|
Question 1.
Why should the interface command bridge vlan vlan# be executed upon creation of interfaces on a Cisco Content Services Switch (CCS) switch?
A. Bridging is turned OFF.
B. Bridging is turned ON, but is undefined.
C. All VLANs are initially bridged to VLAN 1.
D. Interfaces are shut off by default until bridged to a VLAN.
E. The CSS acts as a router, therefore routing must be turned ON.
Answer: C
Explanation:
Bridging an Interface to a VLAN
To specify a VLAN and associate it with the specified Ethernet interface, use the bridge vlan command. Enter an integer from 1 to 4094 as the VLAN identifier. The default is 1. All interfaces are assigned to VLAN1 by default.
The following list defines the maximum number of VLANs supported by the specific CSS models:
• CSS 11501 and CSS 11503 - A maximum of 256 VLANs per CSS and 64 VLANs per port
(FE or GE)
• CSS 11506 - A maximum of 512 VLANs per CSS and 64 VLANs per port (FE or GE)
When you specify the bridge vlan command, enter the word vlan in lowercase letters and include a space before the VLAN number (for example, vlan 2).
For example, to configure e1 to VLAN2 on the CSS 11501, enter:
(config-if[e1])# bridge vlan 2
Question 2.
Which statement is true about caching solutions currently on the Internet?
A. Caching solutions are used predominantly for video streaming.
B. Caching solutions are housed predominantly in Internet Service Provider data centers.
C. Caching solutions are housed both within enterprise environments and at Internet Service
Provider data centers.
D. Caching solutions only deliver static content and in no way deliver dynamic content to users on
the Internet today.
Answer: C
Explanation:
Cacheable Content
Cacheable content is typically static application data and can be associated with a file type and file extension.
Ensuring Fresh Content
A requirement for any caching system is the ability to ensure that users see the same content from a network cache as they would from the Web. Every Web page comprises several Web objects and each Web object has its own caching parameters, determined by content authors and HTTP standards (see the "HTTP Caching Standards" section). Thus, even a Web page with realtime objects typically has many other objects that are cacheable. Rotating ad banners and Common Gateway Interface (CGI)-generated responses are examples of objects that are typically noncacheable. Toolbars, navigation bars, GIFs, and JPEGs are examples of objects that are typically cacheable. Thus, for a given Web page, only a few dynamic objects need to be retrieved from the end server, while static objects can be fulfilled locally.
Caching Hierarchy
Because a Cisco Content Engine can be transparent to the client and to network operation, customers can easily place Content Engines in several network locations in a hierarchical fashion. For example, if an Internet service provider (ISP) deploys a Content Engine at its main point of access to the Internet, all of its points of presence (POPs) benefit, because requested content can be available at this main point of access without going through the Internet The figure depicts a typical caching hierarchy using Content Engines.
Caching Hierarchy
Client requests reach the Content Engine and are fulfilled from its storage. To further improve service to favored clients, ISPs can deploy Content Engines at each POP. Then, when a client accesses the Internet, the request is first redirected to the POP Content Engine. If the POP Content Engine is unable to fulfill the request from local storage, it makes a normal web request to the end server.
Upstream, this request is redirected to the Content Engine at the main Internet access point. If the request is fulfilled by the Content Engine, traffic on the main Internet access link is avoided, the origin web servers experience lower demand, and the client experiences better network response times.
Enterprise networks can apply this hierarchical transparent architecture in the same way.
Caching Hierarchy in Enterprise Solutions
Question 3.
Which two statements are true about cookies? (Choose two)
A. Cookies are accessible only by the client’s browser.
B. Cookies are kept by the client’s browser on the server.
C. Cookies are assigned by the server or load balancer.
D. Cookies are kept by the client’s browser on the client machine.
E. Session state is maintained by a cookie provided by the client.
Answer: C, D
Question 4.
Which of the following statements are true with regards to the CSM supported network topologies? (Choose two)
A. In the bridge mode, directly attached servers point to the CSM as the default gateway.
B. In router mode, directly attached servers point to the CSM as the default gateway.
C. The bridge mode between 2 VLANs implies that they are on different IP subnets.
D. The router mode between 2 VLANs implies that they are on different IP subnets.
E. Router and bridge modes cannot be configured simultaneously on the same module.
Answer: B, D
|
Question 1.
Which statement is true about the hardware requirements of MPLS?
A. Because you do not need to run a routing protocol on P-routers, they require less memory than
routers supporting classic IP routing.
B. Because of the additional processing and memory requirements needed to build the LFIB,
MPLS is only available on high end routers.
C. MPLS is available on low end routers, built their use is limited because of the additional
processing and memory requirements needed to build the LFIB.
D. Because P-routers do not need to carry routes outside the MPLD domain, they require less
memory than routers that support the same application using classic IP routing.
Answer: C
Question 2.
If aggregation (summarization) were to be used on a network with ATM LSRs.
What would result?
A. LSPs would be broken in two.
B. There would be extra LFIB entries.
C. The size of the LFIB table would increase.
D. There would be extra LIB entries
Answer: A
Question 3.
What is true of MPLS TE?
A. Only the ingress LSR must see the entire topology of the network.
B. Every LSR needs additional information about links in the network, available resources, and
constraints.
C. Every core router must be able to create an LSP tunnel on demand.
D. Both RSVP and CR-LDP are used in conjunction to establish traffic engineering (TE) tunnels
and to propagate the labels.
Answer: B
Question 4.
What is a major drawback of using traditional IP routing over an ATM network when connecting multiple sites?
A. Each ATM switch in the path has to perform Layer 3 routing lookup.
B. ATM virtual circuits have to be established between the different sites.
C. There is high ATM management overhead between the ATM switch and the router at each
site.
D. Each ATM switch has to be manually configured to participate in Layer 3 routing.
E. There is high PNNI overhead.-
Answer: B
Explanation:
Drawbacks of Traditional IP Forwarding IP over ATM
1) Layer 2 devices have no knowledge of Layer 3 routing information - virtual circuits must be manually established.
2) Layer 2 topology may be different from Layer 3 topology, resulting in suboprtimal paths and link use.
3) Even if the two topologies overlap, the hub-and-spoke topology is usually used because of easier management.
Question 5.
What is true of MPLS TE?
A. Only the ingress LSR must see the entire topology of the network.
B. Every LSR needs additional information about links in the network, available resources, and
constraints.
C. Every core router must be able to create an LSP tunnel on demand.
D. Both RSVP and CR-LDP are used in conjunction to establish traffic engineering (TE) tunnels
and to propagate the labels.
Answer: B
Question 6.
In order for MPLS to be implemented on ATM switches, what requirements must the ATM switch meet? Select two.
A. become Layer 3 aware by running a routing protocol
B. use MPLS LDP or TDP to distribute and receive MPLS label information
C. use BGP to exchange MPLS VPN labels in the data plane
D. use RSVP to exchange MPLS traffic-engineering labels in the data plane
E. establish a full mesh of Layer 2 ATM virtual circuits between all the ATM switches in the MPLS
domain
F. use cell-mode MPLS and insert MPLS label in the ATM AAL5 header
Answer: A, B
Question 7.
When running basic MPLS in conjunction with VPNs, how many labels does each packet contain?
A. Each packet contains one label that identifies the VPN.
B. Each packet contains at least two labels. One label identifies the path to the egress router and
one that identifies the VPN.
C. Each packet contains at least three labels. One label identifies the ingress router, one
identifies the egress router and one identifies the path that will be taken.
D. Each packet contains at least three labels. One label identifies the ingress router, one label
identifies the path to the egress router, and one identifies the VPN.
Answer: B
Question 8.
On ingress, a label is imposed to a packet. Which process is responsible for this function?
A. LDP process.
B. Control plane process
C. Penultimate hop process.
D. Forwarding plane process.
Answer: B
Question 9.
How could you check for potential MTU size issues on the path taken by a PE-to-PE LSP?
A. Because MPLS packets are label switched, MTU problems can only be detected by the user
applications.
B. Use the ping vrf command with packet size set to the largest MTU along the path and DF bit
set from the local PE-router to ping the remote PE-router.
C. Use the ping vrf command with packet size set to the smallest MTU along the path and DF bit
set from the local PE-router to ping the remote PE-router.
D. Because MPLS packets are label switched, packets are automatically fragmented and
reassembled by the PE-routers. Therefore, there are no potential MTU issues.
Answer: B
Question 10.
Which one of the following is true regarding MPLS independent control label allocations?
A. The LSR can always assign a label for a destination prefix, even if it has no downstream label.
B. The LSR can assign a label for a destination prefix only if it has already receives a label from
the next-hop LSR, otherwise, it must request a label from the next-hop LSR.
C. The LSR will assign a label to a destination prefix only when asked for a label by an upstream
LSR.
D. The label for a destination prefix is allocated and advertised to all LDP peers, regardless of
whether the LDP peers are upstream or downstream LSRs for the destination prefix.
E. The LSR stores the receives label in its LIB, even when the label is not received from the next-
hop LSR.
F. The LSR stores only the labels received from the next-hop LSR, all other labels are ignored.
Answer: A
|
Question 1.
What is the best practice of configuring an intercom on a shared line?
A. This feature allows all endpoints to participate in intercom messages.
B. This feature can be used only when the intercomephone-dn is configured as a dual line
C. This feature is not supported and should not be used
D. This feature can be supported only in a unidirectional manner.
E. This feature allows one endpoint to contact multiple endpoints simultaneously
Answer: C
Question 2.
Using the show ccn trigger command provides the following output:cue-10-0-0# show ccn trigger Name:
6800Type: SIPApplication: voicemailLocale:en_US Idle Timeout: 5000Enabled: yes Maximum number of sessions: 8Name: 6700Type: SIPApplication: autoattendant Locale:en_US Idle Timeout: 5000Enabled: yes
Maximum number of sessions: 8cue-10-0-0#
What two pieces of information can you derive from this output? (Choose two.)
A. The number of ports available is 16
B. The operator can bereachedat extension6800
C. The voice-mail pilot point number is 6800
D. The voice-mail application is enabled.
E. The idle timeout is 5 seconds
Answer: C, D
Question 3.
You work as an administrator at your company. You study the exhibit carefully.
What type of calls can the ephone with extension 2151 make?
Exhibit:
A. No impact on out going calls. However, in coming calls will not be permitted to extension
2151unless cor list is configured on the ephone-dn
B. Only US calls
C. All calls
D. Internal and emergency calls only, because of the defaultcor restriction.
E. None
Answer: C
Question 4.
You work as an administrator at your company. You study the exhibit carefully. A user at Acme Co. reports that when some one leaves a voice-mail message, their MWI does not light up. The administrator has checked the MWI configuration in Cisco Unified Communications Manager Express and found that the MWI On number is 9001 and the MWI Off number is 9000.
Using the trace output from the Cisco Unity Express module, what is the problem?
Exhibit:
A. The MWI On number configuration is incorrect in Cisco Unity Express
B. The CCN subsystem SIP is incorrect in Cisco Unity Express.
C. The MWI Off Number configuration is incorrect in Cisco Unity Express
D. The SIP is misconfigured in Cisco Unified Communications Manager Express
E. The MWI application is not enabled
Answer: A
Question 5.
You work as an administrator at your company. You study the exhibits carefully. This proposed configuration is meant to forward calls to extension 9999 when extension 2001is busy.
Which configuration command will most likely to be edited for this to function properly?
Exhibit #1:
Exhibit #2:
A. max registrations
B. id network mask
C. mailbox
D. voiceregisterpool
Answer: D
Question 6.
You work as an administrator at Your company. You study the exhibit carefully. When two separate calls, FXO and PRI, arrive at the following Cisco Unified Communications Manager Express router, which statement about call behavior is true?
Exhibit:
A. The PRI call matches dial-peer50pots, the FXO call matchesdial-peer123pots, and both calls
succeed.
B. The FXO call matches dial-peer50pots,the PRI call matches dial-peer123pots,andbothcalls
succeed
C. The FXO call matches dial-peer50pots, and the PRI call matchesdial-peer123pots, but both
calls fail due to misconfiguration
D. The FXO call matches dial-peer50pots and succeeds, and the PRI call matchesdial
-peer123pots , but it fails due to a missing port statement.
E. The PRI call matches dial-peer50pots and succeeds, and the FXO call matchesdial-
peer123pots , but it fails due to a missing port statement.
Answer: B
Question 7.
You work as an administrator at Your company. You study the exhibit carefully. When a message is left at extensionephone-dn1, the message is left successfully, however the MWI light does not come on.
Which configuration command resolves this issue?
Exhibit:
A. The command MWI SIP is missing underephone-dn 1.
B. The command MWI SIP is missing under voiceregisterpool 1
C. Must configure two ephone-dns for MWI on andMWI off
D. The command MWI is missing under voice register global
E. The command MWI is missing under ephone-dn1
Answer: A
Question 8.
You work as an administrator at Your company. You study the exhibit carefully. Cisco Unity Express is not registered to a Cisco Unified Messaging Gateway.
What is causing this condition?
Exhibit:
A. Email domains are not on the same subnet.
B. Local location ID should be changed to be "10"
C. Cisco Unified Messaging Gateway location is not defined
D. The messaging- gateway registration command is not configured
E. VoiceView cannot be enabled.
Answer: D
Question 9.
You work as an administrator at Your company. You study the exhibit carefully.
Which command can be used to override all the blocked patterns in the after-hours configuration?
Exhibit:
A. Configure the pin command under theephone command
B. Configure the after- hours exempt and pin commands under theephone-dn command
C. Configure the after- hours exempt command under theephone-dn command
D. Configure thenoafter-hours block pattern command under the ephone command.
Answer: C
Question 10.
Which pre configuration task is necessary for VoiceView Express?
A. Ensure that all phones that are owned by the JTAPI user point to the authentication server
URL on Cisco Unity Express.
B. Ensure that the authentication server URL points to Cisco Unity Express
C. Ensure that all phones point to the authentication server URL owned by Cisco Unity Express
D. Ensure that authentication server is owned by the JTAPI user on Cisco Unity Express
Answer: B
|
Question 1.
Which of these is a benefit of an integrated security management system?
A. It provides configuration, monitoring, and troubleshooting capabilities across a wide range of
security products.
B. It leverages existing network management systems such as HP Open View to lower the cost of
implementation.
C. It integrates security management capabilities into the router or switch.
D. It integrates security device management products and collects events on an "as needed"
Basis to reduce management overhead.
E. It provides a single point of contact for all security configuration tasks thereby enhancing the
return on investment.
Answer: A
Question 2.
DRAG DROP
Drop
Answer:
Question 3.
Which service component within the prepare phase recommends the appropriate technology strategy to address a business requirement of the customer?
A. identifying what a customer requires from a proposed solution
B. determining what end-user training a customer requires
C. analyzes the customer's business requirements and recommends the appropriate Cisco
technologies to meet business requirements
D. addressing a customer's physical requirements
Answer: C
Question 4.
What are two important approaches to communicate when identifying a customer's security risks? (Choose two.)
A. Security should be a continuous process.
B. Security solutions should come from multiple vendors to make it easier to coordinate security
events from the point of origin.
C. The designated security expert should report to the IT department, since that is where the
solution will be implemented.
D. Business strategy should directly relate to the security policy and budget.
E. Smaller companies are at less risk than larger enterprises, so their security needs are not as
great.
Answer: A, D
Question 5.
Which of the following best describe the customer benefit of creating a systems acceptance test plan in the design phase?
A. reduce operating costs and limit change-related incidents by providing a consistent and
Efficient set of processes
B. improve the return on investment and hasten migration by identifying and planning for
necessary infrastructure changes and resource additions, as well as reduce deployment costs
by analyzing gaps early in the planning process to determine what is needed to support the
system
C. improve its ability to make sound financial decisions by developing a business case based on
Its business requirements and establishing a basis for developing a technology strategy
D. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases
for use in verifying that the system meets operational, functional, and interface requirements
Answer: D
Question 6.
A Cisco Catalyst switch can belong to how many VTP domains?
A. 2
B. 1 to 4,096
C. 1
D. 1 to 1,005
E. no limit
Answer: C
Question 7.
The Cisco ASA Security Appliance can offer the benefit of integrating which three security services into one device? (Choose three.)
A. PIX firewall
B. VPN Concentrator
C. IPS
D. DDoS Anomaly Guard and Detector
E. CSA MC
F. ACS server
Answer: A, B, C
Question 8.
A customer has deployed a wireless core feature set using autonomous access points and now wants to include a satellite building 4,500 feet away from the main campus. The customer also wants to provide wireless access to a courtyard for wireless clients in close proximity to the antenna mounting position.
Which Cisco Aironet product is the most applicable solution?
A. Cisco Aironet 1000 Series
B. Cisco Aironet 1300 Series
C. Cisco Aironet 1100 Series
D. Cisco Aironet 1400 Series
E. Cisco Aironet 1200 Series
Answer: B
Question 9.
What is one benefit of the Cisco anti-X defense strategy?
A. virtual firewall protection
B. malware, virus, and worm mitigation
C. applications security
D. security events correlation for proactive response
Answer: B
Question 10.
Which two of these statements best describe the benefits of Cisco's wireless IDS functionality? (Choose two.)
A. Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client
traffic and RF monitoring.
B. Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
C. 2.4GHz RF management can monitor both 802.11 and non-802.11 RF interference.
D. APs only monitor the RF channels that are servicing the clients.
E. AirDefense for wireless IDS is required by autonomous APs.
Answer: B, C
|
Question 1.
Which of the following best describe the customer benefits of change management in the operate phase?
A. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases
for use in verifying that the system meets operational, functional, and interface requirements
B. improve its ability to make sound financial decisions by developing a business case based on
its business requirements and establishing a basis for developing a technology strategy
C. reduce operating costs and limit change. related incidents by providing a consistent and
efficient set of processes
D. improve the return on investment and hasten migration by identifying and planning for
necessary infrastructure changes and resource additions, as well as reduce deployment costs
by analyzing gaps early in the planning process to determine what is needed to support the
system
Answer: C
Question 2.
Which of these is the best definition of the Cisco Lifecycle Services approach?
A. It defines the minimum set of services required to successfully deploy and operate a set of
Cisco technologies.
B. It determines how best to price Cisco products.
C. It provides partners with a useful way to leverage Cisco resources.
D. It consists of these phases: plan, deploy, support, and troubleshoot.
Answer: A
Question 3.
What two types of telephony interfaces are used for PSTN connectivity? (Choose two.)
A. Digital
B. Optical
C. Analog
D. CDMA
Answer: A, C
Question 4.
Which statement correctly describes the keys witch model of deployment for call processing?
A. All IP Phones are able to answer any incoming PSTN call on any line
B. PSTN calls are routed through a receptionist or automated attendant.
C. All IP Phones in the system have a single unique extension number.
Answer: A
Question 5.
Which definition best describes the implementation service component within the implement phase?
A. providing a step-by-step plan that details the installation and service. commission tasks
required in order to create a controlled. implementation environment that emulates a customer
network
B. assessing the ability of site facilities to accommodate proposed infrastructure changes
C. developing and executing proof-of-concept tests, validating high-level infrastructure design,
and identifying any design enhancements
D. Installing, configuring and integrating systems components based on an implementation plan
developed in earlier phases E. improving a customer's infrastructure security system
Answer: D
Question 6.
A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired.
Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage?
A. full mesh
B. partial mesh
C. point-to-multipoint
D. huB. anD.spoke
Answer: D
Question 7.
How can the proper configuration of Voice Mail be tested at an end user's IP phone?
A. Press the "i" button.
B. Press the "Settings" button.
C. Press the "Services" button.
D. Press the "Messages" button
Answer: D
Question 8.
In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed?
A. distribution layer
B. core layer
C. access layer
D. network management functional module
Answer: A
Question 9.
Which of these is an accurate list of Cisco Lifecycle Services phases?
A. initiation, planning, analysis, design, development, implementation, operations and
maintenance
B. project planning, site assessment, risk assessment, solution selection and acquisition, testing,
and operations
C. Prepare, plan design implement operate, and optimize
D. analysis, design, deployment, testing, implementation, and production I E. presales, project
planning, development, implementation, operations testing, and operations signoff
Answer: C
Question 10.
What port role assignment would you make for the Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System?
A. IP Phone and desktop
B. Cisco UC520
C. Cisco CE520
D. Cisco 871W
Answer: B
Question 11.
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.
Which method list and method is used to authenticate the remote access VPN users? (Choose two.)
A. sdm_vpn_xauth_ml_1
B. sdm_ypn_group_ml_1
C. SDM_CMAP_1
D. local database on the ISR
E. remote TACACS+ server
F. remote Radius Server
Answer: A, D
|
Question 1.
Consider the following customer attributes and choose the correct IP telephony call processing model:
- a large campus that spans two PSAP areas
- a single group of buildings connected via fiber optics
- data VPNs that support multiple contractors and suppliers
- a fully developed three-tier network hierarchy
- connectivity to two different service providers for Internet access
A. single-site call processing
B. centralized call processing
C. hybrid call processing
D. distributed call processing
Answer: A
Question 2.
What information is relevant to choosing an IP telephony centralized call processing model?
A. multiple PRIs to the PSTN
B. a campus of six buildings connected via an ATM backbone
C. three small regional sales offices located in the three Western time zones
D. centralized order processing, shipping, and billing for all customer products
E. connectivity to a single service provider that hosts the company web site and provides for
Internet access
F. a single six-story building with an IDF on each floor and an MDF in the computer room on the
second floor
Answer: C
Question 3.
In a TDM PBXto Cisco Unified Communications Manager migration, which three things must be verified from the LAN perspective before IP telephony can be deployed? (Choose three.)
A. the type of wiring in the office
B. the number of PSTN connections needed
C. the number of public IP addresses available
D. the amount of rack space in the equipment rack
E. the amount of power that is available to support new LAN switches
Answer: A, D, E
Question 4.
DRAG DROP
The intranet will have three VLAN types to support voice and data traffic; one type for voice, one type for data, and one type for the Cisco Unified Communications Manager cluster. How should inter-VLAN connectivity by deployed? Drag and drop the type of connectivity to each type of connection. Types of connections may be used more than once.
Answer:
Question 5.
Ajax wants to ensure that their employees are safe and that they comply with the law.
What are four general E911 responsibilities of an enterprise telephony system? (Choose four.)
A. Enable PSAP call-back.
B. initiate the update of ALI records.
C. Provide a detailed map of all ERLs.
D. Allow conferencing with internal security personnel.
E. Route calls to the appropriate point (on-net or off-net).
F. Deliver appropriate calling party number digits to LEC
Answer: A, B, E, F
Question 6.
What are two conferencing guidelines for a single-site deployment? (Choose two.)
A. Use hardware conferencing only for small deployments
B. If available, configure DSPs for flex-mode when there are multiple codec types in use.
C. Group any conferencing resources into MRGLs based on their location, to manage Call
Admission Control.
D. Make certain that Meet-Me and Ad-Hoc conference resources each account for a minimum of
5% of the user base.
Answer: B, D
Question 7.
Ajax needs to provide technical support outside of normal operating hours. They would like to deploy a small test call center to develop the skills necessary to provide phone, chat, and e-mail support. Ajax wants to start with five agents.
Which two connection types would be applicable for use with the planned contact center? (Choose two.)
A. PRI
B. CAS DC. ESM
D. QSIG
E. POTS
Answer: A, B
Question 8.
Indicate whether T1s orE1s are available in your area. (Note: If both are available, choose the one with which you are most familiar.)
A. T1
B. E1
Answer: NO CORRECT ANSWER
Question 9.
You have decided to use the MGCP signaling protocol for the PSTN gateway at Ajax.
Which option is true regarding the use of a gatekeeper in their network?
A. One may be used for CAC.
B. One could be used for address resolution.
C. One may be deployed for both CAC and address resolution.
D. A gatekeeper is not applicable in this situation.
Answer: D
Question 10.
Ajax has contacted its LEC to obtain an additional range of DIDs. Their current DID range is 555-6000 through 555-6999. The LEC can provide them with an additional range of numbers, 556-6000 through 556-6999. The LEC is currently sending four digits inbound, so the two DID ranges overlap.
What two things can be done to resolve this solution? (Choose two.)
A. Ask the LEC to send five digits.
B. Change internal calls to five-digit dialing.
C. Move to a six-digit dial plan to provide more dialing granularity for all extension numbers.
D. Contact an alternative carrier to see if it can provide a DID range that does not overlap with the
current range.
Answer: A, B
|
Question 1. Which two are technologies that secure the control plane of the Cisco router? (Choose two.) A. Cisco IOS Flexible Packet Matching B. URPF C. routing protocol authentication D. CPPr E. BPDU protection F. role-based access control Answer: C, D Question 2. HOTSPOT This item contains three questions that you must answer. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 3. What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.) A. basic B. advanced C. 128MB.sdf D. 256MB.sdf E. attack-drop F. built-in Answer: A, B Question 4. Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN functionality? A. aaa authentication dot1x default group radius B. aaa authorization network default group radius C. aaa accounting dotlx default start-stop group radius D. aaa accounting system default start-stop group radius E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 Answer: B Question 5. Which is an advantage of implementing the Cisco IOS Firewall feature? A. provides self-contained end-user authentication capabilities B. integrates multiprotocol routing with security policy enforcement C. acts primarily as a dedicated firewall device D. is easily deployed and managed by the Cisco Adaptive Security Device Manager E. provides data leakage protection capabilities Answer: B Question 6. Which three statements correctly describe the GET VPN policy management? (Choose three.) A. A central policy is defined at the ACS (AAA) server. B. A local policy is defined on each group member. C. A global policy is defined on the key server, and it is distributed to the group members. D. The key server and group member policy must match. E. The group member appends the global policy to its local policy. Answer: B, C, E Question 7. HOTSPOT This Item contains three questions that you must answer. You can view the question by clicking on the Questions button to the left. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all the SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM screen is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 8. DRAG DROP Drop Match the Cisco IOS IPS SEAP feature on the left to its description on the right. Not all the features on the left are used. Drag and drop question. Drag the items to the proper locations. Answer: Question 9. The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protect which router plane? A. control plane B. management plane C. data plane D. network plane Answer: B Question 10. DRAG DROP Drop Match the Network Foundation Protection (NFP) feature on the left to where it is applied on the right. Drag and drop question. Drag the items to the proper locations. Answer:
|
Question 1.
Which two statements correctly describe configuring active/active failover? (Choose two.)
A. You must assign contexts to failover groups from the admin context.
B. Both units must be in multiple mode.
C. You must configure two failover groups: group 1 and group 2.
D. You must use a crossover cable to connect the failover links on the two failover peers.
Answer: B, C
Question 2.
Observe the following exhibit carefully. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session would trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often called TCP-over-TCP meltdown.
According to the presented Cisco ASDM configuration, which Cisco ASA security appliance configuration will most likely solve this problem?
A. Compression
B. MTU size of 500
C. Keepalive Messages
D. Datagram TLS
Answer: D
Question 3.
The IT department of your company must perform a custom-built TCP application within the clientless SSL VPN portal configured on your Cisco ASA security appliance. The application should be run by users who have either guest or normal user mode privileges.
In order to allow this application to run, how to configure the clientless SSL VPN portal?
A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application
Answer: A
Question 4.
According to the following exhibit. When a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool will be used by the Cisco ASA security appliance for the NAT?
A. 192.168.8.101 - 192.168.8.105
B. 192.168.8.20 - 192.168.8.100
C. 192.168.8.106 - 192.168.8.110
D. 192.168.8.20 - 192.168.8.110
Answer: B
Question 5.
Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of troubleshooting, you determine to make configuration changes.
According to the provided Cisco ASDM configuration, which configuration change will you begin with?
A. Require a client certificate on the interface.
B. Enable an SSL VPN client type on the interface.
C. Enable DTLS on the interface.
D. Enable a different access port that doesn't conflict with Cisco ASDM.
Answer: B
Question 6.
You are the network security administrator for the ITCERTKEYS company. You create an FTP inspection policy including the strict option, and it is applied to the outside interface of the corporate adaptive security appliance. How to handle FTP on the security appliance after this policy is applied? (Choose three.)
A. FTP inspection is applied to traffic entering the inside interface.
B. Strict FTP inspection is applied to traffic entering the outside interface.
C. FTP inspection is applied to traffic exiting the inside interface.
D. Strict FTP inspection is applied to traffic exiting the outside interface.
Answer: A, B, D
Question 7.
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated
ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you
must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you
want to globally disable inspection for a protocol, you can edit the default global policy.
Answer: A, C, D
Question 8.
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. After configuring port forwarding for a clientless SSL VPN connection, if port forwarding is to work, which end user privilege level is required at the endpoint?
A. system level
B. guest level
C. user level
D. administrator level
Answer: D
Question 9.
Which two methods can be used to decrease the amount of time it takes for an active Cisco ASA adaptive security appliance to fail over to its standby failover peer in an active/active failover configuration? (Choose two.)
A. decrease the interface failover poll time
B. decrease the unit failover poll time
C. use the special serial failover cable to connect the security appliances
D. use single mode
Answer: A, B
Question 10.
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not
need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A, C, D
|
Question 1.
Tom works as a network administrator. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status.
Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?
A. failover reset
B. failover primary active
C. failover active
D. failover exec standby
Answer: C
Question 2.
For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
B. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ
C. dhcpd range 10.0.1.100-10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
D. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer: A
Question 3.
Look at the following exhibit carefully, which one of the four diagrams displays a correctly configured network for a transparent firewall?
A. 1
B. 2
C. 3
D. 4
Answer: D
Question 4.
What is the effect of the per-user-override option when applied to the access-group command syntax?
A. The log option in the per-user access list overrides existing interface log options.
B. It allows for extended authentication on a per-user basis.
C. Hallows downloadable user access lists to override the access list applied to the interfacE.
D. It increases security by building upon the existing access list applied to the interfacE. All
subsequent users are also subject to the additional access list entries.
Answer: C
Question 5.
John works as a network administrator.
According to the exhibit, the only traffic that John would like to allow through the corporate Cisco ASA adaptive security appliance is inbound HTTP to the DMZ network and all traffic from the inside network to the outside network. John also has configured the Cisco ASA adaptive security appliance, and access through it is now working as expected with one exception: contractors working on the DMZ servers have been surfing the Internet from the DMZ servers, which (unlike other Company XYZ hosts) are using public, routable IP addresses. Neither NAT statements nor access lists have been configured for the DMZ interface.
What is the reason that the contractors are able to surf the Internet from the DMZ servers? (Note: The 192.168.X.XIP addresses are used to represent routable public IP addresses even though the 192.168.1.0 network is not actually a public routable network.)
A. An access list on the outside interface permits this traffic.
B. NAT control is not enabled.
C. The DMZ servers are using the same global pool of addresses that is being used by the inside
hosts.
D. HTTP inspection is not enabled.
Answer: B
Question 6.
In order to recover the Cisco ASA password, which operation mode should you enter?
A. configure
B. unprivileged
C. privileged
D. monitor
Answer: D
Question 7.
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. For the security appliance to inspect packets for signs of malicious application misuse, you
must enable advanced (application layer) protocol inspection.
B. if you want to enable inspection globally for a protocol that is not inspected by default or if you
want to globally disable inspection for a protocol, you can edit the default global policy.
C. The protocol inspection feature of the security appliance securely opens and closes negotiated
ports and IP addresses for legitimate client-server connections through the security appliance.
D. if inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Answer: B, C, D
Question 8.
Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?
A. showip nat all
B. show running-configuration nat
C. showxlate
D. show nat translation
Answer: C
Question 9.
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall.
Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose threE.)
A. it dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. it supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A, C, D
Question 10.
What is the result if the WebVPN url-entry parameter is disabled?
A. The end user is unable to access pre-defined URLs.
B. The end user is unable to access any CIFS shares or URLs.
C. The end user is able to access CIFS shares but not URLs.
D. The end user is able to access pre-defined URLs.
|
Question 1.
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment.
Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.
Answer: A, C, D
Question 2.
Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network
topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied
simultaneously to multiple local controllers.
C. A global controller can correlate events from multiple local controllers to perform global
sessionizations.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
Answer: A, B, D
Question 3.
Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance?
A. Use Secure FTP to protect the data transfer.
B. Use "mode 5" restore from the Cisco Security MARS CLI to provide enhanced security During
the data transfer.
C. Choose Admin > System Maintenance > Data Archiving on the Cisco Security MARS GUI to
perform the restore operations on line.
D. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.
Answer: D
Question 4.
A Cisco Security MARS appliance can't access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways
C. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
D. Use the Cisco Security MARS CLI to add a static route
Answer: D
Question 5.
Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. mitigate at Layer 2
B. archive to NFS only
C. drop
D. log to the database only
Answer: C, D
Question 6.
What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance?
A. The source IP address that sends syslog information to the Cisco Security MARS appliance
B. The pre-NAT IP address of the device
C. The IP address that Cisco Security MARS uses to access the device via SNMP
D. The IP address that Cisco Security MARS uses to access the device via Telnet or SSH
Answer: A
Question 7.
Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to conjunction with the Cisco Security MARS incident escalation feature for incident
reporting
B. It is used to capture, combine and preserve user-selected Cisco Security MARS data within a
specialized report
C. It is used to automatically collect and save information on incidents, sessions, queries and
reports dynamically without user interventions
D. It is used to very quickly evaluate the state of the network
Answer: B
Question 8.
Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.)
A. Define the syslog relay collector.
B. Add the syslog relay server application to Cisco Security MARS as Generic Syslog Relay Any.
C. Define the syslog relay source list.
D. Add the reporting devices monitored by the syslog relay server to Cisco Security MARS.
Answer: B, D
Question 9.
Here is a question that you need to answer. You can click on the Question button to the left to view the question and click on the MARS GUI Screen button to the left to capture the MARS GUI screen in order to answer the question. While viewing the GUI screen capture, you can view the complete screen by use of the left/right scroll bar on the bottom of the GUI screen. Choose the correct answer from among the options.
What actions will you take to configure the MARS appliance to send out an alert when the system rule fires according to the MARS GUI screen shown?
A. Click "Edit" to edit the "Operation" field of the rule, select the appropriate alert option(s), then
apply.
B. Click on "None" in the "Action" field, select the appropriate alerts, then apply.
C. Click "Edit" to edit the "Reported User" field of the rule, select the appropriate alert
option(s),then apply.
D. Click on "Active" in the "Status" field, select the appropriate alerts, then apply.
Answer: B
Question 10.
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events management page
D. Creating drop rules
Answer: D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.