JN0-643 Enterprise Routing and Switching, Professional (JNCIP-ENT)

JNCIP-ENT Exam Objectives (Exam: JN0-643 and JN0-646)

OSPF
Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
OSPF LSA types
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Authentication options
Route summarization and restriction
Overload
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
Implement OSPF routing policy

BGP
Describe the concepts, operation and functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes - concept and operation
BGP communities
Regular expressions
Load balancing - multipath, multihop, forwarding table
NLRI families - inet, inet6
Advanced BGP options
Given a scenario, demonstrate knowledge of how to configure and monitor BGP
Implement BGP routing policy

IP Multicast
Describe the concepts, operation and functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
RPF - concept and operation
IGMP, IGMP snooping
PIM dense-mode and sparse-mode
Rendezvous point (RP) - concept, operation, discovery, election
SSM - requirements, benefits, address ranges
Anycast RP
MSDP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
Implement IP multicast routing policy

Ethernet Switching and Spanning Tree
Describe the concepts, operation and functionality of advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control
Describe the operation of various Layer 2 authentication and access control features
Authentication process flow
802.1x - concepts and functionality
MAC RADIUS
Captive portal
Server fail fallback
Guest VLAN
Considerations when using multiple authentication/access control methods
Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features
Describe the concepts, operation and functionality of features that facilitate IP telephony deployments
Power over Ethernet (PoE)
LLDP and LLDP-MED
Voice VLAN
Given a scenario, demonstrated how to configure and monitor features used to support IP Telephony

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks

QUESTION 1
Which connection method do OSPF routers use to communicate with each other?

A. IP protocol number 89
B. TCP port 179
C. UDP port 179
D. IP protocol number 6

Answer: A

Explanation:

---

QUESTION 2
Which statement is true about default BGP route redistribution behavior?

A. IBGP-learned routes are advertised only to other IBGP peers.
B. EBGP-learned routes are redistributed into any IGPs.
C. EBGP-learned routes are advertised only to other EBGP peers.
D. EBGP-learned routes are advertised to other IBGP and EBGP peers.

Answer: D

Explanation:

---

QUESTION 3
In a PIM-SM network, which type of node helps to build a tree towards an unknown multicast
source?

A. DIS
B. RP
C. DR
D. BSR

Answer: B

Explanation:

---

QUESTION 4
Which statement is true about MVRP?

A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maps multiple independent spanning-tree instances onto one physical topology.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.

Answer: A

Explanation:

---

QUESTION 5
Which statement is true about LLDP?

A. It allows you to split a broadcast domain into multiple isolated broadcast subdomains.
B. It dynamically manages VLAN registration in a LAN.
C. It maintains a separate spanning-tree instance for each VLAN.
D. It is a Layer 2 protocol that facilitates network and neighbor discovery.

Answer: D

Explanation:

Click here to view complete Q&A of JN0-643 exam
Certkingdom Review

Best Juniper JN0-643 Certification, Juniper JN0-643 Training at certkingdom.com

JN0-532 FWV, Specialist (JNCIS -FWV)

JNCIS-FWV Exam Objectives (Exam: JN0-532)

VPNs
Identify IKE Phase 1/Phase2 negotiation sequence and proposals
Identify/differentiate IPSec standard elements (encapsulations, SA, SPI, etc.)
List steps for policy-based/route-based VPN configuration
Relate proxy-ID to VPN setup
Identify proper configuration for various hub/spoke configurations (policy, int. placement, etc.)
Identify NHTB requirements/configurations
Configure/verify AC-VPNs
Identify PKI components (certificates, CDL, etc.)
List steps for PKI implementation w/ VPNs
VPN Variations
Configure Dynamic Peer VPNs
Configure Transparent mode VPNs
Configure Overlapping Networks
Describe GRE applications/Configure GRE

Network Management
Configure local management (SSL, SSH, management restrictions).
Interpret internal counters and logs.
Configure SYSLOG.
Discuss logging levels.
Configure SNMP.

Troubleshooting with Debug/Snoop
Enable debug/snoop.
Set debug filters.
Set snoop filters.
Use get commands to validates/troubleshoot routing and policies.
Use debug output to identify routing and policy problems.
Use get commands to validate/troubleshoot address translation.
Use debug output to identify problems.
Use get commands to validate/troubleshoot VPN setup.

Traffic Management
Describe the bandwidth allocation process.
Describe queuing functionality.
List requirements/steps for configuring traffic management.

Virtual Systems
Define VSYS applications
Describe root vs. VSYS administration
Explain VSYS vs. root assignment of routes/NAT pools/etc.
Configure interface-based VSYS
Configure inter-VSYS communications, including NAT.
Use show/debug output to identify VSYS usage.
Configure VSYS resource allocation

NSRP
Distinguish active/passive and active/active.
Describe NSRP operations (HA link, session sync, master election, etc.)
Configure active/passive and active/active NSRP.
Validate NSRP operations.
Adjust operations (secondary link, failover settings).
Configure redundant interface.

Dynamic Routing/Routing over VPNs
Configure RIP over VPNs
Configure OSPF over VPNs
Configure/verify OSPF routing
Configure OSPF options
Configure/verify BGP
Configure redistribution/filters/route maps
Configure static routes incl. floating static routes
Configure/verify source routing
Configure/verify policy routing

Attack Prevention
Describe SCREEN functions
Describe/configure Deep Inspection
Describe/configure anti-virus functionality
Configure web filtering

Multicast
Configure/verify IGMP
Configure/verify PIM-SM

---

QUESTION 1
You have created a VPN to a dynamic peer. Which two configured parameters must match?
(Choose two.)

A. static side peer-id
B. dynamic side local-id
C. static side IP address
D. dynamic side IP address

Answer: A,B

---

QUESTION 2
Which three events would cause ScreenOS devices to generate SNMP traps? (Choose three.)

A. cold starts
B. traffic alarms
C. warm reboots
D. self log events
E. traffic log events

Answer: A,B,C

---

QUESTION 3
Which command shows the filter applied to snoop captures?

A. get snoop
B. snoop info
C. get ffilter
D. get ffilter ip-proto snoop

Answer: B

Click here to view complete Q&A of JN0-532 exam
Certkingdom Review

Best Juniper JN0-532 Certification, Juniper JN0-532 Training at certkingdom.com

JN0-661 Service Provider Routing and Switching JNCIP-SP

JNCIP-SP Exam Objectives (Exam: JN0-661)

OSPF
Describe the concepts, operation and functionality of OSPFv2 or OSPFv3
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Summarize and restrict routes
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure or monitor single-area and multi-area OSPF
Implement OSPF routing policy

IS-IS
Describe the concepts, operation, or functionality of IS-IS
IS-IS areas/levels and operations
LSP flooding through an IS-IS multi-area network
DIS operation
SPF algorithm
Metrics, including wide metrics
Route summarization and route leaking
Given a scenario, demonstrate knowledge of how to configure or monitor single-area and multi-area IS-IS
Implement IS-IS routing policy

BGP
Describe the concepts, operation, or functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes – concept and operation
BGP communities
Regular expressions
Multipath
Multihop
Load balancing
Advanced BGP options
BGP route damping
Multiprotocol BGP
Describe the concepts, operation or functionality of BGP scaling mechanisms
Route reflection
Confederations
Given a scenario, demonstrate knowledge of how to configure or monitor BGP
Implement BGP routing policy

Class of Service (CoS)
Describe the concepts, operation, or functionality of Junos CoS
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers, including tricolor marking and hierarchical policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Hierarchical scheduling (H-CoS) characteristics (high-level only)
Given a scenario, demonstrate knowledge of how to configure or monitor CoS

IP Multicast
Describe the concepts, operation, or functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) versus Source-Specific Multicast (SSM)
RPF – concept and operation
IGMP
PIM dense-mode and sparse-mode
Rendezvous point (RP) – concept, operation, discovery, election
SSM – requirements, benefits, address ranges
MSDP, including single and multi-PIM domains
Anycast RP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure or monitor IGMP, PIM-DM, PIM-SM (including SSM) and MSDP
Implement IP multicast routing policy

Advanced MPLS
Describe the concepts, operation, or functionality of MPLS
Routing table integration options for traffic engineering
Routing policy to control path selection
Advanced MPLS features
Administrative groups
Advanced CSPF options
Implement MPLS routing policy

Layer 3 VPNs
Describe the concepts, operation, or functionality of Layer 3 VPNs
Traffic flow – control and data planes
Full mesh vs. hub-and-spoke topology
VPN-IPv4 addressing
Route distinguishers
Route targets
Route distribution
Site of origin
Sham links
vrf-table-label
Layer 3 VPN scaling
IPv6 Layer 3 VPNs
Layer 3 VPN Internet access options
Given a scenario, demonstrate knowledge of how to configure or monitor the components of Layer 3 VPNs
Describe the concepts, operation or functionality of multicast VPNs
Next-generation MVPNs (NG-MVPN)
Flow of control and data traffic in an MVPN
Describe Junos support for carrier-of-carriers or interprovider VPN models

Layer 2 VPNs
Describe the concepts, operation, or functionality of BGP Layer 2 VPNs
Traffic flow – control and data planes
Forwarding tables
Connection mapping
Layer 2 VPN NLRI
Route distinguishers
Route targets
Layer 2 VPN scaling
Describe the concepts, operation, or functionality of LDP Layer 2 circuits
Traffic flow – control and data planes
Virtual circuit label
Layer 2 interworking
Describe the concepts, operation, or functionality of VPLS
Traffic flow – control and data planes
BGP VPLS label distribution
LDP VPLS label distribution
Route targets
VPLS Multihoming
Site IDs
Describe the concepts, operation, or functionality of EVPN
Traffic flow – control and data planes
MAC learning and distribution
EVPN Multihoming
BGP EVPN label distribution
Given a scenario, demonstrate knowledge of how to configure or monitor Layer 2 VPNs
BGP Layer 2 VPNs
LDP Layer 2 circuits
EVPNs
VPLS

---

QUESTION 1
Which OSPFv3 router ID is valid?

A. 192.168.1.1
B. ::192.168.1.1
C. 0.0.0.0
D. 2008:db8::1

Answer: A

Explanation

OSPFv3 Router IDs, Area IDs, and LSA link-state IDs remain at the OSPFv2 IPv4 size of 32 bits.
References: Network Configuration Example OSPF Version 3 for IPv6 Feature Guide, page 3

---

QUESTION 2
You are working with a new MPLS network that is using the default EXP classifier and default schedules.
A small amount of traffic is being placed in the assured
forwarding class. No other traffic is passing through the network at this time.
In this scenario, what happens to the traffic that is being placed in the assured forwarding class?

A. The traffic is reclassified to the best effort forwarding class and is forwarded.
B. The traffic remains in the assured forwarding class and is forwarded.
C. The traffic is reclassified to the network control forwarding class and is forwarded.
D. The traffic remains in the assured forwarding class and is dropped.

Answer: B

Explanation

References: https://www.juniper.net/documentation/en_US/junos15.1/topics/concept/forwarding-classes-default-cos-config-guide.html

---

QUESTION 3
You are connecting your OSPF router to your customer's RIP router and redistributing
the customer's routes into your OSPF domain. Your OSPF routes is part of an NSSA
and the ABR is injecting an OSPF default route, which you have advertised to your customer.
After committing the configuration, you notice a routing loop
between your OSPF router and the customer's RIP router.
Which action must you perform on your OSPF router to solve this problem?

A. Enable Type 7-to-Type 5 LSA conversion.
B. Set the customer-facing interface to passive.
C. Convert the area to a stub area.
D. Change the OSPF external route preference.

Answer: D

Explanation

Avoid routing loops by changing the OSPF external route preference.

Incorrect Answers:
A: If multiple NSSA ABR routers are present, it is recommended that not all ABRs perform
Type 7-to-5 translation to avoid routing loops.
B: We would have to make the interface on the RIP router, the customer router,
passive, not the customer-facing interface on the OSPF router.

Note: By default RIP broadcasts are sent from all interfaces. RIP allows us to control this behavior.
We can configure which interface should send RIP broadcast or
which not. Once we mark any interface as passive interface, RIP will stop sending updates from that interface.

References: https://www.juniper.net/documentation/en_US/junos15.1/topics/topic-map/ospf-stub-and-not-so-stubby-areas.html

---

QUESTION 4
A PE provides VLAN VPLS service to a CE attached with two links.
You want to prevent Layer 2 loops and provide link redundancy.
Which two actions will accomplish this task? (Choose two.)

A. Place both interfaces in a link aggregation group.
B. Configure different VLANs on each interface.
C. Configure all VLANs on both interfaces, on the PE, and on the CE.
D. Configure Spanning Tree Protocol between the PE and the CE.

Answer: B,D

Explanation

D: To prevent the formation of Layer 2 loops between the CE devices and the multihomed PE routers,
Juniper recommends that you employ the Spanning Tree
Protocol (STP) on your CE devices. Layer 2 loops can form due to inconfiguration.
Temporary Layer 2 loops can also form during convergence after a change in the network topology.

References: http://www.juniper.net/documentation/en_US/junos16.1/topics/topic-map/vpls-bgp-multihoming.html

Click here to view complete Q&A of JN0-661 exam
Certkingdom Review

Best Juniper JN0-661 Certification, Juniper JN0-661 Training at certkingdom.com

JNCDS-SEC Exam Objectives (Exam: JN0-1330)

JNCDS-SEC Exam Objectives (Exam: JN0-1330)

Fundamental Security Concepts
Describe the various tenets of common security features
Access control lists
Stateful security policies
ALG’s
IPS
UTM
NAT
IPsec
Next-generation firewall
Screen

Advanced Security Concepts
Describe advanced security features
Security intelligence
Advanced anti-malware
Defense in-depth

Securing the Campus and Branch
Describe the security design considerations within a campus or branch network
Network segmentation
Network access
Wireless
802.1X
Remote access VPN’s
NAT
End-to-end security
BYOD

Securing the Enterprise WAN
Describe the security design considerations for an enterprise WAN
Internet edge security design principles
WAN aggregation
Private WAN
VPNs

Securing the Service Provider WAN
Describe the security design considerations for a service provider WAN
DoS/DDos attacks
Securing the control plane
Internet security
CG-NAT

Securing the Data Center
Describe the security design considerations in a data center
Securing data center interconnects
Securing North-South flows
Securing East-West flows
Virtual routers

Security Automation and Management
Describe the design considerations for security management
Securing the individual devices
Centralized security
Junos Space management platform
Junos Space Security Director and Log Director
Juniper Secure Analytics

Security Virtualization
Describe the security design considerations for a virtualized environment
NFV
Service chaining
Micro-segmentation
vSRX

High Availability
Describe the design considerations of high availability in a secure networks
Physical high availability
Virtual high availability
Asymmetrical traffic handling
Chassis clustering

---

QUESTION: No: 1
You are asked to implement port-based authentication on your access switches. Security and ease of
access are the two primary requirements. Which authentication solution satisfies these requirements?

A. MAC RADIUS
B. network access control
C. firewall authentication
D. IPsec tunnel

Answer: A

---

QUESTION: No: 2
What is one way to increase the security ofa site-to-site IPsec VPN tunnel?

A. Implement a stronger Diffie-Hellman group.
B. Change IKE Phase 1 from main mode to aggressive mode.
C. Implement traffic selectors.
D. Implement a policy-based VPN.

Answer: C

---

QUESTION: No: 3
Your customer is planning the deployment of a new hub-and-spoke WAN architecture that must support
dual stack They have decided against using a dynamic routing protocol. They are concerned about the
difficulty of managing configurations and operations at the hub location as they deploy branch routers
In this scenario, what ate three reasons for selecting route-based VPNs with traffic selectors'? (Choose
three)

A. Traffic selectors support IPv4 and IPv6.
B. Traffic selectors reduce the number of Phase 2 IPsec security associations.
C. Traffic selectors reduce latency because they bypass UTIVI.
D. Traffic selectors support auto route insertion
E. You can define mutliple traffic selectors within a single route-based VPN

Answer: A,D,E

Click here to view complete Q&A of JN0-1330 exam
Certkingdom Review

Best Cisco JN0-1330 Certification, Cisco JN0-1330 Training at certkingdom.com

JN0-943 Enterprise Routing and Switching, Expert

JN0-943 Enterprise Routing and Switching, Expert

At the pinnacle of the Enterprise Routing and Switching certification track is the 1-day JNCIE-ENT practical exam. This exam is designed to validate the networking professionals’ ability to deploy, configure, manage and troubleshoot Junos-based enterprise routing and switching platforms. Throughout this 8-hour practical exam, candidates will build an enterprise network infrastructure consisting of multiple routers and switching devices. Successful candidates will perform system configuration on all devices, configure protocols and features like IPV6, OSPF V2, OSPF V3, BGP, MSDP, PIM, SSM, RSTP, LLDP, 802.1x, CoS, routing policies.

The JNCIE-ENT is valid for two years. Re-certification is achieved by passing the current version of the JNCIP-ENT exam.

Exam topics may include:
System Services and Security
Interfaces
Ethernet Switching
IGPs
BGP
Protocol-Independent Routing
Multicast
Class of Service

System Services and Security
System Services
NTP
Syslog
sFlow
Authentication and authorization
Configuring archival
RPM
PoE
Securing the Control Plane
Stateless firewall configuration

Interfaces
Implementation of Interfaces
Aggregated Ethernet
VRRP
Ethernet OAM
GRE tunnels
BFD
Logical tunnel interfaces

Ethernet Switching
Spanning Tree Protocol
Multiple CIST
MSTP/VSTP/RSTP
xSTP interoperability
Multiple topologies
Optimization
VLANs
VLAN switching and trunking
Q-in-Q
IP Telephony
Private VLANs
Voice VLANs
Virtual Chassis
Master determination
Add/remove members
VCP and VCEP interfaces
Split detection
Security features
Port security features
Dynamic ARP inspection with DHCP snooping
Layer 2 firewall filters
MAC table filtering

IGPs
OSPF
Multi-area OSPF topologies
Filter and summarize routes
Network and link types
Route selection process
BFD
Redistribution
IPv6

BGP
Implementation and Troubleshooting
Routing policy
Route selection
2-byte and 4-byte AS
Multi-homed stub-AS
BFD

Protocol-Independent Routing
Load Balancing
Hash key
Per flow
Filter-based Forwarding
Based on Layer 4
Based on IFL
Configuring Routes
Aggregate
Static
Generated
Policies

Multicast
Implementation of Multicast
Shared tree and source tree
Designated router
RPF table manipulation
SSM
Extend the group range
SSM mapping
RP Redundancy
Anycast RP (PIM and MSDP)
BSR

Class of Service
Implementation
Loss priority
Rewrite rules
Shaping and policing
Scheduling
BA and MF classification
Drop profiles

Click here to view complete Q&A of JN0-943 exam
Certkingdom Review

Best Cisco JN0-943 Certification, Cisco JN0-943 Training at certkingdom.com

JN0-646 Enterprise Routing and Switching, Professional (JNCIP-ENT) Exam

JNCIP-ENT Exam Objectives (Exam: JN0-643 and JN0-646)

OSPF
Describe the concepts, operation and functionality of OSPFv2 and OSPFv3
OSPF LSA types
OSPF area types and operations
LSA flooding through an OSPF multi-area network
DR/BDR operation
SPF algorithm
Metrics, including external metric types
Authentication options
Route summarization and restriction
Overload
Virtual links
OSPFv2 vs OSPFv3
Given a scenario, demonstrate knowledge of how to configure and monitor single-area and multi-area OSPF
Implement OSPF routing policy

BGP
Describe the concepts, operation and functionality of BGP
BGP route selection process
Next hop resolution
BGP attributes - concept and operation
BGP communities
Regular expressions
Load balancing - multipath, multihop, forwarding table
NLRI families - inet, inet6
Advanced BGP options
Given a scenario, demonstrate knowledge of how to configure and monitor BGP
Implement BGP routing policy

IP Multicast
Describe the concepts, operation and functionality of IP multicast
Components of IP multicast, including multicast addressing
IP multicast traffic flow
Any-Source Multicast (ASM) vs. Source-Specific Multicast (SSM)
RPF - concept and operation
IGMP, IGMP snooping
PIM dense-mode and sparse-mode
Rendezvous point (RP) - concept, operation, discovery, election
SSM - requirements, benefits, address ranges
Anycast RP
MSDP
Routing policy and scoping
Given a scenario, demonstrate knowledge of how to configure and monitor IGMP, PIM-DM and PIM-SM (including SSM)
Implement IP multicast routing policy

Ethernet Switching and Spanning Tree
Describe the concepts, operation and functionality of advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Given a scenario, demonstrate knowledge of how to configure and monitor advanced Ethernet switching
Filter-based VLANs
Private VLANs
Dynamic VLAN registration using MVRP
Tunnel Layer 2 traffic through Ethernet networks
Layer 2 tunneling using Q-in-Q and L2PT
Describe the concepts, operation and functionality of advanced spanning tree protocols, including MSTP and VSTP
Given a scenario, demonstrate knowledge of how to configure and monitor MSTP and VSTP

Layer 2 Authentication and Access Control
Describe the operation of various Layer 2 authentication and access control features
Authentication process flow
802.1x - concepts and functionality
MAC RADIUS
Captive portal
Server fail fallback
Guest VLAN
Considerations when using multiple authentication/access control methods
Given a scenario, demonstration how to configure and monitor Layer 2 authentication and access control

IP Telephony Features
Describe the concepts, operation and functionality of features that facilitate IP telephony deployments
Power over Ethernet (PoE)
LLDP and LLDP-MED
Voice VLAN
Given a scenario, demonstrated how to configure and monitor features used to support IP Telephony

Class of Service (CoS)
Describe the concepts, operation and functionality of Junos CoS for Layer 2/3 networks
CoS processing on Junos devices
CoS header fields
Forwarding classes
Classification
Packet loss priority
Policers
Schedulers
Drop profiles
Shaping
Rewrite rules
Given a scenario, demonstrate knowledge of how to configure and monitor CoS for Layer 2/3 networks

Click here to view complete Q&A of JN0-646 exam
Certkingdom Review

Best Cisco JN0-646 Certification, Cisco JN0-646 Training at certkingdom.com

JN0-533 FWV, Specialist (JNCIS-FWV)

JNCIS-FWV Exam Objectives (Exam: JN0-533)

System Setup and Initial Configuration
Identify the concepts and components of ScreenOS software
Security architecture components
Packet flow and decision process
IPv6 packet handling
ScreenOS firewall/VPN product lines
System components
Demonstrate knowledge of how to configure basic elements of ScreenOS software
Interfaces
Zones
Management access and services
User accounts and authentication
Administrative lockout options
DNS configuration
NTP configuration
Describe how to configure and monitor interfaces
VLANs, aggregated Ethernet
Management interface
Bridge Group
Tunnel interfaces
Loopback interface
Interface modes
Redundant Ethernet
Identify the concepts and functionality of virtual systems (vsys)
vsys interfaces and zones
Inter-vsys routing
Profiles
CPU resource management

Layer 3 Operations
Identify the concepts and functionality of Layer 3 operations (IPv4 and IPv6)
Routing lookup flow
Virtual routers
Static and default routing
Dynamic routing - RIP, OSPF, BGP
Considerations for routing over VPNs
Route optimization and aggregation
Route redistribution; access lists and route maps
Source-based vs. policy-based routing
IPv6 modes
Demonstrate knowledge of how to configure, monitor and troubleshoot Layer 3 operations (IPv4 and IPv6)
Zones
Interfaces
IP addressing
Virtual router
Static/default routes, including floating static routes
RIP
OSPF
BGP
Redistribution
Access lists and route maps
Source-based and policy-based routing
Layer 3 verification
Layer 3 troubleshooting - get vrouter, debug, flow filter, session table

Security Policies
Identify the concepts and functionality of security policies
Zones and policies
Policy components
Policy options
Policy ordering
Policy scheduling
Global policies
Multicell policies
Address books
Policing and guaranteed bandwidth
Services
Demonstrate knowledge of how to configure, monitor and troubleshoot security policies
Address books and address groups
Services and service groups
Policy verification
Policy troubleshooting - debug, get session

NAT
Identify the concepts and functionality of NAT
Interface-based vs. policy-based NAT
NAT type usage
Source NAT (NAT-src)
Dynamic IP addresses (DIP)
Destination NAT (NAT-dst)
Virtual IP addresses (VIP)
Mapped IP addresses (MIP)
Precedence
Demonstrate knowledge of how to configure, monitor and troubleshoot NAT
Policy-based NAT
Dynamic IP addresses (DIP)
Reachability/Routing
VIP and MIP
NAT verification
NAT troubleshooting - debug, get session, and traffic logs

IPsec VPNs
Identify the concepts and functionality of IPsec VPNs
Secure VPN characteristics and components
Encapsulating Security Payload (ESP)
Authentication Header (AH)
IPsec tunnel establishment - Internet Key Exchange (IKE)
Hub-and-spoke IPsec VPNs
Policy-based vs. route-based IPsec VPNs
Next-hop tunnel binding (NHTB)
Next Hop Resolution Protocol (NHRP)
Fixed vs. dynamic peers
Tunnel interfaces
Preshared keys
VPN Monitor
Demonstrate knowledge of how to configure, monitor and troubleshoot IPsec VPNs
Interfaces
Objects
IKE
Policy
Routing
VPN Monitor
IPsec VPN verification
IPsec VPN troubleshooting - system/event log, debug, get ike, get sa

High Availability
Identify the concepts and requirements for high availability (HA) in a ScreenOS firewall/VPN environment
NetScreen Redundancy Protocol (NSRP) characteristics
NSRP modes; usage guidelines
Links, ports and zones
Virtual security device (VSD), virtual security interfaces (VSI) and VSD groups
VSD states
Run-time objects (RTOs)
HA probes
Failover tuning
IP tracking
Virtual Router Redundancy Protocol (VRRP)
Redundant interfaces
Links between the firewalls
Redundant VPN gateways
Demonstrate knowledge of how to configure, monitor and troubleshoot HA
HA link
Cluster settings
Interfaces
VSD settings
RTO synchronization
Tracking and monitoring
Redundant interface
HA verification
HA monitoring for VPNs - IKE heartbeats, dead peer detection
HA troubleshooting - debug, get interface, get nsrp stats

Attack Prevention
Describe the purpose, configuration and operation of Screens
Attack types and phases
Screen options
Best practices
Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of deep inspection (DI)
Attack object database
Custom attack objects
Signature database update methods
DI policies and actions
Licensing
Configuration, verification and troubleshooting
Describe the purpose, configuration and operation of Unified Threat Management (UTM)
Antispam profiles
Actions
Spam block list (SBL)
Antivirus scanning methods and options
Antivirus flow process
Licensing
Web filtering features and solutions
Data flow
Search order
White lists, black lists and categories
Configuration, verification and troubleshooting

System Administration, Management and Monitoring
Demonstrate knowledge of how to manage and monitor a ScreenOS firewall/VPN environment
File management
Password recovery
Licensing
Logs
Syslog
SNMP
Alarms
Counters

---

QUESTION 1
Which ScreenOS security feature helps protect against port scans and denial of service attacks?

A. session-based stateful firewall
B. IPsec VPNs
C. security policies
D. Screen options

Answer: B

Explanation:

---

QUESTION 2
What is the initial default username and password for all ScreenOS devices?

A. administrator/password
B. root/password
C. netscreen/netscreen
D. admin/netscreen1

Answer: D

Explanation:

---

QUESTION 3
What is a virtual system?

A. a mechanism to logically partition a single ScreenOS device into multiple logical devices
B. a collection of subnets and interfaces sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks

Answer: C

Explanation:

---

QUESTION 4
What is a zone?

A. a set of rules that controls traffic from a specified source to a specified destination using a
specified service
B. a collection of subnets and interfaces sharing identical security requirements
C. a method of providing a secure connection across a network
D. a tool to protect against DoS attacks

Answer: C

Explanation:

---

QUESTION 5
What is the function of NAT?

A. It performs Layer 3 routing.
B. It evaluates and redirects matching traffic into secure tunnels.
C. It provides translation between IP addresses.
D. It performs Layer 2 switching.

Answer: B

Explanation:

Click here to view complete Q&A of JN0-533 exam
Certkingdom Review

Best Cisco JN0-533 Certification, Cisco JN0-533 Training at certkingdom.com

JN0-314 Junos Pulse Access Control, Specialist (JNCIS-AC)

JNCIS-AC Exam Objectives (Exam: JN0-314)

Overview
Identify the concepts, operation, and functionality of Junos Pulse Access Control Service
Junos Pulse Access Control Service components
Component functions and interaction
Identify the components of the access management framework
Interrelationship between realms, roles and policies

Platform Configuration
Demonstrate knowledge how to configure the basic elements of a Junos Pulse Access Control Service environment
Initial Junos Pulse Access Control Service configuration
Choosing the platform (e.g., virtual or physical)
Configure authentication servers
Connectivity verification

Roles
Identify the concepts, operation and functionality of roles
Purpose of roles
Role mapping
Customization of the end-user experience
Demonstrate knowledge of how to configure roles
Roles and role options

End User Access
Identify the Junos Pulse Access Control Service client access options
Junos Pulse
Odyssey Access Client (OAC)
Machine authentication and third party supplicant
Agentless access
Demonstrate knowledge of how to configure Junos Pulse Access Control Service clients
Junos Pulse
Odyssey Access Client (OAC)
Agentless access

Firewall Enforcement
Identify the concepts, operation and functionality of firewall enforcement
Purpose of resource policies
Resource policies for firewall enforcement
User-based firewall policies
Captive portal
Demonstrate knowledge of how to configure firewall enforcement
Junos Pulse Access Control Service configuration
SRX Series device configuration
User-based firewall policies
Captive portal

Layer 2 Enforcement
Identify the concepts, operation and functionality of Layer 2 enforcement techniques
802.1X security
RADIUS (related to 802.1X)
MAC authentication
Multiple supplicant authentication on EX Series devices
Demonstrate knowledge of how to configure Layer 2 enforcement
Junos Pulse Access Control Service configuration
EX Series device configuration
SRX Series device configuration

Endpoint Defense
Identify the concepts, operation and functionality of endpoint defense
Host Checker
Authentication policies and role restrictions
Demonstrate knowledge of how to configure endpoint defense
Host Checker
Authentication policies and role restrictions

Authentication Options
Identify the concepts, operation and functionality of user authentication
Authentication process
Authentication options
Demonstrate knowledge of how to configure authentication
Authentication servers including LDAP, RADIUS, AD/NT, anonymous
Authentication realms

Management and Troubleshooting
Demonstrate knowledge of how to manage and troubleshoot a Junos Pulse Access Control Service environment, including Junos Pulse Access Control Service and SRX Series devices
Logging (e.g., RADIUS logging, policy tracing)
System Monitoring
File Management
Information collection
Component connectivity
End user connectivity and enforcement

High Availability
Identify the concepts and requirements for high availability in a Junos Pulse Access Control Service environment
Clustering
Deployment options and considerations
Demonstrate knowledge of how to configure high availability
Junos Pulse Access Control Service configuration
SRX Series device configuration

Integration
Identify the concepts and requirements for Junos Pulse Access Control Service integration with other components
Integration with IF-MAP client
Integration with STRM
Integration with SRX Series devices
Integration with EX Series devices
Demonstrate knowledge of how to configure integration
IF-MAP federation
Syslog

---

QUESTION 1
A customer wants to create a custom Junos Pulse configuration. Which two are required?
(Choose two)

A. Connection set
B. Configuration set
C. Custom installer
D. Component set

Answer: A,D

Explanation:

---

QUESTION 2
What is a type of firewall enforcer supported by the Junos Pulse Access Control Service?

A. Checkpoint firewall
B. SRX Series device
C. DP sensor
D. MX Series device

Answer: B

Explanation:

---

QUESTION 3
A customer is trying to decide which 802.1X inner protocol to use on their network. The customer
requires that no passwords be sent across the network in plain text, that the protocol be supported
by the Windows native supplicant, and that the protocol supports password changes at Layer 2.
Which protocol would meet the customer's needs?

A. EAP-TLS
B. EAP-MD5
C. PAP
D. EAP-MSCHAPv2

Answer: D

Explanation:

---

QUESTION 4
You navigate to "UAC" > "Infranet Enforcer" > "Auth Table Mapping" in the admin GUI. You see
one policy, which is the unmodified, original default policy.
Which statement is true?

A. Dynamic auth table mapping is not enabled.
B. A successful authentication attempt will result in a new authentication table entry, which will be
delivered only to the Junos enforcer protecting the network from which the user has authenticated.
C. To create a static auth table mapping, you must delete the default policy.
D. The default policy applies only to the factory-default role User.

Answer: A

Explanation:

---

QUESTION 5
You have a Junos Pulse Secure Access Service acting as an IF-MAP client, configured to federate
all user roles to a Junos Pulse Access Control Service acting as an IF-MAP Federation server. A
remote user using Junos Pulse logs in to the Junos Pulse Secure Access Service; the Junos
Pulse Secure Access Service provisions a remote access session for that user.
What happens next?

A. The Junos Pulse Secure Access Service redirects the user to the Junos Pulse Secure Access
Service for authentication
B. The Junos Pulse Access Control Service provisions enforcement points to enable resource
access for that user.
C. The Junos Pulse Secure Access Service publishes user session and role information to the IFMAP
Federation server,
D. The Junos Pulse Secure Access Service provisions enforcement points to enable resource
access for that user.

Answer: C

Explanation:

Click here to view complete Q&A of JN0-314 exam
Certkingdom Review

Best Cisco JN0-314 Certification, Cisco JN0-314 Training at certkingdom.com

650-159 ICA Cisco IronPort Cloud Associate

Exam Number 650-159
Duration 90 minutes (25-35 questions)
Available Languages English

The 650-159 ICA Cisco IronPort Cloud Associate exam tests your knowledge of the following:
What ScanSafe does and how it works
The various deployment methods at a technical level so you can recommend the most suitable deployment to customers according to their needs and existing infrastructure

Basic administration, how to manage a web-filtering policy, and how to run reports on web usage within the ScanCenter GUI

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

How to Sell ScanSafe QLMs
Web Filtering
Advanced WIRe
ScanCenter Lab Exercise
Deployment Options
Outbreak Intelligence
 

---

QUESTION 1
What important consideration do you need to be aware of when using a Connector?

A. Multiple DHCP servers
B. Multiple DNS servers
C. Multiple break-out points

Answer: C

Explanation:

---

QUESTION 2
How can AnyConnect be bypassed by a user when installed locked-down?

A. When locked-down, AnyConnect can be bypassed by a user by changing the Browser Proxy settings
B. When locked-down, AnyConnect can be bypassed by a user if they know the admin password
C. AnyConnect cannot ever be bypassed by a user when installed locked-down

Answer: C

Explanation:

---

QUESTION 3
How are different time zones supported by WIRe?

A. Each entry is converted to UTC as it is stored, so you can select any time zone in the GUI when
searching and see the times according to the user's local time
B. All entries are recorded only in their local time zone, so you need to calculate the time offset
when searching for data of users in different time zones
C. There is no support for different time zones in WIRe

Answer: A

Explanation:

---

QUESTION 4
If a customer wants roaming protection for laptops with Windows 7 64 bit, and is not using Cisco's VPN, which one of the following would be the best solution:

A. Anywhere*
B. AnyConnect Web Security standalone client
C. Anywhere* or AnyConnect are both suitable
D. This scenario cannot be supported by Anywhere* or AnyConnect

Answer: B

Explanation:

Click here to view complete Q&A of 650-159 exam
Certkingdom Review

Best Cisco 650-159 Certification, Cisco 650-159 Training at certkingdom.com

650-472 S802DT1X Introduction to 802.1X Operations for Cisco Security Professionals Exam

Exam Number 650-472
Last day to test: December 31, 2016
Duration 60 minutes (60-65 Questions)
Available Languages English

This exam will test field engineers' knowledge on the 802.1X concepts, components, and operations, and TrustSec authentication, access control, and end-user policy. Candidates will be tested on how to identify the steps and options for configuring a switch and a Wireless LAN Controller for 802.1X operations with Identity Services Engine (ISE) as the authentication server to authorize network access to employees and guests.

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Identity based networking concepts
IEEE 802.1X concepts, architecture, and requirements for deployment
Component requirements for 802.1X operations
IEEE 802.1X operations in wired and wireless environment
Designing Identity Based Networks with 802.1X and ISE

QUESTION 1
Which two statements represent good use cases for Wake on LAN? (Choose two.)

A. WoL can be used to power-up hosts for on-demand PXE booting.
B. WoL can be used to power-up hosts for after-hours operating system updates and application patching.
C. WoL can be used to power-up hosts to access the IPMI.
D. WoL can be used to save electricity by powering down underused servers and desktops.

Answer: A,B

Explanation:

---

QUESTION 2
Which two choices are valid methods of authorizing a wired supplicant? (Choose two.)

A. EAP-FAST
B. VLAN assignment
C. dACL
D. EAPOL
E. RADIUS

Answer: B,C

Explanation:

---

QUESTION 3
Which two statements about MACsec security are true? (Choose two.)

A. MACsec is an IEEE standard that is defined by 802.3AE.
B. MACsec leverages an 802.1X EAP framework to negotiate the MACsec Key Agreement.
C. MACsec is an IETF standard that is defined by RFC 4501.
D. MACsec can negotiate a MACsec Key Agreement without 802.1X.
E. MACsec is an IETF standard that is defined by RFC 4505.
F. MACsec is an IEEE standard that is defined by 802.1AE.

Answer: B,F

Explanation:

---

QUESTION 4
Which statement correctly defines a persona?

A. A Cisco ISE node can be configured as a primary or backup persona.
B. Persona refers to collections of services running on a Cisco ISE node.
C. A Cisco ISE node can be configured as a wired or wireless persona.
D. Persona relates to the collection of 802.1X services configured on a Cisco Catalyst switch.
E. Persona refers to the collection of EAP methods available to a supplicant.
F. A Cisco ISE node can be configured as a standalone or distributed persona.

Answer: B

Explanation:

Click here to view complete Q&A of 650-472 exam
Certkingdom Review

Best Cisco 650-472 Certification, Cisco 650-472 Training at certkingdom.com

650-665 CSPWCHD Cisco SP Video Wireline and Cable Headend Design for SE for Validating Knowledge (not for Cisco Certification)

SE Cisco SP Video Wireline Cable Headend Design (650-665)

Exam Description:
The 650-665 Cisco SP Video Wireline and Cable Headend Design for SE (CSPWCHD) 650-665 exam is a 45-minute test with 25–35 questions. The exam tests a candidate's knowledge on designing a service provider Wireline or cable video solution, configuring and testing the solution, and comparing it against competitive solutions by articulating key differentiators. Candidates can prepare for this exam by taking the Authorized Service Provider Video Partner Wireline and Cable Headend Design track of training, including Phases I, II, and III.

The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific instance of the exam. To better reflect the contents of the exam and for clarity purposes, these guidelines may change at any time without notice.

100% 1.0 SE Cisco SP Video Wireline Cable Headend Design
QUESTION 1
Which output formats are available from an IRD?

A. baseband, ASI and MPEGoIP
B. RF, SDI and optical
C. QAM, optical, and analog
D. RF, ASI, and MPEGoIP

Answer: A

Explanation:

---

QUESTION 2
What network management system can monitor and control video headend equipment?

A. ANA
B. Cisco Works
C. ROSA
D. SNMP

Answer: C

Explanation:

---

QUESTION 3
What is the modulation format used in Digital Video Broadcast-S?

A. QAM 256
B. FDM
C. QPSK
D. FM

Answer: C

Explanation:

Click here to view complete Q&A of 650-665 exam
Certkingdom Review

Best Cisco 650-665 Certification, Cisco 650-665 Training at certkingdom.com

700-172 FlexPod Sales

700-172 FlexPod Sales
Exam Description:
The FlexPod Sales (700-172) exam is a 45-minute, 35−45 item exam that assesses how sales teams can effectively position FlexPod in the Data Center. Some of the topics assessed are how to consider the challenges faced by business and IT today and how this relates to FlexPod opportunities. The exam also assesses who “the customer” is and the importance of applications to many of the customers that are influential in purchasing application-based solutions.
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

30% 1.0 Customer Challenges and Business Value of FlexPod
1.1 Identify the customer challenges addressed and the corresponding value that the FlexPod architecture brings
1.1.a Responsiveness and speed of delivery
1.1.b Limited IT staff and budget
1.1.c Provisioning complexity
1.1.d Exponential data growth
1.1.e Staying competitive in their market space
1.1.f Data security
1.1.g Mobile workforce productivity
1.1.h Application availability and rollout complexity
1.1.i Application characteristics

1.2 Describe the business value proposition of converged infrastructure vs legacy infrastructure
1.2.a Describe how FlexPod delivers business agility by accelerating application development
1.2.b Describe how FlexPod mitigates risk
1.2.c Describe operational efficiency through standardization of deployment
1.2.d Describe how FlexPod enables different cloud models

1.3 Identify what makes the FlexPod architecture superior to alternate solutions
1.3.a Cisco Validated Designs (CVD)
1.3.b Open approach toward various workloads and hypervisors
1.3.c Unified architecture
1.3.d Storage efficiency
1.3.e Clustering technology
1.3.f Cisco Unified support
1.3.g Converged infrastructure (#1 system worldwide) 2013 Cisco Systems, Inc. This document is Cisco Public. Page 1
1.3.h Scale up vs scale out discussion (standard FlexPod slide)
1.3.i Secure multitenancy

1.4 Describe competitive landscape and positioning vs. other architectures and offerings
1.4.a Reference architecture approach allows customer to buy what they need
1.4.b Extensive library of validate workloads across virtualization platforms and bare metal deployments
1.4.c Scalable solutions from mid-market with FlexPod Express to the Data Center and service providers with FlexPod Datacenter
1.4.d Integrated co-operative support include hypervisors
1.4.e Integrated unified storage and networking architecture
1.4.f Secure multitenancy

19% 2.0 Technical Features and Value of the Constituent Components
2.1 Describe Cisco Unified Computing System (UCS) and the value proposition
2.1.a Cisco UCS service profiles, stateless computing, simplified deployment for non-virtualized workloads
2.1.b Identify supported hypervisors (VMware, Microsoft, XenServer)
2.1.c Articulate the Cisco UCS market Impact
2.2 Describe Cisco Nexus family
2.2.a Describe the value proposition of Cisco Unified fabric – power, cooling, and cabling savings aspect
2.2.b Identify the benefits of various fabric options (switches, fabrics, and interconnects)
2.3 Describe NetApp storage
2.3.a Identify the benefits of a NetApp storage architecture
2.3.a (i) Leading storage efficiency
2.3.a (ii) Nondisruptive operations
2.3.a (iii) Seamless platform scalability
2.3.a (iv) Ease of management
2.3.a (v) Enable cloud computing evolution into hybrid environment
2.3.b Describe the differences between 7 Mode, Clustered Data ONTAP, and E Series
2.3.c Describe the characteristics of a unified storage platform

19% 3.0 FlexPod Management, Automation, and Orchestration
3.1 Describe the differences between management, automation, and orchestration
3.1.a Management
3.1.b Automation
3.1.c Orchestration
3.2 Identify the appropriate cloud solution for the customer use case (private, public, and hybrid)
3.2.a Private cloud
3.2.b Public cloud
3.2.c Hybrid cloud

20% 4.0 Application Workloads and Use Cases Enabled by FlexPod
4.1 Describe IT business transformation and related business process and application drivers
4.1.a Increase demand for more agile IT infrastructure to meet the business need
4.1.b Requirement to increase the efficiency within the data center
4.1.c Enable simple scaling of the infrastructure to meet the business requirements
4.1.d Enable future development of a hybrid cloud strategy
4.1.e Meet regulatory requirements
4.1.f Limited IT resources for managing infrastructure
4.1.g Requirement for IT to become a business enabler
4.1.h Transformation of IT from a builder of infrastructure to a provider of services
4.1.i Enable IT to be prepared for new workloads generated for new channels, such as mobile
4.1.j Enable the business to consume IT on demand
4.2 Identify various application buying centers within organizations – LOB, consultant, architect, server admins, VP of IT, CIO, Facilities, and Procurement
4.2.a Head of IT – Manager / VP / CIO
4.2.b Security office
4.2.c Business unit owner
4.2.d Application owner
4.2.e Application administrator
4.2.f Database administrator
4.2.g Infrastructure manager
4.2.h Operations management
4.2.i Data center manager
4.2.j Network manager
4.2.k Storage manager
4.2.l Data protection / backup administrator
4.2.m Procurement
4.3 Determine customer critical applications, insertion points and risk factors
4.3.a Business critical
4.3.a (i) Applications viewed as critical will vary between companies and based on the level of impact that downtime or logical corruption would have on the business
4.3.a (ii) ERP
4.3.a (iii) Collaboration – email and messaging
4.3.a (iv) Finance and accounting
4.3.a (v) Core databases
4.3.a (vi) Web-portals
4.3.a (vii) CRM
4.3.a (viii) Payroll
4.3.a (ix) Business Intelligence
4.3.b Risk factors
4.3.b (i) Network link failures
4.3.b (ii) Hardware failures
4.3.b (iii) Thermal or cooling issues 2014 Cisco Systems, Inc. This document is Cisco Public. Page 3
4.3.b (iv) Finance and accounting
4.3.b (v) Power failures
4.3.b (vi) Application or database failures
4.3.b (vii) Human error
4.3.b (viii) Malicious intent
4.3.b (ix) Building-level disruption
4.3.b (x) Metro-level disruption
4.3.b (xi) Regional disruption
4.4 Describe the need to collaborate with application software and hardware vendors
4.4.a All IT environments are made up of storage, networking, compute, operating system, application and management components that work together to create a solution.
4.4.b Each part within the solution has a dependency on one or more other layers, so working with vendors who work closely together minimizes the risk when deploying an infrastructure.
4.4.c Collaboration between vendors enables optimization of the infrastructure to ensure the best price, performance and reliability of an infrastructure.
4.5 Describe the different use cases and application workloads that can be virtualized and nonvirtualized and describe how FlexPod meets their needs
4.5.a Describe n-tier architecture
4.5.b Describe applications and service opportunities
4.5.b (i) Oracle (E-Business Suite, Siebel, PeopleSoft)
4.5.b (ii) SAP (HANA, NetWeaver, Business Suite)
4.5.b (iii) Microsoft (Exchange, Hyper-V, SharePoint, SQL, System Center)
4.5.b (iv) IBM (WebSphere, Tivoli, Rational Software, Informix)
4.5.c Identify application acronyms: CRM, SCM, PLM, HRIS, BI/DSS, ERP, FM
4.5.d Identify situations best suited for using virtualization (scenario questions)
4.5.e Application dependent
4.5.f Database – no
4.5.g Web, Microsoft, desktop, general purpose – yes
4.5.h Identify situations best suited for using bare-metal implementation
4.5.i Capacity, security, and corporate guidelines
4.5.j How FlexPod enhances desktop and server virtualization
4.5.k Identify applications addressed by CVDs

12% 5.0 FlexPod Programs, Tools, and Resources
5.1 Describe Premium Partner program and FlexPod Premium framework
5.1.a Identify what FlexPod Premium partners bring to the table (NetApp/Cisco certified training)
5.1.a (i) A scalable framework from Cisco and NetApp that recognizes and rewards partners for achieving the highest level of FlexPod competency
5.1.a (ii) A mutual investment from Cisco and NetApp to deliver greater value to those partners
5.1.a (iii) A single set of qualification criteria to identify and differentiate partners with highest level of competency 2014 Cisco Systems, Inc. This document is 5.1.a (iv) An opportunity to communicate with one voice to highest level of FlexPod partners
5.1.a (v) Incremental benefits
5.2 Describe FlexPod Partner profitability
5.2.a Rebate program
5.2.b Partner sales desk
5.2.c Extra margin programs and Cisco UCS Breakaway
5.2.d Cisco UCS and Nexus front-end partner programs, such as SIP and OIP
5.2.e Cisco UCS SmartPlay bundles
5.3 Identify FlexPod resources and tools
5.3.a Describe CiscoNetApp.com, Cisco.com, and NetApp partner portal
5.3.b Describe the CVD warehouse (design zone)
5.3.c Describe the ROI and TCO tools
5.3.d Describe the FlexPod support model

1. Overview
This document provides configuration guidance for users of Cisco® IOS SSLVPN. This feature is
designed to terminate SSL VPN connections on Cisco IOS Software-based routers (1800, 2800,
3700, 3800, 7200, and 7301). SSL VPN is comparable to and complements the popular IP
Security (IPsec) remote-access VPN.

The testing was performed at the NSITE lab in Research Triangle Park, North Carolina (RTP) on
the devices defined above. The objective of the testing was to configure and test interaction of
Cisco IOS SSLVPN with authentication, authorization, and accounting (AAA) policies using the
backup authentication setup. This is typically used by a provider with redundant AAA servers.
Advantage: The primary advantage of backup AAA authentication is the provider can have
redundant AAA servers. In the event of failure, users will still be authenticated. This setup can be
used with any of the AAA designs, and will work with authentication domains.
Note: All Cisco IOS SSL VPN/WebVPN features are included in a single, cost-effective license
that would be purchased separately. You can purchase the feature license in packs of 10, 25, or
100 simultaneous users directly from the Cisco.com configuration tool. If you already have a
router, use the following SKUs to order the license: FL-WEBVPN-10-K9=, FL-WEBVPN-25-K9=,
FL WEBVPN 100-K9=. Check the data sheet to find the maximum supported users for your platform.

2. Audience
This configuration guide is intended for customers and partners working to provide configuration
guidelines and best practices for smaller SSL VPN deployments.

3. Network Topology
Figure 1 shows a Cisco IOS SSL VPN topology that uses redundant AAA servers.
Figure 1. Cisco IOS SSL VPN Topology with Redundant AAA Servers



4. Basic Configurations
4.1 Global AAA Configuration
When the primary AAA server is unreachable, the service provider will typically have a backup
AAA server. When the router does not get a pass/fail response from the primary server, it will
eventually time out. Next it will send the request to the secondary server. It will work with the
authentication domains as well, but this will need to be set up on both servers.

Click here to view complete Q&A of 700-172 exam
Certkingdom Review

Best Cisco 700-172 Certification, Cisco 700-172 Training at certkingdom.com

700-070 IX5K Cisco TelePresence IX5000 Series Immersive Solutions

Exam Number 700-070 IX5K
Associated Certifications Cisco TelePresence Solutions Specialist
Cisco TelePresence Video Master Authorized Technology Provider Program (ATP)
Duration 60 minutes (45-55 questions)
Available Languages English

This exam is designed to provide students with a strong understanding of the installation, configuration, operation, maintenance, and troubleshooting of the Cisco IX5000 and IX5200 systems. The Cisco IX5000 exam assessment topics include features and options, physical installation, configuration, operations, maintenance, upgrades, and troubleshooting.

The Cisco TelePresence IX5000 Series Immersive Solutions exam (700-070) is a 60 minute, 45-55 question assessment that is associated with the Cisco IX5000 Series Immersive Solutions course. The Cisco IX5000 Series Immersive Solutions course is designed to provide students with a strong understanding of the installation, configuration, operation, maintenance, and troubleshooting of the Cisco IX5000 and IX5200 systems. The Cisco IX5000 exam assessment topics include features and options, physical installation, configuration, operations, maintenance, upgrades, and troubleshooting.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Immersive TelePresence 10%
1.1 Describe Immersive TelePresence and how it is implemented
1.2 Describe the Cisco IX5000 Series system characteristics

2.0 Cisco IX5000 Overview 10%
2.1 Identify the components of the IX5000 Series endpoints
2.2 Identify the components of the infrastructure needed to support the IX5000 Series

3.0 Cisco IX5000 Installation Overview 15%
3.1 Describe the pre-installation tasks for the IX5000 Series
3.2 Describe the physical setup of the IX5000 Series systems
3.3 Describe the electrical, network, and system wiring tasks for the IX5000 Series
3.4 Describe first-time setup considerations for the IX5000 Series endpoints
3.5 Describe the optional hardware peripheral devices available with the IX5000 Series endpoints

4.0 Cisco IX5000 Configuration 15%
4.1 Explain how to configure the infrastructure that supports the IX5000 Series
4.2 Explain how to configure the IX5000 endpoint

5.0 Cisco IX5000 Operations 20%
5.1 Explain how to schedule OBTP calls with the IX5000 System and Cisco TMS
5.2 Explain how to use the Cisco Touch Control Panel to place and manage calls on the IX5000 Series
5.3 Explain how to share content using the IX5000 Series
5.4 Explain how to change user controlled options on the IX5000 Series

6.0 Cisco IX5000 Maintenance 15%
6.1 Describe basic maintenance tasks for the IX5000 endpoint
6.2 Describe basic maintenance tasks for the infrastructure that supports the IX5000
6.3 Describe the upgrade considerations for the IX5000 Series

7.0 Cisco IX5000 Basic Troubleshooting 15%
7.1 Describe common issues that can be encountered by IX5000 users
7.2 Describe how to troubleshoot common problems for the IX5000 Series

---

QUESTION 1
What causes echo or reverberation in the room during a call?

A. too many acoustic panels
B. too many hard surfaces
C. too many people
D. too many devices

Answer: B

Explanation:
A common problem with rooms larger than the Cisco recommended dimensions is excessive
reverberation. Large rooms with smooth surface areas such as glass or long parallel walls reflect
more sound and in some cases create a noticeable echo, giving the room a ‘boomy’ or ‘echoy’
effect. Additionally, rooms with hard floors or hard-finished ceilings have more reverberation due to
the increased hard-surface areas present. Generally reverberation is more of a concern for
participants in the room than for the audio being shared with the other side of the Immersive Cisco
TelePresence meeting.
Reference:http://www.cisco.com/c/dam/en/us/solutions/collateral/collaboration-endpoints/c07-
643449-00_tp_dg.pdf

---

QUESTION 2
What is the purpose of the IX5000?

A. immersive collaboration
B. mobile-device use
C. desktop use
D. home use

Answer: A

Explanation:

---

QUESTION 3
Which two peripheral devices are available for the IX5000? (Choose two.)

A. additional Touch 12 screens
B. additional Touch 10 screens
C. additional Touch 8 screens
D. document scanner
E. auxiliary monitors

Answer: B,E
Reference:
http://www.cisco.com/c/en/us/td/docs/telepresence/ix5000/recommendations/ix5000_room_require
ments.html

---

QUESTION 4
Which two standards does the IX5000 codec support? (Choose two.)

A. H.324
B. H.320
C. H.265
D. G.729AB
E. G.728

Answer: A,C

Explanation:

---

QUESTION 5
Which infrastructure component is needed for OBTP?

A. Prime Collaboration
B. Cisco VCS
C. Cisco TMS
D. Cisco TelePresence System

Answer: C

Explanation:
The Cisco TelePresence Management Suite (TMS) is delivered as a management appliance or
software that can be loaded on a server. Cisco TMS provides one-button-to-push (OBTP) call
launching, scheduling, monitoring, and provisioning for TelePresence endpoints registered with
the VCS.
Reference:
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/uc_system/design/guides/videodg/vidguide/infrastr.html

Click here to view complete Q&A of 700-070 exam
Certkingdom Review

Best Cisco 700-070 Certification, Cisco 700-070 Training at certkingdom.com

810-403 OUTCOMES Selling Business Outcomes

810-403 OUTCOMES Selling Business Outcomes

Exam Number 810-403
Associated Certifications Cisco Business Value Specialist
Duration 90 Minutes (60 - 70 questions)
Available Languages English, French, Japanese

This exam tests a candidate's knowledge and skills related to selling technology services and solutions with a business outcome focus. Questions cover essential capabilities to grow pipeline and revenue through work across sales stages from "Prospect" through "Close".

13% 1.0 Business Outcomes Sales Approach
1.1 Identify concepts and elements of business outcome-based sales approach
1.2 Explain the value of business outcome-based sales
1.3 Identify new skills for business outcome-based sales
1.4 Explain the difference between product and business outcome-based sales
1.5 Describe the three types of outcomes

20% 2.0 Customer Business Environment
2.1 Identify key customer stakeholders
2.2 Identify business outcome-based opportunities across industry verticals
2.3 Describe the business impact from emerging products and services
2.4 Describe the link between Cisco solutions and services to business outcomes
2.5 Describe the importance of Key Performance Indicators (KPIs)
2.6 Describe the importance of Critical Success Factors (CFSs)

25% 3.0 Customer Business Context,  Challenges, and Opportunities
3.1 Analyze stakeholder expectations and their approach for technology purchases and adoption
3.2 Apply the stakeholder power/influence grid to identify and manage stakeholders
3.3 Identify business outcomes that are based on the customer business context and business requirements
3.4 Describe how business outcome-based sales impacts the customer value proposition
3.5 Apply the business model canvas to define the customer environment, business model, and motivators for change
3.6 Interpret the financial impact on business value, opportunities, and challenges in business outcome-based selling
3.7 Describe the four types of requirements for the customer's business

25% 4.0 Outcome-Based Opportunity for Customer Impact
4.1 Identify customer priorities for required business outcomes
4.2 Identify required consumption models
4.3 Describe Cisco solutions and services that will enable business outcomes for the customer
4.4 Identify business outcome-based opportunities from licensing models
4.5 Define customer decision criteria and key performance indicators to measure business outcomes
4.6 Interpret benefits and costs from a business outcome-based sales approach

17% 5.0 Manage and Communicate with Stakeholders
5.1 Describe the process for communicating with stakeholders
5.2 Describe the Cisco sales enablement resources to enhance the business outcome-based experience for the stakeholders
5.3 Determine a business outcome-based sales plan that is aligned with stakeholders need
5.4 Apply the Seven Elements Framework for communicating and negotiating with stakeholders
5.5 Articulate the business value of the proposed solution to stakeholders
5.6 Describe the components of the process to gain stakeholder support

QUESTION 1
Which option must you know when you plan to negotiate or reach agreement?

A. underlying Interests of the stakeholders
B. timing for decision on purchases
C. the customer budget
D. Cisco offerings

Answer: A

QUESTION 2
Which two activities require strong facilitation skills for gathering qualitative data? (Choose two.)

A. workshop
B. focus group
C. survey
D. questionnaire
E. interview

Answer: A,B

QUESTION 3
Which two dimensions are used in the stakeholder power grid? (Choose two.)

A. Influence/Authority
B. Power/Influence
C. Interest/Empathy
D. Interest/Support
E. Consensus/Support

Answer: B,D

QUESTION 4
Which two options are reasons why effective communications is key to success? (Choose two.)

A. It allows effective interaction between stakeholders.
B. Can help mitigate the intrinsic risks within negotiation.
C. It allows other strengths to create maximum impact.
D. Can help lessen the impact of business weakness.

Answer: A,D

QUESTION 5
Which are the four types of requirements for aligning outcomes to business needs?

A. Business, Functional, Strategic,Tactical
B. Strategic, Tactical, Operational, Procedural
C. Functional, Operational, Administrative, Strategic
D. Business, Technical, Functional, Transitional

Answer: D

Click here to view complete Q&A of 810-403 exam
Certkingdom Review

Best Cisco 810-403 Certification, Cisco 810-403 Training at certkingdom.com

810-502 LVCI Leading Virtual Classroom Instruction

Exam Number 810-502
Associated Certifications Virtual Classroom Instruction Specialist
Duration 75 minutes (55-65 questions)
Available Languages English

The 810-502 Leading Virtual Classroom Instruction written exam is required for Cisco WebEx Virtual Classroom Instruction Specialist. The computer-based, multiple-choice exam tests the candidate's knowledge of how to prepare and manage a virtual classroom environment and use collaboration tools to maximize student participation and comprehension. Candidates can prepare for the exam by taking the Cisco WebEx Leading Virtual Classroom Instruction course (LVCI) v2.0.

The 810-502 Leading Virtual Classroom Instruction written exam is required for Cisco WebEx Virtual Classroom Instruction Specialist certification. The computer-based, multiple-choice exam tests the candidate's knowledge of how to prepare and manage a virtual classroom environment and use collaboration tools to maximize student participation and comprehension. Candidates can prepare for the exam by taking the Cisco WebEx Leading Virtual Classroom Instruction course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Describe Synchronous eLearning Environments to Include Characteristics, Roles and Responsibilities 5%
1.1 Describe the characteristics of synchronous eLearning — definitions and terms used in the industry
1.2 Describe the function and benefits of interactivity in a virtual classroom environment
1.3 Describe the general roles and responsibilities when implementing a virtual delivery program

2.0 Manage Program and Logistics 5%
2.1 Plan and execute effective participant communication before, during and after scheduled virtual sessions
2.2 Given a scenario identify and describe the steps to coordinate and schedule a virtual session
2.3 Given a scenario, determine the appropriate pre-session activities necessary (including scheduling, registration, and reporting)
2.4 Assess your needs against the program goals and determine whether to augment the virtual classroom with blended learning options
2.5 Identify recording and playback capabilities, purposes and considerations

3.0 Prepare Yourself and Your Physical and Virtual Environment for Conducting an Effective Virtual Classroom Session 11%
3.1 Set up the trainer's physical and virtual environment including preparing the attendee environment
3.2 Prepare yourself for facilitating in a virtual training environment
3.3 Develop contingency plans for common difficulties
3.4 Review course materials and address any areas that are unclear or may lead to learner confusion

4.0 Demonstrate Effective Classroom Management Skills in a Virtual Classroom Setting 33%
4.1 Implement contingency plans to manage disruptions
4.2 Keep sessions on track by responding to questions, keeping participants focused, and encouraging participation
4.3 Apply time management strategies effectively
4.4 Maintain a safe and positive learning environment that is conducive to the learning process
4.5 Build rapport with students
4.6 Establishes and maintains credibility with learners
4.7 Checks in at regular intervals and adjusts instruction based on feedback and/or behavioral cues from participants
4.8 Provide clear instruction and guidance to learners on how to meet the learning objective
4.9 Manage small group work, labs, and independent work
4.10 Employ effective questioning skills to involve learners (e.g., open-ended questions, wait after asking questions, let people self-select, etc.)
4.11 Ensure most participants are responding and interacting at the desired level
4.12 Gauge when to control the facilitation process versus when to let interaction flow
4.13 Facilitate interaction between participants to achieve balanced participation among class members
4.14 Defines how participants should participate and reinforces desired behavior (e.g., use chat, raise hand icon, speak up)
4.15 Guide learners through the lesson content to achieve deeper understanding
4.16 Guide learners through the process of using online tools in activities

5.0 Demonstrate Effective Presentation Skills in a Virtual Classroom Setting 8%
5.1 Present content in a logical flow and order
5.2 Use a pace appropriate for students, learning objectives and learning material
5.3 Describe concepts in a clear and complete manner, using relevant examples
5.4 Transition effectively between topics/instructional elements

6.0 Select and Effectively Use Tools for Presentation and Collaboration that Are Appropriate for Achieving Intended Learning Objective or Desired Result 15%
6.1 Use annotation tools to focus attention to relevant content
6.2 Use sharing features when appropriate, including application, presentation, desktop, etc.
6.3 Use white boarding or white space to enhance instruction or group process
6.4 Use collaboration tools when appropriate, including annotation, chat, Q&A, polling, video, pass presenter role, remote control

7.0 Demonstrate Use of Voice Modulation and Effective Audio Techniques 5%
7.1 Uses appropriate modulation, vocal inflection, tone, and volume (e.g., varies pitch and emphasis to avoid speaking in monotone)
7.2 Conveys energy and enthusiasm (e.g., puts a smile in his/her voice)
7.3 Makes appropriate vocal adjustments (e.g., adjusts pace or volume) in response to participant feedback
7.4 Creates an effective audio environment (e.g., ensures a quiet presentation space, and that participants have audio as they join)
7.5 Limit use of filler words (e.g., um, ah, you know, etc.)

8.0 Apply Fundamental Virtual Classroom Content Design Concepts 11%
8.1 Identify and describe effective synchronous training design principle
8.2 Create/update effective synchronous presentation materials (e.g., updates presentation materials following leading practices for graphics, text, color and font)
8.3 Identifies and develops/chooses effective learning activities

9.0 Assess Student Comprehension and Evaluate the Effectiveness of Training 7%
9.1 Develop a strategy for evaluating effectiveness of the training and student skills and knowledge
9.2 Create effective test questions and surveys to measure participant reaction and learning gains
9.3 Assess whether the training was effective based on reviewing test results, survey results, and attendee feedback through online tools such as polls
9.4 Reviews content or adjusts pace of delivery to enhance comprehension if required

Click here to view complete Q&A of 810-502 exam
Certkingdom Review

Best Cisco 810-502 Certification, Cisco 810-502 Training at certkingdom.com

200-125 CCNA Cisco Certified Network Associate Exam

Exam Number 200-125 CCNA
Associated Certifications CCNA Routing and Switching
Duration 90 Minutes (50-60 questions)
Available Languages English, Japanese

This exam tests a candidate's knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The Cisco Certified Network Associate (CCNA) Routing and Switching composite exam (200-125) is a 90-minute, 50–60 question assessment that is associated with the CCNA Routing and Switching certification. This exam tests a candidate's knowledge and skills related to network fundamentals, LAN switching technologies, IPv4 and IPv6 routing technologies, WAN technologies, infrastructure services, infrastructure security, and infrastructure management.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.

1.0 Network Fundamentals 15%

1.1 Compare and contrast OSI and TCP/IP models

1.2 Compare and contrast TCP and UDP protocols

1.3 Describe the impact of infrastructure components in an enterprise network

1.3.a Firewalls
1.3.b Access points
1.3.c Wireless controllers

1.4 Describe the effects of cloud resources on enterprise network architecture

1.4.a Traffic path to internal and external cloud services
1.4.b Virtual services
1.4.c Basic virtual network infrastructure

1.5 Compare and contrast collapsed core and three-tier architectures

1.6 Compare and contrast network topologies

1.6.a Star
1.6.b Mesh
1.6.c Hybrid

1.7 Select the appropriate cabling type based on implementation requirements

1.8 Apply troubleshooting methodologies to resolve problems

1.8.a Perform and document fault isolation
1.8.b Resolve or escalate
1.8.c Verify and monitor resolution

1.9 Configure, verify, and troubleshoot IPv4 addressing and subnetting

1.10 Compare and contrast IPv4 address types

1.10.a Unicast
1.10.b Broadcast
1.10.c Multicast

1.11 Describe the need for private IPv4 addressing

1.12 Identify the appropriate IPv6 addressing scheme to satisfy addressing requirements in a LAN/WAN environment

1.13 Configure, verify, and troubleshoot IPv6 addressing

1.14 Configure and verify IPv6 Stateless Address Auto Configuration

1.15 Compare and contrast IPv6 address types

1.15.a Global unicast
1.15.b Unique local
1.15.c Link local
1.15.d Multicast
1.15.e Modified EUI 64
1.15.f Autoconfiguration
1.15.g Anycast

2.0 LAN Switching Technologies 21%

2.1 Describe and verify switching concepts

2.1.a MAC learning and aging
2.1.b Frame switching
2.1.c Frame flooding
2.1.d MAC address table

2.2 Interpret Ethernet frame format

2.3 Troubleshoot interface and cable issues (collisions, errors, duplex, speed)

2.4 Configure, verify, and troubleshoot VLANs (normal/extended range) spanning multiple switches

2.4.a Access ports (data and voice)
2.4.b Default VLAN

2.5 Configure, verify, and troubleshoot interswitch connectivity

2.5.a Trunk ports
2.5.b Add and remove VLANs on a trunk
2.5.c DTP, VTP (v1&v2), and 802.1Q
2.5.d Native VLAN

2.6 Configure, verify, and troubleshoot STP protocols

2.6.a STP mode (PVST+ and RPVST+)
2.6.b STP root bridge selection

2.7 Configure, verify and troubleshoot STP related optional features

2.7.a PortFast
2.7.b BPDU guard

2.8 Configure and verify Layer 2 protocols

2.8.a Cisco Discovery Protocol
2.8.b LLDP

2.9 Configure, verify, and troubleshoot (Layer 2/Layer 3) EtherChannel

2.9.a Static
2.9.b PAGP
2.9.c LACP

2.10 Describe the benefits of switch stacking and chassis aggregation

3.0 Routing Technologies 23%

3.1 Describe the routing concepts

3.1.a Packet handling along the path through a network
3.1.b Forwarding decision based on route lookup
3.1.c Frame rewrite

3.2 Interpret the components of a routing table

3.2.a Prefix
3.2.b Network mask
3.2.c Next hop
3.2.d Routing protocol code
3.2.e Administrative distance
3.2.f Metric
3.2.g Gateway of last resort

3.3 Describe how a routing table is populated by different routing information sources

3.3.a Admin distance

3.4 Configure, verify, and troubleshoot inter-VLAN routing

3.4.a Router on a stick
3.4.b SVI

3.5 Compare and contrast static routing and dynamic routing

3.6 Compare and contrast distance vector and link state routing protocols

3.7 Compare and contrast interior and exterior routing protocols

3.8 Configure, verify, and troubleshoot IPv4 and IPv6 static routing

3.8.a Default route
3.8.b Network route
3.8.c Host route
3.8.d Floating static

3.9 Configure, verify, and troubleshoot single area and multi-area OSPFv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.10 Configure, verify, and troubleshoot single area and multi-area OSPFv3 for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub, virtual-link, and LSAs)

3.11 Configure, verify, and troubleshoot EIGRP for IPv4 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.12 Configure, verify, and troubleshoot EIGRP for IPv6 (excluding authentication, filtering, manual summarization, redistribution, stub)

3.13 Configure, verify, and troubleshoot RIPv2 for IPv4 (excluding authentication, filtering, manual summarization, redistribution)

3.14 Troubleshoot basic Layer 3 end-to-end connectivity issues

4.0 WAN Technologies 10%

4.1 Configure and verify PPP and MLPPP on WAN interfaces using local authentication

4.2 Configure, verify, and troubleshoot PPPoE client-side interfaces using local authentication

4.3 Configure, verify, and troubleshoot GRE tunnel connectivity

4.4 Describe WAN topology options

4.4.a Point-to-point
4.4.b Hub and spoke
4.4.c Full mesh
4.4.d Single vs dual-homed

4.5 Describe WAN access connectivity options

4.5.a MPLS
4.5.b Metro Ethernet
4.5.c Broadband PPPoE
4.5.d Internet VPN (DMVPN, site-to-site VPN, client VPN)

4.6 Configure and verify single-homed branch connectivity using eBGP IPv4 (limited to peering and route advertisement using Network command only)

4.7 Describe basic QoS concepts

4.7.a Marking
4.7.b Device trust
4.7.c Prioritization
4.7.c. [i] Voice
4.7.c. [ii] Video
4.7.c. [iii] Data
4.7.d Shaping
4.7.e Policing
4.7.f Congestion management

5.0 Infrastructure Services 10%

5.1 Describe DNS lookup operation

5.2 Troubleshoot client connectivity issues involving DNS

5.3 Configure and verify DHCP on a router (excluding static reservations)

5.3.a Server
5.3.b Relay
5.3.c Client
5.3.d TFTP, DNS, and gateway options

5.4 Troubleshoot client- and router-based DHCP connectivity issues

5.5 Configure, verify, and troubleshoot basic HSRP

5.5.a Priority
5.5.b Preemption
5.5.c Version

5.6 Configure, verify, and troubleshoot inside source NAT

5.6.a Static
5.6.b Pool
5.6.c PAT

5.7 Configure and verify NTP operating in a client/server mode

6.0 Infrastructure Security 11%

6.1 Configure, verify, and troubleshoot port security

6.1.a Static
6.1.b Dynamic
6.1.c Sticky
6.1.d Max MAC addresses
6.1.e Violation actions
6.1.f Err-disable recovery

6.2 Describe common access layer threat mitigation techniques

6.2.a 802.1x
6.2.b DHCP snooping
6.2.c Nondefault native VLAN

6.3 Configure, verify, and troubleshoot IPv4 and IPv6 access list for traffic filtering

6.3.a Standard
6.3.b Extended
6.3.c Named

6.4 Verify ACLs using the APIC-EM Path Trace ACL analysis tool

6.5 Configure, verify, and troubleshoot basic device hardening

6.5.a Local authentication
6.5.b Secure password
6.5.c Access to device
6.5.c. [i] Source address
6.5.c. [ii] Telnet/SSH
6.5.d Login banner

6.6 Describe device security using AAA with TACACS+ and RADIUS

7.0 Infrastructure Management 10%

7.1 Configure and verify device-monitoring protocols

7.1.a SNMPv2
7.1.b SNMPv3
7.1.c Syslog

7.2 Troubleshoot network connectivity issues using ICMP echo-based IP SLA

7.3 Configure and verify device management

7.3.a Backup and restore device configuration
7.3.b Using Cisco Discovery Protocol or LLDP for device discovery
7.3.c Licensing
7.3.d Logging
7.3.e Timezone
7.3.f Loopback

7.4 Configure and verify initial device configuration

7.5 Perform device maintenance

7.5.a Cisco IOS upgrades and recovery (SCP, FTP, TFTP, and MD5 verify)
7.5.b Password recovery and configuration register
7.5.c File system management

7.6 Use Cisco IOS tools to troubleshoot and resolve problems

7.6.a Ping and traceroute with extended option
7.6.b Terminal monitor
7.6.c Log events
7.6.d Local SPAN

7.7 Describe network programmability in enterprise network architecture

7.7.a Function of a controller
7.7.b Separation of control plane and data plane
7.7.c Northbound and southbound APIs

---

QUESTION 22
A receiving host computes the checksum on a frame and determines that the frame is damaged. The frame is then discarded. At which OSI layer did this happen?
A. session
B. transport
C. network
D. data link
E. physical

Answer: D
Explanation:
The Data Link layer provides the physical transmission of the data and handles error notification, network topology, and flow control. The Data Link layer formats the message into pieces, each called a data frame, and adds a customized header containing the hardware destination and source address. Protocols Data Unit (PDU) on Datalink layer is called frame. According to this question the frame is damaged and discarded which will happen at the Data Link layer.

---

QUESTION 23
A router has two Fast Ethernet interfaces and needs to connect to four VLANs in the local network. How can you accomplish this task, using the fewest physical interfaces and without decreasing network performance?
A. Use a hub to connect the four VLANS with a Fast Ethernet interface on the router.
B. Add a second router to handle the VLAN traffic.
C. Add two more Fast Ethernet interfaces.
D. Implement a router-on-a-stick configuration.

Answer: D
Explanation:
A router on a stick allows you to use sub-interfaces to create multiple logical networks on a single physical interface.

---

QUESTION 25
In an Ethernet network, under what two scenarios can devices transmit? (Choose two.)
A. when they receive a special token
B. when there is a carrier
C. when they detect no other devices are sending
D. when the medium is idle
E. when the server grants access

Answer: C,D
Explanation:
Ethernet network is a shared environment so all devices have the right to access to the medium. If more than one device transmits simultaneously, the signals collide and cannot reach the destination.
If a device detects another device is sending, it will wait for a specified amount of time before attempting to transmit.
When there is no traffic detected, a device will transmit its message. While this transmission is occurring, the device continues to listen for traffic or collisions on the LAN. After the message is sent, the device returns to its default listening mode.

---

QUESTION 28
VLAN 3 is not yet configured on your switch. What happens if you set the switchport access vlan 3 command in interface configuration mode?
A. The command is rejected.
B. The port turns amber.
C. The command is accepted and the respective VLAN is added to vlan.dat.
D. The command is accepted and you must configure the VLAN manually.

Answer: C
Explanation:
The “switchport access vlan 3” will put that interface as belonging to VLAN 3 while also updated the VLAN database automatically to include VLAN 3.

---

QUESTION 29
Which term describes a spanning-tree network that has all switch ports in either the blocking or forwarding state?
A. converged
B. redundant
C. provisioned
D. spanned

Answer: A
Explanation:
Spanning Tree Protocol convergence (Layer 2 convergence) happens when bridges and switches have transitioned to either the forwarding or blocking state. When layer 2 is converged, root bridge is elected and all port roles (Root, Designated and Non-Designated) in all switches are selected.

Click here to view complete Q&A of 200-125 exam
Certkingdom Review

Best Cisco 200-125 Certification, Cisco 200-125 Training at certkingdom.com