As a part of a network design, you should tighten security to prevent man-in-the-middle. Which two security options ensure that authorized ARP responses take place according to know IP-to-MAC address mapping? (Choose two)
A. DHCP snooping
B. ARP spoofing
C. ARP rate limiting
D. Dynamic ARP Inspection
E. Port security
Which design benefit of Bridge Assurance is true?
A. It prevents switched traffic from traversing suboptimal paths on the network.
B. It prevents switched loops caused by unidirectional point-to-point, link condition on Rapid PVST+ and MST
C. It allows small unmanaged switches to be plugged into ports of access scenes without the risk of switch loops.
D. It suppresses a spanning-tree topology change upon connecting and disconnecting a station on a port.
Which two statements about AToM are true? (Choose two)
A. It encapsulates Layer 2 frames at the egress PE
B. When using AToM, the IP precedence filed is not copied to the MPLS packet
C. AToM supports connecting different L2 technologies using interworking option
D. The loopback address of the PE router must be either /24 or /32
E. It provides support for L2VPN features on ATM interfaces
What is an effect of using ingress filtering to prevent spoofed addresses on a network design?
A. It reduces the effect of DDoS attacks when associated with DSCP remaking to Scavenger
B. It protects the network infrastructure against spoofed DDoS attacks
C. It filters RFC 1918 addresses
D. It classifies bogon traffic and remarks it with DSCP bulk
Which major block is not included in the ETSI network Function Virtualization reference framework?
A. Network Function Virtualization Infrastructure
B. Network Function Virtualization Management and Orchestration
C. Network Function Virtualization Policy Manager
D. Virtualized Network Function/ Element Management Systems
How can a network designer reduce the amount of LSA flooding occurring in a large, single area fully-meshed OSPF topology?
A. Implemented passive OSPF interfaces on the routers not participating on the DR/BDR election.
B. Use access control lists to control outbound advertisements.
C. Ensure DR and BDR routers are placed optimally in the topology.
D. Place all point-to-point links in their own dedicated areas.
Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)
A. Solution should be resistant to sensor failure.
B. Solution should allow for stream normalization.
C. Solution should not impact jitter and latency for voice traffic.
D. Solution should allow for signature-based pattern matching.
E. Solution should allow to deny packets inline.
Which two options are two advantages of summarizing networks at the aggregation layer rather than at the core? (Choose two.)
A. It prevents the core from having unnecessary routes.
B. It no longer needs a core layer.
C. It prevents black hole routing.
D. It avoids network-wide impact upon VLAN changes local to the aggregation devices.
E. it allows for optimal routing
A data center provider has designed a network using these requirements
Two data center sites are connected to the public internet
Both data centers are connected to different Internet providers
Both data centers are also directly connected with a private connection for the internal traffic can also be at this direct connection The data center provider has only /19 public IP address block
Under normal conditions, Internet traffic should be routed directly to the data center where the services are located.
When one Internet connections fails to complete traffic for both data centers should be routed by using the remaining Internet connection in which two ways can this routing be achieved? (Choose two)
A. One /20 block is used for the first data center and the second /20 block is used for the second data center. The /20 block from the local data center is sent out without path prepending and the /20 block from the remote data center is sent out with path prepending at both sites
B. One /20 block is used for the first data center and the second /20 block is used for the second data center. Each /20 block is only sent out locally. The /19 block is sent out at both Internet connections for the backup case to reroute the traffic through the remaining internet connection
C. One /20 block is used for the first data center and the second /20 block is used for the second data center. The /20 block from the local data center is sent out with a low BGP local preference and the /20 block from the remote data center is sent out with a higher BGP local preference of both sites
D. BGP will always load-balance the traffic to both data center sites
E. One /20 block is used for the first data center and the second /20 block is used for the second data center. The /20 block from the local data center is sent out with a low BGP weight and the /20 block from the remote data center is sent out with a higher BGP weight at both sites
F. The data center provider must have an additional public IP address block for this routing
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cisco exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 352-011 exam preparations and Cisco certification application, do not hesitate to visit our Vcedump.com to find your solutions here.