Month: June 2016

Checkpoint 156-215 Questions And Answers, Helpful Checkpoint 156-215 Ddump Online StoreCheckpoint 156-215 Questions And Answers, Helpful Checkpoint 156-215 Ddump Online Store

Do not you know how to choose the Checkpoint 156-215 exam dumps? Being worried about your Checkpoint 156-215 exam? Just try Flydumps new version Checkpoint 156-215 exam dumps.High pass rate and money back guarantee!

QUESTION 45
What does schema checking do?
A. Issues Certificates, and register the Certificates with the VPN-1 NGX Internal Certificate Authority
B. Maps LDAP objects to objects in the VPN-1 NGX objects.c file
C. Provides topology downloads for SecuRemote and SecureClient users authenticated by an LDAP server
D. Authenticates users attempting to access resources protected by a VPN-1 NGX Security Gateway
E. Verifies that every object class, and its associated attributes, is defined in the directory schema

Correct Answer: E
QUESTION 46
As a Security Administrator, you must configure anti-spoofing on Secure Gateway interfaces, to protect your internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram? NOTE: In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. FTP server 192.168.16.15 is statically translated to the object “ftp_valid”, with IP address 210.210.210.5.

A. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24 networks
B. A group object that includes the 10.10.0.0/16 network object, mail_valid host, and FTP_valid host object
C. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24 networks
D. A group object that includes the 192.168.16.0/24 and 10.10.0.0/16 networks
E. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects

Correct Answer: A
QUESTION 47
When you use the Global Properties’ default settings, which type of traffic will be dropped, if no explicit rule allows the traffic?
A. IKE and rDP traffic
B. Outgoing traffic originating from the Security gateway.
C. SmartUpdate connections
D. Firewall logging and ICA key-exchange information.
E. RIP traffic

Correct Answer: E
QUESTION 48
By default, when you click File > Switch Active File from SmartView Tracker, the smartCenter Server:
A. Purges the current log, and prompts you for the new log’s mode.
B. Prompts you to enter a file name, then saves the log file.
C. Saves the current log file, names the log file by date and time, and starts a new log file.
D. Opens a new window with a previously saved log file.
E. Purges the current log file, and starts a new log file.

Correct Answer: C
QUESTION 49
If you check the box “Use Aggressive Mode”, in the IKE Properties dialog box:
A. The standard six-packet IKE Phase 1 exchange is replaced by a three-packet exchange
B. The standard three-packet IKE Phase 2 exchange is replaced by a six-packet exchange
C. The standard six-packet IKE Phase 2 exchange is replaced by a three-packet exchange
D. The standard three-packet IKE Phase 1 exchange is replaced by a six-packet exchange

Correct Answer: A
QUESTION 50
Jordan’s company is streaming training videos provided by a third party on the Internet. Jordan configures VPN-1 NGX, so that each department ONLY views webcasts specific to its department. Jordan created and configured the multicast groups for all interfaces, and configures them to “Drop all multicast packets except those whose destination is in the list”. But no multicast transmissions are coming from the Internet. What is possible causes fro the connection problem?
A. Multicast groups are configured improperly on the external interface properties of the Security Gateway object.
B. Anti-spoofing is enabled. VPN-1 NGX cannot pass multicast traffic, if anti-spoofing is enabled.
C. Jordan did not create the necessary “to and through” rules, defining how VPN-1 NGX will handle the multicast traffic.
D. VPN-1 NGX does not support multicast routing protocols and streaming media through the Security Gateway.
E. The Multicast Rule is below the Stealth Rule. VPN-1 NGX can only pass multicast traffic, if the Multicast Rule is above the Stealth Rule.
Correct Answer: A
QUESTION 51
Your SmartCenter Server fails and does not reboot. One of your remote Security Gateways, managed by the SmartCenter Server, reboots. What happens to that remote Gateway after reboot?
A. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, all traffic is allowed through the Gateway.
B. Since the SmartCenter Server is not available, the remote Gateway uses the local Security Policy, but does not log traffic.
C. Since the SmartCenter Server is not available, the remote Gateway cannot fetch the Security Policy. Therefore, no traffic is allowed through the Gateway.
D. Since the SmartCenter Server is not available to the remote Gateway, fetching the Security Policy and logging will both fail.
E. The remote Gateway fetches the last installed Security Policy locally, and passes traffic normally. The Gateway will log locally, since the SmartCenter Server is not available.

Correct Answer: E
QUESTION 52
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. SmartConsole
B. SmartCenter Server
C. Policy Server
D. SmartLSM
E. Security Gateway

Correct Answer: B
QUESTION 53
Robert has configured a CIFS resource to allow access to the public partition of his company’s file server,
on \\erisco\goldenapple\files\public. Robert receives reports that users are unable to access the share,
unless they use the file server’s IP address.
Which of the following is a possible cause?

A. the CIFS resource is not configured to use Windows name resolution
B. Mapped shares are not configured to log.
C. Null CIFS sessions are configured to be blocked
D. Remote registry access is configured to be blocked.
E. Access violations are not configured to log.

Correct Answer: A
QUESTION 54
Barak is a Security Administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that a new office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the Internal Certificate Authority (ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

A. 1, 2, 3, 4
B. 1, 2, 5
C. 1, 2, 3, 5
D. 1, 3, 4, 5
E. 1, 2, 3, 4, 5

Correct Answer: E
QUESTION 55
You want to establish a VPN, using Certificates. Your VPN will exchange Certificates with an external partner. Which of the following activities should you do first?
A. Exchange a shared secret, before importing Certificates.
B. Create a new logical-server object, to represent your partner’s CA.
C. Create a new server object, to represent your partner’s Certificate Authority (CA)
D. Manually import your partner’s Certificate Revocation List.
E. Manually import your partner’s Access Control list.

Correct Answer: C
QUESTION 56
There is a Web server behind your perimeter Security Gateway. You need to protect the server from network attackers, who creates scripts that force your Web server to send user credentials or identities to other Web servers. Which box do you check in the Web Intelligence tab in SmartDashboard?
A. Command Injection protection
B. SQL Injection protection
C. HTTP header format checking
D. HTTP protocol inspection protection
E. Cross Site Scripting protection

Correct Answer: E
QUESTION 57
How do you control the maximum mail messages in a spool directory?
A. In the SMTP resource object
B. In the smtp.conf file on the SmartCenter Server
C. In the gateway object’s SMTP settings in the Advanced window
D. In SmartDefense SMTP settings
E. In the Security Server window in Global Properties

Correct Answer: C
QUESTION 58
Quinton is the Security Administrator for a chain of retail stores. In a recent security newsletter, Quinton read about an attack where a client fools a server into sending large amount of data, using small packets. Quinton is concerned that this company’s servers might be vulnerable to this type of attack. Which smartDefense option should Quinton use to protect the servers?
A. Application Intelligence > DNS > Cache poisoning
B. Network Security > Successive events > DoS
C. Network Security > TCP > Small PMTU
D. Application Intelligence > Microsoft Networks > File and Print Sharing
E. Network Security > Denial of Service > LAND
Correct Answer: C QUESTION 59
In SmartView Tracker, which rule shows when a packet is dropped due to anti-spoofing?
A. Rule 999
B. Rule 0
C. Rule 1
D. Cleanup Rule
E. Stealth Rule

Correct Answer: B
QUESTION 60
Sonny is the Security Administrator for a company with a large call center. The management team in the center is concerned that employees may be installing and attempting to use peer-to-peer file-sharing utilities, during their lunch breaks. The call center’s network is protected by an internal Security Gateway, configured to drop peer-to-peer file-sharing traffic. The call-center management team wants to know if the Security Gateway protecting the call center drops more packets than other internal Security Gateways in the corporate network. Which application should Sonny use, determine the number of packets dropped by each Gateway?
A. SmartView Status
B. SmartView Monitor
C. SmartDashboad
D. SmartView Tracker
E. SmartUpdate

Correct Answer: B
QUESTION 61
Katie is the Security Administrator for an insurance company. Her manager gives Katie the following requirements for controlling DNS traffic:
*
Required Result #1: Accept domain name-over-TCP traffic (zone-transfer traffic).

*
Required Result #2: Log domain name-over-TCP traffic (zone-transfer traffic).

*
Desired Result #1: Accept domain name-over-UDP traffic (queries traffic)

*
Desired Result #2: Do not log domain name-over-UDP traffic (queries traffic)

*
Desired Result #3: Do not clutter the Rule Base, by creating explicit rules for traffic that can be controlled using Global Properties. Katie makes the following configuration changes, and installs the Security Policy:
1.
She selects the box “Accept Domain Name over TCP (Zone transfer)” in Global Properties.

2.
She selects the box “Accept Domain Name over UDP (Queries)” in Global Properties.

3.
She selects the box “Log Implied Rules” in Global Properties Does Katie’s solution meet the required and desired results?
A. The solution meets all required results, and none of the desired results.
B. The solution does not meet the required results.
C. The solution meets all required and desired results.
D. The solution meets the required results, and one of the desired results.
E. The solution meets the required results, and two of the desired results.

Correct Answer: E
QUESTION 62
David is a consultant for a software-deployment company. David is working at a customer’s site this week. David’s ask is to create a map of the customer’s VPN tunnels, including down and destroyed tunnels. Which SmartConsole application will provide David with the information needed to create this map?
A. SmartView Tracker
B. SmartLSM
C. SmartView Monitor
D. SmartView Status
E. SmartUpdate

Correct Answer: C
QUESTION 63
Gail is the Security Administrator for a marketing firm. Gail is working with the networking team, to troubleshoot user complaints regarding access to audio-streaming material from the Internet. The networking team asks Gail to check he configuration settings for the perimeter Security Gateway. Which SmartConsole application should Gail use to check the configuration settings?
A. SmartView Tracker
B. SmartView Monitor
C. SmartUpdate
D. SmartDashboard
E. SmartView Status

Correct Answer: D
QUESTION 64
One of your remote Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive an error message “unknown”. What is the problem?
A. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate.
B. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate.
C. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX.
D. The Internal Certificate Authority for the SmartCenter object has been removed from objects_5_0.c.
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection.

Correct Answer: E

Well-regarded for its level of detail, assessment features, and challenging review questions and hands-on exercises,Checkpoint 156-215 helps you master the concepts and techniques that will enable you to succeed on the Checkpoint 156-215 exam the first time.

Checkpoint 156-816 Demo Download, Latest Updated Checkpoint 156-816 Test Prep Latest Version PDF&VCECheckpoint 156-816 Demo Download, Latest Updated Checkpoint 156-816 Test Prep Latest Version PDF&VCE

Flydumps just published the newest Checkpoint 156-816 dumps with all the new updated exam questions and answers.Flydumps provide the latest version of Checkpoint 156-816 and VCE files with up-to-date questions and answers to ensure your exam 100% pass, on our website you will get the free new newest Checkpoint 156-816 version VCE Player along with your VCE dumps.

QUESTION 47
Consider the following scenario: Your network configuration requires that you configure a single interface on the VSX Gateway to lead to multiple networks. A different Virtual System must protect each network sending traffic through the VSX Gateway. You configured a dedicated management interface on the VSX Gateway, along with 1 External Virtual Router and 4 Virtual Systems, one for each Customer. Which of the following hardware devices must be used to connect the different networks to the single shared interface?
A. Frame cache-redirection enabled switch
B. Content-intelligent switch
C. Jumbo frame-enabled switch
D. Router
E. VLAN-capable switch

Correct Answer: E
QUESTION 48
Which of the following VLAN membership types is considered explicit in its propagation?
A. Application-based
B. Protocol-based
C. Session-based
D. MAC address-based

Correct Answer: B
QUESTION 49
Which of the following VSX components maintain layer 3 connectivity?
A. Virtual System in Bridge mode
B. Internal Virtual Switch
C. External Virtual Switch
D. Virtual Router
E. VLAN interface
Correct Answer: D
QUESTION 50
A Virtual System in Bridge mode can:
A. Operate without IP addresses.
B. Participate in VPNs.
C. Segment an existing network.
D. Perform NAT.
E. Automatically include a spanning tree protocol for multi-switch environments.
Correct Answer: A
QUESTION 51
Consider the following scenario: A hub connects four hosts to a VLAN-Tagged port on a switch. The hosts have IP addresses ranging from 10.0.0.1 to 10.0.0.4. The switch adds a VLAN Tag of 400 to all communication passing through it. Once communication from the second host on the hub passes through the switch port on the way to its destination on the external network, how does the traffic appear in SmartView Tracker? Assume that traffic enters the Gateway on interface eth3.
A. eth3.2
B. eth3.400.2
C. eth3.400
D. eth3.2.400
E. eth3.402

Correct Answer: C
QUESTION 52
Which of the following is NOT a virtual device that can be defined on a VSX Gateway?
A. Warp interface
B. Physical Interface
C. Virtual System
D. Virtual Switch
E. Virtual Router

Correct Answer: B
QUESTION 53
When configuring the interfaces for Virtual Systems leading to a Virtual Switch, which of the following is required?
A. IP addresses on separate networks
B. IP addresses on the same network
C. Shared CMA management of the Virtual Systems
D. Unique subnet-mask settings
E. Different default Gateways

Correct Answer: B
QUESTION 54
When configuring a VLAN environment for your VSX Gateway, you must first define the interface as VLAN-capable. Where is this interface configured?
A. Topology tab of the External Virtual Router
B. System Interfaces Allocation tab of the VSX Gateway object
C. System Interfaces tab of the VSX Gateway object
D. Resources tab of the Virtual System object
E. Topology tab of the Virtual System object
Correct Answer: C
QUESTION 55
Bridged Virtual Systems in a cluster monitor which of the following protocols, to fail over a bridged system?
A. VTP
B. MPLS
C. BPDU
D. STP
E. OSPF

Correct Answer: C
QUESTION 56
Virtual Switches make packet-forwarding decisions based on which of the following?
A. Subnet mask
B. MAC address
C. Routing table
D. IP address
E. Traffic flow direction

Correct Answer: B
QUESTION 57
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual System in Bridge mode
B. External Virtual Router
C. Internal Virtual Router
D. Virtual System with VLAN interfaces
E. Management Virtual System interface

Correct Answer: A
QUESTION 58
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway

Correct Answer: D
QUESTION 59
At installation, the _________ is bound to all configured physical interfaces of a VSX Gateway, UNLESS the interfaces are specifically assigned to another component.
A. VSX Management Server
B. External Virtual Router
C. Synchronization Network
D. Management Virtual System
E. Internal Virtual Router
Correct Answer: D
QUESTION 60
When configuring a new Virtual System for your VSX Gateway configuration, what should you do first?
A. Create a new Customer and CMA, to be used as the Virtual System’s Management Server.
B. Open the Admin CMA SmartDashboard, and create a new CMA object to be used as the Virtual System’s Management Server.
C. Add a new Virtual System to the Main Customer, so that the Admin CMA can be used as the Management Server.
D. Open the Global SmartDashboard, and create a new Virtual System object.
E. Open the Admin CMA SmartDashboard, and create a new Virtual System object.

Correct Answer: A
QUESTION 61
A Virtual Router performs which of the following tasks?
A. Security Policy application for protected customer networks
B. Inter-Virtual System routing
C. Synchronization between VSX Gateways in a cluster
D. Network Address Translation for protected customer networks
E. Packet inspection for protected customer networks

Correct Answer: B
QUESTION 62
If you open the Policy Editor for a Virtual System in your VSX configuration and change the Global Properties settings to accept ICMP requests, which of the following occurs?
A. The settings for all Virtual Systems attached to the same Admin CMA are changed.
B. The settings for all Virtual Systems within a Customer are changed, regardless of CMA association.
C. No change takes place on any Policy. Global properties can only be configured in the Global Policy Editor.
D. The settings for all Virtual Systems on the MDS are updated to reflect the change.
E. The settings for all Virtual Systems managed by the same Customer CMA are changed.

Correct Answer: E
QUESTION 63
Which interface of the Management Virtual System (MVS) can be compared to the external interface of a traditional Security Gateway?
A. Warp interface leading from the MVS to the External Virtual Router
B. None; the External Virtual Router acts as the external interface to all Virtual Systems configured on the VSX Gateway.
C. Dedicated management interface, typically eth0
D. Synchronization interface
E. Virtual interface leading from the MVS to the External Virtual Router

Correct Answer: A
QUESTION 64
If a VSX Gateway is protecting multiple customer networks behind only one shared interface, the VSX Administrator must either configure __________ for source-based routing, or deploy a VLAN solution.
A. An Internal Virtual Router
B. Non-VLAN Interface Trunking
C. VSX Gateway High Availability
D. VSX Gateway Load Sharing
E. Multiple External Virtual Routers

Correct Answer: A
QUESTION 65
Which of the following is the only interface configured by running sysconfig, during the installation of a VSX Gateway in a single Gateway environment?
A. Synchronization interface
B. Dedicated Customer interface
C. Internal Virtual Router interface
D. Management interface
E. External interface

Correct Answer: D
QUESTION 66
The __________ forwards packets between interfaces of a Virtual System.
A. Internal Packet Routing Module
B. Context Identification Module
C. Virtual IP Stack
D. External Virtual Router
E. Virtual Switch

Correct Answer: C
QUESTION 67
The External Virtual Router is associated with a dedicated interface. It is considered to be which type of interface?
A. Warp
B. Synchronization
C. Virtual
D. Physical
E. Symbolic

Correct Answer: D
QUESTION 68
When installing the Security Policy of a Management Virtual System (MVS), what objects are available for Policy installation, other than the MVS?
A. All configured Virtual Routers
B. No other object is available for Policy installation.
C. All configured Virtual Systems
D. All configured Virtual Systems and the External Virtual Router
E. All configured Virtual Switches

Correct Answer: A
QUESTION 69
When configuring the VSX Gateway, it is important to reboot after running which of the following commands for the first time?
A. vsx sysconfig
B. fwconfig
C. cpconfig
D. cpconfig vsx
E. vsxconfig
Correct Answer: C
QUESTION 70
The __________ interface is configured in a VLAN environment, to allow multiple Virtual Systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Warp
C. Symbolic
D. Physical
E. Virtual

Correct Answer: E
QUESTION 71
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Virtual Switch
B. Virtual System with VLAN interfaces
C. Management Virtual System interfaces
D. External Virtual Router
E. Virtual System with dedicated interfaces

Correct Answer: A
QUESTION 72
A Virtual System in Bridge mode is a Virtual System that implements:
A. Dynamic IP routing.
B. Native layer-2 communications.
C. VLAN Tagging.
D. IP routing.
E. Network Address Translation.

Correct Answer: B
QUESTION 73
When deploying a VSX Gateway managed by a Provider-1 MDS, how many Certificate Authorities will the deployment have?
A. Three; one for the SmartCenter Server, one shared by all Virtual Systems, and one shared by all Virtual Routers
B. One, shared by all components
C. One for each CMA in your configuration
D. One for each Virtual System and Virtual Router configured on the VSX Gateway
E. Two; one for the SmartCenter Server, and one shared by all Virtual Systems and Virtual Routers

Correct Answer: C
QUESTION 74
When configuring Virtual Switch leading to the Internet, which of the following items is required when creating a Virtual Switch object?
A. Subnet mask
B. VLAN Tag
C. IP address
D. Dedicated interface
E. Default Gateway

Correct Answer: D QUESTION 75
A Virtual Router performs which of the following tasks?
A. Packet forwarding without inspection
B. IP spoofing inspection for protected customer networks
C. Layer 2 packet forwarding
D. VLAN Tagging
E. Routing from Virtual Systems to the Internet

Correct Answer: E

The Cisco contains more than 400 practice questions for the Checkpoint 156-816 exams,including simulation-based questions.Also contains hands-on exercises and a customized copy of the Checkpoint 156-816 exams network simulation software.

CheckPoint 156-706 Questions, Most Accurate CheckPoint 156-706 Study Guide Book With Accurate AnswersCheckPoint 156-706 Questions, Most Accurate CheckPoint 156-706 Study Guide Book With Accurate Answers

Flydumps ensures CheckPoint 156-706 study guide are the newest and valid enough to help you pass the test.Please visit Flydumps.com and get valid CheckPoint 156-706 PDF and VCE exam dumps with free new version.100% valid and success.

QUESTION 40 What is the name of the Service that can be used for transferring the recovery file to the network share instead of the logged on user?
A. Pointsec Service Start
B. Pointsec Transer Service
C. Pointsec Recovery Service
D. None of the Above

Correct Answer: A
QUESTION 41 When trying to remove Pointsec by force on an unencrypted machine, using “reco_img.exe”, how will you be able to access the Advanced options on the recovery media?
A. By using the ctrl + alt + delete functionality after reboot
B. By using the ctrl + F9 option during login
C. By using the F8 key when booting from recovery media
D. None of the above

Correct Answer: C
QUESTION 42 What are the options to harvest log for 3rd party tools
A. Use GET command with FTP Server script
B. Export logs from Pre Boot Environment
C. Use pslogexp.exe to export logs
D. Simply point your 3rd party tool to the Pointsec recovery path

Correct Answer: C
QUESTION 43 When your domain account password has to be changed you also want your pointsec password to be changed automatically. How can you acheive this?
A. By setting synchronize password with Windows
B. By setting synchronize password with Pointsec.
C. By using the synchronize option in Active Directory
D. None of the above

Correct Answer: A
QUESTION 44 If Single Sign On has been activated on a pointsec user where does Pointsec store the user credentials?
A. In the registry
B. In the secure local database
C. In the pointsec administration tool
D. Encrypted under %PROGRAM FILES%\Pointsec\Pointsec for PC\SSO

Correct Answer: D
QUESTION 45 If a client machine in need of a profile update has no path for update profiles set in the Pointsec Management Console. Is it possible to still update this client?
A. Yes, by placing the profile in the searchpath for its recovery files.
B. No, it is not possible to update this client
C. Yes by placing the profile in the system root directory
D. Yes, by placing the profile in %PROGRAM FILES%\Pointsec\Pointsec for PC\work

Correct Answer: D
QUESTION 46 If your machine is encrypted with Pointsec and you decide to share folders on your local hard drive. What will happen when other users try to access the shared folders over the network?
A. Nothing, they will be fully accessible
B. The users will need to provide a valid Pointsec username and password
C. Sharing is not possible is Pointsec is installed
D. The folders can only be accessed if the user also has Pointsec installed. Correct Answer: A
QUESTION 47
How can you uninstall Pointsec?

A. Add/Remove programs from control panel
B. Use the recovery file
C. Uninstallation profile
D. All of the above Correct Answer: D
QUESTION 48
What limitations should you be aware of before you install Pointsec?

A. Pointsec cannot be installed if the root directory is compressed?
B. Pointsec must be installed on the 1st bootable partition?
C. Pointsec cannot be installed to stripe/volume sets?
D. All of the above Correct Answer: D
QUESTION 49
To protect a Pointsec profile you need assign a…?

A. Dynamic Token
B. Fixed password
C. Fingerprint
D. None of the above Correct Answer: B
QUESTION 50
Which utility is used to register languages to an existing Pointsec for PC Client installation?

A. PSD.EXE
B. Pscontrol.exe
C. AddLanguage.exe
D. Addlang.cmd

Correct Answer: B
QUESTION 51 You need to uninstall/unencrypt Pointsec to image over a machine that has Pointsec already installed?
A. True

B. False Correct Answer: A
QUESTION 52
Pointsec for PC operates as a low level driver on machine’s hard drive.

A. True
B. False

Correct Answer: A
QUESTION 53 You need a network connection to change a user’s password using the default remote help application in Pointsec
A. True
B. False

Correct Answer: B
QUESTION 54 A one time login and remote password change response can be used multiple times to allow access to the machine
A. True

B. False Correct Answer: B
QUESTION 55 Any user with View Log privilege can view the central logs
A. True

B. False Correct Answer: A
QUESTION 56
Pointsec supports hibernation in Windows.

A. True
B. False

Correct Answer: A
QUESTION 57 You can search for users and computers via the Pointsec Management Console
A. True
B. False

Correct Answer: B
QUESTION 58
When deleting a user using an update profile in Pointsec, you need to specify the volumes/
partitions to be affected.

A. True
B. False

Correct Answer: B
QUESTION 59 For an organization that has high personnel turnover, tokens should be used for administrative accounts to minimize the number of updates.
A. True

B. False Correct Answer: A
QUESTION 60 Pointsec supports two factor authentication
A. True

B. False Correct Answer: A
QUESTION 61
What are the minimum requirements for Device Protector Server to be installed?

A. 512MB+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
B. 1Gb Ram / 4GB+ Hard disk space for MYSQL database storage / Windows NT / MS Windows NT Service Pack 7a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 3+ / MS Windows XP Home / RedHat Linux Kernel version 6.14
C. 512MB+ Ram / 2GB+ Hard disk space for MYSQL database storage / Windows 3.1 / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional
D. 2Gb+ Ram / 2GB+ Hard disk space for MSSQL database storage / Windows NT / MS Windows NT Service Pack 6a / MS Windows 2000/3 Server/Advanced Server or Professional / MS Windows 2000/3 Service Pack 2+ / MS Windows XP Professional

Correct Answer: A
QUESTION 62
What are the minimum requirements for Device Protector Client to be installed.

A. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
B. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
C. 1Gb Ram / 2Gb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Professional with Service Pack 1+
D. 512mb Ram / 50mb Hard Disk Space / MS Windows 2000 Professional with Service Pack 2 / MS Internet Explorer v6+ / MS Windows XP Home with Service Pack 1+

Correct Answer: C

QUESTION 63
What encryption algorithm and a what strength does Device Protector’s encryption use?

A. 128 AES
B. 3DES
C. Blowfish
D. 128 / 256 AES

Correct Answer: D
QUESTION 64 How can Device Protector stop any new programs from being installed and old programs from being uninstalled?
A. By setting Removable Media Manager to prevent any application uninstallations / installations.
B. By selecting .EXE and .MSI in Trusted File Types in Program Security Guard
C. By setting Device Manager to Deny All
D. All of the above

Correct Answer: A

QUESTION 65
What does Program Security Guard do?

A. Prevents the creation / modification / deletion of specified file types
B. Prevents Removable Media devices from entering the network
C. Prevents unauthorised applications from creating banned file types
D. Both A and C

Correct Answer: D

QUESTION 66
What does Removable Media Manager do?

A. Manages what media can be exported to Removable Media
B. Automatically formats and encrypts devices
C. Automatically scans and digitally signs devices
D. Creates a black / white list of what devices can be used on the network

Correct Answer: D

QUESTION 67
What does the Device Manager do?

A. Allows you to see a list of devices which are currently used within the network
B. Replaces the Windows. Device Manager to Add / Modify devices within Windows.
C. Digitally scans all devices which are entered into the network
D. Creates a black and white list of devices which are allowed to be used within the network

Correct Answer: A

QUESTION 68
What is the Removable Media Auditor?

A. It allows you to see what information has been copied to CD/DVD
B. It creates a complete audit history of all activity which occurs on removable media
C. It allows you to see what processes have opened which files
D. All of the above Correct Answer: D
QUESTION 69
How do you “throttle” logs?

A. By adjusting the speed at which they are sent to the server
B. By specifying the most urgent logs to be sent immediately
C. By adjusting how quickly the server receives the logs
D. All of the above

Correct Answer: D
QUESTION 70 How do you setup a Removable Media policy which does not allow users to be able to Authorise their own devices but can still use Removable Media?
A. By selecting Automatic Scan with the Option to Delete Files within Removable Media Manager
B. By selecting Automatic Scan within Removable Media Manager
C. By selecting No Removable Media Scan within Removable Media Manager
D. By selecting Wizard Mode within Removable Media Manager Correct Answer: D
QUESTION 71
What is “Limbo” mode?

A. An installation of the Device Protector client where no protection is enabled
B. An encrypted usb removable media device with no owner set
C. A configured Profile Template which has not been assigned to a group
D. A user who is picking up the Default Profile Correct Answer: D
QUESTION 72
Can Program Security Guard allow software downloads from an Intranet but not from the Internet?

A. Yes
B. No

C. Maybe Correct Answer: A
QUESTION 73
What is a “Process Executable Check” within Program Security Guard?

A. It checks to see whether the file being launched is a true executable
B. It allows executables to be launched
C. It switches on Program Security Guard

D. Both A and C Correct Answer: D
QUESTION 74 What are 3 processes which Device Protector exempts by Default
A. .BAT .CMD .MP3
B. .EXE .VBS .BAT
C. .JPG .DOC .XML
D. .GIF .DLL .CPL
E. .EXE .COM .SYS Correct Answer: E
QUESTION 75
What is a Computer Profile?

A. It is a profile which is sent via a computer
B. It is a profile which was created by a computer
C. It is a profile which is applied to a computer
D. It is a profile which configures what drivers are allowed to be installed Correct Answer: C
QUESTION 76
How do Offline Profiles work?

A. By applying a profile to a user when a connection to the Device Protector server cannot be made
B. By forcing users to go offline in the event of a security breach
C. Both A and B
D. None of the above Correct Answer: A
QUESTION 77
What do the “Users” and “Computers” nodes do within Device Protector?

A. Allows you to delete users and computers from the Active Directory
B. Shows which users and computers are awaiting to download a profile
C. Shows what users and computers do not have the client agent installed
D. Show what users and computers have been added to the Device Protector database Correct Answer: D
QUESTION 78
Can Device Protector work with a Novell Server?

A. Yes
B. No
C. Maybe
D. I don’t know

Correct Answer: A QUESTION 79 Is Active Directory / Edirectory required for Device Protector to work?
A. No, as Device Protector can work within Linux
B. No, only a copy of Windows. XP Home
C. Yes, Device Protector cannot be installed without an Active Directory / Edirectory being present
D. No, but you will only be able to apply profiles to the local machine

Correct Answer: D
QUESTION 80 What would happen to the Device Protector agent, if the connection to the Device Protector Server was lost / severed?
A. The machine reboots to restore a connection
B. The client agent would reset to apply the Cached or Offline Profile
C. The user is logged out while a connection to the server is established
D. Nothing happens and the user continues to work as normal using the Caches / Offline profile

Correct Answer: D
QUESTION 81 How many Global OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited

Correct Answer: A
QUESTION 82 How many regional/local OU′s can you have in one webRH installation
A. One
B. Two
C. Three
D. Unlimited

Correct Answer: D

QUESTION 83
What extension does a webRH profile use?

A. .ipp
B. .pmt
C. .prt
D. .upp

Correct Answer: D

QUESTION 84
What is the maximum number of users or groups can be deployed with a webRH profile?

A. 1 user and 1 group
B. It is depending on how many OU′s you have
C. No more than 50
D. Unlimited
E. 6 users and 1 group Correct Answer: E
QUESTION 85
When logging into webRH, what authentication method can and must be used?

A. User name and password
B. User name and dynamic token
C. USB token

D. Smart card Correct Answer: B
QUESTION 86
When logged into webRH, what is the only task that a help-desk user can perform?

A. Create a .rec file
B. Create updates
C. Force uninstall
D. Provide Remote Help Correct Answer: D
QUESTION 87
Which application can you run to configure webRH settings post installation?

A. webRHconfig.exe
B. addtoken.exe
C. admin.exe
D. none of the above Correct Answer: A
QUESTION 88
When you install the webRH server, how many administrator accounts do you have to create?

A. None
B. One
C. Two

D. Ten Correct Answer: C
QUESTION 89
How many times can a response be used when created with the proper challenge?

A. Four
B. Three
C. Two
D. One

Correct Answer: D
QUESTION 90 If a helpdesk user is logged in to webRH and you decide to remove his account, when will the user be notified?
A. Immediately, since he will be thrown off the system when his account is removed
B. When his session times out and he tries to re-authenticate
C. When he reboots his machine
D. Never, it is not possible to remove accounts from webRH

Correct Answer: B

CCNA Exam Certification Guide is a best-of-breed CheckPoint 156-706 exam study guide that has been completely updated to focus specifically on the objectives.Senior instructor and best-selling author Wendell Odom shares preparation hints and CheckPoint 156-706 tips to help you identify areas of weakness and improve both your conceptual and hands-on knowledge.CheckPoint 156-706 Material is presented in a concise manner,focusing on increasing your understanding and retention of exam topics.

Checkpoint 156-815 Exam Guide, Help To Pass Checkpoint 156-815 Try Free Demo With High QualityCheckpoint 156-815 Exam Guide, Help To Pass Checkpoint 156-815 Try Free Demo With High Quality

The 100% valid latest Checkpoint 156-815 question answers ensure you 100% pass! And now we are offering the free Checkpoint 156-815 new version along with the VCE format Checkpoint 156-815 practice test. Free download more new Checkpoint 156-815 PDF and VCE on Flydumps.com.

QUESTION 59
You work as an administrator at Certkiller .com. You configure a Check Point QoS Rule Base with two rules: an H.323 rule with a weight of 10, and the Default Rule with a weight of 10. The H.323 rule includes a per-connection guarantee of 384 Kbps, and a per-connection limit of 512 Kbps. The per-connection guarantee is for four connections, and no additional are allowed in the Action properties. If traffic passing
through the QoS Module matches both rules, which of the following statement is true?
A. Neither rule will be allocated more than 10% of available bandwidth
B. The H.323 rulel will consume no more than 2048 Kbps of available bandwidth
C. 50% of available bandwidth will be allocated to the H.323 rule
D. 50% 01 available bandwidth will be allocated to the Default Rule
E. Each H.323 connection will receive at least 512 Kbps of bandwidth

Correct Answer: B
QUESTION 60
How can you reset Secure Internal Communications (SIC) between a SmartCenter Server and Security Gateway?
A. Run the command fwm sic_reset to reinitialize the Internal Certificate Authority (ICA) of the SmartCenter Server. Then retype the activation key on the Security-Gateway from SmartDashboard
B. From cpconfig on the SmartCenter Server, choose the Secure Internal Communication option and retype the actrvation key Next, retype the same key in the gateway object in SmartDashboard and reinitialize Secure Internal Communications (SIC)
C. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of SmartCenter Server>-.
D. From the SmartCenter Server’s command line type fw putkey -p <shared key>- <IP Address of security Gateway>-.
E. Re-install the Security Gateway

Correct Answer: B
QUESTION 61
One of your remove Security Gateways suddenly stops sending logs, and you cannot install the Security Policy on the Gateway. All other remote Security Gateways are logging normally to the SmartCenter Server, and Policy installation is not affected. When you click the Test SIC status button in the problematic gateway object, you receive error message “unknown”. What is the problem?
A. The remote Gateway’s IP address has changed, which invalidates the SIC Certificate
B. The Security Gateway is NG with Application Intelligence, and the SmartCenter Server is NGX
C. The Internal Certfcate Authorty for the SmartCenter object has been removed from objects_5_0 c
D. The time on the SmartCenter Server’s clock has changed, which invalidates the remote Gateway’s Certificate
E. There is no connection between the SmartCenter Server and the remote Gateway. Rules or routing may block the connection

Correct Answer: E
QUESTION 62
Which NGX feature or command allows Security Administrators to revert to earlier versions of the Security Policy without changing object configurations?
A. upgrade_export/upgrade_import
B. Policy Package management
C. fwm dbexport/fwm dbimport
D. cpconfig
E. Database Revision Control
Correct Answer: B
QUESTION 63
The following diagram illustrates how a VPN-1 SecureClient user tries to establish a VPN with hosts in the
external_net and internal_net from the Internet. How is the Security Gateway VPN Domain created?

A. Internal Gateway VPN Domain = Internal_net External VPN Domain = external net + external gateway object + internal_net.
B. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = external_net + internal gateway object
C. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal_net + external_net
D. Internal GatewayVPN Domain = Internal_net External Gateway VPN Domain = internal VPN Domain + internal gateway object + external_net

Correct Answer: D
QUESTION 64
Which of the following QoS rule-action properties is an Advanced action type, only available in Traditional mode?
A. Guarantee Allocation
B. Rule weight
C. Apply rule only to encrypted traffic
D. Rule limit
E. Rule guarantee

Correct Answer: A
QUESTION 65
Certkiller is the Security Administrator for Certkiller .com’s large geographically distributed network. The internet connection at one of her remote sites failed during the weekend, and the Security Gateway logged locally for over 48 hours. Certkiller is concerned that the logs may have consumed most of the free space on the Gateway’s hard disk. Which SmartConsole application should Certkiller use, to view the percent of free hard-disk space on the remote Security Gateway?
A. SmartView Status
B. SmartView Tracker
C. SmartUpdate
D. SmartView Monitor
E. SmartLSM
Correct Answer: D
QUESTION 66
When you hide a rule in a Rule Base, how can you then disable the rule?
A. Open the Rule Menu, and select Hide and view hidden rules Select the rule, right-click, and select Disable
B. Uninstall the Security Policy, and then disable the rule
C. When a rule is hidden, it is automatically disabled. You do not need to disable the rule again
D. Run cpstop and cpstart on the SmartCenter Server, then disable the rule
E. Clear Hide from Rules drop-down menu, then right-click and select “Disable Rule (s)”

Correct Answer: E
QUESTION 67
How can you prevent delay-sensitive applications, such as video and voice traffic, from being dropped due to long queue using Check Point QoS solution?
A. Low latency class
B. DiffServ rule
C. guaranteed per connection
D. Weighted Fair queuing
E. guaranteed per VolP rule

Correct Answer: A
QUESTION 68
As a Security Administrator, you must configure anti-spoofing on Security Gateway interfaces, to protect your Internal networks. What is the correct anti-spoofing setting on interface ETH1 in this network diagram?

NOTE In the DMZ, mail server 192.168.16.10 is statically translated to the object “mail_valid”, with IP address 210.210.210.3. The FTP server 192.168.16.15 is statically translated to the object “flp_valid”, with IP address 210.210.210.5
A. A group object that includes the 10.10.0.0/16 and 192.168.16.0/24 networks, and mail_valid and ftp_valid host objects
B. A group object that includes the 10.10.20.0/24 and 10.10.10.0/24networks
C. A group object that includes the 10.10.0.0/16 network object, mail_valid host,and ftp_valid host object
D. A group object that includes the 192.168.16.0/24 and 10.10 0.0/16 networks
E. A group object that includes the 10.10.10.0/24 and 192.168.16.0/24networks

Correct Answer: B
QUESTION 69
Mary is recently hired as the Security Administrator for a public relations company. Mary’s manager has asked her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Mary must propose a plan based on the following required and desired results Required Result #1: Do not purchase new hardware Required Result #2: Use configuration changes that do not reduce security Desired Result #1: Reduce the number of explicit rules in the Rule Base Desired Result #2: Reduce the volume of logs Desired Result #3: Improve the Gateway’s performance Proposed Solution: Mary recommends the following changes to the Gateway’s configuration:
1.
Replace all domain objects with network and group objects.

2.
Stop logging Domain Name over UDP (queries)

3.
Use Global Properties, instead of explicit rules, to control ICMP. VRRP, and RIP. Does Mary’s proposed solution meet the required and desired result s?
A. The solution meets the required results, and two of the desired results
B. The solution does not meet the required results
C. The solution meets all required results, and none of the desired results
D. The solution meets all required and desired results
E. The solution meets the required results, and one of the desired results
Correct Answer: A
QUESTION 70
What is a Consolidation Policy?
A. The collective name of the Security Policy, Address Translation, and SmartDefense Policies
B. The specific Policy used by Eventia Reporter to configure log-management practices
C. The state of the Policy once installed on a Security Gateway
D. A Policy created by Eventia Reporter to generate logs
E. The collective name of the logs generated by Eventia Reporter

Correct Answer: B
QUESTION 71
Jacob is using a mesh VPN Community to create a site-to-site VPN. The VPN properties in this mesh Community display in this graphic Exbibit: Which of the following statements isTRUE?

A. If Jacob changes the setting,”Perform key exchange encryption with” from “3DES” to “DES”, he will enhance the VPN Community’s security and reduce encryption overhead
B. Jacob’s VPN Community will perform IKE Phase 1 key-exchanqe encryption, usinq the lonqest key VPN-1 NGX supports
C. Jacob must change the data-integrity settings for this VPN Community. MD5 is incompatible with AES
D. If Jacob changes the setting “Perform IPsec data encryption With” from “AES-128” to “3DES”, he will increase the encryption overhead

Correct Answer: D
QUESTION 72
State Synchronization is enabled on both members in a cluster, and the Security Policy is successfully installed. No protocols or services have been unselected for “selective sync”. The following is the fwtab -t connections – s output from both members: Is State Synchronization working properly between the two members?

A. Members A and B are synchronized, because ID for both members is identical in the connections table
B. The connections-table output is incomplete. You must run the cphaprob state command, to determine if members A and B are synchronized
C. Members A and B are not synchronized, because #PEAK for both members is not close in the connections table
D. Members A and B are synchronized, because #SLlNKS are identical in the connections table
E. Members A and B are not synchronized, because #VALS in the connections table are not close

Correct Answer: E
QUESTION 73
Which Check Point QoS feature marks the Type of Service (ToS) byte in the IP header?
A. Guarantees
B. Low Latency Oueuing
C. Differentiated Services
D. Weighted FairOueueing
E. Limits
Correct Answer: C
QUESTION 74
Your network includes ClusterXL running Multicast mode on two members, as shown in this topology

Your network is expanding, and you need to add new interfaces 10.10.10.1/24 on Member A, and
10.10.10.2/24 on Member B. The virtual lP address for interface 10.10.10.0/24 is 10.10.10.3.What is the correct procedure to add these interfaces?
A. 1. Use the ifconfig command to configure and enable the new interface.
2.
Run cpstop and cpstart on both members at the same time.

3.
Update the technology in the cluster object for the cluster and both members.

4.
Install the Security Policy.
B. 1. Disable “Cluster membership” from one Gateway via cpconfig.
2.
Configure the new interface via sysconfig from the “non-member” Gateway.

3.
Reenable “Cluster membership” on the Gateway.

4.
Perform the same step on the other Gateway.

5.
Update the topology in the cluster object for the cluster and members.

6.
Install the Security Policy.
C. 1. Run cpstop on one member, and configure the new interface via sysconfig.
2.
Run spstart on the member. Repeat the same steps on another member.

3.
Update the new topology in the cluster object for the cluster and members.

4.
Install the Security Policy.
D. 1, Use sysconfig to configure the new interfaces on both members.
2.
Update the topology in the cluster object for the cluster on both membes.

3.
Install the Security Policy.

Correct Answer: C
QUESTION 75
To change an existing ClusterXL cluster object from Multicast to Unicast mode, what configuration change must be made?
A. Change the cluster mode to Unicast on the cluster object Reinstall the Security Policy
B. Reset Secure Internal Communications (SIC) on the cluster-member objects. Reinstall the Security Policy
C. Run cpstop and cpstart, to reenable High Availability on both objects. Select Pivot mode in cpconfig
D. Change the cluster mode to Unicast on the cluster-member object
E. Switch the internal network’s default Security Gateway to the pivot machine’s IP address
Correct Answer: A
QUESTION 76
Which component functions as the Internal Certificate Authority for VPN-1 NGX?
A. VPN-1 Certificate Manager
B. SmartCenter Server
C. SmartLSM
D. Policy Server
E. Security Gateway

Correct Answer: B
QUESTION 77
You have locked yourself out of SmartDashboard With the rules you just installed on your stand alone Security Gateway. Now you cannot access the SmartCenter Server or any SmartConsole tools via SmartDashboard. How can you reconnect to SmartDashboard?
A. Run cpstop on the SmartCenter Server
B. Run fw unlocklocal on the SmartCenter Server
C. Run fw unloadlocal on the Security Gateway
D. Delete the $fwdir/database/manage.lock file and run cprestart.
E. Run fw uninstall localhost on the Security Gateway

Correct Answer: C
QUESTION 78
By default, a standby SmartCenter Server is automatically synchronized by an active SmartCenter Server, when:
A. The Security Policy is installed
B. The Security Policy is saved
C. The user database is installed
D. The Security Administrator logs in to the standby SmartCenter Server, for the first time
E. The standby SmartCenter Server starts for the first time

Correct Answer: A
QUESTION 79
Where can a Security Administrator adjust the unit of measurement (bps, Kbps or Bps), for Check Point QoS bandwidth?
A. Global Properties
B. QoS Class objects
C. Check Point gateway object properties
D. $CPDIR/conf/qos_props.pf
E. Advanced Action options in each QoS rule

Correct Answer: A
QUESTION 80
Your VPN Community includes three Security Gateways. Each Gateway has its own intemal network defined as a VPN Domain. You must test the VPN-1 NGX route-based VPN feature, Without stopping the VPN. What is the correct order of steps?
A. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
B. 1.Add anew interface on each gateway 2.Remove the newly added network from the current VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface
C. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Enable advanced routing on all three Gateways.
D. 1.Add anew interface on each gateway 2.Add the newly added network into the exsiting VPN Domain for each Gateway. 3.Create VTIs on each Gateway, to point to the other two peers. 4.Add static routes on three Gateways, to route the new network to each peer’s VTI interface

Correct Answer: B
QUESTION 81
Barak is a security administrator for an organization that has two sites using pre-shared secrets in its VPN. The two sites are Oslo and London. Barak has just been informed that few office is opening in Madrid, and he must enable all three sites to connect via the VPN to each other. Three Security Gateways are managed by the same SmartCenter Server, behind the Oslo Security Gateway. Barak decides to switch from pre-shared secrets to Certificates issued by the internal Certificate Authority(ICA). After creating the Madrid gateway object with the proper VPN Domain, what are Barak’s remaining steps?

A. 1,2,5
B. 1,3,4,5
C. 1,2,3,5
D. 1,2,4,5
E. 1,2,3,4

Correct Answer: C
QUESTION 82
Certkiller is recently hired as the Security Administrator for Certkiller .com. Jack Bill’s manager has asked
her to investigate ways to improve the performance of the firm’s perimeter Security Gateway. Certkiller
must propose a plan based on the following required and desired results:
Required Result #1: Do not purchase new hardware. Required Result #2: Use configuration changes the
do not reduce security. Desired Result #1: Reduce the number of explicit rules in the Rule Base.
Desired Result #2: Reduce the volume of logs.
Desired Result #3: Improve the Gateway’s performance.
Proposed solution:

*
Replace all domain objects with network and group objects.

*
Check “Log implied rules” and “Accept ICMP requests” in Global Properties.

*
Use Global Properties, instead of explicit rules, to control ICMP, VRRP, and RIP. Does Certkiller’s proposed solution meet the required and desired results?

A.
The solution meets all required and desired results.

B.
The solution meets all required, and one of the desired results.

C.
The solution meets all required, and two of the desired results.

D.
The solution meets all required, and none of the desired results.

E.
The solution does not meet the required results.

Correct Answer: E
QUESTION 83
After installing VPN-1 Pro NGX R65, you discover that one port on your Intel Quad NIC on the Security Gateway is not fetched by a get topology request. What is the most likely cause and solution?
A. The NIC is faulty. Replace it and reinstall
B. If an interface is not configured, it is not recognized. Assign an IP and subnet mask using the WebUI
C. Your NIC driver is installed but was not recognized. Apply the latest SecurePlatform R65 Hotfix Accumulator (HFA)
D. Make sure the driver for your particular NIC is available and reinstall. You will be prompted for the driver

Correct Answer: B
QUESTION 84
What type of packet does a VPN-1 SecureClient send to its Policy Server, to report its Secure Configuration Verification status?
A. IKE Key Exchange
B. TCP keep alive
C. ICMP Port Unreachable
D. UDP keep alive

Correct Answer: D QUESTION 85
Which SmartConsole component can administrators use to track remote administrative activities?
A. Eventia Reporter
B. SmartView Monitor
C. SmartView Tracker
D. The WebUI

Correct Answer: D QUESTION 86

We provide Checkpoint 156-815 help and information on a wide range of issues. Checkpoint 156-815 is professional and confidential and your issues will be replied within 12 hous. Checkpoint 156-815 free to send us any questions and we always try our best to keeping our Customers Satisfied.

Cisco 642-892 Certification Braindumps, Discount Cisco 642-892 Answers On SaleCisco 642-892 Certification Braindumps, Discount Cisco 642-892 Answers On Sale

100% latest and accurate Cisco 642-892 exam dumps.Test-talk.org ensures that you are equipped with the latest questions and answers, which give you a better chance of passing the Cisco 642-892 exam. Also free sharing Cisco 642-892 VCE test engine and PDF.

QUESTION 40
Refer to the exhibit. What statement is true about the configuration on switch CAT1?

A. The configuration overrides 802.1p priorities on packets entering ports Fa0/11 and Fa0/12 with a value of
B. The configuration establishes policed DSCP on ports Fa0/11 and Fa0/12 with values ranging from 8 to
56.
C. The configuration overrides the Quality of Service value in packets entering ports Fa0/11 and Fa0/12 with value of 45.
D. Two IP phones with the MAC addresses of 0008.8595.d1a7 and 0007.8595.d2b7 are connected to CAT1 ports Fa0/11 and Fa0/12, respectively.
E. Security violation shutdown mode has been activated for ports Fa0/11 and Fa0/12.
F. Untagged Port VLAN ID (PVID) frames will carry voice traffic on VLAN 40.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 41

Refer to the exhibit. Both host stations are part of the same subnet but are in different VLANs. On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from host to host?

A. A trunk port will need to be configured on the link between Sw_A and Sw_B for the ping command to be successful.
B. The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
C. A Layer 3 device is needed for the ping command to be successful.
D. The ping command will be successful without any further configuration changes.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Refer to the exhibit. What is the correct output of the command show ip route on router R2?

A. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0
i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1
i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0
i L1 10.1.2.0/24 is directly connected, Serial1/0
i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1
i L2 10.1.0.0/24 is directly connected, Serial1/1

B. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L2 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1
C. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1
D. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i su 10.1.2.0/23 [115/10] via 0.0.0.0, Null0 C 10.1.0.0/24 is directly connected, Serial1/1 i L2 10.1.0.0/23 [115/20] via 10.1.0.1, Serial1/1
E. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L1 10.200.200.13/32 [115/30] via 10.1.2.4, Serial1/0 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L1 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 43
Refer to the exhibit. Routers R1 and R2 have established a neighbor relationship and are exchanging
routing information. The network design requires that R1 receive routing updates from R2, but not advertise
any routes to R2. Which configuration command sequence will successfully accomplish this task?

A. R1(config)# router eigrp 1 R1(config-router)# passive-interface serial 0
B. R2(config)# router eigrp 1 R2(config-router)# passive-interface serial 0
C. R1(config)# access-list 20 deny any R1(config)# router eigrp 1 R1(config-router)# distribute-list 20 out serial 0
D. R2(config)# access-list 20 deny any R2(config)# router eigrp 1 R2(config-router)# distribute-list 20 out serial 0
E. R1(config)# access-list 20 permit any R1(config)# router eigrp 1 R1(config-router)# distribute-list 20 in serial 0
F.     R2(config)# access-list 20 permit any R2(config)# router eigrp 1 R2(config-router)# distribute-list 20 in serial 0
Correct Answer: C Section: (none) Explanation

Refer to the exhibit. All multilayer switches are running PIM dense mode. Recipient A and Recipient B are sending IGMPv2 join messages to their respective multilayer switches. Which statement is true?

A. The Multicast Server is the root of the multicast tree. Switches 4 and 5 will participate in the multicast tree once pruning has taken place.
B. The Multicast Server is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.
C. Switch 3 is the root of the multicast tree. Switches 3,4, and 5 will participate in the multicast tree once pruning has taken place.
D. Switch 1 is the root of the multicast tree. Switches 1,4, and 5 will participate in the multicast tree once pruning has taken place.
E. Switch 1 is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.
F.     Switch 3 is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 45
Refer to the exhibit. All multilayer switches are running PIM sparse mode. Host B and Host F are
sending IGMPv2 join messages to their respective multilayer switches. Which statement is true?

A. The multicast server is the rendezvous point of the multicast tree.
B. Switches 1, 2, 3, and 6 will participate in the multicast tree once pruning has taken place.
C. Switches 2 and 6 will participate in the multicast tree once pruning has taken place.
D. Switches 1, 2, 3, and 6 will participate in the multicast tree.
E. Switch 1 is the rendezvous of the multicast tree.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 46
Refer to the network of Layer 3 switches in the exhibit. The RPI Multicast Server only multicasts to
hosts connected to multilayer switches 5 and 6. The CMU Multicast Server multicasts to hosts on multilayer switches 1-6. Given the number of configuration steps involved, what is the most efficient way to configure the network while meeting the requirements for multicast data flow?

A. Configure each switch with PIM dense mode.
B. Configure each switch with PIM sparse mode.
C. Configure each switch with PIM sparse mode and a separate instance of PIM dense mode. Leave each multicast server as the root of its own multicast tree.
D. Configure each switch with PIM sparse mode and a separate instance of PIM dense mode. Allow the switches to elect their own root for each multicast tree.
E. Configure each switch with PIM sparse mode and a separate instance of PIM dense mode. Specify switch 1 as the root for the RPI Multicast Server. Specify switch 2 as the root for the CMU Multicast Server.
F.     Configure each switch with PIM sparse-dense mode. Configure switch 3 as a rendezvous point for the RPI multicast stream.
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 47
A router is running BGP and receives more than one route for a particular prefix. Assume all the routes
for this prefix have the same attributes. Which three path features would be reasons be for the router to
ignore some of the routes and not consider them as candidates for the best path? (Choose three.)
A. paths that are marked as synchronized in the show ip bgp output
B. paths that are marked as not synchronized in the show ip bgp output
C. paths for which the NEXT_HOP is accessible
D. paths for which the NEXT_HOP is inaccessible
E. paths from an external BGP (eBGP) neighbor if the local autonomous system (AS) appears in the AS_PATH
F.     paths from an internal BGP (iBGP) neighbor if the local autonomous system (AS) appears in the AS_PATH

Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:

QUESTION 48
Refer to the exhibit. What two statements are true? (Choose two.)

A. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command.
B. OSPF version 2 has been enabled to support IPv6.
C. The IP address of the backup designated router (BDR) is FE80::205:5FFF:FED3:5808.
D. The output was generated by the show ip interface command.
E. The router was configured with the commands: router ospf 1 network 172.16.6.0 0.0.0.255 area 1
F.     This is the designated router (DR) on the FastEthernet 0/0 link.
Correct Answer: AC Section: (none) Explanation Explanation/Reference:

QUESTION 49
Which three route filtering statements are true? (Choose three.)
A. After the router rip and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any RIP updates, but will receive routing updates on that interface.
B. After the router eigrp 10 and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any EIGRP updates, but will receive routing updates on that interface.
C. After the router ospf 10 and passive-interface s0/0 commands have been issued , the s0/0 interface will not send any OSPF updates, but will receive routing updates on that interface.
D. When you use the passive-interface command with RIPv2, multicasts are sent out the specified interface.
E. When you use the passive-interface command with EIGRP, hello messages are not sent out the specified interface.
F.     When you use the passive-interface command with OSPF, hello messages are not sent out the specified interface.
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:

QUESTION 50
Which two statements are true about IS-IS routing? (Choose two.)
A. IS-IS is more efficient than OSPF in the use of CPU resources.
B. Based on the default timers, OSPF detects a failure faster than IS-IS does.
C. OSPF default timers permit more tuning than IS-IS does.
D. OSPF is more scalable than IS-IS because of its ability to identify normal, stub, and NSSA areas.
E. IS-IS and OSPF are both Open Standard, link-state routing protocols which support VLSM.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Exam D QUESTION 1

Refer to the exhibit. OSPF has been configured on all routers in the network and Area 1 has been configured as a NSSA. Which statement is true about the NSSA Area 1?

A. Redistributed RIP and IGRP routes will appear in Area 1. They will be advertised via type 5 LSAs.
B. Only redistributed RIP routes will appear in Area 1. They will be advertised via type 7 LSAs.
C. Only redistributed IGRP routes will appear in Area 1. They will be advertised via type 7 LSAs.
D. No redistributed routes can appear in Area 1, only summary routes.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 2
Refer to the exhibit. All routers have Protocol Independent Multicast (PIM) enabled interfaces. On the basis of the configuration provided on routers R1 and R2, which router will take on the function of rendezvous point (RP) for the multicast network?

A. router R1
B. router R2
C. both routers R1 and R2
D. none of the routers since they are not configured with static RP
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 3
Which two statements are true about the rendezvous point (RP) in a multicast network? (Choose two.)
A. An RP is required only in networks running Protocol Independent Multicast dense mode (PIM DM).
B. An RP is required only in networks running Protocol Independent Multicast sparse mode (PIM SM).
C. An RP is required only in networks running Protocol Independent Multicast sparse-dense mode (PIM-SDM).
D. The multicast sources must register with the RP to form the multicast distribution tree.
E. The multicast receivers must register with the RP to form the multicast distribution tree.
F. To form the multicast distribution tree, the multicast sources register with and the receivers join the RP.
Correct Answer: BF Section: (none) Explanation
Explanation/Reference:

QUESTION 4
Refer to the exhibit. IP multicast for group address 224.1.1.1 has been enabled on all routers in the network. Hosts on Network A receive the multicast traffic. However, hosts on Network B do not. On the basis of outputs provided, what could be the cause of the problem?

A. Router R2 does not have an RP configured on the multicast network.
B. Router R2 does not see the upstream router R1 as a PIM neighbor.
C. Because of RPF failure, Router R2 does not forward multicast packets to Network B.
D. The multicast packets are sourced from a server with an unspecified IP address.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 5
If no metric is specified for the routes being redistributed into IS-IS, what metric value is assigned to the routes?
A. 0
B. 1
C. 10
D. 20
Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 6
Refer to the exhibit. Which statement is true about where trust boundaries should be established in a network?

A. Endpoint 1 is the only acceptable place to establish a trust boundary.
B. Endpoint 1 is the optimal place to establish a trust boundary.Endpoints 2 and 3 are acceptable places to establish a trust boundary.
C. Endpoint 2 is the only acceptable place to establish a trust boundary.
D. Endpoint 2 is the optimal place to establish a trust boundary.Endpoints 1 and 3 are acceptable places to establish a trust boundary.
E. Endpoints 1 and 2 are optimal places to establish a trust boundary. Endpoint 3 is an acceptable place to establish a trust boundary.
F.     Endpoints 2 and 3 are optimal places to establish a trust boundary. Endpoint 1 is an acceptable place to establish a trust boundary.
Correct Answer: E Section: (none) Explanation
Explanation/Reference: QUESTION 7

Refer to the exhibit. The command spanning-tree guard root is configured on interface Gi0/0 on both switch S2 and S5. The global configuration command spanning-tree uplinkfast has been configured on both switch S2 and S5. The link between switch S4 and S5 fails. Will Host A be able to reach Host B?

A. Yes. Traffic can pass either from switch S6 to S3 to S2 to S1, or, from switch S6 to S5 to S2 to S1.
B. No. Traffic will pass from switch S6 to S5 and dead-end at interface Gi 0/0.
C. No. Traffic will loop back and forth between switch S5 and S2.
D. Yes. Traffic will pass from switch S6 to S3 to S2 to S1.
E. No. Traffic will either pass from switch S6 to S5 and dead-end, or traffic will pass from switch S6 to S3 to S2 and dead-end.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D

QUESTION 8
Refer to exhibit. BGP is configured on all routers, synchronization is turned off, and none of the default attributes have been changed except the local preference attribute on R4. Which path will be preferred by R2 to reach the network 100.100.100.0/24?

A. R2 R3 R4 R5 because it has a lower admin distance
B. R2 R3 R4 R5 because it has a higher local preference
C. R2 R1 because it has the shortest AS-path
D. R2 R1 because it has a lower local preference
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B

QUESTION 9
Refer to the exhibit. On the basis of the information that is presented, what condition exists?

A. authenticating with AP
B. poor link status with AP
C. no valid radio for ADU
D. no association to AP
Correct Answer: C Section: (none)
Explanation
Explanation/Reference: Answer:C QUESTION 10
What is the effect of enabling a voice VLAN on a Catalyst switch port?
A. PortFast is disabled on the port.
B. Untagged traffic is sent according to the default CoS priority of the port.
C. Port security is automatically enabled on a voice VLAN port.
D. The CoS is trusted for 802.1P or 802.1Q tagged traffic.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 11

A. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once the inaccurate BPDUs have been stopped, the interfaces will need to be administratively shut down, and brought back up, to resume normal operation.
B. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter,but traffic is still forwarded across the ports.
C. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a superior root bridge parameter and no traffic is forwarded across the ports. Once the inaccurate BPDUs have been stopped, the interfaces automatically recover and resume normal operation.
D. Interfaces FastEthernet3/1 and FastEthernet3/2 are candidates for becoming the STP root port, but neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on at least one of the interfaces.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C

QUESTION 12
Which two statements are true about the operation of voice VLANs on a Catalyst switch? (Choose two.)
A. Enabling voice VLANs enables the switch to create multiple queues for traffic that is entering a port.
B. Enabling voice VLANs enables the switch to forward frames with a specific 802.1P marking.
C. Voice VLANs are configured to enable the switch to forward frames marked with the proper CoS values over separate physical links.
D. When voice VLANs are configured on a trunk link, UplinkFast must also be enabled.
E. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: Answer:BE

QUESTION 13
What is one method that can be used to prevent VLAN hopping?
A. Configure ACLs.
B. Enforce username/password combinations.
C. Configure all frames with two 802.1Q headers.
D. Explicitly turn off Dynamic Trunking Protocol (DTP) on all unused ports.
E. Configure VACLs.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D

QUESTION 14
Refer to the exhibit. Static WEP keys have been configured on all devices in the wireless LAN. What will happen if the access point receives packets sent by the wireless client adapter that are not encrypted with the appropriate key?

A. The wireless client adapter will be authenticated by the authentication server and the access point will deliver the packets to the intended receiver.
B. The wireless client adapter will not be authenticated by the authentication server, but the access point will deliver the packets to the intended receiver.
C. The access point will discard the packets and never deliver them to the intended receiver.
D. The wireless client adapter will not be able to send any packets to the access point.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C

QUESTION 15
What three statements are true for networks that are enabled for voice as well as data traffic? (Choose three.)
A. An uptime of 99.999 percent is achieved using a 4-hour service response contract for system problems.
B. Auxiliary VLANs provide the ability to apply QoS to voice traffic without affecting the flow of data from the client PC.
C. Redundant hardware, redundant links, UPS, and proactive network management are data network standards that do not apply to voice networks.
D. The increased costs of voice enabled networks are offset by increased worker productivity.
E. For ease of implementation, most VoIP phones use in-line power to get power through the same cable on which data is sent.
F.     High availability networks must be created to avoid network congestion and overcome a lack of redundancy and poor engineering.
Correct Answer: BEF Section: (none) Explanation Explanation/Reference: Answer:BEF

QUESTION 16
Refer to the exhibit. Which two statements are true about the required switch configurations to support a

A. CDP must be disabled on the switch port to prevent interference between CDP messages and voice traffic.
B. CDP must be enabled on the switch port to allow configuration information to be passed to the IP phone.
C. Static secure MAC addresses should be configured on voice vlan ports to prevent access by devices other than IP phones.
D. Portfast must be enabled on the switch port.
E. 802.1x authentication cannot be configured on a port configured for a voice vlan.
F. Port security cannot be configured on a port that is configured for a voice vlan.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD

QUESTION 17
When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather information?
A. The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk
B. The attacking station tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.
C. The attacking station will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.
D. The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A

QUESTION 18
Refer to the exhibit. Based upon the information that is given, how will voice traffic from the phone and data traffic from the PC be handled by SW_1?

A. The switch port will trust the CoS value of the ingress voice and data traffic that comes into the switch port.
B. The switch port will perform marking for the ingress voice and data traffic by using the default CoS value at the switch port.
C. The switch port will trust the CoS value of the ingress voice traffic. Data traffic will be marked at the switch port with the default CoS value.
D. The switch port will trust the CoS value of the ingress data traffic. Voice traffic will be marked at the switch port with the default CoS value.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A

QUESTION 19
A router has two paths to reach another network in a different autonomous system. Neither route was generated by the local router and both routes have the same default weight and local preference values. Which statement is true about how BGP would select the best path?
A. If the command bgp always-compare-med has been given, then the router will prefer the route with the highest MED.
B. The router will prefer the route with the lower MED.
C. The router will prefer the shortest autonomous system path.
D. To influence one route to be preferred, its default local preference value will be changed via the use of the command bgp default local-preference 50.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C

QUESTION 20
Which two statements about 6to4 tunneling are accurate? (Choose two.)
A. Prepending a reserved IPv6 code to the hexadecimal representation of 192.168.0.1 facilitates 6to4 tunneling.
B. Each 6to4 site receives a /48 prefix in a 6to4 tunnel.
C. 2002::/48 is the address range specifically assigned to 6to4.
D. Prepending 0x2002 with the IPv4 address creates an IPv6 address that is used in 6to4 tunneling.
E. 6to4 is a manual tunnel method.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD

QUESTION 21
Refer to the exhibit. On the basis of the configuration that is provided, how would the BGP updates that

A. All BGP updates that are received on router R2 will be sent to routers R3 and R4. Routers R3 and R4 will then forward those BGP updates to router R5.
B. All BGP updates that are received on router R2 will not be sent to routers R3 and R4.
C. All BGP updates that are received on router R2 will be sent directly to router R5.
D. None of the BGP updates that are received on router R2 will ever be received by router R5. Testinside
Correct Answer: D Section: (none) Explanation Explanation/Reference: Answer:D

QUESTION 22
Refer to the exhibit. Router RTR is attempting to establish BGP neighbor relationships with routers RT1 and RT3. On the basis of the information that is presented in the exhibit, which two statements are true?

A. RTR has a BGP password set but neighbor 10.0.0.1 does not.
B. RTR has a BGP password set but neighbor 10.0.0.5 does not.
C. RTR has a BGP password set but neighbor 10.0.0.1 has an incorrect password set.
D. RTR has a BGP password set but neighbor 10.0.0.5 has an incorrect password set.
E. Neighbor 10.0.0.1 has a BGP password set but RTR does not.
F. Neighbor 10.0.0.5 has a BGP password set but RTR does not.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD

QUESTION 23
Refer to the exhibit. Router RT-1 and router RT-2 both advertise network 131.25.0.0/16 to router RT-3 via internal BGP. What is the reason that router RT-3 chose router RT-1 as its best path to network 131.25.0.0/16.

A. It advertises the best AS-path.
B. It advertises the best origin code.
C. It advertises the best MED.
D. It advertises the best local preference.
E. It has a better router ID.
F. It advertises a lower autonomous system.
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E

QUESTION 24
Which three of the following are features of the IS-IS routing protocol? (Choose three)
A. link-state routing protocol
B. inefficient use of bandwidth not appropriate for an ISP
C. supports VLSM
D. uses spanning tree algorithm for fast convergence
E. supports two routing levels within an autonomous system
F. operation is similar to BGP
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: Answer:ACE

QUESTION 25
What is the MAC address that would be derived from the multicast address 239.255.0.1?
A. 01-00-5e-7f-00-01
B. 00-00-00-7f-00-01
C. 10-00-5e-7f-00-01
D. 10-00-ef-ff-00-01
E. 01-01-ef-ff-00-01
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A

QUESTION 26
Refer to the exhibit. Which statement is correct regarding the operation of NAT-PT between the IPv4 and IPv6 networks shown?

A. The router will determine the IPv4 destination address.
B. The source IPv6 host can use DNS to determine the IPv6-to-IPv4 address mapping.
C. The host is statically configured with the IPv6-to-IPv4 address mapping.
D. ICMP can be used to determine the IPv6-to-IPv4 address mapping.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B

QUESTION 27
Refer to the exhibit. Which interoperability technique implemented on the router would allow Host-1 to communicate with Host-2?

A. Dual Stack
B. NAT-PT
C. 6to4 tunnel
D. GRE tunnel
E. ISATAP tunnel
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 28
Refer to the exhibit. Which two statements are correct regarding the routes to be redistributed into

A. The network 192.168.1.0 will be allowed and assigned a metric of 100.
B. The network 192.168.1.0 will be allowed and assigned a metric of 200.
C. All networks except 10.0.0.0/8 will be allowed and assigned a metric of 200.
D. The network 172.16.0.0/16 will be allowed and assigned a metric of 200.
E. The network 10.0.10.0/24 will be allowed and assigned a metric of 200.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD

QUESTION 29
Refer to the exhibit. Which two statements are true? (Choose two.)

A. This switch is the STP root bridge.
B. This switch is not the STP root bridge.
C. A spanning-tree loop exists in this network.
D. The default STP timers have been changed.
E. Port Fa0/11 is facing the root bridge.
F. Port Fa0/11 is facing away from the root bridge.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: Answer:BE

QUESTION 30
Refer to the exhibit. What additional commands should be used to configure OSPF area 5 as a T otally Stubby area?

A. area 0 stub on routers R4 and R5
B. area 5 stub on routers R4 and R5
C. area 5 stub no-summary on routers R4 and R5
D. area 0 stub no-summary on router R4 and area 5 stub no-summary on router R5
E. area 5 stub no-summary on router R4 and area 5 stub on router R5
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E

QUESTION 31
A hacker is interested in seeing traffic from all switch ports on the switch that he is connected to, including the ports belonging to other VLANs. What type of attack is he likely to implement?
A. MAC address flooding
B. ARP attack
C. spoofing attack
D. DHCP attack
E. VLAN hopping
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A QUESTION 32

Which statement is true about OSPF Network LSAs?
A. They are originated by every router in the OPSF network. They include all routers on the link, interfaces, the cost of the link, and any known neighbor on the link.
B. They are originated by the DR on every multi-access network. They include all attached routers including the DR itself.
C. They are originated by Area Border Routers and are sent into a single area to advertise destinations outside that area.
D. They are originated by Area Border Router and are sent into a single area to advertise an Autonomous System Border Router.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B

QUESTION 33
Refer to the exhibit. OSPF is configured on all routers in the network. Area 5 is configured as an NSSA area. The RIPv2 routes are redistributed into the OSPF domain on router R5. What two types of LSAs will

A. type 1 Router LSA
B. type 2 Network LSA
C. type 3 Network Summary LSA
D. type 4 ASBR Summary LSA
E. type 5 AS External LSA
F. type 7 NSSA External LSA
Correct Answer: AF Section: (none) Explanation
Explanation/Reference: Answer:AF

QUESTION 34
In a customer’s network, VLAN Trunking Protocol (VTP) is running with a domain named main1. VLANs 1,2,3,4,5,10,20 are active on the network. Suddenly the whole network goes down. No traffic is being passed on VLANs 2,3,4,5,10,20, however traffic passes on VLAN 1 and indicates all switches are operational. Right before the network problem occurred, a switch named TEST1 was added to the network. What three conditions must exist on TEST1 to cause this network outage? (Choose three.)
A. TEST1 is configured as a VTP server with a different domain name.
B. TEST1 is not configured to participate in VTP .
C. TEST1 is configured as a VTP server with the domain name main1.
D. TEST1 has a lower VTP configuration revision than the current VTP revision.
E. TEST1 has a higher VTP configuration revision than the current VTP revision.
F. TEST1 is configured with only VLAN1.
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference: Answer:CEF

QUESTION 35
What is a characteristic of a static VLAN membership assignment?
A. VMPS server lookup
B. easy to configure
C. ease of adds, moves, and changes
D. based on MAC address of the connected device
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B

QUESTION 36
Given the network diagram, which address would successfully summarize only the networks seen?
A. 192.168.0.0/24
B. 192.168.8.0/20
C. 192.168.8.0/21
D. 192.168.12.0/20
E. 192.168.16.0/21
F. These networks cannot be summarized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 37
Given the network diagram, which routers currently make up the IS-IS backbone?

A. R3,R4,R6
B. R3,R4,R5,R6
C. R2,R3,R6,R7
D. R2,R3,R4,R6,R7
E. R1 through R8
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D

QUESTION 38
Which statement is correct about 802.1Q trunking?
A. Both switches must be in the same VTP domain.
B. The encapsulation type on both ends of the trunk does not have to match.
C. The native VLAN on both ends of the trunk must be VLAN 1.
D. 802.1Q trunking can only be configured on a Layer 2 port.
E. In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E QUESTION 39
Given the above diagram and assuming that STP is enabled on all switch devices, which two

A. DSW11will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.

Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD

QUESTION 40
Which three statements about STP timers are true? (Choose three.)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: Answer:ABD QUESTION 41

Which command lists the system IDs of all known IS-IS routers?
A. show clns neighbors
B. show isis database
C. show isis topology
D. show clns neighbors detail
E. show is-is neighbors detail
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C

QUESTION 42
Refer to the exhibit. Routers R2, R3, R4, and R5 have OSPF enabled. What should be configured on the routers in area 1 to ensure that all default summary routes and redistributed EIGRP routes will be forwarded from R6 to area 1, and only a default route for all other OSPF routes will be forwarded from R5 to area 1.

A. R5(config-router)# area 1 stub R6(config-router)# area 1 stub
B. R5(config-router)# area 1 stub no-summary R6(config-router)# area 1 stub
C. R5(config-router)# area 1 nssa R6(config-router)# area 1 nssa
D. R5(config-router)# area 1 nssa no-summary R6(config-router)# area 1 nssa
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D

QUESTION 43
Which two are characteristics of the IS-IS protocol but not OSPF? (Choose two.)
A. provides for network scalability by allowing the network to be separated into areas
B. provides routing support for multiple network layer protocols
C. three layers of hierarchical routing
D. utilizes SPF algorithm
E. forms adjacencies with all neighbors
F. supports demand circuit routing
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: Answer:BE

QUESTION 44
Which three are benefits of IS-IS over OSPF? (Choose three.)
A. supports more routers in an area
B. does not require Hello packets to establish neighbor relationships
C. produces fewer link state advertisements for a given network
D. supports route tags
E. supports network layer protocols other than IP
F. requires fewer neighbor relationships in a broadcast multiaccess network
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: Answer:ACE

QUESTION 45
Which two conditions can cause BGP neighbor establishment to fail? (Choose two.)
A. There is an access list blocking all TCP traffic between the two BGP neighbors.
B. The IBGP neighbor is not directly connected.
C. BGP synchronization is enabled in a transit autonomous system with fully-meshed IBGP neighbors.
D. The BGP update interval is different between the two BGP neighbors.
E. The BGP neighbor is referencing an incorrect autonomous system number in its neighbor statement.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE

QUESTION 46
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two.)

A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD

QUESTION 47
What is the effect of configuring the following command on a switch? Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for Portfast, the port will transition to forwarding state.
D. The command will enable BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A QUESTION 48

Which two multicast IP addresses can be represented by the multicast MAC address 0100.5e0A.0A07? (Choose two.)
A. 228.10.10.7
B. 228.10.10.8
C. 228.10.138.7
D. 229.11.10.7
E. 229.138.10.7
F. 229.138.10.8
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE

QUESTION 49
When authentication is required, where must 802.1x be configured in order to connect a PC to a switch?
A. client PC only
B. switch port only
C. switch port and client PC
D. switch port and local router port
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 50
Refer to the exhibit. What does the command channel-group 1 mode desirable do?

A. enables LACP unconditionally
B. enables PAgPonly if a PAgPdevice is detected
C. enables PAgPunconditionally
D. enables Etherchannel only
E. enables LACP only if a LACP device is detected

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C

QUESTION 51
Which two statements about multicast addressing are true? (Choose two.)
A. To calculate the Layer 2 multicast address, the host maps the last 24 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0.
B. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0.
C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 1.
D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
E. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
F.     The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD

QUESTION 52
Refer to the exhibit. Which statement is true?

A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D

QUESTION 53
Which two statements about the IS-IS routing protocol are true? (Choose two.)
A. In the IS-IS routing domain, routers may have adjacencies with other routers on multipoint links.
B. IS-IS metrics are based on delay, bandwidth, reliability,load, and MTU.
C. Level 1 routers learn about paths within the areas that the routers are connected to.
D. Level 2 routers are equivalent to ABRs in OSPF and learn about paths both within and between areas.
E. Level 1 and Level 2 routing is a function of ES-IS.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference: Answer:AC

QUESTION 54
Refer to the exhibit. Autonomous systems 200 and 300 have EBGP sessions established with their directly connected routers in autonomous system 100. IGP has been configured on all routers in autonomous system 100 and they successfully exchange routing updates. Traffic originated in autonomous system 200 cannot reach the destination autonomous system 300. What configuration should be done on the routers in autonomous system 100 in order for the traffic coming from autonomous system 200 to be forwarded to autonomous system 300?

A. IBGP session must be established between routers R1 and R3, and the synchronization must be turned on.
B. IBGP session must be established between routers R1 and R3, and the synchronization must be turned off.
C. IBGP session must be established between routers R1 R2 and R2 R3, and the synchronization must be turned on.
D. IBGP session must be established between routers R1 R2 and R2 R3, and the synchronization must be turned off.
E. IBGP speakers within autonomous 100 must be fully meshed, and the synchronization must be turned on.
F.     IBGP speakers within autonomous 100 must be fully meshed, and the synchronization must be turned off.
Correct Answer: F Section: (none) Explanation
Explanation/Reference: Answer: F

QUESTION 55
Refer to the exhibit. Routers R1 and R2 are IPv6 BGP peers that have been configured to support a neighbor relationship over an IPv4 internetwork. Which three neighbor IP addresses are valid choices to use in the highlighted section of the exhibit? (Choose three.)

A. ::0A43:0002
B. 0A43:0002::
C. ::10.67.0.2
D. 10.67.0.2::
E. 0:0:0:0:0:0:10.67.0.2
F. 10.67.0.2:0:0:0:0:0:0
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: Answer:ACE

QUESTION 56
An IPv6 overlay tunnel is required to communicate with isolated IPv6 networks across an IPv4 infrastructure. There are currently five IPv6 overlay tunnel types. Which three IPv6 overlay tunnel statements are true? (Choose three.)
A. Overlay tunnels can only be configured between border routers capable of supporting IPv4 and IPv6.
B. Overlay tunnels can be configured between border routers or between a border router and a host capable of supporting IPv4 and IPv6.
C. Cisco IOS supports manual, generic routing encapsulation (GRE), IPv6-compatible, 4to6, and Multiprotocol Label Switching (MPLS) overlay tunneling mechanisms.
D. Cisco IOS supports manual, generic routing encapsulation (GRE), IPv4-compatible, 6to4, and Intra-Site Automatic TunnelAddressing Protocol (ISATAP)overlay tunneling mechanisms.
E. A manual overlay tunnel supports point-to-multipoint tunnels capable of carrying IPv6 and Connectionless Network Service (CLNS) packets.
F. Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure.
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:Answer:BDF

QUESTION 57
Which statement describes the difference between a manually configured IPv6 in IPv4 tunnel versus an automatic 6to4 tunnel?
A. A manually configured IPv6 in IPv4 tunnel allows multiple IPv4 destinations.
B. An automatic 6to4 tunnel allows multiple IPv4 destinations.
C. A manually configured IPv6 in IPv4 tunnel does not require dual-stack (IPv4 and IPv6) routers at the tunnel endpoints.
D. An automatic 6to4 tunnel does not require dual-stack (IPv4 and IPv6) routers at the tunnel endpoints.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B

QUESTION 58
Which two statements about the IS-IS routing protocol are true? (Choose two.)
A. IS-IS is capable of supporting IPv4 and IPv6.
B. IS-IS is only capable of supporting IPv4 and CLNS.
C. IS-IS routers use ES-IS hellos (ESH) to establish and to maintain neighbor relationships.
D. IS-IS routers run the Bellman-Ford algorithm against their LSDBs to pick the best paths.
E. Level 1 routers learn about paths within the area of which they are a part.
F. Level 2 routers learn about paths both within areas and between areas.
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE

Exam E QUESTION 1
Refer to the exhibit. Which statement is true?

A. Router RAR1 will accept only route 10.10.0.0/19 from its BGP neighbor.
B. Router RAR1 will send only route 10.10.0.0/19 to its BGP neighbor.
C. Only traffic with a destination from 10.10.0.0/19 will be permitted.
D. Only traffic going to 10.10.0.0/19 will be permitted.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 2
Refer to the exhibit. Which statement is true about the 6.6.6.0/24 prefix?

A. If another path advertises the 6.6.6.0/24 path and has the default local preference, that path is more preferred.
B. The command neighbor send-community is configured on BGP neighbor 10.10.23.3.
C. The route 10.10.23.3 is not being advertised to other BGP neighbors.
D. Route 6.6.6.0/24 is learned by an IBGP peer.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 3

Into which two types of areas would an area border router (ABR) inject a default route? (Choose two.)
A. the autonomous system of a different interior gateway protocol (IGP)
B. area 0
C. totally stubby
D. NSSA
E. stub
F. the autonomous system of an exterior gateway protocol (EGP)
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:

QUESTION 4
What are the two reasons for the appearance of 0.0.0.0 as the next hop for a network in the show ip bgp
command output? (Choose two.)
A. The network was originated via redistribution of an interior gateway protocol into BGP.
B. The network was defined by a static route.
C. The network was originated via a network or aggregate command.
D. The network was learned via EBGP.
E. The network was learned via IBGP.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Refer to the exhibit. Which two statements are true about the partial configuration that is provided.
(Choose two.)

A. All the configured neighbors are in autonomous system 100.
B. The peer group shortens the IBGP configuration.
C. The peer group shortens the EBGP configuration.
D. Only the outgoing filters are applied to BGP updates.
E. Three AS-path filters are applied to each BGP neighbor.

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:

QUESTION 6
Refer to the exhibit. Which two statements are correct? (Choose two.)

A. All six routes will be installed in the routing table.
B. Two routes will be installed in the routing table.
C. Four routes will be installed in the routing table.
D. All the routes were redistributed into BGP from an IGP.
E. All the routes were originated by BGP with the network command.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:

QUESTION 7
Which three IP multicast related statements are true? (Choose three.)
A. Multicast addresses 224.0.1.0 through 238.255.255.255 are called globally scoped addresses. They are used to multicast data between organizations and across the Internet.
B. The multicast address 224.0.0.1 is a globally scoped address that has been reserved for the Network Time Protocol (NTP) by the IANA.
C. Multicast addresses 239.0.0.0 through 239.255.255.255 are called limited scope addresses. They are constrained to a local group or organization.
D. Multicast addresses 224.0.0.5 and 224.0.0.6 are limited scoped addresses that have been reserved for OSPF.
E. Multicast addresses 224.0.0.0 through 224.0.0.255 are used for network protocols on local LAN segments. Because they are always transmitted with a Time to Live (TTL) of 1, they are never forwarded by a router.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:

QUESTION 8
Which three IP multicast address related statements are true? (Choose three.)
A. Multicast addresses 224.0.0.0 through 224.0.0.255 are always forwarded because they are transmitted with Time to Live (TTL) greater than 1.
B. Multicast addresses 224.0.0.5 and 224.0.0.6 are source multicast addresses for OSPF routers.
C. Multicast addresses 224.0.0.13 and 224.0.0.22 are reserved link-local addresses used by PIMv2 and IGMPv3.
D. Because they would map to overlapping IP multicast MAC addresses, multicast addresses 224.0.1.1 and 238.1.1.1 could not be used together.
E. Multicast address 224.0.1.1 has been reserved for the Network Time Protocol (NTP) by the IANA.
F.     The administratively scoped multicast addresses 239.0.0.0 through 239.255.255.255 are similar in purpose to RFC 1918 private unicast addresses.
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference:

QUESTION 9
Which three IP multicast group concepts are true? (Choose three.)
A. If a packet is sent to a multicast group address, all members of the multicast group will receive it.
B. If a packet is sent to a multicast group address, the multicast frame contains the source multicast address.
C. A router does not have to be a member of a multicast group to receive multicast data.
D. A router does not have to be a member of a multicast group to send to the group.
E. A router must be a member of a multicast group to receive multicast data.
F.     A router must be a member of a multicast group to send to the group.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:

QUESTION 10
Which two multicast protocol statements are true? (Choose two.)
A. Dense mode multicast requires explicit join messages from their members.
B. Dense mode multicast uses a push model to flood traffic throughout the network and then prunes the unwanted traffic.
C. Sparse mode multicast uses a pull model to send multicast traffic to where it is requested.
D. Sparse mode uses reverse path forwarding (RPF) to prune off redundant flows.
E. The primary use of sparse mode multicast is for test labs and router performance testing.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference: QUESTION 11

Which command enables OSPF for IPv6?
A. router ospf process-id
B. ipv6 ospf process-id
C. ipv6 router ospf process-id
D. router ospf ipv6 process-id
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 12
Refer to the exhibit. Which statement is true about a voice VLAN?

A. Physically the voice network and the data network are separate.
B. The voice traffic will normally be on a different IP subnet than will the data traffic.
C. End user intervention is necessary to place the phone into the proper VLAN.
D. The same security policy should be implemented for both voice and data traffic.
E. The data VLAN must be configured as the native VLAN.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 13
Refer to the exhibit. What is the effect on the trust boundary of configuring the command mls qos trust
cos on the switch port that is connected to the IP phone?

A. Effectively the trust boundary has been moved to the IP phone.
B. The host is now establishing the CoS value and has effectively become the trust boundary.
C. The switch is rewriting packets it receives from the IP phone and determining the CoS value.
D. The switch will no longer tag incoming voice packets and will trust the distribution layer switch to set the CoS.
E. RTP will be used to negotiate a CoS value based upon bandwidth utilization on the link.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 14
Refer to the exhibit. What is the effect when the switchport priority extend cos 3 command is configured
on the switch port interface connected to the IP phone?

A. Effectively, the trust boundary has been moved to the PC attached to the IP phone.
B. The computer is now establishing the CoS value and has effectively become the trust boundary.
C. The IP phone is enabled to override with a CoS value of 3 the existing CoS marking of the PC attached to the IP phone.
D. The switch will no longer tag incoming voice packets and will extend the trust boundary to the distribution layer switch.
E. RTP will be used to negotiate a CoS value based upon bandwidth utilization on the link.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 15
Which three WLAN statements are true? (Choose three.)
A. A lightweight AP receives control and configuration from a WLAN controller to which it is associated.
B. A WLAN client that is operating in half-duplex mode will delay all clients in that WLAN.
C. Ad hoc mode allows mobile clients to connect directly without an intermediate AP.
D. Another term for infrastructure mode is independent service set (IBSS).
E. The Aironet 1230 access point is an example of an access point that operates solely as a lightweight access point.
F.     WLANs are designed to share the medium and can easily handle an increased demand of channel contention.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:

QUESTION 16
Which statement is true about IP telephony calls?
A. A Voice over IP (VoIP) packet consists of the voice payload, IP header, TCP header, RTP header, and Layer 2 link header.
B. The voice carrier stream uses H.323 to set up, maintain, and tear down call endpoints.
C. Call control signaling uses Real-Time Transport Protocol (RTP) packets that contain actual voice samples.
D. The sum of bandwidth necessary for each major application, including voice, video, and data, should not exceed 75 percent of the total available bandwidth for each link.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 17
Which three statements are true about the voice VLAN feature on a Catalyst 2950 switch? (Choose
three.)
A. The CoS value is trusted for 802.1p or 802.1q tagged traffic.
B. The voice VLAN feature is disabled by default.
C. The IP phone accepts the priority of all tagged and untagged traffic and sets the CoS value to 4.
D. When the voice VLAN feature is enabled, all untagged traffic is sent according to the default CoS priority of the port.
E. PortFast is automatically disabled when a voice VLAN is configured.
F.     The default CoS value for incoming traffic is set to 0.
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:

QUESTION 18
In what three ways is QoS applied in the campus network? (Choose three.)
A. No traffic marking occurs at the core layer. Layer 2/3 QoS tags are trusted from distribution layer switches and used to prioritize and queue the traffic as it traverses the core.
B. IP precedence, DSCP, QoS group, IP address, and ingress interface are Layer 2 characteristics that are set by the access layer as it passes traffic to the distribution layer. The distribution layer, once it has made a switching decision to the core layer, strips these off.
C. MAC address, Multiprotocol Label Switching (MPLS), the ATM cell loss priority (CLP) bit, the Frame Relay discard eligible (DE) bit, and ingress interface are established by the voice submodule (distribution layer) as traffic passes to the core layer.
D. The distribution layer inspects a frame to see if it has exceeded a predefined rate of traffic within a certain time frame, which is typically a fixed number internal to the switch. If a frame is determined to be in excess of the predefined rate limit, the CoS value can be marked up in a way that results in the packet being dropped.
E. The access layer is the initial point at which traffic enters the network. Traffic is marked (or remarked) at Layers 2 and 3 by the access switch as it enters the network, or is “trusted” that it is entering the network with the appropriate tag.
F.     Traffic inbound from the access layer to the distribution layer can be trusted or reset depending upon the ability of the access layer switches. Priority access into the core is provided based on Layer 3 QoS tags.
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference: QUESTION 19

Which two Aironet enterprise solution statements are true? (Choose two.)
A. A Cisco Aironet AP handles the transmission of beacon frames and also handles responses to probe-request frames from clients.
B. A Cisco Aironet solution includes intelligent Cisco Aironet access points (APs) and Cisco Catalyst switches.
C. In the Cisco Aironet solution, each AP is locally configured by the use of either a web interface or the command line interface.
D. The Cisco Aironet AP handles real-time portions of the LWAPP protocol, and the WLAN controller handles those items which are not time sensitive.
E. Virtual MAC architecture allows the splitting of the 802.11 protocol between the Cisco Aironet AP and a LAN switch.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:

QUESTION 20
Which statement about the Lightweight Access Point Protocol (LWAPP) is true?
A. LWAPP encrypts control traffic between the AP and the controller.
B. LWAPP encrypts user traffic with a x.509 certificate using AES-CCMP.
C. LWAPP encrypts both control traffic and user data.
D. When set to Layer 3, LWAPP uses a proprietary protocol to communicate with the Cisco Aironet APs.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 21
Refer to the exhibit. Which three statements accurately describe this GLBP topology? (Choose three.)

A. Router A is responsible for answering ARP requests sent to the virtual IP address.
B. If Router A becomes unavailable, Router B will forward packets sent to the virtual MAC address of Router A.
C. If another router were added to this GLBP group, there would be two backup AVGs.
D. Router B is in GLBP listen state.
E. Router A alternately responds to ARP requests with different virtual MAC addresses.
F. Router B will transition from blocking state to forwarding state when it becomes the AVG.

Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Refer to the exhibit. Which Virtual Router Redundancy Protocol (VRRP) statement is true about the
roles of the master virtual router and the backup virtual router?

A. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, Router B will maintain the role of master virtual router.
B. Router A is the master virtual router, and Router B is the backup virtual router. When Router A fails, Router B will become the master virtual router. When Router A recovers, it will regain the master virtual router role.
C. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, Router A will maintain the role of master virtual router.
D. Router B is the master virtual router, and Router A is the backup virtual router. When Router B fails, Router A will become the master virtual router. When Router B recovers, it will regain the master virtual router role.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 23
Which issue or set of issues does the Lightweight Access Point Protocol (LWAPP) address?
A. reduction of processing in wireless controllers
B. distributed approach to authentication, encryption, and policy enforcement
C. provides security by blocking communication between access points and wireless clients
D. access point discovery, information exchange, and configuration
Correct Answer: D Section: (none)
Explanation Explanation/Reference:

QUESTION 24
Refer to the exhibit. Which three statements are true about trust boundaries in the campus network? (Choose three.)

A. A device is trusted if it correctly classifies packets.
B. A device is trusted if it correctly declassifies packets.
C. The outermost trusted devices represent the trust boundary.
D. Classification and marking occur using 802.1ab QoS bits before reaching the trust boundary.
E. Network trust boundaries are automatically configured in IOS version 12.3 and later.
F. For scalability, classification should be done as close to the edge as possible.
Correct Answer: ACF Section: (none) Explanation
Explanation/Reference:

QUESTION 25
Refer to the exhibit. The command spanning-tree bpdufilter enable is configured on interface Fa0/1 on

A. Fifty percent of the traffic will successfully reach Host B, and fifty percent will dead-end at switch S3 because of a partial spanning-tree loop.
B. No. Traffic will pass from switch S6 to S2 and dead-end at S2.
C. No. Traffic will loop back and forth between switch S6 and Host A.
D. No. Traffic will loop back and forth between switches S2 and S3.
E. Yes. Traffic will pass from switch S6 to S2 to S1.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:

QUESTION 26
Refer to the exhibit. A Cisco Aironet Wireless LAN Client Adapter has been installed and configured through the ADU on the PC. The Aironet System Tray Utility (ASTU) has been enabled during the installation and the icon appears in the system tray area in the lower right of the desktop. What is the significance of the icon?

A. It indicates that the radio of the client adapter is disabled.
B. It indicates that the client adapter is not associated to an access point or another client.
C. It indicates that the client adapter is associated to an access point or another client, but the user is not EAP authenticated.
D. It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is excellent or good.
E. It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is fair.
F.     It indicates that the client adapter is associated to an access point or another client, that the user is authenticated if the client adapter is configured for EAP authentication, and that the signal strength is poor.
Correct Answer: F Section: (none) Explanation
Explanation/Reference:

QUESTION 27
What are three required steps to configure DHCP snooping on a switch? (Choose three.)
A. Configure DHCP snooping globally.
B. Configure DHCP snooping on an interface.
C. Configure DHCP snooping on a VLAN or range of VLANs.
D. Configure the switch as a DHCP server.
E. Configure all interfaces as DHCP snooping trusted interfaces.
F.     Configure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference:

QUESTION 28
A client is searching for an access point (AP). What is the correct process order that the client and
access point go through to create a connection?
A. probe request/response, authentication request/response, association request/response
B. association request/response, authentication request/response, probe request/response
C. probe request/response, association request/response, authentication request/response
D. association request/response, probe request/response, authentication request/response
Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 29
Which two statements are true about voice VLANs? (Choose two.)
A. Voice VLANs are only used when connecting an IP phone and a host to distinct switch ports.
B. Access ports that are configured with voice VLANs will always trust the CoS that is received from IP phones.
C. Access ports that are configured with voice VLANs may or may not override the CoS value that is received from an IP phone.
D. Voice VLANs are configured using the switchport voice vlan vlan-ID interface configuration command.
E. Voice VLANs provide a trunking interface between an IP phone and an access port on a switch to allow traffic from multiple devices that are connected to the port.
F.     Enabling Voice VLAN on a switch port will automatically configure the port to trust the incoming CoS markings.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Which two types of activities does the Lightweight Access Point Protocol (LWAPP) define? (Choose
two.)
A. access point certification and software control
B. compression and Layer 3 address mapping
C. Layer 3 addressing and distribution
D. packet encapsulation, fragmentation, and formatting
E. SNMP monitoring services

Correct Answer: AD Section: (none) Explanation Explanation/Reference:

QUESTION 31
Which statement about the Lightweight Access Point Protocol (LWAPP) protocol is true?
A. The processing of 802.11 data and management protocols and access point capabilities is distributed between a lightweight access point and a centralized WLAN controller.
B. LWAPP aggregates radio management forward information and sends it to a wireless LAN solution engine.
C. LWAPP authenticates all access points in the subnet and establishes a secure communication channel with each of them.
D. LWAPP advertises its WDS capability and participates in electing the best WDS device for the wireless LAN.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 32
Which statement describes the function of a trust boundary?
A. Trust boundaries determine whether certain types of traffic can pass.
B. Trust boundaries are a point in the network where decisions about CoS markings on incoming packets are made.
C. Trust boundaries are a point in the network where QoS functionality begins and ends.
D. Trust boundaries are points in the network where Layer 2 CoS markings are converted to Layer 3 DSCP or IP precedence markings.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 33
Which two statements about voice VLANs are correct? (Choose two.)
A. Voice VLANs eliminate the need for QoS configuration.
B. Voice VLANs are used on trunk links to eliminate the need for QoS CoS markings.
C. Voice VLANs are mainly used to reduce the number of access switch ports that are used in the network.
D. Voice VLANs can be configured to forward existing CoS priorities or override them.
E. Voice VLANs are mainly used between access layer switches and distribution layer switches.
F. Voice VLANs can be configured on Layer 2 ports only.
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 34
Refer to the exhibit. Which switch interface configuration command would automatically configure
quality of service (QoS) for voice over IP (VoIP) within a QoS domain?

A. auto qos voip cisco-phone
B. mls qos trust
C. switchport priority extend cos 7
D. switchport priority extend trust

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 35
Refer to the exhibit. Which Catalyst switch interface command would be used to cause the switch to instruct the phone to override the incoming CoS from the PC before forwarding the packet to the switch?

A. switchport priority extend trust
B. switchport priority extend cos 2
C. switchport priority extend cos 11
D. mls qos cos 2
E. mls qos cos 2 override
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 36
Refer to the exhibit. Dynamic ARP inspection (DAI) is enabled on switch SW_A only. Both Host_A and
Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the
outcome be if Host_B initiated an ARP spoof attack toward Host_A ?

A. The spoof packets will be inspected at the ingress port of switch SW_A and will be permitted.
B. The spoof packets will be inspected at the ingress port of switch SW_A and will be dropped.
C. The spoof packets will not be inspected at the ingress port of switch SW_A and will be permitted.
D. The spoof packets will not be inspected at the ingress port of switch SW_A and will be dropped.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 37
On an Aironet card, LED 0 and LED 1 are blinking alternately. What does this indicate?
A. The Aironet card is in power save mode.
B. The Aironet card is looking for a network association.
C. The Aironet card is joined to a network, but there is no network activity.
D. The Aironet card is joined to a network, and there is network activity.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:

QUESTION 38
Refer to the exhibit. Which two Lightweight Access Point statements are true? (Choose two.)

A. An AP that has been upgraded from an autonomous AP to lightweight AP will only function in conjunction with a Cisco Wireless LAN controller.
B. Autonomous APs receive control and configuration information from a WLAN controller.
C. LWAPP increases the amount of processing within the APs, enabling them to support filtering and policy enforcement features.
D. Real time events such as authentication, security management, and mobility are handled by the lightweight AP.
E. Lightweight APs require local configurations using local management.
F. WLAN controllers provide a single point of management.
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:

QUESTION 39
Which two WLAN client utility statements are true? (Choose two.)
A. In a Windows XP environment, a client adapter can only be configured and managed with the Microsoft Wireless Configuration Manager.
B. The Aironet Desktop Utility (ADU) can be used to enable or disable the adapter radio and to configure LEAP authentication with dynamic WEP.
C. The Cisco Aironet Desktop Utility (ADU) and the Microsoft Wireless Configuration Manager can both be enabled at the same time to setup WLAN client cards.
D. The Microsoft Wireless Configuration Manager can be configured to display the Aironet System Tray Utility (ASTU) icon in the Windows system tray.
Correct Answer: BD Section: (none) Explanation Explanation/Reference:

QUESTION 40
Refer to the exhibit. Router R1 is being used as a relay device for autoconfiguration of switch S1. Which configuration will accomplish this?

A. S1(config)# interface fastethernet 0/1 S1(config-if)# ip helper-address 10.0.0.2
B. S1(config)# interface fastethernet 0/1 S1(config-if)# ip helper-address 20.0.0.1
C. R1(config)# interface fastethernet 0/0 R1(config-if)# ip helper-address 20.0.0.2 R1(config-if)# ip helper-address 20.0.0.3

R1(config-if)# ip helper-address 20.0.0.4 R1(config-if)# exit R1(config)# interface fastethernet 0/1 R1(config-if)# ip helper-address 10.0.0.1
D. R1(config)# interface fastethernet 0/0 R1(config-if)# ip helper-address 20.0.0.1 R2(config)# interface fastethernet 0/0 R2(config-if)# ip helper-address 20.0.0.1 R3(config)# interface fastethernet 0/0 R3(config-if)# ip helper-address 20.0.0.1 R4(config)# interface fastethernet 0/0 R4(config-if)# ip helper-address 20.0.0.1
E. S1(config)# interface fastethernet 0/1 S1(config-if)# ip helper-address 10.0.0.2 R2(config)# interface fastethernet 0/0 R2(config-if)# ip helper-address 20.0.0.1 R3(config)# interface fastethernet 0/0 R3(config-if)# ip helper-address 20.0.0.1
R4(config)# interface fastethernet 0/0
R4(config-if)# ip helper-address 20.0.0.1
Correct Answer: C Section: (none) Explanation
Explanation/Reference:

QUESTION 41
Which statement is true about Layer 2 security threats?
A. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
B. DHCP snooping sends unauthorized replies to DHCP queries.
C. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
D. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
E. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
F. Port scanners are the most effective defense against dynamic ARP inspection.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:

QUESTION 42
A Cisco Aironet Wireless LAN Adapter CB21AG is inserted into a PC cardbus slot. Both the green
status LED and the amber activity LED are blinking slowly. What is the condition of the adapter?
A. The adapter is not receiving power.
B. The adapter is in power save mode.
C. The adapter is scanning for the wireless network for which it is configured.
D. The adapter is associated to an access point or another client.
E. The adapter is transmitting or receiving data while associated to an access point or another client.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:

QUESTION 43
What does the global configuration command ip arp inspection vlan 10-12,15 accomplish?
A. validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15
B. intercepts all ARP requests and responses on trusted ports
C. intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
D. discards ARP packets with invalid IP-to-MAC address bindings on trusted ports
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 44
Refer to the exhibit. The wireless user is moving from right to left towards AP2. What are three reasons that the wireless client would initiate roaming? (Choose three.)

A. The client has missed too many beacons from AP1.
B. The client has received too many beacons from AP2.
C. The client data rate from AP1 has been reduced.
D. The client data rate from AP2 has been increased.
E. The maximum data retry count from AP1 is exceeded.
F.     The minimum data retry count from AP1 is exceeded.

Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:

QUESTION 45
Which two statements about WLAN components are true? (Choose two.)
A. Cisco Aironet autonomous access points cannot be supported by the Cisco Unified Wireless Network.
B. Cisco Aironet lightweight access points cannot be supported by the Cisco Unified Wireless Network.
C. In the autonomous access point solution, control is provided by the Wireless Domain Services (WDS).
D. In the autonomous access point solution, control is provided by the WLAN controller.
E. In the lightweight access point solution, WLAN management is provided by the WLAN Solution Engine (WLSE).
F.     In the lightweight access point solution, WLAN management is provided by the WLAN Control System (WCS).
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:

QUESTION 46
Which two statements about voice traffic are true? (Choose two.)
A. Voice packets are typically around 60 to 120 bytes.
B. Voice packets are typically around 600 to 1200 bytes.
C. Voice packets are typically around 60 to 120 KB.
D. For voice quality, packet loss should be less than 1 percent and delay should be no more than 150 ms.
E. For voice quality, packet loss should be less than 2 percent and delay should be no more than 250 ms.
F.     A typical voice call requires 17 kbps to 106 kbps of guaranteed priority bandwidth plus an additional 15 kbps per call for voice-control traffic.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:

QUESTION 47
What are three characteristics of the wireless repeater topology? (Choose three.)
A. Lightweight access points are required.
B. Autonomous access points are required.
C. The recommended overlap of the access point on the wired LAN and the wireless repeater is 50%.
D. The recommended overlap of the access point on the wired LAN and the wireless repeater is 25%.
E. The SSID of the root access point must be configured on the repeater access point.
F.     The SSID of the root access point must be distinct from that of the repeater access point.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Refer to the exhibit. What radio button option on the Aironet Desktop Utility (ADU) Security tab includes
the option of Advanced Encryption Standard (AES) and Extensible Authentication Protocol-Flexible
Authentication via Secure Tunneling?

A. WPA/WPA2/CCKM
B. WPA/WPA2 Passphrase
C. 802.1x
D. Pre-Shared Key (Static WEP)

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

QUESTION 49
What are two methods of mitigating MAC address flooding attacks? (Choose two.)
A. Place unused ports in a common VLAN.
B. Implement private VLANs.
C. Implement DHCP snooping.
D. Implement port security.
E. Implement VLAN access maps.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference: Exam F

QUESTION 1 lab Answer:AB

A. ALswitch#conf t ALswitch(config)#vtp mode client ALswitch(config)#vtp domain CISCO ALswitch(config)#end ALswitch#copy run start DLswitch#conf t DLswitch(config)#vtp mode server DLswitch(config)#vtp domain CISCO DLswitch(config)#vlan 20 DLswitch(config-vlan)#vlan 21 DLswitch(config-vlan)#exit DLswitch(config)#int vlan 20 DLswitch(config-if)#ip add 172.64.200.1 255.255.255.0 DLswitch(config-if)#int vlan 21
B. DLswitch(config-if)#ip add 192.162.39.1 255.255.255.0 DLswitch(config-if)#exit DLswitch(config)#ip routing DLswitch(config)#end DLswitch#copy run start
C.
D.

Correct Answer: AB Section: (none) Explanation Explanation/Reference: Answer:AB
QUESTION 2

A. ALswitch#conf t ALswitch(config)#vtp mode client ALswitch(config)#vtp domain CISCO ALswitch(config)#end ALswitch#copy run start DLswitch#conf t DLswitch(config)#vtp mode server DLswitch(config)#vtp domain CISCO DLswitch(config)#vlan 20 DLswitch(config-vlan)#vlan 21 DLswitch(config-vlan)#exit DLswitch(config)#int vlan 20
DLswitch(config-if)#ip add 172.64.200.1 255.255.255.0 DLswitch(config-if)#int vlan 21
DLswitch(config-if)#ip add 192.162.39.1 255.255.255.0
DLswitch(config-if)#exit DLswitch(config)#ip routing DLswitch(config)#end DLswitch#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 3

A. ASW1#conf t ASW1(config)#aaa new-model ASW1(config)#radius-server host 172.120.39.46 key rad123 ASW1(config)#aaa authentication dot1x default group radius ASW1(config)#dot1x system-auth-control ASW1(config)#int f0/1 ASW1(config-if)#switchport mode access ASW1(config-if)#switchport access vlan 20 ASW1(config-if)#dot1x port-control auto ASW1(config-if)#end
ASW1#copy run start DSW1#conf t DSW1(config)#ip access-list standard 10 DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255 DSW1(config-std-nacl)#exit
DSW1(config)#vlan access-map PASS 10
DSW1(config-access-map)#match ip address 10 DSW1(config-access-map)#action forward DSW1(config-access-map)#exit DSW1(config)#vlan access-map PASS 20 DSW1(config-access-map)#action drop DSW1(config-access-map)#exit DSW1(config)#vlan filter PASS vlan-list 20 DSW1(config)#end DSW1#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 4

A. R2(config)#ipv6 router ospf 1 R2(config-router)#area 11 virtual-link 3.3.3.3 R2(config-router)#end R2#copy run start R3(config)#ipv6 router ospf 1 R3(config-router)#area 11 virtual-link 2.2.2.2 R3(config-router)#no area 54 virtual-link 4.4.4.4
R3(config-router)#end R3#copy run start R4(config)#ipv6 router ospf 1 R4(config-router)#no area 54 virtual-link 3.3.3.3 R4(config-router)#end
R4#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 5

A. DSW1#conf t DSW1(config)#spanning-tree vlan 20 priority 61440 DSW1(config)#int g1/0/5 DSW1(config-if)#spanning-tree vlan 40 cost 1 DSW1(config-if)#exit DSW1(config)#int g1/0/6 DSW1(config-if)#spanning-tree vlan 30 port-priority 64 DSW1(config-if)#end DSW1#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6

A. R3#conf t R3(config)#router eigrp 123 R3(config-router)#no eigrp stub receive-only R3(config-router)#eigrp stub R3(config-router)#end
R3#copy run start R4#conf t R4(config)#int s0/0 R4(config-if)#ip summary-address eigrp 123 10.0.0.0 255.0.0.0
R4(config-if)#no shut R4(config-if)#end R4#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7

A. Blockade#conf t
Blockade(config)#router isis Blockade(config-router)#redistribut eigrp 100 level-1 metric 50 Blockade(config-router)#router eigrp 100 Blockade(config-router)#redistribut isis level-1 metric 512 10 255 1 1500 Blockade(config-router)#redistribut connected Blockade(config-router)#end Blockade#copy run start

Correct Answer: A Section: (none)
Explanation Explanation/Reference:

QUESTION 8
LAB1:

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
LAB2:

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 10
LAB3:

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 11
LAB4:

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 12
LAB5:

A.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 13
LAB6

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
LAB7:

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15

A. ASW1#conf t
ASW1(config)#aaa new-model ASW1(config)#radius-server host 172.120.39.46 key rad123 ASW1(config)#aaa authentication dot1x default group radius ASW1(config)#dot1x system-auth-control ASW1(config)#int f0/1
ASW1(config-if)#switchport mode access ASW1(config-if)#switchport access vlan 20 ASW1(config-if)#dot1x port-control auto ASW1(config-if)#end ASW1#copy run start DSW1#conf t DSW1(config)#ip access-list standard 10 DSW1(config-std-nacl)#permit 172.120.40.0 0.0.0.255 DSW1(config-std-nacl)#exit DSW1(config)#vlan access-map PASS 10 DSW1(config-access-map)#match ip address 10 DSW1(config-access-map)#action forward DSW1(config-access-map)#exit DSW1(config)#vlan access-map PASS 20 DSW1(config-access-map)#action drop DSW1(config-access-map)#exit DSW1(config)#vlan filter PASS vlan-list 20 DSW1(config)#end DSW1#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 16

A. R2(config)#ipv6 router ospf 1 R2(config-router)#area 11 virtual-link 3.3.3.3 R2(config-router)#end R2#copy run start R3(config)#ipv6 router ospf 1 R3(config-router)#area 11 virtual-link 2.2.2.2 R3(config-router)#no area 54 virtual-link 4.4.4.4 R3(config-router)#end R3#copy run start R4(config)#ipv6 router ospf 1
R4(config-router)#no area 54 virtual-link 3.3.3.3 R4(config-router)#end R4#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17

A. DSW1#conf t DSW1(config)#spanning-tree vlan 20 priority 61440 DSW1(config)#int g1/0/5 DSW1(config-if)#spanning-tree vlan 40 cost 1 DSW1(config-if)#exit DSW1(config)#int g1/0/6 DSW1(config-if)#spanning-tree vlan 30 port-priority 64 DSW1(config-if)#end
DSW1#copy run start Correct Answer: A

Section: (none) Explanation Explanation/Reference:
QUESTION 18

A. R3#conf t R3(config)#router eigrp 123 R3(config-router)#no eigrp stub receive-only R3(config-router)#eigrp stub R3(config-router)#end R3#copy run start R4#conf t R4(config)#int s0/0 R4(config-if)#ip summary-address eigrp 123 10.0.0.0 255.0.0.0 R4(config-if)#no shut R4(config-if)#end R4#copy run start

Correct Answer: A Section: (none) Explanation
Explanation/Reference: Exam G QUESTION 1
Select and Place:

Correct Answer:

Section: (none) Explanation Explanation/Reference:

QUESTION 2
Select and Place:

Correct Answer:

Section: (none) Explanation Explanation/Reference:

QUESTION 3
Select and Place:

Correct Answer:

Section: (none) Explanation Explanation/Reference:

QUESTION 4
Select and Place:

Correct Answer:

Section: (none) Explanation Explanation/Reference:

QUESTION 5
Select and Place:

Correct Answer:

Section: (none) Explanation
Explanation/Reference: Exam H

QUESTION 1
-DS1( Distribute switch 1)is the primary device for Vlan 101, 102, 105 -DS2 ( Distribute switch 2)is the primary device for Vlan 103 and 104

During routine maintenance, it became necessary to shutdown G1/0/1 on DS1. All otherinterface were up. During this time, DS1 remained the active device for Vlan 102’s HSRP group. You have determined that there is an issue with the decrement value in the track command in Vlan 102’s HSRP group. What need to be done to make the group function properly ?
A. The DS1’s decrement value should be configured with a value from 5 to 15
B. The DS1’s decrement value should be configured with a value from9 to 15
C. The DS1’s decrement value should be configured with a value from11 to 18
D. The DS1’s decrement value should be configured with a value from 195 to less than 205
E. The DS1’s decrement value should be configured with a value from200 to less than 205

F. The DS1’s decrement value should be greater than190 and less200
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:

Use “show run” command to show. The left Vlan102 is console1of DS1. Priority value is 200, we should decrement value in the track command from 11 to 18. Because 200 – 11 = 189 < 190 ( priority of Vlan102 on DS2 ).

QUESTION 2 During routine maintenance, G1/0/1 on DS1 was shutdown. All otherinterface were up. DS2 became the active HSRP device for Vlan101 as desired. However, after G1/0/1 on DS1 was reactivated. DS1 did notbecome the active HSRP device as desired. What need to be done to make the group for Vlan101 function properly ?

A.     Enable preempt on DS1’s Vlan101 HSRP group
B.     Disable preempt on DS1’s Vlan101 HSRP group
C.     Decrease DS1’s priority value for Vlan101 HSRP group to a value that is less than priority value configured onDS2’s HSRP group for Vlan101

D.     Decrease the decrement in the track command for DS1’s Vlan 101 HSRP group to a value less than the value in the track command for DS2’s Vlan 101 HSRP group.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Explanation:

A is correct. All other answers is incorrect. Because Vlan101 on DS1 ( left ) disable preempt. We need enable preempt to after it reactive , it will be active device. If not this command, it never become active device.
QUESTION 3 DS2 has not become the active device for Vlan103’s HSRP group even though allinterfaces are active. As related to Vlan103’s HSRP group. What can be done to make the group function properly ?

A.     On DS1, disable preempt
B.     On DS1, decrease the priority value to a value less than 190 and greater than 150
C.     On DS2, increase the priority value to a value greater 241 andless than 249

D.     On DS2, increase the decrement value in the track command to a value greater than 10 and less than50.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:
( update soon ….)
QUESTION 4

If G1/0/1 on DS1 is shutdown, what will be the current priority value of the Vlan105’s group on DS1 ?
A.     95

B.     100
C.     150
D. 200

Correct Answer: A Section: (none) Explanation
Explanation/Reference: Explanation:

Priority is configured 150, Track is 55. So, if shutdown interface G1/0/1 –> 150 – 55 = 95.
QUESTION 5

What is the configured priority value of the Vlan105’s group on DS2 ?
A. 50

B. 100
C. 150
D. 200
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Explanation:

Use “show stantby brieft” command on console2 . Very easy to see priority of Vlan105 is 100.
QUESTION 6

During routine maintenance, it became necessary to shutdown G1/0/1 on DS1 and DS2. All otherinterface were up.During this time, DS1 became the active device for Vlan104’s HSRP group. As related to Vlan104’s HSRP group. What can be done to make the group function properly ?
A. On DS1, disable preempt
B. On DS2, decrease the priority value to a value less than 150
C. On DS1, increase the decrement value in the track command to a value greater than 6

D. On DS1, disable track command.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:

We should NOT disable preempt on DS1. By do that, you will make Vlan104’s HSRP group fail function. Example: if we are disable preempt on DS1. It can not become active device when G1/0/1 on DS2 fail. In this question, G0/1/0 on DS1 & DS2is shutdown. Vlan104 (left) : 150 – 1 = 149. Vlan104 (right) : 200 – 155 = 145.Result is priority 149 > 145 ( Vlan104 on DS1 is active). If increase the decrement in the track value to a value greater than 6 ( > or= 6). Vlan104 (left) : 150 – 6 = 144. Result is priority 144 < 145 ( vlan104 on DS2 is active).

QUESTION 7 Which statement is correct about the use of the virtual interface on a WLC :

A. Used to relay DHCP messages
B. Used to communicate with LAPs
C. Used to bring up LWAPP tunnels
D. Used to extend into the wireless client VLAN
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Exam I

QUESTION 1
The company and the company network have both been growing rapidly. Multiple adds, moves and changes have been applied to the network. Your boss at Certkiller .com, Miss Certkiller, has asked you to troubleshoot a recent OSPF synchronization problem that has arisen. There have been synchronization problems at separate locations in the OSPF area 0. There have been reported link failures during the rapid growth of the company network. You are required to resolve the OSPF problem. OSPF must be able to converge when the network changes. Refer to the information above to answer the following 4 questions:

Examine the following excerpt from the “show ip ospf” command on Certkiller A:
Area BACKBONE (0)
Number of interfaces in the this area is 1 Area has no authentication SPF algorithm last executed 00:00:31.280 ago SPF algorithm executed 5 times Area ranges are Number of LSA 13. Checksum Sum 0x16F0FD Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0

Area 16
Number of interfaces in this area is 2 Area has message digest authentication SPF algorithm last executed 00:00:34.928 ago SPF algorithm executed 7 times Area ranges are Number of LSA 5. Checksum Sum 0x02FCD3 Number of opaque link LSA 0. Checksum Sum 0x000000 Number of DCbitless LSA 0 Number of indication LSA 0 Number of DoNotAge LSA 0 Flood list length 0

Based on the information shown above, what is most likely causing the different missing routes throughout the network?
A. Area 16 is configured with authentication.
B. Area 16 has been configured to use the same interfaces as Area 0.
C. Area 0 and Area 32 have been configured with mismatched LSA numbers.
D. Area 16 has been configured as a total stub network
E. Area 16 has been configured as a stub network
F. Area 0 is discontiguous.
G. None of the above

Correct Answer: F Section: (none) Explanation
Explanation/Reference: Explanation:
In this example, Certkiller1 shows that it only has 1 interface in area 0, while the network diagram shows that there should be two. This means that the Fa0/1 link is most likely gone down, creating a discontiguous backbone area. The link needs to be restored, or a virtual link needs to be created to fix this.
QUESTION 2

configuration command on Certkiller1 (with a similar command on Certkiller 2) will provide an immediate solution to the missing route problem?
A. no area 16 stub
B. no area 16 authentication message-digest
C. area 16 virtual-link 8.187.175.82
D. area 16 virtual-link 172.16.4.2
E. no area 16 stub no-summary
F. network 172.16.0.0.0.0.255.255 area 16
G. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:
A virtual link to an IP address (the loopback IP address in this case) on device Certkiller2 needs to be created. Similarly,Certkiller2 needs to also have this configured so that a virtual link to area 0 from area 16 can be created

QUESTION 3 The log of Certkiller1 reports the following:

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down %OSPF-5-ADJCHG: Process 1, Nbr 8.187.175.82/32 on FasstEthernet0/1 from FULL to DOWN, Neighbor Down: Interface down or detached This event was anticipated due to maintenance; however, it resulted in excessive lost routes. Which route should be the only one removed from the routing tables of the routers?
A. 8.187.175.82/32
B. 10.138.43.0/30
C. 10.206.180.0/30
D. 4.249.113.59/32
E. 10.201.0.0/30
F. None of the above

Correct Answer: E Section: (none) Explanation
Explanation/Reference: Explanation:
The FastEthernet 0/1 link was the only physical link that went down, so in this case the network administrator had meant to only remove the 10.201.1.10/30 route associated with that link. However, the loopback IP address of Certkiller2 is 8.187.175.82/32, which means that the neighbor relationship is down. When the FE 0/1 interface goes down, area 0 will effectively be cut in half creating a discontiguous backbone area.
QUESTION 4 The Certkiller 2 Router has lost connectivity to Certkiller 1. The following is Certkiller 1’s current route table:

172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks O IA 172.16.240.0/24 [110/11] via 10.218.67.1, 00:00:03, FastEthernet0/0 O IA 172.16.209.0/24 [110/12] via 10.218.67.1, 00:00:03, FastEthernet0/0 O IA 172.16.4.0/30 [110/2] via 10.218.67.1, 00:00:03, FastEthernet0/0 10.0.0.0/30 is subnetted, 1 subnets C 10.218.67.0 is directly connected, FastEthernet0/0

Which expected route is missing from Certkiller 1’s route table based on the topology during the maintenance period?’
A. o 172.16.0.0 [110/2] via 10.218.67.1, 00:00:09, FastEthernet0/0
B. o IA 9.152.105.122 [110/3] via 10.218.67.1, 00:00:09, FastEthernet0/0
C. o IA 10.138.0.0 [110/3] via 10.218.67.1, 00:00:09, FastEthernet0/0
D. o IA 10.249.0.0 [110/2] via 10.218.67.1, 00:00:09, FastEthernet0/0
E. o IA 4.249.113.59 [110/2] via 10.218.67.1, 00:00:09, FastEthernet0/0
F. o 8.187.175.82 [110/3] via 10.218.67.1, 00:00:09, FastEthernet0/0

Correct Answer: F Section: (none) Explanation
Explanation/Reference: Explanation:
In this case, the missing route is the route to the loopback IP address of Certkiller 2. This loopback IP address was used for the virtual link, which was needed when the backbone area became discontiguous. If this route was missing, the virtual link would then go down and cause the additional routes to be missing.
Exam J QUESTION 1

You study the network topology carefully, see exhibit. Then you connect to theSW-c ; issue the show spanning tree command. Please refer to the exhibit for the output. You are then required to answer the scenario questions using the information that is available.

Which spanning Tree Protocol has been implemented on SW-B?
A. STP/IEEE 802.1D
B. MSTP/IEEE 802.1s
C. PVST+
D. PVRST
E. None of the above

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:
802.1D has not been implemented since this is CST (Common Spanning Tree) which only allows one instance to be run at a time per Network. In this scenario there are multiple instances. It must be PVST+ since each instance only contains one VLAN.
QUESTION 2

You study the network topology carefully, see exhibit. Then you connect to theSW-c ; issue the show spanning tree command. Please refer to the exhibit for the output. You are then required to answer the scenario questions using the information that is available.

Which bridge ID belongs to SW-B?
A. 32928 000d bd33 029b
B. 24623 000f 34f5 039b
C. 32928 000d bd03 029b
D. 32768 000d bd33 029b
E. 32769 000d 65db 01dd
F. 32815 000d bd03 029b

Correct Answer: B Section: (none) Explanation
Explanation/Reference: Explanation:
Root ports are ports that point to the Root Bridge. In the exhibit, under VLAN 47 we see that fa0/2 is a root port for VLAN 47. Since we assume that all paths have equal cost we can gather that the root ports destination is the root bridge itself. In this case the Root Bridge for VLAN 47 isSW-B and according the exhibit the MAC address is 24623 000f 34f5 039b
QUESTION 3

You study the network topology carefully, see exhibit. Then you connect to theSW-c ; issue the show spanning tree command. Please refer to the exhibit for the output. You are then required to answer the scenario questions using the information that is available.

Which port role has interface Fa0/2 ofSW-A adopted for VLAN 47?
A. Root port
B. Nondesigned port
C. Designated port
D. Backup port
E. Alternate port

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Explanation:
Refer to Explanation for previous question. So far we know thatSW-B is the Root Bridge for VLAN 47. We also see thatSW-C is using fa0/2 as its root port. ThereforeSW-A will use fa0/1 for its Root port and fa0/2 will be designated since fa0/1 onSW-C is blocking. Note: If one segment of SPT is in blocking statusthe distantend port is not. Otherwise BPDUs could not be transmitted and would negate the redundancy.
QUESTION 4

You study the network topology carefully, see exhibit. Then you connect to theSW-c ; issue the show spanning tree command. Please refer to the exhibit for the output. You are then required to answer the scenario questions using the information that is available.

Which port state is interface Fa0/2 ofSW-B in for VLANs 1 and 160?
A. Listening
B. Learning
C. Disabled
D. Blocking
E. Forwarding
F. Discarding

Correct Answer: D Section: (none) Explanation
Explanation/Reference: Explanation:
For VLAN 1 and 160 we can conclude that the Root Bridge is SW-A. With this in mindSW-B will use fa0/1 for its root port and block the other since the Cost will be lower. In this case it will block fa0/2 for both VLANs (and most likely fa0/3 also sinceSW-D is using fa0/1 as its root port).
QUESTION 5

You study the network topology carefully, see exhibit. Then you connect to theSW-c ; issue the show spanning tree command. Please refer to the exhibit for the output. You are then required to answer the scenario questions using the information that is available.

Which bridge ID belongs to SW-A?
A. 32928 000d bd33 029b
B. 24623 000f 34f5 039b
C. 32928 000d bd03 029b
D. 32768 000d bd33 029b
E. 32769 000d 65db 01dd
F. 32815 000d bd03 029b

Correct Answer: E Section: (none) Explanation
Explanation/Reference: Explanation:
We see that in VLAN 1 and VLAN 160 that fa0/1 is the root port on SW-C. Aspreviously discussed we know that root ports point to the root bridge and assuming equal cost from switch to root and the fact that no other port is root for either VLAN thatSW-A is the Root Bridge and we can gleen the information for the exhibit which list the Bridge’s VLAN.
Flydumps Cisco 642-892 exam questions which contain almost 100% correct answers are tested and approved by senior lecturers and experts.The Microsoft-technet – Implementing Cisco 642-892 VCE and PDF give you the knowledge and the know how to affectively prepare for the Microsoft-technet that you will be tested on for Cisco 642-892 exam.