|
Question 1.
Which message is sent by a RADIUS client to a RADIUS server?
A. ACCESS-REQUEST
B. ACCESS-QUERY
C. ACCESS-CHALLENGE
D. ACCESS-RESPONSE
Answer: A
Question 2.
You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication.
All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors.
Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources.
You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you only see authentication requests coming from the third floor switch.
Why can't the second floor users connect to the network?
A. No default gateway has been configured on the second floor switch, therefore no
authentication requests can reach the RADIUS Server
B. The second floor users are using the wrong EAP type in their attempts to authenticate to the
RADIUS Server.
C. The RADIUS Server IP Address has not been configured on the second floor switch
D. The RADIUS shared secret configured on the second floor switch does not match the shared
secret configured on the RADIUS Server.
Answer: C
Question 3.
You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication. All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors. Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources. You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you see that authentication requests coming from the second floor switch are being denied because they are coming from an unauthorized client.
Why can't second floor users connect to the network?
A. The second floor users are using the wrong EAP type in their attempts to authenticate to the
RADIUS Server.
B. IP Routing has not been enabled on the second floor switch; therefore no authentication
requests can reach the RADIUS Server.
C. The second floor switch has not been configured as a client on the RADIUS server.
D. The RADIUS shared secret configured on the second floor switch does not match the shared
secret configured on the RADIUS Server
Answer: C
Question 4.
A new employee has just joined your company in the Accounting department. You are using 802.1X for port based authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can.
What is most likely the problem?
A. The switch to which he is connected has an incorrect RADIUS shared secret.
B. The remote access permission has not been granted to his Active Directory user profile.
C. The switch to which he is connecting has the wrong IP address configured for its RADIUS
authentication server.
D. The switch to which he is connecting has no default gateway, therefore the authentication
requests can not reach the RADIUS server.
Answer: B
Question 5.
A new employee has just joined your company in the Human Resources department. You are using an ProCurve 5304xl switch with 802.1X enabled for port-based authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can.
What is most likely the problem?
A. The switch to which he is connected has an incorrect RADIUS shared secret.
B. The switch to which he is connecting has the wrong IP address configured for its RADIUS
authentication server.
C. He is using an EAP type that is not allowed by the remote access policy to which his Active
Directory user profile is associated.
D. The switch to which he is connecting has no default gateway, therefore the authentication
requests can not reach the RADIUS server.
Answer: C
Question 6.
In the process of designing a security solution for a large library, the IT administrator tells you that they have a large section of workstations that both library staff and customers use. She does not want to have to install any new software on these stations but she does need to be able give library personnel access to resources that can not be accessible to the public at large.
What technology would best suit this situation?
A. Web Authentication
B. MAC Authentication
C. 802.1X Authentication
D. Port Security
Answer: A
Question 7.
You have implemented a network security solution for your client based upon the 802.1X protocol using 5300xl switches, the ProCurve Access Control Client and Microsoft IAS. In this solution, the 5300xl switches are acting as ________.
A. policy decision points
B. policy enforcement points
C. authentication servers
D. proxy servers
Answer: B
Question 8.
You have implemented a network security solution for your client based upon the 802.1X protocol using the ProCurve Access Control Client, 2650-PWR switches and the Funk Steel-Belted RADIUS server. In this solution, the RADIUS server is acting as a ________.
A. policy repository
B. policy decision point
C. network access server
D. policy enforcement point
Answer: B
Question 9.
You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X, Web Authentication and ACLs configured locally on each of the edge switches.
What HP ProCurve Switch series is the best fit for this solution?
A. HP ProCurve 2500
B. HP ProCurve 2600
C. HP ProCurve 5300xl
D. HP ProCurve 9300m
Answer: C
Question 10.
You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X authentication on the edge switches. The customer has limited rack space in his remote closets and consequently wants to use 1U stackable switches with the highest port density available.
What HP ProCurve Switch series is the best fit for the edge switches in this solution?
A. HP ProCurve 5300xl
B. HP ProCurve 4100gl
C. HP ProCurve 2600
D. HP ProCurve 2500
Answer: C
Question 11.
A customer, who is already using SSH for secure communications, wants the client to authenticate itself using client RSA.
Which additional preparatory steps are necessary to set up client RSA authentication? Select TWO.
A. Generate a public/private key pair on the switch.
B. Copy the client public key to the switch.
C. Copy the client private key to the switch.
D. Copy the public/private key pair to the client.
E. Generate a public/private key pair on the client computer.
Answer: B, E
Question 12.
A customer has recently installed and configured 300 HP ProCurve switches supporting SSL security.
What are the benefits of using SSL? Select TWO.
A. fully encrypted sessions for configuring the switch remotely via the serial console
B. authenticates the switch to client using a digital certificate
C. fully encrypted sessions for configuring the switch remotely via Telnet
D. uses switch-based Java applet for secure authentication
E. fully encrypted sessions for configuring the switch remotely via web browser
Answer: B, E
Question 13.
A customer currently manages all of their HP ProCurve switches using the plain text web interface. They now want to use SSL for encrypted web-based management.
Which steps must be completed before enabling SSL? Select TWO.
A. generate a self-signed server certificate for HTTPS
B. generate an HTTPS client certificate
C. generate an RSA key file for HTTPS certificates
D. disable plain text web management first
E. import a certificate request from a Certificate Authority
Answer: A, C
Question 14.
What are the main steps for configuring SNMPv3 access management after enabling SNMPv3 on an HP ProCurve 5300xl switch?
A. Create communities; create groups; assign communities to groups
B. Create users; assign users to groups
C. Create users; create groups; assign users to groups
D. Create users; create communities; assign users to communities
Answer: B
Question 15.
When designing a management VLAN, which ProCurve solution should an administrator implement at the core and the Layer 2 edge devices?
A. Enable management VLANs to provide security at the core; apply an IP address only to the
core switch; and use ACLs at the Layer 2 switches.
B. Use ACLs to provide security at the core; enable management VLANs at the Layer 2 switches;
and apply an IP address only to the management VLAN.
C. Enable management VLANs to provide security at the core and at Layer 2 switches; ACLs are
not required.
D. Configure a separate management network with dedicated ports to isolate all management
traffic at the core and at the Layer 2 switches.
Answer: B
Question 16.
Which statements are true with respect to the management VLAN feature? Select THREE.
A. Management access to the switch is restricted to the console port because the management
VLAN has no physical network ports.
B. A management VLAN prevents unauthorized access to switches largely by not being visible to
the data network.
C. Management traffic is "virtually" isolated with absolute minimum port access
D. The VLAN ID of the management VLAN must be the largest available in the switch; this is
typically 1023.
E. You must execute the management-vlan menu option on all switches in the management
VLAN.
F. The management VLAN is a separate virtual network not accessible by data network traffic. It
is used to help secure management access.
G. A management VLAN cannot be used in a routed environment because it would allow
someone from a user VLAN to access the management VLAN without a physical connection
to the management VLAN.
Answer: B, C, F
Question 17.
An HP ProCurve 9308m Routing Switch has just been installed in your customer's data center. To prevent unauthorized users from making configuration changes, he wants to set passwords on the routing switch.
Which type of password must he set on the routing switch to allow himself full access to all configuration commands?
A. super-user
B. manager
C. operator
D. administrator
Answer: A
Question 18.
A customer consults you about network infrastructure security. She wants to allow one of her staff read-only access to the switches. She has not configured a manager password, only an operator password. You advise her that this is not an appropriate solution, because _______.
A. passwords are case-sensitive, and entering the Operator password in all capitals enables full
manager privileges
B. when you configure only an Operator password, entering the Operator password enables full
manager privileges
C. a user with the Operator password can erase the startup configuration, reboot the switch, and
gain access with full manager privileges
D. even with the Operator password, a user can enter the hidden no password command, reboot
the switch, and gain access with full manager privileges
Answer: B
Question 19.
You receive a frantic call from a customer who cannot access the CLI interface on an HP ProCurve 5304xl switch because she has forgotten the password. For security purposes she has disabled the password-clear function of the front-panel buttons.
How could you help her to regain management access to the switch?
A. Press the Reset button on the front panel of the switch for at least 20 seconds to return the
switch to factory defaults.
B. Press the Clear button on the front panel of the switch for at least 10 seconds to return the
switch to factory defaults.
C. Use the Reset and Clear buttons on the front panel of the switch together to return the switch
to factory defaults.
D. You will need to call HP Support and obtain a one-time-use password. This is the only way to
regain management access to the switch once the password-clear function has been disabled.
Answer: C
Question 20.
You have a customer who has just installed a 5304xl switch in an open area of his office. Although the switch is installed in a closed rack with a locking door, he is concerned that it might be possible for someone to access the front panel buttons on the switch.
Which commands will allow him to prevent the switch from having its passwords and configuration information cleared? Select TWO.
A. no front-panel-security factory-reset
B. no front-panel-security password-clear reset-on-clear
C. no front-panel-security password-recovery
D. no front-panel-security password-clear
E. front-panel-security password-clear reset-on-clear
Answer: A, D
|
Question 1. A new Xserve is booted from the Mac OS X Server v10.4 installation disc. Which password will let you connect to the Xserve remotely? A. the sequence of characters, "PASSWORD" B. the first eight characters of the Xserve serial number C. the first eight characters of the Xserve Ethernet MAC address D. the first eight characters of the Mac OS X Server software serial number Answer: B Question 2. Which command-line tool can help you identify the configuration file that is written to when you change an option from the graphical interface? A. ps B. otool C. tcpdump D. fs_usage E. netstat -a Answer: D Question 3. Certain tools must be used to configure a Mac OS X Server computer from the command line. Other tools are optional. Which tool below is optional when configuring Mac OS X Server from the command line? A. ifconfig B. serversetup C. networksetup Answer: A Question 4. You want to enable secure connections to your AFP service. Which command can you use to do so? A. sudo serveradmin settings afp:SSHTunnel = yes B. sudo serveradmin command afp:setSSHTunnel:yes C. sudo networksetup -CreateBond afp:SSHTunnel D. sudo networksetup settings -setappletalk "Built-in Ethernet" = SSH Answer: A Question 5. Where are records for share points stored? A. in /etc/afpd.conf B. in /etc/aftovertcp.cfg C. in the local NetInfo database D. in the LDAP database of the Open Directory Master Answer: C Question 6. Server Admin typically sends commands to servermgrd using ________. A. SSH B. SNMP C. XML over HTTPS D. an Apple-proprietary data stream over HTTP Answer: C Question 7. Which statement is true of Server Admin's default SSL configuration? A. Each server has a unique, self-signed certificate. B. SSL is disabled because no valid certificates are pre-installed. C. Each server has a unique certificate signed by Apple's Certificate Authority. D. All servers use the identical, pre-installed certificate signed by Apple's Certificate Authority. Answer: A Question 8. You are using the command-line installer to install PretendCoTools.pkg. You want to install it on a non-boot volume mounted on a server. Which command will help you determine whether the package supports installation on that volume? A. hdiutil verify PretendCoTools.pkg B. installer-volinfo -pkg PretendCoTools.pkg C. lsbom PretendCoTools.pkg/Contents/Archive.bom D. cat PretendCoTools.pkg/contents/Resources/preflight Answer: B Question 9. You want to use the built-in software RAID in Mac Os X Server to create a RAID 1 set across two disks in an Xserve. Which command will accomplish this goal? A. megaraid create R1 -drive 0 1 -stripesize 64 B. diskutil createRAID mirror RAID_Volume HFS+ disk0 disk1 C. diskutil createRAID stripe RAID_Volume HFS+ disk0 disk1 D. diskutil createRAID stripe-distributed-parity RAID_Volume HFS+ disk0 disk1 Answer: B Question 10. You want to update the software on a headless Xserve over an SSH connection to the server, but one of the component installers has a graphical element that displays a splash screen. How can you prevent the installer from launching this graphical element? A. Run softwareupdate with the -headless option. B. Set the environment variable COMMAND_LINE_INSTALL to 1. C. Use SystemStarter to start the HeadlessStartup startup item. D. Download the updates with softwareupdate -d, then install them with installer -noGUI. Answer: B
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.