♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for Cisco 200-310 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW 200-310 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/200-310-exam-dumps.html
Q121. What IPv4 addressing technique allows for the division of addresses into subnets of different sizes?
A. VLSM
B. RIR
C. CIDR
D. NAT
Answer: A
Q122. Which one of these statements is an example of how trust and identity management solutions should be deployed in the enterprise campus network?
A. Authentication validation should be deployed as close to the data center as possible.
B. Use the principle of top-down privilege, which means that each subject should have the privileges that are necessary to perform their defined tasks, as well as all the tasks for those roles below them.
C. Mixed ACL rules, using combinations of specific sources and destinations, should be applied as close to the source as possible.
D. For ease of management, practice defense in isolation - security mechanisms should be in place one time, in one place.
Answer: C
Explanation: Validating user authentication should be implemented as close to the source as possible, with an emphasis on strong authentication for access from untrusted networks. Access rules should enforce policy deployed throughout the network with the following guidelines:
.Source-specific rules with any type destinations should be applied as close to the source as possible.
.Destination-specific rules with any type sources should be applied as close to the destination as possible.
.Mixed rules integrating both source and destination should be used as close to the source as possible.
An integral part of identity and access control deployments is to allow only the necessary access. Highly distributed rules allow for greater granularity and scalability but, unfortunately, increase the management complexity. On the other hand, centralized rule deployment eases management but lacks flexibility and scalability.
Practicing “defense in depth” by using security mechanisms that back each other up is an important concept to understand. For example, the perimeter Internet routers should use ACLs to filter packets in addition to the firewall inspecting packets at a deeper level.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 13
Q123. Which of the following three options represents the components of the Teleworker Solution? (Choose three.)
A. Cisco Unified IP Phone
B. Cisco 880 Series Router
C. Aironet Office Extend Access Point
D. Catalyst 3560 Series Switch
E. Cisco 2900 Series Router
F. MPLS Layer 3 VPN
G. Leased lines
Answer: A,B,E
Explanation:
A Cisco ASR is used to terminate Teleworker solutions, not a 2900 series router. Hybrid teleworker uses Aironet, Advanced teleworker uses 880, both use IP phones. google: "at_a_glance_c45-652500.pdf" for details
The Cisco Virtual Office Solution for the Enterprise Teleworker is implemented using the Cisco 800 series ISRs. Each ISR has integrated switch ports that then connect to the user’s broadband connection. The solution uses a permanent always-on IPsec VPN tunnel back to the corporate network. This architecture provides for centralized IT security management, corporate-pushed security policies, and integrated identity services. In addition, this solution supports the enterprise teleworker needs through advanced applications such as voice and video. For example, the enterprise teleworker can take advantage of toll bypass, voicemail, and advanced IP phone features not available in the PSTN.
Enterprise Teleworker Module
The enterprise teleworker module consists of a small office or a mobile user who needs to access services of the enterprise campus. As shown in Figure 2-14, mobile users connect from their homes, hotels, or other locations using dialup or Internet access lines. VPN clients are used to allow mobile users to securely access enterprise applications. The Cisco Virtual Office solution provides a solution for teleworkers that is centrally managed using small integrated service routers (ISR) in the VPN solution. IP phone capabilities are also provided in the Cisco Virtual Office solution, providing corporate voice services for mobile users.
Q124. A customer requests a filtering design based on the need to scan all internet traffic, including remote workers. What solution meets these requirements?
A. Cisco Cloud Web Security
B. Cisco Network Admission Control
C. Cisco Identity Services Engine
D. Cisco Adaptive Security Appliance
Answer: A
Q125. When designing the identity and access control portions for the enterprise campus network, which of these solutions would be the most appropriate solution to consider?
A. 802.1X
B. ACLs in the core layer
C. Cisco Security MARS
D. NetFlow
Answer: A
Q126. Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol. Which other authentication solution is used hand-in-hand with 802.1X to authenticate users for network access?
A. RADIUS
B. LEAP
C. IPsec
D. TACACS
E. ISAKMP
Answer: A
Explanation:
Cisco Identity-Based Network Services The Cisco Identity-Based Network Services solution is a way to authenticate host access based on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of VLANs on a per-user basis, guest VLANs, and 802.1X with port security.
The 802.1 X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network. The 802.1 X protocol operates between the end-user client seeking access and an Ethernet switch or wireless access point (AP) providing the connection to the network. In 802.1 X terminology, clients are called supplicants, and switches and APs are called authenticates. A back-end RADIUS server such as a Cisco Access Control Server (ACS) provides the user account database used to apply authentication and authorization. With an IBNS solution, the host uses 802.IX and Extensible Authentication Protocol over LANs (EAPoL) to send the credentials and initiate a session to the network. After the host and switch establish LAN connectivity, username and password credentials are requested. The client host then sends the credentials to the switch, which forwards them to the RADIUS ACS. The RADIUS ACS performs a lookup on the username and password to determine the credentials' validity. If the username and password are correct, an accept message is sent to the switch or AP to allow access to the client host. If the username and password are incorrect, the server sends a message to the switch or AP to block the host port. Figure 13-4 illustrates the communication flow of two hosts using 802.1X and KAPoL with the switch, AP, and back-end RADIUS server.
Q127. Which of the following is a component within the Cisco Enterprise Campus module?
A. Teleworker
B. E-Commerce
C. Internet Connectivity
D. Building Distribution
E. WAN/MAN Site-to-Site VPN
Answer: D
Q128. ACME corporation is implementing dynamic routing on the LAN at its corporate headquarters. The interior gateway protocol that they select must support these requirements: multivendor environment, efficient subnetting, high scalability, and fast convergence..Which interior gateway protocol should they implement?
A. EIGRP
B. OSPF
C. RIPng
D. BGP
Answer: B
Q129. What three considerations should be taken into account when selecting a routing protocol? (Choose three.)
A. classful routing
B. scalability
C. default route origination
D. multi vendor support
E. link load balancing
F. hop count
Answer: B,D,E
Q130. Which protocol is used to reserve bandwidth for the transport of a particular application data flow across the network?
A. cRTP
B. IEEE 802.1P
C. RSVP
D. LFI
E. Auto QOS
Answer: C
Explanation:
RSVP Signaling protocol that enables end stations or applications to obtain guaranteed bandwidth and low delays for their data flows.
