Cause all that matters here is passing the Cisco cisco 200 310 exam. Cause all that you need is a high score of ccda 200 310 dump Designing for Cisco Internetwork Solutions exam. The only one thing you need to do is downloading Examcollection ccda 200 310 exam study guides now. We will not let you down with our money-back guarantee.
Q11. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
Q12. What Cisco product is designed to improve the performance of Windows file and exchange services in remote data centers?
A. Application Control Engine
B. Wide Area Application Services
C. Cisco Application Policy Infrastructure Controller
D. Cisco Prime Network Services Controller
Q13. Which WLC interface is dedicated for WLAN client data?
A. virtual interface B. dynamic interface
C. management interface
D. AP manager interface
E. service port interface
WLC Interface Types
A WLC has five interface types:
Management interface (static, configured at setup, mandatory) is used for in-band management, connectivity to AAA, and Layer 2 discovery and association.
Service-port interface (static, configured at setup, optional) is used for out-of-band management. It is an optional interface that is statically configured.
AP manager interface (static, configured at setup, mandatory except for 5508 WLC) is used for Layer 3 discovery and association. It has the source IP address of the AP that is statically configured.
Dynamic interface (dynamic) is analogous to VLANs and is designated for WLAN client data.
Virtual interface (static, configured at setup, mandatory) is used for leaver 3 security authentication, DHCP relay support, and mobility management.
Q14. A network engineer is following the Cisco enterprise architecture model. To which network layer would a branch office connect to using a private WAN?
A. Enterprise Campus
B. Enterprise Edge
C. SP Edge Premise
D. Remote Module
Q15. Which Cisco device management feature is most suited to metering network traffic and providing data for billing network usage?
B. Cisco Discovery Protocol
Q16. Characterizing an existing network requires gathering as much information about the network as possible. Which of these choices describes the preferred order for the information-gathering process?
A. site and network audits, traffic analysis, existing documentation and organizational input
B. existing documentation and organizational input, site and network audits, traffic analysis
C. traffic analysis, existing documentation and organizational input, site and network audits
D. site and network audits, existing documentation and organizational input, traffic analysis
This section describes the steps necessary to characterize the existing network infrastructure and all sites. This process requires three steps:
Step 1. Gather existing documentation about the network, and query the organization to discover additional information. Organization input, a network audit, and traffic analysis provide the key information you need. (Note that existing documentation may be inaccurate.)
Step 2. Perform a network audit that adds detail to the description of the network. If possible, use traffic-analysis information to augment organizational input when you are describing the applications and protocols used in the network.
Step 3. Based on your network characterization, write a summary report that describes the health of the network. With this information, you can propose hardware and software upgrades to support the network requirements and the organizational requirements.
Q17. Which two features are supported by single wireless controller deployments? (Choose two.)
A. automatic detection and configuration of LWAPPs
B. LWAPP support across multiple floors and buildings
C. automatic detection and configuration of RF parameters
D. Layer 2 and Layer 3 roaming
E. controller redundancy
F. mobility groups
Q18. Which consideration is the most important for the network designer when considering IP routing?
C. on-demand routing
Q19. Which model of ISR is utilized for the teleworker design profile? A. Cisco 1900 Series
B. Cisco 1800 Series
C. Cisco 800 Series
D. Cisco 500 Series
Q20. Which three options represents the components of the Teleworker Solution? (Choose three.)
A. Cisco Unified IP Phone
B. Cisco 880 Series Router
C. Aironet Office Extend Access Point
D. Catalyst 3560 Series Switch
E. Cisco 2900 Series Router
F. MPLS Layer 3 VPN
G. Leased lines