Author: newcertskey
Welcome to download the newest Examwind 2V0-641 dumps:
Achieving the Cisco 642-384 certification is the goal of many IT & Network professionals. The passing rate of the Cisco 642-384 Test is incredibly low. The purpose of Flydumps Cisco 642-384 practice test is to promote Cisco 642-384 Certification. It’s surely not an easy task to do but doing the Cisco 642-384 Training by using our Cisco 642-384 exam sample questions will ensure and encourage that you can earn the Cisco 642-384 Certification. You don’t have to worry about passing your Cisco 642-384 exam or completing the latest Cisco 642-384 Exam Objectives anymore because Flydumps Cisco 642-384 exam sample questions do it all for you.
QUESTION 109
You are configuring a VLAN and the switch you are using requires that you do so within the VLAN database. Which command allows you to enter the VLAN database?
A. Switch#vlan database
B. Switch (config)# vlan database
C. Switch (config-if)# vlan database
D. Switch (vlan)# vlan database
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which two statements best describe the wireless core feature set using autonomous access points when implementing repeater topology? (Choose two.)
A. RF overlap between access points should be 10 to 15 percent with unique channels configured.
B. RF overlap between primary and repeater access points should be 10 to 15 percent with the same channel configured.
C. RF overlap between primary and repeater access points should be 50 percent with the same channel configured
D. RF overlap between primary and repeater access points should be 50 percent with unique channels configured.
E. Clients that are associated with the repeater access point will have 10 to 15 percent less data throughput than clients that are associated with the primary root access point.
F. Clients that are associated with the repeater access point will have 50 percent less data throughput than clients that are associated with the primary root access point
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
:Refer to the exhibit. The Cisco Aironet 802.1 la/b/g Wireless LAN Client Adapter has two LEDs. Which two LED states indicate that the card is associated to an access point and is working properly? (Choose two.)
A. green LED off; amber LED solid
B. green LED off; amber LED blinking sporadically
C. green LED blinking quickly: amber LED blinking quickly
D. green LED blinking slowly, amber LED blinking slowly
E. green LED blinking slowly; amber LED blinking quickly
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager configuration of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the sitE.to-site VPN between Router A and Router B. What is the mostly likely cause of this fault?
A. The IPSec and IKE encryption methods do not match. They all have to be either 3DES or AES.
B. Router A is using a standard IP ACL (100-149) while Router B is using a turbo ACL (150-199).
C. The D.H Group settings on the two routers are set to group 2. They must be set to group 1 for SHA. 1.
D. The IPSec policy map names on the two routers do not match. They must be the same on both routers.
E. The IPSec rules on the two routers are not permitting the correct interesting traffic
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1.
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 119
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation Explanation/Reference:
QUESTION 120
Which command can be used to verify that RIPv2 is running on a router?
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 123
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 127
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 128
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A and Router B. Given the debug output on Router A, which two statements are true? (Choose two.) Router A= debug eigrp packets . m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
Easiest way to get Cisco 642-384 certification is to log on to the Cisco 642-384 FLYDUMPS and purchase the Cisco 642-384 exam sample questions to do Cisco 642-384 exam questions and answers to obtain your Cisco 642-384 certification. FLYDUMPS Cisco 642-384 Exam is paired with Cisco 642-384 for use on simulator. To help with these preparations there are plenty of FLYDUMPS Cisco 642-384 exam sample questions available on the Internet that can dispel all these fears and nervousness. These Cisco 642-384 Exam Questions range from the official Cisco 642-384 Certification Training courses and official Cisco 642-384 Certification Self Study Training Guides from Cisco 642-384 Press, to the FLYDUMPS Cisco 642-384 exam sample questions.
Welcome to download the newest Examwind 2V0-641 dumps: http://www.examwind.com/2V0-641.html
http://www.maeeonline.org/isaca-cisa-practice-test-provide-latest-isaca-cisa-exam-demo-with-the-knowledge-and-skills/
Welcome to download the newest Examwind 642-384 dumps:
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials.
This Blog provides you everything you will need to take a certification examination and Exam Preparation Material. Like actual certification exams, our Practice Tests are in Flydumps Our Cisco 642-384 Exam will provide you with exam questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the Cisco 642-384 Exam:100% Guarantee to Pass Your Cisco 642-384 exam and get your EMC certification.
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
CORRECT TEXT
Refer to the exhibit. Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about what is displayed? (Choose two.) Answer: C, D
QUESTION 116
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
“Pass Any Exam. Any Time.” – www.actualtests.com 43 Cisco 642-384: Practice Exam
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 118
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about using Cisco Router and Security Device Manager (SDM) to configure the OSPF routing protocol? (Choose two.) Answer: B, E
QUESTION 119
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1. “Pass Any Exam. Any Time.” – www.actualtests.com 44 Cisco 642-384: Practice Exam
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 120
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 121
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which command can be used to verify that RIPv2 is running on a router?
“Pass Any Exam. Any Time.” – www.actualtests.com 45 Cisco 642-384: Practice Exam
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections. “Pass Any Exam. Any Time.” – www.actualtests.com 46 Cisco 642-384: Practice Exam
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 125
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 128
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 129
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about OSPF in a multiarea environment? (Choose two.) Answer: C, D
“Pass Any Exam. Any Time.” – www.actualtests.com 48 Cisco 642-384: Practice Exam
QUESTION 130
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 132
CORRECT TEXT Which three statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about the IEEE 802.3af Power over Ethernet standard? (Choose three.) Answer: A, C, E
QUESTION 133
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
“Pass Any Exam. Any Time.” – www.actualtests.com 49 Cisco 642-384: Practice Exam
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A
and Router B. Given the debug output on Router A, which two statements are true? (Choose two.)
Router A= debug eigrp packets
. m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B “Pass Any Exam. Any Time.” – www.actualtests.com 50 Cisco 642-384: Practice Exam
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Which command assigns a cost value of “17” to a switch port?
A. spanning-tree interfacefastethernet 5/8 17
B. spanning-treeportcost 17
C. spanning-treeportcost 17
D. spanning-treevlan 1 cost 17
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
You have configured and applied a Cisco IOS Firewall access rule to the inbound, untrusted interface. You suspect that the rule may be blocking necessary traffic onto the network. What must you do to delete that rule when using Cisco Router and Security Device Manager?
A. Select ACL Editor > Access Rules to delete the rule.
B. You must remove the association between the rule and the interface before deleting the rule
C. You must delete the associated access list on the interface, then reconfigure the access list as required, and then reapply the access group to the proper interface.
D. Go to the Edit Firewall Policy tab to delete the rule.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
A customer in Europe needs to establish an 11-Mbps wireless bridge link between two office buildings that are approximately 1.3 km apart. The wireless link will pass through a public park, which contains a lake that is surrounded by trees. You run the range calculation and determine that the Cisco Aironet 1300 Series Outdoor Access Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to establish or maintain a link.
What is needed to successfully complete this link?
A. An amplifier needs to be installed at one of the sites.
B. The antenna must be raised high enough to clear the trees
C. Lower loss cabling needs to be used to bring the EIRP into legal limits. “Pass Any Exam. Any Time.” – www.actualtests.com 51 Cisco 642-384: Practice Exam
D. Due to the trees, a 21-dBi dish needs to be used for its narrower beam width.
Correct Answer: B Section: (none) Explanation
Explanation/Reference
Cisco 642-384 Certification is indeed the top most qualification from FLYDUMPS, providing a string of highly qualified professionals to the industry. The exam board has a tough time maintaining a certain quality of professionalism in the industry and these examinations are a step towards elimination of third-class knowledge. The fact that FLYDUMPS knows does not make a difference. The Cisco 642-384 exam sample questions are made to introduce a change in IT for the better and change is what is coming to IT. It is well known that HP HP2-Z28 Certification exam test is the hot exam of Cisco 642-384 certification. FLYDUMPS offer you all the Q&A of the Cisco 642-384 real test. It is the examination of the perfect combination and it will help you pass Cisco 642-384 exam at the first time.
Welcome to download the newest Examwind 642-384 dumps: https://www.pass4itsure.com/642-384.html
http://www.maeeonline.org/hfma-chfp-dumps-sale-best-hfma-chfp-practice-test-sale/
Welcome to download the newest Examwind JN0-360 dumps:
Each Answers in CheckPoint 156-210 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.
QUESTION 127
As a firewall administrator you encounter the following you error message:
Authentication for command failed.
What is the most logical reasoning for thus type of error message?
A. The Rule Base has been corrupted.
B. The kernel cannot communicate with the management module.
C. The administrator does not have the ability to push the policy.
D. Remote encryption keys cannot be fetched.
E. Client authentication has failed.
Correct Answer: B
QUESTION 128
Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. Firewall load is a concern for the customer. Which authentication method does not result in any additional connections to the firewall?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: A
QUESTION 129
What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port?
A. Fwx_udp_todefaultextend.
B. Fwx_udp_expdefaultextend.
C. Fwx_udp_todefaultext
D. Fwx_udp_timeout.
E. Fwx_udp_expiration.
Correct Answer: D
QUESTION 130
To hide data filed in the log viewer:
A. Select Hide from the Log Viewer menu.
B. Right-click anywhere in a column of the Log Viewer GUI and select Show Details.
C. Right-click anywhere in the column of the Log Viewer GUI and select Disable.
D. Right-click anywhere in the column of the Log Viewer GUI and select Hide.
E. Select Hide from the Log Viewer tool bar.
Correct Answer: D
QUESTION 131
You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. This allows the firewall to simulate a TELNET Proxy. After you defined the user on the Firewall and use VPN-1/FireWall-1 Authentication, you would:
A. Stop the Firewall.
B. Restart the Firewall.
C. Start the Policy Editor and go to Manage service, and edit TELNET service.
D. Ensure that the Authentication method is enabled in the firewall object.
E. Ensure that there are no existing rules already allowing TELNET.
Correct Answer: D
QUESTION 132
You have the VPN-1/Firewall-1 NG product installed. The following Rule Base order correctly implements Implicit Client Authentication fort HTTP. No. SOURCE DESTINATION SERVICE ACTION 1 All *Any TCP ftp User Auth Users@localnet 2 All Users@localnet *Any TCP http User Auth
A. True
B. False
Correct Answer: B
QUESTION 133
What is the software package through which all Check Point products use infrastructure services?
A. Cpstart/cpstop.
B. Check Point Registry.
C. CPD
D. Watch Dog for critical services.
E. SVN Foundation.
Correct Answer: E
QUESTION 134
Choose the BEST response to finish this statement. A Firewall:
A. Prevents unauthorized to or from a secured network.
B. Prevents unauthorized to or from a unsecured network.
C. Prevents authorized access to or from an Intranet.
D. Prevents authorized access to or from an Internet.
E. Prevents macro viruses from infecting the network.
Correct Answer: A
QUESTION 135
Where is the external if file located in VPN1/Firewall-1 NG?
A. FWDIR conf directory.
B. Database directory.
C. State directory.
D. Temp Directory.
E. Not used in VPN1/Firewall-1 NG.
Correct Answer: E
QUESTION 136
Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation’s Chief Executive Officer?
A. Security Log.
B. Active Connections Log.
C. Accounting Log.
D. Administrative Log.
E. None of the above.
Correct Answer: E
QUESTION 137
When you select the alert radio button on the topology tab of the interface properties window:
A. The action specified in the Action element of the Rule Base is taken.
B. The action specified in the Anti-Spoofing Alert field in the Global properties window is taken.
C. The action specified in the Pop up Alter Command in the Global properties window is taken.
D. Both A and B.
E. Both B and C.
Correct Answer: E
QUESTION 138
You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a ‘!’ symbol in the status column. Which of the following is the most likely cause?
A. The destination object has been defined as external.
B. The Rule Base is unable to resolve the IP address.
C. The firewall has been halted.
D. The firewall is unprotected, no security policy is loaded.
E. Nothing is wrong.
Correct Answer: D
QUESTION 139
System Administrators use session authentication when they want users to:
A. Authenticate each time they use a supported service.
B. Authenticate all services.
C. Use only TENET, FTP, RLOGIN, and HTTP services.
D. Authenticate once, and then be able to use any service until logging off.
E. Both B and D
Correct Answer: B
QUESTION 140
Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. The customer requires an authentication scheme that provides transparency for the user and granular control for the administrator. User must also be able to log in from any location. Based on this information, which authentication schemes meets the customer’s needs?
A. Session
B. User
C. Client
D. Dual
E. Reverse
Correct Answer: B QUESTION 141
Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients.
A. True
B. False
Correct Answer: B QUESTION 142
The Enforcement Module (part if the VPN-1/FireWall-1 Module):
A. Examines all communications according to an Enterprise Security Policy.
B. Is installed on a host enforcement point.
C. Can provide authentication and Content Security features at the application level.
D. Us usually installed on a multi-homed machine.
E. All of the above.
Correct Answer: E QUESTION 143
In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except:
A. Clean up rules.
B. Implicit Riles.
C. Client Authentication Rules.
D. Pseudo Rules.
E. Default Rules.
Correct Answer: C QUESTION 144
If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced?
A. True
B. False
Correct Answer: A QUESTION 145
The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves.
A. True
B. False
Correct Answer: A
QUESTION 146
You can edit VPE objects before they are actualized (translated from virtual network objects to real).
A. True
B. False.
Correct Answer: B
QUESTION 147
Stateful inspection is a firewall technology introduced in Checkpoint VPN-1/Firewall-1 software. It is designed to meet which if the following security requirements?
1.
Scan information from all layers in the packet.
2.
Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it.
3.
Allow state information derived from other applications access through the firewall for authorized services only, such as previously authenticated users.
4.
Evaluate and manipulate flexible expressions based on communication and application derived state information.
A. 1, 2, 3
B. 1, 3, 4
C. 1, 2, 4
D. 2, 3, 4
E. 1, 2, 3, 4
Correct Answer: E
QUESTION 148
If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu.
A. True
B. False
Correct Answer: A
QUESTION 149
NAT can NOT be configured on which of the objects?
A. Hosts
B. Gateways
C. Networks
D. Users
E. Routers
Correct Answer: D
QUESTION 150
Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. Which is the best method of authentication for users who must use specific computers for Internet access?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: C
QUESTION 151
Which of the following describes the behavior of VPN-1/Firewall-1 NG?
A. Traffic not expressly prohibited is permitted.
B. Traffic not expressly permitted is prohibited.
C. TELNET, SMTP and HTTP are allowed by default.
D. Secure connections are authorized by default, unsecured connections are not.
E. All traffic is controlled by explicit rules.
Correct Answer: B
QUESTION 152
New users are created from templates. What is the name of the standard template from which you would create a new user?
A. New
B. User
C. Group
D. Standard User.
E. Default
Correct Answer: E
QUESTION 153
In a distributed management environment, the firewall administrator has removed the default check from Accept VPN-1/Firewall-1 control connections under the Security Policy tab of the properties setup dialogue box. In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port?
A. 80
B. 256
C. 259
D. 900
E. 23
Correct Answer: B
QUESTION 154
What is the command for installing a Security Policy from a *.W file?
A. Fw gen and then the name of the .W file.
B. Fw load and then the name of .W file.
C. Fw regen and then the name of the .W file.
D. Fw reload and then the directory location of the .W file.
E. Fw import and then the name of the .W file.
Correct Answer: B
QUESTION 155
In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges. This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change network object, and create and install rules.
A. True
B. False
Correct Answer: B QUESTION 156
Hybrid Authentication allows VPN-1/Firewall-1 NG to authenticate SecuRemote/SecureClient, using which of the following?
A. RADIUS
B. 3DES
C. TACACS
D. Any authentication method supported by VPN-1/Firewall-1.
E. Both A and C.
Correct Answer: D QUESTION 157
In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall?
A. Fw unload all all.
B. Fw load new.
C. Cp clear policy.
D. None of the above, the command cp policy remove is issued from the manager.
E. None of the above, the new policy will automatically overwrite the existing policy.
Correct Answer: E QUESTION 158
As a firewall administrator if you want to log packets dropped by “implicit drop anything not covered” rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base.
A. True
B. False
Correct Answer: A QUESTION 159
Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not.
A. True
B. False
Correct Answer: A QUESTION 160
VPN-1/Firewall-1 NG differs from Packet filtering and Application Layer Gateways, because?
A. VPN-1/Firewall-1 NG provides only minimal logging and altering mechanism.
B. VPN-1/Firewal-1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model.
C. VPN-1/Firewall-1 NG has access to a limited part of the packet header only.
D. VPN-1/Firewall-1NG requires a connection from a client to a firewall and firewall to a server.
E. VPN-1/Firewall-1 NG has access to packets passing through key locations in a network.
Correct Answer: B
QUESTION 161
AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Firewall. The Firewall administrator for AlphaBravo has noticed that policy installation takes significantly longer since adding all 72 internal networks to the address translation rule. What should the Firewall administrator do to reduce the time it takes to install a policy?
A. Create an object for the entire 10-net and use the object for the translation rule instead of the individual network objects.
B. Use automatic NAT rule creation on each network object. Hide the network behind the firewall’s external IP addresses.
C. Match packets to the state table, so packets are not dropped. Increase the size of the NAT tables.
D. Reinstall the Firewall and Security Policy Editor. The policy is corrupting Firewall’s binaries.
E. Increase the size of state table. Use automatic NAT rule creation to hide the networks behind an IP address other than firewall’s external IP.
Correct Answer: A
QUESTION 162
How does VPN-1/Firewall-1 NG implement Transparent authentication?
A. Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway.
B. VPN-1/Firewall-1 NG prompts for user names even through the authentication data may not be recognized by the firewall’s user database.
C. VPN-1/Firewall-1 NG allows connections, but hides the firewall from authenticated users.
D. Unknown users error messages indicating that the host does not know the users names on the server.
E. VPN-1/Firewall-1 NG does not allow connections from users who do not know the name of the firewall.
Correct Answer: C
QUESTION 163
When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules.
A. True
B. False
Correct Answer: B
QUESTION 164
A connection initiated by the client in the figure below will be hidden behind the IP address of the interface
through which the connection was routed on the server side if the gateway (behind either interface 2 or
interface 3). Specifying 0.0.0.0 as the address is convenient because of network address translation (NAT)
is performed dynamically. And if the IP addresses of the gateway are changed, it is not necessary to
reconfigure the NAT parameters.
Which of the following is true about the following figure?
A. A connection initiated by the client will be hidden behind the IP address of the exit interface.
B. A connection initiated by the server will be hidden behind the IP address of the exit interface.
C. A connection initiated by the server will be hidden by the IP address of the client.
D. Source addresses of outbound packets from the client will be translated to 0.0.0.0.
E. Source addresses of outbound packets from the server will be translated to 0.0.0.0.
Correct Answer: A QUESTION 165
Which if the following statements about Client Authentication are FALSE?
A. In contrast to User Authentication, which allows access per user, Client Authentication allows access per ID address.
B. Authentication is by user name and password, but is the host machine (client) that is granted access.
C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host.
D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication.
Correct Answer: C QUESTION 166
When you make a rule, the rule is not enforces as part of your Security Policy.
A. True
B. False
Correct Answer: B QUESTION 167
Which of the following user actions would you insert as an INTERNAL Authentication scheme?
A. The user enters the security dynamics passcode.
B. The user prompted for a response from the RADIUS server.
C. The user prompted for a response from the AXENT server.
D. The user prompted for a response from the TACACS server.
E. The user enters an operating system account password.
Correct Answer: E QUESTION 168
When configuring Static NAT, you cannot map the routable IP address to the external IP address of the Firewall if attempted, the security policy installation fails with the following error “rule X conflicts with rule Y”.
A. True
B. False
Correct Answer: A QUESTION 169
The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time.
A. True
B. False Correct Answer: B QUESTION 170
You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. Which of the following is the most likely cause?
A. Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask.
B. Spoofing on the external interface is set to Not Defined.
C. You do NOT have a rule that allows HTTP access to the internal Web Server.
D. You do NOT have a rule that allows HTTP from the Web Server to Any destination.
E. None of the above.
Correct Answer: C QUESTION 171
As a firewall administrator, you are required to create VPN-1/Firewall-1 users for authentication. When you create a user for user authentication, the data is stored in the?
A. Inspect Engine.
B. Rule base.
C. Users database
D. Rulebase fws file
E. Inspect module.
Correct Answer: C QUESTION 172
If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong.
A. True
B. False
Correct Answer: A QUESTION 173
The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base.
A. True
B. False
Correct Answer: B QUESTION 174
When you perform a cp fetch, what can you expect from this command?
A. Firewall retrieves the user database from the tables on the Management Module.
B. Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel.
C. Management module retrieves the IP address of the target specified in the command.
D. Management module retrieves the interface information for the target specified in the command.
E. None of the above.
Correct Answer: B QUESTION 175
Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________.
A. A request.
B. A response to a request.
C. Source routed.
D. Allowed by the Rule Base.
E. Both B and D.
Correct Answer: E
QUESTION 176
Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT showing any TCP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 330 Seconds.
D. 660 Seconds.
E. 3600 Seconds.
Correct Answer: E
Buying all CheckPoint 156-210 exam sample questions can guarantee you to pass your first CheckPoint 156-210 exam. If you do not pass the exam,FLYDUMPS will full refund to you. You can also free online download the part of FLYDUMPS’s CheckPoint 156-210 exam practice questions and answers as a try. After your understanding of our reliability, I believe you will quickly add FLYDUMPS’s CheckPoint 156-210 exam sample questions to your cart. FLYDUMPS will achieve your dream. FLYDUMPS is a website to achieve dreams of many IT people. FLYDUMPS provide candidates participating in the IT certification exams the information they want to help them pass the CheckPoint 156-210 exam.
Welcome to download the newest Examwind JN0-360 dumps: http://www.examwind.com/jn0-360.html
http://www.maeeonline.org/sap-c-hanatec-1-preparation-materials-provides-best-sap-c-hanatec-1-test-engine-with-100-pass-rate/
Welcome to download the newest Examwind 700-505 dumps:
Flydumps offers the first-hand Cisco 642-812 exam real questions and answers, by train the latest Cisco 642-812 PDF and VCE dumps,you will well prepare for the Cisco 642-812 exam. Visit Flydumps.com to get free new version for training.
QUESTION 156
Given the following configuration on a switch interface, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port? switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002 switchport port-security violation shutdown
A. The port will shut down.
B. The host will be allowed to connect. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
C. The host will be refused access.
D. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 157
In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Choose three.)
A. STP
B. CDP
C. EAP MD5
D. TACACS+
E. EAP-over-LAN
F. protocols not filtered by an ACL
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 158
When you issue a command show port 3/1 on an Ethernet port, you observe the Giants column has a non-zero entry. What could cause this?
A. IEEE 802.1Q
B. IEEE 802.10
C. misconfigured NIC
D. user configuration
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which VTP information does a Catalyst switch advertise on its trunk ports when using VTP? (Choose two.)
A. VTP mode
B. STP root status
C. negotiation status
D. management domain
E. configuration revision number
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 160
What are two benefits provided in VTP Version 2 but NOT in VTP Version 1? (Choose two.)
A. supports Token Ring VLANs
B. allows VLAN consistency checks
C. saves VLAN configuration memory
D. reduces the amount of configuration necessary
E. allows active redundant links when used with spanning tree
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 161
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two.)
A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Refer to the exhibit. PCs in VLAN 2 are not able to communicate with PCs in VLAN 3. What could be
the cause?
A. IP routing is not enabled.
B. VTP is not configured correctly on the interfaces.
C. The command mls rp management-interface is missing.
D. The command mls rp ip must be disabled to enable the routing.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which three statements are true of the Link Aggregation Control Protocol (LACP)? (Choose three.)
A. LACP is used to connect to non-Cisco devices.
B. LACP packets are sent with the command channel-group 1 mode desirable.
C. LACP packets are sent with the command channel-group 1 mode active.
D. Standby interfaces should be configured with a higher priority.
E. Standby interfaces should be configured with a lower priority.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 164
Refer to the exhibit. A workstation PC is connected to the Cisco IP phone access port. Based on the
configuration in the exhibit, how will the traffic be managed?
A. The IP phone access port will override the priority of the frames received from the PC.
B. The IP phone access port will trust the priority of the frames received from the PC.
C. The switch port Fa0/4 will override the priority of the frames received from the PC.
D. The switch port Fa0/4 will trust the priority for the frames received from the PC.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Refer to the exhibit. A trunk link is connected between switch A_SW and switch D_SW. Based on the
configuration shown in the exhibit, how would the traffic coming from the switch A_SW be managed?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames coming from the IP phone.
B. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames received on the IP phone.
C. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames coming from port Fa0/1 on A_SW.
D. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the A_SW switch port Fa0/4.
E. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the IP phone port.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 166
Which option correctly identifies the Cisco IOS switching methods in descending order from the fastest
method to the slowest method?
A. CEF, distributed CEF (dCEF), fast switching, process switching
B. distributed CEF (dCEF), CEF, fast switching, process switching
C. fast switching, process switching, distributed CEF (dCEF), CEF
D. process switching, fast switching, distributed CEF (dCEF), CEF
E. process switching, distributed CEF (dCEF), CEF, fast switching
F. process switching, CEF, distributed CEF (dCEF), fast switching TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 167
What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not
receive a BPDU from its neighbor for three consecutive hello time intervals?
A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state.
D. The port becomes a normal spanning tree port.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Refer to the exhibit. Why does the trust state of interface FastEthernet 0/3 show “not trusted”?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. DSCP map needs to be configured for VOIP.
B. ToS has not been configured.
C. ToS has been misconfigured.
D. The command mls qos needs to be turned on in global configuration mode.
E. There is not a Cisco Phone attached to the interface.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 169
What two things will occur when an edge port receives a BPDU? (Choose two.)
A. The port immediately transitions to the Forwarding state.
B. The switch generates a Topology Change Notification (TCN) BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 170
What two pieces of information will the show vlan id 5 command display? (Choose two.)
A. VLAN information on port 0/5
B. ports in VLAN 5
C. MTU and type
D. utilization
E. filters
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 171
Based on the network diagram and routing table output in the exhibit, which of these statements is
true?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B. InterVLAN routing will not occur since no routing protocol has been configured.
C. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 172
What is the default VTP advertisement for subset advertisements in Catalyst switches that are in server or client mode?
A. 5 seconds
B. 10 seconds
C. 30 seconds
D. 1 minute
E. 5 minutes
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 173
Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP
are true? (Choose three.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 174
16.11.111.
A. The IP address 172.16.11.115 is the virtual HSRP IP address.
B. The router with IP address 172.16.11.112 has nonpreempt configured.
C. The router with IP address 172.16.11.112 is using default HSRP priority.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 175
What must be configured on a Cisco switch in order to advertise VLAN information?
A. VTP password
B. VTP domain name
C. VTP revision number
D. VTP mode
E. VTP pruning
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 176
Which describes the default load balancing scheme used by the Gateway Load Balancing Protocol
(GLBP)?
A. per host basis using a round-robin scheme
B. per host basis using a strict priority scheme
C. per session using a round-robin scheme
D. per session using a strict priority scheme
E. per GLBP group using a round-robin scheme TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
F. per GLBP group using a strict priority scheme
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 177
When authentication is required, where must 802.1x be configured in order to connect a PC to a
switch?
A. client PC only
B. switch port only
C. switch port and client PC
D. switch port and local router port
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 178
How are STP timers and state transitions affected when a topology change occurs in an STP
environment?
A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BDPUs will be reduced for the period of the max age timer.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 179
Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the TEST
domain. An administrator has recently enabled VTP pruning. Port 1 on Switch 1 and port 2 on Switch 4 are
assigned to VLAN 2. A broadcast is sent from the host connected to Switch 1. Where will the broadcast
propagate?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Every switch in the network receives the broadcast and will forward it out all ports.
B. Every switch in the network receives the broadcast, but only Switch 4 will forward it out port 2.
C. Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.
D. Only Switch 4 will receive the broadcast and will forward it out port 2.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 180
Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs. What should be done to load balance VLAN traffic between Switch A and Switch B?
A. Lower the port priority for VLAN 1 on port 0/1 for Switch A.
B. Lower the port priority for VLAN 1 on port 0/2 for Switch A.
C. Make the bridge ID of Switch B lower than the ID of Switch A.
D. Enable HSRP on the access ports.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 181
Refer to the exhibit. Which two problems are the most likely cause of the exhibited output? (Choose
two.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 182
Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link? (Choose two.)
A. The switch port attached to LinkB will not transistion to up.
B. One of the two switch ports attached to the hub will go into blocking mode when a BPDU is received.
C. Both switch ports attached to the hub will transition to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA will immediately transition to the blocking state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 183
Refer to the exhibit and the partial configuration on routers R1 and R2. Hot Standby Routing Protocol (HSRP) is configured on the network to provide network redundancy for the IP traffic. The network administrator noticed that R2 does not became active when the R1 serial0 interface goes down. What should be changed in the configuration to fix the problem?
A. R2 should be configured with a HSRP virtual address.
B. R2 should be configured with a standby priority of 100.
C. The Serial0 interface on router R1 should be configured with a decrement value of 20.
D. The Serial1 interface on router R2 should be configured with a decrement value of 20.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 184
Refer to the exhibit. Which statement is true about the output?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The port on switch CAT1 is forwarding and sending BPDUs correctly.
B. The port on switch CAT1 is blocking and sending BPDUs correctly.
C. The port on switch CAT2 is forwarding and receiving BPDUs correctly.
D. The port on switch CAT2 is blocking and sending BPDUs correctly.
E. The port on switch CAT3 is forwarding and receiving BPDUs correctly.
F. The port on switch CAT3 is forwarding, sending, and receiving BPDUs correctly.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 185
Refer to the exhibit. What statement is true based upon the configuration of router R1 and router R2?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Router R1 will become the active virtual gateway.
B. Router R2 will become the active virtual gateway.
C. The hello and hold timers are incompatible with multi-homed BGP.
D. The hello and hold timers are incompatible with OSPF type 5 LSAs.
E. Router R1 will become the master for Virtual Router 1, and router R2 will become the backup for Virtual Router 2.
F. Router R2 will become the master for Virtual Router 1, and router R1 will become the backup for Virtual Router 2.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 186
Refer to the exhibit. The switchport output in Figure 1 displays the default settings of interface
FastEthernet 0/13 on switch SW1. Figure 2 displays the desired interface settings. Which command
sequence would configure interface FastEthernet 0/13 as displayed in Figure 2?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode trunk SW1 (config-if)# switchport trunk native DATA SW1(config-if)# switchport trunk allowed vlan 1,10,20
B. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic auto SW1(config-if)# switchport trunk native DATA SW1(config-if)# witchport trunk allowed vlan add 1,10,20
C. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan DATA SW1(config-if)# switchport trunk allowed vlan 1,10,20
D. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan 10 SW1(config-if)# switchport trunk allowed vlan 1,10,20
E. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan 10
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 187
Refer to the exhibit. For what purpose is the command show ip cef used?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. to display rewritten IP unicast packets
B. to display ARP resolution packets
C. to display ARP throttling
D. to display TCAM matches
E. to display CEF-based MLS lookups
F. to display entries in the Forwarding Information Base (FIB)
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 188
Which two statements are true about HSRP, VRRP, and GLBP? (Choose two.)
A. GLBP allows for router load balancing of traffic from a network segment without the different host IP configurations required to achieve the same results with HSRP.
B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple standby groups.
C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.
D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available gateways.
E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 189
Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been
assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output displayed in the exhibit, which statement is true?
A. HSRP must be configured on SW1.
B. A separate router is required to support interVLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global config command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support interVLAN routing.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 190
Refer to the exhibit and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5 on
switch SW_A complain that they do not have connectivity to the users in VLAN 5 on switch SW_B. What
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside should be done to fix the problem?
A. Configure the same number of VLANs on both switches.
B. Create switch virtual interfaces (SVI) on both switches to route the traffic.
C. Define VLAN 5 in the allowed list for the trunk port on SW_A.
D. Disable pruning for all VLANs in both switches.
E. Define VLAN 5 in the allowed list for the trunk port on SW_B
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 191
What does the Catalyst switch interface configuration command switchport trunk native vlan 7
accomplish?
A. configures the interface to be a trunking port and causes traffic on VLAN 7 to be 802.1q tagged
B. causes the interface to apply ISL framing for traffic on VLAN 7
C. configures the trunking interface to send traffic from VLAN 7 untagged
D. configures the trunking interface to forward traffic from VLAN 7
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 192
Refer to the exhibit. The show port-security interface fa0/1 command was issued on switch SW1.
Given the output that was generated, which two security statement are true? (Choose two.)
A. Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
B. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.
D. When the number of secure IP addresses reaches 10, the interface will immediately shut down.
E. When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an SNMP trap notification will be sent.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: QUESTION 193
Which two statements about the various implementations of STP are true? (Choose two.)
A. Common Spanning Tree maintains a separate spanning-tree instance for each VLAN configured in the network.
B. The Spanning Tree Protocol (STP) is an evolution of the IEEE 802.1w standard.
C. Per-VLAN Spanning Tree (PVST) supports 802.1Q trunking. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
D. Per-VLAN Spanning Tree Plus(PVST+) is an enhancement to 802.1Q specification and is supported only on Cisco devices.
E. Rapid Spanning Tree Protocol (RSTP) includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast for faster network reconvergence.
F. Multiple Spanning Tree (MST) assumes one spanning-tree instance for the entire Layer 2 network, regardless of the multiple number of VLANs.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 194
Refer to the exhibit and the partial configuration of switch SW_A and SW_B. STP is configured on all
switches in the network. SW_B receives this error message on the console port:
00:06:34:
%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half
duplex),
with SW_A FastEthernet0/4 (half duplex) ,
with TBA05071417(Cat6K-B) 0/4 (half duplex).
What would be the possible outcome of the problem?
A.
The root port on switch SW_A will automatically transition to full-duplex mode.
B.
The root port on switch SW_B will fallback to full-duplex mode.
C.
The interfaces between switches SW_A and SW_B will transition to a blocking state.
D.
Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 195
Which two statements are true about BPDU port-guard and BPDU filtering? (Choose two.)
A. BPDU port-guard can be enabled globally, whereas BPDU filtering must be enabled on a per-interface basis.
B. When globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast enabled ports.
C. When globally enabled, BPDU port-guard and BPDU filtering apply only to trunking-enabled ports.
D. When a BPDU is received on a BPDU port-guard enabled port, the interface goes into the err-disabled state.
E. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the err-disabled state.
F. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the STP blocking state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 196
Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the
STP configuration is correct, what will be true about Switch 15?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. All ports will be in forwarding mode.
B. All ports in VLAN 10 will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 197
Refer to the exhibit. Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 198
Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1. What are three
reasons why this is not occurring? (Choose three.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Switch P2S1 is in server mode.
B. Switch P1S1 is in transparent mode.
C. The MD5 digests do not match.
D. The passwords do not match.
E. The VTP domains are different.
F. VTP trap generation is disabled on both switches.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 199
Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about
interfaces Fa0/13 and Fa0/14?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 200
What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?
A. VLAN instance mapping and revision number
B. VLAN instance mapping and member list
C. VLAN instance mapping, revision number, and member list
D. VLAN instance mapping, revision number, member list, and timers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Cisco 642-812 exam is a challenging Certification Exam. Besides the books, internet is considered to be a treasure house of knowledge. In Flydumps you can find your treasure house of knowledge. This is a site of great help to you. You will encounter the complex questions in the exam, but Passcert can help you to pass the exam easily. Flydumps Latest Cisco 642-812 dumps includes all the knowledge that must be mastered for the purpose of passing the Cisco 642-812 exam.
Welcome to download the newest Examwind 700-505 dumps: http://www.examwind.com/700-505.html
http://www.alnaba.org/sap-c-hanaimp-1-questions-helpful-sap-c-hanaimp-1-exam-guide-with-new-discount/
Welcome to download the newest Examwind 642-355 dumps:
Where To Download New Free Cisco 642-355 VCE Exam Dumps? As we all know that new Cisco 642-355 exam are difficult to pass, but if you get the valid Cisco 642-355 exam questions, you will pass the EXIN P3OF exam easily. Nowdays, Flydumps has published the newest Cisco 642-355 exam dumps with free vce test software and pdf dumps, by training the Flydumps Cisco 642-355 questions, you will pass the exam easily!
QUESTION 147
What would be a good initial SAN-migration project for a small or medium-sized business that possesses ample WAN bandwidth, but that has an immediate need to reduce spending and to maximize resources?
A. Reduce the WAN bandwidth.
B. Implement FCIP to consolidate all remote SANs.
C. Implement backup consolidation.
D. Centralize the data center and implement an iSCSI solution.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 148
Exhibit:
Refer to the exhibit. Which three outcomes would a customer realize by performing the migration from a multitier fabric design to a consolidated design? (Choose three.)
Actualtests.com – The Power of Knowing 642-355
A. lower effective port cost
B. high availability because of the multifaceted redundancy that is built into the Cisco MDS switch
C. lower effective port count
D. higher effective port cost
E. higher effective port count
F. lower availability because there are fewer fabric switches for failover
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 149
What are two MDS features that increase the efficiency of a multiple switch Fibre Channel fabric? (Choose two.)
A. Port Channel
B. CDP
C. FCP
D. FCC
E. CUP
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 150
What provides storage virtualization from IBM?
A. Advanced Services Module (ASM)
B. Caching Services Module (CSM)
C. Storage Services Module (SSM)
D. Cisco MDS 9000 32-port 1/2-Gbps FC Module
E. IP Multiprotocol Services Module
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 151
A customer is concerned about the security of the SAN. The customer wants to prevent unauthorized hosts and switches from connecting to the SAN fabric. Which technology should be enabled on the Cisco MDS 9000 Series SAN to accommodate this requirement?
Actualtests.com – The Power of Knowing 642-355
A. DHCAP
B. role-based authorization
C. zones
D. SSH
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 152
Which four secure management protocols are used to enable intelligent SAN security? (Choose four.)
A. SSH
B. Secure TFTP
C. SNMP
D. FTP
E. DNS
F. RADIUS-based AAA
Correct Answer: ABCD Section: (none) Explanation Explanation/Reference:
QUESTION 153
When designing a SAN, what is considered to be the most significant security threat?
A. Denial of Service attacks
B. Management Access
C. WWN Spoofing
D. FC_ID Spoofing
E. Host to Storage data paths
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 154
Which tool requires the Cisco Fabric Manager Server License to operate?
A. Cisco Performance Manager
B. Cisco Fabric Manager
C. Cisco Device Manager
D. Cisco Fabric Analyzer Actualtests.com – The Power of Knowing 642-355
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 155
What are two characteristics of iSCSI? (Choose two.)
A. iSCSI initiators cannot be members of more than one VSAN.
B. The port VSAN of an iSCSI interface cannot be modified.
C. iSCSI cannot benefit from existing IP QoS.
D. By default, dynamically mapped iSCSI initiators are members of VSAN 1.
E. The IPS module creates one or more FC virtual N_Ports for each iSCSI host.
F. By default, all statically mapped iSCSI initiators are members of VSAN 4094.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 156
In a core-edge SAN implementation, which statement is true about oversubscription?
A. When using full-rate mode ports, there is no oversubscription in a core-edge implementation.
B. A core-edge design has manageable oversubscription, but at the cost of used ISL ports.
C. Oversubscription in a core-edge design is implemented by using N_Ports.
D. When using a core-edge design, there is only oversubscription when it is implemented in a heterogeneous environment.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 157
Which technology should be used to provide transparent low latency FC transport across a metropolitan area?
A. DWDM
B. FCIP
C. iSCSI
D. iFCP
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 158
Which Fibre Channel SAN topology maximizes performance and expandability?
A. multi-point
B. point-to-point
C. arbitrated loop
D. switched fabric
E. star
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 159
What are three causes of host oversubscription? (Choose three.)
A. the operating system
B. the PCI bus limitations
C. the RTO and RPO values
D. whether the HBA has a flat FCIDs assigned
E. the limits on the maximum I/O and bandwidth rate
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference: QUESTION 160
What are three array characteristics that are crucial when planning a SAN design? (Choose three.)
A. fan-in ratio
B. connection speed
C. embedded cache controller
D. RAID level support
E. active/passive controller
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 161
What are two benefits of the Cisco MDS Series Switches that increase the overall resiliency of SAN extension? (Choose two.)
Actualtests.com – The Power of Knowing 642-355
A. VSANs and IVR can eliminate the potential disruption of a WAN failure.
B. VSANs and IVR can increase resiliency by combining control traffic and data traffic over the WAN.
C. Parallel tunnels and PortChannels eliminate failure of every VSAN or IVR in the local fabric.
D. PortChannels and VSANs can be used with FCIP to provide end-to-end redundancy and load balancing.
E. Recovery at the PortChannel level, instead of at the FSPF routing level, provides nondisruptive recovery.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 162
A customer is planning to deploy a new storage-area-network infrastructure. The customer has five buildings within corporate headquarters, each with a separate data center. Four of the five data centers serve separate business units, while the fifth serves as the primary data center for the entire company. The customer would like to deploy the SAN in such a way that each of the five data centers will have its own storage-network infrastructure and connectivity amongst each other. The customer is planning to enable long-distance connectivity from the primary data center for the purposes of replicating data from all of the data centers across the country. Which SAN topology would you recommend that the customer deploy?
A. core-edge
B. collapsed core
C. partial mesh
D. full mesh
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 163
Which statement is true about when the Cisco MDS switch is operating in native mode?
A. Native mode is the only mode available on the MDS switch, and thus the switch is able to operate with all other storage switches because all storage switches are certified by SNIA.
B. If the products of other storage-switch vendors strictly adhere to published standards, they will be able to interoperate with MDS in native mode.
C. Most commonly deployed switches in the marketplace today can interoperate with the switches of other vendors while functioning in their default or native mode.
D. Non-MDS switches are able to interpret the Cisco EISL header and thus can Actualtests.com – The Power of Knowing 642-355 interpret VSAN information.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 164
What are three key benefits of implementing a SAN using iSCSI? (Choose three.)
A. uses existing IP networking, monitoring, and management infrastructure
B. is more efficient than FC since it requires fewer encapsulations
C. maintains consistent performance over IP networks of varying distances
D. significant capital cost reduction by substituting iSCSI as a transport technology
E. extends existing FC SAN to IP connected hosts
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 165
At which point can security on a Fibre Channel SAN be implemented? (Choose three.)
A. storage array
B. server
C. Fibre Channel switch
D. GigE NIC
E. SFP connector
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:
QUESTION 166
A customer recently deployed a core-edge storage network infrastructure that consists of several Cisco MDS directors and fabric switches. The directors are deployed in the core of the network, and the fabric switches are deployed as edge devices. The edge devices are connected to the core by PortChannels, which consist of four links. The customer is interested in in-band management of the fabric using TCP/IP. Which two configurations are required for enabling in-band management of the fabric using TCP/IP? (Choose two.)
A. VRRP
B. FCIP
C. IPFC
D. synchronization of management users and passwords Actualtests.com – The Power of Knowing 642-355
E. VSAN IP addresses
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 167
A customer has deployed two Cisco MDS 9509 Multilayer Directors. One MDS 9509 is deployed in each of two separate data centers. The primary data center is always active, and the secondary data center is considered a standby site. The data centers are connected together by a single Gigabit Ethernet connection that is shared by many departmental networks within the company. The network connection is unreliable and is frequently out of service. The storage administrator needs to synchronously replicate data from an array in the production data center to an array in the standby data center, but is concerned about the network instability impacting the production data center. Which feature would you recommend to the administrator to minimize disruption?
A. PortChannel
B. Fibre Channel over IP
C. Inter-VSAN Routing
D. Fibre Channel Congestion Control
E. Fibre Channel timeout values
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Select three characteristics of the Cisco coarse wave division multiplexing (CWDM) solution. (Choose three.)
A. multiplexes up to eight wavelengths across a single fiber pair
B. supports a maximum connection length of 220 kilometers
C. supports both linear and ring topologies
D. requires OADMs (optical add/drop multiplexers) to aggregate multiple wavelengths across the same fiber pair
E. can be optically amplified to extend the distance characteristics
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 169
What are three reasons to implement VSANs in a Fibre Channel SAN? (Choose three.)
Actualtests.com – The Power of Knowing 642-355
A. to reduce network infrastructure requirements
B. to increase data security
C. to enable port-channeling
D. to enable TCP/IP routing
E. to share SAN extension capability using EISLs
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 170
What is considered the optimal topology for deployment of Fibre Channel SANs using Cisco MDS family products? (Choose two.)
A. mesh
B. ring
C. core-edge
D. collapsed core
E. core-edge with VSAN
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 171
A large credit card processing firm is adding a second data center to support business continuance. What is the recommended solution for extending the SAN to the second data center if both data centers are active?
A. asynchronous replication using FCIP
B. dual homed servers, and IP connectivity using multiple paths
C. iSCSI installation and a bridge the Ethernet network to the Fibre Channel fabric
D. synchronous replication using DWDM
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 172
A customer has storage arrays from multiple vendors, and is considering a virtualization solution to simplify storage management. Choose three advantages of using a Cisco MDS-based virtualization solution with an MDS 9500 Series Director instead of host-based or storage-based virtualization solutions. (Choose three.)
A. host and storage heterogeneity Actualtests.com – The Power of Knowing 642-355
B. LUN masking that is simpler to implement
C. virtualization that is closer to the target
D. virtualization that is embedded in the switch module
E. availability
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 173
A customer is considering designing a new storage-network infrastructure to simplify storage network management. The existing solution uses ten 16-port 1-Gbps Fibre Channel switches. Two of the switches are deployed as core switches, and the remaining eight switches are deployed as edge switches. Each edge switch has an ISL to each of the two core switches. The disk array has four 1-Gbps Fibre Channel interfaces. Two interfaces connect to each of the core switches. Each of the 96 servers has a single 1-Gbps Fibre Channel host bus adapter. Which configuration would provide equivalent or better performance while simplifying infrastructure management?
A. two Cisco MDS 9140 Fabric Switches
B. two Cisco MDS 9216 Fabric Switches, each with one 32-port Fibre Channel line card
C. one Cisco MDS 9506 Multilayer Director with two 16-port Fibre Channel line cards and two 32-port Fibre Channel line cards
D. one Cisco MDS 9506 Multilayer Director with four 32-port Fibre Channel line cards
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 174
Which three applications would be best suited for a SAN rather than a NAS environment? (Choose three.)
A. web content services
B. order entry and inventory tracking
C. enterprise resource planning (ERP)
D. office productivity suites (for example, Microsoft Office)
E. credit card transactions
F. engineering collaboration (for example, CAD and CAM)
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 175
A fully loaded Cisco MDS 9506 Multilayer Director requires 2190 watts of power. If 110-volt power is provided to the switch, at which power mode would the switch operate?
A. The director would operate in redundant mode only.
B. The director would operate in combined mode only.
C. The director would operate in redundant mode or combined mode.
D. The director cannot operate with 110-volt power.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 176
What feature of the MDS 9000 family would be most valuable in establishing a baseline of the traffic load on an existing network prior to making changes?
A. SPAN
B. RSPAN
C. FC-SP
D. Performance Manager
E. AAA
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 177
What are three advantages of a collapsed-core architecture? (Choose three.)
A. This design provides the most efficient use of ports because no ports are consumed for ISLs.
B. The absence of ISLs significantly decreases reliability and manageability.
C. The absence of any oversubscription increases switch throughput.
D. Since there are fewer available paths over which traffic may travel, FSPF values are higher.
E. Ports can be scaled easily by adding hot-swappable blades without disrupting traffic.
F. The highest performance is achieved by director-class switches, because the high-speed backplane provides low fixed latency between any two ports.
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 178
A customer wants to consolidate the storage in an existing SAN where Cisco MDS Series Switches are deployed. How can the customer accomplish this goal and still be able to retain full access to the data?
A. dual supervisor modules
B. virtual output queuing (VOQ)
C. stateful failover
D. universal interoperability mode 4
E. per-VSAN FSPF routing
Correct Answer: E Section: (none) Explanation Explanation/Reference:
QUESTION 179
A customer is designing a SAN for each of two data centers. The two data centers are connected by dark fiber, which is owned by the customer. Cisco ONS platforms terminate the fiber and provide service aggregation. The customer requirements include that the SAN in each data center meet or exceed five nines of availability and be interconnected using 16 separate lambdas. The customer has four storage devices in each data center, and each storage device has four Fibre Channel interfaces. Each data center has 32 servers, and each server has two host bus adapters. The majority of the servers require only 20 to 30MBps of throughput on average, but four of the servers require 150 MBps of throughput on average. What will provide the most cost-effective design to satisfy these requirements?
A. two Cisco MDS 9216 Fabric Switches in each data center, each MDS 9216 with an additional 16-port Fibre Channel line card
B. two Cisco MDS 9216 Fabric Switches in each data center, each MDS 9216 with an additional 32-port Fibre Channel line card
C. two Cisco MDS 9506 Multilayer Directors with one in each data center, each MDS 9506 with two 16-port Fibre Channel line cards and two 32-port Fibre Channel line cards
D. two Cisco MDS 9509 Multilayer Directors with one in each data center, each MDS 9509 with two 16-port Fibre Channel line cards and three 32-port Fibre Channel line cards
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 180
What technology minimizes the potential for service interruption on SAN extension
Actualtests.com – The Power of Knowing 642-355
links?
A. FCIP
B. VRRP
C. VSANs and IVR
D. Port Channeling
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 181
A customer has 12 hosts, each capable of a maximum burst I/O rate of 75 MBps. The customer wants to connect these hosts to the fabric with a 32-port line card. For optimal performance what is the maximum number of hosts that should be connected to any four-port, host-optimized quad?
A. one
B. two
C. three
D. four
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 182
A customer has the following application and peak-bandwidth requirements:Four database servers: 50 MBps eachFour exchange servers: 30 MBps each20 midrange development servers: 20 MBps eachWhich dual-fabric designs would best meet the needs of this price-sensitive customer while allowing for future SAN extension capability?
A. two Cisco MDS 9216i Multilayer Fabric Switches, each with an IPS-8 module
B. two Cisco MDS 9216A Multilayer Fabric Switches, each with an SSM module
C. two Cisco MDS 9216i Multilayer Fabric Switches, each with a 16-port FC module
D. two Cisco MDS 9216A Multilayer Fabric Switches, each with a 32-port FC module
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 183
Which two design criteria require VLANs in a proposed solution? (Choose two)
Actualtests.com – The Power of Knowing 642-355
A. security between departments
B. segmenting collision domains
C. segmenting broadcast domains
D. video steaming on the LAN
E. limited budget of the corporation
F. use of multivendor equipment
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 184
Which statement describes IPv6 address route summarization?
A. IPv6 address have to converted to IPv4 address to be summarized
B. Classless Inter Domain Routing (CIDR) for IPv6 automatically performs route summarization
C. IPv6 addresses cannot use route summarization
D. IPv6 address have built in route summarization based on Top Level Aggregators, Next Level Aggregators and Site Level Aggregators.
E. The routers in the IPv6 network use proprietary protocols to optimize summarization based on the size of their routing tables.
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 185
A converged voice and data network is designed to carry voice calls on-net as close a possible to the destination to reduce long distance charges. What are two reasons that a VoIP call could go off earlier than designed? (Choose two)
A. The local voice gateway detects lack of bandwidth.
B. The destination routing is not configured on both local and remote gateways.
C. The local call manager server is too busy to process the call.
D. The telephone user dials access code.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 186
A manufacturing company has decided to add a website to enhance sales. The web servers in the E-Commerce module must be accessible without compromising network security. Which two design recommendations can be made to meet their requirements? (Choose two)
Actualtests.com – The Power of Knowing 642-355
A. Use intrusion detection on the E-Commerce server farm
B. Limit the number of incoming connections to the module
C. Place E-Commerce servers and application servers on isolated LANs (DMZs)
D. Move the E-Commerce servers to the WAN module to provide tight security.
E. Use private and public key encryption
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 187
A global corporation has 2,000,000+ host and 10,000+ routers in their internal network. They also have connectivity to the Internet and do high volumes of traffic with their business partners and the public at large. They have decided to start using IPv6. Which statement best describes a flexible IPv6 strategy for this corporation?
A. IPv6 hosts and IPv6 routers
B. dual stack hosts and dual stack routers
C. dual stack hosts and IPv4 routers
D. IPv4 hosts and IPv6 routers
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 188
A network that is running Voice over Frame Relay (VoFR) is experiencing delay and delay variation due to sterilization of packets of varying size. This condition is causing voice quality problems. Which solution can be added to the network at the sending end to reduce these problems?
A. dejetter buffers
B. hardware digital signal processors
C. link fragmentation and interleaving
D. coding algorithm
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 189
An established network is experience DoS attacks against a specific server in E-Commerce module. The operating system on the server has been upgraded and patched and all unnccded services have been tuned off, but the attacks are
Actualtests.com – The Power of Knowing 642-355
continuing. What action should be recommended to reduce these attacks?
A. Block all UDP traffic to the affected server by using ACLs at the firewall.
B. Add more servers running the same application as the affected server.
C. Block all TCP traffic to the affected server by using ACLs at the firewall.
D. Limit the correction rate to the affected server at the firewall.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 190
Very large organizations hasreceived its IPv6 address range from their Internet Service Provider and intend to only use IPv6 address internally. They will access the Internet through port address translation (PAT). What is required for their Domain Name Servers, DNS?
A. They no longer need DNS servers
B. Their DNS servers need to support both IPv4 and IPv6 addresses
C. Their DNS servers need to support only IPv6 addresses
D. Their DNS servers need to support only IPv4 addresses
E. They need additional DNS servers in their network just for IPv6 addresses
F. There are no changes required to their DNS servers
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 191
RST Corporation is planning to upgrade its current network. The chief technology officer (CTO) has supplied a topology diagram and an IP addressing scheme of the current network during an interview. The
company has been growing at about twenty percent per year and it has been difficult to maintain customer
support at a satisfactory level. The RST board has met and directed the CTO to look into network
improvements.
Which two items are most relevant in documenting RST’s business requirements?
A. improved customer support
B. existing network topologies
C. IP addresses assigned by the ISP
D. projected growth
E. frequency of board meetings
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Actualtests.com – The Power of Knowing 642-355
QUESTION 192
In Cisco VoIP implementation what is used on a router to associate physical voice ports with phone numbers?
A. automatically route selections
B. translation patterns
C. IP telephony
D. dial neers
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 193
What is the default encapsulation for synchronous serial interfaces on Cisco routers?
A. ATM
B. HDLC
C. PPTP
D. Frame Relay
E. GRE
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 194
How does Roles Based Access Control (RBAC) enhance manageability in an environment with VSANs?
A. limit operator errors by isolating user management domains within a large physical infrastructure
B. specifies port membership to a specific VSAN
C. configures security options for host ports that are assigned to a VSAN
D. configures VSAN membership for specific trunk ports
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 195
What is the impact of IPv6 on the BGP protocol?
Actualtests.com – The Power of Knowing 642-355
A. There is a new version of BGP for IPv6
B. Host converts BGP to IS-IS for IPv6
C. Host converts BGP to IS-IS for IPv6
D. There is no change for BGP between Ipv4 and IPv6
E. BGP cannot be used with IPv6
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Cisco 642-355 exam can be a milestone in your professional career. Flydumps is the pioneer in Microsoft certification exam preparation. With a highly competent and professional team, Latest Cisco 642-355 dumps in Flydumps has come up with a great, thorough exam material which will be a treasure for you.you will get certified easily with the help of Flydumps latest Latest Cisco 642-355 dumps.
Welcome to download the newest Examwind 642-355 dumps: https://www.pass4itsure.com/642-355.html
http://www.alnaba.org/isaca-cgeit-demo-the-most-effective-isaca-cgeit-exam-download-online-shop/