|
passed with 94%, thx to certsbraindums..
|
Question 1.
You work as a network administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. There are currently 120 Web servers running Windows 2000 Server and are contained in an Organizational Unit (OU) named ABC_WebServers ABC.com management took a decision to uABCrade all Web servers to Windows Server 2003. You disable all services on the Web servers that are not required. After running the IIS Lockdown Wizard on a recently deployed web server, you discover that services such as NNTP that are not required are still enabled on the Web server.
How can you ensure that the services that are not required are forever disabled on the Web servers without affecting the other servers on the network? Choose two.
A. Set up a GPO that will change the startup type for the services to Automatic.
B. By linking the GPO to the ABC_WebServers OU.
C. Set up a GPO with the Hisecws.inf security template imported into the GPO.
D. By linking the GPO to the domain.
E. Set up a GPO in order to set the startup type of the redundant services to Disabled.
F. By linking the GPO to the Domain Controllers OU.
G. Set up a GPO in order to apply a startup script to stop the redundant services.
Answer: B, E
Explanation:
Windows Server 2003 installs a great many services with the operating system, and configures a number of with the Automatic startup type, so that these services load automatically when the system starts. Many of these services are not needed in a typical member server configuration, and it is a good idea to disable the ones that the computer does not need. Services are programs that run continuously in the background, waiting for another application to call on them. Instead of controlling the services manually, using the Services console, you can configure service parameters as part of a GPO. Applying the GPO to a container object causes the services on all the computers in that container to be reconfigured. To configure service parameters in the Group Policy Object Editor console, you browse to the Computer Configuration\Windows Settings\Security Settings\System Services container and select the policies corresponding to the services you want to control.
Reference:
Jill Spealman, Kurt Hudson & Melissa Craft, MCSE Self-Paced Training Kit (Exam 70-294); Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 13:1-6
Question 2.
You are working as the administrator at ABC.com. ABC.com has headquarters in London and branch offices in Berlin, Minsk, and Athens. The Berlin, Minsk and Athens branch offices each have a Windows Server 2003 domain controller named ABC-DC01, ABC-DC02 and ABC-DC03 respectively. All client computers on the ABC.com network run Windows XP Professional. One morning users at the Minsk branch office complain that they are experiencing intermittent problems authenticating to the domain. You believe that a specific client computer is the cause of this issue and so need to discover the IP address client computer.
How would you capture authentication event details on ABC-DC02 in the Minsk branch office?
A. By monitoring the logon events using the SysMon utility.
B. By recording the connections to the NETLOGON share using the SysMon utility.
C. By recording the authentication events with the NetMon utility.
D. By monitoring the authentication events using the Performance and Reliability Monitor.
Answer: C
Explanation:
The question states that you need to find out the IP address of the client computer that is the source of the problem. Using Network Monitor to capture traffic is the only way to do this.
Reference:
http://support.microsoft.com/default.aspx?scid=kb;en-us;175062
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr.
Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure:
Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA,
Chapter 11, p. 826
Question 3.
You are working as the administrator at ABC.com. Part of you job description includes the deployment of applications on the ABC.com network. To this end you operate by testing new application deployment in a test environment prior to deployment on the production network. The new application that should be tested requires 2 processors and 3 GB of RAM to run successfully. Further requirements of this application also include shared folders and installation of software on client computers. You install the application on a Windows Server 2003 Web Edition computer and install the application on 30 test client computers. During routine monitoring you discover that only a small amount of client computers are able to connect and run the application. You decide to turn off the computers that are able to make a connection and discover that the computers that failed to open the application can now run the application.
How would you ensure that all client computers can connect to the server and run the application?
A. By running a second instance of the application on the server.
B. By increasing the Request Queue Limit on the Default Application Pool.
C. By modifying the test server operating system to Window Server 2003 Standard Edition.
D. By increasing the amount of RAM in the server to 4GB.
Answer: C
Explanation:
Although Windows Server 2003 Web Edition supports up to 2GB of RAM, it reserves 1GB of it for the operating system; only 1GB of RAM is available for the application. Therefore, we need to install Window Server 2003 Standard Edition or Enterprise Edition to support enough RAM.
Question 4.
You are an Enterprise administrator for ABC.com. All servers on the corporate network run Windows Server 2003 and all client computers run Windows XP. The network contains a server named ABC-SR01 that has Routing and Remote Access service and a modem installed which connects to an external phone line. A partner company uses a dial-up connection to connect to ABC-SR01 to upload product and inventory information. This connection happens between the hours of 1:00am and 2:00am every morning and uses a domain user account to log on to ABC-SR01. You have been asked by the security officer to secure the connection.
How can you ensure that the dial-up connection is initiated only from the partner company and that access is restricted to just ABC-SR01? Choose three.
A. Set up the log on hours restriction for the domain user account to restrict the log on to between
the hours of 1:00am and 2:00am.
B. Set up a local user account on ABC-SR01. Have the dial-up connection configured to log on
with this account.
C. Set up the remote access policy on ABC-SR01 to allow the connection for the specified user
account between the hours of 1:00am and 2:00am.
D. Set up the remote access policy with the Verify Caller ID option to only allow calling from the
phone number of the partner company modem.
E. Set up the remote access policy to allow access to the domain user account only.
Answer: B, C, D
Explanation:
To allow only the minimum amount of access to the network, ensure that only the partner's application can connect to your network over the dial-up connection, you need to first create a local account named on ABC-SR01. You need to then add this account to the local Users group and direct the partner company to use this account for remote access. You can use a local account to provide remote access to users. The user account for a standalone server or server running Active Directory contains a set of dial-in properties that are used when allowing or denying a connection attempt made by a user. You can use the Remote Access Permission (Dial-in or VPN) property to set remote access permission to be explicitly allowed, denied, or determined through remote access policies. Next, you need to configure a remote access policy on ABC-SR01 to allow the connection for only the specified user account between 1 AM and 2 AM. In all cases, remote access policies are used to authorize the connection attempt. If access is explicitly allowed, remote access policy conditions, user account properties, or profile properties can still deny the connection attempt. You need to then configure the policy to allow only the specific calling station identifier of the partner company's computer. When the Verify Caller ID property is enabled, the server verifies the caller's phone number. If the caller's phone number does not match the configured phone number, the connection attempt is denied.
Reference:
Dial-in properties of a user account http://technet.microsoft.com/en-us/library/cc738142.aspx
Question 5.
You are an Enterprise administrator for ABC.com. The company consists of an Active Directory domain called ad.ABC.com. All servers on the corporate network run Windows Server 2003. At present there is no provision was made for Internet connectivity. A server named ABC2 has the DNS server service role installed. The DNS zones on ABC2 are shown below:
The corporate network also contains a UNIX-based DNS A server named ABC-SR25 hosts a separate DNS zone on a separate network called ABC.com. ABC-SR25 provides DNS services to the UNIX-based computers and is configured to run the latest version of BIND and the ABC.com contains publicly accessible Web and mail servers.
The company has a security policy set, according to which, the resources located on the internal network and the internal network's DNS namespace should never be exposed to the Internet. Besides this, according to the current network design, ABC-SR25 must attempt to resolve any name resolution requests before sending them to name servers on the Internet. The company plans to allow users of the internal network to access Internet-based resources. To implement the security policy of the company, you decided to send all name resolution requests for Internet-based resources from internal network computers through ABC2. You thus need to devise a name resolution strategy for Internet access as well as configuring ABC2 so that it will comply with the set criteria and restrictions.
Which two of the following options should you perform?
A. Have the Cache.dns file copied from ABC2 to ABC-SR25.
B. Have the root zone removed from ABC2.
C. ABC2 should be set up to forward requests to ABC-SR25.
D. Install Services for Unix on ABC2.
E. The root zone should be configured on ABC-SR25.
F. Disable recursion on ABC-SR25.
Answer: B, C
Explanation:
To plan a name resolution strategy for Internet access and configure ABC2 so that it sends all name resolution requests for Internet-based resources from internal network computers through ABC2, you need to delete the root zone from ABC2. Configure ABC2 to forward requests to ABC-SR25 A DNS server running Windows Server 2003 follows specific steps in its name-resolution process. A DNS server first queries its cache, it checks its zone records, it sends requests to forwarders, and then it tries resolution by using root servers. The root zone indicates to your DNS server that it is a root Internet server. Therefore, your DNS server does not use forwarders or root hints in the name-resolution process. Deleting the root zone from ABC2 will allow you to first send requests to ABC2 and then forward requests to ABCSR25 by configuring forward lookup zone. If the root zone is configured, you will not be able to use the DNS server to resolve queries for hosts in zones for which the server is not authoritative and will not be able to use this DNS Server to resolve queries on the Internet.
Reference:
How to configure DNS for Internet access in Windows Server 2003
http://support.microsoft.com/kb/323380
Reference: DNS Root Hints in Windows 2003
http://www.computerperformance.co.uk/w2k3/services/DNS_root_hints.htm
Question 6.
You are working as the administrator at ABC.com. The network consists of a single Active Directory domain named ABC.com with the domain functional level set at Windows Server 2003. All network servers run Windows Server 2003 and all client computers run Windows XP Professional. The ABC.com domain is divided into organizational units (OU). All the resource servers are contained in an OU named ABC_SERVERS and the workstations are contained in an OU named ABC_CLIENTS. All resource servers operate at near capacity during business hours. All workstations have low resource usage during business hours. You received instructions to configure baseline security templates for the resource servers and the workstations. To this end you configured two baseline security templates named ABC_SERVERS.inf and ABC_CLIENTS.inf respectively. The ABC_SERVERS.inf template contains many configuration settings. Applying the ABC_SERVERS.inf template would have a performance impact on the servers. The ABC_CLIENTS.inf contains just a few settings so applying this template would not adversely affect the performance of the workstations.
How would you apply the security templates so that the settings will be periodically enforced whilst ensuring that the solution reduces the impact on the resource servers? Choose three.
A. By setting up a GPO named SERVER-GPO and link it to the ABC_SERVERS OU.
B. By having the ABC_SERVERS.inf template imported into SERVER-GPO.
C. By having the ABC_SERVERS.inf and the ABC_CLIENTS.inf templates imported into the
Default Domain Policy GPO.
D. By scheduling SECEDIT on each resource server to regularly apply the ABC_SERVERS.inf
settings during off-peak hours.
E. By having a GPO named CLIENT-GPO created and linked to the ABC_CLIENTS OU.
F. By having the ABC_CLIENTS.inf template imported into CLIENT-GPO.
G. By having SERVER-GPO and CLIENT-GPO linked to the domain.
Answer: D, E, F
Explanation:
The question states that you need to apply the baseline security templates so that the settings will be periodically enforced. To accomplish this you must create a scheduled task so that the performance impact on resource servers is minimized. Furthermore, the question also states that ABC_CLIENTS.inf is a baseline security template for client computers. Therefore, the GPO has to be linked to the OU that contains the client computers, and the ABC_CLIENTS.inf template must be imported to the said GPO so that it can be applied. Secedit.exe is a command line tool that performs the same functions as the Security Configuration And Analysis snap-in, and can also apply specific parts of templates to the computer. You can use Secedit.exe in scripts and batch files to automate security template deployments. You can create a baseline security configuration in a GPO directly, or import a security template into a GPO. Link the baseline security GPO to OUs in which member servers’ computer objects exist.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapter 10 Dan Holme, and Orin Thomas, MCSA/MCSE Self-Paced Training Kit: UABCrading Your Certification to Microsoft Windows Server 2003: Managing, Maintaining, Planning, and Implementing a Microsoft Windows Server 2003 environment: Exams 70-292 and 70-296, Microsoft Press, Redmond, Washington, Chapter 9
Question 7.
You are working as the administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. The ABC.com network contains a DMZ that contains a two-node Network Load Balancing cluster, which is located in a data centre that is physically impenetrable to unauthorized persons. The cluster servers run Windows Server 2003 Web Edition and host an e-commerce website. The NLB cluster uses a virtual IP address that can be accessed from the Internet.
What can you do to mitigate the cluster’s most obvious security vulnerability?
A. Configure the cluster to require IPSec.
B. Configure the network cards to use packet filtering on all inbound traffic to the cluster.
C. Use EFS on the server hard disks.
D. Configure intrusion detection the servers on the DMZ.
E. Configure Mac addressing on the servers in the DMZ.
Answer: B
Explanation:
The most sensitive element in this case is the network card that uses an Internetaddressable virtual IP address. The question doesn’t mention a firewall implementation or an intrusion detection system (Usually Hardware). Therefore, we should set up packet filtering. You can configure packet filtering to accept or deny specific types of packets. Packet headers are examined for source and destination addresses, TCP and UDP port numbers, and other information.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, 2004, p. 7:
Question 8.
You are working for a administrator for ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com. All the servers on the network run Windows Server 2003 servers. You have configured four servers in a network load balancing cluster. You need to enable the cluster in unicast mode although each server only has one network card. After your configuration, the NLB cluster has successfully converged. You discover that you can optimize the use of the cluster by moving a specific application to each node of the cluster. However for this application to execute, all the nodes of the cluster must be configured by a Network Load Balancing Port Rule. When you open Network Load Balancing Manager on one of the NLB nodes, you receive a message saying that Network Load Balancing Manager is unable to see the other nodes in the cluster.
How can you add a port rule to the cluster nodes?
A. By opening Network Load Balancing Manager on a different host.
B. By creating an additional virtual IP address on the cluster.
C. By modifying the Network Connection Properties on every host.
D. By removing each host from the cluster before creating the port rule.
Answer: C
Explanation:
You can configure many Network Load Balancing options through either Network Load Balancing Manager or the Network Load Balancing Properties dialog box accessed through Network Connections. However, Network Load Balancing Manager is the preferred method. Using both Network Load Balancing Manager and Network Connections together to change Network Load Balancing properties can lead to unpredictable results.
Reference:
Network Load Balancing Best practices / Use Network Load Balancing Manager.
http://technet.microsoft.com/en-us/library/cc740265.aspx
Question 9.
You are working as an administrator for ABC.com. The network consists of a single Active Directory domain named ABC.com. All server run Windows Server 2003 and all client computer run Windows XP Professional. The ABC.com departments are organized into organizational units (OUs). The Administration OU is named ABC_ADMIN, and the Sales OU is named ABC_SALES. All file servers for all departments are located in their respective OUs. The ABC_SALES OU is a child OU of the ABC_ADMIN OU. A new ABC.com written security policy states that servers in the ABC_ADMIN OU should be highly secure. All communications with ABC-ADMIN servers should be encrypted. The security policy also states that auditing should be enabled for file and folder deletion on Sales servers. Communications with the Sales servers should not be encrypted.
How should you configure Group Policy for the ABC_Admin and ABC_Sales OU? Choose three.
A. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_ADMIN
OU.
B. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this
GPO to the ABC_SALES OU.
C. Configure a GPO to apply the Hisecws.inf security template. Link this GPO to the ABC_Sales
OU.
D. Configure a GPO to enable the Audit object access audit policy on computer objects. Link this
GPO to the ABC_ADMIN OU.
E. Block group policy inheritance on the ABC_ADMIN OU.
F. Block group policy inheritance on the ABC_SALES OU.
Answer: A, B, F
Explanation:
The Hisecws.inf security template increases security on a server. One of the security settings is to require secure encrypted communications. A GPO with this template needs to be applied to the ABC_ADMIN OU. We don’t want those settings applying to the ABC_SALES OU though so we need to block inheritance on the ABC_SALES OU. We need to apply a GPO to the ABC_SALES OU to apply the auditing settings.
Audit Object Access
A user accesses an operating system element such as a file, folder, or registry key. To audit elements like these, you must enable this policy and you must enable auditing on the resource that you want to monitor. For example, to audit user accesses of a particular file or folder, you display its Properties dialog box with the Security tab active, navigate to the Auditing tab in the Advanced Security Settings dialog box for that file or folder, and then add the users or groups whose access to that file or folder you want to audit.
Reference:
Craig Zacker, MCSE Self-Paced Training Kit (Exam 70-293): Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure, Microsoft Press, Redmond, Washington, Chapters 9 and 10
Question 10.
You are working as an administrator at ABC.com. The ABC.com network consists of a single Active Directory domain named ABC.com which contains Windows Server 2003 servers Windows XP Professional client computers. You want to improve network security and need to pinpoint all computers that have the known vulnerabilities.
What should you do to automate the process of collecting information on existing vulnerabilities for each computer, on a nightly basis?
A. By scheduling secedit to compare the security settings with a baseline and run on a nightly
basis.
B. By installing Anti-Virus software on the computers and configuring the software to update on a
nightly basis.
C. By configuring a scheduled task to run the mbsacli utility on a nightly basis.
D. By having Microsoft Baseline Security Analyzer (MBSA) installed on a server on the network.
E. By configuring Automatic Updates to use a local SUS server and run on a nightly basis.
F. You configuring Automatic Updates to run on a nightly basis and use the Microsoft Updates
servers.
Answer: C
Explanation:
We can schedule the mbsacli.exe command to periodically scan for security vulnerabilities.
Reference:
Martin Grasdal, Laura E. Hunter, Michael Cross, Laura Hunter, Debra Littlejohn Shinder, and Dr. Thomas W. Shinder, Planning and Maintaining a Windows Server 2003 Network Infrastructure: Exam 70-293 Study Guide & DVD Training System, Syngress Publishing, Inc., Rockland, MA, Chapter 11, p. 830
|
Question 1.
Quality of Service (QoS) refers to the capability of a network to provide better service to selected network traffic over various technologies. You are configuring a Cisco Wireless LAN Controller to utilize QoS and have configured the platinum queue on the controller.
However, the Cisco Catalyst 3750 Series Switch to provide the necessary QoS for voice clients on the wireless network?
A. Enable 802dot1p
B. Config wlan qos wlan-id platinum
C. Swithchport priority extend cos 5
D. Mls qos trust dscp
Answer: D
Question 2.
Which properties are of an AP in H-REAP mode?
A. Allows some SSID/VLAN traffic to be switched locally while other SSID/VLAN traffic has full
LWAPP functionality
B. Support Cisco Centralized Key Management fast roaming
C. Can switch client data traffic locally
D. Perform client authentication locally when its connection to the controller is lost
Answer: A, B, C, D
Question 3.
Can you tell me what the LWAPP data and control port numbers are?
A. UDP 12222 and 12223
B. UDP 16666 and 16667
C. TCP 12124 and 12134
D. TCP 16666 and 16667
Answer: A
Question 4.
The IEEE 802.11 standards define different encryption mechanisms.
Which is the basic of defining the most secure encryption solution in IEEE 802.11 standards?
A. WEP
B. AES-CCMP
C. IPSEC
D. TKIP
Answer: B
Question 5.
In the AP Layer 3 controller discovery process, after the LWAPP Discovery Request is broadcast on a local subnet, which action will AP take next?
A. Send an LWAPP discovery request to controllers learned via OTAP if operational
B. Wait 5 seconds and resend a Discovery Request to the local subnet
C. Send an LWAPP response to the master controller if known
D. Determine whether the controller response are the primary controller
Answer: A
Question 6.
A client is attached to the Cisco Unified Wireless network by use of controllers. When the client is using WPA2 and EAP authentication, where are the wireless encryption keys located during the active user session? (Choose two.)
A. On the Cisco WCS
B. On the RADIUS Server
C. On the Access Point
D. On the Client
Answer: C, D
Question 7.
Harry is a network engineer for a company, he is now upgrading a large autonomous WLAN deployment to LWAPP operation. He has successfully imported a X.509 self-signed certificate into the WLC. But, when he tries to add additional self-signed certificates, the WLC GUI reports a "Failed to Add entry" error.
Which command can diagnose the root cause of this problem?
A. Show exlusionlist
B. Show database summary
C. Show sysinfo
D. Show wps summary
Answer: B
Question 8.
Can you tell me when a client will provide an AP with its version of Cisco Compatible Extensions for WLAN devices?
A. In an 802.11 association or reassociation request frame
B. When the AP sends an unsolicited update embedded in a beacon packet
C. Upon successful EAP or dot1x authentication to the AP
D. In a Broadcast probe request packet
Answer: A
Question 9.
Wi-Fi Multimedia is a technology maintaining the priority of audio, video and voice applications in a Wi-Fi network so that other applications and traffic are less likely to slow them.
A. Definition of the differentiated services filed
B. Enhanced Distributed Coordination Function mechanism
C. Four Access categories: A label for the common set of Enhanced Distributed Channel Access
parameters that are used by a WMM STA to contend for the channel in order to transmit
MSDUs with certain priorities
D. Unscheduled Service Period. The service period that is started when a WMM STA transmits a
trigger frame to the WMM AP
Answer: B, C, D
Question 10.
Before sending a frame over a medium and verifying that the medium is free, which process does a wireless client go through?
A. Send an RTS frame, receive a CTS frame, then transmit the frame
B. Verify that NAV = 0, then transmit the frame
C. Send a CTS frame, receive an RTS frame, then transmit the frame
D. Check that NAV = 0, generate a random backoff, verify that the channel is free, verify that slot
times = 0, then transmit the frame
Answer: D
Question 11.
The 2.4-GHz wavelength is about 4.92 inches (12.5 cm), if you want to support diversity on a 2.4-GHz radio, at what distance is it recommended you put two separate antennas?
A. 12.2 inches (30.99)
B. 7.6 inches (19.30 cm)
C. 24.6 inches (62.5 cm)
D. 4.92 inches (12.5 cm)
Answer: D
Question 12.
Your work as a network engineer at Your company. You study the exhibit carefully.
Exhibit:
Assume that a WLAN Controller has two AP and three Cisco 7921 IP Phones:
In order to have good Voice quality, which item is true with regard to the RF configuration displayed?
A. 802.11a channels are manually configured. This is not allowed in a DFS environment
B. The configured channels (Ch-36 and Ch-40) are "side/adjacent channels". The 5 GHz
channels overlap their adjacent channels so there should be at least 1 channel of separation
for adjacent APs
C. Cisco Recommends using 802.11b/g deployment for voice to prevent interferences with
microwave ovens and Bluetooth devices
D. The configured "'Fragmentation Threshold" (2346) is too low for a voice deployment
Answer: B
|
Question 1.
According to the following exhibit, company 1 contains two autonomous systems (AS1 and AS2) connected via ISP A, which has an AS number of 100. Router B and Router C are advertising an aggregate of X.X.X.0/23 so that AS1 is able to reach the two server farms. The two links from AS2 are not being used efficiently.
How can AS2 use both of the links coming into it?
Exhibit:
A. advertise each X.X.X.0/24 independently from Router B and Router C
B. create another link between Router A in AS1 and ISP A
C. configure iBGP between Router B and Router C to load-share traffic once it reaches AS2
D. configure two static routes in Router A for X.X.X.0/23 pointing to Router B and Router C
Answer: A
Question 2.
Study the topology provided in this exhibit. Which configuration change will maximize the efficiency of both the routing design and data forwarding plane?
Exhibit:
A. Configure Router B with a static route for the aggregate to Null0
B. Configure Router A to advertise 10.0.0.0/8 instead of the default route to Router B
C. Configure Router B to advertise the more specific prefixes in addition to the aggregate
D. Configure Router B to advertise the more specific prefixes instead of the aggregate
Answer: A
Explanation:
Null0 is an interface that doesn’t exist. The null0 interface can be used with static routes to route a packet into a black hole of sorts. In other words, if you have traffic that you do not want to reach a particular destination, you can create the static route for that destination with the next-hop interface pointing to null0. Any traffic that enters the Router destined for the network specified in the static route will be sent to the null0 interface and dropped.
When working with classless and classful routing, you should crate a static route with the classful variant of the classless route and point it to interface null0.
Example: ip route 10.0.0.0 255.0.0.0 null0
Question 3.
Which two reasons are valid for aggregating routing information within a network? (Choose two)
A. To reduce the amount of information any specific Router within the network must store and
process
B. To isolate the impact of DDoS attacks
C. To improve optimal routing within the network
D. To reduce the impact of topology changes
Answer: A, D
Explanation:
Route aggregation, or route summarization, is the process of advertising a single route for multiple routes. This is useful in limiting the number of routes that will be stored in a routing table, thus cutting down on the amount of memory and processing power required.
Question 4.
Which three statements are correct about OSPF route summarization? (Choose three.)
A. Route summarization can lead to a more stable network.
B. A flat addressing scheme is required in order to summarize OSPF routes.
C. OSPF type 5 external routes can be summarized only at the ASBRs.
D. OSPF internal routes can be summarized only at the ABRs.
Answer: A, C, D
Explanation:
Route summarization is the consolidation of multiple routes into a single route for better performance. It is also the key of scalability in OSPF because it reduces LSA flooding and Link State Database and routing table sizes, which reduces memory and CPU utilization on the Routers. In OSPF environment either we can summarize routes in ASBR or ABR. ASBR can summarize the external routes and ABR can summarize internal routes between Area.
Example:
Inter-Area Route summarization:
Router(Config)#Router ospf 1
Router(Config-Router)#Area area-id range address mask
External Route Summarization:
Router(Config)#Router ospf 1
Router(Config-Router)#summary-address ip mask
Question 5.
EIGRP performs route summarization at the interface level with the “ip summaryaddress” command.
Which three statements correctly describe EIGRP route summarization? (Choose three)
A. By default, EIGRP automatically summarizes internal routes, but only each time a major
network boundary is crossed.
B. EIGRP route summarization can reduce the query diameter to help prevent SIA problems.
C. Summary routes are inserted in the routing table with a next hop of null 0 and a high
administrative distance, to prevent black holing of traffic.
D. The metric for each summarized route is inherited from the lowest metric of the component
routes.
Answer: A, B, D
Question 6.
Why build link state flooding domain boundaries in large-scale networks running OSPF or IS-IS? (Choose two.)
A. Doing so provides logical break points at which to troubleshoot individual parts of the network,
rather than trying to troubleshoot the whole network at once.
B. Doing so limits the extent of SPF and allows the use of PRC for some best path calculations.
C. Flooding domain borders block the transmission of external routing information in the network,
which improves scaling and convergence times.
D. Network administrators can quickly find specific destinations when detailed link state
information is sorted by flooding domain in the link state database.
Answer: A, B
Question 7.
Which two options are true about the impact flooding domain boundaries have when built in OSPF? (Choose two)
A. They decrease convergence time by reducing the complexity and size of the shortest path
trees in the individual areas.
B. They isolate network failures within a domain.
C. They decrease convergence time by automatically summarizing reachability information
transmitted through the network, thereby decreasing the number of routes that must be
installed in each Router's routing table.
D. They increase convergence time by adding the time required to run two full Shortest Path First
computations on the area border Routers.
Answer: A, B
Question 8.
Which two reasons are correct about building a flooding domain boundary in a link-state network? (Choose two.)
A. To provide an administrative boundary between portions of the network
B. To segregate complex and rapidly changing portions of the network from one another
C. To aggregate reachability information
D. To increase the size of the Shortest Path First tree
Answer: B, C
Explanation:
Low-speed links and large numbers of spokes may require multiple flooding domains or areas to be supported effectively. You should balance the number of flooding domains on the hub against the number of spokes in each flooding domain. The link speeds and the amount of information being passed through the network determine the right balance. Design for these situations must balance the number of areas and the Router impact of maintaining an LSA database and doing Dijkstra calculations per area against the number of remote Routers in each area
Question 9.
What are three reasons to summarize link state topology information? (Choose three)
A. To reduce the amount of routing information being advertised
B. To create boundaries for containing potential network changes and instabilities
C. To permit traffic engineering between areas
D. To hide detailed topology information
Answer: A, B, D
Explanation:
Route summarization is the consolidation of multiple routes into a single route for better performance. It is also the key of scalability in OSPF because it reduces LSA flooding, Link State Database and routing table sizes, which reduces memory and CPU utilization on the Routers.
Question 10.
Scalability is provided in the server farm module by which of the following design strategies?
A. Redundant servers at the access level
B. High port densities at the access level
C. Modular block design at the access level
D. Up to 10 Gbps of bandwidth at the access level
Answer: C
Explanation:
The primary objectives in the design of a large-scale, shared-enterprise server farm are:
• Performance— Up to 10 Gbps outbound bandwidth capacity is required from the server farm for most enterprises.
• Scalability— A critical requirement in every server farm. Server load balancing is most often deployed. As the number of servers requiring higher-bandwidth connections increases, port densities can exceed the capacity of a single switch or server farm block. Applying a modular block design to server farm deployments permits flexible growth.
• Availability— Availability is generally ensured through the overall network design. Networks are designed to minimize the occurrence of service problems and the time to recover from problems, for example, with backup recovery policies and procedures.
• Security— Security is an integral part of the network design. A single vulnerability could compromise the enterprise. Specialized security expertise is often required.
• Manageability— Manageability means much more than knowing if a server or other network element is up or down. Good manageability tools and qualified personnel lower operations costs and reduce wasted time, and they yield higher overall satisfaction.
Reference:
CCDP Self-Study: Designing Cisco Network
|
Question 1.
Which type of voice port will allow the gateway to terminate 23 or 30 circuits from the PSTN or a PBX?
A. FXO
B. FXS
C. PRI T1/E1
D. E&M
E. BRI
Answer: C
Question 2.
In which of the following scenarios would a Cisco switch supply PoE to an IP phone?
A. In any cases as long as the switch and IP phone are Cisco products.
B. If the Cisco switch supports prestandard PoE and the IP phone supports 802.3af.
C. If the Cisco switch and IP phone both support a common PoE method.
D. Only if both the switch and IP phone use 802.3af PoE.
Answer: C
Question 3.
The SBB Company is setting up Call Transfer for its Cisco Unified Communications Manager Express solution. The company uses five-digit extensions and would like to be able to transfer calls outside the network to the CEO's home. The CEO's telephone number is 866-555-2222.
Which configuration command will allow this to occur?
A. A
B. B
C. C
D. D
E. E
F. F
Answer: A
Question 4.
Refer to the exhibit.
Which Cisco Unified Communications layer is the call processing layer?
A. A
B. B
C. C
D. D
Answer: C
Question 5.
Refer to the exhibit.
Which two statements about SIP trunk are true? (Choose two.)
A. A SIP trunk configuration is always needed for a UC500 device.
B. A SIP trunk is needed only to provide internet access for your data users.
C. SIP trunk configuration parameters should be provided to your service provider.
D. A SIP trunk is needed only if you are using voice mail to supply the Message Waiting Indicator
value to the Cisco Unity Express module.
E. A SIP trunk is needed only for voice if you are planning on using VoIP through a service
provider.
F. A SIP trunk is not supported in a keyswitch configuration.
Answer: E, F
Question 6.
A customer wants to use a signaling protocol on the voice gateways that require registration with the Cisco Unified Communications Manager.
What protocol should be recommended?
A. SIP
B. H.323
C. SRTP
D. MGCP
Answer: D
Question 7.
DRAG DROP
Answer:
Question 8.
Refer to the exhibit.
After deploying a UC500 system, you receive a support call from a user reporting that callers are going straight to the operator instead of going to members of the hunt group.
Which two tabs have configuration parameters that are most likely going to resolve this issue? (Choose two.)
A. Device
B. System
C. Network
D. SIP Trunk
E. Voice Features
F. Dial Plan
Answer: E, F
Question 9.
What is the difference between voice VLAN and native VLAN?
A. Voice VLAN uses tagged 802.1Q frames whereas native VLAN uses 802.1P frames.
B. Voice VLAN uses untagged frames whereas native VLAN uses 802.1Q frames.
C. Voice VLAN uses tagged 802.1Q frames whereas native VLAN uses untagged frames.
D. Voice VLAN uses untagged frames only when no PCs are connected behind the phones
whereas native VLAN always uses untagged frames.
Answer: C
Question 10.
Which protocol is used to inform the IP phone of its voice VLAN ID?
A. Cisco keepalives
B. Cisco Discovery Protocol
C. Cisco Spanning Tree Protocol
D. Cisco VLAN Discovery Protocol
Answer: B
|
Question 1.
Examine the following options, which access list will permit HTTP traffic sourced from host 10.1.129.100 port 3030 destined to host 192.168.1.10?
A. access-list 101 permit tcp host 192.168.1.10 eq 80 10.1.0.0 0.0.255.255 eq 3030
B. access-list 101 permit tcp any eq 3030
C. access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.1.10 0.0.0.0 eq www
D. access-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 3030 192.168.1.0 0.0.0.15 eq www
Answer: D
Question 2.
DRAG DROP
Drag three proper statements about the IPsec protocol on the above to the list on the below.
Answer:
Question 3.
In a brute-force attack, what percentage of the keyspace must an attacker generally search through until he or she finds the key that decrypts the data?
A. Roughly 50 percent
B. Roughly 66 percent
C. Roughly 75 percent
D. Roughly 10 percent
Answer: A
Question 4.
The information of Cisco Router and Security Device Manager(SDM) is shown below:
Within the "sdm-permit" policy map, what is the action assigned to the traffic class "class-default"?
A. inspect
B. drop
C. police
D. pass
Answer: B
Question 5.
DRAG DROP
On the basis of the description of SSL-based VPN, place the correct descriptions in the proper locations.
Answer:
Question 6.
Which description is correct based on the exhibit and partial configuration?
A. All traffic destined for network 172.16.150.0 will be denied due to the implicit deny all.
B. All traffic from network 10.0.0.0 will be permitted.
C. Access-list 101 will prevent address spoofing from interface E0.
D. This ACL will prevent any host on the Internet from spoofing the inside network address as the
source address for packets coming into the router from the Internet.
Answer: C
Question 7.
For the following items ,which one can be used to authenticate the IPsec peers during IKE Phase 1?
A. pre-shared key
B. integrity check value
C. XAUTH
D. Diffie-Hellman Nonce
Answer: A
Question 8.
Which description about asymmetric encryption algorithms is correct?
A. They use the same key for encryption and decryption of data.
B. They use different keys for decryption but the same key for encryption of data.
C. They use different keys for encryption and decryption of data.
D. They use the same key for decryption but different keys for encryption of data.
Answer: C
Question 9.
For the following items, which management topology keeps management traffic isolated from production traffic?
A. OTP
B. OOB
C. SAFE
D. MARS
Answer: B
Question 10.
You work as a network engineer, do you know an IPsec tunnel is negotiated within the protection of which type of tunnel?
A. L2F tunnel
B. L2TP tunnel
C. GRE tunnel
D. ISAKMP tunnel
Answer: D
Question 11.
As a candidate for CCNA examination, when you are familiar with the basic commands, if you input the command "enable secret level 5 password" in the global mode , what does it indicate?
A. Set the enable secret command to privilege level 5.
B. The enable secret password is hashed using MD5.
C. The enable secret password is for accessing exec privilege level 5.
D. The enable secret password is hashed using SHA.
E. The enable secret password is encrypted using Cisco proprietary level 5 encryption.
Answer: C
Question 12.
Examine the following options ,when editing global IPS settings, which one determines if the IOS-based IPS feature will drop or permit traffic for a particular IPS signature engine while a new signature for that engine is being compiled?
A. Enable Signature Default
B. Enable Engine Fail Closed
C. Enable Default IOS Signature
D. Enable Fail Opened
Answer: B
|
Question 1.
For the following items .which one correctly describes fading?
A. A function of the frequency and should be provided in the cable specification by the vendor.
B. Another signal source is producing energy on the channel in which you are trying to operate.
C. A time varying change in the path loss of a link with the time variance governed by the
movement of objects in the environment, including the transmitter and receiver themselves.
D. The desired signal reaches the receiving antenna via multiple paths, each of which has a
different propagation delay and path loss.
Answer: C
Question 2.
Observe the following statements, which limitation applies to the use of the Cisco WLAN Solution Management over Wireless feature?
A. ReaD. write access is not available; only reaD. only access is supported.
B. Controllers must be managed using only secure protocols (that is, SSH and HTTPS), not
nonsecure protocols (that is, HTTP and Telnet).
C. Uploads and downloads from the controller are not allowed.
D. Wireless clients can manage other controllers however not the same controller and AP to
which the client is associated.
Answer: C
Question 3.
As a network technician, you must know Cisco WiSMs . Up to how many Cisco WiSMs are supported in a single mobility group operating under v5.0 code?
A. 16
B. 12
C. 24
D. 5
Answer: B
Question 4.
You work as a network technician read this subject carefully .then answer the question. The existing Cisco Unified Wireless Controller is running v5.0 code for both the controllers and the Cisco WCS. A controller has been configured with an appropriate rogue rule condition to report discovered APs to the Cisco WCS.
What default alarm level is used to display all rogue APs in the Alarm Summary?
A. Major
B. Critical
C. Flash
D. Minor
Answer: D
Question 5.
What are the four types of wireless networks? (Choose four)
A. Wireless PAN
B. LAN
C. MAN
D. VLAN
E. WAN
Answer: A, B, C, E
Question 6.
Cisco Client Management Frame Protection is running on a mobility group with two controllers. For the following options .which two MFP requirements protect the network? (Choose two.)
A. requires the use of a nonbroadcast SSID
B. requires CCXv5
C. implements the validation of wireless management frames
D. forces clients to authenticate, using a secure EAP method only
Answer: B, C
Question 7.
What happens when client exclusion is enabled with a timeout value of zero ?
A. Clients are excluded indefinitely.
B. Client exclusion is disabled.
C. Clients are never excluded.
D. Clients must be explicitly included by specifying the MAC address.
Answer: A
Question 8.
The central office is currently using a combination of 4400 and 2100 series WLAN controllers running v4.2 and a variety of LWAPP-enabled access points servicing both 2.4 GHz and 5 GHz. The WLAN deployment has been extended to each remote office by implementing a 526 WLAN controller running v4.1 and several 521 access points. Wireless client deployment uses EAP-TLS authentication by use of a centralized RADIUS server plus 802.11n for performance. After the first remote office deployment, remote office users complain that they are not connecting via 802.11n.
Which will most likely cause this problem?
A. The 521 AP does not support 5 GHz, which prohibits 802.11n.
B. The 521 AP and 526 WLAN controllers do not support AES, which prohibits 802.11n.
C. The 526 WLAN controller does not support external authentication via RADIUS, prohibiting
authentication.
D. The 526 WLAN controller does not support 802.11n with either v4.1 or v4.2.
Answer: D
Question 9.
How do the characteristics that are available on the Cisco WCS for Linux version differ from those of the Cisco WCS for Windows version?
A. Cisco WCS for Linux is required for deployments.
B. Assuming that there are no differences in hardware, a Cisco WCS for Linux can support up to
750 wireless LAN controllers. A Cisco WCS for Windows can support up to 250 wireless LAN
controllers.
C. Cisco WCS for Windows includes support for Cisco Spectrum Expert clients. Cisco WCS for
Linux does not support Cisco Spectrum Expert clients.
D. There are no differences in features between the Linux and Windows versions of Cisco WCS.
Answer: D
Question 10.
What is the typical maximum range of a wireless PAN?
A. 45 feet
B. 50 feet.
C. 55 feet
D. 60 feet
Answer: B
|
Question 1.
How do NBX phones prioritize audio traffic?
A. NBX phones place audio traffic into a priority queue within the NCP, forwarding all voice traffic
before forwarding data packets
B. NBX phones tag voice packets usingDiffServ for all LAN communication
C. NBX phones forward all voice packets to IEEE 802.1p aware hubs
D. NBX phones use VLAN-tagged frames with the priority level automatically set to 6
Answer: D
Question 2.
Which three are features/requirements for using Unified Messaging for an NBX system? (Choose three.)
A. Users can use a TAPI4 compliant application to access and manage voice messages on a
computer
B. Can use the computer default media player to listen to a message
C. Requires NBXpcXset client software
D. APX messaging service functionality is provided by IMAP client on the NBX NCP
E. Users can use an IMAP4 compliant application to access and manage voice messages on a
computer
F. Requires a Windows-based PC with a minimum of 64MB RAM and full-duplex sound card
Answer: B, E, F
Question 3.
Which three are hardware attributes of the 3Com NBX 100 Communication System? (Choose three.)
A. Is a combination of two required chassis ?the Network Call Processor and the interface
chassis
B. Offers optional hot-swap power supply
C. Requires only one Network Call Processor card, even if multiple NBX 100 Chassis are
Installed on a LAN
D. Provides one 10/100 Mbps Ethernet switched port on the NCP for network connectivity
E. Has 7 card slots, 6 of which are useable with the top useable slot designated for the Network
Call Processor Card
F. Requires a Network Call Processor (NCP) for call setup and teardown
Answer: C, E, F
Question 4.
What is Telephone Applications Program Interface (TAPI) Route Point?
A. Virtual device within the Network Call Processor (NCP) to which inbound calls can be mapped
for a 3rd party application that monitors the route point and makes intelligent call route
decisions
B. Virtual device within the Network Call Processor (NCP) to which outbound calls can be
mapped, allowing 3rd party applications to make intelligent routing decisions for the call
C. Virtual Network Call Processor (NCP) device or third party application that monitors and maps
incoming calls, allowing the NCP to make intelligent routing decisions for the call
D. NBX feature enabled in the System / TAPI Setup menu that provides intelligent Layer 3 IP
routing for TAPI messages on a multi-system, company-wide bases
Answer: A
Question 5.
How does the NBX administrator get both internal and external calls to use Timed Routes?
A. Create the necessary entries in the Dial Plan using the keywords "inbound" and " outbound" to
specify call direction
B. Create the necessary entries in both the Internal and External Dial Plan tables
C. Create the necessary entries in both the Internal and Incoming Dial Plan tables
D. The Dial Plan has an inbound and outbound section where the specific Timed Routes are
coded
E. The Dial Plan does not support alternate routes for inbound calls
Answer: C
Question 6.
Which three best describe how members Login/Logout of a Hunt Group? (Choose three.)
A. Group members can login and logout as their schedule requires
B. To login/logout a user only needs to pickup their phone and enter their voice mail password
C. Administrator can set optional automatic logout to force a logout if an incoming call is not
answered at a phone
D. A dynamic login member must login at the start of a day and will only need to login again if
They are logged out after 15 minutes pass between phone calls
E. A forced login member is always logged in whether they are at their phone or not
F. All members must login only once during the day. They are automatically logged out at the end
of the day based on the NBX System Business Time definition
Answer: A, C, E
Question 7.
The NBX Dial Plan can be configured to route calls to an alternate carrier or to replace an internal extension number with an external number, for example, a cell phone.
A. False
B. True
Answer: B
Question 8.
Which of the following NBX Communication Systems support software version R5.0? (Choose three.)
A. NBX 25
B. VCX 7000
C. VCX 6000
D. NBX 100
E. NBX V5000
F. NBX V3000
Answer: D, E, F
Question 9.
Which three office-to-office and/or office-to-remote user call options are supported by the NBX systems? (Choose three.)
A. With a single NBX system at HQ, users can call to/from a remote office across the data
network WAN link using Layer 3 IP communications
B. With a NBX system and NBXConneXtions Gateways at each location, users can call to/from
the sites via a WAN link that supports IP protocol, for example, VPN, T1, E1 and Frame Relay
C. With a NBX Network Call Processor (NCP) and NBXConneXtions Gateways at each site,
Users can call to/from the sites via a Virtual Tie Line (VTL)
D. With a NBX Network Call Processor (NCP) at each location, users can call to/from the sites via
a Virtual Tie Line (VTL) using IP On-the-Fly or a Standard IP license
E. With a single NBX system at HQ andpcXset on the remote office PC, the remote user can call
to/from HQ via any WAN link using TCP/IP Layer 4 communications
Answer: A, B, D
Question 10.
Which three changes require a NBX system reboot? (Choose three.)
A. Change to NCP information, for example, IP address, default gateway
B. Adding any new interface card to the NBX chassis, for example, Digital Line Card, Hub card,
etc.
C. Change to network protocol, for example, Standard IP or IP On-the-Fly
D. Change to Digital Line Card protocol, for example, Standard IP or IP On-the-Fly
E. Removing an interface card from an NBX chassis
F. New software version
Answer: A, C, F
Question 11.
Which two are accurate statements? (Choose two.)
A. NBX 100 supports 48 VTLs
B. NBX V5000 supports 48 VTLs
C. NBX V5000 supports 72 VTLs
D. NBX V3000 supports 48 VTLs
Answer: B, D
|
Question 1.
Which of the following are Link State protocols?
A. BGP
B. RIP
C. OSPF
D. IS-IS
Answer: C, D
Question 2.
ECMP supports which of the following. Choose the best answer.
A. 8 equal-cost paths per destination learned from any protocol
B. 16 equal-cost paths per destination learned from any protocol
C. 8 equal-cost paths per destination learned from the same protocol and preference
D. 16 equal-cost paths per destination learned from the same protocol and preference
E. 4 equal-cost paths per destination
Answer: D
Question 3.
Which of the following statements best describes the function of the RTM?
A. From the router's route table, select the best routes to be installed in the FIB for forwarding
data.
B. Based on the metrics of the routingprotocol, chose the lowest cost route to be installed in the
route table.
C. Apply the BGP route selection criteria to select the best route to be installed in the route table.
D. Select the preferred route from the various routing protocols to be installed as the active route
in the route table.
E. Apply the assigned import and export policies to determine the routes to be advertised to the
router's neighbors.
Answer: D
Question 4.
What items are carried in a typical classless routing update? Select the best answer.
A. Network address, mask and metric
B. Network address and metric
C. Prefix and mask
D. prefix, next-hop and metric
E. prefix and next-hop
Answer: A
Question 5.
Choose the most accurate statement about the connections between eBGP peers.
A. eBGP peers are usually directly connected to each other.
B. eBGP peers are always directly connected to each other.
C. eBGP peers are never directly connected to each other.
D. eBGP peers are usually directly connected to each other, unless they are in the same
autonomous system.
E. eBGP peers are usually not directly connected to each other, additional configuration is
required if they are.
Answer: A
Question 6.
What message is issued by a neighbor as a response to a valid Open?
A. Keepalive
B. Open
C. Exchange
D. Notification
E. Ping
Answer: A
Question 7.
Which of the following is not exchanged in a BGP Open message?
A. BGP version number
B. The local AS number
C. The hold time
D. Thekeepalive timer
E. The Router ID
Answer: D
Question 8.
The state of one BGP neighbor shows Established, which of the following is false?
A. The router has established a complete session with that neighbor.
B. BGP can exchange update, notification andkeepalive messages with that neighbor
C. If thekeepalive timer expires, the local system sends a keepalive message and restarts its
keepalive timer
D. If the local system receives a notification message, it changes its state toOpenConfirm
E. Established is the operational state
Answer: D
Question 9.
Which of the following is a Well Known Mandatory attribute?
A. Origin Code
B. Local Preference
C. MED
D. AS Path
E. (a) and (d)
F. (b) and (d)
Answer: E
Question 10.
Which of the following is true, based on the AS Path list shown here? 65206 65111 65100
A. AS 65206 originated the route
B. AS 65111 is a transit AS
C. AS 65100 is a transit AS
D. AS 65100 originated the route
E. (b) and (d)
F. (a) and (c)
Answer: E
Question 11.
True or False? Any BGP route selected as best by the route selection criteria will always be in the FIB as the active route.
A. True
B. False
Answer: B
|
Question 1.
Which of the following best describes the difference between VPWS and VPLS?
A. VPWS is a point-to-point service where CEs are presented with point- to-point virtual circuits
whereas
B. VPLS is a bridged LAN service provided to a set of CEs that are members of a L2 VPN
C. Unlike VPLS, VPWS allows CEs that are member of the same service instance to
Communicate with each other as if they are connected via a bridged LAN
D. Unlike VPWS, VPLS provides customers to view the network as an unshared overlay link or
circuit
Answer: A
Question 2.
The behavior of VPLS can be best described by which of the following statements?
A. A frame should be sent only to the PE that connects to the target site of the frame whenever
possible
B. A frame should be flooded as little as possible
C. Customer frames should be switched based on the destination MAC address
D. Only (a) and (b) are true
E. All of the above
Answer: E
Question 3.
Which of the following statements relating to VPLS are false?
A. A VPLS is amultipoint Layer 2 service
B. A VPLS allows multiple customer sites to be connected in a single bridged domain
C. A VPLS on a single node requires a Service Distribution Path
D. With VPLS Service provider can reuse their IP/MPLS infrastructure to offer multiple services
E. The VPLS switches traffic based on MAC address associated to the appropriate SAP
Answer: C
Question 4.
True or False? Multiple VPLS services can be offered over the same set of LSP tunnels?
A. True
B. False
Answer: A
Question 5.
Which of the following contributes to VPLS implementation over MPLS?
A. Connecting bridging-capable provider edge routers with a full mesh of MPLS LSP (label
switched path) tunnels
B. Negotiating per-service VC labels using draft-Martini encapsulation
C. Replicating unknown and broadcast traffic in a service domain
D. Enabling MAC learning over tunnel and access ports
E. Using a separate forwarding information base (FIB) per VPLS service
F. All of the above
Answer: F
Question 6.
Which of the following statements is false?
A. VPLS is a bridged LAN service
B. VPLS provides L2 VPN services to CEs
C. VPLS is a point-to-point service where CEs are presented with point- to-point virtual circuits
D. CEs that are members of the same VPLS service instance communicate with each other as if
they are connected via a bridged LAN
Answer: C
Question 7.
Which of the following functions must a PE router support when participating in a VPLS network? Choose all that apply.
A. MAC learning
B. Packet replication
C. Proxy ARP
D. Packet forwarding
E. Flood all frames with an unknown destination MAC address to all PE routers associated with
that VPLS
Answer: A, B, D, E
Question 8.
Which SDP on R3 will MAC addresses be associated with for devices behind R2?
A. It depends if traffic is received via R4 or R1 from devices behind R2
B. The devices cannot communicate based on the configuration in the diagram so there will be
nomac address association
C. Devices behind R2 will be associated with thesdp between R3 and R1
D. Devices behind R2 will be associated with thesdp between R3 and R4
Answer: C
Question 9.
Select the command from the list below that produced the following output.
A. oam svc-ping 20.20.20.20 service 10 local-sdp remote-sdp
B. oam sdp-ping 10 resp-sdp 10
C. oam svc-ping 20.20.20.20 service 10 local-sdp
D. oam svc-ping 10.10.10.10 service 10 local-sdp remote-sdp
E. oam svc-ping 10.10.10.10 service 10 local-sdp
Answer: A
Question 10.
Based on the following output what will the vc-id be of any mesh-sdp bound to this service?
A. 9000
B. 1514
C. 1000
D. 0
Answer: C
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.