|
Question 1.
You have a CES2700 in your central office with about 1700 CES1100's at remote branch offices. All of the CES1100's have a nailed-up Peer-to-Peer branch office tunnel to the central office. You are using AES with Group 8 on the tunnels for security and the re-key timer is set to 1 hour. As more as more tunnels are activated, you noticed that CPU utilization increases significantly and network performance has begun to slightly degrade.
What is the best initial setup in trying to increase network performance and reduce the load on the CPU without making a significant sacrifice in security?
A. Increase the re-key timer to 8 hours.
B. Upgrade the CES2700 to a CES5000.
C. Deploy a second CES2700 and move half of the tunnels to the second switch.
D. Change the level of security used on the tunnels to 3DES with Group 7 (ECC 163-bit field).
Answer: A
Question 2.
The new Director of IT at your company has informed you that the use of PFS (Perfect Forward Secrecy) will be a security requirement on all of the company's branch office tunnel configurations.
What added security benefit does PFS offer to branch office tunnels?
A. The Contivity switch will encrypt the IKE phase I negotiations.
B. The session key will automatically be renegotiated between every packet.
C. The Contivity switch will place an outer encrypted header around the original encrypted
header.
D. The compromise of one or both of the session keys will not allow previous session keys to be
broken.
Answer: D
Question 3.
The following message has been displayed on a Contivity switch:
"Warning: System CA certificates may have been tempered with, please reinstall!"
What setup should be taken to verify whether a certificate has, or has not been, tempered with?
A. Recover the certificate and verify that the fingerprint identifier matches the previous identifier.
B. Reinstall the certificate and verify that the new fingerprint identifier matches the previous
identifier.
C. Verify the certificate's fingerprint identifier matches with the fingerprint supplied directly by the
certificate's issuer.
D. Verify the certificate's issuer and the certificate issuer's serial numbers is that of the configured
Certification Authority (CA).
Answer: C
Question 4.
You are attempting to establish a VPN user tunnel to a Contivity 1700 using the Contivity VPN Client. When trying to login, a popup window appears with the following message:
Login Failure due to: Remote host not responding.
What are the two probable causes for this Login Failure? (Choose two.)
A. The user password is not correct.
B. The Contivity 1700 is not accessible.
C. User Datagram Protocol (UDP) port 500 is blocked.
D. The Group Security Authorization is mis-configured.
Answer: A, B
Question 5.
You have configured an Ipsec peer to peer branch office tunnel between a Contivity 4600 and a Contivity 1700.
When the tunnel tries to initiate, you receive the following message in the Contivity 4600's event log:
ISAKMP [13] No proposal chosen in message from X.X.X.X
Which condition will generate this message?
A. A remote branch office gateway rejected your gateway's attempt to authenticate.
B. The encryption types proposed by the remote branch office do not match the encryption types
configured locally.
C. One side of the connection is configured to support dynamic routing while the other side is
configured fro static routing.
D. The proposal made by the local gateway has been rejected by a remote branch office
gateway, or by an IPsec implementation from another vendor.
Answer: B
Question 6.
You are tasked with configuring a Contivity 4600 to connect to a frame relay gateway. You want to gateway type to be user configurable, with the gateway type determining both the LMI format and the FECN/BECN processing.
When configuring the frame relay interface, how must the connection type be set?
A. direct
B. looped
C. switched
D. non-switched
Answer: C
Question 7.
User at a remote location can not access their local mail server or print locally when they are tunneled into their corporate LAN via a gateway Contivity 1700.The elements have the following addresses:
-mail server (10.23.23.5)
-print locally (10.23.23.6)
-corporate LAN (192.168.1.0)
To allow access to the local servers and remain tunneled into the corporate LAN, which accessible addresses (es) should be used if split tunneling is configured?
A. 10.23.23.0
B. 192.168.1.0
C. 192.168.1.255
D. 10.23.23.5 and 10.23.23.6
Answer: B
Question 8.
Which Branch Office network design provides redundancy with the lowest system overhead?
A. Full Mesh
B. Hub and Spoke
C. Redundant full mesh
D. Redundant hub and spoke
Answer: D
Question 9.
The load balance and fail over features available for user tunnels apply to clients connecting through which method?
A. SSL
B. Private interface
C. Nortel Networks Contivity VPN client
D. Microsoft dial-up networking PPTP client
Answer: C
Question 10.
Your customer has asked for your assistance in configuring a PPPoE interface on a Contivity 1050. You have researched PPPoE specifications and determined the PPPoE enforces an MTU size of 1492 bytes. For this reason, all PC's that connect to the Contivity also need to enforce an MTU of 1942 bytes, instead 1500 bytes.
What are two ways to set the parameters on the Contivity to address this need? (Choose two.)
A. Use the pppoe ip tcp adjust-mss enable? Command in the CLI.
B. Use the adjust MTU size setting on the interface being used by PPPoE.
C. Enable the TCP MSS Option in the GUI under System > LAN > Add PPPoE Interface.
D. Enable the UDP MTU Option in the GUI under System > LAN > Add PPPoE Interface.
Answer: A, B
Question 11.
A technician wants to specify and control network traffic by class so that certain types of traffic receive precedence in a Contivity configuration. The technician plans to accomplish this control by utilizing a protocol that uses the TOS field in the IP packet header to notify network devices which "Per-hop Behavior" to apply to each outing traffic flow.
Assuming the Advanced Routing license has been purchased for this system, which protocol will provide the required functionality?
A. DiffServ
B. Call Admission Protocol (CAP)
C. Network Address Translation (NAT)
D. Resource Reservation Protocol (RSVP)
Answer: A
Question 12.
A technician wants to ensure a certain level of latency and bandwidth allocation in a Contivity configuration based on weighted fair queuing (WFQ) and weighted random early detection (WRED).
Which QoS mechanism should be utilized?
A. Forwarding Priority
B. Call Acceptance Priority
C. Resource Reservation Priority
D. Bandwidth Management Priority
Answer: A
Question 13.
A QoS strategy is being established for a Contivity network in a MAN environment. For this particular situation, aspects of both DiffServ and Forwarding Priority would be helpful.
What consideration must be given to DiffServ and Forwarding Priority in this scenario?
A. DiffServ can not be configured if Forwarding Priority is enabled.
B. Only DiffServ or Forwarding Priority can be active at any one time.
C. If both are active, DiffServ takes precedence over Forwarding Priority.
D. If both are active, Forwarding Priority takes precedence over DiffServ.
Answer: B
Question 14.
A technician is utilizing Call Admission Priority as a QoS mechanism on a Contivity system.
Which definition best describes this feature?
A. Call Admission Priority prioritizes acceptance of incoming connections on a per-group basis.
B. Call Admission Priority allows an administrator to provision specific subscription rates on a per-
tunnel basis.
C. Call Admission Priority is a signaling protocol used to reserve the required bandwidth on an
end-to-end network.
D. Call Admission Priority is an internal QoS mechanism that assures a certain level of latency
band bandwidth allocation based on weighted fair queuing (WFQ) and weighted random early
detection.
Answer: A
Question 15.
A customer's Contivity system is operating in a Ethernet network. Traffic flow within the LAN is prioritized so that higher priority traffic is queued ahead of lower priority traffic according to 802.1p specifications. If a packet enters the Contivity and is marked with priority 1, and other traffic arrives and is marked with priority 7, how will the traffic be handled?
A. Priority 1 traffic is never queued.
B. Priority 7 traffic is never queued.
C. Priority 1 traffic will be queued ahead of priority 7 traffic.
D. Priority 7 traffic will be queued ahead of priority 1 traffic.
Answer: C
|
Question 1. Which of the following best describe the customer benefits of change management in the operate phase? A. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases for use in verifying that the system meets operational, functional, and interface requirements B. improve its ability to make sound financial decisions by developing a business case based on its business requirements and establishing a basis for developing a technology strategy C. reduce operating costs and limit change. related incidents by providing a consistent and efficient set of processes D. improve the return on investment and hasten migration by identifying and planning for necessary infrastructure changes and resource additions, as well as reduce deployment costs by analyzing gaps early in the planning process to determine what is needed to support the system Answer: C Question 2. Which of these is the best definition of the Cisco Lifecycle Services approach? A. It defines the minimum set of services required to successfully deploy and operate a set of Cisco technologies. B. It determines how best to price Cisco products. C. It provides partners with a useful way to leverage Cisco resources. D. It consists of these phases: plan, deploy, support, and troubleshoot. Answer: A Question 3. What two types of telephony interfaces are used for PSTN connectivity? (Choose two.) A. Digital B. Optical C. Analog D. CDMA Answer: A, C Question 4. Which statement correctly describes the keys witch model of deployment for call processing? A. All IP Phones are able to answer any incoming PSTN call on any line B. PSTN calls are routed through a receptionist or automated attendant. C. All IP Phones in the system have a single unique extension number. Answer: A Question 5. Which definition best describes the implementation service component within the implement phase? A. providing a step-by-step plan that details the installation and service. commission tasks required in order to create a controlled. implementation environment that emulates a customer network B. assessing the ability of site facilities to accommodate proposed infrastructure changes C. developing and executing proof-of-concept tests, validating high-level infrastructure design, and identifying any design enhancements D. Installing, configuring and integrating systems components based on an implementation plan developed in earlier phases E. improving a customer's infrastructure security system Answer: D Question 6. A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired. Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage? A. full mesh B. partial mesh C. point-to-multipoint D. huB. anD.spoke Answer: D Question 7. How can the proper configuration of Voice Mail be tested at an end user's IP phone? A. Press the "i" button. B. Press the "Settings" button. C. Press the "Services" button. D. Press the "Messages" button Answer: D Question 8. In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed? A. distribution layer B. core layer C. access layer D. network management functional module Answer: A Question 9. Which of these is an accurate list of Cisco Lifecycle Services phases? A. initiation, planning, analysis, design, development, implementation, operations and maintenance B. project planning, site assessment, risk assessment, solution selection and acquisition, testing, and operations C. Prepare, plan design implement operate, and optimize D. analysis, design, deployment, testing, implementation, and production I E. presales, project planning, development, implementation, operations testing, and operations signoff Answer: C Question 10. What port role assignment would you make for the Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System? A. IP Phone and desktop B. Cisco UC520 C. Cisco CE520 D. Cisco 871W Answer: B
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.