Month: September 2016

Cisco 642-384 Exam Questions Answers, 100% Pass Guarantee Cisco 642-384 Certification Download Guaranteed SuccessCisco 642-384 Exam Questions Answers, 100% Pass Guarantee Cisco 642-384 Certification Download Guaranteed Success

Welcome to download the newest Pass4itsure 70-470 dumps

FLYDUMPS Cisco 642-384 is to start from the basics, then gradually deepening the focus on the content of the curriculum, which generally takes a lot of study time. You are probably also hesitant; after all, to participate in the Cisco 642-384 exam, it takes a lot of time and money. However, once choose FLYDUMPS Cisco 642-384 exam sample questions, you can save both time and money in your Cisco 642-384 exam. FLYDUMPS provide a convenient way to learn. FLYDUMPS Cisco 642-384 exam sample questions can help you quickly through Cisco 642-384 exam. By way of simulation questions, FLYDUMPS Cisco 642-384 exam sample questions help you understand all test points, and includes multiple-choice questions and experimental operation part of the Cisco 642-384 exam.

QUESTION 132
Which command assigns a cost value of “17” to a switch port?
A. spanning-tree interfacefastethernet 5/8 17
B. spanning-treeportcost 17
C. spanning-treeportcost 17
D. spanning-treevlan 1 cost 17

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 133
You have configured and applied a Cisco IOS Firewall access rule to the inbound, untrusted interface. You suspect that the rule may be blocking necessary traffic onto the network. What must you do to delete that rule when using Cisco Router and Security Device Manager?
A. Select ACL Editor > Access Rules to delete the rule.
B. You must remove the association between the rule and the interface before deleting the rule
C. You must delete the associated access list on the interface, then reconfigure the access list as required, and then reapply the access group to the proper interface.
D. Go to the Edit Firewall Policy tab to delete the rule.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 134
A customer in Europe needs to establish an 11-Mbps wireless bridge link between two office buildings that are approximately 1.3 km apart. The wireless link will pass through a public park, which contains a lake that is surrounded by trees. You run the range calculation and determine that the Cisco Aironet 1300 Series Outdoor Access Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to establish or maintain a link.
What is needed to successfully complete this link?
A. An amplifier needs to be installed at one of the sites.
B. The antenna must be raised high enough to clear the trees
C. Lower loss cabling needs to be used to bring the EIRP into legal limits.
D. Due to the trees, a 21-dBi dish needs to be used for its narrower beam width.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 135
You connect via Telnet to a Cisco access point and enter the command show dot11 link test. Which output might you obtain?
A. signal-to-noise ratio
B. incoming and outgoing signal strength
C. TX packets dropped
D. RX packets per second

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager configurations of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the sitE.to-site VPN between Router A and Router B.
What is the mostly likely cause of this fault?

A. Router A is using a standard IP ACL (100-149) while Router B is using a Turbo ACL (150-199).
B. The IKE encryption methods on the two routers are different
C. the IPSec policy map names on the two routers are different.
D. the IPSec rules on the two routers are not permitting the Answer: interesting traffic.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 137
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

How many active VPN clients are currently connected to the 1841 ISR router?
A. 0
B. 1
C. 2
D. 3
E. 4
F. 5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

Which IP address or address range will be used when allocating an internal IP address to the VPN clients
for the “test” VPN group?________________________________________________________________________
A. 10.1.1.100 to 10.1.1.200 I
B. 10.1-1.2 to 10.1.1.254
C. 192.168.1.1 to 192.168.1.100
D. 192.168.1.2 to 192.168.1.254
E. 192.168.1.1
F. 192.168.1.2

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 139
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

Which authentication method is used by the test” VPN group?
A. RSA Encrypted Nounce
B. RSA Digital Signature
C. PrE.Shared Key
D. Digital Certificate
E. DH2

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 140
You are the network consultant. You have a customer with a small network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. The keypoint for your customer is to save money. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired..Considering the above requirements. Which solution would be the easiest for this customer to set up and manage?
A. point-to-point
B. partial mesh
C. point-to-multipoint
D. hub-and-spoke

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 141
In an infrastructure based on a wireless advanced feature set using lightweight access points, by which method is a rogue contained?
A. The WCS sends excessive traffic to the rogue thus overloading the access point.
B. The rogue MAC address is used to spoof broadcastdeassociation packets.
C. The rogue MAC address is used to spoof broadcastdeauthentication packets.
D. The WCS sends out excessive signals on the same channel when the rogue is detected.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 142
With industry-leading services and performance, the Cisco Catalyst 6500 Series Switch is Cisco’s flagship switching solution. It delivers the most comprehensive feature sets for core, distribution, wiring closet, data center, enterprise WAN routing, and Metro-Ethernet deployments. Which layer you think is recommended that the Cisco Catalyst 6500 Series WLSM be placed?
A. core
B. distribution
C. access
D. presentation

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 143
The Cisco Lifecycle Services approach defines the activities needed to help you successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of your network. Which statement is an accurate list of Cisco Lifecycle Services phases?
A. initiation, prepare, plan, design, implement, operate, and optimize
B. site assessment, risk assessment, solution selection and acquisition, testing, and operations
C. prepare, plan, design, implement, operate, and optimize
D. deployment, testing, implementation, and production

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 144
Which IP address or address range will be used when allocating an internal ip address to the VPN client for the test

A. 120.1.1.100 to 10.1.1.200
B. 10.1.1.2 to 10.1.1.254
C. 192.1681.1 to 192.1681.1.100
D. 192.1681.2 to 192.1681.1.254

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 145
Which authentication method is used by the test VPN group?

A. RSA EncryptedNounce
B. RSA Digital Signature
C. Pre-shared key
D. DH2

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 146
A network administrator is troubleshooting an EIGRP connection between RA and RB. Given the debug output on RA, which two statements are true?(Choose two)
A. RA received a hello packet with mismatched hello timers.
B. RA received a hello packet with mismatched metric-calculation mechanisms.
C. RA will form an adjacency with RB.
D. RAwill not form an adjacency with RB.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 147
You are the network administrator. There is one Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System. Which port role assignment would you make for?
A. Cisco Express 520
B. Cisco UC520
C. Cisco CE520
D. Cisco 871W

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 148
Refer to the exhibit. CK-SA and CK-SC are running PVST+ STP, and CK-SB is running 802.1 Q STP. If the BPDU of the root in VLAN 1 is better than the BPDU of the root in VU\N 2, then there is no blocking port in the VLAN 2 topology. The BPDU of VU\N 2 never makes a “full circle” around the topology; it is replaced by the VLAN 1 BPDU on the CK-SB-CK-SC link, because CK-SB runs only one STP merged with VU\N 1 STP of PVST+. Thus, there is a forwarding loop.

What does PVST+ do to correct this?
A. CK-SA sends PVST+ BPDUs ofVLAU 2 (to the SSTP address that is flooded by CK-SB) towards CK-SC. CK-SC will put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
B. CK-SB sends PVST+ BPDUs of VU\N 1 (to the SSTP address that is flooded by CK-SA) towards CK-SC. CK-SC will put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
C. CK-SC sends PVST+BPDUsofVU\N 2 (to the SSTP address that is flooded by CK-SB) towards CK-SC. CK-SAwill put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
D. CK-SA sends PVST+ BPDUs of VU\N 1 (to the SSTP address that is flooded by CK-SB) towards CK-SB. CK-SA will put port CK-C-CK-B into a type-inconsistent state, which prevents the loop.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 149
A wireless autonomous 1200 access point running core feature set in root mode has its SSID set to Factory_floor and provides connection to a repeater access point with its SSID set to factory_floor, if the root-mode access point is using channel 11 which channel will the repeater access point use?
A. channel 11
B. channel 1 or 6
C. anynonoverlapping channel
D. The root access point and the repeater will negotiate this setting

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 150
The VPN server uses a preshared key for remote device authentication
A. TRUE
B. FALSE

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 151
A customer with a large enterprise network wants to allow employees to work from home over the Internet. The customer anticipates a large amount of traffic, predominantly toward the central site. The customer also requires a VPN using strong user authentication and encryption to protect highly sensitive data. Which solution best meets this customer’s requirements?
A. remote-access VPN with software encryption
B. remote-access VPN with hardware encryption
C. site-to-site VPN with hub-and-spoke tunnels using 3DES and pre-shared secrets
D. site-to-site Cisco Easy VPN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 152
The tables contain information from the Cisco Router and Security Device Manager configurations of RA and RB. Traffic between PC1 and PC2 is not successfully establishing the site-to-site VPN between -RA and -RB. What is the mostly likely cause of this fault?
A. RAis using a standard IP ACL (100-149) while RB is using a Turbo ACL(150-199).
B. The IPSec encryption methods used by each router do not match.
C. The D-H Group settings on the two routers are the same.
D. The IPSec rules on the two routers are not permitting the correct interesting traffic.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 153
You are the network consultant. When will you assess a customer’s current network infrastructure?
A. plan
B. design
C. operate
D. optimize

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 154
A client is experiencing lower throughput and more packet retransmits is one area of the wireless network. At these times, the client utility shows high signal strength but low signal quality. What may be causing this issue?
A. The client does not support Cisco Compatible Extensions version 2.
B. Diversity is not enabled in the access point.
C. The WDS is failing to register the client card in the WLSM.
D. The channel is set incorrectly in the access point or in the client configuration.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 155
Which statement is correct about the current address translation configurations on the security appliance?
A. Dynamic NAT is used to translate the 10.0.1.100 host on the inside interface to a global address of
192.168.1.1
B. Port AddressTranslation(PAT) is used to translate any host on the inside interface to the 192.168.1.100 global address.
C. Static NAT is used to translate the 172.16.1.2 host on thedmzl interface to a global address of
192.168.1.102
D. Dynamic NAT is used to translate any host ondmzl and dmz2 interfaces to a mapped address from the address from the address pool of 192.168.1.110 to 192.168.1.250

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 156
VLAN Hopping is one of the primary VLAN based attacks used by hackers to infiltrate network security. VLAN hopping is used to attack a network by sending packets to a port which is generally not accessible. VLAN hopping attacks are mainly conducted in the Dynamic Trunking Protocol and, in some cases; the attacks are targeted to the trunking encapsulation protocol (802.1 q or ISL).You worry about the switched infrastructure in an integrated network is vulnerable to VLAN hopping attacks. Which two configuration can be used to mitigate VLAN hopping? (Choose two.)
A. switchporttrunk encapsulation
B. switchport mode trunk
C. switchport access vlan
D. switchport mode access

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 157
CiscoWorks SNMS is a part of the CiscoWorks family of products for managing small to large networks. CiscoWorks SIMMS is a new Web-based network management solution for small to medium-sized businesses, with 40 or fewer Cisco internetworking devices such as switches, routers, hubs, and access servers. CiscoWorks SNMS can also monitor third-party IT assets such as servers, applications, services, and printers A Public Switched Telephone Network (PSTN) trunk is typically the voice interconnect between any business and the outside world. Which network management tool is designed to allow businesses to manage up to 40 devices?
A. CiscoWorks Unrestricted
B. CiscoWorks WAN Management
C. CiscoWorks LAN Management
D. CiscoWorks SNMS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 158
Which statement is correct about the information in the Cisco Adaptive Security Device Manager General and License Information screen?
A. The security appliance supports active/active failover only.
B. The security appliance supports 3DES-AES only.
C. The managed device is a Cisco ASA 5540 Security Appliance with VPN premium license enabled.
D. The managed device is Cisco PIX515E Security Appliance.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which three are different types of STP inconsistencies in a Layer 2 network?(Choose three)
A. MAC inconsistency
B. Root inconsistency
C. EtherChannel inconsistency
D. type inconsistency

Correct Answer: BCD Section: (none) Explanation Explanation/Reference:
QUESTION 160
According to the error log, VLAN 1 is where the BPDU was received, and VLAN 2 is where the BPDU originated. When inconsistency is detected, what happens?
A. VLAN 1 is blocked, while VLAN 2 is forwarding
B. VLAN1 is blocked, while VLAN 2 is listening
C. Both VLANs are listening on the port from which this BPDU is send
D. Both VLANs are blocked on the port from which this BPDU is received

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 161
Which is the current configured default gateway IP address on the security appliance?
A. 172.16.10.1
B. 172.16.1.1
C. 192.168.1.2
D. 10.0.1.1

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Which statement is true about a Cisco Aironet 350 Series wireless client when its green LED appears to be off and its amber LED is blinking?
A. The client adapter is scanning for a network.
B. The client adapter is in ad hoc mode.
C. The client adapter is performing a self-test.
D. The client adapter is in power-save mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 163
You are the Cisco Configuration Assistant. Your IT Manager tells you 802.11b telephone can receive an audio signal from an access point, but cannot send audio. What is the most likely reason?
A. The value of RSSI telephone is greater than 30.
B. The access point only receives 802.11g data rates.
C. The security settings in the telephone mismatch the access point.
D. The telephone transmit power is significantly lower than the t the access point

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

Flydumps.com provides you with the most reliable practice exams to master Cisco 642-384 Certification. Our Microsoft questions and answers are certified by the senior lecturer and experienced technical experts in the Microsoft field. These test questions provide you with the experience of taking the Cisco 642-384 actual test.

Welcome to download the newest Pass4itsure CISSP-ISSEP dumps:

https://www.pass4itsure.com/issep.html

Avaya 3102 Certification Exam, Best Quality Avaya 3102 Exam Dumps With The Knowledge And Skills

Cisco 642-384 Exam, New Updated Cisco 642-384 Dump Is Your Best ChoiceCisco 642-384 Exam, New Updated Cisco 642-384 Dump Is Your Best Choice

Welcome to download the newest Pass4itsure ITILFND dumps:

You just need the right Cisco 642-384 Exam and you’ll be continuing your journey when it comes to achievement. Even though there are plenty of internet websites that accomplish this, but many are often false as well as outdated. For that reason, take care too essential with your number of the website. FLYDUMPS Cisco 642-384 exam sample questions test out generator data, questions, the actual test out responses along with other products to offer you an in depth in addition to rational stories Cisco 642-384 test desired goals, giving an absolute test out conditions, these Cisco 642-384 study materials provide this particular expertise on your the genuine Cisco 642-384 exam sample questions test out features in the solutions examiner.

QUESTION 139
You connect via Telnet to a Cisco access point and enter the command show dot11 link test. Which output might you obtain?
A. signal-to-noise ratio
B. incoming and outgoing signal strength
C. TX packets dropped
D. RX packets per second

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 140
Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager configurations of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the sitE.to-site VPN between Router A and Router B.
What is the mostly likely cause of this fault?

A. Router A is using a standard IP ACL (100-149) while Router B is using a Turbo ACL (150-199). ”
B. The IKE encryption methods on the two routers are different
C. the IPSec policy map names on the two routers are different.
D. the IPSec rules on the two routers are not permitting the Answer: interesting traffic.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 141
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

How many active VPN clients are currently connected to the 1841 ISR router?
A. 0
B. 1
C. 2
D. 3
E. 4
F. 5

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 142
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the
tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

Which IP address or address range will be used when allocating an internal IP address to the VPN clients for the “test” VPN group?________________________________________________________________________
A. 10.1.1.100 to 10.1.1.200 I
B. 10.1-1.2 to 10.1.1.254
C. 192.168.1.1 to 192.168.1.100
D. 192.168.1.2 to 192.168.1.254
E. 192.168.1.1
F. 192.168.1.2

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 143
This item consists of one or more multiple choice type questions that you must answer. To answer these questions, you need to use a GUI tool that becomes fully accessible by the use of the labs you see below these directions. The tabs have up and down arrows to signal the direction that the tabbed window may be dragged lo expose or hide the GUI tool. When you are done using the GUI tool, you may drag the tab down to continue answering questions. To advance to the next question in the series, click on the numbered button to the left of each question. Make sure that you have answered all the questions before continuing to the next item.

Which authentication method is used by the test” VPN group?
A. RSA Encrypted Nounce
B. RSA Digital Signature
C. PrE.Shared Key
D. Digital Certificate
E. DH2

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 144
You are the network consultant. You have a customer with a small network of 15 remote sites is trying to optimize its VPN by migrating some remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. The keypoint for your customer is to save money. Only a moderate amount of IP traffic is passing through the network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN functionality and basic confidentiality is desired..Considering the above requirements. Which solution would be the easiest for this customer to set up and manage?
A. point-to-point
B. partial mesh
C. point-to-multipoint
D. hub-and-spoke

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 145
In an infrastructure based on a wireless advanced feature set using lightweight access points, by which method is a rogue contained?

A. The WCS sends excessive traffic to the rogue thus overloading the access point.
B. The rogue MAC address is used to spoof broadcastdeassociation packets.
C. The rogue MAC address is used to spoof broadcastdeauthentication packets.
D. The WCS sends out excessive signals on the same channel when the rogue is detected.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 146
With industry-leading services and performance, the Cisco Catalyst 6500 Series Switch is Cisco’s flagship switching solution. It delivers the most comprehensive feature sets for core, distribution, wiring closet, data center, enterprise WAN routing, and Metro-Ethernet deployments. Which layer you think is recommended that the Cisco Catalyst 6500 Series WLSM be placed?
A. core
B. distribution
C. access
D. presentation

Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 147
The Cisco Lifecycle Services approach defines the activities needed to help you successfully deploy and operate Cisco technologies and optimize their performance throughout the lifecycle of your network. Which statement is an accurate list of Cisco Lifecycle Services phases?
A. initiation, prepare, plan, design, implement, operate, and optimize
B. site assessment, risk assessment, solution selection and acquisition, testing, and operations
C. prepare, plan, design, implement, operate, and optimize
D. deployment, testing, implementation, and production

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 148
Which IP address or address range will be used when allocating an internal ip address to the VPN client for the test
A. 120.1.1.100 to 10.1.1.200
B. 10.1.1.2 to 10.1.1.254
C. 192.1681.1 to 192.1681.1.100
D. 192.1681.2 to 192.1681.1.254

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 149
Which authentication method is used by the test VPN group?

A. RSA EncryptedNounce
B. RSA Digital Signature
C. Pre-shared key
D. DH2

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 150

A network administrator is troubleshooting an EIGRP connection between RA and RB. Given the debug output on RA, which two statements are true?(Choose two)
A. RA received a hello packet with mismatched hello timers.
B. RA received a hello packet with mismatched metric-calculation mechanisms.
C. RA will form an adjacency with RB.
D. RAwill not form an adjacency with RB.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 151
You are the network administrator. There is one Gigabit Ethernet port on the Cisco CE520 used in the Smart Business Communications System. Which port role assignment would you make for?
A. Cisco Express 520
B. Cisco UC520
C. Cisco CE520
D. Cisco 871W
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 152
Refer to the exhibit. CK-SA and CK-SC are running PVST+ STP, and CK-SB is running 802.1 Q STP. If the BPDU of the root in VLAN 1 is better than the BPDU of the root in VU\N 2, then there is no blocking port in the VLAN 2 topology. The BPDU of VU\N 2 never makes a “full circle” around the topology; it is replaced by the VLAN 1 BPDU on the CK-SB-CK-SC link, because CK-SB runs only one STP merged with VU\N 1 STP of PVST+. Thus, there is a forwarding loop.

What does PVST+ do to correct this?
A. CK-SA sends PVST+ BPDUs ofVLAU 2 (to the SSTP address that is flooded by CK-SB) towards CK-SC. CK-SC will put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
B. CK-SB sends PVST+ BPDUs of VU\N 1 (to the SSTP address that is flooded by CK-SA) towards CK-SC. CK-SC will put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
C. CK-SC sends PVST+BPDUsofVU\N 2 (to the SSTP address that is flooded by CK-SB) towards CK-SC. CK-SAwill put port CK-SC-CK-SB into a type-inconsistent state, which prevents the loop.
D. CK-SA sends PVST+ BPDUs of VU\N 1 (to the SSTP address that is flooded by CK-SB) towards CK-SB. CK-SA will put port CK-C-CK-B into a type-inconsistent state, which prevents the loop.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 153
A wireless autonomous 1200 access point running core feature set in root mode has its SSID set to Factory_floor and provides connection to a repeater access point with its SSID set to factory_floor, if the root-mode access point is using channel 11 which channel will the repeater
access point use?
A. channel 11
B. channel 1 or 6
C. anynonoverlapping channel
D. The root access point and the repeater will negotiate this setting

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 154
The VPN server uses a preshared key for remote device authentication
A. TRUE
B. FALSE

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 155
A customer with a large enterprise network wants to allow employees to work from home over the Internet. The customer anticipates a large amount of traffic, predominantly toward the central site. The customer also requires a VPN using strong user authentication and encryption to protect highly sensitive data. Which solution best meets this customer’s requirements?
A. remote-access VPN with software encryption
B. remote-access VPN with hardware encryption
C. site-to-site VPN with hub-and-spoke tunnels using 3DES and pre-shared secrets
D. site-to-site Cisco Easy VPN

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 156
The tables contain information from the Cisco Router and Security Device Manager configurations of RA and RB. Traffic between PC1 and PC2 is not successfully establishing the site-to-site VPN between -RA and -RB. What is the mostly likely cause of this fault?
A. RAis using a standard IP ACL (100-149) while RB is using a Turbo ACL(150-199).
B. The IPSec encryption methods used by each router do not match.
C. The D-H Group settings on the two routers are the same. ”
D. The IPSec rules on the two routers are not permitting the correct interesting traffic.
Correct Answer: B Section: (none) Explanation

Explanation/Reference:
QUESTION 157
You are the network consultant. When will you assess a customer’s current network infrastructure?
A. plan
B. design
C. operate
D. optimize

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 158
A client is experiencing lower throughput and more packet retransmits is one area of the wireless network. At these times, the client utility shows high signal strength but low signal quality. What may be causing this issue?
A. The client does not support Cisco Compatible Extensions version 2.
B. Diversity is not enabled in the access point.
C. The WDS is failing to register the client card in the WLSM.
D. The channel is set incorrectly in the access point or in the client configuration.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which statement is correct about the current address translation configurations on the security appliance?
A. Dynamic NAT is used to translate the 10.0.1.100 host on the inside interface to a global address of
192.168.1.1
B. Port AddressTranslation(PAT) is used to translate any host on the inside interface to the 192.168.1.100 global address.
C. Static NAT is used to translate the 172.16.1.2 host on thedmzl interface to a global address of
192.168.1.102
D. Dynamic NAT is used to translate any host ondmzl and dmz2 interfaces to a mapped address from the address from the address pool of 192.168.1.110 to 192.168.1.250 ”

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 160
VLAN Hopping is one of the primary VLAN based attacks used by hackers to infiltrate network security. VLAN hopping is used to attack a network by sending packets to a port which is generally not accessible.
VLAN hopping attacks are mainly conducted in the Dynamic Trunking Protocol and, in some cases; the attacks are targeted to the trunking encapsulation protocol (802.1 q or ISL).You worry about the switched infrastructure in an integrated network is vulnerable to VLAN hopping attacks. Which two configuration can be used to mitigate VLAN hopping? (Choose two.)
A. switchporttrunk encapsulation
B. switchport mode trunk
C. switchport access vlan
D. switchport mode access

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 161
CiscoWorks SNMS is a part of the CiscoWorks family of products for managing small to large networks. CiscoWorks SIMMS is a new Web-based network management solution for small to medium-sized businesses, with 40 or fewer Cisco internetworking devices such as switches, routers, hubs, and access servers. CiscoWorks SNMS can also monitor third-party IT assets such as servers, applications, services, and printers A Public Switched Telephone Network (PSTN) trunk is typically the voice interconnect between any business and the outside world. Which network management tool is designed to allow businesses to manage up to 40 devices?
A. CiscoWorks Unrestricted
B. CiscoWorks WAN Management
C. CiscoWorks LAN Management
D. CiscoWorks SNMS

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Which statement is correct about the information in the Cisco Adaptive Security Device Manager General and License Information screen?

A. The security appliance supports active/active failover only.
B. The security appliance supports 3DES-AES only.
C. The managed device is a Cisco ASA 5540 Security Appliance with VPN premium license enabled.
D. The managed device is Cisco PIX515E Security Appliance.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which three are different types of STP inconsistencies in a Layer 2 network?(Choose three) A. MAC inconsistency
B. Root inconsistency
C. EtherChannel inconsistency
D. type inconsistency

Correct Answer: BCD Section: (none) Explanation
Explanation/Reference:
QUESTION 164
According to the error log, VLAN 1 is where the BPDU was received, and VLAN 2 is where the BPDU originated. When inconsistency is detected, what happens?
A. VLAN 1 is blocked, while VLAN 2 is forwarding
B. VLAN1 is blocked, while VLAN 2 is listening
C. Both VLANs are listening on the port from which this BPDU is send
D. Both VLANs are blocked on the port from which this BPDU is received

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Which is the current configured default gateway IP address on the security appliance?
A. 172.16.10.1
B. 172.16.1.1
C. 192.168.1.2
D. 10.0.1.1

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 166
Which statement is true about a Cisco Aironet 350 Series wireless client when its green LED appears to be off and its amber LED is blinking?
A. The client adapter is scanning for a network.
B. The client adapter is in ad hoc mode.
C. The client adapter is performing a self-test.
D. The client adapter is in power-save mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 167
You are the Cisco Configuration Assistant. Your IT Manager tells you 802.11b telephone can receive an audio signal from an access point, but cannot send audio. What is the most likely reason?
A. The value of RSSI telephone is greater than 30.
B. The access point only receives 802.11g data rates.
C. The security settings in the telephone mismatch the access point.
D. The telephone transmit power is significantly lower than the t the access point

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Cisco 642-384 practice test products. Once you have practiced through our assessment material, familiarity on Cisco 642-384 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Cisco 642-384 exam.

Welcome to download the newest Pass4itsure ITILFND dumps: https://www.pass4itsure.com/itilfnd.html

Avaya 3101 Testing, New Updated Avaya 3101 Study Material UP To 50% Off

CheckPoint 156-210 Exam, Sale Discount CheckPoint 156-210 Dump OnlineCheckPoint 156-210 Exam, Sale Discount CheckPoint 156-210 Dump Online

Welcome to download the newest Dumpsoon 1Z0-060 dumps:

Don’t leave your fate to boring books, you should sooner trust FLYDUMPS CheckPoint 156-210 exam sample questions. If you prefer the course on FLYDUMPS CheckPoint 156-210 exam sample questions, then you will need to attend their class and their classroom sessions are quite expensive. FLYDUMPS CheckPoint 156-210 pdf could be the passport for your career life since it covers everything needed to pass CheckPoint 156-210 exam. CheckPoint 156-210 Testing Engine are composed by current and active Information Technology experts, who use their experience in preparing you for your future CheckPoint 156-210 exam sample questions available at FLYDUMPS will save you money, and get you started on the right road to making more with your new found skills.

QUESTION 177
When you disable a rule the rule is NOT disabled until you verify your Security Policy.
A. True
B. False

Correct Answer: B
QUESTION 178
Static Source NAT translates public internal source IP addresses to private external source IP addresses.
A. True
B. False.

Correct Answer: B
QUESTION 179
What is the command that lists the interfaces to which VPN-1/FireWall-1 bound?
A. Fw ct1 iflist
B. Ifconfig -a
C. Ifconfig \all
D. Netstat -m
E. Cp bind -all

Correct Answer: A
QUESTION 180
Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. Which if the following is the best authentication method for roaming users, such as doctors updating patient records at various floor stations in a hospital?
A. Session
B. User
C. Client
D. Connection
E. None of the above.

Correct Answer: B QUESTION 181
Which command utility allows verification of the Security Policy installed on a firewall module?
A. Fw ct1 pstat.
B. Fw printlic.
C. Fw stat.
D. Fw ver.
E. Fw pol.

Correct Answer: C QUESTION 182
You are a firewall administrator with one Management Server managing 3 different Enforcement Modules. One of the Enforcement Modules does NOT show up in the dialog box when attempting to install a Security Policy. Which of the following is the most likely cause?
A. No master file was created.
B. License for multiple firewalls has expired.
C. The firewall has NOT been rebooted.
D. The firewall was NOT listed in the Install On column of the rule.
E. The firewall is listed as “Managed by another Management Module (external)” in the Workstation Properties dialog box.

Correct Answer: E QUESTION 183
In the Install On column of a rule, when you select a specific firewall object as the only configuration object, that rule is enforced on all firewalls with in the network, with related configurations.
A. True
B. False.

Correct Answer: B QUESTION 184
As an administrator, you want to force your users to authenticate. You have selected Client Authentication as your authentication scheme. Users will be using a Web browser to authenticate. On which TCP port will authentication be performed?
A. 23
B. 80
C. 259
D. 261
E. 900

Correct Answer: E QUESTION 185
Once installed the VPN-1/FireWall-1 NG resides directly below what layer of the TCP/IP stack?

A. Data
B. Transport
C. Physical
D. Application
E. Network

Correct Answer: E QUESTION 186
Client Authentication rules should be placed above the Stealth rule, so users can authenticate to the firewall.
A. True
B. False

Correct Answer: A QUESTION 187
The following rule base tells you any automatically created NAT rules have simply hidden but have not been deleted from the Rule Base.
A. True
B. False

Correct Answer: B QUESTION 188
You are using static Destination NAT. You have VPN-1/FireWall-1 NG running on Windows NT/Solaris platform. By default, routing occurs after the address translation when the packet is passing form the client towards the server.
A. True
B. False

Correct Answer: B QUESTION 189
Which if the following statements are FALSE?
A. Dynamic NAT cannot be used for protocols where the port number cannot be changed.
B. Dynamic NAT cannot be used when an external server must distinguish between clients bases on their IP addresses.
C. With Dynamic NAT, packet’s source port numbers are modified.
D. In Dynamic NAT, public internal addresses are hidden behind a single private external address using dynamically assigned port numbers to distinguish between them.
E. Dynamically assigned post numbers are used to distinguish between hidden private addresses.

Correct Answer: D QUESTION 190
When you modify a User Template, any users already operating under that template will be updates to the new template properties.
A. True
B. False

Correct Answer: B QUESTION 191
Installation time for creating network objects will decrease if you list machine names and IP addresses in the hosts files.
A. True
B. False

Correct Answer: A QUESTION 192
Consider the following network: No Original Packet Translated Packet Source Destination Service Source Destination Service The administrator wants to take all the local and DMZ hosts behind the gateway except the HTTP server
192.9.200.9. The http server will be providing public services and must be accessible from Internet. Select the best NAT solution below that meets these requirements.
A. Use automatic NAT that creates a static NAT to the HTTP server.
B. To hide the private addresses set the address translation for Private Net.
C. To hide the private address set the address translation for 192.9.200.0.
D. Use automatic NAT rule creation to hide NAT Local net and private Net.
E. Both A and D.

Correct Answer: E QUESTION 193
What NAT made is necessary if you want to start and HTTP session on a Reserved or Illegal IP address?
A. Static Source.
B. Static destination.
C. Dynamic
D. None of the above.

Correct Answer: B
QUESTION 194
With SecureUpdate you are able to: (Select all that apply)
A. Change Central Licenses to Local Licenses
B. Track current installed versions of Check Point and OPSEC products
C. Update Check Point and OPSEC software remotely from a central location
D. Centrally manage Licenses
E. Perform a new installation of VPN-1/FW-1 remotely

Correct Answer: BCD
QUESTION 195
Which is false about SIC communications?
A. A.VPN Certificates, such as those for IKE are used for secure communications
B. B.The Policy Editior initiates an SSL based connection with the Management Server
C. The Policy Editor must be defined as being authorised to use the Management Server
D. The Management Server verifies that the Clients IP address belongs to an authorised Policy Editor Client

Correct Answer: A

Looking to become a certified Adobe professional? Would you like to reduce or minimize your CheckPoint 156-210 certification cost? Do you want to pass all of the Microsoft certification? If you answered YES, then look no further. Flydumps.com offers you the best CheckPoint 156-210 exam certification test questions which cover all core topics and certification requirements.

Welcome to download the newest Dumpsoon 1Z0-060 dumps: http://www.dumpsoon.com/1Z0-060.html

Aruba ACCP-V6 Practise Questions, The Most Effective Aruba ACCP-V6 Actual Test On Our Store

CheckPoint 156-215 Study Guide, Download CheckPoint 156-215 PDF&VCE Online StoreCheckPoint 156-215 Study Guide, Download CheckPoint 156-215 PDF&VCE Online Store

Welcome to download the newest Pass4itsure 400-101 dumps:

Top IT industry experts and professionals make sure that the students get thoroughly researched 100% authentic answers. Flydumps CheckPoint 156-215 exam sample questions includes CheckPoint 156-215 exam questions answers and online CheckPoint 156-215 is extremely important for the real CheckPoint 156-215 certification. Flydumps simulator exam containing 90 questions is designed in a way that could help you pass the exam with no other books or helping materials and more effective. With our Cisco 642-618 exam sample questions you will feel on top of the illusive CheckPoint 156-215 exam.

QUESTION 182
Which command allows verification of the Security Policy name and install date on a Security Gateway?
“Pass Any Exam. Any Time.” – www.actualtests.com 73 Checkpoint 156-215.75 Exam
A. fw show policy
B. fw ctl pstat -policy
C. fw stat -l
D. fwver-p

Correct Answer: C
QUESTION 183
You have two rules, ten users, and two user groups in a Security Policy. You create database version 1 for this configuration. You then delete two existing users and add a new user group. You modify one rule and add two new rules to the Rule Base. You save the Security Policy and create database version 2. After awhile, you decide to roll back to version 1 to use the Rule Base, but you want to keep your user database. How can you do this?
A. Run fwm_dbexport to export the user database. Select restore the entire database in the Database Revision screen. Then, run fwm_dbimport.
B. Restore the entire database, except the user database, and then create the new user and user group.
C. Restore the entire database, except the user database.
D. Run fwm dbexport -l filename. Restore the database. Then, run fwm dbimport -l filename to import the users.

Correct Answer: C
QUESTION 184
Which feature or command provides the easiest path for Security Administrators to revert to earlier versions of the same Security Policy and objects configuration?
A. Policy Package management
B. dbexport/dbimport
C. Database Revision Control
D. upgrade_export/upgrade_import

Correct Answer: C
QUESTION 185
Your Security Management Server fails and does not reboot. One of your remote Security Gateways managed by the Security Management Server reboots. What occurs with the remote Gateway after reboot?
A. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
B. Since the Security Management Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
C. Since the Security Management Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
D. The remote Gateway fetches the last installed Security Policy locally and passes traffic normally. The Gateway will log locally, since the Security Management Server is not available.

Correct Answer: D
QUESTION 186
How can you configure an application to automatically launch on the Security Management Server when traffic is dropped or accepted by a rule in the Security Policy?
A. Pop-up alert script
B. User-defined alert script
C. Custom scripts cannot be executed through alert scripts
D. SNMP trap alert script

Correct Answer: B QUESTION 187
Which of the following is NOT useful to verify whether or NOT a Security Policy is active on a Gateway?
A. Check the name of Security Policy of the appropriate Gateway in Smart Monitor.
B. Cpstat fw ?f policy
C. fw stat
D. fw ctl get string active_secpol “Pass Any Exam. Any Time.” – www.actualtests.com 75 Checkpoint 156-215.75 Exam

Correct Answer: D
QUESTION 188
Of the following, what parameters will not be preserved when using Database Revision Control? 1) Simplified mode Rule Bases 2) Traditional mode Rule Bases 3) Secure Platform WebUI Users 4) SIC certificates 5) SmartView Tracker audit logs 6) SmartView Tracker traffic logs 7) Implied Rules 8) IPS Profiles 9) Blocked connections 10) Manual NAT rules 11) VPN communities 12) Gateway route table 13) Gateway licenses
A. 3, 4, 5, 6, 9, 12, 13
B. 5, 6, 9, 12, 13
C. 1, 2, 8, 10, 11
D. 2, 4, 7, 10, 11

Correct Answer: A QUESTION 189
Which of the following describes the default behavior of an R75 Security Gateway?
“Pass Any Exam. Any Time.” – www.actualtests.com 76 Checkpoint 156-215.75 Exam
A. Traffic is filtered using controlled port scanning.
B. All traffic is expressly permitted via explicit rules.
C. Traffic not explicitly permitted is dropped.
D. IP protocol types listed as secure are allowed by default, i.e. ICMP, TCP, UDP sessions are inspected.

Correct Answer: C
QUESTION 190
When you use the Global Properties’ default settings on R75, which type of traffic will be dropped if no explicit rule allows the traffic?
A. SmartUpdate connections
B. Firewall logging and ICA key-exchange information
C. Outgoing traffic originating from the Security Gateway
D. RIP traffic

Correct Answer: D
QUESTION 191
You have installed a R75 Security Gateway on SecurePlatform. To manage the Gateway from the enterprise Security Management Server, you create a new Gateway object and Security Policy. When you install the new Policy from the Policy menu, the Gateway object does not appear in the Install Policy window as a target. What is the problem?
A. The new Gateway’s temporary license has expired.
B. The object was created with Node > Gateway.
C. The Gateway object is not specified in the first policy rule column Install On.
D. No Masters file is created for the new Gateway.

Correct Answer: B
QUESTION 192
“Pass Any Exam. Any Time.” – www.actualtests.com 77 Checkpoint 156-215.75 Exam Select the correct statement about Secure Internal Communications (SIC) Certificates. SIC Certificates:
A. Are used for securing internal network communications between the SmartDashboard and the Security Management Server.
B. For R75 Security Gateways are created during the Security Management Server installation.
C. Decrease network security by securing administrative communication among the Security Management Servers and the Security Gateway.
D. Uniquely identify Check Point enabled machines; they have the same function as VPN Certificates.

Correct Answer: D
QUESTION 193
John is the Security Administrator in his company. He installs a new R75 Security Management Server and a new R75 Gateway. He now wants to establish SIC between them. After entering the activation key, the message “Trust established” is displayed in SmartDashboard, but SIC still does not seem to work because the policy won’t install and interface fetching still does not work. What might be a reason for this?
A. This must be a human error.
B. The Gateway’s time is several days or weeks in the future and the SIC certificate is not yet valid.
C. SIC does not function over the network.
D. It always works when the trust is established.
Correct Answer: B
QUESTION 194
A _______ rule is used to prevent all traffic going to the R75 Security Gateway.
A. Cleanup
B. Reject
C. Stealth
D. IPS “Pass Any Exam. Any Time.” – www.actualtests.com 78 Checkpoint 156-215.75 Exam

Correct Answer: C
QUESTION 195
In a distributed management environment, the administrator has removed the default check from Accept Control Connections under the Policy / Global Properties / FireWall tab. In order for the Security Management Server to install a policy to the Firewall, an explicit rule must be created to allow the server to communicate to the Security Gateway on port ______.
A. 256
B. 80
C. 900
D. 259

Correct Answer: A
QUESTION 196
Your internal network is configured to be 10.1.1.0/24. This network is behind your perimeter R75 Gateway, which connections to your ISP provider. How do you configure the Gateway to allow this network to go out to the internet?
A. Use Hide NAT for network 10.1.1.0/24 behind the internal interface of your perimeter Gateway.
B. Use Hide NAT for network 10.1.1.0/24 behind the external IP address of your perimeter Gateway.
C. Use automatic Static NAT for network 10.1.1.0/24.
D. Do nothing, as long as 10.1.1.0 network has the correct default Gateway.

Correct Answer: B
QUESTION 197
Which specific R75 GUI would you use to add an address translation rule?
A. SmartConsole “Pass Any Exam. Any Time.” – www.actualtests.com 79 Checkpoint 156-215.75 Exam
B. SmartDashboard
C. SmartNAT
D. SmartView Monitor

Correct Answer: B
QUESTION 198
You are a Security Administrator who has installed Security Gateway R75 on your network. You need to allow a specific IP address range for a partner site to access your intranet Web server. To limit the partner’s access for HTTP and FTP only, you did the following:
1.
Created manual Static NAT rules for the Web server.

2.
Created the following settings in the Global Properties’ Network Address Translation screen
-Allow bi-directional NAT*

Translate destination on client side

A.
Yes, This will ensure that traffic only matches the specific rule configured for this traffic, and that the Gateway translates the traffic after accepting the packet.

B.
Yes, Both of these settings are only application to automatically NAT rules.

C.
No, The first setting is not applicable. The second setting will reduce performance, by translating traffic in the kernel nearest the intranet server.

D.
No. The first setting is only applicable to automatic NAT rules. The second setting is necessary to make sure there are no conflicts between NAT and anti-spoofing.
Do you above settings limit the partner’s access?

Correct Answer: D
QUESTION 199
You enable Automatic Static NAT on an internal host node object with a private IP address of 10.10.10.5, which is NATed into 216.216.216.5. (You use the default settings in Global Properties / NAT.)
When you run fw monitor on the R75 Security Gateway and then start a new HTTP connection from host
10.10.10.5 to browse the Internet, at what point in the monitor output will you observe the HTTP SYN-ACK packet translated from 216.216.216.5 back into 10.10.10.5?
“Pass Any Exam. Any Time.” – www.actualtests.com 80 Checkpoint 156-215.75 Exam
A. i=inbound kernel, before the virtual machine
B. O=outbound kernel, after the virtual machine
C. o=outbound kernel, before the virtual machine
D. I=inbound kernel, after the virtual machine

Correct Answer: D
QUESTION 200
You have configured a remote site Gateway that supports your boss’s access from his home office using a DSL dialup connection. Everything worked fine yesterday, but today all connectivity is lost. Your initial investigation results in “nobody has touched anything”, which you can support by taking a look in SmartView Tracker Management. What is the problem and what can be done about it?
A. You cannot use NAT and a dialup connection.
B. The NAT configuration is not correct; you can only use private IP addresses in a static NAT setup.
C. A static NAT setup may not work with DSL, since the external IP may change. Hide NAT behind the Gateway is the preferred method here.
D. According to published limitations of Security Gateway R75, there’s a bug with NAT. A restart of the Gateway will help here.

Correct Answer: C

This is the reason why this program is highly recommended to all those students who are serious about passing out CheckPoint 156-215 ECSS. You will find CheckPoint 156-215 ECSS exam which you will require when CheckPoint 156-215 ECSS exam you have to test your knowledge and skills. Without them you will not be able to get information about what your areas of expertise are. It has been seen that students are feeling quite at home in presence of CheckPoint 156-215 ECSS exam as they provide them a chance to take a sigh of relief and they need not to spend hours in their studies for the certification. A great number of candidates for Exam have already been benefited themselves with the amazing study material of questions CheckPoint 156-215 ECSS study materials.

Welcome to download the newest Pass4itsure 400-101 dumps: http://www.pass4itsure.com/400-101.html

Avaya 3102 Certification Exam, Best Quality Avaya 3102 Exam Dumps With The Knowledge And Skills

CompTIA CAS-001 VCE, Most Reliable CompTIA CAS-001 New Questions Online SaleCompTIA CAS-001 VCE, Most Reliable CompTIA CAS-001 New Questions Online Sale

Welcome to download the newest Pass4itsure 70-470 dumps

We at Flydumps CompTIA CAS-001 exam sample questions are IT. experts and are highly experienced in the field of exam dumps and study notes as our team is continuously working for the more accomplished CompTIA CAS-001 exam guide and test questions. At CompTIA CAS-001 exam sample questions Flydumps, all the necessary CompTIA CAS-001 exam guide is available which not only includes free CompTIA CAS-001 but it also contains CompTIA CAS-001 study guide and CompTIA CAS-001 practice exam.

QUESTION 26
A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security administrator needs to gather information from several vendors to determine a specific product. Which of the following documents would assist in choosing a specific brand and model?
A. RFC
B. RTO
C. RFQ
D. RFI

Correct Answer: D QUESTION 27
Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the company’s VoIP system (i.e. premature call drops and garbled call signals). The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).
A. Configure 802.11b on the network
B. Configure 802.1q on the network
C. Configure 802.11e on the network
D. Update the firewall managing the SIP servers
E. Update the HIDS managing the SIP servers

Correct Answer: CD QUESTION 28
A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place?
A. Operations and Maintenance
B. Implementation
C. Acquisition and Development
D. Initiation Correct Answer: B QUESTION 29
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application?
A. Social Engineering
B. Penetration Test
C. Vulnerability Assessment
D. Code Review Correct Answer: D QUESTION 30
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability assessment
D. HTTP interceptor Correct Answer: B QUESTION 31
Which of the following is the MOST appropriate control measure for lost mobile devices?
A. Disable unnecessary wireless interfaces such as Bluetooth.
B. Reduce the amount of sensitive data stored on the device.
C. Require authentication before access is given to the device.
D. Require that the compromised devices be remotely wiped.

Correct Answer: D QUESTION 32
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?
A. Write over the data
B. Purge the data
C. Incinerate the DVD
D. Shred the DVD Correct Answer: D QUESTION 33
A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1
Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
A. The HTTPS is not being enforced so the system is vulnerable.
B. The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
C. Sensitive data is transmitted in the URL.
D. The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.

Correct Answer: C
QUESTION 34
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploited
B. Remnants of network data from prior customers on the physical servers during a compute job
C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources

Correct Answer: A
QUESTION 35
A security administrator needs a secure computing solution to use for all of the company’s security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?
A. A hardened Red Hat Enterprise Linux implementation running a software firewall
B. Windows 7 with a secure domain policy and smartcard based authentication
C. A hardened bastion host with a permit all policy implemented in a software firewall
D. Solaris 10 with trusted extensions or SE Linux with a trusted policy

Correct Answer: D
QUESTION 36
After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers.
Which of the following is the MOST complete list of end-point security software the administrator could plan to implement?
A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, two- factor authentication.
B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three- factor authentication.
C. Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
D. Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.

Correct Answer: A
QUESTION 37
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:
A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.
B. error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
C. error elimination, trash collection, documenting race conditions, peer review, and typical security problems.
D. error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.

Correct Answer: A
QUESTION 38
A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?
A. Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
B. Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
C. Problem: SQL injection Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
D. Problem: Buffer overflow Mitigation Technique: Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.
Correct Answer: B QUESTION 39
A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?
A. Vulnerability assessment
B. Code review
C. Social engineering
D. Reverse engineering

Correct Answer: C
QUESTION 40
A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment?
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.
B. Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices.
C. Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
D. Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.

Correct Answer: A
QUESTION 41
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?
A. The resulting impact of even one attack being realized might cripple the company financially.
B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.
C. The director is new and is being rushed to approve a project before an adequate assessment has been performed.
D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.

Correct Answer: A
QUESTION 42
A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two-factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with the security posture of this company?
A. No effective controls in place
B. No transport security controls are implemented
C. Insufficient user authentication controls are implemented
D. IPv6 is not incorporated in the network
Correct Answer: B
QUESTION 43
Statement: “The system shall implement measures to notify system administrators prior to a security incident occurring.”
Which of the following BEST restates the above statement to allow it to be implemented by a team of software developers?
A. The system shall cease processing data when certain configurable events occur.
B. The system shall continue processing in the event of an error and email the security administrator the error logs.
C. The system shall halt on error.
D. The system shall throw an error when specified incidents pass a configurable threshold.

Correct Answer: D
QUESTION 44
A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?
A. File an insurance claim and assure the executive the data is secure because it is encrypted.
B. Immediately implement a plan to remotely wipe all data from the device.
C. Have the executive change all passwords and issue the executive a new phone.
D. Execute a plan to remotely disable the device and report the loss to the police.

Correct Answer: B
QUESTION 45
A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be.
Which of the following is being described?
A. Authentication
B. Authorization
C. SAML
D. Kerberos

Correct Answer: C
QUESTION 46
A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author?
A. Digital encryption
B. Digital signing
C. Password entropy
D. Code signing

Correct Answer: D
QUESTION 47
A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selected?
A. Ease of patch testing
B. Reducing physical footprint
C. Reduced network traffic
D. Isolation of applications

Correct Answer: B
QUESTION 48
The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?
A. VLANs
B. VDI
C. PaaS
D. IaaS

Correct Answer: B
QUESTION 49
A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building and entryways.
The following requirements must be met:
Able to log entry of all employees in and out of specific areas

Access control into and out of all sensitive areas

Tailgating prevention
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).
A. Discretionary Access control
B. Man trap
C. Visitor logs
D. Proximity readers
E. Motion detection sensors

Correct Answer: BD

Special CompTIA CAS-001 exam FLYDUMPS is designed according to the updated curriculum given by FLYDUMPS. This CompTIA CAS-001 exam highlights the most vital and anticipated contents regarding the test and exclude all of the unnecessary details. Thus, It provides a shortcut way and prevents you from over digesting the whole of CompTIA CAS-001 exam. Let FLYDUMPS to smooth your way and make your scores higher to get CompTIA CAS-001 test. And FLYDUMPS CompTIA CAS-001 exam are constantly updated to reflect the current CompTIA CAS-001 exam information. FLYDUMPS CompTIA CAS-001 exam updates are supplied free of charge to FLYDUMPS customers hereby becoming an investment rather than a disposable product.

Welcome to download the newest Pass4itsure CCDP dumps: https://www.pass4itsure.com/ccdp.html

Avaya 3101 Testing, New Updated Avaya 3101 Study Material UP To 50% Off