Thursday, 28 April 2016

300-465 CLDDES Designing the Cisco Cloud

Exam Number 300-465 CLDDES
Associated Certifications CCNP Cloud
Duration 90 Minutes (55 - 65 questions)
Available Languages English
Register Pearson VUE
Exam Policies Read current policies and requirements
Exam Tutorial Review type of exam questions

Exam Description
The 300-465 (CLDDES) Designing the Cisco Cloud is a 90-minute, 55-65 question assessment that is associated with the CCNP Cloud Certification. This exam tests a candidate's knowledge and ability to: translate requirements into cloud/automation process designs; design Private Cloud infrastructures; design Public Cloud infrastructures, design Cloud Security Policies; and design Virtualization and Virtual Network Services. Candidates can prepare for this assessment by taking the Designing the Cisco Cloud (CLDDES v1.0) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Translate Requirements into Automation Designs 22%

1.1 Gather business requirements

1.1.a Identify key business requirements for cloud/automation
1.1.b Choose appropriate cloud implementation to meet business requirements

1.2 Describe automation as a foundation of cloud design

1.3 Design appropriate automation tasks to meet requirements

1.3.a Design infrastructure container automation within UCS Director
1.3.b Design catalog
1.3.c Define infrastructure container
1.3.d Design workflow and services

1.4 Design Prime Services Catalog store front for UCS Director

1.5 Design Application and Platform as a Service using Stack Designer

1.6 Select the appropriate solution to automate private or hybrid clouds

1.6.a Cisco Enablement Platform
1.6.b UCS Director
1.6.c Cisco Intelligent Automation for Cloud (CIAC)

2.0 Design a Private Cloud Infrastructure 22%

2.1 Compare and contrast the various private cloud integrated infrastructures

2.1.a Flexpod
2.1.b VBlock
2.1.c Virtual System Specifications (VSPEX)

2.2 Given a set of requirements, determine when to use file or block storage

2.3 Select the methods of accessing storage

2.3.a Determine connectivity types
2.3.b Determine access rights

2.4 Determine the thin/thick provisioning methods for a given environment

2.5 Determine the appropriate methods of interconnecting private clouds

2.6 Determine when to use the appropriate solution to automate network services

3.0 Design a Hybrid Cloud Infrastructure 16%

3.1 Compare and contrast the various public cloud architectures

3.2 Select the methodology to connect to public clouds

3.3 Select the appropriate solution to automate hybrid cloud provisioning

4.0 Design a Cloud Security Policy 20%

4.1 Describe best practices for securing cloud infrastructure

4.2 Describe best practices for securing cloud services

4.3 Design a secure multi tenant environment

4.4 Design a security policy to protect a private cloud

4.5 Design a security policy to protect a hybrid cloud

5.0 Virtualization and Virtual Network Services for Private and Hybrid Clouds 20%

5.1 Describe the advantages, disadvantages and features of different hypervisors

5.1.a Resource scheduling
5.1.b DR
5.1.c HA

5.2 Describe the use of cloud automation tools to facilitate physical to virtual or virtual to virtual migrations

5.2.a Workflows
5.2.a.1 Cisco Enablement Platform
5.2.a.2 UCS Director
5.2.a.3 Virtual Application Container Services (VACS)
5.2.b Compare benefits and limitation of Virtual Machines

5.3 Select the appropriate virtual network and security services to meet requirements

5.4 Describe context aware infrastructure and workflow identity

5.4.a Methodologies
5.4.b Components
5.4.c Use cases

5.5 Describe workload mobility

5.5.a Describe VM migration: move VMs from any hypervisor to any public cloud and back
5.5.b Describe VM conversion
5.5.c Describe use cases

5.6 Describe the ability to automate VM life cycle

5.6.a Describe workflow creation using Intercloud Fabric Director and Prime Services Catalog


Posted by at No comments:
Labels: , , , , , , , ,

Friday, 22 April 2016

300-320 ARCH Designing Cisco Network Service Architectures

Exam Number 300-320
Associated Certifications CCDP
Duration 75 minutes (60 - 70 questions)
Available Languages English

Exam Description
The Designing Cisco Network Service Architectures (ARCH) exam (300-320) is a 75-minute assessment with 60 – 70 questions associated with the Cisco Certified Design Professional certification. This exam tests a candidate's knowledge of the latest development in network design and technologies, including L2 and L3 infrastructures for the enterprise, WAN technologies, data center integration, network security and network services.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Advanced Addressing and Routing Solutions for Enterprise Networks 22%

1.1 Create structured addressing designs to facilitate summarization

1.1.a Hierarchy
1.1.b Efficiency
1.1.c Scalability
1.1.d NAT

1.2 Create stable, secure, and scalable routing designs for IS-IS

1.3 Create stable, secure, and scalable routing designs for EIGRP

1.4 Create stable, secure, and scalable routing designs for OSPF

1.5 Create stable, secure, and scalable routing designs for BGP

1.5.a Transit prevention
1.5.b Basic route filtering
1.5.c Authentication
1.5.d Communities
1.5.e Basic traffic engineering (load distribution, creating path symmetry)
1.5.f Route reflectors

1.6 Determine IPv6 migration strategies

1.6.a Overlay (tunneling)
1.6.b Native (dual-stacking)
1.6.c Boundaries (IPv4/IPv6 translations)

2.0 Advanced Enterprise Campus Networks 20%

2.1 Design for high availability

2.1.a First Hop Redundancy Protocols
2.1.b Device virtualization

2.2 Design campus Layer 2 infrastructures

2.2.a STP scalability
2.2.b Fast convergence
2.2.c Loop-free technologies

2.3 Design multicampus Layer 3 infrastructures

2.3.a Convergence
2.3.b Load sharing
2.3.c Route summarization
2.3.d Route filtering
2.3.e VRFs
2.3.f Optimal topologies

2.4 Design a network to support network programmability

2.4.a Describe Application Centric Infrastructures (ACI)
2.4.b Select appropriate controller to meet requirements
2.4.c Identify and address key security issues with network programmability

3.0 WANs for Enterprise Networks 17%

3.1 Compare and contrast WAN connectivity options

3.1.a Dynamic Multipoint VPN (DMVPN)
3.1.b Layer 2 VPN
3.1.c MPLS Layer 3 VPN
3.1.d IPsec
3.1.e Generic Routing Encapsulation (GRE)
3.1.f Private lines

3.2 Design site-to-site VPNs

3.2.a DMVPN
3.2.b Layer 2 VPN
3.2.c MPLS Layer 3 VPN
3.2.d IPSec
3.2.e Group Encrypted Transport VPN (GETVPN)

3.3 Design for a resilient WAN strategy

3.3.a Single-homed
3.3.b Multi-homed
3.3.c Backup connectivity
3.3.d Failover

3.4 Design Extranet connectivity

3.4.a VPN
3.4.b Private lines
3.4.c Multitenant segmentation

3.5 Design Internet edge connectivity

3.5.a DMZ
3.5.b NAT
3.5.c Proxy functionality
3.5.d Resiliency
3.5.e Basic traffic engineering techniques (outbound/inbound load distribution, active/failover, symmetric outbound traffic flows)

4.0 Enterprise Data Center Integration 17%

4.1 Describe a modular and scalable data center network

4.1.a Top-of-rack
4.1.b End-of-row
4.1.c Multitenant environments
4.1.d Multitier topologies

4.2 Describe network virtualization technologies for the data center

4.2.a VPC
4.2.b VSS
4.2.c VDCs
4.2.d VRFs
4.2.e Multichassis EtherChannel
4.2.f VXLAN
4.2.g TRILL / Fabric Path

4.3 Describe high availability in a data center network

4.3.a VPC
4.3.b VSS
4.3.c Multichassis EtherChannel

4.4 Design data center interconnectivity

4.4.a OTV
4.4.b Private Line
4.4.c L2 vs. L3
4.4.d VPLS
4.4.e A-VPLS

4.5 Design data center and network integration

4.5.a Traffic flow
4.5.b Bandwidth
4.5.c Security
4.5.d Resiliency

5.0 Security Services 13%

5.1 Design firewall and IPS solutions

5.1.a Modes of operation
5.1.b Clustering
5.1.c High availability techniques
5.1.d IPS functionality and placement
5.1.e Multiple contexts

5.2 Design network access control solutions

5.2.a 802.1x
5.2.b TrustSec
5.2.c EAP
5.2.d Authentication services
5.2.e RBAC
5.2.f Basic denial of service mitigation techniques

5.3 Design infrastructure protection

5.3.a Infra structure ACLs
5.3.b CoPP
5.3.c Layer 2 / Layer 3 security considerations

6.0 Network Services 11%

6.1 Select appropriate QoS strategies to meet customer requirements

6.1.a DiffServ
6.1.b IntServ

6.2 Design end-to-end QoS policies

6.2.a Classification and marking
6.2.b Shaping
6.2.c Policing
6.2.d Queuing

6.3 Describe network management techniques

6.3.a In-band vs. out-of-band
6.3.b Segmented management networks
6.3.c Prioritizing network management traffic

6.4 Describe multicast routing concepts

6.4.a Source trees, shared trees
6.4.b RPF
6.4.c Rendezvous points

6.5 Design multicast services

6.5.a SSM
6.5.b PIM bidirectional
6.5.c MSDP
QUESTION 1
Which option maximizes EIGRP scalability?

A. route redistribution
B. route redundancy
C. route filtering
D. route summarization

Answer: D

QUESTION 2
To which network layer should Cisco Express Forwarding be tuned to support load balancing and to make more informed forwarding decisions?

A. Layer 1
B. Layer 2
C. Layer 3
D. Layer 4
E. Layer 5
F. Layer 6
G. Layer 7

Answer: D

QUESTION 3
Which option is the Cisco preferred, most versatile, and highest-performance way to deploy IPv6 in existing IPv4 environments?

A. dual stack
B. hybrid
C. service block
D. dual service

Answer: A

QUESTION 4
An engineer is designing an address plan. Which IPv6 prefix removes any consideration regarding the number of hosts per subnet?

A. /32
B. /48
C. /64
D. /96

Answer: C

QUESTION 5
Which protocol is best when there are circuit connections with two different ISPs in a multihoming scenario?

A. VRRP
B. BGP
C. IPsec
D. SSL

Answer: B

QUESTION 6
What is the latest Cisco high-availability solution?

A. VRRP
B. HSRP
C. VSS
D. GLBP

Answer: C
Posted by at No comments:
Labels: , , , , , , , ,

Monday, 18 April 2016

300-208 SISAS Implementing Cisco Secure Access Solutions

Exam Number 300-208 SISAS
Associated Certifications CCNP Security
Duration 90 minutes (65 - 75 questions)
Available Languages English, Japanese

Exam Description
The Implementing Cisco Secure Access Solutions (SISAS) (300-208) exam tests whether a network security engineer knows the components and architecture of secure access, by utilizing 802.1X and Cisco TrustSec. This 90-minute exam consists of 65–75 questions and assesses knowledge of Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solutions. It also includes the fundamental concepts of bring your own device (BYOD) using posture and profiling services of ISE. Candidates can prepare for this exam by taking the Implementing Cisco Secure Access Solutions (SISAS) course.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Identity Management/Secure Access 33%
1.1 Implement device administration

1.1.a Compare and select AAA options
1.1.b TACACS+
1.1.c RADIUS
1.1.d Describe Native AD and LDAP

1.2 Describe identity management
1.2.a Describe features and functionality of authentication and authorization
1.2.b Describe identity store options (i.e., LDAP, AD, PKI, OTP, Smart Card, local)
1.2.c Implement accounting

1.3 Implement wired/wireless 802.1X
1.3.a Describe RADIUS flows
1.3.b AV pairs
1.3.c EAP types
1.3.d Describe supplicant, authenticator, and server
1.3.e Supplicant options
1.3.f 802.1X phasing (monitor mode, low impact, closed mode)
1.3.g AAA server
1.3.h Network access devices

1.4 Implement MAB
1.4.a Describe the MAB process within an 802.1X framework
1.4.b Flexible authentication configuration
1.4.c ISE authentication/authorization policies
1.4.d ISE endpoint identity configuration
1.4.e Verify MAB Operation

1.5 Implement network authorization enforcement
1.5.a dACL
1.5.b Dynamic VLAN assignment
1.5.c Describe SGA
1.5.d Named ACL
1.5.e CoA

1.6 Implement Central Web Authentication (CWA)
1.6.a Describe the function of CoA to support web authentication
1.6.b Configure authentication policy to facilitate CWA
1.6.c URL redirect policy
1.6.d Redirect ACL
1.6.e Customize web portal
1.6.f Verify central web authentication operation

1.7 Implement profiling
1.7.a Enable the profiling services
1.7.b Network probes
1.7.c IOS Device Sensor
1.7.d Feed service
1.7.e Profiling policy rules
1.7.f Utilize profile assignment in authorization policies
1.7.g Verify profiling operation

1.8 Implement guest services
1.8.a Managing sponsor accounts
1.8.b Sponsor portals
1.8.c Guest portals
1.8.d Guest Policies
1.8.e Self registration
1.8.f Guest activation
1.8.g Differentiated secure access
1.8.h Verify guest services operation

1.9 Implement posture services
1.9.a Describe the function of CoA to support posture services
1.9.b Agent options
1.9.c Client provisioning policy and redirect ACL
1.9.d Posture policy
1.9.e Quarantine/remediation
1.9.f Verify posture service operation

1.10 Implement BYOD access
1.10.a Describe elements of a BYOD policy
1.10.b Device registration
1.10.c My devices portal
1.10.d Describe supplicant provisioning

2.0 Threat Defense 10%
2.1 Describe TrustSec Architecture
2.1.a SGT Classification - dynamic/static
2.1.b SGT Transport - inline tagging and SXP
2.1.c SGT Enforcement - SGACL and SGFW
2.1.d MACsec

3.0 Troubleshooting, Monitoring and Reporting Tools 7%

3.1 Troubleshoot identity management solutions

3.1.a Identify issues using authentication event details in Cisco ISE
3.1.b Troubleshoot using Cisco ISE diagnostic tools
3.1.c Troubleshoot endpoint issues
3.1.d Use debug commands to troubleshoot RADIUS and 802.1X on IOS switches and wireless controllers
3.1.e Troubleshoot backup operations

4.0 Threat Defense Architectures 17%

4.1 Design highly secure wireless solution with ISE

4.1.a Identity Management
4.1.b 802.1X
4.1.c MAB
4.1.d Network authorization enforcement
4.1.e CWA
4.1.f Profiling
4.1.g Guest Services
4.1.h Posture Services
4.1.i BYOD Access

5.0 Identity Management Architectures 33%

5.1 Device administration
5.2 Identity Management
5.3 Profiling
5.4 Guest Services
5.5 Posturing Services
5.6 BYOD Access

QUESTION 1
With which two appliance-based products can Cisco Prime Infrastructure integrate to perform centralized management? (Choose two.)

A. Cisco Managed Services Engine
B. Cisco Email Security Appliance
C. Cisco Wireless Location Appliance
D. Cisco Content Security Appliance
E. Cisco ISE

Answer: A,E

QUESTION 2
Which two fields are characteristics of IEEE 802.1AE frame? (Choose two.)

A. destination MAC address
B. source MAC address
C. 802.1AE header in EtherType
D. security group tag in EtherType
E. integrity check value
F. CRC/FCS

Answer: C,E

QUESTION 3
Which three statements about the Cisco wireless IPS solution are true? (Choose three.)

A. It enables stations to remain in power-save mode, except at specified intervals to receive data from the access point.
B. It detects spoofed MAC addresses.
C. It identifies potential RF jamming attacks.
D. It protects against frame and device spoofing.
E. It allows the WLC to failover because of congestion.

Answer: B,C,D

QUESTION 4
In AAA, what function does authentication perform?

A. It identifies the actions that the user can perform on the device.
B. It identifies the user who is trying to access a device.
C. It identifies the actions that a user has previously taken.
D. It identifies what the user can access.

Answer: B

QUESTION 5
Which two EAP types require server side certificates? (Choose two.)

A. EAP-TLS
B. PEAP
C. EAP-MD5
D. LEAP
E. EAP-FAST
F. MSCHAPv2

Answer: A,B

Posted by at No comments:
Labels: , , , , , , , ,

Monday, 4 April 2016

300-135 TSHOOT

Troubleshooting and Maintaining Cisco IP Networks (TSHOOT)
Exam Number 300-135 TSHOOT
Associated Certifications CCNP Routing and Switching
Duration 120 minutes (15-25 questions)
Available Languages English, Japanese

Troubleshooting and Maintaining Cisco IP Networks (TSHOOT 300-135) is a qualifying exam for the Cisco CCNP Routing and Switching certification. The TSHOOT 300-135 exam certifies that the successful candidate has the knowledge and skills necessary to:

Plan and perform regular maintenance on complex enterprise routed and switched networks
Use technology-based practices and a systematic ITIL-compliant approach to perform network troubleshooting

Exam Description
Troubleshooting and Maintaining Cisco IP Networks (TSHOOT 300-135) is a 120-minute qualifying exam with 15‒25 questions for the Cisco CCNP Routing and Switching certification. The TSHOOT 300-135 exam certifies that the successful candidate has the knowledge and skills necessary to:

Plan and perform regular maintenance on complex enterprise routed and switched networks
Use technology-based practices and a systematic ITIL-compliant approach to perform network troubleshooting

The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific version of the exam. To better reflect the contents of the exam and for clarity, the following guidelines may change at any time without notice.

Subscribe to Cisco Learning Network Premium and access the most comprehensive e-learning training, resources and tools you’ll need to prepare for your CCENT, CCNA and CCNP Routing and Switching certifications.


1.0 Network Principles 5%

1.1 Use Cisco IOS troubleshooting tools

1.1.a Debug, conditional debug
1.1.b Ping and trace route with extended options

1.2 Apply troubleshooting methodologies

1.2.a Diagnose the root cause of networking issues (analyze symptoms, identify and describe root cause)
1.2.b Design and implement valid solutions
1.2.c Verify and monitor resolution

2.0 Layer 2 Technologies 40%

2.1 Troubleshoot switch administration

2.1.a SDM templates
2.1.b Managing MAC address table
2.1.c Troubleshoot Err-disable recovery

2.2 Troubleshoot Layer 2 protocols

2.2.a CDP, LLDP
2.2.b UDLD

2.3 Troubleshoot VLANs

2.3.a Access ports
2.3.b VLAN database
2.3.c Normal, extended VLAN, voice VLAN

2.4 Troubleshoot trunking

2.4.a VTPv1, VTPv2, VTPv3, VTP pruning
2.4.b dot1Q
2.4.c Native VLAN
2.4.d Manual pruning

2.5 Troubleshoot EtherChannels

2.5.a LACP, PAgP, manual
2.5.b Layer 2, Layer 3
2.5.c Load balancing
2.5.d EtherChannel misconfiguration guard

2.6 Troubleshoot spanning tree

2.6.a PVST+, RPVST +, MST
2.6.b Switch priority, port priority, path cost, STP timers
2.6.c PortFast, BPDUguard, BPDUfilter
2.6.d Loopguard, Rootguard

2.7 Troubleshoot other LAN switching technologies

2.7.a SPAN, RSPAN

2.8 Troubleshoot chassis virtualization and aggregation technologies

2.8.a Stackwise

3.0 Layer 3 Technologies 40%

3.1 Troubleshoot IPv4 addressing and subnetting

3.1.a Address types (Unicast, broadcast, multicast, and VLSM)
3.1.b ARP
3.1.c DHCP relay and server
3.1.d DHCP protocol operations

3.2 Troubleshoot IPv6 addressing and subnetting

3.2.a Unicast
3.2.b EUI-64
3.2.c ND, RS/RA
3.2.d Autoconfig (SLAAC)
3.2.e DHCP relay and server
3.2.f DHCP protocol operations

3.3 Troubleshoot static routing

3.4 Troubleshoot default routing

3.5 Troubleshoot administrative distance

3.6 Troubleshoot passive interfaces

3.7 Troubleshoot VRF lite

3.8 Troubleshoot filtering with any protocol

3.9 Troubleshoot between any routing protocols or routing sources

3.10 Troubleshoot manual and autosummarization with any routing protocol

3.11 Troubleshoot policy-based routing

3.12 Troubleshoot suboptimal routing

3.13 Troubleshoot loop prevention mechanisms

3.13.a Route tagging, filtering
3.13.b Split-horizon
3.13.c Route poisoning

3.14 Troubleshoot RIPv2

3.15 Troubleshoot EIGRP neighbor relationship and authentication

3.16 Troubleshoot loop free path selection

3.16.a RD, FD, FC, successor, feasible successor

3.17 Troubleshoot EIGPR operations

3.17.a Stuck in active

3.18 Troubleshoot EIGRP stubs

3.19 Troubleshoot EIGRP load balancing

3.19.a Equal cost
3.19.b Unequal cost

3.20 Troubleshoot EIGRP metrics

3.21 Troubleshoot EIGRP for IPv6

3.22 Troubleshoot OSPF neighbor relationship and authentication

3.23 Troubleshoot network types, area types, and router types

3.23.a Point-to-point, multipoint, broadcast, nonbroadcast
3.23.b LSA types, area type: backbone, normal, transit, stub, NSSA, totally stub
3.23.c Internal router, backbone router, ABR, ASBR
3.23.d Virtual link

3.24 Troubleshoot OSPF path preference

3.25 Troubleshoot OSPF operations

3.26 Troubleshoot OSPF for IPv6

3.27 Troubleshoot BGP peer relationships and authentication

3.27.a Peer group
3.27.b Active, passive
3.27.c States and timers

3.28 Troubleshoot eBGP

3.28.a eBGP
3.28.b 4-byte AS number
3.28.c Private AS

4.0 VPN Technologies 5%
4.1 Troubleshoot GRE

5.0 Infrastructure Security 5%

5.1 Troubleshoot IOS AAA using local database

5.2 Troubleshoot device access control

5.2.a Lines (VTY, AUX, console)
5.2.b Management plane protection
5.2.c Password encryption

5.3 Troubleshoot router security features

5.3.a IPv4 access control lists (standard, extended, time-based)
5.3.b IPv6 traffic filter
5.3.c Unicast reverse path forwarding

6.0 Infrastructure Services 5%

6.1 Troubleshoot device management

6.1.a Console and VTY
6.1.b Telnet, HTTP, HTTPS, SSH, SCP
6.1.c (T) FTP

6.2 Troubleshoot SNMP

6.2.a v2
6.2.b v3

6.3 Troubleshoot logging

6.3.a Local logging, syslog, debugs, conditional debugs
6.3.b Timestamps

6.4 Troubleshoot Network Time Protocol(NTP)

6.4.a NTP master, client, version 3, version 4
6.4.b NTP authentication

6.5 Troubleshoot IPv4 and IPv6 DHCP

6.5.a DHCP client, IOS DHCP server, DHCP relay
6.5.b DHCP options (describe)

6.6 Troubleshoot IPv4 Network Address Translation (NAT)

6.6.a Static NAT, Dynamic NAT, PAT

6.7 Troubleshoot SLA architecture

6.8 Troubleshoot tracking objects

6.8.a Tracking objects
6.8.b Tracking different entities (for example, interfaces, IPSLA results)
QUESTION 1
Exhibit:



A network administrator is troubleshooting an EIGRP connection between RouterA, IP address
10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two
statements are true? (Choose two.)

A. RouterA received a hello packet with mismatched autonomous system numbers.
B. RouterA received a hello packet with mismatched hello timers.
C. RouterA received a hello packet with mismatched authentication parameters.
D. RouterA received a hello packet with mismatched metric-calculation mechanisms.
E. RouterA will form an adjacency with RouterB.
F. RouterA will not form an adjacency with RouterB.

Answer: D,F

Explanation:

QUESTION 2
When troubleshooting an EIGRP connectivity problem, you notice that two connected EIGRP
routers are not becoming EIGRP neighbors. A ping between the two routers was successful. What
is the next thing that should be checked?

A. Verify that the EIGRP hello and hold timers match exactly.
B. Verify that EIGRP broadcast packets are not being dropped between the two routers with the
show ip EIGRP peer command.
C. Verify that EIGRP broadcast packets are not being dropped between the two routers with the
show ip EIGRP traffic command.
D. Verify that EIGRP is enabled for the appropriate networks on the local and neighboring router.

Answer: D

Explanation:

QUESTION 3
Refer to the exhibit.



How would you confirm on R1 that load balancing is actually occurring on the default-network
(0.0.0.0)?

A. Use ping and the show ip route command to confirm the timers for each default network resets
to 0.
B. Load balancing does not occur over default networks; the second route will only be used for
failover.
C. Use an extended ping along with repeated show ip route commands to confirm the gateway of
last resort address toggles back and forth.
D. Use the traceroute command to an address that is not explicitly in the routing table.

Answer: D

Explanation:

QUESTION 4
Which IPsec mode will encrypt a GRE tunnel to provide multiprotocol support and reduced
overhead?

A. 3DES
B. multipoint GRE
C. tunnel
D. transport

Answer: D

Explanation:

QUESTION 5
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building siteto-
site VPNs? (Choose three.)

A. allows dynamic routing over the tunnel
B. supports multi-protocol (non-IP) traffic over the tunnel
C. reduces IPsec headers overhead since tunnel mode is used
D. simplifies the ACL used in the crypto map
E. uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

Answer: A,B,D

Explanation:

Posted by at No comments:
Labels: , , , , , , ,
Subscribe to: Posts (Atom)