Ideas to ccda 200 310
High value of ccda 200 310 official cert guide pdf test questions materials and lab for Cisco certification for IT examinee, Real Success Guaranteed with Updated ccda 200 310 dump pdf dumps vce Materials. 100% PASS Designing for Cisco Internetwork Solutions exam Today!
Q71. Cisco Identity-Based Networking Services relies heavily on the 802.1X protocol. Which other authentication solution is used hand-in-hand with 802.1X to authenticate users for network access?
Cisco Identity-Based Network Services The Cisco Identity-Based Network Services solution is a way to authenticate host access based on policy for admission to the network. IBNS supports identity authentication, dynamic provisioning of VLANs on a per-user basis, guest VLANs, and 802.1X with port security.
The 802.1 X protocol is a standards-based protocol for authenticating network clients by permitting or denying access to the network. The 802.1 X protocol operates between the end-user client seeking access and an Ethernet switch or wireless access point (AP) providing the connection to the network. In 802.1 X terminology, clients are called supplicants, and switches and APs are called authenticates. A back-end RADIUS server such as a Cisco Access Control Server (ACS) provides the user account database used to apply authentication and authorization. With an IBNS solution, the host uses 802.IX and Extensible Authentication Protocol over LANs (EAPoL) to send the credentials and initiate a session to the network. After the host and switch establish LAN connectivity, username and password credentials are requested. The client host then sends the credentials to the switch, which forwards them to the RADIUS ACS. The RADIUS ACS performs a lookup on the username and password to determine the credentials' validity. If the username and password are correct, an accept message is sent to the switch or AP to allow access to the client host. If the username and password are incorrect, the server sends a message to the switch or AP to block the host port. Figure 13-4 illustrates the communication flow of two hosts using 802.1X and KAPoL with the switch, AP, and back-end RADIUS server.
Q72. Refer to the exhibit.
Which statement accurately represents the characteristics of the core layer in this design?
A. QoS should only be performed only in the core.
B. Load balancing should never be implemented or used.
C. Access lists should be used in the core to perform packet manipulation.
D. Partial mesh should be used as long as it is connected to each device by multiple paths.
E. Policy-based traffic control should be implemented to enable prioritization and ensure the best performance for all time-critical applications.
Q73. Which two of these practices are considered to be best practices when designing the access layer for the enterprise campus? (Choose two.)
A. Implement all of the services (QoS, security, STP, and so on) in the access layer, offloading the work from the distribution and core layers.
B. Always use a Spanning Tree Protocol; preferred is Rapid PVST+.
C. Use automatic VLAN pruning to prune unused VLANs from trunked interfaces to avoid broadcast propagation.
D. Avoid wasted processing by disabling STP where loops are not possible.
E. Use VTP transparent mode to decrease the potential for operational error.
When designing the building access layer, you must consider the number of users or ports required to size up the LAN switch. Connectivity speed for each host should also be considered. Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or port channels. The planned VLANs enter into the design.
Performance in the access layer is also important. Redundancy and QoS features should be considered.
The following are recommended best practices for the building access layer:
. Limit VLANs to a single closet when possible to provide the most deterministic and highly available topology.
. Use Rapid Per-VLAN Spanning Tree Plus (RPVST+) if STP is required. It provides the faster convergence than traditional 802.1d default timers.
. Set trunks to ON and ON with no-negotiate.
. Manually prune unused VLANs to avoid broadcast propagation (commonly done on the distribution switch).
. Use VLAN Trunking Protocol (VTP) Transparent mode, because there is little need for a common VLAN database in hierarchical networks.
. Disable trunking on host ports, because it is not necessary. Doing so provides more security and speeds up PortFast.
. Consider implementing routing in the access layer to provide fast convergence and Layer 3 load balancing.
. Use the switchport host commands on server and end-user ports to enable PortFast and disable channeling on these ports.
. Use Cisco STP Toolkit, which provides
. PortFast: Bypass listening-learning phase for access ports
. Loop GuarD. Prevents alternate or root port from becoming designated in absence of bridge protocol data units (BPDU)
. Root GuarD. Prevents external switches from becoming root
. BPDU GuarD. Disables PortFast-enabled port if a BPDU is received Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 3, Page 85
Q74. Which technology enables WLCs to peer with each other to enable roaming support?
A. WAP profiles
B. roaming profiles
C. mobility groups
Q75. A company is implementing an Identity Management solution with these characteristics:
1) existing AAA Server
2) Cisco Catalyst switches
3) minimal added investments
Which Cisco Trust and Identity Management solution would you recommend?
A. NAC Appliance
B. Cisco IBNS
D. Cisco Security MARS
Q76. Which option is a benefit of the modular approach to network design?
A. higher availability
B. repeatable scalability
C. increased security
D. improved resiliency
Q77. Your supervisor has asked you to deploy a routing protocol within the lab environment that will allow for unequal cost multipath routing. Which should you choose?
Q78. Which two link state routing protocols support IPv6 routing? (Choose two.)
Q79. Which three are associated with the distribution layer within the campus design? (Choose three.)
A. access layer aggregation
B. route summarization
C. network trust boundary
D. next-hop redundancy
E. layer 2 switching
F. port security
G. broadcast suppression
Q80. Which network access control technology is recommended to use with Layer 2 access layer switches?