Author: newcertskey
Welcome to download the newest Dumpsoon 70-417 dumps:
I passed the Apple 9L0-510 exam this week with nearly 920 pts.I prepared myself with 140 Q&As, all questions from this dump.Apple 9L0-510 questions, 2hrs time limit.New questions in Exampass like “AD FS components in the environment”,“Windows PowerShell cmdlet ” “Office 365”.Just know all new Apple 9L0-510 questions you will be fine.
QUESTION 57
You are configuring NFS export settings for a share point that resides on a Mac OS X Server v10.6 computer. What does the “All to Nobody” mapping do?
A. It prohibits export of items and contents to users.
B. It creates the group, “Nobody”, that will be used for NFS access.
C. It tells the NFS server to identify all users by their client settings.
D. It provides all NFS users with the same file privileges as the “nobody” account.
Correct Answer: D
QUESTION 58
You have configured the folder at /Shared Items/Documents/ as an NFS share point on your Mac OS X Server at server.pretendco.com. Which URL should you provide to Mac OS X users to allow them to access the share point?
A. nfs://server.pretendco.com/
B. nfs://documents.server.pretendco.com/
C. nfs://server.pretendco.com/Documents/
D. nfs://server.pretendco.com/Shared Items/Documents/
Correct Answer: D
QUESTION 59
Which three actions can the FTP service in Mac OS X Server perform on requested files, before
transferring them?
Choose three – partial credit is possible.
A. Decrypt requested files
B. Encrypt requested files
C. Archive requested files
D. Compress requested files
E. Convert requested files to PDF
F. Encode requested files as MacBinary
Correct Answer: CDF
QUESTION 60
Using Server Admin in Mac OS X Server, which two options can be set for the FTP service? Choose two – partial credit is possible.
A. Enable anonymous access
B. Disable passive mode transfers
C. Maximum number of downloadable files per session
D. Maximum number of simultaneous authenticated users
E. Allow Challenge-Response Authentication Mechanism-MD5 (CRAM-MD5)
Correct Answer: AD
QUESTION 61
What protocol does Mac OS X Server v10.6 use to send email between mail servers?
A. POP
B. IMAP
C. MAPI
D. SMTP
E. XMPP
Correct Answer: D
QUESTION 62
What protocol does the Mail application in Mac OS X v10.6 use to send email from a client computer to a mail server for delivery?
A. POP
B. IMAP
C. LDAP
D. SMTP
E. XMPP
Correct Answer: D
QUESTION 63
You have set up multiple mail servers to receive email for your company. Which DNS record specifies the hostname of the mail server whose availability should be checked first when mail is being routed to an employee?
A. The A record with the priority number that is lowest
B. The A record with the priority number that is highest
C. The MX record with the priority number that is lowest
D. The MX record with the priority number that is highest
E. The PTR record with the priority number that is lowest
F. The PTR record with the priority number that is highest
Correct Answer: C
QUESTION 64
Which of these is a blacklist server?
A. A server that provides a list of known open relay servers
B. A server that blocks outgoing email to specified domains
C. A server that sends mail to a large recipient group simultaneously
D. A server that allows anyone to send email through it without authenticating
E. A server that provides a list of email addresses that are known sources of spam
Correct Answer: A QUESTION 65
Which tactic will reduce the disk space required by mail service in Mac OS X Server v10.6?
A. Enable the mail service option to compress all incoming file attachments.
B. Set a mail quota to limit the amount of mail stored for each user account.
C. Set an alternate mail store location on a striped and mirrored RAID partition.
D. Enable the “Archive mail database” option for the mail service in Server Admin.
Correct Answer: B
QUESTION 66
You are configuring users’ mail accounts in Workgroup Manager. Which option can you define for each user?
A. mail filter type
B. mail quota size
C. mail workgroup name
D. protocol each account will use to send mail to the server
Correct Answer: B
QUESTION 67
Using Server Admin you can configure a Mac OS X Server computer to send you an email notification when certain conditions occur. Which condition can trigger an email notification?
A. A software update is available for the server.
B. A user exceeds his or her assigned disk quota.
C. The number of users exceeds a specified limit.
D. The number of files on the server exceeds a specified limit.
Correct Answer: A
QUESTION 68
You have set up a Mac OS X Server computer to serve mail for a department at PretendCo. Because of security concerns, you want to make sure that your mail server only accepts mail from other mail servers on PretendCos network, which uses IP addresses 10.1.0.0 through 10.1.255.255. Which entry could you add to the list of addresses from which your server will accept relays?
A. 10.1.0.0/8
B. 10.1.0.0/16
C. 10.1.0.0/24
D. 10.1.0.0/32
Correct Answer: B
QUESTION 69
You want to restrict access to certain pages of a website to a specific group of users. How do you password protect just a portion of your website?
A. Create a realm for the folder where the protected pages reside.
B. Assign sole ownership permissions of the website’s Documents folder to the user “www”.
C. Using Server Admin, create a second website that uses port 8080. Set the “Web Folder” setting for the new website to point to the folder of restricted content.
D. Create a group with the specified users, then set the permissions for the folder containing the protected content so that its “Group” is this new group, and “Everyone” has no access.
Correct Answer: A QUESTION 70
You have set up a website for your users on a Mac OS X Server v10.6 computer. To prevent others from logging into the server and accessing the website files in the Finder, you changed the Everyone permissions for all of the website files to None, made yourself the owner of the website files, and assigned group ownership of the website files to a group containing only your account. Now when users try to access the website via a browser they see an “Access forbidden!” message. Which group should have been given read access to prevent this error?
A. admin
B. root
C. staff
D. wheel
E. _www
Correct Answer: E
QUESTION 71
Which statement about WebDAV is true?
A. You enable WebDAV for each website individually.
B. The URL to access a WebDAV server begins with “wdav://”.
C. You define the size of a WebDAV volume using Server Admin.
D. You can only connect to a WebDAV server using a web browser.
Correct Answer: A
QUESTION 72
Which two logs does the Mac OS X Server web service keep by default? Choose two.
A. Hits
B. Error
C. Access
D. Request
E. Throughput
Correct Answer: BC
QUESTION 73
You are managing the web service on a Mac OS X Server computer. The first website on the server is
configured as the default website. You want to add a second website with the address web.example.com,
which will publish documents stored in the WebDocs folder. You have created a DNS record for
web.example.com. What three additional steps must you complete in Server Admin in order to publish the
documents on the new website?
Choose three.
A. Enable proxy caching.
B. Add a new site from the Sites pane.
C. Create a realm for the WebDocs folder.
D. Select the WebDocs folder as the site’s web folder.
E. Change the new website’s Domain Name field to web.example.com.
F. Add a new realm to define browsing/authoring permissions for web.example.com.
Correct Answer: BDE
QUESTION 74
You are hosting the website www.pretendco.com on a Mac OS X Server computer. You have also configured a share point on Data, another volume on the server, to host networked home folders. A user with the short name alexander would like to access a website stored in his home folder on the server. What URL should he use?
A. http://www.pretendco.com/~alexander
B. http://www.pretendco.com/Users/alexander
C. http://www.pretendco.com/Data/Users/alexander
D. http://www.pretendco.com/Volumes/Data/Users/alexander
Correct Answer: A
QUESTION 75
Which statement best describes the wiki in Mac OS X Server v10.6?
A. A wiki is a website that is configured to provide access to mail accounts.
B. A wiki is a series of date-stamped and chronologically-ordered entries on a website hosted by Mac OS X Server v10.6.
C. A wiki is a folder on a website hosted by Mac OS X Server v10.6, with permissions that restrict access to the files it contains.
D. A wiki is a collection of web pages that can be edited in a web browser; the web pages allow members of a group to share information.
Correct Answer: D
QUESTION 76
Which statement about setting up a wiki on a Mac OS X Server v10.6 computer is true?
A. To allow a user to create a wiki, select the “Web Services” option in the Advanced pane for the user account in Workgroup Manager.
B. To enable a website on a Mac OS X Server v10.6 computer to host wikis, enable the wikiblog_module for the web service in Server Admin.
C. To allow members of a group to create a wiki, select the “Web Services” option in the Advanced pane for the group account in Workgroup Manager.
D. To enable a website on a Mac OS X Server v10.6 computer to host wikis, select the Wikis option in the Web Services pane for the website in Server Admin.
E. To enable all websites on a Mac OS X Server v10.6 computer to host wikis, enable the “Wikis and blogs” option in Web Services for the Settings pane for the web service in Server Admin.
Correct Answer: D
QUESTION 77
Which protocol do clients of the iCal service in Mac OS X Server v10.6 use to access calendar files on the server?
A. AFP
B. FTP
C. NFS
D. SMB
E. HTTP
Correct Answer: E
QUESTION 78
Which utility should you use on a Mac OS X v10.6 computer to create resources, such as rooms and projectors, in an LDAP directory so that those resources can be scheduled by iCal service users?
A. Directory
B. Address Book
C. Directory Utility
D. iCal Server Utility
Correct Answer: D QUESTION 79
What is the purpose of the federation feature in the Mac OS X Server v10.6 iChat service?
A. To allow admin users to send instant messages to all members of a given group
B. To allow iChat service users to chat with users of other instant messaging services
C. To automatically add all members of a group to the iChat buddies list for each group member
D. To allow users from different directory servers, including Active Directory, to use the iChat service
Correct Answer: B QUESTION 80
How do you configure the iChat service hosted on a Mac OS X Server v10.6 computer to allow only the members of a specific group account to use the iChat service?
A. In Workgroup Manager, select the group account, and turn on the iChat Account option in the Advanced pane.
B. In Server Admin, in the Settings pane of the iChat service for the server, add the allowed group account to the Allow Access list.
C. In Workgroup Manager, select all of the allowed user accounts in the group, and turn on the iChat Account option in the Advanced pane.
D. In Server Admin, in the Services pane of the Access section for the server, select the iChat service, and add a group that contains all of the allowed users to the “Allow only users and groups below” list.
Correct Answer: D QUESTION 81
Apple 9L0-510 exam sample questions replies by FLYDUMPS save your valuable regular classrooms instruction prerequisites. To get your current Apple 9L0-510 examination know-how in addition to expertise to your suitable stage, you should need to take FLYDUMPS Apple 9L0-510 exam sample questions. FLYDUMPS Apple 9L0-510 exam sample questions are available to an individual wherever. All of Apple 9L0-510 questions and answers are generally kept up to date while using modifying, FLYDUMPS immediately so you’re able to be reassured that you typically incomparable your current Apple 9L0-510 by using most recent Apple 9L0-510 exam in addition to Apple 9L0-510 exam sample questions, most significantly, many of us present FLYDUMPS own Apple 9L0-510 test for cost-effective price points for the benefit.
Welcome to download the newest Dumpsoon 70-417 dumps: http://www.dumpsoon.com/70-417.html
http://www.bsabio.org/ibm-a4040-332-self-study-free-download-real-ibm-a4040-332-practice-questions-latest-version-pdfvce/
Welcome to download the newest Examwind 2V0-641 dumps:
Achieving the Cisco 642-384 certification is the goal of many IT & Network professionals. The passing rate of the Cisco 642-384 Test is incredibly low. The purpose of Flydumps Cisco 642-384 practice test is to promote Cisco 642-384 Certification. It’s surely not an easy task to do but doing the Cisco 642-384 Training by using our Cisco 642-384 exam sample questions will ensure and encourage that you can earn the Cisco 642-384 Certification. You don’t have to worry about passing your Cisco 642-384 exam or completing the latest Cisco 642-384 Exam Objectives anymore because Flydumps Cisco 642-384 exam sample questions do it all for you.
QUESTION 109
You are configuring a VLAN and the switch you are using requires that you do so within the VLAN database. Which command allows you to enter the VLAN database?
A. Switch#vlan database
B. Switch (config)# vlan database
C. Switch (config-if)# vlan database
D. Switch (vlan)# vlan database
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 110
Which two statements best describe the wireless core feature set using autonomous access points when implementing repeater topology? (Choose two.)
A. RF overlap between access points should be 10 to 15 percent with unique channels configured.
B. RF overlap between primary and repeater access points should be 10 to 15 percent with the same channel configured.
C. RF overlap between primary and repeater access points should be 50 percent with the same channel configured
D. RF overlap between primary and repeater access points should be 50 percent with unique channels configured.
E. Clients that are associated with the repeater access point will have 10 to 15 percent less data throughput than clients that are associated with the primary root access point.
F. Clients that are associated with the repeater access point will have 50 percent less data throughput than clients that are associated with the primary root access point
Correct Answer: CF Section: (none) Explanation
Explanation/Reference:
QUESTION 111
:Refer to the exhibit. The Cisco Aironet 802.1 la/b/g Wireless LAN Client Adapter has two LEDs. Which two LED states indicate that the card is associated to an access point and is working properly? (Choose two.)
A. green LED off; amber LED solid
B. green LED off; amber LED blinking sporadically
C. green LED blinking quickly: amber LED blinking quickly
D. green LED blinking slowly, amber LED blinking slowly
E. green LED blinking slowly; amber LED blinking quickly
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 112
Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager configuration of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the sitE.to-site VPN between Router A and Router B. What is the mostly likely cause of this fault?
A. The IPSec and IKE encryption methods do not match. They all have to be either 3DES or AES.
B. Router A is using a standard IP ACL (100-149) while Router B is using a turbo ACL (150-199).
C. The D.H Group settings on the two routers are set to group 2. They must be set to group 1 for SHA. 1.
D. The IPSec policy map names on the two routers do not match. They must be the same on both routers.
E. The IPSec rules on the two routers are not permitting the correct interesting traffic
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 116
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1.
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 118
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 119
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation Explanation/Reference:
QUESTION 120
Which command can be used to verify that RIPv2 is running on a router?
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 121
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 123
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 124
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 125
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 126
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 127
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 128
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 129
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 131
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A and Router B. Given the debug output on Router A, which two statements are true? (Choose two.) Router A= debug eigrp packets . m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
Easiest way to get Cisco 642-384 certification is to log on to the Cisco 642-384 FLYDUMPS and purchase the Cisco 642-384 exam sample questions to do Cisco 642-384 exam questions and answers to obtain your Cisco 642-384 certification. FLYDUMPS Cisco 642-384 Exam is paired with Cisco 642-384 for use on simulator. To help with these preparations there are plenty of FLYDUMPS Cisco 642-384 exam sample questions available on the Internet that can dispel all these fears and nervousness. These Cisco 642-384 Exam Questions range from the official Cisco 642-384 Certification Training courses and official Cisco 642-384 Certification Self Study Training Guides from Cisco 642-384 Press, to the FLYDUMPS Cisco 642-384 exam sample questions.
Welcome to download the newest Examwind 2V0-641 dumps: http://www.examwind.com/2V0-641.html
http://www.maeeonline.org/isaca-cisa-practice-test-provide-latest-isaca-cisa-exam-demo-with-the-knowledge-and-skills/
Welcome to download the newest Examwind 642-384 dumps:
We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials.
This Blog provides you everything you will need to take a certification examination and Exam Preparation Material. Like actual certification exams, our Practice Tests are in Flydumps Our Cisco 642-384 Exam will provide you with exam questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the Cisco 642-384 Exam:100% Guarantee to Pass Your Cisco 642-384 exam and get your EMC certification.
QUESTION 113
OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. incorrect distribute lists have been configured
D. No default metric has been configured for EIGRP
E. Theip classless command is missing.
F. There are mismatched autonomous system numbers.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 114
Which two statements best describe the wireless implementation of Cisco Aironet root and non- root bridging? (Choose two.)
A. Point-to-point access points can be used if one is root and the other is non-root.
B. WGB can be used with an access point if the distance is less than one mile
C. Root mode must be enabled only on one side in a point-to-point link to intemperate with other vendors and comply with 802.11
D. Up to 17 non-root bridges can associate to a root bridge
E. Point-to-point WGB can be used if total number of PCs is fewer than eight. The neighbor 10.1.1.1 is the BDR
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 115
CORRECT TEXT
Refer to the exhibit. Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about what is displayed? (Choose two.) Answer: C, D
QUESTION 116
The customer wants to implement wireless security through implementation of WPAv2. Which component of WPAv2 would limit the rollout because of the continued use of old access points?
“Pass Any Exam. Any Time.” – www.actualtests.com 43 Cisco 642-384: Practice Exam
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 117
A company needs to provide sitE.to-site VPN, remote access VPN, and firewall protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 118
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about using Cisco Router and Security Device Manager (SDM) to configure the OSPF routing protocol? (Choose two.) Answer: B, E
QUESTION 119
Refer to the exhibit. R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1. “Pass Any Exam. Any Time.” – www.actualtests.com 44 Cisco 642-384: Practice Exam
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in the hello packets that it is receiving from R1
E. R2 has an access list defined for SO that is blocking an OSPF multicast IP address of 224.0.0.5.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: QUESTION 120
Which two features are only supported when using the Cisco Router and Security Device Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. Custom inspection rules
E. proxy authentication
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 121
:When troubleshooting poor network performance, which two symptoms would typically be associated with a network layer problem? (Choose two.)
A. Packet loss is more than 30 percent
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 122
Which command can be used to verify that RIPv2 is running on a router?
“Pass Any Exam. Any Time.” – www.actualtests.com 45 Cisco 642-384: Practice Exam
A. show startup-config
B. show ip route
C. showip route rip
D. Show ip protocols
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or a Cisco Integrated Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a CiscoAironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 124
You have just configured and enabled the Cisco IOS Firewall feature set from a remote location using the Cisco Router and Security Device Manager (SDM) Firewall wizard. You later want to doublE. check your configuration using Cisco SDM. However, you find that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You must additionally specify the Cisco SDM management port number to gain access when the configuration has been applied.
B. You have not generated an RSA key pair between the host and device to allow secure access via Cisco SDM.
C. You have been locked out via access lists mat nave been applied to the router as a result of your Cisco SDM configuration.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for allowed management connections. “Pass Any Exam. Any Time.” – www.actualtests.com 46 Cisco 642-384: Practice Exam
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 125
An 802.11 b telephone is receiving an audio signal from an access point, but cannot send audio. What is a possible cause?
A. the RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 127
Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP. You should check the configuration of which command or commands when attempting to resolve this problem?
A. There is no ip http secure-server
B. There is ip http authentication local
C. There is linevty 0 5 login local
D. There isaaa new-model
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 128
When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+ use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use onE.time password
E. local use local database
F. default: use line password
Correct Answer: ABCE Section: (none) Explanation
Explanation/Reference:
QUESTION 129
CORRECT TEXT
Which two statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about OSPF in a multiarea environment? (Choose two.) Answer: C, D
“Pass Any Exam. Any Time.” – www.actualtests.com 48 Cisco 642-384: Practice Exam
QUESTION 130
You have just configured HSRP and need to determine which router is active. Which command should you enter?
A. show ip hsrp active
B. show standby active
C. show star
D. show active
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 131
A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began experiencing link problems.
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with a lower loss.
B. Upgrade to an 802.11a radio.
C. Install a higher gain antenna.
D. Increase the transmitter power.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 132
CORRECT TEXT Which three statements are
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: : about the IEEE 802.3af Power over Ethernet standard? (Choose three.) Answer: A, C, E
QUESTION 133
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these might have caused this problem? (Choose two.)
“Pass Any Exam. Any Time.” – www.actualtests.com 49 Cisco 642-384: Practice Exam
A. Theip https server command is missing from the running configuration.
B. The ip http securE.server command is missing from the running configuration
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Which two statements best describe the wireless core feature set using autonomous access points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points through multicast
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A
and Router B. Given the debug output on Router A, which two statements are true? (Choose two.)
Router A= debug eigrp packets
. m .
01:39:13:
EIGRP: Received HELLO on SerialQ 0 nbr 10.1.2.2
01:39:13:
AS 100, Flags 0x0, Seq 0/0 idbQ 00 iidbQ un/rely 0/0 peerQ un/rely 0/0
01:39:13:
K-value mismatch
A.
Router A received a hello packet with mismatched autonomous system numbers.
B.
Router A received a hello packet with mismatched hello timers.
C.
Router A received a hello packet with mismatched authentication parameters.
D.
Router A received a hello packet with mismatchedmetriC.calculation mechanisms
E.
Router A will form an adjacency with Router B.
F.
Router A will not form an adjacency with Router B “Pass Any Exam. Any Time.” – www.actualtests.com 50 Cisco 642-384: Practice Exam
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Which command assigns a cost value of “17” to a switch port?
A. spanning-tree interfacefastethernet 5/8 17
B. spanning-treeportcost 17
C. spanning-treeportcost 17
D. spanning-treevlan 1 cost 17
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 137
You have configured and applied a Cisco IOS Firewall access rule to the inbound, untrusted interface. You suspect that the rule may be blocking necessary traffic onto the network. What must you do to delete that rule when using Cisco Router and Security Device Manager?
A. Select ACL Editor > Access Rules to delete the rule.
B. You must remove the association between the rule and the interface before deleting the rule
C. You must delete the associated access list on the interface, then reconfigure the access list as required, and then reapply the access group to the proper interface.
D. Go to the Edit Firewall Policy tab to delete the rule.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 138
A customer in Europe needs to establish an 11-Mbps wireless bridge link between two office buildings that are approximately 1.3 km apart. The wireless link will pass through a public park, which contains a lake that is surrounded by trees. You run the range calculation and determine that the Cisco Aironet 1300 Series Outdoor Access Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to establish or maintain a link.
What is needed to successfully complete this link?
A. An amplifier needs to be installed at one of the sites.
B. The antenna must be raised high enough to clear the trees
C. Lower loss cabling needs to be used to bring the EIRP into legal limits. “Pass Any Exam. Any Time.” – www.actualtests.com 51 Cisco 642-384: Practice Exam
D. Due to the trees, a 21-dBi dish needs to be used for its narrower beam width.
Correct Answer: B Section: (none) Explanation
Explanation/Reference
Cisco 642-384 Certification is indeed the top most qualification from FLYDUMPS, providing a string of highly qualified professionals to the industry. The exam board has a tough time maintaining a certain quality of professionalism in the industry and these examinations are a step towards elimination of third-class knowledge. The fact that FLYDUMPS knows does not make a difference. The Cisco 642-384 exam sample questions are made to introduce a change in IT for the better and change is what is coming to IT. It is well known that HP HP2-Z28 Certification exam test is the hot exam of Cisco 642-384 certification. FLYDUMPS offer you all the Q&A of the Cisco 642-384 real test. It is the examination of the perfect combination and it will help you pass Cisco 642-384 exam at the first time.
Welcome to download the newest Examwind 642-384 dumps: https://www.pass4itsure.com/642-384.html
http://www.maeeonline.org/hfma-chfp-dumps-sale-best-hfma-chfp-practice-test-sale/
Welcome to download the newest Examwind JN0-360 dumps:
Each Answers in CheckPoint 156-210 study guides are checked by the concerned professional to provide you the best quality dumps. If you are looking to get certified in short possible time, you will never find quality product than Flydumps.
QUESTION 127
As a firewall administrator you encounter the following you error message:
Authentication for command failed.
What is the most logical reasoning for thus type of error message?
A. The Rule Base has been corrupted.
B. The kernel cannot communicate with the management module.
C. The administrator does not have the ability to push the policy.
D. Remote encryption keys cannot be fetched.
E. Client authentication has failed.
Correct Answer: B
QUESTION 128
Your customer has created a rule so that every time a user wants to go to the Internet, that user must be authenticated. Firewall load is a concern for the customer. Which authentication method does not result in any additional connections to the firewall?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: A
QUESTION 129
What variable is used to extend the interval of the Timeout in a NAT to prevent a hidden UDP connection from losing its port?
A. Fwx_udp_todefaultextend.
B. Fwx_udp_expdefaultextend.
C. Fwx_udp_todefaultext
D. Fwx_udp_timeout.
E. Fwx_udp_expiration.
Correct Answer: D
QUESTION 130
To hide data filed in the log viewer:
A. Select Hide from the Log Viewer menu.
B. Right-click anywhere in a column of the Log Viewer GUI and select Show Details.
C. Right-click anywhere in the column of the Log Viewer GUI and select Disable.
D. Right-click anywhere in the column of the Log Viewer GUI and select Hide.
E. Select Hide from the Log Viewer tool bar.
Correct Answer: D
QUESTION 131
You are following the procedure to setup user authentication for TELNET to prompt for a distinct destination. This allows the firewall to simulate a TELNET Proxy. After you defined the user on the Firewall and use VPN-1/FireWall-1 Authentication, you would:
A. Stop the Firewall.
B. Restart the Firewall.
C. Start the Policy Editor and go to Manage service, and edit TELNET service.
D. Ensure that the Authentication method is enabled in the firewall object.
E. Ensure that there are no existing rules already allowing TELNET.
Correct Answer: D
QUESTION 132
You have the VPN-1/Firewall-1 NG product installed. The following Rule Base order correctly implements Implicit Client Authentication fort HTTP. No. SOURCE DESTINATION SERVICE ACTION 1 All *Any TCP ftp User Auth Users@localnet 2 All Users@localnet *Any TCP http User Auth
A. True
B. False
Correct Answer: B
QUESTION 133
What is the software package through which all Check Point products use infrastructure services?
A. Cpstart/cpstop.
B. Check Point Registry.
C. CPD
D. Watch Dog for critical services.
E. SVN Foundation.
Correct Answer: E
QUESTION 134
Choose the BEST response to finish this statement. A Firewall:
A. Prevents unauthorized to or from a secured network.
B. Prevents unauthorized to or from a unsecured network.
C. Prevents authorized access to or from an Intranet.
D. Prevents authorized access to or from an Internet.
E. Prevents macro viruses from infecting the network.
Correct Answer: A
QUESTION 135
Where is the external if file located in VPN1/Firewall-1 NG?
A. FWDIR conf directory.
B. Database directory.
C. State directory.
D. Temp Directory.
E. Not used in VPN1/Firewall-1 NG.
Correct Answer: E
QUESTION 136
Which log viewer mode allows you to actually see the contents of the files HTTP-ed by the corporation’s Chief Executive Officer?
A. Security Log.
B. Active Connections Log.
C. Accounting Log.
D. Administrative Log.
E. None of the above.
Correct Answer: E
QUESTION 137
When you select the alert radio button on the topology tab of the interface properties window:
A. The action specified in the Action element of the Rule Base is taken.
B. The action specified in the Anti-Spoofing Alert field in the Global properties window is taken.
C. The action specified in the Pop up Alter Command in the Global properties window is taken.
D. Both A and B.
E. Both B and C.
Correct Answer: E
QUESTION 138
You are the firewall administrator with one management server managing one firewall. The system status displays a computer icon with a ‘!’ symbol in the status column. Which of the following is the most likely cause?
A. The destination object has been defined as external.
B. The Rule Base is unable to resolve the IP address.
C. The firewall has been halted.
D. The firewall is unprotected, no security policy is loaded.
E. Nothing is wrong.
Correct Answer: D
QUESTION 139
System Administrators use session authentication when they want users to:
A. Authenticate each time they use a supported service.
B. Authenticate all services.
C. Use only TENET, FTP, RLOGIN, and HTTP services.
D. Authenticate once, and then be able to use any service until logging off.
E. Both B and D
Correct Answer: B
QUESTION 140
Your customer has created a rule so that every time a user wants to go to Internet, that user must be authenticated. The customer requires an authentication scheme that provides transparency for the user and granular control for the administrator. User must also be able to log in from any location. Based on this information, which authentication schemes meets the customer’s needs?
A. Session
B. User
C. Client
D. Dual
E. Reverse
Correct Answer: B QUESTION 141
Implementing Dynamic NAT would enable an internal machine behind the firewall to act as an FTP Server for external clients.
A. True
B. False
Correct Answer: B QUESTION 142
The Enforcement Module (part if the VPN-1/FireWall-1 Module):
A. Examines all communications according to an Enterprise Security Policy.
B. Is installed on a host enforcement point.
C. Can provide authentication and Content Security features at the application level.
D. Us usually installed on a multi-homed machine.
E. All of the above.
Correct Answer: E QUESTION 143
In most cases when you are building the Rule Base you should place the Stealth Rule above all other rules except:
A. Clean up rules.
B. Implicit Riles.
C. Client Authentication Rules.
D. Pseudo Rules.
E. Default Rules.
Correct Answer: C QUESTION 144
If you change the inspection order of any of the implied rules under the Security Policy Setup, does it change the order in which the rules are enforced?
A. True
B. False
Correct Answer: A QUESTION 145
The fw fetch command allows an administrator to specify which Security Policy a remote enforcement module retrieves.
A. True
B. False
Correct Answer: A
QUESTION 146
You can edit VPE objects before they are actualized (translated from virtual network objects to real).
A. True
B. False.
Correct Answer: B
QUESTION 147
Stateful inspection is a firewall technology introduced in Checkpoint VPN-1/Firewall-1 software. It is designed to meet which if the following security requirements?
1.
Scan information from all layers in the packet.
2.
Save state information derived from previous communications, such as the outgoing Port command of an FTP session, so that incoming data communication can be verified against it.
3.
Allow state information derived from other applications access through the firewall for authorized services only, such as previously authenticated users.
4.
Evaluate and manipulate flexible expressions based on communication and application derived state information.
A. 1, 2, 3
B. 1, 3, 4
C. 1, 2, 4
D. 2, 3, 4
E. 1, 2, 3, 4
Correct Answer: E
QUESTION 148
If the security policy editor or system status GUI is open, you can open the log viewer GUI from the window menu.
A. True
B. False
Correct Answer: A
QUESTION 149
NAT can NOT be configured on which of the objects?
A. Hosts
B. Gateways
C. Networks
D. Users
E. Routers
Correct Answer: D
QUESTION 150
Your customer has created a rule so that every user wants to go to Internet, that user must be authenticated. Which is the best method of authentication for users who must use specific computers for Internet access?
A. Session
B. User
C. Client
D. Connection
E. None of the above.
Correct Answer: C
QUESTION 151
Which of the following describes the behavior of VPN-1/Firewall-1 NG?
A. Traffic not expressly prohibited is permitted.
B. Traffic not expressly permitted is prohibited.
C. TELNET, SMTP and HTTP are allowed by default.
D. Secure connections are authorized by default, unsecured connections are not.
E. All traffic is controlled by explicit rules.
Correct Answer: B
QUESTION 152
New users are created from templates. What is the name of the standard template from which you would create a new user?
A. New
B. User
C. Group
D. Standard User.
E. Default
Correct Answer: E
QUESTION 153
In a distributed management environment, the firewall administrator has removed the default check from Accept VPN-1/Firewall-1 control connections under the Security Policy tab of the properties setup dialogue box. In order for the management module and the Firewall to communicate, you must create a rule to allow the Management Module to communicate to the firewall on which port?
A. 80
B. 256
C. 259
D. 900
E. 23
Correct Answer: B
QUESTION 154
What is the command for installing a Security Policy from a *.W file?
A. Fw gen and then the name of the .W file.
B. Fw load and then the name of .W file.
C. Fw regen and then the name of the .W file.
D. Fw reload and then the directory location of the .W file.
E. Fw import and then the name of the .W file.
Correct Answer: B
QUESTION 155
In the Check Point Configuration Too, you create a GUI administrator with Read Only privileges. This allows the Firewall-1 administrator for the authorized GUI client (GUI workstation) privileges to change network object, and create and install rules.
A. True
B. False
Correct Answer: B QUESTION 156
Hybrid Authentication allows VPN-1/Firewall-1 NG to authenticate SecuRemote/SecureClient, using which of the following?
A. RADIUS
B. 3DES
C. TACACS
D. Any authentication method supported by VPN-1/Firewall-1.
E. Both A and C.
Correct Answer: D QUESTION 157
In order to install a new Security Policy on a remote firewall, what command must be issued on the remote firewall?
A. Fw unload all all.
B. Fw load new.
C. Cp clear policy.
D. None of the above, the command cp policy remove is issued from the manager.
E. None of the above, the new policy will automatically overwrite the existing policy.
Correct Answer: E QUESTION 158
As a firewall administrator if you want to log packets dropped by “implicit drop anything not covered” rules, you must explicitly define a Clean-up rule. This must be the last rule in the rule base.
A. True
B. False
Correct Answer: A QUESTION 159
Fully Automatic Client authentication provides authentication for all protocols, whether supported by these protocols or not.
A. True
B. False
Correct Answer: A QUESTION 160
VPN-1/Firewall-1 NG differs from Packet filtering and Application Layer Gateways, because?
A. VPN-1/Firewall-1 NG provides only minimal logging and altering mechanism.
B. VPN-1/Firewal-1 NG uses Stateful inspection which allows packet to be examined at the top of the layers of the OSI model.
C. VPN-1/Firewall-1 NG has access to a limited part of the packet header only.
D. VPN-1/Firewall-1NG requires a connection from a client to a firewall and firewall to a server.
E. VPN-1/Firewall-1 NG has access to packets passing through key locations in a network.
Correct Answer: B
QUESTION 161
AlphaBravo Corp has 72 privately addressed internal addresses. Each network is a piece of the 10-net subnetted to a class C address. AlphaBravo uses Dynamic NAT and hides all of the internal networks behind the external IP addresses of the Firewall. The Firewall administrator for AlphaBravo has noticed that policy installation takes significantly longer since adding all 72 internal networks to the address translation rule. What should the Firewall administrator do to reduce the time it takes to install a policy?
A. Create an object for the entire 10-net and use the object for the translation rule instead of the individual network objects.
B. Use automatic NAT rule creation on each network object. Hide the network behind the firewall’s external IP addresses.
C. Match packets to the state table, so packets are not dropped. Increase the size of the NAT tables.
D. Reinstall the Firewall and Security Policy Editor. The policy is corrupting Firewall’s binaries.
E. Increase the size of state table. Use automatic NAT rule creation to hide the networks behind an IP address other than firewall’s external IP.
Correct Answer: A
QUESTION 162
How does VPN-1/Firewall-1 NG implement Transparent authentication?
A. Unknown user receive error messages indicating that the firewalled gateway does not know the user names on the gateway.
B. VPN-1/Firewall-1 NG prompts for user names even through the authentication data may not be recognized by the firewall’s user database.
C. VPN-1/Firewall-1 NG allows connections, but hides the firewall from authenticated users.
D. Unknown users error messages indicating that the host does not know the users names on the server.
E. VPN-1/Firewall-1 NG does not allow connections from users who do not know the name of the firewall.
Correct Answer: C
QUESTION 163
When creating user authentication rule, select intersect with user database for source and destination to allow access according to the source specified in the rules.
A. True
B. False
Correct Answer: B
QUESTION 164
A connection initiated by the client in the figure below will be hidden behind the IP address of the interface
through which the connection was routed on the server side if the gateway (behind either interface 2 or
interface 3). Specifying 0.0.0.0 as the address is convenient because of network address translation (NAT)
is performed dynamically. And if the IP addresses of the gateway are changed, it is not necessary to
reconfigure the NAT parameters.
Which of the following is true about the following figure?
A. A connection initiated by the client will be hidden behind the IP address of the exit interface.
B. A connection initiated by the server will be hidden behind the IP address of the exit interface.
C. A connection initiated by the server will be hidden by the IP address of the client.
D. Source addresses of outbound packets from the client will be translated to 0.0.0.0.
E. Source addresses of outbound packets from the server will be translated to 0.0.0.0.
Correct Answer: A QUESTION 165
Which if the following statements about Client Authentication are FALSE?
A. In contrast to User Authentication, which allows access per user, Client Authentication allows access per ID address.
B. Authentication is by user name and password, but is the host machine (client) that is granted access.
C. Client Authentication is more secure than User Authentication, because it allows multiple users and connections from an authorized IP address or host.
D. Client Authentication enables administration to grant access privileges to a specific IP address after successful authentication.
Correct Answer: C QUESTION 166
When you make a rule, the rule is not enforces as part of your Security Policy.
A. True
B. False
Correct Answer: B QUESTION 167
Which of the following user actions would you insert as an INTERNAL Authentication scheme?
A. The user enters the security dynamics passcode.
B. The user prompted for a response from the RADIUS server.
C. The user prompted for a response from the AXENT server.
D. The user prompted for a response from the TACACS server.
E. The user enters an operating system account password.
Correct Answer: E QUESTION 168
When configuring Static NAT, you cannot map the routable IP address to the external IP address of the Firewall if attempted, the security policy installation fails with the following error “rule X conflicts with rule Y”.
A. True
B. False
Correct Answer: A QUESTION 169
The advantage of client authentication is that it can be used for any number of connections and for any services, but authentication is only valid for a specified length of time.
A. True
B. False Correct Answer: B QUESTION 170
You have set up Static NAT on a VPN-1/Firewall-1 to allow Internet traffic to an internal web server. You notice that any HTTP attempts to that machine being dropped in the log due to rule 0. Which of the following is the most likely cause?
A. Spoofing on the internal interface us set to Network defined by Interface IP and Net Mask.
B. Spoofing on the external interface is set to Not Defined.
C. You do NOT have a rule that allows HTTP access to the internal Web Server.
D. You do NOT have a rule that allows HTTP from the Web Server to Any destination.
E. None of the above.
Correct Answer: C QUESTION 171
As a firewall administrator, you are required to create VPN-1/Firewall-1 users for authentication. When you create a user for user authentication, the data is stored in the?
A. Inspect Engine.
B. Rule base.
C. Users database
D. Rulebase fws file
E. Inspect module.
Correct Answer: C QUESTION 172
If users authenticated successfully, they have matched the User and Authentication rule restriction of the user group to which they belong.
A. True
B. False
Correct Answer: A QUESTION 173
The only way to unblock BLOCKED connections by deleting all the blocking rules from the Rule base.
A. True
B. False
Correct Answer: B QUESTION 174
When you perform a cp fetch, what can you expect from this command?
A. Firewall retrieves the user database from the tables on the Management Module.
B. Firewall retrieves the inspection code from the remote Management Module and installs it to the kernel.
C. Management module retrieves the IP address of the target specified in the command.
D. Management module retrieves the interface information for the target specified in the command.
E. None of the above.
Correct Answer: B QUESTION 175
Each incoming UDP packet is locked up in the list of pending connections. Packets are delivered if they are _________.
A. A request.
B. A response to a request.
C. Source routed.
D. Allowed by the Rule Base.
E. Both B and D.
Correct Answer: E
QUESTION 176
Assume an NT system. What is the default expiration for a Dynamic NAT connection NOT showing any TCP activity?
A. 30 Seconds.
B. 60 Seconds.
C. 330 Seconds.
D. 660 Seconds.
E. 3600 Seconds.
Correct Answer: E
Buying all CheckPoint 156-210 exam sample questions can guarantee you to pass your first CheckPoint 156-210 exam. If you do not pass the exam,FLYDUMPS will full refund to you. You can also free online download the part of FLYDUMPS’s CheckPoint 156-210 exam practice questions and answers as a try. After your understanding of our reliability, I believe you will quickly add FLYDUMPS’s CheckPoint 156-210 exam sample questions to your cart. FLYDUMPS will achieve your dream. FLYDUMPS is a website to achieve dreams of many IT people. FLYDUMPS provide candidates participating in the IT certification exams the information they want to help them pass the CheckPoint 156-210 exam.
Welcome to download the newest Examwind JN0-360 dumps: http://www.examwind.com/jn0-360.html
http://www.maeeonline.org/sap-c-hanatec-1-preparation-materials-provides-best-sap-c-hanatec-1-test-engine-with-100-pass-rate/
Welcome to download the newest Examwind 700-505 dumps:
Flydumps offers the first-hand Cisco 642-812 exam real questions and answers, by train the latest Cisco 642-812 PDF and VCE dumps,you will well prepare for the Cisco 642-812 exam. Visit Flydumps.com to get free new version for training.
QUESTION 156
Given the following configuration on a switch interface, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port? switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002 switchport port-security violation shutdown
A. The port will shut down.
B. The host will be allowed to connect. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
C. The host will be refused access.
D. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 157
In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Choose three.)
A. STP
B. CDP
C. EAP MD5
D. TACACS+
E. EAP-over-LAN
F. protocols not filtered by an ACL
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 158
When you issue a command show port 3/1 on an Ethernet port, you observe the Giants column has a non-zero entry. What could cause this?
A. IEEE 802.1Q
B. IEEE 802.10
C. misconfigured NIC
D. user configuration
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 159
Which VTP information does a Catalyst switch advertise on its trunk ports when using VTP? (Choose two.)
A. VTP mode
B. STP root status
C. negotiation status
D. management domain
E. configuration revision number
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 160
What are two benefits provided in VTP Version 2 but NOT in VTP Version 1? (Choose two.)
A. supports Token Ring VLANs
B. allows VLAN consistency checks
C. saves VLAN configuration memory
D. reduces the amount of configuration necessary
E. allows active redundant links when used with spanning tree
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 161
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two.)
A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 162
Refer to the exhibit. PCs in VLAN 2 are not able to communicate with PCs in VLAN 3. What could be
the cause?
A. IP routing is not enabled.
B. VTP is not configured correctly on the interfaces.
C. The command mls rp management-interface is missing.
D. The command mls rp ip must be disabled to enable the routing.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 163
Which three statements are true of the Link Aggregation Control Protocol (LACP)? (Choose three.)
A. LACP is used to connect to non-Cisco devices.
B. LACP packets are sent with the command channel-group 1 mode desirable.
C. LACP packets are sent with the command channel-group 1 mode active.
D. Standby interfaces should be configured with a higher priority.
E. Standby interfaces should be configured with a lower priority.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 164
Refer to the exhibit. A workstation PC is connected to the Cisco IP phone access port. Based on the
configuration in the exhibit, how will the traffic be managed?
A. The IP phone access port will override the priority of the frames received from the PC.
B. The IP phone access port will trust the priority of the frames received from the PC.
C. The switch port Fa0/4 will override the priority of the frames received from the PC.
D. The switch port Fa0/4 will trust the priority for the frames received from the PC.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 165
Refer to the exhibit. A trunk link is connected between switch A_SW and switch D_SW. Based on the
configuration shown in the exhibit, how would the traffic coming from the switch A_SW be managed?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames coming from the IP phone.
B. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames received on the IP phone.
C. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames coming from port Fa0/1 on A_SW.
D. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the A_SW switch port Fa0/4.
E. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the IP phone port.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 166
Which option correctly identifies the Cisco IOS switching methods in descending order from the fastest
method to the slowest method?
A. CEF, distributed CEF (dCEF), fast switching, process switching
B. distributed CEF (dCEF), CEF, fast switching, process switching
C. fast switching, process switching, distributed CEF (dCEF), CEF
D. process switching, fast switching, distributed CEF (dCEF), CEF
E. process switching, distributed CEF (dCEF), CEF, fast switching
F. process switching, CEF, distributed CEF (dCEF), fast switching TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 167
What will occur when a nonedge switch port that is configured for Rapid Spanning Tree does not
receive a BPDU from its neighbor for three consecutive hello time intervals?
A. RSTP information is automatically aged out.
B. The port sends a TCN to the root bridge.
C. The port moves to listening state.
D. The port becomes a normal spanning tree port.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 168
Refer to the exhibit. Why does the trust state of interface FastEthernet 0/3 show “not trusted”?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. DSCP map needs to be configured for VOIP.
B. ToS has not been configured.
C. ToS has been misconfigured.
D. The command mls qos needs to be turned on in global configuration mode.
E. There is not a Cisco Phone attached to the interface.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 169
What two things will occur when an edge port receives a BPDU? (Choose two.)
A. The port immediately transitions to the Forwarding state.
B. The switch generates a Topology Change Notification (TCN) BPDU.
C. The port immediately transitions to the err-disable state.
D. The port becomes a normal STP switch port.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 170
What two pieces of information will the show vlan id 5 command display? (Choose two.)
A. VLAN information on port 0/5
B. ports in VLAN 5
C. MTU and type
D. utilization
E. filters
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 171
Based on the network diagram and routing table output in the exhibit, which of these statements is
true?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
B. InterVLAN routing will not occur since no routing protocol has been configured.
C. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
D. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: QUESTION 172
What is the default VTP advertisement for subset advertisements in Catalyst switches that are in server or client mode?
A. 5 seconds
B. 10 seconds
C. 30 seconds
D. 1 minute
E. 5 minutes
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 173
Refer to the exhibit. Based upon the debug output that is shown, which three statements about HSRP
are true? (Choose three.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The final active router is the router with IP address 172.16.11.111.
B. The router with IP address 172.16.11.111 has preempt configured.
C. The priority of the router with IP address 172.16.11.112 is preferred over the router with IP address
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 174
16.11.111.
A. The IP address 172.16.11.115 is the virtual HSRP IP address.
B. The router with IP address 172.16.11.112 has nonpreempt configured.
C. The router with IP address 172.16.11.112 is using default HSRP priority.
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 175
What must be configured on a Cisco switch in order to advertise VLAN information?
A. VTP password
B. VTP domain name
C. VTP revision number
D. VTP mode
E. VTP pruning
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 176
Which describes the default load balancing scheme used by the Gateway Load Balancing Protocol
(GLBP)?
A. per host basis using a round-robin scheme
B. per host basis using a strict priority scheme
C. per session using a round-robin scheme
D. per session using a strict priority scheme
E. per GLBP group using a round-robin scheme TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
F. per GLBP group using a strict priority scheme
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 177
When authentication is required, where must 802.1x be configured in order to connect a PC to a
switch?
A. client PC only
B. switch port only
C. switch port and client PC
D. switch port and local router port
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 178
How are STP timers and state transitions affected when a topology change occurs in an STP
environment?
A. All ports will temporarily transition to the learning state for a period equal to the max age timer plus the forward delay interval.
B. All ports will transition temporarily to the learning state for a period equal to the forward delay interval.
C. The default aging time for MAC address entries will be reduced for a period of the max age timer plus the forward delay interval.
D. The default hello time for configuration BDPUs will be reduced for the period of the max age timer.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 179
Refer to the exhibit. VTP has been enabled on the trunk links between all switches within the TEST
domain. An administrator has recently enabled VTP pruning. Port 1 on Switch 1 and port 2 on Switch 4 are
assigned to VLAN 2. A broadcast is sent from the host connected to Switch 1. Where will the broadcast
propagate?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Every switch in the network receives the broadcast and will forward it out all ports.
B. Every switch in the network receives the broadcast, but only Switch 4 will forward it out port 2.
C. Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.
D. Only Switch 4 will receive the broadcast and will forward it out port 2.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 180
Refer to the exhibit. VLAN 1 and VLAN 2 are configured on the trunked links between Switch A and Switch B. Port Fa 0/2 on Switch B is currently in a blocking state for both VLANs. What should be done to load balance VLAN traffic between Switch A and Switch B?
A. Lower the port priority for VLAN 1 on port 0/1 for Switch A.
B. Lower the port priority for VLAN 1 on port 0/2 for Switch A.
C. Make the bridge ID of Switch B lower than the ID of Switch A.
D. Enable HSRP on the access ports.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 181
Refer to the exhibit. Which two problems are the most likely cause of the exhibited output? (Choose
two.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. spanning tree issues
B. HSRP misconfiguration
C. VRRP misconfiguration
D. physical layer issues
E. transport layer issues
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 182
Refer to the exhibit. Initially, LinkA is connected and forwarding traffic. A new LinkB is then attached between SwitchA and HubA. Which two statements are true about the possible result of attaching the second link? (Choose two.)
A. The switch port attached to LinkB will not transistion to up.
B. One of the two switch ports attached to the hub will go into blocking mode when a BPDU is received.
C. Both switch ports attached to the hub will transition to the blocking state.
D. A heavy traffic load could cause BPDU transmissions to be blocked and leave a switching loop.
E. The switch port attached to LinkA will immediately transition to the blocking state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 183
Refer to the exhibit and the partial configuration on routers R1 and R2. Hot Standby Routing Protocol (HSRP) is configured on the network to provide network redundancy for the IP traffic. The network administrator noticed that R2 does not became active when the R1 serial0 interface goes down. What should be changed in the configuration to fix the problem?
A. R2 should be configured with a HSRP virtual address.
B. R2 should be configured with a standby priority of 100.
C. The Serial0 interface on router R1 should be configured with a decrement value of 20.
D. The Serial1 interface on router R2 should be configured with a decrement value of 20.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 184
Refer to the exhibit. Which statement is true about the output?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. The port on switch CAT1 is forwarding and sending BPDUs correctly.
B. The port on switch CAT1 is blocking and sending BPDUs correctly.
C. The port on switch CAT2 is forwarding and receiving BPDUs correctly.
D. The port on switch CAT2 is blocking and sending BPDUs correctly.
E. The port on switch CAT3 is forwarding and receiving BPDUs correctly.
F. The port on switch CAT3 is forwarding, sending, and receiving BPDUs correctly.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 185
Refer to the exhibit. What statement is true based upon the configuration of router R1 and router R2?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Router R1 will become the active virtual gateway.
B. Router R2 will become the active virtual gateway.
C. The hello and hold timers are incompatible with multi-homed BGP.
D. The hello and hold timers are incompatible with OSPF type 5 LSAs.
E. Router R1 will become the master for Virtual Router 1, and router R2 will become the backup for Virtual Router 2.
F. Router R2 will become the master for Virtual Router 1, and router R1 will become the backup for Virtual Router 2.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 186
Refer to the exhibit. The switchport output in Figure 1 displays the default settings of interface
FastEthernet 0/13 on switch SW1. Figure 2 displays the desired interface settings. Which command
sequence would configure interface FastEthernet 0/13 as displayed in Figure 2?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode trunk SW1 (config-if)# switchport trunk native DATA SW1(config-if)# switchport trunk allowed vlan 1,10,20
B. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic auto SW1(config-if)# switchport trunk native DATA SW1(config-if)# witchport trunk allowed vlan add 1,10,20
C. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan DATA SW1(config-if)# switchport trunk allowed vlan 1,10,20
D. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan 10 SW1(config-if)# switchport trunk allowed vlan 1,10,20
E. SW1(config-if)# switchport trunk encapsulation dot1q SW1(config-if)# switchport mode dynamic desirable SW1(config-if)# switchport trunk native vlan 10
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 187
Refer to the exhibit. For what purpose is the command show ip cef used?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. to display rewritten IP unicast packets
B. to display ARP resolution packets
C. to display ARP throttling
D. to display TCAM matches
E. to display CEF-based MLS lookups
F. to display entries in the Forwarding Information Base (FIB)
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 188
Which two statements are true about HSRP, VRRP, and GLBP? (Choose two.)
A. GLBP allows for router load balancing of traffic from a network segment without the different host IP configurations required to achieve the same results with HSRP.
B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple standby groups.
C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not.
D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available gateways.
E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 189
Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been
assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output displayed in the exhibit, which statement is true?
A. HSRP must be configured on SW1.
B. A separate router is required to support interVLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global config command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support interVLAN routing.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 190
Refer to the exhibit and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5 on
switch SW_A complain that they do not have connectivity to the users in VLAN 5 on switch SW_B. What
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside should be done to fix the problem?
A. Configure the same number of VLANs on both switches.
B. Create switch virtual interfaces (SVI) on both switches to route the traffic.
C. Define VLAN 5 in the allowed list for the trunk port on SW_A.
D. Disable pruning for all VLANs in both switches.
E. Define VLAN 5 in the allowed list for the trunk port on SW_B
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 191
What does the Catalyst switch interface configuration command switchport trunk native vlan 7
accomplish?
A. configures the interface to be a trunking port and causes traffic on VLAN 7 to be 802.1q tagged
B. causes the interface to apply ISL framing for traffic on VLAN 7
C. configures the trunking interface to send traffic from VLAN 7 untagged
D. configures the trunking interface to forward traffic from VLAN 7
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
QUESTION 192
Refer to the exhibit. The show port-security interface fa0/1 command was issued on switch SW1.
Given the output that was generated, which two security statement are true? (Choose two.)
A. Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
B. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.
D. When the number of secure IP addresses reaches 10, the interface will immediately shut down.
E. When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an SNMP trap notification will be sent.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: QUESTION 193
Which two statements about the various implementations of STP are true? (Choose two.)
A. Common Spanning Tree maintains a separate spanning-tree instance for each VLAN configured in the network.
B. The Spanning Tree Protocol (STP) is an evolution of the IEEE 802.1w standard.
C. Per-VLAN Spanning Tree (PVST) supports 802.1Q trunking. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
D. Per-VLAN Spanning Tree Plus(PVST+) is an enhancement to 802.1Q specification and is supported only on Cisco devices.
E. Rapid Spanning Tree Protocol (RSTP) includes features equivalent to Cisco PortFast, UplinkFast, and BackboneFast for faster network reconvergence.
F. Multiple Spanning Tree (MST) assumes one spanning-tree instance for the entire Layer 2 network, regardless of the multiple number of VLANs.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 194
Refer to the exhibit and the partial configuration of switch SW_A and SW_B. STP is configured on all
switches in the network. SW_B receives this error message on the console port:
00:06:34:
%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5 (not half
duplex),
with SW_A FastEthernet0/4 (half duplex) ,
with TBA05071417(Cat6K-B) 0/4 (half duplex).
What would be the possible outcome of the problem?
A.
The root port on switch SW_A will automatically transition to full-duplex mode.
B.
The root port on switch SW_B will fallback to full-duplex mode.
C.
The interfaces between switches SW_A and SW_B will transition to a blocking state.
D.
Interface Fa 0/6 on switch SW_B will transition to a forwarding state and create a bridging loop. TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 195
Which two statements are true about BPDU port-guard and BPDU filtering? (Choose two.)
A. BPDU port-guard can be enabled globally, whereas BPDU filtering must be enabled on a per-interface basis.
B. When globally enabled, BPDU port-guard and BPDU filtering apply only to PortFast enabled ports.
C. When globally enabled, BPDU port-guard and BPDU filtering apply only to trunking-enabled ports.
D. When a BPDU is received on a BPDU port-guard enabled port, the interface goes into the err-disabled state.
E. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the err-disabled state.
F. When a BPDU is received on a BPDU filtering enabled port, the interface goes into the STP blocking state.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 196
Refer to the exhibit. Switch 15 is configured as the root switch for VLAN 10 but not for VLAN 20. If the
STP configuration is correct, what will be true about Switch 15?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. All ports will be in forwarding mode.
B. All ports in VLAN 10 will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 197
Refer to the exhibit. Which statement is true?
A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 198
Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1. What are three
reasons why this is not occurring? (Choose three.)
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. Switch P2S1 is in server mode.
B. Switch P1S1 is in transparent mode.
C. The MD5 digests do not match.
D. The passwords do not match.
E. The VTP domains are different.
F. VTP trap generation is disabled on both switches.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 199
Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about
interfaces Fa0/13 and Fa0/14?
TestInside Help You Pass Any IT Exam http://www.TestInside.com Testinside
A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 200
What must be the same to make multiple switches part of the same Multiple Spanning Tree (MST)?
A. VLAN instance mapping and revision number
B. VLAN instance mapping and member list
C. VLAN instance mapping, revision number, and member list
D. VLAN instance mapping, revision number, member list, and timers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Cisco 642-812 exam is a challenging Certification Exam. Besides the books, internet is considered to be a treasure house of knowledge. In Flydumps you can find your treasure house of knowledge. This is a site of great help to you. You will encounter the complex questions in the exam, but Passcert can help you to pass the exam easily. Flydumps Latest Cisco 642-812 dumps includes all the knowledge that must be mastered for the purpose of passing the Cisco 642-812 exam.
Welcome to download the newest Examwind 700-505 dumps: http://www.examwind.com/700-505.html
http://www.alnaba.org/sap-c-hanaimp-1-questions-helpful-sap-c-hanaimp-1-exam-guide-with-new-discount/