Which statement is the most accurate regarding IPsec VPN design for an Enterprise Campus environment?
A. VPN device IP addressing must align with the existing Campus addressing scheme.
B. The choice of a hub-and-spoke or meshed topology ultimately depends on the number of remotes.
C. Sizing and selection of the IPsec VPN headend devices is most affected by the throughput bandwidth requirements for the remote offices and home worker
D. Scaling considerations such as headend configuration, routing protocol choice, and topology have the broadest impact on the design.
Which unique characteristics of the Data Center Aggregation layer must be considered by an Enterprise Campus designer?
A. Layer 3 routing between the Access and Aggregation layers facilitates the ability to span VLANs across multiple access switches, which is a requirement for many server virtualization and clustering technologies.
B. “East-west” server-to-server traffic can travel between aggregation modules by way of the core, but backup and replication traffic typically remains within an aggregation module.
C. Load balancing, firewall services, and other network services are commonly integrated by the use of service modules that are inserted in the aggregation switches.
D. Virtualization tools allow a cost effective approach for redundancy in the network design by using two or four VDCs from the same physical switch.
Refer to the exhibit.
The Cisco Nexus 1000V in the VMware vSphere solution effectively creates an additional access layer in the virtualized data center network; which of the following 1000V characteristics can the designer take advantage of?
A. Offloads the STP requirement from the external Access layer switches
B. If upstream access switches do not support vPC or VSS the dual-homed ESX host traffic can still be distributed using virtual port channel host mode using subgroups automatically discovered through CDP
C. Allows transit traffic to be forwarded through the ESX host between VMNICs
D. Can be divided into multiple virtual device contexts for service integration, enhanced security, administrative boundaries, and flexibility of deployment
Support of vPC on the Cisco Nexus 5000 access switch enables various new design options for the data center Access layer, including which of the following?
A. The vPC peer link is not required for Access layer control traffic, and can instead be used to span VLANs across the vPC access switches
B. A single switch can associate per-interface with more than one vPC domain
C. vPC can be used on both sides of the MEC, allowing a unique 16-link EtherChannel to be built between the access and aggregation switches
D. Allows an EtherChannel between a server and a access switch while still maintaining the level of availability that is associated with dual-homing a server to two different access switches
The requirement for high availability within the Data Center network may cause the designer to consider which one of the following solutions?
A. Construct a hierarchical network design using EtherChannel between a server and two VDCs from the same physical switch
B. Utilize Cisco NSF with SSO to provide intrachassis SSO at Layers 2 to 4
C. Define the Data Center as an OSPF NSSA area, advertising a default route into the DC and summarizing the routes out of the NSSA to the Campus Core
D. Implement network services for the Data Center as a separate services layer using an active/active model that is more predictable in failure conditions
When designing remote access to the Enterprise Campus network for teleworkers and mobile workers, which of the following should the designer consider?
A. It is recommended to place the VPN termination device in line with the Enterprise Edge firewall, with ingress traffic limited to SSL only
B. Maintaining access rules, based on the source IP of the client, on an internal firewall drawn from a headend RADIUS server is the most secure deployment
C. VPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended when the remote user community is small and dedicated DHCP scopes are in place
D. Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick), including at Layer7
Which of the following is most accurate with respect to designing high availability within the Enterprise Campus network?
A. High availability at and between the Distribution and Access layers is as simple as redundant switches and redundant Layer 3 connections
B. Non-deterministic traffic patterns require a highly available modular topology design
C. Distribution layer high availability design includes redundant switches and Layer 3 equal-cost load sharing connections to the switched Access and routed Core layers, with a Layer 3 link between the Distribution switches to support summarization of routing information from the Distribution to the Core
D. Default gateway redundancy allows for the failure of a redundant Distribution switch without affecting endpoint connectivity
Which of the following should the Enterprise Campus network designer consider with respect to Video traffic?
A. While it is expected that the sum of all forms of video traffic will grow to over 90% by 2013, the Enterprise will be spared this rapid adoption of video by consumers through a traditional top-down approach
B. Avoid bandwidth starvation due to video traffic by preventing and controlling the wide adoption of unsupported video applications
C. Which traffic model is in use, the flow direction for the traffic streams between the application components, and the traffic trends for each video application
D. Streaming video applications are sensitive to delay while interactive video applications, using TCP as the underlying transport, are fairly tolerant of delay and jitter
Which technology is an example of the need for a designer to clearly define features and desired performance when designing advanced WAN services with a service provider?
A. FHRP to remote branches
B. Layer 3 MPLS VPNs secure routing
C. Control protocols (for example Spanning Tree Protocol) for a Layer 3 MPLS service
D. Intrusion prevention, QoS, and stateful firewall support network wide
Which of the following is true concerning best design practices at the switched Access layer of the traditional layer2 Enterprise Campus Network?
A. Cisco NSF with SSO and redundant supervisors has the most impact on the campus in the Access layer
B. Provide host-level redundancy by connecting each end device to 2 separate Access switches
C. Offer default gateway redundancy by using dual connections from Access switches to redundant Distribution layer switches using a FHRP
D. Include a link between two Access switches to support summarization of routing information from the Access to the Distribution layer
Download Lates CCDP 642-874 Real Free Tests , help you to pass exam 100%.