Month: July 2016
Flydumps Cisco 642-812 exam material details are researched and created by the Most Professional Certified Authors who are regularly using current exams experience to create precise and logical dumps.You can get questions and answers from many other websites or books, but logic is the main key of success, and Flydumps will give you this key of success.
QUESTION 111
Which three statements about STP timers are true? (Choose three.)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: QUESTION 112
The lack of which two prevents VTP information from propagating between switches? (Choose two.)
A. VLAN 1
B. a trunk port
C. VTP priority
D. a root VTP server
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 113
Refer to the exhibit. An administrator is verifying that a CEF FIB entry exists to destination network
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 114
168.150.0. Given the output generated by the show ip cef and show adjacency detail commands, which three statements are true? (Choose three.)
A. There is a valid CEF entry for the destination network 192.168.150.0.
B. The “valid cached adjacency” entry indicates that CEF will put all packets going to such an adjacency to the next best switching mode.
C. The counters (0 packets, 0 bytes) indicate a problem with the 192.168.199.3 next hop IP address.
D. There is an adjacency for the 192.168.199.3 next hop IP address.
E. The number 003071506800 is the MAC address of the 192.168.199.3 next hop IP address. TestInside Help You Pass Any IT Exam
http://www.TestInside.com
Testinside
F. The number 003071506800 is the MAC address of the source IP address.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which two statements are true about a switched virtual interface (SVI)? (Choose two.)
A. An SVI is created by entering the no switchport command in interface configuration mode.
B. An SVI is created for the default VLAN (VLAN1) to permit remote switch administration by default.
C. An SVI provides a default gateway for a VLAN.
D. Multiple SVIs can be associated with a VLAN.
E. SVI is another name for a routed port.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 116
What is the effect of configuring the following command on a switch?
Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for Portfast, the port will transition to forwarding state.
D. The command will enable BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and
cannot access network resources. On the basis of the information in the exhibit, which command sequence
would correct the problem?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. SW1(config)# interface fastethernet 0/1 SW1(config-if)# no shut
B. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access
C. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10
D. SW1(config)# vlan 10 SW1(config-vlan)# no shut
E. SW1(config)# vlan 10 SW1(config-vlan)# state active
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 118
Refer to the exhibit. What does the command channel-group 1 mode desirable do?
A. enables LACP unconditionally
B. enables PAgP only if a PAgP device is detected
C. enables PAgP unconditionally
D. enables Etherchannel only
E. enables LACP only if a LACP device is detected
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 119
Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true? (Choose two.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. All interfaces on the switch have been configured as access ports.
B. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show vlan output.
C. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlan output.
D. There are no native VLANs configured on the trunk.
E. VLAN 1 will not be encapsulated with an 802.1q header.
F. VLAN 2 will not be encapsulated with an 802.1q header.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 120
Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1. Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management VLAN is on VLAN10 (10.1.10.0). Hosts are able to ping each other but are unable to reach the servers. On the basis of the exhibited output, which configuration solution could rectify the problem?
A. Enable IP routing on the switch D-SW1.
B. Configure a default route that points toward network 200.1.1.0/24.
C. Assign an IP address of 10.1.3.1/24 to VLAN3. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
D. Configure default gateways to IP address 10.1.2.1 on each host.
E. Configure default gateways to IP address 10.1.10.1 on each host.
F. Configure default gateways to IP address 200.1.1.2 on each host.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Which two statements are true about this interface? (Choose two.)
A. This interface is a dot1q trunk passing all configured VLANs.
B. This interface is configured for access mode.
C. This interface is a member of VLAN1.
D. This interface is a member of VLAN7.
E. This interface is a member of a voice VLAN.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: QUESTION 122
Refer to the exhibit. Which statement is true when voice traffic is forwarded on the same VLAN used by
the data traffic?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Quality of service cannot be applied for the voice traffic.
B. The voice traffic cannot be forwarded to the distribution layer.
C. Port security cannot be enabled on the switch that is attached to the IP phone.
D. The voice traffic cannot use 802.1p priority tagging.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which two statements are true about recommended practices in VLAN design? (Choose two.)
A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer.
B. Routing should always be performed at the distribution layer.
C. Routing should not be performed between VLANs located on separate switches.
D. VLANs should be localized to a switch.
E. VLANs should be localized to a single switch unless voice VLANs are being utilized.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Refer to the exhibit. What statement is true about the configuration on switch CAT1?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The configuration overrides 802.1p priorities on packets entering ports Fa0/11 and Fa0/12 with a value of
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 125
A. The configuration establishes policed DSCP on ports Fa0/11 and Fa0/12 with values ranging from 8 to
Correct Answer: Section: (none) Explanation Explanation/Reference:
QUESTION 126
A. The configuration overrides the Quality of Service value in packets entering ports Fa0/11 and Fa0/12 with a value of 45.
B. Two IP phones with the MAC addresses of 0008.8595.d1a7 and 0007.8595.d2b7 are connected to CAT1 ports Fa0/11 and Fa0/12, respectively.
C. Security violation shutdown mode has been activated for ports Fa0/11 and Fa0/12. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
D. Untagged Port VLAN ID (PVID) frames will carry voice traffic on VLAN 40.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
You will pass your Cisco 642-812 exam GUARANTEED using our accurate Cisco 642-812 practice questions and answers PDF&VCE dumps. Flydumps exam dumps will help you not only pass in the first try, but also save your valuable time. Give your career a boost and start earning your Cisco certification today!
You can prepare for Cisco 640-822 with little effort because Flydumps is now at your service to act as a guide in Flydumps you pass Cisco 640-822 exam.Now get that necessary competitive edge that comes with preparing with the help of Flydumps.
QUESTION 51
Which description is correct about the operational state of the FastEthernet 0/0 interface on the basis of the exhibit below?
A. The interface is generating protocol errors.
B. The interface has failed because of a media error.
C. The interface is operational and currently handling traffic.
D. The interface requires a no shutdown command to be issued.
Correct Answer: C
QUESTION 52
Two certways routers are connected as shown below:
certways1 configuration exhibit:
certways2 configuration exhibit:
Two routers named certways1 and certways2 are connected by their serial interfaces as shown in the
exhibit, but there is no data connectivity between them. The certways1 router is known to have a correct
configuration. Given the partial configurations shown in the exhibit, what is the problem on the certways2
router that is causing the lack of connectivity?
A. A loopback is not set.
B. The IP address is incorrect.
C. The subnet mask is incorrect.
D. The serial line encapsulations are incompatible.
Correct Answer: B
QUESTION 53
You work as a network technician at P4S. Please study the exhibit carefully.
The router console screen is rapidly displaying line after line of output similar to what is shown in the
exhibit. The help desk has called to say that users are reporting a slowdown in the network. What will solve
this problem while not interrupting network operation?
A. Enter the no debug all command.
B. Save the configuration and reboot the router.
C. Press the CTRL+C keys.
D. Use the show processes command.
Correct Answer: A
QUESTION 54
According to the exhibit below. Information about P4S-RA, including platform and IP addresses, should not be accessible from the Internet due to security reasons. However, this information needs to be accessible to devices on the internal networks of P4S-RA. Which command or series of commands will achieve these goals?
A. P4S-RA(config)#no cdp enable
B. P4S-RA(config)#interface s0/0 P4S-RA(config-if)#no cdp run
C. P4S-RA(config)#no cdp run
D. P4S-RA(config)#interface s0/0 P4S-RA(config-if)#no cdp enable
Correct Answer: D
QUESTION 55
Which will be the result of adding this command to a router already configured for dynamic routing? ip route 0.0.0.0 0.0.0.0 192.168.1.2
A. It configures the router to block routing updates from being sent to IP address 192.168.1.2.
B. It configures the router to drop all packets for which the destination network is unknown.
C. It configures the router as a firewall, blocking all packets from IP address 192.168.1.2.
D. It configures the router to send all packets to IP address 192.168.1.2 if the packets match no other entry in the routing table.
Correct Answer: D
QUESTION 56
Look at the picture: A.
B.
C.
D.
Correct Answer:
QUESTION 57
Look at the following exhibit. You are a network administrator for certways. You need to install a network device in the place of the icon labeled Network Device to accommodate a leased line attachment to the Internet. To meet the minimum requirements for this installation, which network device and interface configuration would you use?
A. a router with two Ethernet interfaces
B. a switch with two Ethernet interfaces
C. a switch with one Ethernet and one serial interface
D. a router with one Ethernet and one serial interface
Correct Answer: D
QUESTION 58
You are a network technician for certways Ltd. Study the graphic carefully, you are tasked to connect a Cisco router to a Catalyst switch as displayed and you are also working on a computer connected to the management console of the switch. In order to configure the default gateway for the switch, you should learn the IP address of the attached router interface. Which IOS command will provide this information in the absence of Layer 3 connectivity?
A. ping switch_ip_address
B. show ip rarp
C. ping router_ip_address
D. show cdp neighbors detail
Correct Answer: D
QUESTION 59
Which command would configure a default route to any destination network not found in the routing table?
A. P4S-R(config)# ip route 0.0.0.0 255.255.255.255 s0
B. P4S-R(config)# ip default-route 0.0.0.0 s0
C. P4S-R(config)# ip default-route 0.0.0.0 255.255.255.255 s0
D. P4S-R(config)# ip route 0.0.0.0 0.0.0.0 s0
Correct Answer: D
QUESTION 60
According to the exhibit below. P4S-PC1 pings P4S-PC2. Which three things will P4S-CORE router do with the data received from P4S-PC1? (Choose three.)
A. The data frames will be forwarded out interface FastEthernet0/1 of P4S-CORE router.
B. The data frames will be forwarded out interface FastEthernet1/0 of P4S-CORE router
C. P4S-CORE router will place the MAC address of P4S-PC2 in the destination MAC address of the frames.
D. P4S-CORE router will put the MAC address of the forwarding FastEthernet interface in the place of the source MAC address.
Correct Answer: BCD
QUESTION 61
According to the exhibit below. Configuring P4S-R1 and P4S-R3 with RIPv2. What are the minimum network commands required on P4S-R2 for all networks to converge?
A. (config-router)# network 192.168.0.0
B. (config-router)# network 192.168.0.0 (config-router)# network 192.168.1.0
C. config-router)# network 192.168.0.0 (config-router)# network 192.168.1.0 (config-router)# network 192.168.3.0
D. (config-router)# network 192.168.2.0 (config-router)# network 192.168.3.0 (config-router)# network 192.168.4.0
Correct Answer: C
QUESTION 62
The command ip route 192.168.100.160 255.255.255.224 192.168.10.2 20 was performed on a router. No
routing protocols or other static routes are configured on the router.
Which statement
best describes this command?
A. The interface with IP address 192.168.10.2 is on this router.
B. The command sets a gateway of last resort for the router.
C. Packets that are destined for host 192.168.100.190 will be sent to 192.168.10.2.
D. The number 20 indicates the number of hops to the destination network.
Correct Answer: C
QUESTION 63
What does the address 192.168.2.167 stand for on the basis of the following exhibit?
A. the router from which the file startup-config is being transferred
B. the TFTP server from which the file router-confg is being transferred
C. the TFTP server from which the file startup-config is being transferred
D. the TFTP server to which the file router-confg is being transferred
Correct Answer: D
QUESTION 64
Tom is a network technician for the P4S company. Observe the exhibit carefully. He is trying to use
HyperTerminal to configure a new router by use of the settings presented.
Why Tom can’t
connect to the router?
A. The bits per second should be set to 9600.
B. Parity should be set to mark.
C. The stop bits should be set to 2.
D. The data bits should be set to 6.
Correct Answer: A QUESTION 65
There are three locations in a school district of a large city: P4S-M, P4S-W and P4S-U. The network connection between two of these locations has already functioned. Configure the P4S-M router IP addresses on the E0 and S0 interfaces so that the E0 receives the first usable subnet while the S0 receives the second usable subnet from the network 192.168.160.0/28. Both interfaces would receive the last available IP address on the proper subnet.
A.
B.
C.
D.
Correct Answer:
QUESTION 66
Look at the following exhibit. You are a technician for certways. The configurations in the exhibit are pasted into the two new routers shown. Otherwise, the routers are configured with their default configurations. You cannot ping from P4S-Host1 to P4S-Host2, but you can ping the S0/0 interface of P4S-R2 from P4S-Host1. You have verified the configurations of the hosts and they are correct. What caused the problem?
A. The serial cable on P4S-R1 needs to be replaced.
B. P4S-R1 has no route to the 192.168.1.128 network.
C. The interfaces on P4S-R2 are not configured properly.
D. The IP addressing scheme has overlapping subnetworks.
Correct Answer: B
QUESTION 67
Topic – Explain and select the appropriate administrative tasks required for a WLAN.
Describe standards associated with wireless media (including: IEEE WI-FI Alliance, ITU/FCC)
Identify and describe the purpose of the components in a small wireless network. (including: SSID, BSS,
ESS)
Identify the basic parameters to configure on a wireless network to ensure that devices connect to the
correct access point
Compare and contrast wireless security features and capabilities of WPA security (including: open, WEP,
WPA-1/2)
Identify common issues with implementing wireless networks Answer & Explanation
A.
B.
C.
D.
Correct Answer:
QUESTION 68
The protocol that provides the information displayed by the show cdp neighbors command may operate at a layer of the OSI model. Which level is it?
A. network
B. physical
C. transport
D. data link
Correct Answer: D QUESTION 69
In an effort to increase security within the certways wireless network, WPA is being utilized. Which two statements shown below best describe the wireless security standard that is defined by WPA? (Choose two)
A. It specifies use of a static encryption key that must be changed frequently to enhance security.
B. It requires use of an open authentication method.
C. It specifies the use of dynamic encryption keys that change each time a client establishes a connection.
D. It includes authentication by PSK.
Correct Answer: CD QUESTION 70
You work as a network technician for certways and are responsible for this network. And you have chosen WPA over WEP in their wireless network. What is one reason why WPA encryption is preferred over WEP in this network?
A. WPA key values remain the same until the client configuration is changed.
B. A WPA key is longer and requires more special characters than the WEP key.
C. The access point and the client are manually configured with different WPA key values.
D. The values of WPA keys can change dynamically while the system is used.
Correct Answer: D QUESTION 71
While moving from one access point to another, which wireless LAN design ensures that a mobile wireless client would not lose connectivity?
A. configuring all access points to use the same channel
B. recommended overlap in cell coverage is 15 to 20%
C. utilizing MAC address filtering to allow the client MAC address to authenticate with the surrounding APs
D. using adapters and access points manufactured by the same company
Correct Answer: B QUESTION 72
The Wi-Fi logo is a registered mark of the Wi-Fi Alliance. When the Wi-Fi logo appears on a wireless access point or client adapter, which two of these does it signify? (Choose two.)
A. The Wi-Fi Alliance has tested this device and determined that it meets IEEE WLAN standards.
B. The access point or client adapter has been manufactured by the Wireless Fidelity company.
C. The manufacturer of the equipment has paid the Wi-Fi Alliance to market its products.
D. The Wi-Fi Alliance has verified that the device can interoperate with other devices using the same standards.
Correct Answer: AD QUESTION 73
As the certways network administrator, you need to troubleshoot an interference issue with the certways wireless LAN. Which two devices can interfere with the operation of this network because they operate on similar frequencies? (choose two)
A. AM radio
B. microwave oven
C. toaster
D. cordless phone
Correct Answer: BD QUESTION 74
Install and configure three access points to cover a small office. Which one of the following terms defines the wireless topology?
A. BSS
B. IBSS
C. ESS
D. SSID
Correct Answer: C QUESTION 75
You are a network technician. You have just installed a single 802.11g access point in the center of a square office. Some wireless users come across slow performance and drops when most users are operating at peak efficiency. Which three items most likely cause this problem? (Choose three.)
A. mismatched TKIP encryption
B. cordless phones
C. metal file cabinets
D. antenna type or direction
Correct Answer: BCD QUESTION 76
Which encryption type will be used by WPA2?
A. AES-CCMP
B. PSK
C. TKIP/MIC
D. PPK via IV
Correct Answer: A QUESTION 77
Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.)
A. The area of overlap of the two cells represents a basic service set (BSS).
B. The network diagram represents an extended service set (ESS).
C. Access points in each cell must be configured to use channel 1.
D. The two APs should be configured to operate on different channels.
Correct Answer: BD QUESTION 78
Assuming that you are a network technician, can you tell me which two practices help secure the configuration utilities on wireless access points from unauthorized access? (Choose two.)
A. assigning a private IP address to the AP
B. changing the default SSID value
C. configuring a new administrator password
D. changing the mixed mode setting to single mode
Correct Answer: BC QUESTION 79
Which protocol will be used by a network host to resolve a destination IPv4 address to a destination MAC address?
A. ARP
B. RARP
C. DHCP
D. DNS
Correct Answer: A QUESTION 80
Topic – Identify security threats to a network and describe general methods to mitigate those threats.
Explain today’s increasing network security threats and the need to implement a comprehensive security policy to mitigate the threats
Explain general methods to mitigate common security threats to network devices, hosts, and applications Describe the functions of common security appliances and applications Describe security recommended practices including initial steps to secure network devices
A.
B.
C.
D.
Correct Answer:
QUESTION 81
As a network administrator, you would configure port security on a switch. Why?
A. in order to prevent unauthorized hosts from accessing the LAN
B. in order to prevent unauthorized Telnet access to a switch port
C. in order to protect the IP and MAC address of the switch and associated ports
D. in order to limit the number of Layer 2 broadcasts on a particular switch port
Correct Answer: A
QUESTION 82
What objective does an IDS accomplish?
A. hide the private IP addressing structure from outside attackers
B. perform stateful firewall functions
C. detect malicious traffic and send alerts to a management station
D. block suspicious network activity from entering the network
Correct Answer: C
QUESTION 83
The certways administrator is concerned with enhancing network security. To do this, what are two recommended ways of protecting network device configuration files from outside security threats on the network?(Choose two.)
A. Always use Telnet to access the device command line because its data is automatically encrypted.
B. Use a firewall to restrict access from the outside to the network devices.
C. Allow unrestricted access to the console or VTY ports.
D. Use SSH or another encrypted and authenticated transport to access device configurations.
Correct Answer: BD
QUESTION 84
Choose from the following the effect of using the service password-encryption command.
A. Only the enable password will be encrypted.
B. It will encrypt all current and future passwords.
C. Only the enable secret password will be encrypted.
D. Only passwords configured after the command has been entered will be encrypted.
Correct Answer: B
QUESTION 85
To protect network device configuration files from outside network security threats, what should you do? (Choose two.)
A. Allow unrestricted access to the console or VTY ports.
B. Use a firewall to restrict access from the outside to the network devices.
C. Use SSH or another encrypted and authenticated transport to access device configurations.
D. Always use Telnet to access the device command line because its data is automatically encrypted.
Correct Answer: BC
Flydumps.com new Cisco 640-822 study guides that you use have been rigorously tested by International experts. Choose Flydumps both save your time and money. And our products will satisfy you.
Cisco 640-822 Certification exams Q and A provided by Flydumps will make you feel like you are taking an actual exam at a Prometric or VUE center. Furthermore,we are constantly updating our Cisco 640-822 practice material.Our candidates walk into the testing Room as confident as a Certification Administrator.So you can pass the eaxm beyond any doubt.
QUESTION 50
Part of the configuration of router TT 1 is shown below: Exhibit
What is the effect of the configuration shown above on router TT 1 ?
A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSH connection first and if that fails to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.
E. It allows seven failed login aTT empts before the VTY lines are temporarily shutdown.
F. None of the above.
Correct Answer: D
QUESTION 51
You need to make changes to a new Troytec router. By which prompt is the global configuration mode on this router identified?
A. Router(config-line)#
B. Router(config-router)#
C. Router#
D. Router(config)#
E. Router>
F. Router(config-if)#
G. None of the above
Correct Answer: D
QUESTION 52
You need to configure a new Cisco router for remote access on the Troytec network. How many simultaneous telnet sessions does this Cisco router support by default?
A. 4
B. 2
C. 5
D. 1
E. 6
F. 0
Correct Answer: C
QUESTION 53
The interface status of a Troytec router is shown below:
Exhibit The result of the show interfaces serial 0/0 command is displayed in the exhibit. What command should be executed to make this interface operational?
A. Troytec C(config-if)# enable
B. Troytec C(config-if)# no keepalive
C. Troytec C(config-if)# encapsulation pop
D. Troytec C(config-if)# no shutdown
E. Troytec C(config-if)# clock rate 56000
F. Troytec C(config-if)# line protocol up
Correct Answer: D
QUESTION 54
Which of the following commands displays the configurable parameters and statistics of all interfaces on a router?
A. show interfaces
B. show processes
C. show running-config
D. show versions
E. show startup-config
Correct Answer: A
QUESTION 55
The following was seen on a Troytec router in Huntsville:
Exhibit Refer to the router output shown in the graphic. What can be assumed about the network attached to this router interface?
A. The network hosts are attached to a hub.
B. The interface is being used at near maximum capacity.
C. There should never be any collisions in this network.
D. The network has an excessive number of errors.
E. The network is using an unusual Ethernet encapsulation.
F. None of the above
Correct Answer: C
QUESTION 56
Refer to the output of the three Troytec router commands shown in the exhibit. A new technician has been told to add a new LAN to the company router. Why has the technician received the error message that is shown following the last command?
Exhibit A. The command was entered from the wrong prompt.
B. The router does not support LAN interfaces that use Ethernet.
C. The interface was already configured.
D. The IOS software loaded on the router is outdated.
E. The interface type does not exist on this router platform.
F. None of the above
Correct Answer: E
QUESTION 57
: In the Troytec router below, serial0/0 does not respond to a ping request from a host on the FastEthernet0/0 LAN.
Exhibit
Based on the information above, how can this problem be corrected?
A. Correct the IP address for interface Serial 0/0.
B. Change the encapsulation type on interface Serial 0/0.
C. Correct the IP address for interface FastEthernet 0/0.
D. Enable auto configuration on the Serial 0/0 interface.
E. Enable the Serial 0/0 interface.
F. None of the above
Correct Answer: E
QUESTION 58
An administrator issues the show ip interface s0/0 command and the output displays that interface Serial0/0 is up, line protocol is up What does “line protocol is up” specifically indicate about the interface?
A. The cable is attached properly.
B. CDP has discovered the connected device.
C. Keepalives are being received on the interface.
D. A carrier detect signal has been received from the connected device.
E. IP is correctly configured on the interface.
Correct Answer: C
QUESTION 59
You need to configure the interfaces on a new Troytec router, but first you need to enter the global configuration mode. Which command is used on router Troytec 3 to reach this mode?
A. Troytec 3# router
B. Troytec 3# setup
C. Troytec 3# interface
D. Troytec 3> enable
E. Troytec 3# configure terminal
Correct Answer: E
QUESTION 60
In the network shown below, The Troytec technician is testing connection problems. What is the problem indicated by the output from HostA?
Exhibit A. The gateway address of HostA is incorrect or not configured.
B. An access list is applied to an interface of Troytec 3.
C. The routing on Troytec 2 is not functioning properly.
D. The Fa0/24 interface of Switch1 is down.
E. None of the above
Correct Answer: A
QUESTION 61
Regarding the extended ping command; which of the statements below are true? (Select all valid answer choices)
A. The extended ping command is supported from user EXEC mode.
B. The extended ping command is available from privileged EXEC mode.
C. With the extended ping command you can specify the TCP and UDP port to be pinged.
D. With the extended ping command you can specify the timeout value.
E. With the extended ping command you can specify the datagram size.
Correct Answer: BDE
QUESTION 62
When you use the ping command to send ICMP messages across a network, what’s the most common request/reply pair you’ll see? (Select one answer choice)
A. Echo request and Echo reply
B. ICMP hold and ICMP send
C. ICMP request and ICMP reply
D. Echo off and Echo on
E. None of the above
Correct Answer: A QUESTION 63
Part of the Troytec network is shown below: Exhibit
Ping exhibit: Exhibit
Tracert exhibit: Exhibit
You work as a network technician at Troytec .com. You are testing connection problems in the network and your PC (host Troytec A) has provided the output shown above. What is the problem indicated by this output?
A. The routing on Router Troytec 2 is not functioning properly.
B. The Fa0/24 interface of Switch Troytec 4 is down.
C. An access list is applied to an interface of Router Troytec 3.
D. The gateway address of Host Troytec A is incorrect or not configured.
E. None of the above
Correct Answer: D
QUESTION 64
Network Topology Exhibit:
Troytec 1 configuration exhibit: Exhibit
Troytec 2 configuration exhibit: Exhibit
You need to ensure connectivity between two new Troytec offices. You apply the configurations in the exhibit into the two new routers Troytec 1 and Troytec 2. Otherwise, the routers are configured with their default configurations. A ping from Host Troytec A to Host Troytec B fails, but you are able to ping the S0/0 interface of Troytec 2 from Host Troytec A. The configurations of the hosts have been verified as correct. What could be the cause of the problem?
A. The interfaces on Troytec 2 are not configured properly.
B. The serial cable on Troytec 1 needs to be replaced.
C. The IP addressing scheme has overlapping subnetworks.
D. Router Troytec 1 has no route to the 192.168.1.128 network.
E. The ip subnet-zero command must be configured on both routers.
Correct Answer: D
QUESTION 65
You need to configure a default route on a Troytec router. Which command will configure a default route on a router?
A. TT 1 (config)# ip route 0.0.0.0 10.1.1.0 10.1.1.1
B. TT 1 (config)# ip default-route 10.1.1.0
C. TT 1 (config)# ip default-gateway 10.1.1.0
D. TT 1 (config)# ip route 0.0.0.0 0.0.0.0 10.1.1.1
Correct Answer: D
QUESTION 66
Static routing needs to be configured on router TT 1. In which situation would the use of a static route be appropriate?
A. To configure a route to the first Layer 3 device on the network segment.
B. To configure a route from an ISP router into a corporate network.
C. To configure a route when the administrative distance of the current routing protocol is too low.
D. To reach a network is more than 15 hops away.
E. To provide access to the Internet for enterprise hosts.
F. None of the above
Correct Answer: B
QUESTION 67
The Troytec network is shown below:
Exhibit Based on this information, which of the following will configure a static route on Router A to network 180.18.30.0/24 with an administrative distance of 90?
A. Router(config)# ip route 90 180.18.20.1 255.255.255.0 182.18.20.2
B. Router(config)# ip route 180.18.20.1 255.255.255.0 182.18.30.0 90
C. Router(config)# ip route 180.18.30.1 255.255.255.0 182.18.20.1 90
D. Router(config)# ip route 90 180.18.30.0 255.255.255.0 182.18.20.2
E. Router(config)# ip route 180.18.30.0 255.255.255.0 182.18.20.2 90
Correct Answer: E
QUESTION 68
The network administrator of the Oregon router adds the following command to the router configuration: ip
route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command? (Choose
two.)
Exhibit:
Exhibit
A. Traffic for network 192.168.12.0 is forwarded to 172.16.12.1.
B. This route is automatically propagated throughout the entire network.
C. Traffic for all networks is forwarded to 172.16.12.1.
D. Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network.
E. The command invokes a dynamic routing protocol for 192.168.12.0.
F. The command establishes a static route.
Correct Answer: AF
QUESTION 69
Which of the commands below can you use to configure a default route on router TT 1 ? (Select two answer choices)
A. TT 1 (config)# ip route 0.0.0.0 0.0.0.0 E0
B. TT 1 (config)# ip route 0.0.0.0 255.255.255.255 S0
C. TT 1 (config-interface)# ip route 255.255.255.255 0.0.0.0 192.168.1.21
D. TT 1 (config)# ip route 0.0.0.0 0.0.0.0 192.168.1.21
E. TT 1 (config)# ip route 0.0.0.0 192.168.1.21 255.255.255.255
F. TT 1 # ip default-network 0.0.0.0 192.168.1.21 255.255.255.255
Correct Answer: AD
QUESTION 70
Which of the following commands would you use to configure a default route to any destination NOT found in the routing table of router TT 1 ?
A. TT 1 (config)# ip default-route 0.0.0.0 255.255.255.255 s0
B. TT 1 (config)# ip route 0.0.0.0 255.255.255.255 s0
C. TT 1 (config)# ip default-route 0.0.0.0 0.0.0.0 s0
D. TT 1 (config)# ip route 0.0.0.0 0.0.0.0 s0
E. TT 1 (config)# ip route any any e0
F. None of the above
Correct Answer: D
QUESTION 71
The topology of the Troytec network is displayed below, along with the routing table of the Troytec 1 router:
Exhibit
172.17.22.0 172.31.5.0 Changes to the Troytec network were made, and now users on the Troytec 3 LAN are not able to connect to the Troytec 4 LAN. Based on the information above, what could be the reason for this?
A. The Fast Ethernet interface is disabled.
B. The neighbor relationship table is not updated.
C. A static route is configured incorrectly.
D. The routing table on Troytec 1 is not updated.
E. IP routing is not enabled.
Correct Answer: C
QUESTION 72
Some of the Troytec routers have been configured with default routes. What are some of the advantages of using default routes? (Choose two)
A. They establish routes that will never go down.
B. The keep routing tables small.
C. They require a great deal of CPU power.
D. The allow connectivity to remote networks that are not in the routing table.
E. They direct traffic from the Internet into corporate networks.
Correct Answer: BD
QUESTION 73
You have just configured a static default route on router TT 1 . What is the purpose of a default route?
A. It is a route to be used when the routing protocol fails.
B. It is a route configured by an ISP that sends traffic into a corporate network.
C. It is a route used when a packet is destined for a remote network that is not listed in the routing table.
D. It is a route manually configured for a specific remote network for which a routing protocol is not configured.
E. It is used to send traffic to a stub network. F. None of the above
Correct Answer: C
QUESTION 74
On router TT 1 the following configuration command was entered: ip route 0.0.0.0 0.0.0.0 192.168.1.2 What is the result of adding this command to this router when it is already configured for dynamic routing?
A. It configures the router to block routing updates from being sent to IP address 192.168.1.2.
B. It configures the router to send all packets to IP address 192.168.1.2 if the packets match no other entry in the routing table.
C. It configures the router to drop all packets for which the destination network is unknown.
D. It configures the router to send all packets to IP address 192.168.1.2.
E. It configures the router as a firewall, blocking all packets from IP address 192.168.1.2.
F. None of the above
Correct Answer: B
QUESTION 75
If NVRAM in a Troytec router lacks boot system commands, where does this router look for the Cisco IOS by default?
A. ROM
B. RAM
C. Flash
D. Bootstrap
E. Startup-.config
F. None of the above
Correct Answer: C
QUESTION 76
When you power up a Troytec router; in what memory is the start-up configuration normally stored in?
A. RAM
B. ROM
C. FLASH
D. NVRAM
E. None of the above
Correct Answer: D
QUESTION 77
You are the administrator of the Troytec network and you have forgoTT en the password to one of your routers. After completing the password recovery procedure the router returned to its normal operation. The config-register was set back to the initial default value. What is this value?
A. 0x2112
B. 0x2104
C. 0x2102
D. 0x2142
E. 0x2100
Correct Answer: C QUESTION 78
You issued the following command on router Troytec 3: Exhibit
When upgrading the IOS image, you receive the exhibited error message shown above. Based on the information given, what could be the cause of this error?
A. The TFTP server is unreachable from the router.
B. The new IOS image is too large for the router flash memory.
C. The IOS image on the TFTP server is corrupt.
D. The new IOS image is not correct for this router platform.
E. There is not enough disk space on the TFTP server for the IOS image.
F. None of the above
Correct Answer: A
QUESTION 79
The relevant system information regarding a Troytec router is shown in the following display:
Exhibit
Refer to the partial Command output shown. Which two statements are correct regarding the router hardware? (Choose Two)
A. Total RAM Size is 32 KB.
B. Total RAM Size is 16384 KB (16 MB)
C. Total RAM Size is 65536 KB (64 MB)
D. FLASH Size is 32 KB.
E. FLASH Size is 16384 KB (16 MB)
F. FLASH Size is 65536 KB (64 MB)
Correct Answer: CE
QUESTION 80
Which is the correct fallback sequence for loading the Cisco IOS?
A. ROM, Flash, NVRAM
B. ROM, TFTP server, Flash
C. Flash, TFTP server, ROM
D. Flash, NVRAM, RAM
Correct Answer: C
QUESTION 81
See the following exhibit below:
Exhibit
A router consistently loses its configuration each time it reboots. Given the output shown in the graphic, what is the cause of this problem?
A. The processor is overheating.
B. Configuration register is misconfigured.
C. There is no problem.
D. Cisco products are inferior compared to Nortel products. Migrate to Nortel instead.
E. None of the above
Correct Answer: B
QUESTION 82
A Cisco router has been configured, and the copy running-config startup-config command has been
issued. When the router is power cycled, the router prompts with:
“Would you like to enter the initial configuration dialog? [yes/no]” Why has this occurred?
A. There is an error in the router DRAM.
B. Te IOS image is corrupt.
C. The configuration register is set to 0x2142.
D. The TFTP server that contains the router configuration file is unreachable.
E. A boot system configuration command has placed the router into setup mode.
Correct Answer: C QUESTION 83
What is the purpose of using the copy flash tftp command on a router?
A. To copy an IOS image to the router
B. To create a backup copy of the IOS
C. To move the IOS image from a server to the router
D. To backup the router configuration to a server
Correct Answer: B QUESTION 84
Refer to the following exhibit: Exhibit
The Troytec network administrator configures a new router and enters the copy startup- config running-config command on the router. He powers down the router and sets it up at a remote location. When the router starts, it enters the system configuration dialog as shown. What is the cause of the problem?
A. The network administrator failed to save the configuration.
B. The configuration register is set to 0x2100.
C. The boot system flash command is missing from the configuration.
D. The configuration register is set to 0x2102.
E. The router is configured with the boot system startup command.
F. None of the above
Correct Answer: A
QUESTION 85
Before installing a new, upgraded version of the IOS, what should be checked on the router, and which command should be used to gather this information? (Choose two)
A. show running-config
B. show version
C. the version of the bootstrap software present on the router
D. the amount of available ROM
E. the amount of available flash and RAM memory
F. show processes
Correct Answer: BE
QUESTION 86
Drag and Drop You work as a network administrator at Troytec .com. Your boss, Mrs. Troytec , tells you to match the commands with the appropriate descriptions. One of the commands listed below will not be used.
Select and Place:
Correct Answer:
QUESTION 87
Which of the commands below would you enter if you wanted to see the configuration register of your router?
A. show boot
B. show flash
C. show register
D. show version
E. show config
F. None of the above
Correct Answer: D
QUESTION 88
After logging into a router, you type in “enable” and then enter the correct password when prompted. What is the current router prompt symbol at this point?
A. >
B. #
C. ?
D. *
E. All of the above
F. None of the above
Correct Answer: B
QUESTION 89
In the Cisco IOS, what is the definition of a global command?
A. A command that can be entered in any configuration mode.
B. A command that supports all protocols.
C. A command that is implemented in all IOS versions.
D. A command that is set once and affects the entire router.
E. A command that is available in every release of IOS.
Correct Answer: D
QUESTION 90
Which of the following commands will display the name of the IOS image file being used in a Troytec router?
A. Router# show IOS
B. Router# show version
C. Router# show image
D. Router# show protocols
E. Router# show flash
Correct Answer: BE
Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Cisco 640-822 practice test products. Once you have practiced through our assessment material, familiarity on Cisco 640-822 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Cisco 640-822 exam.
Important Info: These new valid CheckPoint 156-915 exam questions were updated in recent days by CheckPoint 156-915 ,please visit our website to get the full version of new CheckPoint 156-915 exam dumps with free version of new VCE Player, you can pass the exam easily by training it!
QUESTION 87
Which feature in VPN-1 permits blocking specific IP addresses for a specified time period?
A. HTTP Methods
B. Local Interface Spoofing
C. Block Port Overflow
D. Suspicious Activity Monitoring
Correct Answer: D
QUESTION 88
Match the ClusterXL Modes with their configurations: Exhibit:
A. A2,B3,C1,D4
B. A2,B3,C4,D1
C. A3,B2,C4,D1
D. A3,B2,C1,D4
Correct Answer: D
QUESTION 89
By default Check Point High Availability components send updates about their state every:
A. 1 Second
B. 0.1 Second
C. 5 Seconds
D. 0.5 seconds
Correct Answer: B
QUESTION 90
Which operating system is not supported by SecureClient?
A. IPSO 3.9
B. MacOS X
C. Windows 2003 Professional
D. Windows XP SP2
Correct Answer: A
QUESTION 91
Which of the following is the most critical step in a SmartCenter Server NGX R65 backup strategy?
A. Move the *.tgz upgrade_export file to an offsite location via ftp
B. Perform a full system tape backup of both the SmartCenter and Security Gateway machines
C. Using the upgrade_import command, attempt to restore the SmartCenter server to a non-production system
D. Run the cpstop command prior to running the upgrade_export command
Correct Answer: C
QUESTION 92
What happens when you select File > Export from the SmartView Tracker Menu?
A. Logs in fw.log are exported to a file that can be opened by Microsoft Excel
B. Exported log entries are deleted from fw.log
C. Current logs are exported to a new *.log file
D. Exported log entries are still viewable in SmartView Tracker
Correct Answer: A QUESTION 93
Which of these components does NOT require a VPN-1 NGX R65 license?
A. SmartUpdate Upgrading/Patching
B. SmartCenter Server
C. Check Point Gateway
D. SmartConsole
Correct Answer: D QUESTION 94
How do you use SmartView Monitor to compile traffic statistics for your company’s Internet activity during production hours?
A. Use the “Traffic Counters” settings and SmartView Monitor to generate a graph showing the total HTTP traffic for the day
B. Configure Suspicious Activity Rule which triggers an alert when HTTP traffic passes through the Gateway
C. Select the “Tunnels” view and generating a report on the statistics
Correct Answer: A QUESTION 95
Which Check Point product is used to create and save changes to a Log Consolidation Policy?
A. Eventia Reporter Server
B. SmartDashboard Log Consolidator
C. SmartCenter Server
D. Eventia Reporter Client
Correct Answer: B QUESTION 96
When configuring site-to-site VPN High Availability (HA) with MEP, which of the following is correct?
A. MEP Gateways must be managed by the same SmartCenter Server
B. If one MEP Security Gateway fails, the connection is lost and the backup Gateway picks up the next connection
C. MEP Gateways cannot be geographically separated machines
D. The decision on which MEP Gateway to use is made on the MEP Gateway’s side of the tunnel
Correct Answer: B QUESTION 97
You have blocked an IP address via the Block intruder feature of Smartview Tracker. How can you see the addresses you have blocked?
A. In Smartview monitor, select Blocked Intruder option from the query tree view
B. Run fwm blocked_view
C. In Smartview monitor, select Suspicious activity rules from the tools menu and select the relevant security gateway from the list
D. In SmartView Tracker,Click the Active Tab, and the actively blocked connection display
Correct Answer: C
QUESTION 98
You are administering your company’s clientless VPN connections. How many Security Servers should you be running to support 750 active users?
A. 1
B. 7
C. 5
D. 3
Correct Answer: C
QUESTION 99
What is the most typical type of configuration for VPNs with several externally managed Gateways?
A. Star Community
B. Hybrid community
C. Mesh Community
D. Domain Community
Correct Answer: A
QUESTION 100
Which of the following is TRUE concerning unnumbered VPN Tunnel Interfaces (VTIs)?
A. VTIs are only supported on SecurePlatform
B. VTI specific additional local and remote IP addresses are not configured
C. VTIs cannot be assigned a proxy interface
D. Local IP addresses are not configured, remote IP addresses are configured
Correct Answer: B
QUESTION 101
When configuring VPN High Availability (HA) with MEP, which of the following is correct?
A. If one gateway fails, the synchronized connection fails over to another Gateway and the connection continues
B. The decision on which MEP Security Gateway to use is made on the remote gateway’s side (non-MEP side)
C. MEP VPN Gateways cannot be geographically separated machines
D. MEP Gateways must be managed by the same SmartCenter Server
Correct Answer: B
QUESTION 102
___________ is a proprietary check point protocol. It is the basis of the functionality of Check Point ClusterXL inter-module communication.
A. HA OPCODE
B. CKPP
C. RDP
D. CCP
Correct Answer: D QUESTION 103
Which of the following command is a CLI command for VPN-1 NGX R65?
A. fw shutdown
B. fwprint
C. fw tab -u
D. fw merge
Correct Answer: C QUESTION 104
Match each of the following commands to their correct function. Each command only has one function
listed:
Exhibit:
A. C1>F2;C2>F1;C3>F6;C4>F4
B. C1>F4;C2>F6;C3>F3;C4>F2
C. C1>F2;C2>F4;C3>F1;C4>F5
D. C1>F6;C2>F4;C3>F2;C4>F5
Correct Answer: D
QUESTION 105
Which security servers can perform authentication tasks, but CANNOT perform content security tasks?
A. HTTP
B. FTP
C. RLOGIN
D. SMTP
Correct Answer: C
QUESTION 106
You are running the License_upgrade tool on you SecurePlatform Gateway. Which of the following can you NOT do with the upgrade tool?
A. Perform the actual license-upgrade process
B. View the status of currently installed licenses
C. Simulate the license-upgrade process
D. View the licenses in the SmartUpdate License Repository
Correct Answer: D QUESTION 107
A marketing firm’s networking team is trying to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks you to check the object and rule configuration settings for the perimeter security gateway. Which SmartConsole application should you use to check these objects and rules?
A. SmartView Statuus
B. SmartView Monitor
C. SmartView Tracker
D. SmartDashboard
Correct Answer: A QUESTION 108
Which is the BEST configuration option to protect internal users from malicious java code, without stripping Java Scripts?
A. Use the URI resource to strip ActiveX tags
B. Use the URI resource to strip applet tags
C. Use CVP in the URI resource to block Java code
D. Use the URI resource to block Java Code
Correct Answer: D QUESTION 109
You organization has many VPN-1 Edge Gateways at various branch offices, to allow users to access company resources. For security reasons, your organization’s security policy requires all internet traffic initiated behind the VPN-1 Edge Gateways first be inspected by your headquarters VPN-1 Pro Security Gateway. How do you configure VPN routing in this star VPN community?
A. To the Internet and other targets only
B. To the center and other satellites, through the center
C. To the center or through the center to other satellites, then to the Internet and other VPN targets
D. To the center only
Correct Answer: C QUESTION 110
Users are not prompted for authentication when they access their web servers, even though you have created an HTTP rule via User Authentication. Why?
A. Another rule that accepts HTTP without authentication exists in the Rule Base
B. You have forgotten to place the User Authentication Rule before the Stealth Rule
C. Users must use the SecuRemote Client, to use the User Authentication Rule
D. You checked the “Cache password on desktop” option in Global Properties
Correct Answer: B QUESTION 111
Flydumps is now offering CheckPoint 156-915 dumps PDF and Test Engine with 100% passing guarantee. Buy CheckPoint 156-915 pdf and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation. Download CheckPoint 156-915 CCIE Data Center questions answers study material and prepare for exam.
100% valid Checkpoint 156-816 brain dumps with more new added questions.By training the Checkpoint 156-816 questions, you will save a lot time in preparing the exam.Visit www.Flydumps.com to get the 100% pass ensure!
QUESTION 77
During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Correct Answer: C
QUESTION 78
During the initial configuration of a VSX Gateway cluster, the VSX Administrator is prompted to specify each cluster member’s name, as shown below:Which of the following best describes this name?
A. IP address of the individual VSX Gateway in the cluster
B. Any name the VSX Administrator chooses to describe the cluster member
C. Customer for which this VSX Gateway cluster is configured
D. MAC address of the individual VSX Gateway in the cluster
E. Hostname of the individual VSX Gateway in the cluster
Correct Answer: B
QUESTION 79
The VSX Management Server uses which of the following channels to communicate with components of the VSX Gateway?
A. Provisioning and Network Configuration
B. Route Configuration
C. Gateway Inspection Verification
D. Status Verification
E. Policy Verification
Correct Answer: A
QUESTION 80
What is the maximum number of members that can be included in a VSX Gateway cluster?
A. 2
B. 10
C. 50
D. 8
E. 25
Correct Answer: D
QUESTION 81
If two VSX Gateways are deployed in a cluster with one interface defined with a Virtual Switch, how is each Virtual Switch instance defined?
A. Primary: Standby/Secondary: Active
B. Primary: Standby/Secondary: Standby
C. Primary: Active/Secondary: Standby
D. Primary: Active/Secondary: Active
Correct Answer: D
QUESTION 82
What is the term used to describe a port or interface that shares traffic from more than one VLAN?
A. Frame-Strata enabled
B. VLAN riding
C. Comprehensive layer-2 label support
D. VLAN trunking
E. Comprehensive VLAN Tag support
Correct Answer: D
QUESTION 83
The provisioning and network configuration channel does NOT:
A. Install a default Security Policy blocking all traffic.
B. Install Administrator defined Security Policies.
C. Create Virtual Systems and Virtual Routers on a Gateway.
D. Configure interface and routing information on the Gateway.
E. Create a SIC Certificate for new objects, and transfer the Certificate to an object on the VSX Gateway.
Correct Answer: B
QUESTION 84
In a VLAN Tag added to a frame header, the __________ is a 2 byte number that identifies a frame as tagged.
A. user_priority
B. VLAN Identifier
C. Tag Control Information
D. Tag Protocol Identifier
E. Canonical Format Indicator
Correct Answer: D
QUESTION 85
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 86
When configuring a Virtual System interface leading to a Virtual Switch, the default Gateway must be: A. The IP address of the Virtual Switch.
B. The IP address of the Management Virtual System.
C. The IP address of a device outside the VSX Gateway.
D. Excluded. No default Gateway is used when passing traffic through a Virtual Switch.
E. Shared among all systems passing through the switch.
Correct Answer: C
QUESTION 87
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router
Correct Answer: A
QUESTION 88
When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Correct Answer: C
QUESTION 89
A __________ is a virtual security device configured on a VSX Gateway, which operates as a complete routing and security domain, with firewall and VPN capabilities.
A. Virtual Switch
B. Context Identification Module
C. Virtual System Extension
D. Virtual System
E. External Virtual Router
Correct Answer: D
QUESTION 90
When configuring Virtual Systems with overlapping IP addressing, the Virtual Systems must:
A. Be included in a VPN.
B. Be on the same network.
C. Perform Network Address Translation.
D. Perform in Bridge mode.
E. Define VLAN Tags.
Correct Answer: C QUESTION 91
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch
Correct Answer: E
QUESTION 92
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. config
B. cpconfig vsx
C. fwconfig
D. vsx sysconfig
E. sysconfig
Correct Answer: E
QUESTION 93
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF
Correct Answer: C
QUESTION 94
You need to provide a security layer for an existing core network. You need an inspection module that operates at layer 2, is completely transparent, and does not impact the existing IP structure or different control protocols in use. Which of the following virtual devices will perform the kind of inspection you need?
A. External Virtual Router
B. Virtual Switch
C. Virtual System in Bridge mode
D. Virtual System
E. Internal Virtual Router
Correct Answer: C
QUESTION 95
Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router performs exactly like an External Virtual Switch.
B. All traffic emanating from networks protected by the VSX Gateway is dropped. All other traffic is accepted.
C. All traffic passing through the External Virtual Router is allowed by default, without inspection by the External Virtual Router’s Security Policy.
D. All traffic bound for the management network is dropped.
E. Virtual Routers do not enforce a Security Policy.
Correct Answer: C
QUESTION 96
Which of the following commands should you run to stop a VSX Gateway cluster?
A. vsxhastop
B. vsx cpstop
C. cpstop
D. cphastop
E. vsxstop
Correct Answer: C
QUESTION 97
Which of the following elements is NOT maintained separately by each Virtual System on a VSX Gateway?
A. Configuration parameters
B. Management database
C. Logging parameters
D. Security Policies
E. State tables
Correct Answer: B
QUESTION 98
When configuring a Warp Link, what is the IP address that appears in the topology properties of the External Virtual Router?
A. 255.255.255.255
B. Either the IP address designated as the main IP for the Virtual System to which the link connects, or its Static Network Address Translation IP address
C. Always the IP address designated as the main IP, for the Virtual System to which the link connects
D. Same as the IP address of the External Virtual Router
E. 0.0.0.0
Correct Answer: E
QUESTION 99
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers
Correct Answer: A
QUESTION 100
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402
Correct Answer: C
QUESTION 101
When configuring a VLAN environment for your VSX Gateway, you must associate each VLAN with an interface and an IP address. Where is each VLAN setting configured?
A. System Interfaces tab of the VSX Gateway object
B. Add/Edit Interface screen, accessed from the Topology tab of the Virtual Router object
C. System Interfaces Allocation tab of the VSX Gateway object
D. Add/Edit Interface screen, accessed from the Topology tab of the Virtual System object
E. VLAN Configuration tab of the VSX Gateway object
Correct Answer: D
QUESTION 102
When deploying a VSX Gateway managed by a SmartCenter Server, how many Certificate Authorities will the deployment have?
A. One for each Virtual System and Virtual Router configured on the VSX Gateway
B. One, shared by all components
C. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers
D. One for each Virtual System configured on the VSX Gateway
E. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by the Virtual Routers
Correct Answer: B
QUESTION 103
Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS Manager station
B. MDS Container station
C. MDS VSX Integrator
D. MDS MLM
E. MDS SmartCenter for VSX
Correct Answer: B
QUESTION 104
Which of the following objects allows you to configure resource settings, to limit the number of concurrent connections?
A. Internal Virtual Router
B. Virtual Systems
C. Virtual Switch
D. External Virtual Router
E. VSX Gateway
Correct Answer: B
QUESTION 105
Where within the frame header is the VLAN Tag inserted?
A. Before Destination information
B. After Type/Length information
C. Before Source information
D. Before Type/Length information
E. Either before Type/Length information or after, depending on the Canonical Format Indicator setting
Correct Answer: D
QUESTION 106
Which two segments make up a VLAN Tag, following the standard IEEE format?
A. Tag Protocol Identifier and VLAN Identifier
B. Tag Protocol Identifier and Traffic Control Information
C. Canonical Format Indicator and Traffic Control Information
D. Traffic Control Information and VLAN Identifier
E. Canonical Format Indicator and Tag Protocol Identifier
Correct Answer: B
QUESTION 107
Which of the following VSX Gateway configurations is valid?
A. A shared NIC assigned to different Virtual Systems, with the same IP addresses on different VLANs
B. A shared NIC assigned to different Virtual Systems, with different IP addresses on the same VLAN
C. A shared NIC assigned to different Virtual Systems, with the same IP addresses on the same VLAN
D. Multiple NICs assigned the same IP addresses, for each Virtual System in the configuration, but with different VLAN Tags
E. Multiple NICs assigned to different Virtual Systems in Bridge Mode, performing Hide NAT
Correct Answer: A
QUESTION 108
A VSX cluster configuration is built from which three components?
A. Management Network, Internal Communications Network, Virtual IP Addresses
B. Synchronization Network, Internal Communications Network, Virtual IP Addresses
C. Management Network, Internal Virtual Network, Virtual IP Addresses
D. Synchronization Network, Internal Network, External Network
E. Synchronization Network, Virtual Network, External Network
Correct Answer: B
QUESTION 109
Which of the following is a type of VLAN membership?
A. Time-based
B. Application-based
C. Port-based
D. Session-based
E. Protocol-based
Correct Answer: E
QUESTION 110
A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Correct Answer: A
With the products Checkpoint 156-816 for training and preparation of testing you would not only significantly reduce your fees, but pass your exam. We obtain our products from Authorities experts from test center.We give you the best path to successful completion of your exam to the real and original exam questions and answers for Checkpoint 156-816.