Q1. What are three key areas that need to be considered when designing a remote data center? (Choose three.)
A. power diversity
B. active directory services
C. Cisco IOS versions
D. data storage
E. applications
F. user access
G. packet routing
Answer: A,D,E
Q2. The evolution of the Data Center is best represented by the 3.0 architecture component of virtualization. Which of the following is not an example of the virtualization taking place in the Data Center?
A. Virtualized media access utilizing Fiber Channel over Ethernet
B. VLANs and virtual storage area networks (VSANs) provide for virtualized LAN and SAN connectivity, separating physical networks and equipment into virtual entities
C. Virtual Machines that run an application within the client operating system, which is further virtualized and running on common hardware
D. Storage devices virtualized into storage pools, and network devices are virtualized using device contexts
Answer: A
Q3. What is the primary advantage of implementing a wireless LAN controller in a wireless LAN design?
A. roaming between APs
B. RADIUS user authentication
C. radio resource management
D. accelerated data transfer
Answer: C
Q4. Which two can be used as a branch office WAN solution? (Choose two.)
A. frame relay
B. MPLS
C. Metro Ethernet
D. GPRS
E. dial-up modem
F. 3G USB modems
Answer: B,C
Explanation: Explanation Frame relay is old 'shared' technology today's sites use some flavor or Metro E or MPLS/VPN
Q5. When designing for a remote worker, which two are typical requirements? (Choose two.)
A. best-effort interactive and low-volume traffic patterns
B. connections to the enterprise edge using Layer 2 WAN technologies
C. always-on connection with SLA from ISP
D. voice and IPsec VPN support
E. high-end security devices with stateful firewall filtering
F. dual or multihoming to ISPs
Answer: C,D
Q6. Multicast has been enabled and configured in the Enterprise, and PIM Sparse-mode has been enabled on all VLANs. What feature is required to stop multicast traffic from being broadcasted on the access layer switches?
A. IGMP snooping
B. Multicast boundary filter
C. PIM dense-mode
D. Dynamic ARP inspection
Answer: A
Q7. Which is the North American RIR for IPv4 addresses?
A. RIPE
B. ARIN
C. IANA
D. IEEE
E. APNIC
Answer: B
Q8. A company has dark fiber between headquarters and its data center. It is presently configured as a 10GbE connection. Network utilization shows high utilization on the connection. What technology can be implemented to increase capacity without acquiring another circuit?
A. MPLS
B. DWDM
C. VPLS
D. DMVPN
Answer: B
Q9. A company must deploy an IGP routing protocol on an Enterprise Network. Where should route summarization be implemented?
A. distribution
B. core
C. access
D. backbone
Answer: A
Q10. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Answer: C
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13