Q121. To what Layer 2 technology does VRF closely compare? 






Q122. Which statement describes the recommended deployment of DNS and DHCP servers in the Cisco Network Architecture for the Enterprise? 

A. Place the DHCP and DNS servers in the Enterprise Campus Access layer and Enterprise branch. 

B. Place the DHCP and DNS servers in the Enterprise Campus Server Farm layer and Enterprise branch. 

C. Place the DHCP server in the Enterprise Campus Core layer and Remote Access_VPN module with the DNS server in the Internet Connectivity module. 

D. Place the DHCP server in the Enterprise Campus Distribution layer with the DNS server in the Internet Connectivity module. 


Explanation: For the Enterprise Campus, DHCP and internal DNS servers should be located in the Server Farm and they should be redundant. External DNS servers can be placed redundantly at the service provider facility and at the Enterprise branch. 

Q123. Refer to the exhibit. 

A standard Layer 2 campus network design is pictured. Which numbered box represents the core layer? 

A. #1 

B. #2 

C. #3 

D. #4 

E. #5 


Q124. A network engineer is following the Cisco enterprise architecture model. To which network layer would a branch office connect to using a private WAN? 

A. Enterprise Campus 

B. Enterprise Edge 

C. SP Edge Premise 

D. Remote Module 


Q125. Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol. Which other authentication solution is used hand-in-hand with 802.1X to authenticate users for network access? 



C. IPsec 





Cisco Identity-Based Network Services The Cisco Identity-Based Network Services solution is a way to authenticate host access based on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of VLANs on a per-user basis, guest VLANs, and 802.1X with port security. 

The 802.1 X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network. The 802.1 X protocol operates between the end-user client seeking access and an Ethernet switch or wireless access point (AP) providing the connection to the network. In 802.1 X terminology, clients are called supplicants, and switches and APs are called authenticates. A back-end RADIUS server such as a Cisco Access Control Server (ACS) provides the user account database used to apply authentication and authorization. With an IBNS solution, the host uses 802.IX and Extensible Authentication Protocol over LANs (EAPoL) to send the credentials and initiate a session to the network. After the host and switch establish LAN connectivity, username and password credentials are requested. The client host then sends the credentials to the switch, which forwards them to the RADIUS ACS. The RADIUS ACS performs a lookup on the username and password to determine the credentials' validity. If the username and password are correct, an accept message is sent to the switch or AP to allow access to the client host. If the username and password are incorrect, the server sends a message to the switch or AP to block the host port. Figure 13-4 illustrates the communication flow of two hosts using 802.1X and KAPoL with the switch, AP, and back-end RADIUS server. 

Q126. You need to connect to a remote branch office via an Internet connection. The remote office does not use Cisco equipment. This connection must be secure and must support OSPF. Which of the following can be used to transport data to the branch office? 

A. GRE over IPsec 

B. IPsec 


D. IPsec VTI 


Q127. What two CoS values are used by voice traffic? (Choose two.) 

A. COS1 

B. COS2 

C. COS3 

D. COS4 

E. COS5 

Answer: C,E 

Q128. Which IPv6 feature enables routing to distribute connection requests to the nearest content server? 

A. Link-local 

B. Site-local 

C. Anycast 

D. Multicast 

E. Global aggregatable 


Explanation: Any cast is a network addressing and routing methodology in which data grams from a single sender are routed to the topologically nearest node in a group of potential receivers all identified by the same destination address. Link: http://en.wikipedia.org/wiki/Anycast 

Q129. A secure WAN design requires dynamic routing and IP multicast. What two VPN protocols meet these requirements? (Choose two.) 

A. Standard IPsec 

B. P2P GRE over IPsec 


D. AnyConnect 


F. Easy VPN 


Answer: B,C 

Q130. Which one of these statements describes why, from a design perspective, a managed VPN approach for enterprise teleworkers is most effective? 

A. A managed VPN solution uses a cost-effective, on-demand VPN tunnel back to the enterprise. 

B. This solution supports all teleworkers who do not require voice or video. 

C. This architecture provides centralized management where the enterprise can apply security policies and push configurations. 

D. It provides complete flexibility for remote access through a wireless hotspot or a guest network at a hotel, in addition to a home office.