Month: July 2016
Flydumps Cisco Certification CheckPoint 156-315 exam questions which contain almost 100% correct answers are tested and approved by senior Cisco lecturers and experts. They have been devoting themselves to providing candidates with the best study materials to make sure what they get are valuable.
QUESTION 77
In NGX, what happens if a Distinguished Name (ON) is NOT found in LADP?
A. NGX takes the common-name value from the Certificate subject, and searches the LADP account unit for a matching user id
B. NGX searches the internal database for the username
C. If the first request fails or if branches do not match, NGX tries to map the identity to the user id attribute
D. When users authenticate with valid Certificates, the Security Gateway tries to map the identities with users registered in the extemal LADP user database
E. The Security Gateway uses the subject of the Certificate as the ON for the initial lookup
Correct Answer: C
QUESTION 78
Which command allows you to view the contents of an NGX table?
A. fw tab -s <tablename>-
B. fw tab -t <tablename>-
C. fw tab -u <tablename>-
D. fw tab -a <tablename>-
E. fw tab -x <tablename>-
Correct Answer: C
QUESTION 79
Jack’s project is to define the backup and restore section of his organization’s disaster recovery plan for his organization’s distributed NGX installation. Jack must meet the following required and desired objectives.
*
Required Objective The security policy repository must be backed up no less frequent~ than every 24 hours
*
Desired Objective The NGX components that enforce the Security Policies should be backed up no less frequently than once a week
*
Desired Objective Back up NGX logs no less frequently than once a week Jack’s disaster recovery plan is as follows. See exhibit.
Jack’s plan:
A. Meets the required objective but does not meet either desired objective
B. Does not meet the required objective
C. Meets the required objective and only one desired objective
D. Meets the required objective and both desired objectives
Correct Answer: D QUESTION 80
The following is cphaprobstate command output from a New Mode High Availability cluster member:
Which machine has the highest priority?
A. 192.168.1.2,since its number is 2
B. 192.168.1.1,because its number is 1
C. This output does not indicate which machine has the highest priority
D. 192.168.1.2, because its state is active
Correct Answer: B
QUESTION 81
What do you use to view an NGX Security Gateway’s status, including CPU use, amount of virtual memory, percent of free hard-disk space, and version?
A. SmartLSM
B. SmartViewTracker
C. SmartUpdate
D. SmartViewMonitor
E. SmartViewStatus
Correct Answer: D
QUESTION 82
Which of the following commands is used to restore NGX configuration information?
A. cpcontig
B. cpinfo-i
C. restore
D. fwm dbimport
E. upgrade_import
Correct Answer: E
QUESTION 83
Eric wants to see all URLs’ ful destination path in the SmartView Tracker logs, not just the fully qualified domain name of the web servers. For Example, the information field of a log entry displays the URL http://hp.msn.com/css/home/hpcl1012.css. How can Eric best customize SmartView Tracker to see the logs he wants? Configure the URl resource, and select
A. “transparent” asthe connection method
B. “tunneling”as the connection method
C. “optimize URL logging”; use the URI resource in the rule, with action “accept”
D. “Enforce URI capability”; use the URI resource in the rule,with action “accept”
Correct Answer: C
QUESTION 84
Which of the following commands shows full synchronizalion status?
A. cphaprob -i list
B. cphastop
C. fw ctl pstat
D. cphaprob -a if
E. fw hastat
Correct Answer: C
QUESTION 85
Which VPN Community object is used to configure VPN routing within the SmartDashboard?
A. Star
B. Mesh
C. Remote Access
D. Map
Correct Answer: A
QUESTION 86
If you are experiencing LDAP issues, which of the following should you check?
A. Secure lnternal Cornrnunicalions(SIC)
B. VPN tunneling
C. Overlapping VPN Domains
D. NGX connectivity
E. VPN Load Balancing
Correct Answer: E
QUESTION 87
How can you reset the password of the Security Administrator, which was created during initial installation of the SmartCenter Server on SecurePlattform?
A. Launch cpcontig and select “Administrators”
B. Launch SmartDashboard, click the admin user account, and overwrite the existing Check Point Password
C. Type cpm -a, and provide the existing administration account name. Reset the Security Administrator’s password
D. Export the user database into an ASCII file with fwm dbexport. Open this file with an editor, and delete the “Password” portion of the file Then log in to the account withthout password. You will be prompted to assign a new password
E. Launch cpconfig and delete the Administrator’s account. Recreate the account with the same name
Correct Answer: E
QUESTION 88
Which operating system is not supported byVPN-1 SecureClient?
A. IPS0 3.9
B. Windows XP SP2
C. Windows 2000 Professional
D. RedHat Linux 7 0
E. MacOS X
Correct Answer: A QUESTION 89
Which Check Point QoS feature issued to dynamically allocate relative portions of available bandwidth?
A. Guarantees
B. Differentiated Services
C. Limits
D. Weighted Fair Queueing
E. Low Latency Queueinq
Correct Answer: D
QUESTION 90
You are running a VPN-1 NG with Application Intelligence R54 SecurePlatform VPN-1 Pro Gateway. The Gateway also serves as a Policy Server. When you run patch add cd from the NGX CD, what does this command allow you to upgrade?
A. Only VPN-1 Pro Security Gateway
B. Both the operating system (OS) and all Check Point products
C. All products, except the Policy Server
D. On~ the patch utility is upgraded using this command
E. Only the OS
Correct Answer: B
QUESTION 91
Amanda is compiling traffic statistics for Certkiller.com’s Internet activity during production hours. How could she use SmartView Monitor to find this information? By
A. Using the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. Monitoring each specific user’s Web traffic use.
C. Viewing total packets passed through the Security Gateway
D. Selecting the “Tunnels” view, and generating a report on the statistics
E. Configuring a Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway
Correct Answer: A
QUESTION 92
ASecurity Administrator is notified that some long-lasting Telnet connections to a mainframe are dropped every time after an hour. The Administrator suspect that the the Security Gateway might be blocking these connections. As she reviews the Smart Tracker the Administrator sees the packet is dropped with the error “Unknown established connection”. How can she resolve this problem without causing other security issues? Choose the BEST answer. She can:
A. Increase the session time-out in the mainframe’s Object Properties
B. Create a new TCP service object on port 23, and increase the session time-out for this object She only uses this new object in the rule that allows the Telnet connections to the mainframe
C. Increase the session time-out in the Service Properties of the Telnet service
D. Increase the session time-out in the Global Properties
E. Ask the mainframe users to reconnect every time this error occurs
Correct Answer: B QUESTION 93
Certkiller is the Security Administrator for a software-development company. To isolate the corporate network from the developer’s network, Certkiller installs an internal Security Gateway. Jack wants to optimize the performance of this Gateway. Which of the following actions is most likely to improve the Gateway’s performance?
A. Remove unused Security Policies from Policy Packages
B. Clear all Global Properties check boxes, and use explicit rules
C. Use groups within groups in the manual NAT Rule Base
D. Put the least-used rules at the top of the Rule Base
E. Use domain objects in rules, where possible
Correct Answer: A
QUESTION 94
Certkiller is the Security Administrator for a chain of grocery stores. Each grocery store is protected by a Security Gateway. Certkiller is generating a report for the information-technology audit department. The report must include the name of the Security Policy installed on each remote Security Gateway, the date and time the Security Policy was installed, and general performance statistics (CPU Use, average CPU time, active real memory, etc.). Which SmartConsole application should Certkiller use to gather this information?
A. SmartUpdate
B. SmartView Status
C. SmartView Tracker
D. SmartLSM
E. SmartView Monitor
Correct Answer:
QUESTION 95
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sicreset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway
Correct Answer: B
QUESTION 96
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B QUESTION 97
CheckPoint 156-315 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.CheckPoint 156-315 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging CheckPoint 156-315 review questions help you assess your knowledge and reinforce key concepts.CheckPoint 156-315 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.
Do not worry about your Checkpoint 156-215 exam, Flydumps now has published the new veriosn Checkpoint 156-215 exam exam dumps with more new added questions and answers,also you can free download Checkpoint 156-215 exam vce test software and pdf dumps on Flydumps.com.
QUESTION 50
Jordan’s company is streaming training videos provided by a third party on the Internet. Jordan configures VPN-1 NGX, so that each department ONLY views webcasts specific to its department. Jordan created and configured the multicast groups for all interfaces, and configures them to “Drop all multicast packets except those whose destination is in the list”. But no multicast transmissions are coming from the Internet. What is possible causes fro the connection problem?
A. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
B. Anti-spoofing is enabled. VPN-1 NGX cannot pass multicast traffic, if anti-spoofing is enabled.
C. Jordan did not create the necessary “to and through” rules, defining how VPN-1 NGX will handle the multicast traffic.
D. VPN-1 NGX does not support multicast routing protocols and streaming media through the Security Gateway.
E. The Multicast Rule is below the Stealth Rule. VPN-1 NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
Correct Answer: A
QUESTION 51
Your SmartCenter Server fails and does not reboot. One of your remote Security Gateways, managed by the SmartCenter Server, reboots. What happens to that remote Gateway after reboot?
A. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
B. Since the SmartCenter Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
C. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
D. Since the SmartCenter Server is not available to the remote Gateway, fetching the Security Policy and logging will both fail.
E. The remote Gateway fetches the last installed Security Policy locally, and passes traffic normally. The Gateway will log locally, since the SmartCenter Server is not available.
Correct Answer: E
QUESTION 52
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. SmartConsole
B. SmartCenter Server
C. Policy Server
D. SmartLSM
E. Security Gateway
Correct Answer: B
QUESTION 53
Robert has configured a CIFS resource to allow access to the public partition of his company’s file server,
on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the share,
unless they use the file server’s IP address.
Which of the following is a possible cause?
A. the CIFS resource is not configured to use Windows name resolution
B. Mapped shares are not configured to log.
C. Null CIFS sessions are configured to be blocked
D. Remote registry access is configured to be blocked.
E. Access violations are not configured to log.
Correct Answer: A
QUESTION 54
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?
A. 1, 2, 3, 4
B. 1, 2, 5
C. 1, 2, 3, 5
D. 1, 3, 4, 5
E. 1, 2, 3, 4, 5
Correct Answer: E
QUESTION 55
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?
A. Exchange a shared secret, before importing Certificates.
B. Create a new logical-server object, to represent your partner’s CA.
C. Create a new server object, to represent your partner’s Certificate Authority (CA)
D. Manually import your partner’s Certificate Revocation List.
E. Manually import your partner’s Access Control list.
Correct Answer: C
QUESTION 56
There is a Web server behind your perimeter Security Gateway. You need to protect the server from network attackers, who creates scripts that force your Web server to send user credentials or identities to other Web servers. Which box do you check in the Web Intelligence tab in SmartDashboard?
A. Command Injection protection
B. SQL Injection protection
C. HTTP header format checking
D. HTTP protocol inspection protection
E. Cross Site Scripting protection
Correct Answer: E
QUESTION 57
How do you control the maximum mail messages in a spool directory?
A. In the SMTP resource object
B. In the smtp.conf file on the SmartCenter Server
C. In the gateway object’s SMTP settings in the Advanced window
D. In SmartDefense SMTP settings
E. In the Security Server window in Global Properties
Correct Answer: C
QUESTION 58
Quinton is the Security Administrator for a chain of retail stores. In a recent security newsletter, Quinton read about an attack where a client fools a server into sending large amount of data, using small packets. Quinton is concerned that this company’s servers might be vulnerable to this type of attack. Which smartDefense option should Quinton use to protect the servers?
A. Application Intelligence > DNS > Cache poisoning
B. Network Security > Successive events > DoS
C. Network Security > TCP > Small PMTU
D. Application Intelligence > Microsoft Networks > File and Print Sharing
E. Network Security > Denial of Service > LAND
Correct Answer: C QUESTION 59
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 999
B. Rule 0
C. Rule 1
D. Cleanup Rule
E. Stealth Rule
Correct Answer: B
QUESTION 60
Sonny is the Security Administrator for a company with a large call center. The management team in the center is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center’s network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. The call-center management team wants to know if the Security Gateway protecting the call center drops more packets than other internal Security Gateways in the corporate network. Which application should Sonny use, determine the number of packets dropped by each Gateway?
A. SmartView Status
B. SmartView Monitor
C. SmartDashboad
D. SmartView Tracker
E. SmartUpdate
Correct Answer: B
QUESTION 61
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following requirements for controlling DNS traffic:
*
Required Result #1: Accept domain name-over-TCP traffic (zone-transfer traffic).
*
Required Result #2: Log domain name-over-TCP traffic (zone-transfer traffic).
*
Desired Result #1: Accept domain name-over-UDP traffic (queries traffic)
*
Desired Result #2: Do not log domain name-over-UDP traffic (queries traffic)
*
Desired Result #3: Do not clutter the Rule Base, by creating explicit rules for traffic that can be controlled using Global Properties. Katie makes the following configuration changes, and installs the Security Policy:
1.
She selects the box “Accept Domain Name over TCP (Zone transfer)” in Global Properties.
2.
She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.
3.
She selects the box “Log Implied Rules” in Global Properties Does Katie’s solution meet the required and desired results?
A. The solution meets all required results, and none of the desired results.
B. The solution does not meet the required results.
C. The solution meets all required and desired results.
D. The solution meets the required results, and one of the desired results.
E. The solution meets the required results, and two of the desired results.
Correct Answer: E
QUESTION 62
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s ask is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartView Tracker
B. SmartLSM
C. SmartView Monitor
D. SmartView Status
E. SmartUpdate
Correct Answer: C
QUESTION 63
Gail is the Security Administrator for a marketing firm. Gail is working with the networking team, to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks Gail to check he configuration settings for the perimeter Security Gateway. Which SmartConsole application should Gail use to check the configuration settings?
A. SmartView Tracker
B. SmartView Monitor
C. SmartUpdate
D. SmartDashboard
E. SmartView Status
Correct Answer: D
QUESTION 64
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive an error message “unknown”. What is the problem?
A. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
B. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
C. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX.
D. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.c.
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection.
Correct Answer: E
QUESTION 65
Frank wants to know why users on the corporate network cannot receive multicast transmissions from the Internet. A VPN-1 NGX Security Gateway protects the corporate network from the Internet. Which of the following is a possible cause for the connection problem?
A. VPN-1 NGX does not support multicast routing protocols and streaming media through the Security Gateway.
B. The Multicast Rule is below the Stealth Rule. VPN-1 NGX can only pass multicast traffic, it the Multicast Rule is above the Stealth Rule.
C. Multicast restrictions are configured improperly on the external interface properties of the Security Gateway object.
D. Anti-spoofing is enabled. VPN-1 NGX cannot pass multicast traffic, if anti-spoofing is enabled.
E. Frank did not install the necessary multicast license with SmartUpdate, when upgrading the VPN-1 NGX.
Correct Answer: C
QUESTION 66
You are concerned that a message may have been intercepted and retransmitted, thus compromising the security of the communications. You attach a code to the electronically transmitted message that uniquely identifies the sender. This code is known as a:
A. Digital signature
B. Tag
C. Private key
D. AES flag
E. Diffie-Helman verification
Correct Answer: A
QUESTION 67
A user attempts authentication using SecureClient. The user’s password is rejected, even though it is
correctly defined in the LDAP directory.
Which of the following is a valid cause?
A. The LDAP server has insufficient memory
B. The LDAP and Security Gateway databases are not synchronized.
C. The SmartCenter Server cannot communicate with the LDAP server.
D. The user has defined the wrong encryption scheme.
E. The user is defined in both the NGX user database and the LDAP directory
Correct Answer: B
QUESTION 68
Select the correct statement about Secure Internal Communications (SIC) Certificates? SIC Certificates:
A. for NGX Security Gateways are created during the SmartCenter Server installation.
B. For the SmartCenter Server are created during the SmartCenter Server installation.
C. Are used for securing internal network communications between the SmartView Tracker and an OPSEC device
D. Decrease network security by securing administrative communication among the SmartCenter Servers and the Security Gateway
E. Uniquely identify Check Point enabled machines; they have the same function as Authentication Certificates
Correct Answer: E
QUESTION 69
Exhibit: *** MISSING ***
Review the following rules and note the Client Authentication Action properties screen as displayed in the
exhibit,
After being authenticated by the Security Gateway, when a user starts an HPPT connection to a Web site,
the user tries to FTP antother site using the command line.
What happens to the user?
The…
A. FTP session is dropped by the implicit Cleanup Rule.
B. User is prompted from that FTP site only, and does not need to enter username and password for Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication bye the Security Gateway again.
Correct Answer:
QUESTION 70
Diffie-Hellman uses which type of key exchange?
A. Adaptive
B. Asymmetric
C. Symmetric
D. Static
E. Dynamic
Correct Answer: B
QUESTION 71
Certkiller’s main internal network 10.10.10.0/24 allows all traffic to the Internet using Hide NAT. Certkiller
also has a small network 10.10-.20.0/24 behind the internal router. Jack wants to configure the kernel to
translate the source address only when network 10.10.20.0 tries to access the Internet for HTTP, SMTP,
and FTP services.
Which of the following configurations will allow this network to access Internet?
A. Automatic Static NAT on network 10.10.20.0/24
B. Manual Hide NAT rules for HTTP, FTP, and SMTP services for network 10.10.20.0/24.
C. Manual Static NAT rules for network 10.10.20.0/24,
D. Automatic Hide NAT for network 10.10.20.0/24.
E. No change is necessarey.
Correct Answer: A
QUESTION 72
With SmartDashboard′s Smart Directory, you can create NGX user definitions on a(n) _____________ Server.
A. NT Domain
B. LDAP
C. Provider-1
D. SecureID
E. Radius
Correct Answer: B
QUESTION 73
Jens notices a large amount of traffic from a specific internal IP address. He needs to verify if it is a network attack, or a user’s system infected with a worm. He has enabled Sweep Scan Protection and Host port scan in SmartDefense. Will Jens get all the information he needs from these actions?
A. No. SmartDefense will only block the traffic, but it will not provide a detailed analysis of the traffic.
B. No. SmartDefense will not block the traffic. The logs and alert can provide a further level information, but determining whether the attack is intentional or a worm requires further research by Jens.
C. No. Jens also should set SmartDefense to quarantine the traffic from the suspicious IP address.
D. Yes. SmartDefense will limit the traffic impact from the scans, and identify if the pattern of the traffic matches any known worms.
E. No. To verify if this is a worm or an active attack, Jens should also enable TCP attack defenses.
Correct Answer: B
QUESTION 74
Which NGX feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. cpconfig
B. upgrade_export/upgrade_import
C. Database Revision Control
D. Dbexport/dbimport
E. Policy Package management
Correct Answer: C
QUESTION 75
How do you configure an NGX Security Gateway’s kernel memory settings, without manually modifying the configuration files in $FWDIR\lib? By configuring:
A. the settings on the Gateway object’s Capacity Optimization screen
B. the settings on the Global Properties Capacity Optimization screen
C. the Settings on the Gateway object’s Advanced screen
D. the settings on the SmartCenter Server object’s Advanced screen
E. SmartDefense Kernel Defender options
Correct Answer: A
QUESTION 76
Which of the following is NOT a feature or quality of a hash function?
A. Encrypted with the sender’s RSA private key, the hash function forms the digital signature.
B. It is mathematically infeasible to derive the original message from the message digest.
C. The hash function forms a two-way, secure communication.
D. The hash function is irreversible.
E. It is mathematically infeasible for two different messages to produce the same message digest.
Correct Answer: C
QUESTION 77
You are a Security Administrator configuring Static NAT on an internal host-node object. You clear the box “Translate destination on client side”, accessed from Global Properties > NAT settings > Automatic NAT. Assuming all other Global Properties NAT settings are selected, what else must be configured for automatic Static NAT to work?
A. The NAT IP address must be added to the anti-spoofing group of the external Gateway interface
B. Two address-translation rules in the Rule Base
C. No extra configuring needed
D. A proxy ARP entry, to ensure packets destined for the public IP address will reach the Security Gateway’s external interface
E. A static route, to ensure packets destined for the public NAT IP address will reach the Gateway’s internal interface
Correct Answer: E
QUESTION 78
Which encryption scheme provides “In-place” encryption?
A. IKE
B. Manual IPSec
C. DES
D. SKIP
E. AES
Correct Answer: C
QUESTION 79
After importing the NGX schema into an LDAP server, what should you enable?
A. Schema checking
B. Encryption
C. UserAuthority
D. ConnectControl
E. Secure Internal Communications
Correct Answer: A
QUESTION 80
Which ldif file must you modify to extend the schema of a Windows 2000 domain?
A. In NGX you do not need to modify any .ldif file
B. The appropriate .ldif file is located in the Security Gateway: $FWDIR/conf/ldif/Microsoft_ad_schema.ldif
C. The appropriate .ldif file is located in the SmartCenter Server: $FWDIR/lib/ldap/schema_microsoft_ad.ldif
D. The appropriate .ldif file is located in the Security Gateway: $FWDIR/lib/ldif/Microsoft_ad_schema.ldif
E. The appropriate .ldif file is located in the SmartCenter Server: $FWDIR/conf/ldif/Microsoft_ad_schema.ldif
Correct Answer: C
QUESTION 81
What is the reason for the Critical Problem notification in this SmartView Monitor example?
A. Active real memory shortage on the Gateway
B. No Security Policy installed on the Security Gateway
C. Version mismatch between the SmartCenter Server and Security Gateway
D. Time not synchronized between the SmartCenter Server and Security Gateway
E. No Secure Internal Communications established between the SmartCenter Server and Security
Gateway
Correct Answer: B
QUESTION 82
Your standby SmartCenter Server’s status is collision. What does that mean, and how do you synchronize the Server and its peer?
A. The standby and active Servers have two Internal Certificate Authority (ICA) Certificates. Uninstall and reinstall the standby Server.
B. The active Server detected a keep-alive packet from the standby Server.
C. The peer Server has not been properly synchronized. Manually synchronize both Servers again.
D. The peer Server is more up-to-date. Manually synchronize both Servers again.
E. The active SmartCenter Server and its peer have different Security Policies and databases. Manually synchronize the Servers, and decide which Server’s configuration to overwrite.
Correct Answer: E
QUESTION 83
Sarah is the Security Administrator for Certkiller . Sarah has configured SmartDefense to block the CWD and FIND commands. Sarah installs the Security Policy, but the Security Gateway continues to pass the commands. Which of the following could be the cause of the problem?
A. The Rule Base includes a rule accepting FTP to any source, from any destination.
B. The SmartDefense > Application Intelligence > FTP Security Server screen does not have the radio button set to “Configurations apply to all connections”.
C. The FTP Service Object > Advanced > Blocked FTP Commands list does not include CWD and FIND.
D. The Web Intelligence > Application Layer > FTP Settings list is configured to allow, rather than exlude, CW and FIND commands.
E. The Global Properties > Security Server > “Control FTP Commands” box is not checked.
Correct Answer: B
QUESTION 84
Your NGX enterprise SmartCenter Server is working normally. However, you must reinstall the SmartCenter Server, but keep the SmartCenter Server configuration (for example, all Security Policies, databases, etc.) How would you reinstall the Server and keep its configuration?
A. 1. Run the latest upgrade_export utility to export the configuration.
2.
Keep the exported file in the same location.
3.
Use SmartUpdate to reinstall the SmartCenter Server.
4.
Run upgrade_import to import the configuration.
B. 1. Run the latest upgrade_export utility to export the configuration.
2.
Leave the exported .tgz file in $FWDIR.
3.
Install the primary SmartCenter Server on top of the current installation.
4.
Run upgrade_import to import the configuration.
C. 1. Insert the NGX CD-ROM, and select the option to export the configuration into a .tgz file.
2.
Transfer the .tgz file to another networked machine.
3.
Uninstall all NGX packages, and reboot.
4.
Use the NGX CD-ROM to select the upgrade_import option to import the configuration.
D. 1. Download the latest upgrade_export utility, and run it from $FWDIR\bin to export the configuration into a .tgz file.
2.
Transfer the .tgz file to another networked machine.
3.
Uninstall all NGX packages, and reboot.
4.
Install a new primary SmartCenter Server.
5.
Run upgrade_import to import the configuration.
Correct Answer: D QUESTION 85
How can you reset Secure Internal Communications (SIC) between a SmartCenter and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security Gateway from SmartDashboard.
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the activation key. Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC).
C. From the SmartCenter Server’s command line type fw putkey -p <IP Address of SmartCenter Server>.
D. From the SmartCenter Server’s command line type fw putkey -p <IP Address of Security Gateway>.
E. Reinstall the Security Gateway.
Correct Answer: B
QUESTION 86
You have locked yourself out of SmartDashoard with the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server.
B. Run fw unlocklocal on the SmartCenter Server.
C. Run fw unloadlocal on the Security Gatewawy.
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway.
Correct Answer: C
QUESTION 87
Ellen is performing penetration tests against SmartDefense for her Web server farm. She needs to verify that the Web servers are secure against traffic hijacks. She has activated the Cross-Site Scripting property. What other settings would be appropriate? Ellen:
A. should also enable the Web intelligence > SQL injection setting.
B. must select the “Products > Web Server” box on each of the node objects.
C. should enable all settings in Web Intelligence.
D. needs to configure TCP defenses such as “Small PMTU” size.
E. needs to create resource objects for the web farm servers and configure rules for the web farm.
Correct Answer: B
QUESTION 88
William is a Security Administrator who has added address translation for his internal Web server to be accessible by external clients. Due to poor network design by his predecessor, William sets up manual NAT rules for this server, while his FTP server and SMTP server are both using automatic NAT rules. All traffic from his FTP and SMTP servers are passing through the Security Gateway without a problem, but traffic from the Web server is dropped because of anti-spoofing settings. What is causing this?
A. “Allow bi-directional NAT” is not checked in Global Properties.
B. “Translate destination on client side” is not checked in Global Properties under “Manual NAT Rules”.
C. “Translate destination on client side” is not checked in Global Properties > Automatic NAT Rules.
D. Routing is not configured correctly.
E. Manual NAT rules are not configured correctly.
Correct Answer: B
QUESTION 89
You are a security consultant for a hospital. You are asked to create some type of authentication rule on the NGX Security Gateway, to allow doctors to update patients’ records via HTTP from various workstations. Which authentication method should you use?
A. Client Authentication
B. LDAP Authentication
C. SecureID Authentication
D. TACAS Authentication
E. User Authentication
Correct Answer: E
The Cisco contains more than 400 practice questions for the Checkpoint 156-215 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Checkpoint 156-215 exam network simulation software.
100% Pass!Do you want to pass Cisco 352-001 exam quickly? Go to flydumps.com to get more free exam dumps.All the Cisco 352-001 dumps are timely updated by the professional experts.Also we guarantee 100% pass and money back guarante.
QUESTION 1
A company plans to include Nonstop Forwarding and Bidirectional Forwarding Detection as a part of their network redundancy plan. In which two ways do NSF and BFD work together when different hardware platforms are compared? (Choose two.)
A. During supervisor engine or routing engine failover, the NSF feature will always ensure that the BFD at the peer router will not trigger a link down independent of the used hardware platform.
B. At some hardware platforms, BFD and NSF are not supported together. During supervisor engine or routing engine failover, the BFD at the peer router will trigger a link down.
C. To ensure that BFD at the peer router will not trigger a link down during NSF, the BFD packets must be processed fast enough, and, during supervisor engine or routing engine failover, by processing the BFD independent from the supervisor engine or routing engine.
D. Because BFD is always processed at the line cards (not at the supervisor engine or routing engine), a supervisor engine or routing engine failover will not affect the BFD peer router.
E. Because BFD is always processed at the supervisor engine or routing engine, a supervisor engine or routing engine failover will always trigger a link down at the peer router.
Correct Answer: BC
QUESTION 2
Refer to the exhibit.
A service provider would like to use Ethernet OAM to detect end-to-end connectivity failures between SP-SW1 and SP-SW2. In which two of these ways can you design this solution? (Choose two.)
A. Enable Y.1731 Connectivity Fault Management on the SP switches.
B. E-LMI PDUs must be forwarded over VPLS.
C. Cisco Discovery Protocol PDUs must be forwarded over the VPLS.
D. Use upward maintenance endpoints on the SP switches.
E. Enable IEEE 802.1ag Connectivity Fault Management on the SP switches.
Correct Answer: DE
QUESTION 3
A network design shows two routers directly connected to an Ethernet switch using optical connections. There is an OSPF adjacency between the routers. In this design, which solution will ensure that interface down detection is reported as quickly as possible to the IGP?
A. optimized OSPF SPF timers
B. Bidirectional Forwarding Detection
C. automatic protection switching
D. optimized OSPF LSA timers
E. Ethernet OAM CFM monitoring
Correct Answer: B
QUESTION 4
A network designer is working with a company to improve convergence at the Layer 2 control plane and decides to use LACP. Which of these components does LACP use to create the system ID?
A. LACP system priority and switch MAC address
B. LACP port priority and switch MAC address
C. LACP port priority and port number
D. LACP system priority and port number
Correct Answer: A
QUESTION 5
Refer to the exhibit.
You are designing a spanning-tree network for a small campus. Which two of these options would result in a trouble-free spanning-tree network design? (Choose two.)
A. Convert all ports to trunk ports, prune off the VLANs that you do not require, and minimize the number of blocking ports.
B. Introduce Layer 3 VLANs (SVIs) and prune off the VLANs that you do not require.
C. Convert all the ports to trunk and enable BackboneFast.
D. Convert all the ports to trunk and enable UplinkFast between all the links.
Correct Answer: AB QUESTION 6
A network designer is redesigning an enterprise campus network to ensure that Ethernet switches proactively attempt to reconnect after a fiber cut. In the design, they will have to address areas where fiber cuts exist on campus from past troubleshooting, where a single fiber is disconnected in the fiber pair, leading to looping. Which feature could be implemented in the design to allow the Spanning Tree Protocol on the switches to be protected?
A. loop guard
B. UniDirectional Link Detection
C. UniDirectional Link Detection aggressive mode
D. root guard
Correct Answer: C QUESTION 7
A switched network is being designed to support a manufacturing factory. Due to cost constraints, fiber-based connectivity is not an option. Which design allows for a stable network when there is a risk of interference from the manufacturing hardware in use on the factory floor?
A. Design the network to include UDLD to detect unidirectional links and take them out of service.
B. Design the network to include EtherChannel bundles to prevent a single-link failure from taking down a switch interconnection point.
C. Design the network to include loop guard to prevent a loop in the switched network when a link has too much interference.
D. Design the network to include BackboneFast on all devices to accelerate failure convergence times.
Correct Answer: A QUESTION 8
Refer to the exhibit.
If IEEE 802.1w is in use for this network design, what are two locations where spanning-tree root can be placed to ensure the least-disruptive Layer 2 failover for clients within VLANs 3 and 4? (Choose two.)
A. Switch A
B. Switch B
C. Switch C
D. Switch D
Correct Answer: CD
QUESTION 9
A service provider has a Resilient Ethernet Protocol ring running as a metro backbone between its locations in one city. A customer wants to connect one site with one box redundant to the Resilient Ethernet Protocol ring at two different service provider locations. How can this be done without producing any Layer 2 loops within the network design?
A. Spanning tree at the service provider side only must be enabled.
B. Spanning tree at the customer side only must be enabled.
C. Flex Links at the service provider side only must be enabled.
D. Flex Links at the customer side only must be enabled.
E. EtherChannel at the service provider side and the customer side must be enabled.
F. Spanning tree at the service provider side and the customer side must be enabled.
G. Flex Links at the service provider side and the customer side must be enabled.
Correct Answer: D
QUESTION 10
Refer to the exhibit.
Your company designed a network to allow server VLANs in a data center to span all access switches. In the design, Layer 3 VLAN interfaces and HSRP are
configured on the aggregation switches. In which three ways should the design of the STP domain be optimized for server and application performance? (Choose three.)
A. Use loop guard on access ports.
B. Use PortFast on access ports.
C. Use root guard on access ports.
D. Align Layer 2 and Layer 3 forwarding paths.
E. Use BPDU Skew Detection on access ports.
F. Explicitly determine root and backup root bridges.
Correct Answer: BDF
QUESTION 11
You have created a network design that has two point-to-point Metro Ethernet circuits extending a single production VLAN between two data centers. Under normal circumstances, one circuit will carry traffic and spanning tree will block the other. If the company wants you to make use of both circuits to carry production traffic, which two technologies and features will you investigate to integrate into your network design? (Choose two.)
A. EtherChannel
B. MST
C. Multichassis EtherChannel
D. PVST+
Correct Answer: AC
QUESTION 12
Voice traffic between two campus enterprise networks is growing. The network designers decide to add a second 10-Mb Metro Ethernet service parallel to their original 10-Mb service in order to provide more bandwidth and diversity. The QoS profile will be the same on the new 10-Mb service due to the voice stability on the first Metro Ethernet link. When the second link is added to the OSPF domain, which traffic design consideration would have the most impact on the voice traffic when both links are active?
A. per-destination IP address basis
B. per-flow basis
C. per-packet basis
D. per-source IP address basis
Correct Answer: C
QUESTION 13
You work as a network designer for a company that is replacing their Frame Relay WAN with an MPLS VPN service, where the PE-to-CE routing protocol is BGP. The company has 3000 routes in their distribution routers, and they would like to advertise their access routers through the MPLS network. Their service provider, however, only supports 1000 prefixes per VRF. Which two design solutions can be applied to ensure that your access routers will be able to reach all devices in your network? (Choose two.)
A. Use prefix lists on your distribution routers to control which routes are sent to the MPLS network.
B. On your distribution routers, configure null routes and aggregate routes for the prefixes in your network.
C. Configure your distribution routers to send a default route to the MPLS network.
D. Summarize the routes on the MPLS WAN interfaces of your distribution routers.
Correct Answer: BC
QUESTION 14
You are designing a network that will run EIGRP over a Metro Ethernet service that does not employ a link-loss technology. What will be the impact on convergence if there is a break in the end-to-end Layer 2 connectivity within the service provider network?
A. The routers will immediately lose their adjacencies and converge.
B. The routing protocol will not converge until the hold timers have expired.
C. The switch ports connected to the router will go down and the routers will immediately converge.
D. The VLAN on the switches will go inactive, the ports associated on the switch will go down, and the routers will immediately converge.
Correct Answer: B
QUESTION 15
Refer to the exhibit.
Acme Corporation hired you as a network designer to upgrade their network so that it supports IPv4 and IPv6 multicast. Which two protocols are needed on the LAN switch? (Choose two.)
A. PIM sparse mode
B. IGMP snooping
C. PIM snooping
D. Source Specific Multicast
E. MLD snooping
Correct Answer: BE
QUESTION 16
A new video multicast application is deployed in the network. The application team wants to use the 239.0.0.1 multicast group to stream the video to users. They want to know if this choice will impact the existing multicast design. What impact will their choice have on the existing multicast design?
A. Because 239.0.0.1 is a private multicast range, a flood of PIM packets that have to be processed by the CPU and hosts will be sent by the routers in the network.
B. Because 239.0.0.1 is a private multicast range, the rendezvous point has to send out constant group updates that will have to be processed by the CPU and hosts.
C. The multicast application sends too many packets into the network and the network infrastructure drops packets.
D. The 239.0.0.1 group address maps to a system MAC address, and all multicast traffic will have to be sent to the CPU and flooded out all ports.
Correct Answer: D
QUESTION 17
A customer is using a service provider to provide a WAN backbone for a 30-site network. In establishing the network, the customer must work within these constraints:
The customer has a self-managed MPLS backbone.
The VPLS WAN backbone of the service provider does not support PIM snooping.
Multicast VPN must be used for multicast support inside some VRFs.
What can the customer do so that multicast traffic is NOT flooded to all sites?
A. Configure static GRE tunnels and run the MPLS and multicast VPN inside these GRE tunnels.
B. Use Label Switched Multicast for the multicast transport.
C. Use PIM-SSM as the multicast routing protocol with IETF Rosen Draft multicast VPN.
D. Configure a static mapping between multicast addresses and MAC addresses.
E. Use GET VPN to encrypt the multicast packets inside the WAN.
Correct Answer: A
QUESTION 18
What are two design advantages to using virtual port channel? (Choose two.)
A. enhanced system availability through multiple systems
B. reduced Spanning Tree Protocol convergence time
C. loop management without use of Spanning Tree Protocol
D. ability to use Spanning Tree Protocol blocked ports to forward traffic
E. enhanced ability to recover from Spanning Tree Protocol changes
Correct Answer: AC
QUESTION 19
Refer to the exhibit.
In this design, which technology would provide for the best use of resources to provide end-to- end Layer 2 connectivity?
A. MSTP
B. PAgP
C. Multichassis EtherChannel
D. LACP
Correct Answer: C
QUESTION 20
What are three key design principles when using a classic hierarchical network model? (Choose three.)
A. The core layer controls access to resources for security.
B. The core layer should be configured with minimal complexity.
C. The core layer is designed first, followed by the distribution layer and then the access layer.
D. A hierarchical network design model aids fault isolation.
E. The core layer provides server access in a small campus.
F. A hierarchical network design facilitates changes.
Correct Answer: BDF
QUESTION 21
Which three techniques can be used to improve fault isolation in an enterprise network design? (Choose three.)
A. aggregate routing information on an OSPF ABR
B. fully meshed distribution layer
C. Equal-Cost Multipath routing
D. EIGRP query boundaries
E. multiple IS-IS flooding domains
F. tuned Spanning Tree Protocol timers
Correct Answer: ADE
QUESTION 22
When you design a network, when would it be required to leak routes into a Level 1 area?
A. when a multicast RP is configured in the nonbackbone area
B. when MPLS L3VPN PE devices are configured in the Level 1 areas
C. when equal cost load balancing is required between the backbone and nonbackbone areas
D. when unequal cost load balancing is required between the backbone and nonbackbone areas
Correct Answer: B
QUESTION 23
Refer to the exhibit.
In this network design, where should summarization occur to provide the best summarization and optimal paths during a single-failure incident as well as during normal operation?
A. a single identical summary for all the branch offices placed on routers 1A, 1B, 2A, and 2B
B. two summaries on 1A and 1B, and two summaries on 2A and 2B
C. a single identical summary on 3A and 3B
D. a single summary on each aggregation device for the branches connected to them
Correct Answer: C
QUESTION 24
What are two benefits of following a structured hierarchical and modular design? (Choose two.)
A. Each component can be designed independently for its role.
B. Each component can be managed independently based on its role.
C. Each component can be funded by different organizations based on its role.
D. Each component can support multiple roles based on the requirements.
E. Each component can provide redundancy for applications and services.
Correct Answer: AB
QUESTION 25
In a large enterprise network with multiple data centers and thousands of access devices, OSPF is becoming unstable due to link flapping. The current design has the access devices multihomed to large aggregation routers at each of the data centers. How would you redesign the network to improve stability?
A. Add a layer of regional Layer 3 aggregation devices, but leave the ABR function on the data center aggregation routers.
B. Add a layer of regional Layer 2 aggregation devices, but leave the ABR function on the data center aggregation routers.
C. Add a layer of regional Layer 3 aggregation devices and move the ABR function to the regional aggregation device.
D. Add a layer of regional Layer 2 aggregation devices and move the ABR function to the regional aggregation device.
Correct Answer: C
Cisco 352-001 Questions & Answers with explanations is all what you surely want to have before taking Cisco 352-001 exam.Cisco 352-001 Interactive Testing Engine is ready to help you to get your Cisco 352-001 by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 352-001 certification passed and are in search of some best and useful material,Cisco 352-001 Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices study.
Most accurate The Cisco 642-427 Questions & Answers covers all the knowledge points of the real exam. We update our product frequently so our customer can always have the latest version of Cisco 642-427.We provide our customers with the excellent 7×24 hours customer service.We have the most professional Cisco 642-427 expert team to back up our grate quality products.If you still cannot make your decision on purchasing our product, please try our Cisco 642-812 free pdf practice test for you to free download.Cisco 642-427 is also an authenticated IT certifications site that offer all the new questions and answers timely.Visit the site Flydumps.com to get free Cisco 642-427 VCE test engine and PDF.
QUESTION 50
Please choose the location of RAI configuration from the following options.
A. On a gatekeeper
B. On a gateway
C. On both a gatekeeper and a gateway
D. On a Cisco Unified Communications Manager server
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation: To allow gatekeepers to make intelligent call routing decisions, the gateway reports the status of its resource availability to its gatekeeper. Resources that are monitored are DS0 channels and DSP channels. The gateway reports its resource status to the gatekeeper with the use of RAS Resource Availability Indication (RAI). When a monitored resource falls below a configurable threshold, the gateway sends an RAI to the gatekeeper that indicates that the gateway is almost out of resources. When the available resources then cross above another configurable threshold, the gateway sends an RAI that indicates that the resource depletion condition no longer exists. This feature was included in Cisco IOS Software Release 12.0(5)T on the Cisco AS5300 gateway, and Cisco IOS Software Release 12.1(1)T for other gateways in H.323 version 2 http://www.cisco.com/en/US/tech/tk1077/ technologies_tech_note09186a0080093f67.shtml
QUESTION 51
You have been employed as a network technician in a middle-sized company. Suppose that the default dial peer is matched. Please choose a capability that you must configure.
A. disable DID
B. invoke a Tcl application
C. enable dtmf-relay
D. disable VAD
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
Dial-peer 0(pid:0) has a default configuration that cannot be changed. The defaultdial-peer 0fails to
negotiate non-default capabilities, services, and applications such as:
QUESTION 52
Which four of the following options are Cisco-supported IP telephony deployment models?
A. Single site
B. Multisite with distributed call processing
C. Multisite with centralized call processing
D. Clustering over the IP WAN
E. Transcoding
Correct Answer: ABCD Section: (none) Explanation
QUESTION 53
MGCP use which call control model?
A. Distributed
B. Centralized
C. Ad hoc
D. Hybrid
Correct Answer: B Section: (none) Explanation
QUESTION 54
If you are required to configure a router to use MGCP on a digital port, which measure will you take?
A. Add the application mgcpapp subcommand to the dial peer
B. Add the service mgcp subcommand to the dial peer
C. Add the parameter application mgcpapp to the ds0-group controller subcommand.
D. Add the service mgcp parameter to the ds0-group controller subcommand
Correct Answer: D Section: (none) Explanation
QUESTION 55
As a network technician, you should be familiar with various commands. Which command displays a count of successful and unsuccessful control commands?
A. show mgcp calls
B. show mgcp statistics
C. show mgcp
D. debug mgcp statistics
Correct Answer: B Section: (none) Explanation
QUESTION 56
In a SIP direct call setup, which message will be sent by the originating UAC to the UAS of the recipient?
A. INVITE
B. RINGING
C. ACK
D. OK
Correct Answer: A Section: (none) Explanation
QUESTION 57
Which two of the following signaling protocols are peer-to-peer protocols? (Select two.)
A. H.323
B. MGCP
C. SIP
D. SCCP
Correct Answer: AC Section: (none) Explanation
QUESTION 58
In a Cisco UCM single-site deployment, please choose the maximum number of IP phones that can register with a UCM cluster.
A. 2500
B. 7500
C. 10,000
D. 30,000
Correct Answer: D Section: (none) Explanation
QUESTION 59
In a Cisco UCM multisite WAN with centralized call-processing deployment model, what redundancy feature should be configured on remote site routers to supply basic IP telephony services in the event of a WAN outage?
A. AAR
B. SRST
C. CAC
D. V3PN
Correct Answer: B Section: (none) Explanation
QUESTION 60
Look at the following options carefully. Which two tasks are performed by the RAS signaling function of H.225.0? (Select two.)
A. Performs bandwidth changes.
B. Transports audio messages between endpoints.
C. Performs disengage procedures between endpoints and a gatekeeper.
D. Allows endpoints to create connections between call agents.
Correct Answer: AC Section: (none) Explanation
QUESTION 61
As a network administrator, you should be familiar with various commands. Which command can be used to designate a source IP address for a voice gateway?
A. h323-gateway voip interface 186
B. h323-gateway voip h323-id
C. h323-gateway voip bind srcaddr
D. voice service
Correct Answer: C Section: (none) Explanation
QUESTION 62
Look at the following options. Which are SIP servers? (Select four.)
A. Registrar
B. Redirect
C. Location
D. Proxy
Correct Answer: ABCD Section: (none) Explanation
QUESTION 63
The knowledge about RAS message is very important. Which of the following RAS messages can be sent by using either unicast or multicast?
A. RRQ
B. ARQ
C. GRQ
D. RIP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Typically, RAS communications is carried out via UDP through port 1719 (unicast) and 1718 (multicast)
QUESTION 64
Given the following configuration, what IP address will GK1 use to send and receive RAS messages?
GK1 (config)#interface serial 0/0/0
GK1 (config-if)#ip address 192.168.0.2 255.255.255.0
GK1 (config-if)#exit
GK1 (config)#interface serial 0/0/1
GK1 (config-if)#ip address 172.16.0.2 255.255.255.0
GK1 (config-if)#exit
GK1 (config)#gatekeeper
GK1 (config-gk)#zone local SanJose cisco.com 172.16.0.2
GK1 (config-gk)#zone remote Austin cisco.com 192.168.0.1
GK1 (config-gk)#zone prefix SanJose 2…
GK1 (config-gk)#zone prefix Austin 3…
A. 192.168.0.2
B. 172.16.0.2
C. 192.168.0.1
D. RAS messages will be load balanced between 192.168.0.2 and 172.16.0.2
Correct Answer: B Section: (none) Explanation
QUESTION 65
You are a network technician working in the Network Company. Recently, users complain that they cannot call the PSTN. With the help of testing, you find that the gateway is not switching to the secondary call agent when the primary call agent is unreachable. In order to permit the MGCP gateway to take use of a different call agent once the primary fails, which configuration should you make?
A. Add ccm-manager fallback-mgcp command to the gateway.
B. Add ccm-manager redundant-host command to the gateway
C. Assign a Cisco Unified CallManager group including the secondary call agent to the gateway
D. Define gateway as a non-gatekeeper-controlled intercluster trunk with the secondary Cisco Unified CallManager defined.
Correct Answer: B Section: (none) Explanation
QUESTION 66
Which RAS message does a gateway use to request admission to a network and to also request phone number to IP address resolution?
A. ARQ
B. IRQ
C. LRQ
D. RRQ
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Admission messages between endpoints (like a gateway) and gatekeepers provide the basis for call admissions and bandwidth control. Gatekeepers authorize access to H.323 networks with the confirmation of or rejection of an admission request. This table defines the RAS admission messages http://www.cisco.com/en/US/tech/tk1077/technologies_tech_note09186a00800c5e0d.shtml
QUESTION 67
As a network technician, you should be familiar with RTCP. Which of the following statements best describes a function of RTCP?
A. RTCP provides encryption, message authentication and integrity, and anti-replay service for voice streams.
B. RTCP uses even-numbered UDP ports in the range 16,384??0?10?0?43??ì?0?1C32,767 to transport voice payloads
C. RTCP provides out-of-band control information for an RTP flow
D. RTCP caches an RTP packet-Layer 3 and Layer 4 headers in the routers at each end of a link, resulting in lower bandwidth demand for subsequent RTP packets.
Correct Answer: C Section: (none) Explanation
QUESTION 68
You are a voice technician. If you are required to solve latency issues in a VoIP network, which measures will you take? (Select three.)
A. Use dejitter buffers
B. Increase bandwidth
C. Prioritize voice packets
D. Fragment data packets
Correct Answer: BCD Section: (none) Explanation
QUESTION 69
Please choose two methods of LRQ forwarding from the following items. (Select two.)
A. LRQ init
B. LRQ blast
C. LRQ static
D. LRQ sequential
Correct Answer: BD Section: (none) Explanation
QUESTION 70
You are a network technician with many years’ experience. Many users complain that they can hear echo when their calls go out an H.323 gateway. You have made some testing for the gateway and have changed the configuration. So the ERL level turns to be 6 dB. Furthermore, the echo-cancel coverage value is raised to 64 ms. Please choose the effect on the voice quality after this modification.
A. Consonants will be chopped by the echo canceller.
B. The increase in echo-cancel coverage will have no effect on voice quality.
C. The ends of sentences will be chopped by the echo canceller.
D. The echo canceller will take 2-3 seconds longer to converge at the beginning of the call.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation: echo-cancel coveragecommand Adjusts the coverage size of the echo canceller. This command enables cancellation of voice that is sent out through the interface and received back on the same interface within the configured amount of time. If thelocal loop(the distance from the interface to the connected equipment that is producing the echo) is longer, the configured value of this command should be extended. If you configure a longer value for this command, it takes the echo canceller longer to converge. In this case, the user might hear a slight echo when the connection is initially set up. If the configured value for this command is too short, the user might hear some echo for the duration of the call because the echo canceller is not canceling the longer-delay echoes. There is no echo or echo cancellation on the network side (for example, the non-POTS side of the connection).
QUESTION 71
Refer to the exhibit.
When Alice at extension 2001 places a call to Bob at extension 3001, Bob hears Alice’s voice twice. What type of echo is this classified as?
A. Talker echo.
B. Listener echo.
C. Tail circuit echo.
D. Front end circuit echo.
Correct Answer: B Section: (none) Explanation
QUESTION 72
Refer to the exhibit.
The exhibit shows the output of debug isdn q931. An inbound PSTN call was received by an MGCP gateway that is registered with a Cisco Unified Communications Manager. The call failed to ring extension 3001. If the phone at extension 3001 is registered and reachable through the gateway inbound CSS, which two actions can resolve this issue? (Choose two.)
A. Change the significant digits for inbound calls to 4 in the gateway configuration in CiscoUnified Communications Manager.
B. Configure the digit strip 4 on the MGCP gateway configuration in Cisco UnifiedCommunications Manager under Incoming Called Party Settings.
C. Configure a translation pattern in Cisco Unified Communications Manager that can beaccessed by the gateway CSS to truncate the called number to four digits.
D. Configure a called-party transformation CSS on the gateway in Cisco UnifiedCommunications Manager that includes a pattern that transforms the number from ten digits to four digits.
E. Configure a voice translation profile in the MGCP Cisco IOS gateway with a voice translation rule that truncates the number from ten digits to four digits.
F. Configure the Cisco IOS command num-exp 2288223001 3001 on the gateway.
Correct Answer: AC Section: (none) Explanation QUESTION 73
Which command should you use to resolve a jerky speed issue?
A. playout-delay
B. show voice port
C. comfort-noise
D. echo-cancel enable
E. echo-cancel coverage
F. comfort-echo
Correct Answer: A Section: (none) Explanation
QUESTION 74
You are trying to access the GUI of Cisco Unified Communications Manager. However, it displays a “not accessible” error. In Cisco Unified Serviceability, which two services should you check for and ensure are running on the Control Center Network Services page? (Choose two.)
A. Cisco Certificate Expiry Monitor
B. Cisco CallManager
C. Cisco Trust Verification Service
D. System Application Agent
E. Cisco Tomcat Stats Servlet
F. Cisco Tomcat
Correct Answer: BF Section: (none) Explanation
QUESTION 75
As a voice administrator, you have received reports on issues with call dropping and call failures over a period of time. While troubleshooting, you find that there is a Code Yellow alert due to high CPU usage. You collect the logs that are shown below from the CLI of Cisco Unified Communications Manager.
Nov5 05:12:15, cm01, Error, Cisco CallManager, ccm: 147897: Nov 05 05:12:15.268 UTC: %CCM_CALLMANAGER-CALLMANAGER-3-CodeYellowExit: CodeYellowExit Expected Average Delay:0 Entry Latency:20 Exit Latency:8 Sample Size:10Time Spent in Code Yellow:2 Number of Calls Rejected Due to Call Throttling:60 Total Code Yellow Exit:14 High Priority Queue Depth:0 Normal Priority Queue Depth:5 Low Priority Queue Depth:4 Cluster ID:StandAloneCluster Node ID:cms01, 3653 From these logs, what does “Time Spent in Code Yellow” indicate?
A. A critical overload condition exists that may impact phone registration after 2 hours of this alert.
B. The server stayed in a Code Yellow state for 2 seconds.
C. The server stayed in a Code Yellow state for 2 milliseconds.
D. The server stayed in a Code Yellow state for 2 minutes.
E. The server needs a reboot within 2 hours.
F. There is a call failure and, as a result, one call is rejected every 2 milliseconds.
Correct Answer: C Section: (none) Explanation
QUESTION 76
A customer is trying to register an IP phone. During the registration process, the IP phone receives the configuration file (.xml) from the TFTP server. Which input can you find in the configuration file that is downloaded to the IP phone?
A. firmware to be loaded on IP phone
B. extension number
C. speed dials
D. valid locally significant certificate
E. location of the DHCP server
F. IP address of the IP phone
Correct Answer: A Section: (none) Explanation
QUESTION 77
Which port number is used as a backhaul for Media Gateway Control Protocol?
A. 2426
B. 2427
C. 2428
D. 2429
E. 2456
F. 2458
Correct Answer: C Section: (none) Explanation
QUESTION 78
You are in the final stages of upgrading the Cisco Unified Communications Manager, and you are waiting for dbreplication to complete. Which command should you execute from the Cisco Unified Communications Manager publisher to verify status reports and to check that all the tables are synchronized?
A. utils dbreplication runtimestate
B. utils dbreplication status all
C. utils dbreplication status
D. utils service list
E. utils dbreplication quickaudit
F. utils core active
Correct Answer: A Section: (none) Explanation QUESTION 79
In a Cisco Unified Communications Manager cluster, you make a few changes to the publisher server. However, the phones that are registered with the subscriber server do not receive these changes. You verify that the publisher and subscriber servers are up and running in the cluster.
What do you need to do to resolve this problem?
A. Reboot the publisher server.
B. Reboot the subscriber servers.
C. Manually reload the configuration on the phones.
D. Fix the replication between the publisher and subcriber servers.
E. Manually copy the database changes from the publisher to the subscriber.
F. Re-set up the database replication between the publisher and subscriber.
Correct Answer: D Section: (none) Explanation
QUESTION 80
Which default switchover method is used by the SCCP client to connect to another Cisco Unified Communications Manager after losing connectivity with the first Cisco Unified Communications Manager?
A. immediate
B. urgent
C. graceful
D. panic
E. recovery
F. static
Correct Answer: C Section: (none) Explanation
QUESTION 81
What are three requirements for Quality of Service for voice calls? (Choose three.)
A. jitter less than or equal to 30 ms
B. PoE-supported Layer 2 switches used to connect IP Phones
C. one-way latency less than or equal to 150 ms
D. jitter less than or equal to 45 ms
E. guaranteed bandwidth of 384 kbps for a voice call
F. loss less than or equal to 1 percent
Correct Answer: ACF Section: (none) Explanation
QUESTION 82
If you need to avoid choppy speech, what is the maximum tolerable round-trip delay between two VoIP endpoints?
A. 100 ms
B. 200 ms
C. 300 ms
D. 400 ms
E. 500 ms
F. 800 ms
Correct Answer: C Section: (none) Explanation
Whenever Cisco candidates take a tour of sample questions of Cisco 642-427 exam they find their training to be matchless to great extent.Passing the Cisco 642-427 on your own can be a difficult task,but with Cisco 642-427 preparation products,many candidates who appeared online passed Cisco 642-427 easily.
100% Pass Guarantee You can download free Cisco 642-355 exam dumps with all new added questions and answers from Flydumps.com.With our Cisco 642-355 exam questions and answers in hand,a lot candidates pass the Cisco 642-355 exam at their first time. We make our promise that Flydumps is your best choice.
QUESTION 75
A fully loaded Cisco MDS 9506 Multilayer Director requires 2190 watts of power. If 110-volt power is provided to the switch, at which power mode would the switch operate?
A. The director would operate in redundant mode only.
B. The director would operate in combined mode only.
C. The director would operate in redundant mode or combined mode.
D. The director cannot operate with 110-volt power.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 76
Which SAN topology should be used for the largest SAN fabrics?
A. arbitrated loop
B. full mesh
C. core-edge
D. cascade
E. collapsed core
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 77
What are two MDS features that increase the efficiency of a multiple switch Fibre Channel fabric? (Choose two.)
Actualtests.com – The Power of Knowing 642-355
A. Port Channel
B. CDP
C. FCP
D. FCC
E. CUP
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 78
Exhibit: Refer to the exhibit. A customer has deployed the Cisco MDS topology shown above, using a single VSAN. The customer notices that performance on Servers B, C, D, E, and F becomes very poor when Server A starts a large backup operation. Which MDS feature can be enabled to prohibit the backup operation from causing performance problems on the remaining servers?
A. quality of service
B. FSPF traffic engineering
C. virtual output queuing
D. Fibre Channel Congestion Control
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Select three characteristics of the Cisco coarse wave division multiplexing (CWDM) solution. (Choose three.)
A. multiplexes up to eight wavelengths across a single fiber pair Actualtests.com – The Power of Knowing 642-355
B. supports a maximum connection length of 220 kilometers
C. supports both linear and ring topologies
D. requires OADMs (optical add/drop multiplexers) to aggregate multiple wavelengths across the same fiber pair
E. can be optically amplified to extend the distance characteristics
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 80
A customer has two data centers connected by dark fiber and also has a requirement for synchronous data replication between the data centers. If the data centers are 48 km apart, what is the most cost effective solution?
A. CWDM
B. IVR
C. FSPF
D. DWDM
E. Native FC
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
A customer recently deployed a pair of Cisco MDS 9216i Multilayer Fabric Switches to support an ERP application. The MDS 9216i expansion slot is still unused. The customer examined other infrastructure services and applications to determine if they should leverage the SAN storage capacity, and decided that it would be beneficial to attach eight Microsoft Exchange servers to the SAN. Each Microsoft Exchange server generally drives approximately 50 MBps of disk throughput and has two Fibre Channel host bus adapters. Which line card should be used to support the Microsoft Exchange server SAN connectivity?
A. 16-port Fibre Channel line card
B. 32-port Fibre Channel line card
C. Multiprotocol Services Module line card
D. None; use the IP storage interfaces.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Which SFP and media-type combination would be recommended for a high-speed
Actualtests.com – The Power of Knowing 642-355
10-kilometer link between two Cisco MDS switches?
A. 2-Gbps-SW, LC SFP, 50/125-micron multimode media
B. 2-Gbps-SW, LC SFP, 62.5/125-micron multimode media
C. 2-Gbps-LW, LC SFP, 9/125-micron single-mode media
D. 1-Gbps-SW, LC SFP, 50/125-micron multimode media
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 83
What are three causes of host oversubscription? (Choose three.)
A. the operating system
B. the PCI bus limitations
C. the RTO and RPO values
D. whether the HBA has a flat FCIDs assigned E. the limits on the maximum I/O and bandwidth rate
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 84
A customer is designing a storage network infrastructure to support a database application. Each server will have two 1-Gbps host bus adapters, one connected to each of the two physical fabrics. The disk array has two 2-Gbps Fibre Channel interfaces. Each server will need to drive 20 MBps (encoded) of throughput continuously per host bus adapter, and the multipathing software on each server is not configured for load balancing.What is the maximum number of servers that can be connected to this disk array while satisfying the performance requirement?
A. 8
B. 10
C. 12
D. 14
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 85
Which tool requires the Cisco Fabric Manager Server License to operate?
A. Cisco Performance Manager Actualtests.com – The Power of Knowing 642-355
B. Cisco Fabric Manager
C. Cisco Device Manager
D. Cisco Fabric Analyzer
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 86
Exhibit: Refer to the exhibit. Identify the topology that is represented.
A. core-edge
B. multitier
C. collapsed core
D. loop
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 87
DRAG DROP Your boss at Certkiller .com asks you to show her some benefits of Cisco products. You are required to match the Cisco Value Added feature to the potential issue it would most likely solve.
Actualtests.com – The Power of Knowing 642-355 A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 88
Exhibit:
Refer to the exhibit. What port type should be used between the two switches to maximize performance? Actualtests.com – The Power of Knowing
642-355
A. B
B. E
C. F
D. NL
E. TE
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 89
What MDS 9000 feature provides more efficient SAN utilization by creating hardware-based isolated environments within a single physical SAN infrastructure?
A. VSAN
B. SPAN
C. trunking
D. port channel
E. zones
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 90
A customer has storage arrays from multiple vendors, and is considering a virtualization solution to simplify storage management. Choose three advantages of using a Cisco MDS-based virtualization solution with an MDS 9500 Series Director instead of host-based or storage-based virtualization solutions. (Choose three.)
A. host and storage heterogeneity
B. LUN masking that is simpler to implement
C. virtualization that is closer to the target
D. virtualization that is embedded in the switch module
E. availability
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 91
What are three key benefits of implementing a SAN using iSCSI? (Choose three.)
A. uses existing IP networking, monitoring, and management infrastructure
B. is more efficient than FC since it requires fewer encapsulations
C. maintains consistent performance over IP networks of varying distances Actualtests.com – The Power of Knowing 642-355
D. significant capital cost reduction by substituting iSCSI as a transport technology
E. extends existing FC SAN to IP connected hosts
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 92
A customer recently deployed a pair of Cisco MDS 9216i Multilayer Fabric Switches to support a database application. The MDS 9216i expansion slot is still unused. The customer examined other infrastructure services and applications to determine if they should leverage the SAN storage capacity, and decided that it would be beneficial to attach 20 Microsoft Windows file servers to the SAN. Each Windows file server generally drives approximately 5MBps of disk throughput. Which line card should be used to support the Microsoft Exchange server SAN connectivity?
A. 16-port Fibre Channel line card
B. 32-port Fibre Channel line card
C. Multiprotocol Services Module line card
D. None; use the IP storage interfaces.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 93
In addition to providing secure computer room access, what three MDS 9000 features can help enhance physical security? (Choose three.)
A. the placement of all unused FC ports in a VSAN set to “deny”
B. the placement of every host in its own ZoneSet that includes its storage devices
C. the use of the port security feature to bind pWWNs and sWWNs to specific ports
D. the use of DH-CHAP authentication to ensure fabric level security
E. the use of SSH to block access to all unused ports
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 94
Which two will allow a fully loaded Cisco MDS 9509 Multilayer Director to meet the 2190-W requirement? (Choose two.)
A. two 110-V power supplies in redundant mode
B. two 220-V power supplies in redundant mode Actualtests.com – The Power of Knowing 642-355
C. two 110-V power supplies that are placed into combined power mode
D. two 110-V power supplies that are placed into active/standby power mode
E. two 110-V power supplies that are placed into primary/backup power mode
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 95
What are three advantages of a collapsed-core architecture? (Choose three.)
A. This design provides the most efficient use of ports because no ports are consumed for ISLs.
B. The absence of ISLs significantly decreases reliability and manageability.
C. The absence of any oversubscription increases switch throughput.
D. Since there are fewer available paths over which traffic may travel, FSPF values are higher.
E. Ports can be scaled easily by adding hot-swappable blades without disrupting traffic.
F. The highest performance is achieved by director-class switches, because the high-speed backplane provides low fixed latency between any two ports.
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 96
Exhibit:
Refer to the exhibit. In this scenario, the total bandwidth requirement is 1500 MBps, but there are 100 hosts that each need 15MBps of bandwidth. Which two statements are correct about the topologies shown in the exhibit? (Choose two.)
A. The iSCSI fan-in ratio is 6.25:1. Actualtests.com – The Power of Knowing 642-355
B. The Fibre Channel implementation will require 100 HBA ports.
C. iSCSI is the most cost-effective solution with high fan-in ratios.
D. Fibre Channel is the most cost-effective solution with high fan-in ratios.
E. The Fibre Channel implementation would require two 32-port switching modules in the Cisco MDS switches per fabric.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 97
Which design approach provides the greatest protection against failures when designing for high availability?
A. Segment the SAN architecture by the use of VSANs.
B. Use zoning to isolate applications in a consolidated SAN architecture.
C. Use appropriate MDS QoS mechanisms to guarantee that each application receives the necessary bandwidth.
D. Implement redundant fabrics across redundant physical infrastructures.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 98
What are three array characteristics that are crucial when planning a SAN design? (Choose three.)
A. fan-in ratio
B. connection speed
C. embedded cache controller
D. RAID level support
E. active/passive controller
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 99
What are three host characteristics that are crucial when planning a SAN design? (Choose three.)
A. host operating system
B. data replication
C. application I/O throughput
D. type of file system Actualtests.com – The Power of Knowing 642-355
E. CUP and memory resources
F. multipathing
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:
QUESTION 100
Exhibit:
Refer to the exhibit. A customer is designing a storage network infrastructure that uses the Cisco MDS 9509 Multilayer Director. The network will consist of 40 application servers, four backup servers, two disk arrays, and one tape library. The application servers each have two Fibre Channel host bus adapters and generate 40 to 50 MBps of throughput. The backup servers each have four host bus adapters and generate 130 to 150 MBps of throughput. The disk arrays each have eight 2-Gbps Fibre Channel interfaces that handle 150 to 200 MBps of traffic. The backup servers will be performing incremental backups of snapshot copies of production volumes from multiple application servers concurrently throughout the day. The backup servers will also be performing full backups of snapshot copies of production volumes from the application servers concurrently throughout the week. The customer is redeploying 16 first-generation Linear Tape-Open (LTO) SCSI drives that were previously direct-attached to application and backup servers. The drives will be deployed using Fibre Channel-to-SCSI bridging devices, and each device will have one 2-Gbps Fibre Channel interface and four drives attached. These drives will go into the new library. Which MDS 9509 configuration would best meet the connectivity needs of this customer?
Actualtests.com – The Power of Knowing 642-355
A. one 16-port Fibre Channel line card and four 32-port Fibre Channel line cards
B. two 16-port Fibre Channel line cards and three 32-port Fibre Channel line cards
C. three 16-port Fibre Channel line cards and three 32-port Fibre Channel line cards
D. four 16-port Fibre Channel line cards and two 32-port Fibre Channel line cards
E. five 16-port Fibre Channel line cards and one 32-port Fibre Channel line card
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 101
Which Fibre Channel SAN topology maximizes performance and expandability?
A. multi-point
B. point-to-point
C. arbitrated loop
D. switched fabric
E. star
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 102
A customer would like to add Cisco MDS switches to an existing Brocade environment with minimal disruption. The Brocade switches are using PID-0 mode. Which two features will enable the creation of a Cisco-Brocade heterogeneous fabric without restricting the feature set of either switch? (Choose two.)
A. interop mode 1
B. interop mode 2
C. interop mode 3
D. IVR
E. PortChannels
F. CWDM
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 103
What are three key benefits of Cisco’s collapsed-core switch configuration? (Choose three.)
Actualtests.com – The Power of Knowing 642-355
A. ease of management
B. increased port channel utilization
C. reduction in equipment and installation cost
D. higher effective port count
E. reduction in total disk space requirements
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 104
A customer SAN design requires the use of existing non-Cisco storage switches in a core edge topology. What must be considered when attaching an MDS 9000 switch as the core device in this network?
A. Trunking is not supported between the core and edge switches.
B. Zoning cannot be used since the domain IDs are in different ranges.
C. FSPF cannot be used between the core and edge switches.
D. If VSANs are implemented in the core, IVR cannot be used.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 105
What provides storage virtualization from IBM?
A. Advanced Services Module (ASM)
B. Caching Services Module (CSM)
C. Storage Services Module (SSM)
D. Cisco MDS 9000 32-port 1/2-Gbps FC Module
E. IP Multiprotocol Services Module
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 106
What are two benefits of the Cisco MDS Series Switches that increase the overall resiliency of SAN extension? (Choose two.)
A. VSANs and IVR can eliminate the potential disruption of a WAN failure.
B. VSANs and IVR can increase resiliency by combining control traffic and data traffic over the WAN.
C. Parallel tunnels and PortChannels eliminate failure of every VSAN or IVR in the local fabric. Actualtests.com – The Power of Knowing 642-355
D. PortChannels and VSANs can be used with FCIP to provide end-to-end redundancy and load balancing.
E. Recovery at the PortChannel level, instead of at the FSPF routing level, provides nondisruptive recovery.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 107
Exhibit: Refer to the exhibit. Which three outcomes would a customer realize by performing the migration from a multitier fabric design to a consolidated design? (Choose three.)
A. lower effective port cost
B. high availability because of the multifaceted redundancy that is built into the Cisco MDS switch
C. lower effective port count
D. higher effective port cost
E. higher effective port count
F. lower availability because there are fewer fabric switches for failover
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 108
What are two characteristics of iSCSI? (Choose two.)
Actualtests.com – The Power of Knowing 642-355
A. iSCSI initiators cannot be members of more than one VSAN.
B. The port VSAN of an iSCSI interface cannot be modified.
C. iSCSI cannot benefit from existing IP QoS.
D. By default, dynamically mapped iSCSI initiators are members of VSAN 1.
E. The IPS module creates one or more FC virtual N_Ports for each iSCSI host.
F. By default, all statically mapped iSCSI initiators are members of VSAN 4094.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 109
What feature of the MDS 9000 family would be most valuable in establishing a baseline of the traffic load on an existing network prior to making changes?
A. SPAN
B. RSPAN
C. FC-SP
D. Performance Manager
E. AAA
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Exhibit:
Refer to the exhibit. What should be recommended to meet these customer requirements?
A. VSANs
B. wide-area file services (WAFS)
C. storage virtualization
D. Zones
E. Zones and Zone Sets Actualtests.com – The Power of Knowing 642-355
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 111
What provides storage virtualization from IBM?
A. Advanced Services Module (ASM)
B. Caching Services Module (CSM)
C. Storage Services Module (SSM)
D. Cisco MDS 9000 32-port 1/2-Gbps FC Module
E. IP Multiprotocol Services Module
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 112
A large credit card processing firm is adding a second data center to support business continuance. What is the recommended solution for extending the SAN to the second data center if both data centers are active?
A. asynchronous replication using FCIP
B. dual homed servers, and IP connectivity using multiple paths
C. iSCSI installation and a bridge the Ethernet network to the Fibre Channel fabric
D. synchronous replication using DWDM
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 113
A customer wants to consolidate the storage in an existing SAN where Cisco MDS Series Switches are deployed. How can the customer accomplish this goal and still be able to retain full access to the data?
A. dual supervisor modules
B. virtual output queuing (VOQ)
C. stateful failover
D. universal interoperability mode 4
E. per-VSAN FSPF routing
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 114
A customer has the following application and peak-bandwidth requirements:Four database servers: 50 MBps eachFour exchange servers: 30 MBps each20 midrange development servers: 20 MBps eachWhich dual-fabric designs would best meet the needs of this price-sensitive customer while allowing for future SAN extension capability?
A. two Cisco MDS 9216i Multilayer Fabric Switches, each with an IPS-8 module
B. two Cisco MDS 9216A Multilayer Fabric Switches, each with an SSM module
C. two Cisco MDS 9216i Multilayer Fabric Switches, each with a 16-port FC module
D. two Cisco MDS 9216A Multilayer Fabric Switches, each with a 32-port FC module
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
At which point can security on a Fibre Channel SAN be implemented? (Choose three.)
A. storage array
B. server
C. Fibre Channel switch
D. GigE NIC
E. SFP connector
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
Flydumps is ready to provide Cisco 642-355 candidates with Cisco 642-355 training materials which can be very much helpful for getting Cisco 642-355 certification, which means that candidates.Cisco 642-355 can easily get access to the services of Cisco 642-355 for practice exam, which will assure them 100% Cisco 642-355 success rate.Though Cisco 642-355 tests are not easy at all,but they do not make Cisco 642-355 things complicated.