Q1. When designing using the Cisco Enterprise Architecture, in which Enterprise Campus layer does the Remote Access and VPN module establish its connection?
A. Building Access
B. Campus Core
C. Enterprise Branch
D. Enterprise Data Center
Answer: B
Q2. Router A has three feasible successors to the 192.168.1.0/24 network, which are listed here:
Option 1 has a metric of 8123228.
Option 2 has a metric of 2195467.
Option 3 has a metric of 8803823.
The variance 4 command was issued on Router A. How many active entries does Router A have in its routing table for the 192.168.1.0/24 network?
A. 0
B. 1
C. 2
D. 3
Answer: C
Q3. According to Cisco, which four improvements are the main benefits of the PPDIOO lifecycle approach to network design? (Choose four.)
A. faster ROI
B. improved business agility
C. increased network availability
D. faster access to applications and services
E. lower total cost of network ownership
F. better implementation team engagement
Answer: B,C,D,E
Explanation:
The PPDIOO life cycle provides four main benefits:
+ It improves business agility by establishing business requirements and technology strategies.
+ It increases network availability by producing a sound network design and validating the network operation.
+ It speeds access to applications and services by improving availability, reliability, security, scalability, and performance.
+ It lowers the total cost of ownership by validating technology requirements and planning for infrastructure changes and resource requirements.
(Reference: Cisco CCDA Official Exam Certification Guide, 3rd Edition) described in the link below. Link: http://www.ciscopress.com/articles/article.asp?p=1608131&seqNum=3
Q4. When designing a WAN backup for voice and video applications, what three types of connections should be used? (Choose three.)
A. Private WAN
B. internet
C. ISDN
D. MPLS
E. dial-up
F. ATM
G. DSL
Answer: A,C,D
Q5. Which of the following is a component within the Cisco Enterprise Campus module?
A. Teleworker
B. E-Commerce
C. Internet Connectivity
D. Building Distribution
E. WAN/MAN Site-to-Site VPN
Answer: D
Q6. DRAG DROP
Answer:
Q7. When designing the threat detection and mitigation portion for the enterprise data center network, which of the following would be the most appropriate solution to consider?
A. 802.1X
B. ACLs in the core layer
C. Cisco Security MARS
D. Cisco Firewall Services Module
Answer: C
Q8. A company has dark fiber between headquarters and its data center. It is presently configured as a 10GbE connection. Network utilization shows high utilization on the connection. What technology can be implemented to increase capacity without acquiring another circuit?
A. MPLS
B. DWDM
C. VPLS
D. DMVPN
Answer: B
Q9. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Answer: C
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
Q10. Which three sources does a network designer use to collect information for characterizing an existing network? (Choose three.)
A. staff input
B. visual inventory
C. network audit
D. traffic analysis
E. server statistics
Answer: A,C,D