Ensurepass

QUESTION 11

When considering the design of the E-Commerce topology which of the following are true?

 

A.

One-armed SLB design with multiple security contexts removes the need for a separate firewall in the core layer

B.

Two-firewall-layer SLB design considers the aggregation and access layers to be trusted zones, requiring no security between the web, application, and database zones

C.

One-armed SLB design with two firewall layers ensures that non load-balanced traffic still traverses the ACE so that the health and performance of the servers is still being monitored

D.

In all cases there will be configuration requirements for direct access to any servers or for nonload-balanced sessions initiated by the servers

 

Correct Answer: A

 

 

QUESTION 12

When designing the routing for an Enterprise Campus network it is important to keep which of the following route filtering aspects in mind?

 

A.

Filtering is only useful when combined with route summarization

B.

It is best to filter (allow) the default and summary prefixes only in the Enterprise Edge to remote sites or site-to-site IPsec VPN networks

C.

IGPs (for example EIGRP or OSPF) are superior to route filtering in avoiding inappropriate transit traffic through remote nodes or inaccurate or inappropriate routing updates

D.

The primary limitation of router filtering is that it can only be applied on outbound updates

 

Correct Answer: B

 

 

QUESTION 13

Which technology can block interfaces and provide a loop-free topology?

 

A.

STP

B.

VSS

C.

VLAN

D.

vPC

 

Correct Answer: D

 

 

QUESTION 14

Which three statements about zoning are correct? (Choose three.)

 

A.

Zoning increases security.

B.

DNS queries are used for software zoning.

C.

Software zoning is more secure than hardware zoning.

D.

When using zones and VSANs together, the zone is created first.

E.

Zoning requires that VSANs be established before it becomes operational.

 

Correct Answer: ABE

 

 

 

QUESTION 15

Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?

 

A.

VRRP

B.

BGP

C.

IPsec

D.

SSL

 

Correct Answer: B

 

 

QUESTION 16

Which two methods are available to connect a Cisco IOS device to an active directory domain for authentication? (Choose two.)

 

A.

Lightweight Directory Access Protocol

B.

DNS Based Authentication of Named Entities

C.

Microsoft Challenge-Handshake Authentication Protocol

D.

RADIUS server

E.

Directory Access Protocol

 

Correct Answer: AD

 

 

QUESTION 17

Which of the following features might be used by the Enterprise Campus network designer as a means of route filtering?

 

A.

IPv4 static routes

B.

Route tagging using a route map in an ACL

C.

Tagging routes using the BGP MED

D.

EIGRP stub networks

 

Correct Answer: D

 

 

QUESTION 18

Which two design concerns must be addressed when designing a multicast implementation? (Choose two.)

 

A.

only the low-order 23 bits of the MAC address are used to map IP addresses

B.

only the low-order 24 bits of the MAC address are used to map IP addresses

C.

only the high-order 23 bits of the MAC address are used to map IP addresses

D.

only the low-order 23 bits of the IP address are used to map MAC addresses

E.

the 0x01004f MAC address prefix is used for mapping IP addresses to MAC addresses

F.

the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses

 

Correct Answer: AF

 

 

 

 

QUESTION 19

When a router has to make a rate transition from LAN to WAN, what type of congestion needs should be considered in the network design?

 

A.

RX-queue deferred

B.

TX-queue deferred

C.

RX-queue saturation

D.

TX-queue saturation

E.

RX-queue starvation

F.

TX-queue starvation

 

Correct Answer: F

 

 

QUESTION 20

Which multicast implementation strategy provides load sharing and redundancy by configuring intradomain RPs as MSDP peers?

 

A.

anycast RP

B.

auto-RP

C.

bootstrap router

D.

static RP

 

Correct Answer: A

 

Free VCE & PDF File for Cisco 300-320 Actual Tests

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …

Comments are closed.