Q1. Which Nexus feature enables you to support server connectivity with one topology and address requirement for both high availability and high bandwidth?
A. vPC
B. vPC+
C. Stackwise
D. EvPC
Answer: D
Q2. Which statement is the most accurate regarding IPsec VPN design for an Enterprise Campus environment?
A. VPN device IP addressing must align with the existing Campus addressing scheme.
B. The choice of a hub-and-spoke or meshed topology ultimately depends on the number of remotes.
C. Sizing and selection of the IPsec VPN headend devices is most affected by the throughput bandwidth requirements for the remote offices and home worker
D. Scaling considerations such as headend configuration, routing protocol choice, and topology have the broadest impact on the design.
Answer: D
Q3. In which.OSI layer does.IS-IS operate?
A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
Answer: C
Q4. Which of the following is true concerning best design practices at the switched Access layer of the traditional layer2 Enterprise Campus Network?
A. Cisco NSF with SSO and redundant supervisors has the most impact on the campus in the Access layer
B. Provide host-level redundancy by connecting each end device to 2 separate Access switches
C. Offer default gateway redundancy by using dual connections from Access switches to redundant Distribution layer switches using a FHRP
D. Include a link between two Access switches to support summarization of routing information from the Access to the Distribution layer
Answer: A
Q5. Which of the following features might be used by the Enterprise Campus network designer as a means of route filtering?
A. IPv4 static routes
B. Route tagging using a route map in an ACL
C. Tagging routes using the BGP MED
D. EIGRP stub networks
Answer: D
Q6. When designing remote access to the Enterprise Campus network for teleworkers and mobile workers, which of the following should the designer consider?
A. It is recommended to place the VPN termination device in line with the Enterprise Edge firewall, with ingress traffic limited to SSL only
B. Maintaining access rules, based on the source IP of the client, on an internal firewall drawn from a headend RADIUS server is the most secure deployment
C. VPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended when the remote user community is small and dedicated DHCP scopes are in place
D. Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick), including at Layer7
Answer: D
Q7. Which statement about data center access layer design modes is correct?
A. The access layer is the first oversubscription point in a data center design.
B. The data center access layer provides the physical-level connections to the server resources and only operates at Layer 3.
C. When using a Layer 2 looped design, VLANs are not extended into the aggregation layer.
D. When using a Layer 3 design, stateful services requiring Layer 2 connectivity are provisioned from the aggregation layer.
Answer: A
Q8. In what situation must spanning-tree be implemented?
A. when first hop redundancy protocol exists with redundant Layer 2 links between distribution switches
B. when a VLAN spans access layer switches to support business applications
C. when trunks need to extend multiple VLANs across access switches
D. when it is necessary to speed up network convergence in case of link failure
Answer: A
Q9. Which protocol is used in an in-band network and why?
A. UDP, because it is connectionless
B. SSH, because the username and password are encrypted
C. Telnet, because the username and password are sent in clear
D. MSDP, because it uses TCP as its transport protocol
Answer: B
Q10. Which Cisco NAC Appliance component is optional?
A. NAC Appliance Manager
B. NAC Appliance Server
C. NAC Appliance Agent
D. NAC Appliance Policy Updates
Answer: C