A network engineer is designing a Layer 2 deployment for a company that occupies several floors in an office building. The engineer decides to make each floor its own VLAN but still allow for communication between all user VLANs. The engineer also wants to reduce the time necessary for STP convergence to occur when new switches come online. Which of the following should the engineer enable to accomplish this goal?

1. A. BPDU Guard
2. B. Priority
3. C. Tagging
4. D. Portfast

Correct Answer: D
Enabling PortFast on access ports lets them immediately enter the forwarding state, skipping the STP listening/learning timers, and dramatically speeds up convergence when switches or end-stations come online.

Application development team users are having issues accessing the database server within the cloud environment. All other users are able to use SSH to access this server without issues. The network architect reviews the following information to troubleshoot the issue:
IPAM information:

Traceroute output from an application developer's machine with the assigned IP 192.168.2.7:

Which of the following is themostlikely cause of the issue?

1. A. The core firewall is blocking the traffic.
2. B. Network security groups do not have the correct outbound rule configured.
3. C. The server segment firewall is dropping the traffic.
4. D. The server segment gateway is having bandwidth issues.

Correct Answer: C
The traceroute from 192.168.2.7 reaches the server-segment gateway (192.168.1.1) and then the server-segment firewall (192.168.4.1), but never progresses to the database??s subnet. That indicates the firewall at 192.168.4.1 is blocking or not forwarding packets to 192.168.1.9.

A network architect is designing an expansion solution for the branch office network and requires the following business outcomes:
Maximize cost savings with reduced administration overhead
Easily expand connectivity to the cloud
Use cloud-based services to the branch offices
Which of the following should the architect do to best meet the requirements?

1. A. Design a SD-WAN solution to integrate with the cloud provider; use SD-WAN to connect branch offices to the cloud provider.
2. B. Design point-to-site branch connectivity for offices to headquarters; deploy ExpressRoute and/or DirectConnect between headquarters and the cloud; use headquarters connectivity to connect to the cloud provider.
3. C. Design an MPLS architecture for the branch offices and site-to-site VPN between headquarters and branch offices; use site-to-site connectivity to the cloud provider.
4. D. Design a dark fiber solution for headquarters and branch offices' connectivity; deploy point-to-site VPN between headquarters and the cloud provider; use the headquarters connectivity to the cloud provider.

Correct Answer: A
By deploying SD-WAN you centrally manage and orchestrate all branch connections, minimizing administration overhead, while establishing direct, optimized tunnels into the cloud provider for low-latency, scalable access to cloud services.

An architect needs to deploy a new payroll application on a cloud host. End users' access to the application will be based on the end users' role. In addition, the host mustbe deployed on the 192.168.77.32/30 subnet. Which of the following Zero Trust elements are being implemented in this design? (Choose two.)

1. A. Least privilege
2. B. Device trust
3. C. Microsegmentation
4. D. CASB
5. E. WAF
6. F. MFA

Correct Answer: AC
Least privilege: Granting users access to the payroll app strictly according to their roles enforces the principle of least privilege.
Microsegmentation: Placing the host in its own 192.168.77.32/30 subnet isolates it from other workloads, achieving microsegmentation.

A network administrator is troubleshooting a user's workstation that is unable to connect to the company network. The results of commands the administrator runs on the workstation are shown below:

A router on the same network shows the following output:

Which of the following is themostlikely cause of the issues?

1. A. Asynchronous routing
2. B. IP address conflict
3. C. DHCP server down
4. D. Broadcast storm

Correct Answer: B