Day: May 19, 2016
New VCE and PDF– If you want to pass Cisco 642-501 exam successfully,do not miss to test Cisco latest Cisco 642-501 brain dumps.All Cisco 642-501 the new questions and answers were timely added, visit Flydumps.com to free download VCE player and PDF files.
Exam A
QUESTION 1
Exhibit: servicepassword-encryption ! aaa new-model aaa authentication login default line aaa authentication login nologin name aaa authentication login admin tacacs+ enable aaa authentication ppp default tacacs+ ! enable secret 5 $1$WogB$7.0FLEFgB8Wp.C9eqNX9L/ !! interface Group-Async ip unnumbered Loopback0 ip tcp header-compression passive encapsulation ppp async mode interactive John at Certkiller Inc. is looking at this configuration to figure out what method authenticates through the vty port. Which method is correct?
A. no access permitted
B. line password
C. no authentication required
D. default authentication used
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Enabling Authentication for LoginUsing the aaaauthentication logincommand and the following keywords,
you create one or more lists of authentication methods that are tried at login. The lists are used with the
login authenticationline configuration command.
Enter the following command in global configuration mode to enable authentication for login:
Switch# aaa authentication login {default |list-name} method1 […[method3]]The keyword list-name is any
character string used to name the list you are creating. The method keyword refers to the actual method
the authentication algorithm tries, in the sequence entered. You can enter up to three methods:
Reference: http://www.cisco.com/en/US/products/hw/switches/ps637/ products_configuration_guide_chapter09186a008007 f03
QUESTION 2
James the administrator on Certkiller is trying to figure out which router table is modified or prevented from updating, if a rerouting attack occurs. (Choose one)
A. ARP
B. address
C. bridging
D. routing
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
Route filters can be set up on any interface to prevent learning or propagating routing information
inappropriately. Some routing protocols (such as EIGRP) allow you to insert a filter on the routes being
advertised so that certain routes are not advertised in some parts of the network.
Reference:
Managing Cisco Network Security (Ciscopress) page 233
QUESTION 3
Brain the security administrator is in charge of creating a security policy for Certkiller Inc. Which two statements about the creation of a security policy are true? (Choose two)
A. It helps Chief Information Officers determine the return on investment of network security at Certkiller Inc.
B. It defines how to track down and prosecute policy offenders at Certkiller Inc.
C. It helps determine which vendor security equipment or software is better than others.
D. It clears the general security framework so you can implement network security at Certkiller Inc.
E. It provides a process to audit existing network security at Certkiller Inc.
F. It defines which behavior is and is not allowed at Certkiller Inc.
Correct Answer: EF Section: (none) Explanation
Explanation/Reference:
Explanation:
Reasons to create a network security policy:
1.
Provides a process to audit existing network security
2.
Provides a general security framework for implementing network security
3.
Defines which behavior is and is not allowed
4.
Often helps determine which tools and procedures are needed for the organization
5.
Helps communicate consensus among a group of key decision-makers and defines responsibilities of users and administrators
6.
Defines a process for handling network security incidents
7.
Enables global security implementation and enforcement
8.
Creates a basis for legal action if necessary
Reference:
Managing Cisco Network Security (Ciscopress) page 43
QUESTION 4
Johnthe administrator at Certkiller Inc. is working on securing the router passwords. Which IOS command encrypts all clear text passwords in a router configuration?
A. service password-encryption
B. service password md5
C. encrypt passwords
D. enable password-encryption
E. service password-encrypted
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
servicepassword-encryption To encrypt passwords, use the service password-encryption global
configuration command. Use the no form of this command to disable this service.
Reference:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/
products_command_summary_chapter09186a00800 d9c26.ht
QUESTION 5
Johnthe administrator wants to know which type of key exchange mechanism is Diffie-Hellman.
A. Private key exchange
B. RSA keying
C. Public key exchange
D. AES key exchange
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Diffie-Hellman is used to securely exchange public keys so that shared secret keys can be securely
generated for use as DES keys.
Reference:
Managing Cisco Network Security (Ciscopress) page 467
QUESTION 6
John the security administrator for Certkiller Inc. needs to identify three character mode access methods. Choose three character mode access methods.
A. ppp
B. tty
C. vty
D. async
E. acl
F. aux
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
Explanation:
AAA and Character-Mode Traffic – AAA secure character-mode traffic during login sessions via the lines”
1.
Aux
2.
Console
3.
TTY
4.
VTY
Reference:
Managing Cisco Network Security (Ciscopress) page 113
QUESTION 7
Kathy the security administrator for Certkiller Inc. is working on defending the network.
One of the attacks she is working to defend is SYN flooding and is looking to know which Cisco IOS
feature defends against SYN flooding DoS attacks.
A. Route authentication
B. Encryption
C. ACLs
D. TCP intercept
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
The TCP intercept feature in Cisco IOS software protects TCP servers from SYN-flooding attacks, a type
of DoS attack.
Reference:
Managing Cisco Network Security (Ciscopress) page 239
QUESTION 8
The security team at Certkiller Inc. was asked the question, what attack is most often used in social engineering. They all answered this wrong. What is the correct answer?
A. Session fragment
B. Unauthorized access
C. Data manipulation
D. Malicious applets
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Social engineering is when someone attempts to manipulate others to access information or access
without authorization. Social engineering has many levels, but they all have the same goal of gaining
unauthorized information or access.
QUESTION 9
Jason the security administrator Certkiller Inc. wants to know by default, how long does a router wait before terminating an unattended line connection?
A. 5 minutes
B. 10 minutes
C. 20 minutes
D. 30 minutes
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
In the page 76 of the MCNS book you see the right data is 10 minutes.
QUESTION 10
Which of the following are Cisco firewall features? (Choose three.)
A. PIX firewall
B. authentication proxy
C. flash memory
D. CBAC
E. stateful failover
F. IDS
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
Explanation:
The Cisco IOS firewall feature set was first introduced as CiscoSecure Integrated Software (CSIS). The
Cisco IOS firewall overview lists the following features:
1) Standard and extended access lists
2) Dynamic access lists
3) Reflexive access lists
4) System auditing
5) TCP intercept
6) Java blocking
7) Context-based access control – CBAC examines traffic passing through the firewall at all layers (up to
the application layer). CBAC is used to generate dynamic accesslists.
8) Cisco IOS firewall IDS.
9) DoS mitigation
10) Authentication proxy – Authentication proxy is used to proxy authentication requests to AAA server.
This allows authentication to occur on a per-user basis.
11) Network Address Translation
12) IPSec network security
13) Neighbor router authentication
14) Event logging
15) User authentication and authorization
6) Real-time alerts
Reference:
CCSP SECUR exam certification guide p.69-70
QUESTION 11
Which of the following IOS commands will you advice the Certkiller trainee technician to use when setting the timeout for router terminal line?
A. exec-timeout minute [seconds]
B. line-timeout minute [seconds]
C. timeout console minute [seconds]
D. exec-time minutes [seconds]
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
http://www.cisco.com/warp/public/793/access_dial/comm_server.html
QUESTION 12
What is another name for packet mode when working in a NAS environment?
A. Interface
B. PPP
C. CTY
D. Async
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
http://www.cisco.com/warp/public/707/32.html
QUESTION 13
Which of the following represents the two files that are necessary to run SDM on a Cisco Router? (Select two)
A. secure.shtml
B. sdm.shtml
C. sdm.exe
D. sdm.tar
E. home.tar
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
Explanation:
The answer are B sdm.shtml and D sdm.tar Do show flash on cisco router sdm the single files available
are sdm.tar, sdm.shtml and sdmconfig.cfg All these fiel are necessary to run the SDM on the router,
instead of the SDM.exe is to install the application on router but not to run the application
CCSP Self-Study Securing Cisco IOS Network (Secur) CiscoPress.comJohn F Roland Page 541
Note:
Copy the SDM files on the TFTP server to the router Flash memory, using the following CLI commands:
Router# copy tftp://<tftp server IP address>/sdm.tar flash:
Router# copy tftp://<tftp server IP address>/sdm.shtml flash:
Router# copy tftp://<tftp server IP address>/home.tar flash:
Router# copy tftp://<tftp server IP address>/home.html flash
QUESTION 14
Choose the command that you will advice the new Certkiller trainee technician to use to verify that SDM has been installed on a Cisco router.
A. show manager
B. show version
C. show flash
D. show sdm
E. show running-config
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
The quickest test is to connect your PC to the lowest-numbered Ethernet port with a cross-over cable and browse to http://<router ip-address> and see if Cisco SDM launch point is present on the resulting web page. If you have a Cisco 83x, 1701, 1710, 1711, or 1712 router, configure the PC to obtain an IP address automatically. If you have any other supported router, configure the PC with the static IP address 10.10.10.2. Alternatively, you can use the CLI to check that the Cisco SDM files are present in the router Flash memory: enter show flash and look for the Cisco SDM file set: sdm.tar, sdm.shtml, sdmconfig-xxxx.cfg. If the files are present, then confirm that the router configuration is set to support Cisco SDM. The configuration requirements are explained in the document Downloading and Installing SDM.
QUESTION 15
Which of the following protocols can you use to provide secure communications between a target router and SDM? (Select two.)
A. HTTPS
B. RCP
C. Telnet
D. SSH
E. HTTP
F. AES
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
Cisco SDM communicates with routers for two purposes: to access the Cisco SDM application files for download to the PC and to read and write the router configuration and status. Cisco SDM uses HTTP(s) to download the application files to the PC. A combination of HTTP(s), Telnet/SSH is used to read and write the router configuration.
QUESTION 16
Which of the following actions can you take to prevent newly configured commands from being sent to a target router?
A. delete
B. remove
C. undo
D. clear-commands
E. refresh
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
To send the commands, you have to do a Deliver. However, if you do a refresh, then the router is polled and the current configuration on the router is brought back to the SDM and any changes that were not yet delivered would be lost. Therefore, the answer is REFRESH – E
QUESTION 17
Which one of the following actions can you take to enable SDM generated commands to reach the target router?
A. You could refresh.
B. You could save.
C. You could deliver.
D. You could download.
E. You could copy-config.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
If you are working in Advanced mode, you must save your work by clicking the Deliver button on the SDM toolbar. The Deliver window allows you to preview the commands that you are sending to the router, and allows you to specify that you want the commands saved to the router’s startup configuration.
QUESTION 18
Which of the following URLs is used to securely access SDM on a router with an IP address of 10.0.5.12?
A. https://10.0.5.12/flash/sdm.tar
B. https://10.0.5.12/flash/sdm.html
C. https://10.0.5.12/flash/sdm.shtml
D. https://10.0.5.12/flash/sdm
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Start SDM SDM is stored in the router Flash memory. It is invoked by executing an HTML file in the router
archive, which then loads the signed SDM Java file. To launch SDM:
——————————— Step 1 From your browser, type in the following universal resource locator (URL):
https://<router IP address> https://… specifies that the Secure Socket Layer (SSL) protocol be used for a
secure connection
QUESTION 19
What is the maximum amount of routers SDM can manage simultaneously?
A. 1
B. 5
C. 50
D. 100
E. determined by router model
F. all of the above
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
One. Cisco SDM is a tool for configuring, managing, and monitoring a single Cisco router. Each Cisco router is accessible with its own copy of Cisco SDM.
QUESTION 20
Which of the following is the minimum IOS release that is capable of supporting SDM?
A. 11.2
B. 12.0
C. 12.1
D. 12.2
E. 6.1
Correct Answer: D Section: (none) Explanation
QUESTION 21
How many devices can Cisco SDM administer?
A. 1
B. 2
C. 3
D. 4
E. There is no limit.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Cisco SDM is a tool for configuring, managing, and monitoring a single Cisco router. Each Cisco router is accessible with its own copy of Cisco SDM.
QUESTION 22
Which of the following configurations restricts telnet access to a router by requiring the password cisco?
A. line vty 0 4 login cisco
B. line vty 0 4 set password cisco login
C. line vty 0 4 password cisco login
D. line vty 0 4 set login set password cisco
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
To restrict telnet access to a Cisco router, you must configure the virtual terminal lines (VTY) that telnet
uses.
Require a login with the login line configuration command (enabled on vty lines by default). You must also
set a password with the password (password) line configuration command, or remote user telnet
connections will be refused, informing them that a login is required, but no password is set.
QUESTION 23
Which of the following commands encrypts all router passwords?
A. service config-passwords
B. service running-encryption
C. service password-encryption
D. service encrypt-passwords
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation:
Using the global configuration command service password-encryption, causes all passwords to be
encrypted so they are unreadable when the router configuration is viewed.
QUESTION 24
Which of the following configuration register values will allow a Cisco router to go immediately into ROM mode at any time during a routers operation?
A. 0x2101
B. 0x2002
C. 0x2210
D. 0x2102
Correct Answer: B Section: (none) Explanation Explanation/Reference:
Explanation:
If bit 8 of the configuration register is off (0x2002) the router can be sent directly into ROM mode at any
time if the break key is issued, losing the running configuration. If bit 8 is turned on (0x2102), the break key
can only be issued within the first 60 seconds of router boot up.
QUESTION 25
By default, how many message recipients must an email have for the IOS Firewall to consider it a spam attack?
A. 250
B. 500
C. 100
D. 25
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation:
By default, the Cisco IOS Firewall will fire an alarm for a spam attack if an email contains 250 or more
recipients.
QUESTION 26
Which of the following AAA security server protocols can the IOS Firewall support? Select all that apply.
A. MD5
B. RSA Signatures
C. TACACS+
D. RADIUS
E. CA
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
Explanation:
The IOS Firewall can communicate with a AAA server running either RADIUS or TACACS+.
QUESTION 27
What is the default mode TCP Intercept operates in?
A. intercept
B. aggressive
C. 3-way
D. responsive
E. watch
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: TCP Intercept can be in either intercept mode or passive watch mode. In intercept mode, each TCP SYN packet will be intercepted and responded to on behalf of the server it is protecting. With passive watch mode, TCP Intercept monitors the connection to the server to make sure the connection becomes complete. If the server cannot complete the connection within a configurable time period, TCP Intercept will send a reset packet to the server, clearing up the server’s resources.
QUESTION 28
What is the range of the number of characters the IOS enable secret password can be?
A. 1-20
B. 1-25
C. 4-24
D. 4-30
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
An IOS enable secret password must be between 1 and 25 characters long. The first character cannot be
a number.
QUESTION 29
Which of the following commands enables TCP Intercept?
A. tcp intercept enable
B. ip tcp intercept enable
C. ip tcp intercept enable list
D. ip tcp intercept list
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Explanation:
To enable TCP Intercept define an access list for hosts you want to protect, then reference that list with the
ip tcp intercept list (list) command.
QUESTION 30
What must you change the configuration register value to, when you need to perform password recovery on a router?
A. 0x2102
B. 0x2142
C. 0x2241
D. 0x2410
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Explanation:
Setting the configuration register value to 0x2142 will force the router upon a reboot, to boot the image
from flash, but to ignore the startup configuration. This allows you to set an enable secret, then to copy the
running configuration to the startup configuration, thus performing password recovery.
Cisco 642-501 Interactive Testing Engine is an engine that can be downloaded and installed on your PC. This Cisco 642-501 is not only advanced and equipped with much more features, it is also not internet dependent, once installed.It enables you to see Interconnecting Cisco Networking Devices Part 1 questions and answers in a simulated Cisco 642-501 exam environment. Working with Cisco 642-501 Interactive Testing Engine is like passing an actual Cisco 642-501 exam.
Important Info — Cisco 642-502 new study guide are designed to help you pass the exam in a short time.Everything you need can be found in the new version Cisco 642-502 exam dumps.Visit Flydumps.com to get more valid information.
Exam A
QUESTION 1
What are the two functions that crypto ACLs perform on outbound traffic? Choose two.
A. bypasses outbound traffic that should be protected by IPSec
B. selects inbound traffic that should be protected by IPSec
C. selects outbound traffic that should be protected by IPSec
D. sends outbound traffic that should not be protected by IPSec as clear text
E. discards outbound traffic that should not be protected by IPSec
F. discards outbound traffic that requires protection by IPSec
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Refer to the exhibit. An administrator cannot telnet to the router. The administrator is not prompted for a username or password and cannot ping the router. After reviewing the output of a show running-config command, what do you determine?
A. AAA is not enabled.
B. Everything is configured correctly (the problem must be caused by something else).
C. An access control list is blocking traffic.
D. The wrong passwords are being used.
E. The TACACS server must be unreachable.
F. The wrong authentication method is applied to lines.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 3
Which three thresholds does CBAC on the Cisco IOS Firewall provide against DoS attacks? Choose three.
A. number of half-open sessions based upon time
B. total number of half-open TCP or UDP sessions
C. number of fully open sessions based upon time
D. number of half-open TCP-only sessions per host
E. total number of fully open TCP or UDP sessions
F. number of fully open TCP-only sessions per host
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Refer to the LAN Wizard screen in the exhibit. How many bits would you input to configure this host for a subnet consisting of two hosts on subnet 172.26.26.0?
A. 3
B. 4
C. 24
D. 30
E. 128
F. 255
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the Cisco Router and Security Device Manager page in the exhibit.
What would be the result of clicking the “Launch the selected task” button in the VPN configuration screen?
A. to start the GRE site-to-site VPN connection configuration
B. to edit the site-to-site VPN connection
C. to start the security audit
D. to start the Easy VPN Server configuration
E. to start the default site-to-site VPN connection configuration
F. to start the Easy VPN Remote configuration
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Where are access profiles stored with the authentication proxy features of the Cisco IOS Firewall?
A. PIX Firewall
B. Cisco router
C. Cisco VPN Concentrator
D. Cisco Secure ACS authentication server
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Choose the correct command to allow IKE to establish the IPSec security associations.
A. crypto map 10 isakmp
B. crypto map 10 manual
C. crypto map MYMAP ipsec-isakmp
D. crypto map MYMAP ipsec-manual
E. crypto map MYMAP 10 ipsec-isakmp
F. crypto map MYMAP 10 ipsec-manual
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Choose the correct command to generate two RSA key pairs for use with certificate authority.
A. key generate rsa general-keys
B. key generate rsa usage-keys
C. crypto key generate rsa general-keys
D. crypto key generate rsa usage-keys
E. enable crypto key generate rsa general-keys
F. enable crypto key generate rsa usage-keys
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Which command is required to specify the authorization protocol for authentication proxy?
A. auth-proxy group tacacs+
B. aaa auth-proxy default group tacacs+
C. authorization auth-proxy default group tacacs+
D. aaa authorization auth-proxy default group tacacs+
E. aaa authorization auth-proxy group tacacs+
F. aaa authorization auth-proxy default group
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which Cisco Catalyst IOS command can be used to mitigate a CAM table overflow attack?
A. switch(config-if)# port-security maximum 1
B. switch(config)# switchport port-security
C. switch(config-if)# port-security
D. switch(config-if)# switchport port-security maximum 1
E. switch(config-if)# switchport access
F. switch(config-if)# access maximum 1
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
An authentication attempt to a Cisco Secure ACS for Windows server failed, yet no log entries are in the reports. What are two possible causes of this problem? (Choose two.)
A. user is not defined
B. user belongs to the wrong group
C. CSAUTH service is down on the Cisco Secure ACS server
D. password has expired
E. user entered an incorrect password
F. communication path between the NAS and Cisco Secure ACS server is down
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 12
What are three main components of the Cisco IOS Firewall feature set? (Choose three.)
A. Context-based Access Control
B. port security
C. authentication proxy
D. authentication, authorization, and accounting
E. Intrusion Prevention System
F. neighbor router authentication
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 13
The SDF uses which type of file format, with a definition of each signature along with relevant configurable actions?
A. ASCII
B. HTML
C. JPEG
D. Word
E. text
F. XML
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which two are typical Layer 2 attacks? (Choose two.)
A. MAC spoofing
B. CAM table overflow
C. route poisoning
D. DHCP Starvation
E. ARP Starvation
F. spam
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 15
What kind of signatures trigger on a single packet? (Choose one.)
A. regenerative
B. cyclical
C. atomic
D. dynamic
E. compound
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
What does authentication proxy on the Cisco IOS Firewall do?
A. creates specific authorization policies for each user with Cisco Secure ACS, dynamic, per-user security and authorization
B. provides additional visibility at intranet, extranet, and Internet perimeters
C. creates specific security policies for each user with Cisco Secure ACS, dynamic, per-user authentication and authorization
D. provides secure, per-application access control across network perimeters
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Select the two protocols used to provide secure communications between SDM and the target router. (Choose two.)
A. HTTPS
B. RCP
C. Telnet
D. SSH
E. HTTP
F. AES
Correct Answer: AD Section: (none) Explanation Explanation/Reference:
QUESTION 18
Which one of the following actions is used to send SDM generated commands to the target router?
A. Refresh
B. Save
C. Deliver
D. Download
E. Copy-config
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Select the maximum number of routers SDM can manage simultaneously?
A. 1
B. 5
C. 50
D. 100
E. 1000
F. determined by router model
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Drag Drop question A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 21
The Cisco Identity-Based Networking Services (IBNS) solution is based on which two standard implementations? (Choose two.)
A. TACACS+
B. RADIUS
C. 802.11
D. 802.1x
E. 802.1q
F. IPSec
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Which module is audited first when packets enter an IOS Firewall IDS and match a specific audit rule?
A. TCP
B. ICMP
C. IP
D. application level
E. UDP
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 23
How does the user trigger the authentication proxy after the idle timer expires?
A. authenticates the user
B. initiates another HTTP session
C. enters a new username and password
D. enters a valid username and password
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Refer to the exhibit. Given the output of the show crypto ipsec sa command, which encryption algorithm is being used?
A. PCP
B. ESP
C. DES
D. 3DES
E. AH
F. HMAC
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Which Cisco Catalyst IOS command is used to mitigate a MAC spoofing attack?
A. switch(config-if)# port-security mac-address 0000.ffff.aaaa
B. switch(config)# switchport port-security mac-address 0000.ffff.aaaa
C. switch(config-if)# switchport port-security mac-address 0000.ffff.aaaa
D. switch(config)# port-security mac-address 0000.ffff.aaaa
E. switch(config-if)# mac-address 0000.ffff.aaaa
F. switch(config)# security mac-address 0000.ffff.aaaa
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 26
Which three keywords are used with the dot1x port-control command? (Choose three.)
A. enable
B. force-authorized
C. force-unauthorized
D. authorized
E. unauthorized
F. auto
Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Refer to the exhibit. After reviewing the running-config file, what do you determine?
A. No one will be able to log in.
B. No one will be able to console in.
C. The wrong authentication method is applied to lines.
D. Users will use the local database to log in to console.
E. Users will use the password cisco to log in to console.
F. Users will use the local database to log in to vty.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Which one of the following actions is used to prevent newly configured SDM commands from being sent to a target router?
A. Delete
B. Remove
C. Undo
D. Clear-commands
E. Refresh
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Choose the correct command that will load the SDF into a router and merge the new signatures with those that are already loaded in the router.
A. copy flash ips-sdf
B. copy url ips-sdf
C. copy ips-sdf url
D. write flash ips-sdf
E. write ips-sdf url
F. write url ips-sdf
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Choose the correct command to disable signature 1000 in the SDF file.
A. 1000 disable
B. no ip ips signature 1000
C. no ip ips signature 1000 enable
D. ip ips signature 1000 disable
E. ip signature 1000 disable
F. signature 1000 disable
Correct Answer: D Section: (none) Explanation Explanation/Reference:
QUESTION 31
What is the minimum IOS release that supports SDM?
A. 11.2
B. 12.0
C. 12.1
D. 12.2
E. 6.1
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
Choose the correct global command that will specify the TACACS server.
A. host 10.1.1.4
B. server 10.1.1.4
C. tacacs-server host 10.1.1.4
D. tacacs-server 10.1.1.4
E. tacacs-host host 10.1.1.4
F. server-tacacs host 10.1.1.4
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 33
What defines the standard certificate format?
A. CEP
B. CRLv2
C. ISAKMP
D. X.509v3
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Which four files are required for basic HTTP connectivity to SDM? (Choose four.)
A. home.html
B. home.tar
C. home.cfg
D. sdm.tar
E. sdm.html
F. sdmconfig-xxxx.cfg
Correct Answer: ABDF Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Choose the two types of signature implementations that the IOS Firewall IDS can detect. (Choose two.)
A. atomic
B. dynamic
C. regenerative
D. cyclical
E. compound
F. complex
Correct Answer: AE Section: (none) Explanation
Explanation/Reference:
Cisco 642-502 tests containing questions that cover all sides of tested subjects that help our members to be prepared and keep high level of professionalism. The main purpose of Cisco 642-502 exam is to provide high quality test that can secure and verify knowledge, give overview of question types and complexity that can be represented on real exam certification
Free Sharing –How to pass the Cisco 642-457 exam quickly? How to prepare for the changed exam? Free download Cisco 642-457 Exam practice test with all new exam questions.You can also get more new version on Flydumps.com
Exam A
QUESTION 1
Which two features require or may require configuring a SIP trunk? (Choose two.)
A. SIP gateway
B. Call Control Discovery between a Cisco Unified Communications Manager and Cisco Unified Communications Manager Express
C. Cisco Device Mobility
D. Cisco Unified Mobility
E. registering a SIP phone
Correct Answer: AB Section: Sip Trunk Explanation
Explanation/Reference:
Ok. See 1-97
-Trunk Types Used by Special Applications
. Call Control Discovery:
-Special trunks configured in Cisco Unified Communications Manager clusters that refer to an SAFenabled network providing Call Control Discovery features.
CCD between CCM and CUCM Express SAF-CCD requires a SIP Trunk or H.323
QUESTION 2
Refer to the exhibit.
The exhibit shows centralized Cisco Unified Communications Manager configuration components for TEHO calls to U.S. area code 408 from the U.K. The PSTN access code for the U.K is 9 and 001 for international calls to the U.S. What should the TEHO-US route list configuration consist of?
A. First route group should point only to the U.K. gateway. The second route group should point to the
U.S. gateway.
B. First route group should be only the local route group. The second route group should point to the U.S gateway.
C. First route group should point only to the U.S. gateway. The second route group should be the local route group.
D. The TEHO-US route list should contain only the local route group. The globalized configuration means that the appropriate gateway will be elected automatically.
E. The \+!route pattern should point directly to the U.S gateway.
Correct Answer: C Section: TEHO Explanation
Explanation/Reference:
Ok. See 1-21 CIPT2 v8.0
QUESTION 3
When Cisco Extension Mobility is implemented, how is the audio source for the MOH selected?
A. The audio source that is configured at the user device profile is selected.
B. The audio source that is configured at the home phone of the user is selected.
C. The audio source that is configured at the physical phone used for the Cisco Extension Mobility login is selected.
D. The audio source that is configured in the IP Voice Media Streaming parameters is selected.
Correct Answer: A Section: Extension Mobility Explanation
Explanation/Reference:
Ok, see 4-47: Cisco Extension Mobility Configuration Elements
The device profile is configured with all the user-specific settings that are found at the device level of an IP phone (user MOH audio source, phone button templates, softkey templates, user locales, DND and privacy settings, and phone service subscriptions) and all phone buttons (lines, speed dials, and so on). One or more device profiles are applied to an end user, in the End User Configuration window.
QUESTION 4
In what Cisco solution is Simple Network-Enabled Auto Provision technology used?
A. Cisco Unified Gateway Duplication
B. Cisco UnifiedCallManager Redundancy
C. Cisco Unified SRST
D. Cisco Unified Call Survivability
Correct Answer: C Section: Configuration Explanation
Explanation/Reference:
Ok, check 1-57 and 2-87: Fallback for IP Phones The Cisco Unified SRST gateway uses Simple Network-Enabled Auto Provision (SNAP) technology to autoconfigure the branch office router to provide call processing for Cisco IP phones that are registered with the router
QUESTION 5
Which method can be used to address variable-length dial plans?
A. Overlap sending and receiving.
B. Add a prefix for all calls that are longer than 10-digits long.
C. Use nested translation patterns to eliminate inter-digit timeout.
D. Use the @macro on the route pattern.
E. Use MGCP gateways, which supportvariable-length dial plans.
Correct Answer: A Section: Dial Plan Explanation Explanation/Reference:
Ok, see Dial Plan Solutions, 1-18 and 1-62.
Variable-length numbering plans: Dial string length is determined by timeout. Overlap sending and
receiving is enabled, allowing dialed digits to be signaled one by one instead of being sent as one whole
number.
QUESTION 6
Refer to the exhibit.
To stream multicast MOH to the remote site across the WAN, what should the minimum value for the Max Hops be configured as?
A. 1
B. 2
C. 3
D. 4
Correct Answer: B Section: MOH Explanation Explanation/Reference:
Ok, see 1-46 CIPT2 V8.0, multicast MOH from Branch Router Flash Example is not applicable (answer
Max Hops = 1) because the question asks the stream multicast across the wan, so TTL 2.
Note the MOH server configuration is not useful to answer this question.
QUESTION 7
Refer to the exhibit.
Which statement about the configuration between the Default and BK regions is true?
A. Calls between the two regions can use either 64 kbps or 8 kbps.
B. Calls between the two regions can use only the G 729 codec
C. Only 64 kbps will be used between the two regions because the link is “lossy”
D. Bothcodecs can be used depending on the loss statistics of the link, when lossy conditions are high, the G.711 codec will be used.
Correct Answer: B Section: MOH Explanation
Explanation/Reference:
Ok. The matrix between Default and BR supports g.729 only.
QUESTION 8
Refer to the exhibit.
When the user of a phone registered to the Cisco Unified Communications Manager places a call to 3001 when the SAF network is down, what happens?
A. The call fails.
B. The call is rerouted to the PSTN with the constructed PSTN number as +442288223001
C. The call is rerouted to the PSTN with the constructed PSTN number as 442288223001
D. The call is rerouted to the PSTN with the constructed PSTN number as 0002288223001
E. The call is rerouted to the PSTN with the constructed PSTN number as +0002288223001
Correct Answer: C Section: SAF Explanation
Explanation/Reference:
OK, SAF, see 5-43 CIPT2, check the ToDID field number 0:442288223001
QUESTION 9
Refer to the exhibit.
The HQ site uses area code 650. The BR1 site uses area code 408. The long distance national code for PSTN dialing is 1. To make a long distance national call, an HQ or BR1 user dials access code 9, followed by 1, and then the 10-digit number. Both sites use MGCP gateways. AAR must use globalized call routing using a single route pattern. Assume that all outgoing PSTN numbers are localized at the egress gateway as shown in the exhibit. What should the AAR group prefix be?
A. 9
B. 91
C. none
D. +
E. +1
Correct Answer: C Section: AAR Explanation
Explanation/Reference:
OK, check 3-68, 3-72 CIPT2v8.0:
When local route groups and globalized call routing are implemented, the egress gateway does not need
to be selected by site-specific AAR
CSS, because the egress gateway is determined by the local route group feature.
In summary, when you are using globalized call routing with local route groups, AAR implementation is
extremely simple: only a single AAR CSS and AAR group are required and applied to all phones,
regardless of their location.
QUESTION 10
When Cisco Extension Mobility is implemented, which CSS is used for calling privileges?
A. The user device profile line CSS combined with the device CSS of the physical phone used to log in the extension mobility user.
B. The user device profile device CSS combined with the line CSS of the physical phone used to log in the extension mobility user.
C. Only the user device profile device CSS is used
D. The combined line/device CSS of the physical phone is used to log in the extension mobility user.
E. The combined line/device CSS of the user device profile.
Correct Answer: A Section: Extension Mobility Explanation
Explanation/Reference:
Ok, check the Note section 4-56: Cisco Extension Mobility and CSSs
.
Cisco Extension Mobility does not modify the device CSS.
.
Cisco Extension Mobility modifies the line CSS:
-When using the line/device CSS approach (recommended for CoS implementation): Line CSS of user device profile is applied; CoS settings of the user are enforced. Device CSS is not modified; local gateway selection is allowed, depending on used device (at
any location).
If only device CSSs are used, the CSS is not updated, and no user-specific privileges can be applied. The user inherits the privileges that are configured at the device that is used for logging in.
QUESTION 11
Refer to the exhibit.
Assume that NANP is being used and 9 is used for PSTN access code Long distance national calls are
preceded with 1.
How should the HQ Cisco Unified Communications Manager be configured for calls to 3XXX to be sent to
the gatekeeper at 10.1.6.1 with PSTN backups?
A. Configure a route pattern for 3XXX. Assign this route pattern to a route list that points to two route groups The first route group contains the H.225 trunk. The second route group contains the MGCP gateway with prefix digits 1 408555 for the outgoing called number.
B. Configure a route pattern for 1#3XXX. Assign this route pattern to a route list that points to a route group that lists the H.225 trunk as first choice and the MGCP gateway as a second choice.
C. Configure a route pattern for 4085543XXX. Assign this route pattern to a route list that points to two route groups. The first route group contains the H.226 trunk. The second route group contains MGCP gateway.
D. Configure a route pattern for 3XXX. Assign this route pattern to a route list that points to two route groups The first route group contains the H.225 trunk. The second route group contains MGCP gateway with prefix digits 91 408554 for the called number.
Correct Answer: A Section: Dial Plan Explanation
Explanation/Reference:
Ok, check 3-100 3-101. Note: For a PSTN backup, you need to perform digit manipulation in such a way that the calling number and (more importantly) the called number are transformed to always suit the needs of the device that is actually used. This transformation can be done at the route list, where digit manipulation can be configured per route group. In the example, the called number 9 1 511 555-1234 has to be changed to a 10-digit number for the H.225 trunk, because the gatekeeper is configured with area code prefixes without the long distance 1. The called number must also be changed to an 11-digit number if rerouting the call to the PSTN gateway is necessary. A better solution would be using global transformations at the egress devices (H.225 trunk and PSTN gateways). In a large multisite environment or in an international deployment, the implementation of globalized call routing would be the best solution.
QUESTION 12
When an incoming PSTN call arrives at an MGCP gateway, how does the calling number get normalized to a global E.164 number with the + prefix in Cisco Unified Communications Manager?
A. Normalization is done using translation patterns.
B. Normalization is done using route patterns.
C. Normalization is done using the gateway incoming called party prefixes based on number type.
D. Normalization is done using the gateway incoming calling party prefixes based on number type.
E. Normalization is achieved by local route group that is assigned to the MGCP gateway.
Correct Answer: D Section: Dial Plan
Explanation Explanation/Reference:
Ok see 1-136 CIPT2 v8.0
QUESTION 13
Where do you specify the device mobility group and physical location after they have been configured?
A. phones
B. DMI
C. device mobility CSS
D. device pool
E. MRGL
F. locale
Correct Answer: D Section: Configuration Explanation
Explanation/Reference:
Ok, check 4-32, step 3: Configure Device Pools
QUESTION 14
Refer to the exhibit.
What should the destination IP address be configured as on the HQ and BR1 SIP trunks?
A. The HQ SIP trunk destination IP address should be 10.1.6.10. The BR1 SIP trunk destination IP address should be 10.1.5.10
B. The destination IP address is not configurable. Each cluster will learn about the remote trunk IP address through SAF learned routes.
C. The destination IP address will be learned automatically and configured on the SIP trunks after the Cisco Unified Communications Managers discover themselves.
D. The HQ SIP trunk destination IP address should be the HQ SAF Forwarder IP address. The BR1 SIP trunk destination IP address should be the BR1 SAF Forwarder IP address.
Correct Answer: B Section: SAF Explanation
Explanation/Reference:
Ok. See 5-40.
You can configure one SAF-enabled SIP trunk and one SAF-enabled H.323 trunk. With a SAF-enabled
H.323 trunk, you have to first add a standard nongatekeepercontrolled ICT and then check the Enable SAF check box. Once the check box is checked, the IP address field is disabled. The reason is that the configured trunk does not refer to a particular destination IP address but instead acts as a template for a dynamically created trunk once a SAF call is placed. The destination IP address is then taken from the learned SAF service data. The same concept applies to the SAF-enabled SIP trunk. The only difference is that the SAFenabled SIP trunk is a special trunk service type, which is selected before the trunk configuration page is shown. Therefore, there is no extra check box like there is at the nongatekeeper-controlled ICT. The SAF-enabled SIP trunk also does not have a destination IP address field.
QUESTION 15
Refer to the following exhibit.
Which Cisco IOS SAF Forwarder configuration is correct?
A. router eigrp SAF ! service-family ipv4 autonomous-system 1
!
sf-interface FastEthernet0/0
topology base
exit-sf-topology
external-client HQ_SAF
exit-service-family
!
service-family external-client listen ipv4 5050
external-client HQ_SAF
username SAFUSER
password SAFPASSWORD
B. router eigrp SAF ! service-family ipv4 autonomous-system 1
!
sf-interface FastEthernet0/0
topology base
exit-sf-topology
external-client HQ_SAF_FWDER
exit-service-family
!
service-family external-client listen ipv4 5050
external-client HQ_SAF_FWDER
username SAFUSER
password SAFPASSWORD
C. router eigrp SAF ! service-family ipv4 autonomous-system 1
!
sf-interface FastEthernet0/0
topology base
exit-sf-topology
external-client HQ_SAF_FWDER
exit-service-family
!
service-family external-client listen ipv4 5050
external-client HQ_SAF
username SAFUSER
password SAFPASSWORD
D. router eigrp SAF ! service-family ipv4 autonomous-system 1
!
sf-interface FastEthernet0/0
topology base
exit-sf-topology
external-client HQ_SAF
exit-service-family
!
service-family external-client listen ipv4 5050
external-client HQ_SAF_FWDER
username SAFUSER
password SAFPASSWORD
Correct Answer: A Section: SAF Explanation
Explanation/Reference:
OK 5-36, 5-39, check the Client Label.
QUESTION 16
Which two locations are the best locations that an end user can use to determine if an IP phone is working in SRST mode? (Choose two)
A. Cisco Unified Communications Manager Administration
B. IP phone display
C. Cisco Unified SRST Router
D. Cisco Unified MGCP Fallback Router
E. physical IP phone settings
Correct Answer: BE Section: Configuration Explanation
Explanation/Reference:
Ok, end-user reference
QUESTION 17
Which statement best describes globalized call routing in Cisco Unified Communications Manager?
A. All incoming calling numbers on the phones are displayed as an E 164 with the + prefix.
B. Call routing is based on numbers represented as an E.164 with the + prefix format.
C. All called numbers sent out to the PSTN are in E-164 with the + prefix format.
D. The CSS of all phones contain partitions assigned to route patterns that are in global format.
E. All phone directory numbers are configured as an E.164 with the + prefix.
Correct Answer: B Section: Configuration Explanation Explanation/Reference:
Ok, 1-65 CIPT2 v8.0
QUESTION 18
How is a SIP trunk in Cisco Unified Communications Manager for SIP precondition?
A. The configuration is done by selecting a SIP precondition trunk type.
B. The configuration is automatically selected when RSVP is enabled for the location assigned to the trunk.
C. SIP precondition is configured by selecting E2E for RSVP over SIP on the default SIP profile assigned to the SIP trunk.
D. SIP precondition is configured by configuring a new SIP profile and selecting E2E for RSVP over SIP. The new SIP must then be assigned to the SIP trunk.
Correct Answer: D Section: Sip Trunk Explanation
Explanation/Reference:
Ok see 3-90 and 3-91 CIPT2.
SIP precondition is also called as “RSVP end to end”
QUESTION 19
Refer to the exhibit.
The exhibit shows centralized Cisco Unified Communications Manager configuration components for TEHO calls to U.S area code 408 from the UK The PSTN access code for the UK is 9 and 001 for international calls to the U.S. To match US -TEHO pattern \+!, how should the translation pattern be configured?
A. 9001.4085551 234 with the Called Party Transformation: Discard Digits PreDot Prefix Digits Outgoing Calls: +
B. 9.0014085551234 with the Called Party Transformation: Discard Digits PreDot Prefix Digits Outgoing Calls: +1
C. 900.14085551234 with the Called Party Transformation: Discard Digits PreDot Prefix Digits Outgoing Calls +1
D. 900.14085551234 with the Called Party Transformation: Discard Digits PreDot Prefix Digits Outgoing Calls +
E. 001.4085551234 with the Called Party Transformation: Discard Digits PreDot
Correct Answer: D Section: TEHO Explanation
Explanation/Reference:
Ok, see 1-137 and 1-148: Globalized Call Routing-TEHO Example
QUESTION 20
Refer to the exhibit.
The HQ site uses area code 650. The BR1 site uses area code 408. The long distance national code for PSTN dialing is 1. To make a long distance national call, an HQ or BR1 user dials access code 9, followed by 1, and then the 10-digit number. Both sites use MGCP gateways AAR must use globalized call routing using a single route pattern. Assume that all outgoing PSTN numbers are localized at the egress gateway as shown in the exhibit. Which partition should be configured in the AAR CSS applied at the phones’?
A. PSTN partition
B. LD partition
C. The HQ AAR CSS must include a partition assigned to route pattern 91408XXXXXXX. The BR1 AAR CSS must include a partition assigned to route pattern 91650XXXXXXX.
D. AAR CSS must contain translation pattern 9.1[2-9]XX[2-9]XXXXXX for each site that must be globalized. Otherwise the called numbers will not be localized at the egrees gateway.
Correct Answer: A Section: AAR Explanation
Explanation/Reference:
???, check 3-72 Doc. answer is B (Why??) agreed internally
QUESTION 21
Refer to the exhibit.
What must be configured on the HQ Cisco Unified Communications Manager to allow HQ users to dial the SAF learned directory number pattern 3XXX?
A. Route pattern 3XXX should be configured and made available to HQ users through the phone CSS.
B. Route pattern 3XXX should be configured and made available to HQ phone users through the phone AAR CSS.
C. The SAF partition assigned to the SAF learned patterns must be available to the HQ phone users through the phone CSS.
D. The SAF partition assigned to the SAF learned patterns must be available to the HQ phone users through the phone AAR CSS.
E. The SAF directory number pattern 3XX will be made available to all user automatically as soon as the SAF partition is selected.
Correct Answer: C Section: SAF Explanation
Explanation/Reference:
OK, 5-24 CIPT2
QUESTION 22
Which statement about H.323 Gatekeeper Call Admission Control is true?
A. Gatekeeper Call Admission Control applies to centralized Cisco Unified Communications deployments that use locations based Call Admission Control.
B. Gatekeeper Call Admission Control applies to distributed Cisco Unified Communications deployments.
C. Gatekeeper Call Admission Control applies only to distributed Cisco Unified Communications Express deployments.
D. Gatekeeper Call Admission Control setting is configured in Cisco Unified Communications.
Correct Answer: B Section: Call Admission Control Explanation
Explanation/Reference:
OK.
QUESTION 23
Refer to the exhibit.
Which pattern will be advertised try the Cisco Unified Communications Manager?
A. 3XXX and the ToDID will be 0:
B. 3XXX and the ToDID will be 0:44228822
C. 3XXX and the ToDID will be 44228822
D. 3XXX and the ToDID will be 0:+44228822
E. 3XXX and the ToDID will be 0:+
Correct Answer: A Section: Dial Plan Explanation
Explanation/Reference:
Ok, 5-41 and 5-42.
QUESTION 24
Refer to the exhibit.
Locations-based CAC has been configured between HQ and the BR site. Assume that the priority queue has been provisioned correctly for three G.729 calls. What happens when the fourth call is placed from HQ to BR?
A. The call will get through via the WAN but it will experience poor audio quality.
B. The call will fail.
C. The call will be queued until one of the existing calls drop.
D. The call will get through without any issues.
Correct Answer: A Section: Call Admission Control Explanation
Explanation/Reference:
OK. Audio Bandwidth is 96 kbps -> up to 4 g.729 calls are permitted (about 12 kb per call), but QoS is applied (priority 40k) so the 4th call goes on but with poor quality for all the active calls.
QUESTION 25
While configuring Call Survivability in Cisco Unified Communications Manager, what step is mandatory to reach remote sites while in SRST mode?
A. Enable Cisco Remote SiteReachability.
B. Configure CFUR.
C. Enable the SRST checkbox in the MGCP gateway.
D. Configure the H 323 gateway for SRST in Cisco Unified Communications Manager.
E. Enable the Failover Service parameter.
Correct Answer: B Section: Configuration Explanation
Explanation/Reference:
Ok, 2-25 CIPT2 V8.0 The CFUR feature has to be configured on the Cisco Unified Communications Manager to reach remote sites in SRST mode.
QUESTION 26
Which Cisco IOS command is used to verify that the Cisco Unified Communications Manager Express has registered with the SAF forwarder?
A. show eigrp service-family ipv4 clients
B. show eigrp address-family ipv4 clients
C. show voice saf dndball
D. show saf registration
E. show ip saf registration
Correct Answer: A Section: SAF Explanation
Explanation/Reference:
Ok.
QUESTION 27
When multiple Cisco Extension Mobility profiles exist, which actions take place when a user tries to log in to Cisco Extension Mobility?
A. The login will fail because only a single Cisco Extension Mobility profile is allowed
B. The user must select the desired profile
C. The user must login to both profiles in the order they are presented.
D. The user may login to both profiles in any order
E. Login will only be allowed to multiple profiles if the service parameterAllow Multiple Logins is enabled.
Correct Answer: B Section: Extension Mobility Explanation
Explanation/Reference:
OK, 4-50 CIPT2 Cisco Extension Mobility Operation.
QUESTION 28
Refer to the exhibit.
What media resource should be configured in Cisco Unified Communications Manager?
A. Cisco Media Termination Point Hardware
B. Cisco IOS Enhanced Media Termination Point
C. Cisco IOS Media Termination Point
D. Cisco Media Termination Point Hardware (WS-SVC-CMM)
Correct Answer: B Section: Configuration Explanation
Explanation/Reference:
Ok, check 3-63 CIPT2
QUESTION 29
Refer to the exhibit.
How does the Cisco Unified Communications Manager advertise dn-block 1?
A. 4XXX and theToDID will 0:
B. 4XXX and theToDID will 0: 1972555
C. 4XXX
D. 4XXX and theToDID will 0 + 1 972555
E. 19725554XXX
Correct Answer: B Section: Dial Plan Explanation
Explanation/Reference:
Ok, 5-50 CIPT2
QUESTION 30
Refer to the exhibit The exhibit shows a SAF Forwarder configuration attached to a Cisco Unified Communications Manager. Which minimum configuration for a Cisco Unified Communications Manager Express SAF Forwarder is needed to establish a SAF neighbor relationship with this SAF Forwarder?
A. router eigrp SAF i service-family ipv4 autonomous-system 1 ! topology base exit-sf-topology exit-service-family voice service saf profile trunkroute 1 session protocol sip interface Loopback1 transport tcp port 5060 !
B. router eigrp SAF ! service-family ipv4 autonomous-system 1 ! topology base exit-sf-topology exit- service-family ! voice service saf profile trunk-route 1 session protocol sip interface Loopback1 transport tcp port 5060 ! profile dn-block 1 alias-prefix 1972555 pattern 1 type extension 4xxx ! profile callcontrol 1 dn-service trunk-route 1 dn-block 1 dn-block 2 ! channel 1 vrouter SAF asystem 1 subscribe callcontrol wildcarded publish callcontrol 1 !
C. router eigrp SAF ! service-family ipv4 autonomous-system 1 ! topology base exit-sf-topology exit-service-family !
D. None of above configurations contain sufficient information.
Correct Answer: C Section: SAF Explanation
Explanation/Reference:
OK, The command sf-interface is missing but is not mandatory. 5-36 CIPT2
CCNA Cisco 642-457 Exam Certification Guide is part of a recommended study program from Cisco 642-457 that includes simulation and hands-on training from authorized Cisco 642-457 Learning Partners and self-study products from Cisco 642-457.Find out more about instructor-led, e-learning, and hands-on instruction offered by authorized Cisco 642-457 Learning Partners worldwide