Ojin Enterprise [CORE-1]

CORE - Ojin Enterprise

1. Introduction….

2. Which transport technology is fit to be used to connect the Tyr sites to the Ojin
enterprise network?
a. GRE tunnels over Internet circuits
b. GRE tunnels over leased L3VPN MPLS circuits
c. GRE tunnels over direct DWDM circuits
d. VPNv4 over leased L3VPN MPLS circuits
e. GRE tunnels over leased EVPN circuits
f. VPNv4 over leased EVPN circuits
g. VPNv6 over leased L3VPN MPLS circuits
h. VPNv6 over leased EVPN circuits

3. Which two security or traffic segregation mechanisms must be implemented

to align to Ojin’s policies while maintaining minimum overhead and maximum
availability? (Choose two.)
a. MACsec across the EVPN circuits with IPSec configured in the overlay
connection
b. IPv6 Provider Edge (6PE) over MPLS
c. Transport mode IPSec tunnels across the EVPN circuits with IPSec
configured in the overlay connection
d. Tunnel mode IPSec tunnels across the EVPN circuits with IPSec
configured in the overlay connection
e. IPv6 VPN Provider Edge (6vPE) over MPLS
f. No additional encryption across the EVPN circuits with IPSec configured
in the overlay connection
g. IPv6 VPN over MPLS

https://thinkmo.uno/ | [email protected] | Page No: 1

Ojin Enterprise [CORE-1]

4. Ojin needs to build a universal standard for WAN connectivity moving forward.
Assist Ojin in evaluating which technologies meet the listed requirements.
(Choose all that apply.)

Phase- Phase- Cloud Hierarchical GETVPN IPSEC

Requirements 1 3 Hosted DMVPN over
DMVPN DMVPN SDWAN GRE
Can operate
across the
enterprise and
mission
networks
Aligns with Ojin’s
Security
Policies
Provide dynamic
configuration
for full-mesh
regional site
connectivity
Can operate
across the
regional
and remote sites

Phase- Phase- Cloud Hierarchical GETVPN IPSEC

Requirements 1 3 Hosted DMVPN over
DMVPN DMVPN SDWAN GRE
Can operate X X X X X
across the
enterprise and
mission
networks
Aligns with Ojin’s X X X X X
Security
Policies

https://thinkmo.uno/ | [email protected] | Page No: 2

Ojin Enterprise [CORE-1]

Provide dynamic X X X X
configuration
for full-mesh
regional site
connectivity
Can operate X X X
across the
regional
and remote sites

https://thinkmo.uno/ | [email protected] | Page No: 3

Ojin Enterprise [CORE-1]

5. While performing a cost analysis of the SD-WAN solution, which statement is

accurate?
a. SD-WAN will lower overall circuit costs because there is no redundancy
requirement for remote sites due to higher reliability of an SD-WAN
solution and the self-healing nature.
b. SD-WAN will lower Ojin’s capital expenditure over the next five years as
fewer routers will be required in the next lifecycle refresh.
c. SD-WAN will lower initial labor costs by reducing the time-to-deploy of
Tyr’s new WAN environment.
d. SD-WAN will lower operating costs over the next five years through the
standardization and automation capabilities of the SD-WAN platform.

6. Which underlay routing protocol design can be recommended for the new Tyr
section of the enterprise WAN environment?
a. Create a separate OSPF instance for Tyr WAN connectivity and perform
mutual redistribution with the Ojin IS-IS network.
b. Create separate IS-IS Level for Tyr WAN connectivity and perform an
interlevel advertisement with the Ojin IS-IS network.
c. Create a separate OSPF instance for Tyr WAN connectivity and perform
inter-AS Option A between the two topologies.
d. Use BGP in the underlay environment and peer directly over leased EVPN
circuits between Tyr and Ojin environments.
e. Create a separate IS-IS instance for Tyr WAN connectivity and perform
inter-AS Option A between the two topologies.
f. Integrate Tyr WAN connectivity with Ojin’s existing single-level IS-IS
topology.

7. Which project management methodology is the best fit for Ojin use to
complete the hierarchical DMVPN and EVPN circuit implementation?
a. Agile
b. Scrum
c. Lean
d. Waterfall

https://thinkmo.uno/ | [email protected] | Page No: 4

Ojin Enterprise [CORE-1]

7.a Why is Waterfall the appropriate methodology for this project?

a) The project has a predictable timeline and sequential activities.
b) The project supports flexible deadlines with ambiguous requirements.
c) The project lends itself to continuous delivery of incremental value.
d) The project is a long-term effort where structure and standardization will
provide value.

7.b Create an implementation plan to deploy hierarchical DMVPN over IPv6 as

the universal WAN solution for Ojin and the acquired Tyr networking
environments. Drag the steps on the left to the correct order on the right.

Options Target
Order
Configure Phase-3 DMVPN between the regional sites and
Phase-1 DMVPN to
the Tyr remote sites
Verify CE to CE undelay connectivity between all the sites
Verify full connectivity across all the Ojin’s and Tyr locations
Advertise the local routes into BGP at the Tyr locations
Configure the ISP connection in the Sydney office to use BGP
and dynamically
accept all the Tyr and Ojin’s routes
Verify CE to CE overlay routing between all the sites
Configure BGP peering across the DMVPN tunnels
Configure BGP peering between the Ojin’s PE routers and the
Tyr PE routers by using the VPNv6 address family over MPLS and
IS-IS underlay routing

Options Target Order

Configure BGP peering between the Ojin’s PE routers and the Tyr PE
routers by using the VPNv6 address family over MPLS and IS-IS
underlay routing
Verify CE to CE undelay connectivity between all the sites
Configure Phase-3 DMVPN between the regional sites and Phase-1
DMVPN to the Tyr remote sites

https://thinkmo.uno/ | [email protected] | Page No: 5

Ojin Enterprise [CORE-1]

Configure the ISP connection in the Sydney office to use BGP and
dynamically accept all the Tyr and Ojin’s routes
Configure BGP peering across the DMVPN tunnels
Verify CE to CE overlay routing between all the sites
Advertise the local routes into BGP at the Tyr locations
Verify full connectivity across all the Ojin’s and Tyr locations

8. Which two topology changes can Ojin make to the Tyr tactical environment to
resolve the routing issues observed? (Choose two.)
a. Integrate the tactical PoP into the LAN OSPF topology.
b. Migrate connectivity between the tactical PoP and the LAN from static
routing to BGP.
c. Use interface tracking on the connection from the tactical PoP to the LAN
and float the backup static route with an SLA tracker on the primary
static route.
d. Integrate the mobile communication kits into the LAN OSPF topology.
e. Remove the tactical PoP and migrate the mobile communication kit
tunnels to the WAN routers.

9. Ojin is interested in removing the legacy tactical PoP of Tyr. What is required to
secure the traffic of the mobile communication kits?
a. Implement a zone-based firewall on the WAN routers with the security
policy from the tactical PoP firewalls.
b. Configure uRPF strict mode on the interfaces of the mobile
communication kits.
c. Isolate the mobile communication kit traffic from the enterprise LAN via
VRF separation on the WAN routers.
d. Perform route filtering between a stub area at the remote sites and OSPF
area 0 at the hub.
e. Use an SSL VPN from remote clients over an IPSec-enabled DMVPN that
terminates on the WAN routers.

https://thinkmo.uno/ | [email protected] | Page No: 6

Ojin Enterprise [CORE-1]

10. Which two recommendations address the issues experienced by Ojin with the
Tyr mobile communication kits while minimizing costs and deployment time?
(Choose two.)
a. Reengineer connectivity of the mobile communication kits with regards
to routing protocol choice and configuration.
b. Perform a lifecycle refresh of the mobile communication kit routers with
higher end hardware that can support the requirements of the OSPF
protocol.
c. When unencrypted traffic is detected, send an event to security
information and event management (SIEM) residing in the Ojin data
center.
d. Implement security information and event management (SIEM) for the
Tyr network in the Sydney data center and configure the mobile
communication kit routers to send analytic data.
e. Migrate connectivity back to the tactical PoP as a temporary solution
until a lifecycle refresh of the mobile communication kit routers can be
performed.

11. Which routing protocol change sufficiently limits the resource requirements on
the mobile communication kit routers without losing any capabilities?
a. Migrate the mobile communication kits to BGP and perform mutual
redistribution on the WAN routers.
b. Use EIGRP on the remote routers to advertise networks dynamically to
the WAN routers and perform one-way redistribution on the WAN routers
from EIGRP to OSPF.
c. Use static routing on the remote and WAN routers and perform one-way
redistribution on the WAN routers from static to OSPF.
d. Break out the mobile communication kit tunnels into an OSPF stub area
and limit link-state advertisement (LSA).

https://thinkmo.uno/ | [email protected] | Page No: 7

Ojin Enterprise [CORE-1]

12. Ojin is evaluating deploying multicast to allow for the drone feeds to be sent to
both headquarter locations. What is the appropriate RP location, which RP
reduncancy method can be used, which RP discovery method must be used,
and which mode of multicast operation fits the use case best?

The RP function is best placed at You will see a dropdown here

Data center routers
Headquarter WAN router
Mobile communication kit router

utilizing You will see a dropdown here

Anycast RP with MSDP
Primary and secondary RPs that use
MSDP
A primary RP with a shadow RP that
uses
MSDP

as the RP redundancy method, You will see a dropdown here

with relevant network Auto RP
infrastructure set to learn about
BSR
the RP location through
Static RP

.The best fit for multicast mode of You will see a dropdown here
operation is bi-dir
dense
SSM
sparse

https://thinkmo.uno/ | [email protected] | Page No: 8

Ojin Enterprise [CORE-1]

13. Which two options will enhance the quality of the mobile communication kit
connectivity? (Choose two.)
a. Mark FMV traffic as EF and use a priority queue on the mobile
communication kit router.
b. Use traffic policing on the WAN router.
c. Use traffic shaping on the mobile communication kit router and the WAN
router.
d. Use traffic shaping on the WAN router only.
e. Mark non-essential web traffic from user laptops as best effort.
f. Use traffic policing on the mobile communication kit router.
g. Mark essential traffic from user laptops with a higher priority and queue.

14. What can be implemented to detect when traffic is being sent unencrypted?
a. syslog monitoring on both the WAN and remote routers
b. physical hardware test access points (TAPs) placed inline between the
remote routers and the WAN routers at the hub site
c. SNMP monitoring on both the WAN and remote routers
d. IPFIX monitoring on both the WAN and remote routers
e. an inline IDS between the remote routers and the hub site WAN routers
with custom signatures to identify unencrypted network traffic

15. Which two additional details are required to determine whether Tyr’s hosting
strategy meets the application requirements? (Choose two.)
a. the bandwidth requirements of the Tyr applications
b. the latency measurements between sites
c. the latency requirements of the Tyr applications
d. the maintenance windows for each application
e. the classification of Tyr’s applications into availability tiers
f. the bandwidth utilization between sites

https://thinkmo.uno/ | [email protected] | Page No: 9

Ojin Enterprise [CORE-1]

16. What is the most cost-effective hosting strategy that meets Tyr’s application
requirements and Ojin’s standards?
a. Deploy a new data center in the existing server room at Tyr’s Perth site
and distribute all the applications to both data centers.
b. Deploy a new data center in the existing server room at Tyr’s Tokyo site
and distribute all the applications to both data centers.
c. Deploy a new data center in the existing server room at Tyr’s Tokyo site
and distribute all the applications to both data centers, except the XYZ-
Datastore application.
d. Deploy a new data center in the existing server room at Tyr’s Perth site
and only distribute the XYZ-Datastore application to both data centers.
e. Deploy a new data center in a colocation facility within Sydney and
distribute all the applications between the two data centers.

17. Which applications currently meet the RPO and RTO requirements? Select the
requirements met by each application. (Choose all that apply.)

Application Meets the RPO Meets the RTO

App A
App C
App D
XYZ Datastore

Application Meets the RPO Meets the RTO

App A X X

App C X X
App D X
XYZ Datastore X

https://thinkmo.uno/ | [email protected] | Page No: 10

Ojin Enterprise [CORE-1]

18. What is the most efficient way to connect the users in Cape Town to the cloud-
hosted instance of XYZ-Datastore?
a. A point-to-point IPSec tunnel over the Internet to a cloud on-ramp
provider.
b. A point-to-point IPSec tunnel over the Internet between Cape Town’s
XYZ-Datastore server and the cloud-hosted server.
c. point-to-point IPsec tunnel between Cape Town’s Internet gateway and
a cloud-hosted Internet gateway.
d. A secure access service edge (SASE) provider connecting Cape Town to
the cloud.
e. A leased line circuit from a local provider connecting Cape Town to a
cloud on-ramp provider.

https://thinkmo.uno/ | [email protected] | Page No: 11

Ojin Enterprise [CORE-1]

19. What are two recommendations to provide a flexible, scalable, and future-
proof design to enable Ojin to be well positioned for the future? (Choose two.)
a. Implement an SD-WAN hub device in the cloud provider and implement
an SD-WAN router at each headquarters on the enterprise network.
b. Implement leased lines for the enterprise network in each regional office
to the cloud provider.
c. Deploy a local cloud region and an instance of XYZ-Datastore in each
city where Ojin has an office.
d. Configure each cloud region as a DMVPN peer site to all the regional
DMVPN hub locations for the enterprise network.
e. Instantiate a new cloud region and deploy XYZ-Datastore when and
where needed.
f. Implement MPLS connectivity between the backbone MPLS provider and
the cloud provider for the enterprise network.

20. Which design meets the objectives within Ojin’s network standards?
a. Implement a leased line from the cloud provider and connect it to the
mission network.
b. Implement a firewall between the mission network and the Internet at
each headquarters and build an IPSec tunnel to the cloud provider.
c. Implement a Layer 7 proxy between the mission network and the
enterprise network that only allows one-way uploads.
d. Implement route leaking from the enterprise network to the mission
network for cloud provider routes.

https://thinkmo.uno/ | [email protected] | Page No: 12

Ojin Enterprise [CORE-1]

21. Which design meets the objectives within Ojin’s network standards?
a. Implement a leased line from the cloud provider and connect it to the
mission network.
b. Implement a firewall between the mission network and the Internet at
each headquarters and build an IPSec tunnel to the cloud provider.
c. Implement a Layer 7 proxy between the mission network and the
enterprise network that only allows one-way uploads.
d. Implement route leaking from the enterprise network to the mission
network for cloud provider routes.

22. Drag and drop the application types from the left onto the corresponding
service provider queues based on the Ship4U requirements. Not all targets will
have an option.

Options Gold Silver Bronze Best Effort

Telephony
Video surveillance
Network control
Call signalling
Network
management
Point-of-sale
Web, Youtube
Email, FTP, backup

Options Gold Silver Bronze Best Effort

Telephony Call Network Web, Youtube
signalling management
Video Network Email, FTP,
surveillance control backup
Point-of-
sale

https://thinkmo.uno/ | [email protected] | Page No: 13

Ojin Enterprise [CORE-1]

23. After investigating the Internet application performance issue, you have
determined that the data center proxy server and firewall are performing well,
but there are intermittent issues with the Internet circuit experiencing
congestion and packet loss due to overutilization. Which two
recommendations or solutions will address the problem? (Choose two.)
a. Increase the Internet bandwidth at the Washington D.C. data center.
b. Increase the Internet bandwidth at the Brussels data center.
c. Route traffic from remote sites via the regional hub rather than
backhauling to the data center.
d. Implement a cloud security stack with CBFW, SWG, DNS security and
CASB functionality.
e. Use local breakout to route Internet traffic directly from remote sites
using local Internet connectivity.
f. Deploy firewalls to the regional hubs that will route internet traffic.

24. What can be done to provide the required application access?

a. Implement a 6-to-4 application proxy.
b. Configure the NAT64 and DNS64 gateway services for application
access.
c. Implement IPv6 6to4 automatic tunneling.
d. Configure the Internet firewall to perform network address translation of
the IPv4 application address to the local IPv6 address.
e. Enable dual stack on the Internet firewall to support access to the
external application.

https://thinkmo.uno/ | [email protected] | Page No: 14

Ojin Enterprise [CORE-1]

25. What is the recommendation for Ojin to address the application performance
issue given all the business constraints?
a. Deploy a new data center in Ojin’s existing Rome site and replicate the
XYZ-Datastore application to this location.
b. Deploy a read replica of the XYZ-Datastore application to a private
cloud instance from a cloud service provider region in South Africa.
c. Deploy a new data center in Tyr’s existing Cape Town site and replicate
all the applications to this location.
d. Deploy a new data center in a colocation facility provider in
Johannesburg and replicate all the applications to this location.

https://thinkmo.uno/ | [email protected] | Page No: 15

Ojin Enterprise [CORE-1]

26.Check the boxes to indicate to which multicast routing protocol the listed
features or requirements pertain. (Choose all that apply.)

Multicast Shared Auto Phantom Anycast IGMPv3 BSR

Routing Tree RP RP RP
Protocol
PIN-DM
PIM-SM
PIM-SSM
BIDIR-PIM

Multicast Shared Auto Phantom Anycast IGMPv3 BSR

Routing Tree RP RP RP
Protocol
PIN-DM
PIM-SM X X X X
PIM-SSM X
BIDIR-PIM X X X X

https://thinkmo.uno/ | [email protected] | Page No: 16

Ojin Enterprise [CORE-1]

27. Drag the relevant options on the left to the targets on the right in any order.
(Not all options will be used.)

Options Target
IGMPv3 feature
Multicast Routing feature
PIM sparse mode feature
mLDP feature
Auto-RP feature
PIM dense mode
Phantom RP
MSDP
BSR
RPF
Anycast loopback in each data
center

Options Target
IGMPv3 Multicast Routing
PIM sparse mode
MSDP
mLDP Anycast loopback in each data
center
Auto-RP BSR
PIM dense mode
Phantom RP

RPF

https://thinkmo.uno/ | [email protected] | Page No: 17

Ojin Enterprise [CORE-1]

28. Which three actions and technologies must the Ship4U network team
implement to resolve the issue? (Choose three.)
a. Deploy QoS.
b. Q-in-Q.
c. Map applications to service provider classes.
d. traffic engineering.
e. Classify applications.
f. policy-based routing.
g. CoPP.

https://thinkmo.uno/ | [email protected] | Page No: 18