Professional Documents
Culture Documents
2
The ability to connect securely to a private network over a public network is
provided by which WAN technology?
DSL
Frame Relay
ISDN
PSTN
VPN
3
Which three statements describe the functions of the Cisco hierarchical network
design model? (Choose three.)
The distribution layer is responsible for traffic filtering and isolating failures from
the core.
Two goals of the core layer are 100 percent uptime and maximizing throughput.
The access layer provides a means of connecting end devices to the network.
4
A network designer is creating a new network. The design must offer enough
redundancy to provide protection against a single link or device failure, yet must not
be too
complex or expensive to implement. What topology would fill these needs?
star
full mesh
partial mesh
extended star
5
Refer to the exhibit. If the firewall module has been correctly configured using best
practices for
network security, which statement is true about the security design for the network?
Servers in the DMZ are protected from internal and external attacks.
Servers in the server farm are protected from internal and external attacks.
Traffic from the external networks is not able to access the servers in the DMZ.
6
Which statement is true about a DMZ in a traditional network firewall design?
A DMZ is designed to provide service for external access but not for internal access.
Servers in the DMZ provide limited information that can be accessed from external
networks.
User access to the DMZ from the Internet and the internal network usually is
treated the same way.
All servers in the enterprise network should be located in a DMZ because of enhanced
security measures.
CCNA Discovery 4.1 - CCNA Discovery Answers
http://ccna-discovery-4.blogspot.com/
7
download and upload documents on the network file server. What network connection
would be
most cost efficient while still meeting the security and connectivity needs of this
teleworker?
8
Refer to the exhibit. The network administrator creates a standard access control list
to prohibit
traffic from the 192.168.1.0/24 network from reaching the 192.168.2.0/24 network
while still
permitting Internet access for all networks. On which router interface and in which
direction
should it be applied?
9
Refer to the exhibit. The server broadcasts an ARP request for the MAC address of its
default
gateway. If STP is not enabled, what is the result of this ARP request?
Router_1 contains the broadcast and replies with the MAC address of the next-hop
router.
Switch_A and Switch_B continuously flood the message onto the network.
CCNA Discovery 4.1 - CCNA Discovery Answers
http://ccna-discovery-4.blogspot.com/
Switch_B forwards the broadcast request and replies with the Router_1 address.
10
What are two best practices in wireless LAN design to ensure secure wireless
access to the corporate network? (Choose two.)
Configure WPA.
11
In a well-designed, high-availability network, which device significantly affects the
most users if a failure occurs?
12
Which two statements are true regarding network convergence? (Choose two.)
In a large network, using the EIGRP or OSPF routing protocols rather than RIPv2
may
improve convergence time.
Using STP at the core layer improves convergence time by allowing the use of
redundant links between devices.
13
Centralizing servers in a data center server farm can provide which benefit over a
distributed server environment?
It is easier to filter and prioritize traffic to and from the data center.
14
Refer to the exhibit. What effect does the ACL shown have on network traffic,
assuming that it is
correctly applied to the interface?
All Telnet traffic from the 172.16.0.0 network to any destination is denied.
All traffic from the 172.16.0.0 network is denied to any other network.
15
Which Cisco IOS function can be configured at the distribution layer to filter
unwanted traffic and provide traffic management?
virus protection
spyware protection
VPNs
16
What kind of ACL inspects outbound UDP, TCP, and ICMP traffic and allows
inbound access only to traffic that belongs to these established sessions?
CCNA Discovery 4.1 - CCNA Discovery Answers
http://ccna-discovery-4.blogspot.com/
dynamic ACL
time-based ACL
reflexive ACL
17
Which three functions are performed at the distribution layer of the hierarchical
network model? (Choose three.)
isolating network problems to prevent them from affecting the core layer
18
Refer to the exhibit. Which two devices are part of the access design layer? (Choose
two.)
Edge2
ISP4
BR4
FC-AP
FC-CPE-1
FC-ASW-2
19
What is true about implementing a centralized server farm topology?
requires direct cabling from the MPOE to enhance the performance of servers
CCNA Discovery 4.1 - CCNA Discovery Answers
http://ccna-discovery-4.blogspot.com/
provides defined entry and exit points so that filtering and securing traffic is easier
20
Refer to the exhibit. What happens when Host 1 attempts to send data?
Frames from Host 1 cause the interface to shut down, and a log message is sent.
Frames from Host 1 are forwarded, and the mac-address table is updated.
21
Which two considerations are valid when designing access layer security?(Choose
two.)
In a large wireless network, the most efficient method to secure the WLAN is MAC
address filtering.
DoS attacks are normally launched against end-user PCs and can be mitigated by
installing personal firewalls on all company PCs.
Disabling unused ports on the switches helps prevent unauthorized access to the
network.
22
What address can be used to summarize only networks 172.16.0.0/24,
172.16.1.0/24, 172.16.2.0/24, and 172.16.3.0/24?
172.16.0.0/21
172.16.0.0/22
172.16.0.0 255.255.255.248
172.16.0.0 255.255.254.0
CCNA Discovery 4.1 - CCNA Discovery Answers
http://ccna-discovery-4.blogspot.com/
23
Which two items in a physical WLAN design can be identified through a site
survey? (Choose two.)
24
Refer to the exhibit. Which two statements correctly describe the benefits of the
network access
layer design that is shown? (Choose two.)
If host A sends a broadcast message, only hosts in VLAN10 receive the broadcast
frame.
If host A attempts to transmit data at the same time as another host, only hosts in
VLAN10 are affected by the collision.
VLANs at the access layer help guarantee network availability by facilitating load
balancing.
25
What are three ways to ensure that an unwanted user does not connect to a
wireless network and view the data? (Choose three.)
Use NetBIOS name filtering between clients and the wireless device.