Q1. You are performing a BGP design review for a service provider that offers MPLS-based services to their end customers. The network is comprised of several PE routers that run iBGP with a pair of route reflectors for all BGP address families. Which two options about the use of Constrained Route Distribution for BGP/MPLS VPNs are true? (Choose two.) 

A. This feature must be enabled on all devices in the network at the same time. 

B. The RR must advertise the default route target filter toward the PE routers. 

C. The RRs do not need to advertise any route target filter toward the PE routers. 

D. Both PE and RR routers must support this feature. 

View Answer

Q2. During a network design review, it is recommended that the network with a single large area should be broken up into a backbone and multiple nonbackbone areas. There are differing opinions on how many ABRs are needed for each area for redundancy. What would be the impact of having additional ABRs per area? 

A. There is no impact to increasing the number of ABRs. 

B. The SPF calculations are more complex. 

C. The number of externals and network summaries are increased. 

D. The size of the FIB is increased. 

View Answer

Q3. You are a network designer and have been asked to consult with your server operations team to further enhance the security of the network. The operations team provides you with these details about the network: 

A pool of servers is accessed by numerous data centers and remote sites. 

The servers are accessed via a cluster of firewalls. 

The firewalls are configured properly and are not dropping traffic. 

The firewalls occasionally cause asymmetric routing of traffic within the server data center. 

Which technology would you recommend to enhance security by limiting traffic that could originate from a hacker compromising a workstation and redirecting flows at the servers? 

A. Access control lists to limit sources of traffic that exits the server-facing interface of the firewall cluster 

B. Poison certain subnets by adding static routes to Null0 on the server farm core switches. 

C. Unicast Reverse Path Forwarding in strict mode 

D. Unicast Reverse Path Forwarding in loose mode 

View Answer

Q4. A company would like to distribute a virtual machine (VM) hosting cluster between three data centers with the capability to move VMs between sites. The connectivity between data centers is IP only and the new design should use the existing WAN. Which Layer 2 tunneling technology do you recommend? 

A. VPLS 

B. L2TPv3 

C. OTV 

D. AToM 

View Answer

Q5. You are hired to design a solution that will improve network availability for users on a campus network with routed access. If the budget limits you to three components, which three components would you recommend in your design proposal? (Choose three.) 

A. redundant power supplies in the access routers 

B. standby route processors for SSO in the core routers 

C. standby route processors for SSO in the distribution routers 

D. standby route processors for SSO in the access routers 

E. replace copper links between devices with fiber links 

View Answer

Q6. As a service provider you must support a Layer 2 virtualization protocol that does not include the use of label switching. Which option can meet this design requirement? 

A. VPLS 

B. VRF-Lite 

C. QinQ 

D. 802.3ad 

View Answer

Q7. Acme Corporation indicates that their network design must support the ability to scale to support a high number of remote sites. Which IGP is considered to scale better for a hub-and-spoke topology? 

A. BGP 

B. OSPF 

C. IS-IS 

D. EIGRP 

View Answer

Q8. You are designing an Out of Band Cisco Network Admission Control, Layer 3 Real-IP Gateway deployment for a customer. Which VLAN must be trunked back to the Clean Access Server from the access switch? 

A. untrusted VLAN 

B. user VLAN 

C. management VLAN 

D. authentication VLAN 

View Answer

Q9. You are designing a Group Encrypted Transport Virtual Private Network solution consisting of 30 group members. Which measure helps protect encrypted user traffic from replay attacks? 

A. counter-based anti-replay 

B. time-based anti-replay 

C. nonce payload 

D. RSA-encrypted nonce 

E. digital certificates 

View Answer

Q10. ACME Corporation is integrating IPv6 into their network, which relies heavily on multicast distribution of data. Which two IPv6 integration technologies support IPv6 multicast? (Choose two.) 

A. 6VPE 

B. 6PE 

C. dual stack 

D. ISATAP 

E. 6to4 

F. IPv6INIP 

View Answer