aiotestking uk

300-320 Exam Questions - Online Test


300-320 Premium VCE File

Learn More 100% Pass Guarantee - Dumps Verified - Instant Download
150 Lectures, 20 Hours

P.S. Refined 300-320 braindump are available on Google Drive, GET MORE: https://drive.google.com/open?id=1SQGq0NTfhdguTL9XdbFHLLvvUxs-dPOs


New Cisco 300-320 Exam Dumps Collection (Question 4 - Question 13)

Question No: 4

ACME corporation owns a single MDS. Which two SAN tools can be used to optimize the use and cost of the switching hardware? (Choose two.)

A. zoning

B. IVR

C. VSAN

D. iSCSI

Answer: B,C


Question No: 5

The network engineering team for a large university must increase the security within the core of the network by ensuring that IP traffic only originates from a network segment that is assigned to that interface in the routing table. Which technology must be chosen to accomplish this requirement?

A. VLAN access control lists

B. Unicast Reverse Path Forwarding

C. Intrusion prevention system

D. ARP inspection

Answer: A


Question No: 6

NAC: Simple access control at user and device contextual level. Which features are needed ? (Choose Two)

A. secure access control

B. TrustSec

C. ISE

D. NAC agent

Answer: C,D


Question No: 7

Which router device group summarizes for WAN sites on which level?

A. Core

B. Distribution

C. Access-layer within campus

D. Distribution in data center

E. WAN edge

Answer: A


Question No: 8

You use 2x ISPs for the internet connectivity. How could you avoid your internal network to become a transit area (Choose two)?

A. accept all routes from ISPs inbound

B. advertise all routes outbound

C. filter internal routes inbound

D. filter internal routes outbound

E. use just one ISP

Answer: A,D

Explanation:

When connecting to multiple exit points from your AS and peering with multiple ISPs, there is a danger that by misconfiguration, you advertise routes that are received from one ISP to the other ISP. Your AS can become a transit area for Internet traffic of other networks, which can cost you money and resources. You can easily avoid this situation by advertising only your assigned address space to all

adjacent ISPs (also, you can advertise only your local AS and filter out the other ASs using BGP AS-path filter).

From a design point of view, this model (Multi-homing with Two ISPs) requires careful design consideration. For example, to avoid making the enterprise network as a transit AS/path for the two external ISPs (for example, ISP1 and ISP2), it is recommended that you always announce only your PI address space to the ISPs you are directly connected to. If, by mistake, you advertise routes that are received from ISP1 to ISP2, and ISP2u2021s policy is not restrictive enough, your AS will start to participate in the Internet traffic exchange (become a transit AS). In addition, if AS X, as shown in Figure 5-23, decided that the path to ISP1 from AS X is shorter through your network (via ISP2), it will start sending traffic that is destined for ISP1 to your router. Your router will happily route the traffic to ISP1, but the problem is that this extra traffic might leave your users with no bandwidth for themselves and, as a result, it will impact the overall user experience. Also, this situation raises a high security concern, because external traffic from an unknown network, traffic that could be malicious, will be using your corporate network as a transit path. Therefore, you, as the network designer, need to ensure that only the enterprise-owned PI address range is announced, combined with AS PATH filtering to permit only routes originating from the enterprise local AS to be advertised.

To prevent your network from becoming a transit AS, make sure that you advertise only your own PI address space to both ISPs by using outbound route filtering, BGP AS-PATH filtering, or a combination of both.


Question No: 9

A network engineer must reduce the security risks on a BGP network. Which option helps to avoid rogue route injection, unwanted peering, and malicious BGP activities?

A. Apply route maps and policies in route redistribution events.

B. Apply MD5 authentication between all BGP peers.

C. Encrypt all traffic with IPsec between neighbors.

D. Use GRE tunnels between all BGP peers.

Answer: D


Question No: 10

A network consultant is designing an enterprise network that includes an IPsec headend termination device. Which two capabilities are the most important to consider when assessing the headend deviceu2021s scalability? (Choose two.)

A. bandwidth capabilities

B. packets per second processing capability

C. CPU capabilities

D. number of tunnels that can be aggregated

E. memory capabilities

Answer: B,D


Question No: 11

Which security mechanism can you implement to protect the OSPF" information that a router receives?

A. privilege 15 credentials

B. administrator username and password authentication

C. RADIUS authentication

D. cryptographic authentication

Answer: D


Question No: 12

When a site has Internet connectivity with two different ISPu2021s, which two strategies are recommended to avoid becoming a BGP transit site? (Choose two.)

A. accept all inbound routes from ISPs

B. advertise all routes to both ISPs.

C. filter routes inbound from the ISPs.

D. filter routes outbound to the ISPs.

E. use a single service provider.

Answer: A,D


Question No: 13

Which option is correct when using Virtual Switching System?

A. Both control planes forward traffic simultaneously

B. Only the active switch forward traffic

C. Both data planes forward traffic simultaneously

D. Only the active switch handle the control plane

Answer: C


Recommend!! Get the Refined 300-320 dumps in VCE and PDF From Examcollectionplus, Welcome to download: https://www.examcollectionplus.net/vce-300-320/ (New 482 Q&As Version)