Home » Uncategorized

Category Archives: Uncategorized

Cisco Exam Dumps

Latest Cisco CCNA dumps

Latest Cisco DevNet dumps

Latest Cisco CCNP dumps

Latest Cisco CCIE dumps

Latest Cisco CCDE dumps

Latest Cisco Special dumps

All Cisco dumps

NSE4_FGT-7.0 Dumps Updated Valid Fortinet NSE 4 – FortiOS 7.0 Preparation Material

Effective preparation for the Fortinet NSE 4 – FortiOS 7.0 exam will do more with less. Test takers choose a valid Fortinet NSE 4 – FortiOS 7.0 preparation material to prepare for the NSE4_FGT-7.0 exam to advance their careers. We have updated the valid NSE4_FGT-7.0 dumps to help you prepare for the exam.

Our NSE4_FGT-7.0 dumps page: https://www.pass4itsure.com/nse4_fgt-7-0.html has NSE4_FGT-7.0 PDFs and software to help you thoroughly learn all the questions and answers.

Passing the NSE4_FGT-7.0 exam requires selecting appropriate study materials to prepare for the exam.

NSE4_FGT-7.0 Fortinet exam do you have to pass?

The Fortinet NSE 4—FortiOS 7.0 exam is part of the NSE 4 Cybersecurity Professional Program and recognizes successful candidates’ knowledge and expertise in FortiGate. If you want to be certified, you must pass successfully.

What should I pay attention to for the Fortinet NSE 4 – FortiOS 7.0 exam?

Exam name: Fortinet NSE 4—FortiOS 7.0
Exam series: NSE4_FGT-7.0
Time allowed: 105 minutes
Exam questions: 60 multiple-choice questions
Language: English and Japanese
Product version: FortiOS 7.0
Official resources:
NSE 4 FortiGate Security 7.0
NSE 4 FortiGate Infrastructure 7.0
FortiOS 7.0—Administration Guide
FortiOS 7.0—New Features Guide
Prepare resources efficiently: Pass4itSure NSE4_FGT-7.0 Dumps

The above is some basic knowledge about Fortinet NSE 4 – FortiOS 7.0 exam, you must know, then you need to find good preparation materials to practice.

Where can I get NSE4_FGT-7.0 dumps to prepare for the exam?

Pass4itSure NSE4_FGT-7.0 dumps are the right choice for you. The current NSE4_FGT-7.0 dumps in Pass4itSure are real, which can be the key to easily passing the Fortinet NSE 4 – FortiOS 7.0 exam.

Free NSE4_FGT-7.0 exam questions answers

QUESTION # 1

FortiGuard categories can be overridden and defined in different categories. To create a web rating override for example.com home page, the override must be configured using a specific syntax. Which two syntaxes are correct to configure web rating for the home page? (Choose two.)

A. www.example.com:443
B. www.example.com
C. example.com
D. www.example.com/index.html

Correct Answer: BD

QUESTION # 2

Which two statements about IPsec authentication on FortiGate are correct? (Choose two.)

A. For a stronger authentication, you can also enable extended authentication (XAuth) to request the remote peer to provide a username and password
B. FortiGate supports pre-shared key and signature as authentication methods.
C. Enabling XAuth results in faster authentication because fewer packets are exchanged.
D. A certificate is not required on the remote peer when you set the signature as the authentication method.

Correct Answer: BD

Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/913287/ipsec-vpn-authenticatingaremotefortigate-peer-with-a-pre-shared-key

QUESTION # 3

Refer to the exhibit.

The Root and To_Internet VDOMs are configured in NAT mode. The DMZ and Local VDOMs are
configured in transparent mode. The Root VDOM is the management VDOM. The To_Internet VDOM allows LAN users to access the internet.

The To_lnternet VDOM is the only VDOM with internet access and is directly connected to the ISP modem.
Which two statements are true? (Choose two.)

A. Inter-VDOM links are required to allow traffic between the Local and Root VDOMs.
B. A static route is required on the To_Internet VDOM to allow LAN users to access the internet.
C. Inter-VDOM links are required to allow traffic between the Local and DMZ VDOMs.
D. Inter-VDOM links are not required between the Root and To_Internet VDOMs because the Root VDOM is used only as a management VDOM.

Correct Answer: AD

QUESTION # 4

Which statements about the firmware upgrade process on an active-active HA cluster are true? (Choose two.)

A. The firmware image must be manually uploaded to each FortiGate.
B. Only secondary FortiGate devices are rebooted.
C. Uninterruptable upgrade is enabled by default.
D. Traffic load balancing is temporally disabled while upgrading the firmware.

Correct Answer: CD

QUESTION # 5

A FortiGate is operating in NAT mode and configured with two virtual LAN (VLAN) sub-interfaces added to the physical interface. Which statements about the VLAN sub-interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.

A. The two VLAN sub-interfaces can have the same VLAN ID, only if they have IP addresses in different subnets.
B. The two VLAN sub-interfaces must have different VLAN IDs.
C. The two VLAN sub-interfaces can have the same VLAN ID, only if they belong to different VDOMs.
D. The two VLAN sub-interfaces can have the same VLAN ID, only if they have IP addresses in the same subnet.

Correct Answer: B

FortiGate_Infrastructure_6.0_Study_Guide_v2-Online.pdf ?gt; page 147 “Multiple VLANs can coexist in the same physical interface, provide they have different VLAN ID”

QUESTION # 6

By default, FortiGate is configured to use HTTPS when performing live web filtering with FortiGuard
servers. Which two CLI commands will cause FortiGate to use an unreliable protocol to communicate with
FortiGuard servers for live web filtering? (Choose two.)

A. set fortiguard anycast disable
B. set protocol UDP
C. set web filter-force-off to disable
D. set web filter-cache to disable

Correct Answer: AC

QUESTION # 7

Refer to the exhibit, which contains a radius server configuration.

An administrator added a configuration for a new RADIUS server. While configuring, the administrator selected the Include in every user group option. What will be the impact of using Include in every user group option in a RADIUS configuration?

A. This option places the RADIUS server and all users who can authenticate against that server, into every FortiGate user group.
B. This option places all FortiGate users and groups required to authenticate into the RADIUS server, which, in this case, is FortiAuthenticator.
C. This option places all users into every RADIUS user group, including groups that are used for the LDAP server on FortiGate.
D. This option places the RADIUS server, and all users who can authenticate against that server, into every RADIUS group.

Correct Answer: A

QUESTION # 8

Refer to the exhibit.

The exhibits show a network diagram and the explicit web proxy configuration. In the command diagnose sniffer packet, what filter can you use to capture the traffic between the client and the explicit web proxy?

A. host 192.168.0.2 and port 8080\\' B.host 10.0.0.50 and port 80\’
C. host 192.168.0.1 and port 80\\' D.host 10.0.0.50 and port 8080\’

Correct Answer: A

QUESTION # 9

Which three criteria can a FortiGate use to look for a matching firewall policy to process traffic? (Choose three.)

A. Source is defined as Internet Services in the firewall policy.
B. Destination is defined as Internet Services in the firewall policy.
C. Highest to lowest priority defined in the firewall policy.
D. Services defined in the firewall policy.
E. Lowest to the highest policy ID number.

Correct Answer: ABD

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD47435

QUESTION # 10

Refer to the exhibit.

The exhibit contains a network diagram, firewall policies, and a firewall address object configuration. An
administrator created a Deny policy with default settings to deny Webserver access for Remote- user2.
Remote-user2 is still able to access Webserver.

Which two changes can the administrator make to deny Webserver access for Remote-User2? (Choose
two.)

A. Disable match-VIP in the Deny policy.
B. Set the Destination address as Deny_IP in the Allow-access policy.
C. Enable match VIP in the Deny policy.
D. Set the Destination address as Web_server in the Deny policy.

Correct Answer: AB

QUESTION # 11

Which two protocol options are available on the CLI but not on the GUI when configuring an SD-WAN Performance SLA? (Choose two.)

A. DNS
B. ping
C. UDP-echo
D. TWAMP

Correct Answer: AC

QUESTION # 12

In an explicit proxy setup, where is the authentication method and database configured?

A. Proxy Policy
B. Authentication Rule
C. Firewall Policy
D. Authentication scheme

Correct Answer: D

QUESTION # 13

What devices form the core of the security fabric?

A. Two FortiGate devices and one FortiManager device
B. One FortiGate device and one FortiManager device
C. Two FortiGate devices and one FortiAnalyzer device
D. One FortiGate device and one FortiAnalyzer device

Correct Answer: C

Reference: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/425100/components

Download the NSE4_FGT-7.0 dumps (free) address https://drive.google.com/file/d/1q1QpJio3epd-Zbhe2rCE5UR9yLrn1Lh9/view?usp=sharing

More questions NSE4_FGT-7.0 exam on this website.

Fortinet NSE6_FWB-6.1 certification became a royal road for you

Everyone wants IT certification to be their own king. What can be done for Fortinet NSE6_FWB-6.1 certification? First, you need to select the reliable Fortinet NSE6_FWB-6.1 exam dumps >>> https://www.pass4itsure.com/nse6_fwb-6-1.html to get the latest NSE6_FWB-6.1 practice questions.

Second, you’ll need to step up your exercises and practice the NSE6_FWB-6.1 exam exercise questions you get from the NSE6_FWB-6.1 dumps multiple times>>>The following will share some free ones, including PDF format.

Some free Fortinet NSE6_FWB-6.1 practice test

QUESTION 1

Which of the following would be a reason for implementing rewrites?

A. Page has been moved to a new URL
B. Page has been moved to a new IP address
C. Replace vulnerable functions.
D. Send connection to secure channel

QUESTION 2

What can an administrator do if a client has been incorrectly Period Blocked?

A. Disconnect the client from the network
B. Manually release the IP from the temporary Blacklist
C. Nothing, it is not possible to override a Period Block
D. Force a new IP address to the client.

QUESTION 3

How does an ADOM differ from a VDOM?

A. ADOMs do not have virtual networking
B. ADOMs improve performance by offloading some functions.
C. ADOMs only affect specific functions and do not provide full separation as VDOMs do.
D. Allows you to have 1 administrator for multiple tenants

QUESTION 4

What capability can FortiWeb add to your Web App that your Web App may or may not already have?

A. Automatic backup and recovery
B. High Availability
C. HTTP/HTML Form Authentication
D. SSL Inspection

QUESTION 5

You are deploying FortiWeb 6.0 in an Amazon Web Services cloud. Which 2 lines of this initial setup via CLI are
incorrect? (Choose two.)

NSE6 FWB-6.1 q5

A. 6
B. 9
C. 3
D. 2

QUESTION 6

Which of the following is true about Local User Accounts?

A. Must be assigned regardless of any other authentication
B. Can be used for Single Sign-On
C. Can be used for site publishing
D. Best suited for large environments with many users

QUESTION 7

What other considerations must you take into account when configuring Defacement protection

A. Use FortiWeb to block SQL Injections and keep regular backups of the Database
B. Also incorporate a FortiADC into your network
C. None. FortiWeb completely secures the site against defacement attacks
D. Configure the FortiGate to perform Anti-Defacement as well

QUESTION 8

A client is trying to start a session from a page that should normally be accessible only after they have
logged in. When a start page rule detects invalid session access, what can FortiWeb do? (Choose three.)

A. Reply with a “403 Forbidden” HTTP error
B. Allow the page access but log the violation
C. Automatically redirect the client to the login page
D. Display an access policy message, then allow the client to continue, redirecting them to their requested page
E. Prompt the client to authenticate

QUESTION 9

When generating a protection configuration from an auto-learning report what critical step must you do before
generating the final protection configuration?

A. Restart the FortiWeb to clear the caches
B. Drill down in the report to correct any false positives.
C. Activate the report to create t profile
D. Take the FortiWeb offline to apply the profile

QUESTION 10

In Reverse proxy mode, how does FortiWeb handle the traffic that does not match any defined policies?

A. Non-matching traffic is allowed
B. non-Matching traffic is held in the buffer
C. Non-matching traffic is Denied
D. Non-matching traffic is rerouted to FortiGate

QUESTION 11

Under what circumstances would you want to use the temporary uncompress feature of FortiWeb?

A. In the case of compression being done on the FortiWeb, to inspect the content of the compressed file
B. In the case of the file being a .MP3 music file
C. In the case of compression is done on the webserver, inspect the content of the compressed file.
D. In the case of the file being an .MP4 video

QUESTION 12

Which of the following FortiWeb features is part of the mitigation tools against OWASP A4 threats?

A. Sensitive info masking
B. Poison Cookie detection
C. Session Management
D. Brute Force blocking

QUESTION 13

When the FortiWeb is configured in Reverse Proxy mode and the FortiGate is configured as a SNAT device, what IP
address will the FortiGate\’s Real Server configuration point at?

A. Virtual Server IP on the FortiGate
B. Server\’s real IP
C. FortiWeb\’s real IP
D. IP Address of the Virtual Server on the FortiWeb

The answer is posted here:

q1q2q3q4q5q6q7q8q9q10q11q12q13
ABDDACADABCBCCCA

Fortinet NSE6 FWB-6.1 exam dumps PDF [google drive] replace

Fortinet NSE 6 – FortiWeb 6.1 exam dumps pdf free https://drive.google.com/file/d/1nKNRSYb9QQue7GKfPSO3qXMbmf2jWF0E/view?usp=sharing

If you want to study calmly and succeed, the NSE6_FWB-6.1 exam dumps learning material PDF is indispensable. You have an interesting learning style.

Pass4itSure provides the best quality and truest NSE6_FWB-6.1 learning materials.

You’ll be happy to choose these NSE6_FWB-6.1 exam dumps for your NSE6_FWB-6.1 exam preparation>>> https://www.pass4itsure.com/nse6_fwb-6-1.html Come and make your IT certification one of your kings. Passed this certification for the first time!

Complete the Huawei H35-660 exam successfully with the H35-660 practice test

If the Huawei H35-660 certification exam is the perfect test, the H35-660 practice test is the perfect way to pass the exam. The H35-660 practice test helps you demonstrate your knowledge and proficiency.

Obtaining a new H35-660 practice test is a boring process, and sometimes people cannot find the most probable H35-660 practice test. But you don’t need to worry, because here you can save your time and provide the latest H35-660 exam dumps practice test: https://www.pass4itsure.com/h35-660.html (PDF + VCE).

Share one: Huawei H35-660 exam test PDF

Huawei H35-660 exam PDF free https://drive.google.com/file/d/1YiCn90FuIJWG_L05wvyAoL5Ut6cJBjeK/view?usp=sharing

Share again: Huawei H35-660 practice test q1-q13

Huawei H35-660 practice test q1-q13 questions and answers online

QUESTION 1 #

During 5G Standardization, which of the following is the SA (standalone) architecture developed in? -SC

A. Phase1.2
B. Phase 2.1
C. Phase 2.2
D. Phase 1.1

QUESTION 2

With the network slicing technology, operators can increase revenue and reduce expenditure, opening up more service
scenarios.

A. True
B. False

QUESTION 3

Which of the fowling is a solution for 5G to switch uplink transmission to the sub -3 GHz low-frequency band. Effectively compensating for insufficient uplink coverage of the C – Band? _SC

A. UL and DL decoupling
B. Carrier aggregation
C. Duplex technology
D. Multiple access technique

QUESTION 4

Which of the following is not an advantage of a thin client in the cloud X service?

A. Easy deployment and management
B. Efficient storage
C. Mobile
D. Low cost

QUESTION 5

5G can achieve reliable and controllable 5A ubiquitous communication between humans, between humans and things,
between things Other than “anytime” and “Anywhere”. Which other three options are part of the 5G concept?

A. Anyone
B. Anyhow
C. Any device
D. Anything

QUESTION 6

Which of the following services is the most suitable for terminals to implement DRX?_ SC

A. VR gaming
B. Automated driving
C. Video on-live
D. Intelligent meter reading

QUESTION 7

With control and user plane separation (CUPS) on the core network, the user can be moved closer to users to reduce
transmission delay.

A. True
B. False

QUESTION 8

Which of the following key technologies is used to improve data transmission reliability and reduce retransmission
caused by data transmission errors, thereby indirectly improving spectral efficiency? _SC

A. F-OFDMA //
B. High-order modulation
C. Channel codding
D. Massive MIMO

QUESTION 9

which of the following chips is the world\\’s first commercial single-chip multi-mode (2g/3g/4g/5g)5g modem? _SC

A. Balog 5000
B. 5X50/X55
C. CXMM-8160
D. Exynos 5510

QUESTION 10

Which of the following is the key 5G capability required by monitoring applications such as connected intelligent infusion in smart healthcare?

A. Low-power small-packet transmission.
B. Wireless ultra-broadband access.
C. Anytime, anywhere wireless
D. Contiguous coverage

QUESTION 11

Compared with traditional plat preservation which of the following advantages does drone-based plant preservation
have?_ MC

A. higher efficiency than manual operations
B. 30% less medicine is used, saving water and protecting the environment.
C. precise operation
D. high security due to man-machine separation

QUESTION 12

Which of the following coding schemes is predominantly used for traffic channels in 5G?

A. parlor code
B. turbo coding
C. convolutional code
D. LDPC

QUESTION 13

Which of the following is the 5G IoV alliance organization?

A. OTSA
B. X.lab
C. 5GAA
D. 3GPP

Post the answer:

Q1Q2Q3Q4Q5Q6Q7Q8Q9Q10Q11Q12Q13
AAABABCDDACAAABCDDC

With Pass4itSure’s updated H35-660 practice test, you have a great opportunity to pass the exam. The updated H35-660 dumps practice test https://www.pass4itsure.com/h35-660.html 100% pass guarantee.

Pass4itSure has more than a lot of satisfied customers. In addition, through H35-660 dumps, you can also get 365 days of free updates. You can also choose the H35-660 dumps pdf simulation download demo with the latest H35-660 pdf test questions: https://drive.google.com/file/d/1YiCn90FuIJWG_L05wvyAoL5Ut6cJBjeK/view?usp=sharing

[2021.7] CyberArk CAU201 practice test, CyberArk CAU201 pdf share,100% free

Free share latest CyberArk CAU201 pdf, CyberArk CAU201 practice questions! Select Pass4itSure CyberArk CAU201 dumps https://www.pass4itsure.com/cau201.html (Updated: Jul 19, 2021) complete CAU201 dumps practice exam questions and answers. Wish you success!

CyberArk CAU201 Practice Test Q1-Q13 Free Online

QUESTION 1
PSM for Windows (previously known as “RDP Proxy”) supports connections to the following target systems
A. Windows
B. UNIX
C. Oracle
D. All of the above
Correct Answer: A
Reference: https://knowhow.tajco-group.com/knowledge-base/using-a-standard-rdp-client-application/


QUESTION 2
Which onboarding method would you use to integrate CyberArk with your accounts provisioning process?
A. Accounts Discovery
B. Auto Detection
C. Onboarding RestAPI functions
D. PTA Rules
Correct Answer: B

QUESTION 3
All of your Unix root passwords are stored in the safe UnixRoot. Dual control is enabled for some of the accounts in that
safe. The members of the AD group UnixAdmins need to be able to use the show, copy, and connect buttons on those
passwords at any time without confirmation. The members of the AD group OperationsStaff need to be able to use the
show, copy and connect buttons on those passwords on an emergency basis, but only with the approval of a member of
OperationsManagers. The members of OperationsManagers never need to be able to use the show, copy or connect
buttons themselves.
Which safe permissions do you need to grant to OperationsStaff? Check all that apply.
A. Use Accounts
B. Retrieve Accounts
C. List Accounts
D. Authorize Password Requests
E. Access Safe without Authorization
Correct Answer: A

QUESTION 4
What is the primary purpose of Dual Control?
A. Reduced risk of credential theft
B. More frequent password changes
C. Non-repudiation (individual accountability)
D. To force a \\’collusion to commit\\’ fraud ensuring no single actor may use a password without authorization.
Correct Answer: D
 
QUESTION 5
If a password is changed manually on a server, bypassing the CPM, how would you configure the account so that the
CPM could resume management automatically?
A. Configure the Provider to change the password to match the Vault\\’s Password
B. Associate a reconcile account and configure the platform to reconcile automatically.
C. Associate a logon account and configure the platform to reconcile automatically.
D. Run the correct auto detection process to rediscover the password.
Correct Answer: B
 
QUESTION 6
By default, members of which built-in groups will be able to view and configure Automatic Remediation and Session
Analysis and Response in the PVWA?
A. Vault Admins
B. Security Admins
C. Security Operators
D. Auditors
Correct Answer: B
 
QUESTION 7
Which of the following Privileged Session Management solutions provide a detailed audit log of session activities?
A. PSM (i.e., launching connections by clicking on the “Connect” button in the PVWA)
B. PSM for Windows (previously known as RDP Proxy)
C. PSM for SSH (previously known as PSM SSH Proxy)
D. All of the above
Correct Answer: A
 
QUESTION 8
What is the purpose of the HeadStartInterval setting in a platform?
A. It determines how far in advance audit data is collected for reports.
B. It instructs the CPM to initiate the password change process X number of days before expiration.
C. It instructs the AIM Provider to `skip the cache\\’ during the defined time period.
D. It alerts users of upcoming password changes x number of days before expiration.
Correct Answer: B
 
QUESTION 9
Select the best practice for storing the Master CD.
A. Copy the files to the Vault server and discard the CD
B. Copy the contents of the CD to a Hardware Security Module (HSM) and discard the CD
C. Store the CD in a secure location, such as a physical safe
D. Store the CD in a secure location, such as a physical safe, and copy the contents of the CD to a folder secured with
NTFS permissions on the Vault
Correct Answer: D
 
QUESTION 10
The Vault administrator can change the Vault license by uploading the new license to the system Safe.
A. True
B. False
Correct Answer: A
QUESTION 11
A Logon Account can be specified in the Master Policy.
A. TRUE
B. FALSE
Correct Answer: B

QUESTION 12
The primary purpose of exclusive accounts is to ensure non-repudiation (individual accountability).
A. TRUE
B. FALSE
Correct Answer: A

QUESTION 13
You have associated a logon account to one of your UNIX root accounts in the vault. When attempting to change the
root account\\’s password the CPM will…
A. Log in to the system as root, then change root\\’s password.
B. Log in to the system as the logon account, then change root\\’s password
C. Log in to the system as the logon account, run the su command to log in as root, and then change root\\’s password.
D. None of these.
Correct Answer: A
 

CyberArk CAU201 Pdf Free Download

[from google drive] CyberArk CAU201 pdf https://drive.google.com/file/d/1mI6HWGCIcCl4ilF0qfi8PCkZcPfLBpjW/view?usp=sharing

ps.

Best 100% valid up-to-date actual Pass4itSure CyberArk CAU201 dumps https://www.pass4itsure.com/cau201.html that bring you the best results. You can get 100% free updates on CyberArk CAU201 practice test questions, CyberArk CAU201 pdf here.

CAU201 Pdf PDF Free Download https://drive.google.com/file/d/1mI6HWGCIcCl4ilF0qfi8PCkZcPfLBpjW/view?usp=sharing

Checkpoint 156-215 PDF Dumps, The Most Recommended Checkpoint 156-215 Exam Dump Covers All Key Points

FLYDUMPS bring you the best Checkpoint 156-215 exam preparation materials which will make you pass in the first attempt.And we also provide you all the Checkpoint 156-215 exam updates as Microsoft announces a change in its Checkpoint 156-215 exam syllabus,we inform you about it without delay.

QUESTION 30
Which utility allows you to configure the DHCP service on SecurePlatform from the command line?
A. sysconfig
B. dhcp_cfg
C. cpconfig
D. ifconfig

Correct Answer: A QUESTION 31
Which utility is necessary for reestablishing SIC?
A. fwm sic_reset
B. cpconfig
C. cplic
D. sysconfig

Correct Answer: B QUESTION 32
The third-shift Administrator was updating Security Management Server access settings in Global Properties. He managed to lock all administrators out of their accounts. How should you unlock these accounts?
A. Reinstall the Security Management Server and restore using upgrade_import.
B. Delete the file admin.lock in the Security Management Server directory $FWDIR/tmp/.
C. Type fwm lock_admin -ua from the Security Management Server command line.
D. Login to SmartDashboard as the special cpconfig_admin user account; right-click on each administrator object and select unlock.

Correct Answer: C QUESTION 33
The third shift administrator was updating security management server access setting in global properties. He managed to lock the entire Administrator out of their accounts. How should you unlock these accounts?
A. Logging to smart dash board as special cpconfig_admin account. Right click on each administrator object and select Unlock.
B. Type fwm lock_admin ua from the command line of the security management server
C. Reinstall the security management Server and restore using upgrade _imort
D. Delete the file admin .lock in the sfwdir/ tmp/directory of the security managem,ent server.

Correct Answer: B QUESTION 34
You are the Security Administrator in a large company called ABC. A Check Point Firewall is installed and in use on SecurePlatform. You are concerned that the system might not be retaining your entries for the interfaces and routing configuration. You would like to verify your entries in the corresponding file(s) on SecurePlatform. Where can you view them? Give the BEST answer.
A. /etc/conf/route.C
B. /etc/sysconfig/netconf.C
C. /etc/sysconfig/network-scripts/ifcfg-ethx
D. /etc/sysconfig/network

Correct Answer: B
QUESTION 35
When using SecurePlatform, it might be necessary to temporarily change the MAC address of the interface eth 0 to 00:0C:29:12:34:56. After restarting the network the old MAC address should be active. How do you configure this change?
A. Open the WebUI, select Network > Connections > eth0. Place the new MAC address in the field Physical Address, and press Apply to save the settings.
B. As expert user, issue these commands: # IP link set eth0 down # IP link set eth0 addr 00:0C:29:12:34:56 # IP link set eth0 up
C. As expert user, issue the command: # IP link set eth0 addr 00:0C:29:12:34:56
D. Edit the file /etc/sysconfig/netconf.c and put the new MAC address in the field (conf : (conns 🙁 conn :hwaddr (“00:0C:29:12:34:56”)
Correct Answer: B
QUESTION 36
Where is the IPSO Boot Manager physically located on an IP Appliance?
A. In the / nvram directory
B. On an external jump drive
C. On the platform’s BIOS
D. On built-in compact Flash memory
Correct Answer: D

QUESTION 37
ALL of the following options are provided by the SecurePlatform sysconfig utility, EXCEPT:
A. DHCP Server configuration
B. GUI Clients
C. Time & Date
D. Export setup
Correct Answer: B
QUESTION 38
Which of the following options is available with the SecurePlatform cpconfig utility?
A. GUI Clients
B. Time & Date
C. Export setup
D. DHCP Server configuration
Correct Answer: A QUESTION 39
Which command would provide the most comprehensive diagnostic information to Check Point Technical Support?
A. diag
B. cpinfo -o date.cpinfo.txt
C. netstat > date.netstat.txt
D. cpstat > date.cpatat.txt

Correct Answer: B QUESTION 40
How do you recover communications between your Security Management Server and Security Gateway if you lock yourself out via a rule or policy mis-configuration?
A. fw delete [email protected]
B. cpstop
C. fw unloadlocal
D. fw unload policy

Correct Answer: C QUESTION 41
How can you check whether IP forwarding is enabled on an IP Security Appliance?
A. clish c show routing active enable
B. echo 1 > /proc/sys/net/ipv4/ip_forwarding
C. ipsofwd list
D. cat/proc/sys/net/ipv4/ip_forward

Correct Answer: C QUESTION 42
For normal packet transmission of an accepted communication to a host protected by a Security Gateway, how many lines per packet are recorded on a packet analyzer like Wireshark using fw monitor?
A. 2
B. 4
C. 3
D. None

Correct Answer: B QUESTION 43
How can I verify the policy version locally installed on the Firewall?
A. fw ver
B. fw ctl iflist
C. fw ver -k
D. fw stat

Correct Answer: D QUESTION 44
If you run fw monitor without any parameters, what does the output display?
A. In /var/adm/monitor. Out
B. On the console
C. In /tmp/log/monitor out
D. In / var/log/monitor. out

Correct Answer: B QUESTION 45
Another administrator accidentally installed a Security Policy on the wrong firewall. Having done this, you are both locked out of the firewall that is called myfw1. What command would you execute on your system console on myfw1 in order for you to push out a new Security Policy?
A. fw dbloadlocal
B. fw unloadlocal
C. cpstop
D. fw ctl filter

Correct Answer: B QUESTION 46
Which of the following commands will completely remove the Security Policy from being enforced on a Security Gateway?
A. fw unload
B. fw unloadlocal
C. cpstop
D. fw unload local

Correct Answer: B QUESTION 47
Which of the following commands identifies whether or not a Security Policy is installed or the Security Gateway is operating with the initial policy?
A. fw monitor
B. fw ctl pstat
C. cp stat
D. fw stat

Correct Answer: D QUESTION 48
To monitor all traffic between a network and the Internet on a SecurePlatform Gateway, what is the BEST utility to use?
A. snoop
B. cpinfo
C. infoview
D. tcpdump

Correct Answer: D QUESTION 49
You are creating an output file with the following command:
fw monitor -e “accept (src=10.20.30.40 or dst=10.20.30.40);” -o ~/output Which tool do you use to analyze this file?
A. You can analyze it with Wireshark or Ethereal.
B. You can analyze the output file with any ASCI editor.
C. The output file format is CSV, so you can use MS Excel to analyze it.
D. You cannot analyze it with any tool as the syntax should be:fw monitor -e accept ([12,b]=10.20.30.40 or [16,b]=10.20.30.40); -o ~/output.

Correct Answer: A
QUESTION 50
You issue the fw monitor command with no arguments. Which of the following inspection points will be displayed?
A. Before the virtual machine, in the inbound direction
B. After the virtual machine, in the outbound direction
C. All inspection points
D. Before the virtual machine, in the outbound direction

Correct Answer: C

We help you do exactly that with our high quality Checkpoint 156-215 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Checkpoint 156-215 PDF readers that are available for free.

CheckPoint 156-110 Test Engine, Provide Latest CheckPoint 156-110 Real Testing With Accurate Answers

We are committed on providing you with the latest and most accurate CheckPoint 156-110 exam preparation products.If you want to pass CheckPoint 156-110 exam successfully, do not miss to read latest CheckPoint 156-110 brain dumps on Flydumps.

QUESTION 41
If e-mail is subject to review by individuals other than the sender and recipient, what should be clearly stated in the organization’s e-mail policy?
A. Technologies and methods used to monitor and enforce the organization’s policies
B. Senior management and business-unit owner responsibilities and delegation options
C. Clear, legally defensible definition of what constitutes a business record
D. Consequences for violation of the organization’s acceptable-use policy
E. No expectation of privacy for e-mail communications, using the organization’s resources

Correct Answer: E
QUESTION 42
Which of the following are common failures that should be addressed in an organization’s Business Continuity Plan (BCP) ? (Choose THREE.)
A. Connectivity failures
B. Accounting failures
C. Hardware failures
D. Utility failures
E. Personal failures

Correct Answer: ACD
QUESTION 43
Which TWO of the following items should be accomplished, when interviewing candidates for a position within an organization?
A. Hire an investigation agency to run background checks.
B. Verify all dates of previous employment.
C. Question candidates, using polygraphs.
D. Contact personal and professional references.
E. Run criminal-background checks.
Correct Answer: BD QUESTION 44
A _______ _______ posture provides many levels of security possibilities, for access control.
A. Layered defensive
B. Multiple offensive
C. Flat defensive
D. Reactive defensive
E. Proactive offensive

Correct Answer: A
QUESTION 45
At ABC Corporation, access to critical information resources, such as database and e-mail servers, is controlled by the information-technology (IT) department. The supervisor in the department grants access to printers where the printer is located. Managers grant and revoke rights to files within their departments’ directories on the file server, but the IT department controls who has access to the directories. Which type of access-management system is in use at ABC Corporation?
A. Centralized access management
B. Role-based access management
C. Hybrid access management
D. Decentralized access management
E. Privileged access management

Correct Answer: C
QUESTION 46
Embedding symbols in images or common items, such as pictures or quilts, is an example of __________.
A. Espionage
B. Transposition cipher
C. Key exchange
D. Arithmancy
E. Steganography
Correct Answer: E
QUESTION 47
Why should each system user and administrator have individual accounts? (Choose TWO.)
A. Using generic user names and passwords increases system security and reliability.
B. Using separate accounts for each user reduces resource consumption, particularly disk space.
C. By using individual login names and passwords, user actions can be traced.
D. If users do not have individual login names, processes can automatically run with root/administrator access.
E. A generic user name and password for users and security administrators provides anonymity, which prevents useful logging and auditing.
Correct Answer: CE
QUESTION 48
A(n) _______ occurs when intrusion-detection measures fail to recognize suspicious traffic or activity.
A. False positive
B. False negative
C. CIFS pop-up
D. Threshold
E. Alarm

Correct Answer: B
QUESTION 49
What is single sign-on? An authentication method:
A. that allows users to authenticate once, and then uses tokens or other credentials to manage subsequent authentication attempts
B. that stores user credentials locally, so that users need only authenticate the first time, a local machine is used
C. requiring the use of one-time passwords, so users authenticate only once, with a given set of credentials.
D. that uses smart cards, hardware tokens, and biometrics to authenticate users; also known as three-factor authentication
E. that requires users to re-authenticate for every resource accessed

Correct Answer: A
QUESTION 50
Which of the following is NOT a Business Continuity Plan (BCP) recovery strategy?
A. Delegating risk to another entity, such as an insurer
B. Manual procedures; alternative solution to technology available
C. Deferring action; action waiting until a later date
D. Reciprocal agreements with another organization
E. Doing nothing; no action taken to recover the technology

Correct Answer: A

Get certified CheckPoint 156-110 is a guaranteed way to succeed with IT careers.We help you do exactly that with our high quality CheckPoint 156-110 Certification Certified Information Systems Security Professional training materials.

Cisco 642-892 Demo Download, High Pass Rate Cisco 642-892 Real Exam Questions And Answers 100% Pass With A High Score

100% Valid Cisco 642-892 exam questions and answers are tested and approved by Cisco experts. Furthermore, we are constantly updating our Cisco 642-892 exam dumps,100% guarantee in quality and reliability.

QUESTION 1
Refer to the exhibit. What problem is preventing users on VLAN 100 from pinging addresses on VLAN 200?

A. No default route on DLS1.
B. Encapsulation mismatch between switches.
C. Native VLAN mismatch.
D. Subinterfaces should be created on Fa0/7 and Fa0/8 on DLS1.
E. Trunking needs to be enabled.
F. The ip routing command is missing on DLS1.
Correct Answer: F Section: (none) Explanation
Explanation/Reference: Answer: F
QUESTION 2
Which three characteristics are true about voice traffic in the campus network? (Choose three.)
A. bursty
B. greedy
C. drop sensitive
D. delay sensitive
E. UDP priority
F. TCP retransmits
Correct Answer: CDE Section: (none) Explanation
Explanation/Reference: Answer:CDE
QUESTION 3
Which three characteristics are true about voice traffic in the campus network? (Choose three.)
A. TCP retransmits
B. benign
C. greedy
D. drop sensitive
E. smooth
F. delay insensitive
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference: Answer:BDE
QUESTION 4
Refer to the exhibit. What additional commands should be used to configure OSPF area 5 as a T otally Stubby area?

A. area 0 stub on routers R4 and R5
B. area 5 stub on routers R4 and R5
C. area 5 stub no-summary on routers R4 and R5
D. area 0 stub no-summary on router R4 and area 5 stub no-summary on router R5
E. area 5 stub no-summary on router R4 and area 5 stub on router R5
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E
QUESTION 5
Refer to the exhibit. OSPF is configured on all routers in the network. On the basis of the show ip ospf neighbor output, what prevents R1 from establishing a full adjacency with R2?

A. Router R1 will only establish full adjacency with the DR and BDR on broadcast multiaccess networks.
B. Router R2 has been elected as a DR for the broadcast multiaccess network in OSPF area 1.
C. Routers R1 and R2 are configured as stub routers for OSPF area 1 and OSPF area 2.
D. Router R1 and R2 are configured for a virtual link between OSPF area 1 and OSPF area 2.
E. The Hello parameters on routers R1 and R2 do not match.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 6
In the event that two devices need access to a common server,but they cannot communicate with each other, which security feature should be configured to mitigate attacks between these devices?
A. port security
B. dynamic ARP inspection
C. DHCP snooping
D. private VLANs E. BPDU guard
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 7
A hacker is interested in seeing traffic from all switch ports on the switch that he is connected to, including the ports belonging to other VLANs. What type of attack is he likely to implement?
A. MAC address flooding
B. ARP attack
C. spoofing attack
D. DHCP attack
E. VLAN hopping
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 8
Which statement best summarizes how DHCP snooping works?
A. DHCP snooping validates the header information of all DHCP replies and only allows the reply through if it has a matching request in the DSRT .
B. DHCP snooping validates all DHCP responses from all switch ports and only allows packets through if the destination port sent a DHCP request in the last 5 seconds.
C. DHCP snooping validates all DHCP responses from all switch ports and only allows packets through if the destination port specifically sent a DHCP request.
D. DHCP snooping determines which switch ports are trusted and can source all DHCP messages.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 9
Refer to the exhibit. On the basis of the configuration provided, how are the Hello packets sent by R2 handled by R5 in OSPF area 5?

A. The Hello packets will be exchanged and adjacency will be established between routers R2 and R5.
B. The Hello packets will be exchanged but the routers R2 and R5 will become neighbors only.
C. The Hello packets will be dropped and no adjacency will be established between routers R2 and R5.
D. The Hello packets will be dropped but the routers R2 and R5 will become neighbors.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 10
Which statement is true about OSPF Network LSAs?
A. They are originated by every router in the OPSF network. They include all routers on the link, interfaces, the cost of the link, and any known neighbor on the link.
B. They are originated by the DR on every multi-access network. They include all attached routers including the DR itself.
C. They are originated by Area Border Routers and are sent into a single area to advertise destinations outside that area.
D. They are originated by Area Border Router and are sent into a single area to advertise an Autonomous System Border Router.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B QUESTION 11
Refer to the exhibit. OSPF is configured on all routers in the network. Area 5 is configured as an NSSA area. The RIPv2 routes are redistributed into the OSPF domain on router R5. What two types of LSAs will be originated by router R5? (Choose two.)

A. type 1 Router LSA
B. type 2 Network LSA
C. type 3 Network Summary LSA
D. type 4 ASBR Summary LSA
E. type 5 AS External LSA
F. type 7 NSSA External LSA
Correct Answer: AF Section: (none) Explanation
Explanation/Reference: Answer:AF
QUESTION 12
A network administrator would like to configure 802.1x port-based authentication, however, the client workstation is not 802.1x compliant. What is the only supported authentication server that can be used?
A. TACACSwith LEAP extensions
B. TACACS+
C. RADIUS with EAP extensions
D. LDAP
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 13
A switch has been configured with PVLANs. With what type of PVLAN port should the default gateway be configured?
A. Isolated
B. Promiscuous
C. Community
D. Primary
E. Trunk
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 14
Refer to the exhibit. The lightweight wireless architecture splits the processing of the 802.11 data and management protocols and the access point functionality between the access point and the WLAN controller using split MAC approach. Which three functionalities are handled by the WLAN controller?

A. the transmission of beacon frames
B. the portions of the protocol that have real-time requirements
C. the response to Probe Request frames from clients
D. 802.11 authentication
E. 802.11 association and re-association (mobility)
F. 802.11 frame translation and bridging
Correct Answer: DEF Section: (none) Explanation
Explanation/Reference: Answer:DEF
QUESTION 15
What is the function of the Service Set Identifier (SSID) in the wireless LAN?
A. The SSID should be configured on the client site only and provides data-privacy functions and authentication to the access point.
B. The SSID must match on both the client and the access point. The SSID is advertised in plain-text in the access point beacon messages.
C. The SSID must match on both the client and the access point and provides encryption keys for authentication to the access point.
D. The SSID must match on both the client and the access point and provides MAC Address Authentication to authenticate the client to the access point.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 16
What are two differences between the Autonomous WLAN solution and the Lightweight WLAN solution?
(Choose two.)
A. TACACS+can only be used for authentication with the Cisco Lightweight WLAN solution.
B. CiscoWorks Wireless LAN Solution Engine can be used for management with the Autonomous WLAN Solution.
C. CiscoWorks Wireless LAN Solution Engine can be used for management with the Lightweight WLAN Solution.
D. Cisco Wireless LAN Controller is used to configure the access points in the Lightweight WLAN solution.
E. Cisco Wireless LAN Controller is used to configure the access points in the Autonomous WLAN solution.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD
QUESTION 17
Which routing protocol will continue to receive and process routing updates from neighbors after the passive-interface router configuration command is entered?
A. EIGRP
B. RIP
C. OSPF
D. IS-IS
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 18
When building an IP multicast domain using PIM which mode assumes that other routers do not want to forward multicast packets for the group?
A. PIM-DM
B. PIM-SM
C. PIM-RP
D. CGMP
E. IGMP snooping
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 19
Which statement describes Dynamic Trunking Protocol (DTP) mode ‘desirable’?
A. The interface is put into permanent trunking mode and negotiates to convert the link into a trunk link.
B. The interface actively attempts to convert the link to a trunk link.
C. The interface is put into permanent trunking mode but prevented from generating DTP frames.
D. The interface is put into a passive mode, waiting to convert the link to a trunk link.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 20
In a customer’s network, VLAN Trunking Protocol (VTP) is running with a domain named main1. VLANs 1,2,3,4,5,10,20 are active on the network. Suddenly the whole network goes down. No traffic is being passed on VLANs 2,3,4,5,10,20, however traffic passes on VLAN 1 and indicates all switches are operational. Right before the network problem occurred, a switch named TEST1 was added to the network. What three conditions must exist on TEST1 to cause this network outage? (Choose three.)
A. TEST1 is configured as a VTP server with a different domain name.
B. TEST1 is not configured to participate in VTP .
C. TEST1 is configured as a VTP server with the domain name main1.
D. TEST1 has a lower VTP configuration revision than the current VTP revision.
E. TEST1 has a higher VTP configuration revision than the current VTP revision.
F. TEST1 is configured with only VLAN1.
Correct Answer: CEF Section: (none) Explanation
Explanation/Reference: Answer:CEF
QUESTION 21
Given the following partial configuration for Router A: interface serial 0 ip address 10.1.1.1 255.255.255.0 encapsulation frame-relay ip ospf network point-to-multipoint router ospf 7 network 10.1.1.0 0.0.0.255 area 0 Which two statements are correct? (Choose two.)
A. DR/BDR elections do not take place.
B. The router is restricted to a hub and spoke topology.
C. The area 0 NBMA cloud is configured as more than one subnet.
D. OSPF neighbor statements are not necessary.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD
QUESTION 22
Which command displays the number of times that the OSPF Shortest Path First (SPF) algorithm has been executed?
A. show ip protocol
B. show ip ospf interface
C. show ip ospf
D. show ip ospf database
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 23
Which two methods advertise internal networks to external ISPs via BGP? (Choose two.)
A. using aggregate routes
B. disabling synchronization
C. forcing the next-hop address
D. defining routes via the network statement
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD
QUESTION 24
Which two table types are CEF components?(Choose two.)
A. forwarding information base
B. adjacency tables
C. neighbor tables
D. caching tables
E. route tables
Correct Answer: AB Section: (none) Explanation
Explanation/Reference: Answer:AB
QUESTION 25
What is a characteristic of a static VLAN membership assignment?
A. VMPS server lookup
B. easy to configure
C. ease of adds, moves, and changes
D. based on MAC address of the connected device
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 26
A network administrator assigns a multicast address of 239.255.8.5 to an application running on a device with an Ethernet MAC address of 01.b2.7d.05.f1.80. Which Layer 2 multicast address will this device use?
A. 01.00.5e.7F .08.05
B. 01.b2.7d.05.f1.80
C. 01.b2.7d.0a.08.05
D. 01.00.5e.05.f1.80
E. ff.ff.ff.ff.ff.ff
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 27
For the accompanying router output, which of the following statements describes the state that neighbor 172.16.254.3 is in?
A. The router will not accept connections from the peer.
B. The router has sent out an active TCP connection request to the peer.
C. The router is listening on its server port for connection requests from the peer.
D. BGP can exchange routing information in this state.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 28
Above is the output from show ip bgp neighbors command. What is line 21 stating about the BGP connection?

A. the number of consecutive TCP connections to the specified remote neighbor
B. the number of times the router has established a TCP connection
C. the number of total TCP connections that the router has
D. the number of neighbors that the router has
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 29
Given the network diagram, which address would successfully summarize only the networks seen?
A. 192.168.0.0/24
B. 192.168.8.0/20
C. 192.168.8.0/21
D. 192.168.12.0/20
E. 192.168.16.0/21
F. These networks cannot be summarized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 30
A. R3,R4,R6
B. R3,R4,R5,R6
C. R2,R3,R6,R7
D. R2,R3,R4,R6,R7
E. R1 through R8
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 31
Which statement is true regarding the configuration of ISL trunks?
A. All Catalyst switches support ISL trunking.
B. A Catalyst switch will report giants if one side is configured for ISL while the other side is not.
C. ISL trunking requires that native VLANs match.
D. A Catalyst switch cannot have ISL and IEEE 802.1q trunks enabled.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:Answer:B
QUESTION 32
Which statement is correct about 802.1Q trunking?
A. Both switches must be in the same VTP domain.
B. The encapsulation type on both ends of the trunk does not have to match.
C. The native VLAN on both ends of the trunk must be VLAN 1.
D. 802.1Q trunking can only be configured on a Layer 2 port.
E. In 802.1Q trunking, all VLAN packets are tagged on the trunk link, except the native VLAN.
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E
QUESTION 33
Why should iBGP sessions be fully meshed within a TransitAS?
A. BGP requires redundant TCP sessions between iBGP peers.
B. A full mesh allows for optimal routing within the TransitAS.
C. Routes learned via iBGP are never propagated to other eBGP peers.
D. Routes learned via iBGP are never propagated to other iBGP peers.
E. Routes learned via eBGP are never propagated to other iBGP peers.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 34
The 192.168.0.0 network is not being propagated throughout the network. Observe the BGP configuration commands from the advertising router. What is the reason the 192.168.0.0 route is not being advertised? router bgp 65111 neighbor 172.16.1.1 remote-as 65111 neighbor 172.16.2.1 remote-as 65112 network 192.168.0.0 network 10.0.0.0 ! ip route 192.168.0.0 255.255.0.0 null0
A. The network 192.168.0.0 statement is missing mask 255.255.0.0
B. The network 192.168.0.0 statement is missing mask 0.0.255.255.
C. The network 10.0.0.0 statement is missing mask 255.0.0.0.
D. The network 10.0.0.0 statement is missing mask 0.255.255.255.
E. The auto-summary configuration is missing.
Correct Answer: A Section: (none) Explanation Explanation/Reference: Answer:A
QUESTION 35
What are the basic configuration steps to enable IS-IS?
A. Configure the net system-id command under router isis and enable IS-IS on each interface with the ip router isis command.
B. Configure the network net-id command(s) under router isis and enable IS-IS on each interface with the ip router isis command.
C. Configure the network net-id command(s) and the is-type level-1-2 command under router isis.
D. Configure the net system-id and the network net-id commands under router isis.
E. Configure the net system-id and the network net-id commands under router isis and enable IS-IS on each interface with the ip router isis command.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 36
Which three characteristics apply to IS-IS but not to OSPF? (Choose three.)
A. encapsulates PDUs directly into a data-link frame
B. uses a DIS and a backup DIS to present the pseudo-node on the LAN
C. uses stubby areas to improve network scalability
D. uses a default IOS metric of 10 on each interface
E. runs PRC (Partial Route Calculations) to calculate IP reachability information
F. uses an on-demand circuit to reduce the hello and LSA flooding across switched WAN links, such as ISDN
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference: Answer:ADE
QUESTION 37
A network administrator has enabled OSPF across an NBMA network and has issued the command ip ospf network nonbroadcast. Given those facts, which two statements are true? (Choose two.)
A. DR and BDR elections will occur.
B. DR and BDR elections will not occur.
C. All routers must be configured in a fully meshed topology with all other routers.
D. The neighbor command is required to build adjacencies.
E. Interfaces will automatically detect and build adjacencies with neighbor routers.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD
QUESTION 38
Which three statements are correct about the differences in IS-IS and OSPF? (Choose three.)
A. IS-IS LSP contains TLV fields and OSPF LSU contains the LSAs.
B. New additions to the protocol are easily implemented in OSPF but not with IS-IS.
C. For greater fine tuning there are more IS-IS timers.
D. OSPF has more area types than does IS-IS.
E. IS-IS is more CPU-intensive than is OSPF .
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference: Answer:ACD
QUESTION 39
Which enhancement was added to IGMP version 3?
A. membership query message
B. membership report message
C. leave group message
D. source filtering
E. destination filtering
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 40
Given the above diagram and assuming that STP is enabled on all switch devices, which two statements are true? (Choose two.)

A. DSW11will be elected the root bridge.
B. DSW12 will be elected the root bridge.
C. ASW13 will be elected the root bridge.
D. P3/1 will be elected the nondesignated port.
E. P2/2 will be elected the nondesignated port.
F. P3/2 will be elected the nondesignated port.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference: Answer:AD
QUESTION 41
Which three statements about STP timers are true? (Choose three.)
A. STP timers values (hello, forward delay, max age) are included in each BPDU.
B. A switch is not concerned about its local configuration of the STP timers values. It will only consider the value of the STP timers contained in the BPDU it is receiving.
C. To successfully exchange BPDUs between two switches, their STP timers value (hello, forward delay, max age) must be the same.
D. If any STP timer value (hello, forward delay, max age) needs to be changed, it should at least be changed on the root bridge and backup root bridge.
E. On a switched network with a small network diameter, the STP hello timer can be tuned to a lower value to decrease the load on the switch CPU.
F. The root bridge passes the timer information in BPDUs to all routers in the Layer 3 configuration.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference: Answer:ABD
QUESTION 42
Which configuration commands will enable RTA to advertise all local interfaces over OSPF?
A. RTA(config)#router ospf 1 RTA(config-router)#default-information originate
B. RTA(config)#router ospf 1 RTA(config-router)#network 255.255.255.255 255.255.255.255
C. RTA(config)#router ospf 1 RTA(config-router)#network 0.0.0.0
D. RTA(config)#router ospf 1 RTA(config-router)#network 0.0.0.0 0.0.0.0
E. RTA(config)#router ospf 1 RTA(config-router)#redistribute static
F. RTA(config)#router ospf 1 RTA(config-router)#redistribute connected
Correct Answer: F Section: (none) Explanation
Explanation/Reference: Answer: F
QUESTION 43
Which command lists the system IDs of all known IS-IS routers?
A. show clns neighbors
B. show isis database
C. show isis topology
D. show clns neighbors detail
E. show is-is neighbors detail
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 44
Observe the diagram. RTC is the hub router and RTA and RTB are the spokes. There are no virtual circuits between the spoke locations. What is needed to successfully route traffic to the 11.11.11.0/24 network from RTA?

A. The neighbor 10.10.10.1 next-hop-self command on RTA.
B. The neighbor 10.10.10.1 next-hop-self command on RTB.
C. The neighbor 10.10.10.1 next-hop-self command on RTC.
D. Nothing is required. This is the default behavior on this topology.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 45
Refer to the exhibit diagram and configuration. RTB is summarizing its networks from AS 64100 with the aggregate-address command. However, the show ip route command on RTA reveals the RTB individual networks as well as its summary route. Which option would ensure that only the summary route would appear in the routing table of RTA?

A. Delete the four network statements and leave only the aggregate-address statement in the BGP configuration.
B. Add the keyword summary-only to the aggregate-address command.
C. Add a static route with a prefix of 192.168.24.0 255.255.252.0 pointing to the null0 interface.
D. Create a route map permitting only the summary address.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 46
Refer to the exhibit. What must be configured on router RTA to summarize all routes from area 0 to area 1?

A. area 0 range 172.16.96.0 255.255.224.0
B. area 0 range 172.16.96.0 255.255.255.0
C. area 1 range 172.16.96.0 255.255.224.0
D. area 1 range 172.16.96.0 255.255.0.0
E. summary-address 172.16.96.0 255.255.224.0
F. summary-address 172.16.96.0 0.0.63.255
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 47
Which VTP information does a Catalyst switch advertise on its trunk ports when using VTP? (Choose two.)
A. VTP mode
B. STP root status
C. negotiation status
D. management domain
E. configuration revision number
Correct Answer: DE Section: (none) Explanation
Explanation/Reference: Answer:DE
QUESTION 48
What is the maximum Ethernet frame size on a trunk link configured using IEEE 802.1Q encapsulation?
A. 1496 Bytes
B. 1500 Bytes
C. 1518 Bytes
D. 1522 Bytes
E. 1548 Bytes
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 49
What are two Cisco IOS commands that can be used to view neighbor adjacencies? (Choose two.)
A. show ip ospf database
B. show ip ospf neighbors
C. show ip ospf protocols
D. show ip ospf interfaces
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD
QUESTION 50
Which two provide intra-area routing services? (Choose two.)
A. L1 IS
B. L1 ES
C. L2 IS
D. L2 ES
E. L1/L2 IS

Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE Exam D
QUESTION 1
The lack of which two prevents VTP information from propagating between switches? (Choose two.)
A. VLAN 1
B. a trunk port
C. VTP priority
D. a root VTP server
Correct Answer: AB Section: (none) Explanation
Explanation/Reference: Answer:AB
QUESTION 2
Refer to the exhibit. Routers R2, R3, R4, and R5 have OSPF enabled. What should be configured on the routers in area 1 to ensure that all default summary routes and redistributed EIGRP routes will be forwarded from R6 to area 1, and only a default route for all other OSPF routes will be forwarded from R5 to area 1.

A. R5(config-router)# area 1 stub R6(config-router)# area 1 stub
B. R5(config-router)# area 1 stub no-summary R6(config-router)# area 1 stub
C. R5(config-router)# area 1 nssa R6(config-router)# area 1 nssa
D. R5(config-router)# area 1 nssa no-summary R6(config-router)# area 1 nssa
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 3
Which statement is true about EBGP?
A. An internal routing protocol can be used to reach an EBGP neighbor.
B. The next hop does not change when BGP updates are exchanged between EBGP neighbors.
C. A static route can be used to form an adjacency between neighbors.
D. EBGP requires a full mesh.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 4
Which two are characteristics of the IS-IS protocol but not OSPF? (Choose two.)
A. provides for network scalability by allowing the network to be separated into areas
B. provides routing support for multiple network layer protocols
C. three layers of hierarchical routing
D. utilizes SPF algorithm
E. forms adjacencies with all neighbors
F. supports demand circuit routing
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: Answer:BE
QUESTION 5
Which three are benefits of IS-IS over OSPF? (Choose three.)
A. supports more routers in an area
B. does not require Hello packets to establish neighbor relationships
C. produces fewer link state advertisements for a given network
D. supports route tags
E. supports network layer protocols other than IP
F. requires fewer neighbor relationships in a broadcast multiaccess network
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: Answer:ACE
QUESTION 6
Which two conditions can cause BGP neighbor establishment to fail? (Choose two.)
A. There is an access list blocking all TCP traffic between the two BGP neighbors.
B. The IBGP neighbor is not directly connected.
C. BGP synchronization is enabled in a transit autonomous system with fully-meshed IBGP neighbors.
D. The BGP update interval is different between the two BGP neighbors.
E. The BGP neighbor is referencing an incorrect autonomous system number in its neighbor statement.
Correct Answer: AE Section: (none) Explanation Explanation/Reference: Answer:AE
QUESTION 7

A. The BGP session to the 10.1.1.1 neighbor is established.
B. The BGP session to the 10.2.2.2 neighbor is established.
C. The BGP session to the 10.3.3.3 neighbor is established.
D. The router is attempting to establish a BGP peering session with the 10.1.1.1 neighbor.
E. The BGP session to the 10.3.3.3 neighbor is established, but the router has not received any BGP routing updates from the 10.3.3.3 neighbor.
F. The router is attempting to establish a BGP peering session with the 10.2.2.2 neighbor.

Correct Answer: AF Section: (none) Explanation
Explanation/Reference: Answer:AF
QUESTION 8
OSPF is configured over a Frame Relay network as shown in the exhibit. All PVCs are active. However,
R1 and R3 fail to see all OSPF routes in their routing tables. The show ip ospf neighbor command
executed
on R2 shows the state of the neighbors. What should be done to fix the problem?
A. The ip ospf network non-broadcast command should be configured on each Frame Relay interface.
B. The ip ospf network broadcast command should be configured on each Frame Relay interface.
C. The neighbor command should be configured under the OSPF routing process on all routers.
D. The ip ospf priority value on the hub router should be set to 0.
E. The ip ospf priority value on the spoke routers should be set to 0.
Correct Answer: E Section: (none) Explanation
Explanation/Reference: Answer: E
QUESTION 9
Refer to the exhibit. All network links are FastEthernet. Although there is complete connectivity throughout the network, Front Line users have been complaining that they experience slower network performance when accessing the server farm than the Reception office experiences. Based on the exhibit, which two statements are true? (Choose two.)

A. Changing the bridge priority of S1 to 4096 would improve network performance.
B. Changing the bridge priority of S1 to 36864 would improve network performance.
C. Changing the bridge priority of S2 to 36864 would improve network performance.
D. Changing the bridge priority of S3 to 4096 would improve network performance.
E. Disabling the Spanning Tree Protocol would improve network performance.
F. Upgrading the link between S2 and S3 to Gigabit Ethernet would improve performance.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD
QUESTION 10
Refer to the exhibit. A workstation PC is connected to the Cisco IP phone access port. Based on the configuration in the exhibit, how will the traffic be managed?

A. The IP phone access port will override the priority of the frames received from the PC.
B. The IP phone access port will trust the priority of the frames received from the PC.
C. The switch port Fa0/4 will override the priority of the frames received from the PC.
D. The switch port Fa0/4 will trust the priority for the frames received from the PC.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 11
Refer to the exhibit. A trunk link is connected between switch A_SW and switch D_SW. Based on the configuration shown in the exhibit, how would the traffic coming from the switch A_SW be managed?

A. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames coming from the IP phone.
B. The trunk port Fa0/1 on switch A_SW will trust all CoS values on the frames received on the IP phone.
C. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames coming from port Fa0/1 on A_SW.
D. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the A_SW switch port Fa0/4.
E. The trunk port Fa0/1 on switch D_SW will trust all CoS values on the frames received on the IP phone port.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 12
Which option correctly identifies the Cisco IOS switching methods in descending order from the fastest method to the slowest method?
A. CEF, distributed CEF (dCEF), fast switching, process switching
B. distributed CEF (dCEF), CEF, fast switching, process switching
C. fast switching, process switching, distributed CEF (dCEF), CEF
D. process switching, fast switching, distributed CEF (dCEF), CEF
E. process switching, distributed CEF (dCEF), CEF, fast switching
F. process switching, CEF, distributed CEF (dCEF), fast switching
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 13
163. Refer to the exhibit. An administrator is verifying that a CEF FIB entry exists to destination network
192.168.150.0. Given the output generated by the show ip cef and show adjacency detail commands, which

A. There is a valid CEF entry for the destination network 192.168.150.0.
B. The “valid cached adjacency” entry indicates that CEF will put all packets going to such an adjacency to the next best switching mode.
C. The counters (0 packets, 0 bytes) indicate a problem with the 192.168.199.3 next hop IP address.
D. There is an adjacency for the 192.168.199.3 next hop IP address.
E. The number 003071506800 is the MAC address of the 192.168.199.3 next hop IP address.
F. The number 003071506800 is the MAC address of the source IP address.
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference: Answer:ADE
QUESTION 14
Which two statements are true about a switched virtual interface (SVI)? (Choose two.)
A. An SVI is created by entering the no switchport command in interface configuration mode.
B. An SVI is created for the default VLAN (VLAN1) to permit remote switch administration by default.
C. An SVI provides a default gateway for a VLAN.
D. Multiple SVIs can be associated with a VLAN.
E. SVI is another name for a routed port.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference: Answer:BC
QUESTION 15
What is the effect of configuring the following command on a switch? Switch(config) # spanning-tree portfast bpdufilter default
A. If BPDUs are received by a port configured for PortFast, then PortFast is disabled and the BPDUs are processed normally.
B. If BPDUs are received by a port configured for PortFast, they are ignored and none are sent.
C. If BPDUs are received by a port configured for Portfast, the port will transition to forwarding state.
D. The command will enable BPDU filtering on all ports regardless of whether they are configured for BPDU filtering at the interface level.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 16
Which three statements are true about the Internet Group Management Protocol (IGMP)? (Choose three.)
A. IGMP is a multicast routing protocol that makes packet-forwarding decisions independent of other routing protocols such as EIGRP .
B. IGMP is used to register individual hosts with a multicast group.
C. IGMP messages are IP datagrams with a protocol value of 2, destination address of 224.0.0.2, and a TTL value of 1.
D. IGMP snooping runs on Layer 3 routers.
E. IGMP version 3 enables a multicast receiving host to specify to the router which sources it should forward traffic from.
F. There are three IGMP modes: dense mode, sparse mode, and sparse-dense mode.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: Answer:BCE
QUESTION 17
Which two statements are true about Internet Group Management Protocol (IGMP) snooping? (Choose two.)
A. IGMP snooping and Cisco Group Membership Protocol (CGMP) can be used simultaneously on a switch.
B. IGMP snooping and Cisco Group Membership Protocol (CGMP) were developed to help Layer 3 switches make intelligent forwarding decisions on their own.
C. IGMP snooping examines IGMP join/leave messages so that multicast traffic is forwarded only to hosts that sent an IGMP message toward the router.
D. IGMP snooping is an IP multicast constraining mechanism for Layer 2 switches.
E. IGMP snooping is enabled with the ip multicast-routing global configuration command.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference: Answer:CD
QUESTION 18
Which two multicast IP addresses can be represented by the multicast MAC address 0100.5e0A.0A07? (Choose two.)
A. 228.10.10.7
B. 228.10.10.8
C. 228.10.138.7
D. 229.11.10.7
E. 229.138.10.7
F. 229.138.10.8
Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE
QUESTION 19
When authentication is required, where must 802.1x be configured in order to connect a PC to a switch?
A. client PC only
B. switch port only
C. switch port and client PC
D. switch port and local router port
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 20
Refer to the exhibit. The user who is connected to interface FastEthernet 0/1 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?

A. SW1(config)# interface fastethernet 0/1 SW1(config-if)# no shut
B. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access
C. SW1(config)# interface fastethernet 0/1 SW1(config-if)# switchport mode access SW1(config-if)# switchport access vlan 10
D. SW1(config)# vlan 10 SW1(config-vlan)# no shut
E. SW1(config)# vlan 10 SW1(config-vlan)# state active
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 21
Which two statements are true about IBGP neighbor relationships? (Choose two.)
A. An EGP or static routing is required between IBGP neighbors.
B. A full-mesh IBGP requires that neighbor relationships be established between all BGP enabled routers in the autonomous system.
C. IBGP neighbors must be in different autonomous systems.
D. The BGP split-horizon rule specifies that routes learned via EBGP are never propagated to other IBGP peers.
E. The BGP split horizon rule specifies that routes learned via IBGP are never propagated to other IBGP peers.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference: Answer:BE
QUESTION 22
Refer to the exhibit. Routers RTA and RTB are running BGP but the session is active. What command needs to be added to establish the BGP session?

A. ip route 10.10.10.1 255.255.255.255 s0/0 ip route 10.10.10.1 255.255.255.255 s0/1
B. network 10.10.10.0
C. neighbor 10.10.10.1 next-hop-self
D. no synchronization
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 23
Refer to the exhibit. Given the exhibited router output, which command sequence can be added to R1 to generate a default route into the OSPF domain?

A. default-router
B. ip default-network
C. default-information originate always
D. ip default-gateway
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 24
Refer to the exhibit. What does the command channel-group 1 mode desirable do?

A. enables LACP unconditionally
B. enables PAgPonly if a PAgPdevice is detected
C. enables PAgPunconditionally
D. enables Etherchannel only
E. enables LACP only if a LACP device is detected
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 25
Which three statements are true about IP multicast configuration? (Choose three.)
A. PIM sparse mode interfaces are always added to the multicast routing table in a router.
B. PIM dense mode interfaces are always added to the multicast routing table in a router.
C. PIM sparse-dense mode acts as PIM dense mode if an RP is not known.
D. PIM sparse-dense mode and PIM dense mode require an RP on the network.
E. PIM sparse mode and PIM sparse-dense mode require an RP on the network.
F. PIM sparse mode and PIM dense mode require an RP on the network.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: Answer:BCE
QUESTION 26
Refer to the exhibit. For what purpose is the command show ip cef used?

A. to display rewritten IP unicast packets
B. to display ARP resolution packets
C. to display ARP throttling
D. to display TCAM matches
E. to display CEF-based MLS lookups
F. to display entries in the Forwarding Information Base (FIB)
Correct Answer: F Section: (none) Explanation
Explanation/Reference: Answer: F
QUESTION 27
Refer to the exhibit. Host A and Host B are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host A is able to ping its default gateway, 10.10.10.1, but is unable to ping Host B. Given the output displayed in the
exhibit, which statement is true?

A. HSRP must be configured on SW1.
B. A separate router is required to support interVLAN routing.
C. Interface VLAN 10 must be configured on the SW1 switch.
D. The global config command ip routing must be configured on the SW1 switch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. VTP must be configured to support interVLAN routing.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 28
Refer to the exhibit. Switch P1S1 is not applying VLAN updates from switch P2S1. What are three reasons why this is not occurring? (Choose three.)

A. Switch P2S1 is in server mode.
B. Switch P1S1 is in transparent mode.
C. The MD5 digests do not match.
D. The passwords do not match.
E. The VTP domains are different.
F. VTP trap generation is disabled on both switches.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference: Answer:BDE
QUESTION 29
Refer to the exhibit. Based upon the output of show vlan on switch CAT2,what can we conclude about interfaces Fa0/13 and Fa0/14?

A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1
B. that interfaces Fa0/13 and Fa0/14 are down
C. that interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. that interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
E. that interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 30
Which two statements about multicast addressing are true? (Choose two.)
A. To calculate the Layer 2 multicast address, the host maps the last 24 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0.
B. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 0.
C. To calculate the Layer 2 multicast address, the host maps the last 23 bits of the IP address into the last 24 bits of the MAC address. The high-order bit is set to 1.
D. The first 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
E. The last 3 bytes (24 bits) of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
F. The first 23 bits of the multicast MAC address are 0x01-00-5E. This is a reserved value that indicates a multicast application.
Correct Answer: BD Section: (none) Explanation Explanation/Reference: Answer:BD
QUESTION 31
Refer to the exhibit. VLAN2, VLAN3, and VLAN10 are configured on the switch D-SW1. Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management VLAN is on

A. Enable IP routing on the switch D-SW1.
B. Configure a default route that points toward network 200.1.1.0/24.
C. Assign an IP address of 10.1.3.1/24 to VLAN3.
D. Configure default gateways to IP address 10.1.2.1 on each host.
E. Configure default gateways to IP address 10.1.10.1 on each host.
F. Configure default gateways to IP address 200.1.1.2 on each host.
Correct Answer: Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 32
Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Which two statements are true about this interface? (Choose two.)

A. This interface is a dot1q trunk passing all configured VLANs.
B. This interface is configured for access mode.
C. This interface is a member of VLAN1.
D. This interface is a member of VLAN7.
E. This interface is a member of a voice VLAN.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD
QUESTION 33
Refer to the exhibit. Which statement is true?

A. IP traffic matching access list ABC is forwarded through VLANs 5-10.
B. IP traffic matching VLAN list 5-10 will be forwarded, and all other traffic will be dropped.
C. All VLAN traffic matching VLAN list 5-10 will be forwarded, and all traffic matching access list ABC is dropped.
D. All VLAN traffic in VLANs 5-10 that match access list ABC will be forwarded, and all else will be dropped.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 34
Which three interface commands will configure the switch port to support a connected Cisco phone and to trust the CoS values received on the port if CDP discovers that a Cisco phone is attached? (Choose three.)
A. mls qos trust override cos
B. mls qos trust cos
C. mls qos trust device cisco-phone
D. switchport priority extend cos_value
E. switchport voice vlan vlan-id
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference: Answer:BCE
QUESTION 35
Refer to the exhibit. How will interface FastEthernnet0/1 respond when an 802.1x-enabled client connects to the port?

A. The switch port will enable 802.1x port-based authentication and begin relaying authentication messages between the client and the authentication server.
B. The switch port will disable 802.1x port-based authentication and cause the port to transition to the authorized state without any further authentication exchange.
C. The switch will cause the port to remain in the unauthorized state, ignoring all attempts by the client to authenticate.
D. The switch will uniquely authorize the client by using the client MAC address.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 36
Refer to the exhibit. Which statement is true when voice traffic is forwarded on the same VLAN used by the data traffic?

A. Quality of service cannot be applied for the voice traffic.
B. The voice traffic cannot be forwarded to the distribution layer.
C. Port security cannot be enabled on the switch that is attached to the IP phone.
D. The voice traffic cannot use 802.1p priority tagging.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 37
Which statement is true about 802.1x port-based authentication?
A. Hosts are required to have a 802.1x authentication client or utilize PPPoE.
B. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
C. RADIUS is the only supported authentication server type.
D. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 38
Which two statements are true about recommended practices in VLAN design? (Choose two.)
A. Routing should occur at the access layer if voice VLANs are utilized. Otherwise, routing should occur at the distribution layer.
B. Routing should always be performed at the distribution layer.
C. Routing should not be performed between VLANs located on separate switches.
D. VLANs should be localized to a switch.
E. VLANs should be localized to a single switch unless voice VLANs are being utilized.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference: Answer:BD
QUESTION 39
Refer to the exhibit. What statement is true about the configuration on switch CAT1?

A. The configuration overrides 802.1p priorities on packets entering ports Fa0/11 and Fa0/12 with a value of
B. The configuration establishes policed DSCP on ports Fa0/11 and Fa0/12 with values ranging from 8 to
56.
C. The configuration overrides the Quality of Service value in packets entering ports Fa0/11and Fa0/12 with a value of 45.
D. Two IP phones with the MAC addresses of 0008.8595.d1a7 and 0007.8595.d2b7 are connected to CAT1 ports Fa0/11 and Fa0/12, respectively.
E. Security violation shutdown mode has been activated for ports Fa0/11 and Fa0/12.
F. Untagged Port VLAN ID (PVID) frames will carry voice traffic on VLAN 40.

Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 40
Which statement is true about the Forward Information Base (FIB) table?
A. The FIB is derived from the IP routing table and is optimized for maximum lookup throughput.
B. The FIB table is derived from the Address Resolution Protocol table, and it contains Layer 2 rewrite (MAC) information for the next hop.
C. The FIB lookup is based on the Layer 2 destination MAC address.
D. When the FIB table is full, a wildcard entry redirects traffic to the Layer 3 engine.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Answer:A
QUESTION 41
Refer to the exhibit. Both host stations are part of the same subnet but are in different VLANs. On the basis of the information presented in the exhibit, which statement is true about an attempt to ping from host to host?

A. A trunk port will need to be configured on the link between Sw_A and Sw_B for the ping command to be successful.
B. The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
C. A Layer 3 device is needed for the ping command to be successful.
D. The ping command will be successful without any further configuration changes.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 42
A. R2# show ip route <output omitted>
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0
i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1
i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0
i L1 10.1.2.0/24 is directly connected, Serial1/0
i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1
i L2 10.1.0.0/24 is directly connected, Serial1/1

B. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L2 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1
C. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L2 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1
D. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L2 10.200.200.13/32 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i su 10.1.2.0/23 [115/10] via 0.0.0.0, Null0 C 10.1.0.0/24 is directly connected, Serial1/1 i L2 10.1.0.0/23 [115/20] via 10.1.0.1, Serial1/1
E. R2# show ip route <output omitted> 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L1 10.200.200.14/32 [115/20] via 10.1.2.4, Serial1/0 i L1 10.200.200.13/32 [115/30] via 10.1.2.4, Serial1/0 [115/30] via 10.1.0.1, Serial1/1 i L1 10.1.3.0/24 [115/20] via 10.1.2.4, Serial1/0 C 10.1.2.0/24 is directly connected, Serial1/0 i L1 10.1.1.0/24 [115/20] via 10.1.0.1, Serial1/1 C 10.1.0.0/24 is directly connected, Serial1/1

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 43
Refer to the exhibit. Routers R1 and R2 have established a neighbor relationship and are exchanging routing information. The network design requires that R1 receive routing updates from R2, but not advertise any routes to R2. Which configuration command sequence will successfully accomplish this task?

A. R1(config)# router eigrp 1 R1(config-router)# passive-interface serial 0
B. R2(config)# router eigrp 1 R2(config-router)# passive-interface serial 0
C. R1(config)# access-list 20 deny any R1(config)# router eigrp 1 R1(config-router)# distribute-list 20 out serial 0
D. R2(config)# access-list 20 deny any R2(config)# router eigrp 1 R2(config-router)# distribute-list 20 out serial 0
E. R1(config)# access-list 20 permit any R1(config)# router eigrp 1 R1(config-router)# distribute-list 20 in serial 0
F. R2(config)# access-list 20 permit any R2(config)# router eigrp 1 R2(config-router)# distribute-list 20 in serial 0
Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 44
Which two statements about the IS-IS routing protocol are true? (Choose two.)
A. In the IS-IS routing domain, routers may have adjacencies with other routers on multipoint links.
B. IS-IS metrics are based on delay, bandwidth, reliability,load, and MTU.
C. Level 1 routers learn about paths within the areas that the routers are connected to.
D. Level 2 routers are equivalent to ABRs in OSPF and learn about paths both within and between areas.
E. Level 1 and Level 2 routing is a function of ES-IS.
Correct Answer: AC Section: (none) Explanation Explanation/Reference: Answer:AC
QUESTION 45
Refer to the exhibit. All multilayer switches are running PIM dense mode. Recipient A and Recipient B

A. The Multicast Server is the root of the multicast tree. Switches 4 and 5 will participate in the multicast tree once pruning has taken place.
B. The Multicast Server is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.
C. Switch 3 is the root of the multicast tree. Switches 3,4, and 5 will participate in the multicast tree once pruning has taken place.
D. Switch 1 is the root of the multicast tree. Switches 1,4, and 5 will participate in the multicast tree once pruning has taken place.
E. Switch 1 is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.
F. Switch 3 is the root of the multicast tree. Switches 1,3,4, and 5 will participate in the multicast tree once pruning has taken place.
Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 46
Refer to the exhibit. All multilayer switches are running PIM sparse mode. Host B and Host F are sending IGMPv2 join messages to their respective multilayer switches. Which statement is true?

A. The multicast server is the rendezvous point of the multicast tree.
B. Switches 1, 2, 3, and 6 will participate in the multicast tree once pruning has taken place.
C. Switches 2 and 6 will participate in the multicast tree once pruning has taken place.
D. Switches 1, 2, 3, and 6 will participate in the multicast tree.
E. Switch 1 is the rendezvous of the multicast tree.
Correct Answer: D Section: (none) Explanation
Explanation/Reference: Answer:D
QUESTION 47
A router is running BGP and receives more than one route for a particular prefix. Assume all the routes for this prefix have the same attributes. Which three path features would be reasons be for the router to ignore some of the routes and not consider them as candidates for the best path? (Choose three.)
A. paths that are marked as synchronized in the show ip bgp output
B. paths that are marked as not synchronized in the show ip bgp output
C. paths for which the NEXT_HOP is accessible
D. paths for which the NEXT_HOP is inaccessible
E. paths from an external BGP (eBGP) neighbor if the local autonomous system (AS) appears in the AS_PATH
F. paths from an internal BGP (iBGP) neighbor if the local autonomous system (AS) appears in the AS_PATH
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:Answer:BDE
QUESTION 48
Refer to the exhibit. Autonomous systems 200 and 300 have EBGP sessions established with their directly connected routers in autonomous system 100. IGP has been configured on all routers in autonomous system 100 and they successfully exchange routing updates. Traffic originated in autonomous system 200 cannot reach the destination autonomous system 300. What configuration should be done on the routers in autonomous system 100 in order for the traffic coming from autonomous system 200 to be

A. IBGP session must be established between routers R1 and R3, and the synchronization must be turned on.
B. IBGP session must be established between routers R1 and R3, and the synchronization must be turned off.
C. IBGP session must be established between routers R1 R2 and R2 R3, and the synchronization must be turned on.
D. IBGP session must be established between routers R1 R2 and R2 R3, and the synchronization must be turned off.
E. IBGP speakers within autonomous 100 must be fully meshed, and the synchronization must be turned on.
F. IBGP speakers within autonomous 100 must be fully meshed, and the synchronization must be turned off.
Correct Answer: F Section: (none) Explanation
Explanation/Reference: Answer: F
QUESTION 49
Refer to the exhibit. Routers R1 and R2 are IPv6 BGP peers that have been configured to support a neighbor relationship over an IPv4 internetwork. Which three neighbor IP addresses are valid choices to use in the highlighted section of the exhibit? (Choose three.)

A. ::0A43:0002
B. 0A43:0002::
C. ::10.67.0.2
D. 10.67.0.2::
E. 0:0:0:0:0:0:10.67.0.2
F. 10.67.0.2:0:0:0:0:0:0
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: Answer:ACE
QUESTION 50
An IPv6 overlay tunnel is required to communicate with isolated IPv6 networks across an IPv4 infrastructure. There are currently five IPv6 overlay tunnel types. Which three IPv6 overlay tunnel statements are true? (Choose three.)
A. Overlay tunnels can only be configured between border routers capable of supporting IPv4 and IPv6.
B. Overlay tunnels can be configured between border routers or between a border router and a host capable of supporting IPv4 and IPv6.
C. Cisco IOS supports manual, generic routing encapsulation (GRE), IPv6-compatible, 4to6, and Multiprotocol Label Switching (MPLS) overlay tunneling mechanisms.
D. Cisco IOS supports manual, generic routing encapsulation (GRE), IPv4-compatible, 6to4, and Intra-Site Automatic TunnelAddressing Protocol (ISATAP)overlay tunneling mechanisms.
E. A manual overlay tunnel supports point-to-multipoint tunnels capable of carrying IPv6 and Connectionless Network Service (CLNS) packets.
F. Overlay tunneling encapsulates IPv6 packets in IPv4 packets for delivery across an IPv4 infrastructure.
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference: Answer:BDF
QUESTION 51
Which three route filtering statements are true? (Choose three.)
A. After the router rip and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any RIP updates, but will receive routing updates on that interface.
B. After the router eigrp 10 and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any EIGRP updates, but will receive routing updates on that interface.
C. After the router ospf 10 and passive-interface s0/0 commands have been issued , the s0/0 interface will not send any OSPF updates, but will receive routing updates on that interface.
D. When you use the passive-interface command with RIPv2, multicasts are sent out the specified interface.
E. When you use the passive-interface command with EIGRP , hello messages are not sent out the specified interface.
F. When you use the passive-interface command with OSPF, hello messages are not sent out the specified interface.

Correct Answer: AEF Section: (none) Explanation
Explanation/Reference: Answer:AEF
QUESTION 52
Which statement describes the difference between a manually configured IPv6 in IPv4 tunnel versus an automatic 6to4 tunnel?
A. A manually configured IPv6 in IPv4 tunnel allows multiple IPv4 destinations.
B. An automatic 6to4 tunnel allows multiple IPv4 destinations.
C. A manually configured IPv6 in IPv4 tunnel does not require dual-stack (IPv4 and IPv6) routers at the tunnel endpoints.
D. An automatic 6to4 tunnel does not require dual-stack (IPv4 and IPv6) routers at the tunnel endpoints.

Correct Answer: B Section: (none) Explanation
Explanation/Reference: Answer:B
QUESTION 53
Which two statements about the IS-IS routing protocol are true? (Choose two.)
A. IS-IS is capable of supporting IPv4 and IPv6.
B. IS-IS is only capable of supporting IPv4 and CLNS.
C. IS-IS routers use ES-IS hellos (ESH) to establish and to maintain neighbor relationships.
D. IS-IS routers run the Bellman-Ford algorithm against their LSDBs to pick the best paths.
E. Level 1 routers learn about paths within the area of which they are a part.
F. Level 2 routers learn about paths both within areas and between areas.

Correct Answer: AE Section: (none) Explanation
Explanation/Reference: Answer:AE
QUESTION 54
Refer to the exhibit. OSPF has been configured on all routers in the network and Area 1 has been configured as a NSSA. Which statement is true about the NSSA Area 1?

A. Redistributed RIP and IGRP routes will appear in Area 1. They will be advertised via type 5 LSAs.
B. Only redistributed RIP routes will appear in Area 1. They will be advertised via type 7 LSAs.
C. Only redistributed IGRP routes will appear in Area 1. They will be advertised via type 7 LSAs.
D. No redistributed routes can appear in Area 1, only summary routes.

Correct Answer: C Section: (none) Explanation
Explanation/Reference: Answer:C
QUESTION 55
Which two statements are true about the rendezvous point (RP) in a multicast network? (Choose two.)
A. An RP is required only in networks running Protocol Independent Multicast dense mode (PIM DM).
B. An RP is required only in networks running Protocol Independent Multicast sparse mode (PIM SM).
C. An RP is required only in networks running Protocol Independent Multicast sparse-dense mode (PIM-SDM).
D. The multicast sources must register with the RP to form the multicast distribution tree.
E. The multicast receivers must register with the RP to form the multicast distribution tree.
F. To form the multicast distribution tree, the multicast sources register with and the receivers join the RP.

Correct Answer: BF Section: (none) Explanation
Explanation/Reference: Answer:BF

QUESTION 56
Refer to the exhibit. IP multicast for group address 224.1.1.1 has been enabled on all routers in the network. Hosts on Network A receive the multicast traffic. However,hosts on Network B do not. On the basis of outputs provided, what could be the cause of the problem?

A. Router R2 does not have an RP configured on the multicast network.
B. Router R2 does not see the upstream router R1 as a PIM neighbor.
C. Because of RPF failure, Router R2 does not forward multicast packets to Network B.
D. The multicast packets are sourced from a server with an unspecified IP address.

Correct Answer: Section: (none) Explanation
Explanation/Reference: Answer:C Exam E
QUESTION 1 lab Answer:AB

A. ALswitch#conf t ALswitch(config)#vtp mode client ALswitch(config)#vtp domain CISCO ALswitch(config)#end ALswitch#copy run start DLswitch#conf t DLswitch(config)#vtp mode server DLswitch(config)#vtp domain CISCO DLswitch(config)#vlan 20 DLswitch(config-vlan)#vlan 21 DLswitch(config-vlan)#exit DLswitch(config)#int vlan 20 DLswitch(config-if)#ip add 172.64.200.1 255.255.255.0 DLswitch(config-if)#int vlan 21
B. DLswitch(config-if)#ip add 192.162.39.1 255.255.255.0 DLswitch(config-if)#exit DLswitch(config)#ip routing DLswitch(config)#end DLswitch#copy run start
C.
D.

Correct Answer: AB Section: (none) Explanation Explanation/Reference: Answer:AB
PDF format– Printable version, print Cisco 642-892 exam dumps out and study anywhere.Software format– Simulation version, test yourself like Cisco 642-892 exam real test.Credit Guarantee– Passtcert never sell the useless Cisco 642-892 exam dumps out.You will receive our Cisco 642-892 exam dumps in time and get CCIE Certified easily.

Categories

Microsoft Exam Dumps

Microsoft Azure Exam Dumps

Microsoft Data Exam Dumps

Microsoft Dynamics 365 Exam Dumps

Microsoft 365 Exam Dumps

Microsoft Fundamentals Exam Dumps

Microsoft Certified Exam Dumps

Microsoft MTA Exam Dumps

More… Microsoft Exam Dumps