|
i need some questions, please send me my email: robert_jeans@gmail.com
|
Question 1. A customer has an Exchange server on a Windows 2003 and would like to perform daily backups. It is required that the Exchange server is always available. What is the best solution to achieve this? A. UseNTbackup for Exchange Services. B. Useonly offline backups that uses Logical Volume Snapshot Agent. C. Use IBM Tivoli Storage Manager (Tivoli Storage Manager) for Mail for online backups daily. D. Use Tivoli Storage Managerclient without stopping the Exchange server. Answer: C Question 2. A customer requires a large file server backup in the least time possible by using a storage area network (SAN) environment. Which component should be installed on the file server in order to achieve this? A. Tivoli Management Console B. Integrated Solution Console C. IBM Tivoli Storage Manager SAN-Free D. IBM Tivoli Storage Manager for Storage Area Network Answer: D Question 3. A new storage pool is to be defined for providing off-site data protection by using an existing tape library at the off-site location and needs to provide optimized restore performance in the case of disaster. How should the storage pool be optimally configured? A. an active-data copy pool that uses a tape device class B. a copy pool that uses a file device class with node collocation C. a copy pool that uses a tape device class with group collocation D. an active-data copy pool that uses a file device class with node collocation Answer: C Question 4. Which type of device class should be defined in order to use the SnapLock feature in IBM Tivoli Storage Manager server? A. DLT device class B. LTO device class C. FILE device class D. DISK device class Answer: C Question 5. In a server to server communication (or in enterprise configuration), after defining a target IBM Tivoli Storage Manager (Tivoli Storage Manager) server on the Tivoli Storage Manager source server, how can an administrator test that the details entered are correct? A. Check the Tivoli Storage Managerserver activity log. B. Ping the server from the operating system command line. C. Use the Ping Server Tivoli Storage Manager command. D. Open the Tivoli Storage Manager client on the Tivoli Storage Manager server, and see if the client can access the defined Tivoli Storage Manager server. Answer: C Question 6. Which client command launches file level VMware Consolidated Backup, eliminates VMware scripts for managing virtual machine snapshots, and automatically performs snapshot management on each virtual machine? A. dsmc backvm B. dsmc backup vm C. dsmc backup vcb D. dsmc launch backup vm Answer: B Question 7. What best describes the default settings for the primary, copy, and active data storage pools processed during creation of the disaster recovery plan by using the prepare command? A. Process all primary pools, all copy pools, and all active data pools. B. Process all primary pools, all copy pools, and no active data pools. C. Process no primary pools, all copy pools, and all active data pools. D. Process no primary pools, no copy pools, and no active data pools. Answer: B Question 8. Which client option controls whether IBM Tivoli Storage Manager should create a differential snapshot when performing a snapdiff incremental backup? A. diffshot B. snapdiff C. diffsnapshot D. Incrsnapshot Answer: C Question 9. In order to obtain an individual file level restore of a SnapMirror backup. what must be done? A. Restore individual file from image backup. B. Restore TOC, and then restore individual file. C. Restore fullSnapMirror Image to disk, and then restore individual file. D. Restore IBMTivoli Storage Manager Image to disk, and then restore individual file. Answer: C Question 10. Which command is issued on IBM Tivoli Storage Manager server administrative command line to view the actual option settings? A. query node B. query state C. query option D. queryconfig Answer: C
|
Question 1. Which two statements correctly describe configuring active/active failover? (Choose two.) A. You must assign contexts to failover groups from the admin context. B. Both units must be in multiple mode. C. You must configure two failover groups: group 1 and group 2. D. You must use a crossover cable to connect the failover links on the two failover peers. Answer: B, C Question 2. Observe the following exhibit carefully. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session would trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often called TCP-over-TCP meltdown. According to the presented Cisco ASDM configuration, which Cisco ASA security appliance configuration will most likely solve this problem? A. Compression B. MTU size of 500 C. Keepalive Messages D. Datagram TLS Answer: D Question 3. The IT department of your company must perform a custom-built TCP application within the clientless SSL VPN portal configured on your Cisco ASA security appliance. The application should be run by users who have either guest or normal user mode privileges. In order to allow this application to run, how to configure the clientless SSL VPN portal? A. configure a smart tunnel for the application B. configure a bookmark for the application C. configure the plug-in that best fits the application D. configure port forwarding for the application Answer: A Question 4. According to the following exhibit. When a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool will be used by the Cisco ASA security appliance for the NAT? A. 192.168.8.101 - 192.168.8.105 B. 192.168.8.20 - 192.168.8.100 C. 192.168.8.106 - 192.168.8.110 D. 192.168.8.20 - 192.168.8.110 Answer: B Question 5. Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of troubleshooting, you determine to make configuration changes. According to the provided Cisco ASDM configuration, which configuration change will you begin with? A. Require a client certificate on the interface. B. Enable an SSL VPN client type on the interface. C. Enable DTLS on the interface. D. Enable a different access port that doesn't conflict with Cisco ASDM. Answer: B Question 6. You are the network security administrator for the ITCERTKEYS company. You create an FTP inspection policy including the strict option, and it is applied to the outside interface of the corporate adaptive security appliance. How to handle FTP on the security appliance after this policy is applied? (Choose three.) A. FTP inspection is applied to traffic entering the inside interface. B. Strict FTP inspection is applied to traffic entering the outside interface. C. FTP inspection is applied to traffic exiting the inside interface. D. Strict FTP inspection is applied to traffic exiting the outside interface. Answer: A, B, D Question 7. Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.) A. The protocol inspection feature of the security appliance securely opens and closes negotiated ports and IP addresses for legitimate client-server connections through the security appliance. B. For the security appliance to inspect packets for signs of malicious application misuse, you must enable advanced (application layer) protocol inspection. C. If inspection for a protocol is not enabled, traffic for that protocol may be blocked. D. If you want to enable inspection globally for a protocol that is not inspected by default or if you want to globally disable inspection for a protocol, you can edit the default global policy. Answer: A, C, D Question 8. An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. After configuring port forwarding for a clientless SSL VPN connection, if port forwarding is to work, which end user privilege level is required at the endpoint? A. system level B. guest level C. user level D. administrator level Answer: D Question 9. Which two methods can be used to decrease the amount of time it takes for an active Cisco ASA adaptive security appliance to fail over to its standby failover peer in an active/active failover configuration? (Choose two.) A. decrease the interface failover poll time B. decrease the unit failover poll time C. use the special serial failover cable to connect the security appliances D. use single mode Answer: A, B Question 10. Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.) A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports. B. It supports SIP with NAT but not with PAT. C. It supports multimedia with or without NAT. D. It supports RTSP, H.323, Skinny, and CTIQBE. Answer: A, C, D
|
Question 1. Which two are technologies that secure the control plane of the Cisco router? (Choose two.) A. Cisco IOS Flexible Packet Matching B. URPF C. routing protocol authentication D. CPPr E. BPDU protection F. role-based access control Answer: C, D Question 2. HOTSPOT This item contains three questions that you must answer. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 3. What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.) A. basic B. advanced C. 128MB.sdf D. 256MB.sdf E. attack-drop F. built-in Answer: A, B Question 4. Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN functionality? A. aaa authentication dot1x default group radius B. aaa authorization network default group radius C. aaa accounting dotlx default start-stop group radius D. aaa accounting system default start-stop group radius E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 Answer: B Question 5. Which is an advantage of implementing the Cisco IOS Firewall feature? A. provides self-contained end-user authentication capabilities B. integrates multiprotocol routing with security policy enforcement C. acts primarily as a dedicated firewall device D. is easily deployed and managed by the Cisco Adaptive Security Device Manager E. provides data leakage protection capabilities Answer: B Question 6. Which three statements correctly describe the GET VPN policy management? (Choose three.) A. A central policy is defined at the ACS (AAA) server. B. A local policy is defined on each group member. C. A global policy is defined on the key server, and it is distributed to the group members. D. The key server and group member policy must match. E. The group member appends the global policy to its local policy. Answer: B, C, E Question 7. HOTSPOT This Item contains three questions that you must answer. You can view the question by clicking on the Questions button to the left. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all the SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM screen is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 8. DRAG DROP Drop Match the Cisco IOS IPS SEAP feature on the left to its description on the right. Not all the features on the left are used. Drag and drop question. Drag the items to the proper locations. Answer: Question 9. The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protect which router plane? A. control plane B. management plane C. data plane D. network plane Answer: B Question 10. DRAG DROP Drop Match the Network Foundation Protection (NFP) feature on the left to where it is applied on the right. Drag and drop question. Drag the items to the proper locations. Answer: Question 11. DRAG DROP Drop Cisco IOS IPS can take specific actions when an active signature is detected. Match the actions on the left with the correct definition on the right. Drag and drop question. Drag the items to the proper locations. Answer:
|
Question 1. Consider the following customer attributes and choose the correct IP telephony call processing model: - a large campus that spans two PSAP areas - a single group of buildings connected via fiber optics - data VPNs that support multiple contractors and suppliers - a fully developed three-tier network hierarchy - connectivity to two different service providers for Internet access A. single-site call processing B. centralized call processing C. hybrid call processing D. distributed call processing Answer: A Question 2. What information is relevant to choosing an IP telephony centralized call processing model? A. multiple PRIs to the PSTN B. a campus of six buildings connected via an ATM backbone C. three small regional sales offices located in the three Western time zones D. centralized order processing, shipping, and billing for all customer products E. connectivity to a single service provider that hosts the company web site and provides for Internet access F. a single six-story building with an IDF on each floor and an MDF in the computer room on the second floor Answer: C Question 3. In a TDM PBXto Cisco Unified Communications Manager migration, which three things must be verified from the LAN perspective before IP telephony can be deployed? (Choose three.) A. the type of wiring in the office B. the number of PSTN connections needed C. the number of public IP addresses available D. the amount of rack space in the equipment rack E. the amount of power that is available to support new LAN switches Answer: A, D, E Question 4. DRAG DROP The intranet will have three VLAN types to support voice and data traffic; one type for voice, one type for data, and one type for the Cisco Unified Communications Manager cluster. How should inter-VLAN connectivity by deployed? Drag and drop the type of connectivity to each type of connection. Types of connections may be used more than once. Answer: Question 5. Ajax wants to ensure that their employees are safe and that they comply with the law. What are four general E911 responsibilities of an enterprise telephony system? (Choose four.) A. Enable PSAP call-back. B. initiate the update of ALI records. C. Provide a detailed map of all ERLs. D. Allow conferencing with internal security personnel. E. Route calls to the appropriate point (on-net or off-net). F. Deliver appropriate calling party number digits to LEC Answer: A, B, E, F Question 6. What are two conferencing guidelines for a single-site deployment? (Choose two.) A. Use hardware conferencing only for small deployments B. If available, configure DSPs for flex-mode when there are multiple codec types in use. C. Group any conferencing resources into MRGLs based on their location, to manage Call Admission Control. D. Make certain that Meet-Me and Ad-Hoc conference resources each account for a minimum of 5% of the user base. Answer: B, D Question 7. Ajax needs to provide technical support outside of normal operating hours. They would like to deploy a small test call center to develop the skills necessary to provide phone, chat, and e-mail support. Ajax wants to start with five agents. Which two connection types would be applicable for use with the planned contact center? (Choose two.) A. PRI B. CAS DC. ESM D. QSIG E. POTS Answer: A, B Question 8. Indicate whether T1s orE1s are available in your area. (Note: If both are available, choose the one with which you are most familiar.) A. T1 B. E1 Answer: NO CORRECT ANSWER Question 9. You have decided to use the MGCP signaling protocol for the PSTN gateway at Ajax. Which option is true regarding the use of a gatekeeper in their network? A. One may be used for CAC. B. One could be used for address resolution. C. One may be deployed for both CAC and address resolution. D. A gatekeeper is not applicable in this situation. Answer: D Question 10. Ajax has contacted its LEC to obtain an additional range of DIDs. Their current DID range is 555-6000 through 555-6999. The LEC can provide them with an additional range of numbers, 556-6000 through 556-6999. The LEC is currently sending four digits inbound, so the two DID ranges overlap. What two things can be done to resolve this solution? (Choose two.) A. Ask the LEC to send five digits. B. Change internal calls to five-digit dialing. C. Move to a six-digit dial plan to provide more dialing granularity for all extension numbers. D. Contact an alternative carrier to see if it can provide a DID range that does not overlap with the current range. Answer: A, B
|
Question 1. Which of the following best describe the customer benefits of change management in the operate phase? A. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases for use in verifying that the system meets operational, functional, and interface requirements B. improve its ability to make sound financial decisions by developing a business case based on its business requirements and establishing a basis for developing a technology strategy C. reduce operating costs and limit change. related incidents by providing a consistent and efficient set of processes D. improve the return on investment and hasten migration by identifying and planning for necessary infrastructure changes and resource additions, as well as reduce deployment costs by analyzing gaps early in the planning process to determine what is needed to support the system Answer: C Question 2. Which of these is the best definition of the Cisco Lifecycle Services approach? A. It defines the minimum set of services required to successfully deploy and operate a set of Cisco technologies. B. It determines how best to price Cisco products. C. It provides partners with a useful way to leverage Cisco resources. D. It consists of these phases: plan, deploy, support, and troubleshoot. Answer: A Question 3. What two types of telephony interfaces are used for PSTN connectivity? (Choose two.) A. Digital B. Optical C. Analog D. CDMA Answer: A, C Question 4. Which statement correctly describes the keys witch model of deployment for call processing? A. All IP Phones are able to answer any incoming PSTN call on any line B. PSTN calls are routed through a receptionist or automated attendant. C. All IP Phones in the system have a single unique extension number. Answer: A Question 5. Which definition best describes the implementation service component within the implement phase? A. providing a step-by-step plan that details the installation and service. commission tasks required in order to create a controlled. implementation environment that emulates a customer network B. assessing the ability of site facilities to accommodate proposed infrastructure changes C. developing and executing proof-of-concept tests, validating high-level infrastructure design, and identifying any design enhancements D. Installing, configuring and integrating systems components based on an implementation plan developed in earlier phases E. improving a customer's infrastructure security system Answer: D Question 6. A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired. Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage? A. full mesh B. partial mesh C. point-to-multipoint D. huB. anD.spoke Answer: D Question 7. How can the proper configuration of Voice Mail be tested at an end user's IP phone? A. Press the "i" button. B. Press the "Settings" button. C. Press the "Services" button. D. Press the "Messages" button Answer: D Question 8. In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed? A. distribution layer B. core layer C. access layer D. network management functional module Answer: A Question 9. Which of these is an accurate list of Cisco Lifecycle Services phases? A. initiation, planning, analysis, design, development, implementation, operations and maintenance B. project planning, site assessment, risk assessment, solution selection and acquisition, testing, and operations C. Prepare, plan design implement operate, and optimize D. analysis, design, deployment, testing, implementation, and production I E. presales, project planning, development, implementation, operations testing, and operations signoff Answer: C Question 10. What port role assignment would you make for the Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System? A. IP Phone and desktop B. Cisco UC520 C. Cisco CE520 D. Cisco 871W Answer: B
|
Question 1. Which two commands are required to enable multicast on a router, knowing that the receivers only support IGMPv2? (Choose two.) A. ip pim rp-address B. ip pim ssm C. ip pim sparse-mode D. ip pim passive Answer: A, C Explanation: Sparse mode logic (pull mode) is the opposite of Dense mode logic (push mode), in Dense mode it is supposed that in every network there is someone who is requesting the multicast traffic so PIM-DM routers begin by flooding the multicast traffic out of all their interfaces except those from where a prune message is received to eliminate the “leaf” from the multicasting tree (SPT), the Source-Based Tree (S, G); as opposed to Sparse mode that send the traffic only if someone explicitly requested it. Not like Dense mode, which build a separated source-based tree (S, G) between the source and the requester of the traffic, Sparse mode mechanism is based on a fixed point in the network named Rendez-Vous point. All sources will have to register with the RP to which they send their traffic and thereby build a source-based tree (S, G) between them and the RP (not with the final multicast receiver like in PIM-DM) and all PIM-SM routers, “whatever” multicast traffic they are requesting, have to register with the RP and build a shared-tree (*. G) Reference http://tools.ietf.org/html/rfc2236 http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a00800b0871.shtml http://www.cisco.com/en/US/tech/tk828/technologies_tech_note09186a0080094821.shtml#sparsemode Question 2. A branch router is configured with an egress QoS policy that was designed for a total number of 10 concurrent VOIP calls. Due to expansion, 15 VOIP calls are now running over the link, but after the 14th call was established, all calls were affected and the voice quality was dramatically degraded. Assuming that there is enough bandwidth on the link for all of this traffic, which part of the QoS configuration should be updated due to the new traffic profile? A. Increase the shaping rate for the priority queue. B. Remove the policer applied on the priority queue. C. Remove the shaper applied on the priority queue. D. Increase the policing rate for the priority queue. Answer: D Explanation: Question 3. A new backup connection is being deployed on a remote site router. The stability of the connection has been a concern. In order to provide more information to EIGRP regarding this interface, you wish to incorporate the "reliability" cost metric in the EIGRP calculation with the command metric weights 1 0 1 0 1. What impact will this modification on the remote site router have for other existing EIGRP neighborships from the same EIGRP domain? A. Existing neighbors will immediately begin using the new metric. B. Existing neighbors will use the new metric after clearing the EIGRP neighbors. C. Existing neighbors will resync, maintaining the neighbor relationship. D. All existing neighbor relationships will go down. Answer: D Explanation: Question 4. Refer to the exhibit. R1 has an EBGP session to ISP 1 and an EBGP session to ISP 2. R1 receives the same prefixes through both links. Which configuration should be applied so that the link between R1 and ISP 2 will be preferred for outgoing traffic (R1 to ISP 2)? A. Increase local preference on R1 for received routes B. Decrease local preference on R1 for received routes C. Increase MED on ISP 2 for received routes D. Decrease MED on ISP 2 for received routes Answer: A Explanation: Explanation Local preference is an indication to the AS about which path has preference to exit the AS in order to reach a certain network. A path with higher local preference is preferred more. The default value of preference is 100. Reference http://www.cisco.com/en/US/tech/tk872/technologies_configuration_example09186a0080b82d1f.shtml? referring_site=smartnavRD Question 5. Refer to the exhibit. A small enterprise connects its office to two ISPs, using separate T1 links. A static route is used for the default route, pointing to both interfaces with a different administrative distance, so that one of the default routes is preferred. Recently the primary link has been upgraded to a new 10 Mb/s Ethernet link. After a few weeks, they experienced a failure. The link did not pass traffic, but the primary static route remained active. They lost their Internet connectivity, even though the backup link was operating. Which two possible solutions can be implemented to avoid this situation in the future? (Choose two.) A. Implement HSRP link tracking on the branch router R1. B. Use a track object with an IP SLA probe for the static route on R1. C. Track the link state of the Ethernet link using a track object on R1. D. Use a routing protocol between R1 and the upstream ISP. Answer: B, D Explanation: Interface Tracking Interface tracking allows you to specify another interface on the router for the HSRP process to monitor in order to alter the HSRP priority for a given group. If the specified interface's line protocol goes down, the HSRP priority of this router is reduced, allowing another HSRP router with higher priority can become active (if it has preemption enabled). To configure HSRP interface tracking, use the standby [group] track interface [priority] command. When multiple tracked interfaces are down, the priority is reduced by a cumulative amount. If you explicitly set the decrement value, then the value is decreased by that amount if that interface is down, and decrements are cumulative. If you do not set an explicit decrement value, then the value is decreased by 10 for each interface that goes down, and decrements are cumulative. The following example uses the following configuration, with the default decrement value of 10. Note: When an HSRP group number is not specified, the default group number is group 0. interface ethernet0 ip address 10.1.1.1 255.255.255.0 standby ip 10.1.1.3 standby priority 110 standby track serial0 standby track serial1 The HSRP behavior with this configuration is: 0 interfaces down = no decrease (priority is 110) 1 interface down = decrease by 10 (priority becomes100) 2 interfaces down = decrease by 10 (priority becomes 90) Reference http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080094a91.shtml#intracking Question 6. Why would a rogue host that is running a DHCP server on a campus LAN network present a security risk? A. It may allocate IP addresses from an unknown subnet to the users. B. All multicast traffic can be sniffed by using the DHCP multicast capabilities. C. The CPU utilization of the first hop router can be overloaded by exploiting DHCP relay open ports. D. A potential man-in-the-middle attack can be used against the clients. Answer: D Explanation: Question 7. Which statement is true about TCN propagation? A. The originator of the TCN immediately floods this information through the network. B. The TCN propagation is a two step process. C. A TCN is generated and sent to the root bridge. D. The root bridge must flood this information throughout the network. Answer: C Explanation: Explanation New Topology Change Mechanisms When an 802.1D bridge detects a topology change, it uses a reliable mechanism to first notify the root bridge. This is shown in this diagram: C:\Documents and Settings\user-nwz\Desktop\1.JPG Once the root bridge is aware of a change in the topology of the network, it sets the TC flag on the BPDUs it sends out, which are then relayed to all the bridges in the network. When a bridge receives a BPDU with the TC flag bit set, it reduces its bridging-table aging time to forward delay seconds. This ensures a relatively quick flush of stale information. Refer to Understanding Spanning-Tree Protocol Topology Changes for more information on this process. This topology change mechanism is deeply remodeled in RSTP. Both the detection of a topology change and its propagation through the network evolve. Topology Change Detection In RSTP, only non-edge ports that move to the forwarding state cause a topology change. This means that a loss of connectivity is not considered as a topology change any more, contrary to 802.1D (that is, a port that moves to blocking no longer generates a TC). When a RSTP bridge detects a topology change, these occur: It starts the TC While timer with a value equal to twice the hello-time for all its non-edge designated ports and its root port, if necessary. It flushes the MAC addresses associated with all these ports. Note: As long as the TC While timer runs on a port, the BPDUs sent out of that port have the TC bit set. BPDUs are also sent on the root port while the timer is active. Topology Change Propagation When a bridge receives a BPDU with the TC bit set from a neighbor, these occur: It clears the MAC addresses learned on all its ports, except the one that receives the topology change. It starts the TC While timer and sends BPDUs with TC set on all its designated ports and root port (RSTP no longer uses the specific TCN BPDU, unless a legacy bridge needs to be notified). This way, the TCN floods very quickly across the whole network. The TC propagation is now a one step process. In fact, the initiator of the topology change floods this information throughout the network, as opposed to 802.1D where only the root did. This mechanism is much faster than the 802.1D equivalent. There is no need to wait for the root bridge to be notified and then maintain the topology change state for the whole network forseconds. C:\Documents and Settings\user-nwz\Desktop\1.JPG In just a few seconds, or a small multiple of hello-times, most of the entries in the CAM tables of the entire network (VLAN) flush. This approach results in potentially more temporary flooding, but on the other hand it clears potential stale information that prevents rapid connectivity restitution. Reference http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml Question 8. Which statement is true about loop guard? A. Loop guard only operates on interfaces that are considered point-to-point by the spanning tree. B. Loop guard only operates on root ports. C. Loop guard only operates on designated ports. D. Loop guard only operates on edge ports. Answer: A Explanation: Explanation Understanding How Loop Guard Works Unidirectional link failures may cause a root port or alternate port to become designated as root if BPDUs are absent. Some software failures may introduce temporary loops in the network. Loop guard checks if a root port or an alternate root port receives BPDUs. If the port is receiving BPDUs, loop guard puts the port into an inconsistent state until it starts receiving BPDUs again. Loop guard isolates the failure and lets spanning tree converge to a stable topology without the failed link or bridge. You can enable loop guard per port with the set spantree guard loop command. Note When you are in MST mode, you can set all the ports on a switch with the set spantree global-defaults loop-guard command. When you enable loop guard, it is automatically applied to all of the active instances or VLANs to which that port belongs. When you disable loop guard, it is disabled for the specified ports. Disabling loop guard moves all loop-inconsistent ports to the listening state. If you enable loop guard on a channel and the first link becomes unidirectional, loop guard blocks the entire channel until the affected port is removed from the channel. Figure 8-6 shows loop guard in a triangle switch configuration. Figure 8-6 Triangle Switch Configuration with Loop Guard C:\Documents and Settings\user-nwz\Desktop\1.JPG Figure 8-6 illustrates the following configuration: Switches A and B are distribution switches. Switch C is an access switch. Loop guard is enabled on ports 3/1 and 3/2 on Switches A, B, and C. Use loop guard only in topologies where there are blocked ports. Topologies that have no blocked ports, which are loop free, do not need to enable this feature. Enabling loop guard on a root switch has no effect but provides protection when a root switch becomes a nonroot switch. Follow these guidelines when using loop guard: Do not enable loop guard on PortFast-enabled or dynamic VLAN ports. Do not enable PortFast on loop guard-enabled ports. Do not enable loop guard if root guard is enabled. Do not enable loop guard on ports that are connected to a shared link. Note We recommend that you enable loop guard on root ports and alternate root ports on access switches. Loop guard interacts with other features as follows: Loop guard does not affect the functionality of UplinkFast or BackboneFast. Root guard forces a port to always be designated as the root port. Loop guard is effective only if the port is a root port or an alternate port. Do not enable loop guard and root guard on a port at the same time. PortFast transitions a port into a forwarding state immediately when a link is established. Because a PortFast-enabled port will not be a root port or alternate port, loop guard and PortFast cannot be configured on the same port. Assigning dynamic VLAN membership for the port requires that the port is PortFast enabled. Do not configure a loop guard-enabled port with dynamic VLAN membership. If your network has a type-inconsistent port or a PVID-inconsistent port, all BPDUs are dropped until the misconfiguration is corrected. The port transitions out of the inconsistent state after the message age expires. Loop guard ignores the message age expiration on type-inconsistent ports and PVID-inconsistent ports. If the port is already blocked by loop guard, misconfigured BPDUs that are received on the port make loop guard recover, but the port is moved into the typeinconsistent state or PVID-inconsistent state. In high-availability switch configurations, if a port is put into the blocked state by loop guard, it remains blocked even after a switchover to the redundant supervisor engine. The newly activated supervisor engine recovers the port only after receiving a BPDU on that port. Loop guard uses the ports known to spanning tree. Loop guard can take advantage of logical ports provided by the Port Aggregation Protocol (PAgP). However, to form a channel, all the physical ports grouped in the channel must have compatible configurations. PAgP enforces uniform configurations of root guard or loop guard on all the physical ports to form a channel. These caveats apply to loop guard: –Spanning tree always chooses the first operational port in the channel to send the BPDUs. If that link becomes unidirectional, loop guard blocks the channel, even if other links in the channel are functioning properly. –If a set of ports that are already blocked by loop guard are grouped together to form a channel, spanning tree loses all the state information for those ports and the new channel port may obtain the forwarding state with a designated role. –If a channel is blocked by loop guard and the channel breaks, spanning tree loses all the state information. The individual physical ports may obtain the forwarding state with the designated role, even if one or more of the links that formed the channel are unidirectional. You can enable UniDirectional Link Detection (UDLD) to help isolate the link failure. A loop may occur until UDLD detects the failure, but loop guard will not be able to detect it. Loop guard has no effect on a disabled spanning tree instance or a VLAN. Reference http://www.cisco.com/en/US/docs/switches/lan/catalyst4000/8.2glx/configuration/guide/stp_enha. html#wp1048163 Question 9. Which two are effects of connecting a network segment that is running 802.1D to a network segment that is running 802.1w? (Choose two.) A. The entire network switches to 802.1D and generates BPDUs to determine root bridge status. B. A migration delay of three seconds occurs when the port that is connected to the 802.1D Bridge comes up. C. The entire network reconverges and a unique root bridge for the 802.1D segment, and a root bridge for the 802.1w segment, is chosen. D. The first hop 802.1w switch that is connected to the 802.1D runs entirely in 802.1D Compatibility mode and converts the BPDUs to either 802.1D or 802.1w BPDUs to the 802.1D or 802.1w segments of the network. E. Classic 802.1D timers, such as forward delay and max-age, will only be used as a backup, and will not be necessary if point-to-point links and edge ports are properly identified and set by the administrator. Answer: B, E Explanation: Explanation Each port maintains a variable that defines the protocol to run on the corresponding segment. A migration delay timer of three seconds also starts when the port comes up. When this timer runs, the current STP or RSTP mode associated to the port is locked. As soon as the migration delay expires, the port adapts to the mode that corresponds to the next BPDU it receives. If the port changes its mode of operation as a result of a BPDU received, the migration delay restarts. 802.1D works by the concept that the protocol had to wait for the network to converge before it transitioned a port into the forwarding state. With Rapid Spanning Tree it does not have to rely on any timers, the only variables that that it relies on is edge ports and link types. Any uplink port that has an alternate port to the root can be directly placed into the forwarding state (This is the Rapid convergence that you speak of "restored quickly when RSTP is already in use?"). This is what happened when you disconnected the primary look; the port that was ALT, moved to FWD immediately, but the switch also still needs to create a BDU with the TC bit set to notify the rest of the network that a topology has occurred and all non-edge designated ports will transition to BLK, LRN, and then FWD to ensure there are no loops in the rest of the network. This is why if you have a host on a switchport, and you know for a fact that it is only one host, enable portfast to configure the port as an edgeport so that it does not have to transition to all the STP states. Reference http://www.cisco.com/en/US/tech/tk389/tk621/technologies_white_paper09186a0080094cfa.shtml Question 10. Which command is used to enable EtherChannel hashing for Layer 3 IP and Layer 4 port-based CEF? A. mpls ip cef B. port-channel ip cef C. mpls ip port-channel cef D. port-channel load balance E. mpls ip load-balance F. ip cef EtherChannel channel-id XOR L4 G. ip cef connection exchange Answer: D Explanation:
|
Question 1. Click the Exhibit button. An administrator has deployed a new virtual machine on an ESXi 5.x host. Users are complaining of poor performance on the application running on the virtual machine. Performance tools display the results shown in the exhibit. Which two tasks might improve the user experience? (Choose two.) A. Add a vCPU to the virtual machine B. Remove CPU affinity on the advanced CPU setting of the virtual machine C. Migrate the virtual machine to another ESXi host D. Remove the limit on the CPU settings of the virtual machine Answer: A, D Explanation: The picture shows CPU at 100% in VM, not CPU shortage on ESX server. A, D – these 2 options both increase the amount of CPU allocated to VM B,C – these 2 options change the physical CPU allocated to VM, but this was not the problem shown Question 2. An administrator notices that when a virtual machine is placed into a resource pool, a warning indicates that the virtual machine will receive a very large percentage of the total shares for memory. Which action can be taken to resolve this problem? A. Increase the memory resource allocation to the resource pool. B. Increase the share value for the resource pool. C. Change the shares setting from custom to high, medium, or low for the virtual machine. D. Decrease the memory allocation for the virtual machine. Answer: C Explanation: The Memory Resources panel lets you allocate memory resources for a virtual machine and specify reservations, limits, and shares. Symbolic values Low, Normal, High, and Custom are compared to the sum of all shares of all virtual machines on the server and, on an ESX host, the service console. By decreasing the memory share of a particular system, it receives less memory out of the total available memory. Question 3. An administrator views the Fault Tolerance pane of the Summary tab of a virtual machine and finds that the current status is Not Protected. What are two vSphere Fault Tolerance states that would cause the virtual machine to not be protected? (Choose two.) A. Stopped - Fault Tolerance has been stopped on the secondary virtual machine. B. Need Secondary VM - The primary virtual machine is running without a secondary virtual machine and is not protected C. Need Primary VM - The secondary virtual machine is running, and a new primary virtual machine cannot be generated. D. Disabled - Fault Tolerance is disabled. Answer: B, D Explanation: Reason for not protected status Description Starting Fault Tolerance is in the process of starting the Secondry VM. This is message is only visibale for a short period of time. Need Secondary VM [ C above ] The Primary VM is running without a Secondary VM, so the Primary VM is Currently not protected. This generally occurs when there is no compatible host in the duster available for the Secondary VM. Correct this by bringing a compatible host online. If there is a compatible host online in the cluster further investigation might be required. Under certain circumstances, disabling Fault Tolerance and then re-enabling it corrects this problem. Disabled [ A above ] Fault Tolerance is currently disabled (no Secondary VM is running). This happends when Fault Tolerance is disabled by the user or when vCenter Server disableds Fault Tolarance after being unable to power on the Secondary VM. VM not Running Fault Tolerance is enbled but the virtual machine is powered off Power on the virtual machine to reach Protected state. untitled Table 3-2. Reasons for Primary VM Not Protected Status Part 3: Create and Configure Resource Pools (14 questions). Question 4. Which two conditions prevent the application of a host profile to an ESXi 5.x host? (Choose two.) A. The host has multiple profiles attached. B. The host has not been placed into maintenance mode. C. The host is running virtual machines. D. The host is an ESXi host. Answer: B, C Explanation: Question 5. An administrator is editing the IP allocation policy for a vApp. Which three options are available? (Choose three.) A. Automatic B. Roaming C. Transient D. DHCP E. Fixed Answer: C, D, E Explanation: untitled Question 6. ACME Junkmail Incorporated has been utilizing templates in their environment. They are running a 10-node ESXi 5.x Cluster and DRS has not been configured. Several virtual machines have been deployed from this template and successfully powered on, but a newly deployed virtual machine will not power on. There appear to be adequate CPU and Memory resources available on the host. Which three things can be done to allow more virtual machines to be deployed into the cluster from this template? (Choose three.) A. Select a different datastore for the virtual machine B. Move the swap file to a different location C. Deploy the virtual machine to a different host using the same datastore D. Enable DRS on the cluster to balance the virtual machine load out across hosts E. Increase the virtual machine memory reservation Answer: A, B, E Explanation: If you make reservations for your virtual machine’s that are equal to the amount of RAM assigned to them, swapping and page sharing does not occur. You can over commit pretty heavily if you are comfortable with poorer performance. If you do not set reservations, ESX host creates a .vswp file equal to the difference between the amount of physical memory assigned to the virtual machine and the reservation it has. By default, memory reservations are set to 0. If you have a virtual machine with 2GB of memory without a reservation, it creates a 2GB .vswp file when it is powered on. The virtual machine starts using the .vswp file if the server is out of physical RAM. If you set a 1GB reservation, it creates a 1GB .vswp file. The .vswp files are what allows for memory overcommitment. Question 7. What are three valid objects to place in a vApp? (Choose three.) A. Folders B. Hosts C. Resource pools D. vApps E. Virtual machines Answer: C, D, E Explanation: untitled http://pubs.vmware.com/vsphere- 50/index.jsp?topic=/com.vmware.vsphere.vcenterhost.doc_50/GUID-3B5AF2B1-C534-4426- B97A-D14019A8010F.html Question 8. Which three Storage I/O Control conditions might trigger the Non-VI workload detected on the datastore alarm? (Choose three.) A. The datastore is connected to an ESX/ESXi 4.0 host that does not support Storage I/O Control. B. The datastore is on an array that is performing system tasks such as replication. C. The datastore is utilizing active/passive multipathing or NMP (Native Multi-Pathing). D. The datastore is storing virtual machines with one or more snapshots. E. The datastore is connected to an ESX/ESXi 4.0 host that is not managed by vCenter. Answer: A, B, E Explanation: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1020651 http://pubs.vmware.com/vsphere-50/topic/com.vmware.vsphere.troubleshooting.doc_50/GUID- 38F95285-DB4F-462F-AFD7-0F4D812B085F.html Question 9. An administrator has just finished deploying a vApp for a web service. What three options are available to the administrator for IP allocation within the vApp? (Choose three.) A. Transient B. Fixed C. DHCP D. Bridged E. NAT Answer: A, B, C Explanation: Option Description untitled Question 10. An administrator is working to implement Storage Profiles in their environment. Which two ways can storage capabilities be generated? (Choose two.) A. They are generated by Datastore Clusters as LUNs are added to the cluster. B. They are automatically determined by the Storage Profile when it is created. C. They can be retrieved from the array through the VMware APIs for Storage Awareness (VASA). D. They can be manually generated by the administrator. Answer: C, D Explanation: Understanding Storage Capabilities A storage capability outlines the quality of service that a storage system can deliver. It is a guarantee that the storage system can provide a specific set of characteristics for capacity, performance, availability, redundancy, and so on. If a storage system uses Storage APIs – Storage Awareness, it informs vCenter Server that it can guarantee a specific set of storage features by presenting them as a storage capability. VCenter Server recognizes the capability and adds it to the list of storage capabilities in the Manage Storage Capabilities dialog box. Such storage capabilities are system-defined. vCenter Server assigns the system-defined storage capability to each datastore that you create from that storage system. NOTE: Because multiple system capabilities for a datastore are not supported, a datastore that spans several extents assumes the system capability of only one of its extents. You can create user-defined storage capabilities and associate them with datastores. You should associate the same user-defined capability with datastores that guarantee the same level of storage capabilities. You can associate a user-defined capability with a datastore that already has a system-defined capability. A datastore can have only one system-defined and only one userdefined capability at a time.
|
Question 1. Which of the following can function as a Management Server for a VSX Gateway? A. Check Point Integrity B. SiteManager-1 NGX: Multi-Domain Server C. Security Management Portal D. VPN-1/FireWall-1 Small Office E. Provider-1 NGX: Multi-Domain Server Answer: E Question 2. You are configuring source-based routing in a VSX Gateway deployment with both External and Internal Virtual Routers. Which of the following functions cannot be configured for the Virtual Systems? A. Virtual System clustering B. Anti-spoofing measures C. Network Address Translation D. Remote access VPNs E. Intranet VPNs Answer: B Question 3. During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task? A. Grant VSX-specific privileges to the Administrator B. Assign the Administrator to manage a specific Virtual System C. Add the Administrator to a group D. Assign the Administrator to manage a specific interface on the VSX Gateway E. Assign the Administrator to manage a specific CMA Answer: C Question 4. In a VSX Gateway cluster, which of the following objects are available by default as installation targets for the Management Virtual System? A. Individual Management Virtual Systems (MVS) for each cluster member B. MVS cluster object C. Individual External Virtual Routers for each cluster member D. Virtual Switch cluster object E. Individual Virtual Switch Members Answer: B Question 5. Which of the following MDS types allows you to create and manage a VSX Gateway? A. MDS CLM B. MDS Manager station C. MDS VSX Integrator D. MDS MLM E. MDS Manager + Container station Answer: E Question 6. What are the two levels of VSX Gateway clustering? A. INSPECT and database level B. Database and VSX Gateway levels C. Virtual device and database levels D. INSPECT and configuration levels E. Virtual device and VSX Gateway levels Answer: E Question 7. When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE? A. VSX Administrators can configure different domains for each Virtual System. B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers. C. All Customer objects, rules, and users are shared in a single database. D. Each Virtual System has its own unique Certificate Authority. E. VSX superuser Administrators can configure granular permissions for each Customer Administrator. Answer: C Question 8. What is the difference between Single-Context and Multi-Context processes? A. Single-Context processes are implemented in standard firewall deployments, while only Multi- Context processes are implemented in VSX Gateway deployments. B. Single-Context processes are shared between VSX Gateways in an HA configuration, while Multi-Context processes are shared between VSX Gateways in a Load Sharing environment. C. Single-Context processes are ones in which all Virtual Systems share, while Multi- Context processes are unique to each Virtual System. D. Single-Context processes are implemented in a single VSX Gateway environment, while Multi- Context processes are only implemented in VSX Gateway High Availability (HA). E. Single-Context processes are unique to each Virtual System on a Gateway, while Multi- Context processes are ones in which all Virtual Systems share. Answer: E Question 9. A Warp Link is a virtual point-to-point connection between a: A. Virtual Router and Virtual System. B. Virtual Router and Virtual Switch. C. Virtual System and the management interface. D. Virtual Router and a physical interface. E. Virtual System and another Virtual System. Answer: A Question 10. Which of the following statements is true concerning the default Security Policy of the External Virtual Router? A. The External Virtual Router automatically performs Hide NAT behind its external interface for all Virtual Systems connected to it. B. The default Policy of the External Virtual Router denies all traffic going to or coming from it. C. The default policy of the External Virtual Router cannot be changed. D. All traffic coming from networks protected by a VSX Gateway is accepted. All other traffic is dropped. E. The External Virtual Router always enforces the same Policy as the Management Virtual System. Answer: B
|
Question 1. Of the three mechanisms Check Point uses for controlling traffic, which enables firewalls to incorporate layer 4 awareness in packet inspection? A. IPS B. Packet filtering C. Stateful Inspection D. Application Intelligence Answer: C Explanation: Question 2. Which of the following statements about Bridge mode is TRUE? A. When managing a Security Gateway in Bridge mode, it is possible to use a bridge interface for Network Address Translation. B. Assuming a new installation, bridge mode requires changing the existing IP routing of the network. C. All ClusterXL modes are supported. D. A bridge must be configured with a pair of interfaces. Answer: D Explanation: Question 3. Which SmartConsole component can Administrators use to track remote administrative activities? A. WebUI B. Eventia Reporter C. SmartView Monitor D. SmartView Tracker Answer: D Explanation: Question 4. Which of the following statements is TRUE about management plug-ins? A. The plug-in is a package installed on the Security Gateway. B. A management plug-in interacts with a Security Management Server to provide new features and support for new products. C. Using a plug-in offers full central management only if special licensing is applied to specific features of the plug-in. D. Installing a management plug-in is just like an upgrade process. (It overwrites existing components.) Answer: B Explanation: Question 5. UDP packets are delivered if they are _________. A. A legal response to an allowed request on the inverse UDP ports and IP B. A Stateful ACK to a valid SYN-SYN-/ACK on the inverse UDP ports and IP C. Reference in the SAM related Dynamic tables D. Bypassing the Kernel by the “forwarding layer” of clusterXL Answer: A Explanation: Question 6. The Check Point Security Gateway's virtual machine (kernel) exists between which two layers of the OSI model? A. Session and Network layers B. Application and Presentation layers C. Physical and Datalink layers D. Network and Datalink layers Answer: D Explanation: Question 7. The customer has a small Check Point installation, which includes one Linux Enterprise 3.0 server working as the SmartConsole, and a second server running Windows 2003 as both Security Management Server and Security Gateway. This is an example of a(n): A. Stand-Alone Installation B. Distributed Installation C. Hybrid Installation D. Unsupported configuration Answer: D Explanation: Question 8. The customer has a small Check Point installation which includes one Windows 2003 server as the SmartConsole and a second server running SecurePlatform as both Security Management Server and the Security Gateway. This is an example of a(n): A. Unsupported configuration. B. Hybrid Installation. C. Distributed Installation. D. Stand-Alone Installation. Answer: D Explanation: Question 9. The customer has a small Check Point installation which includes one Windows XP workstation as the SmartConsole, one Solaris server working as Security Management Server, and a third server running SecurePlatform as Security Gateway. This is an example of a(n): A. Stand-Alone Installation. B. Unsupported configuration C. Distributed Installation. D. Hybrid Installation. Answer: C Explanation: Question 10. The customer has a small Check Point installation which includes one Windows 2003 server as SmartConsole and Security Management Server with a second server running SecurePlatform as Security Gateway. This is an example of a(n): A. Hybrid Installation. B. Unsupported configuration. C. Distributed Installation. D. Stand-Alone Installation. Answer: C Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.