IPadViewer - Cisco 642-383

8/12/2019 IPadViewer - Cisco 642-383

1/77

Cisco 642-383

Cisco Express Foundation for Field Engineers (CXFF)

Q&A with explanations

Version 4.1


2/77

Leading the way in IT testing and certification tools, www.testking.com- 2 -

Important Note, Please Read Carefully

Other TestKing products

A) Offline Testing engine

Use the offline Testing engine product topractice the questions in an exam environment.

B) Study Guide (not available for all exams)

Build a foundation of knowledge which will be useful also after passing the exam.

Latest Version

We are constantly reviewing our products. New material is added and old material is

revised. Free updates are available for 90 days after the purchase. You should check your

member zone at TestKing and update 3-4 days before the scheduled exam date.

Here is the procedure to get the latest version:

1.Go towww.testking.com

2.Click on Member zone/Log in

3.The latest versions of all purchased products are downloadable from here. Just click the

links.

For mostupdates,itisenough just to print the new questions at the end of the new version,

not the whole document.

Feedback

If you spot a possible improvement then please let us know. We always interested in

improving product quality.Feedback should be send to [email protected]. You should include the following:

Exam number, version, page number, question number, and your login ID.

Our experts will answer your mail promptly.

Copyright

Each iPAD file contains a unique serial number associated with your particular name and

contact information for security purposes. So if we find out that a particular iPAD file is

being distributed by you, TestKing reserves the right to take legal action against you

according to the International Copyright Laws.


3/77


Table of contents

Topic 1, Main (68 Questions) 33

Topic 2, TestKing, Scenario 4242

Topic 2, TestKing (4 Questions) 4242

Topic 3, Practice (56 Questions) 4444

Total number of questions: 128


4/77


5/77


A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to anoutside website. According to the network diagram and partial Cisco Adaptive Security

Device Manager configuration shown in the exhibit, what is the cause of the problem?

A. The source networks for static NAT are not configured correctly.

B. The dynamic NAT global pool is not configured correctly.

C. The source network for dynamic NAT is not configured correctly.

D. The administrator has not added an access list to allow the connection.


6/77


Answer: C

Explanation:

10.0.2.0/24 should be in the list of source networks. Only Host 10.0.1.10, host 10.0.1.12

and network 10.0.1.0/24 are listed to get NAT'd.

QUESTION NO: 3

You have just configured HSRP and need to determine which router is active. Which

command should you enter?

A. show active

B. show standby

C. show standby active

D. show ip hsrp active

Answer: B

QUESTION NO: 4

The customer wants to implement wireless security through implementation of WPAv2.

Which component of WPAv2 would limit the rollout because of the continued use of old

access points?

A. TKIPB. MIC

C. AES

D. 48-bit IV

Answer: C

QUESTION NO: 5

Which two features are only supported when using the Cisco Router and Security Device

Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco

SDM Basic Firewall wizard? (Choose two.)

A. DMZ services

B. custom inspection rules

C. proxy authentication

D. deep-packet inspections

E. IP unicast Reverse Path Forwarding on the outside (untrusted) interface


7/77


Answer: A,B

QUESTION NO: 6

Which interface on the Cisco UC520 is assigned an IP address either statically or through

DHCP?

A. LAN interface

B. PSTN Interface

C. Switchport

D. WAN interface

Answer: D

QUESTION NO: 7

Which network management tool is designed to allow businesses to manage up to 40

devices?

A. Campus Manager

B. CiscoWorks SNMS

C. CiscoWorks Unrestricted

D. Resource Management Essentials

Answer: B

Explanation:

The CiscoWorks Small Network Management Solution (SNMS ) Web-based solution

works optimally in business environments with approximately 30 to 40 Cisco

internetworking devices such as switches, routers, firewalls, and access servers.

QUESTION NO: 8

Which critical issue should you account for when implementing an integrated network

security management design?

A. host-based intrusion detection systems reside in the network

B. NAT interoperates with encrypted voice traffic

C. all network devices are time-synchronized

D. SNMP community read-write strings are configured to allow for total management

access


8/77


9/77


QUESTION NO: 11

You are configuring a VLAN and the switch you are using requires that you do so within

the VLAN database. Which command allows you to enter the VLAN database?

A. Switch(config-if)# vlan database

B. Switch(config)# vlan database

C. Switch(vlan)# vlan database

D. Switch# vlan database

Answer: D

QUESTION NO: 12

Which of these is the best definition of the Cisco Lifecycle Services approach?

A. It provides partners with a useful way to leverage Cisco resources.

B. It consists of these phases: plan, deploy, support, and troubleshoot.

C. It defines the minimum set of services required to successfully deploy and operate a set

of Cisco technologies.

D. It determines how best to price Cisco products.

Answer: C

QUESTION NO: 13

Which two statements best describe the wireless implementation of Cisco Aironet root

and non-root bridging? (Choose two.)

A. Point-to-point WGB can be used if total number of PCs is fewer than eight.

B. Up to 17 non-root bridges can associate to a root bridge.

C. Point-to-point access points can be used if one is root and the other is non-root.

D. Root mode must be enabled only on one side in a point-to-point link to interoperate

with other vendors and comply with 802.11.

E. WGB can be used with an access point if the distance is less than one mile.

Answer: B,E

QUESTION NO: 14

You connect via Telnet to a Cisco access point and enter the command show dot11

linktest. Which output might you obtain?


10/77


A. RX packets per second

B. TX packets dropped

C. incoming and outgoing signal strength

D. signal-to-noise ratio

Answer: C

QUESTION NO: 15

An 802.11b telephone is receiving an audio signal from an access point, but cannot send

audio. What is a possible cause?

A. The access point is set to receive only at 802.11g data rates.

B. The transmit power in the telephone is significantly lower than the transmit power inthe access point.

C. The RSSI value on the telephone is greater than 35.

D. The security settings in the telephone do not match the settings in the access point.

Answer: B

QUESTION NO: 16

In which of these phases is a customer's current network infrastructure assessed?

A. design

B. implement

C. plan

D. prepare

Answer: C

QUESTION NO: 17

To save time during rediscovery, which three types of device information does Cisco

Configuration Assistant retain? (Choose three.)

A. IP Address

B. Host Name

C. MAC Address

D. Topology

E. Port Settings


11/77


F. Communication Protocol

Answer: A,B,F

Explanation:

Configuration Assistant saves all individual device information, such as the IP address,

the hostname, and the communication protocol, to your local PC. When Configuration

Assistant connects to a community, it uses the locally saved data to rediscover the

member devices.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_configuration_assistant/version1_9/quick/guide/English/

QUESTION NO: 18Which two statements best describe the wireless core feature set using autonomous access

points when implementing Wireless Domain Services? (Choose two.)

A. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or

controllers.

B. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or a

Cisco Integrated Services Router.

C. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco

Integrated Services Router.

D. Layer 3 services can be configured in WLSE.E. Layer 3 services can be configured in WLSM.

Answer: C,E

QUESTION NO: 19

Which of these is an accurate list of Cisco Lifecycle Services phases?

A. analysis, design, deployment, testing, implementation, and production

B. presales, project planning, development, implementation, operations testing, and

operations sign-off

C. project planning, site assessment, risk assessment, solution selection and acquisition,

testing, and operations

D. prepare, plan, design, implement, operate, and optimize

E. initiation, planning, analysis, design, development, implementation, operations and

maintenance


12/77


Answer: D

Explanation:

http://www.cisco.com/web/partners/services/promos/accelerate/downloads/Cisco_Lifecycle_Services_QR.p

QUESTION NO: 20

What are two configurable options for Call Control on the Cisco UC520? (Choose two.)

A. PBX

B. Call Waiting

C. Shared Key

D. Key System

E. Encryption

Answer: A,D


13/77


Explanation:

UC 500 series - Voice System Type setting by default is PBX.

You can change the configuration to use Key System

QUESTION NO: 21

Which three business requirements development activities are performed in the prepare

phase before creating a technology strategy? (Choose three.)

A. completing a site survey

B. identifying and assessing customer business requirements

C. producing a documented technology strategy

D. creating a bill of materials

E. presenting documented business requirements to a customer and having the customer

validate themF. documenting and categorizing customer business requirements in terms of

performance, availability, capacity, and security

Answer: B,E,F

QUESTION NO: 22

Exhibit:


14/77



15/77


You work as a network administrator at TestKing.com. You study the exhibit carefully.

According to the Cisco VPN Client software outputs shown, which two statements are

correct about the connection entry named isr? (Choose two.)

A. AES is used to provide data confidentiality.

B. Preshared key is used to authenticate the remote peer.

C. The PC that is running the Cisco VPN Client software will not have access to the local

LAN once the PC is connected into the VPN.

D. HMAC-SHA1 is used to authenticate the remote users.

E. The Cisco VPN Client software is assigned an internal IP address of 192.168.1.1.

Answer: B,C

Explanation:

The PC that is running the Cisco VPN Client software will not have access to the localLAN once the PC is connected into the VPN.

Preshared key is used to authenticate the remote peer.


16/77


QUESTION NO: 23Users logging into Cisco Router and Security Device Manager should be authenticated

using the Cisco ISR local user database. Currently, none of the users can access Cisco

Router and Security Device Manager via HTTP. You should check the configuration of

which command or commands when attempting to resolve this problem?

A. ip http authentication local

B. aaa new-model

aaa authentication login default local

C. line vty 0 5

login localD. ip http secure-server

Answer: A

QUESTION NO: 24


17/77


You enter the command show ip ospf neighbor and see "two-way/DROTHER" listed as

the state for neighbor 10.1.1.1. What does this status indicate?

A. The neighbor relationship with 10.1.1.1 has not yet completed.

B. DR and BDR election is in progress.

C. The neighbor 10.1.1.1 is the BDR.

D. The neighbor 10.1.1.1 is not a DR or BDR.

Answer: D

QUESTION NO: 25

Exhibit:


18/77



The tables contain information from the Cisco Router and Security Device Managerconfiguration of Router TestKingA and Router TestKingB. Traffic between Host

TestKing1 and Host TestKing2 is not successfully establishing the site-to-site VPN

between Router TestKingA and Router TestKingB. What is the mostly likely cause of this

fault?

A. The IPSec rules on the two routers are not permitting the correct interesting traffic.


19/77


B. The D-H Group settings on the two routers are set to group 2. They must be set to

group 1 for SHA-1.

C. The IPSec and IKE encryption methods do not match. They all have to be either 3DES

or AES.

D. Router TestKingA is using a standard IP ACL (100-149) while Router TestKingB is

using a turbo ACL (150-199).

E. The IPSec policy map names on the two routers do not match. They must be the same

on both routers.

Answer: A

Explanation:

The rules that are defined do not properly match to define the interesting traffic (which is

the correct answer).

Incorrect answers:The IKE policies do match.

There is no "IKE POLICY MAN" We think "MAN" should be dropped. But having

different names doesn't matter (put that in the explanation)

There is no "turbo ACL" so that is bogus (for the explanation)

QUESTION NO: 26

Which two statements are correct about OSPF in a multiarea environment? (Choose two.)

A. OSPF requires the use of the area range configuration command only when nondefaultsummarization is required.

B. OSPF will by default summarize routing updates between areas.

C. OSPF ABR routers are needed only at the boundary of another OSPF area.

D. OSPF uses wildcard masks in the network statements but subnet masks in the area

range statements.

E. OSPF requires that all areas have at least one ASBR.

Answer: C,D

Explanation:

By definition, routers that belong to multiple areas, and connect these areas to the

backbone area are called area border routers (ABR).

If there were only 1 area, then there would be no ABR (which eliminates one of the

answers/options)

Summarization does not occur by default between areas, you need to configure it.


20/77


Network statements use wildcard bits, area ranges use network masks

QUESTION NO: 27

What port role assignment would you make for the Gigabit Ethernet port on the Cisco

CE520 used in the Smart Business Communications System?

A. Cisco UC520

B. Cisco CE520

C. Cisco 871W

D. IP Phone and desktop

Answer: A

QUESTION NO: 28

You have just configured and enabled the Cisco IOS Firewall feature set from a remote

location using the Cisco Router and Security Device Manager (SDM) Firewall wizard.

You later want to double-check your configuration using Cisco SDM. However, you find

that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.

What is the probable cause of this failure?

A. You have been locked out via access lists that have been applied to the router as a

result of your Cisco SDM configuration.

B. You must additionally specify the Cisco SDM management port number to gain access

when the configuration has been applied.

C. You have not generated an RSA key pair between the host and device to allow secure

access via Cisco SDM.

D. You must specify the host IP address of Cisco SDM in the Configuration panel for

allowed management connections.

Answer: A

QUESTION NO: 29

Which implement phase service component consists of explaining the benefits and

limitations of purchased support options to a customer and ensuring that the customer

understands operational processes and responsibilities?


21/77


A. Post Implementation Support Handoff Meeting

B. Detailed Design Development

C. Staff Training

D. Staging and System Migration

Answer: A

QUESTION NO: 30

You have configured and applied a Cisco IOS Firewall access rule to the inbound,

untrusted interface. You suspect that the rule may be blocking necessary traffic onto the

network. What must you do to delete that rule when using Cisco Router and Security

Device Manager?

A. You must remove the association between the rule and the interface before deleting therule.

B. Go to the Edit Firewall Policy tab to delete the rule.

C. You must delete the associated access list on the interface, then reconfigure the access

list as required, and then reapply the access group to the proper interface.

D. Select ACL Editor > Access Rules to delete the rule.

Answer: A

Explanation:

Cisco SDM does not allow you to delete a rule that is associated with an interface; you

must first remove the association between the rule and the interface, and then delete theaccess rule.

QUESTION NO: 31

Which dial plan scenario may require PSTN trunks for outbound calls?

A. All the employees, the auto attendant or receptionist, and the voice-mail system have

direct inward dial numbers using analog trunks.

B. All the employees, the auto attendant or receptionist, and the voice-mail system have

direct inward dial numbers using digital interfaces.

C. A subset of the employees, the auto attendant or receptionist, and the voice-mail

system have direct inward dial numbers, and the remaining employees do not have direct

inward dial numbers.

Answer: A


22/77


QUESTION NO: 32

Which definition best describes the implementation service component within the

implement phase?

A. developing and executing proof-of-concept tests, validating high-level infrastructure

design, and identifying any design enhancements

B. improving a customer's infrastructure security system

C. providing a step-by-step plan that details the installation and service-commission tasks

required in order to create a controlled-implementation environment that emulates a

customer network

D. assessing the ability of site facilities to accommodate proposed infrastructure changes

E. installing, configuring, and integrating systems components based on an

implementation plan developed in earlier phases

Answer: E

QUESTION NO: 33

How can the proper configuration of Voice Mail be tested at an end user's IP phone?

A. Press the "Settings" button.

B. Press the "Services" button.

C. Press the "Messages" button.

D. Press the "i" button.

Answer: C

Explanation:

Accessing Voice MailTo access voice mail, press the messages button and follow the voice instructions.

http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/sip/english/user/guide/sipuget.html

The "i" button provides help for a button or function.

The "settings" button provides information about the phone configuration, such as ring

tone, volume, contrast, etc.

The "Services" button provides access to custom web services that your phone

administrator has to offer.

QUESTION NO: 34


23/77


A concern has been expressed that the switched infrastructure in an integrated network is

vulnerable to VLAN hopping attacks. Which two configuration statements can be used to

mitigate VLAN hopping? (Choose two.)

A. switchport port-security

B. switchport mode access

C. switchport double-tag snooping

D. switchport port-security tagging

E. switchport access vlan

Answer: B,E

Explanation:

To prevent VLAN hopping, you force the port to be only used for clients (switchport

mode access) on a specific VLAN (switchport access VLAN)

QUESTION NO: 35

In a new Cisco UC520 installation, when must IP routing be configured?

A. When digital PSTN trunks are used.

B. When the service provider assigns static IP information.

C. When analog PSTN trunks are used.

D. When the service provider assigns dynamic IP information.

Answer: BExplanation:

The UC520 doesn't support dynamic routing, only static routes.

PSTN information won't impact the routing.

QUESTION NO: 36

In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be

placed?

A. access layer

B. core layer

C. distribution layer

D. network management functional module

Answer: C

Whenever possible, Cisco recommends placing the WLSM blade in one of the

distribution layer switches in the campus network.


24/77


QUESTION NO: 37

Which two are benefits of installing Cisco Monitor Director at an SMB site for the

partner selling the solution? (Choose two.)

A. automated monthly reporting on system performance

B. monthly recurring revenue model

C. allows the end customer to get free software updates

D. simplifies Smart Business Communications System installation

Answer: A,B

Explanation:

By using the reports and performance data gathered, as well as alerting capabilities, a

partner can sell this as a service to a client.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps7256/ps7246/product_data_sheet0900aecd806a4e9

QUESTION NO: 38

Which Cisco Catalyst Express 520 feature optimizes quality of service?

A. Cisco Configuration Assistant

B. Cisco Smart Assist

C. Cisco Network Admission ControlD. Cisco Smartports

Answer: D

Explanation:

The Cisco Catalyst Express 500 (CE500) has built-in Cisco Smartports with preset Cisco

recommended network configurations, Quality of Service (QoS), and security settings

that allow for transparent integration of data, video, IP communications, and wireless

LAN applications

http://supportwiki.cisco.com/ViewWiki/index.php/Smartports_port_roles_in_the_CE500_switch

QUESTION NO: 39


25/77


A customer with a small enterprise network of 15 remote sites is trying to optimize its

VPN by migrating some remote sites using Frame Relay connections to the Internet to

using cable connections to the Internet. Minimizing costs is one of the customer's highest

priorities. Only a moderate amount of IP traffic is passing through the network, most of

which is from the remote sites to the central site. IPSec should be used to provide VPN

functionality and basic confidentiality is desired.

Based on the traffic patterns, which topology would be the easiest for this customer to set

up and manage?

A. partial mesh

B. full mesh

C. point-to-multipoint

D. hub-and-spoke

Answer: D

QUESTION NO: 40

How many voice expansion slots are provided by the Cisco UC520?

A. four

B. one

C. three

D. two

Answer: B

Explanation:

QUESTION NO: 41


26/77


A customer in Europe needs to establish an 11-Mbps wireless bridge link between two

office buildings that are approximately 1.3 km apart. The wireless link will pass through a

public park, which contains a lake that is surrounded by trees. You run the range

calculation and determine that the Cisco Aironet 1300 Series Outdoor Access

Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of

standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to

establish or maintain a link.

What is needed to successfully complete this link?

A. Due to the trees, a 21-dBi dish needs to be used for its narrower beamwidth.

B. An amplifier needs to be installed at one of the sites.

C. The antenna must be raised high enough to clear the trees.

D. Lower loss cabling needs to be used to bring the EIRP into legal limits.

Answer: C

QUESTION NO: 42

Which statement correctly describes the keyswitch model of deployment for call

processing?

A. PSTN calls are routed through a receptionist or automated attendant.

B. All IP Phones in the system have a single unique extension number.

C. All IP Phones are able to answer any incoming PSTN call on any line.

Answer: C

Explanation:

Example: For a keyswitch implementation, if an office has three incoming PSTN lines,

the three lines on each phone map directly to one of these lines. When the Cisco Unified

CME router receives an incoming call on the first PSTN line, it rings the first line of all

the IP phones connected to the system

QUESTION NO: 43


This display has been truncated to remove information that is not relevant to the question.

What would be a reason that there have been 21 ignored packets?

Exhibit:


27/77


A. There are no free output buffers for packets, which are traversing the router, to go into

for transmission.

B. Ethernet0 has no CDP neighbors.

C. This is not a valid error display. The display has been modified to show that there have

been ignored packets.D. There are no free input buffers to accept new packets.

E. Ethernet0 and the neighbor that it is connected to are not running the same routing

protocol.

Answer: D

QUESTION NO: 44

Which statement correctly describes configuration of the VPN server?

A. It uses a preshared key for remote device authentication.

B. The WAN interface is preselected.

C. It requires configuration of port settings for the VPN server on the Cisco UC520.

D. It requires definition of a Group ID for remote clients.

Answer: A

QUESTION NO: 45

When using Cisco Router and Security Device Manager to configure AAA loginauthentication policies, which four methods are available? (Choose four.)

A. otp: use one-time password

B. default: use line password

C. enable: use enable password

D. group TACACS+: use a list of TACACS+ hosts

E. local: use local database


28/77


F. group RADIUS: use a list of RADIUS hosts

Answer: C,D,E,F

QUESTION NO: 46

You work as a network administrator at TestKing.com. You study the exhibit carefully. A

network administrator is troubleshooting an EIGRP connection between Router

TestKing1 and Router TestKing2. Given the debug output on Router TestKing1, which

two statements are true? (Choose two.)

Exhibit:

A. Router TestKing1 will form an adjacency with Router TestKing2.

B. Router TestKing1 received a hello packet with mismatched metric-calculation

mechanisms.C. Router TestKing1 received a hello packet with mismatched hello timers.

D. Router TestKing1 will not form an adjacency with Router TestKing2.

E. Router TestKing1 received a hello packet with mismatched authentication parameters.

F. Router TestKing1 received a hello packet with mismatched autonomous system

numbers.

Answer: B,D

Explanation:

Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being

established and can negatively impact network convergence.

http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfeigrp.html#wp1012458

QUESTION NO: 47


29/77


In which of these phases is a customer's network assessed to determine its system

readiness?

A. implement

B. plan

C. design

D. operate

Answer: B

QUESTION NO: 48

Which three statements are correct about the IEEE 802.3af Power over Ethernet standard?

(Choose three.)

A. It defines a powered device to be a PDE.

B. It defines power class 0 as being reserved for future use.

C. It defines how a powered device is detected.

D. It defines a port that acts as a power source to be a PSE.

E. It describes five power classes to which a device may belong.

F. It defines three methods of delivering Power over Ethernet to the discovered powered

device.

Answer: C,D,E

Explanation:PD is Powered device, not PDE

PSE is Power Sourced Device

There are 5 power classes, 0-4 (power class 4 is reserved, not future. It is PSEs classify as

Class 0

QUESTION NO: 49

Exhibit:


30/77


31/77


A. Switch TestKingA sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is

flooded by Switch TestKingB) towards Switch TestKingB. Switch TestKingA will put

port C-B into a type-inconsistent state, which prevents the loop.

B. Switch C sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is flooded by

Switch TestKingB) towards Switch C. Switch TestKingA will put port C-B into a

type-inconsistent state, which prevents the loop.

C. Switch TestKingA sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is

flooded by Switch TestKingB) towards Switch C. Switch C will put port C-B into a


D. Switch TestKingB sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is

flooded by Switch TestKingA) towards Switch C. Switch C will put port C-B into a


Answer: C

QUESTION NO: 50

Which of the following best describe the customer benefits of change management in the

operate phase?

A. improve its ability to make sound financial decisions by developing a business case

based on its business requirements and establishing a basis for developing a technology

strategy

B. improve the return on investment and hasten migration by identifying and planning for

necessary infrastructure changes and resource additions, as well as reduce deploymentcosts by analyzing gaps early in the planning process to determine what is needed to

support the system

C. reduce unnecessary disruption, delays, rework, and other problems by establishing test

cases for use in verifying that the system meets operational, functional, and interface

requirements

D. reduce operating costs and limit change-related incidents by providing a consistent and

efficient set of processes

Answer: D

QUESTION NO: 51

Which two statements best describe the wireless core feature set using autonomous access

points when implementing Wireless Domain Services? (Choose two.)

A. The primary Layer 2 WDS is selected by the highest priority number, followed by

MAC address.


32/77


B. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC

address.

C. The primary Layer 2 WDS server address is configured via the infrastructure access

point GUI.

D. The primary Layer 2 WDS server address is automatically discovered by the

infrastructure access points through multicast.

E. The primary Layer 2 WDS is selected by the highest MAC address, followed by

priority number.

Answer: A,D

Explanation:

In the access point-based WDS solution, infrastructure access points discover the WDS

via special WLCCP multicast messages

The access point with the highest WDS priority value becomes the active WDS and theother access point(s) go into WDS-standby mode. If two or more access points have the

same WDS priority, the tie-breaker is the highest value FastEthernet MAC address of the

competing access points. The active WDS should always be configured with priority

value 255.

http://www.cisco.com/en/US/docs/wireless/technology/swan/deployment/guide/swandg.html

QUESTION NO: 52

After configuring VTP, you no longer receive updates as expected. Which command can

you use to verify the number of VTP advertisements being transmitted?

A. show vtp statistics

B. show vtp counters

C. show vtp status

D. show vtp database

Answer: B

QUESTION NO: 53

What two types of telephony interfaces are used for PSTN connectivity? (Choose two.)

A. Optical

B. CDMA


33/77


C. Digital

D. Analog

Answer: C,D

QUESTION NO: 54

A North American customer is using 2.4-GHz radios in a point-to-point configuration.

The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using

21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The

customer increased the distance between the transmitter stations and began experiencing

link problems.

Without using a professional installer, which step should the customer take to fix the

situation?

A. Increase the transmitter power.

B. Upgrade to an 802.11a radio.

C. Use a cable with lower loss.

D. Install a higher gain antenna.

Answer: C

QUESTION NO: 55You work as a network administrator at TestKing.com. You study the exhibit carefully.

The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapter has two LEDs. Which two

LED states indicate that the card is associated to an access point and is working properly?

(Choose two.)

Exhibit:


34/77


A. green LED blinking slowly; amber LED blinking quickly

B. green LED off; amber LED blinking sporadically

C. green LED blinking slowly; amber LED blinking slowly

D. green LED off; amber LED solid

E. green LED blinking quickly; amber LED blinking quickly

Answer: C,E

Explanation:

http://www.cisco.com/en/US/docs/wireless/wlan_adapter/cb21ag/user/2.5/configuration/guide/winc10kh.ht


35/77


QUESTION NO: 56


Which two statements are correct about what is displayed? (Choose two.)

Exhibit:

A. If Router 1 had a PRI of 0, it could not be a designated router or a backup designated

router.

B. The IP address that is used for the router ID must be reachable.

C. Router 1 is the designated router because it has the highest configured loopback

address.

D. Router 1 is the designated router because it has the lowest configured IP address.

E. Router 1 has had its ID manually configured by using the router-ID command.

Answer: A,C

QUESTION NO: 57

Which command assigns a cost value of "17" to a switch port?

A. spanning-tree port cost 17

B. spanning-tree vlan 1 cost 17

C. spanning-tree interface fastethernet 5/8 17


36/77


D. spanning-tree portcost 17

Answer: B

QUESTION NO: 58

What are two ways to test the LAN connectivity on the Cisco CE520? (Choose two.)

A. Ping the IP address of the Cisco-Data Access VLAN from the Cisco UC520 console.

B. Ping the IP address of the Cisco-Distribution VLAN from the Cisco UC520 console.

C. Ping default gateway from the Cisco UC520.

D. Ping the IP address of the Cisco-Data VLAN from a device attached to the Cisco

CE520.

E. Ping the IP address of the Cisco-Voice VLAN from a device attached to the Cisco

CE520.F. Ping default gateway from the Cisco CE520.

Answer: D,E

QUESTION NO: 59


According to the Cisco Adaptive Security Device Manager window, which statement

about address translation is correct?

Exhibit:


37/77


A. Using Network Address Translation, host 10.0.1.10 on the inside network will bedynamically translated to a mapped address from the address pool of 192.168.1.20 to

192.168.1.94.

B. Using Network Address Translation, any host on the DMZ1 subnet (172.16.1.0) will

be translated to a mapped address on the outside interface of 192.168.1.11.

C. Using port address translation, outside host 192.168.1.10 with a dynamically assigned

port address will be translated to 10.0.1.11 on the inside interface.

D. Using port address translation, DMZ2 host 172.16.10.2 will be translated on DMZ1 to

IP address 172.16.1.22 with a dynamically assigned port address.

Answer: A

QUESTION NO: 60


Router TestKing2 is always in the init state. Which two statements are correct? (Choose

two.)


38/77


Exhibit:

A. Router TestKing2 has an access list defined for S0 that is blocking an OSPF multicast

IP address of 224.0.0.5.

B. Router TestKing2 is seeing hello packets from Router TestKing1.C. Two-way communication has not been established between Router TestKing1 and

Router TestKing2 because Router TestKing2 is not seeing its router ID in the hello

packets that it is receiving from Router TestKing1.

D. The exchanging of data between Router TestKing1 and Router TestKing2 is occurring

because each is sending hello packets.

E. Router TestKing2 is not seeing hello packets from Router TestKing1.

Answer: B,C

Explanation:

In this example output, the init state indicates that TestKing2 sees hello packets from theneighbor, but two-way communication has not been established. A Cisco router includes

the Router IDs of all neighbors in the init (or a higher) state in the neighbor field of its

hello packets. For two-way communication to be established with a neighbor, a router

also must see its own Router ID in the neighbor field of the neighbor's hello packets. In

other words, a router with a neighbor in the init state has received hello packets from the

neighbor but has not seen its own Router ID in the neighbor's hellos. In this case, if the

router does not receive four consecutive hellos, it tears down the session and the OSPF

adjacency goes down

Support:http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f11.shtml

QUESTION NO: 61

Which command can be used to verify that RIPv2 is running on a router?

A. show ip protocols


39/77


40/77


A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS.

Which two of these might have caused this problem? (Choose two.)

A. The user has a privilege level lower than 15.

B. The ip https server command is missing from the running configuration.

C. The user is trying to launch Cisco Router and Security Device Manager from the inside

(secured) interface with a firewall enabled.

D. The browser security level is set too high.

E. The ip http secure-server command is missing from the running configuration.

Answer: A,E

QUESTION NO: 65

A company needs to provide site-to-site VPN, remote access VPN, and firewallprotection. Which device best supports all three functions?

A. Cisco Router and Security Device Manager

B. Cisco Concentrator

C. Cisco PIX

D. Cisco ASA

Answer: D

Explanation:

While the Cisco PIX can perform all those functions, it is being replaced by the ASA.The ASA's purpose is a security device vs a router with security layers added to it.

Cisco [VPN] Concentrator also is being replaced by the ASA, although it didn't provide

firewall capabilities.

QUESTION NO: 66

Which two statements are correct about using Cisco Router and Security Device Manager

(SDM) to configure the OSPF routing protocol? (Choose two.)

A. Cisco SDM will use the supplied wildcard mask to exclude the host bits from the

configured network address.

B. Cisco SDM allows the selection of OSPFv1 or OSPFv2.

C. Cisco SDM allows the configuration of an area range to allow route summarization

between OSPF areas.

D. Cisco SDM enforces the creation of area 0 when configuring OSPF.

E. Cisco SDM allows the configuration of passive interfaces.


41/77


Answer: A,E

Explanation:

Partial answer:

Make Interface Passive

Check the box next to the interface if you do not want it to send updates to its neighbor.

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/us

QUESTION NO: 67

OSPF routes are being redistributed into EIGRP but they are not showing up in therouting table. What are two possible causes? (Choose two.)

A. CEF has not been enabled.

B. Incorrect distribute lists have been configured.

C. Synchronization has been turned off.

D. There are mismatched autonomous system numbers.

E. The ip classless command is missing.

F. No default metric has been configured for EIGRP.

Answer: B,F

QUESTION NO: 68


The tables contain information from the Cisco Router TestKingAnd Security Device

Manager configurations of Router TestKingA and Router TestKingB. Traffic between

Host 1 and Host 2 is not successfully establishing the site-to-site VPN between Router

TestKingA and Router TestKingB.

What is the mostly likely cause of this fault?

Exhibit:


42/77


A. Router TestKingA is using a standard IP ACL (100-149) while Router TestKingB isusing a Turbo ACL (150?99).

B. The IPSec policy map names on the two routers are different.

C. The IPSec rules on the two routers are not permitting the correct interesting traffic.

D. The IKE encryption methods on the two routers are different.

Answer: D


43/77


Topic 2, TestKing, Scenario

Exhibit:

You work as a network administrator at TestKing.com. Use the information in the exhibit

to answer the questions in the TesKing scenario.

Topic 2, TestKing(4 Questions)

QUESTION NO:1

Note: Please refer to the TestKing scenario in the iPAD document.

Which authentication method is used by the test VPN Group?


44/77


45/77


Answer: E, F

QUESTION NO: 4

Note: Please refer to the TestKing scenario in the iPAD document.

Which IP address or address range will be used when allocating an internal IP

address to the VPN clients for the "test" VPN group?

A. 192.168.1.2

B. 10.1.1.100 to 10.1.1.200

C. 192.168.1.1D. 192.168.1.2 to 192.168.1.254

E. 10.1.1.2 to 10.1.1.254

F. 192.168.1.1 to 192.168.1.100

Answer: D

Topic 3, Practice (56 Questions)

QUESTION NO: 1

You have applied a firewall configuration to your router using the Cisco Router and

Security Device Manager (SDM) Firewall Wizard. You find that you are now locked out

and access via Cisco SDM is denied. After accessing the router via the console port, what

must you do to regain access via Cisco SDM?

A. Create a loopback interface and connect to that IP Address for management purpose

when the configuration has been applied to the router

B. Modify the access list that denies Cisco SDM access

C. Specify the Cisco SDM Management Port number to gain access

D. Generate an RSA key pair between the host and device to allow secure access

Answer: B


46/77


QUESTION NO: 2

Which two features are only supported when using the Cisco Router and Security Device

Manager (SDM) Advanced Firewall Wizard and not supported when using the Cisco

SDM Basic Firewall wizard? (Choose two.)

A. Deep-packet inspections

B. DMZ services

C. Proxy Authentication

D. Custom inspection rules

E. IP Unicast Reverse Path Forwarding on the outside (untrusted) interface

Answer: B,D

Explanation:

Custom Application Security Policy ButtonThis button and the Policy Name field are visible if you are completing the Advanced

Firewall wizard

DMZ Interface

If you configured an Advanced firewall, this area shows you the DMZ interface you

designated, along with its IP address

http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/us

QUESTION NO: 3

You are migrating the network design from using point security products(perimeter

router, firewall, VPN Router,IPs) to an integrated security solution using Cisco ISR.

During the migration process, you determine that you need to improve VPN performance,

what can you do?

A. Upgrade the Cisco IOS image on the ISR to the VPN bundle

B. Install AIM-VPN EPII-PLUS on the ISR

C. Increase the RAM on the ISR

D. Enable transparent tunneling using IPSec over TCP

Answer: B

Explanation:


47/77


The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec

VPN over the built-in IPsec encryption, and up to twice the performance for SSL VPN

encryption

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers.h

Also, you should fix the product name.

The AIM-VPN EPII-Plus is EOL:

http://www.cisco.com/en/US/prod/collateral/routers/ps5854/eol_cisco_aim_vpn_ii_plus_modules.html.

The replacement model for that device is AIM-VPN/SSL-2.

QUESTION NO: 4You enter the command show ip ospf neighbor and see "two-way/DROTHER" listed as

the state for neighbor 10.1.1.1. What does this status indicate?

A. The neighbor 10.1.1.1 is the DR

B. DR and BDR election is in progress

C. The neighbor relationship with 10.1.1.1 has not yet completed

D. The neighbor 10.1.1.1 is not a DR or BDR

Answer: D

Explanation:DROTHER indicates a router that is neither the DR or the BDR

QUESTION NO: 5

Which two statements best describe the wireless core feature set using autonomous access

points when implementing repeater topology? (Choose two.)

A. RF overlap between primary and repeater access points should be 50 percent with

unique channels configured

B. Clients that are associated with the repeater access point will have 50 percent less data

throughput than clients that are associated with the primary root access point

C. RF overlap between primary and repeater access points should be 50 percent with the

same channel configured

D. RF Olverlap between access points should be 10 to 15 percent with unique channels

configured

E. Clients that are associated with the repeater access point will have 10 to 15 percent less

data throughout than clients that are associated with the primary root access point


48/77


F. RF overlap between primary and repeater access points should be 10 to 15 percent with

the same channel configured

Answer: B,C

QUESTION NO: 6

Exhibit:

You work as a network technician at TestKing.com. Please study the exhibit carefully.

Which statements is correct about the information in the Cisco Adaptive Security Device

Manager General and License information screen?

A. The managed device is a Cisco PIX 515E Security Appliance

B. The security appliance supports active.active failover only

C. The security appliance supports 3DES-AES onlyD. The managed device is a Cisco ASA 5540 Security Appliance with VPN premium

license enabled

Answer: A

QUESTION NO: 7


49/77


OSPF routes are being redistributed into EIGRP but they are not showing up in the

routing table. What are two possible causes? (Choose two.)

A. No Default metric has been configured for EIGRP

B. The IP classless command is missing

C. Synchronization has been turned off

D. Incorrect distribute lists have been configured

E. There are mismatched autonomous system numbers

F. CEF has not been enabled

Answer: A,D

QUESTION NO: 8

TestKing.com needs to provide site-to-site VPN, Remote Access VPN and Firewallprotection. Which device best supports all three functions?

A. Cisco PIX

B. Cisco Router and Security Device Manager

C. Cisco Concentrator

D. Cisco ASA

Answer: D

Explanation:

Both ASA and the PIX provide this functionality. However, the ASA is the currentproduct.

While the Cisco PIX can perform all those functions, it is being replaced by the ASA.

The ASA's purpose is a security device vs a router with security layers added to it.

Cisco [VPN] Concentrator also is being replaced by the ASA, although it didn't provide

firewall capabilities.

QUESTION NO: 9

Which three statements are correct about the IEEE 802.3af power over Ethernet standard?

(Choose three.)

A. Id defines a powered device to be a PDE

B. It defines three methods of delivering Power over Ethernet to the discovered power

device

C. It defines power class 0 as being reserved for future use

D. It defines a port that acts as a power source to be a PSE

E. It describes five power classes to which a device may belong


50/77


F. It defines how a powered device is detected

Answer: D,E,F

Explanation:

PD is Powered device, not PDE

PSE is Power Sourced Device

There are 5 power classes, 0-4 (power class 4 is reserved, not future. It is PSEs classify as

Class 0

QUESTION NO: 10

When troubleshooting poor network performance, which two symptoms would typically

be associated with a network layer problem? (Choose two.)

A. There are excessive CRC errorsB. Slips are detected on WAN interfaces

C. ARP requests are timing out

D. Packet loss is more than 20 percent

E. Pings succeed only part of the time

F. There is excessive broadcast traffic

Answer: D,E

Explanation:

CRC errors are Layer 1 issues, which is the Physical layer.

SLIP, Broadcast traffic & ARPs are LAYER 2 issues, which is the Data Link layer

Packets & PINGs are Layer 3 issue, which is the Network layer.

QUESTION NO: 11

An 802.11b telephone is receiving an audio signal from an access point, but can't send


A. The transmit power in the telephone is significantly lower than the transmit power in

the access point

B. The RSSI value on the telephone is greater than 35

C. The security settings in the telephone do not match the settings in the access point

D. The access point is set to receive only at 802.11g data rates

Answer: A


51/77


QUESTION NO: 12

You connect via Telnet to a Cisco access point and enter the command show dot11

linktest. Which output might you obtain?

A. TX packets dropped

B. RX packets per second

C. Incoming and outgoing signal strength

D. Signal-to-noise ratio

Answer: C

QUESTION NO: 13Exhibit:


52/77


You work as a network technician at TestKing.com. Please study the exhibit carefully. A

host on the Sales Subnet (10.0.2.0/24) is not able to initiate a web connection to an

outside website. According to the network diagram and partial Cisco Adaptive Security

Device manager Configuration shown in the exhibit, what is the cause of the problem?

A. The dynamic NAT global pool is not configured

B. The administrator has not added an access list to allow the connection

C. The source networks for static NAT are not configured correctly

D. The source network for dynamic NAT is not configured correctly

Answer: D

Explanation:

Well, according to this, you should be fine with your NAT. You have inside:any/0 set for

doing NAT, which would cover any IP address that SALES is on.

There is no network diagram exhibit provided, so perhaps that would shed some light on

why you made that choice. But as far as what is provided and assuming SALES is on the

inside, none of your listed answers are the 'why'. We would suspect that no route exists

from the ASA to the SALES subnet based on this information.

QUESTION NO: 14

Exhibit:


53/77



54/77



According to the Cisco VPN Client Software outputs shown, which two statements are

correct about the connection entry named is? (Choose two.)

A. AES is used to provide data confidentiality

B. The Cisco VPN client software is assigned an internal IP Address of 192.168.1.1

C. HMAC-SHA1 is used to authenticate the remote users

D. Preshared key is used to authentication the remote peer

E. The PC that is running the Cisco VPN client software will not have access to the Local

LAN once the PC is connected into the VPN

Answer: D,E

QUESTION NO: 15

Exhibit:


The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapter has two LEDs. Which two

LED states indicate that the card is associated to an access point and is working properly?

(Choose two.)


55/77


A. Green LED off, amber LED solid

B. Green LED blinking slowly, amber LED blinking slowly

C. Green LED blinking slowly, amber LED blinking quickly

D. Green LED off, amber LED blinking sporadically

E. Green LED blinking quickly, amber LED blinking quickly

Answer: B,E

QUESTION NO: 16

A concern has been expressed that the switched infrastructure in an integrated network in

vulnerable to VLAN hopping attacks. Which two configuration statements can be used to

mitigate VLAN hopping? (Choose Two.)

A. Switchport mode access

B. Switchport double-tag snooping

C. Switchport port-security

D. Switchport access vlan

E. Swtichport port-security tagging

Answer: A,D

QUESTION NO: 17Exhibit:

*** Missing ***


According to the Cisco Adaptive Security Device Manager Window, Which statement

about address translation is correct?

A. Using port address translation, outside host 192.168.1.10 with a dynamically assigned

port address will be translated to 10.0.1.11 on the inside interface

B. Using Network Address Translation, any host on the DMZ1 subnet (172.16.1.0) will

be translated to a mapped address on the outside interface of 192.168.1.11

C. Using Network Address Translation, host 10.0.1.10 on the inside network will be

dynamically translated to a mapped address from the address pool of 192.168.1.20 to

192.168.1.94

D. Using port address translation, DMZ2 host 172.16.10.2 will be translated on DMZ1 to

IP Address 172.16.1.22 with a dynamically assigned port address


56/77


Answer: C

QUESTION NO: 18

Which statement is true about a Cisco Aironet 350 Series wireless client when its green

LED appears to be off and its amber LED is blinking?

A. The client adapter is scanning for a network

B. The client adapter is in ad hoc mode

C. The client adapter is in power-save mode

D. The client adapter is performing a self-test

Answer: C

Explanation:

QUESTION NO: 19

TestKing.com wants to implement wireless security through implementation of WPAv2.

Which component of WPAv2 would limit the rollout because of the continued use of old

access points?

A. 48-bit IV

B. AES


57/77


58/77


What does PVST+ do to correct this?

A. Swtich TestKingC sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is

flooded by Switch by Switch TestKingB) towards Switch TestKingC. Switch TestKingA

will put port TestKingC-TestKingB into a type-inconsistent state, which prevents the loop

B. Switch TestKingB sends PVST+ BPDUs of VLAN1 (to the SSTP address that is

flooded by Switch TestKingA) towards switch TestKingC. Switch will put port

TestKingC-TestKingB into a type-inconsistent state, which prevents the loop

C. Switch TestKingA sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is

flooded by Switch TestKingB) towards Switch TestKingB. Switch TestKingA will put

port TestKingC-TestKingB into a type-inconsistent state, which prevents the loop

D. Switch TestKingA sends PVST+ PBDUs of VLAN 2 (to the SSTP address that is

flooded by Switch TestKingB) toward Switch TestKingC will put port

TestKingC-TestKingB into a type-inconsistent state, which prevents the loop

Answer: D

QUESTION NO: 21

Network topology exhibit:

Policy exhibit:


59/77


You work as a network technician at TestKing.com. Please study the exhibits carefully.

The tables contain information from the Cisco Router and Security Device Manager

configuration of Router TestKing1 and Router TestKing2. Traffic between HostTestKingA and Host TestKingB is not successfully establish the site-to-site VPN between

Router TestKing1 and Router TestKing2. What is the mostly likely cause of this fault?

A. The IPSec rules on the two routers are not permitting the correct interesting traffic

B. The IPSec policy map names on the two routers do not match. They must be the same

on both routers

C. The D-H Group settings on the two routers are set to group 2. They must be set to

group 1 for SHA-1

D. The IPSec and IKE encryption methods do not match. They all have to be either 3DES

or AES

E. Router TestKing1 is using a standard IP ACL (100-149) while Router TestKing2 is

using a turbo ACL (150-199)

Answer: A


60/77


QUESTION NO: 22

Which two statements are correct about using Cisco Router and Security Device Manager

(SDM) to configure the OSPF routing protocol? (Choose two.)

A. Cisco SDM allows the selection of OSPFv1 or OSPFv2

B. Cisco SDM will use the supplied wildcard mask to exclude the host bits from the

configured network address

C. Cisco SDM allows the configuration of passive interfaces

D. Cisco SDM enforces the creation of area 0 when configuring OSPF

E. Cisco SDM allows the configuration of an area range to allow route summarization

between OSPF areas

Answer: B,C

QUESTION NO: 23

Users logging into Cisco Router and Security Device Manager should be authenticated

using the Cisco ISR local user database. Currently, none of the users can access Cisco

Router and Security Device Manager via HTTP. You should check the configuration of

which command or commands when attempts to resolve this problem?

A. line vty 0 5

Login local

B. aaa new-model

Aaa authentication login default localC. ip http authentication local

D. ip http secure-server

Answer: C

QUESTION NO: 24

Which two statements best describes the wireless core features set using autonomous

access points when implementing wireless domain services? (Choose two.)

A. Layer 3 Services can be configured in WLSM

B. Layer 2 services can be configured in a Cisco Aironet Autonomous AP or a Cisco

Integrated Services Router

C. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or

collectors

D. Layer 3 services can be configured in WLSE


61/77


E. Layer 2 and Layer 3 services can be configured in a Cisco Aironet Autonomous AP or

a Cisco Integrated Services Router

Answer: A,B

QUESTION NO: 25

You have configured and applied a Cisco IOS Firewall access rule to the inbound,

untrusted interface. You suspect that the rule may be blocking necessary traffic onto the

network. What must you do to delete that rule when using Cisco Router and Security

Device Manager?

A. Go to the Edit Firewall Policy tab to delete the rule

B. You must delete the associated access list on the interface, then configure the access

list as required and then reapply the access group to the proper interfaceC. You must remove the association between the rule and the interface before deleting the

rule

D. Select ACL Editor-> Access Rule to delete the rule

Answer: C

Explanation:

Cisco SDM does not allow you to delete a rule that is associated with an interface; you

must first remove the association between the rule and the interface, and then delete the

access rule.

QUESTION NO: 26

Exhibit:


62/77



According to the error log, VLAN 1 is where the BPDU was received and VLAN 2 is

where the BPDU originated. When inconsistency is detected, what happens?

A. Both VLANs are blocked on the port from which this BPDU is received

B. Both VLANs are listening on the port from which this BPDU is sent

C. VLAN 1 is blocked, while VLAN 10 is listening

D. VLAN 1 is blocked, while VLAN 10 for forwarding

Answer: A

QUESTION NO: 27

TestKing.com in Europe needs to establish an 11-mbps wireless bridge link between two

office buildings that are approximately 1.3 k apart. The wireless link will pass through apublic park, which contains a lake that is surrounded by trees. You run the range


Point/Bridge should work. You install the link using 10.5-db yagis with 75 feet of

standard Cisco cabling and both radios set at 20 MW. The wireless bridge are not able to



A. Due to the trees, a 210dbi dish needs to be used for its narrower beamwidth

B. An amplifier needs to be installed at one of the sitesC. The antenna must be raised high enough to clear the trees

D. Lower Loss cabling needs to be used to bring the EIRP into legal limits

Answer: C

QUESTION NO: 28

After Configuring VTP, you no longer receive updates as expected. Which command can

you use to verify the number of VTP advertisement being transmitted?

A. show vtp statistics

B. show vtp database

C. show vtp status

D. show vtp counters

Answer: D


63/77


QUESTION NO: 29

Network Topology exhibit:

Configuration exhibit:


Which two statements are correct about what is displayed? (Choose two.)

A. Router TestKing1 is the designated router because it has the lowest configured IP

address

B. If Router TestKing1 had a PRI of 0, it could not be a designated router or a backup

designated router

C. The IP Address that is used for the router ID must be reachableD. Router TestKing1 is the designed router because it has the highest configured

loopback address

E. Router TestKing1 has had its ID manually configured by using the Router-ID

command

Answer: B,D

Explanation:


64/77


The router with the highest priority becomes the designated router (DR). If the priorities

are the same, then the router with the highest router ID becomes the DR. By default,

priorities are set to 1. The router ID is the highest IP address or the highest ip address

among loopback addresses (if one is configured) on the Cisco router or can be configured

manually by "router-id x.x.x.x"

A router with a priority of 0 never becomes a DR or a backup designated router (BDR); it

is always a DROTHER, meaning a router that is neither the DR or the BDR.

IP address of router ID doesn't need to be reachable.

QUESTION NO: 30

Which network management tool is designed to allow business to manage up to 40

devices?

A. Resource Management Essentials

B. CiscoWorks Unrestriced

C. Campus Manager

D. CiscoWorks SNMS

Answer: D

QUESTION NO: 31When using a Cisco Router and Security Device Manager to configure AAA login

authentication policies, which four methods are available? (Choose Four.)

A. Default: use line password

B. Enable: use the enable password

C. Group RADIUS: use a list of RADIUS hosts

D. Group TACACS+: use a list of TACACS+ hosts

E. Otp: use one-time password

F. Local: use local database

Answer: B,C,D,F

QUESTION NO: 32

You are troubleshooting OSPF neighbor establishment problem, which are occurring over

Frame-Relay Interface that use the default OSPF network type. What should you verify in

the router configuration?


65/77


A. The neighbor statements on the frame relay interface

B. The ip ospf priority 0 statement on the frame relay interface on the designated router

C. The frame-relay map statement on the frame relay interface

D. The ip ospf network point-to-point statement under the frame relay interface

Answer: C

QUESTION NO: 33

The network administrator has configured the SSID value in a wireless Cisco Aironet

client card. What is the result of the client-to-access-point association if the client SSID 1

is the left blank and the SSID2 is assigned a value of my_ssid?

A. The client will consider SSID1 null value, causing the client to request the SSID fromthe access point

B. The client software will attempt association with the access point using a null value of

SSID1 and if not successful it will rotate to use the SSID2 value of my_ssid

C. The client software will not allow this configuration and will create an error message

until the configuration is corrected

D. The client software will replace SSID1 with SSID2 and use my_ssid to attempt

association with the access point

Answer: D

QUESTION NO: 34

You have just configured and enabled the Cisco IOS Firewall features set from a remote

location using the Cisco Router and Security Device Manager (SDM) Firewall wizard.

You later want to double-click your configuration using Cisco SDM. However, you find

that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.

What is the probable cause of this failure?

A. You have been locked out via access lists that have been applied to the router as a

result of your Cisco SDM configuration

B. You must specify the host IP address of Cisco SDM in the configuration panel for

allowed management connections

C. You have not generated an RSA key pair between the host and the device to allow

secure access via Cisco SDM

D. You must additionally specify the Cisco SDM Management port number to gain

access when the configuration has been applied


66/77


Answer: A

QUESTION NO: 35

TestKing.com with a large enterprise network wants to allow employees to work from

home over the internet. TestKing.com anticipates a large amount of traffic, predominantly

toward the central site. TestKing.com also requires a VPN using strong user

authentication and encryption to protect highly sensitive data.

Which solution best meets this customer's requirements?

A. Site-to-Site with hub-to-spoke tunnels using 3DES and pre-shared secrets

B. Site-to-Site Cisco Easy VPN

C. The IPSec rules on the two routers are not permitting the correct interesting trafficD. Remote-Access VPN with hardware encryption

E. Remote-Access VPN with software encryption

Answer: E

QUESTION NO: 36

TestKing.com needs to provide site-to-site VPN, remote access VPN and firewall and

protection. Which device best supports all three functions?

A. Cisco PIX

B. Cisco ASA

C. Cisco Concentrator

D. Cisco Router and Security Device Manager

Answer: B

QUESTION NO: 37

Exhibit:


67/77



This display has been truncated to remove information that is not relevant to the question.

What would be a reason that there have been 21 ignored packets?

A. Ethernet0 and the neighbor that it is connected to are not running the same routing

protocol

B. There are no free input buffers to accept new packets

C. There are no free output buffers for packets, which are transversing the router to go

into for transmission

D. This is not valid error display. The display has been modified to show that there have

been ignored packets

E. Ethernet0 has no CDP neighbors

Answer: BExplanation:Ignored packets are those that are discarded because the interface hardware does not have enough internal buffers

http://www.cisco.com/en/US/docs/routers/access/ics7750/software/26/troubleshooting/guide/tsether2.html

QUESTION NO: 38

TestKing.com with a small enterprise network of 15 remote sites is trying to optimize itsVPN by migrating some remote sites using Frame-Relay connections to the internet to

using cable connections to the internet. Minimizing costs is one of TestKing.com's

highest proprieties. Only a moderate amount of IP traffic is passing through the network,

most of the which is from the remote sites to the central site. IPSec should be used to

provide VPN functionality and basic confidentiality is desired.

Based on the traffic patterns, which topology would be the easiest for this customer to set

up and manager?

A. Full Mesh

B. Point-to-multipoint

C. Hub-and-Spoke

D. Partial Mesh

Answer: C


68/77


QUESTION NO: 39

Which design phase service component includes the development and documentation of

the test case or cases used to verify that a deployed infrastructure meets operational,

functional, and interface requirements?

A. Implementation Plan

B. Systems Acceptance Test Plan Development

C. Staging Plan

D. Detailed Design Development

E. Business Plan

Answer: B

QUESTION NO: 40In an infrastructure based on a wireless advanced feature set using lightweight access

points, by which is a rogue contained? Select two.

A. The rogue MAC address is used to spoof broadcast deassociation packets

B. The WCS sends excessive traffic to the rogue, thus overloading the access point

C. The rogue MAC address is used to spoof broadcast deautheticaton packets

D. The WCS sends out excessive signals on the same channel when the rogue is detected

Answer: A, C

Explanation:According to this, it will discourage rogue access point clients by sending the clients

deauthenticate and disassociate messages whenever they associate with the rogue access

point).

http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcssol.html#wp1040128

So, both are possibly correct.

Similar information says both are correct here:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.sht

QUESTION NO: 41

Which three are different types of STP inconsistencies in a Layer 2 network? (Choose

three.)


69/77


A. Root inconsistency

B. EthernChannel Inconsistency

C. MAC Inconsistency

D. Type Inconsistency

E. PVID Inconsistency

F. Vendor Inconsistency

Answer: A,B,D

Explanation:

There can be different types of STP inconsistencies:

Loop inconsistency_This is detected by the Loop Guard feature.

Root inconsistency_This is detected by the Root Guard feature.

EtherChannel inconsistency_This is detected by the EtherChannel consistency detectionfeature.

Port VLAN ID (PVID) inconsistency_A per?VLAN spanning tree (PVST+) Bridge

Protocol Data

Unit (BPDU) is received on a different VLAN than it was originated: (Port VLAN ID

Mismatch

or *PVID_Inc).

Type inconsistency_A PVST+ BPDU is received on a non?802.1Q trunk.

The reason why PVID is NOT one of the answers is that they are assuming that since this

is a layer 2 network that there won't be multiple VLANs.

http://www.cisco.com/application/pdf/paws/24063/pvid_inconsistency_24063.pdf

QUESTION NO: 42

An 802.1b telephone is receiving an audio signal from an access point, but can't send


A. The access point is set to receive only at 802.11g data rates

B. The transmit power in the telephone is significantly lower than the transmit power in

the access point

C. The RSSI value on the telephone is greater than 35

D. The security settings in the telephone do not match the settings in the access point

Answer: B


70/77


QUESTION NO: 43

Which command can be used to verify that RIPv2 is running on a router?

A. Show ip route rip

B. Show ip route

C. Show ip protocols

D. show startup-config

Answer: C

Explanation:

To display the parameters and current state of the active routing protocol process, use the

show ip protocols command in EXEC mode.

http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfindp2.html#wp1022264

QUESTION NO: 44

A North American customer is using 2.4-GhZ radios in a point-to-point configuration.

The radio level is 17 dBm and is transmitting at 11 Mbps. TestKing.com is using

21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet.

TestKing.com increased the distance between the transmitter stations and began

experiencing link problems.

Without using a professional installer, which step should TestKing.com take to fix thesituation?

A. Increase the transmitter power

B. Install a higher gain antenna

C. Use a cable with lower loss

D. Upgrade to an 802.11a radio

Answer: C

QUESTION NO: 45

In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be

placed?

A. Core Layer

B. Distribution Layer

C. Network Management Functional Module

D. Access Layer


71/77


Answer: B

Explanation:

Whenever possible, Cisco recommends placing the WLSM blade in one of the

distribution layer switches in the campus network.

QUESTION NO: 46

Which two statements are correct about OSPF in a multiarea environment? (Choose two.)

A. OSPF requires that all areas have a least one ASBR

B. OSPF requires the use of the area range configuration command only when

non-default summarization is required

C. OSPF uses wildcard masks in the network statements but subnet masks in the area

range statementsD. OSPF ABR routers are needed only at the boundary of another OSPF area

E. OSPF will by default summarize routing updates between areas

Answer: C,D

Explanation:

By definition, routers that belong to multiple areas, and connect these areas to the

backbone area are called area border routers (ABR).

If there were only 1 area, then there would be no ABR (which eliminates one of the

answers/options)

Summarization does not occur by default between areas, you need to configure it.

Network statements use wildcard bits, area ranges use network masks

QUESTION NO: 47

Network topology exhibit:


72/77


Policy exhibit:


The tables contain information from the Cisco Router TestKing1 and Security Device

Manager Configurations of Router TestKing1 and Router TestKing2. Traffic between

Host 1 and Host 2 is not successfully establishing the site-to-site VPN between Router

TestKing1 and Router TestKing2.

What is the most likely cause of this fault?


73/77


74/77


Router# show standby

Ethernet0/1 - Group 1

State is Active

2 state changes, last state change 00:30:59

Virtual IP address is 10.1.0.20

Secondary virtual IP address 10.1.0.21

Active virtual MAC address is 0004.4d82.7981

Local virtual MAC address is 0004.4d82.7981 (bia)

Hello time 4 sec, hold time 12 sec

Next hello sent in 1.412 secs

Preemption enabled, min delay 50 sec, sync delay 40 sec

Active router is local

Standby router is 10.1.0.6, priority 75 (expires in 9.184 sec)

Priority 95 (configured 120)Tracking 2 objects, 0 up

Down Interface Ethernet0/2, pri 15

Down Interface Ethernet0/3

IP redundancy name is "HSRP1", advertisement interval is 34 sec

QUESTION NO: 50

You have just configured HSRP and need to determine which router is active. Which

command should you enter?

A. show standby

B. show standby active

C. show ip hsrp active

D. show active

Answer: A

QUESTION NO: 51

Which critical issue should you account for when implementing an integrated network

security management design?

A. NAT interoperates with encrypted voice traffic

B. SNMP community read-write strings are configured to allow for total management

access

C. Host-based intrusion detection systems reside in the network

D. All network devices are time-synchronized


75/77


Answer: D

Explanation:

Time synchronization using Network Time Protocol (NTP) for network and security

devices is critical for network-wide security event analysis and correlation.

QUESTION NO: 52

TestKing.com in Europe needs to establish an 11-mbps wireless bridge link between two

office buildings that are approximately 1.3 k apart. The wireless link will pass through a

public park, which contains a lake that is surrounded by trees. You run the range


Point/Bridge should work. You install the link using 10.5-db yagis with 75 feet of

standard Cisco cabling and both radios set at 20 MW. The wireless bridge are not able to



A. Lower Loss cabling needs to be used to bring the EIRP into legal limits

B. Due to the trees, a 210dbi dish needs to be used for its narrower bandwidth

C. The antenna must be raised high enough to clear the trees

D. An amplifier needs to be installed at one of the sites

Answer: C

QUESTION NO: 53

Which two statements best describes the wireless implementation of Cisco Aironet root

and non-root bridging? (Choose two.)

A. Point-to-Point Access Points can be used if one is root and the other is non-

Documents

IPadViewer - Cisco 642-383