Cisco Actualtests 640-864 Exam Bundle

Transcrição

Cisco Actualtests 640-864 Exam Bundle
Number: 640-864
Passing Score: 800
Time Limit: 120 min
File Version: 33.2
http://www.gratisexam.com/
Cisco 640-864 Exam Bundle
Exam Name: Cisco Designing for Cisco Internetwork Solutions 2011
For Full Set of Questions please visit: http://www.actualtests.com/exam-640-864.htm
Sections
1. A
2. B
3. C
4. D
5. E
6. F
Exam A
QUESTION 1
Spanning Layer 2 across geographically separate data centers is a key consideration
for current
data center designs. Which is the name of the NX-OS technology that facilitates MAC
in IP
transport for Layer 2 VLANs across any IP network?
A.
B.
C.
D.
Overlay Transport Virtualization
Virtual Private LAN Services
Generic Routing Encapsulation
QinQ tunneling
Correct Answer: A
Section: A
Explanation
Explanation/Reference:
Q. What is Cisco Overlay Transport Virtualization?
A. Cisco® Overlay Transport Virtualization (OTV) is a "MAC in IP" technique for supporting Layer 2 Vans over
any transport.
Q. What are the OTV transport requirements for the core?
A. The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP
packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic.
Q. Does OTV require the configuration of pseudo-wires or tunnels?
A. OTV does not require the configuration of pseudo-wires or tunnels. The encapsulation of the packets sent to
the overlay is performed dynamically based on a Layer 2 address destination lookup.
Q. Is OTV a public standard?
A. OTV is not a public standard, even though the technology is based on standardized protocols. The plan is to
submit the IETF drafts toward the end of calendar year 2010 (CY2010).
Q. On which Cisco platforms will OTV be supported?
A. OTV will make its first appearance on the Cisco Nexus® 7000 Series Switches. Other platforms in the Cisco
portfolio are planning to support this technology as well.
Q. What modules of the Cisco Nexus 7000 Series will support OTV?
A. OTV is supported on all M-series modules. OTV is not supported on F1-series modules. Deployments using
F1 series can leverage VDC separation to achieve the desired combination of line cards and functionality.
Q. Does OTV affect the existing Layer 2 design at a site?
A. OTV is both core and site transparent. No changes to the Layer 2 design of the sites are needed.
Q. Does OTV require the extension of the Spanning Tree Protocol?
A. OTV can extend the Layer 2 domains across geographically distant data centers by providing built-in filtering
capabilities to localize the most common networking protocols (Spanning Tree Protocol, VLAN Trucking
Protocol [VTP], and Hot Standby Router Protocol [HSRP]) and prevent them from traversing the overlay,
therefore keeping protocol failures from propagating across sites.
With OTV, each site can have its own implementation of spanning tree as well as its own spanning tree root
device.
Q. Does OTV provide site localization for the First-Hop Routing Protocol (FHRP)?
A. OTV provides built-in filtering capabilities to localize FHRP. A single FHRP group across the extended Layer
2 domain will now have an active gateway on each site, providing optimal egress routing.
Q. How does OTV propagate the MAC addresses learned at each site?
A. Unlike traditional Layer 2 Vans, which rely on Layer 2 flooding to propagate MAC address reach ability, OTV
uses a protocol to proactively advertise the MAC addresses learned at each site. The protocol advertisement
takes place in the background, with no configuration required by the network administrator.
Q. How does OTV handle unknown Unicast flooding?
A. OTV does not require unknown Unicast flooding to propagate MAC address reach ability; thus, there is no
need to flood the unknown Unicast over the overlay, and flooding is suppressed. The endpoints connected to
the network are assumed to be neither silent nor unidirectional. OTV also provides a way to learn the MAC
addresses for unidirectional hosts.
Q. Does OTV support static MAC-to-IP address mapping?
A. OTV enables the network administrator to statically map MAC addresses to IP addresses.
Q. What are the OTV advantages for multicast traffic?
A. With OTV, the multicast traffic generated at the site is optimally replicated by the core. Head-end replication
is not performed at the site when the core provides multicast services. OTV encapsulates the multicast frame
into a multicast IP packet (after joining a multicast group in the core), which will be replicated by the core to only
those sites that are supposed to receive it. This capability is built-in to OTV and does not require any multicast
configuration at the sites.
Q. Does OTV require multicast support in the core?
A. Although desirable to fully benefit from all the optimizations that OTV can provide, multicast in the core is not
mandatory. *Starting with NX-OS 5.2* OTV also provides an elegant and dynamic solution for those cores that
do not have multicast support.
Q. Does OTV support multiple overlays?
A. OTV can support multiple concurrent overlays.
Q. Does OTV support multipoint?
A. Automatic detection of multipoint is included as part of the OTV control protocol. This feature enables
multipoint of sites without requiring any additional configuration or protocol.
Q. How does OTV provide load balancing?
A. OTV provides two levels of load balancing:
• Within the core: OTV headers are defined to allow the core to hash traffic based on five-tupples and distribute
traffic over multiple paths to avoid polarization of encapsulated traffic.
• Within the site: OTV enables effective load balancing of flows across the multiple edge devices available in an
all-active multihued deployment. Load balancing follows equal-cost multipart (ECMP) rules based on the
information provided by the OTV control protocol.
Q. What is the encapsulation used by OTV?
A. OTV uses Ethernet over Generic Router Encapsulation (GRE) and adds an OTV shim to the header to
encode VLAN information. The OTV encapsulation is 42 bytes, which is less than virtual private LAN service
(VPLS) over GRE. The encapsulation is performed entirely by the forwarding engine in hardware.
Q. How complicated is OTV configuration? A. OTV has been designed with only a few command-line interface
(CLI) and built-in automated processes. This design makes OTV extremely simple to configure.
QUESTION 2
Which three technologies are recommended to be used for WAN connectivity in
today's Enterprise
Edge designs? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
DWDM
Metro Ethernet
Frame Relay
MPLS VPN
ISDN
DSL
Wireless
Correct Answer: ABD
Section: A
Explanation
There is some discussion about whether ISDN not DWDM should be the answer but it does say TODAYS
network
QUESTION 3
Which is usually used to connect to an upstream ISP?
A.
B.
C.
D.
E.
OSPF
BGP
IS-IS
RIPv2
EIGRP
Correct Answer: B
Section: A
Explanation
QUESTION 4
At which layer of the network is route summarization recommended?
A.
B.
C.
D.
data link layer
core layer
distribution layer
access layer
Correct Answer: C
Section: A
Explanation
QUESTION 5
Which Cisco device has the sole function at looking at threat detection and mitigation
at the
Enterprise edge?
A.
B.
C.
D.
Cisco IOS router
Cisco ASA
Cisco Catalyst FWSM
Cisco IPS
Correct Answer: D
Section: A
Explanation
QUESTION 6
You are asked to design a new branch office that will need to support 25 users. These
users will
be using an ISP connection and will need to connect to the main office for network
services.
Which two Cisco devices are the most appropriate to fulfill all these requirements?
(Choose two.)
A.
B.
C.
D.
E.
F.
Cisco IPS
Cisco ISR G2
Cisco ASA
Cisco 2960
Cisco CRS-1
Cisco ACS
Correct Answer: BC
Section: A
Explanation
QUESTION 7
To provide Layer 2 connectivity between the primary and remote data centers, given
that the two
data centers are using Layer 3 routed DCIs, which NX-OS technology can be used to
facilitate this
requirement?
A.
B.
C.
D.
E.
VRF
OTV
MPLS
SPT
vPC
Correct Answer: B
Section: A
Explanation
Q. What is Cisco Overlay Transport Virtualization?
A. Cisco® Overlay Transport Virtualization (OTV) is a "MAC in IP" technique for supporting Layer 2 Vans over
any transport.
Q. What are the OTV transport requirements for the core?
A. The overlay nature of OTV allows it to work over any transport as long as this transport can forward IP
packets. Any optimizations performed for IP in the transport will benefit the OTV encapsulated traffic.
Q. Does OTV require the configuration of pseudo-wires or tunnels?
A. OTV does not require the configuration of pseudo-wires or tunnels. The encapsulation of the packets sent to
the overlay is performed dynamically based on a Layer 2 address destination lookup.
Q. Is OTV a public standard?
A. OTV is not a public standard, even though the technology is based on standardized protocols. The plan is to
submit the IETF drafts toward the end of calendar year 2010 (CY2010).
Q. On which Cisco platforms will OTV be supported?
A. OTV will make its first appearance on the Cisco Nexus® 7000 Series Switches. Other platforms in the Cisco
portfolio are planning to support this technology as well.
Q. What modules of the Cisco Nexus 7000 Series will support OTV?
A. OTV is supported on all M-series modules. OTV is not supported on F1-series modules. Deployments using
F1 series can leverage VDC separation to achieve the desired combination of line cards and functionality.
Q. Does OTV affect the existing Layer 2 design at a site?
A. OTV is both core and site transparent. No changes to the Layer 2 design of the sites are needed.
Q. Does OTV require the extension of the Spanning Tree Protocol?
A. OTV can extend the Layer 2 domains across geographically distant data centers by providing built-in filtering
capabilities to localize the most common networking protocols (Spanning Tree Protocol, VLAN Trucking
Protocol [VTP], and Hot Standby Router Protocol [HSRP]) and prevent them from traversing the overlay,
therefore keeping protocol failures from propagating across sites.
With OTV, each site can have its own implementation of spanning tree as well as its own spanning tree root
device.
Q. Does OTV provide site localization for the First-Hop Routing Protocol (FHRP)?
A. OTV provides built-in filtering capabilities to localize FHRP. A single FHRP group across the extended Layer
2 domain will now have an active gateway on each site, providing optimal egress routing.
Q. How does OTV propagate the MAC addresses learned at each site?
A. Unlike traditional Layer 2 Vans, which rely on Layer 2 flooding to propagate MAC address reach ability, OTV
uses a protocol to proactively advertise the MAC addresses learned at each site. The protocol advertisement
takes place in the background, with no configuration required by the network administrator.
Q. How does OTV handle unknown Unicast flooding?
A. OTV does not require unknown Unicast flooding to propagate MAC address reach ability; thus, there is no
need to flood the unknown Unicast over the overlay, and flooding is suppressed. The endpoints connected to
the network are assumed to be neither silent nor unidirectional. OTV also provides a way to learn the MAC
addresses for unidirectional hosts.
Q. Does OTV support static MAC-to-IP address mapping?
A. OTV enables the network administrator to statically map MAC addresses to IP addresses.
Q. What are the OTV advantages for multicast traffic?
A. With OTV, the multicast traffic generated at the site is optimally replicated by the core. Head-end replication
is not performed at the site when the core provides multicast services. OTV encapsulates the multicast frame
into a multicast IP packet (after joining a multicast group in the core), which will be replicated by the core to only
those sites that are supposed to receive it. This capability is built-in to OTV and does not require any multicast
configuration at the sites.
Q. Does OTV require multicast support in the core?
A. Although desirable to fully benefit from all the optimizations that OTV can provide, multicast in the core is not
mandatory. *Starting with NX-OS 5.2* OTV also provides an elegant and dynamic solution for those cores that
do not have multicast support.
Q. Does OTV support multiple overlays?
A. OTV can support multiple concurrent overlays.
Q. Does OTV support multipoint?
A. Automatic detection of multipoint is included as part of the OTV control protocol. This feature enables
multipoint of sites without requiring any additional configuration or protocol.
Q. How does OTV provide load balancing?
A. OTV provides two levels of load balancing:
• Within the core: OTV headers are defined to allow the core to hash traffic based on five-tupples and distribute
traffic over multiple paths to avoid polarization of encapsulated traffic.
• Within the site: OTV enables effective load balancing of flows across the multiple edge devices available in an
all-active multihued deployment. Load balancing follows equal-cost multipart (ECMP) rules based on the
information provided by the OTV control protocol.
Q. What is the encapsulation used by OTV?
A. OTV uses Ethernet over Generic Router Encapsulation (GRE) and adds an OTV shim to the header to
encode VLAN information. The OTV encapsulation is 42 bytes, which is less than virtual private LAN service
(VPLS) over GRE. The encapsulation is performed entirely by the forwarding engine in hardware.
Q. How complicated is OTV configuration? A. OTV has been designed with only a few command-line interface
(CLI) and built-in automated processes. This design makes OTV extremely simple to configure.
QUESTION 8
Which subnet address and mask would you use for all Class D multicast addresses
to be matched
within an access list?
A.
B.
C.
D.
E.
224.0.0.0/20
224.0.0.0/4
239.0.0.0/24
239.0.0.0/8
225.0.0.0/8
Correct Answer: B
Section: A
Explanation
QUESTION 9
Which three are features of LWAPP? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
firmware synchronization
local management of APs
configuration changes manually synced
encryption of control channel
configuration data only on the WLC
wireless control free operation
replaces 802.1x for authentication in wireless connections
Correct Answer: ADE
Section: A
Explanation
QUESTION 10
Which mode is used to exclusively look for unauthorized access points?
A.
B.
C.
D.
monitor mode
sniffer mode
rogue detector mode
local mode
Correct Answer: C
Section: A
Explanation
QUESTION 11
Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol.
Which other
authentication solution is used hand-in-hand with 802.1X to authenticate users for
network
access?
A.
B.
C.
D.
E.
RADIUS
LEAP
IPsec
TACACS
ISAKMP
Correct Answer: A
Section: A
Explanation
QUESTION 12
Which protocol is used for voice bearer traffic?
A.
B.
C.
D.
E.
MGCP
RTP
SCCP
CDP
ICMP
Correct Answer: B
Section: A
Explanation
QUESTION 13
Your supervisor wants you to recommend a management protocol that will allow you
to track
overall bandwidth utilization, utilization by traffic type, and utilization by source and
destination.
Which is ideally suited for this function?
A.
B.
C.
D.
MRTG
Netflow
RRD
SNMP
Correct Answer: B
Section: A
Explanation
QUESTION 14
A hierarchical design of the EIGRP domain facilitates which two of the following?
(Choose two.)
A.
B.
C.
D.
E.
route summarization
faster convergence
unequal cost load balancing
redistribution
virtual links
Correct Answer: AB
Section: A
Explanation
Hierarchical Versus Flat Routing Protocols
Some routing protocols require a network topology that must have a backbone network
defined. This network contains some, or all, of the routers in the internetwork. When the
internetwork is defined hierarchically, the backbone consists of only some devices. Backbone
routers service and coordinate the routes and traffic to or from routers not in the local
internetwork. The supported hierarchy is relatively shallow. Two levels of hierarchy are
generally sufficient to provide scalability. Selected routers forward routes into the backbone.
OSPF and IS-IS are hierarchical routing protocols. By default, EIGRP is a flat routing
protocol, but it can be configured with manual summarization to support hierarchical
designs.
Flat routing protocols do not allow a hierarchical network organization. They propagate
all routing information throughout the network without dividing or summarizing large
networks into smaller areas. Carefully designing network addressing to naturally support
aggregation within routing-protocol advertisements can provide many of the benefits offered
by hierarchical routing protocols. Every router is a peer of every other router in flat
routing protocols; no router has a special role in the internetwork. EIGRP, RIPv1, and
RIPv2 are flat routing protocols.
QUESTION 15
Which three are associated with the distribution layer within the campus design?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
access layer aggregation
route summarization
network trust boundary
next-hop redundancy
layer 2 switching
port security
broadcast suppression
Correct Answer: ABD
Section: A
Explanation
Distribution Layer Best Practices
As shown in Figure 3-6, the distribution layer aggregates all closet switches and connects
to the core layer. Design considerations for the distribution layer include providing wirespeed
performance on all ports, link redundancy, and infrastructure services.
The distribution layer should not be limited on performance. Links to the core must be
able to support the bandwidth used by the aggregate access layer switches. Redundant
links from the access switches to the distribution layer and from the distribution layer to
the core layer allow for high availability in the event of a link failure. Infrastructure services
include quality of service (QoS) configuration, security, and policy enforcement. Access
lists are configured in the distribution layer.
The following are recommended best practices at the distribution layer:
■ Use first-hop redundancy protocols. Hot Standby Router Protocol (HSRP) or Gateway
Load Balancing Protocol (GLBP) should be used if you implement Layer 2 links
between the Layer 2 access switches and the distribution layer.
■ Use Layer 3 routing protocols between the distribution and core switches to allow for
fast convergence and load balancing.
■ Only peer on links that you intend to use as transit.
QUESTION 16
Which network virtualization technology involves creating virtual routers with its own
individual routing tables on a physical router?
A.
B.
C.
D.
VSS
vPC
VRF
VLAN
Correct Answer: C
Section: A
Explanation
VRF Virtual routing and forwarding. A routing virtualization technology that creates multiple
logical Layer 3 routing and forwarding instances (route tables) that can function on the
same physical router.
QUESTION 17
Which of the following three options represents the components of the Teleworker
Solution?
(Choose three.)
A. Cisco Unified IP Phone
B. Cisco 880 Series Router
C. Aironet Office Extend Access Point
D.
E.
F.
G.
Catalyst 3560 Series Switch
Cisco 2900 Series Router
MPLS Layer 3 VPN
Leased lines
Correct Answer: ABC
Section: A
Explanation
A Cisco ASR is used to terminate Teleworker solutions, not a 2900 series router.
Hybrid teleworker uses Aironet,
Advanced teleworker uses 880,
both use IP phones.
google: "at_a_glance_c45-652500.pdf" for details
The Cisco Virtual Office Solution for the Enterprise Teleworker is implemented using the
Cisco 800 series ISRs. Each ISR has integrated switch ports that then connect to the user’s
broadband connection. The solution uses a permanent always-on IPsec VPN tunnel back
to the corporate network. This architecture provides for centralized IT security management,
corporate-pushed security policies, and integrated identity services. In addition,
this solution supports the enterprise teleworker needs through advanced applications such
as voice and video. For example, the enterprise teleworker can take advantage of toll bypass,
voicemail, and advanced IP phone features not available in the PSTN.
Enterprise Teleworker Module
The enterprise teleworker module consists of a small office or a mobile user who needs to
access services of the enterprise campus. As shown in Figure 2-14, mobile users connect
from their homes, hotels, or other locations using dialup or Internet access lines. VPN
clients are used to allow mobile users to securely access enterprise applications. The Cisco
Virtual Office solution provides a solution for teleworkers that is centrally managed using
small integrated service routers (ISR) in the VPN solution. IP phone capabilities are also
provided in the Cisco Virtual Office solution, providing corporate voice services for mobile
users.
QUESTION 18
Which three describe challenges that are faced when deploying an environment for
teleworkers?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
supporting a mix of technically knowledgeable and nontechnical users
simplifying router installation and configuration
verifying available power at employee's house for necessary equipment
avoiding situations where employees might use nonstandard hardware or configurations
reducing daily commuting time to main office location
providing access to FTP servers located in main office location
implementing leased line connectivity between main office and employee's home location
Correct Answer: ABD
Section: A
Explanation
QUESTION 19
Which consideration is the most important for the network designer when
considering IP routing?
A.
B.
C.
D.
convergence
scalability
on-demand routing
redistribution
Correct Answer: A
Section: A
Explanation
QUESTION 20
Which two of these practices are considered to be best practices when designing the
access layer for the enterprise campus? (Choose two)
A. Implement all of the services (QoS, security, STP, and so on) in the access layer, offloading the work from
the distribution and core layers.
B. Always use a Spanning Tree Protocol; preferred is Rapid PVST+.
C. Use automatic VLAN pruning to prune unused VLANs from trunked interface to avoid broadcast
propagation.
D. Avoid wasted processing by disabling STP where loops are not possible.
E. Use VTP transparent mode to decrease the potential for operational error
Correct Answer: BE
Section: A
Explanation
When designing the building access layer, you must consider the number of users or ports
required to size up the LAN switch. Connectivity speed for each host should also be considered.
Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or
port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should be
considered.
The following are recommended best practices for the building access layer:
• Limit VLANs to a single closet when possible to provide the most deterministic and highly
available topology.
• Use Rapid Per-VLAN Spanning Tree Plus (RPVST+) if STP is required. It provides the faster
convergence than traditional 802.1d default timers.
• Set trunks to ON and ON with no-negotiate.
• Manually prune unused VLANs to avoid broadcast propagation (commonly done on the
distribution switch).
• Use VLAN Trunking Protocol (VTP) Transparent mode, because there is little need for a
common VLAN database in hierarchical networks.
• Disable trunking on host ports, because it is not necessary. Doing so provides more security and
speeds up PortFast.
• Consider implementing routing in the access layer to provide fast convergence and Layer 3 load
balancing.
• Use the switchport host commands on server and end-user ports to enable PortFast and
disable channeling on these ports.
• Use Cisco STP Toolkit, which provides
• PortFast: Bypass listening-learning phase for access ports
• Loop GuarD. Prevents alternate or root port from becoming designated in absence of bridge
protocol data units (BPDU)
• Root GuarD. Prevents external switches from becoming root
• BPDU GuarD. Disables PortFast-enabled port if a BPDU is received
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 3, Page 85
QUESTION 21
Which of these statements is true concerning the data center access layer design?
A. one-way router redistribution avoids the requirement for state or default routes.
B. With Layer 2 access, the default gateway for the servers can be configured at the access or aggregation
layer
C. A dual-homing NIC requires a VLAN or trunk between the two access switches to support the dual IP
address on the two server links to two separate switches.
D. The access layer is normally not required, as dual homing is standard from the servers to the aggregation
layer.
Correct Answer: B
Section: A
Explanation
With Layer 2 / 3, capabilities in-built access layer switches can have data & voice
VLANs with interfaces; this is helpful in improving routing convergence.
Link:
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns432/c649/ccmigration_09186a00805fcc
bf.pdf
QUESTION 22
Which IPv6 feature enables routing to distribute connection requests to the nearest
content server?
A.
B.
C.
D.
Link-local
Site-local
Anycast
Multicast
E. Global aggregatable
Correct Answer: C
Section: A
Explanation
Anycast is a network addressing and routing methodology in which datagrams from
a single sender are routed to the topologically nearest node in a group of potential receivers all
identified by the same destination address.
Link: http://en.wikipedia.org/wiki/Anycast
QUESTION 23
Which one of these statements is true concerning the enterprise data center?
A.
B.
C.
D.
It can be located either at the enterprise campus or at a remote branch.
Remote data center connectivity requirements align with the small office design.
The data center designs will differ substantially depending on whether the location is on campus or remote.
A remote branch with a data center becomes the enterprise campus.
Correct Answer: C
Section: A
Explanation
QUESTION 24
A global corporation has an internal network with the following characteristics:
- 2,000,000+ hosts
- 10,000 + routers
- Internal connectivity
- high traffic volumes with business partners and customers
Which statement best describes what a flexible IPv6 strategy would look like for this
corporation?
A.
B.
C.
D.
Both hosts and routers would run dual stack
Hosts would run IPv4 and routers would run native IPv6
Hosts would run dual stack and routers would run IPv4 only
Hosts would run IPv6 and routers would run native IPv6
Correct Answer: A
Section: A
Explanation
Dual-stack is the preferred, most versatile way to deploy IPv6 in existing IPv4
environments. IPv6 can be enabled wherever IPv4 is enabled along with the associated features
required to make IPv6 routable, highly available, and secure. In some cases, IPv6 is not enabled
on a specific interface or device because of the presence of legacy applications or hosts for which
IPv6 is not supported. Inversely, IPv6 may be enabled on interfaces and devices for which IPv4
support is no longer needed.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/CampIPv6.html#wp389920
Exam B
QUESTION 1
In terms of remote office design, which one of these statements is a characteristics
only of a small remote office (up to 50 user), and not of medium or remote offices?
A.
B.
C.
D.
Link redundancy to access layer switches is not possible with an integrated design.
A collapsed access and distribution layer is required.
There are no loops in the network design.
Layer 3 services such as DHCP, firewall, and NAT are provided by enterprise campus.
Correct Answer: C
Section: B
Explanation
QUESTION 2
Which two statements about the data Center Aggregation layer are correct? (Choose
two)
A.
B.
C.
D.
Layer 4 through layer 7 services are provided in that layer
STP should never be supported in that layer
That layer is the critical point for control and application services
Layer 2 connectivity is provided in that layer from the data center to the core
Correct Answer: AC
Section: B
Explanation
Data Center aggregation layer connects various network modules together.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html
QUESTION 3
When designing the infrastructure protection portion for the enterprise edge, which
of these solutions would be the most appropriate solution to consider?
A.
B.
C.
D.
802. IX
ACLs in the core layer
Cisco Security MARS
AAA
Correct Answer: D
Section: B
Explanation
Security in the Enterprise Edge
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
QUESTION 4
What is primary consideration when choosing a routed network design over a
traditional campus network design?
A.
B.
C.
D.
Layer 3 service support at the network edge
the routing protocol choice: open (OSPF) or proprietary (EIGRP)
the routing abilities of the host devices
the need to control the broadcast domains within the campus core
Correct Answer: A
Section: B
Explanation
Layer 3 ability at network edge should be available to leverage the benefits of routed
network design.
QUESTION 5
When selecting which hardware switches to use throughout an enterprise campus
switched network, which consideration is not relevant?
A.
B.
C.
D.
whether data link layer switching based the MAC address is required
the number of shared media segments
which infrastructure service capabilities are required
whether to support Layer 3 services at the network edge.
Correct Answer: B
Section: B
Explanation
Shared media are not used in modern networks; all links are operating full-duplex
QUESTION 6
Layer 2 switching is exclusively used in which Enterprise Campus Module layer?
A.
B.
C.
D.
E.
Server Farm
Campus Core
Building Access
Building Distribution
Internet Connectivity
Correct Answer: C
Section: B
Explanation
Access layer provides network connectivity to end users which is layer 2 in nature.
Link: http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/campover.html#wp708780
QUESTION 7
Which one of these statements describes why, from a design perspective, a managed
VPN approach for enterprise teleworkers is a most effective?
A. A managed VPN solution uses a cost effective, on-demand VPN tunnel back to the enterprise
B. This solution supports all teleworkers who do not require voce or video
C. This architecture provides centralized management where the enterprise can apply security policies and
push configurations.
D. It provides complete flexibility for remote access through a wireless hotspot or a guest network at a host, in
addition to a home office.
Correct Answer: C
Section: B
Explanation
Here is the answer from the Cisco Certification guide.
Enterprise Teleworker Design
Enterprise teleworkers need to be differentiated from the occasional remote worker. The full-time
enterprise teleworker has more extensive application access and requirements than the
occasional remote worker. Occasionally, remote users connect to the corporate network at a
hotspot, but generally they do not have the same application demands of an enterprise teleworker.
Generally, enterprise teleworkers connect to a local ISP through a cable or DSL connection in their
residence.’
The Cisco Virtual Office Solution for the Enterprise Teleworker is implemented using the Cisco
800 series ISRs. Each ISR has integrated switch ports that then connect to the user’s broadband
connection. The solution uses a permanent always-on IPsec VPN tunnel back to the corporate
network. This architecture provides for centralized IT security management, corporate-pushed
security policies, and integrated identity services. In addition, this solution supports the enterprise
teleworker needs through advanced applications such as voice and video. For example, the
enterprise teleworker can take advantage of toll bypass, voicemail, and advanced IP phone
features not available in the PSTN.
QUESTION 8
For which network scenario is static routing most appropriate?
A.
B.
C.
D.
parallel WAN links
IPSec VPN
expanding networks
hierarchical routing
Correct Answer: B
Section: B
Explanation
IPSec VPN are point to point connections and works easily with static routes.
Link: CCDA Self Study GuidE. Diane Teare
QUESTION 9
Your company's Cisco routers are operating with EIGRP. You need to join networks
with an acquisition's heterogeneous routers at 3 sites, operating with EIGRP and
OSPF. Which describes the best practice for routing protocol deployment?
A.
B.
C.
D.
E.
F.
apply OSPF throughout both networks
apply one-way redistribution exclusively at each location
apply two way redistribution exclusively at each location
apply two-way redistribution at each location with a route filter at only one location
apply two-way redistribution at each location with a route filter at each location
apply EIGRP with the same autonomous system throughout both networks
Correct Answer: E
Section: B
Explanation
Without filters there is possibility of routing loops.
Link: http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009487e.shtml
QUESTION 10
When considering the enterprise campus design, which network application category
most influences the network design?
A.
B.
C.
D.
peer-to-peer
client-local server
client-enterprise edge server
client-server farm
Correct Answer: D
Section: B
Explanation
There should be considerations about traffic flow between client and servers.
Link:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0
/BN_Campus_Models.html
QUESTION 11
When designing the wireless portion of an enterprise campus network, which one of
these statements should serve as a strict guideline?
A. Wireless controllers should be distributed throughout the building distribution layers
B. Dynamic controller redundancy, where the access points attempt to join the least loaded controller, is a
best-practice approach.
C. Wireless controllers should be centralized in the core layer
D. To improve the RF coverage, the controllers of any building should be put in the same mobility group.
Correct Answer: C
Section: B
Explanation
QUESTION 12
When designing using the Cisco Enterprise Architecture, in which Enterprise Campus
layer does the remote Access and VPN module establish its connection?
A.
B.
C.
D.
Building Access
Campus Core
Enterprise Branch
Enterprise Data Center
Correct Answer: B
Section: B
Explanation
All the modules must end up in the core for optimized routing & switching across the
network modules.
Link:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Campus/Borderless_Campus_Network_1.0
/BN_Campus_Technologies.html
QUESTION 13
Which one of these statements best describes the challenge of the designer when
dealing with IP routing?
A. OSPF supports fast convergence does not require periodic routing table updates, so the optional network
design is best simplified with the network as a single backbone area.
B. Manual summarization is limited to ABRs and ASBRs, therefore the designer must pay strict attention to the
EIGRP topology.
C. EIGRP, as a proprietary protocol, has special challenges when dealing with networks deployed with IPv6.
D. Effective scalability with OSPF requires the designer to pay strict attention to the hierarchical network
structure, localizing topology changes.
Correct Answer: D
Section: B
Explanation
OSPF demands modular design, multiple areas for functioning optimally.
Link: http://www.cisco.com/en/US/tech/tk365/technologies_white_paper09186a0080094e9e.shtml
QUESTION 14
When designing the identity and access control portions for the enterprise campus
network, which of these solutions would be the most appropriate solution to
consider?
A.
B.
C.
D.
802.1x
Cisco Security MARS
NetFlow
Correct Answer: A
Section: B
Explanation
QUESTION 15
DataQuirk is a web-based medical transcription company for exotic-animal
veterinarians. The company recently added a third ISP for international business.
They are organizing the enterprise network into a fully operational Enterprise Edge.
To which two modules will the three ISPs be directly related? (Choose two.)
A.
B.
C.
D.
E.
F.
PSTN
E-commerce
WAN/MAN
Edge Distribution
internet Connectivity
Remote Access VPN
Correct Answer: BE
Section: B
Explanation
The purpose of ISP link is for serving customers & it is also providing internet
connectivity to internal & external users, thus it falls into above 2 categories.
Link: http://leaman.org/ccna4/Chap_1.pdf
QUESTION 16
The enterprise campus core layer has requirements that are unique from the
distribution and access layers. Which of the following is true about the core layer?
A. The core layer provides convergence using Layer 2 and Layer 3 services and features.
B. The core layer provides high availability to support the distribution layer connections to the enterprise edge.
C. The campus core layer is optional.
D. The core layer requires high performance to manage the traffic policing across the backbone.
Correct Answer: C
Section: B
Explanation
QUESTION 17
When designing the threat detection and mitigation portion for the enterprise data
center network, which of the following would be the most appropriate solution to
consider?
A.
B.
C.
D.
802.1X
Cisco Security MARS
Cisco Firewall Services Module
Correct Answer: C
Section: B
Explanation
QUESTION 18
Select and Place:
Correct Answer:
Section: B
Explanation
I changed this answer to reflect CCDP explanation:
■ Layer 2 loop-free design: In this design, the access switches use Layer 2 switching.
The links between the access and distribution layers are configured as Layer 2 trunks.
The link between the distribution switches is configured as a Layer 3 routed link. An
EtherChannel is typically used for this link to increase availability. In this design,
there are no Layer 2 loops in the access-distribution block, which means that the
Spanning Tree Protocol is not involved in network convergence and load balancing.
All the ports are in the spanning-tree Forwarding state. Load balancing of the traffic
from the access to the distribution layer is based on the First Hop Router Protocol
(FHRP) that is used in this design. Reconvergence time in the case of failure is driven
primarily by FHRP reconvergence. A limitation of this solution is that it is optimal for
networks where each access layer VLAN can be constrained to a single access switch.
Stretching VLANs across multiple access switches is not recommended in this design.
■ Layer 2 looped design: The Layer 2 looped design also uses Layer 2 switching on
the access layer, and the links between the access and distribution switches are also
configured as Layer 2 trunks. However, unlike the Layer 2 loop-free design, the link
between the distribution switches is configured here as a Layer 2 trunk. This configuration
introduces a Layer 2 loop between the distribution switches and the access
switches. To eliminate this loop from the topology, the Spanning Tree Protocol
blocks one of the uplinks from the access switch to the distribution switches. This
design is recommended for networks that require an extension of VLANs across
multiple access switches. A drawback is that network convergence in the case of failure
is now dependent on spanning-tree convergence that is combined with FHRP
convergence. Another downside is limited load balancing. PVST root election tuning
can be used to balance traffic on a VLAN-by-VLAN basis. However, within each
VLAN, spanning tree always blocks one of the access switch uplinks.
■ Layer 3 routed design: The Layer 3 routed design uses Layer 3 routing on the access
switches. All links between switches are configured as Layer 3 routed links. The advantage
of this design is that it eliminates the Spanning Tree Protocol from the interswitch
links. It is still enabled on edge ports to protect against user-induced loops,
but it does not play a role in the network reconvergence in the access-distribution
block. FHRPs are also eliminated from the design, because the default gateway for
the end hosts now resides on the access switch instead of on the distribution switch.
Network reconvergence behavior is determined solely by the routing protocol being
used. Like the Layer 2 loop-free design, the Layer 3 routed design constrains VLANs
to a single access switch. Also, this design does not allow VLANs to be extended
across multiple access switches, and it requires more sophisticated hardware for the
access switches.
This WAS answer !!!!!
Layer 2 between distribution and access layers, with a Layer 3 link between the distribution
switches
-> Support Layer 2 VLANs spanning multiple access layer switches across the distribution
switches
switches
-> FHRP for convergence, no VLANs span between access layer switches across the distribution
switches
VSS -> Convergence (FHRP) is not an issue
QUESTION 19
RST Corporation is planning to upgrade its current network. The chief technology
officer has supplied a topology diagram and an IP addressing scheme of the current
network during an interview.
RST has been growing at about twenty percent per year. It has been difficult to
maintain customer support at a satisfactory level. Therefore, the RST board has met
with and directed the chief technology officer to look into network improvements.
Which two items are most relevant in documenting RST's business requirements?
(Choose two.)
A.
B.
C.
D.
E.
existing network topologies
network performance requirements
the IP addresses assigned by the ISP
improved customer support requirements
projected growth estimates
Correct Answer: DE
Section: B
Explanation
■ Growth of applications: Customers continue to ask for new products, service offerings,
improved customer service, greater security, and customization flexibility—all
at a lower cost.
QUESTION 20
Which two design criteria require VLANs in a proposed solution? (Choose two.)
A.
B.
C.
D.
E.
F.
the segmenting of collision domains
a limited corporate budget
the use of multivendor equipment
security between departments
video streaming on the LAN
the segmenting of broadcast domains
Correct Answer: DF
Section: B
Explanation
QUESTION 21
Which three factors best justify WAN link redundancy between geographically
dispersed sites? (Choose three.)
A.
B.
C.
D.
E.
F.
high expense of transmitting data
important traffic flows
excessive packet transmission rate
uncertain reliability
high link utilization
lack of speed
Correct Answer: BDF
Section: B
Explanation
WAN Backup Design
Redundancy is critical in WAN design for the remote site because of the unreliable nature of WAN
links, when compared to LANs that they connect. Most enterprise edge solutions require high
availability between the primary and remote site. Because WAN links have lower reliability and
lack bandwidth, they are good candidates for most WAN backup designs.
Branch offices should have some type of backup strategy in the event of a primary link failure.
Backup links can be either dialup, permanent WAN, or Internet-based connections.
WAN backup options are as follows:
QUESTION 22
The topology map in the draft design document should cover which two layers of the
OSI model? (Choose two.)
A. session
B.
C.
D.
E.
F.
data link
transport
application
physical
network
Correct Answer: EF
Section: B
Explanation
QUESTION 23
In a Cisco CatOS switch, what is the recommended practice when configuring switchto-switch intercommunications to carry multiple VLANs for Dynamic Trunk Protocol?
A.
B.
C.
D.
E.
F.
auto to auto_negotiate
disable Dynamic Trunk Protocol when operating in the distribution layer
auto to auto_no_negotiate
desirable to desirable_no_negotiate
on to on_negotiate
desirable to desirable_negotiate
Correct Answer: E
Section: B
Explanation
Access Layer Best Practices
When designing the building access layer, you must consider the number of users or ports
required to size up the LAN switch. Connectivity speed for each host should also be considered.
Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or
port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should be
considered. The following are recommended best practices for the building access layer:
QUESTION 24
What are the two most likely driving forces motivating businesses to integrate voice
and data into converged networks? (Choose two.)
A.
B.
C.
D.
E.
Voice networks cannot carry data unless the PRI circuits aggregate the BRI circuits.
Their PSTNs cannot deploy features quickly enough.
Data, voice, and video cannot converge on their current PSTN structures.
Voice has become the primary traffic on networks.
WAN costs can be reduced by migrating to converged networks.
Correct Answer: CE
Section: B
Explanation
VoIP
VoIP provides transport of voice over the IP protocol family. IP makes voice globally available
regardless of the data-link protocol in use (Ethernet, ATM, Frame Relay). With VoIP, enterprises
do not have to build separate voice and data networks. Integrating voice and data into a single
converged network eliminates duplicate infrastructure, management, and costs.
Figure 14-7 shows a company that has separate voice and data networks. Phones connect to
local PBXs, and the PBXs are connected using TDM trunks. Off-net calls are routed to the PSTN.
The data network uses LAN switches connected to WAN routers. The WAN for data uses Frame
Relay. Separate operations and management systems are required for these networks. Each
system has its corresponding monthly WAN charges and personnel, resulting in additional costs.
With separate voice and data networks,
Figure 14-7 Separate Voice and Data Networks
QUESTION 25
Which two statements best describe the implementation of Overlay VPN connectivity for remote access in the
Enterprise Edge WAN module? (Choose two.)
A.
B.
C.
D.
E.
Bandwidth is provisioned on a site-to-site basis.
It uses dedicated point-to-point links.
Optimum routing between customer sites requires a full mesh of virtual circuits.
It must use Layer 2 labels to forward packets
The ISP actively participates in customer routing.
Correct Answer: AC
Section: B
Explanation
Network-Layer VPNs
The network layer in the TCP/IP protocol suite consists of the IP routing system—how reachability
information is conveyed from one point in the network to another. There are a few methods to
construct VPNs within the network layer; each is examined in the following paragraphs. A brief
overview of non-IP VPNs is provided in Part II of this article.A brief overview of the differences in
the "peer" and "overlay" VPN models is appropriate at this point. Simply put, the "peer" VPN
model is one in which the network-layer forwarding path computation is done on a hop-by-hop
basis, where each node in the intermediate data transit path is a peer with a next-hop node.
Traditional routed networks are examples of peer models, where each router in the network path is
a peer with its next-hop adjacencies. Alternatively, the "overlay" VPN model is one in which the
network-layer forwarding path is not done on a hop-by-hop basis, but rather, the intermediate linklayer
network is used as a "cut-through" to another edge node on the other side of a large cloud.
Examples of "overlay" VPN models include ATM, Frame Relay, and tunneling
implementations.Having drawn these simple distinctions between the peer and overlay models, it
should be noted that the overlay model introduces some serious scaling concerns in cases where
large numbers of egress peers are required because the number of adjacencies increases in
direct proportion to the number of peers—the amount of computational and performance overhead
required to maintain routing state, adjacency information, and other detailed packet forwarding and
routing information for each peer becomes a liability in very large networks. If all the egress nodes
in a cut-through network become peers in an effort to make all egress nodes one "Layer 3" hop
away from one another, the scalability of the VPN overlay model is limited quite remarkably.
The Internet Protocol Journal - Volume 1, No. 1
What Is a VPN? - Part I
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-1/what_is_a_vpn.html
QUESTION 26
A manufacturing company has decided to add a website to enhance sales. The web servers in the ECommerce module must be accessible without compromising network security. Which two design
recommendations can be made to meet these requirements? (Choose two.)
A.
B.
C.
D.
E.
Move the E-Commerce servers to the WAN module.
Use intrusion detection on the E-Commerce server farm.
Limit the number of incoming connections to the E-Commerce module.
Use private and public key encryption.
Place E-Commerce servers and application servers on isolated LANs (DMZs).
Correct Answer: BE
Section: B
Explanation
QUESTION 27
Which two statements represent advantages that the top-down network design
process has over the bottom-up network design process? (Choose two.)
A.
B.
C.
D.
E.
utilizes previous experience
identifies appropriate technologies first
is able to provide the big picture
takes less time to design a network
provides a design for current and future development
Correct Answer: CE
Section: B
Explanation
By incorporating the organization’s requirements, the top-down network design process provide
the big picture that meets current and future requirements.
QUESTION 28
Which two statements about IPv6 addresses are true? (Choose two.)
A.
B.
C.
D.
Two colons (::) are used to represent successive hexadecimal fields of zeros.
Leading zeros are required.
Two colons (::) are used to separate fields.
A single interface will have multiple IPv6 addresses of different types.
Correct Answer: AD
Section: B
Explanation
QUESTION 29
Select and Place:
Correct Answer:
Section: B
Explanation
Added a different D & D based on Secur Tut CCDA V2.1 Experience
SO IGNORE THIS ONE EXAM F
Q14
Original answer was:
Cisco Unified Communication System -> Cisco Nexus1000 and Enforcing vm Security
VSAN/VLAN -> Network and Server Virtualization
Data Center Virtualization -> Pending
ARCH guide shows for 1000V:
Virtualization: The Cisco VN-Link technology provides virtual machine-aware network
services. This technology is used in the Cisco Nexus 1000V Distributed Virtual Switch,
which integrates into the VMware vSphere virtualization platform.
Other virtualization technologies that are supported in the Cisco Nexus family of
switches are virtual port channels (vPC) and virtual device contexts (VDC).
Exam C
QUESTION 1
Characterizing an existing network requires gathering as much information about the
network as
possible. Which of these choices describes the preferred order for the informationgathering
process?
A.
B.
C.
D.
site and network audits, traffic analysis, existing documentation and organizational input
existing documentation and organizational input, site and network audits, traffic analysis
traffic analysis, existing documentation and organizational input, site and network audits
site and network audits, existing documentation and organizational input, traffic analysis
Correct Answer: B
Section: C
Explanation
This section describes the steps necessary to characterize the existing network infrastructure
and all sites. This process requires three steps:
Step 1. Gather existing documentation about the network, and query the organization
to discover additional information. Organization input, a network audit,
and traffic analysis provide the key information you need. (Note that existing
documentation may be inaccurate.)
Step 2. Perform a network audit that adds detail to the description of the network. If
possible, use traffic-analysis information to augment organizational input
when you are describing the applications and protocols used in the network.
Step 3. Based on your network characterization, write a summary report that
describes the health of the network. With this information, you can propose
hardware and software upgrades to support the network requirements and the
organizational requirements.
QUESTION 2
Which of the following is a component within the Cisco Enterprise Campus module?
A.
B.
C.
D.
E.
Teleworker
E-Commerce
WAN/MAN Site-to-Site VPN
Correct Answer: D
Section: C
Explanation
QUESTION 3
Which three types of WAN topologies can be deployed in the Service Provider
Module? (Choose
three.)
A.
B.
C.
D.
E.
F.
ring
star
full mesh
core/edge
collapsed core
partial mesh
Correct Answer: BCF
Section: C
Explanation
QUESTION 4
You need to connect to a remote branch office via an Internet connection. The remote
office does
not use Cisco equipment. This connection must be secure and must support OSPF.
Which of the following can be used to transport data to the branch office?
A.
B.
C.
D.
GRE over IPsec
IPsec
GRE
IPsec VTI
Correct Answer: A
Section: C
Explanation
QUESTION 5
When designing an EIGRP network, which two things should you take into
consideration?
(Choose two.)
A.
B.
C.
D.
E.
ASN and K values must match
The neighbor command can be used to enable unicast communication.
The neighbor diameter cannot exceed a 15-hops limit.
NSSA areas can be used to redistribute external routes.
Neighbor relationship can be established with non-Cisco routers.
Correct Answer: AB
Section: C
Explanation
QUESTION 6
Identify the three items that pertain to EIGRP. (Choose three.)
A.
B.
C.
D.
Can use multiple unequal paths
Routes are redistributed as type 2 by default.
ASN and K values must match to form neighbors.
Uses multicast address 224.0.0.9 for updates.
E. Exchanges full routing table every 30 seconds.
F. Summary routes have AD of 90.
G. External routes have AD of 170.
Correct Answer: ACG
Section: C
Explanation
QUESTION 7
Which two are characteristics of a Lightweight Access Point? (Choose two.)
A.
B.
C.
D.
E.
managed via a central wireless LAN controller
code upgrade performed via a TFTP server
CAPWAP tunnels
managed directly via CLI or web interface
facilitates the creation of its own WLANs and port mappings
Correct Answer: AC
Section: C
Explanation
Cisco Unified Wireless Network (UWN) architecture, Control
and Provisioning for Wireless Access Point (CAPWAP), WLAN controller components,
roaming, and mobility groups. Cisco UWN components provide scalable WLAN solutions
using WLAN controllers to manage LWAPs. The CCDA must understand how these
components work with each other, how they scale, and how roaming and mobility
groups work.
QUESTION 8
What are three key areas that need to be considered when designing a remote data
center?
(Choose three.)
A.
B.
C.
D.
E.
F.
G.
power diversity
active directory services
Cisco IOS versions
data storage
applications
user access
packet routing
Correct Answer: ADE
Section: C
Explanation
QUESTION 9
Which is the North American RIR for IPv4 addresses?
A.
B.
C.
D.
E.
RIPE
ARIN
IANA
IEEE
APNIC
Correct Answer: B
Section: C
Explanation
QUESTION 10
What is the most compact representation of the following IPv6 address?
2001:db8:0000:0000:cafe:0000:0000:1234
A.
B.
C.
D.
2001:db8::cafe::1234
2001:db8::cafe:0000:0000:1234
2001:db8:0:0:cafe::1234
2001:db8::cafe:0:1234
Correct Answer: C
Section: C
Explanation
QUESTION 11
Where in the Cisco Enterprise Architecture model does network management reside?
A.
B.
C.
D.
E.
Enterprise data center module
Enterprise campus module
Enterprise edge module
Service Provider edge module
Service Provider data center module
Correct Answer: B
Section: C
Explanation
QUESTION 12
Which voice codec should you use in order to provide toll quality calls?
A.
B.
C.
D.
G.711
G.718
G.722
G.729
Correct Answer: A
Section: C
Explanation
QUESTION 13
Which three statements are true regarding the virtual interface on a Cisco Wireless
LAN
Controller? (Choose three.)
A.
B.
C.
D.
E.
supports mobility management
serves as a DHCP relay
used for all controller to AP communication
supports embedded Layer 3 security
default for out-of-band management
F. default for in-band management
G. provides connectivity to AAA servers
Correct Answer: ABD
Section: C
Explanation
■ Virtual interface (static, configured at setup, mandatory) is used for Layer 3 security
authentication, DHCP relay support, and mobility management.
QUESTION 14
When there is a need for immunity to EMI for connecting locations that are greater
than 100
meters apart, which two solutions can be utilized? (Choose two.)
A.
B.
C.
D.
E.
F.
multimode fiber
Fibre Channel
HVDC transmission lines
single-mode fiber
serial RS-232
Gigabit Ethernet 1000BASE-CX
Correct Answer: AD
Section: C
Explanation
QUESTION 15
What does the Cisco SLM define as the component used to specify expected
performance between a pair of devices connected by a network?
A.
B.
C.
D.
CM
SLC
SLA
SAA
Correct Answer: C
Section: C
Explanation
QUESTION 16
For the following options, which International Telecommunication Union (ITU)
standard provides a framework for multimedia protocols for the transport of voice,
video, and data over packet- switched networks?
A. Weighted fair queuing (WFQ)
B. H.323
C. Voice over IP (VoIP)
D. Session Initiation Protocol (SIP)
Correct Answer: B
Section: C
Explanation
VoIP Control and Transport Protocols
A number of different protocols are used in a VoIP environment for call control, device
provisioning, and addressing.
Figure 14-15 shows those protocols focused on VoIP control and transport.
Some of the most significant protocols are
Dynamic Host Configuration Protocol (DHCP): Used to provide device configuration
parameters such as IP configuration (address, subnet mask, default gateway) and TFTP servers
(via DHCP option 150).
TFTP: To obtain ring tones, backgrounds, configuration files, and firmware files.
Skinny Client Control Protocol (SCCP): Used for call control for Cisco IP phones (Cisco
proprietary).
Real-time Transport Protocol (RTP): For voice stream (VoIP) station-to-station traffic in an
active call.
Real-time Transport Control Protocol (RTCP): For RTP control and reporting (accompanying
stream to RTP between endpoints).
Media Gateway Control Protocol (MGCP): A client/server protocol for control of endpoints and
gateways. In the MGCP model, intelligence resides on the call agent (server), and the device is
controlled by the agent.
H.323: An ITU standard for VoIP networks that is a peer-to-peer system (call processing logic is
local to each device) used for gateways and endpoints.
Session Initiation Protocol (SIP): A standard for VoIP networks defined by the IETF and used
for gateways and endpoints. SIP is feature rich (native IM, presence, and video support),
lightweight, and designed for easy troubleshooting (ASCII-based messages).
QUESTION 17
How often does a RIPv1 router broadcast its routing table by default?
A. Every 90 seconds.
B. Every 30 seconds.
C. Every 60 seconds.
D. RIPv1 does not broadcast periodically.
Correct Answer: B
Section: C
Explanation
Distance-Vector Routing Protocols
The first IGP routing protocols introduced were distance-vector routing protocols.
They used the
Bellman-Ford algorithm to build the routing tables. With distance-vector routing
protocols, routes
are advertised as vectors of distance and direction. The distance metric is usually
router hop
count. The direction is the next-hop router (IP address) toward which to forward the
packet. For
RIP, the maximum number of hops is 15, which can be a serious limitation, especially
in large
nonhierarchical internetworks.
Distance-vector algorithms call for each router to send its entire routing table to only
its immediate
neighbors. The table is sent periodically (30 seconds for RIP). In the period between
advertisements, each router builds a new table to send to its neighbors at the end of
the period.
Because each router relies on its neighbors for route information, it is commonly said
that
distance-vector protocols “route by rumor.”
Having to wait half a minute for a new routing table with new routes is too long for
today’s
networks. This is why distance-vector routing protocols have slow convergence.
RIPv2 and RIPng can send triggered updates—full routing table updates sent before
the update
timer has expired. A router can receive a routing table with 500 routes with only one
route change,
which creates serious overhead on the network (another drawback). Furthermore,
RFC 2091
updates RIP with triggered extensions to allow triggered updates with only route
changes. Cisco
routers support this on fixed point-to-point interfaces.
The following is a list of IP distance-vector routing protocols:
QUESTION 18
Which H.323 protocol is in charge of call setup and signaling?
A.
B.
C.
D.
RTCP
H.245
G.711
H.225
Correct Answer: D
Section: C
Explanation
QUESTION 19
What is the reason for switching preferred on shared segments?
A.
B.
C.
D.
Switched segments provide a collision domain for each host.
Switched segments provide a broadcast domain for each host
Shared segments provide a broadcast domain for each host.
Shared segments provide a collision domain for each host.
Correct Answer: A
Section: C
Explanation
Switches usam circuitos integrados especializados para reduzir a latência comum
pontes regulares.
Switches são a evolução de pontes. Alguns switches podem funcionar em modo cutthrough, onde o
interruptor não esperar por toda a moldura para entrar no tampão, em vez disso, ele
começa a encaminhar o quadro
logo que termina de ler o endereço MAC de destino. Cut-through operação aumenta a
probabilidade de que os quadros com erros são propagados na rede, porque a frente
da armação
antes de todo o quadro é tamponado e marcada por erros. Devido a estes problemas,
a maioria
interruptores hoje realizar operação store-and-forward como pontes fazer. Switches
são exatamente os mesmos
como pontes com relação às características do domínio de colisão e domínio de
transmissão. Cada porta de uma
switch é um domínio de colisão separado. Por padrão, todas as portas em um switch
estão na mesma transmissão
domínio. Atribuição para mudanças diferentes VLANs comportamento.
QUESTION 20
SNMP is short for Simple Network Management Protocol. Which version or versions
of SNMP specify security extensions as part of the protocol definition?
A.
B.
C.
D.
SNMPv2
SNMPv4
SNMPv3
SNMPv1
Correct Answer: C
Section: C
Explanation
QUESTION 21
Which layer is in charge of fast transport in the hierarchical network model?
A.
B.
C.
D.
Network
Distribution
Access
Core
Correct Answer: D
Section: C
Explanation
Table Cisco Enterprise Architecture Model
Table Cisco Enterprise Architecture Mode
QUESTION 22
Which is the maximum segment distance for Fast Ethernet over unshielded twistedpair (UTP)?
A.
B.
C.
D.
285 feet
100 feet
500 feet
100 meters
Correct Answer: D
Section: C
Explanation
100BASE-TX
100BASE-TX is the predominant form of Fast Ethernet, and runs over two wire-pairs
inside a
category 5 or above cable (a typical category 5 cable contains 4 pairs and can
therefore support
two 100BASE-TX links). Like 10BASE-T, the proper pairs are the orange and green
pairs
(canonical second and third pairs) in TIA/EIA-568-B's termination standards, T568A or
T568B.
These pairs use pins 1, 2, 3 and 6.
In T568A and T568B, wires are in the order 1, 2, 3, 6, 4, 5, 7, 8 on the modular jack at
each end.
The color-order would be green/white, green, orange/white, blue, blue/white, orange,
brown/white,
brown for T568A, and orange/white, orange, green/white, blue, blue/white, green,
brown/white,
brown for T568B.
Each network segment can have a maximum distance of 100 meters (328 ft). In its
typical
configuration, 100BASE-TX uses one pair of twisted wires in each direction, providing
100 Mbit/s
of throughput in each direction (full-duplex). See IEEE 802.3 for more details.
The configuration of 100BASE-TX networks is very similar to 10BASE-T. When used
to build a
local area network, the devices on the network (computers, printers etc.) are typically
connected to
a hub or switch, creating a star network. Alternatively it is possible to connect two
devices directly
using a crossover cable.
With 100BASE-TX hardware, the raw bits (4 bits wide clocked at 25 MHz at the MII) go
through
4B5B binary encoding to generate a series of 0 and 1 symbols clocked at 125 MHz
symbol rate.
The 4B5B encoding provides DC equalization and spectrum shaping (see the
standard for details).
Just as in the 100BASE-FX case, the bits are then transferred to the physical medium
attachment
layer using NRZI encoding. However, 100BASE-TX introduces an additional, medium
dependent
sublayer, which employs MLT-3 as a final encoding of the data stream before
transmission,
resulting in a maximum "fundamental frequency" of 31.25 MHz. The procedure is
borrowed from
the ANSI X3.263 FDDI specifications, with minor discrepancies.
QUESTION 23
What is important for the top-down design concept?
A.
B.
C.
D.
Engagement of the HR representatives during the design process
Engagement of the top executives during the design process
Engagement of the employees working on the top floors in the building during the design process
Engagement of the top executives once the design process is finalized
Correct Answer: B
Section: C
Explanation
QUESTION 24
Which method will be used to secure a network against man-in-the-middle attack?
A.
B.
C.
D.
Two-factor authentication
Management module
Encryption
Firewall
Correct Answer: C
Section: C
Explanation
QUESTION 25
Which option is not valid for using the public Internet as a backup WAN medium?
A.
B.
C.
D.
IP Security (IPSec) tunnels
Shared PVC
IP routing without constraints
Generic Routing Encapsulation (GRE) tunnels
Correct Answer: B
Section: C
Explanation
The Internet as a WAN Backup Technology
This section describes the Internet as an alternative option for a failed WAN connection. This type
of connection is considered best-effort and does not guarantee any bandwidth. Common methods
for connecting noncontiguous private networks over a public IP network include the followinG.
The following sections describe these methods.
Routing Without Constraints
When relying on the Internet to provide a backup for branch ofces, a company must fully
cooperate with the ISP and announce its networks. The backup network—the Internet—therefore
becomes aware of the company’s data, because it is sent unencrypted.
Layer 3 Tunneling with GRE and IPsec
Layer 3 tunneling uses a Layer 3 protocol to transport over another Layer 3 network. Typically,
Layer 3 tunneling is used either to connect two noncontiguous parts of a non-IP network over an
IP network or to connect two IP networks over a backbone IP network, possibly hiding the IP
addressing details of the two networks from the backbone IP network. Following are the two Layer
3 tunneling methods for connecting noncontiguous private networks over a public IP network:
GRE enables simple and exible deployment of basic IP VPNs. Deployment is easy; however,
tunnel provisioning is not very scalable in a full-mesh network because every point-to-point
association must be dened separately. The packet payload is not protected against sniffing and
unauthorized changes (no encryption is used), and no sender authentication occurs.
Using GRE tunnels as a mechanism for backup links has several drawbacks, including
administrative overhead, scaling to large numbers of tunnels, and processing overhead of the
GRE encapsulation.
Following are some features of IPsec:
Authorized Self-Study Guide Designing for Cisco Internetwork Solutions (DESGN), Second Edition
QUESTION 26
What is ASBR short for?
A.
B.
C.
D.
Area Border Router
Auxiliary System Border Router
Area System Border Router
Autonomous System Boundary Router
Correct Answer: D
Section: C
Explanation
ASBR (Autonomous System Boundary Router) - Connects the OSPF backbone to external
networks.
Routers that inject external LSAs into the OSPF database (redistribution).
Table, Major LSA Types
Type
Description
Internal Router
Any router whose interfaces all belong to the same OSPF area. These routers keep only one linkstate
database.
ABR
Routers that are connected to more than one area. These routers maintain a link-state database
for each area they belong to. These routers generate summary LSAs.
ASBR
Routers that inject external LSAs into the OSPF database (redistribution). These external routes
are learned via either other routing protocols or static routes.
Backbone router
Routers with at least one interface attached to Area 0.
Tip: An OSPF router can be an ABR, an ASBR, and a backbone router at the same time. The
router is an ABR if it has an interface on Area 0 and another interface in another area. The router
is a backbone router if it has one or more interfaces in Area 0. The router is an ASBR if it
redistributes external routes into the OSPF network.
QUESTION 27
Which advantage is of security systems that are part of the Cisco ecosystem?
A.
B.
C.
D.
There is a suite of products to choose from.
Various partners as well as supporting products increase the effectiveness of security systems.
There are no advantages.
The Cisco ecosystem ensure that partners can implement the solution.
Correct Answer: B
Section: C
Explanation
A Cisco Service Provider ecossistema foi criado para ajudar a Cisco, eo nosso
fornecedor
clientes a capitalizar sobre as grandes oportunidades de mercado criadas pelo
circuito para a transição de pacotes.
Nós temos uma forte comunidade de melhor em tecnologia e desenvolvimento de
classe parceiros de implantação
que permitem aos provedores de serviços implantar novos serviços inovadores em
suas redes novas ou existentes.
Parceiros da Cisco com integradores de sistemas, integradores de rede e
fornecedores de software independentes
(ISVs), que são líderes em Sistemas de Suporte de Operações e Sistemas de Suporte
ao Negócio para ajudar
Clientes provedores de serviços a gerenciar melhor e alavancar suas redes e
sistemas de apoio.
As vantagens dos Ecossistemas
No único fornecedor pode, eventualmente, oferecer aos prestadores de escolha e
flexibilidade que uma horizontalmente
rede estruturada de parceiros de ecossistema pode proporcionar.
Parceiros do ecossistema são escolhidos por causa de sua experiência no provedor
de serviço OSS
ambiente. Eles podem ser fornecedores de software independentes (ISVs) que
fornecem tais blocos funcionais
como faturamento ou gerenciamento de falhas, ou integradores de sistemas que
integram, projetar e implantar OSS
soluções, ou mesmo as empresas de infra-estrutura que se sentam bem no coração
da rede em termos
de provisionamento de cabeamento e eletrônicos. Todos os parceiros do
ecossistema em toda a EMEA estão sujeitos a
testes de interoperabilidade vigoroso, não apenas com a Cisco hardware e software,
mas também com
produtos complementares e aplicações fornecidas por membros outro ecossistema.
Assim que o teste
foi concluído com sucesso, um determinado produto ou aplicação é dada a Cisco
Verificado
Interoperabilidade produto Mark (VIP), que a distingue no mercado. O teste de
interoperabilidade
é também produto ou aplicação específica revisão, a fim de manter os níveis mais
elevados de
compatibilidade e é necessária antes de cada versão de lançamento do produto
parceiro recebe a Cisco
VIP Mark. Uma área-chave para a Cisco e seus parceiros de ecossistema é a
capacidade de demonstrar suficiente
pré e pós venda suporte para todos os produtos e serviços de qualificação. Todos
EMEA Ecossistema parceiros
têm de satisfazer exigências rigorosas da Cisco antes que eles podem ser
classificados como verdadeiros EMEA-gama
parceiros. A fim de manter esse nível de apoio, todos os parceiros do ecossistema
são credenciados pelo
`Teatro '- EMEA, Ásia-Pacífico, América Latina e América do Norte.
Somente se todas as exigências forem atendidas teatro pode ser qualquer parceiro
realmente classificado como Global.
Da mesma forma que a Cisco se orgulha de seu compromisso com as práticas éticas
em todas as áreas de
empresas, os parceiros dos ecossistemas são obrigados a aderir a claramente
definidas as melhores práticas no que diz respeito
a todos os compromissos com clientes.
É com confiança que os provedores de serviços podem ter certeza de que os níveis
de serviço e compromisso
de qualquer um dos parceiros da Cisco Ecossistema será fornecido com os mais
altos padrões de qualidade.
QUESTION 28
In telephony, the local loop is the physical link or circuit. Where is the local loop
located?
A.
B.
C.
D.
Between the loopback interfaces of two VoIP routers
Between phones and the central office (CO) switch
Between two PBXs
Between two PSTN switches
Correct Answer: B
Section: C
Explanation
QUESTION 29
What does ODR stand for?
A.
B.
C.
D.
Open default routing
Optical demand routing
Open dedicated routing
On-demand routing
Correct Answer: D
Section: C
Explanation
On-Demand Routing (ODR) is an enhancement to Cisco Discovery Protocol (CDP), a
protocol
used to discover other Cisco devices on either broadcast or non-broadcast media.
With the help of
CDP, it is possible to find the device type, the IP address, the Cisco IOS® version
running on the
neighbor Cisco device, the capabilities of the neighbor device, and so on. In Cisco
IOS software
release 11.2, ODR was added to CDP to advertise the connected IP prefix of a stub
router via
CDP. This feature takes an extra five bytes for each network or subnet, four bytes for
the IP
address, and one byte to advertise the subnet mask along with the IP. ODR is able to
carry
Variable Length Subnet Mask (VLSM) information
QUESTION 30
For the following options, which emerging WAN technology uses DSL coding and
digital modulation techniques with Ethernet?
A.
B.
C.
D.
Cable
SMDS
Wireless
Long-Reach Ethernet (LRE)
Correct Answer: D
Section: C
Explanation
Long Reach Ethernet (LRE) was a proprietary networking protocol developed by
Cisco Systems,
intended to support multi-megabit (5 to 15 Mbit/s) performance over telephone-grade
Category
1/2/3 wiring over distances up to 5, 000 feet (1.5 km). Supporting such great
distances, LRE is
technically classified a Metropolitan area network (MAN) technology. Technically the
protocol was
similar to VDSL.
The technology was sometimes referred to as Ethernet in the First Mile (EFM). Several
networking
vendors offered compatible networking hardware, but the technology became
obsolete.
Like standard VDSL, LRE allowed existing telephone wiring that connects an
organization's offices
to be used to network those offices together using standard Ethernet protocol
without incurring the
huge cost of deploying fiber optic cable or limiting organizations to the bandwidth
provided by
modems or xDSL devices.
Other sample applications included Ethernet access to hotel rooms or college
dormitories over
existing installed telephone wiring.
LRE was compatible with VDSL ETSI Band Plan 998.
LRE sold Cisco Catalyst model 2900 switches using Infineon PEF22822/PEB22811
VDSL QAM
(10Base-S) chipset like many other VDSL concentrators.
Cisco announced end-of-sale for the LRE products in October 2006, and its
Explanation: page
was removed from their web site in 2007. VDSL is a comparable or better solution.
QUESTION 31
Which two of these represent a best practice implementation of a Split MAC LWAPP
deployment in a Cisco Unified Wireless Network? (Choose two.)
A. Each wireless client authentication type maps to a unique SSID which in turn maps to a unique VLAN.
B. 802.1Q trunking extends from the wired infrastructure to the access point for translation into SSID(s).
C. 802.1Q trunking extends from the wired infrastructure to a wireless LAN controller for translation into SSID
(s).
D. Each wireless client authentication type maps to a shared SSID which in turn maps to a common shared
VLAN.
E. Each wireless client authentication type maps to a unique SSID which in turn maps to a common shared
VLAN.
F. 802.1Q trunking extends from the wired infrastructure to a wireless LAN controller. Then the 802.1Q packet
is encapsulated in LWAPP and sent to the access point for transmission over the SSID(s).
Correct Answer: AC
Section: C
Explanation
QUESTION 32
Which H.323 protocol controls call setup between endpoints?
A.
B.
C.
D.
RTCP
H.245
H.225
RAS
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
Which Cisco security solution offers protection against "day zero" attacks?
A.
B.
C.
D.
E.
Cisco IOS IPS
Cisco IOS Firewall
Cisco Traffic Anomaly Detector
Cisco Adaptive Security Appliance
Cisco Security Agent
Correct Answer: E
Section: C
Explanation
QUESTION 34
What is the benefit of deploying a gatekeeper in an H.323 IP telephony network?
A.
B.
C.
D.
provides spatial redundancy through the use of HSRP
provides load balancing via GUP when alternate gatekeepers are deployed
reduces configuration complexity by centralizing the dial plan
increases redundancy by allowing each gateway to maintain a copy of the dial plan
Correct Answer: C
Section: C
Explanation
H.323
H.323 is a standard published by the ITU that works as a framework document for multimedia
protocols, including voice, video, and data conferencing, for use over packet-switched networks.
H.323 standards describe terminal (endpoints), gateway, gatekeeper, and multipoint control unit
(MCU) devices to be used in a multimedia network. As shown in Figure 14-20, H.323 includes the
following elements:
Figure 14-20. H.323 Components
Note. With a gatekeeper, each gateway contains a simpler dial plan and connects only to the
gatekeeper.
QUESTION 35
Which two of the following statements represent a preferred wireless LWAPP
implementation? (Choose two.)
A. verify open ports for:
Layer 2 LWAPP on ethertype OxBBBB
Layer 3 LWAPP on UDP 12222 and UDP 12223
B. use of Layer 3 LWAPP is preferred over Layer 2 LWAPP
C. use of Layer 2 LWAPP is preferred over Layer 3 LWAPP
"First Test, First Pass" - www.lead2pass.com 38
Cisco 640-864 Exam
D. verify open ports for:
Layer 2 LWAPP on ethertype OxABAB
Layer 3 LWAPP on TCP 12222 and TCP 12223
E. verify open ports for:
Layer 2 LWAPP on ethertype OxABAB
Layer 3 LWAPP on TCP 12222 and TCP 12223
Correct Answer: AB
Section: C
Explanation
LWAPP
Leve Access Point Protocol (LWAPP) é um projecto Internet Engineering Task Force
(IETF)
padrão para controle de mensagens para configuração, autenticação e operações
entre APs e WLAN
controladores (WLC).
Na RFC LWAPP projecto, mensagens LWAPP controle pode ser transportado na
camada 2 túneis ou
Camada 3 túneis. Camada 2 LWAPP túneis foram o primeiro método desenvolvido em
que os APs não
requerem um endereço IP. A desvantagem de Camada 2 LWAPP era que o WLC
necessários para estar em
cada sub-rede na qual o AP reside. Camada 2 LWAPP é uma solução obsoleta para a
Cisco. camada 3
LWAPP é a solução preferida. Na configuração, Camada 2 ou Camada 3 modos de
transporte pode ser
seleccionado. Quando definido Layer 3, o LWAPP usa endereços IP para se
comunicar com o acesso
pontos; estes endereços IP são coletados a partir de um servidor DHCP obrigatório.
Quando definido para a camada 2, o
LWAPP utiliza código proprietário para se comunicar com os pontos de acesso.
nota
Camada 2 LWAPP túneis usar EtherType código 0xBBBB. Camada 3 LWAPP utiliza as
portas UDP 12222
e
12223.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capítulo 5
Exam D
QUESTION 1
Which three are security services offered through Cisco Router Security? (Choose
three.)
A.
B.
C.
D.
E.
F.
G.
Trust and Identity
Integrated Threat Control
Unified Wireless Network Security Solution
Secure Connectivity
Voice-Messaging Security
Endpoint Security
Virtual Security Gateway
Correct Answer: ABD
Section: D
Explanation
Threat Defense
■ Enabling integrated security in routers, switches, and appliances: Security
techniques enabled throughout the network, not just in point products or locations
Secure Connectivity
VPN Description VPN Name
Use AH and ESP to secure data; requires endpoints have IPsec software Standard IPsec
Secure encrypted point-to-point GRE tunnels; on-demand spoke-tospoke
connectivity
Cisco DMVPN
Enables routing and multicast traffic across an IPsec VPN; non-IP protocol
and QoS support
Cisco GRE-based
VPN
Encryption integration on IP and MPLS WANs; simplifies encryption
management using group keying; any-to-any connectivity Cisco GET VPN
Simplifies hub-and-spoke VPNs; need to reduce VPN management Cisco Easy VPN
Trust
Trust is the relationship between two or more network entities that are permitted to communicate.
Security policy decisions are largely based on this premise of trust. If you are
trusted, you are allowed to communicate as needed. However, sometimes security controls
need to apply restraint to trust relationships by limiting or preventing access to the
designated privilege level. Trust relationships can be explicit or implied by the organization.
Some trust relationships can be inherited or passed down from one system to another.
However, keep in mind that these trust relationships can also be abused.
Identity
Identity is the “who” of a trust relationship. These can be users, devices, organizations, or
all of the above. Network entities are validated by credentials. Authentication of the identity
is based on the following attributes:
■ Something the subject knows: Knowledge of a secret, password, PIN, or private key
■ Something the subject has: Possession of an item such as a token card, smartcard,
or hardware key
■ Something the subject is: Human characteristics, such as a fingerprint, retina scan,
or voice recognition
Generally, identity credentials are checked and authorized by requiring passwords, pins,
tokens, or certificates.
QUESTION 2
Which is the purpose of the Cisco NAC Profiler?
A.
B.
C.
D.
automates discovery and inventory of all LAN attached devices
generates a profile based on username and group
learns and creates a database of virus definitions based on LAN traffic
a database used to map user VPN accounts
Correct Answer: A
Section: D
Explanation
■ Cisco NAC Profiler: Enables network administrators to keep a real-time, contextual
inventory of all devices in a network. It greatly facilitates the deployment and management
of Cisco Network Admission Control (NAC) systems by discovering and
tracking the location and type of all LAN-attached endpoints, including those that
are not capable of authenticating. It also uses the information about the device to
determine the correct policies for NAC to apply.
QUESTION 3
In the enterprise data center, which are the three main components? (Choose three.)
A.
B.
C.
D.
E.
F.
Network Infrastructure
Interactive services
Data Center Management
Internet services
WAN services
VPN and remote access
Correct Answer: ABC
Section: D
Explanation
■ Network infrastructure: Gigabit and 10 Gigabit Ethernet, InfiniBand, optical transport
and storage switching
■ Interactive services: Computer infrastructure services, storage services, security,
application optimization
■ DC management: Cisco Fabric Manager and Cisco VFrame for server and service
management
QUESTION 4
You have a campus network that consists of only Cisco devices. You have been
tasked to
discover the device platforms, the IOS versions, and an IP address of each device to
map the
network. Which proprietary protocol will assist you with this task?
A.
B.
C.
D.
E.
SNMP
TCP
CDP
ICMP
LLDP
Correct Answer: C
Section: D
Explanation
QUESTION 5
Which three modular components are part of the Cisco Enterprise Edge Architecture?
(Choose
three.)
A.
B.
C.
D.
E.
F.
G.
e-commerce module
Internet connectivity module
server farm module
remote access and VPN module
PSTN services module
enterprise branch module
building distribution module
Correct Answer: ABD
Section: D
Explanation
QUESTION 6
Which three solutions are part of the Borderless Network Services? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Wireless
Routing
TrustSec
MediaNet
Switching
EnergyWise
Next-Gen WAN
Correct Answer: CDF
Section: D
Explanation
QUESTION 7
Which two can be used as a branch office WAN solution? (Choose two.)
A.
B.
C.
D.
E.
F.
frame relay
MPLS
Metro Ethernet
GPRS
dial-up modem
3G USB modems
Correct Answer: BC
Section: D
Explanation
frame relay is old 'shared' technology
today's sites use some flavor or Metro E or MPLS/VPN
QUESTION 8
High availability is a key design consideration in the enterprise campus network. In a
fully
redundant topology, which is likely to provide faster IGP convergence during a
failure?
A.
B.
C.
D.
redundant supervisors
redundant supervisors with Cisco Nonstop Forwarding (NSF) and Stateful Switchover (SSO)
single supervisors with tuned IGP timers
single supervisors
Correct Answer: C
Section: D
Explanation
In a fully redundant topology with tuned IGP timers, adding redundant supervisors with
Cisco nonstop forwarding (NSF) and stateful switchover (SSO) may cause longer convergence
times than single supervisors with tuned IGP timers. NSF attempts to maintain the
flow of traffic through a router that has experienced a failure. NSF with SSO is designed
to maintain a link-up Layer 3 up state during a routing convergence event. However,
because an interaction occurs between the IGP timers and the NSF timers, the tuned IGP
timers can cause NSF-aware neighbors to reset the neighbor relationships.
QUESTION 9
Which three options are valid Cisco STP tools used to ensure best-practice access
layer design
for the enterprise campus? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Portfast
UDLD
Root Guard
BPDU Guard
Flex Links
SPAN
EtherChannel
Correct Answer: ACD
Section: D
Explanation
Access layer Limit VLANs to a single closet when possible to provide the most
deterministic and highly available topology.
Use RPVST+ if STP is required. It provides the best convergence.
Set trunks to ON and ON with no-negotiate
Manually prune unused VLANs to avoid broadcast propagation.
Use VTP Transparent mode, because there is little need for a common
VLAN database in hierarchical networks.
Disable trunking on host ports, because it is not necessary. Doing
so provides more security and speeds up PortFast.
Consider implementing routing in the access layer to provide fast
convergence and Layer 3 load balancing.
Use Cisco STP Toolkit, which provides PortFast, Loop Guard, Root
Guard, and BPDU Guard.
QUESTION 10
When designing a WAN backup for voice and video applications, what three types of
connections
should be used? (Choose three.)
A.
B.
C.
D.
E.
F.
G.
Private WAN
internet
ISDN
MPLS
dial-up
ATM
DSL
Correct Answer: ACD
Section: D
Explanation
Critical thing here is voice/video backup for which we need at least 768 KB/s (CCDP)
QUESTION 11
Which two wireless attributes should be considered during a wireless site survey
procedure? (Choose two.)
A.
B.
C.
D.
E.
encryption
channel
authentication
power
SSID
Correct Answer: BD
Section: D
Explanation
RF Site Survey
Semelhante a uma avaliação para um projeto de rede com fio, pesquisas no local de
RF são feitos para
determinar parâmetros de projeto para WLANs e requisitos do cliente. Pesquisas no
local RF ajudar
determinar as áreas de cobertura e verificar se há interferência RF. Isso ajuda a
determinar o apropriado
colocação de APs sem fio.
O site survey RF tem os seguintes passos:
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capítulo
QUESTION 12
Which statement decribes the recommended deployment of DNS and DHCP servers
in the Cisco Enterprise Architecture Model?
A. Place the DHCP and DNS servers in the Enterprise Campus Access layer and Enterprise branch.
B. Place the DHCP and DNS servers in the Enterprise Campus Server Farm layer and Enterprise branch.
C. Place the DHCP server in the Enterprise Campus Core layer and Remote Access/VPN module with the
DNS server in the Internet Connectivity module.
D. Place the DHCP server in the Enterprise Campus Distribution layer with the DNS server in the Internet
Connectivity module.
Correct Answer: B
Section: D
Explanation
Para o Campus Enterprise, servidores DHCP e DNS internos devem estar localizados
em
o Server Farm e eles devem ser redundante. Servidores DNS externos podem ser
colocados de forma redundante
na instalação de provedor de serviços e na filial da empresa
QUESTION 13
The BodMech online fitness organization specializes in creating fitness plans for
senior citizens. The company recently added a health-products retail inventory.
Which E-Commerce module device will allow customers to interact with the company
and purchase products?
A. application server
B. database server
C. public server
D. web server
E. NIDS appliance
F. SMTP mail server
Correct Answer: D
Section: D
Explanation
Web server can refer to either the hardware (the computer) or the software (the computer
application) that helps to deliver content that can be accessed through the Internet.
The most common use of Web servers is to host Web sites but there are other uses like data
storage or for running enterprise applications.
The primary function of a web server is to deliver web pages on the request to clients. This means
delivery of HTML documents and any additional content that may be included by a document,
such as images, style sheets and scripts.
A client, commonly a web browser or web crawler, initiates communication by making a request
for a specific resource using HTTP and the server responds with the content of that resource or an
error message if unable to do so. The resource is typically a real file on the server's secondary
memory, but this is not necessarily the case and depends on how the web server is implemented.
While the primary function is to serve content, a full implementation of HTTP also includes ways of
receiving content from clients. This feature is used for submitting web forms, including uploading
of files.
Many generic web servers also support server-side scripting, e.g., Apache HTTP Server and PHP.
This means that the behavior of the web server can be scripted in separate files, while the actual
server software remains unchanged. Usually, this function is used to create HTML documents "onthefly" as opposed to returning fixed documents. This is referred to as dynamic and static content
respectively. The former is primarily used for retrieving and/or modifying information from
databases. The latter is, however, typically much faster and more easily cached.
Web servers are not always used for serving the world wide web. They can also be found
embedded in devices such as printers, routers, webcams and serving only a local network. The
web server may then be used as a part of a system for monitoring and/or administrating the device
in question. This usually means that no additional software has to be installed on the client
computer, since only a web browser is required (which now is included with most operating
systems).
QUESTION 14
Which H.323 protocol monitors calls for factors such as packet counts, packet loss,
and arrival jitter?
A.
B.
C.
D.
H.225
H.245
RAS
RTCP
Correct Answer: D
Section: D
Explanation
QUESTION 15
Which two design methodology steps relate, at least in part, to the implement phase
of the PPDIOO process? (Choose two.)
A.
B.
C.
D.
E.
verifying the network
testing design
determining customer requirements
characterizing the existing network
establishing the organizational requirements
Correct Answer: AB
Section: D
Explanation
A fase Implement refere-se a aplicar novos dispositivos, incluindo a verificação e
ensaio de modo que A e B
são as opções mais adequadas.
"Determinar as necessidades dos clientes", ocorre na fase de preparação, que
identifica os requisitos
e constrói uma arquitetura conceitual.
"Caracterização da rede existente" pertence à fase Plano; esta etapa é realizada para
determinar a infra-estrutura necessária para atender às exigências.
No "estabelecendo os requisitos organizacionais" passo, a topologia de rede é
projetada para
satisfazer os requisitos e fechar as lacunas de rede identificados nas etapas
anteriores. Este passo é
relacionada com a fase do processo de Plano PPDIOO.
Fase de Projeto
O projeto de rede é desenvolvido com base nos requisitos técnicos e de negócios
obtidos
das fases anteriores. A especificação do projeto de rede é uma detalhada abrangente
projeto que atenda de negócios atual e requisitos técnicos. Ele oferece alta
disponibilidade, confiabilidade, segurança, escalabilidade e desempenho. O projeto
inclui a rede
diagramas e uma lista de equipamentos. O plano do projeto é atualizado com mais
informações granular
para a implementação. Após a fase de projeto é aprovado, a fase Implement começa.
implementar Fase
Novo equipamento está instalado e configurado, de acordo com as especificações do
projeto, no implemento
fase. Novos dispositivos substituir ou aumentar a infra-estrutura existente. o projeto
plano é seguido durante esta fase. Alterações na rede planejadas deverão ser
comunicadas
mudar reuniões de controle, com as aprovações necessárias para prosseguir. Cada
passo na implementação
deve incluir uma descrição, diretrizes de implementação detalhados, tempo estimado
de implementar, medidas de reversão no caso de uma falha, e qualquer informação
de referência adicional.
Como as mudanças são implementadas, elas também são testados antes de passar
para a fase de operar.
QUESTION 16
Which of the following is a modular component within the Cisco Enterprise Campus
module in the Cisco Enterprise Architecture framework?
A.
B.
C.
D.
E.
Teleworker
E-Commerce
WAN/MAN Site-to-Site VPN
Correct Answer: D
Section: D
Explanation
QUESTION 17
An internal network has servers with private IPv4 addresses that must be visible from
the public network. Which kind of address translation should be used to ensure this?
A.
B.
C.
D.
many-to-one translation (PAT)
many-to-one translation (Dynamic NAT
one-to-one translation (Static NAT)
one-to-one translation (NAT Traversal)
Correct Answer: C
Section: D
Explanation
QUESTION 18
Which three of these are components of the North American Numbering Plan?
(Choose three.)
A.
B.
C.
D.
E.
F.
Numbering Plan Area
country code
prefix
zone
line number
trunk channel
Correct Answer: ACE
Section: D
Explanation
NANP tem o formato de endereço de NXX-NXX-XXXX, onde N é qualquer número de 2 a 9 e X é
qualquer número de 0 a 9. Rst os três dígitos identificar a área de plano de numeração e são comumente
chamado de código de área. O endereço é dividido em código de escritório (também conhecido como prefixo)
e
número da linha. O prefixo é de três dígitos, e o número da linha é de quatro dígitos. Identifica o número da
linha
o telefone.
QUESTION 19
Data link switching is typically used in which Enterprise Campus Module layer?
A.
B.
C.
D.
E.
Server Farm
Campus Core
Building Access
Correct Answer: C
Section: D
Explanation
QUESTION 20
What does the Cisco security architecture called SAFE stand for?
A.
B.
C.
D.
Security Architecture for Enterprise
Standard Assessment for Enterprise
Security Analysis for Enterprise
Standard Architecture for Enterprise
Correct Answer: A
Section: D
Explanation
Cisco SAFE Architecture
Cisco Security Architecture for the Enterprise (SAFE) is a security reference architecture that
provides detailed design and implementation guidelines to assist in the development of secure and
reliable networks. Part of the SAFE architecture discusses the building blocks of secure networks
that are resilient to well-known and new forms of attack. Because enterprise networks are key
enablers of business, networks must be designed with integrated security in mind to ensure
confidentiality, integrity, and availability of network resources, especially those networks that
support critical business activity.
One key principle of Cisco SAFE architecture relates to the need for deep security and protection
from both the inside and outside of the organization, along with providing guidelines for analyzing
security requirements. The Cisco SAFE approach allows for the analysis of expected threats and
supports the design of the network security strategy. In addition, the modular nature of Cisco
SAFE allows for the security system to be expanded and scaled as the business grows.
Here are the goals of Cisco SAFE:
Here are the benefits of Cisco SAFE:
QUESTION 21
How many more bits does IPv6 use for addresses than IPv4?
A.
B.
C.
D.
32
64
96
126
Correct Answer: C
Section: D
Explanation
QUESTION 22
A common response to an attack by this device can be either to send an alert or to
take corrective action. What is this device?
A.
B.
C.
D.
Vulnerability assessment
Firewall
Intrusion-detection system (IDS)
Router
Correct Answer: C
Section: D
Explanation
Intrusion Detection Resumo Visão geral do sistema
IDS baseado em rede baseia-se na utilização de sensores estrategicamente
colocados ao longo da rede a
rede. Estas sondas monitorar e analisar todo o tráfego de rede atravessando a rede
local.
O tráfego na rede é comparada com um banco de dados de assinatura ou um perfil
definido para detectar a actividade invasiva.
Se o tráfego monitorizado corresponde a um perfil ou assinatura, é gerado um
alarme. Adicionalmente, os sensores
pode ser configurado para executar ações corretivas para parar um ataque uma vez
que foi detectado. O
vantagem de um IDS baseados em rede é a sua visão macro da rede. Um IDS
baseados em rede tem a
vantagem de visualizar toda a rede e, portanto, não se limita a visualizar apenas o
tráfego para uma
único hospedeiro. A desvantagem de um IDS baseados em rede é o seu custo. Um
IDS baseado em rede se baseia em
hardware adicional na forma de sondas de rede. Inconvenientes adicionais para IDS
baseado em rede são
o seguinte:
Embora diferentes tipos de sistemas de IDS existem, cada tipo tem de suportar, pelo
menos, uma activação
mecanismo. Mecanismos desencadeantes são simplesmente como um alarme é
gerado. Existem dois tipos de
mecanismos desencadeantes:
Anomalia sistemas baseados em usar perfis criados pelo IDS ou o administrador de
segurança. Estes
perfis são então utilizados para detectar um ataque e gerar um alarme. Padrões de
tráfego ou computador
atividade que não corresponde a um perfil definido gera um alerta. A vantagem de
anomalia
detecção é que tem a capacidade de detectar ataques anteriormente desconhecidos
ou novos tipos de ataques. O
desvantagem para detecção de anomalias é um alarme é gerado qualquer tempo ou
tráfego desvia atividade de
os definidos "normais" os padrões de tráfego ou atividade. Isto significa que é até o
administrador de segurança
descobrir por que um alarme foi gerado. Anomalia sistemas baseados têm uma maior
taxa de falso
positivos porque os alarmes são gerados a qualquer momento um desvio do normal
ocorre. Definindo normais
tráfego e da actividade pode ser uma tarefa difícil e demorada.
http://www.ciscoarticles.com/CCSP-Cisco-Certified-Security-Professional/IntrusionDetection-Apresentação do sistema summary.htmlQUESTION 23
What Cisco router configuration component does an implementer use to create a
floating static route?
A.
B.
C.
D.
Primary interface
Administrative distance
Loopback
Description
Correct Answer: B
Section: D
Explanation
Muitas vezes, links de backup usam uma tecnologia diferente. Por exemplo, uma
linha dedicada pode ser em paralelo com um
linha discada circuito de backup ou ISDN. No entanto, é mais comum o uso de linhas
DSL como backup em redes de hoje. Usando rotas estáticas flutuantes, você pode
especificar que a rota de backup têm uma
maior distância administrativa (usado pelos roteadores Cisco para selecionar
informações de roteamento), de modo que não é
normalmente utilizado se a principal via vai para baixo. Este projeto é menos
disponível do que o parcial
malha apresentada anteriormente. Normalmente, as ligações on-demand de backup
reduzir as tarifas de WAN.
QUESTION 24
When building Global network businesses , which three principles should be used?
A. Customer focus, continuous standardization, and core versus context
B. Customer focus, centralization, and core versus context
C. Customer focus, decentralization, and core versus edge
D. Customer focus, decentralization, and core versus context
Correct Answer: A
Section: D
Explanation
From JollyFrog P4S
Core versus Context:
My analysis in a nutshell is that core activities are those that increase the sustainable competitive
advantage of a company. Core activities create value for customers in a way that is hard for
competitors to replicate, and by doing so increase the market power of the company. Investors notice
this, and reward the company with a higher stock price.
Of course in today's market, core doesn't stay core for very long as competitors copy successful
companies. At one point a web site to distribute marketing information was a core activity. Now it is a
context activity, something that is required by the market that does not differentiate. Political factors
also drive context to encroach on core. Everyone wants to feel important, meaning to feel like core,
even though their activities might more reasonably be considered context. In most organizations,
context activities compete for resources with core, and when they win, the company loses.
My recommendation is that companies never lose site of the distinction between core and context as
they do business. Invest as much as possible in core activities. Seek to reduce costs and outsource
context activities. If you have to cut spending in downturn, don't do it across the board, cutting core
and context by equal measures. Instead, seek to actually increase your investment in core while
making even more drastic cuts in context to achieve the total cost-reduction goal.
Reference: http://rolandtanglao.com/archives/2004/04/06/
core_versus_context_core_creates_value_that_competitors_cant_replicate
PodCast about Core versus Context by Geoffrey Moore (recommended viewing) : http://
ecorner.stanford.edu/authorMaterialInfo.html?mid=1327
QUESTION 25
What is SNMP?
A.
B.
C.
D.
Simple Network Management Protocol
Simple Network Monitoring Protocol
Sampling Network Management Process
Simple Network Maintenance Procedure
Correct Answer: A
Section: D
Explanation
QUESTION 26
Examine the following protocols, which two are used for IP Security?
A.
B.
C.
D.
Generic Routing Encapsulation (GRE) and Internetwork Packet Exchange (IPX)(EIGRP)
Border Gateway Protocol (BGP) and Enhanced Interior Gateway Routing Protocol
Authentication Header (AH) and Encapsulating Security Payload (ESP)
Virtual Private Dial-Up Network (VPDN) and GRE
Correct Answer: C
Section: D
Explanation
QUESTION 27
Which WAN scenario might be appropriate for queuing solutions?
A. A newly implemented WAN connection has yet to demonstrate sufficient WAN statistics for congestionlevel tracking.
B. A WAN connection features consistent congestion problems, and data transfers often suffer.
C. A WAN connection is rarely congested, and data transfers never suffer.
D. A WAN connection features occasional periods of congestion, and data transfers have occasionally
suffered as a result.
Correct Answer: D
Section: D
Explanation
QUESTION 28
A customer has the following Enterprise Campus design requirements:
at least 10 Gbps of bandwidth
network runs of up to 40km
no concern for transmission medium cost
Which transmission medium should you recommend to this customer?
A.
B.
C.
D.
unshielded twisted pair
shielded twisted pair
single-mode fiber
wireless
E. multimode
Correct Answer: C
Section: D
Explanation
Below is the comparison of transmission media
(Reference from CCDA Official Exam Certification Guide. Some other books have
different figures
but we should answer it according to the “Official” book)
QUESTION 29
Which statement accurately describes one difference between a small office and
medium office topology?
A.
B.
C.
D.
Medium offices commonly use integrated route and switching platforms.
Medium offices use integrated 10/100/1000 interfaces as Layer 2 trunks.
Medium offices use external access switches to support LAN connectivity.
Small offices commonly use Rapid PVST+ for Layer 3 deployments.
Correct Answer: C
Section: D
Explanation
QUESTION 30
A Cisco security mechanism has the following attributes:
it is a sensor appliance
it searches for potential attacks by capturing and analyzing traffic it is a "purposebuilt device"
it is installed passively
it introduces no delay or overhead
Which Cisco security mechanism is this?
A. NIDS
B. PIX
C. IKE
D. HIPS
E. HMAC
Correct Answer: A
Section: D
Explanation
Explanation:
Inline IPS and anomaly detection: Cisco has innovated in the area of NIDS by being
the first to
incorporate NIDS into the IOS on routing and switching platforms. In addition, IPS
solutions have
inline filtering features that can remove unwanted traffic with programmable features
that classify
traffic patterns. The Cisco IPS 4200 sensor appliances, Cisco Catalyst 6500 IDSM-2,
and the
Cisco IOS IPS can identify, analyze, and stop unwanted traffic from flowing on the
network.
Another set of tools used to prevent distributed DoS (DDoS) attacks and ensure
business
continuity is the Cisco Traffic Anomaly Detector XT and Guard XT appliances, along
with the
Cisco Catalyst 6500 Traffic Anomaly Detector Module and Cisco Anomaly Guard
Module.
QUESTION 31
Which Cisco security solution can quarantine and prevent non-compliant end
stations from accessing the network until they achieve security policy compliance?
A.
B.
C.
D.
E.
F.
Cisco Security Monitoring, Analysis, and Response System
Adaptive Security Appliance
Network Intrusion Prevention System
Network Admission Control
Cisco Secure Connectivity
Access Control Server
Correct Answer: D
Section: D
Explanation
QUESTION 32
Lightweight access points are being deployed in remote locations where others are
already operational. The new access points are in a separate IP subnet from the
wireless controller. OTAP has not been enabled at any locations. Which two methods
can the AP use to locate a wireless controller? (Choose two.)
A.
B.
C.
D.
E.
F.
NV-RAM IP address
master
primary, secondary, tertiary
DHCP
local subnet broadcast
DNS
Correct Answer: DF
Section: D
Explanation
QUESTION 33
Which of the following Cisco router services performs network traffic analysis to
assist in documenting a customer's existing network?
A.
B.
C.
D.
NetMon
MRTG
SNMP MIB compiler
NetFlow
Correct Answer: D
Section: D
Explanation
Exam E
QUESTION 1
Drag the characteristics of the traditional campus network on the left to the most appropriate
hierarchical network layer on the right. Q22
Select and Place:
Correct Answer:
Section: E
Explanation
Access
Distribution
Core
Large-Building LANs
Large-building LANs are segmented by floors or departments. The building-access component
serves one or more departments or floors. The building-distribution component serves one or
more building-access components. Campus and building backbone devices connect the data
center, building-distribution components, and the enterprise edge-distribution component. The
access layer typically uses Layer 2 switches to contain costs, with more expensive Layer 3
switches in the distribution layer to provide policy enforcement. Current best practice is to also
deploy multilayer switches in the campus and building backbone.
Cisco Enterprise Architecture Model
Core
Distribution
Access
QUESTION 2
Q26
Select and Place:
Correct Answer:
Section: E
Explanation
Leased
SHARED
QUESTION 3
q35
Select and Place:
Correct Answer:
Section: E
Explanation
Changed this one to Jolly Frogs suggestion from Actual Tests:
Access:
Protect against inadvertent loops
Protect network services including DHCP, ARP, and IP spoofing protection
Distribution:
Protect the endpoints using network-based intrusion prevention
Protect the infrastructure using NFP best practices
Core:
Filter and rate-limit control plane traffic
Does not perform security functions to mitigate transit threats
Explanation:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap5.html#wp1090913
http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/SAFE_RG/chap3.html
1 Access
2 Distribution
3 Access
4 Core
5 Access
6 Distribution
Please refer to link.
Link: http://www.ciscopress.com/articles/article.asp?p=1073230&seqNum=2
QUESTION 4
q36
Select and Place:
Correct Answer:
Section: E
Explanation
Network Virtualization
* VPC
* VLAN
* VRF
Device Virtualization
*ASA firewall context
*IPS
*VDC
Network virtualization encompasses logical isolated network segments that share the same
physical infrastructure. Each segment operates independently and is logically separate from the
other segments. Each network segment appears with its own privacy, security, independent set of
policies, QoS levels, and independent routing paths.
Here are some examples of network virtualization technologies:
Device virtualization allows for a single physical device to act like multiple copies of itself. Device
virtualization enables many logical devices to run independently of each other on the same
physical piece of hardware. The software creates virtual hardware that can function just like the
physical network device. Another form of device virtualization entails using multiple physical
devices to act as one logical unit.
Here are some examples of device virtualization technologies:
QUESTION 5
Select and Place:
Correct Answer:
Section: E
Explanation
I changed the answer on this to:
switches
switches
switches
switches
Original Answer was
switches
switches
switches
switches
QUESTION 6
q88
Select and Place:
Correct Answer:
Section: E
Explanation
+ provides secure network access, isolates and controls infected devices attempting access: Trust
and Identity Management
+ uses encryption and authentication to provide secure transport across untrusted networks:
Secure Connectivity
+ uses security integrated into routers, switches, and appliances to defend against attacks: Threat
Defense
+ integrates security into the network to identify, prevent, and adapt to threats: Cisco SelfDefending Network
Trust and identity management solutions provide secure network access and admission at any
point in the network and isolate and control infected or unpatched devices that attempt to access
the network. If you are trusted, you are granted access.
We can understand “trust” is the security policy applied on two or more network entities and allows
them to communicate or not in a specific circumstance. “Identity” is the “who” of a trust
relationship.
The main purpose of Secure Connectivity is to protect the integrity and privacy of the information
and it is mostly done by encryption and authentication. The purpose of encryption is to guarantee
condentiality; only authorized entities can encrypt and decrypt data. Authentication is used to
establish the subject’s identity. For example, the users are required to provide username and
password to access a resource…
QUESTION 7
q115
Select and Place:
Correct Answer:
Section: E
Explanation
+ protects the endpoints (desktops, laptops and servers): Cisco Security Agent
+ provides multiple functions as a high performance security appliancE. ASA
+ prevents DDoS attacks: Anomaly Guard and Detector
+ provides Web-Based VPN services: SSL Service Module
+ prevents attacks inlinE. IPS Appliance
QUESTION 8
Select and Place:
Correct Answer:
Section: E
Explanation
From Secur Tut CCDA 2.1 experience.
Also
■ Unified computing
■ Cisco Unified Computing System (UCS) is an innovative next-generation data center
platform that converges computing, network, storage, and virtualization
together into one system.
■ Integrates lossless 10GE unified network fabric with x86 architecture-based
servers.
■ Allows for Cisco Virtual Interface Card to virtualize your network interfaces on
your server.
■ Offers Cisco VN-Link virtualization.
■ Supports Extended Memory Technology patented by Cisco.
■ Increases productivity with just-in-time provisioning using service profiles.
In addition, the newer Data Center 3.0 architecture increases the overall return
on investment (ROI) and lowers the total cost of ownership (TCO).
■ Virtualization
■ Virtual local-area network (VLAN), virtual storage-area network (VSAN), and virtual
device contexts (VDC) help to segment the LAN, SAN, and network devices
instances.
■ Cisco Nexus 1000V virtual switch for VMware ESX and ESXi help to deliver visibility
and policy control for virtual machines (VM).
■ Flexible networking options with support for all server form factors and vendors,
including support for blade servers from Cisco, Dell, IBM, and HP with integrated
Ethernet and Fibre Channel switches.
Virtualization technologies such as VLANs and VSANs provide for virtualized LAN and
SAN connectivity by logically segmenting multiple LANs and SANs on the same physical
equipment. Each VLAN and VSAN operates independently from one another.
QUESTION 9
Which hierarchical layer has functions such as High availability, port security, and
rate limiting?
A.
B.
C.
D.
Core
Access
Network
Distribution
Correct Answer: B
Section: E
Explanation
Camada de Acesso
A camada de acesso fornece ao usuário acesso a segmentos locais na rede. A
camada de acesso é
caracterizados por segmentos comutação LAN em um ambiente de campus.
microssegmentação usando
LAN interruptores fornece alta largura de banda para grupos de trabalho, reduzindo o
número de dispositivos em
Segmentos Ethernet. Funções da camada de acesso incluem o seguinte:
QUESTION 10
Which IPv4 field are the precedence bits located in?
A.
B.
C.
D.
IP destination address
Type-of-service field
IP options field
IP protocol field
Correct Answer: B
Section: E
Explanation
ToS (Tipo de Serviço): Este campo é de 8 bits de comprimento. Qualidade de Serviço
(QoS) tais como
Precedência IP ou DSCP encontram-se neste campo.
QUESTION 11
Which item is not a true disadvantage of the full-mesh topology?
A.
B.
C.
D.
Central hub router represents a single point of failure in the network.
High level of complexity to implement.
Large number of packet replications required.
High costs due to number of virtual circuits.
Correct Answer: A
Section: E
Explanation
Full-topologia mesh
Com malha integral topologias, cada site tem uma conexão com todos os outros
sites na nuvem WAN (qualquer-toany).
Como o número de sites de crescer, assim como o número de conexões de raios que
são, em última análise
necessário. Consequentemente, a topologia de malha completa não é viável em redes
muito grandes. No entanto, uma
principal vantagem desta topologia é que tem muita redundância em caso de falhas
na rede.
Mas redundância implementado com esta abordagem tem um preço elevado
associado a ele.
Aqui estão algumas questões inerentes com full-mesh topologias:
O número de VCs necessários para uma malha completa pode ser calculado através
da fórmula ((N - 1) x N / 2).
Por exemplo, se você tem 4 sites, ((4 - 1) x 4/2) = 6 VCs são obrigatórios.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação quarta
QUESTION 12
Which statement is true about WANs?
A. Switches or concentrators often relay information through the WAN.
B. WANs typically encompass broad geographic areas.
C. In general, WAN technologies function at the middle three layers of the Open System Interconnection (OSI)
model.
D. Users of WANs do not typically own all transmission facilities.
Correct Answer: B
Section: E
Explanation
WAN Definido
Wide-area networks (WAN) são redes de comunicação que são usados para conectar
geograficamente
dispersar locais de rede. Geralmente, os serviços de WAN são oferecidos por
prestadores de serviços ou
operadoras de telecomunicações. WANs pode transportar dados, voz e tráfego de
vídeo. prestadores de serviços
taxas de carga, chamado de tarifas, para a prestação de serviços de WAN ou
comunicações a seus clientes.
Algumas vezes o termo serviço é referido como as comunicações WAN fornecidos
pelo transportador.
QUESTION 13
Developing a network design according to layers such as core and distribution is an
example of which type of design methodology?
A.
B.
C.
D.
Flat design
Top-down
Hierarchical structured design
PPDIOO
Correct Answer: C
Section: E
Explanation
Hierarchical Network Design
As shown in the figure, a traditional hierarchical LAN design has three layers:
Figure, Hierarchical Network Design Has Three Layers: Core, Distribution, and
Access
QUESTION 14
In which layer of the OSI model does Real-Time Transport Protocol (RTP) operate ?
A.
B.
C.
D.
Network
Application
Transport
Session
Correct Answer: C
Section: E
Explanation
Modelo OSI, camadas e protocolos
7 Aplicação
Navegador da Web, e-mail, impressão Serivces, SIP, SSH e SCP, NFS, RTSP,
alimentação, XMPP, Whois, SMB;
DNS; FTP; TFTP; BOOTP; SNMP; RLOGIN; SMTP; MIME; NFS; DEDO; TELNET; NCP;
APPC;
AFP; SMB
6 Apresentação
XDR, ASN.1, SMB, AFP, NCP, MIDI, HTML, GIF, TIFF, JPEG, ASCII
EBCDIC
5 Sessão
TLS, SSH, X.225, RPC, NetBIOS, ASP, Winsock, BSD
4 Transporte
TCP, UDP, RTP, SCTP, SPX, ATP
Gateway, avançado cabo Tester, Brouter
3 Rede
IP, ICMP, IGMP, BGP, OSPF, RIP, IGRP, EIGRP, ARP, RARP, X.25, NETBEUI
Brouter, Roteador, dispositivo Frame Relay, ATM Switch, avançada Cable Tester, DDP
2 Data Link
Ethernet, Token Ring, StarLAN, HDLC, Frame Relay, ISDN, ATM, 802.11 WiFi, FDDI,
PPP, Ponte,
Switch, Roteador ISDN, inteligente Hub, NIC, Advanced Cable Tester, ARCnet,
LocalTalk, FDDI,
ATM. NIC Drivers: Open Datalink Interface (ODI), Rede Interface Specification
Independente
(NDIS)
1 física
NIC, par trançado, coaxial, fibra óptica, de mídia sem fio, repetidor, Multiplexer, Hubs,
(Passivo / ativo), o TDR, Osciloscópio, Amplificador pombo-correio,
CAMADAS TCP
4 Aplicação (OSI - Layers5 a 7)
HTTP, FTP, DNS
(Protocolos de roteamento como BGP e RIP, que, por uma variedade de razões são
executados sobre TCP e UDP
respectivamente, também pode ser considerado parte da camada Internetwork)
3 Transporte (OSI - Layers4 e 5)
TCP, UDP, RTP, SCTP
(Protocolos de roteamento, como OSPF, que correm sobre IP, também pode ser
considerada parte do Internetwork
camada)
2 Internetwork (OSI - Camada 3)
Para TCP / IP é o protocolo de Internet (IP)
(Protocolos obrigatórios como correr ICMP e IGMP sobre IP, mas podem ainda ser
considerados parte da
Internetwork camada; ARP não roda sobre IP)
1 Link (OSI - Camadas 1 e 2)
Ethernet, Wi-Fi, MPLS, etc
http://www.tomax7.com/aplus/osi_model.htm
Cisco Exame 640-864
QUESTION 15
What does Compressed Real-Time Transport Protocol (CRTP) compress ?
A.
B.
C.
D.
RTP, TCP, and IP headers
RTP headers
RTP, User Datagram Protocol (UDP), and IP headers
Real-Time Transport Control Protocol (RTCP) headers
Correct Answer: C
Section: E
Explanation
Explanation:
WAN links use RTP header compression to reduce the size of voice packets. This is also called
Compressed RTP (cRTP), which is defined in RFC 2508. As shown in Figure 14-18, cRTP
reduces the IP/UDP/RTP header from 40 bytes to 2 or 4 bytes (a significant decrease in
overhead). cRTP happens on a hop-by-hop basis, with compression and decompression occurring
on every link. It must be configured on both ends of the link. It is recommended for slow links up to
768 kbps. cRTP is not used much anyone because slow WAN link bandwidths are seen less.
Higher speed links are not recommended because of the high CPU requirements and they reduce
call quality.
Figure 14-18. cRTP
QUESTION 16
In IS-IS networks, which routers does the backup designated router (BDR) form
adjacencies to?
A.
B.
C.
D.
Only to the DR.
The BDR only becomes adjacent when the DR is down.
To all routers.
There is no BDR in IS-IS.
Correct Answer: D
Section: E
Explanation
BDRs são usados por OSFP e NÃO IS-IS. IS-IS usa routers L1 e L2
Um roteador de backup designado (BDR) é um roteador que se torna o roteador
designado, se o atual
roteador designado tem um problema ou falha. O BDR é o roteador OSPF com
segunda maior prioridade
na época da última eleição.
QUESTION 17
Which item is not a part of the process recommended by Cisco for WAN designs?
A.
B.
C.
D.
Characterize the existing network.
Analyze customer requirements.
Configure deployed services.
Design the new WAN topology.
Correct Answer: C
Section: E
Explanation
QUESTION 18
Which type of DSL does residential service use?
A.
B.
C.
D.
VDSL
SDSL
IDSL
ADSL
Correct Answer: D
Section: E
Explanation
Digital Subscriber Line
Linha de assinante digital (DSL) é uma tecnologia que fornece serviços de alta
velocidade de dados na Internet sobre
linhas telefônicas comuns de cobre. Ele consegue isso usando freqüências que não
são usadas no normal
telefone as chamadas de voz.
O xDSL termo descreve as várias formas concorrentes de DSL disponíveis hoje.
ADSL é a mais popular tecnologia DSL e está amplamente disponível. A chave para
ADSL é que o
largura de banda a jusante é assimétrica ou maior do que a largura de banda a
montante. algumas limitações
que inclui ADSL pode ser utilizado apenas na proximidade imediata do DSLAM local,
tipicamente inferior a 2
km. O DSLAM local, ou de assinante digital multiplexador de acesso à linha, permite
que linhas de telefone para fazer
Conexões DSL à Internet. Velocidades de download geralmente variam de 768 kbps a
9 Mbps, e
velocidades de upload variar de 64 kbps a 1,5 Mbps. O equipamento nas instalações
do cliente (CPE) refere-se
a um PC com modem DSL ou roteador DSL que liga de volta para o provedor de
acesso à rede
(NAP) DSLAMs.
O circuito ADSL consiste em uma linha de telefone de par trançado que contém seus
canais de informação:
DSL divisores são utilizados para separar serviço básico de telefonia do modem
ADSL / router
fornecer o serviço, mesmo que a sinalização ADSL falhar.
Embora DSL é utilizado principalmente na comunidade residencial, esta tecnologia
também pode ser utilizada como um
WAN tecnologia para uma organização. No entanto, tenha em mente que, como essa
é uma rede pública
conexão através da Internet, é recomendável que esta tecnologia pode ser usada em
conjunto com um
firewall / VPN volta solução em sua rede corporativa da empresa. As velocidades
elevadas e relativamente
baixo custo fazem deste um popular de acesso à Internet tecnologia WAN.
Cisco Press CCDA 640-864 Edição Guia Oficial de Certificação IV, Capít
QUESTION 19
Define some of the activities, tools, and techniques used in today's network-design
process.(Choose three.)
A.
B.
C.
D.
Analyzing network traffic
Simulation of network traffic
Network auditing
Filtering incoming network traffic
Correct Answer: ABC
Section: E
Explanation
Caracterizando a Rede Existente
Caracterizar a rede é o Passo 2 da metodologia de design. Nesta seção, você aprende
a
identificar as características principais de uma rede, ferramentas para analisar o
tráfego de rede existente, e ferramentas para auditoria
e monitoramento de tráfego de rede.
Passos na coleta de informações
Ao chegar em um local que tem uma rede existente, você precisará obter todos os
existentes
documentação. Às vezes, não existe informação documentada. Você deve estar
preparado para usar
ferramentas para obter informações e ter acesso ao login para os dispositivos de
rede para obter informações.
Aqui estão os passos para a coleta de informações:
Ao reunir a documentação sair, você procura por informações do site, tais como
nomes de sites, site
endereços, contatos do site, hora local de funcionamento e de construção e acesso à
sala. rede
infra-estrutura inclui informações locais e tipos de servidores e dispositivos de rede,
data center
e locais de armário, LAN fiação, WAN tecnologias e velocidades de circuito e de
alimentação usada. lógico
informações da rede inclui o endereçamento IP, protocolos de roteamento,
gerenciamento de rede e segurança
acesso listas usadas. Você precisa descobrir se a voz ou vídeo está sendo usado na
rede.
30. Quais os tipos de instrumentos são utilizados durante o processo de design de
rede?
um. Ferramentas de gerenciamento de rede
b. Ferramentas de rede de tendências
c. Modelagem de ferramentas de rede
d. Simulação de rede e ferramentas de teste
e. Implementação de ferramentas de rede
30. C e D
QUESTION 20
Which types of communicating devices compose RMON architecture ?(choose two)
A.
B.
C.
D.
Router
Switch
Management station
Monitor
Correct Answer: CD
Section: E
Explanation
RMON
RMON é uma especificação padrão de monitoramento que permite que dispositivos
de monitoramento de rede e console
sistemas aos dados de monitorização de troca de rede. RMON fornece mais
informações do que o SNMP, mas
mais sofisticados dispositivos de coleta de dados (sondas de rede) são necessários.
RMON olha MAClayer
dados e fornece informações agregadas sobre as estatísticas e tráfego da LAN.
Redes corporativas implantar sondas de rede em vários segmentos de rede, essas
sondas denunciar
de volta para o console RMON. RMON permite que as estatísticas de rede a ser
recolhido, mesmo se ocorrer uma falha
entre a sonda eo console RMON. RMON1 é definido por RFC 1757 e 2819, e
adições para RMON2 são definidos pela RFC 2021.
QUESTION 21
Which attack type would you expect on segments that have many servers for some
well-known applications?
A.
B.
C.
D.
Trojan horses
DoS attacks
Application-layer attacks
Password attacks
Correct Answer: C
Section: E
Explanation
Segurança da aplicação e defesa de segurança de conteúdo. Camada de rede várias
novo aplicativo
produtos foram lançados que abordam a ajuda de novas classes de ameaças, como
o spam, phishing,
spyware, abuso de pacotes, e compartilhamento de arquivos não autorizados pontoa-ponto. Produtos de segurança de conteúdo
Eletrodomésticos como Cisco IronPort fornecer antivírus abrangente, antispyware,
arquivo de bloqueio,
antispam, bloqueio de URL e filtragem de conteúdo de serviços. Estes produtos
complementam tradicional
firewalls e baseado em rede do sistema de detecção de intrusão (NIDS) soluções com
tráfego mais granular
serviços de inspecção, assim, a quarentena do tráfego de modo que ela não se
propaga por todo o
rede.
De negação de serviço (DoS) ataque - Tenta dominar recursos como CPU, memória e
largura de banda, impactando o sistema atacado e negar o acesso de usuários
legítimos.
QUESTION 22
Which routing protocol is classful?
A.
B.
C.
D.
Intermediate System-to-Intermediate System (IS-IS) and OSPF
Routing Information Protocol Version 1 (RIPv1) and RIPv2
IGRP and RIPv1
Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF)
Correct Answer: C
Section: E
Explanation
Classless Versus Classful Protocolos de Roteamento
Os protocolos de roteamento podem ser classificados de acordo com o seu apoio de
VLSM e CIDR. roteamento classful
protocolos não anunciar máscaras de sub-rede em suas atualizações de roteamento,
portanto, a sub-configurado
máscara para a rede IP deve ser o mesmo em toda a inter-rede inteira. Além disso, o
sub-redes devem, para todos os efeitos práticos, ser contíguas dentro do maior
internetwork. Por exemplo, a
se você usar um protocolo de roteamento classful para a rede 130.170.0.0, você deve
usar a máscara escolhida
(como 255.255.255.0) em todas as interfaces do roteador, usando a rede 130.170.0.0.
você deve
configurar ligações de série com apenas dois hosts e LANs com dezenas ou
centenas de dispositivos com o mesmo
máscara de 255.255.255.0. A grande desvantagem dos protocolos de roteamento
classful é que a rede
designer não pode tirar vantagem de sumarização endereço através de redes (CIDR)
ou alocação
de sub-redes menores ou maiores dentro de uma rede IP (VLSM). Por exemplo, com
um roteamento classful
protocolo que usa uma máscara padrão de / 25 para toda a rede, você não pode
atribuir um / 30 sub-rede para um
circuito ponto-a-ponto serial.
Classful protocolos de roteamento são
Protocolos de roteamento sem classes anunciar a máscara de sub-rede com cada
rota. Você pode configurar
sub-redes de um determinado número IP de rede com máscaras de sub-rede
diferente (VLSM). Você pode configurar
LANs grande com uma máscara de sub-rede menor e configurar ligações de série
com uma máscara de sub-rede maior,
espaço de endereço IP, assim, conservar. Protocolos de roteamento sem classes
também permitem rota flexível
sumarização e Supernetting (CIDR). Você cria supernets agregando IP classful
redes. Por exemplo, é uma super 200.100.100.0/23 de 200.100.100.0/24 e
200.100.101.0/24.
Classless protocolos de roteamento são.
QUESTION 23
Which IGP protocol is a common a choice as EIGRP and OSPF as a routing protocol
for large networks?
A.
B.
C.
D.
RIPv2
IS-IS
IGRP
OSPFV2
Correct Answer: B
Section: E
Explanation
Interior Versus Exterior Routing Protocols
Routing protocols can be categorized as interior gateway protocols (IGP) or exterior gateway
protocols (EGP). IGPs are meant for routing within an organization’s administrative domain (in
other words, the organization’s internal network). EGPs are routing protocols used to
communicate with exterior domains, where routing information is exchanged between
administrative domains. Figure 10-2 shows where an internetwork uses IGPs and EGPs with
multiple autonomous administrative domains. BGP exchanges routing information between the
internal network and an ISP. IGPs appear in the internal private network.
Figure 10-2. Interior and Exterior Routing Protocols
One of the first EGPs was called exactly that: Exterior Gateway Protocol. Today, BGP is the de
facto (and the only available) EGP. Potential IGPs for an IPv4 network arE.
Potential IGPs for an IPv6 network arE.
RIPv1 is no longer recommended because of its limitations. RIPv2 addresses many of the
limitations of RIPv1 and is the most recent version of RIP. IGRP is an earlier version of EIGRP.
RIPv1 and IGRP are no longer CCDA exam topics.
QUESTION 24
A wireless LAN or WLAN is a wireless local area network, which is the linking of two
or more computers or devices without using wires. How are wireless LANs
identified?
A.
B.
C.
D.
Service Set Identifier (SSID)
Internet Group Management Protocol (IGMP)
IP network
Wired Equivalent Privacy (WEP) key
Correct Answer: A
Section: E
Explanation
QUESTION 25
What is the length of the key used with Triple Data Encryption Standard (3DES)?
A. 64 bits
B. 168 bits
C. 128 bits
D. 56 bits
Correct Answer: B
Section: E
Explanation
Em criptografia, Triple DES é o nome comum para o algoritmo Triple Data Encryption
(TDEA
ou Triple DEA cifra de bloco), que aplica o Data Encryption Standard (DES) algoritmo
de criptografia
três vezes em cada bloco de dados. Por causa da disponibilidade de aumentar o
poder computacional, o
tamanho da chave do original DES cifra estava ficando sujeito a ataques de força
bruta; Triple DES foi
concebidos para proporcionar um método relativamente simples de aumentar o
tamanho de chave DES para proteger contra
tais ataques, sem projetar um algoritmo de cifra completamente novo bloco.
Triple DES usa um "pacote-chave", que compreende três chaves DES, K1, K2 e K3,
cada um de 56 bits
(excluindo os bits de paridade). O algoritmo de criptografia é:
cifrado = EK3 (DK2 (EK1 (plaintext)))
Ou seja, DES criptografar com K1, K2 descriptografar com DES, em seguida,
criptografar com DES K3.
Decodificação é o inverso:
plaintext = DK1 (EK2 (DK3 (texto cifrado)))
Ou seja, decifrar com K3, criptografar com K2, então, decifrar com K1.
Cada criptografia tripla criptografa um bloco
QUESTION 26
As a network engineer, can you tell me accounting management on a networkmanagement system allows a network manager to perform which function?
A.
B.
C.
D.
Assess the network's effectiveness and throughput
Charge back to users for network resources
Performance management
Identify problem areas in the network
Correct Answer: B
Section: E
Explanation
QUESTION 27
ISDN is short for Integrated Services Digital Network. Under what category of WAN
technologies does ISDN belong?
A.
B.
C.
D.
Cell-switched
Circuit-switched
Packet-switched
Leased lines
Correct Answer: B
Section: E
Explanation
QUESTION 28
Which name is for the Cisco product that provides centralized, policy-based security
management?
A.
B.
C.
D.
IDS
Out-of-band management
AAA
CSPM
Correct Answer: D
Section: E
Explanation
QUESTION 29
What does Cisco recommend as the foundation of any deployed security solution?
A.
B.
C.
D.
Customer needs
Security audit
Service-level agreement
Corporate security policy
Correct Answer: D
Section: E
Explanation
Security Policy and Process
To provide the proper levels of security and increase network availability, a security policy is a
crucial element in providing secure network services. This is an important concept to understand,
and such business requirements should be considered throughout the system life cycle. Business
requirements and risk analysis are used in the development of a security policy. It is often a
balance between ease of access versus the security risk and cost of implementing the security
technology.
In terms of network security in the system life cycle, the business needs are a key area to
consider. Business needs define what the business wants to do with the network.
Risk analysis is another part of the system life cycle. It explains the risks and their costs. Business
needs and risk assessment feed information into the security policy.
The security policy describes the organization’s processes, procedures, guidelines, and standards.
Furthermore, industry and security best practices are leveraged to provide well-known processes
and procedures.
Finally, an organization’s security operations team needs to have processes and procedures
defined. This information helps explain what needs to happen for incident response, security
monitoring, system maintenance, and managing compliance.
Table, outlines key network security considerations
QUESTION 30
Which statement best describes Call Admission Control?
A.
B.
C.
D.
It extends QoS capabilities to protect voice from excessive data traffic.
It protects voice from voice.
It provides endpoint registration control.
It provides endpoint bandwidth control.
Correct Answer: B
Section: E
Explanation
CAC should be used to keep excess voice traffic from the network by ensuring that
there is
enough bandwidth for new calls. Call admission control (CAC) is used to control the
number of
calls to reduce the WAN bandwidth for a site that has IPT. CAC is configured for the
site on the
CUCM servers. A maximum bandwidth or maximum number of calls is provisioned for
the site.
CAC enforces a maximum number of calls between two locations to ensure that call
quality will not
be degraded by allowing more calls than a network can support. CAC causes
excessive calls
between two locations to be refused. The IPT system must then either reroute the call
to different
available path, such as the PSTN, or deny the call.
QUESTION 31
Which three security measures can be used to mitigate DoS attacks that are directed
at exposed hosts within the E-Commerce module? (Choose three.)
A.
B.
C.
D.
E.
Use NIDSs and HIPSs to detect signs of attack and to identify potentially successful breaches.
Partition the exposed hosts into a separate LAN or VLAN.
Use LAN switch VTP pruning to separate hosts on the same segment.
Use a VPN concentrator (IPSec) to protect and verify each connection to the exposed host or hosts.
Use firewalls to block all unnecessary connections to the exposed hosts.
Correct Answer: ABE
Section: E
Explanation
Exam F
QUESTION 1
Which H.323 protocol is responsible for the exchanging of capabilities and the
opening and closing of logical channels?
A.
B.
C.
D.
H.225
H.245
RAS
RTCP
Correct Answer: B
Section: F
Explanation
QUESTION 2
A campus network needs end-to-end QoS tools to manage traffic and ensure voice
quality. Which three types of QoS tools are needed? (Choose three.)
A.
B.
C.
D.
E.
F.
interface queuing and scheduling
congestion management
compression and fragmentation
bandwidth provisioning
traffic classification
buffer management
Correct Answer: ADE
Section: F
Explanation
QUESTION 3
Which modules are found in the Enterprise Edge functional area of the Cisco
Enterprise Architecture? Select all that apply.
A.
B.
C.
D.
E.
F.
Teleworker
WAN/MAN
Server Farm
E-Commerce
Remote Access/VPN
Correct Answer: BDEF
Section: F
Explanation
QUESTION 4
Which Cisco device management feature is most suited to metering network traffic
and providing data for billing network usage?
A.
B.
C.
D.
BGP
Cisco Discovery Protocol
QoS
NetFlow
Correct Answer: D
Section: F
Explanation
QUESTION 5
You are performing an audit of a customer's existing network and need to obtain the
following router information:
Interfaces
running processes
IOS image being executed
Which command should you use?
A. show version
B.
C.
D.
E.
show tech-support
show startup-config
show running-config
show processes memory
Correct Answer: B
Section: F
Explanation
QUESTION 6
Which two of these are functions of an access point in a Split MAC Network
Architecture? (Choose two.)
A.
B.
C.
D.
EAP Authentication
MAC layer encryption or decryption
802.1Q encapsulation
Process probe response
Correct Answer: BD
Section: F
Explanation
Cisco Unified Wireless Network Split-MAC Architecture
With the Cisco UWN split-MAC operation, the control and data messages are split.
LWAPs
communicate with the WLCs using control messages over the wired network. LWAPP
or
CAPWAP data messages are encapsulated and forwarded to and from wireless
clients. The WLC
manages multiple APs, providing configuration information and firmware updates as
needed.
LWAP MAC functions are
Controller MAC functions are
QUESTION 7
Which answer is correct about routing metrics?
A.
B.
C.
D.
If the metric is cost, the path with the highest cost is selected.
If the metric is bandwidth, the path with the highest bandwidth is selected.
If the metric is bandwidth, the path with the lowest bandwidth is selected.
If the metric is bandwidth, the highest sum of the bandwidth is used to calculate the highest
Correct Answer: B
Section: F
Explanation
QUESTION 8
What is DHCP?
A.
B.
C.
D.
Dynamic Host Configuration Protocol
Dedicated Host Configuration Protocol
Dynamic Host Control Protocol
Predecessor to BOOTP
Correct Answer: A
Section: F
Explanation
QUESTION 9
The network-design process is limited by many external constraints. Which origins
are of these constraints?
A.
B.
C.
D.
Technological, worldwide standards, social, and managerial
Technological, political, social, and economical
Technological, cost, social, and economical
Managerial, political, social, and economical
Correct Answer: B
Section: F
Explanation
QUESTION 10
Which packet-switching topology approach typically requires the greatest level of
expertise to implement?
A.
B.
C.
D.
Hub and spoke
Point-to-point
Star
Partial mesh
Correct Answer: D
Section: F
Explanation
Hub and spoke ou estrela de rede cria um ponto central de falha e é uma rede mais
complexa
de um ponto para apontar a configuração. No entanto, devido ao nível de
configurações redundantes a
Configuração da malha parcial é mais complexa do que qualquer uma das outras
opções listadas
Pacote e celular comutada. As conexões que usam circuitos virtuais (PVC / SVC),
criado pelo
SP. Tecnologias de comutação de pacotes incluem Frame Relay e célula de
comutação de tecnologias como
ATM. ATM usa células e fornece suporte para múltiplos qualidade de serviço (QoS)
classes. o
circuitos virtuais fazem parte da ATM / Frame Relay rede compartilhada backbone SP.
Isto dá a SP
maior flexibilidade com suas ofertas de serviços.
Hub-and-spoke
Uma estrela ou hub-and-spoke topologia fornece um roteador hub com conexões
para os roteadores spoke
através da nuvem WAN. Comunicação em rede entre os sites flui através do roteador
hub.
Significativa redução de custos de WAN, contagens baixas de circuito, e
gerenciamento simplificado são os benefícios da
hub-and-spoke. Além disso, o hub-and-spoke topologias fornecer hierarquia WAN e
pode
fornecer alta disponibilidade por meio do uso de routers dupla no local do cubo.
Uma grande desvantagem dessa abordagem é que, se você usar um roteador hub
único, ele pode representar um
ponto único de falha. A topologia hub-and-spoke também pode limitar o desempenho
geral quando
recursos são acessados através do roteador hub central dos roteadores falou, como
com
falou-a-falou o tráfego da rede.
QUESTION 11
In a network with Enhanced Interior Gateway Routing Protocol (EIGRP) and IGRP
using the same autonomous system number, what will happen on the router
configured with both protocols?
A.
B.
C.
D.
Redistribution occurs automatically.
Redistribution is not necessary.
EIGRP assumes IGRP is a less capable protocol and overtakes it.
Redistribution does not occur automatically.
Correct Answer: A
Section: F
Explanation
QUESTION 12
What does the Cisco SLM define as the component used to specify expected
performance between a pair of devices connected by a network?
A.
B.
C.
D.
CM
SLC
SLA
SAA
Correct Answer: C
Section: F
Explanation
CiscoWorks Gerente de Nível de Serviço
Service Manager Level (SLM) versão 2.0 é o componente de servidor do Serviço de
CiscoWorks
Solução de Gestão (SMS). SLM permite aos administradores definir e validar de nível
de serviço
acordos em termos comuns para aqueles escrito em seu contrato com a operadora.
através locais
e gerentes de coleta remota, SLM interage com o Cisco IOS ® Software para executar
teste sintético e monitoramento de Layer 3 e 4 serviços de acordo com o SLA
especificado
parâmetros e limites. A abordagem de teste sintético garante um entendimento
comum
entre cliente e prestador de serviços dos terminais, características e limites do
testes.
NOTA. Este produto não está mais sendo vendido e pode não ser suportada. Ver o
Fim-de-Life
Observe a aprender:
http://www.cisco.com/en/US/products/sw/cscowork/ps2144/index.html
QUESTION 13
Which two statements best describe Cisco Wireless LAN Guest Access in a Cisco
Unified Wireless Network? (Choose two.)
A.
B.
C.
D.
E.
F.
Dedicated guest VLANs are only extended to the wireless controllers in the network to ensure path isolation.
Guest tunnels have limitations on which wireless controllers can originate the tunnel.
Dedicated guest VLANs are extended throughout the network to the access points for path isolation.
Guest tunnels can originate and terminate on any wireless controller platform.
Guest tunnels have limitations on which wireless controllers can terminate the tunnel.
Dedicated guest access in the DMZ extends from the origination to the termination controllers without
dedicated guest VLANs.
Correct Answer: EF
Section: F
Explanation
Using EoIP Tunnels for Guest Services
Basic solutions use separate VLANs for guest and corporate users to segregate guest traffic from
corporate traffic. The guest SSID is broadcast, but the corporate SSID is not. All other security
parameters are configured. Another solution is to use Ethernet over IP (EoIP) to tunnel the guest
traffic from the CAPWAP to an anchor WLC.
As shown in Figure 5-17, EoIP is used to logically segment and transport guest traffic from the
edge AP to the anchor WLC. There is no need to define guest VLANs in the internal network, and
corporate traffic is still locally bridged. The Ethernet frames from the guest clients are maintained
across the CAPWAP and EoIP tunnels.
Figure. EoIP Tunnels
QUESTION 14
You are designing IPv6 into an existing IPv4 network. Which two strategies can you
use to allow both address schemes to coexist, thus facilitating migration? (Choose
two)
A.
B.
C.
D.
E.
translate one protocol into the other
redistribute between IPv6-capable and non-IPv6-capable routing protocols
encapsulate IPv6 packets within IPv4 packets
bridge between the IPv6 and IPv4 networks
enable anycast capability in the routing protocol
Correct Answer: AC
Section: F
Explanation
QUESTION 15
You are designing a small branch office that requires these attributes:
support for 60 users
the growth capacity to add another 15 users soon
redundant access
higher bandwidth between the Layer 2 switch and routing to the WAN
Which branch office topology or technology must be used?
A.
B.
C.
D.
E.
EtherChannel
loop-free
three-tier
two-tier
integrated routing and switching
Correct Answer: D
Section: F
Explanation
QUESTION 16
Which two of these are scalability benefits of designing a network that utilizes VPNs?
(Choose two.)
A.
B.
C.
D.
E.
reduces dial infrastructure expenditures
reduces the number of physical connections
allows networks to be set up and restructured quickly
simplifies the underlying structure of a customer WAN
extends the network to remote users
Correct Answer: BD
Section: F
Explanation
QUESTION 17
When designing using the Cisco Enterprise Architecture, in which Enterprise Campus
layer do the Enterprise Edge and Enterprise WAN modules establish their
connection?
A.
B.
C.
D.
E.
Building Access
Campus Core
Enterprise Branch
Enterprise Data Center
Correct Answer: C
Section: F
Explanation
QUESTION 18
In the Cisco branch office design, what categorizes an office as large?
A.
B.
C.
D.
E.
between 50 and 100 users and a single-tier design
between 100 and 200 users and a three-tier design
between 50 and 100 users and a three-tier design
over 200 users and a two-tier design
between 100 and 200 users and a two-tier design
Correct Answer: B
Section: F
Explanation
QUESTION 19
Given a VoIP network with these attributes:
Codec: G.711
WAN bandwidth: 768Kbps
Packet Header: 6 bytes
Payload: 160 bytes
CRTP: No
How many calls can be made?
A.
B.
C.
D.
E.
7 calls
13 calls
8 calls
9 calls
11 calls
Correct Answer: E
Section: F
Explanation
Codecs
Because speech is an analog signal, it must be converted into digital signals for
transmission over
digital systems. The first basic modulation and coding technique was pulse-code
modulation
(PCM). The international standard for PCM is G.711. With PCM, analog speech is
sampled 8000
times a second. Each speech sample is mapped onto 8 bits. Thus, PCM produces
(8000 samples
per second) * (8 bits per sample) = 64, 000 bits per second = 64-kbps coded bit rate.
Other coding
schemes have been developed to further compress the data representation of
speech. G.711 is
used as the primary with IPT over LANs where high bandwidth is available.
G.711 = 64Kbps
Packet Header = 6 bytes
Payload = 160 bytes
Total = 64166 bytes or 64.166 Kbps per call
768 Kbps / 64.166 Kbps = 11.96
Therefore 11 Calls can be supported
QUESTION 20
Which information should a network summary report identify?
A.
B.
C.
D.
E.
F.
actions needed to support the existing network
customer requirements
new network features
customer requirement modifications
actions needed to support existing network features
infrastructure shortcomings
Correct Answer: F
Section: F
Explanation
QUESTION 21
Which statement can a network designer use to describe route summarization to an
IT manager?
A.
B.
C.
D.
It is the grouping of ISP network addresses to minimize the number of routes to the Internet.
It is the grouping of multiple discontiguous subnets to increase routing performance.
It is the grouping of multiple contiguous networks and advertising as one large network
It is the grouping of multiple contiguous subnets into one Class A, B, or C IP address to minimize routing
table size.
Correct Answer: C
Section: F
Explanation
QUESTION 22
Which two techniques can reduce voice packet transfer delay across a link of less
than 512 kbps? (Choose two.)
A.
B.
C.
D.
E.
deploy LFI
increase link bandwidth
extend the trust boundary
deploy software compression
increase queue depth
Correct Answer: AB
Section: F
Explanation
Table. Link-Efficiency Mechanisms
QUESTION 23
Which two VoIP characteristics are affected most by codec choice? (Choose two.)
A.
B.
C.
D.
voice quality
voice packet header size
bandwidth required for voice calls
silent packet handling
Correct Answer: AC
Section: F
Explanation
QUESTION 24
Which of these accurately describes dial backup routing?
A. once the backup link is activated it will remain active even after the primary link is restored
B. he backup link is activated it will remain active even after the primary link is restoredonce t
C. it always uses permanent static routes
D. it is supplied by the service provider as a secondary PVC at no additional charge
E. the router intiates the dial backup link when a failure is detected on the primary link
Correct Answer: E
Section: F
Explanation

Cisco Actualtests 640-864 Exam Bundle

Transcrição

Documentos relacionados

Building a New Digital Business

É tempo de analisar e fazer uma completa reflexão sobre a vida

ENG

L/P.1 - Jicable

Acesse o poema Lady Lazarus.

Cisco Actualtests 640-864 Exam Bundle

Interzone 245(Interzone #245)

Mother Road(Route 66 #1) by Dorothy Garlock

Música Para Formatura

Cisco Aironet 1200 Series Access Point

40 years creating value

Newsletter - St. Nicholas School

CALENDÁRIO DA SEMANA

Cisco IOS SSL VPN

pdf of article

Cisco 2800 Series Integrated Services Routers

Cisco 880 Series Integrated Services Routers

Cisco Nexus 5548P, 5548UP, 5596UP, and 5596T

Traffic engineering with BGP - Internet Network Architectures

position-based distributed hash tables