Day: September 2, 2016
Welcome to download the newest Examwind 2V0-641 dumps:
Achieving the Cisco 642-384 certification is the goal of many IT & Network professionals. The passing rate of the Cisco 642-384 Test is incredibly low. The purpose of Flydumps Cisco 642-384 practice test is to promote Cisco 642-384 Certification. It’s surely not an easy task to do but doing the Cisco 642-384 Training by using our Cisco 642-384 exam sample questions will ensure and encourage that you can earn the Cisco 642-384 Certification. You don’t have to worry about passing your Cisco 642-384 exam or completing the latest Cisco 642-384 Exam Objectives anymore because Flydumps Cisco 642-384 exam sample questions do it all for you.
QUESTION 109
You are configuring a VLAN and the switch you are using requires that you do so within the VLAN database. Which command allows you to enter the VLAN database?
A. Switch#vlan database
B. Switch (config)# vlan database
C. Switch (config-if)# vlan database
D. Switch (vlan)# vlan database
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which two statements best describe the wireless core feature set using autonomous access points when implementing repeater topology? (Choose two.)
A. RF overlap between access points should be 10 to 15 percent with unique channels configured.
B. RF overlap between primary and repeater access points should be 10 to 15 percent with the same channel configured.
C. RF overlap between primary and repeater access points should be 50 percent with the same channel configured
D. RF overlap between primary and repeater access points should be 50 percent with unique channels configured.
E. Clients that are associated with the repeater access point will have 10 to 15 percent less data throughput than clients that are associated with the primary root access point.
F. Clients that are associated with the repeater access point will have 50 percent less data throughput than clients that are associated with the primary root access point
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
:Refer to the exhibit. The Cisco Aironet 802.1 la/b/g Wireless LAN Client Adapter has two LEDs. Which two LED states indicate that the card is associated to an access point and is working properly? (Choose two.)
A. green LED off; amber LED solid
B. green LED off; amber LED blinking sporadically
C. green LED blinking quickly: amber LED blinking quickly
D. green LED blinking slowly, amber LED blinking slowly
E. green LED blinking slowly; amber LED blinking quickly
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager configuration of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the sitE.to-site VPN between Router A and Router B. What is the mostly likely cause of this fault?
A. The IPSec and IKE encryption methods do not match. They all have to be either 3DES or AES.
B. Router A is using a standard IP ACL (100-149) while Router B is using a turbo ACL (150-199).
C. The D.H Group settings on the two routers are set to group 2. They must be set to group 1 for SHA. 1.
D. The IPSec policy map names on the two routers do not match. They must be the same on both routers.
E. The IPSec rules on the two routers are not permitting the correct interesting traffic
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1.
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 119
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation Explanation/Reference:
QUESTION 120
Which command can be used to verify that RIPv2 is running on a router?
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 123
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 127
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 128
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A and Router B. Given the debug output on Router A, which two statements are true? (Choose two.) Router A= debug eigrp packets . m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
Easiest way to get Cisco 642-384 certification is to log on to the Cisco 642-384 FLYDUMPS and purchase the Cisco 642-384 exam sample questions to do Cisco 642-384 exam questions and answers to obtain your Cisco 642-384 certification. FLYDUMPS Cisco 642-384 Exam is paired with Cisco 642-384 for use on simulator. To help with these preparations there are plenty of FLYDUMPS Cisco 642-384 exam sample questions available on the Internet that can dispel all these fears and nervousness. These Cisco 642-384 Exam Questions range from the official Cisco 642-384 Certification Training courses and official Cisco 642-384 Certification Self Study Training Guides from Cisco 642-384 Press, to the FLYDUMPS Cisco 642-384 exam sample questions.
Welcome to download the newest Examwind 2V0-641 dumps: http://www.examwind.com/2V0-641.html
http://www.maeeonline.org/isaca-cisa-practice-test-provide-latest-isaca-cisa-exam-demo-with-the-knowledge-and-skills/
Welcome to download the newest Examwind 642-384 dumps:
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials.
This Blog provides you everything you will need to take a certification examination and Exam Preparation Material. Like actual certification exams, our Practice Tests are in Flydumps Our Cisco 642-384 Exam will provide you with exam questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the Cisco 642-384 Exam:100% Guarantee to Pass Your Cisco 642-384 exam and get your EMC certification.
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
CORRECT TEXT
Refer to the exhibit. Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about what is displayed? (Choose two.) Answer: C, D
QUESTION 116
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
“Pass Any Exam. Any Time.” – www.actualtests.com 43 Cisco 642-384: Practice Exam
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 118
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about using Cisco Router and Security Device Manager (SDM) to configure the OSPF routing protocol? (Choose two.) Answer: B, E
QUESTION 119
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1. “Pass Any Exam. Any Time.” – www.actualtests.com 44 Cisco 642-384: Practice Exam
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 120
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 121
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which command can be used to verify that RIPv2 is running on a router?
“Pass Any Exam. Any Time.” – www.actualtests.com 45 Cisco 642-384: Practice Exam
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections. “Pass Any Exam. Any Time.” – www.actualtests.com 46 Cisco 642-384: Practice Exam
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 125
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 128
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 129
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about OSPF in a multiarea environment? (Choose two.) Answer: C, D
“Pass Any Exam. Any Time.” – www.actualtests.com 48 Cisco 642-384: Practice Exam
QUESTION 130
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 132
CORRECT TEXT Which three statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about the IEEE 802.3af Power over Ethernet standard? (Choose three.) Answer: A, C, E
QUESTION 133
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
“Pass Any Exam. Any Time.” – www.actualtests.com 49 Cisco 642-384: Practice Exam
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A
and Router B. Given the debug output on Router A, which two statements are true? (Choose two.)
Router A= debug eigrp packets
. m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B “Pass Any Exam. Any Time.” – www.actualtests.com 50 Cisco 642-384: Practice Exam
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Which command assigns a cost value of “17” to a switch port?
A. spanning-tree interfacefastethernet 5/8 17
B. spanning-treeportcost 17
C. spanning-treeportcost 17
D. spanning-treevlan 1 cost 17
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
You have configured and applied a Cisco IOS Firewall access rule to the inbound, untrusted interface. You suspect that the rule may be blocking necessary traffic onto the network. What must you do to delete that rule when using Cisco Router and Security Device Manager?
A. Select ACL Editor > Access Rules to delete the rule.
B. You must remove the association between the rule and the interface before deleting the rule
C. You must delete the associated access list on the interface, then reconfigure the access list as required, and then reapply the access group to the proper interface.
D. Go to the Edit Firewall Policy tab to delete the rule.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
A customer in Europe needs to establish an 11-Mbps wireless bridge link between two office buildings that are approximately 1.3 km apart. The wireless link will pass through a public park, which contains a lake that is surrounded by trees. You run the range calculation and determine that the Cisco Aironet 1300 Series Outdoor Access Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to establish or maintain a link.
What is needed to successfully complete this link?
A. An amplifier needs to be installed at one of the sites.
B. The antenna must be raised high enough to clear the trees
C. Lower loss cabling needs to be used to bring the EIRP into legal limits. “Pass Any Exam. Any Time.” – www.actualtests.com 51 Cisco 642-384: Practice Exam
D. Due to the trees, a 21-dBi dish needs to be used for its narrower beam width.
Correct Answer: B Section: (none) Explanation
Explanation/Reference
Cisco 642-384 Certification is indeed the top most qualification from FLYDUMPS, providing a string of highly qualified professionals to the industry. The exam board has a tough time maintaining a certain quality of professionalism in the industry and these examinations are a step towards elimination of third-class knowledge. The fact that FLYDUMPS knows does not make a difference. The Cisco 642-384 exam sample questions are made to introduce a change in IT for the better and change is what is coming to IT. It is well known that HP HP2-Z28 Certification exam test is the hot exam of Cisco 642-384 certification. FLYDUMPS offer you all the Q&A of the Cisco 642-384 real test. It is the examination of the perfect combination and it will help you pass Cisco 642-384 exam at the first time.
Welcome to download the newest Examwind 642-384 dumps: https://www.pass4itsure.com/642-384.html
http://www.maeeonline.org/hfma-chfp-dumps-sale-best-hfma-chfp-practice-test-sale/
Welcome to download the newest Examwind JN0-360 dumps:
Each Answers in CheckPoint 156-210 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.
QUESTION 127
As a firewall administrator you encounter the following you error message:
Authentication for command failed.
What is the most logical reasoning for thus type of error message?
A. The Rule Base has been corrupted.
B. The kernel cannot communicate with the management module.
C. The administrator does not have the ability to push the policy.
D. Remote encryption keys cannot be fetched.
E. Client authentication has failed.
Correct Answer: B
QUESTION 128
Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. Firewall load is a concern for the customer. Which authentication method does not result in any additional connections to the firewall?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: A
QUESTION 129
What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port?
A. Fwx_udp_todefaultextend.
B. Fwx_udp_expdefaultextend.
C. Fwx_udp_todefaultext
D. Fwx_udp_timeout.
E. Fwx_udp_expiration.
Correct Answer: D
QUESTION 130
To hide data filed in the log viewer:
A. Select Hide from the Log Viewer menu.
B. Right-click anywhere in a column of the Log Viewer GUI and select Show Details.
C. Right-click anywhere in the column of the Log Viewer GUI and select Disable.
D. Right-click anywhere in the column of the Log Viewer GUI and select Hide.
E. Select Hide from the Log Viewer tool bar.
Correct Answer: D
QUESTION 131
You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. This allows the firewall to simulate a TELNET Proxy. After you defined the user on the Firewall and use VPN-1/FireWall-1 Authentication, you would:
A. Stop the Firewall.
B. Restart the Firewall.
C. Start the Policy Editor and go to Manage service, and edit TELNET service.
D. Ensure that the Authentication method is enabled in the firewall object.
E. Ensure that there are no existing rules already allowing TELNET.
Correct Answer: D
QUESTION 132
You have the VPN-1/Firewall-1 NG product installed. The following Rule Base order correctly implements Implicit Client Authentication fort HTTP. No. SOURCE DESTINATION SERVICE ACTION 1 All *Any TCP ftp User Auth Users@localnet 2 All Users@localnet *Any TCP http User Auth
A. True
B. False
Correct Answer: B
QUESTION 133
What is the software package through which all Check Point products use infrastructure services?
A. Cpstart/cpstop.
B. Check Point Registry.
C. CPD
D. Watch Dog for critical services.
E. SVN Foundation.
Correct Answer: E
QUESTION 134
Choose the BEST response to finish this statement. A Firewall:
A. Prevents unauthorized to or from a secured network.
B. Prevents unauthorized to or from a unsecured network.
C. Prevents authorized access to or from an Intranet.
D. Prevents authorized access to or from an Internet.
E. Prevents macro viruses from infecting the network.
Correct Answer: A
QUESTION 135
Where is the external if file located in VPN1/Firewall-1 NG?
A. FWDIR conf directory.
B. Database directory.
C. State directory.
D. Temp Directory.
E. Not used in VPN1/Firewall-1 NG.
Correct Answer: E
QUESTION 136
Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation’s Chief Executive Officer?
A. Security Log.
B. Active Connections Log.
C. Accounting Log.
D. Administrative Log.
E. None of the above.
Correct Answer: E
QUESTION 137
When you select the alert radio button on the topology tab of the interface properties window:
A. The action specified in the Action element of the Rule Base is taken.
B. The action specified in the Anti-Spoofing Alert field in the Global properties window is taken.
C. The action specified in the Pop up Alter Command in the Global properties window is taken.
D. Both A and B.
E. Both B and C.
Correct Answer: E
QUESTION 138
You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a ‘!’ symbol in the status column. Which of the following is the most likely cause?
A. The destination object has been defined as external.
B. The Rule Base is unable to resolve the IP address.
C. The firewall has been halted.
D. The firewall is unprotected, no security policy is loaded.
E. Nothing is wrong.
Correct Answer: D
QUESTION 139
System Administrators use session authentication when they want users to:
A. Authenticate each time they use a supported service.
B. Authenticate all services.
C. Use only TENET, FTP, RLOGIN, and HTTP services.
D. Authenticate once, and then be able to use any service until logging off.
E. Both B and D
Correct Answer: B
QUESTION 140
Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. The customer requires an authentication scheme that provides transparency for the user and granular control for the administrator. User must also be able to log in from any location. Based on this information, which authentication schemes meets the customer’s needs?
A. Session
B. User
C. Client
D. Dual
E. Reverse
Correct Answer: B QUESTION 141
Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients.
A. True
B. False
Correct Answer: B QUESTION 142
The Enforcement Module (part if the VPN-1/FireWall-1 Module):
A. Examines all communications according to an Enterprise Security Policy.
B. Is installed on a host enforcement point.
C. Can provide authentication and Content Security features at the application level.
D. Us usually installed on a multi-homed machine.
E. All of the above.
Correct Answer: E QUESTION 143
In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except:
A. Clean up rules.
B. Implicit Riles.
C. Client Authentication Rules.
D. Pseudo Rules.
E. Default Rules.
Correct Answer: C QUESTION 144
If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced?
A. True
B. False
Correct Answer: A QUESTION 145
The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves.
A. True
B. False
Correct Answer: A
QUESTION 146
You can edit VPE objects before they are actualized (translated from virtual network objects to real).
A. True
B. False.
Correct Answer: B
QUESTION 147
Stateful inspection is a firewall technology introduced in Checkpoint VPN-1/Firewall-1 software. It is designed to meet which if the following security requirements?
1.
Scan information from all layers in the packet.
2.
Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it.
3.
Allow state information derived from other applications access through the firewall for authorized services only, such as previously authenticated users.
4.
Evaluate and manipulate flexible expressions based on communication and application derived state information.
A. 1, 2, 3
B. 1, 3, 4
C. 1, 2, 4
D. 2, 3, 4
E. 1, 2, 3, 4
Correct Answer: E
QUESTION 148
If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu.
A. True
B. False
Correct Answer: A
QUESTION 149
NAT can NOT be configured on which of the objects?
A. Hosts
B. Gateways
C. Networks
D. Users
E. Routers
Correct Answer: D
QUESTION 150
Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. Which is the best method of authentication for users who must use specific computers for Internet access?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: C
QUESTION 151
Which of the following describes the behavior of VPN-1/Firewall-1 NG?
A. Traffic not expressly prohibited is permitted.
B. Traffic not expressly permitted is prohibited.
C. TELNET, SMTP and HTTP are allowed by default.
D. Secure connections are authorized by default, unsecured connections are not.
E. All traffic is controlled by explicit rules.
Correct Answer: B
QUESTION 152
New users are created from templates. What is the name of the standard template from which you would create a new user?
A. New
B. User
C. Group
D. Standard User.
E. Default
Correct Answer: E
QUESTION 153
In a distributed management environment, the firewall administrator has removed the default check from Accept VPN-1/Firewall-1 control connections under the Security Policy tab of the properties setup dialogue box. In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port?
A. 80
B. 256
C. 259
D. 900
E. 23
Correct Answer: B
QUESTION 154
What is the command for installing a Security Policy from a *.W file?
A. Fw gen and then the name of the .W file.
B. Fw load and then the name of .W file.
C. Fw regen and then the name of the .W file.
D. Fw reload and then the directory location of the .W file.
E. Fw import and then the name of the .W file.
Correct Answer: B
QUESTION 155
In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges. This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change network object, and create and install rules.
A. True
B. False
Correct Answer: B QUESTION 156
Hybrid Authentication allows VPN-1/Firewall-1 NG to authenticate SecuRemote/SecureClient, using which of the following?
A. RADIUS
B. 3DES
C. TACACS
D. Any authentication method supported by VPN-1/Firewall-1.
E. Both A and C.
Correct Answer: D QUESTION 157
In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall?
A. Fw unload all all.
B. Fw load new.
C. Cp clear policy.
D. None of the above, the command cp policy remove is issued from the manager.
E. None of the above, the new policy will automatically overwrite the existing policy.
Correct Answer: E QUESTION 158
As a firewall administrator if you want to log packets dropped by “implicit drop anything not covered” rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base.
A. True
B. False
Correct Answer: A QUESTION 159
Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not.
A. True
B. False
Correct Answer: A QUESTION 160
VPN-1/Firewall-1 NG differs from Packet filtering and Application Layer Gateways, because?
A. VPN-1/Firewall-1 NG provides only minimal logging and altering mechanism.
B. VPN-1/Firewal-1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model.
C. VPN-1/Firewall-1 NG has access to a limited part of the packet header only.
D. VPN-1/Firewall-1NG requires a connection from a client to a firewall and firewall to a server.
E. VPN-1/Firewall-1 NG has access to packets passing through key locations in a network.
Correct Answer: B
QUESTION 161
AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Firewall. The Firewall administrator for AlphaBravo has noticed that policy installation takes significantly longer since adding all 72 internal networks to the address translation rule. What should the Firewall administrator do to reduce the time it takes to install a policy?
A. Create an object for the entire 10-net and use the object for the translation rule instead of the individual network objects.
B. Use automatic NAT rule creation on each network object. Hide the network behind the firewall’s external IP addresses.
C. Match packets to the state table, so packets are not dropped. Increase the size of the NAT tables.
D. Reinstall the Firewall and Security Policy Editor. The policy is corrupting Firewall’s binaries.
E. Increase the size of state table. Use automatic NAT rule creation to hide the networks behind an IP address other than firewall’s external IP.
Correct Answer: A
QUESTION 162
How does VPN-1/Firewall-1 NG implement Transparent authentication?
A. Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway.
B. VPN-1/Firewall-1 NG prompts for user names even through the authentication data may not be recognized by the firewall’s user database.
C. VPN-1/Firewall-1 NG allows connections, but hides the firewall from authenticated users.
D. Unknown users error messages indicating that the host does not know the users names on the server.
E. VPN-1/Firewall-1 NG does not allow connections from users who do not know the name of the firewall.
Correct Answer: C
QUESTION 163
When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules.
A. True
B. False
Correct Answer: B
QUESTION 164
A connection initiated by the client in the figure below will be hidden behind the IP address of the interface
through which the connection was routed on the server side if the gateway (behind either interface 2 or
interface 3). Specifying 0.0.0.0 as the address is convenient because of network address translation (NAT)
is performed dynamically. And if the IP addresses of the gateway are changed, it is not necessary to
reconfigure the NAT parameters.
Which of the following is true about the following figure?
A. A connection initiated by the client will be hidden behind the IP address of the exit interface.
B. A connection initiated by the server will be hidden behind the IP address of the exit interface.
C. A connection initiated by the server will be hidden by the IP address of the client.
D. Source addresses of outbound packets from the client will be translated to 0.0.0.0.
E. Source addresses of outbound packets from the server will be translated to 0.0.0.0.
Correct Answer: A QUESTION 165
Which if the following statements about Client Authentication are FALSE?
A. In contrast to User Authentication, which allows access per user, Client Authentication allows access per ID address.
B. Authentication is by user name and password, but is the host machine (client) that is granted access.
C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host.
D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication.
Correct Answer: C QUESTION 166
When you make a rule, the rule is not enforces as part of your Security Policy.
A. True
B. False
Correct Answer: B QUESTION 167
Which of the following user actions would you insert as an INTERNAL Authentication scheme?
A. The user enters the security dynamics passcode.
B. The user prompted for a response from the RADIUS server.
C. The user prompted for a response from the AXENT server.
D. The user prompted for a response from the TACACS server.
E. The user enters an operating system account password.
Correct Answer: E QUESTION 168
When configuring Static NAT, you cannot map the routable IP address to the external IP address of the Firewall if attempted, the security policy installation fails with the following error “rule X conflicts with rule Y”.
A. True
B. False
Correct Answer: A QUESTION 169
The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time.
A. True
B. False Correct Answer: B QUESTION 170
You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. Which of the following is the most likely cause?
A. Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask.
B. Spoofing on the external interface is set to Not Defined.
C. You do NOT have a rule that allows HTTP access to the internal Web Server.
D. You do NOT have a rule that allows HTTP from the Web Server to Any destination.
E. None of the above.
Correct Answer: C QUESTION 171
As a firewall administrator, you are required to create VPN-1/Firewall-1 users for authentication. When you create a user for user authentication, the data is stored in the?
A. Inspect Engine.
B. Rule base.
C. Users database
D. Rulebase fws file
E. Inspect module.
Correct Answer: C QUESTION 172
If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong.
A. True
B. False
Correct Answer: A QUESTION 173
The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base.
A. True
B. False
Correct Answer: B QUESTION 174
When you perform a cp fetch, what can you expect from this command?
A. Firewall retrieves the user database from the tables on the Management Module.
B. Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel.
C. Management module retrieves the IP address of the target specified in the command.
D. Management module retrieves the interface information for the target specified in the command.
E. None of the above.
Correct Answer: B QUESTION 175
Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________.
A. A request.
B. A response to a request.
C. Source routed.
D. Allowed by the Rule Base.
E. Both B and D.
Correct Answer: E
QUESTION 176
Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT showing any TCP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 330 Seconds.
D. 660 Seconds.
E. 3600 Seconds.
Correct Answer: E
Buying all CheckPoint 156-210 exam sample questions can guarantee you to pass your first CheckPoint 156-210 exam. If you do not pass the exam,FLYDUMPS will full refund to you. You can also free online download the part of FLYDUMPS’s CheckPoint 156-210 exam practice questions and answers as a try. After your understanding of our reliability, I believe you will quickly add FLYDUMPS’s CheckPoint 156-210 exam sample questions to your cart. FLYDUMPS will achieve your dream. FLYDUMPS is a website to achieve dreams of many IT people. FLYDUMPS provide candidates participating in the IT certification exams the information they want to help them pass the CheckPoint 156-210 exam.
Welcome to download the newest Examwind JN0-360 dumps: http://www.examwind.com/jn0-360.html
http://www.maeeonline.org/sap-c-hanatec-1-preparation-materials-provides-best-sap-c-hanatec-1-test-engine-with-100-pass-rate/