Q161. Which option is a benefit of site-to-site VPNs? 

A. less configuration required than a WAN circuit 

B. more secure than a dedicated WAN circuit 

C. less expensive than a dedicated WAN circuit 

D. more reliable than a dedicated WAN circuit 

Answer:


Q162. When considering the design of the E-Commerce topology which of the following are true? 

A. One-armed SLB design with multiple security contexts removes the need for a separate firewall in the core layer 

B. Two-firewall-layer SLB design considers the aggregation and access layers to be trusted zones, requiring no security between the web, application, and database zones 

C. One-armed SLB design with two firewall layers ensures that non load-balanced traffic still traverses the ACE so that the health and performance of the servers is still being monitored 

D. In all cases there will be configuration requirements for direct access to any servers or for nonload-balanced sessions initiated by the servers 

Answer:


Q163. Which option prevents the dropping of asymmetrically routed packets in active/active failover paired firewalls? 

A. Nothing can be done to prevent this from happening. 

B. Configure different policies on both firewalls. 

C. Assign similar interfaces on each firewall to the same asymmetric routing group. 

D. Assign similar interfaces on each firewall to a different asymmetric routing group. 

Answer:


Q164. Which two VPN solutions extend the routing capabilities of basic IPsec VPNs? (Choose two.) 

A. GRE 

B. NVI 

C. DES 

D. VTI 

E. AES 

Answer: A,D 


Q165. Which statement is the most accurate regarding IPsec VPN design for an Enterprise Campus environment? 

A. VPN device IP addressing must align with the existing Campus addressing scheme. 

B. The choice of a hub-and-spoke or meshed topology ultimately depends on the number of remotes. 

C. Sizing and selection of the IPsec VPN headend devices is most affected by the throughput bandwidth requirements for the remote offices and home worker 

D. Scaling considerations such as headend configuration, routing protocol choice, and topology have the broadest impact on the design. 

Answer:


Q166. What are two benefits of using 6to4 as an IPv6 transition method? (Choose two.) 

A. 6to4 tunnels allow isolated IPv6 domains to be remotely connected over IPv4 networks. 

B. Manual configuration (scalability) is easier. 

C. Point-to-multipoint automatic tunneling (automatic 6to4) is available. 

D. An infinite number of address spaces are allocated to an IPv6 subnet. 

E. Globally unique IPv4 addresses are not required. 

Answer: A,C 


Q167. Which three options are the three layers of the Cisco design in the data center architecture? (Choose three.) 

A. core layer 

B. distribution layer 

C. service layer 

D. aggregation layer 

E. Layer 2 domain sizing 

F. access layer 

Answer: A,D,F 


Q168. Which statement about data center access layer design modes is correct? 

A. The access layer is the first oversubscription point in a data center design. 

B. The data center access layer provides the physical-level connections to the server resources and only operates at Layer 3. 

C. When using a Layer 2 looped design, VLANs are not extended into the aggregation layer. 

D. When using a Layer 3 design, stateful services requiring Layer 2 connectivity are provisioned from the aggregation layer. 

Answer:


Q169. Which of the following two statements about Cisco NSF and SSO are the most relevant to the network designer? (Choose two.) 

A. You can reduce outages to 1 to 3 seconds by using SSO in a Layer 2 environment or Cisco NSF with SSO in a Layer 3 environment. 

B. SSO and NSF each require the devices to either be graceful restart-capable or graceful restart-aware. 

C. In a fully redundant topology adding redundant supervisors with NSF and SSO may cause longer convergence times than single supervisors with tuned IGP timers 

D. The primary deployment scenario for Cisco NSF with SSO is in the Distribution and Core layers. 

E. Cisco NSF-aware neighbor relationships are independent of any tuned IGP timers 

Answer: A,C