|
Question 1.
What does the FIND_MENU_ITEM built-in function DONOT return?
A. The internal ID of a menu.
B. The internal ID of a menu item.
C. The internal ID of a menu module.
D. The internal ID of form module to which the menu is attached.
Answer: A, C, D
Question 2.
You are creating a form that will access an Oracle8 database. On which two sources can you base a form? (Choose two)
A. BFILE
B. REF column
C. Object table
D. Column object
E. INSTEAD-OF trigger.
Answer: A, E
Explanation:
BFILE and INSTEAD-OF Triggers are supported in Oracle Forms.
Question 3.
Which two statements DONOT describe the functionality of the DO_KEY built-in? (Choose two)
A. It accepts both a built-in and a key name as argument.
B. If no key trigger is defined, the specified built-in executes
C. its parameter must be specified in upper case, enclosed in single quotation marks.
D. It performs the same task as if you pressed the function key associated with the specified argument.
E. It executes the key trigger that corresponds to the built-in specified as its parameter.
Answer: A, C
Explanation:
The DO_KEY built-in function executes the key trigger associated with the built-in that is specified as its parameter. If no associated key trigger exists, then the specified built-in subprogram executes. For example, DO_KEY('EXIT_FORM'), when executed, will search for a Key-Exit trigger. If it does not find a Key-Exit trigger, it will execute the EXIT_FORM built-in. DO_KEY accepts built-in names only, not key names: DO_KEY(ENTER_QUERY). To accept a specific key name, use the EXECUTE_TRIGGER
Question 4.
Which built-in would you reference in your trigger code to change report properties programmatically?
A. FIND_REPORT_OBJECT
B. CANCEL_REPORT_OBJECT
C. REPORT_OBJECT_STATUS
D. SET_PROPERTY OBJECT_PROPERTY
Answer: D
Explanation:
The SET_REPORT_OBJECT_PROPERTY built-in is used to change report properties programmatically.
The CANCEL_REPORT_OBJECT built-in cancels a long-running, asynchronous report.
You should verify the report is canceled by checking the status of the report using REPORT_OBJECT_STATUS.
The DELETE_TIMER built-in deletes the given timer.
Question 5.
Which trigger can be used to display the calendar manually?
A. List icon
B. Object group
C. PL/SQL library
D. Key-Listval trigger
Answer: D
Explanation:
Key-Listval trigger can be used to display the calendar but it has to be programmed manually not automatically.
Question 6.
Which of the following built-ins cannot be used to navigate between forms invoked with the OPEN_FORM built-in?
A. CLOSE_FORM
B. NEXT_FORM
C. GO_FORM
D. PREVIOUS_FORM
Answer: A
Explanation:
OPEN_FORM opens the form in modeless mode so that users can switch between calling form and called form. To navigate to the form NEXT_FORM, GO_FORM and PREVIOUS_FORM can be used. CLOSE_FORM will close the indicated form.
|
Question 1. Which service component in the wireless operate phase helps isolate and resolve an incident? A. Change Management B. Configuration Management C. Incident Management D. Acceptance Test Plan Answer: C Question 2. On a Cisco Aironet 1240AG Series standalone access point, the radio LED is dark blue and blinking, but the status LED and Ethernet LED are both off. What does this indicate? A. A firmware upgrade is in progress. B. An access point buffer overflow is occurring. C. The access point is booting. D. The internal radio has failed. Answer: A Question 3. You want to dynamically assign users to an 802.1Q VLAN as a result of their authentication. In order to accomplish this, which two IETF RADIUS attributes should you configure on the Cisco Secure ACS? (Choose two.) A. 083 Tunnel-Preference B. 066 Tunnel-Client-Endpoint C. 064 Tunnel-Type D. 082 Tunnel-Assignment-ID E. 081 Tunnel-Private-Group-ID F. 067 Tunnel-Server-Endpoint Answer: C, E Question 4. You are charged with implementing a secure wireless installation which will provide Internet access to client devices but will not allow communications between wireless clients. In addition to implementing PSPF or peer-to-peer blocking on the wireless side, which of the following actions should you perform on the wired infrastructure? A. Implement a Cisco Secure IPS sensor. B. Implement 802.1X on the switch ports. C. Take no action, you have achieved your goal. D. Implement a protected port on the access switches. Answer: D Question 5. A mobility group is created by a Cisco WLCM and 4402 Series Wireless LAN Controller. A client that is anchored on the Cisco WLCM roams to an access point on the 4402 controller. You then run a debug command on the 4402 controller. Which message would best describe the establishment of the tunnel from the foreign controller's perspective? A. Received Mobile Anchor Export message B. Transmit Plumbing duplex mobility tunnel message C. Received Plumbing duplex mobility tunnel message D. Transmit Mobile Anchor Export message Answer: D Question 6. In order for a controller-based access point to be allowed to participate in aggressive load balancing, it must have heard the client within how many seconds? A. 15 B. 10 C. 1 D. 5 Answer: D Question 7. Which command will enable DHCP debugging on a WLAN controller? A. debugdhcp enable B. debugdhcp packet enable C. enabledebugdhcp packet D. debugdhcp status enable Answer: B Question 8. Choose the service component in the optimize phase which assesses the WLAN system and drives continuous improvements by recommending remediation measures including device configuration optimization, capacity planning, traffic analysis, security assessment, and quality issue resolution. A. Technology Assessment B. Operations Assessment C. Security Assessment D. Security Administration E. Change Management F. Operations Readiness Assessment Answer: A Question 9. In the operate phase, providing and maintaining reliable, current information about the WLAN system hardware, software, and applications pertinent to the system's individual components and attributes is part of which service component? A. Problem Management B. Configuration Management C. Incident Management D. Change Management Answer: B Question 10. The IOS of a North American Cisco Aironet 1130AG Series standalone access point has become corrupt. You must therefore reload the TFTP firmware. Before you press and hold the MODE button, you should verify that the file name is which of the following? A. c1130-k9w7-tar.boot B. c1130-k9w7-tar.123-7.JA1.tar C. c1130-k9w7-tar.default D. c1130-k9w7-tar.recover Answer: C
|
Question 1. Question 2. Refer to the exhibit. Given the partial output of the debug command, what can be determined? A. There is no ID payload in the packet, as indicated by the message ID = 0. B. The peer has not matched any offered profiles. C. This is an IKE quick mode negotiation. D. This is normal output of a successful Phase 1 IKE exchange. Answer: B Question 3. DRAG DROP Answer: Explanation: Existing lists of LAN switches Existing user credentials Existing addressing scheme Existing transport protocols used in the environment. Question 4. Refer to the exhibit. Which two Cisco IOS WebVPN features are enabled with the partial configuration shown? (Choose two.) A. The end-user CiscoAnyConnect VPN software will remain installed on the end system. B. If the CiscoAnyConnect VPN software fails to install on the end-user PC, the end user cannot use other modes. C. Client based full tunnel access has been enabled. D. Traffic destined to the 10.0.0.0/8 network will not be tunneled and will be allowed access via a split tunnel. E. Clients will be assigned IP addresses in the 10.10.0.0/16 range. Answer: A, C Question 5. Which two of these are benefits of implementing a zone-based policy firewall in transparent mode? (Choose two.) A. Less firewall management is needed. B. It can be easily introduced into an existing network. C. IP readdressing is unnecessary. D. It adds the ability tostatefully inspect non-IP traffic. E. It has less impact on data flows. Answer: B, C Question 6. When configuring a zone-based policy firewall, what will be the resulting action if you do not specify any zone pairs for a possible pair of zones? A. All sessions will pass through the zone without being inspected. B. All sessions will be denied between these two zones by default. C. All sessions will have to pass through the router "self zone" for inspection before being allowed to pass to the destination zone. D. This configurationstatelessly allows packets to be delivered to the destination zone. Answer: B Question 7. Refer to the exhibit. What can be determined from the output of this show command? A. The IPsec connection is in an idle state. B. The IKE association is in the process of being set up. C. The IKE status is authenticated. D. The ISAKMP state is waiting for quick mode status to authenticate before IPsec parameters Are passed between peers E. IKE Quick Mode is in the idle state, indicating a problem with IKE phase 1. Answer: C Question 8. DRAG DROP Answer: Explanation: Delete IPsec security association -> clear crypto sa Verify cryptographic configurations and show SA lifetimes -> show crypto map Verify the IPsec protection policy settings -> show crypto ipsec transform-set Verify current IPsec settings in use by the SAs - show cyrpto ipsec sa Clear active IKE connections - clear crypto isakmp Question 9. You are running Cisco lOS IPS software on your edge router. A new threat has become an issue. The Cisco lOS IPS software has a signature that can address the new threat, but you previously retired the signature. You decide to unretire that signature to regain the desired protection level. How should you act on your decision? A. Retired signatures are not present in the routers memory. You will need to download a new signature package to regain the retired signature. B. You should re-enable the signature and start inspecting traffic for signs of the new threat. C. Unretiring a signature will cause the router to recompile the signature database, which can temporarily affect performance. D. You cannotunretire a signature. To avoid a disruption in traffic flow, it's best to create a custom signature until you can download a new signature package and reload the router. Answer: C Question 10. Which statement best describes inside policy based NAT? A. Policy NAT rules are those that determine which addresses need to be translated per the enterprise security policy B. Policy NAT consists of policy rules based on outside sources attempting to communicate with inside endpoints. C. These rules use source addresses as the decision for translation policies. D. These rules are sensitive to all communicating endpoints. Answer: A Question 11. Refer to the exhibit. What can be determined about the IPS category configuration shown? A. All categories are disabled. B. All categories are retired. C. After all other categories weredisabled, a custom category named "os ios" was created D. Only attacks on the Cisco IOS system result in preventative actions. Answer: D
|
Question 1. DRAG DROP Drop Answer: Question 2. Which of the following configurations requires the use of hierarchical policy maps? A. the use of nested class-maps with class-based marking B. the use of a strict priority-class queue within CBWFQ C. the use of class-based WRED within a CBWFQ class queue D. the use of CBWFQ inside class-based shaping E. the use of both the bandwidth and shape statements within a CBWFQ class queue Answer: D Explanation: Class-based weighted fair queuing (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. By using CBWFQ, network managers can define traffic classes based on several match criteria, including protocols, access control lists (ACLs), and input interfaces. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class. More than one IP flow, or "conversation", can belong to a class. Once a class has been defined according to its match criteria, the characteristics can be assigned to the class. To characterize a class, assign the bandwidth and maximum packet limit. The bandwidth assigned to a class is the guaranteed bandwidth given to the class during congestion. CBWFQ assigns a weight to each configured class instead of each flow. This weight is proportional to the bandwidth configured for each class. Weight is equal to the interface bandwidth divided by the class bandwidth. Therefore, a class with a higher bandwidth value will have a lower weight. By default, the total amount of bandwidth allocated for all classes must not exceed 75 percent of the available bandwidth on the interface. The other 25 percent is used for control and routing traffic. The queue limit must also be specified for the class. The specification is the maximum number of packets allowed to accumulate in the queue for the class. Packets belonging to a class are subject to the bandwidth and queue limits that are configured for the class. Question 3. In a managed CE scenario, the customer's network is supporting VoIP and bulk file transfers. According to the best practices, which QoS mechanisms should be applied on the WAN edge CEPE 56-kbps Frame Relay link on the CE outbound direction? A. LLQ, CB-WRED, CB-Marking, FRTS, FRF.12, and CB-RTP header compression B. CBWFQ, FRTS, FRF.12, and CB-RTP header compression C. WRR, CB-WRED, CB-Marking, FRF.12, and CB-RTP header compression D. WRR, FRTS, FRF.12, and CB-RTP header compression E. LLQ, CB-WRED, CB-Policing, and CB-TCP and CB-RTP header compressions F. CBWFQ, CB-WRED, CB-Marking, CB-Policing, and FRTS Answer: A Explanation: 1. WRED can be combined with CBWFQ. In this combination CBWFQ provides a guaranteed percentage of the output bandwidth, WRED ensures that TCP traffic is not sent faster than CBWFQ can forward it. The abbreviated configuration below shows how WRED can be added to a policy-map specifying CBWFQ: Router(config)# policy-map prioritybw Router(config-pmap)# class class-default fair-queue Router(config-pmap-c)# class prioritytraffic bandwidth percent 40 random-detect The random-detect parameter specifies that WRED will be used rather than the default tail-drop action. 2. The LLQ feature brings strict Priority Queuing (PQ) to CBWFQ. Strict PQ allows delay. Sensitive data such as voice to be sent before packets in other queues are sent. Without LLQ, CBWFQ provides WFQ based on defined classes with no strict priority queue available for real-time traffic. For CBWFQ, the weight for a packet belonging to a specific class is derived from the bandwidth assigned to the class. Therefore, the bandwidth assigned to the packets of a class determines the order in which packets are sent. All packets are serviced fairly based on weight and no class of packets may be granted strict priority. This scheme poses problems for voice traffic that is largely intolerant of delay, especially variation in delay. For voice traffic, variations in delay introduce irregularities of transmission manifesting as jitter in the heard conversation. LLQ provides strict priority queuing for CBWFQ, reducing jitter in voice conversations. LLQ enables the use of a single, strict priority queue within CBWFQ at the class level. Any class can be made a priority queue by adding the priority keyword. Within a policy map, one or more classes can be given priority status. When multiple classes within a single policy map are configured as priority classes, all traffic from these classes is sent to the same, single, strict priority queue. Although it is possible to queue various types of real-time traffic to the strict priority queue, it is strongly recommend that only voice traffic be sent to it because voice traffic is well-behaved, whereas other types of real-time traffic are not. Moreover, voice traffic requires that delay be no variable in order to avoid jitter. Real-time traffic such as video could introduce variation in delay, thereby thwarting the steadiness of delay required for successful voice traffic transmission. When the priority command is specified for a class, it takes a bandwidth argument that gives maximum bandwidth in kbps. This parameter specifies the maximum amount of bandwidth allocated for packets belonging to the class configured. The bandwidth parameter both guarantees bandwidth to the priority class and restrains the flow of packets from the priority class. In the event of congestion, policing is used to drop packets when the bandwidth is exceeded. Voice traffic queued to the priority queue is UDP-based and therefore not adaptive to the early packet drop characteristic of WRED. Because WRED is ineffective, the WRED random-detect command cannot be used with the priority command. In addition, because policing is used to drop packets and a queue limit is not imposed, the queue-limit command cannot be used with the priority command. Question 4. Refer to the partial router configuration. Which two of the following statements are true? (Choose two.) A. Regardless of destination IP address, all traffic sent to Mac address 1.2.3 will be subject to policing B. All traffic from a server with the IP address of 147.23.54.21 will be subject to policing. C. Any IP packet will be subject to policing. D. The class-map class1 command will set the qos-group value to 4 for all IP packets. E. Only those packets which satisfy all of the matches in class1 and class2 will be subject to policing. F. The configuration is invalid since it refers to a class map within a different class. Answer: A, B Explanation: The class-map command is used to define a traffic class. The purpose of a traffic class is to classify traffic that should be given a particular QoS. A traffic class contains three major elements, a name, a series of match commands, and if more than one match command exists in the traffic class, an instruction on how to evaluate these match commands. The traffic class is named in the class-map command line. For example, if the class-map cisco command is entered while configuring the traffic class in the CLI, the traffic class would be named cisco. Switch(config)# class-map cisco Switch(config-cmap)# match commands are used to specify various criteria for classifying packets. Packets are checked to determine whether they match the criteria specified in the match commands. If a packet matches the specified criteria, that packet is considered a member of the class and is forwarded according to the QoS specifications set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the default traffic class and will be subject to a separate traffic policy The policy-map command is used to create a traffic policy. The purpose of a traffic policy is to configure the QoS features that should be associated with the traffic that has been classified in a user-specified traffic class. A traffic policy contains three elements: Policy Name Traffic class specified with the class command QoS policies to be applied to each class The policy-map shown below creates a traffic policy named policy1. The policy applies to all traffic classified by the previously defined traffic-class "cisco" and specifies that traffic in this example should be allocated bandwidth of 3000 kbps. Any traffic which does not belong to the class "cisco" forms part of the catch-all class-default class and will be given a default bandwidth of 2000 kbps. Switch(config)# policy-map policy1 Switch(config-pmap)# class cisco Switch(config-pmap-c)# bandwidth 3000 Switch(config-pmap-c)# exit Switch(config-pmap)# class class-default Switch(config-pmap-c)# bandwidth 2000 Switch(config-pmap)# exit Question 5. In an unmanaged CE router implementation, how does the service provider enforce the SLA? A. by marking on the CE to PE link and using CBWFQ and CB-WRED on the PE to P link B. by marking on the CE to PE link and using class-based policing on the PE to P link C. by using class-based policing on the CE to PE link to limit the customer's input rate D. by using class-based random discard on the CE to PE link to limit the customer's input rate Answer: C Explanation: In an unmanaged Router Implementation, Service provider can enforce SLA By using class based policy on the CE to PE link to limit the customer's input rate. Question 6. When configuring a Cisco Catalyst switch to accommodate an IP phone with an attached PC, it is desired that the trust boundary be set between the IP phone and the switch. Which two commands on the switch are recommended to set the trust boundary as described? (Choose two.) A. mls qos trust device cisco-phone B. switchport priority extend trust C. mls qos trust cos D. no mls qos trust dscp E. mls qos trust extend [cos value] F. mls qos cos 5 Answer: A, C Explanation: mls qos trust [ cos ] : B y default, the port is not trusted. All traffic is sent through one egress queue. Use the cos keyword to classify ingress packets with the packet CoS values. The egress queue assigned to the packet is based on the packet CoS value. When this keyword is entered, the traffic is sent through the four QoS queues. Normally, the QoS information from a PC connected to an IP Phone should not be trusted. This is because the PC's applications might try to spoof CoS or Differentiated Services Code Point (DSCP) settings to gain premium network service. In this case, use the cos keyword so that the CoS bits are overwritten to value by the IP Phone as packets are forwarded to the switch. If CoS values from the PC cannot be trusted, they should be overwritten to a value of 0. Question 7. According to the best practices, in a service provider network, which statement is true as related to the QoS policy that should be implemented on the inbound provider (P) to provider (P) router link? A. In the DiffServ model, all ingress and egress QoS processing are done at the network edge (for example, PE router), so no input or output QoS policy will be needed on the P to P link. B. Class-based marking should be implemented because it will be needed for the class-based queuing that will be used on the P router output. C. Traffic policing should be implemented to rate-limit the ingress traffic into the P router. D. Because traffic should have already been policed and marked on the upstream ingress PE router, no input QoS policy is needed on the P to P link. Answer: D Question 8. DRAG DROP Drop Answer: Question 9. HOTSPOT HOTSPOT Answer: Explanation: Question 10. A Frame Relay interface has been configured for adaptive shaping with a minimum rate of 15 kbps. The current maximum transmit rate is 56 kbps. If three FECNs are received over the next 4 seconds, what will be the maximum transmit rate after the last FECN has been received? A. 10 kbps B. 37 kbps C. 7 kbps D. 15 kbps E. 28 kbps F. 56 kbps Answer: F Explanation: User specified traffic shaping can be performed on a Frame Relay interface or sub-interface with the traffic-shape rate command. The traffic-shape adaptive command can be specified to allow the shape of the traffic to dynamically adjust to congestion experienced by the Frame-Relay provider. This is achieved through the reception of Backward Explicit Congestion Notifications (BECN) from the Frame Relay switch. When a Frame Relay switch becomes congested it sends BECNs in the direction the traffic is coming from and it generates Forward Explicit Congestion Notifications (FECN) in the direction the traffic is flowing to. If the traffic-shape fecn-adapt command is configured at both ends of the link, the far end will reflect FECNs as BECNs. BECNs notify the sender to decrease the transmission rate. If the traffic is one-way only, such as multicast traffic, there is no reverse traffic with BECNs to notify the sender to slow down. Therefore, when a DTE device receives a FECN, it first determines if it is sending any data in return. If it is sending return data, this data will get marked with a BECN on its way to the other DTE device. However, if the DTE device is not sending any data, the DTE device can send a Q.922 TEST RESPONSE message with the BECN bit set. Question 11. Based on the following show output, which statement is true? WG1S1#sh mls qos interface fa0/1 FastEthernet0/1 trust state: not trusted trust mode: trust cos COS override: dis default COS: 0 pass-through: none trust device: cisco-phone A. A Cisco IP Phone is not connected to the fa0/1 switch port. B. All incoming DSCP markings are trusted. C. All incoming CoS markings are trusted. D. DSCP markings from the Cisco IP Phone are trusted. Answer: A Explanation: mls qos trust [ cos ] : B y default, the port is not trusted. All traffic is sent through one egress queue. Use the cos keyword to classify ingress packets with the packet CoS values. The egress queue assigned to the packet is based on the packet CoS value. When this keyword is entered, the traffic is sent through the four QoS queues. The Output shown that Phone is not connected with Switch Port.
|
Question 1. Question 2. An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer connected to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what can you suggest? A. Change the MTU size on theIPsec client to account for the change from DSL to cable transmission. B. Enable the local LAN access option on theIPsec client. C. Enable theIPsec over TCP option on the IPsec client. D. Enable the clientless SSL VPN option on the PC Answer: A Question 3. Refer to the exhibit. For the ABC Corporation, members of the NOC need the ability to select tunnel groups from a drop-down menu on the Cisco IOS WebVPN login page. As the Cisco ASA administrator, how would you accomplish this task? A. Define a special identity certificate with multiple groups that are defined in the certificate OU field that will grant the certificate holder access to the named groups on the login page. B. Under Group Policies, define a default group that encompasses the required individual groups that would appear on the login page. C. Under Connection Profiles, define a NOC profile that encompasses the required individual profiles that would appear on the login page. D. Under Connection Profiles, enable group selection from the login page. Answer: D Question 4. Which four parameters must be defined in an ISAKMP policy when creating an IPsec site-to-site VPN using the Cisco ASDM? (Choose four.) A. encryption algorithm B. hash algorithm C. authentication method D. IP address of remoteIPsec peer E. D-H group F. perfect forward secrecy Answer: A, B, C, E Question 5. An administrator has preconfigured the Cisco ASA 5505 user settings with a username and a password. When the telecommuter first turns on the Cisco ASA 5505 and attempts to establish a VPN tunnel, the user is prompted for a username and password. Which two Cisco ASA 5505 Group Policy features require this extra level of authentication? (Choose two.) A. New Unit Authentication B. Extended Group Authentication C. Secure Unit Authentication D. Role-Based Access Control Authentication E. Compartmented Mode Authentication F. Individual User Authentication Answer: C, F Question 6. Refer to the exhibit. Which two statements are correct regarding these two Cisco ASA clientless SSL VPN bookmarks? (Choose two.) A. CSCO_WEBVPN_USERNAME is a user attribute. B. CSCO_WEBVPN_USERNAME is a Cisco predefined variable that is used for macro substitution. C. The CSCO_WEBVPN_USERNAME variable is enabled by using the Post SSO plug-in. D. CSCO_SSO is a Cisco predefined variable that is used for macro substitution. E. The CSCO_SSO=1 parameter enables SSO for the SSH plug-in. F. The CSCO_SSO variable is enabled by using the Post SSO plug-in. Answer: B, E Question 7. Which Cisco ASA SSL VPN feature provides support for PCI compliance by allowing for the validation of two sets of username and password credentials on the SSL VPN login page? A. Single Sign-On B. Certificate to Profile Mapping C. Double Authentication D. RSA OTP Answer: D Question 8. Which two types of digital certificate enrollment processes are available for the Cisco ASA security appliance? (Choose two.) A. LDAP B. FTP C. TFTP D. HTTP E. SCEP F. Manual Answer: E, F Question 9. Your corporate finance department purchased a new non-web-based TCP application tool to run on one of its servers. The finance employees need remote access to the software during nonbusiness hours. The employees do not have "admin" privileges to their PCs. How would you configure the SSL VPN tunnel to allow this application to run? A. Configure a smart tunnel for the application. B. Configure a "finance tool" VNC bookmark on the employee clientless SSL VPN portal. C. Configure the plug-in that best fits the application. D. Configure the Cisco ASA appliance to download the CiscoAnyConnect SSL VPN client to the finance employee each time an SSL VPN tunnel is established. Answer: A Question 10. Refer to the exhibit. A new network engineer configured the ABC adaptive security appliance with two bookmarks for a new temporary employee. The temporary worker can connect to the administrator server via the temp_worker_admin bookmark but cannot connect to the project server via the temp_worker_projects (greyed-out) bookmark. It was determined that the URL and IP addressing information in the GUI screens is correct. What is wrong with the configuration? A. URL Entry should be enabled. B. The File Server Entry Inherit parameter should be overwritten and set for enabled. C. The DNS server information is incorrect. D. File Server Browsing should be enabled Answer: C Question 11. Refer to the exhibit. When an SSL VPN user, contractor1, enters https://192.168.4.2 (the outside address of the Cisco ASA appliance) into the browser, an SSL VPN Login screen appears. Along with the information that is contained in the Cisco ASDM configuration screens, what can an administrator determine about the state of the connection after the user clicks the Login button? A. The user login will succeed and an IP address of 10.0.4.120 will be assigned. B. The user will be presented with a clientless VPN portal page. C. The user login will succeed but the user will be connected to the "contractor" tunnel group. D. The login will fail. Answer: D
|
Question 1. With Cisco WAAS advanced compression DRE, which three functions are performed during the DRE process? (Choose three.) A. Pattern matching B. Synchronization C. LZ compression D. Fingerprint and chunk identification Answer: A, B, D Question 2. Do you know how often the Cisco WAAS automatic discovery takes place? A. Once per user B. Every hour C. On a Connection-by-Connection basis D. Once per office Answer: C Question 3. What is the status of Cisco WAAS optimization after completing the quick start process on all devices and installing the enterprise license? (Choose two.) A. Cisco WAAS is ready for the Central Manager to be configured to optimized traffic B. Cisco WAAS is ready for bandwidth settings to be defined for communication C. Cisco WAAS application optimizers are enabled D. Default optimizations are applied traffic passing through the Cisco WAE devices Answer: C, D Question 4. Which two statements describe what is required for read-only disconnected mode to be automatically activated during a prolonged WAAS disconnect? (Choose two.) A. The WAE must be configured for Windows Authentication B. The Windows server must be configured for operating in disconnected mode C. The WAE must be able to access a Window Domain Controller D. The WAE must be joined to the same workgroup as the Windows Server Answer: A, C Question 5. Which three are high-availability Cisco WAE solutions for a branch office? (Choose three.) A. PBR B. WCCP C. Multiple Cisco WAE devices with inline cards D. Firewall load-balancing Cisco WAE devices Answer: A, B, C Question 6. The Cisco WAAS design of your customer calls for the Central Manager to be deployed on the Core WAE, which is a WAE-612 with 2 GB of RAM. The customer initially configured the WAE as an application accelerator and then issued the device mode central-manager command to enable Central Manager Service. Now the customer complains that the WAE is no longer accelerating traffic why? A. The Central Manager and application accelerator cannot be deployed on the same WAE B. The device mode central-manager command must be issued before the device mode application-accelerator command C. At least 4 GB of RAM must be installed for the WAE to serve as both Central Manager and application accelerator D. Central Manager is consuming too much CPU time on the WAE. The Central Manager service should be implemented on a less-utilized edge WAE Answer: A Question 7. Which two benefits can we get by using Cisco WAAS with Cisco security devices such as Cisco PIX, Cisco ASA and Cisco IOS Firewalls? (Choose two.) A. The security devices will speed Cisco WAAS transport B. The security devices support the TCP sequence number jump that Cisco WAAS uses C. Cisco WASS requires Cisco Security devices to be installed D. The security devices can be configured to support Cisco WAAS automatic discovery Answer: B, D Question 8. In Order to ensure Cisco WAAS Mobile transport and management, which three protocols and ports need to be allowed through corporate firewalls? (Choose three.) A. TCP 80 B. TCP 8080 C. UDP 8080 D. UDP 1182 Answer: A, B, D Question 9. SACK improves performance for which type of traffic? A. Short-lived TCP connections B. Traffic on high-BDP networks C. Traffic on lossy networks D. Traffic on low-BDP networks Answer: C Question 10. Which parameter should be taken into consideration while selecting a Cisco WAE model for a Cisco WAAS deployment? A. Bandwidth of the largest WAN Link B. Total WAN throughput C. Concurrent TCP sessions to be optimized D. Bandwidth of the smallest WAN link Answer: C
|
Question 1. Why can using the ip tcp path-mtu-discovery command improve BGP convergence? A. Smaller MSS sizes may reduce BGP convergence times. B. BGP is enabled to fragment its large update packets. C. The BGP memory requirements on routers are reduced. D. Single packet sizes in TCP sessions are limited. E. BGP is allowed to use a larger TCP window size. Answer: A Question 2. Refer to the outputs shown in the exhibit. What could be preventing the R1 router from receiving any prefixes from the R2 BGP neighbor? A. R2 is using the wrong AS number in its neighbor 192.168.31.2 remote-as statement. B. The no sync command is missing on R2. C. R1 is using the wrong AS number in its neighbor 192.168.31.1 remote-as statement. D. The no sync command is missing on R1. E. Both R1 and R2 are not using a loopback address to source their BGP packets. F. There is a TCP session establishment problem between R1 and R2. Answer: C Question 3. Which configuration will enable the R1 router in the AS51003 sub-AS (member-AS) as a route reflector with neighbors 10.1.1.1 and 10.2.2.2 as its route-reflector clients? A. ! R1 router bgp 51003 bgp confederation identifier 55111 bgp confederation peers 51001 51002 neighbor 10.1.1.1 remote-as 51001 neighbor 10.2.2.2 remote-as 51002 neighbor 10.1.1.1 routereflector- client neighbor 10.2.2.2 route-reflector-client B. ! R1 router bgp 55111 bgp confederation identifier 51003 neighbor 10.1.1.1 remote-as 51003 neighbor 10.2.2.2 remote-as 51003 neighbor 10.1.1.1 route-reflector-client neighbor 10.2.2.2 route-reflector-client C. ! R1 router bgp 55111 bgp confederation identifier 51003 neighbor 10.1.1.1 remote-as 55111 neighbor 10.2.2.2 remote-as 55111 neighbor 10.1.1.1 route-reflector-client neighbor 10.2.2.2 route-reflector-client D. ! R1 router bgp 51003 bgp confederation identifier 55111 bgp confederation peers 51001 51002 neighbor 10.1.1.1 remote-as 51003 neighbor 10.2.2.2 remote-as 51003 neighbor 10.1.1.1 routereflector- client neighbor 10.2.2.2 route-reflector-client Answer: D Question 4. How does the extended community cost feature influence the BGP best path selection? A. inserts the cost attribute after the MED attribute comparison, forcing best path route selection if all other preferred route selection criteria are equal B. selects the BGP route with the highest attached extended community cost value C. alters the BGP AS exit path selection by adding the link cost to the local preference D. acts as a best path "tie breaker" when multiple IGP equal cost paths occur E. reflects the bandwidth of links entering the local AS fromeBGP neighbors (in the MED attribute) Answer: D Question 5. Lab Explanation: P1R3> enable P1R3# config terminal P1R3( config )# router bgp 65001 P1R3( config -router)# no synchronization P1R3( config -router)# neightbor 10.200.200.12 weight 100 P1R3( config -router)# end P1R3# clear ip bgp * soft in P1R3# show ip bgp P1R3# copy run start Question 6. Refer to the partial topology diagram shown.Service Provider 1 (SP1) assigned the customer an AS number of 65275. Service Provider 2 (SP2) assigned an AS number of 65745 to the customer. The customer decides to use AS 65275 internally.Which of the following is the correct partial router configuration to cause updates from CR1 to SP1 to report a source AS of 65275, while updates from CR2 to SP2 report the source AS of 65745 in addition to AS 65275? A. !CR1router bgp 65275neighbor 1.1.1.1 remote-as 65274neighbor 10.1.1.2 remote-as 65275!CR2router bgp 65745neighbor 2.2.2.2 remote-as 65732neighbor 2.2.2.2 local-as 65275neighbor 10.1.1.1 remote-as 65275 B. !CR1router bgp 65275neighbor 1.1.1.1 remote-as 65274neighbor 10.1.1.2 remote-as 65275!CR2router bgp 65275neighbor 2.2.2.2 remote-as 65732neighbor 2.2.2.2 local-as 65745neighbor 10.1.1.1 remote-as 65275 C. !CR1router bgp 65275neighbor 1.1.1.1 remote-as 65274neighbor 1.1.1.1 local-as 65745neighbor 10.1.1.2 remote-as 65275!CR2router bgp 65275neighbor 2.2.2.2 remote-as 65732neighbor 2.2.2.2 local-as 65745neighbor 10.1.1.1 remote-as 65275 D. !CR1router bgp 65275neighbor 1.1.1.1 remote-as 65274neighbor 10.1.1.2 remote-as 65275!CR2router bgp 65745neighbor 2.2.2.2 remote-as 65732neighbor 2.2.2.2 local-as 65745neighbor 10.1.1.1 remote-as 65275 Answer: B Question 7. Which two statements about a transit AS are correct? (Choose two.) A. A transit AS uses an IGP like OSPF or ISIS to propagate the external networks within the Transit AS. B. Routes betweenASs are always exchanged via eBGP. C. iBGP sessions can be established between non directly connected routers. D. A transit AS haseBGP connection(s) to only one external AS. E. Core routers within a transit AS normally use default routing to reach the external networks. Answer: B, C Question 8. Which one of these statements regarding intraconfederation EBGP sessions is correct? A. Member-AS numbers are removed when a router sends a BGP update over anintraconfederation EBGP session. B. Anintraconfederation EBGP session behaves like an IBGP session when propagating routing updates. C. Updates from anintraconfederation EBGP neighbor are subject to the BGP split horizon rule. D. Intraconfederation EBGP sessions must be established over loopback interfaces. E. Intraconfederation EBGP neighbors must be directly connected. Answer: B Question 9. When verifying the BGP neighbor relationships on your router, you issue the show ip bgp summary command and there were no results. Which of the following could be the problem? A. The neighbor link is down. B. All BGP updates from the BGP neighbor were filtered out. C. The TCP session to the BGP neighbor can't be established. D. There are no BGP neighbors configured. Answer: D Question 10. Refer to the diagram. What should be changed within AS 50001 to improve the route reflector design? A. Remove the IBGP session between the two redundant RRs (R1 and R2). B. Add an IBGP session between each pair of clients (between R3 and R4, R4 and R5). C. Make R4 the RR and R1 and R2 its clients. R3 and R5 should be a non-RR/non-client. D. Add a physical link between R1 and R2. E. Add a physical link between the clients (R3 and R4, and between R4 and R5). Answer: D
|
Question 1. Select two activities that form part of the wireless migration plan development service component in the wireless design phase. (Choose two.) A. Gather and Verify Migration Requirements B. Confirm Project and Milestone Dates C. Define Migration Team Roles and Responsibilities D. Verify Migration Address and Available Stops E. Create Detailed Staff Training Matrix F. Collect and Verify Site Specific Implementation Requirements Answer: A, C Question 2. When a wireless controller loses connectivity to a remote Cisco Aironet 1030 Lightweight Access Point in REAP mode, what will be the next step for that remote access point? A. provide local WLAN1 connectivity using local-site AAA authentication server B. disconnect all associated clients C. lose its configuration D. continue to provide local WLAN1 connectivity for shared key authentication only E. support no more than 10 wireless clients Answer: D Question 3. Controller-based products use X.509 certificates for which of the following? A. AES user data frame encryption B. IPsec tunneling C. 3DES user data frame encryption D. LWAPP tunneling Answer: D Question 4. The recommended channel utilization QoS Basic Service Set load for a VoIP network should be less than which value? A. 50 B. 40 C. 35 D. 45 Answer: D Question 5. What is the Cisco-recommended limit of standalone access points to be managed by a CiscoWorks WLSE 1130-19 with RF management enabled? A. 1800 B. 1000 C. 1500 D. 2500 Answer: A Question 6. Which DSCP value is mapped to the IEEE 802.11e user priority for voice in a Cisco WLAN? A. 48 B. 46 C. 34 D. 56 Answer: B Question 7. The local authentication service on a standalone access point supports which two authentication types? (Choose two.) A. EAP-FAST B. EAP-Cisco Wireless (Cisco LEAP) C. PEAP-MSCHAP D. EAP-TLS E. PEAP-GTC Answer: A, B Question 8. Analyzing the customer's WLAN design including interference and signal strength, and recommending design changes to accommodate a voice over WLAN system, are activities associated with which service component in the plan phase? A. Service Assurance B. Security Architecture Assessment C. VoiceOver WLAN Assessment D. Operations Readiness Assessment E. WLAN Wired Network Integration Assessment Answer: C Question 9. Assessing current network infrastructure to support the proposed WLAN system is an activity of which service component in the wireless plan phase? A. WLAN Wired Network Integration Assessment B. Operations Readiness Assessment C. Service Assurance D. VoiceOver WLAN Assessment E. Security Architecture Assessment Answer: A Question 10. A wireless security assessment has been performed for a network that is composed of Windows 2000 and Windows XP wireless clients. The customer wishes to use IEEE 802.1X authentication using certificate services. Which EAP-type combinations are appropriate? A. PEAP-MSCHAP and EAP-TLS B. PEAP-MSCHAP and EAP-SIM C. PEAP-GTC and EAP-MD5 D. EAP-Cisco Wireless (Cisco LEAP) and PEAP-GTC Answer: A
|
Question 1. How many access points will a Cisco 7600 Series Router with six installed Cisco Catalyst 6500 Series Wireless Services Modules support? A. 300 B. 448 C. 664 D. 1800 E. 2400 Answer: D Question 2. Which value is NOT supported by Cisco Spectrum Expert, when checking for RF coverage? A. access point received-signal strength level B. spectrum utilization C. client data rate D. in-band radio frequency interference Answer: C Question 3. Which is NOT part of a typical wireless site survey? A. implementation suggestions B. access point locations C. security requirements D. access point mounting methods Answer: C Question 4. What are two objectives of a pre-site survey walkthrough? (Choose two.) A. identify potential problem areas B. define intended coverage areas C. assess compliance with local building codes D. determine the final location of APs and antennas E. identify sources of RF signal attenuation and RF interference Answer: A, B Question 5. If there is an existing 802.11g WLAN at a site, which service can be provided without conducting a new site survey? A. add a new 802.11a WLAN B. increase the Layer 2 and Layer 3 security of the WLAN C. increase the throughput for the wireless clients D. add new services (such as voice) over the WLAN Answer: B Question 6. Construction of a new automobile parts manufacturing facility has recently been completed. The facility IT manager wants to deploy voice over WLAN. During your initial walkthrough, you observe numerous highly reflective surfaces on the manufacturing equipment and in the building construction itself. What potential problem exists that should be accounted for during your site survey? A. LOS modulation B. multipath distortion C. RF signal absorption D. RF signal attenuation E. Fresnel zone impedance Answer: B Question 7. To which parameter should the access point be set during a site survey? A. transmit only B. diversity C. receive only D. single isolated antenna Answer: B Question 8. Which statement is true when using a Cisco Wireless Mesh Networking Solution? A. The backhaul link isdynamic 1 to 54 Mb/s. B. The backhaul link is typically a fixed value. C. The backhaul link uses DAS antennas. D. The backhaul link uses antenna multiplexing. E. The backhaul link does not rely on fade margin. Answer: B Question 9. What approximates the signal attenuation of a plasterboard wall? A. crowd of people B. office window C. metal door D. brick wall Answer: B Question 10. The AirMagnet passive site survey tool can provide RF coverage data, except for which parameter? A. Signal Strength (4th access point) B. Signal Strength (3rd access point) C. Channel Interference D. Predictive Physical Data Rate Downlink (2nd access point) Answer: A
|
Question 1. What is the purpose of looking for anomalous behavior on a WLAN infrastructure? A. Identifying new attack tools B. Auditing employee's bandwidth usage C. Identifying attacks using signature matching D. Improving performance by load balancing Answer: A Question 2. As of controller release v5.2, which two statements about wired guest access support are true? (Choose two.) A. It is not supported on the Cisco 2100 Series Controllers. B. No more than three wired guest access LANs can be configured on a controller. C. Layer 3 web authentication and passthrough are not supported. D. Wired guest access cannot be configured in a dual-controller configuration that uses an anchor controller and a foreign controller. E. The wired guest access ports must be in the same Layer 2 network as the foreign controller. Answer: A, E Question 3. The wireless client can roam faster on the Cisco Unified Wireless Network infrastructure when which condition is met? A. EAP-FAST is used for client authentication on the wireless network. B. Cisco Centralized Key Management is used for Fast Secure Roaming. C. QoS is being used on the WLAN to control which client packets get through the network faster. D. RRM protocol is used between multiple APs that the client associates to while roaming. Answer: B Question 4. Which option best describes an evil twin attack? A. A rouge access point broadcasting a trusted SSID B. A rogue access point broadcasting any SSID C. A rouge ad-hoc with the SSID "Free WiFi" D. A rouge access point spreading malware upon client connection Answer: A Question 5. Which two configuration parameters does NAC OOB require on a SSID/WLAN? (Choose two.) A. WMM enabled on the WLAN B. Open authentication on the WLAN C. AAA override configuration on the WLAN D. 802.1x configuration on the WLAN Answer: B, D Question 6. Which two 802.11 frame types can be used in a virtual carrier (big NAV) attack? (Choose two.) A. Association B. ACK C. CTS D. Beacon E. De-authentication Answer: B, C Question 7. When adding the foreign controller as a mobility group member in the guest anchor controller, which statement is true? A. The mobility group name on the guest anchor controller must match the mobility group name On the foreign controller. B. The mobility group member IP address and MAC address belong to the management interface of the foreign controller. C. To successfully add the foreign controller as a mobility group member in the guest anchor controller, all the parameters defined in the WLAN Security, QoS, and Advanced tabs must be configured identically in both the anchor and foreign controller. D. In the guest anchor controller GUI, WLANs > Mobility Anchors page, use the Switch IP Address (Anchor) drop-down menu to select the IP address corresponding to the management interface of the anchor controller. Answer: B Question 8. DRAG DROP Drop Click and drag the WLAN Qos level on the left to its intended usage on the right. Answer: Explanation: Question 9. For wireless NAC out-of-band operations, which protocol is used between the Cisco NAC Appliance Manager and the wireless controller to switch the wireless client from the quarantine VLAN to the access VLAN after the client passed the NAC authentication/posture assessment process? A. RADIUS B. TACACS+ C. SNMP D. SSL E. EAP Answer: C Question 10. Which WLAN option, when enabled, allows different wireless clients to be connected to different VLANs based on the returned RADIUS attributes from the AAA server? A. H-REAP B. Override interface ACL C. NAC state D. Cisco CKM E. Auth-proxy F. Allow AAA override Answer: F
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.