2 300-320 CCDP Arch

300-320.prepaway.premium.exam.
304q
Number: 300-320
Passing Score: 800
Time Limit: 120 min
File Version: 14.0
300-320
Designing Cisco Network Service Architectures
Version 14.0
Exam A
QUESTION 1
Which route summarization most efficiently reduces perceived network complexity that is composed of subnetworks ranging from 172.16.20.0/24 to
172.16.36.0/24?
A. 172.16.8.0/21
B. 172.16.8.0/19
C. 172.16.20.0/20
D. 172.16.0.0/18
E. 172.16.20.0/19
Correct Answer: D
Section: (none)
Explanation
Explanation/Reference:
QUESTION 2
What is the recommended subnet between two sites that have a point-to-point connection to conserve IP addresses?
A. 255.255.255.0
B. 255.255.252.0
C. 255.255.255.252
D. 255.255.255.240
Correct Answer: C
Section: (none)
Explanation
QUESTION 3
In which OSI layer does IS-IS operate?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Correct Answer: C
Section: (none)
Explanation
QUESTION 4
Which algorithm does IS-IS use to determine the shortest path through a network?
A. Bellman-Ford routing algorithm

B. Johnson's algorithm
C. Dijkstra's algorithm
D. Floyd-Warshall algorithm
Correct Answer: C
Section: (none)
Explanation
QUESTION 5
Which unique EIGRP feature allows for faster Layer 3 convergence?
A. fast EIGRP timers

B. feasible successors
C. hybrid routing protocol
D. Cisco proprietary protocol
Correct Answer: B
Section: (none)
Explanation
QUESTION 6
EIGRP uses which algorithm to build a routing table?
A. Dijkstra's algorithm
B. Floyd-Warshall algorithm
C. Diffusing Update Algorithm
D. Johnson's algorithm
Correct Answer: C
Section: (none)
Explanation
QUESTION 7
What is the maximum number of routers that each OSPF area (including the backbone) should contain?
A. 30
B. 10
C. 50
D. 100
Correct Answer: C
Section: (none)
Explanation
QUESTION 8
What is the maximum number of neighbors that a router should have in an OSPF area?
A. 5
B. 30
C. 60
D. 99
Correct Answer: C
Section: (none)
Explanation
QUESTION 9
Refer to the exhibit. Based on the configuration, why are routers R1 and R2 not exchanging OSPF routes?
A. The OSPF process numbers are different.

B. There is no backbone area configured.
C. The router IDs are different.
D. OSPF is not enabled on the interfaces.
Correct Answer: B
Section: (none)
Explanation
QUESTION 10
An engineer notices that many BGP peers utilize the same configuration parameters. What can the engineer configure to simplify BGP neighbor statements and
generate more efficient BGP peer updates?
A. peer groups
B. policy templates
C. session templates
D. peer address families
Correct Answer: A
Section: (none)
Explanation
QUESTION 11
What is the correct state between two BGP peers that are neighbors?
A. active
B. operational
C. established
D. up
Correct Answer: C
Section: (none)
Explanation
QUESTION 12
Refer to the exhibit. A network engineer manually reconfigures the BGP configuration on newly upgraded router R1. However, the BGP neighbor relationship does
not come up with the directly connected neighbor router. What is causing the failure of the BGP neighbor relationship between routers R1 and R2?
A. An incorrect neighbor IP address for router R2 is configured on router R1.
B. An incorrect neighbor AS number is configured on router R1 for router R2.
C. The wrong BGP authentication password is configured on router R1.
D. Router R1 must configure the R2 loopback address as the neighbor IP address.
Correct Answer: C
Section: (none)
Explanation
QUESTION 13
Which option is a primary requirement for the deployment of an IPv6-enabled network via the native method (dual-stack model) within the enterprise campus
environment?
A. hardware-based switching support for IPv6 forwarding on all campus switches

B. restriction of IPv6-enabled devices to the core layer
C. manual implementation of tunneling between IPv6-incompatible devices in an IPv4-over-IPv6 tunnel
D. disabling of multicast in the distribution layer prior to implementation of IPv6
Correct Answer: A
Section: (none)
Explanation
QUESTION 14
Which multicast address must be available for FHRP advertisements in a multivendor environment?
A. 224.0.0.9
B. 224.0.0.18
C. 224.0.0.102
D. 224.0.0.2
Correct Answer: B
Section: (none)
Explanation
QUESTION 15
Which feature must be configured for the VRRP-enabled router to regain the master VRRP status upon recovery from a failure?
A. priority
B. authentication
C. pre-emption
D. Stateful Switchover
Correct Answer: C
Section: (none)
Explanation
QUESTION 16
Which protocol should be configured if a network administrator wants to configure multiple physical gateways to participate simultaneously in packet forwarding?
A. HSRP
B. VRRP
C. GLBP
D. VTP
Correct Answer: C
Section: (none)
Explanation
QUESTION 17
Which Nexus feature enables you to support server connectivity with one topology and address requirement for both high availability and high bandwidth?
A. vPC
B. vPC+
C. Stackwise
D. EvPC
Correct Answer: D
Section: (none)
Explanation
QUESTION 18
Which technology can block interfaces and provide a loop-free topology?
A. STP
B. VSS
C. VLAN
D. vPC
Correct Answer: A
Section: (none)
Explanation
QUESTION 19
Which technology allows network managers to centrally manage the VLAN database?
A. VTP
B. VLAN
C. VSS
D. vPC
Correct Answer: A
Section: (none)
Explanation
QUESTION 20
Which technology allows multiple instances of a routing table to coexist on the same router simultaneously?
A. VRF
B. Cisco virtual router
C. instanced virtual router
D. IS-IS
Correct Answer: A
Section: (none)
Explanation
QUESTION 21
Which first-hop redundancy protocol that was designed by Cisco allows packet load sharing among groups of redundant routers?
A. GLBP
B. HSRP
C. VRRP
D. VSS
Correct Answer: A
Section: (none)
Explanation
QUESTION 22
Which routing protocol provides the fastest convergence and greatest flexibility within a campus environment?
A. OSPF
B. IS-IS
C. BGP
D. EIGRP
Correct Answer: D
Section: (none)
Explanation
QUESTION 23
A network engineer wants to connect two sites via a WAN technology and to securely pass multicast traffic over this WAN technology. Which WAN technology
should be configured?
A. IPsec
B. GRE
C. pure MPLS
D. GRE over IPsec
Correct Answer: D
Section: (none)
Explanation
QUESTION 24
A network manager wants to securely connect a new remote site to the existing headquarters site using a VPN technology that meets security requirements. Which
VPN technology should be used?
A. GRE
B. IPsec
C. remote-access VPN
D. L2TP VPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 25
Which VPN technology is tunnel-less?
A. GET VPN
B. DMVPN
C. MPLS
D. IPsec VPN
Correct Answer: A
Section: (none)
Explanation
QUESTION 26
Which type of connectivity is required for VPLS?
A. full mesh
B. partial mesh
C. star
D. bus
E. ring
Correct Answer: A
Section: (none)
Explanation
QUESTION 27
Which protocol should be run on the LAN side of two edge routers (that are terminating primary and backup WAN circuits) to provide quick failover in case of
primary WAN circuit failure?
A. VTP
B. STP
C. VRRP
D. RIP
Correct Answer: C
Section: (none)
Explanation
QUESTION 28
Which Cisco feature can be run on a Cisco router that terminates a WAN connection, to gather and provide WAN circuit information that helps switchover to
dynamically back up the WAN circuit?
A. Cisco Express Forwarding

B. IP SLA
C. passive interface
D. traffic shaping
Correct Answer: B
Section: (none)
Explanation
QUESTION 29
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?
A. VRRP
B. BGP
C. IPsec
D. SSL
Correct Answer: B
Section: (none)
Explanation
QUESTION 30
Private lines make use of which connection type based on cell switching?
A. ATM
B. ISP MPLS VPN
C. VTI
D. VPLS
Correct Answer: A
Section: (none)
Explanation
QUESTION 31
Refer to the exhibit. Which functionality must be enabled on router A to connect two networks for translating private addresses into "legal" public addresses on a
one-for-one basis?
A. PAT
B. NAT
C. VLAN
D. GARP
E. PPP
Correct Answer: B
Section: (none)
Explanation
QUESTION 32
Which technology fulfills these requirements?
Utilize a connection that must support a range of traffic, voice, video, and data.
This traffic must also support transmission via a fixed blank 53-byte cell.
A. PPP
B. Frame Relay
C. ATM
D. MPLS
E. X.25
Correct Answer: C
Section: (none)
Explanation
QUESTION 33
Which option is used as a top-of-rack device that is managed by its parent device, providing ease of management?
A. Cisco Nexus 2000

B. Cisco Nexus 5000
C. Cisco Nexus 7000
D. Cisco Nexus 9000
Correct Answer: A
Section: (none)
Explanation
QUESTION 34
Which option provides software modularity in Cisco NX-OS software in the data center design?
A. The ip routing command enables all of the features in the Cisco NX-OS.
B. All of the features are enabled by default in the Cisco NX-OS.
C. Individual features must be manually enabled to start the process.
D. The Cisco NX-OS has a management VRF that is enabled by default.
Correct Answer: C
Section: (none)
Explanation
QUESTION 35
What is an advantage of using the vPC feature in a data center environment?
A. VSS is a requirement.
B. Multiple instances of control plane are formed.
C. The control plane and management plane remain separate.
D. Cisco FabricPath technology does not have to be configured.
Correct Answer: B
Section: (none)
Explanation
QUESTION 36
Which option is a benefit of the vPC+ feature?
A. Cisco FabricPath is not required in the network domain.

B. This feature provides fault domain separation.
C. Nonfabric devices, such as a server or a classic Ethernet switch, can be connected to two fabric switches that are configured with vPC.
D. The control plane and management plane are combined into one logical plane.
Correct Answer: C
Section: (none)
Explanation
QUESTION 37
A network administrator wants to provide high availability in a data center environment by making sure that there is no reconvergence of Layer 2 and Layer 3
protocols when there is a Layer 3 switch failure. Which Cisco Nexus feature fulfills this purpose?
A. ISSU
B. VSS
C. vPC
D. MEC
Correct Answer: C
Section: (none)
Explanation
QUESTION 38
Which virtualization technology allows for HSRP protocol to be used in the active/active configuration where both HSRP Layer 3 devices can forward network
traffic?
A. OTV
B. VSS
C. vPC
D. VDC
Correct Answer: C
Section: (none)
Explanation
QUESTION 39
Which technology extends Layer 2 LANs over any network that supports IP?
A. OTV
B. VSS
C. vPC
D. VLAN
Correct Answer: A
Section: (none)
Explanation
QUESTION 40
What is the purpose of an OTV edge device?
A. connect to other data centers

B. connect to the access layer
C. connect to the end users
D. connect to mobile devices
Correct Answer: A
Section: (none)
Explanation
QUESTION 41
Which feature can be used in the Cisco Nexus 7000 to create a snapshot of the current configuration?
A. Cisco FabricPath
B. HSRP
C. Rollback
D. vPC
Correct Answer: C
Section: (none)
Explanation
QUESTION 42
A company has hired an entry-level network administrator for its new data center. The company CIO wants to give the administrator limited access on the newly
configured Cisco Nexus 7000. Which feature should be used to allow limited access?
A. NAC
B. VDC
C. RBAC
D. vPC
Correct Answer: C
Section: (none)
Explanation
QUESTION 43
Which option prevents the dropping of asymmetrically routed packets in active/active failover paired firewalls?
A. Nothing can be done to prevent this from happening.

B. Configure different policies on both firewalls.
C. Assign similar interfaces on each firewall to the same asymmetric routing group.
D. Assign similar interfaces on each firewall to a different asymmetric routing group.
Correct Answer: C
Section: (none)
Explanation
QUESTION 44
Refer to the exhibit. Which option should be the default gateway for the PC1 that is shown?
A. 10.3.2.4
B. 10.2.2.2
C. 10.2.2.1
D. 10.2.2.3
Correct Answer: A
Section: (none)
Explanation
QUESTION 45
The network engineering team is interested in deploying NAC within the enterprise network to enhance security. What deployment model should be used if the team
requests that the NAC be logically inline with clients?
A. Layer 2 in-band
B. Layer 2 out-of-band
C. Layer 3 in-band
D. Layer 3 out-of-band
Correct Answer: B
Section: (none)
Explanation
QUESTION 46
Which authentication framework is used in wireless networks and point-to-point connections?
A. EAP
B. L2TP
C. TKIP
D. PPP
Correct Answer: A
Section: (none)
Explanation
QUESTION 47
What is one reason to implement Control Plane Policing?
A. allow OSPF routing protocol to advertise routes

B. protect the network device route processor from getting overloaded by rate limiting the incoming control plane packets
C. allow network devices to generate and receive packets
D. protect the data plane packets
Correct Answer: B
Section: (none)
Explanation
QUESTION 48
Port security supports which type of port?
A. SPAN destination port

B. EtherChannel port-channel port
C. nonnegotiating trunk port
D. DTP-enabled trunk port
Correct Answer: C
Section: (none)
Explanation
QUESTION 49
Which protocol is required for end-to-end signaling in an IntServ QoS architecture?
A. RSVP
B. DSCP
C. ToS
D. LLQ
E. DiffServ
Correct Answer: A
Section: (none)
Explanation
QUESTION 50
Which QoS architecture provides scalability of implementation?
A. IntServ
B. DiffServ
C. LLQ
D. RSVP
Correct Answer: B
Section: (none)
Explanation
QUESTION 51
Which architecture provides a way to deliver end-to-end QoS as required by real-time voice and video business applications?
A. IntServ
B. DiffServ
C. LLQ
D. ToS
E. DSCP
Correct Answer: A
Section: (none)
Explanation
QUESTION 52
CoS is applied for Layer 2 markings in an Ethernet environment. Which protocol must be configured on the Layer 2 switch port for CoS to work?
A. MPLS
B. IEEE 802.1W
C. IEEE 802.1Q
D. IEEE 802.1S
Correct Answer: C
Section: (none)
Explanation
QUESTION 53
Which protocol is used in an in-band network and why?
A. UDP, because it is connectionless

B. SSH, because the username and password are encrypted
C. Telnet, because the username and password are sent in clear
D. MSDP, because it uses TCP as its transport protocol
Correct Answer: B
Section: (none)
Explanation
QUESTION 54
What is an advantage of having an out-of-band management?
A. It is less expensive to have an out-of-band management.

B. Network devices can still be managed, even in case of network outage.
C. There is no separation between the production network and the management network.
D. SSH protocol must be used to manage network devices.
Correct Answer: B
Section: (none)
Explanation
QUESTION 55
The direction of the flow of multicast traffic is based on which protocol?
A. PIM
B. IGMP
C. underlying IGP
D. MSDP
Correct Answer: C
Section: (none)
Explanation
QUESTION 56
Which option can be implemented to manipulate the election of PIM DR to force multicast traffic to a certain path?
A. Assign a lower PIM DR priority to the PIM DR interface.

B. Assign a lower IP address to the PIM DR interface.
C. Assign a higher PIM DR priority to the PIM DR interface.
D. Increase the cost on the PIM DR interface.
Correct Answer: C
Section: (none)
Explanation
QUESTION 57
What network technology provides Layer 2 high availability between the access and distribution layers?
A. HSRP
B. MEC
C. EIGRP
D. GLBP
Correct Answer: B
Section: (none)
Explanation
QUESTION 58
On which two types of links should routing protocol peerings be established according to best practice? (Choose two.)
A. distribution links
B. end user links
C. transit links
D. core links
Correct Answer: CD
Section: (none)
Explanation
QUESTION 59
A network engineer has implemented a looped triangle switch block design. What element must be included in the design?
A. first hop redundancy protocol

B. Layer 2 links between access switches
C. single uplinks between access and distribution switches
D. VLANs that span access switches
E. Layer 3 links between distribution switches
Correct Answer: A
Section: (none)
Explanation
QUESTION 60
Refer to the exhibit. Which two features can enable high availability for first-hop Layer 3 redundancy? (Choose two.)
A. VPC
B. IGMP V2
C. VRRP
D. PIM
E. HSRP
Correct Answer: CE
Section: (none)
Explanation
QUESTION 61
To which network layer should Cisco Express Forwarding be tuned to support load balancing and to make more informed forwarding decisions?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6
G. Layer 7
Correct Answer: D
Section: (none)
Explanation
QUESTION 62
A Layer 2 switch in the network has recently started broadcasting traffic out of every port and is impacting network performance. The engineering department
determines that a MAC overflow attack is the cause. Which two features can protect and mitigate the damage of the attacks? (Choose two.)
A. Storm Control
B. Port Security
C. SPAN
D. BPDU Filters
E. IP Source Guard
F. VACLs
Correct Answer: AB
Section: (none)
Explanation
QUESTION 63
An HSRP design requirement states that preemption must be enabled for the active switch, which is a Cisco 4507R. Assume a boot time of 300 seconds. Which
setting of the preemption delay timer minimizes the loss of traffic?
A. 50 seconds
B. 100 seconds
C. 150 seconds
D. 200 seconds
Correct Answer: C
Section: (none)
Explanation
QUESTION 64
What is the next action taken by the Cisco NAC Appliance after it identifies a vulnerability on a client device?
A. denies the client network resource access

B. repairs the effected devices
C. generates a Syslog message
D. permits the client but limits to guest access
Correct Answer: B
Section: (none)
Explanation
QUESTION 65
Refer to the exhibit. A customer requires a web application implementation, but the web server has communication only to the application server and users, and the
database server has communication only to the application server. What firewall design is the best fit for this scenario?
A. transparent mode with the servers on the same subnet

B. routed mode with three security zones
C. transparent mode with three security zones
D. routed mode with two security zones
Correct Answer: B
Section: (none)
Explanation
QUESTION 66
An organization is designing the IP allocation of a new site. It currently has 12 separate IP segments. Each segment must be /24, accommodate 25% of growth, and
be easily summarized.
Which summarized IP block can be subnetted to meet these requirements?
A. /18
B. /19
C. /20
D. /21
Correct Answer: C
Section: (none)
Explanation
QUESTION 67
Summary address blocks can be used to support which network application?
A. QoS
B. IPsec tunneling
C. Cisco TrustSec
D. NAT
E. DiffServ
Correct Answer: D
Section: (none)
Explanation
QUESTION 68
A network design engineer has been asked to reduce the size of the SPT on an IS-IS broadcast network. Which option should the engineer recommend to
accomplish this task?
A. Configure the links as point-to-multipoint.

B. Configure QoS in all links.
C. Configure a new NET address.
D. Configure the links as point-to-point.
Correct Answer: D
Section: (none)
Explanation
QUESTION 69
What are three primary components in IS-IS fast convergence? (Choose three.)
A. event propagation
B. LSP flooding
C. fast hellos
D. matching MTUs
E. updating RIB and FIB
F. SPF calculation
Correct Answer: AEF

Section: (none)
Explanation
QUESTION 70
A campus network utilizes EIGRP to connect to several remote branch offices.
Which configuration should be established on all branch routers to improve routing scalability and performance?
A. Configure authentication between the campus and branch offices.

B. Enable stub routing on all branch routers.
C. Adjust EIGRP k-values to utilize delay.
D. Utilize offset lists to direct traffic more efficiently.
Correct Answer: B
Section: (none)
Explanation
QUESTION 71
Which two design principles should be followed to scale EIGRP properly? (Choose two.)
A. Ensure that the network design follows a structured hierarchical topology.

B. Utilize route summarization on edge devices.
C. Implement multiple autonomous systems, regardless of the size of the network.
D. Tune EIGRP delay metric on all core devices.
E. Configure offset lists on the network border.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 72
Which action can be taken on a multiaccess segment with OSPF speakers to reduce the performance impact during widespread convergence events?
A. Separate the network into multiple areas for each new multiaccess segment.
B. Enable LSA throttling in the core to slow link state advertisement updates during times of network instability.
C. Ensure that the elected DR or BDR router can support high-volume convergence events.
D. Verify that fewer than 50 OSPF speakers are on the segment.
Correct Answer: C
Section: (none)
Explanation
QUESTION 73
An engineer is attempting to improve OSPF network performance and discovers that the entire SPT recomputes whenever a type 1 or type 2 LSA is received within
an area.
Which action can optimize SPT operations?
A. Tune LSA throttling thresholds.

B. Enable incremental SPF.
C. Configure totally stubby areas throughout the domain.
D. Summarize networks on all ABRs.
Correct Answer: B
Section: (none)
Explanation
QUESTION 74
Which option does best practice dictate for the maximum number of areas that an OSPF router should belong to for optimal performance?
A. 1
B. 2
C. 3
D. 4
E. 5
Correct Answer: C
Section: (none)
Explanation
QUESTION 75
A BGP network is having difficulty scaling with the full mesh peer requirement. What two iBGP alternates can scale BGP appropriately? (Choose two.)
A. communities
B. route reflectors
C. confederations
D. peer groups
E. peer templates
Correct Answer: BC
Section: (none)
Explanation
QUESTION 76
Which command can you enter to inject BGP routes into an IGP?
A. redistribute bgp
B. redistribute static
C. redistribute static subnet
D. default-information originate
Correct Answer: A
Section: (none)
Explanation
QUESTION 77
Which two features can you implement to control which networks are advertised by a BGP router? (Choose two.)
A. prefix lists
B. route maps
C. policy maps
D. router SNMP statements
E. crypto maps
Correct Answer: AB
Section: (none)
Explanation
QUESTION 78
What are two benefits of using 6to4 as an IPv6 transition method? (Choose two.)
A. 6to4 tunnels allow isolated IPv6 domains to be remotely connected over IPv4 networks.
B. Manual configuration (scalability) is easier.
C. Point-to-multipoint automatic tunneling (automatic 6to4) is available.
D. An infinite number of address spaces are allocated to an IPv6 subnet.
E. Globally unique IPv4 addresses are not required.
Correct Answer: AC
Section: (none)
Explanation
QUESTION 79
Which feature enables the VRRP-enabled router to regain the master VRRP status upon recovery from a failure?
A. priority
B. authentication
C. preemption
D. stateful switchover
Correct Answer: C
Section: (none)
Explanation
QUESTION 80
Which protocol should be configured if a network administrator has the following requirements?
Multiple physical gateways participating simultaneously in packet forwarding.

All hosts in the VLAN configured with the same default gateway address.
A. HSRP
B. VRRP
C. GLBP
D. VTP
Correct Answer: C
Section: (none)
Explanation
QUESTION 81
A network engineer is designing a network that must incorporate seamless failover when a link failure occurs between the core and distribution layer. What two
technologies will allow this? (Choose two.)
A. ECMP
B. RSTP
C. MEC
D. GLBP
E. HSRP
Correct Answer: AC
Section: (none)
Explanation
QUESTION 82
Which network technology provides Layer 2 high availability between the access and distribution layers?
A. HSRP
B. MEC
C. EIGRP
D. GLBP
Correct Answer: B
Section: (none)
Explanation
QUESTION 83
Which two types of authentication mechanisms can be used by VRRP for security? (Choose two.)
A. SHA-1
B. MD5
C. SHA-256
D. plaintext authentication
E. PEAP
Correct Answer: BD
Section: (none)
Explanation
QUESTION 84
A network engineer is designing an access layer that requires all uplinks to be active. Furthermore, VLANs must span across the entire switch block. What design
fulfills this requirement?
A. Layer 2 looped triangle

B. Layer 2 looped square
C. Layer 2 loop-free U
D. Layer 2 loop-free inverted U
Correct Answer: D
Section: (none)
Explanation
QUESTION 85
What are two of Cisco's best practices at the access layer to ensure rapid link transitions and VLAN consistency? (Choose two.)
A. Deploy RPVST
B. Deploy MSTP
C. Utilize VTP in server/client mode
D. Utilize VTP in transparent mode
E. VLANs span entire network
F. PortFast applied on distribution uplinks
Correct Answer: AD
Section: (none)
Explanation
QUESTION 86
In what situation must spanning-tree be implemented?
A. when first hop redundancy protocol exists with redundant Layer 2 links between distribution switches
B. when a VLAN spans access layer switches to support business applications
C. when trunks need to extend multiple VLANs across access switches
D. when it is necessary to speed up network convergence in case of link failure
Correct Answer: A
Section: (none)
Explanation
QUESTION 87
Which feature supports multiple routing tables with overlapping networks on a single device?
A. VRF
B. Metro Ethernet
C. RSTP
D. VSS
Correct Answer: A
Section: (none)
Explanation
QUESTION 88
DRAG DROP
Drag the task on the left to the appropriate layer category on the right.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 89
Which VPN technology supports dynamic creation of spoke-to-spoke VPN tunnels to provide a scalable design?
A. IPsec
B. GRE over IPsec
C. DMVPN
D. GRE
Correct Answer: C
Section: (none)
Explanation
QUESTION 90
A designer should have which three technologies in the network before configuring MPLS Layer 3 VPNs? (Choose three.)
A. MPLS
B. LDP
C. Cisco Express Forwarding
D. VSS
E. vPC
F. VRRP
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 91
Which two WAN technologies support IEEE 802.1Q, site-to-site connectivity, and point-to-point connectivity between two offices? (Choose two.)
A. Ethernet over MPLS

B. VPLS
C. Layer 3 MPLS
D. DSL
E. cable
Correct Answer: AB
Section: (none)
Explanation
QUESTION 92
Which ISP technology can be implemented as a service when designing a topology to perform extranet connectivity via multitenant segmentation from within a
corporate intranet?
A. Cisco Easy VPN

B. GRE over IPsec
C. MPLS
D. VTI
E. VPNaaS
Correct Answer: C
Section: (none)
Explanation
QUESTION 93
DRAG DROP
Drag the rule on the left to match the appropriate activity on the right.
Select and Place:

Correct Answer:
Section: (none)
Explanation
QUESTION 94
Which two technologies provide web and URL filtering and mitigate zero-day malware? (Choose two.)
A. Cisco CWS
B. Cisco WSA
C. Cisco GETVPN
D. Cisco ESA
E. NAT/PAT
Correct Answer: AB
Section: (none)
Explanation
QUESTION 95
What are two advantages of using Cisco FEX devices in the data center design? (Choose two.)
A. Traffic-forwarding decisions are made by the Cisco FEX device.

B. Cisco FEX devices must be upgraded when the parent switch is upgraded.
C. Traffic-forwarding decisions are made by the parent switch, resulting in easier troubleshooting and centralized management.
D. Cisco FEX devices do not have to be upgraded when the parent switch is upgraded, resulting in cost savings.
E. Cisco FEX devices can be part of two different VDCs.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 96
Which statement about the ToR design model is true?
A. It can shorten cable runs and simplify rack connectivity.

B. Each ToR switch must be individually managed.
C. Multiple ToR switches can be interconnected to provide a loop-free spanning-tree infrastructure.
D. It can connect servers that are located in separate racks.
Correct Answer: A
Section: (none)
Explanation
QUESTION 97
What is an advantage of using the Cisco FabricPath feature in a data center environment?
A. VSS does not have to be configured.
B. Transparent Interconnection of Lots of Links can be configured simultaneously.
C. Equal-Cost Multipath can be used to choose the forwarding path.
D. The control plane and management plane remain separate.
Correct Answer: C
Section: (none)
Explanation
QUESTION 98
What is an advantage of using the Virtual Device Contexts feature in a data center environment?
A. The same VLAN cannot be configured in separate Virtual Device Contexts.

B. This feature provides fault domain separation.
C. Supervisor modules are shared between Virtual Device Contexts.
D. Fabric modules are shared between Virtual Device Contexts.
Correct Answer: B
Section: (none)
Explanation
QUESTION 99
Which option is correct when using VSS to combine two physical switches into one logical switch?
A. Both data planes forward traffic simultaneously.

B. Only one data plane forwards traffic, while the other data plane is on standby.
C. Both control planes forward traffic simultaneously.
D. Control planes are combined into one virtual control plane.
Correct Answer: D
Section: (none)
Explanation
QUESTION 100
Which statement about vPC technology is true?
A. It allows a device to connect to two separate upstream devices as if they were a single device.
B. It provides the ability to pair two servers in the data center.
C. It promotes better STP designs in the switching infrastructure.
D. It supports IEEE 802.1Q only.
Correct Answer: A
Section: (none)
Explanation
QUESTION 101
Which statement best describes Cisco OTV internal interfaces?
A. They are Layer 2 interfaces that are configured as either access or trunk interfaces on the switch.
B. They are interfaces that perform Layer 3 forwarding with aggregation switches.
C. They are the interfaces that connect to the ISP.
D. They are tunnel interfaces that are configured with GRE encapsulation.
Correct Answer: A
Section: (none)
Explanation
QUESTION 102
Which mechanism is enabled by default in the OTV technology to conserve bandwidth?
A. Unknown unicast flooding is suppressed over the OTV link.

B. BPDUs are allowed to traverse the OTV link.
C. Control plane traffic is prevented from traversing the OTV link.
D. Data plane traffic is prevented from traversing the OTV link.
Correct Answer: A
Section: (none)
Explanation
QUESTION 103
Which two features provide resiliency in a data center? (Choose two.)
A. Cisco FabricPath
B. VTP
C. encryption
D. vPC
E. VRF
Correct Answer: AD
Section: (none)
Explanation
QUESTION 104
When a Cisco ASA adaptive security appliance is configured for active/standby failover, which MAC address is used for the active unit?
A. the MAC address of the primary unit

B. the MAC address of the secondary unit
C. the virtual MAC address
D. the standby MAC address
Correct Answer: A
Section: (none)
Explanation
QUESTION 105
Which three authentication services are supported by Cisco NAC Appliance? (Choose three.)
A. RADIUS
B. LDAP
C. Kerberos
D. TACACS+
E. local
F. SNMP
Correct Answer: ABC

Section: (none)
Explanation
QUESTION 106
Which security feature can help prevent spoofed packets on the network?
A. uRPF
B. ACLs
C. DAI
D. DHCP spoofing
Correct Answer: A
Section: (none)
Explanation
QUESTION 107
Which QoS mechanism uses RSVP?
A. IntServ
B. DiffServ
C. CoS
D. ToS
Correct Answer: A
Section: (none)
Explanation
QUESTION 108
Which QoS mechanism uses PHBs?
A. DiffServ
B. IntServ
C. CoS
D. ToS
Correct Answer: A
Section: (none)
Explanation
QUESTION 109
Voice and video-conferencing applications that support multistreaming use which protocol?
A. TCP
B. RTP
C. Multipath TCP
D. SCTP
Correct Answer: D
Section: (none)
Explanation
QUESTION 110
What are the three configuration requirements for implementing Modular QoS on a router? (Choose three.)
A. CoS
B. class map
C. precedence
D. service policy
E. priority
F. policy map
Correct Answer: BDF

Section: (none)
Explanation
QUESTION 111
Why is QoS important for in-band management?
A. It supports remote management when traffic volume is high.

B. It supports proper routing.
C. It supports network security against DoS attacks and worm outbreaks.
D. It supports network redundancy.
Correct Answer: A
Section: (none)
Explanation
QUESTION 112
Which option is an advantage of using PIM sparse mode instead of PIM dense mode?
A. No RP is required.
B. There is reduced congestion in the network.
C. IGMP is not required.
D. It floods all multicast traffic throughout the network.
Correct Answer: B
Section: (none)
Explanation
QUESTION 113
What are the two methods of ensuring that the RPF check passes? (Choose two.)
A. implementing static mroutes

B. implementing OSPF routing protocol
C. implementing MBGP
D. disabling the interface of the router back to the multicast source
E. disabling BGP routing protocol
Correct Answer: AC
Section: (none)
Explanation
QUESTION 114
In which multicast configuration is MSDP most useful?
A. interdomain
B. intradomain
C. data center
D. campus
Correct Answer: A
Section: (none)
Explanation
QUESTION 115
A network design team is experiencing sustained congestion on access and distribution uplinks. QoS has already been implemented and optimized, and it is no
longer effective in ensuring optimal network performance.
Which two actions can improve network performance? (Choose two.)
A. Reconfigure QoS based on the IntServ model.

B. Configure selective packet discard to drop noncritical network traffic.
C. Implement higher-speed uplink interfaces.
D. Bundle additional uplinks into logical EtherChannels.
E. Utilize random early detection to manage queues.
Correct Answer: CD
Section: (none)
Explanation
QUESTION 116
What two features are inherent advantages of MPLS VPN services? (Choose two.)
A. service providers can provide additional services

B. virtual private networks segment traffic and ensure privacy
C. easier to troubleshoot than Layer 2 WAN technologies
D. faster data transfer speeds at lower costs
E. functions without Cisco Express Forwarding
Correct Answer: AB
Section: (none)
Explanation
QUESTION 117
A VPN solution requires bulk traffic encryption, low OpEx to add new sites, and the ability to accommodate dynamic tunnels between branch locations. What VPN
solution can fulfill these requirements?
A. GETVPN
B. SSL VPN
C. Easy VPN
D. DMVPN
Correct Answer: D
Section: (none)
Explanation
QUESTION 118
A company requires redundancy for its multihomed BGP external connections. What two features can be configured on the WAN routers to automate failover for
both outbound and inbound traffic? (Choose two.)
A. AS path prepending
B. local preference
C. floating static route
D. HSRP
E. MED
F. weight
Correct Answer: AD
Section: (none)
Explanation
QUESTION 119
Which two physical components can enable high availability on a Cisco 6500 device? (Choose two.)
A. dual supervisor modules

B. bundled Ethernet Interconnects
C. line modules with DFCs
D. redundant power supplies
E. VSS interlink cables
Correct Answer: AD
Section: (none)
Explanation
QUESTION 120
Recently, the WAN links between the headquarters and branch offices have been slow under peak congestion, yet multiple alternate WAN paths exist that are not
always congested. What technology can allow traffic to be routed in a more informed manner to utilize transport characteristics such as delay, loss, or link load?
A. performance routing
B. static routing
C. on demand routing
D. policy based routing
Correct Answer: A
Section: (none)
Explanation
QUESTION 121
A network engineer is building a LAN design that includes Cisco NAC. What two characteristics of an out-of-band NAC deployment are important to consider when
evaluating it for the design? (Choose two.)
A. supported by a limited number of switch models

B. never in-line with user traffic
C. aggregate client traffic is constrained to NAC server port speed
D. recommended if sharing ports between IP phones and PCs
E. supports real IP gateway (routed mode)
Correct Answer: AD
Section: (none)
Explanation
QUESTION 122
Which option is a method of restricting access for users based on user roles and locales?
A. RBAC
B. ACE
C. LDAP
D. RADIUS
Correct Answer: A
Section: (none)
Explanation
QUESTION 123
Which technology should a network designer combine with VSS to ensure a loop free topology with optimal convergence time?
A. PortFast
B. UplinkFast
C. RPVST+
D. Multichassis EtherChannel
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 124
What are two methods of ensuring that the multicast RPF check passes without changing the unicast routing table? (Choose two.)
A. disabling the interface of the router back to the multicast source
B. disabling BGP routing protocol
C. implementing MBGP
D. implementing OSPF routing protocol
E. implementing static mroutes
Correct Answer: AE
Section: (none)
Explanation
Explanation:
QUESTION 125
Which two design principles should be followed to improve EIGRP scaling in any size network? (Choose two.)
A. Ensure that the network design follows a structured hierarchical topology.

B. Utilize route summarization on edge devices.
C. Tune EIGRP delay metric on all core devices.
D. Implement multiple autonomous systems, regardless of the size of the network.
E. Configure offset lists on the network border.
Correct Answer: AB
Section: (none)
Explanation
Explanation:
QUESTION 126
Which security mechanism can you implement to protect the OSPF information that a router receives?
A. privilege 15 credentials
B. administrator username and password authentication
C. RADIUS authentication
D. cryptographic authentication
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 127
Which STP feature can prevent other switches on the network from becoming the root switch, but still allow that interface to participate in STP otherwise?
A. Root Guard
B. UDLD
C. Bridge Assurance
D. BPDU Guard
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 128
Which interface characteristic is used to calculate the cost of an interface in OSPF when the cost is not configured?
A. load
B. reliability
C. delay
D. bandwidth
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 129
Which technology can block ports to provide a loop-free topology and does not contain a port state named “listening?”
A. VLAN
B. RPVST+
C. VSS
D. STP
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 130
A network designer needs to explain the advantages of route summarization to a client. Which two options are advantages that should be included in the
explanation? (Choose two.)
A. Increases security by advertising fake networks

B. Reduces routing table size
C. Advertises detailed routing tables
D. Utilizes the routers full CPU capacity
E. Reduces the upstream impact of a flapping interface
Correct Answer: BE
Section: (none)
Explanation
Explanation:
QUESTION 131
Which two methods are available to connect a Cisco IOS device to an active directory domain for authentication? (Choose two.)
A. Lightweight Directory Access Protocol

B. DNS Based Authentication of Named Entities
C. Microsoft Challenge-Handshake Authentication Protocol
D. RADIUS server
E. Directory Access Protocol
Correct Answer: AD
Section: (none)
Explanation
Explanation:
QUESTION 132
What are two point-to-multipoint overlay tunneling strategies that are used in transitioning to IPv6? (Choose two.)
A. manual
B. Teredo
C. ISATAP
D. GRE
E. 6to4
Correct Answer: CE
Section: (none)
Explanation
Explanation:
QUESTION 133
Which two ВGР attributes can be set with outbound policy to manipulate inbound traffic, if honored by the remote autonomous system? (Choose two.)
A. next hop
B. AS path
C. local preference
D. multi-exit discriminator
E. weight
Correct Answer: BD
Section: (none)
Explanation
Explanation:
QUESTION 134
DRAG DROP
Drag the IS-IS fast convergence components on the left to the order in which they occur on the right.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 135
Which security feature can help prevent spoofed packets on the network by verifying the validity of the source's IP address?
A. DHCP spoofing
B. DAI
C. uRPF
D. 802.1x
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 136
Which OSPF option can you configure to connect two parts of a partitioned backbone through a nonbackbone area?
A. route summarization
B. a virtual link
C. an NSSA
D. a static OSPF neighbor
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 137
Which option is correct when using Virtual Switching System to combine two physical switches into one logical switch?
A. Both control planes forward traffic simultaneously.

B. Only one control plane is active, while the other control plane is in standby.
C. Only one data plane forwards traffic, while the other data plane is in standby.
D. Control planes are combined into one virtual control plane.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 138
You are assigned the network of 192.168.1.0/24. You want to split the network into four subnets that are all the same size. Which three statements about the first
subnet that you create are true? (Choose three.)
A. the subnet mask is 255.255.255.192.

B. The last host IP address is 192.168.1.64.
C. The subnet mask is 255.255.255.224.
D. The subnet has up to 64 hosts.
E. The last host IP address is 192.168.1.62
F. The subnet has up to 62 hosts.
Correct Answer: AEF

Section: (none)
Explanation
Explanation:
QUESTION 139
In which multicast configuration is MSDP most useful?
A. intradomain IPv4 PIM SSM

B. PIM Dense-Mode
C. IPv6 multicast
D. interdomain IPv4 PIM Sparse-Mode
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 140
Which STP feature allows an access port to bypass the learning and listening states?
A. BPDU Guard
B. PortFast
C. Root Guard
D. Loop Guard
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 141
Which Layer 2 messaging protocol maintains VLAN configuration consistency?
A. VTP
B. VSS
C. LLDP
D. CDP
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 142
When designing a layer 2 STP-based LAN with Layer 3 FHRP, which design recommendation should be followed?
A. Avoid modifying default STP and FHRP timers.

B. Assign the native VLAN to the lowest number in use.
C. Avoid configuring router preemption.
D. Align the STP root with the active FHRP device.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 143
Which virtualization technology uses Layer 3 BFD to detect network failures between network devices?
A. VTP
B. VSS
C. vPC
D. Cisco Fabric Path
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 144
VPLS uses which transport protocol for tunneling Ethernet frames?
A. L2TP
B. GRE
C. IPsec
D. MPLS
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 145
A network engineer is designing a network that must incorporate active-active redundancy to eliminate disruption when a link failure occurs between the core and
distribution layer. What two technologies will allow this? (Choose two.)
A. Equal Cost Multi-Path (ECMP)

B. Rapid Spanning Tree Protocol Plus (RSTP+)
C. Hot Standby Routing Protocol (HSRP)
D. Rapid Spanning Tree Protocol (RSTP)
E. Multichassis EtherChannel (MEC)
Correct Answer: CE
Section: (none)
Explanation
Explanation:
QUESTION 146
Which three statements about 802.1X are true? (Choose three.)
A. It is a Cisco proprietary standard.

B. It can allow and deny port access based on device identity.
C. It is an IEEE standard.
D. It can allow and deny port access based on user identity.
E. By default, it allows devices that lack 802.1 support.
F. It works only with wired devices.
Correct Answer: BCD

Section: (none)
Explanation
Explanation:
QUESTION 147
Which option must be included in the design when implementing a triangle looped access layer design?
A. A first hop redundancy protocol.

B. Single uplinks between access and distribution switches.
C. Layer 2 links between access switches.
D. Layer 3 links between distribution switches.
Correct Answer: A
Section: (none)
Explanation
QUESTION 148
A. supports FHRP
B. The two switches form a single control plane
C. All available uplink bandwidth is utilized
D. A single IP is used for management of both devices
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 149
An organization is using a link state routing protocol that is not dependent on IP addressing. Which action should be taken to enable routing across area boundaries
in this environment?
A. Assign Level 1 router interfaces to different areas

B. Assign Level 2 routers to different areas
C. Assign Level 1 routers to different areas
D. Assign Level 2 router interfaces to different areas
E. Assign Level 2 router interfaceto the backbone area
F. Assign Level 1 router interface to the backbone area
Correct Answer: AE
Section: (none)
Explanation
Explanation:
QUESTION 150
A network engineer must select a network technology to simplify the extension of Layer 2 networks between data centers with a requirement of less than 4,000
VLANs. Which two network technologies accomplish this requirement? (Choose two.)
A. MPLS
B. L2TP
C. VXLAN
D. LISP
E. OTV
Correct Answer: AB
Section: (none)
Explanation
Explanation:
QUESTION 151
Which option is the unique requirement when supporting IP Multicast packets when designing IPsec VPNs?
A. IPsec forwarding using transport mode

B. IPsec forwarding using tunnel mode.
C. additional bandwidth for headend
D. encapsulation of traffic with GRE or VTI
Correct Answer: D
Section: (none)
Explanation
References:
QUESTION 152
An organization is acquiring another company and merging the two company networks. No subnets overlap, but the engineer must limit the networks advertised to
the new organization. Which feature implements this requirement?
A. route filtering
B. stub area
C. passive interface
D. interface ACL
Correct Answer: A
Section: (none)
Explanation
Explanation:
QUESTION 153
A network link is going up and down rapidly, and it is hindering network performance and routing table stability. Which option can be configured to insulate against
the performance impact of interface or link failure throughout the network?
A. distributed Cisco Express Forwarding switching
B. default route propagation
C. route summarization
D. secondary IP addressing
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 154
A company requires a simple network access control solution that allows for software defined segmentation based on user and device contextual information.
Which two technologies must be implemented to meet these requirements? (Choose two.)
A. Clean Access
B. Identity Service Engine
C. TrustSec
D. Secure Access Control System
E. NAC Agent
Correct Answer: BC
Section: (none)
Explanation
References:
QUESTION 155
A client’s security policy requires separate management and control planes for different divisions within the company. Which technology can be used to achieve this
requirement while minimizing the number of physical devices?
A. virtualrouting and forwarding

B. virtual device contexts
C. virtual port channels
D. virtual switching system
E. virtual local area networks
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 156
Which method does Cisco recommend for deploying OTV to multiple data centers?
A. Use unicast-only transport.

B. Use multicast-enabled transport.
C. Filter MAC addresses at the join interface.
D. Configure one edge device for each data center.
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 157
A company has asked for an OOB management network design. Which option is one Cisco best practice parameter that must be followed?
A. Data networks can traverse the management network as a backup path.

B. Data networks and management networks must be in the routing table.
C. Data networks must be limited to SSH, NTP, FTP, SNMP and TACACS+ protocols.
D. Data networks must never traverse the management network.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 158
An engineer is designing a campus network and must implement subsecond failover as it relates to OSPF and EIGRP designs. Which action accomplishes this
requirement?
A. Design a triangle topology and tune the timers on the routing protocol.
B. Design a square topology and use port-channeling on each path.
C. Design a square topology and tune the timers on the routing protocol.
D. Design a triangle topology and use Bidirectional Forwarding Detection.
Correct Answer: D
Section: (none)
Explanation
Explanation:
QUESTION 159
Multicast has been enabled and configured in the Enterprise, and PIM Sparse-mode has been enabled on all VLANs. What feature is required to stop multicast
traffic from being broadcasted on the access layer switches?
A. Multicast boundary filter

B. PIM dense-mode
C. IGMP snooping
D. Dynamic ARP inspection
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 160
While planning a new WAN design, an engineering team is asked to use software defined networking as part of the wide area network strategy. Which SDN
controller allows for applications iWAN control, Plug and Play and Enterprise Service Automation?
A. Enterprise NFV
B. APIC
C. Wide Area Application Service
D. APIC-EM
Correct Answer: D
Section: (none)
Explanation
References:
QUESTION 161
DRAG DROP
Drag and drop the isolation technique from the left into the corresponding tenant separation category on the right. Not all options are used.
Select and Place:

Correct Answer:
Section: (none)
Explanation
QUESTION 162
To which network layer should Cisco Express Forwarding be tuned to in order to support load balancing and to make more informed forwarding decisions?
A. Layer 2
B. Layer 3
C. Layer 4
D. Layer 5
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 163
An engineer has implemented a QoS architecture that requires a signaling protocol to tell routers which flows of packets require special treatment.
Which two mechanisms are important building blocks to establishing and maintaining QoS in this architecture? (Choose two.)
A. policing
B. classification
C. admission control
D. tagging
E. low-latency queuing
F. resource reservation
G. packetscheduling
Correct Answer: BF
Section: (none)
Explanation
Explanation:
QUESTION 164
An engineering team must design a firewall solution with shared hardware resources but separation of features such as ACLs, NATs and management between the
external business partners of the organization. Which ASA deployment mode meets these requirements?
A. routed mode
B. transparent mode
C. multicontext mode
D. clustering mode
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 165
A device failure in an active/active ASA firewall pair caused an outage. An engineer wants to ensure that load balancing across the firewall pair and automatic
failover is permitted. Which traffic engineering method must be used?
A. IP SLA
B. BFD
C. ASR groups
D. ECMP
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 166
An engineer is designing a Cisco Application Centric Infrastructure network. What is the expected number of links between spine switches?
A. 0
B. 1
C. 2
D. 4
Correct Answer: A
Section: (none)
Explanation
References:
QUESTION 167
After an incident caused by a DDos attack on a router, an engineer must ensure that the router is accessible and protected from future attacks without making any
changes to traffic passing through the router. Which security function can be utilized to protect the router?
A. zone based policy firewall

B. access control lists
C. class maps
D. modular QoS CLI
E. control plane policing
Correct Answer: E
Section: (none)
Explanation
Explanation:
QUESTION 168
An engineer must design a Cisco VSS-based configuration within a customer campus network. The two VSS switches are provisioned for the campus distribution
layer and each one has a single supervisor and multiple 10 gigabit line cards. Which option is the primary reason to avoid plugging both VSL links into the
supervisor ports?
A. QoS is required on the VSL links.

B. Limited bandwidth is available for VSS convergence.
C. The design lacks optimal hardware diversity.
D. The implementation creates a loop.
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 169
DRAG DROP
Drag and drop the Remote Data Center Layer 2 Extension option from the left onto its function on the right.
Select and Place:
Correct Answer:
Section: (none)
Explanation
QUESTION 170
Refer to the exhibit. A customer discovers router R1 remains active even when the R1 uplink (F0/1) is down. Which two comments can be applied to R1 to allow R2
to take over as the HSRP active? (Choose two.)
A. standby 10 track 50 shutdown

B. standby 10 track 50 decrement 20
C. track 50 ip route 10.10.10.0/24 reachability
D. standby 10 track 50
E. track 50 interface Fa0/1 ip routing
Correct Answer: DE
Section: (none)
Explanation
Explanation:
QUESTION 171
During the design of a new data center, a company requires that access switches be placed near servers without requiring a one-to-one ratio of switches to network
racks. Which switch layout must be used?
A. end ofrow
B. top of rack
C. integrated
D. centralized
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 172
DRAG DROP
An engineer must provide segmentation for a shop floor environment that has only a single /24 network available. Each area of machinery needs to have its own
subnet. Drag and drop the subnet from the left onto the corresponding IP addressing design on the right. Not all options are used.
Select and Place:

Correct Answer:
Section: (none)
Explanation
QUESTION 173
Two companies want to merge their OSPF networks, but they run different OSPF domains. Which option must be created to accomplish this requirement?
A. OSPF virtual link to bridge the backboneareas of the two companies together
B. Area on the ASBR of each company with the same area ID to bridge the networks together
C. redistribute routes between domains
D. NSSA on the ASBR of each company
Correct Answer: C
Section: (none)
Explanation
Explanation:
QUESTION 174
In what situation must spanning-tree be implemented?
A. when fast convergence is required for link failures

B. when redundant Layer 2 links, that are not part of a single EtherChannel or bundle, exist between distribution switches
C. when trunks need to extend multiple VLANs across access switches
D. when a VLAN spans access layer switches
Correct Answer: B
Section: (none)
Explanation
Explanation:
QUESTION 175
View the Exhibit.
Refer to the exhibit. An engineer is designing a new firewall for an organization and must provision Network Address Translation. This new firewall must support
basic Internet access for the organization as well as provide inbound connectivity to the mail server. The infrastructure has only one public IP address available for
use on the new firewall.
Which two forms of NAT must be configured? (Choose two.)
A. static NAT for the inbound traffic on port 25

B. dynamic NAT for the inbound traffic on port 25
C. dynamic NAT for the outbound traffic
D. NAT overloading for the outbound traffic
E. NAT overloading for the inbound traffic on port 25
Correct Answer: AD
Section: (none)
Explanation
QUESTION 176
An engineer is configuring QoS to meet the following requirement. All traffic that exceeds the allocated bandwidth will still traverse the infrastructure but will be
buffered and queued for later transmission.
Which QoS tool meets these requirements?
A. Shaping
B. Per-Hop Behaviors
C. Weighted Fair Queuing
D. IP Precedence
Correct Answer: A
Section: (none)
Explanation
QUESTION 177
A network engineer wants to segregate three interconnected campus networks via ISIS routing. A two-layer hierarchy must be used to support large routing
domains to avoid more specific routes from each campus network being advertised to other campus network routers automatically.
What two actions should be taken to accomplish this segregation? (Choose two.)
A. Assign a unique ISIS NET value for each campus and configure internal campus routers with Level 1 routing.
B. Designate two ISIS routers from each campus to act as a Layer 1/Layer 2 backbone routers at the edge of each campus network.
C. Assign similar router ID to all routers within each campus.
D. Designate two ISIS routers as BDR routers at the edge of each campus.
E. Change the MTU sizes of the interface of each campus network router with a different value.
Correct Answer: AB
Section: (none)
Explanation
QUESTION 178
A network engineer is using OTV to connect six data centers.
Which option is preferred when deploying OTV to more than three sites?
A. Use unicast-only transport.

B. Avoid multihoming.
C. Use multicast-enabled transport.
D. Filter MAC addresses at the join interface.
Correct Answer: C
Section: (none)
Explanation
QUESTION 179
Which two statements about 802.1X are true? (Choose two.)
A. It can allow and deny port access based on device identity.

B. It is a Cisco proprietary standard.
C. It works only with wired devices.
D. By default, it allows devices that lack 802.1 support.
E. It can allow and deny port access based on user identity.
Correct Answer: AE
Section: (none)
Explanation
QUESTION 180
A company is running BGP on the edge with multiple service providers in a primary and secondary role. The company wants to speed up convergence time if a
failure were to occur with the primary, but they are concerned about router resources.
Which method best achieves this goal?
A. Utilize BFD and lower BGP hello interval.

B. Utilize BFD and keep the default BGP timers.
C. Utilize BFD and tune the multiplier to 50.
D. Decrease the BGP keepalive timer.
Correct Answer: B
Section: (none)
Explanation
QUESTION 181
An engineer is designing a Layer 3-enabled access layer.
Which design recommendation must the engineer consider when deploying EIGRP routing within the access layer?
A. Configure all edge access layer switches to use a stub routing feature.
B. Implement floating static routes on access switches for redundant links.
C. Use the First Hop Redundancy Protocol on access layer switches.
D. Enable multiple uplinks from each access switch stack to the distribution switches.
Correct Answer: D
Section: (none)
Explanation
QUESTION 182
An engineer is designing an IP addressing scheme for a local company that requires multicast for its application. For security reasons, only explicitly configured
devices can be permitted to transmit across the network.
Which multicast technology and address range must the engineer select?
A. PIM-SM; 232.0.0.0/8
B. ASM; 232.0.0.0/8
C. SSM; 224.0.0.0/8
D. SSM; 232.0.0.0/8
Correct Answer: D
Section: (none)
Explanation
QUESTION 183
A company wants to configure BGP on a router so that other BGP neighbors cannot influence the path of a particular route.
Which action must be taken to accomplish this configuration?
A. Configure a low router ID for the route.

B. Configure a high local preference for the route.
C. Configure a high weight for the route.
D. Configure a low MED for the route.
Correct Answer: B
Section: (none)
Explanation
QUESTION 184
An engineering team must allow communications between a new two-tier application in a Cisco Application-Centric Infrastructure environment.
Which two elements must be configured to allow communications between two endpoint groups that represents the application? (Choose two.)
A. context
B. filter
C. access control list
D. contract
E. route map
Correct Answer: AB
Section: (none)
Explanation
QUESTION 185
A network engineer must use an Internet connection to provide backup connectivity between two sites. The backup connection must be encrypted and support
multicast.
Which technology must be used?
A. GETVPN
B. IPsec direct encapsulation
C. DMVPN
D. GRE over IPsec
Correct Answer: A
Section: (none)
Explanation
QUESTION 186
An engineer is designing a multitenant network that requires separate management access and must share a single physical firewall.
Which two features support this design? (Choose two.)
A. multicast routing
B. dynamic routing protocols
C. site-to-site VPN
D. quality of service
E. threat detection
F. unified communications
Correct Answer: BC
Section: (none)
Explanation
QUESTION 187
Due to audit requirements, a medical center wants to ensure that only authorized personnel can make changes on network equipment within the company. In
addition, only specific engineers are permitted access to change security settings on these devices.
Which function must engineers utilize to ensure that these requirements are met?
A. SNMP community strings

B. Role Based Access Control
C. RADIUS Secret
D. VTY access control lists
Correct Answer: B
Section: (none)
Explanation
QUESTION 188
A. All available uplink bandwidth is utilized.

B. The two switches form a single control plane.
C. FHRP is not required.
D. A single IP is used for management of both devices.
Correct Answer: A
Section: (none)
Explanation
QUESTION 189
While troubleshooting an Application Centric network cluster, an engineer sees that an APIC has gone offline.
What is the minimum number of APICs required for a production ACI fabric to continue to operate?
A. 1
B. 2
C. 3
D. 4
Correct Answer: C
Section: (none)
Explanation
QUESTION 190
Which two options regarding the Cisco TrustSec Security Group Tag are true? (Choose two.)
A. Best Practice dictates that deployments should include a guest group allowing access to minimal services.
B. Best Practice dictates that deployments should include a security group for common services such as DNS and DHCP.
C. Best Practice dictates it should be statically created on the switch.
D. It is assigned by the Cisco ISE to the user or endpoint session upon login.
E. It is removed by the Cisco ISE before reaching the endpoint.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 191
An engineer is designing a multicluster BGP network where each cluster has two Route Reflectors and four Route Reflector clients.
Which two options must be considered in this design? (Choose two.)
A. Clients must not peer with iBGP speakers outside the client cluster.
B. Clients should peer with at least one other client outside of its own cluster.
C. All Route Reflectors should be nonclient peers and the topology is partially meshed.
D. All Route Reflectors must be nonclient peers in a fully meshed topology.
E. Clients from all clusters should peer with all Route Reflectors.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 192
An engineer is designing a QoS architecture for a small organization and must meet these criteria:
Guarantees resources for a new traffic flow prior to sending.

Polices traffic when the flow does not confirm.
Which QoS architecture model will accomplish this?
A. integrated services
B. auto quality of service
C. differentiated services
D. modular quality of service
Correct Answer: A
Section: (none)
Explanation
QUESTION 193
An engineer is designing a multichassis EtherChannel using VSS.
Which network topology is the result?
A. ring
B. hybrid
C. star
D. looped
Correct Answer: C
Section: (none)
Explanation
QUESTION 194
Which two options are characteristics of bidirectional PIM? (Choose two.)
A. A designated forwarder is not required.

B. A registration process is required.
C. The creation of a source tree is required.
D. It is ideal for many-to-many host applications.
E. It enables scalability with a large number of sources.
Correct Answer: DE
Section: (none)
Explanation
QUESTION 195
A large-scale IP SLA deployment is causing memory and CPU shortages on the routers in an enterprise network. Which solution can be implemented to mitigate
these issues?
A. An offline router for disaster recovery

B. A shadow router
C. A standby router for failover operation
D. A CPE device that is managed by the network provider
Correct Answer: B
Section: (none)
Explanation
QUESTION 196
When a site has Internet connectivity with two different ISP’s, which two strategies are recommended to avoid becoming a BGP transit site? (Choose two.)
A. Advertise all routes to both ISPs.
B. Filter routes outbound to the ISPs.
C. Accept all inbound routes from the ISPs.
D. Filter routes inbound from the ISPs.
E. Use a single service provider.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 197
Which two characteristics of the 802.1X standard are true? (Choose two.)
A. This standard supports only wired LANs.

B. Its EAP messages always require underlying PPP protocol.
C. It can package EAP messages in Ethernet frames and not use PPP.
D. It was created by IETF.
E. It was created by IEEE.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 198
Which two technologies can be used to interconnect data centers over an IP network and provide Layer 2 LAN extension? (Choose two.)
A. IS-IS
B. FabricPath
C. VXLAN
D. OTV
E. TRILL
Correct Answer: CD
Section: (none)
Explanation
QUESTION 199
What is one limitation of MPLS Layer 3 VPN networks?
A. They require the customer to control routing.

B. They require less powerful routers with limited capabilities.
C. PE routers are underutilized.
D. They support only IP traffic.
Correct Answer: D
Section: (none)
Explanation
QUESTION 200
Which two values does EIGRP use to calculate the metric of a route in a converged EIGRP topology? (Choose two.)
A. hops
B. redundancy
C. cost
D. bandwidth
E. delay
Correct Answer: DE
Section: (none)
Explanation
QUESTION 201
View the Exhibit.
Refer to the exhibit. A customer wants to use HSRP as a First Hop Redundancy Protocol. Both routers are currently routing and all interfaces are active.
Which factor determines which router becomes the active HSRP device?
A. the router with the highest interface bandwidth for the respective group
B. the router with the highest MAC address for the respective group
C. the router with the highest IP address for the respective group
D. the router that boots up last
Correct Answer: C
Section: (none)
Explanation
QUESTION 202
When designing data centers for multitenancy, which two benefits are provided by the implementation of VSANs and zoning? (Choose two.)
A. Zones provide the ability to create many logical SAN fabrics on a single Cisco MDS 9100 family switch.
B. VSANs have their own set of services and address space, which prevents an issue in one VSAN from affecting others.
C. VSANs and zones use separate fabrics.
D. Zones allow an administrator to control which initiators can see which targets.
E. VSAN provides a means of restricting visibility and connectivity among devices connected to a zone.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 203
A network consultant is designing an enterprise network that includes an IPsec headend termination device. Which two capabilities are the most important to
consider when assessing the headend device’s scalability? (Choose two.)
A. Bandwidth capabilities
B. Packets per second processing capability
C. CPU capabilities
D. Number of tunnels that can be aggregated
E. Memory capabilities
Correct Answer: BD
Section: (none)
Explanation
QUESTION 204
What is the result of a successful RPF check?
A. The packet is dropped because it arrived on the interface used to route traffic back to the source address.
B. The packet is forwarded because it arrived on the interface used to route traffic back to the source address.
C. The packet is forwarded because it arrived on the interface used to route traffic to the destination address.
D. The packet is dropped because it arrived on the interface used to route traffic to the destination address.
Correct Answer: B
Section: (none)
Explanation
QUESTION 205
An organization is creating a detailed QoS plan that limits bandwidth to specific rates. Which three parameters can be configured when attempting to police traffic
within the network? (Choose three.)
A. Violating
B. Committed information rate
C. Peak information rate
D. Shaping rate
E. Bursting
F. Conforming
G. Exceeding
Correct Answer: EFG

Section: (none)
Explanation
QUESTION 206
The network engineering team for a large university must increase the security within the core of the network by ensuring that IP traffic only originates from a
network segment that is assigned to that interface in the routing table. Which technology must be chosen to accomplish this requirement?
A. VLAN access control lists

B. Unicast Reverse Path Forwarding
C. intrusion prevention system
D. ARP Inspection
Correct Answer: B
Section: (none)
Explanation
QUESTION 207
An engineer is designing a network using RSTP. Several devices on the network support only legacy STP. Which outcome occurs?
A. RSTP and STP choose the protocol with the best performance.
B. RSTP and STP interoperate and fast convergence is achieved.
C. RSTP and STP are not compatible and legacy ports error disable.
D. RSTP and STP interoperate, but the fast convergence is not used.
Correct Answer: D
Section: (none)
Explanation
QUESTION 208
An engineer is designing a redundant dual-homed BGP solution that should prefer one specific carrier under normal conditions. Traffic should automatically fail over
to a secondary carrier in case of a failure. Which two BGP attributes can be used to achieve this goal for inbound traffic? (Choose two.)
A. local preference
B. weight
C. AS-PATH
D. MED
E. origin
Correct Answer: CD
Section: (none)
Explanation
QUESTION 209
An OSPF router should participate in maximum of how many areas?
A. 3
B. 2
C. 1
D. 4
Correct Answer: A
Section: (none)
Explanation
Reference: http://www.ciscopress.com/articles/article.asp?p=1763921&seqNum=6
QUESTION 210
Refer to the exhibit.
An engineering team is analyzing the WAN connection for a site that has a 50 Mbps Ethernet circuit. Which technology should be used to keep the router from
overrunning the carrier’s 50 Mbps rate?
A. Access Control List

B. Shaping
C. Policing
D. Rate-Limit
Correct Answer: B
Section: (none)
Explanation
QUESTION 211
A company is multihomed to different service providers running BGP. Which action ensures that the company AS never becomes a transit AS?
A. Create a distribute list that filters all routers except the default route and applies to both BGP neighbor interfaces in the inbound direction.
B. Create a route map that matches the provider BGP communities and networks and applies to both neighbor interfaces in the outbound direction.
C. Create a prefix list that matches the company prefix(es) and applies to both BGP neighbor definitions in the outbound direction.
D. Create a distribute list that filters all routes except the default route and applies to a single BGP neighbor in the outbound direction.
Correct Answer: C
Section: (none)
Explanation
QUESTION 212
A customer would like to implement a firewall to secure an enterprise network. However, the customer is unable to allocate any new subnets. What type of firewall
mode must be implemented?
A. Routed
B. Active/standby
C. Transparent
D. Virtual
E. Active/active
F. Zone based
Correct Answer: C
Section: (none)
Explanation
QUESTION 213
An engineer is trying to minimize the number of EIGRP routes within an infrastructure. Which command achieves automatic summarization?
A. eigrp stub
B. ip summary-address 10.0.0.0 255.0.0.0
C. ip summary-address eigrp 1 10.0.0.0 255.0.0.0
D. area 0 range 10.0.0.0 255.0.0.0
E. router eigrp 1
Correct Answer: E
Section: (none)
Explanation
QUESTION 214
Which design recommendation is for route summarizations?
A. Defensive route filtering for defense against inappropriate routing traffic

B. Route summarization for scalable routing and addressing design
C. Route summarization to support greater volumes of transit traffic
D. Filtered redistribution for the prevention of readvertising of routes
Correct Answer: B
Section: (none)
Explanation
QUESTION 215
A customer is discussing QoS requirements with a network consultant. The customer has specified that end-to-end path verification is a requirement. Which QoS
architecture is most appropriate for the requested design?
A. DiffServ model with PHB to support the traffic flows

B. Marking traffic at the access layer with DSCP to support the traffic flows
C. IntServ model with RSVP to support the traffic flows
D. Marking traffic at the access layer with CoS to support the traffic flows
Correct Answer: C
Section: (none)
Explanation
QUESTION 216
A customer with 30 branch offices requires dynamic IGP routing protocols, IP multicast, and non-IP protocol support. Which solution satisfies these requirements?
A. VTI
B. IPsec direct encapsulation
C. DMVPN hub-and-spoke
D. p2p GRE
E. DMVPN spoke-to-spoke
Correct Answer: D
Section: (none)
Explanation
QUESTION 217
An engineer is considering uplink bandwidth over-subscription in a Layer 3 network design. Which option is the Cisco recommended over-subscription ratio for
uplinks between the distribution and core layers?
A. 3 to 1
B. 4 to 1
C. 6 to 1
D. 8 to 1
Correct Answer: B
Section: (none)
Explanation
QUESTION 218
A network engineer must reduce the security risks on a BGP network. Which option helps to avoid rogue route injection, unwanted peering, and malicious BGP
activities?
A. Apply route maps and policies in route redistribution events.

B. Apply MD5 authentication between all BGP peers.
C. Encrypt all traffic with IPsec between neighbors.
D. Use GRE tunnels between all BGP peers.
Correct Answer: B
Section: (none)
Explanation
QUESTION 219
An OSPF router should have a maximum of how many adjacent neighbors?
A. 100
B. 80
C. 60
D. 50
Correct Answer: C
Section: (none)
Explanation
QUESTION 220
How does stub routing affect transit routes in EIGRP?
A. Transit routes are passed from a stub network to a hub network.
B. It is designed to prevent the distribution of external routes.
C. It prevents the hub router from advertising networks learned from the spokes.
D. Transit routes are filtered from stub networks to the network hub.
Correct Answer: C
Section: (none)
Explanation
QUESTION 221
What is the most important consideration when selecting a VPN termination device?
A. Bits per second

B. Packets per second
C. VPN session per interface
D. CPU cycles per second
Correct Answer: B
Section: (none)
Explanation
QUESTION 222
An engineer must provide a redesign for the distribution and access layers of the network. Which correction allows for a more efficient design?
A. Change the link between Distribution Switch A and Distribution Switch B to be a routed link.
B. Reconfigure the Distribution Switch A to become the HSRP Active.
C. Create an EtherChannel link between Distribution Switch A and Distribution Switch B.
D. Add a link between Access Switch A and Access Switch B.
Correct Answer: B
Section: (none)
Explanation
QUESTION 223
A network engineer must create a backup network connection between two corporate sites over the Internet using the existing company ASA firewalls. Which VPN
technology best satisfies this corporate need?
A. GETVPN
B. DMVPN
C. MPLS
D. VPLS
E. IPsec
F. OTV
Correct Answer: E
Section: (none)
Explanation
QUESTION 224
What is the preferred protocol for a router that is running in an IPv4 and IPv6 dual-stack configuration?
A. Microsoft NetBIOS
B. IPv6
C. IPv4
D. IPX
Correct Answer: B
Section: (none)
Explanation
QUESTION 225
A network manager wants all remote sites to be designed to communicate dynamically with each other using DMVPN technology without requiring much
configuration on the spoke routers. DMVPN uses which protocol to achieve this goal?
A. SSH
B. ARP
C. GRE
D. NHRP
Correct Answer: D
Section: (none)
Explanation
QUESTION 226
Which option simplifies encryption management?
A. MPLS VPN
B. GET VPN
C. IPsec VPN
D. Cisco Easy VPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 227
A network engineer wants to limit the EIGRP query scope to avoid high CPU and memory utilization on low-end routers as well as limiting the possibility of a stuck-
in-active routing event between HQ and branch offices. Which action is the best way to achieve these goals?
A. Configure all routers at HQ and branch offices as EIGRP stub.

B. Configure all routers at branch offices as EIGRP stub.
C. Configure all routers at branch offices as EIGRP stub and allow only directly connected networks at branch offices to be advertised to HQ.
D. Configure different autonomous systems numbers per each branch office and HQ and redistribute routes between autonomous systems.
Correct Answer: B
Section: (none)
Explanation
QUESTION 228
Cisco FabricPath brings the benefits of routing protocols to Layer 2 network Ethernet environments. What are two advantages of using Cisco FabricPath
technology? (Choose two.)
A. Cisco FabricPath provides MAC address scalability with conversational learning.

B. Cisco FabricPath relies on OSPF to support Layer 2 forwarding between switches, which allows load balancing between redundant paths.
C. Cisco FabricPath is IETF-standard and is not used with Cisco products.
D. Loop mitigation is provided by the TTL field in the frame.
E. Cisco FabricPath technology is supported in all Cisco platforms and can replace legacy Ethernet in all campus networks.
Correct Answer: AD
Section: (none)
Explanation
QUESTION 229
A client request includes a network design that ensures all connections between the access layer and distribution layer are active and forwarding traffic at all times.
Which design approach achieves this request?
A. Create a VSS between the two distribution switches and also create a MEC between the VSS and each access layer switch.
B. Configure HSRP for all VLANs and adjust the hello timer for faster convergence.
C. Configure Rapid PVST+ and adjust the timers for faster convergence.
D. Enable backbone fast on the two distribution switches and create a port channel between each access layer switch and both distribution switches.
Correct Answer: A
Section: (none)
Explanation
QUESTION 230
Which two protocols support simple plaintext and MD5 authentication? (Choose two.)
A. EIGRP
B. BGP
C. RIP
D. OSPF
E. IPv6
Correct Answer: AD
Section: (none)
Explanation
QUESTION 231
When you configure a multichassis setup with VSS, which link must be configured to extend the backplane between the two switches?
A. VSL
B. LCAP
C. ISL
D. PaGP
Correct Answer: A
Section: (none)
Explanation
QUESTION 232
At which layer in the ACI fabric are policies enforced?
A. endpoint
B. spine
C. APIC
D. leaf
Correct Answer: C
Section: (none)
Explanation
QUESTION 233
Which two hashing distribution algorithms are available for an engineer when working with multichassis EtherChannels? (Choose two.)
A. fixed
B. src-dst-port
C. round-robin
D. adaptive
E. src-dst-mac
Correct Answer: AD
Section: (none)
Explanation
QUESTION 234
An engineer set up a multicast design using all three Cisco supported PIM modes. Which two characteristics of Bidirectional PIM in this situation are true? (Choose
two.)
A. Membership to a bidirectional group is signaled via explicit join messages.

B. In Bidirectional PIM, the RP IP address can be shared with any other router interface.
C. Bidirectional PIM is designed to be used for one-to-many applications.
D. A Cisco router cannot support all three PIM modes simultaneously.
E. In Bidirectional PIM, the RP IP address does not need to be a router.
Correct Answer: AE
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/fsbidir.html
QUESTION 235
A LAN infrastructure consists of switches from multiple vendors. Spanning Tree is used as a Layer 2 loop prevention mechanism. All configured VLANs must be
grouped in two STP instances. Which standards-based Spanning Tree technology must be used?
A. Rapid PVST
B. MSTP
C. RSTP
D. STP
Correct Answer: B
Section: (none)
Explanation
QUESTION 236
A customer has an existing WAN circuit with a capacity of 10 Mbps. The circuit has 6 Mbps of various user traffic and 5 Mbps of real-time audio traffic on average.
Which two measures could be taken to avoid loss of real time traffic? (Choose two.)
A. Police the traffic to 3.3 Mbps and allow excess traffic to be remarked to the default queue.
B. Configure congestion avoidance mechanism WRED within the priority queue.
C. Ensure that real time traffic is prioritized over other traffic.
D. Police the traffic to 5 Mbps and allow excess traffic to be remarked to the default queue.
E. Increase the WAN circuit bandwidth.
Correct Answer: CE
Section: (none)
Explanation
QUESTION 237
What is one function of the key server in a Cisco GETVPN deployment?
A. providing the preshared key
B. sending the RSA certificate
C. maintaining security policies
D. providing the group ID
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/products/collateral/security/group-encrypted-transport-vpn/deployment_guide_c07_554713.html
QUESTION 238
An engineer wants to assure that hosts can locate routers that can be used as a gateway to reach IP-based devices on other networks. Which first hop redundancy
protocol accomplishes this goal?
A. VRRP
B. IRDP
C. HSRP
D. GSLB
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/15-mt/fhp-15-mt-book/fhp-irdp.html
QUESTION 239
Which security function is inherent in an Application Centric Infrastructure network?
A. Default Inter-EPG connectivity

B. Intrusion Detection
C. Default Denial Network
D. Intrusion Prevention
Correct Answer: A
Section: (none)
Explanation
QUESTION 240
Which action should be taken when implementing a preferred IPS design?
A. Place the monitoring interface on the inside network.

B. Place the management interface on the same VLAN.
C. Place the management interface on a separate VLAN.
D. Place all sensors on PVLAN community ports.
Correct Answer: C
Section: (none)
Explanation
QUESTION 241
Which two options are from a scalable cluster design utilizing Cisco ASA firewalls? (Choose two.)
A. Each cluster supports up to 10 ASA devices.

B. Each member of the cluster can forward every traffic flow.
C. The ASA cluster actively load balances traffic flows.
D. The design supports up to 1 Terabyte of aggregate traffic.
E. The design supports up to 100 Gbps of aggregate traffic.
Correct Answer: BE
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VMDC/ASA_Cluster/ASA_Cluster/ASA_Cluster.html
QUESTION 242
A data center is being deployed, and one design requirement is to be able to readily scale server virtualization. Which IETF standard technology can provide this
requirement?
A. Transparent Interconnection of Lots and Links

B. data center bridging
C. Cisco Unified Fabric
D. Cisco FabricPath
Correct Answer: A
Section: (none)
Explanation
QUESTION 243
An engineer is seeking to improve access layer convergence. Which two actions accomplish this goal? (Choose two.)
A. Prune unused VLANs to switches.

B. Propagate all VLANs to switches.
C. Utilize Rapid PVST+.
D. Implement MST.
E. Configure storm control.
Correct Answer: AC
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.html
QUESTION 244
While designing a QoS policy for an organization, a network engineer is determining the method to limit the output rate of traffic within the real-time queue. How
must the limiting of traffic within the real-time queue occur?
A. The traffic must be policed and not allowed to pass.

B. The traffic must be shaped to allow for it to be transmitted after the tokens have been replenished.
C. The traffic within the real-time queue must not be limited.
D. The traffic must be remarked to a lower priority to and allowed to pass.
Correct Answer: B
Section: (none)
Explanation
QUESTION 245
Where should loop guard be implemented in a campus network design?
A. ports configured with port fast

B. alternate, backup and root ports
C. alternate ports only
D. ports configured with root guard
Correct Answer: B
Section: (none)
Explanation
QUESTION 246
An engineer is implementing VXLAN to extend layer 2 traffic at three geographically diverse data centers. Which feature is required at each data center to extend
this traffic?
A. VTEP
B. VRRP
C. VLSM
D. VPLS
Correct Answer: D
Section: (none)
Explanation
QUESTION 247
A network is designing a Layer 3 Data Center Interconnect between two data centers. There is a requirement for all links of equal bandwidth be utilized, have
automatic failover, and not use any bundling technology. Which routing function must be used to achieve this requirement?
A. virtual links
B. virtual private LAN service
C. equal cost multipath routing
D. policy-based routing
E. BGP route reflectors
Correct Answer: C
Section: (none)
Explanation
QUESTION 248
A network consultant is designing an Internet Edge solution and is providing the details around the flows supporting a local Internet Proxy. How is on-premises web
filtering supported?
A. A Cisco ASA redirects HTTP and HTTPS traffic to CWS with a Web Security Connector.
B. A Cisco ASA connects to the Web Security Appliance via TLS to monitor HTTP and HTTPS traffic.
C. A Cisco ASA redirects HTTP and HTTPS traffic to the WSA using WCCP.
D. A Cisco ASA uses an IPS module to inspect HTTP and HTTPS traffic.
Correct Answer: C
Section: (none)
Explanation
QUESTION 249
Which feature is a fundamental process of the Cisco TrustSec technology?
A. prioritization
B. marking
C. propagation
D. detection
Correct Answer: B
Section: (none)
Explanation
QUESTION 250
An engineer is working for a large scale cable TV provider that requires multicast on multisourced streaming video but must not use any rendezvous point
mechanism. Which multicast protocol must be configured?
A. PIM-SM
B. ASM
C. BIDIR-PIM
D. SSM
Correct Answer: D
Section: (none)
Explanation
QUESTION 251
An engineer is working on an OSPF network design and wants to minimize the failure detection time and the impact on the router CPU. Which technology
accomplishes this goal?
A. fast hellos
B. BFD
C. LSA pacing
D. LSA delay interval
Correct Answer: C
Section: (none)
Explanation
QUESTION 252
Which design technology allows two Cisco Catalyst chassis to use SSO and NFS to provide nonstop communication even if one of the member chassis fails?
A. auto chassis detect

B. VSS
C. peer gateway
D. vPC
Correct Answer: B
Section: (none)
Explanation
QUESTION 253
While designing a backup BGP solution, a network engineer wants to ensure that a single router with multiple connections prefers the routes from a specific
connection over all others. Which BGP path selection attribute is considered first when selecting a route?
A. AS-LENGTH
B. MED
C. link bandwidth
D. WEIGHT
Correct Answer: D
Section: (none)
Explanation
QUESTION 254
Which Cisco NX-OS feature can be used to build highly scalable Layer 2 multipath networks without utilizing the Spanning Tree Protocol?
A. vPC
B. FabricPath
C. MST
D. OTV
Correct Answer: B
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/solutions/data-center-virtualization/fabricpath/index.html
QUESTION 255
An engineer is designing a network with OSPF and must filter ingress routes from a partner network that is also running OSPF. Which two design possibilities are
available for this configuration? (Choose two.)
A. Configure a different OSPF area that would prevent any unwanted routes from entering the network.
B. Use a distribute list in the OSPF process to filter out the routes.
C. Use access lists on the ingress interface to prevent the routes from entering the networks.
D. Design a filter using prefix list to ensure that the routes and filtered out at the redistribution point.
E. Use a different routing protocol such as EIGRP between the networks.
Correct Answer: BD
Section: (none)
Explanation
QUESTION 256
An engineer has been asked to purpose a solution for a campus network that offers the capability to create multiple Layer 3 virtual networks. Each network must
have its own addressing structure and routing table for data forwarding. The proposed design must be scalable to support a high number of virtual networks
allowing simple configuration and management with minimal administrative overhead.
Which technology does the engineer recommend?
A. hop-by-hop VRF-Lite
B. multihop IPsec tunneling
C. multihop MPLS core
D. hop-by-hop easy virtual network
Correct Answer: D
Section: (none)
Explanation
QUESTION 257
How does OTV provide STP isolation?
A. by using STP root optimization

B. by using BPDU filtering
C. by dropping BPDU packets
D. by using BPDU guard
Correct Answer: C
Section: (none)
Explanation
QUESTION 258
Which two modes for deploying Cisco TrustSec are valid? (Choose two.)
A. low-impact
B. cascade
C. high availability
D. open
E. monitor
Correct Answer: AE
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/TrustSec_1-99/Phased_Deploy/Phased_Dep_Guide.html
QUESTION 259
A data center has several business partners who want to have their compute resources installed. The data center uses one VLAN to support vendor equipment and
requires limited visibility and connectivity between vendor servers. Which segmentation concept satisfies these requirements?
A. protected VLANs
B. LAN-to-LAN VPN
C. private VLANs
D. IP NAT
Correct Answer: C
Section: (none)
Explanation
QUESTION 260
While configuring a QoS policy, analysis of the switching infrastructure indicates that the switches support 1P3Q3T egress queuing. Which explanation describes
the egress queuing in the infrastructure?
A. The priority queue must contain real-time traffic and network management traffic.
B. The priority queue should use less than 20% of the total bandwidth.
C. The threshold configuration allows for inter-queue QoS by utilizing buffers.
D. The 1P3Q3T indicates one priority queue, three standard queues, and three thresholds.
Correct Answer: D
Section: (none)
Explanation
QUESTION 261
An engineer wants to ensure that common services communicate to several applications in various EPGs. Which two features within Cisco ACI accomplish this
goal? (Choose two.)
A. filter
B. contract
C. application profile
D. bridge domain
E. tenant
Correct Answer: BC
Section: (none)
Explanation
QUESTION 262
An engineer must create this design:
Restrict certain networks from being advertised to remote branches connected via eBGP.
Prohibit advertisement of the specific prefix to external peers only.
Which BGP community must be configured to meet these requirements?
A. internet
B. local-as
C. no-advertise
D. no-export
E. gshut
Correct Answer: D
Section: (none)
Explanation
QUESTION 263
A company security policy states that their data center network must be segmented from the Layer 3 perspective. The segmentation must separate various network
security zones so that they do not exchange routing information and their traffic path must be completely segregated. Which technology achieves this goal?
A. VRF
B. VPC
C. VDC
D. VxLAN
Correct Answer: A
Section: (none)
Explanation
QUESTION 264
During the integration of a new company, a network engineering team discovers that IP address space overlaps between the two company networks. Which two
technologies can be used to allow overlapping IP addresses to coexist on shared network infrastructure? (Choose two.)
A. HSRP
B. VRF
C. VPN
D. OTV
E. NAT
Correct Answer: BE
Section: (none)
Explanation
QUESTION 265
An engineer must apply IP addressing to five new WAN sites and chooses the new subnets pictured. The previous administrator applied the addressing at
Headquarters. What is the minimum summary range to cover the existing WAN sites while also allowing for three additional WAN sites of the same size, for future
growth?
A. 10.0.60.0/18
B. 10.0.64.0/18
C. 10.0.64.0/17
D. 10.0.0.0/17
Correct Answer: C
Section: (none)
Explanation
QUESTION 266
An engineer is redesigning the infrastructure for a campus environment. The engineer must maximize the use of the links between the core and distribution layers.
By which two methods can this usage be maximized? (Choose two.)
A. Design with multiple unequal-cost links between the core and distribution layers.
B. Design the links between the core and distribution layers to use an IGP.
C. Design with multiple equal-cost links between the core and distribution layers.
D. Design the links between the core and distribution layers to use an HSRP.
E. Design the links between the core and distribution layers to use an RPVSTP+.
Correct Answer: BC
Section: (none)
Explanation
QUESTION 267
What added enforcement feature is available on IDS-based devices to terminate active malicious traffic?
A. Signature detection
B. SNMP alert
C. TCP reset
D. Layer 4 filtering
Correct Answer: A
Section: (none)
Explanation
QUESTION 268
An engineer is considering time of convergence in a new Layer 3 environment design. Which two attributes must be considered? (Choose two.)
A. OSPF database updates

B. SPT timers updates
C. Addition of a valid forwarding path
D. Forwarding table updates
E. Loss of a valid forwarding path
Correct Answer: DE
Section: (none)
Explanation
QUESTION 269
An engineer must optimize a single-homed connection in a small branch office. Which technology accomplishes this goal?
A. DMVPN
B. MSE
C. WAE
D. MPLS
Correct Answer: C
Section: (none)
Explanation
QUESTION 270
A legacy OSPF network design solution historically included a large number of routers in a single backbone area 0. The network currently has over 300 OSPF
routers. How is the network redesigned to allow further expansion?
A. Break down area 0 into smaller nonbackbone areas

B. Use EIGRP routing protocol instead of OSPF
C. Implement route summarization on the routers in the backbone area
D. Adjust OSPF timers to smaller values
Correct Answer: A
Section: (none)
Explanation
QUESTION 271
An engineer has been asked to design a LAN topology with high availability and the loop-free features of STP. It must also support EtherChannels between multiple
chassis and a separate control plane for each switch terminating these multichassis connections. Which technology does the engineer recommend to be deployed
on the upstream switches?
A. VPC
B. FEX
C. StackWise
D. VSS
Correct Answer: A
Section: (none)
Explanation
QUESTION 272
A company is building a large data center. About 80% of its traffic will be North to South and the other 20% will be East to West. The company is also expecting a
significant amount of data center growth over the next 5-10 years but wants to keep the cost of growth low. Which data center design is best suited to meet these
goals?
A. A spine and leaf design with Layer 2/3 termination on the leaf nodes
B. A two-tier design with the Layer 2 termination on data center core
C. A spine and leaf design with Layer 2/3 termination on the spine nodes
D. A three-tier design with a Layer 3 termination on the data center core
Correct Answer: A
Section: (none)
Explanation
QUESTION 273
Which feature regarding a FlexLink design is true?
A. It optimizes the access switch density

B. It permits VLANs to extend across access switches that connect to a common aggregation module
C. All of the uplinks are in active state
D. The aggregation layer is aware of FlexLinks
Correct Answer: B
Section: (none)
Explanation
QUESTION 274
Which IPv6 migration strategy supports IPv4 and IPv6 on the same router?
A. IPv6 tunneling
B. Dual-stack
C. IPv6 translation
D. NAT
Correct Answer: B
Section: (none)
Explanation
QUESTION 275
An engineer has been requested to utilize a method in an ACI network that will ensure only permitted communications are transmitted between each End Point
Group tier in a three tier application. Which element would be utilized to accomplish this within the fabric?
A. Filter
B. Contract
C. Label
D. Subject
Correct Answer: A
Section: (none)
Explanation
QUESTION 276
What are the two main elements used by RBAC to provide secure access within an Enterprise? (Choose two.)
A. User privileges
B. User roles
C. User profile
D. User locales
E. User domains
Correct Answer: AB
Section: (none)
Explanation
QUESTION 277
While designing quality of service policies, which two types of traffic must be prioritized as management traffic? (Choose two.)
A. RADIUS
B. SSH
C. SCP
D. HTTPS
E. ICMP
Correct Answer: AB
Section: (none)
Explanation
QUESTION 278
During an upgrade of an existing data center, a network team must design segmentation into existing networks. Due to legacy applications, the IP addresses cannot
change. Which firewall deployment model meets these requirements?
A. Routed mode
B. Multicontext mode
C. Transparent mode
D. Cluster mode
Correct Answer: B
Section: (none)
Explanation
QUESTION 279
When designing an Internet edge topology, where are common network services such as NTP placed so any user can reach them?
A. External DMZ
B. Internal network
C. Open network
D. Private DMZ
Correct Answer: A
Section: (none)
Explanation
QUESTION 280
A dual-homed office is opposed to using path optimization by flows. Which feature helps with application resiliency?
A. MLPPP
B. ATM
C. PfR
D. CEF
Correct Answer: C
Section: (none)
Explanation
QUESTION 281
How many multicast groups can one multicast MAC address represent?
A. 128
B. 16
C. 1
D. 32
Correct Answer: D
Section: (none)
Explanation
QUESTION 282
A company must acquire registered IP address space from a regional internet authority and multihome their internet connection to multiple internet service
providers. Due to limited IPv4 address availability, the company was able to allocate only a /24 address block. Which method must be used to ensure that the
primary data center receives all traffic unless it is offline?
A. BGP, AS prepared at the secondary DC

B. BGP, Advertise two /25 address blocks to each ISP at the secondary DC and a /24 at the primary DC
C. OSPF, AS prepend at the secondary DC
D. EIGRP, Advertise two /25 address blocks to each ISP at the primary DC and a /24 at the secondary DC
Correct Answer: A
Section: (none)
Explanation
QUESTION 283
DRAG DROP
Drag and drop the WAN characteristics from the left onto the correct WAN technology categories on the right.
Select and Place:

Correct Answer:
Section: (none)
Explanation
QUESTION 284
Which first hop redundancy protocol ensures that load balancing occurs over multiple routers using a single virtual IP address and multiple virtual MAC addresses?
A. GLBP
B. VRRP
C. HSRP
D. IRDP
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-glbp.html
QUESTION 285
An engineer is integrating a recently acquired company’s network that has overlapping IP address space. Users of the new acquisition must have access to
corporate applications. Which action is the most efficient way to provide this access?
A. Build 1-to-1 NAT translation for users that need access.

B. Re-IP overlapping address space in the acquired company.
C. Use a single IP address to create overload NAT.
D. Create NAT translation by utilizing a pool of NAT IP addresses.
Correct Answer: D
Section: (none)
Explanation
QUESTION 286
Which encapsulation simplifies encryption management?
A. IPsec VPN
B. MPLS VPN
C. Cisco Easy VPN
D. GET VPN
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/enterprise-class-teleworker-ect-solution/
prod_brochure0900aecd80582078.pdf
QUESTION 287
An international business has several legacy Layer 2 point-to-point circuits between Singapore and United States. The business is trying to save costs by migrating
these links to a solution that uses the Internet and maintains transparency to the edge routers. Which technology achieves this goal?
A. MPLS L3 VPN
B. pseudowire L2VPN
C. GRE tunnel
D. GETVPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 288
Which two security measures must an engineer follow when implementing Layer 2 and Layer 3 network design? (Choose two.)
A. Utilize DHCP snooping on a per VLAN basis and apply ip dhcp snooping untrusted on all ports.
B. Utilize the native VLAN only on trunk ports to reduce the risk of a Double-Tagged 802.1q VLAN hopping attack.
C. Utilize an access list to prevent the use of ARP to modify entries to the table.
D. Utilize private VLANs and ensure that all ports are part of the isolated port group.
E. Utilize the ARP inspection feature to help prevent the misuse of gARP.
Correct Answer: BE
Section: (none)
Explanation
QUESTION 289
Due to financial constraints, an engineer is forced to use WAN edge routers with limited memory. BGP is used to exchange routing information with external
customers. Which two additional actions are taken in this design? (Choose two.)
A. Utilize iBGP to reduce memory utilization.

B. Allow any BGP route that has external customer AS in the AS path.
C. Filter any BGP routes that were not originated in external customer AS.
D. Implement the Maximum-Prefix feature.
E. Permit only specific routes from the external customers.
Correct Answer: DE
Section: (none)
Explanation
QUESTION 290
An engineer is using communities to control the routing information among BGP peers. A specific route must be known by iBGP peers, but it must not be
propagated to any upstream eBGP peers. Which BGP community accomplishes this goal?
A. no-advertise
B. no-peer
C. no-export-subconfed
D. no-export
Correct Answer: D
Section: (none)
Explanation
QUESTION 291
An engineer is working on a design solution for a large hub-and-spoke EIGRP network. Which feature helps to make this design more stable while also reducing
resource utilization?
A. QoS
B. network summarization
C. stub routing
D. route filtering
Correct Answer: C
Section: (none)
Explanation
Reference: https://www.cisco.com/en/US/technologies/tk648/tk365/technologies_white_paper0900aecd8023df6f.html
QUESTION 292
On which type of port is STP disabled?
A. Flex Link
B. PortFast
C. P2p Edge
D. EtherChannel
Correct Answer: A
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/swflink.html
QUESTION 293
An engineer is creation an IPv6 migration strategy with a transition mechanism to provide the best performance possible. It should use native forwarding in
hardware (if supported by the platform) and should not add any encapsulation overhead. Which mechanism meets this requirement?
A. TEREDO
B. dual stack
C. IPv6 rapid Deployment
D. 6to4
Correct Answer: B
Section: (none)
Explanation
QUESTION 294
Management has chosen to implement a top-of-the-rack data center design. Which two benefits of moving to this model are true? (Choose two.)
A. easier per rack upgrades

B. fewer ports required in the aggregation
C. fewer switches to manage
D. directly connected racks in the row
E. decreased cabling costs
Correct Answer: AE
Section: (none)
Explanation
Reference: http://bradhedlund.com/2009/04/05/top-of-rack-vs-end-of-row-data-center-designs/
QUESTION 295
A company has a regulatory requirement that all connections between their sites must be encrypted in a manner that does not require maintenance of permanent
tunnels. The remote offices are connected by a private MPLS-based service that requires a dynamically changing key, spoke-to-spoke communications, and reuse
of the existing IP header. Which type of transport encryption must be used?
A. GRE VPN
B. DMVPN
C. GETVPN
D. standard IPsec VPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 296
A network architect is designing a VPN solution for a client with these requirements:
multicast supported
80% of traffic is spoke to spoke
minimal configuration
Which VPN type is the best choice?
A. DMVPN
B. VTI
C. GRE over IPsec
D. IPsec direct encapsulation
Correct Answer: A
Section: (none)
Explanation
QUESTION 297
Which VPN is the best choice when multivendor interoperability is required?
A. GET VPN
B. IPsec VPN
C. Cisco Easy VPN
D. DMVPN
Correct Answer: B
Section: (none)
Explanation
QUESTION 298
Which two actions can be taken on Cisco LAN Switches to provide basic denial-of-service protection? (Choose two.)
A. Disable Spanning Tree Protocol

B. Disable PortFast
C. Enable BPDU Guard
D. Enable IP Source Guard
E. Enable DHCP Snooping
Correct Answer: CE
Section: (none)
Explanation
QUESTION 299
Management has requested that all web traffic be filtered through a proxy without the client’s knowledge. Which mode does an engineer use to design the web
proxy to accomplish this task without additional configuration on the web browser?
A. explicit mode with PAC files

B. transparent with WCCP
C. explicit mode without PAC files
D. transparent mode without WCCP
Correct Answer: B
Section: (none)
Explanation
QUESTION 300
RouterA and RouterB are route reflectors. The other five routers are route reflector clients of both RouterA and RouterB. How many BGP peering sessions are
needed to create full connectivity inside the network?
A. 6
B. 10
C. 11
D. 21
Correct Answer: C
Section: (none)
Explanation
QUESTION 301
You are using the MST protocol. Which standard protocol is used inside MST instance to provide fast convergence?
A. 802.1d
B. 802.1q
C. 802.1s
D. 802.1w
Correct Answer: D
Section: (none)
Explanation
Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/MST.pdf
QUESTION 302
An engineer is designing an IBGP solution and must mitigate the full-mesh requirement without increasing the number of BGP neighbor relationships. Which IBGP
feature helps the engineer achieve this goal? (Choose two)
A. route reflector
B. confederation
C. AS path prepend
D. directly connected IBGP peers
Correct Answer: AB
Section: (none)
Explanation
QUESTION 303
An engineer has proposed the deployment of a Cisco ACI fabric solution to introduce automation and zero-touch operation experience to a DC network. Which type
of virtualization technology is utilized by the Cisco ACI to encapsulate the traffic inside the fabric and to virtualize the physical infrastructure?
A. IPsec
B. NSX
C. STP
D. VXLAN
Correct Answer: B
Section: (none)
Explanation
QUESTION 304
An engineer must create a BGP design that allows traffic load balancing. Which BGP feature must be enabled manually to achieve this design?
A. maximum-paths
B. extended communities
C. confederations
D. maximum-prefix
Correct Answer: A
Section: (none)
Explanation

2 300-320 CCDP Arch

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 300-320 CCDP Arch

Uploaded by

Copyright:

Available Formats

300-320.prepaway.premium.exam.

Designing Cisco Network Service Architectures

A. Bellman-Ford routing algorithm

A. fast EIGRP timers

A. The OSPF process numbers are different.

A. hardware-based switching support for IPv6 forwarding on all campus switches

A. Cisco Express Forwarding

A. Cisco Nexus 2000

A. Cisco FabricPath is not required in the network domain.

A. connect to other data centers

A. Nothing can be done to prevent this from happening.

A. allow OSPF routing protocol to advertise routes

A. SPAN destination port

A. UDP, because it is connectionless

A. It is less expensive to have an out-of-band management.

A. Assign a lower PIM DR priority to the PIM DR interface.

A. first hop redundancy protocol

A. denies the client network resource access

A. transparent mode with the servers on the same subnet

Which summarized IP block can be subnetted to meet these requirements?

A. Configure the links as point-to-multipoint.

Correct Answer: AEF

A. Configure authentication between the campus and branch offices.

A. Ensure that the network design follows a structured hierarchical topology.

Which action can optimize SPT operations?

A. Tune LSA throttling thresholds.

Multiple physical gateways participating simultaneously in packet forwarding.

A. Layer 2 looped triangle

Correct Answer: ABC

A. Ethernet over MPLS

A. Cisco Easy VPN

Select and Place:

A. Traffic-forwarding decisions are made by the Cisco FEX device.

A. It can shorten cable runs and simplify rack connectivity.

A. The same VLAN cannot be configured in separate Virtual Device Contexts.

A. Both data planes forward traffic simultaneously.

A. Unknown unicast flooding is suppressed over the OTV link.

A. the MAC address of the primary unit

Correct Answer: ABC

Correct Answer: BDF

A. It supports remote management when traffic volume is high.

A. implementing static mroutes

Which two actions can improve network performance? (Choose two.)

A. Reconfigure QoS based on the IntServ model.

A. service providers can provide additional services

A. dual supervisor modules

A. supported by a limited number of switch models

A. Ensure that the network design follows a structured hierarchical topology.

A. Increases security by advertising fake networks

A. Lightweight Directory Access Protocol

Select and Place:

A. Both control planes forward traffic simultaneously.

A. the subnet mask is 255.255.255.192.

Correct Answer: AEF

A. intradomain IPv4 PIM SSM

A. Avoid modifying default STP and FHRP timers.

A. Equal Cost Multi-Path (ECMP)

A. It is a Cisco proprietary standard.

Correct Answer: BCD

A. A first hop redundancy protocol.

A. Assign Level 1 router interfaces to different areas

A. IPsec forwarding using transport mode

A. virtualrouting and forwarding