|
i need some questions please. I have wrote the exam twice and have failed both times.
|
Question 1. Data is being replicated from site A to site B using disk buffering to create extended distance consistent point in time copies every hour. In the event of a site failure at A, what is the maximum amount of data that will be missing at site B? A. 1 hour B. 2 hours C. 3 hours D. 4 hours Answer: B Question 2. What is a remote replication solution for EMC CLARiiON storage systems? A. MirrorView/A B. SnapView C. SRDF/AR D. TimeFinder Answer: A Question 3. Which represents a common implementation of a storage network with limited scalability? A. CSMA/CD B. Fibre Channel Arbitrated Loop C. Store and Forward D. Switched Fabric Answer: B Question 4. Identify the E Port and Edge switch in the SAN Core/Edge exhibit. A. 1 and 6 B. 4 and 5 C. 7 and 5 D. 6 and 3 Answer: A Question 5. What is the process that writes physical address information to a disk? A. Concatenating B. Formatting C. Partitioning D. Striping Answer: B Question 6. The Recovery Point Objective (RPO) of a company is 4 hours. Which statement is true in the event of a disaster? A. Must be able to restart their network within 4 hours B. Must be able to restart their servers within 4 hours C. Must be able to resume production within 4 hours D. No more than 4 hours of production data can be lost Answer: D Question 7. Which technology is designed for storage of fixed content data? A. CAS B. DAS C. NAS D. SAN Answer: A Question 8. In SAN, if the primary concern is cabling flexibility, what method of zoning should be employed? A. Hard Zoning B. Mixed Zoning C. Port Zoning D. WWN Zoning Answer: D Question 9. A disk has Cylinder Head Sector (CHS) values of 1000, 4 and 25. What address range will be used for the Logical Block Address (LBA) values for this disk? A. 0 - 49,999 B. 0 - 99,999 C. 1 - 50,000 D. 1 - 100,000 Answer: B Question 10. Which key requirement of the Data Center infrastructure addresses the concern of data on storage systems being accessible 24X7? A. Availability B. Manageability C. Performance D. Scalability Answer: A
|
Question 1.
ITCertKeys.com has an IPv6 network which has 25 segments. As an administrator, you deploy a server on IPv6 network.
What should you do to make sure that the server can communicate with systems on all segments of the IPv6 network?
A. Configure the IPv6 address on the server as 0000::2c0:d11f:fec8:3124/64
B. Configure the IPv6 address on the server as ff80::2c0:d11f:fec8:3124/64
C. Configure the IPv6 address on the server as fe80::2c0:d11f:fec8:3124/64
D. Configure the IPv6 address on the server as fd00:: 2c0:d11f:fec8:3124/8.
Answer: D
Question 2.
You are a network administrator at ITCertKeys.com. You have upgraded all servers in the company to Windows Server 2008. ITCertKeys.com wants you to configure IPv6 addresses on all computers in the network. A global address prefix is assigned to you. The prefix is 3FFA:FF2B:4D:B000::/41. ITCertKeys.com has four departments. You have to assign a subnet to each department.
In this way, which subnetted address prefix will you assign to the fourth department?
A. 3FFA:FF2B:4D:C800::/43
B. 3FFA:FF2B:4D:B400::/43
C. 3FFA:FF2B:4D:C000::/43
D. 3FFA:FF2B:4D:F000::/45
E. None of the above
Answer: A
Explanation
The option 3FFA:FF2B:4D: C800::/43 is correct. The subnetting in IPv6 is performed by determining the number of bits used for subnetting and the itemization of the new subnetted address prefixes. Usually the number of bits for subnetting is s, where 2^s = number of subnets to be created. In this scenario 2^s = 4 and therefore s=2. Then the itemizations of the new subnetted address prefixes are done. In this scenario, the correct subnetted address prefix is 3FFA:FF2B:4D:C800::/43. So option A is the correct answer.
Question 3.
Exhibit:
ITCertKeys has decided to re-design its public network. The network will employ an IPv4 addressing. The range would be 129.108.10.0/21. The network must be configured in segments as shown in the exhibit. You have to configure the subnets for each segment in the network. You need to ensure that your solution must support all computers in each segment.
Which network addresses should you assign to achieve this task?
A. Segment A: 129.108.10.109/22, Segment B: 129.108.10.0/23, Segment C: 129.108.10.0/24, Segment D: 129.108.10.109/25
B. Segment A: 129.108.10.0/22, Segment B: 129.108.10.0/23, Segment C: 129.108.10.0/24, Segment D: 129.108.10.128/26
C. Segment A: 129.108.10.0/22, Segment B: 129.108.10.128/23, Segment C: 129.108.10.0/192, Segment D: 129.108.10.224/25
D. Segment A: 129.108.10.128/22, Segment B: 129.108.10.192/23, Segment C:
129.108.10.224/24, Segment D: 129.108.10.0/26
E. None of the above
Answer: B
Question 4.
ITCertKeys network is configured to use Internet Protocol version (Ipv6). You installed a Dynamic Host Configuration Protocol (DHCP) server on a server named ITCertKeysDHCP1 running Windows 2008 server. You want to ensure that neither IP address nor other configuration settings are automatically allocated to DHCP clients on a subnet that does not use DHCPv6 from ITCertKeysDHCP1.
How should you configure the Managed Address Configuration flag, and the other Stateful Configuration flag in the route advertisements?
A. Set both Managed Address Configuration and Other Stateful Configuration flag to 0
B. Set both Managed Address Configuration and Other Stateful Configuration flag to 1
C. Set both Managed Address Configuration to 0 and Other Stateful Configuration flag to 1
D. Set both Managed Address Configuration to 1 and Other Stateful Configuration flag to
Answer: A
Explanation:
This setting will ensure host will receive neither an IP address nor additional configuration information.
Question 5.
You have upgraded hardware of DNS servers in your network. You also added two new domain controllers to the domain. All client computers use DHCP. Users are not able to logon to domain after the upgrade of DNS servers.
What should you do to ensure that users are able to log on to the domain?
A. Restart the Netlogon service on the new DNS servers
B. Run ipconfig/registerdns at the command prompt of new DNS servers
C. Reconfigure the DHCP scope option 006 DNS name Servers with the new DNS servers IP addresses
D. Configure the network settings for workstations to Disable NetBIOS over TCP/IP
E. None of the above
Answer: C
Explanation:
To ensure that the users are able to log on to the domain, you should reconfigure the DHCP scope option 006 DNS name Server with the new DNS servers IP addresses.
Question 6.
Exhibit:
ITCertKeys company network consists of Windows 2008 server computers and Windows Vista client computers. You have the following eight Internet Protocol version 6 (Ipv6) sub netted address prefixes. Please refer to the exhibit.
What would be the original prefix length for the global address prefix 3FFE:FFFF:0:C000:: ?
A. 51
B. 52
C. 53
D. 54
E. None of the above
Answer: A
Explanation:
The original prefix length for the globe address prefix 3FFE:FFFF:0:C000:: is 51. The eight Ipv6 subnetted address prefixes are the result of 3 bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51. To perform 3-bit subnetting of the global address prefix 3FFE:FFFF:0:C000::/51 we use the following calculations:
Hexadecimal value of the subnet ID being subnetted, F = oxC000
Subnetting bits, s = 3
Question 7.
ITCertKeys Company has IPV6 network. The IPV6 network has 25 segments. You deployed a new Windows 2008 server on the IPV6 network.
What should you do to ensure that the server could communicate with systems on all segments of the IPV6 network?
A. Configure the IPV6 address as fd00::2b0:d0ff:fee9:4143/8
B. Configure the IPV6 address as fe80::2b0: d0ff:fee9:4143/64
C. Configure the IPV6 address as ff80::2b0: d0ff:fee9:4143/64
D. Configure the IPV6 address as 0000::2b0: d0ff:fee9:4143/64
E. None of the above
Answer: A
Explanation:
To ensure that the server communicates with systems on all segments of the IPV6 network, you need to configure the IPV6 address as fd00::2b0:d0ff:fee9:4143 /8 because this address is the local unicast address type and is not routed on the Internet. It is
generally filtered inbound.
Reference:
IPv6 Unicast Address Information
http://www.netcraftsmen.net/welcher/papers/ipv6part02.html
Question 8.
You are an administrator at ITCertKeys.com. ITCertKeys.com has opened a new Branch office at a new location. Windows Server 2008 is implemented on the servers. The initial network has 20 computers. You are asked to configure an appropriate IP addressing scheme in the network.
Which network address should you use to accomplish this task?
A. 192.10.100.0/26
B. 192.10.100.0/30
C. 192.10.100.0/29
D. 192.10.100.0./31
E. None of the above
Answer: A
Explanation
To configure an appropriate IP addressing scheme in the network, you should use 192.10.100.0/57. In this scenario, 50 computers have to be configured in a network.
Network address is calculated as follows:
1. Class A networks has a default subnet mask of 255.0.0.0 and use 0-127 as their first octet
2. Class B networks has a default subnet mask of 255.255.0.0 and it can use 128-191 as their first octet
3. Class C networks has a default subnet mask of 255.255.255.0 and it can 192-223 as their first octet
You need to configure the network address to accommodate at least 50 hosts per subnet. To calculate the number of host bits, use the formula: 2^n-2 where n=32 bits. To configure 50 hosts, you need 192.10.100/26 network address which has maximum 62 hosts per subnet.
The formula to calculate the hosts per subnet is:
32-26= 6
2^6-2= 62
So according to this calculation, network address 192.10.100/26 will be able to accommodate 50 hosts per subnet. We have deducted 6 bits from the total of 32 bits.
Question 9.
You are an enterprise administrator for ITCertKeys. The corporate network of the company consists of servers that run Windows Server 2008 and client computers that run Windows XP Service Pack 2 (SP2), Windows 2000 Professional, or Windows Vista. The company has decided to use IPv6 protocol on its network.
Which of the following options would you choose to ensure that all client computers can use the IPv6 protocol?
A. Run the IPv6.exe tool on all the client computers.
B. Upgrade the Windows 2000 Professional computers to Windows XP SP2.
C. Upgrade all Windows 2000 Professional computers with Service Pack 4.
D. Install the Active Directory Client extension (DSClient.exe) on all the client computers.
Answer: B
Explanation:
To ensure that all computers can use the IPv6 protocol, you need to upgrade the Windows 2000 Professional computers to Windows XP SP2. IPv6 protocol is far superior to IPv4 protocol in terms of security, complexity, and quality of service (QoS). Therefore, all the new operating systems started using IPv6 protocol. The older operating systems such as Windows 2000 professional does not support Ipv6 therefore this needs to be upgraded to either Windows XP or Windows Vista. You can now get versions of Windows that fully support most aspects of IPv6 (namely Windows XP and Windows Server 2003) and you will soon be able to get versions of Windows that not only fully support IPv6 but also provide enhanced performance for IPv6 networking.
Reference:
IPv6 Support in Microsoft Windows/ Windows 2000
http://www.windowsnetworking.com/articles_tutorials/IPv6-Support-Microsoft-Windows.html
Question 10.
You are an enterprise administrator for ITCertKeys. The company consists of a head office and two Branch offices. The corporate network of ITCertKeys consists of a single Active Directory domain called ITCertKeys.com. The computers in the Branch office locations use IPv4 and IPv6 protocols. Each Branch office is protected by a firewall that performs symmetric NAT.
Which of the following options would you choose to allow peer-to-peer communication between all Branch offices?
A. Configure the use of Teredo in the firewall.
B. Configure the external interface of the firewall with a global IPv6 address.
C. Configure the internal interface of the firewall with a link local IPv6 address.
D. Configure dynamic NAT on the firewall.
Answer: A
Explanation:
To allow peer-to-peer communication between all Branch offices where each location is protected by a firewall that performs symmetric NAT, you need to configure the firewall to allow the use of Teredo. Teredo is an IPv6 transition technology that provides address assignment and host-to-host automatic tunneling for unicast IPv6 traffic when IPv6/IPv4 hosts are located behind one or multiple IPv4 network address translators (NATs). Teredo in Windows Vista and Windows Server "Longhorn" will work if one of the peers is behind a symmetric NAT and the other is behind a cone or restricted NAT.
Reference:
Teredo Overview http://technet.microsoft.com/en-us/liBRary/bb457011(TechNet.10).aspx
|
Question 1. ITCertKeys.com has a domain with Active Directory running on it. Windows Server 2008 is installed on all the servers. You plan to deploy an image to 50 computers with no operating system installed. For this you install Microsoft Windows Deployment Services on the network. When you install the image on a test computer, a driver error shows up on the screen. What would you do to change the image to include the correct driver? A. Configure and map the image file to the installation folder which hosts the correct driver B. Take the image file and mount it. Using the System Image Manager (SIM) utility, change the image file C. Open WDS server and update the driver through Device Manager D. Take the image file and mount it. Run the sysprep utility to get the correct driver E. None of the above Answer: B Explanation: To include the correct driver, you should mount the image file and change it using System Image Manager (SIM). You need to include the correct driver in the image file so it will install with all the correct drivers. You should not configure and map the image file to the installation folder hosting the correct driver because the image file is deployed in full. Windows Server 200 will not consider the contents of the folder where image file resides. It will deploy the image file only with all its content You cannot update the driver through Device Manager on WDS server. It has nothing to do with the image file. You cannot mount the image file and run sysprep utility. Sysprep utility cannot get the correct driver for you and change the image file. Sysprep utility is related to WDS server and the deployment of images to the client computers. Question 2. ITCertKeys.com has a server that runs Windows Server 2008. As an administrator at ITCertKeys.com, you install Microsoft Windows Deployment Service (WDS). While testing an image, you find out that the image is outdated. What should you do to remove the image from the server? A. Open the command prompt at WDS server and execute WDSUTIL/Remove-Image and /ImageType:install options B. Open the command prompt at WDS server and execute theWDSUTIL command with/Export-Image and /ImageType: install options C. Open the command prompt at WDS server and execute theWDSUTIL with /Export-Image and /ImageType: boot options D. Open the command promt at WDS server and execute theWDSUTIL command with /Remove-Image and /ImageType:boot options E. All of the above Answer: A Explanation: To remove the image from the server, you should execute WDSUTIL/remove-image on the command prompt at WDS server. Then execute WDSUTIL/image-type:install command and install the new image. The WDSUTIL is a command specific to modify and view the images at WDS server. You need to remove the image and then install the updated one using these commands. You cannot use the export-image parameter with WDSUTIL in this scenario. You have to remove the image not to export it to a folder. You should not use the /image-type:boot parameter because you need to install a fresh image. You don't need to boot the service for this. Question 3. ITCertKeys.com has four branch offices. To deploy the images, you install Microsoft Windows Deployment Services (WDS) on the network. ITCertKeys.com creates 4 images for each branch office. There are a total of 16 images for ITCertKeys.com. You deploy these images through WDS. A problem occurs in one branch office where the administrator reports that when he boots the WDS client computer, some of the images for his regional office does not show up in the boot menu. What should you do to ensure that every administrator can view all the images for his branch office? A. Create separate image group for each branch office on the WDS server B. Create unique organizational unit for each branch office and create profiles for each computer in the branch office C. Organize a global group for each branch office and create profiles of each computer in a branch office D. Create a Global Unique Identifier for each computer to recognize its branch office and connect it to the WDS server E. None of the above Answer: A Explanation: To ensure that every administrator can view all the images for his branch office, you should create separate image group for each branch office on WDS server. A separate image will enable all the administrators to view each image from their machine in the branch office. You should not create an OU for each branch office. There is no logic in creating an OU for each branch office and profiles for each computer in the branch office. You should not organize a global group for each branch office. A global group can host all the branch offices of ITCertKeys.com Question 4. Microsoft Windows Deployment Services (WDS) is running on a Windows 2008 server. When you try to upload spanned image files onto WDS server, you received an error message. What should you do to ensure that image files could be uploaded? A. Combine the spanned image files into a single WIM file B. Grant the Authenticated Users group Full Control on the \REMINST directory C. Run the WDSutil/Convert command from command line on the WDS server D. Run the WDSutil/add-image/imagefile:\\server\share\sources\install.wim/image type: install command for each component file individually at the command line on WDS server E. None of the above Answer: A Explanation: When you try to upload spanned image files onto WDS server, you received an error message because you can only mount a single WIM file once for read/write access and therefore you need to combine the spanned image files into a single WIM file to correct the problem. Reference: The Desktop Files The Power User's Guide to WIM and ImageX / Using /mount, /mountrw, and /delete http://technet.microsoft.com/en-us/magazine/cc137794.aspx Question 5. ITCertKeys.com has upgraded all servers in its network to Windows Server 2008. ITCertKeys.com also directed you to install Windows Vista on all client machines. You install Windows Vista on client machines and Windows Server 2008 on the servers. You use Multiple Activation Key (MAK) to activate the new operating systems on the network. You use proxy activation over the internet using Volume Activation Management Tool (VAMT). The Windows Vista on client computers were successfully activated using this method but the Windows Server 2008 failed to activate using VAMT. What should you do to ensure that the Windows Server 2008 is activated on all the servers? A. Contact Microsoft Support Center and activate the Windows server 2008 over the phone B. Upgrade VAMT using Windows Server 2008 RTM for VAMT to function with Windows Server 2008 Volume Licensing C. Upgrade VAMT using Key Management Service (KMS) for Windows Server 2008 RTM to function with Windows Server 2008 Volume Licensing D. Contact Microsoft Support Center and activate Windows Server 2008 over the internet using MAK only E. All of the above Answer: B Explanation: To ensure that the Windows Server 2008 is activated on all the servers, you should upgrade VAMT using Windows Server 2008 RTM for VAMT. You have to update VAMT at Windows Server 2008 RTM for VAMT to function with Windows Server 2008 volume licensing. VAMT (Volume Activation Management Tool) is a volume licensing tool for all flavors of Windows Vista. There are various activation methods available for volume licensing. These methods use two types of customer specific keys: Multiple Activation Key (MAK) and Key Management Service (KMS). The VAMT tool is used to activate the license through proxy over internet. VAMT is a tool for Windows Vista and to use it for Windows Server 2008, it needs an update. Question 6. ITCertKeys.com has added 5 servers to its network. As an administrator at ITCertKeys.com, you install Windows Server 2008 Enterprise edition on two servers and Windows Server 2008 storage server enterprise on other two servers. You want to automatically activate both editions of Windows Server 2008 without any administrator or Microsoft intervention. You also want the activation to occur every 6months. Which volume activation service should you use to automatically activate both editions of Windows Server 2008? A. Multiple Activation Key(MAK) B. Volume Activation Management Tool (VAMT) C. Volume Activation 1.0 (VA 1.0) D. Key Management Service (KMS) E. None of the above Answer: D Explanation: You should use KMS to activate both editions of Windows Server 2008. KMS automatically activates Windows Vista and Windows Server 2008. Computers that are been activated by KMS are required to reactivate by connecting to a KMS host at least once every six months. The VL editions of Windows Serve 2008 and Windows Vista are installed as KMS clients by default. The clients can automatically discover the KMS hosts on the network with a properly configured KMS infrastructure. The clients can also activate using KMS infrastructure without administrative or user intervention. Question 7. ITCertKeys has main office and a Branch office. Main office is running 20 Windows Server 2008 computers and 125 computers running Microsoft Windows XP Professional. Branch office is running 3 Windows Server 2008 computers and 50 Windows XP Professional computers running on its network. Computers in the main office have access to Internet. All servers are having the same security configuration and there are no plans in near future to add new servers or systems in the network. You installed Volume Activation Management Tool (VAMT) on a server named ITCertKeys_DC1 in the main office and added all servers to VMAT server and configured the servers for Multiple Activation Key (MAK) independent activation. Servers at Branch office are unable to activate Windows Server 2008. What should you do to activate Windows server 2008 on all servers? A. Install a Management Activation Key (MAK) server on the network B. Configure MAK Proxy activation on all servers in the Branch office C. Configure Windows Management Instrumentation (WMI) Firewall Exception on all servers in the Branch office D. Open VAMT on ITCertKeys_DC1 and export the Computer Information List (CIL). Send this file to Microsoft Technical support for activation E. None of the above Answer: B Explanation: To activate Windows server 2008 on all servers, you need to configure MAK Proxy activation on all servers in the BRanch office. The MAK can be activated by using two methods, MAK Independent Activation and MAK Proxy Activation. MAK Independent Activation is used when each computer is activated individually by connecting to Microsoft servers over the Internet or by telephone and MAK Proxy Activation is used when Volume Activation Management Tool (VAMT) is installed on a server and you need to activate multiple computers at the same time through a single connection to Microsoft servers over the Internet or phone. Therefore, instead of MAK Independent Activation you need to use MAK Proxy activation on all servers in the BRanch office. Reference: Frequently Asked Questions About Volume License Keys for Windows Vista and Windows Server 2008 http://www.microsoft.com/licensing/resources/vol/ActivationFAQ/default.mspx Question 8. You are network administrator for ITCertKeys network. You configured a Windows server 2008 server named ITCertKeys_KM1 as Key Management Service (KMS) host. This server is also configured as Windows Sharepoint Services server. This location has currently 18 computers having Windows Vista KMS client and you have added 10 more Windows Vista KMS client systems in the network recently. These 10 additional client computers are installed using Windows Vista image file. The KMS host is unable to activate any of the KMS client computers in the network. What should you do? A. Install KMS on a dedicated Windows Sever 2008 B. Run Sysprep /generalize on the Vista reference computer used to create image C. Run slmgr.vbs/rearm Vista reference computer used to create image D. Run slmgr.vbs/dli on the KMS host computer E. Run slmgr.vbs/cpri on the KMS host computer F. None of the above Answer: B Explanation: To activate the KMS client computers in the network, you need to run the Sysprep /generalize on the Vista reference computer used to create image. sysprep/generalize is used to reset activation and other system-specific information as the last step before storing or capturing the VM image. If sysprep /generalize is not used, the activation timer will run down while the product is in storage and the KMS host will be unable to activate any of the KMS client computers in the network. Reference: KMS host is unable to activate any of the KMS client computers in the network http://blog.windowsvirtualization.com/virtualization/faq-virtalization-and-volume-activation-20 Question 9. ITCertKeys.com has a server with single Active Directory domain. For security, ITCertKeys.com has an ISA 2006 server functioning as a firewall. You configure user access through virtual private network service by deploying the PPTP (Point-to-Point Tunneling Protocol). When a user connects to the VPN service, an error occurs. The error message says "Error 721: The remote computer is not responding." What should you do to ensure that the users connect to the VPN service? A. Open the port 2200 on the firewall B. Open the port 1423 on the firewall C. Open the port 1723 on the firewall D. Open the port 721 on the firewall E. All of the above Answer: C Explanation: To ensure that users connect to VPN service, you should open the port 1723 on the firewall. The port 1723 is a TCP port for PPTP tunnel maintenance traffic. For VPN connections, you need to open this port for PPTP tunnel maintenance traffic and permit IP Type 47 Generic Routing Encapsulation (GRE) packets for PPTP tunnel data to pass to your RRAS server's IP address. You cannot open port 721. The port 721 on the firewall is a printer port so it is not related to VPN connection Question 10. DRAG DROP ITCertKeys has a server named ITK1 that runs Windows Server 2008 and Microsoft Virtual Server 2005 R2. You want to create eight virtual servers that run Windows Server 2008 and configure the virtual servers as an Active Directory forest for testing purposes in the ITCertKeys Lab. You discover that ITK1 has only 30 GB of hard disk space that is free. You need to install the eight new virtual servers on ITK1 . From the steps shown, what steps need to be completed in a specific order? Answer: Explanation: To install the eight new servers on ITK1, you need to create a virtual server with a 10 GB fixed-size virtual hard disk and then install Windows Server 2008. After that, you should create eight differencing virtual hard disks and then create eight virtual servers with a differencing virtual hard disk attached. The virtual hard disk should be created first because you need space for eight virtual servers. The fixed-size virtual hard disk can be created through a virtual server. Then you install Windows Server 2008 on it. After that you have to allocate the space for eight virtual servers. To do that, you create differencing virtual hard disk to solve the space problem. Then you create the eight virtual servers with differencing virtual hard disk attached.
|
Question 1.
You are an enterprise administrator for ITCertKeys. The company has a head office in San Diego and a branch office in New York. The corporate network of ITCertKeys consists of an Active Directory forest having two domains, ITCertKeys.com and Branch. ITCertKeys.com for the head office and the branch office respectively. All the servers on the corporate network run Windows Server 2008 and both the offices hold their respective domain controllers on their physical office locations.
The two domain controllers at ITCertKeys.com are called ITCertKeysServer1 and ITCertKeysServer2 and the two domain controllers at Branch. ITCertKeys.com are called ITCertKeysServer3 and ITCertKeysServer4. All domain controllers host Active Directory-integrated DNS zones for their respective domains. As an enterprise administrator of the company, you have been assigned the task to ensure that users from each office can resolve computer names for both domains from a local DNS server.
Which of the following options would you choose to accomplish this task?
A. Add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition.
B. Create a stub DNS zone for ITCertKeys.com on ITCertKeysServer3 and a stub DNS zone for Branch. ITCertKeys.com on ITCertKeysServer1.
C. Create a standard primary DNS zone named ITCertKeys.com on ITCertKeysServer3 and a standard primary DNS zone named Branch. ITCertKeys.com on ITCertKeysServer1.
D. Configure conditional forwarders on ITCertKeysServer1 to point to ITCertKeysServer3 conditional forwarders on ITCertKeysServer3 to point to ITCertKeysServer1.
E. None of the above.
Answer: A
Explanation:
To ensure that users from each office can resolve computer names for both domains from a local DNS server, you need to add the ITCertKeys.com and the Branch. ITCertKeys.com DNS zones to the ForestDNSZones partition because the ForestDNSZones directory partition can be replicated among all domain controllers (DCs) located in both the domains ITCertKeys.com and Branch. ITCertKeys.com in the forest of the company. This is because all the domain controllers have the DNS service installed. Once the DNS Zones data is replicated the users from each office can resolve computer names for both domains from their local DNS server
A stub zone cannot be used because it is used to resolve names between separate DNS namespaces a Standard Primary DNS zone cannot be used because the DNS Server in this type of zone contains the only writable copy of the DNS zone database files. There can be only one Standard Primary DNS Server for a particular zone. A conditional forwarder cannot be used because it handles name resolution only for a specific domain.
Reference:
What causes the error I receive in the event log when I attempt to replicate the ForestDNSZones directory partition? http://windowsitpro.com/article/articleid/43165/q-what-causes-the-error-i-receive-in-the-event-log-when-iattem
Reference:
Understanding stub zones
http://207.46.196.114/windowsserver/en/library/648f2efd-0ad4-4788-80c8 75f8491f660e1033.mspx?mfr=true
Reference:
DNS Conditional Forwarding in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_200
Question 2.
You are an enterprise administrator for ITCertKeys. The company has a head and a three branch offices. Each office has a Windows Server 2008 server running with a DNS role installed on it. All the branch offices consist of Windows 2000 Professional client computers installed on their networks. As an enterprise administrator of the company, you have been assigned the task to deploy Active Directory Domain Services (AD DS) on the corporate network of the company. You also need to plan the implementation of a name resolution solution for the deployment of AD DS that supports secure dynamic updates and minimize the response times for users connecting to resources anywhere on the network.
Which of the following options would you include in your plan to accomplish this task?
A. Implement GlobalNames zone (GNZ) for the forest.
B. Implement a single Active Directory-integrated (ADI) DNS zone.
C. Create a stub zone on the DNS server in each branch office.
D. Create a standard primary zone in the head office and the secondary zones in branch offices.
E. None of the above.
Answer: B
Explanation:
To deploy Active Directory Domain Services (AD DS) on the corporate network of the company with given requirements, you need to implement a single Active Directory-integrated (ADI) DNS zone. Active Directory integrated (ADI) primary DNS zone enables built-in recovery, scalability, and performance. An ADI zone is a writeable copy of a forward lookup zone that is hosted on a domain controller. It can therefore reduce the response times for users connecting to resources anywhere on the network and because it uses directory-integrated storage it also simplifies dynamic updates for DNS clients that are running Windows 2000. None of the other options can be used to meet the desired objectives.
Reference:
From the Windows 2000 Resource Kit
http://windowsitpro.com/article/articleid/76616/jsi-tip-5312-when-you-change-your-dns-active-directoryintegra
Reference:
ACTIVE DIRECTORY ADMINISTRATION TIPS
http://searchwinit.techtarget.com/tip/0,289483,sid1_gci1115858,00.html
Question 3.
You are an enterprise administrator for ITCertKeys. The company has a head office and a branch office located at different physical locations. The corporate network of the company consists of a single Active Directory domain. Both the offices of the company run Windows Server 2008 servers and have 2,000 client computers configured as DHCP clients without having DHCP relay supported on the network routers. As an enterprise administrator of the company, you have been assigned the task to configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails.
Which of the following options would you choose to accomplish this task?
A. Install two DHCP servers, one in the head office and the other in branch office and make sure that both the DHCP servers have two scopes.
B. Install a DHCP instance on a two node failover cluster in each office, the head office and the branch office.
C. In the head office, install a DHCP server and in the branch office, install a DHCP Relay Agent.
D. In the head office, install a DHCP instance on a two node failover cluster and in the branch office, install a DHCP Relay Agent.
E. None of the above.
Answer: B
Explanation:
To configure a DHCP addressing solution for both the offices that would minimize the traffic between the offices and is available in case any one of the DHCP server fails, you need to install a DHCP instance on a two node failover cluster in each office, the head office and the branch office. The two node failover cluster in each office will ensure that the DHCP server is always available even if one of the DHCP servers fails. Because DHCP relay is not supported on the network, both the offices need to have a separate DHCP failover clustering solution.
Having two scopes of DHCP servers will not help because DHCP relay is not supported on the network. Installing a DHCP server and DHCP Relay Agent in the branch office and installing a DHCP instance on a two node failover cluster and in the branch office and a DHCP Relay Agent will not help because this solution would increase the traffic between the offices in case any one of the DHCP server fails.
Reference:
Step-by-Step Guide for Configuring Two-Node File Server Failover Cluster in Windows Server 2008 http://209.85.175.104/search?q=cache:9u-snEWIUtgJ:download.microsoft.com/download/b/1/0/b106fc39-936c-
Reference:
DHCP Relay Agent Overview
http://www.tech-faq.com/dhcp-relay-agent.shtml
Question 4.
You are an enterprise administrator for ITCertKeys. The corporate network of the company consists of a single Active Directory forest that contains 25 domains. All the DNS servers on the corporate network run Windows Server 2008. The users on the corporate network use NetBIOS name to connect to the network applications in all the domains. Currently the network is configured with IPv4 addressing. As an enterprise administrator of the company, you have been assigned the task to migrate the network to an IPv6-enabled only network without affecting any client computer.
Which of the following options would you choose to accomplish this task?
A. Configure GlobalNames zones on the DNS servers running Windows Server 2008.
B. Add all domain zones to the ForestDNSZones partition on the DNS servers running Windows Server 2008.
C. Create a new running Windows Server 2008 server and configure WINS server on it.
D. Create a new running Windows Server 2003 server and configure WINS server on it.
E. None of the above.
Answer: A
Explanation:
To migrate the network from IPv4-enabled to an IPv6-enabled only network without affecting any client computer, you need to configure GlobalNames zones on the DNS servers running Windows Server 2008. To help customers migrate to DNS for all name resolution, the DNS Server role in Windows Server 2008 supports a special GlobalNames Zone (also known as GNZ) feature. The client and server name resolution depends on DNS. A DNS Client is able to resolve single-label names by appending an appropriate list of suffixes to the name. The correct DNS suffix depends on the domain membership of the client but can also be manually configured in the advanced TCP/IP properties for the computer. The problem occurs managing a suffix search list when there are many domains. For environments that require both many domains and single-label name resolution of corporate server resources, GNZ provides a more scalable solution. GNZ is designed to enable the resolution of the single-label, static, global names for servers using DNS. WINS cannot be used because it does not support IPv6 protocols and both are entering legacy mode for Windows Server 2008. ForestDNSZones partition cannot help to migrate a IPv4-enabled network to an IPv6-enabled only network
Reference:
Understanding GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/windows-DNS-globalnames-zone.htm
Reference:
Using GlobalNames Zone in Windows Server 2008
http://www.petri.co.il/using-globalnames-zone-window-server-2008.htm
Question 5.
You are an enterprise administrator for ITCertKeys. The company has a head office and two branch offices. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain called ITCertKeys.com. The DNS Service is installed on the member servers of the ITCertKeys.com domain and all the domain controllers and DNS servers for the ITCertKeys.com domain are located in the head office.
As an enterprise administrator of the company, you have been assigned the task to deploy two new Active Directory domains named branch1. ITCertKeys.com and branch2. ITCertKeys.com in the branch offices. To accomplish this task, you installed a DNS server in each branch office.
Which of the following actions would you perform next to prepare the environment for the installation of the new domains? (Select three. Each selected option will form a part of the answer.)
A. Configure a delegation subdomain DNS record on the main office DNS server for each new
domain.
B. Create a new standard primary zone on each branch office DNS server for the new domains.
C. Create a new stub zone on each branch office DNS server for the new domains
D. Configure forwarders on the main office DNS servers to point to the branch office servers.
E. Configure conditional forwarders on the main office DNS servers to point to the branch office DNS servers.
F. Configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers.
Answer: A, B, F
Explanation:
To deploy two new Active Directory domains in the branch offices, you need to first configure a delegation subdomain DNS record on the main office DNS server for each new domain then create a new standard primary zone on each branch office DNS server for the new domains and then configure zone transfer for the ITCertKeys.com zone to the branch office DNS servers after installing DNS server in each branch office. In DNS, a subdomain is a portion of a domain that you've delegated to another DNS zone. A subdomain is configured when you need to create domains in existing domain. A company might use subdomains for its various divisions. Because, to migrate your DNS zone data for the ITCertKeys.com zone to the branch office DNS servers, you will need to have a functioning standard primary server, you will need to create a new standard primary zone on each branch office DNS server for the new domains.
Reference:
Delegate subdomains in DNS in Windows 2000 Server
http://articles.techrepublic.com.com/5100-10878_11-5846057.html
Reference:
Step-By-Step: How to migrate DNS information to Windows Server 2003
http://www.lockergnome.com/it/2005/01/14/step-by-step-how-to-migrate-dns-information-to-windows-server-20
Reference:
DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
Question 6.
You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory forest that is made up of a single root domain and 15 child domains. The Administrators of the child domains need to frequently modify the records for authoritative DNS servers for the child domain DNS zones. The administrators take a long time in modifying these records. As an enterprise administrator of the company, you have been assigned the task to implement a solution that would minimize the effort required to maintain name resolution on the network.
Which of the following options would you choose to accomplish this task?
A. Create stub zones for the root domain zone on the child domain DNS servers.
B. Configure conditional forwarders for the parent domain on the child domain DNS servers.
C. Create stub zones for the child domain zones on the root domain DNS servers.
D. Configure delegation subdomain records for the child domains on the root domain DNS servers.
E. None of the above.
Answer: C
Explanation:
To implement a solution that would minimize the effort required to maintain name resolution on the network, you need to create stub zones for the child domain zones on the root domain DNS servers. Stub zones can help reduce the amount of DNS traffic on your network by streamlining name resolution and zone replication. The Stub zone should be configured for the child domain zones on the root domain DNS servers and not vice versa because a stub zone is like a secondary zone that obtains its resource records from other name servers (one or more master name servers).
Reference:
DNS Stub Zones in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html
Question 7.
You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured. Some client computers that do not have the latest Microsoft updates installed connect to the local area network (LAN) from client computers that are joined to a workgroup. Besides all network switches used for client connections are unmanaged.
As an enterprise administrator of the company, you have been assigned the task to implement a Network Access Protection (NAP) solution to protect the network. You need to ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain.
Which of the following NAP enforcement method should you use to accomplish this task?
A. 802.1x
B. DHCP
C. IPsec
D. VPN
E. None of the above.
Answer: C
Explanation:
To ensure that only the computers that have the latest Microsoft updates installed must be able to connect to servers in the domain and only the computers that are joined to the domain must be able to connect to servers in the domain, you need to use IPSec NAP enforcement method. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec.
Reference:
Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx
Reference:
Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.aspx
Question 8.
You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Windows Server 2008 Active Directory domain and one IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista, Windows XP Professional, and Windows 2000 Professional. On one of the Windows Server 2008 member servers, ITCertKeysServer1, Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services are configured. On another Windows Server 2008 member server, ITCertKeysServer2, Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA) services are configured.
The NAP is configured by using IPsec, DHCP, and 802.1x enforcement methods. Currently the computers that are not joined to the domain can easily connect to the domain and access network resources. As a network administrator, you want to stop this security lapse and want to ensure that only computers that are joined to the domain can access network resources on the domain.
Which of the following options would you choose to accomplish this task?
A. Configure all DHCP scopes on ITCertKeysServer1 to enable NAP.
B. Configure all network switches to require 802.1x authentication.
C. Create a GPO, link it to the domain. Enable a secure server IPsec policy on all member servers in the domain in the GPO.
D. Create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec
communications on all client computers in the domain in the GPO.
E. None of the above.
Answer: C
Explanation:
To ensure that only computers that are joined to the domain can access network resources on the domain, you need to create a GPO, link it to the domain and enable a secure server IPsec policy on all member servers in the domain in the GPO. IPsec domain and server isolation methods are used to prevent unmanaged computers from accessing network resources. This method enforces health policies when a client computer attempts to communicate with another computer using IPsec. Configuring DHCP scope cannot stop unmanaged computers that are not joined to the domain from accessing the network. NAP is not required in this scenario because you just want the member computers to access network resources. Therefore, you need not create a GPO, link it to the domain. Enable a NAP enforcement client for IPsec communications on all client computers in the domain in the GPO.
Reference:
Protecting a Network from Unmanaged Clients / Solutions
http://www.microsoft.com/technet/security/midsizebusiness/topics/serversecurity/unmanagedclients.mspx
Question 9.
You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single IP subnet. All servers in the domain run Windows Server 2008 and all the client computers run Windows Vista. The network contains three Windows Server 2008 servers configured as follows:
1. ITCertKeysServer1 - Configured with Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), and DHCP services.
1. ITCertKeysServer2 - Configured with Routing and Remote Access Service (RRAS), Network Policy Service (NPS), Health Registration Authority (HRA), and Microsoft System Center Configuration Manager (SCCM) 2007 services
1. ITCertKeysServer3 - Configured with File Services and Microsoft Windows SharePoint Services (WSS). As an enterprise administrator of the company, you have been assigned the task to configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources.
Besides, you need to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially.
.
Which of the following NAP enforcement method should you use to accomplish this task?
A. 802.1x
B. DHCP
C. IPsec communications
D. VPN
E. None of the above.
Answer: A
Explanation:
To configure the NAP environment that would only allow computers that have required Microsoft updates installed to access the internal network resources and to ensure that when the client computers connect to the network, the network switches would only allow them to communicate with only ITCertKeysServer1 and ITCertKeysServer2 initially, you need to use 802.1x NAP enforcement method because this method enforces health policies when a client computer attempts to access a network using EAP through an 802.1X wireless connection or an authenticating switch connection.
Reference:
Network Access Protection (NAP) Deployment Planning / Choosing Enforcement Methods
http://blogs.technet.com/nap/archive/2007/07/28/network-access-protection-deployment-planning.asp
Question 10.
You are an enterprise administrator for ITCertKeys. The corporate network of ITCertKeys consists of a single Active Directory domain. All the servers in the domain run Windows Server 2008 and all the client computers run Windows Vista with Service Pack 1.
The network contains three Windows Server 2008 servers configured as follows:
1. ITCertKeysServer1- Configured with Network Policy and Access Services (NPAS).
2. ITCertKeysServer2 - Configured with Microsoft Windows SharePoint Services (WSS).
3. ITCertKeysServer3 - Configured with File Services.
The company has many remote users (domain members) that need to access the domain resources from their remote locations. Some of the remote users informed you that they can access ITCertKeysServer2 by using the URL https://portal. ITCertKeys.com from their remote locations through Internet but the firewall used at their remote location site prevents all other outbound connections. As an enterprise administrator of the company, you have been assigned the task to plan a solution that would allow the remote users to access files on ITCertKeysServer3 through a VPN connection
Which of the following types of connections should you enable on ITCertKeysServer1?
A. Configure IPsec tunnel mode connection
B. Configure a L2TP VPN connection
C. Configure a PPTP VPN connection
D. Configure Secure Socket Tunneling Protocol (SSTP) connection
E. None of the above.
Answer: D
Explanation:
To plan a solution that would allow the remote users using firewall on their remote locations to access files on ITCertKeysServer3 through a VPN connection, you need to configure Secure Socket Tunneling Protocol (SSTP) connection. Before Windows Server 2008, all kinds of VPN connections such as PPTP L2TP, and IPSec had problems with firewalls, NATs, and Web proxies. To prevent problems, firewalls must be configured to allow connections. If your VPN client computer is behind a NAT, both the VPN client and the VPN server must support IPsec NAT-Traversal (NAT-T). Besides, VPN server can't be located behind a NAT, and that L2TP/IPsec traffic can't flow through a Web proxy. With the advent of SSTP in Windows Server 2008 all the VPN connectivity problems such as firewalls, NATs, and Web proxies are solved. The SSTP connection allows the use of HTTP over secure sockets layer (SSL). SSTP uses an HTTP-over-SSL session between VPN clients and servers to exchange encapsulated IPv4 or IPv6 packets.
Reference:
The Cable Guy: The Secure Socket Tunneling Protocol / The New VPN Solution
http://technet.microsoft.com/en-us/magazine/cc162322.aspx
|
Question 1.
Which of these is a benefit of an integrated security management system?
A. It provides configuration, monitoring, and troubleshooting capabilities across a wide range of security products.
B. It leverages existing network management systems such as HP Open View to lower the cost of implementation.
C. It integrates security management capabilities into the router or switch.
D. It integrates security device management products and collects events on an "as needed" Basis to reduce management overhead.
E. It provides a single point of contact for all security configuration tasks thereby enhancing the return on investment.
Answer: A
Question 2.
DRAG DROP
Drop
Answer:
Question 3.
Which service component within the prepare phase recommends the appropriate technology strategy to address a business requirement of the customer?
A. identifying what a customer requires from a proposed solution
B. determining what end-user training a customer requires
C. analyzes the customer's business requirements and recommends the appropriate Cisco
technologies to meet business requirements
D. addressing a customer's physical requirements
Answer: C
Question 4.
What are two important approaches to communicate when identifying a customer's security risks? (Choose two.)
A. Security should be a continuous process.
B. Security solutions should come from multiple vendors to make it easier to coordinate security events from the point of origin.
C. The designated security expert should report to the IT department, since that is where the solution will be implemented.
D. Business strategy should directly relate to the security policy and budget.
E. Smaller companies are at less risk than larger enterprises, so their security needs are not as great.
Answer: A, D
Question 5.
Which of the following best describe the customer benefit of creating a systems acceptance test plan in the design phase?
A. reduce operating costs and limit change-related incidents by providing a consistent and Efficient set of processes
B. improve the return on investment and hasten migration by identifying and planning for necessary infrastructure changes and resource additions, as well as reduce deployment costs by analyzing gaps early in the planning process to determine what is needed to support the system
C. improve its ability to make sound financial decisions by developing a business case based on Its business requirements and establishing a basis for developing a technology strategy
D. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases for use in verifying that the system meets operational, functional, and interface requirements
Answer: D
Question 6.
A Cisco Catalyst switch can belong to how many VTP domains?
A. 2
B. 1 to 4,096
C. 1
D. 1 to 1,005
E. no limit
Answer: C
Question 7.
The Cisco ASA Security Appliance can offer the benefit of integrating which three security services into one device? (Choose three.)
A. PIX firewall
B. VPN Concentrator
C. IPS
D. DDoS Anomaly Guard and Detector
E. CSA MC
F. ACS server
Answer: A, B, C
Question 8.
A customer has deployed a wireless core feature set using autonomous access points and now wants to include a satellite building 4,500 feet away from the main campus. The customer also wants to provide wireless access to a courtyard for wireless clients in close proximity to the antenna mounting position.
Which Cisco Aironet product is the most applicable solution?
A. Cisco Aironet 1000 Series
B. Cisco Aironet 1300 Series
C. Cisco Aironet 1100 Series
D. Cisco Aironet 1400 Series
E. Cisco Aironet 1200 Series
Answer: B
Question 9.
What is one benefit of the Cisco anti-X defense strategy?
A. virtual firewall protection
B. malware, virus, and worm mitigation
C. applications security
D. security events correlation for proactive response
Answer: B
Question 10.
Which two of these statements best describe the benefits of Cisco's wireless IDS functionality? (Choose two.)
A. Autonomous APs must be dedicated IDS sensors while lightweight APs can combine client traffic and RF monitoring.
B. Cisco or CCX compatible client cards can extend the RF IDS service for autonomous APs.
C. 2.4GHz RF management can monitor both 802.11 and non-802.11 RF interference.
D. APs only monitor the RF channels that are servicing the clients.
E. AirDefense for wireless IDS is required by autonomous APs.
Answer: B, C
|
Question 1. Which of the following best describe the customer benefits of change management in the operate phase? A. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases for use in verifying that the system meets operational, functional, and interface requirements B. improve its ability to make sound financial decisions by developing a business case based on its business requirements and establishing a basis for developing a technology strategy C. reduce operating costs and limit change. related incidents by providing a consistent and efficient set of processes D. improve the return on investment and hasten migration by identifying and planning for necessary infrastructure changes and resource additions, as well as reduce deployment costs by analyzing gaps early in the planning process to determine what is needed to support the system Answer: C Question 2. Which of these is the best definition of the Cisco Lifecycle Services approach? A. It defines the minimum set of services required to successfully deploy and operate a set of Cisco technologies. B. It determines how best to price Cisco products. C. It provides partners with a useful way to leverage Cisco resources. D. It consists of these phases: plan, deploy, support, and troubleshoot. Answer: A Question 3. What two types of telephony interfaces are used for PSTN connectivity? (Choose two.) A. Digital B. Optical C. Analog D. CDMA Answer: A, C Question 4. Which statement correctly describes the keys witch model of deployment for call processing? A. All IP Phones are able to answer any incoming PSTN call on any line B. PSTN calls are routed through a receptionist or automated attendant. C. All IP Phones in the system have a single unique extension number. Answer: A Question 5. Which definition best describes the implementation service component within the implement phase? A. providing a step-by-step plan that details the installation and service. commission tasks required in order to create a controlled. implementation environment that emulates a customer network B. assessing the ability of site facilities to accommodate proposed infrastructure changes C. developing and executing proof-of-concept tests, validating high-level infrastructure design, and identifying any design enhancements D. Installing, configuring and integrating systems components based on an implementation plan developed in earlier phases E. improving a customer's infrastructure security system Answer: D Question 6. A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired. Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage? A. full mesh B. partial mesh C. point-to-multipoint D. huB. anD.spoke Answer: D Question 7. How can the proper configuration of Voice Mail be tested at an end user's IP phone? A. Press the "i" button. B. Press the "Settings" button. C. Press the "Services" button. D. Press the "Messages" button Answer: D Question 8. In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed? A. distribution layer B. core layer C. access layer D. network management functional module Answer: A Question 9. Which of these is an accurate list of Cisco Lifecycle Services phases? A. initiation, planning, analysis, design, development, implementation, operations and maintenance B. project planning, site assessment, risk assessment, solution selection and acquisition, testing, and operations C. Prepare, plan design implement operate, and optimize D. analysis, design, deployment, testing, implementation, and production I E. presales, project planning, development, implementation, operations testing, and operations signoff Answer: C Question 10. What port role assignment would you make for the Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System? A. IP Phone and desktop B. Cisco UC520 C. Cisco CE520 D. Cisco 871W Answer: B
|
Question 1. LSC validation is failing on a new SCCP IP phone that you have just added to the Cisco Unified CallManager 5.0 cluster. No other IP phones are experiencing any problems with LSC validation. What can you do to help pinpoint the problem? A. Check for security alarms B. Verify that the authentication string is correct in the Cisco Unified CallManager device configuration screen C. View the SDI trace output D. Use the Security configuration menu on the IP phone to verify that an LSC has been downloaded to the IP phone Answer: D Question 2. Which three capabilities can't be configured if the default dial peer is matched? (Choose three.) A. Set preference to 1 B. Invoke a Tcl application C. Enable dtmf-relay D. Set codec to G.711 E. Disable DID F. Disable VAD Answer: B, C, F Question 3. When using trace output to troubleshooting a Cisco Unified CallManager 5.0 problem, how can you collect and view the trace files? A. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and then use the embedded RTMT tool to view the trace files B. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and download the RTMT plug-in from the CallManager Administration page to view the trace output C. Download the RTMT plug-in from the Cisco Unified CallManager Serviceability page to view the preconfigured trace files D. Configure the proper alarms and traces on the Cisco Unified CallManager Administration page and view the output with the RTMT plug-in Answer: B Question 4. You are troubleshooting why a user can't make calls to the PSTN. You are reviewing trace files and you found where the user's IP phone initiates the call but you never see the call go out the gateway. What is the next step in troubleshooting this issue? A. Look in the SDL trace file to see if there is a signal to another Cisco Unified CallManager node with the same time-stamp B. Look in the MGCP trace file to determine which MGCP gateway the call was sent to C. Look in the IP Voice Media Streaming APP trace file to see if an MTP was invoked D. Look in the SDL trace file to see if there is a signal to anther Cisco Unified CallManager node with the same TCP handle Answer: A Question 5. Exhibit: Your work as a network engineer at ITCertKeys.com. Please study the exhibit carefully. Voice bearer traffic is mapped to which queue in FastEthernet0/2? A. Queue 2 B. Queue 3 C. Queue 1 D. Queue 4 Answer: A Question 6. Exhibit: Your work as a network engineer at ITCertKeys.com. Please study the exhibit carefully. You have received a trouble ticket stating that calls to international numbers are failing. To place an international call, users dial the access code, "9," followed by "011", the country code and the destination number. After entering the debug isdn 1931 command on the MGCP gateway, you have the user attempt the call again. Base on the debug output, what is the most likely cause of this problem? A. The TON in incorrect B. The circuit is not configured correctly or has a physical layer issue C. Cisco Unified CallManaager is not stripping the access code before sending the call to the gateway D. The gateway dial peer needs to prefix "011" to the called number so the PSTN knows this is an internation call E. The user's CSS does not permit international calls Answer: A Question 7. You have developed a dial plan for Cisco Unified CallManager 5.0 solution. All the route patterns, partitions, calling search spaces and translation rules have been configured. Before starting up the system you wish to test the dial plan for errors. Which Cisco Unified CallManager tool will simplify this testing? A. Route Plan Report B. Dial Plan Installer C. Dialed Number Analyzer D. RTMT Traces and Alarms Answer: C Question 8. You have just obtained a list of the following options: all patterns unassigned DN Call Park Conference Directory Number Translation Pattern Call pickup group Route pattern Message waiting Voice mail Attendant console What have you selected in order to produce this list? A. Route Plan > External Route Plan Wizard B. Control Center > Feature Services C. Route Plan > Route Plan Report D. Dialed Number Analyzer Answer: C Question 9. You have configured the Enable Keep Alive check under Trace Filter settings. How does this change the trace output? A. It adds the IP address of the endpoint in hex B. It maps the unique TCP handle for the endpoint to the MAC address of the endpoint in the trace output C. It adds the SCCP messages and all fields sent as part of that message D. It adds TCP socket numbers between the endpoint and Cisco Unified CallManager for the session Answer: B Question 10. When using trace output to troubleshooting a Cisco Unified CallManager 5.0 problem, how can you collect and view the trace files? A. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and download the RTMT plug-in from the CallManager Administration page to view the trace output B. Configure the proper alarms and traces on the Cisco Unified CallManager Administration page and view the output with the RTMT plug-in C. Download the RTMT plug-in from the Cisco Unified CallManager Serviceability page to view the preconfigured trace files D. Configure the proper trace settings on the Cisco Unified CallManager Serviceability page and then use the embedded RTMT tool to view the trace files Answer: A
|
Question 1. Exhibit: The network has two gatekeepers that control four zones. Which command is used to ensure that the aggregate bandwidth between zones that are controlled by the Portland Gatekeeper and the Seattle Gatekeeper is limited to 100,000 kbps? A. bandwidth interzone 166667 B. bandwidth remote 166667 C. bandwidth session 166667 D. bandwidth region 166667 E. bandwidth zone 166667 Answer: B Question 2. ITCertKeys.com has a single Cisco IPVC 3511 MCU E. At present there are two conferences occurring as follows: Conference 1:three conference participantstransrating 768 kbps to 384 kbpsenhanced continuous presence Conference 2:three conference participantstransrating 768 kbps to 384 kbpsmultiple conference view (3)A third conference is desired with the following requirements: Conference 3:three conference participants What will occur when the third conference is attempted? A. The third conference will succeed as desired. B. The third conference will succeed, but without the enhanced continuous presence. C. The third conference will fail because an IPVC 3511 MCU does not have the resources for three conferences of three people each. D. The third conference will fail because the EMP module does not have the resources to provide the number of required services. Answer: A Question 3. Exhibit: ITCertKeys.com is using Cisco meeting place at its world headquarters; ITCertKeys.com also has a Cisco CallManager cluster. The Cisco CallManager cluster includes a video deployment with both SCCP and H.323 video endpoints. The videoconferencing capability is provided by a Cisco IPVC 3540 Series Videoconferencing System. Using the topology in the exhibit, what should be the video gateway location? A. A B. B C. C D. D Answer: B Question 4. ITCertKeys.com is deploying Cisco VT Advantage to enable executives to participate in video calls with customers and suppliers. Which two devices can be used to allow these external calls to be placed over a dedicated PRI? (Choose two.) A. Cisco IPVC 3521 B. Cisco IPVC 3526 C. Cisco IPVC 3540 D. Cisco Multiservice IP-to-IP Gateway E. Cisc MCM proxy Answer: B, C Question 5. Exhibit: A network has two gatekeepers that control four zones. Which command is used to ensure that the aggregate bandwidth between the Seattle and Spokane zones is limited to 100,000 kbps? A. bandwidth interzone 166667 B. bandwidth remote 166667 C. bandwidth session 166667 D. bandwidth region 166667 E. bandwidth zone 166667 Answer: A Question 6. Exhibit: CAC is being configured for the centralized call-processing video telephony network. Each video terminal is capable of a maximum data rate of 320 kbps, and two video terminals are planned for each site. The requirement is to make two simultaneous video calls between the ITCertKeys main office and each remote ITCertKeys branch office site. The audio codec will be G.711. In order to ensure quality of service for calls, which action should be taken when configuring Cisco CallManager? A. Set the location video call bandwidth between the central site and each remote site to 922 kbps. B. Set the location video call bandwidth between the central site and each remote site to 384 kbps. C. Set the location video call bandwidth between the central site and each remote site to 768 kbps. D. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 922 kbps between the central site and each remote site. E. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 384 kbps between the central site and each remote site. F. Configure the gatekeeper to set the req-qos guaranteed-delay video bandwidth at 768 kbps between the central site and each remote site. Answer: C Question 7. ITCertKeys.com has a requirement for up to 10 simultaneous conferences of four people each, and each conference requires 384-kbps to 128-kbps transrating and H.261 to H.263 video transcoding. What should this company purchase? A. one Cisco IPVC 3540 Transcoder Module for MC06A B. one Cisco IPVC 3540 Transcoder Module for MC06A with an EMP blade C. one Cisco IPVC 3540 Transcoder Module for MC06A with an EMP3 blade D. two Cisco IPVC 3540 Transcoder Modules for MC06A E. two Cisco IPVC 3540 Transcoder Modules for MC06A, each with an EMP blade F. two Cisco IPVC 3540 Transcoder Modules for MC06A, each with an EMP3 blade Answer: C Question 8. Which three factors must be considered when designing a H.323 videoconferencing dial plan? (Choose three.) A. the number of sites in the enterprise B. the number and location of gatekeepers C. the incoming PSTN call routing method D. the DNs and location of conferencing MCUs to be deployed E. the videoconferencing features and applications to be deployed F. the location of voice gateways Answer: A, C, D Question 9. Exhibit: The network has two gatekeepers that control four zones. Which command is used to ensure that no single call in Zone Eugene uses more than 768 kbps? A. bandwidth interzone 768 B. bandwidth limit 768 C. bandwidth session 768 D. bandwidth call 768 E. bandwidth zone 768 Answer: C Question 10. What is traditionally used in a H.323 gatekeeper to pool endpoints into groups? A. zones B. clusters C. calling search spaces D. toll bypass routing Answer: A
|
Question 1. Which Cisco Security product is used to perform a Security Posture Assessment of client workstations? A. Adaptive Security Appliance B. Cisco Security Agent C. Cisco Security Posture Assessment Tool D. Cisco NAS Appliance E. Cisco ACS Answer: D Question 2. Which three policy types can be assigned to a network user role in the Cisco NAC Appliance architecture? (Choose three.) A. Allowed IP Address ranges B. Network Port Scanning Plug-ins C. VPN and roaming policies D. Inactivity period E. Session Duration F. Minimum Password length Answer: B, C, E Question 3. Which two components should be included in a network design document? (Choose two.) A. Complete network blueprint B. Operating Expense C. Risk Analysis D. Configuration for each device E. Detailed part list Answer: A, E Question 4. DRAG DROP You work as a network engineer at ITCertKeys.com. Your boss, Miss. ITCertKeys, is interested in Cisco Security modules. Match the descriptions with the proper module. Use only options that apply. Answer: Question 5. Which statement is true about the Cisco Security MARS Global Controller? A. Rules that are created on a Local Controller can be pushed to the Global Controller B. Most data archiving is done by the Global Controller C. The Global Controller receives detailed incidents information from the Local Controllers and correlates the incidents between multiple Local Controllers D. The Global Controller Centrally Manages of a group of Local Controllers Answer: D Question 6. Which certificates are needed for a device to join a certificate-authenticated network? A. The Certificates of the device and its peer B. The Certificates of the certificate authority, the device and the peer C. The Certificates of the certificate authority and the peer D. The Certificates of the certificate authority and the device Answer: D Question 7. Which three Cisco Security products help to prevent application misuse and abuse? (Choose three.) A. Cisco ASA 5500 Series Adaptive Security Appliances B. Cisco IOS FW and IPS C. Cisco Traffic Anomaly Detector D. Cisco Security Agent E. Cisco Trust Agent F. NAC Appliance (Cisco Clean Access) Answer: A, B, D Question 8. DRAG DROP You work as a network engineer at ITCertKeys.com. Your boss, Miss. ITCertKeys, is interested attack methodologies. Match the descriptions with the proper methodology. Use only options that apply. Answer: Question 9. Which two of these features are integrated security components of the Cisco Adaptive Security Appliance? (Chose two.) A. VRF-aware firewall B. Cisco ASA AIP SSM C. VTI D. Control Plane Policing E. Anti-X F. DMVPN Answer: B, E Question 10. Which of these items is a valid method to verify a network security design? A. Computer simulation B. Network audit C. Sing-off by the operations team D. Pilot or prototype network E. Analysis of earlier attacks Answer: D
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.