|
I need some update questions from 642-501... please send me this email: zohaib_707@hotmail.com
|
Question 1.
When data is written to a SnapView source LUN, at what point are the data chunks saved to the Reserved LUN pool?
A. During synchronization
B. Every time data is changed on the source
C. Every time write cache is flushed
D. When source data is changed for the first time
Answer: D
Question 2.
What are the primary goals of an optimization engagement?
A. Avoid future problems, reduce complexity, enable high availability
B. Fix existing problems, avoid future problems, reduce costs
C. Fix existing problems, improve utilization, increase efficiency
D. Reduce costs, reduce complexity, increase efficiency
Answer: D
Question 3.
What does Inter-Switch Link trunking do?
A. Allows ports on the same blade to be used for ISL
B. Enables ISL between switches to reach up to 200 km distances
C. Prohibits a port from becoming an E_Port for fabric security
D. Aggregates the bandwidth of multiple ISLs
Answer: D
Question 4.
After a Data Mover failover, how is the failback operation performed?
A. Automatically
B. Data Mover failover is not supported
C. Manually
D. Recovery is not needed until another failure occurs
Answer: C
Question 5.
A customer implemented BCVs with mirrors for use with the most critical business volumes. The standard volumes were established with the BCVs at the start of the day, but later in the day the customer discovered data corruption.
Which action would enable a restore from uncorrupted BCV volumes?
A. Differential Split
B. Instant Split
C. Protected Restore
D. Reverse Split
Answer: D
Question 6.
You are giving a presentation to a customer about EMC virtualization products. They specifically ask about file storage virtualization.
Which EMC product enables file storage virtualization using industry-standard protocols and mechanisms in a heterogeneous environment?
A. Invista
B. Rainfinity
C. RecoverPoint
D. Vmware
Answer: B
Question 7.
An EMC ControlCenter customer is a United States Department of Defense contractor. The contractor needs to show that there is controlled user access to devices and to the modification of these devices. This will allow the contractor to provide proof of compliance and accountability.
Which security feature of EMC ControlCenter should you discuss with the contractor to satisfy this requirement?
A. Data collection policy (DCP)
B. EMC Secure Remote Support (ESRS) Gateway
C. Role-based access control (RBAC)
D. Secure Socket Layer (SSL)
Answer: C
Question 8.
Your customer is experiencing write performance problems on a RAID 5 LUN used for backup todisk on its CX3 array. The LUN has been placed on ATA drives. The customer has determined that it would like the LUN on Fibre Channel drives instead. The customer has requested you provide the best option to alleviate this performance problem, keeping downtime to a minimum.
What action would you recommend?
A. Create a new LUN on fibre drives and restore the data from tape to the new LUN.
B. Implement a newer array and use MirrorView to migrate the data.
C. Use Dynamic Virtual LUN functionality to move the LUN from ATA to fibre drives.
D. Use SnapView to make a clone of the LUN on fibre drives and assign the LUN to the
appropriate storage group.
Answer: C
Question 9.
A customer has a CX3-80 for Exchange and a critical OLTP database application. Over the last month, during monthly batch processing, users complain of slow response times.
Which solution will you recommend to solve this issue?
A. Access Logix
B. Performance Manager
C. Navisphere Quality of Service Manager
D. StorageScope
Answer: C
Question 10.
For reporting purposes, which source provides data for the ETL process to populate the StorageScope repository?
A. EMC ControlCenter Repository
B. Host Agents
C. Master Agents
D. Store
Answer: A
|
Question 1. Which type of VPN requires a full mesh of virtual circuits to provide optimal site-to-site connectivity? A. MPLS Layer 3 VPNs B. Layer 2 overlay VPNs C. GET VPNs D. peer-to-peer VPNs Answer: B Explanation: Question 2. Which three Layer 3 VPN technologies are based on the overlay model? (Choose three.) A. ATM virtual circuits B. Frame Relay virtual circuits C. GRE/IPsec D. L2TPv3 E. MPLS Layer 3 VPNs F. DMVPNs Answer: C, D, F Explanation: Question 3. Which VPN technology uses the Group Domain of Interpretation as the keying protocol and IPsec for encryption that is often deployed over a private MPLS core network? A. DMVPN B. GET VPN C. SSL VPN D. L2TPv3 Answer: B Explanation: Question 4. What is the primary difference between 6PE and 6VPE? A. 6VPE does not require an MPLS core. B. 6VPE requires an IPv6-aware core. C. 6VPE provides IPv6 VPN services. D. 6VPE tunnels IPv6 packets inside IPv4 packets. Answer: C Explanation: Question 5. Refer to the Cisco IOS XR router output exhibit, Which method is being used to transport IPv6 traffic over the service provider network? A. 6PE B. 6VPE C. native IPv6 D. native IPv4 E. dual stack Answer: B Explanation: Question 6. Which flavor of MPLS Layer 3 VPN has MPLS enabled on PE-CE links? A. basic B. CSC C. inter-AS D. AToM E. VPLS Answer: B Explanation: Question 7. Which MP-BGP address family must be configured to use VPLS autodiscovery in a Cisco IOS XR router? A. address-family l2vpn vpls-vpws B. address-family vpnv4 unicast C. address-family ipv4 mdt D. address-family ipv4 tunnel E. address-family vpls vfi Answer: A Explanation: Question 8. In MPLS Layer 3 VPN implementations, what is used on the PE router to isolate potential overlapping routing information between different customers? A. route targets B. VRFs C. VC IDs D. pseudowire IDs E. pseudowire classes Answer: B Explanation: Question 9. Within the service provider IP/MPLS core network, what must be implemented to enable Layer 3 MPLS VPN services? A. IS-IS or OSPF on all the PE and P routers B. MP-BGP between the PE routers C. RSVP on all the PE and P routers D. targeted LDP between the PE routers E. LDP between the CE and PE routers Answer: B Explanation: Question 10. In MPLS Layer 3 VPN implementations, which mechanism is used to control which routes are imported to a VRF? A. RT B. RD C. VC ID D. PW ID E. VRF ID Answer: A Explanation:
|
Question 1.
Which three conditions can occur when metering traffic using a dual token bucket traffic policing QoS mechanism on Cisco routers? (Choose three.)
A. conform
B. pass
C. violate
D. exceed
E. burst
F. matched
Answer: A, C, D
Explanation:
Question 2.
What is the correct formula for determining the CIR?
A. CIR = Bc/Tc
B. CIR = Bc x Tc
C. CIR = Tc/Bc
D. CIR = Bc + Be
E. CIR = Tc/(Bc+Be)
F. CIR = (Bc+Be)/Tc
Answer: A
Explanation:
Question 3.
DS-TE implementations on Cisco routers support which bandwidth pool(s) and class type(s)? (Choose two.)
A. global pool only
B. subpool only
C. global pool and subpool
D. class-type 0 only
E. class-type 1 only
F. class-type 0 and class-type 1
Answer: C, F
Explanation:
Question 4.
Which field in the MPLS shim header is used to support different QoS markings?
A. IP precedence
B. DSCP
C. EXP
D. ToS
E. S
F. Label
Answer: C
Explanation:
Question 5.
On a Cisco IOS XR router, which mechanism protects the router resources by filtering and policing the packets flows that are destined to the router that is based on defined flow-type rates?
A. LLQ
B. LPTS
C. Committed Access Rate
D. Control Plane Policing
E. Management Plane Protection
F. NetFlow
G. ACL
Answer: B
Explanation:
Question 6.
When configuring LLQ (strict priority queue) on a traffic class using the Cisco IOS XR priority command on a Cisco ASR9K router, which additional QoS command is required for this traffic class?
A. shape
B. police
C. random-detect
D. bandwidth
Answer: B
Explanation:
Question 7.
On the Cisco ASR9K router, when using the bandwidth command to specify the minimum guaranteed bandwidth to be allocated for a specific class of traffic, what will be used as the queuing algorithm?
A. custom queuing
B. CBWFQ
C. WFQ
D. FIFO
E. priority queuing
Answer: B
Explanation:
Question 8.
When implementing MPLS DS-TE on Cisco IOS XR routers, all aggregate Cisco MPLS TE traffic is mapped to which class type by default?
A. class-type 0 (bandwidth global pool)
B. class-type 1 (bandwidth subpool)
C. class-type 2 (bandwidth priority)
D. class type class-default (bandwidth best-effort)
Answer: A
Explanation:
Question 9.
On the Cisco IOS XR, which MQC configuration is different than on the Cisco IOS and IOS XE?
A. On the Cisco IOS XR, WRED can only be applied in the output direction.
B. On the Cisco IOS XR, marking can only be applied in the input direction.
C. On the Cisco IOS XR, LLQ can be applied in the input or output direction.
D. On the Cisco IOS XR, LLQ can use up to four priority queues: level 1, level 2, level 3, and level
4.
Answer: C
Explanation:
Question 10.
On Cisco routers, how is hierarchical QoS implemented?
A. Within the parent policy, reference another child policy using the policy-map command.
B. Within the child policy, reference another parent policy using the policy-map command.
C. Use the policy-map command within a service-policy to implement nested policy-maps.
D. Within the parent policy-map, reference another child policy-map using the
service-policy command.
Answer: D
Explanation:
Question 11.
Refer to the Cisco IOS XR policy-map configuration exhibit.
5
What is wrong with the policy-map configuration?
A. missing the priority percent command under class one and class two
B. missing the police command under class one and class two
C. missing the police command under class three
D. missing the priority bandwidth command under class one and class two
E. missing the bandwidth command under class one and class two
Answer: B
Explanation:
|
Question 1.
Referring to the topology diagram show in the exhibit, which three statements are correct regarding the BGP routing updates? (Choose three.)
A. The EBGP routing updates received by R1 from R5 will be propagated to the R2, R4, and R7 routers
B. The EBGP routing updates received by R3 from R6 will be propagated to the R2 and R4 routers
C. The EBGP routing updates received by R1 from R5 will be propagated to the R2 and R4 routers
D. The IBGP routing updates received by R3 from R2 will be propagated to the R6 router
E. The IBGP routing updates received by R2 from R1 will be propagated to the R3 router
F. The IBGP routing updates received by R1 from R4 will be propagated to the R5, R7, and R2
routers
Answer: A, B, D
Explanation:
Question 2.
When a BGP route reflector receives an IBGP update from a non-client IBGP peer, the route reflector will then forward the IBGP updates to which other router(s)?
A. To the other clients only
B. To the EBGP peers only
C. To the EBGP peers and other clients only
D. To the EBGP peers and other clients and non-clients
Answer: C
Explanation:
Question 3.
Which two BGP mechanisms are used to prevent routing loops when using a design with redundant route reflectors? (Choose two.)
A. Cluster-list
B. AS-Path
C. Originator ID
D. Community
E. Origin
Answer: A, C
Explanation:
Question 4.
Which two statements correctly describe the BGP ttl-security feature? (Choose two.)
A. This feature protects the BGP processes from CPU utilization-based attacks from EBGP neighbors which can be multiple hops away
B. This feature prevents IBGP sessions with non-directly connected IBGP neighbors
C. This feature will cause the EBGP updates from the router to be sent using a TTL of 1
D. This feature needs to be configured on each participating BGP router
E. This feature is used together with the ebgp-multihop command
Answer: A, D
Explanation:
Question 5.
When implementing source-based remote-triggered black hole filtering, which two configurations are required on the edge routers that are not the signaling router? (Choose two.)
A. A static route to a prefix that is not used in the network with a next hop set to the Null0 interface
B. A static route pointing to the IP address of the attacker
C. uRPF on all external facing interfaces at the edge routers
D. Redistribution into BGP of the static route that points to the IP address of the attacker
E. A route policy to set the redistributed static routes with the no-export BGP community
Answer: A, C
Explanation:
Question 6.
Refer to the topology diagram shown in the exhibit and the partial configurations shown below. Once the attack from 209.165.201.144/28 to 209.165.202.128/28 has been detected, which additional configurations are required on the P1 IOS-XR router to implement source-based remote-triggered black hole filtering?
!
router bgp 123
address-family ipv4 unicast
redistribute static route-policy test
!
A. router static
address-family ipv4 unicast
209.165.202.128/28 null0 tag 666
192.0.2.1/32 null0 tag 667
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
endif
if tag is 667 then
set community (no-export)
endif
end-policy
!
B. router static
address-family ipv4 unicast
209.165.201.144/28 null0 tag 666
192.0.2.1/32 null0 tag 667
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
endif
if tag is 667 then
set community (no-export)
endif
end-policy
!
C. router static
address-family ipv4 unicast
209.165.201.144/28 null0 tag 666
192.0.2.1/32 null0
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
set community (no-export)
endif
end-policy
D. router static
address-family ipv4 unicast
209.165.202.128/28 null0 tag 666
192.0.2.1/32 null0
!
route-policy test
if tag is 666 then
set next-hop 192.0.2.1
set community (no-export)
endif
end-policy
!
Answer: C
Explanation:
Question 7.
In Cisco IOS-XR, the maximum-prefix command, to control the number of prefixes that can be installed from a BGP neighbor, is configured under which configuration mode?
A. RP/0/RSP0/CPU0:P2(config-bgp)#
B. RP/0/RSP0/CPU0:P2(config-bgp-af)#
C. RP/0/RSP0/CPU0:P2(config-bgp-nbr)#
D. RP/0/RSP0/CPU0:P2(config-bgp-nbr-af)#
Answer: D
Explanation:
Question 8.
In Cisco IOS-XR, the ttl-security command is configured under which configuration mode?
A. RP/0/RSP0/CPU0:P2(config)#
B. RP/0/RSP0/CPU0:P2(config-bgp)#
C. RP/0/RSP0/CPU0:P2(config-bgp-nbr)#
D. RP/0/RSP0/CPU0:P2(config-bgp-af)#
E. RP/0/RSP0/CPU0:P2(config-bgp-nbr-af)#
Answer: C
Explanation:
Question 9.
Refer to the exhibit.
Given the partial BGP configuration, which configuration correctly completes the Cisco IOS-XR route reflector configuration where both the 1.1.1.1 and 2.2.2.2 routers are the clients and the 3.3.3.3 router is a non-client IBGP peer?
A. neighbor 1.1.1.1
remote-as 65123
route-reflector-client
neighbor 2.2.2.2
remote-as 65123
route-reflector-client
neighbor 3.3.3.3
remote-as 65123
B. neighbor 1.1.1.1
address-family ipv4 unicast
remote-as 65123
route-reflector-client
neighbor 2.2.2.2
address-family ipv4 unicast
remote-as 65123
route-reflector-client
neighbor 3.3.3.3
address-family ipv4 unicast
remote-as 65123
C. neighbor 1.1.1.1
remote-as 65123
address-family ipv4 unicast
route-reflector-client
neighbor 2.2.2.2
remote-as 65123
address-family ipv4 unicast
route-reflector-client
neighbor 3.3.3.3
remote-as 65123
D. neighbor 1.1.1.1 remote-as 65123
neighbor 1.1.1.1 route-reflector-client
neighbor 2.2.2.2 remote-as 65123
neighbor 2.2.2.2 route-reflector-client
neighbor 3.3.3.3 remote-as 65123
Answer: C
Explanation:
Question 10.
Which three methods can be used to reduce the full-mesh IBGP requirement in a service provider core network? (Choose three.)
A. implement route reflectors
B. enable multi-protocol BGP sessions between all the PE routers
C. implement confederations
D. implement MPLS (LDP) in the core network on all the PE and P routers
E. enable BGP synchronization
F. disable the IBGP split-horizon rule
Answer: A, C, D
Explanation:
|
Question 1. Refer to the OSPF command exhibit. Which effect does the no-summary command option have? A. It will cause area 1 to be able to receive non-summarized inter-area routes. B. It will cause area 1 to not receive any inter-area routes and will use a default route to reach networks in other areas. C. It will cause area 1 to not receive any external routes and will use a default route to reach the external networks. D. It will convert the NSSA area into a NSSA totally stubby area. E. It will convert the stubby area into a NSSA. F. It will disable OSPF auto-summary. Answer: B Explanation: Question 2. When troubleshooting OSPF neighbor errors, which three verification steps should be considered? (Choose three.) A. Verify if neighboring OSPF interfaces are configured in the same area. B. Verify if neighboring OSPF interfaces are configured with the same OSPF process ID. C. Verify if neighboring OSPF interfaces are configured with the same OSPF priority. D. Verify if neighboring OSPF interfaces are configured with the same hello and dead intervals. E. Verify if neighboring OSPF interfaces are configured with the same area type. Answer: A, D, E Explanation: Question 3. On Cisco IOS XR Software, which set of commands is used to enable the gi0/0/0/1 interface for OSPF in area 0? A. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ! router ospf 1 network 10.1.1.1 0.0.0.0 area 0 B. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ! router ospf 1 network 10.1.1.1 255.255.255.255 area 0 C. router ospf 1 area 0 interface GigabitEthernet0/0/0/1 D. interface gi0/0/0/0 ip address 10.1.1.1 255.255.255.0 ip ospf 1 area 0 E. router ospf 1 address-family ipv4 unicast interface GigabitEthernet0/0/0/1 area 0 F. router ospf 1 address-family ipv4 unicast interface GigabitEthernet0/0/0/1 area 0 Answer: C Explanation: Question 4. Which three statements are true regarding the OSPF router ID? (Choose three.) A. The OSPF routing process chooses a router ID for itself when it starts up. B. The router-id command is the preferred procedure to set the router ID. C. If a loopback interface is configured, its address will always be preferred as the router ID over any other methods. D. After the router ID is set, it does not change, even if the interface that the router is using for the router ID goes down. The router ID changes only if the router reloads or if the OSPF routing process restarts. E. In OSPF version 3, the OSPF router ID uses a 128-bit number. Answer: A, B, D Explanation: Question 5. Which two OSPF network scenarios require OSPF virtual link configuration? (Choose two.) A. to connect an OSPF non-backbone area to area 0 through another non-backbone area B. to connect an NSSA area to an external routing domain C. to connect two parts of a partitioned backbone area through a non-backbone area D. to enable route leaking from Level 2 into Level 1 E. to enable route leaking from Level 1 into Level 2 F. to enable OSPF traffic engineering Answer: A, C Explanation: Question 6. What is function of the RP/0/RSP0/CPU0:PE1(config-ospf)#distance Cisco IOS-XR command? A. To modify the administrative distance of the OSPF routes B. To modify the default seed metric of the OSPF external routes C. To modify the OSPF default reference bandwidth D. To modify the OSPF cost Answer: A Explanation: Question 7. Which four statements are correct regarding IS-IS operations? (Choose four.) A. By default, Level 1 routers within an IS-IS area do not carry any routing information external to the area to which they belong. They use a default route to exit the area. B. Summarization should be configured on the Level 2 routers, which injects the Level 2 routes into Level 1. C. IS-IS supports "route leaking" in which selected Level 2 routes can be advertised by a Level 1/Level 2 router into Level 1. D. The IS-IS backbone is a contiguous collection of Level 1 capable routers, each of which can be in a different area. E. With IS-IS, an individual router is in only one area, and the border between areas is on the link that connects two routers that are in different areas. F. Cisco IOS XR Software supports multitopology for IPv6 IS-IS unless single topology is Explicitly configured in IPv6 address-family configuration mode. Answer: A, C, E, F Explanation: Question 8. When configuring IPv4 and IPv6 IS-IS routing on Cisco IOS XR routers, which three statements are correct? (Choose three.) A. By default, a single SPF is used for both IPv4 and IPv6, so the IPv4 and IPv6 topology should be the same. B. By default, the IS-IS router type is Level 1 and Level 2. C. All IS-IS routers within the same IS-IS area must be configured with the same IS-IS routing process instance ID. D. By default, metric-style narrow is used. E. By default, the IS-IS interface circuit type is Level 1 and Level 2. F. The area IS-IS address-family configuration command is used to specify the IS-IS area address. Answer: B, D, E Explanation: Question 9. Refer to the PE1 router routing table output exhibit. What is causing the i su 10.1.10.0/24 [115/30] via 0.0.0.0, 00:40:34, Null0 entry on the PE1 router routing table? A. The PE1 router is receiving the 10.1.10.0/24 summary route from the upstream L1/L2 IS-IS router. B. The PE1 router has been configured to summarize the 10.1.10.x/32 IS-IS routes to 10.1.10.0/24. C. The 10.1.10.0/24 has been suppressed because IS-IS auto-summary has been disabled on the PE1 router. D. The 10.1.10.0/24 has been suppressed because of a route policy configuration on the PE1 router. E. The 10.1.10.0/24 has been suppressed because the more specific 10.1.10.x/32 IS-IS routes have been configured to leak into the IS-IS non-backbone area. Answer: B Explanation: Question 10. In comparing IS-IS with OSPF, a Level-1-2 IS-IS router is similar to which kind of OSPF router? A. ASBR on a normal OSPF area B. ASBR on NSSA C. ABR on totally stubby OSPF area D. ABR on stubby OSPF area E. ABR on a normal OSPF area Answer: C Explanation:
|
Question 1.
The following commands are issued on a Cisco Router:
Router(configuration)#access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1
Router(configuration)#access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1
Router(configuration)#exit
Router#debug ip packet 199
What will the debug output on the console show?
A. All IP packets passing through the router
B. Only IP packets with the source address of 10.1.1.1
C. All IP packets from 10.1.1.1 to 172.16.1.1
D. All IP Packets between 10.1.1.1 and 172.16.1.1
Answer: D
Explanation:
In this example, the “debug ip packet” command is tied to access list 199, specifying which IP packets should be debugged. Access list 199 contains two lines, one going from the host with IP address 10.1.1.1 to 172.16.1.1 and the other specifying all TCP packets from host 172.16.1.1 to 10.1.1.1.
Question 2.
What level of logging is enabled on a Router where the following logs are seen?
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
A. alerts
B. critical
C. errors
D. notifications
Answer: D
Explanation:
Cisco routers, switches, PIX and ASA firewalls prioritize log messages into 8 levels (0-7), as shown below:
LevelLevel NameDescription
0 Emergencies System is unusable
1 Alerts Immediate action needed
2 Critical Critical conditions
3 Errors Error conditions
4 Warnings Warning conditions
5 Notifications Informational messages
6 Informational Normal but significant conditions
7 Debugging Debugging messages
When you enable logging for a specific level, all logs of that severity and greater (numerically less) will be logged. In this case we can see that logging level of 3 (as seen by the 3 in “LINK-3-UPDOWN”) and level 5 (as seen by the 5 in “LINEPROTO-5-UPDOWN”) are shown, which means that logging level 5 must have been configured. As shown by the table, logging level 5 is Notifications.
Question 3.
You have the followings commands on your Cisco Router:
ip ftp username admin
ip ftp password backup
You have been asked to switch from FTP to HTTP.
Which two commands will you use to replace the existing commands?
A. ip http username admin
B. ip http client username admin
C. ip http password backup
D. ip http client password backup
E. ip http server username admin
F. ip http server password backup
Answer: B, D
Explanation:
Configuring the HTTP Client
Perform this task to enable the HTTP client and configure optional client characteristics.
The standard HTTP 1.1 client and the secure HTTP client are always enabled. No commands exist to disable the HTTP client. For information about configuring optional characteristics for the HTTPS client, see the HTTPS-HTTP Server and Client with SSL 3.0, Release 12.2(15)T, feature module.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ip http client cache {ager interval minutes | memory {file file-size-limit | pool pool-size-limit}
4.
ip http client connection {forceclose | idle timeout seconds | retry count | timeout seconds}
5.
ip http client password password
6.
ip http client proxy-server proxy-name proxy-port port-number
7.
ip http client response timeout seconds
8.
ip http client source-interface type number
9.
ip http client username username
Reference: HTTP 1.1 Web Server and Client
. http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_http_web.html
Question 4.
You have 2 NTP servers in your network - 10.1.1.1 and 10.1.1.2. You want to configure a Cisco router to use 10.1.1.2 as its NTP server before falling back to 10.1.1.1.
Which commands will you use to configure the router?
A. ntp server 10.1.1.1
ntp server 10.1.1.2
B. ntp server 10.1.1.1
ntp server 10.1.1.2 primary
C. ntp server 10.1.1.1
ntp server 10.1.1.2 prefer
A router can be configured to prefer an NTP source over another. A preferred server's responses are discarded only if they vary dramatically from the other time sources. Otherwise, the preferred server is used for synchronization without consideration of the other time sources. Preferred servers are usually specified when they are known to be extremely accurate. To specify a preferred server, use the prefer keyword appended to the ntp server command. The following example tells the router to prefer TimeServerOne over TimeServerTwo:
Router#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server TimeServerOne prefer
Router(config)#ntp server TimeServerTwo
Router(config)#^Z
Question 5.
The following command is issued on a Cisco Router:
Router(configuration)#logging console warnings
Which alerts will be seen on the console?
A. Warnings only
B. debugging, informational, notifications, warnings
C. warnings, errors, critical, alerts, emergencies
D. notifications, warnings, errors
E. warnings, errors, critical, alerts
Answer: C
Explanation:
Cisco routers prioritize log messages into 8 levels (0-7), as shown below:
LevelLevel NameDescription
0 Emergencies System is unusable
1 Alerts Immediate action needed
2 Critical Critical conditions
3 Errors Error conditions
4 Warnings Warning conditions
5 Notifications Informational messages
6 Informational Normal but significant conditions
7 Debugging Debugging messages
When you enable logging for a specific level, all logs of that severity and greater (numerically less) will be logged. In this case, when you enable console logging of warning messages (level 4), it will log levels 0-4, making the correct answer warnings, errors, critical, alerts, and emergencies.
Question 6.
Which two of the following options are categories of Network Maintenance tasks?
A. Firefighting
B. Interrupt-driven
C. Policy-based
D. Structured
E. Foundational
Answer: B, D
Explanation:
Proactive Versus Reactive Network Maintenance:
Network maintenance tasks can be categorized as one of the following:
Structured tasks: Performed as a predefined plan.
Interrupt-driven tasks: Involve resolving issues as they are reported.
Reference: CCNP TSHOOT Official Certification Guide, Kevin Wallace, Chapter 1, p.7
Question 7.
You enabled CDP on two Cisco Routers which are connected to each other. The Line and Protocol status for the interfaces on both routers show as UP but the routers do not see each other a CDP neighbors.
Which layer of the OSI model does the problem most likely exist?
A. Physical
B. Session
C. Application
D. Data-Link
E. Network
Answer: D
Explanation:
CDP is a protocol that runs over Layer 2 (the data link layer) on all Cisco routers, bridges, access servers, and switches. CDP allows network management applications to discover Cisco devices that are neighbors of already known devices, in particular, neighbors running lower-layer, transparent protocols. With CDP, network management applications can learn the device type and the SNMP agent address of neighboring devices. This feature enables applications to send SNMP queries to neighboring devices. In this case, the line protocol is up which means that the physical layer is operational (layer 1) but the data link layer is not.
Reference: “Configuring CDP”
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/cdp.html
Question 8.
FCAPS is a network maintenance model defined by ISO. It stands for which of the following ?
A. Fault Management
B. Action Management
C. Configuration Management
D. Protocol Management
E. Security Management
Answer: A, C, E
Explanation:
The FCAPS maintenance model consists of the following:
FCAPS Maintenance Tasks:
Question 9.
Which three management categories are contained in the FCAPS network maintenance model? (Choose three.)
A. Config
B. Fault
C. Storage
D. Accounting
E. Redundancy
F. Telecommunications
Answer: A, B, D
Explanation:
Question 10.
What is the result of configuring the logging console warning command?
A. Messages with a severity level of 4 and higher will be logged to all available TTY lines.
B. Only warning messages will be logged on the console.
C. Warning, error, critical, and informational messages will be logged on the console.
D. Warning, critical, alert, and emergency messages will be logged on the console.
E. The logging console warning command needs to be followed in the configuration with logging buffered byte size to specify the message buffer size for the console.
Answer: D
Explanation:
|
Question 1. Which statement is true about RSTP topology changes? A. Any change in the state of the port generates a TC BPDU. B. Only nonedge ports moving to the forwarding state generate a TC BPDU. C. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated. D. Only edge ports moving to the blocking state generate a TC BPDU. E. Any loss of connectivity generates a TC BPDU. Answer: B Explanation: The IEEE 802.1D Spanning Tree Protocol was designed to keep a switched or bridged network loop free, with adjustments made to the network topology dynamically. A topology change typically takes 30 seconds, where a port moves from the Blocking state to the Forwarding state after two intervals of the Forward Delay timer. As technology has improved, 30 seconds has become an unbearable length of time to wait for a production network to failover or "heal" itself during a problem. Topology Changes and RSTP Recall that when an 802.1D switch detects a port state change (either up or down), it signals the Root Bridge by sending topology change notification (TCN) BPDUs. The Root Bridge must then signal a topology change by sending out a TCN message that is relayed to all switches in the STP domain. RSTP detects a topology change only when a nonedge port transitions to the Forwarding state. This might seem odd because a link failure is not used as a trigger. RSTP uses all of its rapid convergence mechanisms to prevent bridging loops from forming. Therefore, topology changes are detected only so that bridging tables can be updated and corrected as hosts appear first on a failed port and then on a different functioning port. When a topology change is detected, a switch must propagate news of the change to other switches in the network so they can correct their bridging tables, too. This process is similar to the convergence and synchronization mechanism-topology change (TC) messages propagate through the network in an everexpanding wave. Question 2. Refer to the exhibit. Which four statements about this GLBP topology are true? (Choose four.) A. Router A is responsible for answering ARP requests sent to the virtual IP address. B. If router A becomes unavailable, router B forwards packets sent to the virtual MAC address of router A. C. If another router is added to this GLBP group, there would be two backup AVGs. D. Router B is in GLBP listen state. E. Router A alternately responds to ARP requests with different virtual MAC addresses. F. Router B transitions from blocking state to forwarding state when it becomes the AVG. Answer: A, B, D, E Explanation: With GLBP the following is true: With GLB, there is 1 AVG and 1 standby VG. In this case Company1 is the AVG and Company2 is the standby. Company2 would act as a VRF and would already be forwarding and routing packets. Any additional routers would be in a listen state. As the role of the Active VG and load balancing, Company1 responds to ARP requests with different virtual MAC addresses. In this scenario, Company2 is the Standby VF for the VMAC 0008.b400.0101 and would become the Active VF if Company1 were down. As the role of the Active VG, the primary responsibility is to answer ARP requests to the virtual IP address. As an AVF router Company2 is already forwarding/routing packets Question 3. Refer to the exhibit. Which VRRP statement about the roles of the master virtual router and the backup virtual router is true? A. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, router B maintains the role of master virtual router. B. Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, it regains the master virtual router role. C. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, router A maintains the role of master virtual router. D. Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, it regains the master virtual router role. Answer: B Explanation: Question 4. Which description correctly describes a MAC address flooding attack? A. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the destination address found in the Layer 2 frames sent by the valid network device. B. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the source address found in the Layer 2 frames sent by the valid network device. C. The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device. D. The attacking device spoofs a source MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device. E. Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports. F. Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports. Answer: F Explanation: Question 5. Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack? A. All switch ports in the Building Access block should be configured as DHCP trusted ports. B. All switch ports in the Building Access block should be configured as DHCP untrusted ports. C. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports. D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports. E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports. F. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports. Answer: D Explanation: One of the ways that an attacker can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCP requests. The legitimate server may reply also, but if the spoofing device is on the same segment as the client, its reply to the client may arrive first. The intruder’s DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or Domain Name System (DNS) server. In the case of a gateway, the clients will then forward packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a “man-in-the-middle” attack, and it may go entirely undetected as the intruder intercepts the data flow through the network. Untrusted ports are those that are not explicitly configured as trusted. A DHCP binding table is built for untrusted ports. Each entry contains the client MAC address, IP address, lease time, binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses, such as DHCPOFFER, DHCPACK, DHCPNAK. Question 6. Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. However, the servers do need to communicate with a database server located in the inside network. Which configuration isolates the servers from each other? A. The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. B. The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN promiscuous ports. D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN community ports. Answer: A Explanation: Service providers often have devices from multiple clients, in addition to their own servers, on a single Demilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to provide traffic isolation between devices, even though they may exist on the same Layer 3 segment and VLAN. Catalyst 6500/4500 switches implement PVLANs to keep some switch ports shared and some switch ports isolated, although all ports exist on the same VLAN. The 2950 and 3550 support “protected ports,” which are functionality similar to PVLANs on a perswitch basis. A port in a PVLAN can be one of three types: Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN, except for the promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports. Traffic received from an isolated port is forwarded to only promiscuous ports. Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the community and isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, given that all devices in the PVLAN will need to communicate with that port. Community: Community ports communicate among themselves and with their promiscuous ports. These interfaces are isolated at Layer 2 from all other interfaces in other communities, or in isolated ports within their PVLAN. Question 7. What does the command udld reset accomplish? A. allows a UDLD port to automatically reset when it has been shut down B. resets all UDLD enabled ports that have been shut down C. removes all UDLD configurations from interfaces that were globally enabled D. removes all UDLD configurations from interfaces that were enabled per-port Answer: B Explanation: Question 8. Refer to the exhibit. Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ? A. The spoof packets are inspected at the ingress port of switch SW_A and are permitted. B. The spoof packets are inspected at the ingress port of switch SW_A and are dropped. C. The spoof packets are not inspected at the ingress port of switch SW_A and are permitted. D. The spoof packets are not inspected at the ingress port of switch SW_A and are dropped. Answer: C Explanation: When configuring DAI, follow these guidelines and restrictions: • DAI is an ingress security feature; it does not perform any egress checking. • DAI is not effective for hosts connected to routers that do not support DAI or that do not have this feature enabled. Because man-in-the-middle attacks are limited to a single Layer 2 broadcast domain, separate the domain with DAI checks from the one with no checking. This action secures the ARP caches of hosts in the domain enabled for DAI. • DAI depends on the entries in the DHCP snooping binding database to verify IP-to-MAC address bindings in incoming ARP requests and ARP responses. Make sure to enable DHCP snooping to permit ARP packets that have dynamically assigned IP addresses. • When DHCP snooping is disabled or in non-DHCP environments, use ARP ACLs to permit or to deny packets. • DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. In our example, since Company2 does not have DAI enabled (bullet point 2 above) packets will not be inspected and they will be permitted. Reference: http://www.cisco.com/en/US/docs/routers/7600/ios/12.2SXF/configuration/guide/dynarp.html Question 9. Which statement is true about Layer 2 security threats? A. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points. B. DHCP snooping sends unauthorized replies to DHCP queries. C. ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection. D. Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks. E. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host. F. Port scanners are the most effective defense against Dynamic ARP Inspection. Answer: E Explanation: First of all, MAC spoofing is not an effective counter-measure against any reconnaissance attack; it IS an attack! Furthermore, reconnaissance attacks don't use dynamic ARP inspection (DAI); DAI is a switch feature used to prevent attacks. Question 10. What does the global configuration command ip arp inspection vlan 10-12,15 accomplish? A. validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15 B. intercepts all ARP requests and responses on trusted ports C. intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings D. discards ARP packets with invalid IP-to-MAC address bindings on trusted ports Answer: C Explanation: The “ip arp inspection” command enables Dynamic ARP Inspection (DAI) for the specified VLANs. DAI is a security feature that validates Address Resolution Protocol (ARP) packets in a network. DAI allows a network administrator to intercept, log, and discard ARP packets with invalid MAC address to IP address bindings. This capability protects the network from certain "man-in-themiddle" attacks. Reference: http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/20ew/configuration/guide/dynarp.html
|
Question 1. Within a QoS policy-map configuration, one of the traffic classes is configured with the randomdetect dscp-based configuration command. What will that command accomplish? A. provides congestion management by queueing the traffic using CBWFQ B. provides congestion management by queueing the traffic using LLQ C. decreases the probability of congestion by selectively dropping TCP packets before the queue is full D. provides congestion avoidance by selectively delaying the delivery of packets with lower DSCP priority E. decreases congestion by avoiding global UDP synchronization Answer: C Explanation: Question 2. What are three benefits of IntServ and RSVP? (Choose three.) A. RSVP helps network devices identify dynamic port numbers. B. IntServ networks will reject or downgrade new RSVP sessions if all reservable bandwidth is booked somewhere in a path. C. RSVP signaling is a scalable way to ensure all devices maintain an accurate picture of the network state. D. They enable the network to guarantee necessary QoS to individual data flows. E. The IntServ class-based approach is easy to design and implement. Answer: A, B, D Explanation: Question 3. Which statement about the rates and statistics (such as match, transmit, drop, and police) shown in the show policy-map interface output is true? A. The rates are computed as a moving average of instantaneous rates. B. The rates are displayed in real time, which matches the actual traffic rate. C. The matched statistics of the packet can be cleared only when the router reboots. D. The matched statistics of the packet are displayed in real time. E. The traffic policing statistics are displayed in real time. Answer: A Explanation: Question 4. Which four factors can be used for packet classification in a QoS-aware network device? (Choose four.) A. source address B. destination address C. DSCP D. TTL E. MQC F. IP precedence Answer: A, B, C, F Explanation: Question 5. What are the three primary types of faults associated with QoS fault management? (Choose three.) A. classification faults B. buffer faults C. queue faults D. marking faults E. assurance faults F. physical faults Answer: A, D, E Explanation: Question 6. Which are the two locations where the SP network device always trusts the QoS markings from its upstream neighbor? (Choose two.) A. at the ingress PE B. at the egress PE C. in the SP core D. at the ingress CE E. at the egress CE Answer: B, C Explanation: Question 7. Which of these correctly describes traffic classification using qos-group? A. qos-group marking is automatically mapped to MPLS EXP marking. B. qos-group is only applicable to an MPLS-enabled router. C. qos-group marking value ranges from 0 to 7. D. qos-group is local to the router. Answer: D Explanation: Question 8. Which two IP SLA Probe types can be used to measure voice quality? (Choose two.) A. HTTP B. ICMP Path Jitter C. UDP Echo D. UDP Jitter E. UDP Delay F. UDP MOS Answer: B, D Explanation: Question 9. Refer to the exhibit. Traffic in CLASS-B is not getting a minimum bandwidth of 192 kb/s in this policy map. What can be done to correct this? A. No changes are needed, the site is already correct. B. The shape peak command should be used instead of the shape average command. C. Set the shape rate to a CIR higher than 192 kb/s. D. Decrease the maximum queue size. Answer: C Explanation: Question 10. Which of these describes Short Pipe mode in QoS for MPLS VPN service providers? A. Service provider can remark customer DSCP values. B. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE-to-CE policies are based on service provider markings. C. The customer and service provider share the same DiffServ domain. D. Service provider does not remark customer DSCP values. (Service provider uses independent MPLS EXP markings.) Final PE-to-CE policies are based on customer markings. Answer: D Explanation:
|
Question 1. Which two-stage configuration process is correct in Cisco IOS XR Software? A. Enter configuration mode, then make configuration changes. B. Make configuration changes, then enter "commit" to make configuration changes persist. C. Make configuration changes, then enter "copy run start" to make configuration changes persist. D. Enter admin mode, then make configuration changes. Answer: B Explanation: Question 2. Which command displays the target configuration in Cisco IOS XR Software? A. show config B. show running-config C. show config running D. show config merge Answer: A Explanation: Question 3. What will happen if a new version of Cisco IOS XR Software is installed and activated, and then the router reloads? A. When the router comes back, the new version is loaded and the old and new versions are on disk0. B. When the router comes back, the new version is loaded and only the new version is on disk0. C. When the router comes back, the old version is loaded and the old and new versions are on disk0. D. When the router comes back, the old version is loaded and only the old version is on disk0. Answer: C Explanation: Question 4. When is it appropriate to use the commit replace command? A. When you want to replace the existing configuration for an ipv4 address on an interface. B. When you want to replace all configurations under router ospf. C. When you want to replace the entire running configuration with the target configuration. D. The commit replace command does the same as the commit command. Answer: C Explanation: Question 5. Refer to the exhibit. If all else are good, where could the problem be if a user in the 192.168.0.0/16 subnet reports that they are not able to connect to the router using Telnet? A. MPP should be configured as out-of-band. B. Interface GigabitEthernet0/2/0/1 should allow 192.168.0.0/16 address space when using Telnet. C. Telnet traffic is going through other interfaces that are not configured in MPP. D. Interface GigabitEthernet0/2/0/0 should allow 192.168.0.0/16 address space. E. SNMP peer is not configured to "allow" on interface GigabitEthernet0/2/0/1 which prohibits Telnet Answer: C Explanation: Question 6. At which SONET layer would you expect to see B3 errors? A. physical B. segment C. line D. path Answer: D Explanation: Question 7. What is a common cause of increasing NEWPTR errors on a POS interface? A. dirty fiber B. incorrect timing C. Tx and Rx swapped D. wrong fiber type Answer: B Explanation: Question 8. What is the range of DLCIs that are available for subscribers to configure on a Cisco IOS Frame Relay subinterface? A. 0-1024 B. 1-2048 C. 0-991 D. 16-1007 Answer: D Explanation: Question 9. What is the acronym commonly used to identify a prearranged agreement between a service team and an external service provider? A. SLA B. OLA C. UC D. SLM E. CICS Answer: C Explanation: Question 10. According to the ITIL® v3 framework, a change that has an "approved" status has met which criteria? A. The lab testing and operational assessments have been completed, and the change has been approved and committed to the change scheduler. B. The operational testing and technical assessments have been completed, and the change has been approved and committed to the change scheduler. C. The business and technical assessments have been completed, and the change has been approved and committed to the change scheduler. D. The lab testing and technical assessments have been completed, and the change has been approved but is not yet committed to the change scheduler. Answer: C Explanation:
Copyright © 2004 CertsBraindumps.com Inc. All rights reserved.