GOOD NEWS: All the new Cisco 640-864 exam questions and answers can get in VCE and PDF format for free on Flydumps.com With Flydumps Cisco 640-864 practice tests, you will pass the exam easily! Free download Cisco 640-864 exam questions vce player all the time.
Q70 A manufacturing company has decided to add a website to enhance sales. The web servers in the E-Commerce module must be accessible without compromising network security. Which two design recommendations can be made to meet these requirements? (Choose two.)
A. Move the E-Commerce servers to the WAN module.
B. Use intrusion detection on the E-Commerce server farm.
C. Limit the number of incoming connections to the E-Commerce module.
D. Use private and public key encryption.
E. Place E-Commerce servers and application servers on isolated LANs (DMZs).
After a period of rapid growth, FloCzar Boats is seeking better network management tools.
Managers have developed this needs list:
Move from static to dynamic device information.
Gain information to assist in long-term trend analysis.
Concentrate on Layer 4 monitoring.
Which management protocol will most help FloCzar achieve its goals?
E. Cisco Discovery Protocol
RMON1 is focused on the data link and physical layers of the OSI model. As shown in Figure 15- 4,
RMON2 provides an extension for monitoring upper-layer protocols.
Figure. RMON1 and RMON2 Compared to the OSI Model
Defined by RFC 2021, RMON2 extends the RMON group with the MIB groups listed in the following Table
Table. RMON2 GroupsCisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 15 Q72 At which stage in the PPDIOO process would you analyze a customer’s network in order to discover opportunities for network improvement?
F. Design Assessment
Design phase: Developing a detailed design is essential to reducing risk, delays, and the total cost of network deployments. A design aligned with business goals and technical requirements can improve network performance while supporting high availability, reliability, security, and scalability.
(Reference: http://www.ciscozine.com/2009/01/29/the-ppdioo-network-lifecycle/) Q73 A very large organization has received its IPv6 address range from its Internet Service Provider and intends to use only IPv6 addresses internally. Employees will access the Internet using port address translation. What is a requirement for their DNS servers?
A. There are no changes required to their DNS servers.
B. Their DNS servers need to support only IPv6 addresses.
C. Their DNS servers need to support only IPv4 addresses.
D. They need additional DNS servers in their network just for IPv6 addresses.
E. They no longer need DNS servers.
F. Their DNS servers need to support both IPv4 and IPv6 addresses.
Which two statements represent advantages that the top-down network design process has over the
bottom-up network design process? (Choose two.)
A. utilizes previous experience
B. identifies appropriate technologies first
C. is able to provide the big picture
D. takes less time to design a network
E. provides a design for current and future development
By incorporating the organization’s requirements, the top-down network design process provide the big
picture that meets current and future requirements.
Which two statements about IPv6 addresses are true? (Choose two.)
A. Two colons (::) are used to represent successive hexadecimal fields of zeros.
B. Leading zeros are required.
C. Two colons (::) are used to separate fields.
D. A single interface will have multiple IPv6 addresses of different types.
Explanation: Q76 50
Which three security measures can be used to mitigate DoS attacks that are directed at exposed hosts within the E-Commerce module? (Choose three.)
A. Use NIDSs and HIPSs to detect signs of attack and to identify potentially successful breaches.
B. Partition the exposed hosts into a separate LAN or VLAN.
C. Use LAN switch VTP pruning to separate hosts on the same segment.
D. Use a VPN concentrator (IPSec) to protect and verify each connection to the exposed host or hosts.
E. Use firewalls to block all unnecessary connections to the exposed hosts.
Which technology can ensure data confidentiality, data integrity, and authentication across a public IP
IPsec-A security architecture that operates in a host to protect IP traffic. The IETF definedIPsec in RFC 4301. IPsec uses open standards and provides secure communication between peers to ensure data confidentiality, integrity, and authentication through network layer encryption.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition Q78 Which statement best describes Call Admission Control?
A. It extends QoS capabilities to protect voice from excessive data traffic.
B. It protects voice from voice.
C. It provides endpoint registration control.
D. It provides endpoint bandwidth control. 51
Explanation: Explanation CAC should be used to keep excess voice traffic from the network by ensuring that there is enough bandwidth for new calls. Call admission control (CAC) is used to control the number of calls to reduce the WAN bandwidth for a site that has IPT. CAC is configured for the site on the CUCM servers. A maximum bandwidth or maximum number of calls is provisioned for the site. CAC enforces a maximum number of calls between two locations to ensure that call quality will not be degraded by allowing more calls than a network can support. CAC causes excessive calls between two locations to be refused. The IPT system must then either reroute the call to different available path, such as the PSTN, or deny the call.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 14 Q79 A customer wishes to implement VoIP using centralized call-processing. In addition, the customer wishes to ice quality and good bandwidth utilization. Which codec would you suggest?
Explanation: Q80 DRAG DROP
Q81 Which three sources does a network designer use to collect information for characterizing an existing network? (Choose three.)
A. server statistics
B. network audit
C. traffic analysis
D. visual inventory
E. staff input
Characterizing the Existing Network
Characterizing the network is Step 2 of the design methodology. In this section, you learn to identify a
network’s major features, tools to analyze existing network traffic, and tools for auditing and monitoring
Steps in Gathering Information
When arriving at a site that has an existing network, you need to obtain all the existing documentation.
Sometimes no documented information exists. You should be prepared to use tools to obtain information
and get access to log in to the network devices to obtain information.
Here are the steps for gathering information:
When gathering exiting documentation, you look for site information such as site names, site addresses,
site contacts, site hours of operation, and building and room access. Network infrastructure information
includes locations and types of servers and network devices, data center and closet locations, LAN wiring,
WAN technologies and circuit speeds, and power used. Logical network information includes IP addressing, routing protocols, network management, and security access lists used. You need to find out whether voice or video is being used on the network.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 1 Q82 Which of the following Cisco router services performs network traffic analysis to assist in documenting a customer’s existing network?
C. SNMP MIB compiler
Refer to the exhibit.
A standard, Layer 2 campus network design is pictured. Which numbered box represents the distribution
Explanation: #1 Access #2 Distribution #3 Core #4 Server Farm / Data Center #5 WAN Module #1 is the access layer, since it interfaces directly with the clients #3 is the core layer, since these switches have a direct connection (highest resiliency) and they interface directly with the WAN module #4 is the datacenter layer, because it interfaces directly with the campus servers #5 is the WAN module, it interfaces with the internet Q84 Which statement identifies a benefit obtained when using a top-down network design plan?
A. provides a more detailed picture of the desired network
B. facilitates design based on previous experience
C. is less time-consuming than using a bottom-up approach
D. allows quick responses to design requests
E. incorporates customer organizational requirements 55
The top-down approach begins with the organization’s requirements before looking at technologies.
Network designs are tested using a pilot or prototype network before moving into the Implement phase.
Lightweight access points are being deployed in remote locations where others are already operational.
The new access points are in a separate IP subnet from the wireless controller. OTAP has not been
enabled at any locations. Which two methods can the AP use to locate a wireless controller? (Choose
A. NV-RAM IP address
C. primary, secondary, tertiary
E. local subnet broadcast
Over-the-Air-Provisioning (OTAP)Process During the LAP boot process, the LAP uses different mechanisms in order to discover controllers that it can join. The LAP keeps each of the controller that IP addresses it learned through the different methods in different lists in order to reflect how the LAP learned about them. For example, the LAP can learn management IP addresses of multiple controllers through the DNS entry for CISCO-LWAPP-CONTROLLER.localdomain, DHCP option 43, through broadcasts on the local subnet, locally stored controller IP address discovery, and through OTAP. Once the access point has completed the LWAPP WLC Discovery steps, it chooses a WLC from the candidate WLC list and sends that WLC an LWAPP Join Request.
Cisco 4400 series Wireless LAN Controllers UnderstandingOver-the-Air-Provisioning (OTAP) Document ID: 100516 Q86
Which Cisco security solution can quarantine and prevent non-compliant end stations from accessing the network until they achieve security policy compliance?
A. Cisco Security Monitoring, Analysis, and Response System
B. Adaptive Security Appliance
C. Network Admission Control
D. Network Intrusion Prevention System
E. Cisco Secure Connectivity
F. Access Control Server
Answer: C Explanation: Explanation The Network Admission Control protects the network from threats by enforcing security compliance on all devices attempting to access the network. It only allows access to endpoints only after they have passed authentication based on security policies. Q87 A network design includes private addressing, but there is also a need for two or three network devices to each be assigned a unique public address so they can be accessed from the Internet. Which technique will satisfy this requirement?
A. Static NAT
B. VPN tunneling
C. Dynamic NAT
Explanation: Explanation: NAT has several forms: ·Static NAT: Maps an unregistered or private IP address to a registered IP address; it is configured manually. It is commonly used to assign a network device with internal private IP address a unique public address so that they can be accessed from the Internet. ·Dynamic NAT: Dynamically maps an unregistered or private IP address to a registered IP address from a pool (group) of registered addresses. The two subsets of dynamic NAT are overloading and overlapping: oOverloading: Maps multiple unregistered or private IP addresses to a single registered IP address by using different ports. This is also known as PAT, single-address NAT, or port-level multiplexed NAT. oOverlapping: Maps registered internal IP addresses to outside registered IP addresses It can also map external addresses to internal registered addresses.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 8 Q88 A Cisco security mechanism has the following attributes:
it is a sensor appliance
it searches for potential attacks by capturing and analyzing traffic
it is a “purpose-built device”
it is installed passively
it introduces no delay or overhead
Which Cisco security mechanism is this?
Inline IPS and anomaly detection:Cisco has innovated in the area of NIDS bybeing the first to incorporateNIDS into the IOS on routing and switching platforms. In addition, IPSsolutions have inline filteringfeatures that can remove unwanted traffic with programmable features thatclassify traffic patterns. TheCisco IPS 4200 sensor appliances, Cisco Catalyst 6500 IDSM-2, and the CiscoIOS IPS can identify, analyze,and stop unwanted traffic from flowing on the network. Another set of tools used to prevent distributedDoS (DDoS) attacks and ensure business continuity is the Cisco Traffic Anomaly Detector XT and GuardXT appliances, along with the Cisco Catalyst 6500 Traffic Anomaly Detector Module and Cisco AnomalyGuard Module.
Cisco Press CCDA 640-864 Official CertificationGuide Fourth Edition, Chapter 13 Q89 Which two routing protocols operate over NBMA point-to-multipoint networks without the use of
point-to-point subinterfaces? (Choose two.)
OSPF over NBMA
For OSPF to run over NBMA you are required to implement the neighbor IP Address but not subinterfaces
Configure an Interface as Point-to-Multipoint, Nonbroadcast(Non-Broadcast Multi-access NBMA)
To treat the interface as point-to-multipoint when the media does not support broadcast, perform the following task in interface configuration mode:
EIGRP over NBMA
NBMA Interfaces (Frame Relay, X.25, ATM)
It is particularly critical to configure nonbroadcast multi-access (NBMA) interfaces correctly, because
otherwise many EIGRP packets may be lost in the switched network. There are three basic rules:
There are three different scenarios for NBMA interfaces.
no ip split-horizon eigrp
no ip next-hop-self eigrp
RIP over NBMA
Exchange of Routing Information
RIP is normally a broadcast protocol, and in order for RIP routing updates to reach nonbroadcastnetworks, you must configure the Cisco IOS software to permit this exchange of routing information.
To control the set of interfaces with which you want to exchange routing updates, you can disable the sending of routing updates on specified interfaces by configuring thepassive-interfacerouter configuration command. See the discussion on filtering in the “Filter Routing Information” section in the”Configuring IP Routing Protocol-Independent Features”module.
An offset list is the mechanism for increasing incoming and outgoing metrics to routes learned via RIP. Optionally, you can limit the offset list with either an access list or an interface. To increase the value of routing metrics, use the following command in router configuration mode:
Routing protocols use several timers that determine such variables as the frequency of routing updates, the length of time before a route becomes invalid, and other parameters. You can adjust these timers to tune routing protocol performance to better suit your internetwork needs. You can make the following timer adjustments:
IS-IS over NBMA IS-IS can work over an NBMA multipoint network only if the network is configured with a full mesh. Anything less than a full mesh could cause serious connectivity and routing issues. However, even if a full mesh is configured, this is no guarantee that a full mesh will exist at all times. A failure in the underlying switched WAN network or a misconfiguration on one or more routers could break the full mesh either temporarily or permanently. Therefore, you should avoid NBMA multipoint configurations for IS-IS networks. Use point-to-point subinterfaces instead. http://www.ciscopress.com/articles/article.asp? p=31319&seqNum=5
Q90 Which three types of WAN topologies can be deployed in the Cisco Enterprise Architecture Enterprise Edge WAN module? (Choose three.)
B. full mesh
C. partial mesh
D. collapsed core
Packet and cell switched:Connections that use virtual circuits (PVC/SVC)established by the SP. Packet-switched technologies include Frame Relay and cell-switched technologies such as ATM. ATM uses cellsand provides support for multiple quality of service (QoS) classes. The virtualcircuits are part of the sharedATM/Frame Relay SP backbone network. This gives the SP greater flexibility with its service offerings.
When planning and designing a packet-switched WAN, you should become familiar with some basic WANtopologies. These WAN topologies includehub-and-spoke, partial-mesh, and full-mesh topologies, asshownin Figure 7-1.
Figure. WAN Topologies 61
Hub-and-Spoke Topology A star or hub-and-spoke topology provides a hub router with connections to the spoke routers through the WANcloud. Network communication between the sites flows through the hub router. Significant WAN cost savings,lower circuit counts, and simplified management are benefits of the hub-and-spoketopology. In addition, hub-and-spoke topologies provide WAN hierarchy and can provide high availabilitythrough theuse of dual routersat the hub site.
A major disadvantage of this approach is that if you use a single hub router,it can represent a single pointof failure. The hub-and-spoke topology can also limit the overall performance whenresources are accessedthrough the central hub router from the spoke routers, such as with spoke-to-spoke network traffic.
Full-Mesh Topology With full-mesh topologies, each site has a connection to all other sites in theWAN cloud (any-to- any). As thenumbers of sites grow, so does the number of spoke connections that are ultimately required. Consequently,the full-mesh topology is not viable in very large networks. However, a key advantage of this topology is thatit has plenty of redundancy in the event of network failures. But redundancyimplemented with this approachdoes have a high price associated with it.
Here are some issues inherent with full-mesh topologies:
The number of VCs required for a full mesh can be calculated using the formula ((N 1) x N / 2). For exampleif you have 4 sites, ((4 1) x 4 / 2) = 6 VCs are required.
Partial-Mesh Topology Apartial-mesh topologyhas fewer VC connections than a full-mesh topology.Therefore, not all sites in thecloud are required to be connected to each other. However, some siteson the WAN cloud have full-meshcharacteristics. Partial-mesh topologies can give you more options and flexibly for where to place the highredundancyVCs based on your specific requirements.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 7 Q91 Which statement accurately describes one difference between a small office and medium office topology?
62 A. Medium offices commonly use integrated route and switching platforms.
B. Medium offices use integrated 10/100/1000 interfaces as Layer 2 trunks.
C. Medium offices use external access switches to support LAN connectivity.
D. Small offices commonly use Rapid PVST+ for Layer 3 deployments.
Explanation: Medium Branch Design Themedium branch designis recommended for branch offices of 50 to 100 users, which is similar to the small branch but with an additional access router in the WAN edge (slightly larger) allowing for redundancy services. Typically, two 2921 or 2951 routers are used to support the WAN, and separate access switches are used to provide LAN connectivity.
The infrastructure components are dual-access routers, external Layer 2 / Layer 3 switches, laptops, desktops, printers, and IP phones. Dual Frame Relay links provide the private WAN services, which are used to connect back to the corporate offices via both of the access routers. Layer 3 protocols such as EIGRP are typically deployed. Because there are two routers, Hot Standby Router Protocol (HSRP) or Gateway Load Balancing Protocol (GLBP) can be used to provide redundancy gateway services. QoS can also be used to provide guaranteed bandwidth for VoIP, and policing can be used to restrict certain traffic classes from overwhelming the available bandwidth. Cisco IOS features such as QoS, access control lists (ACL), and RIP routing capabilities are available in the IP Base feature set, but IP unicast routing and multicast routing require the IP Services feature set.
The medium branch design supports using a higher-density external switch or using the EtherSwitch module with the ISR to create trunks to the external access switches. The Cisco Catalyst 3750 series switches have StackWise technology, allowing multiple switches to be connected and managed as one. This also increases the port density available for end-user connections. With Cisco StackWise technology, customers can create a single, 32-Gbps switching unit that can connect up to nine 3750 series switches using a variety of fiber and copper ports, allowing greater flexibility with the connection options.
Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 7 Q92 A customer has the following Enterprise Campus design requirements:
at least 10 Gbps of bandwidth
network runs of up to 40km
no concern for transmission medium cost
Which transmission medium should you recommend to this customer?
A. unshielded twisted pair
B. shielded twisted pair
C. single-mode fiber
E. multimode fiber
Explanation: Explanation Below is the comparison of transmission media
(Reference from CCDA Official Exam Certification Guide. Some other books have different figures but we
should answer it according to the “Official” book)
In addition to ensuring that you are presented with only the best and the most updated Cisco 640-864 study materials, we also want you to be able to access them simply, whenever you need. Flydumps.com offers all our Cisco 640-864 exam training material in Engine and PDF formats, which is a very common format found in all computers. Regardless of whichever computer you have.