilayer switches in the campus and building backbone.
Cisco Enterprise Architecture Model
Core
Distribution
Access
QUESTION 2
Q26
Select and Place:
Correct Answer:
Section: E
Explanation
Leased
SHARED
QUESTION 3
Q28
Select and Place:
Correct Answer:
Section: E
Explanation
Explanation:
1 Weight Load
2 Security
3 Cabling
4 Space
5 Cooling
6 Power
please refer to the link below.
Link:
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns107/c649/ccmigration_09186a0080733
77d.pdf
QUESTION 4
q35
Select and Place:
Correct Answer:
Section: E
Explanation
Changed this one to Jolly Frogs suggestion from Actual Tests:
Access:
Protect against inadvertent loops
Protect network services including DHCP, ARP, and IP spoofing protection
Distribution:
Protect the endpoints using network-based intrusion prevention
Protect the infrastructure using NFP best practices
Core:
Filter and rate-limit control plane traffic
Does not perform security functions to mitigate transit threats
Explanation:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap5.html#wp1090913
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap3.html
1 Access
2 Distribution
3 Access
4 Core
5 Access
6 Distribution
Please refer to link.
Link: http://www.ciscopress.com/articles/article.asp?p=1073230&seqNum=2
QUESTION 5
q36
Select and Place:
Correct Answer:
Section: E
Explanation
Network Virtualization
* VPC
* VLAN
* VRF
Device Virtualization
*ASA firewall context
*IPS
*VDC
Network virtualization encompasses logical isolated network segments that share the same
physical infrastructure. Each segment operates independently and is logically separate from the
other segments. Each network segment appears with its own privacy, security, independent set of
policies, QoS levels, and independent routing paths.
Here are some examples of network virtualization technologies:
Device virtualization allows for a single physical device to act like multiple copies of itself. Device
virtualization enables many logical devices to run independently of each other on the same
physical piece of hardware. The software creates virtual hardware that can function just like the
physical network device. Another form of device virtualization entails using multiple physical
devices to act as one logical unit.
Here are some examples of device virtualization technologies:
QUESTION 6
q77
Select and Place:
Correct Answer:
Section: E
Explanation
+ classification and markinG. ACLs
+ congestion avoidancE. WRED
+ traffic conditioners: CAR
+ congestion management: LLQ
+ link efficiency: LFI
Classication is the process of partitioning trafc into multiple priority levels or classes of service.
Information in the frame or packet header is inspected, and the frame’s priority is
determined.Marking is the process of changing the priority or class of service (CoS) setting within
a frame or packet to indicate its classication. Classication is usually performed with access control
lists (ACL), QoS class maps, or route maps, using various match criteria.
Congestion-avoidance techniques monitor network trafc loads so that congestion can be
anticipated and avoided before it becomes problematic. Congestion-avoidance techniques allow
packets from streams identied as being eligible for early discard (those with lower priority) to be
dropped when the queue is getting full. Congestion avoidance techniques provide preferential
treatment for high priority trafc under congestion situations while maximizing network throughput
and capacity utilization and minimizing packet loss and delay.
Weighted random early detection (WRED) is the Cisco implementation of the random early
detection (RED) mechanism. WRED extends RED by using the IP Precedence bits in the IP
packet header to determine which trafc should be dropped; the drop-selection process is weighted
by the IP precedence.
Traffic conditioner consists of policing and shaping. Policing either discards the packet or modies
some aspect of it, such as its IP Precedence or CoS bits, when the policing agent determines that
the packet meets a given criterion. In comparison, trafc shaping attempts to adjust the
transmission rate of packets that match a certain criterion. Shaper typically delays excess trafc by
using a buffer or queuing mechanism to hold packets and shape the ow when the source’s data
rate is higher than expected. For example, generic trafc shaping uses a weighted fair queue to
delay packets to shape the bw. Traffic conditioner is also referred to as Committed Access Rate
(CAR).
Congestion management includes two separate processes: queuing, which separates trafc into
various queues or buffers, and scheduling, which decides from which queue trafc is to be sent
next. There are two types of queues: the hardware queue (also called the transmit queue or TxQ)
and software queues. Software queues schedule packets into the hardware queue based on the
QoS requirements and include the following types: weighted fair queuing (WFQ), priority queuing
(PQ), custom queuing (CQ), class-based WFQ (CBWFQ), and low latency queuing (LLQ).
LLQ is also known as Priority Queuing–Class-Based Weighted Fair Queuing (PQ-CBWFQ). LLQ
provides a single priority but it’s preferred for VoIP networks because it can also congure
guaranteed bandwidth for different classes of trafc queue. For example, all voice call trafc would
be assigned to the priority queue, VoIP signaling and video would be assigned to a trafc class,
FTP trafc would be assigned to a low-priority trafc class, and all other trafc would
be assigned to a regular class.
Link efciency techniques, including link fragmentation and interleaving (LFI) and compression. LFI
prevents small voice packets from being queued behind large data packets, which could lead to
unacceptable delays on low-speed links. With LFI, the voice gateway fragments large packets into
smaller equal-sized frames and interleaves them with small voice packets so that a voice packet
does not have to wait until the entire large data packet is sent. LFI reduces and ensures a more
predictable voice delay.
(ReferencE. Cisco Press Designing for Cisco Internetwork Solutions)
QUESTION 7
q115
Select and Place:
Correct Answer:
Section: E
Explanation
+ protects the endpoints (desktops, laptops and servers): Cisco Security Agent
+ provides multiple functions as a high performance security appliancE. ASA
+ prevents DDoS attacks: Anomaly Guard and Detector
+ provides Web-Based VPN services: SSL Service Module
+ prevents attacks inlinE. IPS Appliance
QUESTION 8
q132
Select and Place:
Correct Answer:
Section: E
Explanation
+ limits the number of frames transmitted before an acknowledgement is receiveD.
window size+ reduces data size to save transmission time, optimizing the use of WAN bandwidtH.
data compression+ allows network administrators to manage the varying demands generated by
applications: queuing+ discards packets or modifies some aspect of them (such as IP
precedence): traffic policing
QUESTION 9
Select and Place:
Correct Answer:
Section: E
Explanation
From Secur Tut CCDA 2.1 experience.
Also
■ Unified computing
■ Cisco Unified Computing System (UCS) is an innovative next-generation data center
platform that converges computing, network, storage, and virtualization
together into one system.
■ Integrates lossless 10GE unified network fabric with x86 architecture-based
servers.
■ Allows for Cisco Virtual Interface Card to virtualize your network interfaces on
your server.
■ Offers Cisco VN-Link virtualization.
■ Supports Extended Memory Technology patented by Cisco.
■ Increases productivity with just-in-time provisioning using service profiles.
In addition, the newer Data Center 3.0 architecture increases the overall return
on investment (ROI) and lowers the total cost of ownership (TCO).
■ Virtualization
■ Virtual local-area network (VLAN), virtual storage-area network (VSAN), and virtual
device contexts (VDC) help to segment the LAN, SAN, and network devices
instances.
■ Cisco Nexus 1000V virtual switch for VMware ESX and ESXi help to deliver visibility
and policy control for virtual machines (VM).
■ Flexible networking options with support for all server form factors and vendors,
including support for blade servers from Cisco, Dell, IBM, and HP with integrated
Ethernet and Fibre Channel switches.
Virtualization technologies such as VLANs and VSANs provide for virtualized LAN and
SAN connectivity by logically segmenting multiple LANs and SANs on the same physical
equipment. Each VLAN and VSAN operates independently from one another.
QUESTION 10
Which hierarchical layer has functions such as High availability, port security, and
rate limiting?
A.
B.
C.
D.
Core
Access
Network
Distribution
Correct Answer: B
Section: E
Explanation
Camada de Acesso
A camada de acesso fornece ao usuário acesso a segmentos locais na rede. A
camada de acesso é
caracterizados por segmentos comutação LAN em um ambiente de campus.
microssegmentação usando
LAN interruptores fornece alta largura de banda para grupos de trabalho, reduzindo o
número de dispositivos em
Segmentos Ethernet. Funções da camada de acesso incluem o seguinte:
QUESTION 11
Which item is not a true disadvantage of the full-mesh topology?
A.
B.
C.
D.
Central hub router represents a single point of failure in the network.
High level of complexity to implement.
Large number of packet replications required.
High costs due to number of virtual circuits.
Correct Answer: A
Section: E
Explanation
Full-topologia mesh
Com malha integral topologias, cada site tem uma conexão com todos os outros
sites na nuvem WAN (qualquer-toany).
Como o número de sites de crescer, assim como o número de conexões de raios que
são, em última análise
necessário. Consequentemente, a topologia de malha completa não é viável em redes
muito grandes. No entanto, uma
principal vantagem desta topologia é que tem muita redundância em caso de falhas
na rede.
Mas redundância implementado com esta abordagem tem um preço elevado
associado a ele.
Aqui estão algumas questões inerentes com full-mesh topologias:
O número de VCs necessários para uma malha completa pode ser calculado através
da fórmula ((N - 1) x N / 2).
Por exemplo, se você tem 4 sites, ((4 - 1) x 4/2) = 6 VCs são obrigatórios.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação quarta
QUESTION 12
Which statement is true about WANs?
A. Switches or concentrators often relay information through the WAN.
B. WANs typically encompass broad geographic areas.
C. In general, WAN technologies function at the middle three layers of the Open System Interconnection (OSI)
model.
D. Users of WANs do not typically own all transmission facilities.
Correct Answer: B
Section: E
Explanation
WAN Definido
Wide-area networks (WAN) são redes de comunicação que são usados para conectar
geograficamente
dispersar locais de rede. Geralmente, os serviços de WAN são oferecidos por
prestadores de serviços ou
operadoras de telecomunicações. WANs pode transportar dados, voz e tráfego de
vídeo. prestadores de serviços
taxas de carga, chamado de tarifas, para a prestação de serviços de WAN ou
comunicações a seus clientes.
Algumas vezes o termo serviço é referido como as comunicações WAN fornecidos
pelo transportador.
QUESTION 13
Developing a network design according to layers such as core and distribution is an
example of which type of design methodology?
A.
B.
C.
D.
Flat design
Top-down
Hierarchical structured design
PPDIOO
Correct Answer: C
Section: E
Explanation
Hierarchical Network Design
As shown in the figure, a traditional hierarchical LAN design has three layers:
Figure, Hierarchical Network Design Has Three Layers: Core, Distribution, and
Access
QUESTION 14
Which one of the following QoS mechanisms is recommended for VoIP networks?
A.
B.
C.
D.
Low-latency queuing (LLQ)
Switched-based queuing
Fast queuing
Custom queuing
Correct Answer: A
Section: E
Explanation
Low-Latency Queuing
Baixa latência de enfileiramento (LIQ) acrescenta uma fila de prioridade estrita (PQ)
para CBWFQ. O PQ estrita permite
atrasar o tráfego sensíveis, tais como voz a ser enviado primeiro, antes de outras
filas são atendidos. Isso dá
voz tratamento preferencial sobre os outros tipos de tráfego. Ao contrário de filas de
prioridade, LIQ prevê um
limite máximo para o PQ para impedir o tráfego baixa prioridade de serem sedentos
pelo PQ.
Sem LIQ, CBWFQ não teria uma fila de prioridade para tráfego em tempo real. o
adicional
classificação de classes de tráfego de outros é feito usando as mesmas técnicas
CBWFQ. LIQ é o
método padrão de QoS para muitas redes VoIP.
QUESTION 15
What does Compressed Real-Time Transport Protocol (CRTP) compress ?
A.
B.
C.
D.
RTP, TCP, and IP headers
RTP headers
RTP, User Datagram Protocol (UDP), and IP headers
Real-Time Transport Control Protocol (RTCP) headers
Correct Answer: C
Section: E
Explanation
Explanation:
WAN links use RTP header compression to reduce the size of voice packets. This is also called
Compressed RTP (cRTP), which is defined in RFC 2508. As shown in Figure 14-18, cRTP
reduces the IP/UDP/RTP header from 40 bytes to 2 or 4 bytes (a significant decrease in
overhead). cRTP happens on a hop-by-hop basis, with compression and decompression occurring
on every link. It must be configured on both ends of the link. It is recommended for slow links up to
768 kbps. cRTP is not used much anyone because slow WAN link bandwidths are seen less.
Higher speed links are not recommended because of the high CPU requirements and they reduce
call quality.
Figure 14-18. cRTP
QUESTION 16
In IS-IS networks, which routers does the backup designated router (BDR) form
adjacencies to?
A.
B.
C.
D.
Only to the DR.
The BDR only becomes adjacent when the DR is down.
To all routers.
There is no BDR in IS-IS.
Correct Answer: D
Section: E
Explanation
BDRs são usados por OSFP e NÃO IS-IS. IS-IS usa routers L1 e L2
Um roteador de backup designado (BDR) é um roteador que se torna o roteador
designado, se o atual
roteador designado tem um problema ou falha. O BDR é o roteador OSPF com
segunda maior prioridade
na época da última eleição.
QUESTION 17
Which item is not a part of the process recommended by Cisco for WAN designs?
A.
B.
C.
D.
Characterize the existing network.
Analyze customer requirements.
Configure deployed services.
Design the new WAN topology.
Correct Answer: C
Section: E
Explanation
QUESTION 18
Which type of DSL does residential service use?
A.
B.
C.
D.
VDSL
SDSL
IDSL
ADSL
Correct Answer: D
Section: E
Explanation
Digital Subscriber Line
Linha de assinante digital (DSL) é uma tecnologia que fornece serviços de alta
velocidade de dados na Internet sobre
linhas telefônicas comuns de cobre. Ele consegue isso usando freqüências que não
são usadas no normal
telefone as chamadas de voz.
O xDSL termo descreve as várias formas concorrentes de DSL disponíveis hoje.
ADSL é a mais popular tecnologia DSL e está amplamente disponível. A chave para
ADSL é que o
largura de banda a jusante é assimétrica ou maior do que a largura de banda a
montante. algumas limitações
que inclui ADSL pode ser utilizado apenas na proximidade imediata do DSLAM local,
tipicamente inferior a 2
km. O DSLAM local, ou de assinante digital multiplexador de acesso à linha, permite
que linhas de telefone para fazer
Conexões DSL à Internet. Velocidades de download geralmente variam de 768 kbps a
9 Mbps, e
velocidades de upload variar de 64 kbps a 1,5 Mbps. O equipamento nas instalações
do cliente (CPE) refere-se
a um PC com modem DSL ou roteador DSL que liga de volta para o provedor de
acesso à rede
(NAP) DSLAMs.
O circuito ADSL consiste em uma linha de telefone de par trançado que contém seus
canais de informação:
DSL divisores são utilizados para separar serviço básico de telefonia do modem
ADSL / router
fornecer o serviço, mesmo que a sinalização ADSL falhar.
Embora DSL é utilizado principalmente na comunidade residencial, esta tecnologia
também pode ser utilizada como um
WAN tecnologia para uma organização. No entanto, tenha em mente que, como essa
é uma rede pública
conexão através da Internet, é recomendável que esta tecnologia pode ser usada em
conjunto com um
firewall / VPN volta solução em sua rede corporativa da empresa. As velocidades
elevadas e relativamente
baixo custo fazem deste um popular de acesso à Internet tecnologia WAN.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capít
QUESTION 19
What is the name of the organization that is in charge of creating the FCAPS
architecture?
A.
B.
C.
D.
ISP
OS (or is it really ISO)
ITU-T
IEEE
Correct Answer: B
Section: E
Explanation
FCAPS foi realmente criado pelo ISO não o ITU-T por isso, se o acima é um tipo do
que o B é o
corrigir resposta. No entanto, a ITU-T foi refinar FCAPS como indicado abaixo.
No início de 1980 os FCAPS termo foi introduzido dentro dos primeiros esboços de
Trabalho (N1719) da ISO
10040, Interconexão de Sistemas Abertos (OSI) Sistemas de Gestão Visão Geral
(SMO)
padrão. Nessa altura, a intenção era a de definir cinco padrões de protocolos
separados, um para cada
área funcional. Uma vez que as experiências iniciais revelaram que estes protocolos
se tornaram muito semelhante,
o ISO grupo de trabalho responsável pelo desenvolvimento destes protocolos (ISO/
TC97/SC16/WG4,
mais tarde renomeado para ISO-IEC/JTC1/SC21/WG4) decidiu criar um protocolo
único para todas as cinco áreas
em vez disso. Este protocolo é chamado de protocolo de gestão de informação
comum (CMIP). Na década de 1990
ITU-T, como parte de seu trabalho em Gestão de Redes de Telecomunicações (TMN),
ainda
refinou as FCAPS como parte da recomendação TMN em funções de gestão (M.3400).
o
idéia de FCAPS acabou por ser muito útil para o ensino de funções de gerenciamento
de rede, a maioria de texto
livros, portanto, começar com uma seção que explica os FCAPS.
QUESTION 20
Which types of communicating devices compose RMON architecture ?(choose two)
A.
B.
C.
D.
Router
Switch
Management station
Monitor
Correct Answer: CD
Section: E
Explanation
RMON
RMON é uma especificação padrão de monitoramento que permite que dispositivos
de monitoramento de rede e console
sistemas aos dados de monitorização de troca de rede. RMON fornece mais
informações do que o SNMP, mas
mais sofisticados dispositivos de coleta de dados (sondas de rede) são necessários.
RMON olha MAClayer
dados e fornece informações agregadas sobre as estatísticas e tráfego da LAN.
Redes corporativas implantar sondas de rede em vários segmentos de rede, essas
sondas denunciar
de volta para o console RMON. RMON permite que as estatísticas de rede a ser
recolhido, mesmo se ocorrer uma falha
entre a sonda eo console RMON. RMON1 é definido por RFC 1757 e 2819, e
adições para RMON2 são definidos pela RFC 2021.
QUESTION 21
Which attack type would you expect on segments that have many servers for some
well-known applications?
A.
B.
C.
D.
Trojan horses
DoS attacks
Application-layer attacks
Password attacks
Correct Answer: C
Section: E
Explanation
Segurança da aplicação e defesa de segurança de conteúdo. Camada de rede várias
novo aplicativo
produtos foram lançados que abordam a ajuda de novas classes de ameaças, como
o spam, phishing,
spyware, abuso de pacotes, e compartilhamento de arquivos não autorizados pontoa-ponto. Produtos de segurança de conteúdo
Eletrodomésticos como Cisco IronPort fornecer antivírus abrangente, antispyware,
arquivo de bloqueio,
antispam, bloqueio de URL e filtragem de conteúdo de serviços. Estes produtos
complementam tradicional
firewalls e baseado em rede do sistema de detecção de intrusão (NIDS) soluções com
tráfego mais granular
serviços de inspecção, assim, a quarentena do tráfego de modo que ela não se
propaga por todo o
rede.
De negação de serviço (DoS) ataque - Tenta dominar recursos como CPU, memória e
largura de banda, impactando o sistema atacado e negar o acesso de usuários
legítimos.
QUESTION 22
Which routing protocol is classful?
A.
B.
C.
D.
Intermediate System-to-Intermediate System (IS-IS) and OSPF
Routing Information Protocol Version 1 (RIPv1) and RIPv2
IGRP and RIPv1
Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF)
Correct Answer: C
Section: E
Explanation
Classless Versus Classful Protocolos de Roteamento
Os protocolos de roteamento podem ser classificados de acordo com o seu apoio de
VLSM e CIDR. roteamento classful
protocolos não anunciar máscaras de sub-rede em suas atualizações de roteamento,
portanto, a sub-configurado
máscara para a rede IP deve ser o mesmo em toda a inter-rede inteira. Além disso, o
sub-redes devem, para todos os efeitos práticos, ser contíguas dentro do maior
internetwork. Por exemplo, a
se você usar um protocolo de roteamento classful para a rede 130.170.0.0, você deve
usar a máscara escolhida
(como 255.255.255.0) em todas as interfaces do roteador, usando a rede 130.170.0.0.
você deve
configurar ligações de série com apenas dois hosts e LANs com dezenas ou
centenas de dispositivos com o mesmo
máscara de 255.255.255.0. A grande desvantagem dos protocolos de roteamento
classful é que a rede
designer não pode tirar vantagem de sumarização endereço através de redes (CIDR)
ou alocação
de sub-redes menores ou maiores dentro de uma rede IP (VLSM). Por exemplo, com
um roteamento classful
protocolo que usa uma máscara padrão de / 25 para toda a rede, você não pode
atribuir um / 30 sub-rede para um
circuito ponto-a-ponto serial.
Classful protocolos de roteamento são
Protocolos de roteamento sem classes anunciar a máscara de sub-rede com cada
rota. Você pode configurar
sub-redes de um determinado número IP de rede com máscaras de sub-rede
diferente (VLSM). Você pode configurar
LANs grande com uma máscara de sub-rede menor e configurar ligações de série
com uma máscara de sub-rede maior,
espaço de endereço IP, assim, conservar. Protocolos de roteamento sem classes
também permitem rota flexível
sumarização e Supernetting (CIDR). Você cria supernets agregando IP classful
redes. Por exemplo, é uma super 200.100.100.0/23 de 200.100.100.0/24 e
200.100.101.0/24.
Classless protocolos de roteamento são.
QUESTION 23
Which IGP protocol is a common a choice as EIGRP and OSPF as a routing protocol
for large networks?
A.
B.
C.
D.
RIPv2
IS-IS
IGRP
OSPFV2
Correct Answer: B
Section: E
Explanation
Interior Versus Exterior Routing Protocols
Routing protocols can be categorized as interior gateway protocols (IGP) or exterior gateway
protocols (EGP). IGPs are meant for routing within an organization’s administrative domain (in
other words, the organization’s internal network). EGPs are routing protocols used to
communicate with exterior domains, where routing information is exchanged between
administrative domains. Figure 10-2 shows where an internetwork uses IGPs and EGPs with
multiple autonomous administrative domains. BGP exchanges routing information between the
internal network and an ISP. IGPs appear in the internal private network.
Figure 10-2. Interior and Exterior Routing Protocols
One of the first EGPs was called exactly that: Exterior Gateway Protocol. Today, BGP is the de
facto (and the only available) EGP. Potential IGPs for an IPv4 network arE.
Potential IGPs for an IPv6 network arE.
RIPv1 is no longer recommended because of its limitations. RIPv2 addresses many of the
limitations of RIPv1 and is the most recent version of RIP. IGRP is an earlier version of EIGRP.
RIPv1 and IGRP are no longer CCDA exam topics.
QUESTION 24
A wireless LAN or WLAN is a wireless local area network, which is the linking of two
or more computers or devices without using wires. How are wireless LANs
identified?
A.
B.
C.
D.
Service Set Identifier (SSID)
Internet Group Management Protocol (IGMP)
IP network
Wired Equivalent Privacy (WEP) key
Correct Answer: A
Section: E
Explanation
QUESTION 25
What is the length of the key used with Triple Data Encryption Standard (3DES)?
A.
B.
C.
D.
64 bits
168 bits
128 bits
56 bits
Correct Answer: B
Section: E
Explanation
Em criptografia, Triple DES é o nome comum para o algoritmo Triple Data Encryption
(TDEA
ou Triple DEA cifra de bloco), que aplica o Data Encryption Standard (DES) algoritmo
de criptografia
três vezes em cada bloco de dados. Por causa da disponibilidade de aumentar o
poder computacional, o
tamanho da chave do original DES cifra estava ficando sujeito a ataques de força
bruta; Triple DES foi
concebidos para proporcionar um método relativamente simples de aumentar o
tamanho de chave DES para proteger contra
tais ataques, sem projetar um algoritmo de cifra completamente novo bloco.
Triple DES usa um "pacote-chave", que compreende três chaves DES, K1, K2 e K3,
cada um de 56 bits
(excluindo os bits de paridade). O algoritmo de criptografia é:
cifrado = EK3 (DK2 (EK1 (plaintext)))
Ou seja, DES criptografar com K1, K2 descriptografar com DES, em seguida,
criptografar com DES K3.
Decodificação é o inverso:
plaintext = DK1 (EK2 (DK3 (texto cifrado)))
Ou seja, decifrar com K3, criptografar com K2, então, decifrar com K1.
Cada criptografia tripla criptografa um bloco
QUESTION 26
ISDN is short for Integrated Services Digital Network. Under what category of WAN
technologies does ISDN belong?
A.
B.
C.
D.
Cell-switched
Circuit-switched
Packet-switched
Leased lines
Correct Answer: B
Section: E
Explanation
QUESTION 27
What does IGMP stand for?
A.
B.
C.
D.
Internet Group Management Protocol
Interior Gateway Routing Protocol
Interior Group Management Protocol
Interior Gateway Media Protocol
Correct Answer: A
Section: E
Explanation
Internet Group Management Protocol é o protocolo usado em implementações de
multicast entre
os anfitriões finais eo roteador local. RFC 2236 descreve IGMP versão 2 (IGMPv2).
RFC 3376
descreve a versão IGMP 3 (IGMPv3). RFC 1112 descreve a primeira versão do IGMP.
Hosts IP IGMP usar para relatar suas adesões do grupo multicast para roteadores.
Mensagens IGMP usar IP
protocolo de número 2. As mensagens IGMP são limitados à interface local, e não
são encaminhadas.
QUESTION 28
Which name is for the Cisco product that provides centralized, policy-based security
management?
A.
B.
C.
D.
IDS
Out-of-band management
AAA
CSPM
Correct Answer: D
Section: E
Explanation
QUESTION 29
What does Cisco recommend as the foundation of any deployed security solution?
A.
B.
C.
D.
Customer needs
Security audit
Service-level agreement
Corporate security policy
Correct Answer: D
Section: E
Explanation
Security Policy and Process
To provide the proper levels of security and increase network availability, a security policy is a
crucial element in providing secure network services. This is an important concept to understand,
and such business requirements should be considered throughout the system life cycle. Business
requirements and risk analysis are used in the development of a security policy. It is often a
balance between ease of access versus the security risk and cost of implementing the security
technology.
In terms of network security in the system life cycle, the business needs are a key area to
consider. Business needs define what the business wants to do with the network.
Risk analysis is another part of the system life cycle. It explains the risks and their costs. Business
needs and risk assessment feed information into the security policy.
The security policy describes the organization’s processes, procedures, guidelines, and standards.
Furthermore, industry and security best practices are leveraged to provide well-known processes
and procedures.
Finally, an organization’s security operations team needs to have processes and procedures
defined. This information helps explain what needs to happen for incident response, security
monitoring, system maintenance, and managing compliance.
Table, outlines key network security considerations
QUESTION 30
Which three sources does a network designer use to collect information for
characterizing an existing network? (Choose three.)
A.
B.
C.
D.
E.
server statistics
network audit
traffic analysis
visual inventory
staff input
Correct Answer: BCE
Section: E
Explanation
Characterizing the Existing Network
Characterizing the network is Step 2 of the design methodology. In this section, you
learn to
identify a network’s major features, tools to analyze existing network traffic, and tools
for auditing
and monitoring network traffic.
Steps in Gathering Information
When arriving at a site that has an existing network, you need to obtain all the
existing
documentation. Sometimes no documented information exists. You should be
prepared to use
tools to obtain information and get access to log in to the network devices to obtain
information.
Here are the steps for gathering information:
When gathering exiting documentation, you look for site information such as site
names, site
addresses, site contacts, site hours of operation, and building and room access.
Network
infrastructure information includes locations and types of servers and network
devices, data center
and closet locations, LAN wiring, WAN technologies and circuit speeds, and power
used. Logical
network information includes IP addressing, routing protocols, network management,
and security
access lists used. You need to find out whether voice or video is being used on the
network.
QUESTION 31
Which statement best describes Call Admission Control?
A.
B.
C.
D.
It extends QoS capabilities to protect voice from excessive data traffic.
It protects voice from voice.
It provides endpoint registration control.
It provides endpoint bandwidth control.
Correct Answer: B
Section: E
Explanation
CAC should be used to keep excess voice traffic from the network by ensuring that
there is
enough bandwidth for new calls. Call admission control (CAC) is used to control the
number of
calls to reduce the WAN bandwidth for a site that has IPT. CAC is configured for the
site on the
CUCM servers. A maximum bandwidth or maximum number of calls is provisioned for
the site.
CAC enforces a maximum number of calls between two locations to ensure that call
quality will not
be degraded by allowing more calls than a network can support. CAC causes
excessive calls
between two locations to be refused. The IPT system must then either reroute the call
to different
available path, such as the PSTN, or deny the call.
QUESTION 32
Which three security measures can be used to mitigate DoS attacks that are directed
at exposed hosts within the E-Commerce module? (Choose three.)
A.
B.
C.
D.
E.
Use NIDSs and HIPSs to detect signs of attack and to identify potentially successful breaches.
Partition the exposed hosts into a separate LAN or VLAN.
Use LAN switch VTP pruning to separate hosts on the same segment.
Use a VPN concentrator (IPSec) to protect and verify each connection to the exposed host or hosts.
Use firewalls to block all unnecessary connections to the exposed hosts.
Correct Answer: ABE
Section: E
Explanation
Exam F
QUESTION 1
Which H.323 protocol is responsible for the exchanging of capabilities and the
opening and closing of logical channels?
A.
B.
C.
D.
H.225
H.245
RAS
RTCP
Correct Answer: B
Section: F
Explanation
QUESTION 2
A campus network needs end-to-end QoS tools to manage traffic and ensure voice
quality. Which three types of QoS tools are needed? (Choose three.)
A.
B.
C.
D.
E.
F.
interface queuing and scheduling
congestion management
compression and fragmentation
bandwidth provisioning
traffic classification
buffer management
Correct Answer: ADE
Section: F
Explanation
QUESTION 3
Which modules are found in the Enterprise Edge functional area of the Cisco
Enterprise Architecture? Select all that apply.
A.
B.
C.
D.
E.
F.
Teleworker
WAN/MAN
Server Farm
E-Commerce
Remote Access/VPN
Correct Answer: BDEF
Section: F
Explanation
QUESTION 4
Which Cisco device management feature is most suited to metering network traffic
and providing data for billing network usage?
A.
B.
C.
D.
BGP
Cisco Discovery Protocol
QoS
NetFlow
Correct Answer: D
Section: F
Explanation
QUESTION 5
What is the recommended spanning tree protocol to use for all Layer 2 deployments
in a branch office environment?
A.
B.
C.
D.
E.
CST
RSPT
PVST
MISTP
Rapid PVST +
Correct Answer: E
Section: F
Explanation
QUESTION 6
You are performing an audit of a customer's existing network and need to obtain the
following router information:
Interfaces
running processes
IOS image being executed
Which command should you use?
A.
B.
C.
D.
E.
show version
show tech-support
show startup-config
show running-config
show processes memory
Correct Answer: B
Section: F
Explanation
QUESTION 7
Where do you put DNS and DHCP on Enterprise model? Select two.
A.
B.
C.
D.
Enterprise campus Server Farm Module
Enterprise edge
SP Edge Premise
Enterprise Branch
Correct Answer: AD
Section: F
Explanation
One important note for the CCDA to remember is to place DNS servers in the
Enterprise Campus
Server Farm module and Enterprise Branch of the Enterprise Campus architecture
(see Figure 87).
Figure. DHCP and DNS Servers in the Network
QUESTION 8
Which answer is correct about routing metrics?
A.
B.
C.
D.
If the metric is cost, the path with the highest cost is selected.
If the metric is bandwidth, the path with the highest bandwidth is selected.
If the metric is bandwidth, the path with the lowest bandwidth is selected.
If the metric is bandwidth, the highest sum of the bandwidth is used to calculate the highest
Correct Answer: B
Section: F
Explanation
QUESTION 9
What is DHCP?
A.
B.
C.
D.
Dynamic Host Configuration Protocol
Dedicated Host Configuration Protocol
Dynamic Host Control Protocol
Predecessor to BOOTP
Correct Answer: A
Section: F
Explanation
QUESTION 10
The network-design process is limited by many external constraints. Which origins
are of these constraints?
A.
B.
C.
D.
Technological, worldwide standards, social, and managerial
Technological, political, social, and economical
Technological, cost, social, and economical
Managerial, political, social, and economical
Correct Answer: B
Section: F
Explanation
QUESTION 11
Which item is not an SNMP operation?
A.
B.
C.
D.
GetNext
Community
Trap
Set
Correct Answer: B
Section: F
Explanation
QUESTION 12
In a network with Enhanced Interior Gateway Routing Protocol (EIGRP) and IGRP
using the same autonomous system number, what will happen on the router
configured with both protocols?
A.
B.
C.
D.
Redistribution occurs automatically.
Redistribution is not necessary.
EIGRP assumes IGRP is a less capable protocol and overtakes it.
Redistribution does not occur automatically.
Correct Answer: A
Section: F
Explanation
QUESTION 13
What does the Cisco SLM define as the component used to specify expected
performance between a pair of devices connected by a network?
A.
B.
C.
D.
CM
SLC
SLA
SAA
Correct Answer: C
Section: F
Explanation
CiscoWorks Gerente de Nível de Serviço
Service Manager Level (SLM) versão 2.0 é o componente de servidor do Serviço de
CiscoWorks
Solução de Gestão (SMS). SLM permite aos administradores definir e validar de nível
de serviço
acordos em termos comuns para aqueles escrito em seu contrato com a operadora.
através locais
e gerentes de coleta remota, SLM interage com o Cisco IOS ® Software para executar
teste sintético e monitoramento de Layer 3 e 4 serviços de acordo com o SLA
especificado
parâmetros e limites. A abordagem de teste sintético garante um entendimento
comum
entre cliente e prestador de serviços dos terminais, características e limites do
testes.
NOTA. Este produto não está mais sendo vendido e pode não ser suportada. Ver o
Fim-de-Life
Observe a aprender:
http://www.cisco.com/en/US/products/sw/cscowork/ps2144/index.html
QUESTION 14
Which two statements best describe Cisco Wireless LAN Guest Access in a Cisco
Unified Wireless Network? (Choose two.)
A.
B.
C.
D.
E.
F.
Dedicated guest VLANs are only extended to the wireless controllers in the network to ensure path isolation.
Guest tunnels have limitations on which wireless controllers can originate the tunnel.
Dedicated guest VLANs are extended throughout the network to the access points for path isolation.
Guest tunnels can originate and terminate on any wireless controller platform.
Guest tunnels have limitations on which wireless controllers can terminate the tunnel.
Dedicated guest access in the DMZ extends from the origination to the termination controllers without
dedicated guest VLANs.
Correct Answer: EF
Section: F
Explanation
Using EoIP Tunnels for Guest Services
Basic solutions use separate VLANs for guest and corporate users to segregate guest traffic from
corporate traffic. The guest SSID is broadcast, but the corporate SSID is not. All other security
parameters are configured. Another solution is to use Ethernet over IP (EoIP) to tunnel the guest
traffic from the CAPWAP to an anchor WLC.
As shown in Figure 5-17, EoIP is used to logically segment and transport guest traffic from the
edge AP to the anchor WLC. There is no need to define guest VLANs in the internal network, and
corporate traffic is still locally bridged. The Ethernet frames from the guest clients are maintained
across the CAPWAP and EoIP tunnels.
Figure. EoIP Tunnels
QUESTION 15
You are designing IPv6 into an existing IPv4 network. Which two strategies can you
use to allow both address schemes to coexist, thus facilitating migration? (Choose
two)
A.
B.
C.
D.
E.
translate one protocol into the other
redistribute between IPv6-capable and non-IPv6-capable routing protocols
encapsulate IPv6 packets within IPv4 packets
bridge between the IPv6 and IPv4 networks
enable anycast capability in the routing protocol
Correct Answer: AC
Section: F
Explanation
QUESTION 16
You are designing a small branch office that requires these attributes:
support for 60 users
the growth capacity to add another 15 users soon
redundant access
higher bandwidth between the Layer 2 switch and routing to the WAN
Which branch office topology or technology must be used?
A.
B.
C.
D.
E.
EtherChannel
loop-free
three-tier
two-tier
integrated routing and switching
Correct Answer: D
Section: F
Explanation
QUESTION 17
Which two of these are scalability benefits of designing a network that utilizes VPNs?
(Choose two.)
A.
B.
C.
D.
E.
reduces dial infrastructure expenditures
reduces the number of physical connections
allows networks to be set up and restructured quickly
simplifies the underlying structure of a customer WAN
extends the network to remote users
Correct Answer: BD
Section: F
Explanation
QUESTION 18
The Cisco Data Center Network Architecture comprises which two Cisco SONA
layers? (Choose two.)
A.
B.
C.
D.
E.
Collaboration Applications
WAN/Internet
Interactive Services
Network Infrastructure
Business Applications
Correct Answer: CD
Section: F
Explanation
The SONA framework define the following three layers:
+ Networked Infrastructure layer: Where all the IT resources interconnect across a
converged
network foundation. The objective of this layer is to provide connectivity, anywhere
and anytime.
+ Interactive Services layer: Includes both application networking services and
infrastructure
services. This layer enables efficient allocation of resources to applications and
business processes
delivered through the networked infrastructure.
+ Application layer: Includes business applications and collaboration applications.
The objective of
this layer is to meet business requirements and achieve efficiencies by leveraging the
Interactive
Services layer.
QUESTION 19
In the Cisco branch office design, what categorizes an office as large?
A.
B.
C.
D.
E.
between 50 and 100 users and a single-tier design
between 100 and 200 users and a three-tier design
between 50 and 100 users and a three-tier design
over 200 users and a two-tier design
between 100 and 200 users and a two-tier design
Correct Answer: B
Section: F
Explanation
QUESTION 20
Which two of these are required for wireless client mobility deployment when using a
Cisco Unified Wireless Network? (Choose two.)
A.
B.
C.
D.
E.
matching RF power
matching security
assigned master controller
matching mobility group name
matching RF channel
Correct Answer: BD
Section: F
Explanation
QUESTION 21
Which information should a network summary report identify?
A.
B.
C.
D.
E.
F.
actions needed to support the existing network
customer requirements
new network features
customer requirement modifications
actions needed to support existing network features
infrastructure shortcomings
Correct Answer: F
Section: F
Explanation
QUESTION 22
Which statement can a network designer use to describe route summarization to an
IT manager?
A.
B.
C.
D.
It is the grouping of ISP network addresses to minimize the number of routes to the Internet.
It is the grouping of multiple discontiguous subnets to increase routing performance.
It is the grouping of multiple contiguous networks and advertising as one large network
It is the grouping of multiple contiguous subnets into one Class A, B, or C IP address to minimize routing
table size.
Correct Answer: C
Section: F
Explanation
QUESTION 23
Which two VoIP characteristics are affected most by codec choice? (Choose two.)
A.
B.
C.
D.
voice quality
voice packet header size
bandwidth required for voice calls
silent packet handling
Correct Answer: AC
Section: F
Explanation
QUESTION 24
Which of these accurately describes dial backup routing?
A.
B.
C.
D.
E.
once the backup link is activated it will remain active even after the primary link is restored
he backup link is activated it will remain active even after the primary link is restoredonce t
it always uses permanent static routes
it is supplied by the service provider as a secondary PVC at no additional charge
the router intiates the dial backup link when a failure is detected on the primary link
Correct Answer: E
Section: F
Explanation

Cisco Actualtests 640-864 Exam Bundle

Transcription

Similar documents

Cisco Recruitment Session* When

CCNP Flyer

crescent village - Prime Commercial, Inc.

Cisco.com AEM Integration and Migration

Virtual Lock for Corporate IP Telephony v 3.0

Road Connect, Inc.

Sales Forecast Accuracy