Share your ARCH Experience

Q88 Which enterprise caching mode eliminates the need for Layer 4 switches or WCCP enabled routers to intercept user requests?
(A) transparent
(B) proxy
(C) reverse proxy
(D) direct

http://www.cisco.com/en/US/docs/app_ntwk_services/waas/acns/v42/configuration/guide/overview.html Proxy Caching: In a proxy caching setup where the clients browses are set to point directly to the cache engine on a predetermined port the calculation of savings is straight forward.

Transparent Caching: In a transparent caching setup, where no settings are required in the clients browser and traffic is intercepted at a router and sent to the cache using the Web Cache Communications Protocol(WCCP), the calculation of saving is just as straight forward.

In nontransparent caching, the user specifically sends all the requests to the Content Engine. The Content Engine acts on behalf of the client as a proxy.

In reverse-proxy caching mode, the Content Engine acts as a proxy on behalf of the origin server.

All of the above if I’m reading it correctly needs a WCCP enable router. That would leave direct as the only remaing good option. I found this somewhere else first, I believe in JTA edited version. Best I could find.

Q121 What are disadvantages to storage directly attached to the application servers?
A. reliability
C. redundancy

Both should be reliable, i.e. RAID, ect.
SANs usually have redundancy built it in with dual controller and such.

Q124, I see you do have Layer 2 mode, which I agree with.

Q133 To ensure voice packets are kept within the Committed Information Rate (CIR) of a Frame Relay link, what should be used in the CPE
(C) fragmentation
(D) traffic shaping

While traffic shaping is an attractive option and my first one, fragmentation makes a case. Traffic shaping would keep it under the CIR, but quality might suffer. Fragmenation would help with the quality.

Just opening this up for discussion

Q188 exhibit
B. It is currently the most widely deployed in the tnerprise data centers
D. It s a looped triangle that achieves resiliency with daul homing and STP

If the dual homing reference is for the host, then I believe the answer is B. If the dual homing reference is the Access layer switch then I believe the answer is D.

Sure wish I knew which one they mean.

Q189 Which statments about Network Attached Storage are correct?
A. Data is accessed using NFS or CIFS
B. Data is accessed at the block level
C. NAS is referred to as captive storage
D. Storage devices can be shared between users
E. A NAS impelmenation is not as fast as a DAS implementation

My opinion:
A & D

SAN has data accessed at block level, haven’t found anything about that for DAS or NAS.
DAS is referred to as captive storage.
I believe as SAN impelementation is faster than DAS, mainly due to caching and such, can’t find references to say DAS is faster than NAS.

Q191 Which statement about Fiber Channel communications is correct?
A. It operates much like TCP
E. N_Port to N_Port connections use a logical mode connection points

My opinion, it doesn’t operation like TCP and N_Port is logical. I read it some where but don’t have the reference.

Asad,
Sorry for all of the posts, did them as I just went through your edited version and posted any that I had doubts. You are welcome to prove me wrong. I know you are taking the exam on Friday and the later entries I didn’t have time to research references, just went with memory or notes.

Q84 To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?

(C) GRE with IPSec in transport mode

is the correct answer. This is the most widely used implementation for dynamic routing over IPsec.

Q49 Which two design concerns must be addressed when designing a multicast implementation

(A) only the low-order 23 bits of the MAC address are used to map IP addresses
x (D) only the low-order 23 bits of the IP address are used to map MAC addresses
(F) the 0x01005e MAC address prefix is used for mapping IP addresses to MAC addresses

This is known as igmp snooping and this is the correct answer, as crabber said! (snooping is used on switches and this is L2 operation)

Q18 From a design perspective which 2 OSPF statements are most relevant
(A) OSFP stub areas can be thought of as a simple form of summarization (pg 111 2nd edition)
(B) OSFP cannot filter intra area routes (pg 111 2nd edition)
(D) Performance issues in the Backbone area can be offset by allowing some traffic to transit a non-backbone area

A & D are correct. B is not. OSPF CAN filter intra routes.
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/routmap.html

Concerning the BGP question:

Q7 When designing the IP routing for the Enterprise Campus network, which of these following two iBGB considerations should be taken into account
(C) Routers will not advertise iBGP learned routers to other iBGP peers
(D) Use of route reflectors or Confederation eliminate any full mesh requirement while helping to scale iBGP.

Are in my opinion the correct answers.

Benefits of ESM

D) includes a predefined framework for filtering and correlating messages

I think this is the correct answer. http://www.cisco.com/en/US/docs/ios/12_3t/12_3t2/feature/guide/gt_esm.html

Syslog Filter Modules
To process system logging messages, the ESM uses syslog filter modules. Syslog filter modules are merely scripts written in the Tcl script language stored in local system memory or on a remote file server. The ESM is customizable because you can write and reference your own scripts.
Syslog filter modules can be written and stored as plain-text files or as precompiled files. Tcl script pre-compiling can be done with tools such as TclPro. Precompiled scripts allow a measure of security and managed consistency because they cannot be edited.

Correlate:
In Tcl it is possible to queue commands for processing in the future by using the after Tcl command. The most common use of this command is to correlate (gather and summarize) events over a fixed interval of time, called the “correlation window”. Once the window of interest expires, the filter will need to “wake up”, and calculate or summarize the events that occurred during the window, and often send out a new syslog message to report the events. This background process is handled by the ESM Event Loop process, which allows the Tcl interpreter to execute queued commands after a certain amount of time has passed.

Crabber, KIKO, Asad, CCDP

Thank you for you help guys. I created the JTA file.

Please list any questions that you guys feel is not correct with a short refrence to why Cisco press books and refrences guides and I will make changes and re-post

Asad,

Q66

The FCIP and iSCSI stacks support block-level
storage for remote devices
Although they have similarities, these protocols also differ. FCIP is Fibre Channel encapsulated in IP. Its purpose is to provide connectivity between
two separate SANs over a WAN

so my opinion – FCIP

Gentlemen, please share your CCDP study material. I cannot seem to find it anywhere on the net. I desperately need a PDF version of the book.

Anyone here to help? Thanks in Advance.

Jerry can you share JTA?

Asad,
Q68
may be A. – 19 subnets (1+16)

Kiko,
Q84 To securely transport EIGRP traffic, a network administrator will build VPNs between sites. What is the best method to accomplish the transport of EIGRP traffic?

(pg 487 ARCH 3rd edition)
Use tunnel protection mode to associate a GRE tunnel with the IPsec profile on the same router. Tunnel protection mode specifies that IPsec encryption is performed after the GRE headers are added to the tunnel packet. Both ends of the tunnel need to be protected.

Use IPsec in tunnel mode.

Interestingly enough our DMVPN implementation is using transport mode for IPSec. I believe I tried to change it to tunnel mode once and it didn’t work. It’s been a few years ago.

Kiko,
Q18 From a design perspective which 2 OSPF statements are most relevant

You are correct, I misread the guide and it makes sense that you can filter intra area routes.

OSPF cannot filter prefixes within an area. It only filters routes as they are passed between areas at an Area Border Router (ABR).

Kiko,
Benefits of ESM

Asad brought up an interesting point on the wording of the answer. The answer uses “predefined” while the guides use “programmable”.

I’m still leaning on
D) includes a predefined framework for filtering and correlating messages

instead of
(E) supports two logging processes so output can be sent in standard and ESM format

I don’t believe there are two processes, just multiple output formats.

Mapi,
Q66 The question is Which protocol would provide block access to remote storage over WAN links?
I believe the key is “over WAN links”

So my opinion is iSCSI

Colleagues,

Q88
I think “direct”

crabber,

you’re right for Q66

Q88 must be removed from CCDP Dump.

http://www.examcollection.com/cisco/Cisco.Actualtest.642-874.v2011-11-14.by.JTA.274q.vce.file.html

crabber,
standard implementation of GRE over IPsec is in transport mode. So I would go with this answer. It does not make sense in this scenario to tunnel already tunneled IP packets. (although it can be done) You can see this also in config guides – usually the outside IPs are used for allowing GRE traffic as the crypto ACL.
Also the destination IP of the tunnel is the outside IP of the router or the firewall.
Usually tunnel mode is used for standard lan-to-lan IPsec tunnels.
DMVPN is another type of IPsec implementation with additional functionality: multipoint GRE tunnels and NHRP is used to build adj. So one tunnel interface can be used for many spokes.
for the ESM question, I think you are right!
cheers

Kiko,
Just seems odd the ARCH 3rd edition only talks about IPsec in tunnel mode.

http://www.ciscopress.com/articles/article.asp?p=25477
Tunnel mode is most commonly used between gateways, or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it.

Transport mode is used between end-stations or between an end-station and a gateway, if the gateway is being treated as a host—for example, an encrypted Telnet session from a workstation to a router, in which the router is the actual destination.

Since the question has VPN between sites, wouldn’t tunnel mode be more appropriate? I know all of the dumps say transport mode. Not trying to convince anyone, just trying to understand.

crabber

for Q189, NAS share files between users not storage device.

Asad,
I would agree.

Q189 Which statments about Network Attached Storage are correct? (Choose two.)
A. Data is accessed using NFS or CIFS
D. Storage devices can be shared between users

Asad,
Q189, just re-read your message. Found this:
(pg 264 2nd edition study guide) Storage devices can be shared between servers and between users.
So I believe D is a correct answer.

I am glad you guys are working on this. It will take me a while to process all of the comment the last couple of days. Just to let you know. I took the test this week and failed with a 776 (by one or 2 questions :( )
Because of all the dispute on the vce files i spent the money on the pass4sure material. Even there answers are not very good, as I was got 98% just before the test and still failed. Not sure if anyone knows the correct answers. I have not seen where anybody has passed with a high score.

Netflow layer 2 and 3, but nbar layer 3 to 7… well the answer nbar 3-4 also correct but netflow is not…

Q81 You are the Cisco Network Designer in Cisco.com. Which statement is correct regarding NBAR and NetFlow.
Per our previous discussion. Your edited dump has
B) NBAR examines data in Layers 3 and 4.

I’m with you via the thread that it should be
(C) NetFlow examines data in Layers 3 and 4.

Thank GOD. Today i passed with 916. there was 3-4 new questions but i can’t remember them .

Thanks Guys for your help.

Good luck

Netflow is layers 2 – 4. It examines:
• IP source address (layer 3)
• IP destination address
• Source port (layer 4)
• Destination port
• Layer 3 protocol type
• Class of Service (layer 2)
• Router or switch interface

Asad, congratulations. Thanks for your help.

Cangradulations Asad! Any feedback would be helpful. I think the new questions are experimental, but I of course could be incorect.

http://www.cisco.com/en/US/customer/technologies/tk543/tk759/technologies_white_paper0900aecd8031b712_ps6616_Products_White_Paper.html
NBAR performs the following two functions:
1. Identification of applications and protocols (Layer 4 to Layer 7)
2. Protocol discovery

All of the work I’ve done with NBAR has to do with starting at layer 4 (ports).

congratulations Asad.
If you can remember some of the new questions please share them with us.

Asad, Fred

Please share your study material for 642-874? Do you have a kindle or PDF version of official study guide?

Please dont ignore Gentlemen, help each other.

Thanks

congrats Asad .can you share you’re vce file…

Kiko,
back to Q18 From a design perspective which 2 OSPF statements are most relevant?

(pg 118 3rd edition) Because OSPF cannot filter routes within an area, there still will be within-area flooding of link-state advertise-
ments (LSA)

I think “(B) OSFP cannot filter intra area routes” is a correct statement. Still haven’t found any reference to support “(D) Performance issues in the Backbone area can be offset by allowing some traffic to transit a non-backbone area”

(pg 142 3rd edition) In general, the recommendation is to avoid virtual links when you have a good alternative. OSPF virtual links depend on area robustness and therefore are less reliable than a physical link. Virtual links add complexity and fragility; if an area has a problem, the virtual link through the area has a problem. Also, if you rely too much on virtual links, you can end up with a maze of virtual links and possibly miss some virtual connections.

That’s why I have trouble with answer:
(D) Performance issues in the Backbone area can be offset by allowing some traffic to transit a non-backbone area

@crabber
Sorry misstyping netflow layer 2-4 meaning includin ports and tcp flags too…But the others correct %100

NetFlow and NBAR both leverage Layer 3 and 4 Header Information

NetFlow
Monitors data in Layers 2 thru 4
Determines applications by port
Utilizes a 7-tuple for flow

NBAR
Examines data from Layers 3 through 7
Uses Layers 3 & 4 plus packet inspection for classification
Stateful inspection of dynamic-port traffic

000000000000000000000000000000

http://www.cisco.com/en/US/docs/nsite/enterprise/wan/wan_optimization/chap04.html
4.3.3 NBAR

•Source IP address

•Destination IP address

•Source port

•Destination port

•L3 protocol type

NetFlow and NBAR both leverage L3 and L4 header information. However, unlike NetFlow, NBAR also examines data from L3-L7. NBAR uses L3 and L4 and packet inspection for classification, and supports stateful inspection of dynamic-port traffic. NBAR also requires a set number of packets before making a protocol distinction.

Ben,
That Cisco document does clearly states NBAR is Layer 3 – 7. That would make both answers correct. I don’t believe it was on the exam I took. If it’s on the next one, I hope they change the question or the answers because I wouldn’t have a coin to flip (they make you empty your pockets) :-)

that’s correct and i aggree, take care

Hi, I see on comment and very confuse of answer every one please correct all
answer on one comment
Thank so much

Q. Which two design recommendations are most appropriate when EIGRP is the data center core routing protocol?
A. Summarize data center subnets.
B. Use passive interfaces to ensure appropriate adjacencies.
C. Tune the EIGRP timers to enable EIGRP to achieve quicker convergence.
D. Adjust the default bandwidth value to ensure proper bandwidth on all links.
E. Advertise a default summary route into the data center core from the aggregation layer

(pg 62 3rd edition) As a recommended practice, limit unnecessary routing peer adjacencies by configuring the ports toward Layer 2 access switches as passive and thus suppress the advertising of routing updates.
(C) should be using equal paths, so no need to tune
(D) should be using same speed interfaces between so should not need to change bandwidth
(E) how can you have equal paths between core and aggregation data center layer if just advertise default summary route?

My opinion is A & B. Interesting in other opinions.

Help please fellow testers!
Question 233 – Which statement about Fibre Channel communications is correct?
Which is correct?
A. It operates much like TCP.
or
E. N_Port to N_Port connections use logical node connection points.
The study guide states the following on page 267:
~Fibre Channel communications are point-to-point oriented. A session is
established between the two points through the device login. This session
establishment is similar to TCP session establishment.
• Fibre Channel supports a logical node connection point between node ports
(N_ports). This is similar to TCP and UDP sockets.
Thanks much!

Question 233 – Which statement about Fibre Channel communications is correct?

(pg 322 3rd edition)
Fibre Channel communications is similar to TCP, lists 5 examples with N_port as described below
Fibre Channel supports a logical node connection point between node ports (N_ports). This is similar to TCP and UDP sockets.

My opinion: it may communicate similar to TCP I don’t think it “operates” like TCP. Book has almost exact phrase for N_port. Unless someone can convince me otherwise, I’m going to answer:

E. N_Port to N_Port connections use logical node connection points.