cisco.practicetest.200-310.v2017-10-11.by.asher... exam a question 1 in a campus network hierarchy,...

http://www.gratisexam.com/

200-310.cisco

Number: 200-310Passing Score: 800Time Limit: 120 min


Sections1. Enterprise Network Design Explanation2. Design Methodologies Explanation3. Considerations for Expanding an Existing Network Explanation4. Addressing and Routing Protocols in an Existing Network Explanation5. Design Objectives Explanation


Exam A

QUESTION 1In a campus network hierarchy, which of the following security functions does not typically occur at the campus access layer?

A. NAC

B. packet filtering

C. DHCP snooping

D. DAI

Correct Answer: BSection: Considerations for Expanding an Existing Network ExplanationExplanation

Explanation/Reference:Section: Considerations for Expanding an Existing Network Explanation

Explanation:Packet filtering is typically implemented in the campus distribution layer, not the campus access layer. The distribution layer of the campus network hierarchy iswhere access control lists (ACLs) and inter-VLAN routing are typically implemented. The distribution layer serves as an aggregation point for access layer networklinks. Because the distribution layer is the intermediary between the access layer and the core layer, the distribution layer is the ideal place to enforce securitypolicies, provide load balancing, provide Quality of Service (QoS), and perform tasks that involve packet manipulation, such as routing and packet filtering. Becausethe distribution layer connects to both the access and core layers, it is often comprised of multilayer switches that can perform both Layer 3 routing functions andLayer 2 switching.

Network Admission Control (NAC), Dynamic ARP Inspection (DAI), and Dynamic Host Configuration Protocol (DHCP) snooping are performed at the campusaccess layer. The access layer serves as a media termination point for devices, such as servers and hosts. Because access layer devices provide access to thenetwork, the access layer is the ideal place to classify traffic and perform network admission control. NAC is a Cisco feature that prevents hosts from accessing thenetwork if they do not comply with organizational requirements, such as having an updated antivirus definition file. DHCP snooping is a feature used to mitigateDHCP spoofing attacks. In a DHCP spoofing attack, an attacker installs a rogue DHCP server on the network in an attempt to intercept DHCP requests. The rogueDHCP server can then respond to the DHCP requests with its own IP address as the default gateway address? hence all traffic is routed through the rogue DHCPserver. DAI is a feature that can help mitigate Address Resolution Protocol (ARP) poisoning attacks. In an ARP poisoning attack, which is also known as an ARPspoofing attack, the attacker sends a gratuitous ARP (GARP) message to a host. The message associates the attacker's MAC address with the IP address of avalid host on the network. Subsequently, traffic sent to the valid host address will go through the attacker's computer rather than directly to the intended recipient.

Reference:Cisco: Campus Network for High Availability Design Guide: Access Layer

QUESTION 2Which of the following is a network architecture principle that represents the structured manner in which the logical and physical functions of the network arearranged?



A. modularity

B. hierarchy

C. top-down

D. bottom-up

Correct Answer: BSection: Design Objectives ExplanationExplanation

Explanation/Reference:Section: Design Objectives Explanation

Explanation:The hierarchy principle is the structured manner in which both the physical and logical functions of the network are arranged. A typical hierarchical network consistsof three layers: the core layer, the distribution layer, and the access layer. The modules between these layers are connected to each other in a fashion thatfacilitates high availability. However, each layer is responsible for specific network functions that are independent from the other layers.

The core layer provides fast transport services between buildings and the data center. The distribution layer provides link aggregation between layers. Because thedistribution layer is the intermediary between the access layer and the campus core layer, the distribution layer is the ideal place to enforce security policies, provideload balancing, provide Quality of Service (QoS), and perform tasks that involve packet manipulation, such as routing. The access layer, which typically comprisesOpen Systems Interconnection (OSI) Layer 2 switches, serves as a media termination point for devices, such as servers and workstations. Because access layerdevices provide access to the network, the access layer is the ideal place to perform user authentication and to institute port security. High availability, broadcastsuppression, and rate limiting are also characteristics of access layer devices.

The modularity network architecture principle is most likely to facilitate troubleshooting. The modularity and hierarchy principles are complementary components ofnetwork architecture. The modularity principle is used to implement an amount of isolation among network components. This ensures that changes to any

given component have little to no effect on the rest of the network. Modularity also simplifies the troubleshooting process by limiting the task of isolating the problemto the affected module.The modularity principle typically consists of two building blocks: the access distribution block and the services block. The access distribution block contains thebottom two layers of a three tier hierarchical network design. The services block, which is a newer building block, typically contains services like routing policies,wireless access, tunnel termination, and Cisco Unified Communications services.

Top-down and bottom-up are both network design models, not network architecture principles. The top-down network design approach is typically used to ensure


that the eventual network build will properly support the needs of the network's use cases. For example, a dedicated customer service call center might firstevaluate communications and knowledgebase requirements prior to designing and building out the call center's network infrastructure. In other words, a top-downdesign approach typically begins at the

Application layer, or Layer 7, of the OSI reference model and works down the model to the Physical layer, or Layer 1.

In contrast to the top-down approach, the bottom-up approach begins at the bottom of the OSI reference model. Decisions about network infrastructure are madefirst, and application requirements are considered last. This approach to network design can often lead to frequent network redesigns to account for requirementsthat have not been met by the initial infrastructure.

Reference:CCDA 200-310 Official Cert Guide, Chapter 2, Cisco Enterprise Architecture Model, pp. 49-50Cisco: Enterprise Campus 3.0 Architecture: Overview and Framework: Hierarchy

QUESTION 3DRAG DROPFrom the left, select the characteristics that apply to a small branch office, and drag them to the right.

Select and Place:


Correct Answer:

Section: Enterprise Network Design ExplanationExplanation

Explanation/Reference:Section: Enterprise Network Design Explanation

Explanation:A small branch office typically uses a single Integrated Services Router (ISR), combines LAN and WAN termination, and does not include a distribution layer. Ciscodefines a small branch office as an office that contains up to 50 users and that implements a one-tier design. A single-tier design combines LAN and WANtermination into a single ISR, where a redundant link to the access layer can be created if the ISR uses an EtherChannel topology versus a trunked topology, whichoffers no link redundancy. Because a small branch office uses a single ISR, such as the ISR G2, to provide LAN and WAN services, an external access switch,such as the Cisco 2960, is not necessary. In addition, Rapid PerVLAN Spanning Tree Plus (RPVST+) is not supported on most ISR platforms.

Medium and large branch offices typically use RPVST+ and external access switches. RPVST+ is an advanced spanning tree algorithm that can prevent loops on aswitch that handles multiple virtual LANs (VLANs). RPVST+ is typically supported only on external switches and advanced routing platforms. External accessswitches provide high-density LAN connectivity to individual hosts and typically aggregate links on distribution layer switches.


Cisco defines a medium branch office as an office that contains between 50 and 100 users and that implements a two-tier design. A dual-tier design separates LANand WAN termination into multiple devices. A medium branch office typically uses two ISRs, with one ISR serving as a connection to the headquarters location andthe second serving as a connection to the Internet. In addition, the two ISRs are typically connected by at least one external switch that also serves as an accesslayer switch for the branch users.

Cisco defines a large branch office as an office that contains between 100 and 200 users and that implements a three-tier design. Similar to a dual-tier design, atriple-tier design separates LAN and WAN termination into multiple devices. However, a triple-tier design separates additional services, such as firewall functionalityand intrusion detection. A large branch office typically uses at least one dedicated device for each network service. Whereas small and medium branch officesconsist of only an edge layer and an access layer, the large branch office also includes a distribution layer.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, Enterprise Branch Profiles, pp. 275-279Cisco: LAN Baseline Architecture Branch Office Network Reference Design Guide: Small Office Design (PDF)Cisco: LAN Baseline Architecture Branch Office Network Reference Design Guide: Branch LAN Design Options (PDF)

QUESTION 4Which of the following statements is true regarding route summarization?

A. Summarization increases routing protocol convergence times.

B. Summarization must be performed on classless network boundaries.

C. Summarization causes a router to advertise more routes to its peers.

D. Summarization can reduce the amount of bandwidth used by a routing protocol.

E. Summarization cannot be performed on a group of contiguous networks.

Correct Answer: DSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation

Explanation/Reference:Section: Addressing and Routing Protocols in an Existing Network Explanation

Explanation:Route summarization can reduce the amount of bandwidth used by a routing protocol. Summarization is the process of advertising a group of contiguous networksas a single route. When a router performs summarization, the router advertises a summary route rather than routes to each individual subnetwork. Summarizationcan cause a routing protocol to converge faster and can reduce the consumption of network bandwidth, because only a single summary route will be advertised bythe routing protocol. For example, summarizing routes from the distribution layer to the core layer of a hierarchical network enables the distribution layer devices tolimit the number of routing advertisements that are sent to the core layer devices. Because fewer advertisements are sent, the routing tables of core layer devicesare kept small and access layer topology changes are not advertised into the core layer.

You can configure a router to summarize its networks on either classful or classless network boundaries. When combining routes to multiple subnetworks into asingle summarized route, you must take bits away from the subnet mask. For example, consider a router that has interfaces connected to the 16 contiguous


networks from 10.10.0.0/24 through 10.10.15.0/24. The routing table would contain a route to each of the 16 networks. The 16 contiguous networks can besummarized in 4 bits (24 = 16). Taking 4 bits away from the 24bit subnet mask yields a 20bit mask, which is 255.255.240.0. Thus the network and subnet maskcombination of 10.10.0.0 255.255.240.0 encompasses all 16 networks. The process of taking bits away from the subnet mask to more broadly encompass multiplesubnetworks is called supernetting. This is the opposite of subnetting, which divides a network into smaller subnetworks.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, Route Summarization, pp. 455-458Cisco: IP Routing Frequently Asked Questions: What does route summarization mean? Cisco: IP Addressing and Subnetting for New Users

QUESTION 5Which of the following queuing methods is the most appropriate for handling voice, video, mission-critical, and lower-priority traffic?

A. FIFO

B. WFQ

C. LLQ

D. CBWFQ

Correct Answer: CSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:Of the choices provided, low-latency queuing (LLQ) is the most appropriate queuing method for handling voice, video, mission-critical, and lower-priority traffic. LLQsupports the creation of up to 64 user-defined traffic classes as well as one or more strict-priority queues that can be used to guarantee bandwidth for delay-sensitive traffic, such as voice and video traffic. Each strict-priority queue can use as much bandwidth as possible but can use only the guaranteed bandwidth whenother queues have traffic to send, thereby avoiding bandwidth starvation. Cisco recommends limiting the strict-priority queues to a total of 33 percent of the linkcapacity.

Class-based weighted fair queuing (CBWFQ) provides bandwidth guarantees, so it can be used for voice, video, mission-critical, and lower-priority traffic. However,CBWFQ does not provide the delay guarantees provided by LLQ, because CBWFQ does not provide support for strict-priority queues. CBWFQ improves uponweighted fair queuing (WFQ) by enabling the creation of up to 64 custom traffic classes, each with a guaranteed minimum bandwidth.

Although WFQ can be used for voice, video, mission-critical, and lower-priority traffic, it does not provide the bandwidth guarantees or the strict-priority queues thatare provided by LLQ. WFQ is used by default on Cisco routers for serial interfaces at 2.048 Mbps or lower. Traffic flows are identified by WFQ based on source anddestination IP address, port number, protocol number, and Type of Service (ToS). Although WFQ is easy to configure, it is not supported on high-speed links.First-in-first-out (FIFO) queuing is the least appropriate for voice, video, mission-critical, and lower-priority traffic. By default, Cisco uses FIFO queuing for interfacesfaster than 2.048 Mbps. FIFO queuing requires no configuration because all packets are arranged into a single queue. As the name implies, the first packet


received is the first packet transmitted, without regard for packet type, protocol, or priority.

Reference:CCDA 200-310 Official Cert Guide, Chapter 6, Low-Latency Queuing, p. 235Cisco: Enterprise QoS Solution Reference Network Design Guide: Queuing and Dropping Principles Cisco: Signalling Overview: RSVP Support for Low Latency Queueing

QUESTION 6To which of the following high-availability resiliency levels do duplicate power supplies belong?


A. management

B. monitoring

C. network

D. system

Correct Answer: DSection: Enterprise Network Design ExplanationExplanation


Explanation:Duplicate power supplies are a system-level resiliency component of a high-availability solution. High-availability solutions feature redundant components thatprovide protection in the event that a primary component fails. Cisco defines three components of a high-availability solution: network-level resiliency, system-levelresiliency, and management and monitoring. System-level resiliency components provide failover protection for system hardware components. Duplicate powersupplies ensure that critical system components can maintain power in the event of a failure of the primary power supply.

Duplicate power supplies are not an example of management and monitoring resiliency components. Management and monitoring is a resiliency component usedto quickly detect changes to various components of a high-availability solution. Examples of the monitoring component include Syslog. Syslog is used to gatherinformation about the state of network components and to compile them in a centralized location. This allows administrators to gain information regarding the stateof network or system components without having to log on to each device on the network.

Duplicate power supplies are not an example of network-level resiliency components. Network-level resiliency features redundant network devices, such as backupswitches. In addition, network resiliency features duplicate links that can be used to maintain communication between network devices if the primary link fails. When


you increase network resiliency by adding redundant links to a network design, you should also configure link management protocols, such as Spanning TreeProtocol (STP), to ensure that the redundant links do not generate loops within the network.

Reference:Cisco: Deploying High Availability in the Wiring Closet Q&A

QUESTION 7Which of the following statements are true about OSPF and EIGRP? (Choose two.)

A. Both use a DR and a BDR.

B. Both use a DIS.

C. Both can operate on an NBMA point-to-multipoint network.

D. Both can operate on an NBMA point-to-point network.

E. Both perform automatic route summarization.

F. Both use areas to limit the flooding of database updates.

Correct Answer: CDSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) can operate on non-broadcast multi-access (NBMA) point-to-pointnetworks and NBMA point-to-multipoint networks. Because NBMA networks, such as Frame Relay and Asynchronous Transfer Mode (ATM), do not support DataLink layer broadcasts, routing protocols that operate on NBMA networks must support methods of neighbor discovery and route advertisement that do not rely onmulticast or broadcast transmission methods. Although subinterfaces can be used to treat an NBMA point-to-multipoint network as a series of point-to-pointconnections, you are not required to configure subinterfaces for NBMA point-to-multipoint networks with EIGRP and OSPF.

EIGRP, not OSPF, performs automatic route summarization. Summarization is a method that can be used to advertise a group of contiguous networks as a singleroute. You can configure a router to summarize its networks on either classful or classless network boundaries. When a router performs summarization, the routeradvertises a summary route rather than routes to each individual subnetwork, which can cause a routing protocol to converge faster. This can also reduceunnecessary consumption of network bandwidth, because only a single summary route will be advertised by the routing protocol. EIGRP is capable of performingsummarization on any EIGRP interface. By contrast, OSPF supports summarization at border routers and redistribution summarization.

OSPF, not EIGRP, uses a designated router (DR) and a backup designated router (BDR) as focal points for routing information. Only the DR distributes link-stateadvertisements (LSAs) that contain OSPF routing information to all the OSPF routers in the area. A DR and a BDR are elected only on multiaccess networks; theyare not elected on point-to-point networks. If the DR fails or is powered off, the BDR takes over for the DR and a new BDR is elected.

Intermediate System-to-Intermediate System (ISIS), not EIGRP or OSPF, uses a designated intermediate system (DIS). A DIS is functionally equivalent to an OSPF


DR. The DIS serves as a focal point for the distribution of routing information. Once elected, the DIS must relinquish its duties if another router with a higher priorityjoins the network. If the DIS is no longer detected on the network, a new DIS is elected based on the priority of the remaining routers on the network segment.

OSPF, not EIGRP, uses areas to limit the flooding of database updates, thereby keeping routing tables small and update traffic low within each area. By contrast,EIGRP uses stub routers to limit EIGRP queries.

An EIGRP stub router advertises only a specified set of routes.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, OSPFv2 Summary, p. 439CCDA 200-310 Official Cert Guide, Chapter 10, EIGRP for IPv4 Summary, p. 406Cisco: Configuration Notes for the Implementation of EIGRP over Frame Relay and Low Speed Links: NBMA Interfaces (Frame Relay, X.25, ATM)Cisco: OSPF Design Guide: Adjacencies on Non-Broadcast Multi-Access (NBMA) Networks

QUESTION 8STP is disabled by default in which of the following Layer 2 access designs?

A. Flex Link

B. loop-free U

C. looped triangle

D. loop-free inverted U

E. looped square

Correct Answer: ASection: Enterprise Network Design ExplanationExplanation


Explanation:Spanning Tree Protocol (STP) is disabled by default in Flex Link designs. STP prevents switching loops on a network. Switching loops can occur when there ismore than one switched path to a destination. The spanning tree algorithm determines the best path through a switched network, and any ports that createredundant paths are blocked. If the best path becomes unavailable, the network topology is recalculated and the port connected to the next best path is unblocked.There are no loops in a Flex Link design, and STP is disabled when a device is configured to participate in a Flex Link. Interface uplinks in this topology areconfigured in active/standby pairs, and each device can only belong to a single Flex Link pair. In the event of an uplink failure, the standby link becomes active andtakes over, thereby offering redundancy when an access layer uplink fails. Possible disadvantages of the Flex Link design include its inability to return to the originalstate after a failed link is recovered, its increased convergence time over other designs, and its inability to run STP in order to block redundant paths that might becreated by inadvertent errors in cabling or configuration.

STP is not disabled by default in loop-free inverted U designs. Loop-free inverted U designs offer redundancy at the aggregation layer, not the access layer?


therefore, traffic will black-hole upon failure of an access switch uplink. All uplinks are active with no looping, thus there is no STP blocking by default. However,STP is still essential so that redundant paths that might be created by any inadvertent errors in cabling or configuration are blocked.

STP is not disabled by default in loop-free U designs. This topology offers a redundant link between access layer switches as well as a redundant link at theaggregation layer. Because of the redundant path in both layers, extending a virtual LAN (VLAN) beyond an individual access layer pair would create a loop?therefore, loop-free U designs cannot support VLAN extensions. Like loop-free inverted U designs, loop-free U designs also run STP and have issues with trafficbeing black-holed upon failure of an access switch uplink.

STP is not disabled by default in looped triangle designs. A looped triangle design can provide deterministic convergence in the event of a link failure. In a triangledesign, each access layer device has direct paths to redundant aggregation layer devices. The ability to recover from a failed link in this design is granted byredundant physical connections that are blocked by Rapid STP (RSTP) until the primary connection fails. RSTP is an evolution of STP that provides fasterconvergence. RSTP achieves this by merging the disabled, blocking, and listening states into a single state, called the discarding port state. With fewer port statesto transition through, convergence is faster. A looped triangle topology is currently the most common design in enterprise data centers.STP is not disabled by default in looped square designs. Like a looped triangle, a looped square design can provide deterministic convergence through redundantconnections. However, the difference between the two is that in a looped square the redundant link exists between the access layer devices themselves, whereas ina looped triangle the redundant link exists between the access layer devices and the aggregation layer devices. In a looped square, the connection between theaccess layer devices is blocked by STP until a primary link failure occurs.

Reference:Cisco: Data Center Access Layer Design: FlexLinks Access Model

QUESTION 9Your company is opening a branch office that will contain 29 host computers. Your company has been allocated the 192.168.10.0/24 address range, and you havebeen asked to conserve IP address space when creating a subnet for the new branch office.

Which of the following network addresses should you use for the new branch office? (

A. 192.168.10.0/25

B. 192.168.10.32/26

C. 192.168.10.64/26

D. 192.168.10.64/27



Explanation:You should use the 192.168.10.64/27 network address for the new branch office. The /27 notation indicates that 27 bits are used for the network portion of the


address and that five bits remain for the host portion of the address, which allows for 32 (25) usable host addresses. Therefore, this address range is large enoughto handle the number of hosts on the new branch office subnet. The first address is the network address, the last address is the broadcast address, and the other30 (25-2) addresses are usable host addresses. Therefore, this address range is large enough to handle a subnet containing 29 host computers.

You should always begin allocating address ranges starting with the largest group of hosts to ensure that the entire group has a large, contiguous address rangeavailable. Subnetting a contiguous address range in structured, hierarchical fashion enables routers to maintain smaller routing tables and eases administrativeburden when troubleshooting.

You should not use the 192.168.10.0/25 network address for the new branch office. The /25 notation indicates that 25 bits are used for the network portion of theaddress and that 7 bits remain for the host portion of the address, which allows for 126 (27-2) usable host addresses. Although this address range is large enoughto handle the new branch office subnet, it does not conserve IP address space, because a smaller range can successfully be used.

You should not use the 192.168.10.32/26 network address for the new branch office. Although a 26bit mask is large enough for 62 usable host addresses, the192.168.10.32 address is not a valid network address for a 26-bit mask. The 192.168.10.0/24 address range can be divided into four ranges, each with 64addresses, by using a 26-bit mask:

192.168.10.0/26192.168.10.64/26192.168.10.128/26192.168.10.192/26

You should not use the 192.168.10.64/26 network address for the new branch office. The /26 notation indicates that 26 bits are used for the network portion of theaddress and that six bits remain for the host portion of the address, which allows for 62 (26-2) host addresses. Although this address range is large enough tohandle the new branch office subnet, it does not conserve IP address space, because a smaller range can successfully be used.Although it is important to learn the formula for calculating valid host addresses, the following list demonstrates the relationship between common subnet masksand valid host addresses:


Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Address Subnets, pp. 302-310CCDA 200-310 Official Cert Guide, Chapter 8, Plan for a Hierarchical IP Address Network, pp. 311-312 Cisco: IP Addressing and Subnetting for New Users

QUESTION 10You are planning a network by using the top-down design method. You are using structured design principles to generate a model of the completed system.

Which of the following are you most likely to consider when creating the model? (Choose four.)

A. business goals

B. future network services

C. network protocols

D. technical objectives

E. applications

F. network topologies


G. network components

Correct Answer: ABDESection: Design Methodologies ExplanationExplanation

Explanation/Reference:Section: Design Methodologies Explanation

Explanation:Most likely, you will consider business goals, existing and future network services, technical objectives, and applications if you are using structured design principlesto generate a model of the completed system if that system is being planned by using the top-down design method. The top-down network design approach istypically used to ensure that the eventual network build will properly support the needs of the network's use cases. In other words, a top-down design approachtypically begins at the Application layer, or Layer 7, of the Open Systems Interconnection (OSI) reference model and works down the model to the Physical layer, orLayer 1. In order for the designer and the organization to obtain a complete picture of the design, the designer should create models that represent the logicalfunctionality of the system, the physical functionality of the system, and the hierarchical layered functionality of the system.

Because a top-down design model of the completed system is intended to provide an overview of how the system functions, lower OSI-layer specifics such asnetwork protocols should not be included in the model. Therefore, you should not consider the network protocols that will be implemented. Nor should you considerthe network topologies or network hardware components. Those components of the design should be assessed in more specific detail in the lower layers of the OSIreference model.

Reference:Cisco: Using the Top-Down Approach to Network Design: Structured Design Principles (Flash)

QUESTION 11Which of the following best describes route summarization?

A. It increases the scalability of a network design by facilitating the coexistence of multiple routing protocols.

B. It protects the network from unnecessary vulnerabilities or downtime that might be caused by having a single point of failure.

C. It enables a router to advertise multiple contiguous subnets as a single, larger subnet.

D. It can be used in conjunction with redistribution to block route advertisements that could create routing loops.

Correct Answer: CSection: Enterprise Network Design ExplanationExplanation


Explanation:


Route summarization is an advanced routing feature that enables a router to advertise multiple contiguous subnets as a single, larger subnet. Summarization, whichis also known as supernetting, combines several smaller subnets into one larger subnet. This enables routers on the network to maintain a single summarized routein their routing tables. Therefore, fewer routes are advertised by the routers, which reduces the amount of bandwidth required for routing update traffic. Routesummarization is most efficient when the subnets can be summarized within a single subnet boundary and are contiguous, meaning that all of the subnets areconsecutive. Summarization is typically performed between the enterprise campus core and the enterprise edge. Advanced routing features, such assummarization, route filtering, and redistribution, can greatly impact the functionality and scalability of a network and, thus, should be carefully considered during thenetwork design process.

Redundancy, not route summarization, is the repetition built into a network design to protect the network from unnecessary vulnerabilities or downtime that might becaused by having a single point of failure. Simply put, redundancy is having a backup plan in place that can be used in the event that the primary plan becomesunavailable. For example, multiple physical links between two switches could be used to promote redundancy.

Redistribution, not route summarization, is an advanced routing feature that increases the scalability of a network design by facilitating the coexistence of multiplerouting protocols. For example, to join networks at multiple locations where one is running Enhanced Interior Gateway Routing Protocol (EIGRP) and the other isrunning Open Shortest Path First (OSPF), Cisco recommends that you configure two-way redistribution with route map filters at each location. Redistribution istypically performed by routers between the enterprise campus core and the enterprise edge.

Route filtering, not route summarization, is an advanced routing feature that can be used in conjunction with redistribution to block route advertisements that couldcreate routing loops. Routing loops occur when a topology change or a delayed routing update results in two routers pointing to each other as the next hop to adestination. For example, Router1 has a path to Router2 that begins with Router3, and Router3 has a path to Router2 that begins with Router1. Since both Router1and Router3 send data to each other that is intended for Router2, they will continuously bounce the data back and forth between them, thus forming a loop. In orderto prevent this loop, a route filter could be used to stop the path from Router1 to Router2 from being advertised to Router3. Consequently, when Router3 receivesdata from Router1 that is intended for Router2, the only route available is its own path directly to Router2. Because route filtering is often used in conjunction withredistribution, route filtering is typically performed by routers between the enterprise campus core and the enterprise edge.

Reference:Cisco: OSPF Design Guide: OSPF and Route Summarization

QUESTION 12Which of the following is least likely to be a concern when installing a server in a third-party data center?


A. airflow

B. the demarcation point

C. rack security

D. vertical rack space




Explanation:Of the choices provided, the least likely concern when installing a server in a third-party data center is the demarcation point, or demarc. The demarc is thetermination point between a physical location and its service provider. In other words, it is the point where the responsibility of the physical location ends and theresponsibility of the service provider begins. At a third-party datacenter, the demarc is the responsibility of the data center provider and its service provider, not ofthe data center's customers.

Rack security is likely to be a concern when installing a server in a third-party data center. Commercial data centers house devices for multiple customers within thesame physical area. Although many data centers are physically secured against intruders who might steal or modify equipment, the data center's other customershave the same access to the physical area that you do. Therefore, you should install physical security mechanisms, such as a lock, at the rack level to ensure thatyour company's devices cannot be accessed by others.

Rack space is likely to be a concern when installing a server in a third-party data center. Although most racks adhere to a standard width of 19 inches (about 48centimeters), a certain number of units (U), or height, of space must be available within a rack to allow the installation of your equipment and to allow spacebetween your equipment and other equipment that is contained within the rack. A U is equivalent to 1.75 inches (about 4.5 centimeters) of height. Therefore, if thedevice you want to install is a 2U device, the rack should have at least 3.5 inches (about 9 centimeters) of available space to accommodate the device and more toallow for space above and below the device.

Airflow is likely to be a concern when installing a server in a third-party data center. When configuring devices in a rack, it is important to allow proper airflow aroundthe devices so that they do not overheat. However, you should also choose a data center that provides environmental controls. For example, a hot and cold aislelayout is a data center design that attempts to control the airflow within the room in order to mitigate problems that can result from overheated servers? it essentiallyprevents hot air from mixing with cold air. A raised floor layout is a data center design that puts the heating, ventilation, and air conditioning (HVAC) ductwork belowthe floor tiles. The tiles, which are typically located in the aisles between the server racks in this type of environment, are perforated so that airflow can be directedand concentrated in the exact locations desired.

Reference:CCDA 200-310 Official Cert Guide, Chapter 4, Data Center Facility Aspects, pp. 136-138 Category: Considerations for Expanding an Existing Network

QUESTION 13Which of the following network issues are not likely to be mitigated by using a modular architecture? (Choose two.)

A. hardware failures

B. physical link failures

C. application failures


D. poor scalability

E. poor redundancy

Correct Answer: CESection: Design Objectives ExplanationExplanation


Explanation:Application failures and poor redundancy are not likely to be mitigated by using a modular architecture. Poor redundancy and resiliency are more likely to bemitigated by a full-mesh topology. However, full-mesh topologies restrict scalability. Application failures can be mitigated by server redundancy.Most likely, hardware failures, physical link failures, and poor scalability can be mitigated by using a modular architecture. The modularity and hierarchy principlesare complementary components of network architecture. The modularity principle is used to implement an amount of isolation among network components. Thisensures that changes to any given component have little to no effect on the rest of the network. Thus hardware failures and physical link failures, which aredetrimental to network stability and reliability, are less likely to cause system-wide issues. Modularity facilitates scalability because it allows changes or growth tooccur without system-wide outages.

The hierarchy principle is the structured manner in which both the physical functions and the logical functions of the network are arranged. A typical hierarchicalnetwork consists of three layers: the core layer, the distribution layer, and the access layer. The modules between these layers are connected to each other in afashion that facilitates high availability. However, each layer is responsible for specific network functions that are independent from the other layers.

The core layer provides fast transport services between buildings and the data center. The distribution layer provides link aggregation between layers. Because thedistribution layer is the intermediary between the access layer and the campus core layer, the distribution layer is the ideal place to enforce security policies, provideload balancing, provide Quality of Service (QoS), and perform tasks that involve packet manipulation, such as routing. The access layer, which typically comprisesOpen Systems Interconnection (OSI) Layer 2 switches, serves as a media termination point for devices, such as servers and workstations. Because access layerdevices provide access to the network, the access layer is the ideal place to perform user authentication and to institute port security. High availability, broadcastsuppression, and rate limiting are also characteristics of access layer devices.

Reference:Cisco: Enterprise Campus 3.0 Architecture: Overview and Framework: ModularityCategory: Design Objectives

QUESTION 14View the Exhibit.


You have been asked to analyze the router configuration for the network shown in the exhibit. Examine the following show command output for RouterA andRouterC:


You want to ensure that the routing protocol converges as quickly as possible, and you want to eliminate the unnecessary consumption of network bandwidth.Which of the following should you do?

A. Use physical Ethernet interfaces instead of logical subinterfaces on RouterA.

B. Use physical Ethernet interfaces instead of logical subinterfaces on RouterC.

C. Remove the RIP routing protocol from the configuration of RouterA, and use EIGRP instead.

D. Remove the RIP routing protocol from the configuration of RouterC, and use EIGRP instead.

E. Issue the EIGRP auto-summary command on RouterA.

F. Issue the EIGRP auto-summary command on RouterC.

Correct Answer: ESection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:You should issue the Enhanced Interior Gateway Routing Protocol (EIGRP) auto-summary command on RouterA. A summary route is used to advertise a group ofcontiguous networks as a single route, thus reducing the size of the routing table. Examination of the show ip route output from RouterC indicates that RouterC haslearned nine different routes via its Serial 1 interface. The letter D that appears in the first column of each entry in the routing table indicates that these routes werelearned via EIGRP. Further examination of these nine routes indicates that eight of these routes fall within the 172.16.0.0 classful network.

By comparing the show ip route output from RouterC with the show ip interface brief output from RouterA, you can see that all of the 172.16.0.0 subnetworks knownby RouterC are directly connected networks on RouterA. Therefore, RouterC does not need to know about each individual 172.16.0.0 subnetwork on RouterA.RouterC only needs to know that traffic destined to any 172.16.0.0 subnetwork should be sent to RouterA. Issuing the EIGRP auto-summary command on RouterAwill cause RouterA to summarize its networks on classful boundaries and advertise only a summary route rather than routes to each individual subnetwork. Theadvertisement of a single summary route instead of routes to individual subnetworks will cause EIGRP to converge faster. This will also reduce the unnecessaryconsumption of network bandwidth, because only a single summary route will be advertised by EIGRP.

Automatic summarization can cause problems when classful networks are discontiguous within a network topology. A discontiguous subnet exists when asummarized route advertises one or more subnets that should not be reachable through that route. Therefore, when discontiguous networks in the same subnetexist in a topology, you should disable automatic summarization with the no auto-summary command. In this scenario, you can deduce that the no auto-summarycommand has been issued previously. In order to meet the requirements, set forth in the scenario, you need to turn automatic summarization back on by issuing theauto-summary command on RouterA.

Issuing the auto-summary command on RouterC would not meet the objectives set forth in the scenario. EIGRP will only summarize routes to directly connectednetworks when the auto-summary command is issued. Issuing the auto-summary command on RouterC would not cause RouterC to summarize routes that itlearns from RouterA.

The use of physical interfaces instead of logical subinterfaces has no effect on the speed at which a routing protocol converges or the amount of bandwidth


consumed. The use of physical interfaces or logical subinterfaces is most often dictated by the network design or the type of network media used. Typically,arbitrary choices between physical interfaces and logical subinterfaces cannot be made.

There is nothing in the scenario or in the show output provided that indicates that the Routing Information Protocol (RIP) routing protocol should be removed andreplaced with EIGRP. On the contrary, the letter D that appears in the first column of each route in the routing table indicates that EIGRP is already being used.EIGRP routes are coded with the letter D, whereas the letter E is used to denote Exterior Gateway Protocol (EGP) routes; EGP predates EIGRP. If any RIP routesexisted, they would be labeled with the letter R.

Reference:CCDA 200-310 Official Cert Guide, Chapter 10, EIGRP Design, p. 404CCDA 200-310 Official Cert Guide, Chapter 11, Route Summarization, pp. 455-458Cisco: EIGRP Commands: auto-summary (EIGRP)

QUESTION 15Confidentiality, integrity, and authentication are features of which of the following protocols?

A. GRE

B. PPP

C. IPSec

D. PPPoE



Explanation:IP Security (IPSec) provides confidentiality, integrity, and authentication. IPSec is a framework of protocols that can be used to provide security for virtual privatenetwork (VPN) connections. VPNs provide secure communications over an unsecure network, such as the Internet. IPSec provides data confidentiality byencrypting the data before it is sent over the connection. Because the data is encrypted, an attacker who intercepts the data will be unable to read it. IPSec providesdata integrity by using checksums on each end of the connection. If the data generates the same checksum value on each end of the connection, the data was notmodified in transit. IPSec also provides data authentication through various methods, including user name/password combinations, preshared keys, digitalcertificates, and onetime passwords (OTPs).

Generic Routing Encapsulation (GRE) is a protocol designed to tunnel any Layer 3 protocol through an IP transport network. Because the focus of GRE is totransport many different protocols, it has very limited security features. By contrast, IPSec has strong data confidentiality and data integrity features, but it cantransport only IP traffic. GRE over IPSec combines the best features of both protocols to securely transport any protocol over an IP network. However, GRE itselfdoes not provide confidentiality, integrity, and authentication.


Point-to-Point Protocol (PPP) is a WAN protocol that can be used on point-to-point serial links. PPP relies upon other protocols to provide authentication andsecurity for the link. PPP itself does not provide confidentiality, integrity, and authentication.

PPP over Ethernet (PPPoE) is typically used to initiate a session with a Digital Subscriber Line (DSL) service provider. With PPPoE, PPP frames are encapsulatedinto Ethernet frames for transmission to the service provider. Because PPP frames are not encrypted, PPPoE cannot provide a secure connection.

PPPoE does not provide confidentiality, integrity, and authentication.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, Enterprise Managed VPN: IPsec, pp. 255-259 Cisco: Configuring Security for VPNs with IPsec: IPsec Functionality Overview



You are designing an IP addressing scheme for the network in the exhibit above.

Each switch represents hosts that reside in separate VLANs. The subnets should be allocated to match the following host capacities:Router subnet: two hosts SwitchA subnet: four hosts SwitchB subnet: 10 hosts SwitchC subnet: 20 hosts SwitchD subnet: 50 hosts

You have chosen to subnet the 192.168.51.0/24 network.

Which of the following are you least likely to allocate?


A. a /25 subnet

B. a /26 subnet

C. a /27 subnet

D. a /28 subnet

E. a /29 subnet

F. a /30 subnet

Correct Answer: ASection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:Of the available choices, you are least likely to allocate a /25 subnet. The largest broadcast domain in this scenario contains 50 hosts. A /25 subnet can contain upto 126 assignable hosts. In this scenario, allocating a /25 subnet would reserve half the 192.168.51.0/24 network for a single virtual LAN (VLAN). The total numberof hosts for which you need addresses in this scenario is 86. Therefore, you would only need to use half the /24 subnet if all 86 hosts were residing in the sameVLAN.

You should begin allocating address ranges starting with the largest group of hosts to ensure that the entire group has a large, contiguous address range available.Subnetting a contiguous address range in structured, hierarchical fashion enables routers to maintain smaller routing tables and eases administrative burden whentroubleshooting.

You are likely to use a /26 subnet. In this scenario, the largest VLAN contains 50 hosts. If you were to divide the 192.168.51.0/25 subnet into two /26 subnets, theresult would be two new subnets capable of supporting up to 62 assignable hosts: the 192.168.51.0/26 subnet and the 192.168.51.64/26 subnet. Therefore, youshould start subnetting with a /26 network. To maintain a logical, hierarchical IP structure, you could then allocate the 192.168.51.64/26 subnet to SwitchD's VLAN.

You are likely to use a /27 subnet. The nextlargest broadcast domain in this scenario is the SwitchC subnet, which contains 20 hosts. If you were to divide the192.168.51.0/26 subnet into two /27 subnets, the result would be two new subnets capable of supporting up to 30 assignable hosts: the 192.168.51.0/27 subnet andthe 192.168.51.32/27 subnet. To maintain a logical, hierarchical IP structure, you could then allocate the 192.168.51.32/27 subnet to SwitchC's VLAN.

You are likely to use a /28 subnet. The nextlargest broadcast domain in this scenario is the SwitchB subnet, which contains 10 hosts. If you were to divide the192.168.51.0/27 subnet into two /28 subnets, the result would be two new subnets capable of supporting up to 14 assignable hosts: the 192.168.51.0/28 subnet andthe 192.168.51.16/28 subnet. To maintain a logical, hierarchical IP structure, you could then allocate the 192.168.51.16/28 subnet to SwitchB's VLAN.

You are likely to use a /29 subnet. The nextlargest broadcast domain in this scenario is the SwitchA subnet, which contains four hosts. If you were to divide the192.168.51.0/28 subnet into two /29 subnets, the result would be two new subnets capable of supporting up to six assignable hosts: the 192.168.51.0/29 subnetand the 192.168.51.8 subnet. To maintain a logical, hierarchical IP structure, you could then allocate the 192.168.51.8/29 subnet to SwitchA's VLAN.


You are likely to use a /30 subnet. The final subnet in this scenario is the link between RouterA and RouterB, which contains two hosts. If you were to divide the192.168.51.0/29 subnet into two /30 subnets, the result would be two new subnets capable of supporting two assignable hosts each: the 192.168.51.0/30 subnetand the 192.168.51.4/30 subnet. To maintain a logical, hierarchical IP structure, you could then allocate the 192.168.51.4/30 subnet to the link between RouterAand RouterB. This would leave the 192.168.51.0/30 subnet unallocated. However, you could further divide the 192.168.51.0/30 subnet into single /32 hostaddresses that could then be used for loopback IP addressing on the routers.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Address Subnets, pp. 302-310CCDA 200-310 Official Cert Guide, Chapter 8, Plan for a Hierarchical IP Address Network, pp. 311-312Cisco: IP Addressing and Subnetting for New Users

QUESTION 17Which of the following is a type of attack that can be mitigated by enabling DAI on campus access layer switches?

A. ARP poisoning

B. VLAN hopping

C. DHCP spoofing

D. MAC flooding

Correct Answer: ASection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:Dynamic ARP Inspection (DAI) can be enabled on campus access layer switches to mitigate Address Resolution Protocol (ARP) poisoning attacks. In an ARPpoisoning attack, which is also known as an ARP spoofing attack, the attacker sends a gratuitous ARP (GARP) message to a host. The message associates theattacker's media access control (MAC) address with the IP address of a valid host on the network. Subsequently, traffic sent to the valid host address will gothrough the attacker's computer rather than directly to the intended recipient. DAI protects against ARP poisoning attacks by inspecting all ARP packets that arereceived on untrusted ports.

Dynamic Host Configuration Protocol (DHCP) spoofing attacks can be mitigated by enabling DHCP snooping on campus access layer switches, not by enablingDAI. In a DHCP spoofing attack, an attacker installs a rogue DHCP server on the network in an attempt to intercept DHCP requests. The rogue DHCP server canthen respond to the DHCP requests with its own IP address as the default gateway address? hence all traffic is routed through the rogue DHCP server. DHCPsnooping is a feature of Cisco Catalyst switches that helps prevent rogue DHCP servers from providing incorrect IP address information to hosts on the network.When DHCP snooping is enabled, DHCP servers are placed onto trusted switch ports and other hosts are placed onto untrusted switch ports. If a DHCP replyoriginates from an untrusted port, the port is disabled and the reply is discarded.

Virtual LAN (VLAN) hopping attacks can be mitigated by disabling Dynamic Trunking Protocol (DTP) on campus access layer switches, not by enabling DAI. A


VLAN hopping attack occurs when a malicious user sends frames over a VLAN trunk link? the frames are tagged with two different 802.1Q tags, with the goal ofsending the frame to a different VLAN. In a VLAN hopping attack, a malicious user connects to a switch by using an access VLAN that is the same as the nativeVLAN on the switch. If the native VLAN on a switch were VLAN 1, the attacker would connect to the switch by using VLAN 1 as the access VLAN. The attackerwould transmit packets containing 802.1Q tags for the native VLAN and tags spoofing another VLAN. Each packet would be forwarded out the trunk link on theswitch, and the native VLAN tag would be removed from the packet, leaving the spoofed tag in the packet. The switch on the other end of the trunk link wouldreceive the packet, examine the 802.1Q tag information, and forward the packet to the destination VLAN, thus allowing the malicious user to inject packets into thedestination VLAN even though the user is not connected to that VLAN.

To mitigate VLAN hopping attacks, you should configure the native VLAN on a switch to an unused value, remove the native VLAN from each end of the trunk link,place any unused ports into a common unrouted VLAN, and disable DTP for unused and nontrunk ports. DTP is a Cisco-proprietary protocol that easesadministration by automating the trunk configuration process. However, for nontrunk links and for unused ports, a malicious user who has gained access to the portcould use DTP to gain access to the switch through the exchange of DTP messages. By disabling DTP, you can prevent a user from using DTP messages to gainaccess to the switch. MAC flooding attacks can be mitigated by enabling port security on campus access layer switches, not by enabling DAI. In a MAC flooding attack, an attackergenerates thousands of forged frames every minute with the intention of overwhelming the switch's MAC address table. Once this table is flooded, the switch canno longer make intelligent forwarding decisions and all traffic is flooded. This allows the attacker to view all data sent through the switch because all traffic will besent out each port. Implementing port security can help mitigate MAC flooding attacks by limiting the number of MAC addresses that can be learned on eachinterface to a maximum of 128. A MAC flooding attack is also known as a Content Addressable Memory (CAM) table overflow attack.

Reference:CCDA 200-310 Official Cert Guide, Chapter 12, Loss of Availability, pp. 495-496Cisco: Layer 2 Security Features on Cisco Catalyst Layer 3 Fixed Configuration Switches Configuration Example: Background InformationCisco: Enterprise Data Center Topology: Preventing VLAN Hopping

QUESTION 18You issue the following commands on RouterA:

Packets sent to which of the following destination IP addresses will be forwarded to the 10.1.1.3 next-hop IP address? (Choose two.)

A. 172.16.0.1

B. 192.168.0.1

C. 192.168.0.14

D. 192.168.0.17


E. 192.168.0.26

F. 192.168.1.1

Correct Answer: DESection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:Of the choices available, packets sent to 192.168.0.17 and 192.168.0.26 will be forwarded to the 10.1.1.3 next-hop IP address. When a packet is sent to a router,the router checks the routing table to see if the next-hop address for the destination network is known. The routing table can be filled dynamically by a routingprotocol, or you can configure the routing table manually by issuing the ip route command to add static routes. The ip route command consists of the syntax ip routenet-address mask next-hop, where net-address is the network address of the destination network, mask is the subnet mask of the destination network, and next-hop is the IP address of a neighboring router that can reach the destination network.

A default route is used to send packets that are destined for a location that is not listed elsewhere in the routing table. For example, the ip route 0.0.0.0 0.0.0.010.1.1.1command specifies that packets destined for addresses not otherwise specified in the routing table are sent to the default next-hop address of 10.1.1.1. Anet-address and mask combination of 0.0.0.0 0.0.0.0 specifies any packet destined for any network.

If multiple static routes to a destination are known, the most specific route is used? the most specific route is the route with the longest network mask. For example,a route to 192.168.0.0/28 would be used before a route to 192.168.0.0/24. Therefore, the following rules apply on RouterA:

Packets sent to the 192.168.0.0 255.255.255.240 network are forwarded to the next-hop address of 10.1.1.4. This includes destination addresses from192.168.0.0 through 192.168.0.15. Packets sent to the 192.168.0.0 255.255.255.0 network, except those sent to the 192.168.0.0255.255.255.240 network, are forwarded to the next-hop addressof 10.1.1.3. This includes destination addresses from 192.168.0.16 to 192.168.0.255.Packets sent to the 192.168.0.0 255.255.0.0 network, except those sent to the 192.168.0.0255.255.255.0 network, are forwarded to the next-hop address of10.1.1.2. This includes destination addresses from 192.168.1.0 through 192.168.255.255. Packets sent to any destination not listed in the routing table are forwarded to the default static route next-hop address of 10.1.1.1.

The 192.168.0.17 and 192.168.0.26 addresses are within the range of addresses from 192.168.0.16 to 192.168.0.255. Therefore, packets sent to these addressesare forwarded to the next-hop address of 10.1.1.3.The 192.168.0.1 and 192.168.0.14 addresses are within the range of addresses from 192.168.0.0 through 192.168.0.15. Therefore, packets sent to theseaddresses are forwarded to the next-hop address of 10.1.1.4.The 192.168.1.1 IP address is within the range of addresses from 192.168.1.0 through 192.168.255.255. Therefore, packets sent to 192.168.1.1 are forwarded tothe next-hop address of 10.1.1.2.

RouterA does not have a specific static route to the 172.16.0.1 network. Therefore, packets sent to 172.16.0.1 are forwarded to the default static route v address of10.1.1.1.

Reference:


Boson ICND2 Curriculum, Module 2: Implementing VLSMs and Summarization, Choosing a RouteCisco: IP Routing Protocol-Independent Commands: ip routeCisco: Specifying a Next Hop IP Address for Static Routes

QUESTION 19DRAG DROPSelect the protocols and port numbers from the left, and drag them to the corresponding traffic types on the right. Not all protocols and port numbers will be used.

Select and Place:

Correct Answer:


Section: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:Lightweight Access Point Protocol (LWAPP) uses User Datagram Protocol (UDP) port 12222 for data traffic and UDP port 12223 for control traffic. LWAPP is aprotocol developed by Cisco and is used as part of the Cisco Unified Wireless Network architecture. LWAPP creates a tunnel between a lightweight access point(LAP) and a wireless LAN controller (WLC)? in LWAPP operations, both a LAP and a WLC are required. The WLC handles many of the management functions forthe link, such as user authentication and security policy management, whereas the LAP handles real-time operations, such as sending and receiving 802.11frames, wireless encryption, access point (AP) beacons, and probe messages. Cisco WLC devices prior to software version 5.2 use LWAPP.

Control and Provisioning of Wireless Access Points (CAPWAP) uses UDP port 5246 for control traffic and UDP port 5247 for data traffic. CAPWAP is a standards-based version of LWAPP. Cisco WLC devices that run software version 5.2 and later use CAPWAP instead of LWAPP.


Neither LWAPP nor CAPWAP use Transmission Control Protocol (TCP) for communication. TCP is a connection-oriented protocol. Because UDP is aconnectionless protocol, it does not have the additional connection overhead that TCP has? therefore, UDP is faster but less reliable.

Reference:Cisco: LWAPP Traffic StudyIETF: RFC 5415: Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification

QUESTION 20Which of the following should not be implemented in the core layer? (Choose two.)


A. ACLs

B. QoS

C. load balancing

D. interVLAN routing

E. a partially meshed topology

Correct Answer: ADSection: Enterprise Network Design ExplanationExplanation


Explanation:Access control lists (ACLs) and inter-VLAN routing should not be implemented in the core layer. Because the core layer focuses on low latency and fast transportservices, you should not implement mechanisms that can introduce unnecessary latency into the core layer. For example, mechanisms such as process-basedswitching, packet manipulation, and packet filtering introduce latency and should be avoided in the core.

The hierarchical network model divides the operation of the network into three categories:Core layer - provides fast backbone services to the distribution layerDistribution layer - provides policy-based access between the core and access layersAccess layer - provides physical access to the network


ACLs and inter-VLAN routing are typically implemented in the distribution layer. Because the distribution layer is focused on policy enforcement, the distributionlayer provides the ideal location to implement mechanisms such as packet filtering and packet manipulation. In addition, because the distribution layer acts as anintermediary between the access layer devices and the core layer, the distribution layer is also the recommended location for route summarization andredistribution.

Because a fully meshed topology can add unnecessary cost and complexity to the design and operation of the network, a partially meshed topology is oftenimplemented in the core layer. A fully meshed topology is not required if multiple paths exist between core layer and distribution layer devices. The core layer isparticularly suited to a mesh topology because it typically contains the least number of network devices. Fully meshed topologies restrict the scalability of a design.Hierarchical designs are intended to aid scalability, particularly in the access layer.

Quality of Service (QoS) is often implemented in all three layers of the hierarchical model. However, because the access layer provides direct connectivity tonetwork endpoints, QoS classification and marking are typically performed in the access layer. Cisco recommends classifying and marking packets as close to thesource of traffic as possible. Although classification and marking can be performed in the access layer, QoS mechanisms must be implemented in each of thehigher layers for QoS to be effective.

Load balancing is often implemented in all three layers of the hierarchical model. Load balancing offers redundant paths for network traffic; the redundant paths canbe used to provide bandwidth optimization and network resilience. Typically, the core and distribution layers offer a greater number of redundant paths than theaccess layer does. Because some devices, such as network hosts, often use only a single connection to the access layer, Cisco recommends redundant links formission-critical endpoints, such as servers.

Reference:Cisco: Internetwork Design Guide Internetwork Design Basics

QUESTION 21You issue the show ip bgp neighbors command on RouterA and receive the following output:


Which of the following is most likely true?

A. RouterA is operating in AS 64496.

B. RouterA has been assigned a BGP RID of 1.1.1.2.

C. RouterA has been unable to establish a BGP session with the remote router.

D. RouterA is configured with the neighbor 203.0.113.1 remote-as 64496 command.




Explanation:Most likely, RouterA is configured with the neighbor 203.0.113.1 remote-as 64496 command. In this scenario, the output of the show ip bgp neighbors commandreports that RouterA's Border Gateway Protocol (BGP) neighbor has an IP address of 203.0.113.1 and is operating within the remote autonomous system number(ASN) of 64496. The syntax of the neighbor remote-as command is neighbor ip address remote-as as-number, where ip address and as-number are the IP addressand ASN of the neighbor router. For example, the following command configures a peering relationship with a router that has an IP address of 203.0.113.1 inautonomous system (AS) 64496:

router(config-router)#neighbor 203.0.113.1 remote-as 64496

Because BGP does not use a neighbor discovery process like many other routing protocols, it is essential that every peer is manually configured and reachablethrough Transmission Control Protocol (TCP) port 179. Once a peer has been configured with the neighbor remote-as command, the local BGP speaker willattempt to transmit an OPEN message to the remote peer. If the OPEN message is not blocked by existing firewall rules or other security mechanisms, the remotepeer will respond with a KEEPALIVE message and will continue to periodically exchange KEEPALIVE messages with the local peer. A BGP speaker will consider apeer dead if a KEEPALIVE message is not received within a period of time specified by a hold timer. Routing information is then exchanged between peers by usingUPDATE messages. UPDATE messages can include advertised routes and withdrawn routes. Withdrawn routes are those that are no longer considered feasible.Statistics regarding the number of BGP messages, such as UPDATE messages, can be viewed in the output of the show ip bgp neighbors command.

The output of the show ip bgp neighbors command in this scenario does not indicate that RouterA is operating in AS 64496. Nor does the output indicate thatRouterA has been assigned a BGP router ID (RID) of 1.1.1.2. Among other things, the partial command output from the show ip bgp neighbors command indicatesthat the remote peer has an IP address of 203.0.113.1, an ASN of 64496, a RID of 1.1.1.2, an external BGP (eBGP) session that is an Established state, and a holdtime of 180 seconds.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, BGP Neighbors, pp. 444-445Cisco: Cisco IOS IP Routing: BGP Command Reference: neighbor remote-asCisco: Cisco IOS IP Routing: BGP Command Reference: show ip bgp neighbors



Refer to the exhibit above. PVST+ is enabled on all the switches. The Layer 3 switch on the right, DSW2, is the root bridge for VLAN 20. The Layer 3 switch on theleft, DSW1, is the root bridge for VLAN 10. Devices on VLAN 10 use DSW1 as a default gateway. Devices on VLAN 20 use DSW2 as a default gateway. You wantto ensure that the network provides high redundancy and fast convergence.

Which of the following are you most likely to do?

A. physically connect ASW1 to ASW2

B. physically connect ASW2 to ASW3

C. physically connect ASW1 to both ASW2 and ASW3

D. replace PVST+ with RSTP

E. replace PVST+ with RPVST+

Correct Answer: ESection: Enterprise Network Design ExplanationExplanation



Explanation:Most likely, you would replace Per-VLAN Spanning Tree Plus (PVST+) with RapidPVST+ (RPVST+) in order to ensure that the network provides fast convergence.PVST+ is a revision of the Cisco-proprietary Per-VLAN Spanning Tree (PVST), which enables a separate spanning tree to be established for each virtual LAN(VLAN). Therefore, a per-VLAN implementation of STP, such as PVST+, enables the location of a root switch to be optimized on a per-VLAN basis. However,PVST+ progresses through the same spanning tree states as the 802.1Dbased Spanning Tree Protocol (STP). Thus it can take up to 30 seconds for a PVST+ linkto begin forwarding traffic. RapidPVST+ provides faster convergence because it passes through the same three states as the 802.1wbased Rapid STP (RSTP).Therefore, RPVST+ provides faster convergence than PVST+.

The network in this scenario is already provisioned with high redundancy. Every access layer switch in this scenario is connected to every distribution layer switch.In addition, the two distribution layer switches are connected by using an EtherChannel bundle. This configuration creates multiple paths to the root bridge for eachVLAN. Connecting any of the access layer switches to any of the other access layer switches might add another layer of redundancy, but this would not provide asmuch benefit as replacing PVST+ with RPVST+ in this scenario.

Reference:CCDA 200-310 Official Cert Guide, Chapter 3, STP Design Considerations, pp. 101-103Cisco: Spanning Tree from PVST+ to RapidPVST Migration Configuration Example: Background Information

QUESTION 23Which of the following VPN tunnels support encapsulation of dynamic routing protocol traffic? (Choose three.)

A. IPSec

B. IPSec VTI

C. GRE over IPSec

D. DMVPN hub-and-spoke

E. DMVPN spoke-to-spoke

Correct Answer: BCDSection: Enterprise Network Design ExplanationExplanation

Explanation/Reference:Section: Enterprise Network Design ExplanationExplanation/Reference:IP Security (IPSec) Virtual Tunnel Interface (VTI), Generic Routing Encapsulation (GRE) over IPSec, and Dynamic Multipoint Virtual Private Network (DMVPN) hub-and-spoke virtual private network (VPN) tunnels support encapsulation of dynamic routing protocol traffic, such as Open Shortest Path First (OSPF) and EnhancedInterior Gateway Routing Protocol (EIGRP) traffic. A VPN tunnel provides secure, private network connectivity over an untrusted medium, such as the Internet.

IPSec VTI provides support for IP multicast and dynamic routing protocol traffic. However, it does not support non-IP protocols, and it has limited interoperabilitywith non-Cisco routers.GRE over IPSec provides support for IP multicast and dynamic routing protocol traffic. In addition, it provides support for non-IP protocols. Because the focus ofGRE is to transport many different protocols, it has very limited security features. Therefore, GRE relies on IPSec to provide data confidentiality and data integrity.


Although GRE was developed by Cisco, GRE works on Cisco and non-Cisco routers.

DMVPN hub-and-spoke VPN tunnels provide support for IP multicast and dynamic routing protocol traffic. However, they support only IP traffic and operate only onCisco routers.

DMVPN spoke-to-spoke VPN tunnels do not provide support for IP multicast or dynamic routing protocol traffic. In addition, they support only IP traffic and operateonly on Cisco routers.IPSec VPN tunnels do not provide support for IP multicast or dynamic routing protocol traffic. Although IPSec can be used on Cisco and non-Cisco routers, IPSeccan be used only for IP traffic, it provides no support for non-IP protocols.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, Enterprise VPN vs. Service Provider VPN, pp. 255-263 Cisco: IPSec VPN WAN Design Overview: Design Selection

QUESTION 24HostA is a computer on your company's network. RouterA is a NAT router. HostA sends a packet to HostB, and HostB sends a packet back to HostA.

Which of the following addresses is an outside local address?

A. 15.16.17.18

B. 22.23.24.25

C. 192.168.1.22

D. 192.168.1.30

Correct Answer: DSection: Addressing and Routing Protocols in an Existing Network Explanation


Explanation


Explanation:The 192.168.1.30 address is an outside local address. An outside local address is an IP address that represents an outside host to the local network. NetworkAddress Translation (NAT) translates between public and private IP addresses to enable hosts on a privately addressed network to access the Internet. Publicaddresses are routable on the Internet, and private addresses are routable only on internal networks. Several IP address ranges are reserved for private, internaluse; these addresses, shown below, are defined in Request for Comments (RFC) 1918.

10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255

The outside local address is often the same as the outside global address, particularly when inside hosts attempt to access resources on the Internet. However, insome configurations, it is necessary to configure a NAT translation that allows a local address on the internal network to identify an outside host. When RouterAreceives a packet destined for 192.168.1.30, RouterA translates the 192.168.1.30 outside local address to the 15.16.17.18 outside global address and forwards thepacket to its destination. To configure a static outside local-to-outside global IP address translation, you should issue the ip nat outside source static outside-globaloutside-local command.

In this scenario, 15.16.17.18 is an outside global address. An outside global address is an IP address that represents an outside host to the global network. Outsideglobal addresses are public IP addresses assigned to an Internet host by the host's operator. The outside global address is usually the address registered with theDomain Name System (DNS) server to map a host's public IP address to a friendly name such as www.mycompany.com.

In this scenario, 192.168.1.22 is an inside local address. An inside local address is an IP address that represents an inside host to the local network. Inside localaddresses are typically private IP addresses defined by RFC 1918.

In this scenario, 22.23.24.25 is an inside global address. An inside global address is a publicly routable IP address that is used to represent an inside host to theglobal network. Inside global IP addresses are typically assigned from a NAT pool on the router. You can issue the ip nat pool command to define a NAT pool. Forexample, the ip nat pool natpool 22.23.24.11 22.23.24.30 netmask 255.255.255.224 command allocates the IP addresses 22.23.24.11 through 22.23.24.30 to beused as inside global IP addresses. When a NAT router receives a packet destined for the Internet from a local host, it changes the inside local address to an insideglobal address and forwards the packet to its destination.

In addition to configuring a NAT pool to dynamically translate addresses, you can configure static inside local-to-inside global IP address translations by issuing theip nat inside source static inside-local inside-global command. This command maps a single inside local address on the local network to a single inside globaladdress on the outside network.

It is important to specify the inside and outside interfaces when you configure a NAT router. To specify an inside interface, you should issue the ip nat insidecommand from interface configuration mode. To specify an outside interface, you should issue the ip nat outside command from interface configuration mode.

The following graphic depicts the relationship between inside local, inside global, outside local, and outside global addresses:


Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Private Addresses, pp. 299-300CCDA 200-310 Official Cert Guide, Chapter 8, NAT, pp. 300-302Cisco: NAT: Local and Global Definitions

QUESTION 25Which of the following OSPF areas accept all LSAs? (Choose two.)

A. stub

B. not-so-stubby

C. totally stubby

D. backbone

E. standard

Correct Answer: DESection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:Standard areas and backbone areas accept all link-state advertisements (LSAs). Every router in a standard area contains the same Open Shortest Path First(OSPF) database. If the standard area's ID number is 0, the area is a backbone area. The backbone area must be contiguous, and all OSPF areas must connect tothe backbone area. If a direct connection to the backbone area is not possible, you must create a virtual link to connect to the backbone area through anonbackbone area.


Stub areas, totally stubby areas, and not-so-stubby areas (NSSAs) flood only certain types of LSAs. For example, none of these areas floods Type 5, which areLSAs that originate OSPF autonomous system boundary routers (ASBRs). Instead, stub areas and totally stubby areas are injected with a single default route froman ABR. Routers inside a stub area or a totally stubby area will send all packets destined for another area to the area border router (ABR). In addition, a totallystubby area does not accept Type 3, 4, or 5 summary LSAs, which advertise inter-area routes. These LSAs are replaced by a default route at the ABR. As a result,routing tables are kept small within the totally stubby area.

An NSSA floods Type 7 LSAs within its own area, but does not accept or flood Type 5 LSAs. Therefore, an NSSA does not accept all LSAs. Similar to Type 5 LSAs,a Type 7 LSA is an external LSA that originates from an ASBR. However, Type 7 LSAs are only flooded to an NSSA.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, OSPF Stub Area Types, pp. 437-438Cisco: What Are OSPF Areas and Virtual Links?: Normal, Stub, Totally Stub and NSSA Area Differences

QUESTION 26In a switched hierarchical design, which enterprise campus module layer or layers exclusively use Layer 2 switching?

A. only the campus core layer

B. the distribution and campus core layers

C. only the distribution layer

D. the distribution and access layers

E. only the access layer

Correct Answer: ESection: Enterprise Network Design ExplanationExplanation


Explanation:In a switched hierarchical design, only the access layer of the enterprise campus module uses Layer 2 switching exclusively. The access layer of the enterprisecampus module provides end users with physical access to the network. In addition to using Virtual Switching System (VSS) in place of First Hop RedundancyProtocols (FHRPs) for redundancy, a Layer 2 switching design requires that inter-VLAN traffic be routed in the distribution layer of the hierarchy. Also, SpanningTree Protocol (STP) in the access layer will prevent more than one connection between an access layer switch and the distribution layer from becoming active at agiven time.

In a Layer 3 switching design, the distribution and campus core layers of the enterprise campus module use Layer 3 switching exclusively. Thus a Layer 3 switchingdesign relies on FHRPs for high availability. In addition, a Layer 3 switching design typically uses route filtering on links that face the access layer of the design.

The distribution layer of the enterprise campus module provides link aggregation between layers. Because the distribution layer is the intermediary between the


access layer and the campus core layer, the distribution layer is the ideal place to enforce security policies, provide load balancing, provide Quality of Service (QoS),and perform tasks that involve packet manipulation, such as routing. In a switched hierarchical design, the switches in the distribution layer use Layer 2 switching onports connected to the access layer and Layer 3 switching on ports connected to the campus core layer.

The campus core layer of the enterprise campus module provides fast transport services between the modules of the enterprise architecture module, such as theenterprise edge and the intranet data center. Because the campus core layer acts as the network's backbone, it is essential that every distribution layer device havemultiple paths to the campus core layer. Multiple paths between the campus core and distribution layer devices ensure that network connectivity is maintained if alink or device fails in either layer. In a switched hierarchical design, the campus core layer switches use Layer 3 switching exclusively.

Reference:CCDA 200-310 Official Cert Guide, Chapter 3, Distribution Layer Best Practices, pp. 97-99Cisco: Cisco SAFE Reference Guide: Enterprise Campus

QUESTION 27Which of the following best describes PAT?

A. It translates a single inside local address to a single inside global address.

B. It translates a single outside local address to a single outside global address.

C. It translates inside local addresses to inside global addresses that are allocated from a pool.

D. It uses ports to translate inside local addresses to one or more inside global addresses.



Explanation:Port Address Translation (PAT) uses ports to translate inside local addresses to one or more inside global addresses. The Network Address Translation (NAT)router uses port numbers to keep track of which packets belong to each host. PAT is also called NAT overloading.

NAT translates between public and private IP addresses to enable hosts on a privately addressed network to access the Internet. Public addresses are routable onthe Internet, and private addresses are routable only on internal networks. Request for Comments (RFC) 1918 defines several IP address ranges that are reservedfor private, internal use:

10.0.0.0 through 10.255.255.255 172.16.0.0 through 172.31.255.255 192.168.0.0 through 192.168.255.255

Because NAT performs address translation between private and public addresses, NAT effectively hides the address scheme used by the internal network, whichcan increase security. NAT also reduces the number of public IP addresses that a company needs to allow its devices to access Internet resources, thereby


conserving IP version 4 (IPv4) address space.

An inside local address is typically an RFC 1918-compliant IP address that represents an internal host to the internal network. An inside global address is used torepresent an internal host to an external network.

Static NAT translates a single inside local address to a single inside global address or a single outside local address to a single outside global address. You canconfigure a static inside local-to-inside global IP address translation by issuing the ip nat inside source static inside-local inside-global command. To configure astatic outside local-to-outside global address translation, you should issue the ip nat outside source static outside-global outside-local command.

Dynamic NAT translates local addresses to global addresses that are allocated from a pool. To create a NAT pool, you should issue the ip nat pool nat-pool start-ipend-ip{netmask mask | prefix-length prefix} command. To enable translation of inside local addresses, you should issue the ip nat inside source list access-list poolnat-pool[overload] command.

When a NAT router receives an Internet-bound packet from a local host, the NAT router performs the following tasks:It checks the static NAT mappings to verify whether an inside global address mapping exists for the localhost. If no static mapping exists, it dynamically maps the inside local address to an unused inside global address, if one is available, from the NAT pool. It changes the inside local address in the packet header to the inside global address and forwards the packet to its destination:

When all the inside global addresses in the NAT pool are mapped, no other inside local hosts will be able to communicate on the Internet. This is why NAToverloading is useful. When NAT overloading is configured, an inside local address, along with a port number, is mapped to an inside global address. The NATrouter uses port numbers to keep track of which packets belong to each host:


You can issue the ip nat inside source list access-list interface outside-interface overload command to configure NAT overload with a single inside global address,or you can issue the ip nat inside source list access-list pool nat-pool overload command to configure NAT overloading with a NAT pool.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, NAT, pp. 300-302Cisco: Configuring Network Address Translation: Getting Started: Example: Allowing Internal Users to Access the Internet

QUESTION 28Which of the following statements are true regarding the function of the LAP in the Cisco Unified Wireless Network architecture? (Choose three.)

A. The LAP determines which RF channel should be used to transmit 802.11 frames.

B. The LAP supports 802.11 encryption.

C. The LAP must be located on the same subnet as a WLC.

D. The LAP maintains associations with client computers.

E. The LAP can function without a WLC.

F. The LAP should be connected to an access port on a switch.

Correct Answer: BDFSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:In the Cisco Unified Wireless Network architecture, a lightweight access point (LAP) supports 802.11 encryption, maintains associations with client computers, and


should be connected to an access port on a switch. A LAP creates a Lightweight Access Point Protocol (LWAPP) tunnel between itself and a wireless LANcontroller (WLC)? in LWAPP operations, both a LAP and a WLC are required. The WLC handles many of the management functions for the link, such as userauthentication and security policy management, while the LAP handles real-time operations, such as sending and receiving 802.11 frames, wireless encryption,access point (AP) beacons, and probe messages.

When connecting a LAP to a network, you should connect the LAP to an access port on a switch, not to a trunk port. Because the WLC handles the managementfunctions for LWAPP operations, the LAP cannot begin associating with client computers unless a WLC is available on the network. Therefore, the LAP mustassociate with a WLC after it is connected to the network. After connecting to a WLC and obtaining its configuration information, the LAP can begin associating withclients. The LAP can receive encrypted or unencrypted 802.11 frames. The WLC, however, does not support 802.11 encryption; as the data passes through theLAP, it is decrypted and then sent to the WLC for further forwarding.

It is not necessary for the LAP to be located on the same subnet or even in the same geographic area as a WLC. As long as a WLC is available on the network andthe LAP is configured with the address of the WLC, the LAP will be able to connect to the WLC. DHCP option 43 can be used to automatically configure a LAP withthe IP address of one or more WLCs, even if those WLCs reside on a different IP subnet.

A LAP requires a WLC in order to function. If the WLC becomes unavailable, the LAP will reboot and drop all client associations until the WLC becomes available oruntil another WLC is found on the network.

The WLC, not the LAP, determines which radio frequency (RF) channel should be used to transmit 802.11 frames in LWAPP operations. The WLC is responsiblefor selecting the RF channel to use, determining the output power for each LAP, authenticating users, managing security policies, and determining the least usedLAP to associate with clients.

Reference:Cisco: Lightweight AP (LAP) Registration to a Wireless LAN Controller (WLC): Background InformationCisco: Lightweight Access Point FAQCisco: Wireless LAN Controller and Lightweight Access Point Basic Configuration Example: Configure the Switch for the APs



You administer the network shown above. You want to summarize the networks connected to RouterA so that a single route is inserted into RouterB's routing table.

Which of the following is the smallest summarization for the three networks?

A. 172.16.1.0/16

B. 172.16.1.0/18

C. 172.16.1.0/22

D. 172.16.1.0/23E.

E. 172.16.1.0/25

Correct Answer: CSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:The smallest summarization for the three networks connected to RouterA is 172.16.1.0/22, which is equivalent to a network address of 172.16.1.0 and a subnetmask of 255.255.252.0. In this scenario, the Class B 172.16.0.0/16 network has been divided into 256 /24 subnets. Three of the first four subnets in the Class Brange have been assigned to network interfaces on RouterA: 172.16.0.0/24, 172.16.1.0/24, and 172.16.3.0/24. Absent from the network assignments is the172.16.2.0/24 subnet. However, there is no way to summarize the address range without including the 172.16.2.0/24 subnet. Therefore, the smallest summarizationyou can create would summarize four subnets into a single /22 subnet.


A /22 subnet creates 64 subnetworks capable of supporting 1,022 assignable host IP addresses each. The assignable address range of the 172.16.0.0/22 subnetbegins with 172.16.0.1 and ends with 172.16.3.255. This range includes all possible assignable IP addresses in the /24 subnets that are directly connected toRouterA. It also includes all possible assignable IP addresses in the 172.16.2.0/24 subnet.

Subnetting a contiguous address range in structured, hierarchical fashion enables routers to maintain smaller routing tables and eases administrative burden whentroubleshooting. Conversely, a discontiguous IP version 4 (IPv4) addressing scheme can cause routing tables to bloat because the subnets cannot be summarized.Summarization minimizes the size of routing tables and advertisements and reduces a router's processor and memory requirements.

Summarizing the three /24 networks with a /16 subnet would create too large of a summarization, because the /16 subnet contains the entire Class B range of172.16.0.0 IP addresses. The first assignable IP address in the 172.16.0.0/16 range is 172.16.0.1. The last assignable IP address is 172.16.255.255. The rangewould therefore summarize 256 /24 subnets, not four.

Summarizing the three /24 networks with a /18 subnet would create too large of a summarization. A /18 subnet creates four possible subnets containing 16,382assignable host IP addresses each. The first assignable IP address in the 172.16.0.0/18 range is 172.16.0.1. The last assignable IP address is 172.16.63.255. Therange would therefore summarize 64 /24 subnets, not four.

Summarizing the three /24 networks with a /23 subnet would create too small of a summarization. A /23 subnet creates 128 possible subnets containing 510assignable host IP addresses each. The first assignable IP address in the 172.16.0.0/23 range is 172.16.0.1. The last assignable IP address is 172.16.1.255. Thisrange would therefore exclude the 172.16.3.0/24 subnet connected to RouterA.

Summarizing the three /24 networks with a /25 subnet would not work, because a /25 subnet divides the 172.16.0.0/24 subnet instead of summarizing. A /25 subnetcreates 512 possible subnets containing 126 assignable host IP addresses each. The first assignable IP address in the 172.16.0.0/25 range is 172.16.0.1. The lastassignable IP address is 172.16.0.127. This subnet would therefore contain only half of one the subnets that is directly connected to RouterA.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, Plan for a Hierarchical IP Address Network, pp. 311-312 Cisco: IP Addressing and Subnetting for New Users

QUESTION 30Which of the following statements are true regarding an IDS? (Choose two.)

A. None of its physical interfaces can be in promiscuous mode.

B. It must have two or more monitoring interfaces.

C. It does not have an IP address assigned to its monitoring port.

D. It does not have a MAC address assigned to its monitoring port.

E. It cannot mitigate single-packet attacks.

Correct Answer: CESection: Considerations for Expanding an Existing Network ExplanationExplanation



Explanation:An Intrusion Detection System (IDS) cannot mitigate single-packet attacks and does not have an IP address assigned to its monitoring port. An IDS is a networkmonitoring device that passively monitors a copy of network traffic, not the actual packet. Typically, an IDS has a management interface and at least one monitoringinterface for each monitored network. Each monitoring interface operates in promiscuous mode and cannot be assigned an IP address? however, the monitoringinterface does have a Media Access Control (MAC) address assigned to its monitoring port. Because an IDS does not reside in the path of network traffic, trafficdoes not flow through the IDS? therefore, the IDS cannot directly block malicious traffic before it passes into the network. However, an IDS can send alerts to amanagement station when it detects malicious traffic. For example, the IDS in the following diagram is connected to a Switch Port Analyzer (SPAN) interface on aswitch outside the firewall:

This deployment enables the IDS to monitor all traffic flowing between the LAN and the Internet. However, the IDS will have insight only into LAN traffic that passesthrough the firewall and will be unable to monitor LAN traffic that flows between virtual LANs (VLANs) on the internal switch. If the IDS in this example were todetect malicious traffic, it would be unable to directly block the traffic but it would be able to send an alert to a management station on the LAN.

By contrast, an Intrusion Prevention System (IPS) is a network monitoring device that can mitigate single-packet attacks. An IPS requires at least two interfaces foreach monitored network: one interface monitors traffic entering the IPS, and the other monitors traffic leaving the IPS. Like an IDS, an IPS does not have an IPaddress assigned to its monitoring ports. Because all monitored traffic must flow through an IPS, an IPS can directly block malicious traffic before it passes into thenetwork. The IPS in the following diagram is deployed outside the firewall and can directly act on any malicious traffic between the LAN and the Internet:


Alternatively, an IPS can be deployed in promiscuous mode, which is also referred to as monitor-only mode. When operating in promiscuous mode, an IPS isconnected to a SPAN port and effectively functions as an IDS.

Reference:CCDA 200-310 Official Cert Guide, Chapter 13, IPS/IDS Fundamentals, pp. 534-535Cisco: Cisco IPS AIM

QUESTION 31Which of the following statements are true regarding the distribution layer of the hierarchical network model? (Choose two.)

A. The distribution layer provides load balancing.

B. The distribution layer provides redundant paths to the default gateway.

C. The distribution layer provides fast convergence.

D. The distribution layer provides NAC.

Correct Answer: ABSection: Enterprise Network Design ExplanationExplanation


Explanation:The distribution layer provides load balancing and redundant paths to the default gateway. The hierarchical model divides the network into three distinctcomponents:

Core layer Distribution layer Access layer

The core layer of the hierarchical model provides fast convergence. The core layer typically provides the fastest switching path in the network. As the networkbackbone, the core layer is primarily associated with low latency and high reliability. The functionality of the core layer can be collapsed into the distribution layer ifthe distribution layer infrastructure is sufficient to meet the design requirements. Thus the core layer does not contain physically connected hosts. For example, in a


small enterprise campus implementation, a distinct core layer may not be required, because the network services normally provided by the core layer are providedby a collapsed core layer instead.

The distribution layer serves as an aggregation point for access layer network links. Because the distribution layer is the intermediary between the access layer andthe core layer, the distribution layer is the ideal place to enforce security policies, to provide Quality of Service (QoS), and to perform tasks that involve packetmanipulation, such as routing. Summarization and next-hop redundancy are also performed in the distribution layer.

The access layer provides Network Admission Control (NAC). NAC is a Cisco feature that prevents hosts from accessing the network if they do not comply withorganizational requirements, such as having an updated antivirus definition file. NAC Profiler automates NAC by automatically discovering and inventorying devicesattached to the LAN. The access layer serves as a media termination point for endpoints, such as servers and hosts. Because access layer devices provide accessto the network, the access layer is the ideal place to perform user authentication.

Reference:CCDA 200-310 Official Cert Guide, Chapter 2, Distribution Layer, pp. 43-44Cisco: Campus Network for High Availability Design Guide: Distribution Layer

QUESTION 32Which of the following is a routing protocol that requires a router that operates in the same AS in order to establish a neighbor relationship?

A. BGP

B. EIGRP

C. HSRP

D. static routes

Correct Answer: BSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:Enhanced Interior Gateway Routing Protocol (EIGRP) requires a router that operates in the same autonomous system (AS) in order to establish a neighborrelationship, which is also known as an EIGRP adjacency. EIGRP routers establish adjacencies by sending Hello packets to the multicast address 224.0.0.10.EIGRP for IP version 6 (IPv6) routers can use IPv6 link-local addresses to reach neighbors.

Hello packets verify that two-way communication exists between routers. As soon as a router receives an EIGRP Hello packet, the router will attempt to establish anadjacency with the router that sent the packet. Unlike OSPF, EIGRP does not go through neighbor states? a neighbor relationship is established upon receipt of anEIGRP Hello packet.

An EIGRP router can form an adjacency with another router only if the following values match:


AS number K values, which are used to configure the EIGRP metric Authentication parameters, if configured

In addition, if the routers are using IP, the primary IP addresses for the routers' connected interfaces must be on the same IP subnet.

Border Gateway Protocol (BGP) does not require a router that operates in the same AS in order to establish a neighbor relationship. Because BGP does not use aneighbor discovery process like many other routing protocols, every peer is manually configured and must be reachable through Transmission Control Protocol(TCP) port 179. Once a peer has been configured with the neighbor remote-as command, the local BGP speaker will attempt to transmit an OPEN message to theremote peer. If the OPEN message is not blocked by existing firewall rules or other security mechanisms, the remote peer will respond with a KEEPALIVE messageand will continue to periodically exchange KEEPALIVE messages with the local peer. A BGP speaker will consider a peer dead if a KEEPALIVE message is notreceived within a period of time specified by a hold timer. Routing information is then exchanged between peers by using UPDATE messages. UPDATE messagescan include advertised routes and withdrawn routes. Withdrawn routes are those that are no longer considered feasible. Statistics regarding the number of BGPmessages, such as UPDATE messages, can be viewed in the output of the show ip bgp neighbors command.Hot Standby Router Protocol (HSRP) is a First Hop Redundancy Protocol (FHRP), not a routing protocol. Therefore, an HSRP router does not establish a neighborrelationship with another HSRP router. The active and standby routers in an HSRP configuration do send Hello packets to establish roles and determine availability.Typically, HSRP routers are connected together on the same LAN and are therefore operating in the same AS.

Static routes are manually configured on individual routers and remain in the routing table even if the path is not valid. Therefore, static routes do not establishneighbor relationships with other routers. A static route can exist regardless of the AS in which the routers are operating.

Reference:Cisco: Cisco IOS IP Configuration Guide, Release 12.2: Configuring EIGRP

QUESTION 33Which of the following can you use to hide the IP addresses of hosts on an internal network when transmitting packets to an external network, such as the Internet?


A. a DMZ

B. WPA

C. an ACL

D. NAT

Correct Answer: DSection: Considerations for Expanding an Existing Network ExplanationExplanation



Explanation:You can use Network Address Translation (NAT) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network, suchas the Internet. NAT is used to translate private IP addresses to public IP addresses. Private-to-public address translation enables hosts on a privately addressedinternal network to communicate with hosts on a public network, such as the Internet. Typically, internal networks use private IP addresses, which are not globallyroutable. In order to enable communication with hosts on the Internet, which use public IP addresses, NAT translates the private IP addresses to a public IPaddress. Port Address Translation (PAT) can further refine what type of communication is allowed between an externally facing resource and an internally facingresource by designating the port numbers to be used during communication. PAT can create multiple unique connections between the same external and internalresources.

You cannot use a demilitarized zone (DMZ) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. A DMZ is anetwork segment that is used as a boundary between an internal network and an external network, such as the Internet. A DMZ network segment is typically usedwith an access control method to permit external users to access specific externally facing servers, such as web servers and proxy servers, without providingaccess to the rest of the internal network. This helps limit the attack surface of a network.

You cannot use Wi-Fi Protected Access (WPA) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. WPA isa wireless standard that is used to encrypt data transmitted over a wireless network. WPA was designed to address weaknesses in Wired Equivalent Privacy(WEP) by using a more advanced encryption method called Temporal Key Integrity Protocol (TKIP). TKIP provides 128bit encryption, key hashing, and messageintegrity checks. TKIP can be configured to change keys dynamically, which increases wireless network security.

You cannot use an access control list (ACL) to hide the IP addresses of hosts on an internal network when transmitting packets to an external network. ACLs areused to control packet flow across a network. They can either permit or deny packets based on source network, destination network, protocol, or destination port.Each ACL can only be applied to a single protocol per interface and per direction. Multiple ACLs can be used to accomplish more complex packet flow throughoutan organization. For example, you could use an ACL on a router to restrict a specific type of traffic, such as Telnet sessions, from passing through a corporatenetwork.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, NAT, pp. 300-302

QUESTION 34Which of the following statements is true regarding the service-port interface on a Cisco WLC?

A. It is used for client data transfer.

B. It is used for in-band management.

C. It is used for out-of-band management.

D. It is used for Layer 3 discovery operations.

E. It is used for Layer 2 discovery operations.


Correct Answer: CSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:The service-port interface on a Cisco wireless LAN controller (WLC) is used for out-of-band management. A WLC interface is a logical interface that can bemapped to at least one physical port. The port mapping is typically implemented as a virtual LAN (VLAN) on an 802.1Q trunk. A WLC has five interface types:

Management interface Service-port interface Access point (AP) manager interface Dynamic interface Virtual interface

The management interface is used for in-band management, for Layer 2 discovery operations, and for enterprise services such as authentication, authorization, andaccounting (AAA). The AP manager interface is used for Layer 3 discovery operations and handles all Layer 3 communications between the WLC and anassociated AP.

The virtual interface is a special interface used to support wireless client mobility. The virtual interface acts as a Dynamic Host Configuration Protocol (DHCP)server placeholder and supports DHCP relay functionality. In addition, the virtual interface is used to implement Layer 3 security, such as redirects for a webauthentication login page.

The dynamic interface type is used to map VLANs on the WLC for wireless client data transfer. A WLC can support up to 512 dynamic interfaces mapped onto an802.1Q trunk on a physical port or onto multiple ports configured as a single port group using link aggregation (LAG).

Reference:CCDA 200-310 Official Cert Guide, Chapter 4, WLC Interface Types, pp. 184-185Cisco: Cisco Wireless LAN Controller Configuration Guide, Release 7.4: Information About Interfaces

QUESTION 35Which of the following statements regarding WMM is true?

A. Voice traffic is assigned to the Gold access category.

B. Unassigned traffic is treated as though it were assigned to the Silver access category.

C. Best-effort traffic is assigned to the Bronze access category.

D. WMM is not compatible with the 802.11e standard.

Correct Answer: BSection: Considerations for Expanding an Existing Network Explanation


Explanation


Explanation:Wi-Fi Multimedia (WMM) treats unassigned traffic as though it were assigned to the Silver access category. WMM is a subset of the 802.11e wireless standard,which adds Quality of Service (QoS) features to the existing wireless standards. WMM was initially created by the Wi-Fi Alliance while the 802.11e proposal wasawaiting approval by the Institute of Electrical and Electronics Engineers (IEEE).

The 802.11e standard defines eight priority levels for traffic, numbered from 0 through 7. WMM reduces the eight 802.11e priority levels into four access categories,which are Voice (Platinum), Video (Gold), Best-Effort (Silver), and Background (Bronze). On WMM-enabled networks, these categories are used to prioritize traffic.Packets tagged as Voice (Platinum) packets are typically given priority over packets tagged with lower-level priorities. Packets that have not been assigned to acategory are treated as though they had been assigned to the Best-Effort (Silver) category.When a lightweight access point (LAP) receives a frame with an 802.11e priority value from a WMM-enabled client, the LAP ensures that the 802.11e priority valueis within the acceptable limits provided by the QoS policy assigned to the wireless client. After the LAP polices the 802.11e priority value, it maps the 802.11e priorityvalue to the corresponding Differentiated Services Code Point (DSCP) value and forwards the frame to the wireless LAN controller (WLC). The WLC will thenforward the frame with its DSCP value to the wired network.

Reference:CCDA 200-310 Official Cert Guide, Chapter 5, Wireless and Quality of Service (QoS), pp. 197-199 Cisco: Cisco Unified Wireless QoS

QUESTION 36The network you administer contains the following network addresses:10.0.4.0/24 10.0.5.0/24 10.0.6.0/2410.0.7.0/24

You want to summarize these network addresses with a single summary address.

Which of the following addresses should you use?

A. 10.0.0.0/21

B. 10.0.4.0/22

C. 10.0.4.0/23

D. 10.0.4.0/24

E. 10.0.4.0/25

F. 10.0.4.0/26


Correct Answer: BSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:You should use the 10.0.4.0/22 address to summarize the network addresses 10.0.4.0/24, 10.0.5.0/24, 10.0.6.0/24, and 10.0.7.0/24. The /22 notation indicates thata 22bit subnet mask (255.255.252.0) is used, which can summarize two /23 networks, four /24 networks, eight /25 networks, and so on. The process ofsummarizing multiple subnets with a single address is called supernetting.

You should not use the 10.0.0.0/21 address to summarize the network addresses. The /21 notation indicates that a 21-bit subnet mask (255.255.248.0) is used,which can summarize two /22 networks, four /23 networks, eight /24 networks, and so on. Although the 10.0.0.0/21 address does include the four networkaddresses on your network, it also includes the 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24, and 10.0.3.0/24 networks. Whenever possible, you should summarizeaddresses to the smallest possible bit boundary.

You cannot use the 10.0.4.0/23 address to summarize the network addresses. The /23 notation indicates that a 23-bit subnet mask (255.255.254.0) is used, whichcan summarize two /24 networks, four /25 networks, eight /26 networks, and so on. Therefore, the 10.0.4.0/23 address only summarizes the 10.0.4.0/24 and10.0.5.0/24 networks. The 10.0.6.0/23 address would be required to summarize the remaining 10.0.6.0/24 and 10.0.7.0/24 networks.

You cannot use the 10.0.4.0/24 address to summarize the network addresses. The /24 notation indicates that a 24bit subnet mask (255.255.255.0) is used, whichcan summarize two /25 networks, four /26 networks, eight /27 networks, and so on. However, a 24-bit summary address cannot summarize multiple /24 networks.

You cannot use the 10.0.4.0/25 address to summarize the network addresses. A 25-bit mask is used to subnet a /24 network into two subnets; it cannot be used tosupernet multiple /24 networks.

You cannot use the 10.0.4.0/26 address to summarize the network addresses. A 26-bit mask is used to subnet a /24 network into four subnets; it cannot be used tosupernet multiple /24 networks.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Address Subnets, pp. 302-310Cisco: IP Routing Frequently Asked Questions: Q. What does route summarization mean? Cisco: IP Addressing and Subnetting for New Users

QUESTION 37You want to implement a WAN link between two sites.

Which of the following WAN solutions would not offer a guaranteed level of service?

A. GRE tunnel through the Internet

B. ATM virtual circuit


C. Frame Relay virtual circuit

D. MPLS overlay VPN



Explanation:A Generic Routing Encapsulation (GRE) tunnel through the Internet would not offer a guaranteed level of service. GRE is a tunneling protocol designed toencapsulate any Layer 3 protocol for transport through an IP network. Although a GRE tunnel can be used to connect to sites across a public network, such as theInternet, GRE does not have any inherent Quality of Service (QoS) mechanisms that can guarantee a level of service to any of the packets that flow through thetunnel. Because any traffic that flows through the Internet is delivered on a best-effort basis, WAN solutions that use the Internet, such as GRE tunnels, are bettersuited as backup strategies for WAN links that can guarantee a level of service.

Asynchronous Transfer Mode (ATM) and Frame Relay virtual circuits can provide a guaranteed level of service. Because ATM and Frame Relay virtual circuits passthrough a network that has inherent QoS capabilities, each virtual circuit can guarantee a level of service to its endpoints. The service provider network isresponsible for ensuring that the service level agreement (SLA) for each circuit is maintained at all times.

Similarly, a Multiprotocol Label Switching (MPLS) overlay virtual private network (VPN) can provide a guaranteed level of service. MPLS overlay VPNs are providedby a service provider and are established on an infrastructure that can ensure a level of service for all traffic that passes through the service provider network.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, WAN Backup over the Internet, pp. 263-264

QUESTION 38Which of the following standard or standards natively include PortFast, UplinkFast, and BackboneFast?

A. 802.1s

B. 802.1w

C. 802.1D

D. 802.1D and 802.1s

E. 802.1D and 802.1w

Correct Answer: BSection: Enterprise Network Design ExplanationExplanation



Explanation:The 802.1w Rapid Spanning Tree Protocol (RSTP) standard natively includes PortFast, UplinkFast, and BackboneFast. PortFast enables a port to immediatelyaccess the network by transitioning the port into the Spanning Tree Protocol (STP) forwarding state without passing through the listening and learning states.Configuring BPDU filtering on a port that is also configured for PortFast causes the port to ignore any bridge protocol data units (BPDUs) it receives, effectivelydisabling STP.

UplinkFast increases convergence speed for an access layer switch that detects a failure on the root port with backup root port selection by immediately replacingthe root port with an alternative root port. BackboneFast increases convergence speed for switches that detect a failure on links that are not directly connected tothe switch.

802.1D is the traditional STP implementation to prevent switching loops on a network. Traditional STP, which Cisco training and reference materials refer to simplyas 802.1D, is more formally known as the 802.1D1998 standard. Although PortFast, UplinkFast, and BackboneFast can be used with 802.1D, it does not containthose features natively. Traditional STP converges slowly, so the 802.1w RSTP standard was developed by the Institute of Electrical and Electronics Engineers(IEEE) to address the slow transition of an 802.1D port to the forwarding state. RSTP is backward compatible with STP, but the convergence benefits provided byRSTP are lost when RSTP interacts with STP devices. The features of 802.1w, including PortFast, UplinkFast, and BackboneFast, were integrated into the802.1D2004 standard, and the traditional STP algorithm was replaced with RSTP.

The 802.1s Multiple Spanning Tree (MST) standard is used to create multiple spanning tree instances on a network. Implementing MST on a switch alsoimplements RSTP. However, the 802.1s standard does not natively include PortFast, UplinkFast, and BackboneFast within the specification.

Reference:CCDA 200-310 Official Cert Guide, Chapter 3, Cisco STP Toolkit, pp. 103-105Cisco: Understanding Rapid Spanning Tree Protocol (802.1w): Conclusion

QUESTION 39Which of the following network virtualization techniques does Cisco recommend for any-to-any connectivity in large networks?

A. VRFLite

B. MultiVRF

C. EVN

D. MPLS

Correct Answer: DSection: Considerations for Expanding an Existing Network ExplanationExplanation



Explanation:Cisco recommends Multiprotocol Label Switching (MPLS) as a network virtualization technique for any-to-any connectivity in large networks. MPLS is typicallyimplemented in an end-to-end fashion at the network edge and requires the edge and core devices to be MPLS-capable. MPLS can support thousands of virtualnetworks (VNETs) over a full-mesh topology to provide any-to-any connectivity without requiring excessive operational complexity or management resources.Although MPLS is best suited for large networks, integrating MPLS into an existing design and infrastructure can be disruptive, particularly if MPLS-incapabledevices must be replaced with MPLS-capable devices at the network edge or in the core.

The Multi-virtual routing and forwarding (Multi-VRF) network virtualization technique, which Cisco also refers to as VRF-Lite, is best suited for small or mediumnetworks. Multi-VRF uses virtual routing and forwarding (VRF) instances to segregate a Layer 3 network. Multi-VRF is typically used to support one-to-one, end-to-end connections; however, Multicast Generic Routing Encapsulation (mGRE) tunnels could be used to create any-to-any connectivity in small networks. Ciscoconsiders a full mesh of mGRE tunnels in larger networks impractical because of the increased operational complexity and management load. On Cisco platforms,Multi-VRF network virtualization supports up to eight VNETs before operational complexity and management become problematic. The VNETs created by Multi-VRF mirror the physical infrastructure upon which they are built, and most Cisco platforms support Multi-VRF; therefore, the general network design and overallinfrastructure do not require disruptive changes in order to support a Multi-VRF overlay topology.

Newer Cisco platforms support Easy Virtual Networking (EVN), which is a network virtualization that also uses VRFs to segregate Layer 3 networks. EVN supportsup to 32 VNETs before operational complexity and management become problematic. Cisco recommends using EVN instead of Multi-VRF in small and mediumnetworks. Although EVN is backward-compatible with Multi-VRF, implementing a homogeneous EVN topology would require replacing unsupported hardware withEVN-capable devices. Replacing infrastructure is typically disruptive and may require additional modifications to the existing network design.

Reference:CCDA 200-310 Official Cert Guide, Chapter 4, VRF, p. 154Cisco: Borderless Campus Network Virtualization-Path Isolation Design Fundamentals: Path Isolation

QUESTION 40DRAG DROPDrag the event action on the left to the IPS mode that supports it on the right. Use all event actions. Some boxes will not be filled.

Select and Place:


Correct Answer:


Section: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:Promiscuous mode enables Cisco Intrusion Prevention System (IPS) to examine traffic on ports from multiple network segments without being directly connected tothose segments. Copies of traffic are forwarded to IPS for analysis instead of flowing through IPS directly. Therefore, promiscuous mode increases latency becausethe amount of time IPS takes to determine whether a network attack is in progress can be greater in promiscuous mode than when IPS is operating in inline mode.The greater latency means that an attack has a greater chance at success prior to detection.

IPS can use all of the following actions to mitigate a network attack in promiscuous mode:Request block host: causes IPS to send a request to the Attack Response Controller (ARC) to block all communication from the attacking host for a givenperiod of time


Request block connection: causes IPS to send a request to the ARC to block the specific connectionfrom the attacking host for a given period of timeReset TCP connection: clears Transmission Control Protocol (TCP) resources so that normal TCPnetwork activity can be established

IPS in promiscuous mode requires Remote Switched Port Analyzer (RSPAN). RSPAN enables the monitoring of traffic on a network by capturing and sending trafficfrom a source port on one device to a destination port on a different device on a non-routed network. Inline mode enables IPS to examine traffic as it flows throughthe IPS device. Therefore, the IPS device must be directly connected to the network segment that it is intended to protect. Any traffic that should be analyzed by IPSmust be to a destination that is separated from the source by the IPS device.

IPS can use all of the following actions to mitigate a network attack in inline mode:Deny attacker inline: directly blocks all communication from the attacking hostDeny attacker service pair inline: directly blocks communication between the attacker and a specific port Deny attacker victim pair inline: directly blocks communication that occurs on any port between the attacker and a specific host Deny connection inline: directly blocks communication for a specific TCP sessionDeny packet inline: directly blocks the transmission of a specific type of packet from an attacking host Modify packet inline: allows IPS to change or remove the malicious contents of a packet

IPS in inline mode mitigates attacks for 60 minutes by default. IPS in promiscuous mode mitigates attacks for 30 minutes by default. However, the mitigation effecttime for both inline mode and promiscuous mode can be configured by an IPS administrator.

Reference:CCDA 200-310 Official Cert Guide, Chapter 13, IPS/IDS Fundamentals, pp. 534-535 Cisco: Cisco IPS Mitigation Capabilities: Event Actions

QUESTION 41Which of the following statements are correct regarding network design approaches? (Choose two.)

A. The top-down approach is recommended over the bottom-up approach.

B. The top-down approach is more time-consuming than the bottom-up approach.

C. The top-down approach can lead to costly redesigns.

D. The bottom-up approach focuses on applications and services.

E. The bottom-up approach provides a "big picture" overview.

F. The bottom-up approach incorporates organizational requirements.

Correct Answer: ABSection: Design Methodologies ExplanationExplanation



Explanation:The top-down approach to network design is recommended over the bottom-up approach, and the top-down approach is more time-consuming than the bottom-upapproach. The top-down design approach takes its name from the methodology of starting with the higher layers of the Open Systems Interconnection (OSI) model,such as the Application, Presentation, and Session layers, and working downward toward the lower layers. The top-down design approach is more time-consumingthan the bottom-up design approach because the top-down approach requires a thorough analysis of the organization's requirements. Once the designer hasobtained a complete overview of the existing network and the organization's needs, in terms of applications and services, the designer can provide a design thatmeets the organization's current requirements and that can adapt to the organization's projected future needs. Because the resulting design includes room forfuture growth, costly redesigns are typically not necessary with the top-down approach to network design.

By contrast, the bottom-up approach can be much less time-consuming than the top-down design approach. The bottom-up design approach takes its name fromthe methodology of starting with the lower layers of OSI model, such as the Physical, Data Link, Network, and Transport layers, and working upward toward thehigher layers. The bottom-up approach relies on previous experience rather than on a thorough analysis of organizational requirements or projected growth. Inaddition, the bottom-up approach focuses on the devices and technologies that should be implemented in a design, instead of focusing on the applications andservices that will actually use the network. Because the bottom-up approach does not use a detailed analysis of an organization's requirements, the bottom-updesign approach can often lead to costly network redesigns. Cisco does not recommend the bottom-up design approach, because the design does not provide a"big picture" overview of the current network or its future requirements.

Reference:CCDA 200-310 Official Cert Guide, Chapter 1, TopDown Approach, pp. 24-25Cisco: Using the TopDown Approach to Network Design: 4. TopDown and BottomUp Approach Comparison (Flash)



You have been asked to use CDP to document the network shown in the diagram above. You are working from HostA, which is connected to the console port ofSwitchA. You connect to SwitchA and issue the show cdp neighbors and show cdp neighbors detail commands.

Which of the following statements are correct? (Choose two.)

A. The show cdp neighbors detail command will show all of the host IP addresses in use on HostA's LAN.

B. The show cdp neighbors command will show which port on SwitchB connects to SwitchA.

C. The show cdp neighbors command will show two devices connected to SwitchA.

D. The show cdp neighbors detail command will show information for all Cisco devices on the network.

E. The show cdp neighbors detail command will display all of RouterA's IP addresses.


Correct Answer: BCSection: Design Methodologies ExplanationExplanation


Explanation:The show cdp neighbors command will display the directly connected Cisco devices that are sending Cisco Discovery Protocol (CDP) updates; the directlyconnected devices in this case are RouterA and SwitchB. The port ID of the sending device will be displayed by the show cdp neighbors command. Therefore, theshow cdp neighbors command will show which port on SwitchB and which interface on RouterA connect to SwitchA. CDP is used to collect information aboutneighboring Cisco devices and is enabled by default. Because CDP operates at the Data Link layer, which is Layer 2 of the Open Systems Interconnection (OSI)model, CDP is not dependent on any particular Layer 3 protocol addressing, such as IP addressing. Therefore, if CDP information is not being exchanged betweendevices, you should check for Physical layer and Data Link layer connectivity problems. CDP is enabled by default on Cisco devices. You can globally disable CDPby issuing the no cdp run command in global configuration mode. You can disable CDP on a perinterface basis by issuing the no cdp enable command in interfaceconfiguration mode.

The show cdp neighbors detail command will not show information for all of the Cisco devices on the network. The only devices that will send CDP information arethe directly connected devices.The show cdp neighbors detail command will not display all of RouterA's IP addresses. Updates sent from RouterA and received by SwitchA will include only the IPaddress of the port that sent the update.

The show cdp neighbors detail command will not show all of the IP addresses of hosts on the LAN. Hosts do not send CDP information? only directly connectedCisco devices send CDP updates.

Reference:CCDA 200-310 Official Cert Guide, Chapter 15, CDP, p. 629Cisco: Cisco IOS Configuration Fundamentals Command Reference, Release 12.2: show cdp neighbors

QUESTION 43Which of the following prefixes will an IPv6enabled computer use to automatically configure an IPv6 address for itself?

A. 2000::/3

B. FC00::/7

C. FE80::/10

D. FF00::/8




Explanation:An IP version 6 (IPv6) enabled computer will use the prefix FE80::/10 to automatically configure an IPv6 address for itself. The IPv6 prefix FE80::/10 is used forunicast link-local addresses. IPv6 addresses in the FE80::/10 range begin with the characters FE80 through FEBF. Unicast packets are used for one-to-onecommunication. Link-local addresses are unique only on the local segment. Therefore, link-local addresses are not routable. Unicast link-local addresses are usedfor neighbor discovery and for environments in which no router is present to provide a routable IPv6 prefix.

IPv6 was developed to address the lack of available address space with IPv4. An IPv6 address is a 128bit (16byte) address that is typically written as eight groupsof four hexadecimal characters, including numbers from 0 through 9 and letters from A through F. Each group of four characters is separated by colons. Leadingzeroes in each group can be dropped. A double colon can be used at the beginning, middle, or end of an IPv6 address in place of one or more contiguous fourcharacter groups consisting of all zeroes. However, only one double colon can be used in an IPv6 address. Therefore, the following IPv6 addresses are equivalent:

FE80:0000:0000:070D:0000:50A0:0001:0024 FE80::070D:0000:50A0:0001:0024 FE80:0:0:70D:0:50A0:1:24 FE80::70D:0:50A0:1:24

An IPv6enabled computer will not use the prefix 2000::/3 to automatically configure an IPv6 address for itself. The IPv6 prefix 2000::/3 is used for globalaggregatable unicast addresses. IPv6 addresses in the 2000::/3 range begin with the characters 2000 through 3FFF. Global aggregatable unicast address prefixesare distributed by the Internet Assigned Numbers Authority (IANA) and are globally routable over the Internet. Because there is an inherent hierarchy in theaggregatable global address scheme, these addresses lend themselves to simple consolidation, which greatly reduces the complexity of Internet routing tables.

An IPv6enabled computer will not use the prefix FC00::/7 to automatically configure an IPv6 address for itself. The IPv6 prefix FC00::/7 is used for unicast unique-local addresses. IPv6 addresses in this range begin with the characters FC00 through FDFF. Unique-local addresses are not globally routable, but they are routablewithin an organization.

An IPv6enabled computer will not use the prefix FF00::/8 to automatically configure an IPv6 address for itself. The IPv6 prefix FF00::/8 is used for multicastaddresses, which are used for one-to-many communication. IPv6 addresses in the FF00::/8 range begin with the characters FF00 through FFFF. However, certainaddress ranges are used to indicate the scope of the multicast address. The following IPv6 multicast scopes are defined:

FF01::/16 -nodelocal FF02::/16 -linklocal FF05::/16 -uniquelocal FF08::/16 -organizationlocal FF0E::/16 -global

Reference:CCDA 200-310 Official Cert Guide, Chapter 9, LinkLocal Addresses, p. 343CCDA 200-310 Official Cert Guide, Chapter 9, SLAAC of LinkLocal Address, p. 350 Cisco: IPv6: A Primer for Physical Security Professionals

QUESTION 44


Which of the following does NetFlow use to identify a traffic flow?

A. only Layer 2 information

B. only Layer 3 information

C. only Layer 4 information

D. Layer 2 and Layer 3 information

E. Layer 3 and Layer 4 information

F. Layer 4 through 7 information

Correct Answer: ESection: Design Methodologies ExplanationExplanation


Explanation:NetFlow uses Open Systems Interconnection (OSI) Layer 3 and Layer 4 information to identify a traffic flow. NetFlow is a Cisco IOS feature that can be used togather flow-based statistics, such as packet counts, byte counts, and protocol distribution. A device configured with NetFlow examines packets for select Layer 3and Layer 4 attributes that uniquely identify each traffic flow. A traffic flow can be identified based on the unique combination of the following seven attributes:

Source IP address Destination IP address Source port number Destination port number Protocol value Type of Service (ToS) value Input interface

The data gathered by NetFlow is typically exported to management software. You can then analyze the data to facilitate network planning, customer billing, andtraffic engineering. For example, NetFlow can be used to obtain information about the types of applications generating traffic flows through a router.

NetFlow does not use Layer 2 information, such as a packet's source Media Access Control (MAC) address, to identify a traffic flow. Although the input will beconsidered when identifying a traffic flow, the MAC address of the interface will not be considered.

Network-Based Application Recognition (NBAR), not NetFlow, uses Layer 4 through 7 information to classify application traffic. NBAR is a Quality of Service (QoS)feature that enables a device to perform deep packet inspection for all packets that pass through an NBAR-enabled interface. With deep packet inspection, anNBAR-enabled device can classify traffic based on the content of a Transmission Control Protocol (TCP) or a User Datagram Protocol (UDP) packet, instead of justthe network header information. In addition, NBAR can provide statistical reporting relative to each recognized application.

Reference:CCDA 200-310 Official Cert Guide, Chapter 15, NetFlow, pp. 626-628


Cisco: Cisco IOS Switching Services Configuration Guide, Release 12.2: Capturing Traffic Data

QUESTION 45Which of the following is a Layer 2 high-availability feature?


A. NSF

B. UDLDC

C. SPF

D. FHRP

Correct Answer: BSection: Enterprise Network Design ExplanationExplanation


Explanation:UniDirectional Link Detection (UDLD) is a Layer 2 high-availability (HA) feature. UDLD monitors a link to verify that both ends of the link are functioning. UDLDoperates by sending messages across the link. When a port receives a UDLD message, the port responds by sending an echo message to verify that the link isbidirectional. Layer 2 HA features, such as UDLD, Spanning Tree Protocol (STP), and IEEE 802.3ad link aggregation, increase network resiliency and are oftenintegral components in redundant topology designs.

Shortest Path First (SPF), First-Hop Redundancy Protocol (FHRP), and nonstop forwarding (NSF) are Layer 3 HA features, not Layer 2 HA features. SPF uses anefficient algorithm to determine the optimal Layer 3 path to a destination within a routing domain. FHRP provides gateway resiliency for hosts. NSF providesgraceful restart provisions for common routing protocols to ensure fast convergence and uninterrupted Layer 3 forwarding during failure events, such as supervisormodule failure and switchover.

Reference:CCDA 200-310 Official Cert Guide, Chapter 4, Virtualization Technologies, pp. 153-157Cisco: Campus 3.0 Virtual Switching System Design Guide: VSS Architecture and Operation

QUESTION 46Which of the following statements is true regarding VMs?


A. VMs running on a host computer must run the same version of an OS as the host computer.

B. Multiple VMs can be running simultaneously on a single host computer.

C. Installing virus protection on the host computer automatically protects any VMs running on that host computer.

D. All software is shared among the host computer and the VMs.



Explanation/Reference:Multiple virtual machines (VMs) can be running simultaneously on a single host computer. A VM is an isolated environment running a separate operating system(OS) while sharing hardware resources with a host machine's OS. For example, you can configure a Windows 7 VM that can run within Windows 8? both OSs canrun at the same time if virtualization software, such as Microsoft HyperV, is used. The Windows 7 VM could then be used as a testing environment for patch orapplication deployment.

Depending on a computer's hardware capabilities, multiple VMs can be installed on a single computer, which can help provide more efficient utilization of hardwareresources. For example, VMWare ESXi Server provides a hypervisor that runs on bare metal, meaning without a host OS, and that can efficiently manage multipleVMs on a single server. A VM can access the physical network through a network adapter shared by the host computer. Alternatively, a VM could access virtualizednetworking devices on the host, such as routers or switches, to access network resources.

Before a VM is installed, it is important to ensure that the hardware on the host in which you are configuring the VM has enough CPU process availability andrandom access memory (RAM) to support the simultaneous use of multiple OSs and to ensure that the client you are accessing the VM from has sufficient networkbandwidth.

The VMs on a host computer can, but are not required to, run the same version of an OS as the host computer. For example, you can install Windows 8 on a VMthat is hosted on a Windows 8 computer. Alternatively, as in the example given previously, you can configure a Windows 7 VM that can run within Windows 8.

Installing virus protection on the host computer will not automatically protect any VMs running on that host computer. Securing the host computer does not secureall virtual computers running on that host computer. You must manually manage the security of each VM installed on a host computer. For example, installingpatches and security software on the host computer will not also configure the patches and software to be installed on the VMs.

Although a VM shares the hardware resources of the host computer, the software remains separate. Software installed on the host is not accessible from within theVM. For example, Microsoft Office might be installed on the host computer, but in order to access Microsoft Office from within a VM you must also install MicrosoftOffice on the VM. Separate instances of software on the host computer and on each VM can help protect the host computer from potentially harmful changes madewithin a VM. For example, if a VM user accidentally deletes a system file or installs malicious software, the host computer will not be affected. This applies to driversas well? if the network adapter driver is removed from the VM, the host computer and the other VMs will not be affected.


Reference:CCDA 200-310 Official Cert Guide, Chapter 4, Server Virtualization, p. 155

QUESTION 47Which of the following are true of the access layer of a hierarchical design? (Choose two.)

A. It provides address summarization.

B. It aggregates LAN wiring closets.

C. It aggregates WAN connections.

D. It isolates the distribution and core layers.

E. It is also known as the backbone layer.

F. It performs Layer 2 switching.

G. It performs NAC for end users.

Correct Answer: FGSection: Enterprise Network Design ExplanationExplanation

Explanation/Reference:Section: Enterprise Network Design ExplanationExplanation/Reference:The access layer typically performs Layer 2 switching and Network Admission Control (NAC) for end users. The access layer is the network hierarchical layer whereend-user devices connect to the network. Port security and Spanning Tree Protocol (STP) toolkit features like PortFast are typically implemented in the accesslayer.

The distribution layer of a hierarchical design, not the access layer, provides address summarization, aggregates LAN wiring closets, and aggregates WANconnections. The distribution layer is used to connect the devices at the access layer to those in the core layer. Therefore, the distribution layer isolates the accesslayer from the core layer. In addition to these features, the distribution layer can also be used to provide policy-based routing, security filtering, redundancy, loadbalancing, Quality of Service (QoS), virtual LAN (VLAN) segregation of departments, inter-VLAN routing, translation between types of network media, routingprotocol redistribution, and more.

The core layer of a hierarchical design, not the access layer, is also known as the backbone layer. The core layer is used to provide connectivity to devicesconnected through the distribution layer. In addition, it is the layer that is typically connected to enterprise edge modules. Cisco recommends that the core layerprovide fast transport, high reliability, redundancy, fault tolerance, low latency, limited diameter, and QoS. However, the core layer should not include features thatcould inhibit CPU performance. For example, packet manipulation that results from some security, QoS, classification, or inspection features can be a drain onresources.

Reference:CCDA 200-310 Official Cert Guide, Chapter 2, Access Layer, pp. 44-46Cisco: High Availability Campus Network Design-Routed Access Layer using EIGRP or OSPF: Hierarchical Design


QUESTION 48In which of the following modules of the Cisco enterprise architecture would you expect to find a DNS server? (Choose two.)

A. campus core

B. data center

C. building distribution

D. enterprise edge

E. building access

Correct Answer: BDSection: Enterprise Network Design ExplanationExplanation


Explanation:You would expect to find a Domain Name System (DNS) server in the data center or enterprise edge modules of the Cisco enterprise architecture. The enterprisearchitecture model is a modular framework that is used for the design and implementation of large networks. The enterprise architecture model includes thefollowing modules: enterprise campus, enterprise edge, service provider (SP) edge, and remote modules that utilize resources that are located away from the mainenterprise campus.

The campus core layer, building distribution layer, and building access layer are all part of the enterprise campus module. These submodules of the enterprisecampus module rely on a resilient multilayer design to support the day-to-day operations of the enterprise. Also found within the enterprise campus module is thedata center submodule, which is also referred to as the server farm submodule. The data center submodule provides file and print services to the enterprisecampus. In addition, the data center submodule typically hosts internal DNS, email, Dynamic Host Configuration Protocol (DHCP), and database services.

The enterprise edge module represents the boundary between the enterprise campus module and the outside world. In addition, the enterprise edge moduleaggregates voice, video, and data traffic to ensure a particular level of Quality of Service (QoS) between the enterprise campus and external users located inremote submodules. Enterprise WAN, Internet connectivity, ecommerce servers, and remote access & virtual private network (VPN) are all submodules of theenterprise edge module.

Enterprise data center, enterprise branch, and teleworkers are examples of remote submodules that are found within the enterprise architecture model. Thesesubmodules represent enterprise resources that are located outside the main enterprise campus. These submodules typically connect to the enterprise campusthrough the use of the SP edge and the enterprise edge modules. Because many Cisco routers commonly used at the edge of the network are capable of providingDHCP and DNS services to the network edge, devices in the remote submodules do not need to rely on the DHCP and DNS servers located in the enterprisecampus.

The SP edge module consists of submodules that represent third-party network service providers. For example, most enterprise entities rely on Internet serviceproviders (ISPs) for Internet connectivity and on public switched telephone network (PSTN) providers for telephone service. In addition, the third-party infrastructure


found in the SP edge is often used to provide connectivity between the enterprise campus and remote resources.

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, DNS, pp. 319-321

QUESTION 49DRAG DROPSelect the subnet masks on the left, and place them over the number of host addresses that the subnet mask can support. Not all subnet masks will be used.

Select and Place:

Correct Answer:


Section: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:A subnet mask specifies how many bits belong to the network portion of a 32bit IP address. The remaining bits in the IP address belong to the host portion of the IPaddress. To determine how many host addresses are defined by a subnet mask, use the formula 2n-2, where n is the number of bits in the host portion of theaddress.

A /19 subnet mask uses 13 bits for host addresses. Therefore, 213 -2 equals 8,190 valid host addresses.A /20 subnet mask uses 12 bits for host addresses. Therefore, 212 -2 equals 4,094 valid host addresses.A /22 subnet mask uses 10 bits for host addresses. Therefore, 210-2 equals 1,022 valid host addresses.A /23 subnet mask uses nine bits for host addresses. Therefore, 29-2 equals 510 valid host addresses.A /25 subnet mask uses seven bits for host addresses. Therefore, 27-2 equals 126 valid host addresses.


Although it is important to learn the formula for calculating valid host addresses, the following list demonstrates the relationship between subnet masks and validhost addresses:

Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Address Subnets, pp. 302-310Cisco: IP Addressing and Subnetting for New Users

QUESTION 50Which of the following statements is true regarding NetFlow?

A. NetFlow can collect timestamps of traffic flowing between a particular source and destination.

B. Data collected by NetFlow cannot be exported.

C. Many configuration changes to existing network devices are required in order to accommodate NetFlow.

D. For audit purposes, NetFlow must run on every router in a network.

Correct Answer: ASection: Design Methodologies Explanation


Explanation


Explanation:NetFlow is a Cisco IOS feature that can collect timestamps of traffic flowing between a particular source and destination. NetFlow can be used to gather flow-basedstatistics, such as packet counts, byte counts, and protocol distribution. A device configured with NetFlow examines packets for select Layer 3 and Layer 4attributes that uniquely identify each traffic flow. The data gathered by NetFlow is typically exported to management software. You can then analyze the data tofacilitate network planning, customer billing, and traffic engineering. A traffic flow is defined as a series of packets with the same source IP address, destination IPaddress, protocol, and Layer 4 information. Although NetFlow does not use Layer 2 information, such as a source Media Access Control (MAC) address, to identifya traffic flow, the input interface on a switch will be considered when identifying a traffic flow. Each NetFlowenabled device gathers statistics independently of anyother device? NetFlow does not have to run on every router in a network in order to produce valuable data for an audit. In addition, NetFlow is transparent to theexisting network infrastructure and does not require any network configuration changes in order to function.

Reference:Cisco: Cisco IOS Switching Services Configuration Guide, Release 12.2: NetFlow Overview

QUESTION 51On a Cisco router, which of the following message types does the traceroute command use to map the path that a packet takes through a network?

A. ICMP Echo

B. ICMP TEM

C. LLDP TLV

D. CDP TLV

Correct Answer: BSection: Design Methodologies ExplanationExplanation


Explanation:On a Cisco router, the traceroute command uses Internet Control Message Protocol (ICMP) Time Exceeded Message (TEM) messages to map the path that apacket takes through a network. The traceroute command works by sending a sequence of messages, usually User Datagram Protocol (UDP) packets, to adestination address. The Time-to-Live (TTL) value in the IP header of each series of packets is incremented as the traceroute command discovers the IP addressof each router in the path to the destination address. The first series of packets, which have a TTL value of one, make it to the first hop router, where their TTLvalue is decremented by one as part of the forwarding process. Because the new TTL value of each of these packets will be zero, the first hop router will discard thepackets and send an ICMP TEM to the source of each discarded packet. The traceroute command will record the IP address of the source of the ICMP TEM andwill then send a new series of messages with a higher TTL. The next series of messages is sent with a TTL value of two and arrives at the second hop before


generating ICMP TEMs and thus identifying the second hop. This process continues until the destination is reached and every hop in the path to the destination isidentified. In this manner, the traceroute command can be used to manually build a topology map of an existing network? however, more effective mechanisms,such as Link Layer Discovery Protocol (LLDP) or Cisco Discovery Protocol (CDP), are typically used instead when available.

Some network trace implementations similar to the IOS traceroute command send ICMP Echo messages or Transmission Control Protocol (TCP) synchronization(SYN) packets by default. For example, the tracert command on Microsoft Windows platforms uses ICMP Echo messages by default, instead of ICMP TEMs, tomap the path a packet takes through a network. Some implementations offer configuration options to specify the message types used to map the network path of aseries of packets. Being able to specify the message type is useful in environments where firewalls or other filtering mechanisms restrict the flow of certain types ofpackets, such as ICMP Echo messages.

CDP is a Cisco-proprietary network discovery protocol that uses Type-Length-Value (TLV) fields to share data with neighboring Cisco devices. A TLV is a datastructure that defines a type of data, its maximum length, and a value. For example, the CDP Device-ID TLV contains a string of characters identifying the nameassigned to the device. Each CDP message contains a series of TLV fields, which collectively describe a Cisco device, its configuration, and its capabilities. CDP-enabled devices listen for CDP packets and parse the TLVs to build a table with information about each neighboring Cisco device. The information in the CDP tablecan be used by other processes on the device. For example, native virtual LAN (VLAN) mismatches are commonly identified based on the information from theCDP table.

Likewise, LLDP uses TLV fields to share data with neighboring network devices. LLDP is an open-standard network discovery protocol specified as part of theInstitute of Electrical and Electronics Engineers (IEEE) 802.1AB standard. Because LLDP is designed to operate in a multivendor environment, it specifies anumber of mandatory TLVs that must be included at the beginning of each LLDP message. Any optional TLVs follow the mandatory TLVs, and an empty TLVspecifies the end of the series. Most Cisco platforms support both CDP and LLDP.

Reference:Cisco: Understanding the Ping and Traceroute Commands

QUESTION 52Which of the following is a hierarchical routing protocol that can summarize routes at border routers and by using redistribution?

A. RIPv1

B. RIPv2

C. OSPF

D. EIGRP



Explanation:


Open Shortest Path First (OSPF) is a hierarchical, link-state routing protocol that can summarize routes at border routers or by using redistribution summarization.OSPF divides an autonomous system (AS) into areas. These areas can be used to limit routing updates to one portion of the network, thereby keeping routingtables small and update traffic low. Only OSPF routers in the same hierarchical area form adjacencies. Hierarchical design provides for efficient performance andscalability. Although OSPF is more difficult to configure, it converges more quickly than most other routing protocols.

Enhanced Interior Gateway Routing Protocol (EIGRP) is a hybrid routing protocol that combines the best features of distance-vector and link-state routing protocols.Unlike OSPF, EIGRP supports automatic summarization and can summarize routes on any EIGRP interface. However, both OSPF and EIGRP converge fasterthan other routing protocols and support manual configuration of summary routes.

Routing Information Protocol version 1 (RIPv1) and RIPv2 are not hierarchical routing protocols that divide an AS into areas. RIPv1 and RIPv2 are distance-vectorrouting protocols that use hop count as a metric. By default, RIP sends out routing updates every 30 seconds, and the routing updates are propagated to all RIProuters on the network.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, OSPFv2 Summary, p. 439Cisco: Open Shortest Path First

QUESTION 53View the Exhibit:

Refer to the exhibit. Which of the following statements are true regarding the deployment of the IPS in the exhibit? (Choose two.)

A. It increases response latency.

B. It increases the risk of successful attacks.

C. It can directly block all communication from an attacking host.

D. It can reset TCP connections.

E. It does not require RSPAN on switch ports.

Correct Answer: CESection: Considerations for Expanding an Existing Network ExplanationExplanation



Explanation:When Cisco Intrusion Prevention System (IPS) is configured in inline mode, IPS can directly block all communication from an attacking host. In addition, an IPS ininline mode does not require that Remote Switched Port Analyzer (RSPAN) be enabled on switch ports.

Inline mode enables IPS to examine traffic as it flows through the IPS device. Therefore, any traffic that should be analyzed by IPS must be to a destination that isseparated from the source by the IPS device. By contrast, promiscuous mode enables IPS to examine traffic on ports from multiple network segments without beingdirectly connected to those segments. Promiscuous mode, which is also referred to as monitor-only operation, enables an IPS to passively examine network trafficwithout impacting the original flow of traffic. This passive connection enables the IPS to have the most visibility into the networks on the switch to which it isconnected. However, promiscuous mode operation increases latency and increases the risk of successful attacks.

IPS can use all of the following actions to mitigate a network attack in inline mode:Deny attacker inline: directly blocks all communication from the attacking hostDeny attacker service pair inline: directly blocks communication between the attacker and a specific port Deny attacker victim pair inline: directly blocks communication that occurs on any port between the attacker and a specific host Deny connection inline: directly blocks communication for a specific Transmission Control Protocol (TCP)session Deny packet inline: directly blocks the transmission of a specific type of packet from an attacking host Modify packet inline: allows IPS to change or remove the malicious contents of a packet

IPS in promiscuous mode, not inline mode, requires RSPAN. RSPAN enables the monitoring of traffic on a network by capturing and sending traffic from a sourceport on one device to a destination port on a different device on a non-routed network. Because copies of traffic from the RSPAN port are forwarded to a monitor-only IPS for analysis instead of flowing through IPS directly, the amount of time IPS takes to determine whether a network attack is in progress can be greater inpromiscuous mode than when IPS is operating in inline mode. The increased response latency means that an attack has a greater chance at success prior todetection.

IPS in promiscuous mode, not inline mode, can reset TCP connections. Promiscuous mode supports three actions to mitigate attacks: Request block host, Requestblock connection, and Reset TCP connection. The Request block host action causes IPS to send a request to the Attack Response Controller (ARC) to block allcommunication from the attacking host for a given period of time. The Request block connection action causes IPS to send a request to the ARC to block thespecific connection from the attacking host for a given period of time. The Reset TCP connection action clears TCP resources so that normal TCP network activitycan be established. However, resetting TCP connections is effective only for TCP-based attacks and against only some types of those attacks.

Reference:CCDA 200-310 Official Cert Guide, Chapter 13, IPS/IDS Fundamentals, pp. 534-535 Cisco: Cisco IPS Mitigation Capabilities: Inline Mode Event Actions

QUESTION 54Which of the following statements are correct regarding wireless signals in a VoWLAN? (Choose two.)

A. High data rate signals require higher SNRs than low data rate signals.

B. VoWLANs require lower SNRs than data-only WLANs.


C. Signals from adjacent cells on nonoverlapping channels should have an overlap of between 15 and 20percent to ensure smooth roaming.

D. VoWLANs require lower signal strengths than data-only WLANs.

E. Increasing the strength of a signal cannot increase its SNR.

Correct Answer: ACSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:In a Voice over wireless LAN (VoWLAN), high data rate signals require higher signal-to-noise ratios (SNRs) than low data rate signals. In addition, signals fromadjacent cells on nonoverlapping channels should have an overlap between 15 and 20 percent to ensure smooth roaming. The sensitivity of an 802.11 radiodecreases as the data rate goes up. Thus the separation of valid 802.11 signals from background noise must be greater at higher data rates than at lower datarates. Otherwise, the 802.11 radio will be unable to distinguish the valid signals from the surrounding noise. For example, an 802.11 radio might register a 1Mbpssignal at -45 decibel milliwatts (dBm) with -96 dBm of noise. These values produce an SNR of 51 decibels (dB). However, if the data rate is increased to 11 Mbps,the radio might register a signal of -63 dBm with -82 dBm of noise, thereby bringing the SNR to 19 dB. Because the sensitivity of the radio is diminished at thehigher data rate, the radio might not be able to distinguish parts of the signal from the surrounding noise, which might result in packet loss. Therefore, the optimalcell size is determined by the configured data rate and the transmitter power of the access point (AP).

Packet loss can also be mitigated by maintaining an overlap between 15 and 20 percent on nonoverlapping channels for all adjacent cells in a VoWLAN. Byproviding at least 15 percent overlap between adjacent cells, a wireless client has a greater chance of completing the roaming process without incurring too muchdelay or packet loss. If the overlap is less than 15 percent, the client might drop its connection with one AP before it has completed associating with the next AP.This can result in degraded voice quality and disconnected calls.

VoWLANs require higher signal strengths than data-only wireless LANs (WLANs). Data traffic can tolerate delayed or dropped packets because its associatedapplications typically do not operate in real time. If a wireless client breaks its connection with an AP and packets are delayed or lost, the client can retransmit themissing packets when it reconnects. By contrast, real-time data, such as voice traffic, is particularly sensitive to delay, variations in delay, and packet loss. Ifpackets are delayed too long or lost because a client breaks its connection with an AP, the quality of the client's voice stream is degraded. If there is enough delayor packet loss, the call will be disconnected by the client device.

Likewise, VoWLANs require higher SNRs than data-only WLANs. A high SNR indicates that a device can easily distinguish valid wireless signals from thesurrounding noise. The greater the separation between signal and noise, the higher the likelihood that wireless clients will not experience packet loss due to signalinterference. Cisco recommends maintaining a minimum signal strength of -67 dBm and a minimum SNR of 25 dB throughout the coverage area of a VoWLAN tohelp mitigate packet loss.

Increasing the strength of a signal can increase its SNR. By increasing the strength of a transmitted signal, the difference between the signal and any associatednoise can be increased at the receiving station. A wireless LAN controller (WLC) can be configured to adjust the signal strength of a lightweight AP (LAP) if itregisters a low SNR value from one of the LAP's associated devices.


Reference:Cisco: Site Survey Guide: Deploying Cisco 7920 IP Phones: Getting started

QUESTION 55Which of the following is a circuit-switched WAN technology that offers less than 2 Mbps of bandwidth?

A. ATM

B. Frame Relay

C. ISDN

D. SONET

E. SMDS

F. Metro Ethernet



Explanation:Integrated Services Digital Network (ISDN) is a circuit-switched WAN technology that offers less than 2 Mbps of bandwidth. Circuit-switched WAN technologies relyon dedicated physical paths between nodes in a network. For example, when RouterA needs to contact RouterB, a dedicated path is established between therouters and then data is transmitted. While the circuit is established, RouterA cannot use the WAN link to transmit any data that is not destined for networksaccessible through RouterB. When RouterA no longer has data for RouterB, the circuit is torn down until it is needed again.

Because circuit-switched links rely on dedicated physical paths, they are considered leased WAN technologies. Other examples of leased WAN technologies aretime division multiplexing (TDM) and Synchronous Optical Network (SONET).

Metro Ethernet is a WAN technology that is commonly used to connect networks in the same metropolitan area. However, Metro Ethernet providers typically provideup to 1,000 Mbps of bandwidth. A company that has multiple branch offices within the same city can use Metro Ethernet to connect the branch offices to thecorporate headquarters.

Packet-switched networks do not rely on dedicated physical paths between nodes in a network. In a packet-switched network, a node establishes a single physicalcircuit to a service provider. Multiple virtual circuits can share this physical circuit, allowing a single device to send data to several destinations. Because packet-switched links do not rely on dedicated physical paths, they are considered shared WAN links. Frame Relay, X.25, Multiprotocol Label Switching (MPLS), andSwitched Multimegabit Data Service (SMDS) are examples of packet-switched, shared WAN technologies.

Asynchronous Transfer Mode (ATM) is a shared WAN technology that transports its payload in a series of fixed-sized 53byte cells. ATM has the unique ability totransport different types of traffic, including IP packets, traditional circuit-switched voice, and video, while still maintaining a high quality of service for delay-sensitivetraffic such as voice and video services. Although ATM could be categorized as a packet-switched WAN technology, it is often listed in its own category as a cell-


switched WAN technology instead.

Reference:CCDA 200-310 Official Cert Guide, Chapter 6, ISDN, pp. 221-222Cisco: Introduction to WAN Technologies: Circuit SwitchingCisco: Asynchronous Transfer Mode Switching: ATM Devices and the Network Environment

QUESTION 56You administer a router that contains five routes to the same network: a static route, a RIPv2 route, an IGRP route, an OSPF route, and an internal EIGRP route.The default ADs are used. The link to the static route has just failed.

Which route or routes will be used?

A. the RIPv2 route

B. the IGRP route

C. the OSPF route

D. the EIGRP route

E. both the RIPv2 route and the EIGRP route



Explanation:The Enhanced Interior Gateway Routing Protocol (EIGRP) route is used when the link to the static route goes down. EIGRP is a Cisco-proprietary routing protocol.When multiple routes to a network exist and each route uses a different routing protocol, a router prefers the routing protocol with the lowest administrative distance(AD). The following list contains the most commonly used ADs:


In this scenario, the static route has the lowest AD. Therefore, the static route is used instead of the other routes. When the static route fails, the EIGRP route ispreferred, because internal EIGRP has an AD of 90.

If the EIGRP route were to fail, the Interior Gateway Routing Protocol (IGRP) route would be preferred, because IGRP has an AD of 100. If the IGRP route werealso to fail, the Open Shortest Path First (OSPF) route would be preferred, because OSPF has an AD of 110. The Routing Information Protocol version 2 (RIPv2)route would not be used unless all of the other links were to fail, because RIPv2 has an AD of 120. ADs for a routing protocol can be manually configured by issuingthe distance command in router configuration mode. For example, to change the AD of OSPF from 110 to 80, you should issue the following commands:

RouterA(config)#router ospf 1RouterA(configrouter)#distance 80

You can view the AD of the best route to a network by issuing the show ip routecommand. The AD is the first number inside the brackets in the output. Forexample, the following router output shows an OSPF route with an AD of 80:

Router#show ip routeGateway of last resort is 10.19.54.20 to network 10.140.0.0E2 172.150.0.0 [80/5] via 10.19.54.6, 0:01:00, Ethernet2

The number 5 in the brackets above is the OSPF metric, which is based on cost. OSPF calculates cost based on the bandwidth of an interface: the higher thebandwidth, the lower the cost. When two OSPF paths exist to the same destination, the router will choose the OSPF path with the lowest cost.


Reference:CCDA 200-310 Official Cert Guide, Chapter 10, Administrative Distance, pp. 386-387Cisco: What Is Administrative Distance?

QUESTION 57Which of the following statements is true regarding physical connections in the Cisco ACI architecture?


A. Spine nodes must be fully meshed.

B. Leaf nodes must be fully meshed.

C. Each leaf node must connect to each spine node.

D. Each APIC must connect to each leaf node.



Explanation:In the Cisco Application Centric Infrastructure (ACI), each leaf node must connect to each spine node. Cisco ACI is a data center technology that uses switches,categorized as spine and leaf nodes, to dynamically implement network application policies in response to application-level requirements. Network applicationpolicies are defined on a Cisco Application Policy Infrastructure Controller (APIC) and are implemented by the spine and leaf nodes.

The spine and leaf nodes create a scalable network fabric that is optimized for east-west data transfer, which in a data center is typically traffic between anapplication server and its supporting data services, such as database or file servers. Each spine node requires a connection to each leaf node? however, spinenodes do not interconnect nor do leaf nodes interconnect. Despite its lack of fully meshed connections, this physical topology enables nonlocal traffic to pass fromany ingress leaf interface to any egress leaf interface through a single, dynamically selected spine node. By contrast, local traffic is passed directly from an ingressinterface on a leaf node to the appropriate egress interface on the same leaf node.

Because a spine node has a connection to every leaf node, the scalability of the fabric is limited by the number of ports on the spine node, not by the number ofports on the leaf node. In addition, redundant connections between a spine and leaf pair are unnecessary because the nature of the topology ensures that each leafhas multiple connections to the network fabric. Therefore, each spine node requires only a single connection to each leaf node.


Redundancy is also provided by the presence of multiple APICs, which are typically deployed as a cluster of three controllers. APICs are not directly involved inforwarding traffic and are therefore not required to connect to every spine or leaf node. Instead, the APIC cluster is connected to one or more leaf nodes in muchthe same manner that other endpoint groups (EPGs), such as application servers, are connected.

Reference:CCDA 200-310 Official Cert Guide, Chapter 4, ACI, pp. 135Cisco: Application Centric Infrastructure Overview: Implement a Robust Transport Network for Dynamic Workloads

QUESTION 58Which of the following are not supported by GET VPN? (Choose two.)

A. centralized key management

B. dynamic NAT

C. voice traffic

D. static NAT

E. native multicast traffic

Correct Answer: BDSection: Enterprise Network Design ExplanationExplanation


Explanation:Group Encrypted Transport (GET) virtual private network (VPN) supports neither static nor dynamic Network Address Translation (NAT). GET VPN is a Cisco-proprietary technology that provides tunnel-less, end-to-end security for both unicast and multicast traffic. GET VPN uses IP Security (IPSec) tunnel mode withaddress preservation to preserve the inner IP header of each encrypted packet? the IP source address and various IP header fields are unaffected by theencryption process. Because NAT changes information in the IP header, such as the IP source address, NAT is not supported by GET VPN and must be performedeither before a packet is encrypted or after a packet is decrypted. Cisco recommends GET VPN for environments needing highly scalable, any-to-any encryptedconnectivity for unicast and multicast traffic, such as a large financial network using a Multiprotocol Label Switching (MPLS) WAN.

In a GET VPN, trusted group member routers receive security policy and authentication keys from a central key server. Although group member routers obtainkeying information from a central key server, the key server is not involved in the flow of traffic as in a hub-and-spoke design. Instead, group member routers canuse the keying information from the key server to dynamically form direct connections with one another for data transmission. This enables group member routersto form security associations with sufficient speed to minimize transmission delay and to support the Quality of Service (QoS) levels necessary for voice traffic.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, GETVPN, pp. 258-259Cisco: Cisco Group Encrypted Transport VPN



Refer to the exhibit above. The Layer 3 switch on the left, DSW1, is the root bridge for all VLANs in the topology. Devices on VLAN 10 use DSW1 as a defaultgateway. Devices on VLAN 20 use the Layer 3 switch on the right, DSW2, as a default gateway. A device that is operating in VLAN 20 and is connected to ASW3transmits a packet that is destined beyond Router1.

What path will the packet most likely take through the network?

A. ASW3 > DSW2 > Router1

B. ASW3 > DSW1 > Router1

C. ASW3 > DSW2 > DSW1 > Router1

D. ASW3 > DSW1 > DSW2 > Router1


Explanation/Reference:


Section: Enterprise Network Design Explanation

Explanation:Most likely, the packet will travel from ASW3 to DSW1, to DSW2, and then to Router1. Because all of the virtual LANs (VLANs) use DSW1 as the root bridge in thisscenario, all traffic from the access layer switches, regardless of VLAN, flows first to DSW1. Traffic from VLAN 10 is therefore already optimized because VLAN 10uses DSW1 as its default gateway. However, VLAN 20 uses DSW2 as its default gateway. Therefore, traffic from VLAN 20 will most likely flow first to DSW1 andthen across the PortChannel 1 EtherChannel interface to DSW2 for forwarding.

In this scenario, if you were to configure a separate spanning tree to be established for each VLAN, the location of the root switch could be optimized on a per-VLAN basis. For example, configuring DSW2 as the preferred root bridge for devices that operate on VLAN 20 would cause VLAN 20 traffic from both ASW1 andASW3 to flow directly to DSW2 for forwarding to Router1. VLAN 10 traffic would remain optimized to flow directly to DSW1 from ASW1, ASW2, or ASW3.

Reference:CCDA 200-310 Official Cert Guide, Chapter 3, STP Design Considerations, pp. 101-103Cisco: InterSwitch Link and IEEE 802.1Q Frame Format: Background TheoryCisco: Catalyst 3750X and 3560X Switch Software Configuration Guide, Release 12.2(55)SE: Configuring the Switch Priority of a VLAN

QUESTION 60Which of the following address blocks is typically used for IPv4 link-local addressing?

A. 192.168.0.0/16

B. 172.16.0.0/12

C. 169.254.0.0/16

D. 10.0.0.0/8

E. 127.0.0.0/8



Explanation:Of the available choices, only the 169.254.0.0/16 address block is typically used for IP version 4 (IPv4) link-local addressing. The IP addresses in the169.254.0.0/16 address block, which includes the IP addresses from 169.254.0.0 through 169.254.255.255, are defined by Request for Comments (RFC) 3927.This address block is reserved for the dynamic configuration of IPv4 link-local addresses. On Microsoft Windows computers, addresses in these ranges are knownas Automatic Private IP Addressing (APIPA) addresses.

Addresses in the 192.168.0.0/16, 172.16.0.0/12, and 10.0.0.0/8 ranges are private IP addresses that are defined by RFC 1918. The following are the valid IPaddress blocks in each of the classes available for commercial use as defined by RFC 1918:


Class A - 10.0.0.0 through 10.255.255.255, or 10.0.0.0/8Class B - 172.16.0.0 through 172.31.255.255, or 172.16.0.0/12Class C - 192.168.0.0 through 192.168.255.255, or 192.168.0.0/16

The 127.0.0.0/8 IP address block is a special-use IPv4 address block that is defined by the Internet Engineering Task Force (IETF) in RFC 1122 and in RFC 6890,which obsoletes RFC 5735. The 127.0.0.1/32 IP address is typically used as a loopback address for devices on a network.

Reference:IETF: RFC 3927: Dynamic Configuration of IPv4 Link-Local Addresses

QUESTION 61Which of the following protocols can provide Application layer management information?

A. RMON

B. RMON2

C. SNMPv1

D. SNMPv2E. SNMPv3

Correct Answer: BSection: Design Methodologies ExplanationExplanation


Explanation:Remote Monitoring version 2 (RMON2) can provide Open Systems Interconnection (OSI) Application layer management information. RMON2 builds on theframework of Simple Network Management Protocol (SNMP) and extends the Management Information Base (MIB) to provide network flow statistics. The statisticsthat RMON2 provides are divided into groups based on the type of information they contain. For example, RMON2 groups contain information about Network layeraddress mappings, Application layer traffic statistics, and per-protocol traffic distribution. In addition, RMON2 provides a managed device with the ability to locallystore historical data that can then be used to analyze trends in network utilization and to determine whether a managed device requires optimization. By contrast,the Cisco NetFlow feature can provide similar data for analysis? however, very little NetFlow data is typically stored locally. Instead, NetFlow data is typicallyexported to a collector where it can be analyzed to determine whether a managed device requires optimization.

Remote Monitoring version 1, commonly referred to as RMON, provides Physical and Data Link layer management information. Like RMON2, RMON divides themanagement data it provides into distinct groups? however, RMON's groups contain information about the physical network, such as Ethernet interface statistics,host addresses based on Media Access Control (MAC) addresses, and Data Link layer traffic statistics. RMON information can also be maintained on the manageddevice to provide historical data. Although RMON data is limited to only Physical and Data Link layer information, it can still be a valuable resource for determiningwhether a managed device requires optimization.


Simple Network Management Protocol (SNMP) provides a framework for obtaining basic information about a managed device. Like RMON and RMON2, SNMPuses the MIB to store information about a managed device; however, SNMP does not have the capability to locally store historical data. Therefore, SNMP requires anetwork management station (NMS) to periodically poll a managed device to accumulate historical data that can then be used determine whether the manageddevice requires optimization. Three versions of SNMP currently exist: SNMP version 1 (SNMPv1), SNMPv2, and SNMPv3. SNMPv1 and SNMPv2 do not provideauthentication, encryption, or message integrity. Thus access to management information is based on a simple password known as a community string; thepassword is sent as plain text with each SNMP message. If an attacker intercepts a message, the attacker can view the password information. SNMPv3 improvesupon SNMPv1 and SNMPv2 by providing encryption, authentication, and message integrity to ensure that the messages are not viewed or tampered with duringtransmission.

Reference:CCDA 200-310 Official Cert Guide, Chapter 15, RMON, pp. 624-626IETF: RFC 2021: Remote Network Monitoring Management Information Base Version 2 using SMIv2: 2. OverviewIETF: RFC 3577: Introduction to the Remote Monitoring (RMON) Family of MIB Modules: 4. RMON Documents

QUESTION 62Which of the following is not true regarding the MPLS WAN deployment model for branch connectivity?

A. It provides the highest SLA guarantees for QoS capabilities.

B. It provides the highest SLA guarantees for network availability.

C. It is the most expensive deployment model.

D. It supports only dual-router configurations.



ExplanationThe Multiprotocol Label Switching (MPLS) WAN deployment model for branch connectivity supports both single-router and dual-router configurations. Cisco definesthree general deployment models for branch connectivity:

MPLS WAN Hybrid WAN Internet WAN

The MPLS WAN deployment model can use a single-router configuration with connections to multiple MPLS service providers or a dual-router configuration whereeach router has a connection to one or more MPLS service providers. Service provider diversity ensures that an outage at the service provider level will not causean interruption of service at the branch. The MPLS WAN deployment model can provide service-level agreement (SLA) guarantees for Quality of Service (QoS) andnetwork availability through service-provider provisioning and routing protocol optimization. Although using multiple MPLS services provides increased networkresilience and bandwidth, it also increases the complexity and cost of the deployment when compared to other deployment models.


The Hybrid WAN deployment model can use a single or dual-router configuration and relies on an MPLS service provider for its primary WAN connection and on anInternet-based virtual private network (VPN) connection as a backup circuit. Unlike the MPLS WAN deployment model, the Hybrid WAN deployment model cannotensure QoS capabilities for traffic that does not pass to the MPLS service provider. In the Hybrid WAN deployment model, low-priority traffic is often routed throughthe lower cost Internet VPN circuit, which can reduce the bandwidth requirements for the MPLS circuit, further lowering the overall cost without sacrificing networkresilience.

The Internet WAN deployment model can use a single or dual-router configuration and relies on an Internet-based VPN solution for primary and backup circuits.Internet service provider (ISP) diversity ensures that carrier level outages do not affect connectivity between the branch and the central site. Because the InternetWAN deployment model uses the public Internet, its QoS capabilities are limited. However, the Internet WAN deployment model is the most cost effective of thethree models defined by Cisco.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, Branch Connectivity, p. 271

QUESTION 63Which of the following queuing methods provides bandwidth and delay guarantees?

A. FIFO

B. LLQ

C. WFQ

D. CBWFQ



Explanation:Low-latency queuing (LLQ) provides bandwidth and delay guarantees through the creation of one or more strict-priority queues that can be used specifically fordelay-sensitive traffic, such as voice and video traffic. In addition, LLQ supports the creation of up to 64 user-defined traffic classes. Each strict-priority queue canuse as much bandwidth as possible but can only use its guaranteed minimum bandwidth when other queues have traffic to send, thereby avoiding bandwidthstarvation for the user-defined queues. Cisco recommends limiting the strict-priority queues to a total of 33 percent of the link capacity.

Class-based weighted fair queuing (CBWFQ) provides bandwidth guarantees, so it can be used for voice, video, and mission-critical traffic. However, CBWFQ doesnot provide the delay guarantees provided by LLQ, because CBWFQ does not provide support for strict-priority queues. CBWFQ improves upon weighted fairqueuing (WFQ) by enabling the creation of up to 64 custom traffic classes, each with a guaranteed minimum bandwidth.

Although WFQ can be used for voice, video, and mission-critical traffic, it does not provide the bandwidth or delay guarantees provided by LLQ, because WFQ does


not support the creation of strict-priority queues. Traffic flows are identified by WFQ based on source and destination IP address, port number, protocol number,and Type of Service (ToS). Although WFQ is easy to configure, it is not supported on high-speed links. WFQ is used by default on Cisco routers for serial interfacesat 2.048 Mbps or lower.

First-in-first-out (FIFO) queuing does not provide any traffic guarantees of any sort. FIFO queuing requires no configuration, because all packets are arranged into asingle queue. As the name implies, the first packet received is the first packet transmitted, without regard for packet type, protocol, or priority. Therefore, FIFOqueuing is not appropriate for voice, video, or mission-critical traffic. By default, Cisco uses FIFO queuing for interfaces faster than 2.048 Mbps.

Reference:CCDA 200-310 Official Cert Guide, Chapter 6, Low-Latency Queuing, p. 235Cisco: Enterprise QoS Solution Reference Network Design Guide: Queuing and Dropping Principles Cisco: Signalling Overview: RSVP Support for Low Latency Queuing

QUESTION 64DRAG DROPSelect the processes from the left, and place them in the appropriate corresponding Cisco PBM Design Lifecycle phase column on the right. All processes will beused.

Select and Place:


Correct Answer:


Section: Design Objectives ExplanationExplanation


Explanation:The Cisco Plan, Build, Manage (PBM) Design Lifecycle is a newer methodology designed to streamline the concepts from Cisco's older design philosophy: thePrepare, Plan, Design, Implement, Operate, and Optimize (PPDIOO) Design Lifecycle. As the name implies, the PBM Design Lifecycle is divided into three distinctphases: Plan, Build, and Manage.

The Plan phase of the PBM Design Lifecycle consists of the following three processes:Strategy and analysis


Assessment Design

The purpose of the strategy and analysis process is to generate proposed improvements to an existing network infrastructure with the overall goal of increasing anorganization's return on investment (ROI) from the network and its support staff. The assessment process then examines the proposed improvements from thestrategy and analysis process and determines whether the improvements comply with organizational goals and industry best practices. In addition, the assessmentprocess identifies potential deficiencies that infrastructure changes might cause in operational and support facilities. Finally, the design process produces a networkdesign that meets current organizational objectives while maintaining resiliency and scalability.

The Build phase of the PBM Design Lifecycle consists of the following three processes:Validation Deployment Migration

The purpose of the validation process is to implement the infrastructure changes outlined in the design process of the Plan phase and to verify that theimplementation meets the organizational needs as specified by the network design. The validation process implements the network design in a controlledenvironment such as in a lab or staging environment. Once the network design has been validated, the purpose of the deployment process is to implement thenetwork design in a full-scale production environment. Finally, the purpose of the migration process is to incrementally transition users, devices, and services to thenew infrastructure as necessary.

The Manage phase of the PBM Design Lifecycle consists of the following four processes:Product support Solution support Optimization Operations management

The product support process addresses support for specific hardware, software, or network products. Cisco Smart Net is an example of a component of the productsupport process. By contrast, solution support is focused on the solutions that hardware, software, and network products provide for an organization. Cisco SolutionSupport is the primary component of the solution support process. Cisco Solution Support serves as the primary point of contact for Cisco solutions, leveragessolution-focused expertise, coordinates between multiple vendors for complex solutions, and manages each case from inception to resolution. The optimizationprocess is concerned with improving the performance, availability, and resiliency of a network implementation. It also addresses foreseeable changes andupgrades, which reduces operating costs, mitigates risk, and improves ROI. The operations management process addresses the ongoing management of thenetwork infrastructure. It includes managed solutions for collaboration, data center, security, and general network services.

Reference:CCDA 200-310 Official Cert Guide, Chapter 1, Cisco Design Lifecycle: Plan, Build, Manage, pp. 9-12Cisco: Services: Portfolio

QUESTION 65In which of the following situations would eBGP be the most appropriate routing protocol?

A. when the router has a single link to a router within the same AS


B. when the router has redundant links to a router within the same AS

C. when the router has a single link to a router within a different AS

D. when the router has redundant links to a router within a different AS



Explanation:External Border Gateway Protocol (eBGP) would be the most appropriate routing protocol for a router that has redundant links to a router within a differentautonomous system (AS). An AS is defined as the collection of all areas that are managed by a single organization. Routing protocols that dynamically share routinginformation within an AS are called interior gateway protocols (IGPs), and routing protocols that dynamically share routing information between multiple ASes arecalled exterior gateway protocols (EGPs). Border Gateway Protocol (BGP) routers within the same AS communicate by using internal BGP (iBGP), and BGProuters in different ASes communicate by using eBGP. BGP is typically used to exchange routing information between ASes, between a company and an Internetservice provider (ISP), or between ISPs.

Static routing, not BGP, would be the most appropriate routing method for a router that has a single link to a router within a different AS. Because BGP can becomplicated to configure and can use large amounts of processor and memory resources, static routing is recommended if dynamic routing information does notneed to be exchanged between routers that reside in different ASes. For example, if you connect a router to the Internet through a single ISP, it is not necessary forthe router to run BGP, because the router will use a single, static default route to the ISP for all traffic that is not destined to the internal network.

An IGP would be the most appropriate routing protocol for a router that has a single link or redundant links to a router within the same AS. Enhanced InteriorGateway Routing Protocol (EIGRP), Open Shortest Path First (OSPF), and Routing Information Protocol (RIP) are examples of IGPs.

Reference:CCDA 200-310 Official Cert Guide, Chapter 11, BGP Neighbors, pp. 444-446Cisco: Sample Configuration for iBGP and eBGP With or Without a Loopback Address: Introduction

QUESTION 66In which of the following layer or layers should you implement QoS?

A. in only the core layer

B. in only the distribution layer

C. in only the access layer

D. in only the core and distribution layers

E. in only the access and distribution layers

F. in the core, distribution, and access layers


Correct Answer: FSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:You should implement Quality of Service (QoS) in the core, distribution, and access layers. A network can become congested due to the aggregation of multiplelinks or a drop in bandwidth from one link to another. When many packets are sent on a congested network, a delay in transmission time can occur. Lack ofbandwidth, end-to-end delay, jitter, and packet loss can be mitigated by implementing QoS. QoS facilitates the optimization of network bandwidth by prioritizingnetwork traffic based on its type. Prioritizing packets enables time-sensitive traffic, such as voice traffic, to be sent before other packets. Packets are queued basedon traffic type, and packets with a higher priority are sent before packets with a lower priority.

Because the access layer provides direct connectivity to network endpoints, QoS classification and marking are typically performed in the access layer. Ciscorecommends classifying and marking packets as close to the source of traffic as possible and using hardware-based QoS functions whenever possible. Althoughclassification and marking are typically performed in the access layer, QoS mechanisms must be implemented in each of the higher layers for QoS to be effective.

Reference:CCDA 200-310 Official Cert Guide, Chapter 3, Campus LAN QoS Considerations, pp. 111-112Cisco: Campus Network for High Availability Design Guide: General Design Considerations

QUESTION 67DRAG DROPSelect the attributes from the left, and place them under the corresponding Layer 2 access design on the right. Attributes can be selected more than once, andsome attributes might not be used.


Select and Place:


Correct Answer:




Explanation:Loop-free inverted U designs support all service module installations, have all uplinks active, and support virtual LAN (VLAN) extensions. A service module is apiece of hardware that extends the functionality of a Cisco device, for example, the Secure Sockets Layer (SSL) Service Module for Catalyst 6500 series switchesand Cisco 7600 series routers performs the majority of the CPU-intensive SSL processing so that the switch's processor or router's processor is not burdened bylarge numbers of SSL connections. Loop-free inverted U designs offer redundancy at the aggregation layer, not the access layer; therefore, traffic will black-holeupon failure of an access switch uplink. All uplinks are active with no looping, thus there is no Spanning Tree Protocol (STP) blocking by default. However, STP isstill essential so that redundant paths that might be created by any inadvertent errors in cabling or configuration are blocked.


Loop-free U designs do not support VLAN extensions, have all uplinks active, and support all service module implementations. Loop-free U designs offer aredundant link between access layer switches as well as a redundant link at the aggregation layer. Because of the redundant path in both layers, extending a VLANbeyond an individual access layer pair would create a loop. Like loop-free inverted U designs, loop-free U designs also run STP and have issues with traffic beingblack-holed upon failure of an access switch uplink.

Flex Link designs have a single active uplink, support VLAN extensions and all service modules, and disable STP by default. There are no loops in a Flex Linkdesign, and STP is disabled when a device is configured to participate in a Flex Link. Interface uplinks in this topology are configured in active/standby pairs, andeach device can only belong to a single Flex Link pair. In the event of an uplink failure, the standby link becomes active and takes over, thereby offering redundancywhen an access layer uplink fails. Possible disadvantages of the Flex Link design include its increased convergence time over other designs and its inability to runSTP in order to block redundant paths that might be created by inadvertent errors in cabling or configuration.

Reference:Cisco: Data Center Access Layer Design

QUESTION 68Which of the following are most likely to be provided by a collapsed core? (Choose four.)

A. Layer 2 aggregation

B. high-speed physical and logical paths

C. intelligent network services

D. end user, group, and endpoint isolation

E. routing and network access policies

Correct Answer: ABCESection: Enterprise Network Design ExplanationExplanation


Explanation:Layer 2 aggregation, high-speed physical and logical paths, intelligent network services, and routing and network access policies are typically provided by the coreand distribution layers. A collapsed core is a three-tier hierarchical design in which the core and distribution layers have been combined. The hierarchical modeldivides the network into three distinct components:

Core layer Distribution layer Access layer

The core layer typically provides the fastest switching path in the network. As the network backbone, the core layer is primarily associated with low latency and high


reliability. The functionality of the core layer can be collapsed into the distribution layer if the distribution layer infrastructure is sufficient to meet the designrequirements. It is Cisco best practice to ensure that a collapsed core design can meet resource utilization requirements for the network.

The distribution layer serves as an aggregation point for access layer network links. Because the distribution layer is the intermediary between the access layer andthe core layer, the distribution layer is the ideal place to enforce security policies, to provide Quality of Service (QoS), and to perform tasks that involve packetmanipulation, such as routing. Summarization and next-hop redundancy are also performed in the distribution layer.

The access layer provides Network Admission Control (NAC). NAC is a Cisco feature that prevents hosts from accessing the network if they do not comply withorganizational requirements, such as having an updated antivirus definition file. NAC Profiler automates NAC by automatically discovering and inventorying devicesattached to the LAN. The access layer serves as a media termination point for endpoints, such as servers and hosts. Because access layer devices provide accessto the network, the access layer is the ideal place to perform user authentication.

End user, group, and endpoint isolation is not typically required of a collapsed core layer in a three-tier hierarchical network design. That function is typicallyprovided by the devices in the access layer.

Reference:CCDA 200-310 Official Cert Guide, Chapter 2, Collapsed Core Design, p. 49Cisco: Small Enterprise Design Profile Reference Guide: Collapsed Core Network Design

QUESTION 69Which of the following are recommended campus network design practices? (Choose two.)

A. use a redundant triangle topology

B. use a redundant square topology

C. avoid equal-cost links between redundant devices

D. summarize routes from the distribution layer to the core layer

E. create routing protocol peer relationships on all links

Correct Answer: ADSection: Addressing and Routing Protocols in an Existing Network ExplanationExplanation


Explanation:When designing a campus network, Cisco recommends that you use a redundant triangle topology and summarize routes from the distribution layer to the corelayer. In a redundant triangle topology, each core layer device has direct paths to redundant distribution layer devices, as shown in the diagram below:


This topology ensures that a link or device failure in the distribution layer can be detected immediately in hardware. Otherwise, a core layer device could detect onlylink or device failures through a software-based mechanism such as expired routing protocol timers. Additionally, the use of equal-cost redundant links enables acore layer device to enter both paths into its routing table. Because both equal-cost paths are active in the routing table, the core layer device can perform loadbalancing between the paths when both paths are up. When one of the equal-cost redundant links fails, the routing protocol does not need to reconverge, becausethe remaining redundant link is still active in the routing table. Thus traffic flows can be immediately rerouted around the failed link or device.

You should summarize routes from the distribution layer to the core layer. With route summarization, contiguous network addresses are advertised as a singlenetwork. This process enables the distribution layer devices to limit the number of routing advertisements that are sent to the core layer devices. Because feweradvertisements are sent, the routing tables of core layer devices are kept small and access layer topology changes are not advertised into the core layer.Cisco does not recommend that you use a redundant square topology. In a redundant square topology, not every core layer device has redundant direct paths todistribution layer devices, as shown below:


Because a redundant square topology does not provide a core layer device with redundant direct paths to the distribution layer, the device will enter only the pathwith the lowest cost into its routing table. If the lowest cost path fails, the routing protocol must converge in order to select an alternate path from the remainingavailable paths. No traffic can be forwarded around the failed link or device until the routing protocol converges.

You should create routing protocol peer relationships on only the transit links of Layer 3 devices. A transit link is a link that directly connects two or more Layer 3devices, such as a multilayer switch or a router. By default, a Layer 3 device sends routing protocol updates out of every Layer 3 interface that participates in therouting protocol. These routing updates can cause unnecessary network overhead on devices that directly connect to a large number of networks, such asdistribution layer switches. Therefore, Cisco recommends filtering routing protocol updates from interfaces that are not directly connected to Layer 3 devices.

Reference:Cisco: Campus Network for High Availability Design Guide: Using Triangle Topologies

QUESTION 70The IP address 169.254.173.233 is an example of which of the following types of IP addresses?

A. a Class A address

B. a public address

C. a DHCP address

D. an APIPA address




Explanation:The IP address 169.254.173.233 is an example of an Automatic Private IP Addressing (APIPA) address. On networks that utilize IP, each computer requires aunique IP address in order to access network resources. If an APIPA-capable computer, which must be running Windows 2000 or later, is configured to useDynamic Host Configuration Protocol (DHCP) and is unable to obtain an IP address from a DHCP server, it will assign itself an APIPA address. An APIPA IPaddress is in the range of 169.254.0.0 to 169.254.255.255.

The computer with this address will most likely not be able to access other computers on the network unless those computers are also using APIPA addresses. Acomputer that has an APIPA address continually checks the network for a DHCP server. When a DHCP server becomes available, the computer releases itsAPIPA address and leases an IP address from the DHCP server.IP version 4 (IPv4) addresses are 32bit (four-byte) addresses typically written in dotted-decimal format, where each byte is written as a decimal value from 0 to 255and separated by dots. All IPv4 addresses fall into one of several classes. Class A IP addresses range from 1.0.0.0 through 126.255.255.255, Class B IP addressesrange from 128.0.0.0 through 191.255.255.255, and Class C addresses range from 192.0.0.0 through 223.255.255.255. Two other classes of IP addresses exist:Class D and Class E. Class D addresses are reserved for multicast use, and Class E addresses are reserved for experimental use.

Neither Class D addresses nor Class E addresses can be used on the Internet. The table below shows the classes of IPv4 addresses and their ranges:

IPv4 addresses can be either public or private. A public IP address is an address that has been assigned by the Internet Assigned Numbers Authority (IANA) for useon the Internet. IANA has also designated several ranges of IPv4 addresses for use on internal private networks that will not directly connect to the Internet.

The table below shows the IPv4 addresses that IANA designated for private use:


Reference:CCDA 200-310 Official Cert Guide, Chapter 8, IPv4 Private Addresses, pp. 299-300CCDA 200-310 Official Cert Guide, Chapter 8, NAT, pp. 300-302


Refer to the exhibit. Which of the following statements are true about the deployment of the IPS in the exhibit? (Choose two.)

A. It increases response latency.

B. It decreases the risk of successful attacks.

C. It can directly block all communication from an attacking host.

D. It can reset TCP connections.

E. It does not require RSPAN on switch ports.


Correct Answer: ADSection: Considerations for Expanding an Existing Network ExplanationExplanation


Explanation:When Cisco Intrusion Prevention System (IPS) is configured in promiscuous mode, IPS response latency is increased, thereby increasing the risk of a successfulattack. In addition, IPS in promiscuous mode supports the Reset TCP connection action, which mitigates Transmission Control Protocol (TCP) attacks by resettingTCP connections.

Promiscuous mode, which is also referred to as monitor-only operation, enables an IPS to passively examine network traffic without impacting the original flow oftraffic. This passive connection enables the IPS to have the most visibility into the networks on the switch to which it is connected. However, promiscuous modeoperation increases response latency and increases the risk of successful attacks because copies of traffic are forwarded to IPS for analysis instead of flowingthrough IPS directly, thereby increasing the amount of time IPS takes to determine whether a network attack is in progress. This increased response latency meansthat an attack has a greater chance at success prior to detection than it would if the IPS were deployed inline with network traffic.

Remote Switched Port Analyzer (RSPAN) must be enabled on switch ports so that IPS can analyze the traffic on those ports. RSPAN enables the monitoring oftraffic on a network by capturing and sending traffic from a source port on one device to a destination port on a different device on a nonrouted network.

IPS in promiscuous mode supports three actions to mitigate attacks: Request block host, Request block connection, and Reset TCP connection. The Request blockhost action causes IPS to send a request to the Attack Response Controller (ARC) to block all communication from the attacking host for a given period of time.The Request block connection action causes IPS to send a request to the ARC to block the specific connection from the attacking host for a given period of time.The Reset TCP connection action clears TCP resources so that normal TCP network activity can be established. However, resetting TCP connections is effectiveonly for TCP-based attacks and against only some types of those attacks.

IPS in promiscuous mode does not directly block all communication from an attacking host. In promiscuous mode, IPS can send a request to block the host to theARC but does not directly block the host. One advantage of sending block requests to the ARC is that attacking hosts can be blocked from multiple locations withinthe network. IPS can directly deny all communication from an attacking host when operating in inline mode by using the Deny attacker inline action.

Reference:CCDA 200-310 Official Cert Guide, Chapter 13, IPS/IDS Fundamentals, pp. 534-535 Cisco: Cisco IPS Mitigation Capabilities: Promiscuous Mode Event Actions

QUESTION 72Which of the following is the QoS model that is primarily used on the Internet?

A. best-effort

B. IntServ


C. DiffServ

D. AutoQoS



Explanation:The best-effort model is the Quality of Service (QoS) model that is primarily used on the Internet. No QoS mechanisms are used when the best-effort model isimplemented; all packets are treated with equal priority. The best-effort model is very scalable and easy to implement. However, since bandwidth is not guaranteedfor any packet types the best-effort model can be a key limitation when considering an Internet circuit as a backup connection for an enterprise wide area network(WAN).

The Integrated Services (IntServ) model is not the QoS model primarily used on the Internet. IntServ, which was the first QoS model, provides end-to-end reliabilityguarantees for bandwidth, delay, and packet loss. However, IntServ is not very scalable, since its signaling overhead can consume a lot of bandwidth. IntServ usesResource Reservation Protocol (RSVP) as the signaling protocol.

The Differentiated Services (DiffServ) model is also not the QoS model primarily used on the Internet. DiffServ does not provide end-to-end reliability guarantees.Instead, it provides per-hop QoS mechanisms. Because end-to-end signaling is not required, bandwidth is not consumed by signaling overhead? therefore, DiffServis more scalable than IntServ. However, the QoS mechanisms employed by DiffServ must be configured consistently at each hop.

AutoQoS is not a QoS model. AutoQoS automates the configuration of QoS on Cisco devices, enabling consistent configurations throughout a large network.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, WAN Backup over the Internet, pp. 263-264 Cisco: QoS Fact or Fiction

QUESTION 73Which of the following protocols can IPSec use to provide the integrity component of the CIA triad? (Choose two.)

A. GRE

B. AH

C. AES

D. ESP

E. DES

Correct Answer: BD




Explanation:IP Security (IPSec) can use either Authentication Header (AH) or Encapsulating Security Payload (ESP) to provide the integrity component of the confidentiality,integrity, and availability (CIA) triad. The integrity component of the CIA triad ensures that data is not modified in transit by unauthorized parties. AH and ESP areintegral parts of the IPSec protocol suite and can be used to ensure the integrity of a packet. Data integrity is provided by using checksums on each end of theconnection. If the data generates the same checksum value on each end of the connection, the data was not modified in transit. In addition, AH and ESP canauthenticate the origin of transmitted data. Data authentication is provided through various methods, including user name/password combinations, preshared keys(PSKs), digital certificates, and onetime passwords (OTPs). Although AH and ESP perform similar functions, ESP provides additional security by encrypting thecontents of the packet. AH does not encrypt the contents of the packet.

In addition to data authentication and data integrity, IPSec can provide confidentiality, which is another component of the CIA triad. IPSec uses encryption protocols,such as Advanced Encryption Standard (AES) or Data Encryption Standard (DES), to provide data confidentiality. Because the data is encrypted, an attackercannot read the data if he or she intercepts the data before it reaches the destination. IPSec does not use either AES or DES for data authentication or dataintegrity.

Generic Routing Encapsulation (GRE) is a protocol designed to tunnel any Open Systems Interconnection (OSI) Layer 3 protocol through an IP transport network.Because the focus of GRE is to transport many different protocols, it has very limited security features. By contrast, IPSec has strong data confidentiality and dataintegrity features, but it can transport only IP traffic. GRE over IPSec combines the best features of both protocols to securely transport any protocol over an IPnetwork. However, GRE itself does not provide data integrity or data authentication.

Reference:CCDA 200-310 Official Cert Guide, Chapter 7, Enterprise Managed VPN: IPsec, pp. 255-259IETF: RFC 4301: Security Architecture for the Internet Protocol: 3.2. How IPsec Works
