★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 200-310 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/200-310-dumps.html
Q21. Which one of these statements describes why, from a design perspective, a managed VPN approach for enterprise teleworkers is most effective?
A. A managed VPN solution uses a cost-effective, on-demand VPN tunnel back to the enterprise.
B. This solution supports all teleworkers who do not require voice or video.
C. This architecture provides centralized management where the enterprise can apply security policies and push configurations.
D. It provides complete flexibility for remote access through a wireless hotspot or a guest network at a hotel, in addition to a home office.
Answer: C
Q22. Your supervisor has asked you to deploy a routing protocol within the lab environment that will allow for unequal cost multipath routing. Which should you choose?
A. EIGRP
B. OSPF
C. IS-IS
D. RIP
Answer: A
Q23. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Answer: C
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
Q24. An engineer has configured a router to send level 7 messages to a syslog server. What severity level are these messages?
A. error
B. warning
C. debug
D. informational
E. notice
Answer: C
Q25. What three primary sources of information are needed to perform a network audit? (Choose three.)
A. existing documentation
B. new documentation
C. existing network management software
D. new network management tools
E. management personnel
F. technical personnel
Answer: A,C,D
Q26. Which Cisco device has the sole function at looking at threat detection and mitigation at the Enterprise edge?
A. Cisco IOS router
B. Cisco ASA
C. Cisco Catalyst FWSM
D. Cisco IPS
Answer: D
Q27. A network engineer is attempting to separate routing domains using a virtualization technology. What protocol can be configured to perform this task?
A. VLAN
B. VSAN
C. VRF
D. VPC
Answer: C
Q28. With respect to IPv6 addressing, from a design perspective, which of these statements is it important to keep in mind?
A. IPv6 addressing provides convenience of anycast addressing without any configuration requirements.
B. IPv6 does not use multicast addressing.
C. An IPv6 router will not forward packets from one link to other links if the packet has either a link-local source or a link-local destination address.
D. Dynamic address assignment requires DHCPv6.
Answer: C
Q29. Which IP telephony component supports VoIP, PoE, and QoS?
A. client endpoints
B. voice-enabled infrastructure
C. Cisco Unified Communications Manager
D. Cisco Unified Contact Center
Answer: B
Q30. What business trend allows employees to use personal devices to access enterprise data and systems?
A. ISE
B. BYOD
C. SAN
D. IOE
Answer: B