2017 Apr 200-310 test

Q11. Which two of these practices are considered to be best practices when designing the access layer for the enterprise campus? (Choose two.) 

A. Implement all of the services (QoS, security, STP, and so on) in the access layer, offloading the work from the distribution and core layers. 

B. Always use a Spanning Tree Protocol; preferred is Rapid PVST+. 

C. Use automatic VLAN pruning to prune unused VLANs from trunked interfaces to avoid broadcast propagation. 

D. Avoid wasted processing by disabling STP where loops are not possible. 

E. Use VTP transparent mode to decrease the potential for operational error. 

Answer: B,E 


When designing the building access layer, you must consider the number of users or ports required to size up the LAN switch. Connectivity speed for each host should also be considered. Hosts might be connected using various technologies such as Fast Ethernet, Gigabit Ethernet, or port channels. The planned VLANs enter into the design. 

Performance in the access layer is also important. Redundancy and QoS features should be considered. 

The following are recommended best practices for the building access layer: 

. Limit VLANs to a single closet when possible to provide the most deterministic and highly available topology. 

. Use Rapid Per-VLAN Spanning Tree Plus (RPVST+) if STP is required. It provides the faster convergence than traditional 802.1d default timers. 

. Set trunks to ON and ON with no-negotiate. 

. Manually prune unused VLANs to avoid broadcast propagation (commonly done on the distribution switch). 

. Use VLAN Trunking Protocol (VTP) Transparent mode, because there is little need for a common VLAN database in hierarchical networks. 

. Disable trunking on host ports, because it is not necessary. Doing so provides more security and speeds up PortFast. 

. Consider implementing routing in the access layer to provide fast convergence and Layer 3 load balancing. 

. Use the switchport host commands on server and end-user ports to enable PortFast and disable channeling on these ports. 

. Use Cisco STP Toolkit, which provides 

. PortFast: Bypass listening-learning phase for access ports 

. Loop GuarD. Prevents alternate or root port from becoming designated in absence of bridge protocol data units (BPDU) 

. Root GuarD. Prevents external switches from becoming root 

. BPDU GuarD. Disables PortFast-enabled port if a BPDU is received Cisco Press CCDA 640-864 Official Certification Guide Fourth Edition, Chapter 3, Page 85 

Q12. What are two advantages of employing scalability when designing a campus network? (Choose two.) 

A. reduces operational cost 

B. higher port density 

C. investment protection 

D. consistent operation 

E. improved fault tolerance 

Answer: D,E 

Q13. A dynamically routed private line and a statically routed IPsec tunnel connect two offices. What routing configuration prefers the IPsec tunnel only in the event of a private line failure? 

A. floating static entry 

B. EIGRP variance 

C. bandwidth metric 

D. OSPF maximum paths 


Q14. Where in the network hierarchy should network access control be performed? 

A. backbone 

B. core 

C. access 

D. distribution 


Q15. What business trend allows employees to use personal devices to access enterprise data and systems? 






Q16. Spanning Layer 2 across geographically separate data centers is a key consideration for current data center designs. Which is the name of the NX-OS technology that facilitates MAC in IP transport for Layer 2 VLANs across any IP network? 

A. Overlay Transport Virtualization 

B. Virtual Private LAN Services 

C. Generic Routing Encapsulation 

D. QinQ tunneling 


Q17. Which of the following is a component within the Cisco Enterprise Campus module? 

A. Teleworker 

B. E-Commerce 

C. Internet Connectivity 

D. Building Distribution 

E. WAN/MAN Site-to-Site VPN 






Q20. A customer requests a filtering design based on the need to scan all internet traffic, including remote workers. What solution meets these requirements? 

A. Cisco Cloud Web Security 

B. Cisco Network Admission Control 

C. Cisco Identity Services Engine 

D. Cisco Adaptive Security Appliance