A global organization with several branches hired a network architect to design an overlay VPN solution. The branches communicate with each other frequently.
The customer expects to add more branches in the future. To meet the customer's security requirements, the architect plans to provide traffic protection using dynamic IPsec tunnels. Which solution should the architect choose?

A. DMVPN

B. EasyVPN

C. L2TP

D. GETVPN

An engineer must design a QoS solution for a customer. The network currently supports data only, but the customer will roll out VoIP and IP video in conjunction with the new QoS solution. The engineer plans to use DiffServ. To ensure priority for voice services, which model must the design include?

A. 8-class model

B. 4-class model

C. 6-class model

D. 12-class model

An engineer must design a large Layer 2 domain that contains hundreds of switches and VLANs. The engineer's primary goals are to:
✑ Efficiently utilize the bandwidth of all links
✑ Avoid Layer 2 loops
✑ Cause minimal impact on switch CPU and memory
Which technology should the engineer include in the design?

A. MST

B. Rapid PVST+

C. RSTP

D. PVST+

Which is a function of the Proactive Insights feature of Cisco DNA Center Assurance?

A. enabling you to quickly view all of the contextual information related to a single user

B. generating synthetic traffic to perform tests that raise awareness of potential network issues

C. enabling you to see the complete path of packets from the client to the end application

D. pointing out where the most serious issues are happening in the network

An ISP provides Layer 3 VPN service over MPLS to a customer with four branches and multiple CE routers at each branch. To exchange the routes that are learned from the CE routers, which BGP address family should the ISP activate among the PE routers?

A. address-family multicast

B. L2VPN EVPN

C. VPNv4 unicast

D. IPv4 unicast

DRAG DROP -
Drag and drop the elements from the left onto the protocols where they are used on the right.
Select and Place:
 

What is the role of a control-plane node in a Cisco SD-Access architecture?

A. fabric device that connects wired endpoints to the SD-Access fabric

B. map system that manages endpoint to device relationships

C. fabric device that connects APs and wireless endpoints to the SD-Access fabric

D. map system that manages External Layer 3 networks

Which control-plane protocol is used to map an endpoint to a location in a Cisco SD-Access network?

A. FabricPath

B. IS-IS

C. LISP

D. MP-BGP

What is one function of the vSmart controller in an SD-WAN deployment?

A. orchestrates vEdge and cEdge connectivity

B. responsible for the centralized control plane of the SD-WAN network

C. provides centralized network management and a GUI to monitor and operate the SD-WAN overlay

D. provides a data-plane at branch offices to pass traffic through the SD-WAN network

Which QoS feature responds to network congestion by dropping lower priority packets?

A. CBWFQ

B. tail drop

C. WRED

D. strict priority

Refer to the exhibit. An engineer is designing an OSPF network for a client. Requirements dictate that the routers in Area 1 should receive all routes belonging to the network, including EIGRP, except the ones that originated in the RIP domain. Which action should the engineer take?

A. Make area 1 a NSSA.

B. Make area 1 a stub.

C. Make area 1 a standard OSPF area.

D. Make the area 1 routers part of area 0.

What is the purpose of an edge node in an SD-Access network fabric?

A. Edge nodes identify and authenticate endpoints and register endpoint information with control plane nodes.

B. Edge nodes track endpoint IDs to location mappings, along with IPv4, IPv6, or MAC addresses.

C. Edge nodes are the gateway between the fabric domain and network outside of the fabric.

D. Edge nodes resolve lookup requests from edge and border nodes to locate destination endpoint IDs.

Refer to the exhibit. An architect must create a stable and scalable EIGRP solution for a customer. The design must:
✑ conserve bandwidth, memory, and CPU processing
✑ prevent suboptimal routing
avoid any unnecessary queries
 
Which two solutions must the architect select? (Choose two.)

A. route summarization

B. prefix lists

C. distribute lists

D. stub routing

E. static redistribution

A company uses cloud-based applications for voice and video calls, file sharing, content sharing, and messaging. During business hours, these applications randomly become slow and unresponsive. However, other applications work smoothly with the current applied QoS polices. Which solution must the company choose to resolve the issue?

A. Identify the applications with NBAR2 and allocate the required bandwidth accordingly.

B. Identify the port used by each application and apply a minimum bandwidth guarantee.

C. Identify the applications and reserve the required bandwidth on the perimeter routers.

D. Identify the application ports, create groupings, and rate-limit the required bandwidth.

Which method does Cisco SD-WAN use to avoid fragmentation issues?

A. PMTUD is used.

B. Access circuits are configured with 1600 byte MTU settings.

C. Jumbo frames are enabled.

D. Traffic is marked with the DF bit set.

Prior to establishing full-mesh IPsec tunnels in a typical Cisco SD-WAN deployment, which mechanism do WAN Edge routers use to exchange key information for data plane encryption?

A. They use vSmart controllers as key exchange servers.

B. They use IKEv2 when exchanging keys with each other.

C. They use vManage as a key exchange server.

D. They use vBond as a key exchange server.

DRAG DROP -
Drag and drop the descriptions from the left onto the corresponding WAN connectivity types and categories on the right.
Select and Place:
 

Refer to the exhibit. The connection between SW2 and SW3 is fiber and occasionally experiences unidirectional link failure. An architect must optimize the network to reduce the change of Layer 2 forwarding loops when the link fails. Which solution should the architect include?

A. Utilize BPDU filter on SW3.

B. Utilize root guard on SW1.

C. Utilize BPDU guard on SW1.

D. Utilize loop guard on SW2.

What are the three foundational elements required for the new operational paradigm? (Choose three.)

A. application QoS

B. policy-based automated provisioning of network

C. multiple technologies at multiple OSI layers

D. assurance

E. centralization

F. fabric

Which two BGP features will result in successful route exchanges between eBGP neighbors sharing the same AS number? (Choose two.)

A. advertise-best-external

B. bestpath as-path ignore

C. client-to-client reflection

D. as-override

E. allow-as-in

Which AES mode should be used in a Cisco SD-WAN environment that includes multicast applications?

A. Electronic Code Book (ECB)

B. Cipher Feedback (CFB)

C. Cipher Block Chaining (CBC)

D. Galois/Counter Mode (GCM)

Refer to the exhibit. An architect is designing a BGP solution to connect a remote branch to a service provider. There are several prefixes within the branch that the company does not want to be advertised to the Internet. Which solution should the architect use to accomplish this?

A. Attach the No-Export community with the prefixes to exclude.

B. Use the BGP No-Advertise community for the prefixes to exclude.

C. Set the BGP Internet community for all prefixes.

D. Implement the NOPEER community.

A company must automate a set of complex changes aligned with DR testing in the network. These changes are specific, and the DR playbook will be adjusted in the future. The playbook has diverse routing and switching assets in scope as well as multiple vendor and hardware platforms. A developer will create a thin, web front-end microservice and integrate with an Open Daylight controller to push changes to the network. Which YANG model should be used?

A. Use an open YANG model to allow the reuse of code and standardize the implementation across platforms.

B. Develop an individualized YANG model to minimize development resources and time to market.

C. Use multiple native vendor YANG models to provide code consistency.

D. Use a single native vendor YANG model to minimize development time.

Which OSPF area blocks LSA Type 3, 4 and 5, but allows a default summary route?

A. normal

B. stub

C. NSSA

D. totally stubby

What is the purpose of a TLOC extension in a Cisco SD-WAN network fabric?

A. to facilitate WAN Edge router redundancy within a site

B. to identify the physical interface where a WAN Edge router connects to the WAN transport network

C. to expand the number of colors that are potentially applied to a network transport interface

D. to aggregate multiple physical Interfaces into a single logical interface

An engineer must design a management network for a customer's enterprise network. The design must:
• provide the ability to grant and revoke access privileges
• allow only protocols SSH, NTP, FTP, and SNMP
• restrict access to management interfaces
Which solution must the engineer choose to meet the requirements?

A. in-band

B. mGRE

C. out-of-band

D. enterprise internal private

Refer to the exhibit. All routers currently reside in OSPF area 0. The network manager recently used R1 and R2 as aggregation routers for remote branch locations and R3 and R4 as aggregation routers for remote office locations. The network has since been suffering from outages, which are causing frequent SPF runs. To enhance stability and introduce areas to the OSPF network with the minimal number of ABRs possible, which two solutions should the network manager recommend? (Choose two.)

A. a new OSPF area for R1 and R2 connections, with R1 and R2 as ABRs

B. a new OSPF area for R3 and R4 connections, with R5 and R6 as ABRs

C. a new OSPF area for R3 and R4 connections, with R3 and R4 as ABRs

D. a new OSPF area for R1, R2, R3, and R4 connections, with R1, R2, R3, and R4 as ABRs

E. a new OSPF area for R1 and R2 connections, with R5 and R6 as ABRs

An architect must develop a campus network solution that includes:
✑ logically segmented and isolated networks
✑ ability to communicate between network segments when required
✑ support for overlapping IP addresses
✑ widely available technologies to avoid purchasing specialized equipment
Which solution must the architect select?

A. VSS with IGP

B. 802.1Q with HSRP

C. vPC with HSRP

D. VRF-Lite with OSPF

An engineer is upgrading a company's main site to include a connection to a second ISP. The company will receive full Internet routing tables from both ISPs via
BGP. The engineer must ensure that the company does not become a transit autonomous system. Which solution should be included in this design?

A. Tag incoming routes from both ISPs with BGP community no-export.

B. Lower the MED for updates sent to the secondary ISP.

C. Use a route-map to prevent all prefixes from being advertised to either ISP.

D. Modify the local-preference for routes incoming from the primary ISP.

Which two statements describes Cisco SD-Access? (Choose two.)

A. software-defined segmentation and policy enforcement based on user identity and group membership

B. an overlay for the wired infrastructure in which traffic is tunneled via a GRE tunnel to a mobility controller for policy and application visibility

C. an automated encryption/decryption engine for highly secured transport requirements

D. programmable overlays enabling network virtualization across the campus

E. a collection of tools and applications that are a combination of loose and tight coupling

An organization plans to deploy multicast across two different autonomous systems. Their solution must allow RPs to:
✑ discover active sources outside their domain
✑ use the underlying routing information for connectivity with other RPs
✑ announce sources joining the group
Which solution supports these requirements?

A. SSM

B. MSDP

C. PIM-DM

D. PIM-SM

A company's security policy requires that all connections between sites be encrypted in a manner that does not require maintenance of permanent tunnels. The sites are connected through a private MPLS-based service that uses a dynamically changing key and spoke-to-spoke communication. Which type of transport encryption must be used in this environment?

A. GETVPN

B. DMVPN

C. GRE VPN

D. standard IPsec VPN

A network engineer must design an MSDP multicast solution to provide RP resilience in a network with two separate domains. Also, multicast sources and receivers must register with the local RP. Which solution must the engineer choose?

A. Configure the RP has value to 0, and traffic will route to the closest RP

B. Configure the RP loopback interface with the same IP address/32, and traffic will route to the closest RP

C. Configure the RP group ranges to split the multicast traffic, and traffic will route to the longest match

D. Configure the RP priority with the same value, and traffic will route to the closest RP

Which design consideration should be observed when EIGRP is configured on Data Center switches?

A. Perform manual summarization on all Layer 3 interfaces to minimize the size of the routing table.

B. Prevent unnecessary EIGRP neighborships from forming across switch virtual interfaces.

C. Lower EIGRP hello and hold timers to their minimum settings to ensure rapid route reconvergence.

D. Configure multiple EIGRP autonomous systems to segment Data Center services and applications.

Refer to the exhibit.
 
A network engineer must improve the current IS-IS environment. The Catalyst switch is equipped with dual supervisors. Each time a stateful switchover occurs, the network experiences unnecessary route recomputation. Which solution addresses this issue if the upstream router does not understand graceful restart messaging?

A. Enable IS-IS remote LFA FRR on both devices.

B. Enable NSR on the switch.

C. Enable NSF on the switch.

D. Configure ISIS aggressive timers on both devices.

Which nonproprietary mechanism can be used to automate rendezvous point distribution in a large PIM domain?

A. Embedded RP

B. BSR

C. Auto-RP

D. Static RP

A company is using OSPF between its HQ location and a branch office. HQ is assigned area 0 and the branch office is assigned area 1. The company purchases a second branch office, but due to circuit delays to HQ, it decides to connect the new branch office to the existing branch office as a temporary measure. The new branch office is assigned to area 2. Which OSPF configuration enables all three locations to exchange routes?

A. The existing branch office must be configured as a stub area

B. A virtual link must be configured between the new branch office and HQ

C. A sham link must be configured between the new branch office and HQ

D. The new branch office must be configured as a stub area

What are two purposes of the RPF check in multicast routing? (Choose two.)

A. to ensure that multicast packets are forwarded if they arrived on the interface used to route traffic back to the source address

B. to ensure that multicast packets are forwarded if they arrived on the interface used to route traffic to the destination address

C. to ensure that multicast packets are dropped if they arrived on the interface used to route traffic to the destination address

D. to ensure that multicast packets are dropped if they arrived on the interface used to route traffic back to the source address

E. to ensure that multicast packets, no matter the interface they arrived on are forwarded out all interfaces

A customer with an IPv4 only network topology wants to enable IPv6 connectivity while preserving the IPv4 topology services. The customer plans to migrate IPv4 services to the IPv6 topology, then decommission the IPv4 topology. Which topology supports these requirements?

A. dual stack

B. 6VPE

C. 6to4

D. NAT64

What is an advantage of designing an out-of-band network management solution?

A. In the event of a production network outage, network devices can still be managed.

B. There is no separation between the production network and the management network.

C. In the event of a production network outage, it can be used as a backup network path.

D. It is less expensive than an in-band management solution.

Which feature provides the capability for intra-VN traffic filtering and control within the Cisco SD-Access architecture?

A. MAC ACL

B. prefix list

C. scalable groups

D. service policy

When vEdge router redundancy is designed, which FHRP is supported?

A. HSRP

B. OMP

C. GLBP

D. VRRP

An enterprise customer has these requirements:
✑ end-to-end QoS for the business-critical applications and VoIP services based on CoS marking.
✑ flexibility to offer services such as IPv6 and multicast without any reliance on the service provider.
✑ support for full-mesh connectivity at Layer 2.
Which WAN connectivity solution meets these requirements?

A. VPWS

B. MPLS VPN

C. DMVPN

D. VPLS

A company with multiple service providers wants to speed up BGP convergence time in the event a failure occurs with their primary link. Which approach achieves this goal and does not impact router CPU utilization?

A. Utilize BFD and tune the multiplier to 50

B. Lower the BGP hello interval

C. Decrease the BGP keepalive timer

D. Utilize BFD and keep the default BGP timers

Refer to the exhibit.
 
An architect must design an IGP solution for an enterprise customer. The design must support:
✑ Physical link flaps should have minimal impact.
✑ Access routers should converge quickly after a link failure.
Which two ISIS solutions should the architect include in the design? (Choose two.)

A. Use BGP to IS-IS redistribution to advertise all Internet routes in the Level 1 area.

B. Advertise the IS-IS interface and loopback IP address toward the Internet and data center.

C. Reduce SPF and PRC intervals to improve convergence time.

D. Configure all access and aggregate routers to establish Level 1 / Level 2 adjacencies across the network.

E. Configure access routers to establish a Level 1 adjacency and aggregate routers to establish a Level 1 / Level 2 adjacency.

Which consideration must be taken into account when using the DHCP relay feature in a Cisco SD-Access Architecture?

A. DHCP-relay must be enabled on fabric edge nodes to provide the correct mapping of DHCP scope to the local anycast gateway.

B. A DHCP server must be enabled on the border nodes to allow subnets to span multiple fabric edges.

C. DHCP servers must support Cisco SD-Access extensions to correctly assign IPs to endpoints in an SD-Access fabric with anycast gateway.

D. DHCP Option-82 must be enabled to map the circuit IP option to the access fabric node where the DHCP discover originated.

Refer to the exhibit. A customer needs to apply QoS to the network management traffic passing through the GigabitEthernet 0/2 interface. All eight queuing classes are in use, so the new requirement must be integrated into the existing policy. Which solution must the customer choose?

A. Mark the traffic to DSCP CS6 and assign it to the ROUTING class. Then, prioritize traffic within the class.

B. Mark the traffic to DSCP CS2 and assign it to the ROUTING class. Then, baseline existing queue sizes to determine if additional bandwidth can be provisioned to the ROUTING class.

C. Mark the traffic to DSCP CS4 and assign it to the SIGNALLING class. Then, prioritize traffic within the class.

D. Mark the traffic to DSCP CS5 and assign it to the SIGNALLING class. Then, baseline existing queue sizes to determine if additional bandwidth can be provisioned to the SIGNALLING class.

How is a sub-second failure of a transport link detected in a Cisco SD-WAN network?

A. Hellos are sent between the WAN Edge routers and the vSmart controller.

B. BFD runs on the IPsec tunnels between WAN Edge routers.

C. BGP is used between WAN Edge routers and the vSmart controller.

D. Link state change messages are sent between vSmart controllers.

Which two overlay network design considerations must be made for a Cisco SD-Access network? (Choose two.)

A. LAN automation for deployment

B. Layer 3 to the access design

C. Reduce subnets and simplify DHCP management

D. Dedicated IGP process for the fabric

E. Avoid overlapping IP subnets

Which two Cisco ISE features provide benefits to our customers? (Choose two.)

A. enables them to set traffic encryption across the network

B. helps them accelerate application deployment and delivery

C. helps them stop and contain real-time threats

D. provides network access control