|
I bought study guide for this exam from actualtest and testking but did not helped me. Only the stuff from itcertkeys.com was good. its study guide really helped me to pass the exam. I am currently pasting the question with answer taken from itcertkeys.com 646-301 exam study guide containing the missing answer not present in other vendors guide.
Question 1.
Cisco Intrusion Detection Systems include host and network sensors.
Which two additional sensors are offered? (Choose two)
A. switch sensors
B. reboot sensors
C. firewall sensors
D. power failure sensors
Answer: A, C
Reference:
http://www.cisco.com/warp/public/cc/pd/sqsw/sqidsz/
|
Question 1. Review the image, and then answer the question below. You have managed the Dock preferences to define where on the computer screen the Dock will appear for these four accounts: Lab (a computer group), Science1 (a computer in the Lab computer group), Teachers (a workgroup), and John (a member of the Teachers workgroup). When John logs in on the Science1 computer, where on the computer screen does the Dock appear? A. Bottom of the screen B. Left side of the screen C. Right side of the screen D. John will be prompted to choose whether his user preferences or the Teachers workgroup preferences should be used. The Dock will appear at the location of his choice. Answer: C Question 2. You are setting up a Mac OS X Server v10.5 computer to store the home folders for 10 users. The computer has 510 GB of free space on the volume where the home folders reside. Which of these procedures will ensure that each user has an equal amount of storage space, yet leave at least 10 GB free? A. In AFP service in Server Admin, select Limit disk usage to, and set the value to 50 GB. B. In AFP service in Server Admin, select Limit disk usage to, and set the value to 500 GB. C. In Workgroup Manager, in the Home pane for each user account, set the Disk Quota to 50 GB. D. In Workgroup Manager, in the Quota pane for a group containing all of the users, set the Limit to 50 GB. Answer: C Question 3. You have enabled AFP service on your Mac OS X Server v10.5 computer. You configured the authentication method as Any. The server will attempt to authenticate file service users using which authentication methods, and in what order? A. (1) Kerberos; (2) SSH B. (1) Standard; (2) Kerberos C. (1) Kerberos; (2) Standard D. (1) SSH; (2) Standard; (3) Kerberos E. (1) Standard; (2) Kerberos; (3) SSH Answer: C Question 4. Which utility should you use on a Mac OS X v10.5 computer to create resources, such as rooms and projectors, in an LDAP directory so that those resources can be scheduled by iCal service users? A. Directory B. Address Book C. Directory Utility D. Directory Access Answer: A Question 5. Which of these is a zone that is configurable from Server Admin? A. Cache B. Master C. Pointer D. Forward Answer: B Question 6. Which utility can you use to display the status of ticket-granting tickets on a Mac OS X v10.5 computer? A. Kerberos B. Server Admin C. KerberosAgent D. Keychain Access E. Directory Utility F. Certificate Assistant Answer: A Question 7. Your company has a set of site-licensed fonts in a folder named Fonts, on the share point, Resources, on your Mac OS X Server v10.5 computer. You are configuring the Resources share point so that these fonts will be automatically accessible by all your Mac OS X users. After you have enabled the Automount option for the Resources share point, how should you configure the share point in the automount configuration sheet? A. Choose User home folders. B. Choose Shared Library folder. C. Choose Shared Applications folder. D. Choose Custom mount path and enter ~/Library/Fonts for the path. Answer: B Question 8. What is the maximum number of replicas of one Open Directory master that can be used in a Mac OS X Server v10.5 Open Directory infrastructure? A. 31 B. 64 C. 256 D. 1024 E. 1056 Answer: E Question 9. A MacBook computer running Mac OS X v10.5 was formerly managed, but its managed preferences have been disabled on the server. Still, the user is unable to change some preferences on the MacBook. Which statement presents a valid method for restoring the users access to these preferences? A. Delete the /Library/Managed Preferences/ folder. B. Delete the MCX attributes from the user records in the NetInfo database. C. Deselect the Managed Accounts option in the Services pane of Directory Utility. D. Deselect the Managed Accounts option in the Accounts pane of System Preferences. Answer: A Question 10. Which protocol does the iChat service in Mac OS X Server v10.5 use to send messages? A. IRC (Internet Relay Chat) B. SMP (Symmetric Messaging Protocol) C. AIMP (AOL Instant Messaging Protocol) D. XMPP (Extensible Messaging and Presence Protocol) Answer: D Question 11. Review the image, and then answer the question below. You have specified the applications that will be displayed in the Dock for the Lab computer group, the Science1 computer, which is a member of the Lab computer group, the Teachers workgroup, and for a member of the Teachers workgroup, John, as shown in the image. When John logs in on the Science1 computer for the first time, which of the applications below will NOT be displayed in the Dock? A. iMovie B. Keynote C. TextEdit D. QuickTime Player Answer: D
|
Question 1. Referring to the topology diagram show in the exhibit, which three statements are correct regarding the BGP routing updates? (Choose three.) A. The EBGP routing updates received by R1 from R5 will be propagated to the R2, R4, and R7 routers B. The EBGP routing updates received by R3 from R6 will be propagated to the R2 and R4 routers C. The EBGP routing updates received by R1 from R5 will be propagated to the R2 and R4 routers D. The IBGP routing updates received by R3 from R2 will be propagated to the R6 router E. The IBGP routing updates received by R2 from R1 will be propagated to the R3 router F. The IBGP routing updates received by R1 from R4 will be propagated to the R5, R7, and R2 routers Answer: A, B, D Explanation: Question 2. When a BGP route reflector receives an IBGP update from a non-client IBGP peer, the route reflector will then forward the IBGP updates to which other router(s)? A. To the other clients only B. To the EBGP peers only C. To the EBGP peers and other clients only D. To the EBGP peers and other clients and non-clients Answer: C Explanation: Question 3. Which two BGP mechanisms are used to prevent routing loops when using a design with redundant route reflectors? (Choose two.) A. Cluster-list B. AS-Path C. Originator ID D. Community E. Origin Answer: A, C Explanation: Question 4. Which two statements correctly describe the BGP ttl-security feature? (Choose two.) A. This feature protects the BGP processes from CPU utilization-based attacks from EBGP neighbors which can be multiple hops away B. This feature prevents IBGP sessions with non-directly connected IBGP neighbors C. This feature will cause the EBGP updates from the router to be sent using a TTL of 1 D. This feature needs to be configured on each participating BGP router E. This feature is used together with the ebgp-multihop command Answer: A, D Explanation: Question 5. When implementing source-based remote-triggered black hole filtering, which two configurations are required on the edge routers that are not the signaling router? (Choose two.) A. A static route to a prefix that is not used in the network with a next hop set to the Null0 interface B. A static route pointing to the IP address of the attacker C. uRPF on all external facing interfaces at the edge routers D. Redistribution into BGP of the static route that points to the IP address of the attacker E. A route policy to set the redistributed static routes with the no-export BGP community Answer: A, C Explanation: Question 6. Refer to the topology diagram shown in the exhibit and the partial configurations shown below. Once the attack from 209.165.201.144/28 to 209.165.202.128/28 has been detected, which additional configurations are required on the P1 IOS-XR router to implement source-based remote-triggered black hole filtering? ! router bgp 123 address-family ipv4 unicast redistribute static route-policy test ! A. router static address-family ipv4 unicast 209.165.202.128/28 null0 tag 666 192.0.2.1/32 null0 tag 667 ! route-policy test if tag is 666 then set next-hop 192.0.2.1 endif if tag is 667 then set community (no-export) endif end-policy ! B. router static address-family ipv4 unicast 209.165.201.144/28 null0 tag 666 192.0.2.1/32 null0 tag 667 ! route-policy test if tag is 666 then set next-hop 192.0.2.1 endif if tag is 667 then set community (no-export) endif end-policy ! C. router static address-family ipv4 unicast 209.165.201.144/28 null0 tag 666 192.0.2.1/32 null0 ! route-policy test if tag is 666 then set next-hop 192.0.2.1 set community (no-export) endif end-policy D. router static address-family ipv4 unicast 209.165.202.128/28 null0 tag 666 192.0.2.1/32 null0 ! route-policy test if tag is 666 then set next-hop 192.0.2.1 set community (no-export) endif end-policy ! Answer: C Explanation: Question 7. In Cisco IOS-XR, the maximum-prefix command, to control the number of prefixes that can be installed from a BGP neighbor, is configured under which configuration mode? A. RP/0/RSP0/CPU0:P2(config-bgp)# B. RP/0/RSP0/CPU0:P2(config-bgp-af)# C. RP/0/RSP0/CPU0:P2(config-bgp-nbr)# D. RP/0/RSP0/CPU0:P2(config-bgp-nbr-af)# Answer: D Explanation: Question 8. In Cisco IOS-XR, the ttl-security command is configured under which configuration mode? A. RP/0/RSP0/CPU0:P2(config)# B. RP/0/RSP0/CPU0:P2(config-bgp)# C. RP/0/RSP0/CPU0:P2(config-bgp-nbr)# D. RP/0/RSP0/CPU0:P2(config-bgp-af)# E. RP/0/RSP0/CPU0:P2(config-bgp-nbr-af)# Answer: C Explanation: Question 9. Refer to the exhibit. Given the partial BGP configuration, which configuration correctly completes the Cisco IOS-XR route reflector configuration where both the 1.1.1.1 and 2.2.2.2 routers are the clients and the 3.3.3.3 router is a non-client IBGP peer? A. neighbor 1.1.1.1 remote-as 65123 route-reflector-client neighbor 2.2.2.2 remote-as 65123 route-reflector-client neighbor 3.3.3.3 remote-as 65123 B. neighbor 1.1.1.1 address-family ipv4 unicast remote-as 65123 route-reflector-client neighbor 2.2.2.2 address-family ipv4 unicast remote-as 65123 route-reflector-client neighbor 3.3.3.3 address-family ipv4 unicast remote-as 65123 C. neighbor 1.1.1.1 remote-as 65123 address-family ipv4 unicast route-reflector-client neighbor 2.2.2.2 remote-as 65123 address-family ipv4 unicast route-reflector-client neighbor 3.3.3.3 remote-as 65123 D. neighbor 1.1.1.1 remote-as 65123 neighbor 1.1.1.1 route-reflector-client neighbor 2.2.2.2 remote-as 65123 neighbor 2.2.2.2 route-reflector-client neighbor 3.3.3.3 remote-as 65123 Answer: C Explanation: Question 10. Which three methods can be used to reduce the full-mesh IBGP requirement in a service provider core network? (Choose three.) A. implement route reflectors B. enable multi-protocol BGP sessions between all the PE routers C. implement confederations D. implement MPLS (LDP) in the core network on all the PE and P routers E. enable BGP synchronization F. disable the IBGP split-horizon rule Answer: A, C, D Explanation:
|
Question 1. Refer to the OSPF command exhibit. Which effect does the no-summary command option have? A. It will cause area 1 to be able to receive non-summarized inter-area routes. B. It will cause area 1 to not receive any inter-area routes and will use a default route to reach networks in other areas. C. It will cause area 1 to not receive any external routes and will use a default route to reach the external networks. D. It will convert the NSSA area into a NSSA totally stubby area. E. It will convert the stubby area into a NSSA. F. It will disable OSPF auto-summary. Answer: B Explanation: Question 2. When troubleshooting OSPF neighbor errors, which three verification steps should be considered? (Choose three.) A. Verify if neighboring OSPF interfaces are configured in the same area. B. Verify if neighboring OSPF interfaces are configured with the same OSPF process ID. C. Verify if neighboring OSPF interfaces are configured with the same OSPF priority. D. Verify if neighboring OSPF interfaces are configured with the same hello and dead intervals. E. Verify if neighboring OSPF interfaces are configured with the same area type. Answer: A, D, E Explanation: Question 3. On Cisco IOS XR Software, which set of commands is used to enable the gi0/0/0/1 interface for OSPF in area 0? A. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ! router ospf 1 network 10.1.1.1 0.0.0.0 area 0 B. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ! router ospf 1 network 10.1.1.1 255.255.255.255 area 0 C. router ospf 1 area 0 interface GigabitEthernet0/0/0/1 D. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ip ospf 1 area 0 E. router ospf 1 address-family ipv4 unicast interface GigabitEthernet0/0/0/1 area 0 F. router ospf 1 address-family ipv4 unicast interface GigabitEthernet0/0/0/1 area 0 Answer: C Explanation: Question 4. Which three statements are true regarding the OSPF router ID? (Choose three.) A. The OSPF routing process chooses a router ID for itself when it starts up. B. The router-id command is the preferred procedure to set the router ID. C. If a loopback interface is configured, its address will always be preferred as the router ID over any other methods. D. After the router ID is set, it does not change, even if the interface that the router is using for the router ID goes down. The router ID changes only if the router reloads or if the OSPF routing process restarts. E. In OSPF version 3, the OSPF router ID uses a 128-bit number. Answer: A, B, D Explanation: Question 5. Which two OSPF network scenarios require OSPF virtual link configuration? (Choose two.) A. to connect an OSPF non-backbone area to area 0 through another non-backbone area B. to connect an NSSA area to an external routing domain C. to connect two parts of a partitioned backbone area through a non-backbone area D. to enable route leaking from Level 2 into Level 1 E. to enable route leaking from Level 1 into Level 2 F. to enable OSPF traffic engineering Answer: A, C Explanation: Question 6. What is function of the RP/0/RSP0/CPU0:PE1(config-ospf)#distance Cisco IOS-XR command? A. To modify the administrative distance of the OSPF routes B. To modify the default seed metric of the OSPF external routes C. To modify the OSPF default reference bandwidth D. To modify the OSPF cost Answer: A Explanation: Question 7. Which four statements are correct regarding IS-IS operations? (Choose four.) A. By default, Level 1 routers within an IS-IS area do not carry any routing information external to the area to which they belong. They use a default route to exit the area. B. Summarization should be configured on the Level 2 routers, which injects the Level 2 routes into Level 1. C. IS-IS supports "route leaking" in which selected Level 2 routes can be advertised by a Level 1/Level 2 router into Level 1. D. The IS-IS backbone is a contiguous collection of Level 1 capable routers, each of which can be in a different area. E. With IS-IS, an individual router is in only one area, and the border between areas is on the link that connects two routers that are in different areas. F. Cisco IOS XR Software supports multitopology for IPv6 IS-IS unless single topology is Explicitly configured in IPv6 address-family configuration mode. Answer: A, C, E, F Explanation: Question 8. When configuring IPv4 and IPv6 IS-IS routing on Cisco IOS XR routers, which three statements are correct? (Choose three.) A. By default, a single SPF is used for both IPv4 and IPv6, so the IPv4 and IPv6 topology should be the same. B. By default, the IS-IS router type is Level 1 and Level 2. C. All IS-IS routers within the same IS-IS area must be configured with the same IS-IS routing process instance ID. D. By default, metric-style narrow is used. E. By default, the IS-IS interface circuit type is Level 1 and Level 2. F. The area IS-IS address-family configuration command is used to specify the IS-IS area address. Answer: B, D, E Explanation: Question 9. Refer to the PE1 router routing table output exhibit. What is causing the i su 10.1.10.0/24 [115/30] via 0.0.0.0, 00:40:34, Null0 entry on the PE1 router routing table? A. The PE1 router is receiving the 10.1.10.0/24 summary route from the upstream L1/L2 IS-IS router. B. The PE1 router has been configured to summarize the 10.1.10.x/32 IS-IS routes to 10.1.10.0/24. C. The 10.1.10.0/24 has been suppressed because IS-IS auto-summary has been disabled on the PE1 router. D. The 10.1.10.0/24 has been suppressed because of a route policy configuration on the PE1 router. E. The 10.1.10.0/24 has been suppressed because the more specific 10.1.10.x/32 IS-IS routes have been configured to leak into the IS-IS non-backbone area. Answer: B Explanation: Question 10. In comparing IS-IS with OSPF, a Level-1-2 IS-IS router is similar to which kind of OSPF router? A. ASBR on a normal OSPF area B. ASBR on NSSA C. ABR on totally stubby OSPF area D. ABR on stubby OSPF area E. ABR on a normal OSPF area Answer: C Explanation:
|
Question 1. The following commands are issued on a Cisco Router: Router(configuration)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1 Router(configuration)#access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1 Router(configuration)#exit Router#debug ip packet 199 What will the debug output on the console show? A. All IP packets passing through the router B. Only IP packets with the source address of 10.1.1.1 C. All IP packets from 10.1.1.1 to 172.16.1.1 D. All IP Packets between 10.1.1.1 and 172.16.1.1 Answer: D Explanation: In this example, the “debug ip packet” command is tied to access list 199, specifying which IP packets should be debugged. Access list 199 contains two lines, one going from the host with IP address 10.1.1.1 to 172.16.1.1 and the other specifying all TCP packets from host 172.16.1.1 to 10.1.1.1. Question 2. What level of logging is enabled on a Router where the following logs are seen? %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up A. alerts B. critical C. errors D. notifications Answer: D Explanation: Cisco routers, switches, PIX and ASA firewalls prioritize log messages into 8 levels (0-7), as shown below: LevelLevel NameDescription 0 Emergencies System is unusable 1 Alerts Immediate action needed 2 Critical Critical conditions 3 Errors Error conditions 4 Warnings Warning conditions 5 Notifications Informational messages 6 Informational Normal but significant conditions 7 Debugging Debugging messages When you enable logging for a specific level, all logs of that severity and greater (numerically less) will be logged. In this case we can see that logging level of 3 (as seen by the 3 in “LINK-3-UPDOWN”) and level 5 (as seen by the 5 in “LINEPROTO-5-UPDOWN”) are shown, which means that logging level 5 must have been configured. As shown by the table, logging level 5 is Notifications. Question 3. You have the followings commands on your Cisco Router: ip ftp username admin ip ftp password backup You have been asked to switch from FTP to HTTP. Which two commands will you use to replace the existing commands? A. ip http username admin B. ip http client username admin C. ip http password backup D. ip http client password backup E. ip http server username admin F. ip http server password backup Answer: B, D Explanation: Configuring the HTTP Client Perform this task to enable the HTTP client and configure optional client characteristics. The standard HTTP 1.1 client and the secure HTTP client are always enabled. No commands exist to disable the HTTP client. For information about configuring optional characteristics for the HTTPS client, see the HTTPS-HTTP Server and Client with SSL 3.0, Release 12.2(15)T, feature module. SUMMARY STEPS 1. enable 2. configure terminal 3. ip http client cache {ager interval minutes | memory {file file-size-limit | pool pool-size-limit} 4. ip http client connection {forceclose | idle timeout seconds | retry count | timeout seconds} 5. ip http client password password 6. ip http client proxy-server proxy-name proxy-port port-number 7. ip http client response timeout seconds 8. ip http client source-interface type number 9. ip http client username username Reference: HTTP 1.1 Web Server and Client . http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_http_web.html Question 4. You have 2 NTP servers in your network - 10.1.1.1 and 10.1.1.2. You want to configure a Cisco router to use 10.1.1.2 as its NTP server before falling back to 10.1.1.1. Which commands will you use to configure the router? A. ntp server 10.1.1.1 ntp server 10.1.1.2 B. ntp server 10.1.1.1 ntp server 10.1.1.2 primary C. ntp server 10.1.1.1 ntp server 10.1.1.2 prefer A router can be configured to prefer an NTP source over another. A preferred server's responses are discarded only if they vary dramatically from the other time sources. Otherwise, the preferred server is used for synchronization without consideration of the other time sources. Preferred servers are usually specified when they are known to be extremely accurate. To specify a preferred server, use the prefer keyword appended to the ntp server command. The following example tells the router to prefer TimeServerOne over TimeServerTwo: Router#config terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ntp server TimeServerOne prefer Router(config)#ntp server TimeServerTwo Router(config)#^Z Question 5. The following command is issued on a Cisco Router: Router(configuration)#logging console warnings Which alerts will be seen on the console? A. Warnings only B. debugging, informational, notifications, warnings C. warnings, errors, critical, alerts, emergencies D. notifications, warnings, errors E. warnings, errors, critical, alerts Answer: C Explanation: Cisco routers prioritize log messages into 8 levels (0-7), as shown below: LevelLevel NameDescription 0 Emergencies System is unusable 1 Alerts Immediate action needed 2 Critical Critical conditions 3 Errors Error conditions 4 Warnings Warning conditions 5 Notifications Informational messages 6 Informational Normal but significant conditions 7 Debugging Debugging messages When you enable logging for a specific level, all logs of that severity and greater (numerically less) will be logged. In this case, when you enable console logging of warning messages (level 4), it will log levels 0-4, making the correct answer warnings, errors, critical, alerts, and emergencies. Question 6. Which two of the following options are categories of Network Maintenance tasks? A. Firefighting B. Interrupt-driven C. Policy-based D. Structured E. Foundational Answer: B, D Explanation: Proactive Versus Reactive Network Maintenance: Network maintenance tasks can be categorized as one of the following: Structured tasks: Performed as a predefined plan. Interrupt-driven tasks: Involve resolving issues as they are reported. Reference: CCNP TSHOOT Official Certification Guide, Kevin Wallace, Chapter 1, p.7 Question 7. You enabled CDP on two Cisco Routers which are connected to each other. The Line and Protocol status for the interfaces on both routers show as UP but the routers do not see each other a CDP neighbors. Which layer of the OSI model does the problem most likely exist? A. Physical B. Session C. Application D. Data-Link E. Network Answer: D Explanation: CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This feature enables applications to send SNMP queries to neighboring devices. In this case, the line protocol is up which means that the physical layer is operational (layer 1) but the data link layer is not. Reference: “Configuring CDP” http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/cdp.html Question 8. FCAPS is a network maintenance model defined by ISO. It stands for which of the following ? A. Fault Management B. Action Management C. Configuration Management D. Protocol Management E. Security Management Answer: A, C, E Explanation: The FCAPS maintenance model consists of the following: FCAPS Maintenance Tasks: Question 9. Which three management categories are contained in the FCAPS network maintenance model? (Choose three.) A. Config B. Fault C. Storage D. Accounting E. Redundancy F. Telecommunications Answer: A, B, D Explanation: Question 10. What is the result of configuring the logging console warning command? A. Messages with a severity level of 4 and higher will be logged to all available TTY lines. B. Only warning messages will be logged on the console. C. Warning, error, critical, and informational messages will be logged on the console. D. Warning, critical, alert, and emergency messages will be logged on the console. E. The logging console warning command needs to be followed in the configuration with logging buffered byte size to specify the message buffer size for the console. Answer: D Explanation:
|
Question 1. Which statement is true about RSTP topology changes? A. Any change in the state of the port generates a TC BPDU. B. Only nonedge ports moving to the forwarding state generate a TC BPDU. C. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated. D. Only edge ports moving to the blocking state generate a TC BPDU. E. Any loss of connectivity generates a TC BPDU. Answer: B Explanation: The IEEE 802.1D Spanning Tree Protocol was designed to keep a switched or bridged network loop free, with adjustments made to the network topology dynamically. A topology change typically takes 30 seconds, where a port moves from the Blocking state to the Forwarding state after two intervals of the Forward Delay timer. As technology has improved, 30 seconds has become an unbearable length of time to wait for a production network to failover or "heal" itself during a problem. Topology Changes and RSTP Recall that when an 802.1D switch detects a port state change (either up or down), it signals the Root Bridge by sending topology change notification (TCN) BPDUs. The Root Bridge must then signal a topology change by sending out a TCN message that is relayed to all switches in the STP domain. RSTP detects a topology change only when a nonedge port transitions to the Forwarding state. This might seem odd because a link failure is not used as a trigger. RSTP uses all of its rapid convergence mechanisms to prevent bridging loops from forming. Therefore, topology changes are detected only so that bridging tables can be updated and corrected as hosts appear first on a failed port and then on a different functioning port. When a topology change is detected, a switch must propagate news of the change to other switches in the network so they can correct their bridging tables, too. This process is similar to the convergence and synchronization mechanism-topology change (TC) messages propagate through the network in an everexpanding wave. Question 2. Refer to the exhibit. Which four statements about this GLBP topology are true? (Choose four.) A. Router A is responsible for answering ARP requests sent to the virtual IP address. B. If router A becomes unavailable, router B forwards packets sent to the virtual MAC address of router A. C. If another router is added to this GLBP group, there would be two backup AVGs. D. Router B is in GLBP listen state. E. Router A alternately responds to ARP requests with different virtual MAC addresses. F. Router B transitions from blocking state to forwarding state when it becomes the AVG. Answer: A, B, D, E Explanation: With GLBP the following is true: With GLB, there is 1 AVG and 1 standby VG. In this case Company1 is the AVG and Company2 is the standby. Company2 would act as a VRF and would already be forwarding and routing packets. Any additional routers would be in a listen state. As the role of the Active VG and load balancing, Company1 responds to ARP requests with different virtual MAC addresses. In this scenario, Company2 is the Standby VF for the VMAC 0008.b400.0101 and would become the Active VF if Company1 were down. As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP address. As an AVF router Company2 is already forwarding/routing packets Question 3. Refer to the exhibit. Which VRRP statement about the roles of the master virtual router and the backup virtual router is true? A. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, router B maintains the role of master virtual router. B. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, it regains the master virtual router role. C. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, router A maintains the role of master virtual router. D. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, it regains the master virtual router role. Answer: B Explanation: Question 4. Which description correctly describes a MAC address flooding attack? A. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the destination address found in the Layer 2 frames sent by the valid network device. B. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the source address found in the Layer 2 frames sent by the valid network device. C. The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device. D. The attacking device spoofs a source MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device. E. Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports. F. Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports. Answer: F Explanation: Question 5. Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack? A. All switch ports in the Building Access block should be configured as DHCP trusted ports. B. All switch ports in the Building Access block should be configured as DHCP untrusted ports. C. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports. D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports. E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports. F. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports. Answer: D Explanation: One of the ways that an attacker can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCP requests. The legitimate server may reply also, but if the spoofing device is on the same segment as the client, its reply to the client may arrive first. The intruder’s DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or Domain Name System (DNS) server. In the case of a gateway, the clients will then forward packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a “man-in-the-middle” attack, and it may go entirely undetected as the intruder intercepts the data flow through the network. Untrusted ports are those that are not explicitly configured as trusted. A DHCP binding table is built for untrusted ports. Each entry contains the client MAC address, IP address, lease time, binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses, such as DHCPOFFER, DHCPACK, DHCPNAK. Question 6. Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. However, the servers do need to communicate with a database server located in the inside network. Which configuration isolates the servers from each other? A. The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. B. The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN community ports. Answer: A Explanation: Service providers often have devices from multiple clients, in addition to their own servers, on a single Demilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to provide traffic isolation between devices, even though they may exist on the same Layer 3 segment and VLAN. Catalyst 6500/4500 switches implement PVLANs to keep some switch ports shared and some switch ports isolated, although all ports exist on the same VLAN. The 2950 and 3550 support “protected ports,” which are functionality similar to PVLANs on a perswitch basis. A port in a PVLAN can be one of three types: Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN, except for the promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports. Traffic received from an isolated port is forwarded to only promiscuous ports. Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the community and isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, given that all devices in the PVLAN will need to communicate with that port. Community: Community ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities, or in isolated ports within their PVLAN. Question 7. What does the command udld reset accomplish? A. allows a UDLD port to automatically reset when it has been shut down B. resets all UDLD enabled ports that have been shut down C. removes all UDLD configurations from interfaces that were globally enabled D. removes all UDLD configurations from interfaces that were enabled per-port Answer: B Explanation: Question 8. Refer to the exhibit. Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ? A. The spoof packets are inspected at the ingress port of switch SW_A and are permitted. B. The spoof packets are inspected at the ingress port of switch SW_A and are dropped. C. The spoof packets are not inspected at the ingress port of switch SW_A and are permitted. D. The spoof packets are not inspected at the ingress port of switch SW_A and are dropped. Answer: C Explanation: When configuring DAI, follow these guidelines and restrictions: • DAI is an ingress security feature; it does not perform any egress checking. • DAI is not effective for hosts connected to routers that do not support DAI or that do not have this feature enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate the domain with DAI checks from the one with no checking. This action secures the ARP caches of hosts in the domain enabled for DAI. • DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have dynamically assigned IP addresses. • When DHCP snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny packets. • DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. In our example, since Company2 does not have DAI enabled (bullet point 2 above) packets will not be inspected and they will be permitted. Reference: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/dynarp.html Question 9. Which statement is true about Layer 2 security threats? A. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points. B. DHCP snooping sends unauthorized replies to DHCP queries. C. ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection. D. Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks. E. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host. F. Port scanners are the most effective defense against Dynamic ARP Inspection. Answer: E Explanation: First of all, MAC spoofing is not an effective counter-measure against any reconnaissance attack; it IS an attack! Furthermore, reconnaissance attacks don't use dynamic ARP inspection (DAI); DAI is a switch feature used to prevent attacks. Question 10. What does the global configuration command ip arp inspection vlan 10-12,15 accomplish? A. validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15 B. intercepts all ARP requests and responses on trusted ports C. intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings D. discards ARP packets with invalid IP-to-MAC address bindings on trusted ports Answer: C Explanation: The “ip arp inspection” command enables Dynamic ARP Inspection (DAI) for the specified VLANs. DAI is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain "man-in-themiddle" attacks. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/dynarp.html
|
Question 1. Within a QoS policy-map configuration, one of the traffic classes is configured with the randomdetect dscp-based configuration command. What will that command accomplish? A. provides congestion management by queueing the traffic using CBWFQ B. provides congestion management by queueing the traffic using LLQ C. decreases the probability of congestion by selectively dropping TCP packets before the queue is full D. provides congestion avoidance by selectively delaying the delivery of packets with lower DSCP priority E. decreases congestion by avoiding global UDP synchronization Answer: C Explanation: Question 2. What are three benefits of IntServ and RSVP? (Choose three.) A. RSVP helps network devices identify dynamic port numbers. B. IntServ networks will reject or downgrade new RSVP sessions if all reservable bandwidth is booked somewhere in a path. C. RSVP signaling is a scalable way to ensure all devices maintain an accurate picture of the network state. D. They enable the network to guarantee necessary QoS to individual data flows. E. The IntServ class-based approach is easy to design and implement. Answer: A, B, D Explanation: Question 3. Which statement about the rates and statistics (such as match, transmit, drop, and police) shown in the show policy-map interface output is true? A. The rates are computed as a moving average of instantaneous rates. B. The rates are displayed in real time, which matches the actual traffic rate. C. The matched statistics of the packet can be cleared only when the router reboots. D. The matched statistics of the packet are displayed in real time. E. The traffic policing statistics are displayed in real time. Answer: A Explanation: Question 4. Which four factors can be used for packet classification in a QoS-aware network device? (Choose four.) A. source address B. destination address C. DSCP D. TTL E. MQC F. IP precedence Answer: A, B, C, F Explanation: Question 5. What are the three primary types of faults associated with QoS fault management? (Choose three.) A. classification faults B. buffer faults C. queue faults D. marking faults E. assurance faults F. physical faults Answer: A, D, E Explanation: Question 6. Which are the two locations where the SP network device always trusts the QoS markings from its upstream neighbor? (Choose two.) A. at the ingress PE B. at the egress PE C. in the SP core D. at the ingress CE E. at the egress CE Answer: B, C Explanation: Question 7. Which of these correctly describes traffic classification using qos-group? A. qos-group marking is automatically mapped to MPLS EXP marking. B. qos-group is only applicable to an MPLS-enabled router. C. qos-group marking value ranges from 0 to 7. D. qos-group is local to the router. Answer: D Explanation: Question 8. Which two IP SLA Probe types can be used to measure voice quality? (Choose two.) A. HTTP B. ICMP Path Jitter C. UDP Echo D. UDP Jitter E. UDP Delay F. UDP MOS Answer: B, D Explanation: Question 9. Refer to the exhibit. Traffic in CLASS-B is not getting a minimum bandwidth of 192 kb/s in this policy map. What can be done to correct this? A. No changes are needed, the site is already correct. B. The shape peak command should be used instead of the shape average command. C. Set the shape rate to a CIR higher than 192 kb/s. D. Decrease the maximum queue size. Answer: C Explanation: Question 10. Which of these describes Short Pipe mode in QoS for MPLS VPN service providers? A. Service provider can remark customer DSCP values. B. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE-to-CE policies are based on service provider markings. C. The customer and service provider share the same DiffServ domain. D. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE-to-CE policies are based on customer markings. Answer: D Explanation:
|
Question 1. Which two-stage configuration process is correct in Cisco IOS XR Software? A. Enter configuration mode, then make configuration changes. B. Make configuration changes, then enter "commit" to make configuration changes persist. C. Make configuration changes, then enter "copy run start" to make configuration changes persist. D. Enter admin mode, then make configuration changes. Answer: B Explanation: Question 2. Which command displays the target configuration in Cisco IOS XR Software? A. show config B. show running-config C. show config running D. show config merge Answer: A Explanation: Question 3. What will happen if a new version of Cisco IOS XR Software is installed and activated, and then the router reloads? A. When the router comes back, the new version is loaded and the old and new versions are on disk0. B. When the router comes back, the new version is loaded and only the new version is on disk0. C. When the router comes back, the old version is loaded and the old and new versions are on disk0. D. When the router comes back, the old version is loaded and only the old version is on disk0. Answer: C Explanation: Question 4. When is it appropriate to use the commit replace command? A. When you want to replace the existing configuration for an ipv4 address on an interface. B. When you want to replace all configurations under router ospf. C. When you want to replace the entire running configuration with the target configuration. D. The commit replace command does the same as the commit command. Answer: C Explanation: Question 5. Refer to the exhibit. If all else are good, where could the problem be if a user in the 192.168.0.0/16 subnet reports that they are not able to connect to the router using Telnet? A. MPP should be configured as out-of-band. B. Interface GigabitEthernet0/2/0/1 should allow 192.168.0.0/16 address space when using Telnet. C. Telnet traffic is going through other interfaces that are not configured in MPP. D. Interface GigabitEthernet0/2/0/0 should allow 192.168.0.0/16 address space. E. SNMP peer is not configured to "allow" on interface GigabitEthernet0/2/0/1 which prohibits Telnet Answer: C Explanation: Question 6. At which SONET layer would you expect to see B3 errors? A. physical B. segment C. line D. path Answer: D Explanation: Question 7. What is a common cause of increasing NEWPTR errors on a POS interface? A. dirty fiber B. incorrect timing C. Tx and Rx swapped D. wrong fiber type Answer: B Explanation: Question 8. What is the range of DLCIs that are available for subscribers to configure on a Cisco IOS Frame Relay subinterface? A. 0-1024 B. 1-2048 C. 0-991 D. 16-1007 Answer: D Explanation: Question 9. What is the acronym commonly used to identify a prearranged agreement between a service team and an external service provider? A. SLA B. OLA C. UC D. SLM E. CICS Answer: C Explanation: Question 10. According to the ITIL® v3 framework, a change that has an "approved" status has met which criteria? A. The lab testing and operational assessments have been completed, and the change has been approved and committed to the change scheduler. B. The operational testing and technical assessments have been completed, and the change has been approved and committed to the change scheduler. C. The business and technical assessments have been completed, and the change has been approved and committed to the change scheduler. D. The lab testing and technical assessments have been completed, and the change has been approved but is not yet committed to the change scheduler. Answer: C Explanation:
|
Question 1. Which two issues may need to be considered when using DAS to support location-tracking services? (Choose two.) A. Third-party antennas may reduce RF cell size but provide location accuracy. B. Additional monitor-mode APs may be necessary to obtain desired location accuracy. C. Wi-Fi RF channel selection is critical when using DAS if multiple wireless services are supported in the same antenna group. D. Multiple connections are required into a common DAS for 802.11n support. E. Linear DAS deployment can reduce your location accuracy. Answer: B, E Explanation: Question 2. Which issue may lead to inconsistent wireless client locations being reported by Cisco WCS v7.0? A. Roaming between APs is controlled by different controllers. B. A mix of APs is configured for monitor and local mode. C. The wireless client does not transmit a probe request to all channels. D. The wireless client is not compliant with Cisco Compatible Extensions. E. The wireless client does not associate. Answer: C Explanation: Question 3. Which three options describe ways in which the Cisco Compatible Extensions S36 message is used in Cisco WLC v7.0? (Choose three.) A. for WGB location B. by Cisco WCS for calibration C. for location tracking of wireless tags D. only on 802.11b/g/n E. on 802.11a/b/g/n F. by Cisco Compatible Extensions v4 and above G. by Cisco Compatible Extensions v2 and above Answer: B, E, G Explanation: Question 4. You have a customer interested in adding RFID tags to track the movement of containers of work in process in their manufacturing facility. Which type of RFID tags and which Wi-Fi band are most appropriate using their existing Cisco Unified Wireless Network based on v7.0? (Choose two.) A. passive RFID tags B. semipassive RFID tags C. active RFID tags D. 900 MHz E. 2.4 GHz F. 5 GHz Answer: C, E Explanation: Question 5. A calibration model has been created for a specific floor in Cisco WCS v7.0. Which two events are more likely to affect location accuracy and compel a new calibration? (Choose two.) A. additional local mode APs installed B. changes in office interior walls location and type C. additional monitor mode APs installed D. change in inventory type stocked in warehouse E. compass direction change in omnidirectional antenna Answer: B, D Explanation: Question 6. What are the two message formats that a Cisco WCS v7.0 can use to send a context-aware tracking event notification to an external destination? (Choose two.) A. XML B. plaintext C. XLS D. PDF E. JPEG F. CSV Answer: B, C Explanation: Question 7. Which two descriptions are examples of how location services can be adjusted at the Cisco WLC v7.0? (Choose two.) A. Disable RFID tag tracking if there are no tags in the respective locations of the controller APs. B. Disable wireless client tracking if there are no requirements for the respective locations of the controller APs. C. Increase RFID timeouts from defaults if tags are beaconing at 30 seconds. D. Decrease RFID timeouts from defaults if tags are beaconing at 30 seconds. Answer: A, D Explanation: Question 8. If the wired infrastructure network latency becomes an issue, which adjustments can be made for collection of location information using Cisco WCS v7.0? A. Adjust SNMP timers on Cisco WCS. B. Adjust SNMP timers on the Cisco 3300 Series MSE. C. Adjust SNMP timers on Cisco WLC. D. Adjust LOCP timers on Cisco WLC. E. Adjust LOCP timers on Cisco MSE. F. Adjust NMSP timers on Cisco WLC. G. Adjust NMSP timers on Cisco MSE. Answer: F Explanation: Question 9. Refer to the exhibit. To provide the best coverage for location-tracking services, where should the APs be located? A. Deploy the APs down the center of the corridor with omnidirectional antennas to maximize location-tracking coverage. B. Stagger the APs in the offices using directional antennas so that each AP has a view of the sector of the floor that it is responsible to cover. C. Deploy the APs along the edge of the building with directional antennas pointing into the building to cover sectors of the floor. D. Deploy the APs in a staggered formation with omnidirectional antennas so that they have a surrounding view with minimal obstruction. E. Deploy the APs on the sides of steel or concrete interior columns with directional antennas to eliminate the columns from the coverage area. Answer: D Explanation: Question 10. The Cisco 3300 Series MSE v7.0 receives three RSSI measurements that are higher than -75 dBm for a given device and multiple measurements that are lower than -75 dBm. How does Cisco MSE perform the location calculation? A. Cisco MSE uses all the RSSI values that are received. B. Cisco MSE uses only the RSSI values that are higher than -75 dBm. C. Cisco MSE uses the three RSSI values that are higher than -75 dBm and the best RSSI that is lower than -75 dBm. D. Cisco MSE uses the three RSSI values that are higher than -75 dBm and the average of the RSSI values that are lower than -75 dBm. E. Cisco MSE takes in all the RSSI values for a given device and averages all the values. Answer: C Explanation:
|
Question 1. Which statement is correct concerning the trusted network detection (TND) feature? A. The Cisco AnyConnect 3.0 Client supports TND on Windows, Mac, and Linux platforms. B. With TND, one result of a Cisco Secure Desktop basic scan on an endpoint is to determine whether a device is a member of a trusted or an untrusted network. C. If enabled, and a CSD scan determines that a host is a member of an untrusted network, an administrator can configure the TND feature to prohibit an end user from launching the Cisco AnyConnect VPN Client. D. When the user is inside the corporate network, TND can be configured to automatically disconnect a Cisco AnyConnect session. Answer: D Explanation: Question 2. Refer to the exhibit. You are configuring a laptop with the Cisco VPN Client, which uses digital certificates for authentication. Which protocol does the Cisco VPN Client use to retrieve the digital certificate from the CA server? A. FTP B. LDAP C. HTTPS D. SCEP E. OCSP Answer: D Explanation: Question 3. When using clientless SSL VPN, you might not want some applications or web resources to go through the Cisco ASA appliance. For these application and web resources, as a Cisco ASA administrator, which configuration should you use? A. Configure the Cisco ASA appliance for split tunneling. B. Configure network access exceptions in the SSL VPN customization editor. C. Configure the Cisco ASA appliance to disable content rewriting. D. Configure the Cisco ASA appliance to enable URL Entry bypass. E. Configure smart tunnel to bypass the Cisco ASA appliance proxy function. Answer: C Explanation: Question 4. Refer to the exhibit. The "level_2" digital certificate was installed on a laptop. What can cause an "invaliD. not active" status message? A. On first use, a CA server-supplied passphrase is entered to validate the certificate. B. A "newly installed" digital certificate does not become active until it is validated by the peer device upon its first usage. C. The user has not clicked the Verify button within the Cisco VPN Client. D. The CA server and laptop PC clocks are out of sync. Answer: D Explanation: Question 5. Refer to the exhibit. A NOC engineer is in the process of entering information into the Create New VPN Connection Entry fields. Which statement correctly describes how to do this? A. In the Connection Entry field, enter the name of the connection profile as it is specified on the Cisco ASA appliance. B. In the Host field, enter the IP address of the remote client device. C. In the Authentication tab, click the Group Authentication or Mutual Group Authentication radio button to enable symmetrical pre-shared key authentication. D. In the Name field, enter the name of the connection profile as it is specified on the Cisco ASA appliance. Answer: D Explanation: Question 6. Refer to the exhibit. A new NOC engineer is troubleshooting a VPN connection. Which statement about the fields within the Cisco VPN Client Statistics screen is correct? A. The ISP-assigned IP address of 10.0.21.1 is assigned to the VPN adapter of the PC. B. The IP address of the security appliance to which the Cisco VPN Client is connected is 192.168.1.2. C. CorpNet is the name of the Cisco ASA group policy whose tunnel parameters the connection is using. D. The ability of the client to send packets transparently and unencrypted through the tunnel for test purposes is turned off. E. With split tunneling enabled, the Cisco VPN Client registers no decrypted packets. Answer: B Explanation: Question 7. An XYZ Corporation systems engineer, while making a sales call on the ABC Corporation headquarters, tried to access the XYZ sales demonstration folder to transfer a demonstration via FTP from an ABC conference room behind the firewall. The engineer could not reach XYZ through the remote-access VPN tunnel. From home the previous day, however, the engineer did connect to the XYZ sales demonstration folder and transferred the demonstration via IPsec over DSL. To get the connection to work and transfer the demonstration, what should the engineer do? A. Change the MTU size on the IPsec client to account for the change from DSL to cable transmission. B. Enable the local LAN access option on the IPsec client. C. Enable the IPsec over TCP option on the IPsec client. D. Enable the clientless SSL VPN option on the PC. Answer: C Explanation: Question 8. Refer to the exhibit. While configuring a site-to-site VPN tunnel, a new NOC engineer encounters the Reverse Route Injection parameter. Assuming that static routes are redistributed by the Cisco ASA to the IGP, what effect does enabling Reverse Route Injection on the local Cisco ASA have on a configuration? A. The local Cisco ASA advertises its default routes to the distant end of the site-to-site VPN tunnel. B. The local Cisco ASA advertises routes from the dynamic routing protocol that is running on the local Cisco ASA to the distant end of the site-to-site VPN tunnel. C. The local Cisco ASA advertises routes that are at the distant end of the site-to-site VPN tunnel. D. The local Cisco ASA advertises routes that are on its side of the site-to-site VPN tunnel to the distant end of the site-to-site VPN tunnel. Answer: C Explanation: Question 9. Refer to the exhibit. A NOC engineer needs to tune some prelogin parameters on an SSL VPN tunnel. From the information that is shown, where should the engineer navigate to find the prelogin session attributes? A. "engineering" Group Policy B. "contractor" Connection Profile C. "engineer1" AAA/Local Users D. DfltGrpPolicy Group Policy Answer: B Explanation: Question 10. Refer to the exhibit. A NOC engineer needs to tune some postlogin parameters on an SSL VPN tunnel. From the information shown, where should the engineer navigate to, in order to find all the postlogin session parameters? A. "engineering" Group Policy B. "contractor" Connection Profile C. DefaultWEBVPNGroup Group Policy D. DefaultRAGroup Group Policy E. "engineer1" AAA/Local Users Answer: A Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.