Question No#1

An engineer is working on a design solution for a large hub-and-spoke

EIGRP network. Which feature helps to make this design more stable while
also reducing resource utilization?
 QoS
 network summarization
 route filter
 stub routing

Question No#2
An OSPF router should have a maximum of how many adjacent neighbors?
 80
 100
 60
 50

Question No#3
Which STP feature can prevent other switches on the network from becoming
the root switch, but still allow that interface to participate in STP otherwise?
 Bridge Assurance
 UDLD
 Root Guard
 BPDU Guard

Question No#4
A network engineer is evaluating an architecture that utilizes VSS for the
data center module. Which two advantages of using VSS technology are
true? (Choose two.)
 It adds arbitrary forwarding topologies on top of a fixed routed
underlay topology.
 Each switch has a separate control plane.
 It removes the need for Hot Standby Router Protocol.
 It removes the need to configure redundant switches with identical
policies.
 It is capable of supporting live migration of virtual machines as they
move from one physical server to another.
Question No#5
Which description of how virtual MAC addresses are assigned to the
members of a GLBP group is true?
 The AVG assigns the addresses
 The AVF assigns the addresses
 The device that has the highest IP address assigns the addresses
 Each device assigns its own address

Question No#6
Which two options are characteristics of bidirectional PIM? (Choose two.)
 A designated forwarder is not required.
 It enables scalability with a large number of sources.
 It is ideal for many-to-many host applications.
 A registration process is required.
 The creation of a source tree is required.

Explanation:
https://www.cisco.com/c/dam/en/us/products/collateral/ios-nx-os-software/multicast-
enterprise/prod_white_paper0900aecd80310db2.pdf
Bidir PIM was developed to help deploy emerging communication and financial applications that rely on
a many-to-many applications model. Bidir PIM enables these applications by allowing them to easily
scale to a very large number of groups and sources by eliminating the maintenance of source state.

Question No#7
Where should loop guard be implemented in a campus network design?
 Ports configured with root guard
 Alternate ports only
 Alternate, backup and root ports
 Ports configured with port fast

Question No#8
An engineer is creating an IPv6 migration strategy with a transition
mechanism to provide the best performance possible. It should use native
forwarding in hardware (if supported by the platform) and should not add any
encapsulation overhead. Which mechanism meets this requirement?
 6to4
 dual stack
  IPv6 Rapid Deployment
 TEREDO

Question No#9
When you configure a multi-chassis setup with VSS, which link must be
configured to extend the backplane between the two switches?
 VSL
 LCAP
 ISL
 PaGP

Question No#10
A network engineer must create a backup network connection between two
corporate sites over the Internet using the hosting company ASA firewalls.
Which VPN technology best satisfies this corporate need?
 GETVPN
 DMVPN
 IPSec
 OTV
 VPLS
 MPLS

Question No#11
A client request includes a network design that ensures all connections
between the access layer and distribution layer are active and forwarding
traffic at all times. Which design approach achieves this request?
 Create a VSS between the two distribution switches and also create
MEC between the VSS and each access layer switch.
 Configure HSRP for all VLANs and adjust the hello timer for raster
convergence.
 Enable backbone fast on the two distributions switches and create a
portchannel between each access layer switch and both distribution
switches.
 Configure Rapid PVST+ and adjust the timers for faster convergence.

Question No#12
While configuring QoS policy, analysis of the switching infrastructure
indicates that the switches support 1P3Q3T egress queuing. Which option
describes the egress queuing in the infrastructure?
 The priority queue should use less than 20% of the total bandwidth.
 The 1P3Q3T indicates one priority queue, three standard queues, and
three thresholds standard queues.
 The priority queue must contain real-time traffic and network
management traffic.
 The threshold configuration allows for inter-queue QoS by utilizing
buffers

Question No#13
An engineer is designing an infrastructure to use a 40 Gigabit link as the
primary uplink and a 10 Gigabit uplink as the alternate path.Which routing
protocol allows for unequal cost load balancing?
 IS-IS
 BGP
 OSPF
 RIP
 EIGRP

Question No#14
What is the preferred protocol for a router that is running in an IPv4 and IPv6
dual stack configuration?
 IPv6
 Microsoft NetBIOS
 IPX
 IPv4

Question No#15
Which technology should a network designer combine with VSS to ensure a
loop free topology with optimal convergence time?
 Multihassis EtherChannel
 Portfast
 RPVST+
 UplinkFast
Question No#16
A client's security policy requires separate management and control planes
for different divisions within the company. Which technology can be used to
achieve this requirement while minimizing the number of physical devices?
 virtual switching system
 virtual device contexts
 virtual routing and forwarding
 virtual port channels

Question No#17
Which action should be taken when implementing a preferred IPS design?
 Place the management interface on a separate VLAN
 Place the management interface on the same VLAN
 Place the monitoring interface on the inside network
 Place all sensors on PVLAN community ports

Question No#18
Refer to the exhibit.
The voice class uses 200 Mb of bandwidth and the stowing Oats uses 50 Mb
of bandwidth. What happens to the unused bandwidth?
Class-map match-all Video_Class
match ip dscp af41
class-map match-all Voice_Class
match ip dscp ef
class-map match-all Signaling_Class
match ip dscp cs3
!
policy-map Collaboration
class Video_Class
police 5000000 8000 conform-action transmit exceed-action drop
class Signaling_Class
bandwidth 100000
class Voice_Class
priority 300000
class class-default
set dscp default
! interface gig0/1
service-policy output Collaboration

 It is shared by other classes.

 It is used by the video class
 It is reserved for the signaling class
 It is reserved for the voice class.

Question No#19
Refer to the exhibit. The network uses STP. All switches use the default
priority and have the same bandwidth. Which description of the network is
true?s
 S3 is elected as the root bridge.
 Host A can always reach host B through S1
 S2 is elected as the root bridge.
 The redundant links between the switches are blocked

Question No#20
How does stub routing affect transit routes in EIGRP?
 It is designed to prevent the distribution of external routes.
 Transit routes are filtered from stub networks to the network hub
 Transit routes are passed from stub network to a hub network
 It prevents the hub router from adverting network learned from the
spokes.

Explanation:
Default configuration of EIGRP stub only advertise directly connected and summery routes but it
does not advertise learned routes. So if a stud router is being used as a transit path - then traffic
will drop
Example from the ARCH book:
Figure 2-16 EIGRP Over Dual Hubs and Spokes with a Backdoor Link
Router RTR-X receives the 10.1.1.0/24 route from router RTR-Y, but it does not adver-tise it to
router RTR-A because stub routers do not advertise learned routes. Network 10.1.1.0/24 is now
not reachable from the hub, even though one of the redundant connec-tions between the hub
and the spoke is alive. A similar problem occurs in the opposite direction. Router RTR-X is a stub,
so it does not advertise the summary route of the core network (10.0.0.0/16) to router RTR-Y. As
a result, router RTR-Y has no connectivity with the other hub; therefore, RTR-Y will be isolated,
and it can only reach RTR-X subnets.
And go through the topic called “Inappropriate Transit Traffic”

http://www.ciscopress.com/articles/article.asp?p=1763921&seqNum=3

Question No#21
Which two characteristics of the 802.1X standard are true? (Choose two.)
 This standard supports only wired LANs.
 Its EAP messages always require underlying PPP protocol.
 It can package EAP messages in Ethernet frames and not use PPP.
 It was created by IEEE.
 It was created by IETF.

Question No#22
Which IPv6 migration strategy supports IPv4 and IPv6 on the same router?
 dual-stack
 NAT
 IPv6 tunneling
 IPv6 translation

Question No#23
Refer to the exhibit.
The branch routers have external connectivity to an upstream Area 0 router.
An engineer has been asked to propose a simplified OSPF routing design that
Provisions only a default route to the branches. The branch routers must
receive no other routers from the upstream router. Which type of OSPF area
does the engineer implement for the branches?
 totally stubby area
 stubby area
 not-so-stubby area
 normal area

Question No#24
An engineer has been requested to utilize a method in an ACI network that
will ensure only permitted communications are transmitted between End
Point Group tiers in a three tier application. Which element would be utilized
to accomplish within the fabric?
 Filter
 Label
 Contract
 Subject

Question No#24
Which two modes for deploying Cisco TrustSec are valid? (Choose two.)
 high availability
 cascade
 low-impact
 open
 monitor

Question No#25
An engineer is working on an OSPF network design and wants to minimize
the failure detection time and the impact on the router CPU. Which
technology accomplishes this goal?
 LSA delay interval
 BFD
 LSA pacing
 Fast hellos

Question No#26
A network engineer must use an Internet connection to provide backup
connectivity between two sites. The backup connection must be encrypted
and support multicast. Which technology must be used?
 DMVPN
 GRE over IPsec
 IPsec direct encapsulation
 GETVPN

Question No#26
While planning a new WAN design, an engineering team is asked to use
software defined networking as part of the wide area network strategy.
Which SDN controller allows for applications iWAN control, Plug and Play,
and Enterprise Service Automation?
 APIC-EM
 Enterprise NFV
 APIC
 Wide Area Application Service

Question No#27
Which two features can you implement to control which networks are
advertised by a BGP router? (Choose two.)
 policy maps
 router SNMP statements
 prefix lists
 crypto maps
 route maps

Question No#28
How many multicast groups can one multicast MAC address represent?
 128
 16
 1
 32

Question No#28
During an upgrade of an existing data center, a network team must design
Segmentation into existing network. Due to legacy applications, the IP
address cannot change. Which firewall deployment model meets these
requirements?
 cluster mode
 routed mode
 multicontext mode
 transparent mode

Question No#29
Refer to the exhibit. An engineer is integrating a new partner company and
has discovered an IP address overlap. Which configuration allows the
organizations to communicate without changing the IP addressing scheme?
 ip nat pool NAT-Outside 10.10.10.1 10.10.10.254 255.255.255.0 type
match-host
 ip nat inside source list NAT-List pool NAT-Outside overload type
matchhost
 ip nat pool NAT-Outside 10.10.10.1 10.10.10.254 prefix-length 25 type
match-host
 ip nat pool NAT-Outside 10.10.10.1 10.10.10.254 netmask
255.255.225.0 type match-host

Question No#30
Which designing a QoS policy for an organization, a network engineer is
determining the method to limit the output rate of traffic within the real-time
queue. How much the limiting of traffic within the real time queue must
occur?
 The traffic must be shaped to allow for it to be transmitted after the
tokens have been replenished.
 The traffic must be remarked to a lower priority to and allowed to pass.
 The traffic must be policed and not allowed to pass.
 The traffic within the real-time queue must not be limited.

Explanation:
Question No#31
A customer would like to implement a firewall to secure an enterprise
network. However the customer is unable to allocate any new subnets. What
type of firewall mode must be implemented?
 transparent
 routed
 virtual
 zone based
 active/active
 active/standby

Question No#32
When a site has Internet connectivity with two different ISP's, which two
strategies are recommended to avoid becoming a BGP transit site? (Choose
two)
  Filter routes inbound from the ISPs
 Filter routes outbound to the ISPs
 Use a single service provider
 Accept all inbound routes from the ISPs
 Advertise all routes to both ISPs

Question No#33
An OSPF router should participate in a maximum of how many areas?
 3
 4
 1
 2

Question No#34
Drag the IS-IS fast convergence components on the left to the order in which
they occur on the right.

Question No#35
A data center has several business partners who want to have their compute
resources installed. The data center uses one VLAN to support vendor
equipment and requires limited visibility and connectivity between vendor
servers. Which segmentation concept satisfies these requirements?
 Private vlans
 Lan to lan vpn
 IP NAT
 Protected vlans

Question No#36
A network architect is designing a VPN solution for a client with these
requirements:
 Multicast supported
 80% of traffic Is spoke-to-spoke
 Minimal configuration
Which VPN type is the best choice?
• VTI
• DMVPN
• IPsec direct encapsulation
• GRE over IPsec

Question No#37
An engineer is implementing VXLAN to extend layer 2 traffic at three
geographically diverse datacenters. Which feature is required at each data
center to extend traffic?
• VRF
• VLSM
• VTEP
• VPLS
• VRRP

Question No#38
Which two protocols support simple plain text and MD5 authentication?
(Choose two.)
• BGP
• RIP
• EIGRP
• IPv6
• OSPF

Explanation:
http://etutorials.org/Networking/Router+firewall+security/Part+VI+Managin
g+Access+Through+Routers/Chapter+15.+Routing+Protocol+Protection/Inte
rior+Gateway+Protocol+Security/

Question No#39
An engineer is designing a multichassis EtherChannel using VSS. Which
network topology is the result?
• looped
• star
• hybrid
• ring

Question No#40
What is the result of a successful RFP check?
• The packet is dropped because if arrived on the interface used to route
traffic back to the source address.
• The packet is forwarded because if arrived on the interface used to
route traffic back to the source address.
• The packet is dropped because if arrived on the interface used to route
traffic to the destination address.
• The packet is forwarded because if arrived on the interface used to
route traffic to the destination address.

Question No#41
When a new data center fabric is designed, which to protocols can be
replaced when using FabricPath to create a loop-free topology? (Choose two)
• LACP
• MST
• GLBP
• HSRP
• STP

Question No#42
An engineer is using communities to control the routing information among
BGP peers. A specific route must be known by iBGP peers, but it must not be
propagated to any upstream eBGP peers. Which BGP community
accomplishes this goal?
• no-peer
• no-export-subconfed
• no-export
• no-advertise
Question No#43
Which two values does EIGRP use to calculate the metric of a route in a
converged EIGRP topology? (Choose two.)
• bandwidth
• hops
• delay
• cost
• redundancy

Question No#44
Which two technologies can be used to interconnect data centers over an IP
network and provide layer 2 LAN extension? (Choose two.)
• ISIS
• FabricPath
• OTV
• VXLAN
• TRILL

Question No#45
What is the outcome when RPF check passes successfully?
• Packet is dropped because if arrived on the interface that used to
forward the packet back to destination.
• Packet is forwarded because if arrived on the interface that used to
forward the packet back to source
• Packet is forwarded because if arrived on the interface that used to
forward the packet back to destination
• Packet is dropped because if arrived on the interface that used to
forward the packet back to source.

Question No#46
An engineer is designing a network with OSPF and must filter ingress routes
from a partner network that is also running OSPF. Which two design options
are available for this configuration? (Choose two.)
• Use access list on the ingress interface to prevent the routes from
entering the networks.
• Use a distribute list in the OSPF process to filter out the routes.
 • Design a filter using prefix lists to ensure that routes are filtered out at
the redistribution point.
• Configure a different OSPF area that would prevent any unwanted
routes from entering the network.
• Use a different routing protocol such as EIGRP between the networks.

Question No#47
An ISP is offering two MPLS circuits to an office when one of the links fails.
Which routing feature provides the fastest possible convergence to the
failover link?
• BFD
• UDLD
• Multipath
• TTL

Question No#48
An engineer is considering uplink bandwidth over subscription in a Layer 3
network design. Which option is the Cisco recommend over subscription
ratio for uplinks between the distribution and core layers?
• 4 to 1
• 3 to 1
• 8 to 1
• 6 to 1
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Campus/HA_campus_DG/hacampusdg.ht
ml#wp1108620

Question No#49
Which security function is inherent in an application centric infrastructure
network?
• intrusion Detection
• default lnter-EPG connectivity
• default Denial Network
• intrusion Prevention

Explanation:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-
virtualization/application-centric-infrastructure/white-paper-c11-736292.html

Question No#49
Which two options describe how Taboo contracts differ from regular
contracts in Cisco ACI? (Choose two)
 • They are associated with one EPG
• Taboo contract entries are looked up based on administrator configured
priority
• Taboo contract entries are looked up with lower priority than entries in
regular contracts
• They are associated with pair of EPGs
• Taboo contract entries are looked up with higher priority than entries in
regular contracts
• They are not associated with one EPG

Question No#50
Which option is a design recommendation for route summarizations?
• Filtered redistribution for the prevention of re-advertising of routes
• Route summarization to support greater volumes of transit traffic
• defensive route filtering for defense against inappropriate routing
traffic
• Route summarization for scalable routing and addressing design
• routing protocol stub areas

Explanation:
http://www.ciscopress.com/articles/article.asp?p=1763921&seqNum=3
The design recommendations for summarizations are straightforward and include

 Using route summarization to scale routing designs.

 Designing addressing by using address blocks that can be summarized.
 Using default routing whenever possible. Route summarization is the ultimate route summarization, where
all other routes are summarized in the default.

Question No#51
You are designing a scalable cluster that contains a combination of Cisco
APIC-M and APIC-I controllers. Which controller provides the scalability
used in the cluster?
• APIC-L
• APIC-EM
• combination of APIC-M and APIC4
• APIC-M

Explanation:
Two Sizing Models Available:
• APIC-M Support > 1000 Edge Ports
• APIC-L Support < 1000 Edge Ports

Question No#52
You are using the MST protocol. Which standard protocol is used inside each
MST instance to provide fast convergence?
• 802.1s
• 802.1w
• 802.1d
• 802.1q

Question No#53
Which option is a fundament process of thc Cisco TrustSec technology?
• propagation
• prioritization
• marking
• detection

Question No#54
Which option is an advantage of using PIM sparse mode instead of PIM
dense mode?
• lt floods multicast traffic throughout the network.
• IGMP is not required.
• There is reduces congestion in the network.
• No RP is required.

Question No#55
An engineer must design a Cisco VSS-based configuration within a customer
campus network. The two VSS switches are provisioned for the campus
distribution layer and each one has a single supervisor and multiple 10
gigabit line cards.
Which option is the primary reason to avoid plugging both VSL links into the
supervisor ports?
• The implementation creates a loop.
• The design lacks optimal hardware diversity.
 • QoS is required on the VSL links.
• Limited bandwidth is available for VSS convergence.

Question No#56
A network engineer wants to connect two sites via a WAN technology and to
securely pass multicast traffic over this WAN technology. Which WAN
technology should be configured?
• IPsec
• Pure MPLS
• GRE over IPsec
• GRE

Question No#57
class-map match-all Video_Class
match ip dscp af41
class-map match-all Voice_Class
match ip dscp ef
class-map match-all Signaling_Class
match ip dscp cs3
!
policy-map Collaboration
class Video_Class
police 500000 8000 conform-action transmit exceed-action set-dscp-transmit cs1
class Signaling_ Class
police 48000 8000 conform-action transmit exceed-action set-cos-transmit 1
class Voice_Class
police 289000 8000 conform-action transmit exceed-action drop
class class-default
set dscp default
! interface gig0/1
service-policy output Collaboration
Refer to the exhibit. How does the network treat excess SIP traffic when
congestion occurs?
• It transmits the traffic by using a QoS value of 1.
• It drops the traffic.
• It assigns the default DSCP value to the traffic.
• It queues the traffic by using a DSCP value of CS1
Question No#58
An engineer is integrating a recently acquired company's network that has
overlapping IP address spaces. Users of the new acquisition must have access
to corporate applications. Which action is the most efficient way to provide
this access?
• Build 1-to-1 NAT translation for users that need access.
• Use a single IP address to create overload NAT
• Create NAT translation by utilizing a pool of NAT IP addresses
• Re-IP overlapping address space in the acquired company.

Question No#59
Management has requested that all web traffic be filtered through a proxy
without the client's knowledge. Which mode does an engineer use to design
the web proxy to accomplish this task without additional configuration of the
web browser?
• transparent mode with WCCP
• explicit mode without PAC files
• explicit mode with PAC files
• transparent mode without WCCP

Question No#60
An engineer is trying to minimize the number of EIGRP routes within an
infrastructure. Which command achieves automatic summarization?
• ip summary-address eigrp 1 10.0.0.0 255.0.0.0
• router eigrp 1
• eigrp stub
• area 0 range 10.0.0.0 255.0.0.0.0
• ip summary-address 10.0.0.0 255.0.0.0

Question No#61
Which two hashing distribution algorithms are available for an engineer
when working with multi-chassis Ether-Channels? (Choose two.)
• Fixed
• srcdst-mac
• Adaptive
 • round-robin
• src-dst-port

Question No#62
An engineer is configuring QoS to meet the following requirement:
- all traffic that exceeds the allocated bandwidth will still traverse the
infrastructure but will be forwarded later What will be requirements?
• IP Precedence
• Per-Hop behaviors
• Weighted Fair Queuing
• Shaping

Question No#63
Refer to the exhibit.

An engineering team is analyzing the WAN connection for a site that has a
50 Mbps Ethernet circuit. Which technology should be used to keep the
router from overrunning the carrier's 50 Mbps rate?

• Committed Information Rate

• Policing
• Rate-Limit
• Shaping
• Access Control List

Question No#64
An engineer must optimize a single-homed connection in a small branch
office. Which technology accomplishes this goal?

• WAE (WAN Automation Engine)

• DMVPN
 • MPLS
• MSE

Question No#65
A company is multi homed to different service providers running BGP.
Which action ensures that the company AS does not become a transit AS?
• Create a route map that matches the provider BGP communities and
networks and applies to both BGP neighbor interface in the outbound
direction.
• Create a prefix list that matches the company prefix(es) and applies to
both BGP neighbor definitions in the outbound direction.
• Create a distribute list that filters all routes except the default route and
applies to both BGP neighbor interfaces in the inbound direction.
• Create a distribute list that filters all routes except the default route and
applies to a single BGP neighbor in the outbound direction.

Question No#66
On which type of port is STP disabled ?
• Flexlink
• Portfast
• P2P Edge
• Etherchannel
Question No#67
Cisco FabricPath brings the benefits of routing protocols to layer 2 network
Ethernet environments. What are two advantages of using Cisco FabricPath
technology? (Choose two.)
• Cisco FabricPath relies on OSPF to support Layer 2 forwarding
between switches, which allows load balancing between redundant
paths.
• Loop mitigation is provided by the TTL field in the frame.
• Cisco FabricPath brings the benefits of routing protocols to Layer 2
network Ethernet environments.
• Cisco FabricPath provides MAC address scalability with
conversational learning.
• Cisco FabricPath technology is supported all Cisco platforms and can
replace legacy Ethernet in all campus networks.
Question No#68
A LAN infrastructure consists of switches from multiple vendors. Spanning
Tree is used as a Layer 2 loop prevention mechanism. All configured VLANs
must be grouped in two STP instances. Which standards-based Spanning
Tree technology must be used?
• Rapid PVST
• RSTP
• STP
• MSTP

Question No#69
An engineer has implemented a QoS architecture that requires a signaling
protocol to tell routers which flows of packets require special treatment.
Which two mechanisms are important building blocks to establish and
maintain QoS in this architecture? (Choose two.)
• Tagging
• Packet scheduling
• Classification
• Admission control
• resource reservation

Explanation:
https://www.pearsonhighered.com/assets/samplechapter/0/1/3/0/0130460990.
pdf

Question No#70
Which two steps does a router take to do an RPF check? (Choose two.)
• If the packet has not arrived on the interface leading back to the source,
the packet is dropped.
• The router looks up the destination address in the unicast routing table
to determine if the packet has arrived on the interface that is on the
reverse path back to the source.
• The router looks up the source address in the unicast routing table to
determine if the packet has arrived on the interface that is on the
reverse path back to the source
 • If the packet has arrived on the interface leading back to the source, the
packet is dropped.
• If the packet has not arrived on the interface leading back to the source,
the packet is forwarded

Question No#70
An engineer wants to assure that host can locate routers that can be used as a
gateway to reach IP based devices on other networks. Which first hop
redundancy protocol accomplishes this goal?
• GLBP
• IRDP
• VRRP
• HSRP

Question No#71
An engineer is designing a Layer 3-enabled access layer. Which design
recommendation must the engineer consider when deploying EIGRP routing
within the access layer?
• Enable multiple uplinks from each access switch stack to the
distribution switches.
• Configure all edge access layer switches to use a stub routing feature.
• Implement floating static routes on access switches for redundant links.
• Use the First Hop Redundancy Protocol on access layer switches.

Question No#72
An engineer has proposed the deployment of a Cisco ACI fabric solution to
introduce automation and zero touch operation experience to a DC network.
Which type of virtualization technology is utilized by the Cisco ACI to
encapsulate the traffic inside the fabric and to virtualize the physical
infrastructure?
• STP
• IPSec
• NSX
• VXLAN

Question No#73
Refer to the exhibit.

An engineer is designing a new firewall for an organization and must

provision Network Address Translation. This new firewall must support basic
Internet access for the organization as well as provide inbound connectivity
to the mail server. The infrastructure has only one public IP address available
for use on the new firewall. Which two forms of NAT must be configured?
(Choose two.)
• Static NAT for the inbound traffic on port 25
• Dynamic NAT forthe outbound traffic
• dynamic NAT for the inbound traffic on port 25
• NAT overloading for the outbound traffic

Question No#74
An organization is acquiring another company and merging the two company
networks. No subnets overlap, but the engineer must limit the networks
advertised to the new organization. Which feature implements this
requirement?
• passive interface
• stub area
• route filtering
• interface ACl

Question No#75
An engineer must ensure Layer 2 extension capabilities over any transport
infrastructure. Which inter connective data center functionality satisfies this
requirement?
• EoMPLS
• Private line
• OTV
• VPLS

Question No#76
A network Engineer is designing a hierarchical design and needs to optimize
WAN design. On what group of devices can a network engineer summaries
routes to remote WAN sites?
• Data Center Distribution WAN Edge
• WAN Edge
• Core
• Distribution
• Campus access distribution layer

Question No#77
A company is building a large data center. About 80% of transit traffic will
be North to South and the other 20% will be East to West. The company is
also expecting a significant amount of data center growth over the next 5-10
years but wants to keep the cost of growth low. Which data center design is
the best suited to meet these goals?
• A Spine and leaf design with layer 2/3 termination on the leaf nodes
• Two-tier design with the layer 2 termination on data center core
• A three-tier design with the layer 3 termination on data center core
• A Spine and leaf design with layer 2/3 termination on the spine nodes

Question No#78
Which type of VPN has a backbone hub-and-spoke topology but supports
direct spoke-to-spoke connectivity?
• GRE over IPsec
• DMVPN
• VTI
• IPsec direct encapsulation
Question No#79
Which option simplifies encryption management?
• GET VPN (Group Encrypted Transport VPN)
• Cisco Easy VPN
• IPsec VPN
• MPLS VPN

Question No#80
A network engineer must propose a scalable enterprise campus access
distribution design model. Which two scaling factors are the most important
to be considered for the Virtual Switching System model? (Choose two.)
• SW root and FHRP primary must be tuned at the same node.
• VSS eliminates the need to implement FHRP for each VLAN
• VSS stops VLAN spanning to the access switches
• STP must be implemented as a loop avoidance mechanism.
• Both VSS nodes are active from control-plane perspective.

Question No#81
When designing a layer 2 STP-based LAN with Layer 3 FHRP, which design
recommendation, should be followed?
• Avoid configuring router preemption.
• Assign the native VLAN to the lowest number in use.
• Align the STP root with the active FHRP device.
• Avoid modifying default STP and FHRP timers.

Question No#82
A customer has several small to medium sized remote branches and with
these specific per site requirements
 WAN link redundancy
 no need for consistent end to-end QoS (QoS is applied to the edge
routers.)
 low cost for WAN links
 no strict SLA requirements for the WAN links
Which type of WAN edge connectivity design does an engineer propose?
• dual-homed Internet with a single edge router running a site-to-site
VPN topology
 • dual-homed WAN MPLS and internet inks via dual edge routers
• dual-homed WAN MPLS with single edge router
• dual-homed Internet with dual edge routers running a hub-and-spoke
VPN topology

Question No#83
Which two characteristics of MSDP when designing an inter-domain
multicast network are true? (Choose two.)
• Any network utilizing iBGP or eBGP can use MSDP
• RPs in other domains have full knowledge of sources located in other
domains.
• In the PIM-SM model, multicast sources and receivers must register
with their local RP.
• The MSDP speaker periodically sends SAs that include all sources in
all discovered domains.
• MSDP is a mechanism that allows RPs to share information about
active sources.

Explanation:
https://www.youtube.com/watch?v=C3y3J7UNRYg
https://www.cisco.com/c/en/us/td/docs/ios/solutions_docs/ip_multicast/Phase_1/mcstmsdp/mcst_p1.
html

Question No#84
Refer to the exhibit.
A customer wants to use HSRP as a First Hop Redundancy Protocol. Both
routers are currently running and all interfaces are active. Which factor
determines which router becomes the active HSRP device?
• the router with the highest interface bandwidth for the respective group
• the router that boots up last
• the router with the highest MAC address for the respective group
• the router with the highest IP address for the respective group

Question No#85
An organization is creating a detailed QoS plan that limits bandwidth to
specific rates. Which three parameters can be configured when attempting to
police traffic within the network? (Choose three.)
• bursting
• exceeding
• conforming
• committed information rate
• shaping rate
• peak information rate
• violating

Question No#86
An engineer is redesigning the infrastructure for a campus environment. The
engineer must maximize the use of the links between the core and
distribution layer. By which two method scan this usage be maximized?
(Choose two.)
• Design with multiple unequal-cost links between the core and
distribution layers.
• Design with multiple equal cost links between the core and distribution
layers.
• Design the links between the core and distribution layers to use
RPVSTP+.
• Design the links between the core and distribution layers to use an IGP.
• Design the links between the core and distribution layers to use HSRP.

Question No#87
Refer to the exhibit.

An engineer must provide a redesign for the distribution and access layers of
the network. Which correction allows for a more efficient design?
• Change the link between Distribution Switch A and Distribution
Switch B to be a routed link.
 • Add a link between Access Switch A and Access Switch B.
• Create an EtherChannel link between Distribution Switch A and
Distribution Switch B.
• Reconfigure the Distribution Switch A to become the HSRP Active.

Question No#88
What added enforcement feature is available on IDS-based devices to
terminate active malicious traffic ?
• TCP reset
• SNMP alert
• Signature detection
• Layer 4 filtering
Question No#89
An engineer must provide segmentation for a shop floor environment that has
only a single /24 network available. Each area of machinery needs to have its
own subnet. Drag and drop the subnet from the left onto the corresponding IP
addressing design on the right. Not all options are used.

Question No#90
An outsourced call center is using SIP VoIP telephony that imposes
restrictions on the use of NAT. the company expects the number of call
center staff to grow from 100 to 200 people. Which two design solutions
ensure the most cost efficient and scalable way for call center staff to access
internal corporate applications? (Choose two.)
• Request that the call center use public IP addresses for agent
workstations.
• Provide the call center with a /24 private IP subnet that is unique on
both sides.
• Configure a single IP address to create dynamic port translations for
agent workstations.
• Utilize NAT pool to translate IP addresses provided by the call center.
• Implement 1-to-1 NAT translation for each of the agent workstations.

Question No#91
An engineer has been asked to purpose a solution for a campus network that
offers the capability to create multiple Layer 3 virtual networks. Each
network must have its own addressing structure and routing table for data
forwarding. The proposed design must be scalable to support a high number
of virtual networks allowing simple configuration and management with
minimal administrative overhead. Which technology does the engineer
recommend?
• multihop MPLS core
• hop-by-hop VRF-Lite
• multihop IPsec tunneling
• hop-by-hop easy virtual network

Question No#92
A customer has several remote sites connected with the HQ via microwave
links. An engineer has been asked to propose a backup WAN connectivity for
these sites with these requirements
 Physical WAN connectivity is not available for most of these sites
 A low-cost and fast-to implement backup solution must be deployed.
 Bandwidth needs for the backup link are low
 Users can tolerate a WAN outage of up to 2 hours
Which backup WAN link type does the engineer recommend?
• laser link
• 802.15.1 Bluetooth
• LTE 802.16
• WiMAX
Question No#93
While designing a wide area network, the network team wants to avoid
undesired transit traffic through remote branch sites with multiple WAN
connections. Which option can be used to manage traffic flows in the remote
network?
• route weighting
• route tagging
• route leaking
• route filtering

Question No#94
What is the primary benefit of deployment MPLS over the WAN as opposed
to extending VRF-lite across the WAN?
 Low latency
 Convergence time
 Low operating expense (OpEx)
 Dynamic fault-tolerance

Question No#95
Management has chosen to Implement a top of the rack data center design.
Which two benefits of moving to this model are true? (Choose two.)
• fewer switches to manage
• directly connected racks in the row
• fewer ports required in the aggregation
• easier per rack upgrades
• decreased cabling costs

Question No#96
A network consultant must propose a scalable access distribution model
where an alternative to STP technology is used to prevent Layer 2 loops. The
proposed model must include these features:
 VLANs that span across the access switches
 eliminate the need for a FHRP protocol
 multichassis Ethernet technology to provide fast convergence in case of
link failure
Which design model does the consultant propose?
 • virtual switch model
• multitier looped triangle access model
• routed access model
• multitier looped square access model

Question No#97
Which multicast technology improves management of multiple multicast
domains?
• MSDP
• IGMP
• PIM-SP
• PIM-DM

Question No#98
An engineer must add a new firewall in front of the public web server
infrastructure in an ACI network. Which ACI function is used to accomplish
this requirement?
• Layer 4-7 services
• Application Network Profile
• Static binding
• Service chaining
Question No#99
A network engineer is designing a network that must incorporate active-
active redundancy to eliminate disruption when a link failure occurs between
the core and distribution layer. What two technologies will allow
this? (Choose two)
• Rapid Spanning Tree Protocol Plus (RSTP+)
• Equal Cost Multi-Path (ECMP)
• Rapid Spanning Tree Protocol (RSTP)
• Hot Standby Routing Protocol (HSRP)
• EtherChannel (MEC)

Question No#100
Which two security measures must an engineer follow when implementing
Layer 2 and Layer 3 network design? (Choose two)
 • Utilize an access list to prevent the use of ARP to modify entries to the
table
• Utilize the ARP inspection feature to help prevent the misuse of gARP
• Utilize private VLANs an ensure that all ports are part of the isolated
port group
• Utilize the native VLAN only on trunk ports to reduce the risk of an
Double- Tagged 802.1q VLAN hopping attack
• Utilize DHCP snooping on a per VLAN basis and apply ip dhcp
snooping untrusted on all ports

Question No#101
Refer to the exhibit

An engineer must apply IP addressing to five new WAN sites and chooses
the new subnets pictured. The previous administrator applied the addressing
at Headquarters. Which option is the minimum summary range to cover the
existing WAN sites while also allowing for three additional WAN sites of the
same size, for future growth?

• 10.0.64.0/21
• 10.0.64.0/17
 • 10.0.64.0/18
• 10.0.0.0/17
• 10.0.60.0/18

Question No#102
A customer with 30 branch offices requires dynamic IGP routing protocols,
IP multicast, and non IP protocol support. Which solution satisfies these
requirements?
• IPsec direct encapsulation
• DMVPN hub and spoke
• P2P GRE
• DMVPN spoke-to-spoke
• VTI

Question No#103
A company has asked for an OOB management network design. Which
option is one Cisco best practice parameter that must be followed?
• Data networks must be limited to SSH, NTP, FTP, SNMP, and
TACACS+ protocols.
• Data networks and management networks must be in the routing table.
• Data networks can traverse the management network as a backup path.
• Data networks must never traverse the management network.

Question No#104
During the integration of a new company, a network engineering team
discovers that IP address space overlaps between the two company networks.
Which two technologies can be used to allow overlapping IP addresses to
coexist on shared network infrastructure? (Choose two.)
• VPN
• NAT
• OTV
• VRF
• HSRP

Question No#105
Drag and drop the WAN characteristics from the left onto the correct WAN
technology categories on the right.
Question No#106
What is one limitation of MPLS layer 3 VPN networks?
• They support only IP traffic
• They require the customer to control routing.
• PE routers are underutilized.
• They require less powerful routers with limited capabilities

Question No#107
An engineer wants to ensure that common services communicate to several
applications in various EPGs. Which two features within Cisco ACI
accomplish this goal? (Choose two.)
• application profile
• bridge domain
• contract
• filter
• tenant
Question No#108
An engineer is considering time of convergence in a new Layer 3
environment design. Which two attributes must be considered? (Choose two)
• Forwarding table updates
• OSPF database updates
• Addition of a valid forwarding path
• SPT timers update
• Loss of a valid forwarding path

Question No#109
What are the two main elements used by RBAC to provide secure access
within an Enterprise? (Choose two)
• User Locales
• User Roles
• User Profile
• User Privileges
• User Domains

Question No#110
A network engineer is using OTV to connect six data centers. Which option
is preferred when deploying OTV to more than three sites?
 • Use unicast only transport
• Use multicast enabled transport
• Avoid multi-homing
• Filter MAC addresses at the join interface

Question No#111
A dual-homed office is opposed to using path optimization by flows. Which
feature helps application resiliency?
• CEF
• ATM
• MLPPP
• PfR

Question No#112
Which mechanism is enabled by default in the OTV technology to conserve
bandwidth?
• Unknown unicast flooding suppressed over the OTV link
• Data plane traffic is prevented from traversing the OTV link
• BPDUs are allowed to traverse the OTV link
• Control plane traffic is prevented from traversing the OTV link

Question No#113
A network link is going up and down rapidly, and it is hindering network
performance and routing table stability. Which option can be configured to
insulate against the performance impact of interface or link failure throughout
the network?
• distributed Cisco Express Forwarding switching
• route summarization
• default route propagation
• secondary IP addressing

Question No#114
An enterprise EIGRP network has been growing rapidly. After several recent
outages, the network must be redesigned to facilitate further growth and
address scalability concerns. Which two actions must be performed to
accomplish this redesign? (Choose two.)
 • Break down routing domain into multiple autonomous systems.
• Replace the routers with newer models
• Increase bandwidth capacity between the peers.
• Utilize authentication between the peers.
• Implement route summarization.

Question No#115
Drag and drop the Data Center traffic flow characteristics from the left onto
the correct traffic flow types on the right.

Question No#115
A company security policy states that their data center network must be
segmented from the layer 3 perspectives. The segmentation must separate
various network security zones so that they do not exchange routing
information and their traffic path must be completely segregated. Which
technology achieves this goal?
• VXLAN
• VPC
• VDC
• VRF

Question No#116
An engineer wants to have a resilient access layer in a data center so that
switches on the access layer have separate physical connections to a pair of
redundant distribution switches. Which technology achieves this goal?
• VSL
• LACP
• ECMP
• PaGP
• EVPC
• VSS

Question No#117
Drag and drop the ACI objects from the left onto the definition of the right

Question No#118
A customer has an existing WAN circuit with a capacity 10 mbps. The circuit
has 6 Mbps of various user traffic and 5 mbps of real-time audio traffic on
average. Which two measures could be taken to avoid loss of real time
Traffic? (Choose Two)
 • Increase the wan circuit bandwidth
• Ensure that real time traffic is prioritized over other traffic
• Police the traffic to 5 Mbps and allow excess traffic to be remarked to
the default queue.
• Configure congestion avoidance mechanism WRED within the priority
queue.
• Policy the traffic to 3.3 Mbps and allow excess traffic to be remarked to
the default queue

Question No#119
An engineer is working for a large scale cable TV provider that requires
multicast on multi-sourced streaming video, but must not use any rendezvous
point mechanism. Which multicast protocol must be configured?
• ASM
• PIM-SM
• BIDR-PIM
• PIM-SSM

Question No#120
Which design technology allows two Cisco Catatyst chassis to use SSO and
NSF to provide nonstop communication even if one of the member chassis
fails?
• peer gateway
• VSS
• vPC
• auto chassisdetect

Question No#121
An office has requested to set up a backup link to the internet. Which routing
protocol helps to achieve multi-homing with two different ISPs?
• EIGRP
• IS-IS
• iBGP
• eBGP

Question No#122
How does OTV provide STP isolation?
• By using BPDU guard
• By using BPDU filtering
• By using STP root optimization
• By dropping BPDU packets

Question No#123
An engineer must create this design:
 Restrict certain networks from being advertised to remote branches
connected via eBGP.
 Prohibit advertisement of the specific prefix to external peers only.
Which BGP community must be configured to meet these requirements?
• no-advertise
• Internet
• gshut
o no-export
• local-as

Question No#124
A network consultant is designing an enterprise network that includes an
IPsec head end termination device. Which two capabilities are the most
important to consider when accessing the headend device's scalability?
(Choose two.)
• number of tunnels that can be aggregated
• memory capabilities
• bandwidth capabilities
• Packets per second processing capability
• CPU capabilities

Question No#125
During the design of a new data center, a company requires that access
switches be placed near servers without requiring a one-to-one ratio of
switches to network racks. Which switch layout must be used?
• Integrated
• top of rack
• centralized
• end of row

Question No#125
While designing a backup BGP solution, a network engineer wants to ensure
that a single router with multiple connections prefers the routes from a
specific connection over all others. Which BGP path selection attribute is
considered first when selecting a route?
• AS-LENGTH
• local preference
• WEIGHT
• link bandwidth
• MED

Question No#126
Which two actions can be taken on Cisco LAN switches to provide basic
denial-of-service protection? (Choose two.)
• Enable DHCP Snooping
• Enable BPDU Guard
• Enable IP Source Guard
• Disable PortFast
• Disable Spanning Tree Protocol

Question No#127
A large scale IP SLA deployment is causing memory and CPU shortages on
the routers in an enterprise network. Which solution can be implemented to
mitigate these issues?

• a shadow router
• a CPE device that is managed by the network provider
• an offline router for disaster recovery
• a standby router for failover operation
Question No#128
Which two options regarding the Cisco TrustSec Security Group Tag are
true? (Choose two.)
• Best Practice dictates that deployments should include a guest group
allowing access to minimal services.
• Best practice dictates it should be statically created on the switch.
• Best Practice dictates that deployments should include a security group
for common services such as DNS and DHCP.
• It is assigned by the Cisco ISE to the user or endpoint session upon
login.
• It is removed by the Cisco ISE before reaching the endpoint.
Question No#129
The network engineering team for a large university must increase the
security within the core for network by ensuring that IP traffic only originates
form a network segment that is assigned to that interface in the routing table,
which technology must be chosen to accomplish this requirement?
• ARP inspection
• Unicast Reverse Path forwarding.
• VLAN access control List.
• Intrusion prevention system.

Question No#130
router bgp 100 network 1.0.0.0
neighbor 20.20.20.20 remote-as 200
neighbor 20.20.20.20 route-map localonly out
neighbor 30.30.30.30 remote-as 300
neighbor 30.30.30.30 route-map localonly out
route-sap localonly permit 10 match as-path X
ip as-path access-list 11 deny 20.20.20.20
ip as-path access-list 11 deny 30.30.30.30
ip as-path access-list 11 permit 1.0.0.0 0.255.255.255
ip as-path access-list 12 deny ^200$
ip as-path access-list 12 deny ^300$
ip as-path access-list 12 deny ^200_300$
ip as-path access-list 12 deny ^300_200$
ip as-path access-list 12 permit .*
ip as-path access-list 13 permit ^$
ip as-path access-list 14 deny ^100$
Refer to the exhibit. You must deny your service providers from using your
network as a transit AS. The solution must ensure that the network remains
reachable. Which AS path access list do you use in the local only route map?
• 12
• 14
• 11
• 13

Question No#131
Refer to the exhibit.

A customer discovers router R1 remains active even when the R1 uplink

(F0/1) is down. Which two commands can be applied to R1 to allow R2 to
take over as the HSRP active? (Choose two.)

• track 50 interface Fa0/1 ip routing

• track 50 ip route 10.10.10.0/24 reachability
• standby 10 track 50 decrement 20
 • standby 10 track 50
• standby 10 track 50 shutdown

Question No#132
Which two BGP attributes can be set with outbound policy to manipulate
inbound traffic? (Choose two.)
• weight
• local preference
• AS path
• Next hop
• multi-exit discriminator

Question No#133
What is one function of the key server in a Cisco GETVPN deployment?
• maintaining security policies
• providing the preshared key
• providing the group ID
• sending the RSA certificate

Question No#134
An engineer is designing an OSPF network with multiple nonbackbone areas
connected to the backbone area via a hub-and-spoke topology. Each hub-and-
spoke area has a large number of spoke routers connected to the hub that is
functioning as an ABR to provide better segmentation. Which two actions
improve the stability of this design? (Choose two.)
• Use External Type 2 metric: across the OSPF domain.
• Configure hub-and-spoke areas as totally stubby.
• Implement summarization on the ABR routers of hub-and-spoke areas.
• Configure hub-and-spoke areas as stub.
• Implement summarization on the ASBR routers in the backbone area.

Question No#135
An engineer is configuring BGP as the routing protocol between the CE
router of an enterprise and the PE router of the service provider. The
interconnection between the CE and PE is direct and is provided through a
Metro Ethernet link. The engineer notices that attempts to hijack the
established eBGP peering session have been made by a network segment that
is not between the eBGP peers. Which BGP mechanism can be deployed to
protect the session from this type of attack?
• BGP AS path length limiting
• BGP outbound route filters
• BGP communities
• BGP TTL security check

Question No#136
A company is running BGP on the edge with multiple service providers in a
primary and secondary role. The company wants to speed up convergence
time if a failure was to occur with the primary, but they are concerned about
router resources. Which method best achieves this goal?
• Utilize BFD and tune the multiplier to 50.
• Utlize BFD and lower BGP hello Interval.
• Utilize BFD and keep the default BGP timers.
• Decrease the BGP keep alive timer.

Question No#137
A network engineer wants to limit the EIFRP query scope to avoid high CPU
and memory utilization on low-end routers as limiting the possibility of a
stuck-in-active routing event between HQ and branch offices. Which action is
the best way to achieve these goals?
• Configure all routers at HQ and branch offices as EIGRP stub.
• Configure all routers at branch offices as EIGRP stub.
• Configure different autonomous systems numbers per each branch
office and HQ and redistribute routes between autonomous systems.
• Configure all routers at branch offices as EIGRP stub and allow only
directly connected networks at branch offices to be advertised to HQ.

Question No#138
An engineering team must design a firewall solution with shared hardware
resources but separation of features such as ACLs, NATs, and management
between the external business partners of the organization. Which ASA
deployment mode meets these requirements?
• clustering mode
 • multicontext mode
• transparent mode
• routed mode

Question No#139
Refer to the exhibit. HSRP is running between distribution Switch A and
distribution Switch B.
• Distribution Switch A, port Gig4/1 to Access Switch, port Gig 1/0/1
• Core switch B, port Gig2/2 to Distribution Switch B, Port Gig3/2
• Core switch A, port Gig2/1 to Distribution Switch A, port Gig3/1
• Core switch A, port Gig1/1 to Core Switch B, port Gig1/2
• Distribution Switch B, Port Gig4/2 to Access Switch, port Gig2/0/1
• Distribution Switch A, port Gig5/1 to Distribution Switch B, port
Gig5/2

Question No#140
An engineer is designing a QoS architecture for a small organization and
must meet these criteria:
•Guarantees resources for a new traffic flow prior to sending Polices traffic
when the flow does not conform Which QoS architecture model will
accomplish this?
• integrated services
• differentiated services
• auto quality of service
• modular quality of service

Question No#141
A legacy OSPF network design solution historically included a large number
of routers in a single backbone area 0. The network currently has over 300
OSPF routers. How is this network redesigned to further expansion?
• Implement route summarization on the routers in backbone area.
• Break down area 0 into smaller non-backbone areas.
• Use EIGRP routing protocol instead of OSPF.
• Adjust OSPF timers to smaller values.

Question No#142
An engineer is designing a redundant dual homed BGP solution that should
prefer one specific carrier under normal conditions. Traffic should
automatically fail over to secondary carrier in case or a failure. Which BGP
attributes can be used to achieve this goal for inbound traffic? (Choose two).
• AS-PATH
• Origin
• Weight
• MED
• Local preference

Question No#142
A data center is being deployed, and one design requirement is to be able to
readily scale server virtualization. Which IETF standard technology can
provide this requirement?
• Data Center Bridging
• Cisco FabricPath
• Cisco Unified Fabric
• Transparent Interconnection of Lots of Links (TRILL)

Question No#143
Which two options are features of a scalable cluster design utilizing Cisco
ASA firewalls? (Choose two.)
• Each cluster supports up to 10 ASA devices.
• The ASA cluster actively loads balances traffic flows.
• The design supports up to 1 Terabyte of aggregate traffic.
• The design supports up to 100 Gbps of aggregate traffic.
• Each member of the cluster can forward per packet traffic flow.

Explanation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/VM
DC/ASA_Cluster/ASA_Cluster/ASA_Cluster.html

Question No#144
A customer is discussing QoS requirements with a network consultant. The
customer has specified that end-to-end path verification is a requirement.
Which QoS architecture is most appropriate for the requested design?
• InServ model with RSVP to support the traffic flows
• DiffServ model with PHB to support the traffic flows
• marking traffic at the access layer with CoS to support the traffic flows
• marking traffic at the access layer with DSCP 10 support the traffic
flows

Question No#145
A company has a regulatory requirement that all connections between their
sites must be encrypted in a manner that does not require maintenance of
permanent tunnels. The remote offices are connected by a private MPLS-
based service that requires a dynamically changing key, spoke-to-spoke
communication, and reuse of the existing IP header. Which type of transport
encryption must be used?
• GETVPN
• GRE VPN
• Sandard IPsec VPN
• DMVPN
Explanation:
https://networklessons.com/cisco/ccie-routing-switching-written/group-
encrypted-transport-vpn-getvpn

Question No#146
What is an advantage of using the vPC feature in a data center environment?
• A single IP is used for management of both devices.
• All available uplink bandwidth is utilized.
• The two switches from a single control plane.
• FHRP is not required.

Question No#147
Which two types of authentication mechanisms can be used by VRRP for
security?(Chose two)
• SHA-1
• MD5
• SHA-256
• PEAP
 • plaintext authentication

Question No#148
Drag and drop the network campus design requirements or characteristics
from the left onto the correct hierarchical design architectures on the right
Not all options are used.

Question No#149

Multicast has been configured and enabled within an Enterprise network.

PIM Sparse-mode has been enabled on all VLANs. What feature is required
to stop multicast traffic from being broadcasted on the access layer switches?
• Dynamic ARP inspection
• PIM dense-mode
• Multicast boundary filter
• IGMP snooping

Question No#150
Which Cisco technology uses the IS-IS protocol to avoid STP in the data
center?
• TRILL
• FabricPath
• VSS
 • VPC

Question No#151
Drag and drop the Data Center traffic flow characteristics from the left onto
the correct traffic flow types on the right.

Question No#152
A network consultant is designing an Internet Edge solution and is providing
the details around the flows supporting a local Internet Proxy. How is
on·premised web filtering supported?
• A Cisco ASA connects to the Web Security Appliance via TLS to
monitor HTTP and HTTPS traffic.
• A Cisco ASA redirects HTTP and HTTPS traffic to the WSA using
WCCP.
• A Cisco ASA uses an IPS module to inspect HTTP and HTTPS frame.
• A Cisco ASA redirects HTTP and HTTPS traffic to CWS with a Web
Security Connector.
Question No#153
Refer to the exhibit. Router A and Router B are route reflectors. The other
five routers are route reflector clients of both Router A and Router'B. How
many BGP peering sessions are needed to create full connectivity inside the
network?
• 11
• 6
• 10
• 21

Question No#154
Which two statements about 802.1 X are true? (Choose two.)
• It works only with wired devices.
• It can allow and deny port access based on user identity.
• By default, it allows devices that lack 802.1 support.
• It is a Cisco proprietary standard.
• It can allow and deny port access based on device identity

Question No#155
Which security feature can help prevent spoofed packets on the network by
verifying the validity of the source's IP address ?
• DAI
• 802.1x
• uRPF
• DHCP spoofing

Question No#156
The Cisco ACI fabric consists of which design at the physical layer?
• three-tier core, aggregation and access
• spine-and-leaf
• collapsed core network
• full mesh

Question No#157
A network engineer must reduce security risk in BGP. Which option help to
avoid rogue route injection, unwanted peering and malicious BGP activities?
• Apply MD5 authentication between all BGP peers
 • Encrypt all traffic
• Apply route maps and policies in route redistribution events
• Use GRE tunnel

Question No#158
Which feature regarding a FlexLink design is true?
• All of the uplinks are in active state
• It optimized the access switch density
• It permits VLANs to extend across access switches that connect to a
common aggregation module
• The aggregation layers aware of FlexLinks

Question No#159
Which VPN is the be choice when multivendor interoperability is required?
• Cisco Easy VPN
• IPsec VPN
• DMVPN
• GET VPN

Question No#160
An engineer is responsible for the network security design of a small branch.
Which security segment does the engineer propose to host the public services
of the enterprise such as DNS, email, and web?
• service provider edge
• external public network
• remote access VPN
• public access DMZ

Explanation:
Public Services DMZ
Traditionally, public-facing services were typically placed on a demilitarized zone (DMZ) for security
and control purposes. The DMZ acts as a middle stage between the Internet and organization's
private resources, preventing external users from direct access to internal servers and data. In
today's network, most public services such as email and web serverfarms are located inside in the
data center. DMZs in today's network normally provide network services such as DNS, FTP, NTP,
etc. Other services implemented at a DMZ often include the email and web security appliances.
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/IE_DG.html#wp42019

Question No#161
An engineer is designing an IP addressing scheme for a local company that
requires multicast for its applications. For security reasons, only explicitly
configured devices can be permitted to transmit across the network. Which
multicast technology and address range must the engineer select?
• SSM: 223.0.0.0/8
• SSM: 232.0.0.0/8
• ASM: 232.0.0.0/8
• PIM-SM: 232.0.0.0/8

Question No#162
Which Cisco NX-OS feature can be used to build highly scalable Layer 2
multi-path networks without utilizing the Spanning Tree Protocol?
• MST
• OTV
• vPC
• Fabric Path
Question No#163
While designing quality of services policies, which two of traffic must be
prioritized as management traffic? (Choose two)
• HTTPS
• RADIUS
• ICMP
• SSH
• SCP

Question No#164
A network manager wants all remote sites to be designed to communicate
dynamically with each other using DMVPN technology without requiring
much configuration on the spoke routers. DMVPN uses which protocol to
achieve this goal?
• NHRP
• ARP
• GRE
• SSH

Question No#165
When designing a Data Center Interconnect solution, which two statements
describe benefits of utilizing A-VPLS for Layer 2 extension? (Choose two.)
• A-VPLS utilizes the Cisco Catalyst 6500 Series VSS feature to provide
native dual-homing.
• Integrated Layer 3 technology responds upon failure.
• The overlay of the Layer 2 connection on the Layer 3 transport hides
any physical convergence.
• A-VPLS provides flow-based load balancing over equal-cost multipath
paths.
• Redundancy is addressed without enabling Spanning Tree Protocol in
the core.

Question No#166
Which first hop redundancy protocols ensures that loading occurs over
multiple routers using a single virtual ip address and multiple MAC address?
 GLBP
  HSRP
 IRDP
 VRRP

Question No#167
A network team is designing a Layer 3 Data Center Interconnect between two
data centers. There is a requirement for all links of equal bandwidth be
utilized have automatic failover and not use any bundling technology. Which
routing function must be used to achieve this requirement?
• Equal cost multipath routing
• BGP router reflectors
• Virtual private LAN service
• Virtual links
• Policy-based routing

Question No#168
Which benefit of using VRRPv3 as compared to VRRPv2 is true?
• supports IPv4 and IPv6 in separate VRRP groups
• supports stateful switchover
• supports authentication
• supports preemption

Question No#169
An engineer is designing a network using RSTP. Several devices on the
network support only legacy STP. Which outcome occurs?

• RSTP and STP inter operate but the fast convergence is not used.
• RSTP and STP are not compatible and legacy port error disable.
• RSTP and STP choose the protocol with the best performance.
• RSTP and STP inter operate and fast convergence is achieved.

Question No#170
A network team must provide a redundant secure connect on between two
entities using OSPF. The primary connection will be an Ethernet Private line
and the secondary connection will be a site to site VPN. What needs to be
configured in order to support routing requirements for over the VPN
connection?
• AAA Server
• HTTPS
• GRE Tunnel
• Root Certificate

Question No#171
An engineer set up a multicast network design using all three Cisco supported
PIM modes. Which are two characteristics of Bidirectional PIM in this
situation are true? (Choose two)
• A Cisco router cannot support all three PIM modes simultaneously.
• In Bidirectional PIM, the RP IP address does not need to be a router.
• In Bidirectional PIM, the RP IP address can be shared with any other
router interface.
• Bidirectional PIM is deigned to be used for one-to-many applications.
• Membership to a bidirectional group is signaled via explicit join
messages

Question No#172
An engineer has been asked to design a LAN topology with high Availability
and the loop-free features of STP. It must also support Etherchannel between
multiple chassis and a separate control plane for each switch terminating
these multiple connections. Which technology should the engineer
recommend to be deployment on the upstream switches?

• StackWise
• VDC
• VPC
• VSS

Question No#173
An engineer is designing a multi-tenant network that requires separate
management access and must share a single physical firewall. Which two
feature support this design? (Choose two.)
• dynamic routing protocols
• quality of service
 • threat detection
• unified communications
• multicast routing
• site-to-site VPN

Question No#174
An engineer is designing an IBGP solution and must mitigate the full-mesh
requirement without increasing the number of BGP neighbor relationships.
Which IBGP feature helps the engineer achieve this goal?
• route reflector
• confederation
• AS path prepend
• directly connected IBGP peers

Question No#175
A company must acquire registered IP address space from a regional Internet
Authority and multi-home their Internet connection to multiple Internet
service providers. Due to limited IPv4 address availability, the company was
able to allocate only a /24 address block. Which method must be used to
ensure that the primary data center receives all traffic unless It is offline?
• OSPF, AS prepend at the secondary DC
• BGP, Advertise two /25 address blocks to each ISP at the secondary
DC and a /24 at the primary DC.
• BGP, AS prepend at the secondary DC
• EIGRP, Advertise two /25 address blocks to each ISP at the primary
DC and a /24 at the secondary DC.

Question No#176
A network designer needs to explain the advantages of route summarization
to a client. Which two options are advantages that should be included in the
explanation? (Choose two)
• Utilizes the routers full CPU capacity
• Reduces the upstream impact of a flapping interface
• Advertises detailed routing tables
• Reduces routing table size
• Increases security by advertising fake networks
Question No#177
An engineer is designing a multi cluster BGP network where each cluster has
two route reflectors and four Route Reflector clients. Which two options
must be considered in this design? (Choose two.)
• All route reflectors should be non-client peers and the topology is
partially meshed.
• All route reflectors must be non-client peers in a fully meshed
topology.
• Clients should peer with at least one other client outside of its own
cluster.
• Clients from all clusters should peer with all route reflectors.
• Clients must not peer with iBGP speakers outside the client cluster.

Question No#178
An engineer is seeking to improve access layer convergence. Which two
actions accomplish this goal? (Choose two)
• Prune unused VLANs to switches
• Propagate all VLANs to switches
• Configure storm control
• Utilize Rapid PVST+
• Implement MST

At which layer in the ACI fabric are policies enforced?

• Leaf
• Spine
• APIC
• End Point

Explanation:
Leaf switches: The bottom-level switches connect all servers or other parts
of the network to the fabric. In fact, the leaf devices can connect to any
device, and they are the place at which policies are enforced.

Question No#179
Which option is the unique requirement when supporting IP Multicast packet
when designing IPsec VPNs?
• IPsec forwarding using transport mode
• additional bandwidth far headend
• IPsec forwarding using tunnel mode
• encapsulation of traffic with GRE or VTI

Question No#180
After an incident caused by a DDoS attack on a router, an engineer must
ensure that the router is accessible and protected from future attacks without
making any changes to traffic passing through the router. Which security
function can be utilized to protect the router?
• access control lists
• control plane policing
• class maps
• tone-based policy firewall

Question No#181
What is the most important consideration when selecting a VPN termination
device?
• packets per second
• VPN sessions per interface
• bits per second
• CPU cycles per second

Question No#182
When designing data centers for multi tenancy. Which two benefits are
provided by the implementation of VSANs and zoning? (Choose two.)
• VSAN provides a means of restricting visibility and connectivity
among devices connected to a zone.
• Zones provide the ability to create many logical SAN fabrics on a
single
• Cisco MOS 9100 family switch.
• Zones allow an administrator to control which initiators can see which
targets.
• VSAN have their own set or services and address space, which
prevents an issue in one VSAN from affecting others.
 • VSANs and zones use separate fabrics.

Question No#183
In what situation must spanning-tree be implemented?
• when a VLAN spans access layer switches
• when redundant Layer 2 links, that are not part of a single
EtherChannel or bundle, exist between distribution switches
• when fast convergence is required for link failures
• when trunks need to extend multiple VLANs across access switches

Question No#184
A network engineer wants to segregate three interconnected campus networks
via isis routing. A two-layer hierarchy must be used to support large routing
domains to avoid more specific routes from each campus network being
advertised to other campus network routers automatically. What two actions
should be taken to accomplish this segregation? (Choose two.)

• Change the MTU sized of the interface of each campus network router
with a different value.
• Assign similar router IDs to all routers within each campus.
• Designate two isis routers from each campus to act as a Layer 1/ layer 2
backbone routers at the edge of each campus network.
• Assign a unique isis NET value for each campus and configure internal
campus routers with Level 1 routing.
• Designate two ISIS routers as BDR routers at the edge of each campus.

Question No#185

An engineer must create a BGP design that allows traffic load balancing.
Which BGP feature must be enabled manually to achieve this design?
• extended communities
• maximum-paths
• confederations
• maximum-prefix

Question No#186
An engineer is designing an OSPF network with multiple non backbone areas
connected to the backbone area via a hub-and-spoke topology. Each hub-and
spoke area has a large number of spoke routers connected to the hub that is
functioning as an ABR to provide better segmentation. Which two actions
improve the stability of this design? (Choose two.)

• Use External Type 2 metric across the OSPF domain

• Implement summarization on the ASBR routers in the backbone area
• Implement summarization on the ABR routers of hub-and-spoke areas.
• Configure hub-and-spoke areas as stub.
• Configure hub-and-spoke areas as totally stubby