Which solution meets these requirements?
A company has these requirements for access to their wireless and wired corporate LANs using 802.1x:
– Client devices that are corporate assets and have been joined to the Active Directory domain are allowed
access.
– Personal devices must not be allowed access.
– Clients and access servers must be mutually authenticated.
Which solution meets these requirements?
A. Protected Extensible Authentication Protocol/Microsoft Challenge Handshake Authentication Protocol
Version 2 with user authentication
B. Extensible Authentication Protocol-Transport Layer Security with machine authentication
C. Extensible Authentication Protocol-Transport Layer Security with user authentication
D. Protected Extensible Authentication Protocol/Microsoft Challenge Handshake Authentication Protocol
Version 2 with machine authentication
known IP-to-MAC address mapping?
You have been hired by Acme Corporation to evaluate their existing network and determine if the current
network design is secure enough to prevent man-in-the-middle attacks. When evaluating the network, which
switch security option should you investigate to ensure that authorized ARP responses take place according to
known IP-to-MAC address mapping?
A. ARP rate limiting
B. DHCP snooping
C. Dynamic ARP Inspections
D. IP Source Guard
hacker compromising a workstation and redirecting flows at the servers?
You are a network designer and have been asked to consult with your server operations team to further
enhance the security of the network. The operations team provides you with these details about the network:
– A pool of servers is accessed by numerous data centers and remote sites.
– The servers are accessed via a cluster of firewalls.
– The firewalls are configured properly and are not dropping traffic.
– The firewalls occasionally cause asymmetric routing of traffic within the server data center.
Which technology would you recommend to enhance security by limiting traffic that could originate from a
hacker compromising a workstation and redirecting flows at the servers?
A. Access control lists to limit sources of traffic that exits the server-facing interface of the firewall cluster
B. Poison certain subnets by adding static routes to Null0 on the server farm core switches.
C. Unicast Reverse Path Forwarding in strict mode
D. Unicast Reverse Path Forwarding in loose mode
37
What is your design recommendation?
Your enterprise customer has asked where they should deploy flow monitoring in their network to monitor
traffic between branch offices. What is your design recommendation?
A. at the edge of the network so that user traffic will be seen
B. at the central site, because all traffic from the remotes will be seen there.
C. in the core, because all traffic will be seen there
D. in the data center, because all user traffic will be seen there
performance indicators would you use to track media quality? (Choose three
You are identifying performance management requirements for a VoIP migration. What three key
performance indicators would you use to track media quality? (Choose three.)
A. delay
B. trunk group usage
C. jitter
D. packet loss
E. call processing (call detail records)
36
F. call processing (performance counters)
G. echo
H. crosstalk
in this report? (Choose two
As part of a new network design, you are helping the Network Management Team to develop a proactive
report to identify places in the network where problems may happen. The network management tool can poll
the network devices only via SNMP GET operations. Which two threshold-crossing metrics should you include
in this report? (Choose two.)
A. packet loss
B. CPU utilization
C. heat dissipation
D. IP reachability
E. energy consumption
F. link bandwidth utilization
to the respective queues in the Service Provider XYZ MPLS core network?
You are the lead network designer hired by Service Provider XYZ to deploy CoS functionality on the core
MPLS network (P routers). The goal of the network design is to provide a complete CoS solution to all
customers that purchase services such as dedicated internet access, MPLS L3VPN, and L2VPN (pseudowire).
Service Provider XYZ has these design requirements:
– The network supports four service queues with equal treatment for delay, jitter, and packet loss.
– Queues are numbered 0-3, where 0 is the default queue.
– Three queues have one treatment.
– One queue has either one or two treatments.
How would you design your solution to map the DSCP value properly so that the traffic is assigned
35
to the respective queues in the Service Provider XYZ MPLS core network?
A. Classify traffic according to DSCP value into appropriate P router queues.
B. Map the appropriate DSCP value into the EXP field based on the number of queues in the MPLS P
routers.
C. Map the appropriate DSCP value into the EXP field based on the number of queues in the MPLS PE
routers.
D. Based on the DSCP value, traffic is mapped automatically into appropriate queues in the MPLS CE
routers.
In which two ways is IPv4 and IPv6 traffic handled in a network design that uses QoS deployment options?
In which two ways is IPv4 and IPv6 traffic handled in a network design that uses QoS deployment options?
(Choose two.)
A. IPv6 and IPv4 traffic is treated in the same way by using a single QoS policy that classifies and matches
on both protocols.
B. IPv6 traffic is treated differently than IPv4 by using the flow-label field, which is built into theIPv6 packet
header.
C. IPv6 traffic does not require QoS because it uses to the flow-label field, which classifies and matches on
the IPv6 protocol.
D. IPv6 traffic is treated differently than IPv4 by using two different QoS policies.
E. IPv6 traffic is treated differently than IPv4 because it uses only the DSCP value and not the IP
precedence.
mechanism of congestion avoidance is integrated into the existing network design?
You have been hired to redesign a network due to issues with congestion. How will a router function if the QoS
mechanism of congestion avoidance is integrated into the existing network design?
34
A. the router handles the overflow of traffic by using FIFO
B. the router handles the possible buildup of congestion by using WRED
C. the router forces inbound and outbound traffic to stay within a defined profile by using rate limiting
D. the router separates packets based on certain characteristics by using NBAR
E. the router marks packets based on certain characteristics by using PBR
Internet access and MPLS L3VPN services? (Choose two
Service provider XYZ plans to provide dedicated Internet access and MPLS L3VPN services to business
customers. XYZ has these design specifications:
– MP-BGP running on the core MPLS P routers with external Internet routes.
– The core network will include 16 Point of Presence IP POPs throughout the Asia-Pacific region.
– An additional nine non-P routers will use EBGP peering with multiple providers for Internet traffic.
– An additional 50 PE routers will provide end customers with dedicated Internet access and L3VPN services
throughout the Asia-Pacific region.
In what two ways can the MP-BGP be removed from the MPLS P core routers and still provide dedicated
Internet access and MPLS L3VPN services? (Choose two.)
A. Disable BGP from the MPLS core P routers and have the MPLS core P routers run OSPF and LDP.
B. Enable separate BGP control plane routers using a route reflector server concept that will be fully meshed
with peer route reflector servers and have clients as MPLS PE routers and EBGP peering routers.
C. Enable all EBGP routers as route reflector servers and MPLS PE routers as their clients.
D. It is not possible to disable BGP from the MPLS core P routers without impacting the dedicated Internet
access and MPLS L3VPN services.