|
1.You wish to make a particular web page available for viewing when you are not connected to the internet. How do you accomplish this in Internet Explorer? a . Add the site to your favorites b . Select File>Export and follow the instructions in the resulting wizard c . Select File>Send>Shortcut to desktop d . Add the site to your favorites and select the "Make available offline" checkbox Answer:Add the site to your favorites and select the "Make available offline" checkbox. 2.Which of the following is not an important useability consideration when developing a website? a . Make sure that the pages load quickly b . Provide menus that are easy to navigate c . Break up the monotony of the site by making each page different than the others d . Use fonts that are easy to read Answer: Break up the monotony of the site by making each page different than the others. 3.When you enter a URL into a web browser, which layer of the OSI model is being used? a . Application b . Presentation c . Transport d . Physical Answer(s): Application. 4.Sockets are associated with which layer of the OSI model? a . Application b . Presentation c . Session d . Transport Answer(s): Session. 5.You need to find out the IP address of the Windows 98 computer that you are using. Which command do you enter at a DOS prompt to obtain this information? a . ipcfg b . ip config c . ipconfig d . winipconfig Answer(s): ipconfig. 6.Which of the following is not true regarding MAC addresses? a . All MAC addresses are unique b . For computers on the same network, MAC addresses are used at the Data Link layer of the OSI model c . The first portion of the MAC address defines the manufacturer d . The MAC address is used with the PING command to test communications with other hosts. Answer(s): The MAC address is used with the PING command to test communications with other hosts. 7.Which of the following would be the default subnet mask for the IP address 64.72.48.185? a . 255.0.0.0 b . 255.240.0.0 c . 255.255.0.0 d . 255.255.255.0 Answer(s): 255.0.0.0. 8.Which of the following IP addresses is most likely a private IP address used on an intranet? a . 192.168.42.5 b . 145.145.62.62 c . 178.55.22.10 d . 12.2.5.1 Answer(s): 192.168.42.5. 9.By default, which port is used by FTP? a . 21 b . 23 c . 80 d . 110 Answer(s): 21 10.What is TCP port 80 used for? a . FTP b . Telnet c . DNS d . HTTP Answer(s): HTTP
|
I am scheduled for Feb 28. I am currently using itcertkeys study material. Please send me Latest dumps.
|
|
Scenario
ITCertKeys.com Environmental consulting (ITCertKeys.com), an environmental consulting company, based near Atlanta, Georgia, uses a PBX for its campus phone system. The PBX cannot support all of the new features that ITCertKeys.com requires, so the company has decided to change its system form traditional TDM to IP telephony. The campus currently has approximately 922 users in three four-story office buildings, a single story R&D facility, and a scale building. It will be your job to determine what information is needed for the proper design of the company’s converged network.
During preliminary investigation, here is what there is to be found:
• 922 employees, of which 868 have phones that are DID. The rest are lobby and break room phones, departmental phones, etc. for a total of 895 phones.
• Each employee with DID has a personal mailbox, as does every department with a group phone, for a total of 881 voice mail boxes.
• There are 12 people in marketing, each of whom uses the phone considerably more than the average user does. Most of these calls are external calls.
• There are 7 people in technical support, each of whom uses the phone considerably more than the average user does. Most of these calls are internal calls.
• The current dial plan uses four-digit dialing for extension-to-extension calls, and dialing 9 for outside calls (local and long distance).
• ITCertKeys.com doesn’t have a current traffic analysis of their network. They believe they have enough bandwidth for anything they might want to run, including IP telephony, but have no concrete documentation to back that up.
• Each of buildings A, B and C has a combination MDF/IDF on the ground floor, with an IDF on each upper floor. The IDFs are connected to the MDFs via multiple 25-pair cable bundles for phones and two pairs each multimode fiber optic cable for data.
• Each of the 895 phones is cables using Category 3 UTP cable out from the IDFs.
• Each station in the R&D building has two Category 5 UTP cable drops, plus phone.
• All buildings on the campus are data-connected via an FDDI ring with the exception of the scale building, which is connected to the R&D building via Category 5 UTP cable.
• The ITCertKeys.com facility spans two counties, so the R&D building and the scale building are services by a different PSAP than are buildings A through C.
• Building C houses the main computer room that contains all the company servers.
• The main computer room in Building C also contains the PBX with PSTN connectivity, and the Internet connection(s).
• There is a pair of Cisco 2514 routers providing connectivity to the Internet, they are set up with HSRP.
• The data network was built using token ring LANs connected via the FDDI ring.
ITCertKeys.com is interested in migrating its phone systems to IP telephony, vs. a massive weekend cutover.
ITCertKeys.com has been growing slowly over the last four years. During that time the company has become the leader in methane recover systems for dairy and hog operations.
ITCertKeys.com expect more growth from recent changes to federal air quality regulations. The company is planning to expand as follows:
• Marketing will double in size to 24 employees.
• The Southeast Region will grow from 90 to 150 employees.
• The Midwest region will grow from 95 to 130 employees.
• The Southwest region will grow from 85 to 95 employees.
• R&D will grow from 25 to 60 employees and will be split between the R&D building and the bottom floor in Building B.
• The Project Management group will grow from 30 to 90 employees. Of the 202 new users will have a dedicated phone.
ITCertKeys.com has 12 department, each of which has a music-on-hold message. All the departments would like to play their messages when they place a caller on hold. There is also a standard corporate message that is played when people outside of these 12 departments place a user on hold.
On the basis of information discovered during the investigation phase of the design, it has been decided that the single-site call processing model is the proper deployment model for ITCertKeys.com. The access layer devices will be placed in the IDFs, the distribution layer devices will be placed in the MDFs, and the core will be deployed in the compute room. Each IDF services approximately 70 to 75 users.
ITCertKeys.com is using Token Ring with an FDDI backbone. The network is to be migrated to an Ethernet network. ITCertKeys.com has had many network outages in their current network, and is concerned with network availability, especially as the phone system will now be residing on the same network.
Topology
Exhibit, Environmental Consultants Campus Map
Exhibit, Environmental Consultants Campus Map #2
Exhibit, Topology
Exhibit, Topology #2
Question 1.
From the following list of customer attributes, choose the correct IP telephony call processing model:
A large campus that spans multiple PSAP area.
A single group of buildings each with its own computer room.
A. single-site call processing
B. centralized call processing
C. hybrid call processing
D. distributed call processing
Answer:
Explanation:
Single-site call processing is needed for a large campus that spans multiple PSAP area?
Ref: http://www.developer.com/voice/article.php/3400571
In the single-site model, each site or campus has its own IP PBX or media server to perform call processing functions; also, there are no voice calls communication over the WAN network. If you want to implement external calls or call remote sites, you can use PSTN.
Question 2.
From the following list, select the information that is relevant to choosing an IP telephony centralized call processing model.
A. A single 6-story building with an IDF on each floor and an MDF in the computer room on the
second floor.
B. Three small regional sales offices located in the three Western time zones.
C. Centralized order processing, shipping, and billing for all customer products.
D. Connectivity to a single service provider that hosts the company web site and provides for
Internet access.
E. Multiple PRIs to the PSTN.
Answer:
IP telephony centralized call processing model works for different locations?
Ref: http://www.ciol.com/content/flavour/voip/102052801.asp
IP telephony deployment, building blocks
Many enterprises have already implemented VoIP as a form of toll bypass. But by deploying a complete IP telephony solution, enterprises leverage the inherent cost savings of a converged network across the organization, while adding new features and functions.
There are four basic models for IP telephony deployment in the enterprise:
• Single-site deployment -- IP telephony is deployed within a building or campus, but no voice traffic is carried over the IP WAN.
• Independent call-processing approach -- IP telephony is deployed within various remote locations, but calls are transmitted across the public switched telephone network (PSTN).
• Multisite deployment with distributed call processing -- Calls are transmitted using both the IP WAN (primary path) and the PSTN (secondary path) to connect enterprise locations. Callprocessing and voice-messaging equipment are present at each location, but interconnect across the WAN.
• Multisite deployment with centralized call processing -- Calls are transmitted using both the IP WAN (primary path) and the PSTN (secondary path), but callprocessing and voice-messaging equipment are centrally located. This is often the most efficient solution for multisite enterprises. The single-site and independent call-processing models are similar in the calls that continue to be transferred across the PSTN, but the enterprise can still take advantage of the benefits of IP telephony applications. The single-site and independent call-processing models often serve as the first step towards implementing an all-IP enterprise telephony network.
In a multisite with distributed call processing model, each site contains its own call processing and resources. Voice calls between sites use the IP WAN as the primary path. However, if the IP WAN is down or has insufficient resources to handle calls, the PSTN is used as a secondary path. The actual path used to connect the call, either the IP WAN or the PSTN, is transparent to both the calling and called party.
The multisite with centralized call processing model has all call-processing resources concentrated in a single site. Remote locations have only the basic infrastructure, such as switches, routers, and gateways, and endpoints such as IP or analog phones. The primary advantage of this model is the ability to centralize call processing, which reduces the equipment required at remote branches and eliminates the need for administration of multiple private-branch exchanges (PBXs) and key systems.
In addition, this model allows for single-point, dial-plan implementation as opposed to requiring dial plans in multiple locations. This model is particularly attractive for enterprises with small branch offices and telecommuters. To facilitate deployment, Cisco recently released the Catalyst 4224, a two-rack unit (RU) access gateway switch that combines the functionality of a switch, router, and gateway.
—In this model, multiple sites deploy IP telephony. These sites might be connected to a central campus over a private WAN or through the use of VPNs.
The headend site, or campus, contains the only call-processing manager cluster; however, remote sites can have local voice
|
Guys, Those of you that have failed the exam are you actually good enough to pass? Have you revised or do you just expect braindumps to help you pass?? Sort yourselves out and actually learn the material instead of moaning when you fail!!
|
Hi im planning to give Funda I (1Z0-031) around 3rd June...Can anyone upload the latest dumps
|
Question 1.
Which statement is true about the SGA in Oracle9i?
A. The unit of allocation for resizing the buffer cache or shared pool is defined by the init.ora
parameter DB_BLOCK_SIZE.
B. The unit of allocation for resizing the buffer cache or shared pool within the SGA is defined by
the size of the granules in use for the current SGA.
C. The maximum size of the SGA is set by the init.ora parameter SGA_MAX_SIZE and can be
altered dynamically.
D. You can use a combination of the init.ora parameters SHARED_POOL_SIZE,
DB_BLOCK_BUFFERS and SGA_MAX_SIZE to define the size of a dynamic SGA.
Answer: B
Explanation:
In the Oracle database the granule is the smallest unit of space that can be allocated. The unit of allocation for resizing the buffer cache or shared pool within the SGA is defined by the size of the granules in use for the current SGA.
Incorrect Answers
A: The unit of allocation for resizing the buffer cache or shared pool is defined by the size of the granules in use for the current SGA, not by the init.ora parameter DB_BLOCK_SIZE.
C: SGA_MAX_SIZE cannot be altered dynamically.
D: This statement is wrong.
Oracle OCP Oracle 9i Database:
Performance Tuning Exam Guide - Charles A. Pack – Oracle Press
Page 101 Sizing the Buffer Cache
Question 2.
Which four statements are true regarding the size and the effect of Oracle Blocks? (Choose four)
A. Large Oracle blocks are good for DSS types of application.
B. Larger Oracle blocks may increase the performance of the index reads.
C. Smaller Oracle blocks may decrease the performance of the index reads.
D. Small Oracle blocks may increase block contention, because there are fewer rows per block.
E. Larger Oracle blocks may waste the space in the buffer cache if the applications randomly
access rows.
Answer: A, B, C, E
Explanation:
DSS database will work better with a large database block size due to lot of full scans. Users of these systems are concerned with response time, which is the time it takes to get the results from their queries, so data need to be packed as closely as possible into blocks. Random access (index reads) to large object does not prefer a large block size: only consecutive access can benefit from a large block. And conversely: small block size may decrease index reads.
Also it’s true that large block size may waste space in the buffer cache.
Incorrect Answers
D: Small Oracle blocks may decrease block contention, because there are fewer rows per block:
there are few chances that some processes will try to read the same block simultaneously.
Oracle OCP Oracle 9i Database:
Performance Tuning Exam Guide - Charles A. Pack – Oracle Press
Page 306 – 307 Using Oracle Block Efficiently
Question 2.
Which two statements are true regarding running the Data Dictionary Cache? (Choose two)
A. The ratio of GETMISSES to GETS found in the V$ROWCACHE view should be less than 5
percent.
B. If the hit ratio for the library cache is acceptable, the hit ratio for the data dictionary should also
be acceptable.
C. On instance startup, the data dictionary cache contains no data, so any SQL statement is likely
to result in cache misses.
D. On instance startup the data dictionary cache is automatically loaded with the most commonly
used information, so many SQL statements will not cause cache misses.
Answer: B, C
Explanation:
Answer A is not true because this percent usually should be < 15%
Answer D is not true - there is such definition "most commonly used information" while instance is
starting
Reference:
Oracle9i Performance Tuning - Student Guide, Lesson 3
Question 3.
You have been running SQL that requires sorts all day in your database. At the end of the day,
you queried the V$SORT_SEGMENT view using this statement:
SELECT TABLESPACE_NAME, CURRENT_USERS, USED_EXTENDS,
FREE_EXTENDS FROM V$SORT_SEGMENT
The statement returned NO rows.
What is a valid conclusion?
A. All sort operations have completed in memory.
B. All sort operations went to the temporary tablespace.
C. The PRE_PAGE_SGA initialization parameter was set to TRUE.
D. All the sort operations went to the users’ default tablespace.
Answer: A
Reference:
Oracle9i Performance Tuning - Student Guide, Lesson 7
Question 4.
Which two are true about buffer cache advisory? (Choose two)
A. It is enabled by the DB_CACHE_ADVICE initialization parameter.
B. It estimates the number of physical writes to disk from the buffer cache.
C. It predicts the estimated number of indirect reads for different cache sizes.
D. It enables and disables statistics for predicting behavior with different cache sizes.
E. The database should be shut down after enabling the DC_CACHE_ADVISOR to ensure that
buffer cache statistics are reset.
Answer: A, D
Reference:
Oracle9i Performance Tuning - Student Guide, Lesson 4
Question 5.
How is data between a router and a TACACS+ server encrypted?
A. CHAP Challenge responses
B. DES encryption, if defined
C. MD5 has using secret matching keys
D. PGP with public keys
Answer: C
Explanation:
"The hash used in TACACS+ is MD5"CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 497
Question 6.
A gratuitous ARP is used to: (Multiple answers)
A. Refresh other devices’ ARP caches after reboot.
B. Look for duplicate IP addresses.
C. Refresh the originating server’s cache every 20 minutes.
D. Identify stations without MAC addresses.
E. Prevent proxy ARP from becoming promiscuous.
Answer: A, B
Explanation:
NOT SURE ABOUT THIS QUESTION - Refresh the originating server’s cache every 20 minutes. could be answer but the test wants only 2 Gratuitous ARP [23] is an ARP packet sent by a node in order to spontaneously because other nodes to update an entry in their ARP cache. A gratuitous ARP MAY use either an ARP Request or an ARP Reply packet. In either case, the ARP Sender Protocol Address and ARP Target Protocol Address are both set to the IP address of the cache entry to be updated, and the ARP Sender Hardware Address is set to the link-layer address to which this cache entry should be updated. When using an ARP Reply packet, the Target Hardware Address is also set to the link-layer address to which this cache entry should be updated (this field is not used in an ARP Request packet).
Most hosts on a network will send out a Gratuitous ARP when they are initialising their IP stack. This Gratuitous ARP is an ARP request for their own IP address and is used to check for a duplicate IP address. If there is a duplicate address then the stack does not complete initialisation.
Question 7.
Which addresses below would be valid IP addresses of hosts on the Internet? (Multiple answer)
A. 235.1.1.1
B. 223.20.1.1
C. 10.100.1.1
D. 127.0.0.1
E. 24.15.1.1
Answer: B, E
Explanation:
When you create an internal network, we recommend you use one of the following address groups reserved by the Network Working Group (RFC 1918) for private network addressing:
Class A: 10.0.0.0 to 10.255.255.255
Class B: 172.16.0.0 to 172.31.255.255
Class C: 192.168.0.0 to 192.168.255.255
Class D address start with the 1110 bit so the 223.20.1.1 is a legal class C address
Question 8.
On an Ethernet LAN, a jam signal causes a collision to last long enough for all other nodes to recognize that:
A. A collision has occurred and all nodes should stop sending.
B. Part of a hash algorithm was computed, to determine the random amount of time the nodes
should back off before retransmitting.
C. A signal was generated to help the network administrators isolate the fault domain between
two Ethernet nodes.
D. A faulty transceiver is locked in the transmit state, causing it to violate CSMA/CD rules.
E. A high-rate of collisions was caused by a missing or faulty terminator on a coaxial Ethernet
network.
Answer: A
Explanation:
When a collision is detected the device will "transmit a jam signal" this will inform all the devices on the network that there has been a collision and hence stop them initiating the transmission of new data. This "jam signal" is a sequence of 32 bits that can have any value as long as it does not equal the CRC value in the damaged frame's FCS field. This jam signal is normally 32 1's as this only leaves a 1 in 2^32 chance that the CRC is correct by chance. Because the CRC value is incorrect all devices listening on the network will detect that a collision has occurred and hence will not create further collisions by transmitting immediately. "Part of a hash algorithm was computed, to determine the random amount of time the nodes should back off before retransmitting." WOULD SEEM CORRECT BUT IT IS NOT After transmitting the jam signal the two nodes involved in the collision use an algorithm called the "truncated BEB (truncated binary exponential back off)" to determine when they will next retransmit. The algorithm works as follows: Each device will wait a multiple of 51.2us (minimum time required for signal to traverse network) before retransmitting. 51.2us is known as a "slot". The device will wait a certain number of these time slots before attempting to retransmit. The number of time slots is chosen from the set {0,.....,2^k-1} at random where k= number of collisions. This means k is initialized to 1and hence on the first attempt k will be chosen at random from the set {0,1} then on the second attempt the set will be {0,1,2,3} and so on. K will stay at the value 10 in the 11, 12, 13, 14, 15 and 16th attempt but on the 17th attempt the MAC unit stops trying to transmit and reports an error to the layer above.
Question 9.
Which statements about TACACS+ are true? (Multiple answer)
A. If more than once TACACS+ server is configured and the first one does not respond within a
given timeout period, the next TACACS+ server in the list will be contacted.
B. The TACACS+ server’s connection to the NAS encrypts the entire packet, if a key is used at
both ends.
C. The TACACS+ server must use TCP for its connection to the NAS.
D. The TACACS+ server must use UDP for its connection to the NAS.
E. The TACACS+ server may be configured to use TCP or UDP for its connection to the NAS.
Answer: A, B, C
Explanation:
PIX Firewall permits the following TCP literal names: bgp, chargen, cmd, daytime, discard, domain, echo, exec, finger, ftp, ftp-data, gopher, h323, hostname, http, ident, irc, klogin, kshell, lpd, nntp, pop2, pop3, pptp, rpc, smtp, sqlnet, sunrpc, TACACS, talk, telnet, time, uucp, whois, and www. To specify a TACACS host, use the tacacs-server host global configuration command. Use the no form of this command to delete the specified name or address. timeout= (Optional) Specify a timeout value. This overrides the global timeout value set with the tacacs-server timeout command for this server only. tacacs-server key To set the authentication encryption key used for all TACACS+ communications between the access server and the TACACS+ daemon, use the tacacs-server key global configuration command. Use the no form of this command to disable the key. key = Key used to set authentication and encryption. This key must match the key used on the TACACS+ daemon.
Question 10.
A Network Administrator is trying to configure IPSec with a remote system. When a tunnel is initiated from the remote end, the security associations (SAs) come up without errors. However, encrypted traffic is never sent successfully between the two endpoints. What is a possible cause?
A. NAT could be running between the twp IPSec endpoints.
B. NAT overload could be running between the two IPSec endpoints.
C. The transform set could be mismatched between the two IPSec endpoints.
D. The IPSec proxy could be mismatched between the two IPSec endpoints.
Answer: B
Explanation:
This configuration will not work with port address translation (PAT). Note: NAT is a one-to-one address translation, not to be confused with PAT, which is a many (inside the firewall)-to-one translation. IPSec with PAT may not work properly because the outside tunnel endpoint device cannot handle multiple tunnels from one IP address. You will need to contact your vendor to determine if the tunnel endpoint devices will work with PAT QUESTION- What is PAT, or NAT overloading? Answer- PAT, or NAT overloading, is a feature of Cisco IOS NAT and can be used to translate internal (inside local) private addresses to one or more outside (inside global—usually registered) IP addresses. Unique source port numbers on each translation are used to distinguish between the conversations. With NAT overload, a translation table entry containing full address and source port information is created.
Question 11.
Which are the principles of a one way hash function? (Multiple answer)
A. A hash function takes a variable length input and creates a fixed length output.
B. A hash function is typically used in IPSec to provide a fingerprint for a packet.
C. A hash function cannot be random and the receiver cannot decode the hash.
D. A hash function must be easily decipherable by anyone who is listening to the exchange.
Answer: A, B
Explanation:
Developers use a hash function on their code to compute a diges, which is also known as a one-way hash .The hash function securely compresses code of arbitrary length into a fixed-length digest result.
Question 12.
Exhibit:
What is the expected behavior of IP traffic from the clients attached to the two Ethernet subnets?
A. Traffic will successfully access the Internet, but will not flow encrypted between the router’s
Ethernet subnets.
B. Traffic between the Ethernet subnets on both routers will not be encrypted.
C. Traffic will be translated by NAT between the Ethernet subnets on both routers.
D. Traffic will successfully access the Internet fully encrypted.
E. Traffic bound for the Internet will not be routed because the source IP addresses are private.
Answer: A
Explanation:
NOT ENOUGH OF THE EXHIBIT TO MAKE A REAL CHOICE. THE EXHIBIT IS ONE OF IPSEC TAKE YOUR BEST SHOT.
Question 13.
A ping of death is when:
A. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
“type” field in the ICMP header is set to 18 (Address Mask Reply).
B. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP), the Last
Fragment bit is set, and (IP offset ‘ 8) + (IP data length) >65535.
In other words, the IP offset (which represents the starting position of this fragment in the
original packet, and which is in 8-byte units) plus the rest of the packet is greater than the
maximum size for an IP packet.
C. An IP datagram is received with the “protocol” field in the IP header set to 1 (ICMP) and the
source equal to destination address.
D. The IP header is set to 1 (ICMP) and the “type” field in the ICMP header is set to 5 (Redirect).
Answer: B
Explanation:
"A hacker can send an IP packet to a vulnerable machine such that the last fragment contains an offset where (IP offset *8) + (IP data length)>65535. This means that when the packet is reassembled, its total length is larger than the legal limit, causing buffer overruns in the machine's OS (because the buffer sizes are defined only to accommodate the maximum allowed size of the packet based on RFC 791)...IDS can generally recognize such attacks by looking for packet fragments that have the IP header's protocol field set to 1 (ICMP), the last bit set, and (IP offset *8) +(IP data length)>65535" CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 414 "Ping of Death" attacks cause systems to react in an unpredictable fashion when receiving oversized IP packets. TCP/IP allows for a maximum packet size of up to 65536 octets (1 octet = 8 bits of data), containing a minimum of 20 octets of IP header information and zero or more octets of optional information, with the rest of the packet being data. Ping of Death attacks can cause crashing, freezing, and rebooting.
Question 14.
Within OSPF, what functionality best defines the use of a ‘stub’ area?
A. It appears only on remote areas to provide connectivity to the OSPF backbone.
B. It is used to inject the default route for OSPF.
C. It uses the no-summary keyword to explicitly block external routes, defines the non-transit
area, and uses the default route to reach external networks.
D. To reach networks external to the sub area.
Answer: B
Explanation:
These areas do not accept routes belonging to external autonomous systems (AS); however, these areas have inter-area and intra-area routes. In order to reach the outside networks, the routers in the stub area use a default route which is injected into the area by the Area Border Router (ABR). A stub area is typically configured in situations where the branch office need not know about all the routes to every other office, instead it could use a default route to the central office and get to other places from there.
Hence the memory requirements of the leaf node routers is reduced, and so is the size of the OSPF database.
Question 15.
What is the best explanation for the command aaa authentication ppp default if-needed tacacs+?
A. If authentication has been enabled on an interface, use TACACS+ to perform authentication.
B. If the user requests authentication, use TACACS+ to perform authentication.
C. If the user has already been authenticated by some other method, do not run PPP
authentication.
D. If the user is not configured to run PPP authentication, do not run PPP authentication.
E. If the user knows the enable password, do not run PPP authentication.
Answer: C
Explanation:
if-needed (Optional) Used with TACACS and extended TACACS. Does not perform CHAP or PAP authentication if the user has already provided authentication. This option is available only on asynchronous interfaces.
Question 16.
To restrict SNMP access to a router, what configuration command could be used?
A. snmp-server community
B. snmp-server public
C. snmp-server password
D. snmp-server host
Answer: A
Explanation:
Configure the community string (Optional) For access-list-number, enter an IP standard access list numbered from 1 to 99 and 1300 to 1999.
Question 17.
TFTP security is controlled by: (Multiple answers)
A. A username/password.
B. A default TFTP directory.
C. A TFTP file.
D. A pre-existing file on the server before it will accept a put.
E. File privileges.
Answer: B, D, E
Explanation:
username/password- is for FTP a default TFTP directory - one has to be in your tftp server and the location listed in the tftp command In uploading code you need to have a file but some programs like solarwinds will download the running config via tftp and make the file
Question18.
Which statements are true about RIP v1? (Multiple answer)
A. RIP v1 is a classful routing protocol.
B. RIP v1 does not carry subnet information in its routing updates.
C. RIP v1 does not support Variable Length Subnet Masks (VLSM).
D. RIP v1 can support discontinuous networks.
Answer: A, B, C
Explanation:
RIP and IGRP are classful protocols
Why Doesn't RIP or IGRP Support Discontinuous Networks?
Question 19.
In the IOS Firewall Feature Set, what kind of traffic is NOT subject to inspection?
A. FTP
B. TFTP
C. ICMP
D. SMTP
Answer: C
Explanation:
CBAC-Supported applications (Deployable on a modular basis):
Question 20.
Exhibit:
S* 0.0.0.0/0 [1/0] via 172.31.116.65
D 172.16.0.0/24 [90/48609] via 10.1.1.1
R 172.16.0.0/16 [120/4] via 192.168.1.4
A router has the above routers listed in its routing table and receives a packet destined for 172.16.0.45. What will happen?
A. The router will not forward this packet, since it is destined for the 0 subnet.
B. The router will forward the packet though 172.31.116.65, since it has the lowest metric.
C. The router will forward the packet through 10.1.1.1.
D. The router will forward the packet through 172.31.116.65, since it has the lowest administrative
distance.
E. The router will forward the packet through 192.168.1.4.
Answer: C
Explanation:
D= EIGRP and the lowest metric of the routing protocols
R= Rip AD of 120 S* default route The 0.0.0.0 is a default route for packets that don’t match the other routes is to be forwarded to 172.31.116.65
Question 21.
In the Cisco Secure Intrusion Detection System/HP OpenView interface, a “yellow” sensor icon would mean:
A. A sensor daemon had logged a level 3 alarm.
B. A sensor daemon had logged a level 4 or 5 alarm.
C. The director that the sensor reports to is operating in degraded mode.
D. The device that the sensor detected being attacked is inoperative as a result of the attack.
Answer: A
Explanation:
Alarm level 3 and 4 are medium. Medium severity is displayed in yellow, then icon medium severity is a yellow flag. by default events at level 1 and 2 are low, events at level 3 and 4 are medium, level 5 and higher are high.
Cisco Secure intrusion detection system by Earl Carter p. 148, 213, 214
Question 22.
Symptoms:
- Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
- Console logging: level warning, 0 messages logged
- Monitor logging: level informational, 0 messages logged
- Buffer logging: level informational, 0 message lines logged
Note:
Router 1’s CPU is normally above 25% busy switching packets Scenario:
Host A cannot reach the FTP Server, but can reach Host B. The network administrator suspects that packets are travelling from network 10.1.5.0 to the FTP Server, but packets are not returning. The administrator logs into the console port of Router 1. When Host A sends a ping to the FTP Server, the administrator executes a “debug ip packet” command on the router.
Exhibit:
The administrator does not see any output. What additional commands could be used to see the packets flowing from Ethernet 0 to Ethernet 1?
A. terminal monitor
B. configure terminal
logging console debug
interface ethernet1
no ip route-cache
C. configure terminal
logging console debug
D. configure terminal
no logging buffered
E. configure terminal
interface ethernet0
no ip route-cache
Answer: B
Explanation:
By default, the network server sends the output from debug commands and system error messages to the console. If you use this default, monitor debug output using a virtual terminal connection, rather than the console port. To redirect debug output, use the logging command options within configuration mode as described 7 debugging Debugging messages. LOG_DEBUG When multicast fast switching is enabled (like unicast routing), debug messages are not logged. If you want to log debug messages, disable fast switching.
To limit the types of messages that are logged to the console, use the logging console router configuration command. Use the ip route-cache interface configuration command to control the use of high-speed switching caches for IP routing. To disable any of these switching modes, use the no form of this command.
Question 23.
What is the first thing that must be done to implement network security at a specific site?
A. Hire a qualified consultant to install a firewall and configure your router to limit access to known
traffic.
B. Run software to identify flaws in your network perimeter.
C. Purchase and install a firewall to protect your network.
D. Install access-control lists in your perimeter routers, so you can ensure that only known traffic
is getting through your router.
E. Design a security policy.
Answer: E
Explanation:
A Network security policy defines a framework to protect the assets connected to a network based on a risk assessment analysis. A network security policy defines the access limitations and rules for accessing various assets connected to a network. It is the source of information for users and administrators as they set up, use, and audit the network. CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 8
Question 24.
What would be the best reason for selecting L2TP as a tunnel protocol for a VPN Client?
A. L2TP uses TCP as a lower level protocol so the transmissions are connected oriented,
resulting in more reliable delivery.
B. L2TP uses PPP so address allocation and authentication is built into the protocol instead of
relying on IPSec extended functions, like mode config and a-auth.
C. L2TP does not allow the use of wildcard pre-shared keys, which is not as secure as some
other methods.
D. L2TP has less overhead than GRE.
Answer: B
Explanation:
L2TP uses UDP which is connectionless protocol CCIE Professional Development Network Security Principles and Practices by Saadat Malik pg 243 L2TP, which stands for Layer 2 Tunneling Protocol, is an IETF standard emerging that combines Layer 2 Forwarding protocol (L2F) and Point-to-Point Tunneling protocol (PPTP). L2TP has all the security benefits of PPP, including multiple per user authentication options (CHAP, PAP, and MS-CHAP). It also can authenticate the tunnel end points, which prevents potential intruders from building a tunnel and accessing precious corporate data. To ensure further data confidentiality, Cisco recommends adding IPSec to any L2TP implementation. Depending on the corporation's specific network security requirements, L2TP can be used in conjunction with tunnel encryption, end-to-end data encryption, or end-to-end application encryption. L2TP header: 16 bytes maximum (in case all options are used, RFC 2661) 24 (bit) for the GRE overhead
Question 25.
In the IOS Firewall Feature Set, which network layers are examined by CBAC to make filtering decisions? (Multiple answer)
A. Transport
B. Application
C. Network
D. Presentation
E. Data Link
Answer: A, B, C
Explanation:
CBAC intelligently filters TCP and UDP packets based on application-layer protocol session information and can be used for intranets, extranets and the Internet. You can configure CBAC to permit specified TCP and UDP traffic through a firewall only when the connection is initiated from within the network you want to protect. (In other words, CBAC can inspect traffic for sessions that originate from the external network.) However, CBAC examines not only network layer and transport layer information but also examines the application-layer protocol information (such as FTP connection information) to learn about the state of the TCP or UDP session.
Question 26.
In BGP, why should a Route Reflector be used?
A. To overcome issues of split-horizon within BGP.
B. To reduce the number of External BGP peers by allowing updates to reflect without the need to
be fully meshed.
C. To allow the router to reflect updates from one Internal BGP speaker to another without the
need to be fully meshed.
D. To divide Autonomous Systems into mini-Autonomous Systems, allowing the reduction in the
number of peers.
E. None of the above.
Answer: C
Explanation:
"Route reflectors are useful when an AS contains a large number of IBGP peers. Unless EBGP routes are redistributed into the autonomous systems' IGP, all IBGP peers must be fully meshed. Route reflectors offer an alternative to fully meshed IBGP peers." CCIE Professional Development Routing TCP/IP Volume II by Jeff Doyle and Jennifer Dehaven Carroll
Question 27.
A router sends an ICMP packet, with the Type 3 (host unreachable) and Code 4 (DF bit set) flags set, back to the originating host. What is the expected action of the host?
A. The host should reduce the size of future packets it may send to the router.
B. This scenario cannot occur, since the packet will be fragmented and sent to the original
destination.
C. The sending station will stop sending packets, because the router is not expecting to see the
DF bit in the incoming packet.
D. The sending station will clear the DF bit and resend the packet.
E. If the router has an Ethernet interface, this cannot occur because the MTU is fixed at 1500
bytes. Any other interface may legally generate this packet.
Answer: D
Explanation:
Another ICMP message warns that a desired host is unreachable because of a problem with fragmenting a datagram sending.host.net:icmp:tagret.host unreachable - need to frag (mtu 1500) Network Intrusion Detection third edition by Stephen Northcutt and Judy Novak pg 67
Question 28.
In the realm of email security, “message repudiation” refers to what concept?
A. A user can validate which mail server or servers a message was passed through.
B. A user can claim damages for a mail message that damaged their reputation.
C. A recipient can be sure that a message was sent from a particular person.
D. A recipient can be sure that a message was sent from a certain host.
E. A sender can claim they did not actually send a particular message.
Answer: E
Explanation:
A quality that prevents a third party from being able to prove that a communication between two other parties ever took place. This is a desirable quality if you do not want your communications to be traceable.
Non-repudiation is the opposite quality—a third party can prove that a communication between two other parties took place. Non-repudiation is desirable if you want to be able to trace your communications and prove that they occurred. Repudiation – Denial of message submission or delivery.
Question 29.
A RARP is sent:
A. To map a hostname to an IP address.
B. To map an IP address to a hostname.
C. To map an MAC address to an IP address.
D. To map a MAC address to a hostname.
E. To map and IP address to a MAC address.
Answer: C
Explanation:
RARP is used to translate hardware interface addresses to protocol addresses
Question 30.
Exhibit:
aaa authentication login default local tacacs
aaa authorization exec default tacacs
aaa authentication login vty tacacs local
aaa authorization exec vty tacacs if-authenticated
username abc password xuz
line vty 0 4
exec-timeout 0 0
If a router running IOS 11.3 is configured as shown in the TACACS server is down, what will happen when someone Telnets into the router?
A. Using the local username, the user will pass authentication but fail authorization.
B. The user will be bale to gain access using the local username and password, since list vty will
be checked.
C. Using the local username, the user will bypass authentication and authorization since the
server is down.
D. The user will receive a message saying “The TACACS+ server is down, please try again later”.
Answer: B
Explanation:
aaa authentication login vty tacacs local aaa authorization exec vty tacacs if-authenticated This line in the config mean that the vty lines are to use tacacs first but the timeout expires and authentication then goes to the local database If-authenticated states that if authenticated before do not authenticate again.
Question 31.
When an IPSec authentication header (AH) is used in conjunction with NAT on the same IPSec endpoint, what is the expected result?
A. NAT has no impact on the authentication header.
B. IPSec communicates will fail because the AH creates a hash on the entire IP packet before
NAT.
C. AH is only used in IKE negotiation, so only IKE will fail.
D. AH is no a factor when used in conjunction with NAT, unless Triple DES is included in the
transform set.
Answer: B
Explanation:
AH runs the entire IP packet, including invariant header fields such as source and destination IP address, through a message digest algorithm to produce a keyed hash. This hash is used by the recipient to authenticate the packet. If any field in the original IP packet is modified, authentication will fail and the recipient will discard the packet. AH is intended to prevent unauthorized modification, source spoofing, and man-in-the-middle attacks. But NAT, by definition, modifies IP packets. Therefore, AH + NAT simply cannot work.
Question 32.
Routing Information Protocol (RIP):
A. Runs on TCP port 520.
B. Runs directly on top of IP with the protocol ID 89.
C. Runs on UDP port 520.
D. Does not run on top of IP.
Answer: C
Explanation:
Question 33.
A security System Administrator is reviewing the network system log files. The administrator notes that:
- Network log files are at 5 MB at 12:00 noon.
- At 14:00 hours, the log files at 3 MB.
What should the System Administrator assume has happened and what should they do?
A. Immediately contact the attacker’s ISP and have the connection disconnected, because an
attack has taken place.
B. Log the file size, and archive the information, because the router crashed.
C. Run a file system check, because the Syslog server has a self correcting file system problem.
D. Disconnect from the Internet discontinue any further unauthorized use, because an attack has
taken place.
E. Log the event as suspicious activity, continue to investigate, and take further steps according
to site security policy.
Answer: E
Explanation:
This QUESTION os much like one from vconsole (see reference)"You should never assume a host has been compromised without verification. Typically, disconnecting a server is an extreme measure and should only be done when it is confirmed there is a compromise or the server contains such sensitive data that the loss of service outweighs the risk. Never assume that any administrator or automatic process is making changes to a system. Always investigate the root cause of the change on the system and follow your organizations security policy." Cisco Certified Internetwork Expert Security Exam V1.7/Vconsole update Questions by John Kaberna
See ccbootcamp.com
Question 34.
When using PKI, what is true about Certificate Revocation List (CRL):
A. The CRL is used to check presented certificates to determine if they are revoked.
B. A router or PIX will not require that the other end of the IPSec tunnel have a certificate if the crl
optional command is in place.
C. The router’s CRL includes a list of clients that have presented invalid certificates to the router
in the past.
D. It resides on the CA server and is built by querying the router or PIX to determine which clients
have presented invalid certificates in the past.
Answer: A
Explanation:
A router or PIX will not require that the other end of the IPSec tunnel have a certificate if the crl optional command is in place --THIS SEEMS A RESONABLE ANSWER BUT HERE IS WHY I DISCOUNT IT--"will not require that the other end of the IPSec tunnel have a certificate" -- The PIX allows the Certificate even if the CA DOES NOT RESPOND. I have not seen it stated that it will allow NO certificate. To allow other peers' certificates to still be accepted by your router even if the appropriate Certificate Revocation List (CRL) is not accessible to your router, use the crl optional configuration command. If the PIX Firewall does not receive a certificate from the CA within 1 minute (default) of sending a certificate request, it will resend the certificate request. The PIX Firewall will continue sending a certificate request every 1 minute until a certificate is received or until 20 requests have been sent. With the keyword crloptional included within the command statement, other peer's certificates can still be accepted by your PIX Firewall even if the CRL is not accessible to your PIX Firewall.
|
HELLO HOW CAN WE GET DUMPS ON THIS SITE WHEN EVER I CLICK ON A LINK TO GET A DUMB I FIND NOTHING HELP
|
Please send me latest 70-229 dump
|
Please send me the new Dump at malikamanatali@hotmail.com
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.