Author: newcertskey
Exam A
QUESTION 1
Refer to the components below. Which data center design layer contains these components?
–
Cisco UCS 6100 Fabric Interconnect
–
Cisco Nexus 1000V
–
Cisco UCS 5100 Blade Chassis
A.
the Virtualization layer
B.
the Management layer
C.
the Compute layer
D.
the Services layer
Correct Answer: C
QUESTION 2
Which two options describe virtualized multi-tenancy? (Choose two.)
A. dedicated infrastructure for each tenant
B. shares a common infrastructure between tenants
C. agreement between tenants with rules about sharing DC resources
D. tenants using virtualization technologies to separate from each other
E. data centers using virtualization technologies to separate tenants
Correct Answer: BE
QUESTION 3
Which three statements best describe the Cisco Unified Fabric solution for the data center? (Choose three.)
A. Cisco Nexus 5000 Series Switches provide the capability to consolidate LAN and SAN traffic on a unified fabric over Ethernet.
B. The unified fabric is delivered through technologies such as FCoE and DCB.
C. FCoE allows transmission of Fibre Channel traffic over Ethernet by encapsulating native Fibre Channel frames into GRE and transporting them across the Ethernet network.
D. FCoE allows consolidating Fibre Channel traffic from multiple VSANs into the same Ethernet “Pass Any Exam. Any Time.” – www.actualtests.com 2 Cisco 351-080 Exam VLAN to be transported across the fabric. PFC ensures lossless transport of the FC traffic over Ethernet.
E. PFC allows user priorities to be defined on a single physical link, each of which can have its own logical lane that can be paused independently of the others.
Correct Answer: ABE
QUESTION 4
Cisco Nexus 5000 Series Switches are best positioned at which layer?
A. access layer, as an end-of-row switch for FCIP and iSCSI aggregation
B. distribution layer, with multiples of 10 Gb/s ports
C. access layer, as a top-of-rack switch for server I/O consolidation with FCoE
D. aggregation layer, supporting virtual security and application services
Correct Answer: C
QUESTION 5
Which component of the Cisco Nexus 7010 architecture provides out-of-band management, an always-on microprocessor for disaster recovery, and remote restart capabilities?
A. central arbiter
B. Connectivity Management Processor
C. supervisor engine
D. dedicated service modules
Correct Answer: B
QUESTION 6
Which two Cisco devices form the virtual access layer in the Cisco Data Center Architecture? (Choose two.)
“Pass Any Exam. Any Time.” – www.actualtests.com 3 Cisco 351-080 Exam
A. Cisco Nexus 7000
B. Cisco Nexus 5000
C. Cisco Nexus 1010
D. Cisco Nexus 2000
E. Cisco Nexus 1000V
Correct Answer: CE
QUESTION 7
Which three components does a data center network layer have? (Choose three.)
A. Cisco GSR
B. Cisco CRS-1
C. Cisco Nexus 7000
D. Cisco Nexus 1000V
E. Cisco Nexus 2000
F. Cisco ASR 9000
G. Cisco Nexus 5000
Correct Answer: CEG
QUESTION 8
On a 32-port 10 Gigabit Ethernet module, each set of four ports can handle 10 Gb/s of bandwidth. What can you use the rate-mode parameter for?
A. to limit the speed on any port
B. to dedicate all the group bandwidth to the first port
C. to dedicate all the group bandwidth to the last port
D. to limit the speed on all ports
Correct Answer: B
QUESTION 9
“Pass Any Exam. Any Time.” – www.actualtests.com 4 Cisco 351-080 Exam On a Cisco Nexus 7000, a CoPP can be applied separately to each VDC.
A. True
B. False
Correct Answer: B
QUESTION 10
The persistent storage service (PSS) is used by which function?
A. storage of log files across reloads of the system
B. storage of license files in the backplane EEPROM
C. storage of the process-specific state for stateful process recovery
D. storage of core dump files from crashed processes
Correct Answer: C
Exam A
QUESTION 1
Lafeyette Productions is looking for a new ISP that has improved availability, load balancing, and catastrophe protection. Which type of ISP connectivity solution would be best?
A. single run
B. multi-homed
C. stub domain EBGP
D. direct BGP peering
Correct Answer: B
QUESTION 2
NetFlow provides valuable information about network users and applications, peak usage times, and traffic routing. Which function is of NetFlow?
A. monitor configuration changes
B. monitor CPU utilization
C. monitor link utilization
D. generate traps for failure conditions
Correct Answer: C
QUESTION 3
The P4S company is deploying OSPF on a point-to-multipoint Frame Relay network. The remote sites needn??t to communicate with each other and there are a relatively small number of sites (scaling is not a concern). How to configure OSPF for this topology in order to minimize the additional routing information injected into the network and keep the configuration size and complexity to a minimum?
A. Configure the link as OSPF nonbroadcast and manually configure each of the remote sites as a neighbor.
B. Configure the link as OSPF broadcast and configure the hub router to always be the designated router.
C. Configure the link as OSPF broadcast and configure a mesh group towards the remote routers.
D. Configure the link at the hub router as OSPF point-to-multipoint and at the remote routers as OSPF point-to-point.
Correct Answer: B
QUESTION 4
What is high availability?
A. redundant infrastructure
B. clustering of computer systems
C. reduced MTBF
D. continuous operation of computing systems
Correct Answer: D
QUESTION 5
What is the way that an OSPF ABR uses to prevent summary route information from being readvertised from an area into the network core (Area 0)?
A. It advertises only inter-area summaries to the backbone.
B. It uses poison reverse and split horizon.
C. It only sends locally originated summaries to the backbone.
D. It compares the area number on the summary LSA to the local area.
Correct Answer: C
QUESTION 6
Connecting an IS-IS router to four links and redistributing 75 routes from RIP. How many LSPs will be originated by this router?
A. one LSP: containing the router information, internal routes, and external routes
B. six LSPs: one for each link, one containing router information, and one containing external routing information
C. two LSPs: one containing router information and internal routes and one containing external routes
D. three LSPs: one containing all links, one containing router information, and one containing external routing information
Correct Answer: A
QUESTION 7
According to the network in this exhibit, traffic directed towards 10.1.5.1 arrives at P4S-R4. Which path will the traffic take from here?
A. It will take P4S-R2.
B. It will not take any path. P4S-R4 will drop the traffic.
C. It will take P4S-R3.
D. It will load share between P4S-R2 and P4S-R3.
Correct Answer: A
QUESTION 8
You are the Cisco Network Designer in P4S. Which two characteristics are most typical of a SAN? (Choose two.)
A. NICs are used for network connectivity.
B. Servers request specific blocks of data.
C. Storage devices are directly connected to servers.
D. A fabric is used as the hardware for connecting servers to storage devices.
Correct Answer: BD
QUESTION 9
The IGP next-hop reachability for a BGP route is lost but a default route is available. Assuming that BGP connectivity is maintained, what will happen to the BGP route?
A. It will be put in a hold-down state by BGP until the next hop has been updated.
B. It will be removed from the BGP table.
C. It will be considered a valid route.
D. It will be considered invalid for traffic forwarding.
Correct Answer: C
QUESTION 10
In the network presented in the following exhibit, all routers are configured to perform EIGRP on all interfaces. All interface bandwidths are set to 1000, and the delays are configured as displayed. In the topology table at Router P4S-RC, you see only one path towards 10.1.1.0/24. Why Router P4S-RC only has one path in its topology table?
A. Router P4S-RB is not advertising 10.1.1.0/24 to Router P4S-RC due to split horizon.
B. Router P4S-RD is not advertising 10.1.1.0/24 to Router P4S-RC because Router P4S-RC is its feasible successor.
C. Router P4S-RD is not advertising 10.1.1.0/24 to Router P4S-RC due to split horizon.
D. Router P4S-RB is not advertising 10.1.1.0/24 to Router P4S-RC because Router P4S-RC is its feasible successor.
Correct Answer: C
Exam A
QUESTION 1
You have two Nokia Appliances one IP530 and one IP380. Both Appliances have IPSO 39 and VPN-1 Pro NGX installed in a distributed deployment Can they be members of a gateway cluster?
A. No, because the Gateway versions must not be the same on both security gateways
B. Yes, as long as they have the same IPSO version and the same VPN-1 Pro version
C. No, because members of a security gateway cluster must be installed as stand-alone deployments
D. Yes, because both gateways are from Nokia, whether they have the same VPN-1 PRO version or not
E. No, because the appliances must be of the same model (Both should be IP530orIP380.)
Correct Answer: B
QUESTION 2
You want VPN traffic to match packets from internal interfaces. You also want the traffic to exit the Security Gateway, bound for all site-to-site VPN Communities, including Remote Access Communities. How should you configure the VPN match rule?
A. Internal_clear>- All_GwToGw
B. Communities >- Communities
C. Internal_clear>- External_Clear
D. Internal_clear>- Communitis
E. Internal_clear>-All_communitis
Correct Answer: E
QUESTION 3
Review the following rules and note the Client Authentication Action properties screen, as shown in the exhibit.
After being authenticated by the Security Gateway when a user starts an HTTP connection to a Web site
the user tries to FTP to another site using the command line. What happens to the user?
The….
A. FTP session is dropprd by the implicit Cleanup Rule.
B. User is prompted from the FTP site only, and does not need to enter username nad password for the Client Authentication.
C. FTP connection is dropped by rule 2.
D. FTP data connection is dropped, after the user is authenticated successfully.
E. User is prompted for authentication by the Security Gateway again.
Correct Answer: B
QUESTION 4
After being authenticated by the Security Gateway, When a user starts an HTTP connection to a Web site, the user tries to FTP to another site using the command line. What happens to the user? The:
A. FTP session is dropped by the implicit Cleanup Rule
B. user is prompted from that FTP site on~, and does not need to enter username and password for Client Authentication
C. FTP connection is dropped by rule2
D. FTP data connection is dropped, after the user is authenticated successfully
E. User is prompted for authentication by the Security Gateway aqain
Correct Answer: B
QUESTION 5
You want to upgrade a SecurePlatform NG with Application Intelligence (AI) R55 Gateway to SecurePlalform NGX R60 via SmartUpdate. Which package is needed in the repository before upgrading?
A. SVN Foundation and VPN-1 Express/Pro
B. VPN-1 and FireWall-1
C. SecurePlalform NGX R60
D. SVN Foundation
E. VPN-1 ProfExpress NGX R60
Correct Answer: C
QUESTION 6
What is the command to see the licenses of the Security Gateway Certkiller from your SmartCenter Server?
A. print Certkiller
B. fw licprint Certkiller
C. fw tab -t fwlic Certkiller
D. cplic print Certkiller
E. fw lic print Certkiller
Correct Answer: D
QUESTION 7
You set up a mesh VPN Community, so your internal network can access your partners network, and vice versa . Your Security Policy encrypts only FTP and HTTP traffic through a VPN tunnel. All traffic among your internal and partner networks is sent in clear text. How do you configure VPN Community?
A. Disable ‘accept all encrypted traffic’, and put FTP and http in the Excluded services in the Community object Add a rule in the Security Policy for services FTP and http, with the Community object in the VPN field
B. Disable “accept all encrypted traffic” in the Community, and add FTP and http services to the Security Policy, with that Community object in the VPN field
C. Enable “accept all encrypted traffic”, but put FTP and http in the Excluded services in the Community. Add a rule in the Security Policy with services FTP and http, and the Community object in theVPN field
D. Put FTP and http in the Excluded services in the Community object Then add a rule in the Security Policy to allow any as the service, with the Community object in the VPN field
Correct Answer: B
QUESTION 8
Ophelia is the security Administrator for a shipping company. Her company uses a custom application to update the distribution database. The custom application includes a service used only to notify remote sites that the distribution database is malfunctioning. The perimeter Security Gateways Rule Base includes a rule to accept this traffic. Ophelia needs to be notified, via atext message to her cellular phone, whenever traffic is accepted on this rule. Which of the following options is MOST appropriate for Ophelia’s requirement?
A. User-defined alert script
B. Logging implied rules
C. SmartViewMonitor
D. Pop-up API
E. SNMP trap
Correct Answer: A QUESTION 9
You are reviewing SmartView Tracker entries, and see a Connection Rejection on a Check Point QoS rule. What causes the Connection Rejection?
A. No QoS rule exists to match the rejected traffic
B. The number of guaranteed connections is exceeded. The rule’s action properties are not set to accept additional connections
C. The Constant Bit Rate for a Low Latency Class has been exceeded by greater than 10%, and the Maximal Delay is set below requirements
D. Burst traffic matching the Default Rule is exhausting the Check Point QoS global packet buffers
E. The guarantee of one of the rule’s sub-rules exceeds the guarantee in the rule itself
Correct Answer: B
QUESTION 10
Choose the BEST sequence for configuring user management on Smart Dash board, for use with an LDAP server
A. Enable LDAP in Global Properties, configure a host-node object for the LDAP Server, and configure a server object for the LDAP Account Unit
B. Configure a workstation object for the LDAP server, configure a server object for the LDAP Account Unit, and enable LDAP in Global Properties
C. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP server using an OPSEC application
D. Configure a server object for the LDAP Account Unit, enable LDAP in Global Properties, and create an LDAP resource object
E. Configure a server object for the LDAP Account Unit, and create an LDAP resource object
Correct Answer: A
Exam A
QUESTION 1
Which of the following can function as a Management Server for a VSX Gateway?
A. Check Point Integrity
B. SiteManager-1 NGX: Multi-Domain Server
C. Security Management Portal
D. VPN-1/FireWall-1 Small Office
E. Provider-1 NGX: Multi-Domain Server
Correct Answer: E
QUESTION 2
You are configuring source-based routing in a VSX Gateway deployment with both External and Internal Virtual Routers. Which of the following functions cannot be configured for the Virtual Systems?
A. Virtual System clustering
B. Anti-spoofing measures
C. Network Address Translation
D. Remote access VPNs
E. Intranet VPNs
Correct Answer: B
QUESTION 3
During MDS installation, you must configure at least one VSX Administrator. After creating the Administrator, you are prompted to perform which task?
A. Grant VSX-specific privileges to the Administrator
B. Assign the Administrator to manage a specific Virtual System
C. Add the Administrator to a group
D. Assign the Administrator to manage a specific interface on the VSX Gateway
E. Assign the Administrator to manage a specific CMA
Correct Answer: C
QUESTION 4
In a VSX Gateway cluster, which of the following objects are available by default as installation targets for the Management Virtual System?
A. Individual Management Virtual Systems (MVS) for each cluster member
B. MVS cluster object
C. Individual External Virtual Routers for each cluster member
D. Virtual Switch cluster object
E. Individual Virtual Switch Members
Correct Answer: B
QUESTION 5
Which of the following MDS types allows you to create and manage a VSX Gateway?
A. MDS CLM
B. MDS Manager station
C. MDS VSX Integrator
D. MDS MLM
E. MDS Manager + Container station
Correct Answer: E
QUESTION 6
What are the two levels of VSX Gateway clustering?
A. INSPECT and database level
B. Database and VSX Gateway levels
C. Virtual device and database levels
D. INSPECT and configuration levels
E. Virtual device and VSX Gateway levels
Correct Answer: E
QUESTION 7
When deploying a VSX Gateway managed by a SmartCenter Server, which of the following statements is TRUE?
A. VSX Administrators can configure different domains for each Virtual System.
B. Multiple Administrators can simultaneously connect to the same database, to manage multiple Customers.
C. All Customer objects, rules, and users are shared in a single database.
D. Each Virtual System has its own unique Certificate Authority.
E. VSX superuser Administrators can configure granular permissions for each Customer Administrator.
Correct Answer: C
QUESTION 8
What is the difference between Single-Context and Multi-Context processes?
A. Single-Context processes are implemented in standard firewall deployments, while only Multi-Context processes are implemented in VSX Gateway deployments.
B. Single-Context processes are shared between VSX Gateways in an HA configuration, while Multi-Context processes are shared between VSX Gateways in a Load Sharing environment.
C. Single-Context processes are ones in which all Virtual Systems share, while Multi-Context processes are unique to each Virtual System.
D. Single-Context processes are implemented in a single VSX Gateway environment, while Multi-Context processes are only implemented in VSX Gateway High Availability (HA).
E. Single-Context processes are unique to each Virtual System on a Gateway, while Multi-Context processes are ones in which all Virtual Systems share.
Correct Answer: E
QUESTION 9
A Warp Link is a virtual point-to-point connection between a:
A. Virtual Router and Virtual System.
B. Virtual Router and Virtual Switch.
C. Virtual System and the management interface.
D. Virtual Router and a physical interface.
E. Virtual System and another Virtual System.
Correct Answer: A
QUESTION 10
Which of the following statements is true concerning the default Security Policy of the External Virtual Router?
A. The External Virtual Router automatically performs Hide NAT behind its external interface for all Virtual Systems connected to it.
B. The default Policy of the External Virtual Router denies all traffic going to or coming from it.
C. The default policy of the External Virtual Router cannot be changed.
D. All traffic coming from networks protected by a VSX Gateway is accepted. All other traffic is dropped.
E. The External Virtual Router always enforces the same Policy as the Management Virtual System.
Correct Answer: B
Exam A
QUESTION 1
VSX clusters are defined at two levels:
A. VSX cluster and physical device
B. VSX cluster and virtual device
C. VSX Gateway and physical device
D. VSX cluster and VSX Gateway
E. VSX Gateway and Virtual device
Correct Answer: E
QUESTION 2
What is the term used to describe a port or interface that shares traffic from more than one VLAN?
A. VLAN riding
B. VLAN trunking
C. Frame-Strata enabled
D. Comprehensive Layer-2 label support
E. Comprehensive VLAN Tag support
Correct Answer: B
QUESTION 3
TRUE or FALSE. A Virtual System in Bridge Mode can enforce anti-spoofing definitions.
A. False, anti-spoofing can’t be configured for Virtual systems in Bridge Mode
B. True, as long as the Virtual System has more than two interfaces defined
C. True, anti-spoofing must be manually defined in bridge mode
D. True, as long as Network Address Translation is performed
E. True, anti-spoofing measures are defined automatically is Bridge mode
Correct Answer: C
QUESTION 4
The ____________ interface is configured in a VLAN environment, to allow multiple Virtual systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Warp
C. Symbolic
D. Virtual
E. Physical
Correct Answer: D
QUESTION 5
At installation, the __________ is bound to all configured physical interfaces of a VSX Gateway, UNLESS the interfaces are specifically assigned to another component.
A. VSX Management Server
B. Synchronization Network
C. Internal Virtual Router
D. External Virtual Router
E. Management Virtual System
Correct Answer: E
QUESTION 6
The provisioning and network configuration channel does NOT:
A. Create Virtual Systems and Virtual Routers on a Gateway
B. Install Administrator defined Security Policies
C. Install a default Security Policy blocking all traffic
D. Create a SCI Certificate for new objects and transfer the Certificate to an object on the VSX Gateway
E. Configure interface and routing information on the Gateway
Correct Answer: B
QUESTION 7
Which of the following is a type of VLAN membership?
A. Port-based
B. Time-based
C. Session-based
D. Protocol-based
E. Application-based
Correct Answer: D
QUESTION 8
Which of the following is NOT a type of physical interface seen in a VSX Gateway?
A. Dedicated management
B. Synchronization
C. External
D. Internal
E. Warp
Correct Answer: E
QUESTION 9
A Virtual System in Bridge Mode is a Virtual System that implements:
A. Dynamic IP Routing
B. Network Address Translation
C. IP Routing
D. Native Layer-2 Communications
E. VLAN Tagging
Correct Answer: D
QUESTION 10
Which of the following virtual devices will NOT fail over, if its interface fails in a VSX High Availability configuration?
A. Management Virtual System Interfaces
B. External Virtual Router
C. Virtual Switch
D. Virtual System with VLAN Interfaces
E. Virtual System with dedicated interfaces
Correct Answer: C QUESTION 11
The _____________ interface is configured in a VLAN environment, to allow multiple Virtual Systems to share a single physical interface on a VSX Gateway.
A. Synchronization
B. Symbolic
C. Warp
D. Physical
E. Virtual
Correct Answer: E