|
passed today with 90% marks. really thankful to itcertkeys.
|
Question 1.
Before launching the Application Publishing Wizard, what must be done to publish a package?
A. The package deployment schedule must be set.
B. The location of the package must be identified.
C. The target servers must be specified.
D. The package must be added to the Presentation Server Console.
Answer: D
Question 2.
Which two Health Monitoring and Recovery tests are enabled by default? (Choose two.)
A. Citrix SMA Service
B. Citrix XML Service
C. Citrix IMA Service
D. Citrix XTE Server Service
Answer: B, C
Question 3.
The administrator who installs the ADF packages on the target servers must have ______ and ______. (Choose the two phrases that complete the sentence correctly.)
A. administrative access to the network share point server
B. read access to the target servers
C. read access to the network share point server
D. administrative access to the target servers
E. read access to the packager server
F. administrative access to the packager server
Answer: C, D
Question 4.
A large medical research company ITCertKeys.com wants to reduce the high CPU usage on their servers in order to improve the user experience. Most users work with a web-based tool that is graphic-intensive. They work with files that need to be accessed from multiple locations and by multiple users so that researchers can access the files as they make their rounds through clinics.
What should the administrator implement to meet the company's requirements?
A. Application limits
B. Published desktops
C. Server-to-client content redirection
D. Client-to-server content redirection
Answer: C
Question 5:
The Citrix Administrator at a ITCertKeys.com plans on deploying a web-based cataloging application consisting of new items under development. The application includes JPEG images of product prototypes alongside detailed descriptions. This application will be accessed by a group of engineers from remote field sites with limited network bandwidth. This application will only be provided by means of a single set of servers running Presentation Server that will be deployed within the new server farm. Access to the data source is controlled so that data queries may originate only from the servers running Presentation Server. The JPEG images are large files and users require graphical detail even when using dial-up, wireless WAN, or other slow connections.
Which three SpeedScreen Browser Acceleration options should be configured at the server farm level? (Choose three.)
A. Determine when to compress
B. Enable SpeedScreen Browser Acceleration
C. Compress JPEG images to improve bandwidth and set the compression level to high
D. Compress JPEG images to improve bandwidth and set the compression level to low
E. Use farm settings for SpeedScreen Browser Acceleration
Answer: A, B, D
Question 6.
ITCertKeys.com recently implemented Citrix Presentation Server. The company plans to use the shadowing feature to improve their help desk activities. Specifically, the company wants the help desk personnel to be able to shadow all users in the company's domain and manipulate their work stations remotely. For security and privacy reasons, the company wants to ensure that users must accept shadowing before help desk personnel can shadow them. During the Presentation Server installation, the administrator allowed shadowing but did not configure any settings for remote control or shadow acceptance. The administrator has just created a policy titled "Shadowing."
Which two steps are required to accomplish this task? (Choose two.)
A. Enable shadowing in a policy and prohibit remote input when being shadowed.
B. Enable shadowing in a policy and prohibit being shadowed without notification.
C. Enable permissions for all help desk users and set status to allow.
D. Enable permissions for all users and set status to allow.
Answer: B, C
Question 7.
Which two statements are true when an administrator associates published applications with file types and then assigns them to users? (Choose two.)
A. All files of an associated type encountered in locally running applications are opened with
applications running on the server when users run the Program Neighborhood Agent.
B. The client passes the name of the published content file to the local viewer application when
users run the Program Neighborhood Agent.
C. Content published on servers is opened with applications published on servers when users
connect using the Program Neighborhood Agent.
D. The file type associations in the published applications are copied to the registry of the client
device when users connect using the Web Interface.
Answer: A, C
Question 8.
When configuring Virtual Memory Optimization, it is best to configure an optimization time ______________. (Choose the appropriate option to complete the sentence.)
A. when the administrator can manually monitor the process
B. that precedes a scheduled reboot
C. of high or maximum usage
D. of low or no usage
Answer: D
Question 9.
A network administrator at ITCertKeys.com created a policy for the Human Resources group called "HR standard" which restricts the users in that group from accessing their local drives. Human Resources has recently added five new recruiters to the team who will travel to universities throughout the country to recruit candidates. While on these trips, the recruiters will need to save data on their laptops and upload information nightly. The administrator creates a new policy for the recruiters called "HR recruitment" and disables the rule which restricts access to the local drives.
Which two steps are required to ensure that the recruiters are able to access their local drives? (Choose two.)
A. Filter the HR recruitment policy by users, specify the five recruiter accounts and allow access
B. Filter the HR standard policy by users, specify the five recruiter accounts and allow access
C. Rank the HR recruitment policy higher than the HR standard policy
D. Rank the HR standard policy higher than the HR recruitment policy
Answer: A, C
Question 10.
A newly published web-based application calls a Java applet to support audio interaction with other users. The application requires Virtual IP in order to function properly. Users launched the published web browser successfully; however, only the first user on the server could initialize the audio portion. Other Java-based applications on the same servers functioned correctly.
Which option will best address this problem?
A. Remove the servers from the Virtual Loopback list and re-add them to read the new
configuration.
B. Increase the IP range for Virtual IP addresses to allow for the added users.
C. Configure the correct Java runtime path for Virtual IP loopback.
D. Add the entries directly to the registry instead of the Management Console to implement the
new Virtual IP configuration.
Answer: C
|
Question 1.
With Cisco WAAS advanced compression DRE, which three functions are performed during the DRE process? (Choose three.)
A. Pattern matching
B. Synchronization
C. LZ compression
D. Fingerprint and chunk identification
Answer: A, B, D
Question 2.
Do you know how often the Cisco WAAS automatic discovery takes place?
A. Once per user
B. Every hour
C. On a Connection-by-Connection basis
D. Once per office
Answer: C
Question 3.
What is the status of Cisco WAAS optimization after completing the quick start process on all devices and installing the enterprise license? (Choose two.)
A. Cisco WAAS is ready for the Central Manager to be configured to optimized traffic
B. Cisco WAAS is ready for bandwidth settings to be defined for communication
C. Cisco WAAS application optimizers are enabled
D. Default optimizations are applied traffic passing through the Cisco WAE devices
Answer: C, D
Question 4.
Which two statements describe what is required for read-only disconnected mode to be automatically activated during a prolonged WAAS disconnect? (Choose two.)
A. The WAE must be configured for Windows Authentication
B. The Windows server must be configured for operating in disconnected mode
C. The WAE must be able to access a Window Domain Controller
D. The WAE must be joined to the same workgroup as the Windows Server
Answer: A, C
Question 5.
Which three are high-availability Cisco WAE solutions for a branch office? (Choose three.)
A. PBR
B. WCCP
C. Multiple Cisco WAE devices with inline cards
D. Firewall load-balancing Cisco WAE devices
Answer: A, B, C
Question 6
The Cisco WAAS design of your customer calls for the Central Manager to be deployed on the Core WAE, which is a WAE-612 with 2 GB of RAM. The customer initially configured the WAE as an application accelerator and then issued the device mode central-manager command to enable Central Manager Service.
Now the customer complains that the WAE is no longer accelerating traffic why?
A. The Central Manager and application accelerator cannot be deployed on the same WAE
B. The device mode central-manager command must be issued before the device mode
application-accelerator command
C. At least 4 GB of RAM must be installed for the WAE to serve as both Central Manager and
application accelerator
D. Central Manager is consuming too much CPU time on the WAE. The Central Manager service
should be implemented on a less-utilized edge WAE
Answer: A
Question 7.
Which two benefits can we get by using Cisco WAAS with Cisco security devices such as Cisco PIX, Cisco ASA and Cisco IOS Firewalls? (Choose two.)
A. The security devices will speed Cisco WAAS transport
B. The security devices support the TCP sequence number jump that Cisco WAAS uses
C. Cisco WASS requires Cisco Security devices to be installed
D. The security devices can be configured to support Cisco WAAS automatic discovery
Answer: B, D
Question 8.
In Order to ensure Cisco WAAS Mobile transport and management, which three protocols and ports need to be allowed through corporate firewalls? (Choose three.)
A. TCP 80
B. TCP 8080
C. UDP 8080
D. UDP 1182
Answer: A, B, D
Question 9.
SACK improves performance for which type of traffic?
A. Short-lived TCP connections
B. Traffic on high-BDP networks
C. Traffic on lossy networks
D. Traffic on low-BDP networks
Answer: C
Question 10.
Which parameter should be taken into consideration while selecting a Cisco WAE model for a Cisco WAAS deployment?
A. Bandwidth of the largest WAN Link
B. Total WAN throughput
C. Concurrent TCP sessions to be optimized
D. Bandwidth of the smallest WAN link
Answer: C
|
Question 1.
You are the network consultant from Your company. Please point out two requirements call for the deployment of 802.1X.
A. Authenticate users on switch or wireless ports
B. Grant or Deny network access at the port level, based on configured authorization policies
C. Allow network access during the queit period
D. Verify security posture using TACAS+
Answer: A, B
Question 2.
Open Shortest Path First (OSPF) is a dynamic routing protocol for use in Internet Protocol (IP) networks. An OSPF router on the network is running at an abnormally high CPU rate. By use of different OSPF debug commands on Router, the network administrator determines that router is receiving many OSPF link state packets from an unknown OSPF neighbor, thus forcing many OSPF path recalculations and affecting router's CPU usage.
Which OSPF configuration should the administrator enable to preent this kind of attack on the Router?
A. Multi-Area OSPF
B. OSPF stub Area
C. OSPF MD5 Authentication
D. OSPF not-so-stubby Area
Answer: C
Question 3.
Which one of the following Cisco Security Management products is able to perform (syslog) events normalization?
A. Cisco IME
B. Cisco Security Manager
C. Cisco ASDM
D. Cisco Security MARS
Answer: D
Question 4.
Can you tell me which one of the following platforms has the highest IPSec throughput and can support the highest number of tunnels?
A. Cisco 6500/7600 + VPN SPA
B. Cisco ASR 1000-5G
C. Cisco 7200 NPE-GE+VSA
D. Cisco 7200 NPE-GE+VAM2+
Answer: A
Question 5.
Which two methods can be used to perform IPSec peer authentication? (Choose two.)
A. One-time Password
B. AAA
C. Pre-shared key
D. Digital Certificate
Answer: C, D
Question 6.
Cisco Security Agent is the first endpoint security solution that combines zero-update attack protection, data loss prevention and signature-based antivirus in a single agent. This unique blend of capabilities defends servers and desktops against sophisticated day-zero attacks and enforces acceptable-use and compliance policies within a simple management infrastructure.
What are three functions of CSA in helping to secure customer environments?
A. Control of executable content
B. Identification of vulnerabilities
C. Application Control
D. System hardening
Answer: A, C, D
Question 7.
Cisco Secure Access Control Server (ACS) is an access policy control platform that helps you comply with growing regulatory and corporate requirements.
Which three of these items are features of the Cisco Secure Access Control Server?
A. NDS
B. RSA Certificates
C. LDAP
D. Kerberos
Answer: A, B, C
Question 8.
Observe the following protocols carefully, which one is used to allow the utilization of Cisco Wide Area Application Engines or Cisco IronPort S-Series web security appliances to localize web traffic patterns I the network and to enable the local fulfillment of content requests?
A. TLS
B. DTLS
C. WCCP
D. HTTPS
Answer: C
Question 9.
Which one is not the factor can affect the risk rating of an IPS alert?
A. Relevance
B. Attacker location
C. Event severity
D. Signature fidelity
Answer: B
Question 10.
For the following items, which two are differences between symmetric and asymmetric encryption algorithms? (Choose two.)
A. Asymmetric encryption is slower than symmetric encryption
B. Asymmetric encryption is more suitable than symmetric encryption for real-time bulk encryption
C. Symmetric encryption is used in digital signatures and asymmetric encryption is used in
HMACs
D. Asymmetric encryption requires a much larger key size to achieve the same level of protection
as asymmetric encryption
Answer: A, D
|
Question 1.
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment.
Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.
Answer: A, C, D
Question 2.
Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network
topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied
simultaneously to multiple local controllers.
C. A global controller can correlate events from multiple local controllers to perform global
sessionizations.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
Answer: A, B, D
Question 3.
Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance?
A. Use Secure FTP to protect the data transfer.
B. Use "mode 5" restore from the Cisco Security MARS CLI to provide enhanced security During
the data transfer.
C. Choose Admin > System Maintenance > Data Archiving on the Cisco Security MARS GUI to
perform the restore operations on line.
D. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.
Answer: D
Question 4.
A Cisco Security MARS appliance can't access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways
C. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
D. Use the Cisco Security MARS CLI to add a static route
Answer: D
Question 5.
Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. mitigate at Layer 2
B. archive to NFS only
C. drop
D. log to the database only
Answer: C, D
Question 6.
What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance?
A. The source IP address that sends syslog information to the Cisco Security MARS appliance
B. The pre-NAT IP address of the device
C. The IP address that Cisco Security MARS uses to access the device via SNMP
D. The IP address that Cisco Security MARS uses to access the device via Telnet or SSH
Answer: A
Question 7.
Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to conjunction with the Cisco Security MARS incident escalation feature for incident
reporting
B. It is used to capture, combine and preserve user-selected Cisco Security MARS data within a
specialized report
C. It is used to automatically collect and save information on incidents, sessions, queries and
reports dynamically without user interventions
D. It is used to very quickly evaluate the state of the network
Answer: B
Question 8.
Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.)
A. Define the syslog relay collector.
B. Add the syslog relay server application to Cisco Security MARS as Generic Syslog Relay Any.
C. Define the syslog relay source list.
D. Add the reporting devices monitored by the syslog relay server to Cisco Security MARS.
Answer: B, D
Question 9.
Here is a question that you need to answer. You can click on the Question button to the left to view the question and click on the MARS GUI Screen button to the left to capture the MARS GUI screen in order to answer the question. While viewing the GUI screen capture, you can view the complete screen by use of the left/right scroll bar on the bottom of the GUI screen. Choose the correct answer from among the options.
What actions will you take to configure the MARS appliance to send out an alert when the system rule fires according to the MARS GUI screen shown?
A. Click "Edit" to edit the "Operation" field of the rule, select the appropriate alert option(s), then
apply.
B. Click on "None" in the "Action" field, select the appropriate alerts, then apply.
C. Click "Edit" to edit the "Reported User" field of the rule, select the appropriate alert
option(s),then apply.
D. Click on "Active" in the "Status" field, select the appropriate alerts, then apply.
Answer: B
Question 10.
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events management page
D. Creating drop rules
Answer: D
|
Question 1.
Tom works as a network administrator. The primary adaptive security appliance in an active/standby failover configuration failed, so the secondary adaptive security appliance was automatically activated. Tom then fixed the problem. Now he would like to restore the primary to active status.
Which one of the following commands can reactivate the primary adaptive security appliance and restore it to active status while issued on the primary adaptive security appliance?
A. failover reset
B. failover primary active
C. failover active
D. failover exec standby
Answer: C
Question 2.
For the following commands, which one enables the DHCP server on the DMZ interface of the Cisco ASA with an address pool of 10.0.1.100-10.0.1.108 and a DNS server of 192.168.1.2?
A. dhcpd address 10.0.1.100-10.0.1.108 DMZ dhcpd dns 192.168.1.2 dhcpd enable DMZ
B. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns server 192.168.1.2 dhcpd enable DMZ
C. dhcpd range 10.0.1.100-10.0.1.108 DMZ dhcpd dns server 192.168.1.2 dhcpd DMZ
D. dhcpd address range 10.0.1.100-10.0.1.108 dhcpd dns 192.168.1.2 dhcpd enable
Answer: A
Question 3.
Look at the following exhibit carefully, which one of the four diagrams displays a correctly configured network for a transparent firewall?
A. 1
B. 2
C. 3
D. 4
Answer: D
Question 4.
What is the effect of the per-user-override option when applied to the access-group command syntax?
A. The log option in the per-user access list overrides existing interface log options.
B. It allows for extended authentication on a per-user basis.
C. Hallows downloadable user access lists to override the access list applied to the interfacE.
D. It increases security by building upon the existing access list applied to the interfacE. All
subsequent users are also subject to the additional access list entries.
Answer: C
Question 5.
John works as a network administrator.
According to the exhibit, the only traffic that John would like to allow through the corporate Cisco ASA adaptive security appliance is inbound HTTP to the DMZ network and all traffic from the inside network to the outside network. John also has configured the Cisco ASA adaptive security appliance, and access through it is now working as expected with one exception: contractors working on the DMZ servers have been surfing the Internet from the DMZ servers, which (unlike other Company XYZ hosts) are using public, routable IP addresses. Neither NAT statements nor access lists have been configured for the DMZ interface.
What is the reason that the contractors are able to surf the Internet from the DMZ servers? (Note: The 192.168.X.XIP addresses are used to represent routable public IP addresses even though the 192.168.1.0 network is not actually a public routable network.)
A. An access list on the outside interface permits this traffic.
B. NAT control is not enabled.
C. The DMZ servers are using the same global pool of addresses that is being used by the inside
hosts.
D. HTTP inspection is not enabled.
Answer: B
Question 6.
In order to recover the Cisco ASA password, which operation mode should you enter?
A. configure
B. unprivileged
C. privileged
D. monitor
Answer: D
Question 7.
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. For the security appliance to inspect packets for signs of malicious application misuse, you
must enable advanced (application layer) protocol inspection.
B. if you want to enable inspection globally for a protocol that is not inspected by default or if you
want to globally disable inspection for a protocol, you can edit the default global policy.
C. The protocol inspection feature of the security appliance securely opens and closes negotiated
ports and IP addresses for legitimate client-server connections through the security appliance.
D. if inspection for a protocol is not enabled, traffic for that protocol may be blocked.
Answer: B, C, D
Question 8.
Observe the following commands, which one verifies that NAT is working normally and displays active NAT translations?
A. showip nat all
B. show running-configuration nat
C. showxlate
D. show nat translation
Answer: C
Question 9.
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall.
Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose threE.)
A. it dynamically opens and closes UDP ports for secure multimedia connections, so you do not need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. it supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A, C, D
Question 10.
What is the result if the WebVPN url-entry parameter is disabled?
A. The end user is unable to access pre-defined URLs.
B. The end user is unable to access any CIFS shares or URLs.
C. The end user is able to access CIFS shares but not URLs.
D. The end user is able to access pre-defined URLs.
Answer: D
|
Question 1.
Which two statements correctly describe configuring active/active failover? (Choose two.)
A. You must assign contexts to failover groups from the admin context.
B. Both units must be in multiple mode.
C. You must configure two failover groups: group 1 and group 2.
D. You must use a crossover cable to connect the failover links on the two failover peers.
Answer: B, C
Question 2.
Observe the following exhibit carefully. When TCP connections are tunneled over another TCP connection and latency exists between the two endpoints, each TCP session would trigger a retransmission, which can quickly spiral out of control when the latency issues persist. This issue is often called TCP-over-TCP meltdown.
According to the presented Cisco ASDM configuration, which Cisco ASA security appliance configuration will most likely solve this problem?
A. Compression
B. MTU size of 500
C. Keepalive Messages
D. Datagram TLS
Answer: D
Question 3.
The IT department of your company must perform a custom-built TCP application within the clientless SSL VPN portal configured on your Cisco ASA security appliance. The application should be run by users who have either guest or normal user mode privileges.
In order to allow this application to run, how to configure the clientless SSL VPN portal?
A. configure a smart tunnel for the application
B. configure a bookmark for the application
C. configure the plug-in that best fits the application
D. configure port forwarding for the application
Answer: A
Question 4.
According to the following exhibit. When a host on the inside network attempted an HTTP connection to a host at IP address 172.26.10.100, which address pool will be used by the Cisco ASA security appliance for the NAT?
A. 192.168.8.101 - 192.168.8.105
B. 192.168.8.20 - 192.168.8.100
C. 192.168.8.106 - 192.168.8.110
D. 192.168.8.20 - 192.168.8.110
Answer: B
Question 5.
Study the following exhibit carefully. You are asked to configure the Cisco ASA security appliance with a connection profile and group policy for full network access SSL VPNs. During a test of the configuration using the Cisco AnyConnect VPN Client, the connection times out. In the process of troubleshooting, you determine to make configuration changes.
According to the provided Cisco ASDM configuration, which configuration change will you begin with?
A. Require a client certificate on the interface.
B. Enable an SSL VPN client type on the interface.
C. Enable DTLS on the interface.
D. Enable a different access port that doesn't conflict with Cisco ASDM.
Answer: B
Question 6.
You are the network security administrator for the ITCERTKEYS company. You create an FTP inspection policy including the strict option, and it is applied to the outside interface of the corporate adaptive security appliance. How to handle FTP on the security appliance after this policy is applied? (Choose three.)
A. FTP inspection is applied to traffic entering the inside interface.
B. Strict FTP inspection is applied to traffic entering the outside interface.
C. FTP inspection is applied to traffic exiting the inside interface.
D. Strict FTP inspection is applied to traffic exiting the outside interface.
Answer: A, B, D
Question 7.
Which three statements correctly describe protocol inspection on the Cisco ASA adaptive security appliance? (Choose three.)
A. The protocol inspection feature of the security appliance securely opens and closes negotiated
ports and IP addresses for legitimate client-server connections through the security appliance.
B. For the security appliance to inspect packets for signs of malicious application misuse, you
must enable advanced (application layer) protocol inspection.
C. If inspection for a protocol is not enabled, traffic for that protocol may be blocked.
D. If you want to enable inspection globally for a protocol that is not inspected by default or if you
want to globally disable inspection for a protocol, you can edit the default global policy.
Answer: A, C, D
Question 8.
An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. After configuring port forwarding for a clientless SSL VPN connection, if port forwarding is to work, which end user privilege level is required at the endpoint?
A. system level
B. guest level
C. user level
D. administrator level
Answer: D
Question 9.
Which two methods can be used to decrease the amount of time it takes for an active Cisco ASA adaptive security appliance to fail over to its standby failover peer in an active/active failover configuration? (Choose two.)
A. decrease the interface failover poll time
B. decrease the unit failover poll time
C. use the special serial failover cable to connect the security appliances
D. use single mode
Answer: A, B
Question 10.
Multimedia applications transmit requests on TCP, get responses on UDP or TCP, use dynamic ports, and use the same port for source and destination, so they can pose challenges to a firewall. Which three items are true about how the Cisco ASA adaptive security appliance handles multimedia applications? (Choose three.)
A. It dynamically opens and closes UDP ports for secure multimedia connections, so you do not
need to open a large range of ports.
B. It supports SIP with NAT but not with PAT.
C. It supports multimedia with or without NAT.
D. It supports RTSP, H.323, Skinny, and CTIQBE.
Answer: A, C, D
|
Question 1. Which two are technologies that secure the control plane of the Cisco router? (Choose two.) A. Cisco IOS Flexible Packet Matching B. URPF C. routing protocol authentication D. CPPr E. BPDU protection F. role-based access control Answer: C, D Question 2. HOTSPOT This item contains three questions that you must answer. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 3. What are the two category types associated with 5.x signature use in Cisco IOS IPS? (Choose two.) A. basic B. advanced C. 128MB.sdf D. 256MB.sdf E. attack-drop F. built-in Answer: A, B Question 4. Refer to the exhibit. Which optional AAA or RADIUS configuration command is used to support 802.1X guest VLAN functionality? A. aaa authentication dot1x default group radius B. aaa authorization network default group radius C. aaa accounting dotlx default start-stop group radius D. aaa accounting system default start-stop group radius E. radius-server host 10.1.1.1 auth-port 1812 acct-port 1813 Answer: B Question 5. Which is an advantage of implementing the Cisco IOS Firewall feature? A. provides self-contained end-user authentication capabilities B. integrates multiprotocol routing with security policy enforcement C. acts primarily as a dedicated firewall device D. is easily deployed and managed by the Cisco Adaptive Security Device Manager E. provides data leakage protection capabilities Answer: B Question 6. Which three statements correctly describe the GET VPN policy management? (Choose three.) A. A central policy is defined at the ACS (AAA) server. B. A local policy is defined on each group member. C. A global policy is defined on the key server, and it is distributed to the group members. D. The key server and group member policy must match. E. The group member appends the global policy to its local policy. Answer: B, C, E Question 7. HOTSPOT This Item contains three questions that you must answer. You can view the question by clicking on the Questions button to the left. In order to answer the question, you need to examine the SDM screens by clicking on the SDM button to the left. View the question by clicking on the Questions button to the left. Then, choose the correct answer from among the options. Note: Not all the SDM screen functions are implemented in this simulation. If a certain method to access the desired SDM screen is not available, please try to use an alternate method to access the required SDM screen to answer the question. Hotspot question. Click on the correct location or locations in the exhibit. Answer: Question 8. DRAG DROP Drop Match the Cisco IOS IPS SEAP feature on the left to its description on the right. Not all the features on the left are used. Drag and drop question. Drag the items to the proper locations. Answer: Question 9. The CPU and Memory Threshold Notifications of the Network Foundation Protection feature protect which router plane? A. control plane B. management plane C. data plane D. network plane Answer: B Question 10. DRAG DROP Drop Match the Network Foundation Protection (NFP) feature on the left to where it is applied on the right. Drag and drop question. Drag the items to the proper locations. Answer:
|
Question 1.
Consider the following customer attributes and choose the correct IP telephony call processing model:
- a large campus that spans two PSAP areas
- a single group of buildings connected via fiber optics
- data VPNs that support multiple contractors and suppliers
- a fully developed three-tier network hierarchy
- connectivity to two different service providers for Internet access
A. single-site call processing
B. centralized call processing
C. hybrid call processing
D. distributed call processing
Answer: A
Question 2.
What information is relevant to choosing an IP telephony centralized call processing model?
A. multiple PRIs to the PSTN
B. a campus of six buildings connected via an ATM backbone
C. three small regional sales offices located in the three Western time zones
D. centralized order processing, shipping, and billing for all customer products
E. connectivity to a single service provider that hosts the company web site and provides for
Internet access
F. a single six-story building with an IDF on each floor and an MDF in the computer room on the
second floor
Answer: C
Question 3.
In a TDM PBXto Cisco Unified Communications Manager migration, which three things must be verified from the LAN perspective before IP telephony can be deployed? (Choose three.)
A. the type of wiring in the office
B. the number of PSTN connections needed
C. the number of public IP addresses available
D. the amount of rack space in the equipment rack
E. the amount of power that is available to support new LAN switches
Answer: A, D, E
Question 4.
DRAG DROP
The intranet will have three VLAN types to support voice and data traffic; one type for voice, one type for data, and one type for the Cisco Unified Communications Manager cluster. How should inter-VLAN connectivity by deployed? Drag and drop the type of connectivity to each type of connection. Types of connections may be used more than once.
Answer:
Question 5.
Ajax wants to ensure that their employees are safe and that they comply with the law.
What are four general E911 responsibilities of an enterprise telephony system? (Choose four.)
A. Enable PSAP call-back.
B. initiate the update of ALI records.
C. Provide a detailed map of all ERLs.
D. Allow conferencing with internal security personnel.
E. Route calls to the appropriate point (on-net or off-net).
F. Deliver appropriate calling party number digits to LEC
Answer: A, B, E, F
Question 6.
What are two conferencing guidelines for a single-site deployment? (Choose two.)
A. Use hardware conferencing only for small deployments
B. If available, configure DSPs for flex-mode when there are multiple codec types in use.
C. Group any conferencing resources into MRGLs based on their location, to manage Call
Admission Control.
D. Make certain that Meet-Me and Ad-Hoc conference resources each account for a minimum of
5% of the user base.
Answer: B, D
Question 7.
Ajax needs to provide technical support outside of normal operating hours. They would like to deploy a small test call center to develop the skills necessary to provide phone, chat, and e-mail support. Ajax wants to start with five agents.
Which two connection types would be applicable for use with the planned contact center? (Choose two.)
A. PRI
B. CAS DC. ESM
D. QSIG
E. POTS
Answer: A, B
Question 8.
Indicate whether T1s orE1s are available in your area. (Note: If both are available, choose the one with which you are most familiar.)
A. T1
B. E1
Answer: NO CORRECT ANSWER
Question 9.
You have decided to use the MGCP signaling protocol for the PSTN gateway at Ajax.
Which option is true regarding the use of a gatekeeper in their network?
A. One may be used for CAC.
B. One could be used for address resolution.
C. One may be deployed for both CAC and address resolution.
D. A gatekeeper is not applicable in this situation.
Answer: D
Question 10.
Ajax has contacted its LEC to obtain an additional range of DIDs. Their current DID range is 555-6000 through 555-6999. The LEC can provide them with an additional range of numbers, 556-6000 through 556-6999. The LEC is currently sending four digits inbound, so the two DID ranges overlap.
What two things can be done to resolve this solution? (Choose two.)
A. Ask the LEC to send five digits.
B. Change internal calls to five-digit dialing.
C. Move to a six-digit dial plan to provide more dialing granularity for all extension numbers.
D. Contact an alternative carrier to see if it can provide a DID range that does not overlap with the
current range.
Answer: A, B
|
Question 1.
Which of the following best describe the customer benefits of change management in the operate phase?
A. reduce unnecessary disruption, delays, rework, and other problems by establishing test cases
for use in verifying that the system meets operational, functional, and interface requirements
B. improve its ability to make sound financial decisions by developing a business case based on
its business requirements and establishing a basis for developing a technology strategy
C. reduce operating costs and limit change. related incidents by providing a consistent and
efficient set of processes
D. improve the return on investment and hasten migration by identifying and planning for
necessary infrastructure changes and resource additions, as well as reduce deployment costs
by analyzing gaps early in the planning process to determine what is needed to support the
system
Answer: C
Question 2.
Which of these is the best definition of the Cisco Lifecycle Services approach?
A. It defines the minimum set of services required to successfully deploy and operate a set of
Cisco technologies.
B. It determines how best to price Cisco products.
C. It provides partners with a useful way to leverage Cisco resources.
D. It consists of these phases: plan, deploy, support, and troubleshoot.
Answer: A
Question 3.
What two types of telephony interfaces are used for PSTN connectivity? (Choose two.)
A. Digital
B. Optical
C. Analog
D. CDMA
Answer: A, C
Question 4.
Which statement correctly describes the keys witch model of deployment for call processing?
A. All IP Phones are able to answer any incoming PSTN call on any line
B. PSTN calls are routed through a receptionist or automated attendant.
C. All IP Phones in the system have a single unique extension number.
Answer: A
Question 5.
Which definition best describes the implementation service component within the implement phase?
A. providing a step-by-step plan that details the installation and service. commission tasks
required in order to create a controlled. implementation environment that emulates a customer
network
B. assessing the ability of site facilities to accommodate proposed infrastructure changes
C. developing and executing proof-of-concept tests, validating high-level infrastructure design,
and identifying any design enhancements
D. Installing, configuring and integrating systems components based on an implementation plan
developed in earlier phases E. improving a customer's infrastructure security system
Answer: D
Question 6.
A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired.
Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage?
A. full mesh
B. partial mesh
C. point-to-multipoint
D. huB. anD.spoke
Answer: D
Question 7.
How can the proper configuration of Voice Mail be tested at an end user's IP phone?
A. Press the "i" button.
B. Press the "Settings" button.
C. Press the "Services" button.
D. Press the "Messages" button
Answer: D
Question 8.
In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed?
A. distribution layer
B. core layer
C. access layer
D. network management functional module
Answer: A
Question 9.
Which of these is an accurate list of Cisco Lifecycle Services phases?
A. initiation, planning, analysis, design, development, implementation, operations and
maintenance
B. project planning, site assessment, risk assessment, solution selection and acquisition, testing,
and operations
C. Prepare, plan design implement operate, and optimize
D. analysis, design, deployment, testing, implementation, and production I E. presales, project
planning, development, implementation, operations testing, and operations signoff
Answer: C
Question 10.
What port role assignment would you make for the Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System?
A. IP Phone and desktop
B. Cisco UC520
C. Cisco CE520
D. Cisco 871W
Answer: B
Question 11.
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.
Which method list and method is used to authenticate the remote access VPN users? (Choose two.)
A. sdm_vpn_xauth_ml_1
B. sdm_ypn_group_ml_1
C. SDM_CMAP_1
D. local database on the ISR
E. remote TACACS+ server
F. remote Radius Server
Answer: A, D
Question 12.
Refer to the exhibit. Switches A and C are running PVST+ STP, and Switch B is running 802.10 STP. If the BPDU of the root in VLAN 1 is better than the BPDU of the root in VLAN 2, then there is no blocking port in the VLAN topology. The BPDU of VLAN 2 never makes a "full circle" around the topology; it is replaced by the VLAN 1 BPDU on the B. C link, because B runs only one STP merged with VLAN 1 STP of PVST+. Thus, there is a forward in loop.
What does PVST+ do to Answer: this?
A. Switch A sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is flooded by Switch B)
towards Switch C. Switch C will put port C.B into a type. inconsistent state, which prevents the
loop.
B. Switch B sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is flooded by Switch A)
towards Switch C. Switch C will put port C.B into a type. inconsistent state, which prevents the
loop.
c. Switch C sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is flooded by Switch B)
towards Switch C. Switch A will put port C.B into a type. inconsistent state, which prevents the
loop.
D. Switch A sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is flooded by Switch B)
towards Switch B. Switch A will put port C.B into a type. inconsistent state, which prevents the
loop.
Question 13.
Which interface on the Cisco UC520 is assigned an IP address either statically or through DHCP?
A. WAN interface
B. LAN interface
C. Switch port
D. PSTN Interface
Answer: A
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.