Upload
yiannis-neocleous
View
233
Download
0
Embed Size (px)
Citation preview
8/12/2019 IPadViewer - Cisco 642-383
1/77
Cisco 642-383
Cisco Express Foundation for Field Engineers (CXFF)
Q&A with explanations
Version 4.1
8/12/2019 IPadViewer - Cisco 642-383
2/77
Leading the way in IT testing and certification tools, www.testking.com- 2 -
Important Note, Please Read Carefully
Other TestKing products
A) Offline Testing engine
Use the offline Testing engine product topractice the questions in an exam environment.
B) Study Guide (not available for all exams)
Build a foundation of knowledge which will be useful also after passing the exam.
Latest Version
We are constantly reviewing our products. New material is added and old material is
revised. Free updates are available for 90 days after the purchase. You should check your
member zone at TestKing and update 3-4 days before the scheduled exam date.
Here is the procedure to get the latest version:
1.Go towww.testking.com
2.Click on Member zone/Log in
3.The latest versions of all purchased products are downloadable from here. Just click the
links.
For mostupdates,itisenough just to print the new questions at the end of the new version,
not the whole document.
Feedback
If you spot a possible improvement then please let us know. We always interested in
improving product quality.Feedback should be send to [email protected]. You should include the following:
Exam number, version, page number, question number, and your login ID.
Our experts will answer your mail promptly.
Copyright
Each iPAD file contains a unique serial number associated with your particular name and
contact information for security purposes. So if we find out that a particular iPAD file is
being distributed by you, TestKing reserves the right to take legal action against you
according to the International Copyright Laws.
8/12/2019 IPadViewer - Cisco 642-383
3/77
Leading the way in IT testing and certification tools, www.testking.com- 3 -
Table of contents
Topic 1, Main (68 Questions) 33
Topic 2, TestKing, Scenario 4242
Topic 2, TestKing (4 Questions) 4242
Topic 3, Practice (56 Questions) 4444
Total number of questions: 128
8/12/2019 IPadViewer - Cisco 642-383
4/77
8/12/2019 IPadViewer - Cisco 642-383
5/77
Leading the way in IT testing and certification tools, www.testking.com- 5 -
A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to anoutside website. According to the network diagram and partial Cisco Adaptive Security
Device Manager configuration shown in the exhibit, what is the cause of the problem?
A. The source networks for static NAT are not configured correctly.
B. The dynamic NAT global pool is not configured correctly.
C. The source network for dynamic NAT is not configured correctly.
D. The administrator has not added an access list to allow the connection.
8/12/2019 IPadViewer - Cisco 642-383
6/77
Leading the way in IT testing and certification tools, www.testking.com- 6 -
Answer: C
Explanation:
10.0.2.0/24 should be in the list of source networks. Only Host 10.0.1.10, host 10.0.1.12
and network 10.0.1.0/24 are listed to get NAT'd.
QUESTION NO: 3
You have just configured HSRP and need to determine which router is active. Which
command should you enter?
A. show active
B. show standby
C. show standby active
D. show ip hsrp active
Answer: B
QUESTION NO: 4
The customer wants to implement wireless security through implementation of WPAv2.
Which component of WPAv2 would limit the rollout because of the continued use of old
access points?
A. TKIPB. MIC
C. AES
D. 48-bit IV
Answer: C
QUESTION NO: 5
Which two features are only supported when using the Cisco Router and Security Device
Manager (SDM) Advanced Firewall wizard and not supported when using the Cisco
SDM Basic Firewall wizard? (Choose two.)
A. DMZ services
B. custom inspection rules
C. proxy authentication
D. deep-packet inspections
E. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
8/12/2019 IPadViewer - Cisco 642-383
7/77
Leading the way in IT testing and certification tools, www.testking.com- 7 -
Answer: A,B
QUESTION NO: 6
Which interface on the Cisco UC520 is assigned an IP address either statically or through
DHCP?
A. LAN interface
B. PSTN Interface
C. Switchport
D. WAN interface
Answer: D
QUESTION NO: 7
Which network management tool is designed to allow businesses to manage up to 40
devices?
A. Campus Manager
B. CiscoWorks SNMS
C. CiscoWorks Unrestricted
D. Resource Management Essentials
Answer: B
Explanation:
The CiscoWorks Small Network Management Solution (SNMS ) Web-based solution
works optimally in business environments with approximately 30 to 40 Cisco
internetworking devices such as switches, routers, firewalls, and access servers.
QUESTION NO: 8
Which critical issue should you account for when implementing an integrated network
security management design?
A. host-based intrusion detection systems reside in the network
B. NAT interoperates with encrypted voice traffic
C. all network devices are time-synchronized
D. SNMP community read-write strings are configured to allow for total management
access
8/12/2019 IPadViewer - Cisco 642-383
8/77
8/12/2019 IPadViewer - Cisco 642-383
9/77
Leading the way in IT testing and certification tools, www.testking.com- 9 -
QUESTION NO: 11
You are configuring a VLAN and the switch you are using requires that you do so within
the VLAN database. Which command allows you to enter the VLAN database?
A. Switch(config-if)# vlan database
B. Switch(config)# vlan database
C. Switch(vlan)# vlan database
D. Switch# vlan database
Answer: D
QUESTION NO: 12
Which of these is the best definition of the Cisco Lifecycle Services approach?
A. It provides partners with a useful way to leverage Cisco resources.
B. It consists of these phases: plan, deploy, support, and troubleshoot.
C. It defines the minimum set of services required to successfully deploy and operate a set
of Cisco technologies.
D. It determines how best to price Cisco products.
Answer: C
QUESTION NO: 13
Which two statements best describe the wireless implementation of Cisco Aironet root
and non-root bridging? (Choose two.)
A. Point-to-point WGB can be used if total number of PCs is fewer than eight.
B. Up to 17 non-root bridges can associate to a root bridge.
C. Point-to-point access points can be used if one is root and the other is non-root.
D. Root mode must be enabled only on one side in a point-to-point link to interoperate
with other vendors and comply with 802.11.
E. WGB can be used with an access point if the distance is less than one mile.
Answer: B,E
QUESTION NO: 14
You connect via Telnet to a Cisco access point and enter the command show dot11
linktest. Which output might you obtain?
8/12/2019 IPadViewer - Cisco 642-383
10/77
Leading the way in IT testing and certification tools, www.testking.com- 10 -
A. RX packets per second
B. TX packets dropped
C. incoming and outgoing signal strength
D. signal-to-noise ratio
Answer: C
QUESTION NO: 15
An 802.11b telephone is receiving an audio signal from an access point, but cannot send
audio. What is a possible cause?
A. The access point is set to receive only at 802.11g data rates.
B. The transmit power in the telephone is significantly lower than the transmit power inthe access point.
C. The RSSI value on the telephone is greater than 35.
D. The security settings in the telephone do not match the settings in the access point.
Answer: B
QUESTION NO: 16
In which of these phases is a customer's current network infrastructure assessed?
A. design
B. implement
C. plan
D. prepare
Answer: C
QUESTION NO: 17
To save time during rediscovery, which three types of device information does Cisco
Configuration Assistant retain? (Choose three.)
A. IP Address
B. Host Name
C. MAC Address
D. Topology
E. Port Settings
8/12/2019 IPadViewer - Cisco 642-383
11/77
Leading the way in IT testing and certification tools, www.testking.com- 11 -
F. Communication Protocol
Answer: A,B,F
Explanation:
Configuration Assistant saves all individual device information, such as the IP address,
the hostname, and the communication protocol, to your local PC. When Configuration
Assistant connects to a community, it uses the locally saved data to rediscover the
member devices.
http://www.cisco.com/en/US/docs/net_mgmt/cisco_configuration_assistant/version1_9/quick/guide/English/
QUESTION NO: 18Which two statements best describe the wireless core feature set using autonomous access
points when implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or
controllers.
B. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or a
Cisco Integrated Services Router.
C. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco
Integrated Services Router.
D. Layer 3 services can be configured in WLSE.E. Layer 3 services can be configured in WLSM.
Answer: C,E
QUESTION NO: 19
Which of these is an accurate list of Cisco Lifecycle Services phases?
A. analysis, design, deployment, testing, implementation, and production
B. presales, project planning, development, implementation, operations testing, and
operations sign-off
C. project planning, site assessment, risk assessment, solution selection and acquisition,
testing, and operations
D. prepare, plan, design, implement, operate, and optimize
E. initiation, planning, analysis, design, development, implementation, operations and
maintenance
8/12/2019 IPadViewer - Cisco 642-383
12/77
Leading the way in IT testing and certification tools, www.testking.com- 12 -
Answer: D
Explanation:
http://www.cisco.com/web/partners/services/promos/accelerate/downloads/Cisco_Lifecycle_Services_QR.p
QUESTION NO: 20
What are two configurable options for Call Control on the Cisco UC520? (Choose two.)
A. PBX
B. Call Waiting
C. Shared Key
D. Key System
E. Encryption
Answer: A,D
8/12/2019 IPadViewer - Cisco 642-383
13/77
Leading the way in IT testing and certification tools, www.testking.com- 13 -
Explanation:
UC 500 series - Voice System Type setting by default is PBX.
You can change the configuration to use Key System
QUESTION NO: 21
Which three business requirements development activities are performed in the prepare
phase before creating a technology strategy? (Choose three.)
A. completing a site survey
B. identifying and assessing customer business requirements
C. producing a documented technology strategy
D. creating a bill of materials
E. presenting documented business requirements to a customer and having the customer
validate themF. documenting and categorizing customer business requirements in terms of
performance, availability, capacity, and security
Answer: B,E,F
QUESTION NO: 22
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
14/77
Leading the way in IT testing and certification tools, www.testking.com- 14 -
8/12/2019 IPadViewer - Cisco 642-383
15/77
Leading the way in IT testing and certification tools, www.testking.com- 15 -
You work as a network administrator at TestKing.com. You study the exhibit carefully.
According to the Cisco VPN Client software outputs shown, which two statements are
correct about the connection entry named isr? (Choose two.)
A. AES is used to provide data confidentiality.
B. Preshared key is used to authenticate the remote peer.
C. The PC that is running the Cisco VPN Client software will not have access to the local
LAN once the PC is connected into the VPN.
D. HMAC-SHA1 is used to authenticate the remote users.
E. The Cisco VPN Client software is assigned an internal IP address of 192.168.1.1.
Answer: B,C
Explanation:
The PC that is running the Cisco VPN Client software will not have access to the localLAN once the PC is connected into the VPN.
Preshared key is used to authenticate the remote peer.
8/12/2019 IPadViewer - Cisco 642-383
16/77
Leading the way in IT testing and certification tools, www.testking.com- 16 -
QUESTION NO: 23Users logging into Cisco Router and Security Device Manager should be authenticated
using the Cisco ISR local user database. Currently, none of the users can access Cisco
Router and Security Device Manager via HTTP. You should check the configuration of
which command or commands when attempting to resolve this problem?
A. ip http authentication local
B. aaa new-model
aaa authentication login default local
C. line vty 0 5
login localD. ip http secure-server
Answer: A
QUESTION NO: 24
8/12/2019 IPadViewer - Cisco 642-383
17/77
Leading the way in IT testing and certification tools, www.testking.com- 17 -
You enter the command show ip ospf neighbor and see "two-way/DROTHER" listed as
the state for neighbor 10.1.1.1. What does this status indicate?
A. The neighbor relationship with 10.1.1.1 has not yet completed.
B. DR and BDR election is in progress.
C. The neighbor 10.1.1.1 is the BDR.
D. The neighbor 10.1.1.1 is not a DR or BDR.
Answer: D
QUESTION NO: 25
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
18/77
Leading the way in IT testing and certification tools, www.testking.com- 18 -
You work as a network administrator at TestKing.com. You study the exhibit carefully.
The tables contain information from the Cisco Router and Security Device Managerconfiguration of Router TestKingA and Router TestKingB. Traffic between Host
TestKing1 and Host TestKing2 is not successfully establishing the site-to-site VPN
between Router TestKingA and Router TestKingB. What is the mostly likely cause of this
fault?
A. The IPSec rules on the two routers are not permitting the correct interesting traffic.
8/12/2019 IPadViewer - Cisco 642-383
19/77
Leading the way in IT testing and certification tools, www.testking.com- 19 -
B. The D-H Group settings on the two routers are set to group 2. They must be set to
group 1 for SHA-1.
C. The IPSec and IKE encryption methods do not match. They all have to be either 3DES
or AES.
D. Router TestKingA is using a standard IP ACL (100-149) while Router TestKingB is
using a turbo ACL (150-199).
E. The IPSec policy map names on the two routers do not match. They must be the same
on both routers.
Answer: A
Explanation:
The rules that are defined do not properly match to define the interesting traffic (which is
the correct answer).
Incorrect answers:The IKE policies do match.
There is no "IKE POLICY MAN" We think "MAN" should be dropped. But having
different names doesn't matter (put that in the explanation)
There is no "turbo ACL" so that is bogus (for the explanation)
QUESTION NO: 26
Which two statements are correct about OSPF in a multiarea environment? (Choose two.)
A. OSPF requires the use of the area range configuration command only when nondefaultsummarization is required.
B. OSPF will by default summarize routing updates between areas.
C. OSPF ABR routers are needed only at the boundary of another OSPF area.
D. OSPF uses wildcard masks in the network statements but subnet masks in the area
range statements.
E. OSPF requires that all areas have at least one ASBR.
Answer: C,D
Explanation:
By definition, routers that belong to multiple areas, and connect these areas to the
backbone area are called area border routers (ABR).
If there were only 1 area, then there would be no ABR (which eliminates one of the
answers/options)
Summarization does not occur by default between areas, you need to configure it.
8/12/2019 IPadViewer - Cisco 642-383
20/77
Leading the way in IT testing and certification tools, www.testking.com- 20 -
Network statements use wildcard bits, area ranges use network masks
QUESTION NO: 27
What port role assignment would you make for the Gigabit Ethernet port on the Cisco
CE520 used in the Smart Business Communications System?
A. Cisco UC520
B. Cisco CE520
C. Cisco 871W
D. IP Phone and desktop
Answer: A
QUESTION NO: 28
You have just configured and enabled the Cisco IOS Firewall feature set from a remote
location using the Cisco Router and Security Device Manager (SDM) Firewall wizard.
You later want to double-check your configuration using Cisco SDM. However, you find
that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You have been locked out via access lists that have been applied to the router as a
result of your Cisco SDM configuration.
B. You must additionally specify the Cisco SDM management port number to gain access
when the configuration has been applied.
C. You have not generated an RSA key pair between the host and device to allow secure
access via Cisco SDM.
D. You must specify the host IP address of Cisco SDM in the Configuration panel for
allowed management connections.
Answer: A
QUESTION NO: 29
Which implement phase service component consists of explaining the benefits and
limitations of purchased support options to a customer and ensuring that the customer
understands operational processes and responsibilities?
8/12/2019 IPadViewer - Cisco 642-383
21/77
Leading the way in IT testing and certification tools, www.testking.com- 21 -
A. Post Implementation Support Handoff Meeting
B. Detailed Design Development
C. Staff Training
D. Staging and System Migration
Answer: A
QUESTION NO: 30
You have configured and applied a Cisco IOS Firewall access rule to the inbound,
untrusted interface. You suspect that the rule may be blocking necessary traffic onto the
network. What must you do to delete that rule when using Cisco Router and Security
Device Manager?
A. You must remove the association between the rule and the interface before deleting therule.
B. Go to the Edit Firewall Policy tab to delete the rule.
C. You must delete the associated access list on the interface, then reconfigure the access
list as required, and then reapply the access group to the proper interface.
D. Select ACL Editor > Access Rules to delete the rule.
Answer: A
Explanation:
Cisco SDM does not allow you to delete a rule that is associated with an interface; you
must first remove the association between the rule and the interface, and then delete theaccess rule.
QUESTION NO: 31
Which dial plan scenario may require PSTN trunks for outbound calls?
A. All the employees, the auto attendant or receptionist, and the voice-mail system have
direct inward dial numbers using analog trunks.
B. All the employees, the auto attendant or receptionist, and the voice-mail system have
direct inward dial numbers using digital interfaces.
C. A subset of the employees, the auto attendant or receptionist, and the voice-mail
system have direct inward dial numbers, and the remaining employees do not have direct
inward dial numbers.
Answer: A
8/12/2019 IPadViewer - Cisco 642-383
22/77
Leading the way in IT testing and certification tools, www.testking.com- 22 -
QUESTION NO: 32
Which definition best describes the implementation service component within the
implement phase?
A. developing and executing proof-of-concept tests, validating high-level infrastructure
design, and identifying any design enhancements
B. improving a customer's infrastructure security system
C. providing a step-by-step plan that details the installation and service-commission tasks
required in order to create a controlled-implementation environment that emulates a
customer network
D. assessing the ability of site facilities to accommodate proposed infrastructure changes
E. installing, configuring, and integrating systems components based on an
implementation plan developed in earlier phases
Answer: E
QUESTION NO: 33
How can the proper configuration of Voice Mail be tested at an end user's IP phone?
A. Press the "Settings" button.
B. Press the "Services" button.
C. Press the "Messages" button.
D. Press the "i" button.
Answer: C
Explanation:
Accessing Voice MailTo access voice mail, press the messages button and follow the voice instructions.
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7960g_7940g/sip/english/user/guide/sipuget.html
The "i" button provides help for a button or function.
The "settings" button provides information about the phone configuration, such as ring
tone, volume, contrast, etc.
The "Services" button provides access to custom web services that your phone
administrator has to offer.
QUESTION NO: 34
8/12/2019 IPadViewer - Cisco 642-383
23/77
Leading the way in IT testing and certification tools, www.testking.com- 23 -
A concern has been expressed that the switched infrastructure in an integrated network is
vulnerable to VLAN hopping attacks. Which two configuration statements can be used to
mitigate VLAN hopping? (Choose two.)
A. switchport port-security
B. switchport mode access
C. switchport double-tag snooping
D. switchport port-security tagging
E. switchport access vlan
Answer: B,E
Explanation:
To prevent VLAN hopping, you force the port to be only used for clients (switchport
mode access) on a specific VLAN (switchport access VLAN)
QUESTION NO: 35
In a new Cisco UC520 installation, when must IP routing be configured?
A. When digital PSTN trunks are used.
B. When the service provider assigns static IP information.
C. When analog PSTN trunks are used.
D. When the service provider assigns dynamic IP information.
Answer: BExplanation:
The UC520 doesn't support dynamic routing, only static routes.
PSTN information won't impact the routing.
QUESTION NO: 36
In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be
placed?
A. access layer
B. core layer
C. distribution layer
D. network management functional module
Answer: C
Whenever possible, Cisco recommends placing the WLSM blade in one of the
distribution layer switches in the campus network.
8/12/2019 IPadViewer - Cisco 642-383
24/77
Leading the way in IT testing and certification tools, www.testking.com- 24 -
QUESTION NO: 37
Which two are benefits of installing Cisco Monitor Director at an SMB site for the
partner selling the solution? (Choose two.)
A. automated monthly reporting on system performance
B. monthly recurring revenue model
C. allows the end customer to get free software updates
D. simplifies Smart Business Communications System installation
Answer: A,B
Explanation:
By using the reports and performance data gathered, as well as alerting capabilities, a
partner can sell this as a service to a client.
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps7256/ps7246/product_data_sheet0900aecd806a4e9
QUESTION NO: 38
Which Cisco Catalyst Express 520 feature optimizes quality of service?
A. Cisco Configuration Assistant
B. Cisco Smart Assist
C. Cisco Network Admission ControlD. Cisco Smartports
Answer: D
Explanation:
The Cisco Catalyst Express 500 (CE500) has built-in Cisco Smartports with preset Cisco
recommended network configurations, Quality of Service (QoS), and security settings
that allow for transparent integration of data, video, IP communications, and wireless
LAN applications
http://supportwiki.cisco.com/ViewWiki/index.php/Smartports_port_roles_in_the_CE500_switch
QUESTION NO: 39
8/12/2019 IPadViewer - Cisco 642-383
25/77
Leading the way in IT testing and certification tools, www.testking.com- 25 -
A customer with a small enterprise network of 15 remote sites is trying to optimize its
VPN by migrating some remote sites using Frame Relay connections to the Internet to
using cable connections to the Internet. Minimizing costs is one of the customer's highest
priorities. Only a moderate amount of IP traffic is passing through the network, most of
which is from the remote sites to the central site. IPSec should be used to provide VPN
functionality and basic confidentiality is desired.
Based on the traffic patterns, which topology would be the easiest for this customer to set
up and manage?
A. partial mesh
B. full mesh
C. point-to-multipoint
D. hub-and-spoke
Answer: D
QUESTION NO: 40
How many voice expansion slots are provided by the Cisco UC520?
A. four
B. one
C. three
D. two
Answer: B
Explanation:
QUESTION NO: 41
8/12/2019 IPadViewer - Cisco 642-383
26/77
Leading the way in IT testing and certification tools, www.testking.com- 26 -
A customer in Europe needs to establish an 11-Mbps wireless bridge link between two
office buildings that are approximately 1.3 km apart. The wireless link will pass through a
public park, which contains a lake that is surrounded by trees. You run the range
calculation and determine that the Cisco Aironet 1300 Series Outdoor Access
Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of
standard Cisco cabling and both radios set at 20 mW. The wireless bridges are not able to
establish or maintain a link.
What is needed to successfully complete this link?
A. Due to the trees, a 21-dBi dish needs to be used for its narrower beamwidth.
B. An amplifier needs to be installed at one of the sites.
C. The antenna must be raised high enough to clear the trees.
D. Lower loss cabling needs to be used to bring the EIRP into legal limits.
Answer: C
QUESTION NO: 42
Which statement correctly describes the keyswitch model of deployment for call
processing?
A. PSTN calls are routed through a receptionist or automated attendant.
B. All IP Phones in the system have a single unique extension number.
C. All IP Phones are able to answer any incoming PSTN call on any line.
Answer: C
Explanation:
Example: For a keyswitch implementation, if an office has three incoming PSTN lines,
the three lines on each phone map directly to one of these lines. When the Cisco Unified
CME router receives an incoming call on the first PSTN line, it rings the first line of all
the IP phones connected to the system
QUESTION NO: 43
You work as a network administrator at TestKing.com. You study the exhibit carefully.
This display has been truncated to remove information that is not relevant to the question.
What would be a reason that there have been 21 ignored packets?
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
27/77
Leading the way in IT testing and certification tools, www.testking.com- 27 -
A. There are no free output buffers for packets, which are traversing the router, to go into
for transmission.
B. Ethernet0 has no CDP neighbors.
C. This is not a valid error display. The display has been modified to show that there have
been ignored packets.D. There are no free input buffers to accept new packets.
E. Ethernet0 and the neighbor that it is connected to are not running the same routing
protocol.
Answer: D
QUESTION NO: 44
Which statement correctly describes configuration of the VPN server?
A. It uses a preshared key for remote device authentication.
B. The WAN interface is preselected.
C. It requires configuration of port settings for the VPN server on the Cisco UC520.
D. It requires definition of a Group ID for remote clients.
Answer: A
QUESTION NO: 45
When using Cisco Router and Security Device Manager to configure AAA loginauthentication policies, which four methods are available? (Choose four.)
A. otp: use one-time password
B. default: use line password
C. enable: use enable password
D. group TACACS+: use a list of TACACS+ hosts
E. local: use local database
8/12/2019 IPadViewer - Cisco 642-383
28/77
Leading the way in IT testing and certification tools, www.testking.com- 28 -
F. group RADIUS: use a list of RADIUS hosts
Answer: C,D,E,F
QUESTION NO: 46
You work as a network administrator at TestKing.com. You study the exhibit carefully. A
network administrator is troubleshooting an EIGRP connection between Router
TestKing1 and Router TestKing2. Given the debug output on Router TestKing1, which
two statements are true? (Choose two.)
Exhibit:
A. Router TestKing1 will form an adjacency with Router TestKing2.
B. Router TestKing1 received a hello packet with mismatched metric-calculation
mechanisms.C. Router TestKing1 received a hello packet with mismatched hello timers.
D. Router TestKing1 will not form an adjacency with Router TestKing2.
E. Router TestKing1 received a hello packet with mismatched authentication parameters.
F. Router TestKing1 received a hello packet with mismatched autonomous system
numbers.
Answer: B,D
Explanation:
Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being
established and can negatively impact network convergence.
http://www.cisco.com/en/US/docs/ios/12_2/ip/configuration/guide/1cfeigrp.html#wp1012458
QUESTION NO: 47
8/12/2019 IPadViewer - Cisco 642-383
29/77
Leading the way in IT testing and certification tools, www.testking.com- 29 -
In which of these phases is a customer's network assessed to determine its system
readiness?
A. implement
B. plan
C. design
D. operate
Answer: B
QUESTION NO: 48
Which three statements are correct about the IEEE 802.3af Power over Ethernet standard?
(Choose three.)
A. It defines a powered device to be a PDE.
B. It defines power class 0 as being reserved for future use.
C. It defines how a powered device is detected.
D. It defines a port that acts as a power source to be a PSE.
E. It describes five power classes to which a device may belong.
F. It defines three methods of delivering Power over Ethernet to the discovered powered
device.
Answer: C,D,E
Explanation:PD is Powered device, not PDE
PSE is Power Sourced Device
There are 5 power classes, 0-4 (power class 4 is reserved, not future. It is PSEs classify as
Class 0
QUESTION NO: 49
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
30/77
8/12/2019 IPadViewer - Cisco 642-383
31/77
Leading the way in IT testing and certification tools, www.testking.com- 31 -
A. Switch TestKingA sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is
flooded by Switch TestKingB) towards Switch TestKingB. Switch TestKingA will put
port C-B into a type-inconsistent state, which prevents the loop.
B. Switch C sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is flooded by
Switch TestKingB) towards Switch C. Switch TestKingA will put port C-B into a
type-inconsistent state, which prevents the loop.
C. Switch TestKingA sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is
flooded by Switch TestKingB) towards Switch C. Switch C will put port C-B into a
type-inconsistent state, which prevents the loop.
D. Switch TestKingB sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is
flooded by Switch TestKingA) towards Switch C. Switch C will put port C-B into a
type-inconsistent state, which prevents the loop.
Answer: C
QUESTION NO: 50
Which of the following best describe the customer benefits of change management in the
operate phase?
A. improve its ability to make sound financial decisions by developing a business case
based on its business requirements and establishing a basis for developing a technology
strategy
B. improve the return on investment and hasten migration by identifying and planning for
necessary infrastructure changes and resource additions, as well as reduce deploymentcosts by analyzing gaps early in the planning process to determine what is needed to
support the system
C. reduce unnecessary disruption, delays, rework, and other problems by establishing test
cases for use in verifying that the system meets operational, functional, and interface
requirements
D. reduce operating costs and limit change-related incidents by providing a consistent and
efficient set of processes
Answer: D
QUESTION NO: 51
Which two statements best describe the wireless core feature set using autonomous access
points when implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS is selected by the highest priority number, followed by
MAC address.
8/12/2019 IPadViewer - Cisco 642-383
32/77
Leading the way in IT testing and certification tools, www.testking.com- 32 -
B. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC
address.
C. The primary Layer 2 WDS server address is configured via the infrastructure access
point GUI.
D. The primary Layer 2 WDS server address is automatically discovered by the
infrastructure access points through multicast.
E. The primary Layer 2 WDS is selected by the highest MAC address, followed by
priority number.
Answer: A,D
Explanation:
In the access point-based WDS solution, infrastructure access points discover the WDS
via special WLCCP multicast messages
The access point with the highest WDS priority value becomes the active WDS and theother access point(s) go into WDS-standby mode. If two or more access points have the
same WDS priority, the tie-breaker is the highest value FastEthernet MAC address of the
competing access points. The active WDS should always be configured with priority
value 255.
http://www.cisco.com/en/US/docs/wireless/technology/swan/deployment/guide/swandg.html
QUESTION NO: 52
After configuring VTP, you no longer receive updates as expected. Which command can
you use to verify the number of VTP advertisements being transmitted?
A. show vtp statistics
B. show vtp counters
C. show vtp status
D. show vtp database
Answer: B
QUESTION NO: 53
What two types of telephony interfaces are used for PSTN connectivity? (Choose two.)
A. Optical
B. CDMA
8/12/2019 IPadViewer - Cisco 642-383
33/77
Leading the way in IT testing and certification tools, www.testking.com- 33 -
C. Digital
D. Analog
Answer: C,D
QUESTION NO: 54
A North American customer is using 2.4-GHz radios in a point-to-point configuration.
The radio power level is 17 dBm and is transmitting at 11 Mbps. The customer is using
21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet. The
customer increased the distance between the transmitter stations and began experiencing
link problems.
Without using a professional installer, which step should the customer take to fix the
situation?
A. Increase the transmitter power.
B. Upgrade to an 802.11a radio.
C. Use a cable with lower loss.
D. Install a higher gain antenna.
Answer: C
QUESTION NO: 55You work as a network administrator at TestKing.com. You study the exhibit carefully.
The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapter has two LEDs. Which two
LED states indicate that the card is associated to an access point and is working properly?
(Choose two.)
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
34/77
Leading the way in IT testing and certification tools, www.testking.com- 34 -
A. green LED blinking slowly; amber LED blinking quickly
B. green LED off; amber LED blinking sporadically
C. green LED blinking slowly; amber LED blinking slowly
D. green LED off; amber LED solid
E. green LED blinking quickly; amber LED blinking quickly
Answer: C,E
Explanation:
http://www.cisco.com/en/US/docs/wireless/wlan_adapter/cb21ag/user/2.5/configuration/guide/winc10kh.ht
8/12/2019 IPadViewer - Cisco 642-383
35/77
Leading the way in IT testing and certification tools, www.testking.com- 35 -
QUESTION NO: 56
You work as a network administrator at TestKing.com. You study the exhibit carefully.
Which two statements are correct about what is displayed? (Choose two.)
Exhibit:
A. If Router 1 had a PRI of 0, it could not be a designated router or a backup designated
router.
B. The IP address that is used for the router ID must be reachable.
C. Router 1 is the designated router because it has the highest configured loopback
address.
D. Router 1 is the designated router because it has the lowest configured IP address.
E. Router 1 has had its ID manually configured by using the router-ID command.
Answer: A,C
QUESTION NO: 57
Which command assigns a cost value of "17" to a switch port?
A. spanning-tree port cost 17
B. spanning-tree vlan 1 cost 17
C. spanning-tree interface fastethernet 5/8 17
8/12/2019 IPadViewer - Cisco 642-383
36/77
Leading the way in IT testing and certification tools, www.testking.com- 36 -
D. spanning-tree portcost 17
Answer: B
QUESTION NO: 58
What are two ways to test the LAN connectivity on the Cisco CE520? (Choose two.)
A. Ping the IP address of the Cisco-Data Access VLAN from the Cisco UC520 console.
B. Ping the IP address of the Cisco-Distribution VLAN from the Cisco UC520 console.
C. Ping default gateway from the Cisco UC520.
D. Ping the IP address of the Cisco-Data VLAN from a device attached to the Cisco
CE520.
E. Ping the IP address of the Cisco-Voice VLAN from a device attached to the Cisco
CE520.F. Ping default gateway from the Cisco CE520.
Answer: D,E
QUESTION NO: 59
You work as a network administrator at TestKing.com. You study the exhibit carefully.
According to the Cisco Adaptive Security Device Manager window, which statement
about address translation is correct?
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
37/77
Leading the way in IT testing and certification tools, www.testking.com- 37 -
A. Using Network Address Translation, host 10.0.1.10 on the inside network will bedynamically translated to a mapped address from the address pool of 192.168.1.20 to
192.168.1.94.
B. Using Network Address Translation, any host on the DMZ1 subnet (172.16.1.0) will
be translated to a mapped address on the outside interface of 192.168.1.11.
C. Using port address translation, outside host 192.168.1.10 with a dynamically assigned
port address will be translated to 10.0.1.11 on the inside interface.
D. Using port address translation, DMZ2 host 172.16.10.2 will be translated on DMZ1 to
IP address 172.16.1.22 with a dynamically assigned port address.
Answer: A
QUESTION NO: 60
You work as a network administrator at TestKing.com. You study the exhibit carefully.
Router TestKing2 is always in the init state. Which two statements are correct? (Choose
two.)
8/12/2019 IPadViewer - Cisco 642-383
38/77
Leading the way in IT testing and certification tools, www.testking.com- 38 -
Exhibit:
A. Router TestKing2 has an access list defined for S0 that is blocking an OSPF multicast
IP address of 224.0.0.5.
B. Router TestKing2 is seeing hello packets from Router TestKing1.C. Two-way communication has not been established between Router TestKing1 and
Router TestKing2 because Router TestKing2 is not seeing its router ID in the hello
packets that it is receiving from Router TestKing1.
D. The exchanging of data between Router TestKing1 and Router TestKing2 is occurring
because each is sending hello packets.
E. Router TestKing2 is not seeing hello packets from Router TestKing1.
Answer: B,C
Explanation:
In this example output, the init state indicates that TestKing2 sees hello packets from theneighbor, but two-way communication has not been established. A Cisco router includes
the Router IDs of all neighbors in the init (or a higher) state in the neighbor field of its
hello packets. For two-way communication to be established with a neighbor, a router
also must see its own Router ID in the neighbor field of the neighbor's hello packets. In
other words, a router with a neighbor in the init state has received hello packets from the
neighbor but has not seen its own Router ID in the neighbor's hellos. In this case, if the
router does not receive four consecutive hellos, it tears down the session and the OSPF
adjacency goes down
Support:http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080093f11.shtml
QUESTION NO: 61
Which command can be used to verify that RIPv2 is running on a router?
A. show ip protocols
8/12/2019 IPadViewer - Cisco 642-383
39/77
8/12/2019 IPadViewer - Cisco 642-383
40/77
Leading the way in IT testing and certification tools, www.testking.com- 40 -
A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS.
Which two of these might have caused this problem? (Choose two.)
A. The user has a privilege level lower than 15.
B. The ip https server command is missing from the running configuration.
C. The user is trying to launch Cisco Router and Security Device Manager from the inside
(secured) interface with a firewall enabled.
D. The browser security level is set too high.
E. The ip http secure-server command is missing from the running configuration.
Answer: A,E
QUESTION NO: 65
A company needs to provide site-to-site VPN, remote access VPN, and firewallprotection. Which device best supports all three functions?
A. Cisco Router and Security Device Manager
B. Cisco Concentrator
C. Cisco PIX
D. Cisco ASA
Answer: D
Explanation:
While the Cisco PIX can perform all those functions, it is being replaced by the ASA.The ASA's purpose is a security device vs a router with security layers added to it.
Cisco [VPN] Concentrator also is being replaced by the ASA, although it didn't provide
firewall capabilities.
QUESTION NO: 66
Which two statements are correct about using Cisco Router and Security Device Manager
(SDM) to configure the OSPF routing protocol? (Choose two.)
A. Cisco SDM will use the supplied wildcard mask to exclude the host bits from the
configured network address.
B. Cisco SDM allows the selection of OSPFv1 or OSPFv2.
C. Cisco SDM allows the configuration of an area range to allow route summarization
between OSPF areas.
D. Cisco SDM enforces the creation of area 0 when configuring OSPF.
E. Cisco SDM allows the configuration of passive interfaces.
8/12/2019 IPadViewer - Cisco 642-383
41/77
Leading the way in IT testing and certification tools, www.testking.com- 41 -
Answer: A,E
Explanation:
Partial answer:
Make Interface Passive
Check the box next to the interface if you do not want it to send updates to its neighbor.
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/us
QUESTION NO: 67
OSPF routes are being redistributed into EIGRP but they are not showing up in therouting table. What are two possible causes? (Choose two.)
A. CEF has not been enabled.
B. Incorrect distribute lists have been configured.
C. Synchronization has been turned off.
D. There are mismatched autonomous system numbers.
E. The ip classless command is missing.
F. No default metric has been configured for EIGRP.
Answer: B,F
QUESTION NO: 68
You work as a network administrator at TestKing.com. You study the exhibit carefully.
The tables contain information from the Cisco Router TestKingAnd Security Device
Manager configurations of Router TestKingA and Router TestKingB. Traffic between
Host 1 and Host 2 is not successfully establishing the site-to-site VPN between Router
TestKingA and Router TestKingB.
What is the mostly likely cause of this fault?
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
42/77
Leading the way in IT testing and certification tools, www.testking.com- 42 -
A. Router TestKingA is using a standard IP ACL (100-149) while Router TestKingB isusing a Turbo ACL (150?99).
B. The IPSec policy map names on the two routers are different.
C. The IPSec rules on the two routers are not permitting the correct interesting traffic.
D. The IKE encryption methods on the two routers are different.
Answer: D
8/12/2019 IPadViewer - Cisco 642-383
43/77
Leading the way in IT testing and certification tools, www.testking.com- 43 -
Topic 2, TestKing, Scenario
Exhibit:
You work as a network administrator at TestKing.com. Use the information in the exhibit
to answer the questions in the TesKing scenario.
Topic 2, TestKing(4 Questions)
QUESTION NO:1
Note: Please refer to the TestKing scenario in the iPAD document.
Which authentication method is used by the test VPN Group?
8/12/2019 IPadViewer - Cisco 642-383
44/77
8/12/2019 IPadViewer - Cisco 642-383
45/77
Leading the way in IT testing and certification tools, www.testking.com- 45 -
Answer: E, F
QUESTION NO: 4
Note: Please refer to the TestKing scenario in the iPAD document.
Which IP address or address range will be used when allocating an internal IP
address to the VPN clients for the "test" VPN group?
A. 192.168.1.2
B. 10.1.1.100 to 10.1.1.200
C. 192.168.1.1D. 192.168.1.2 to 192.168.1.254
E. 10.1.1.2 to 10.1.1.254
F. 192.168.1.1 to 192.168.1.100
Answer: D
Topic 3, Practice (56 Questions)
QUESTION NO: 1
You have applied a firewall configuration to your router using the Cisco Router and
Security Device Manager (SDM) Firewall Wizard. You find that you are now locked out
and access via Cisco SDM is denied. After accessing the router via the console port, what
must you do to regain access via Cisco SDM?
A. Create a loopback interface and connect to that IP Address for management purpose
when the configuration has been applied to the router
B. Modify the access list that denies Cisco SDM access
C. Specify the Cisco SDM Management Port number to gain access
D. Generate an RSA key pair between the host and device to allow secure access
Answer: B
8/12/2019 IPadViewer - Cisco 642-383
46/77
Leading the way in IT testing and certification tools, www.testking.com- 46 -
QUESTION NO: 2
Which two features are only supported when using the Cisco Router and Security Device
Manager (SDM) Advanced Firewall Wizard and not supported when using the Cisco
SDM Basic Firewall wizard? (Choose two.)
A. Deep-packet inspections
B. DMZ services
C. Proxy Authentication
D. Custom inspection rules
E. IP Unicast Reverse Path Forwarding on the outside (untrusted) interface
Answer: B,D
Explanation:
Custom Application Security Policy ButtonThis button and the Policy Name field are visible if you are completing the Advanced
Firewall wizard
DMZ Interface
If you configured an Advanced firewall, this area shows you the DMZ interface you
designated, along with its IP address
http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/us
QUESTION NO: 3
You are migrating the network design from using point security products(perimeter
router, firewall, VPN Router,IPs) to an integrated security solution using Cisco ISR.
During the migration process, you determine that you need to improve VPN performance,
what can you do?
A. Upgrade the Cisco IOS image on the ISR to the VPN bundle
B. Install AIM-VPN EPII-PLUS on the ISR
C. Increase the RAM on the ISR
D. Enable transparent tunneling using IPSec over TCP
Answer: B
Explanation:
8/12/2019 IPadViewer - Cisco 642-383
47/77
Leading the way in IT testing and certification tools, www.testking.com- 47 -
The Cisco VPN and SSL AIM provides up to 40 percent better performance for IPsec
VPN over the built-in IPsec encryption, and up to twice the performance for SSL VPN
encryption
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/data_sheet_vpn_aim_for_18128003800routers.h
Also, you should fix the product name.
The AIM-VPN EPII-Plus is EOL:
http://www.cisco.com/en/US/prod/collateral/routers/ps5854/eol_cisco_aim_vpn_ii_plus_modules.html.
The replacement model for that device is AIM-VPN/SSL-2.
QUESTION NO: 4You enter the command show ip ospf neighbor and see "two-way/DROTHER" listed as
the state for neighbor 10.1.1.1. What does this status indicate?
A. The neighbor 10.1.1.1 is the DR
B. DR and BDR election is in progress
C. The neighbor relationship with 10.1.1.1 has not yet completed
D. The neighbor 10.1.1.1 is not a DR or BDR
Answer: D
Explanation:DROTHER indicates a router that is neither the DR or the BDR
QUESTION NO: 5
Which two statements best describe the wireless core feature set using autonomous access
points when implementing repeater topology? (Choose two.)
A. RF overlap between primary and repeater access points should be 50 percent with
unique channels configured
B. Clients that are associated with the repeater access point will have 50 percent less data
throughput than clients that are associated with the primary root access point
C. RF overlap between primary and repeater access points should be 50 percent with the
same channel configured
D. RF Olverlap between access points should be 10 to 15 percent with unique channels
configured
E. Clients that are associated with the repeater access point will have 10 to 15 percent less
data throughout than clients that are associated with the primary root access point
8/12/2019 IPadViewer - Cisco 642-383
48/77
Leading the way in IT testing and certification tools, www.testking.com- 48 -
F. RF overlap between primary and repeater access points should be 10 to 15 percent with
the same channel configured
Answer: B,C
QUESTION NO: 6
Exhibit:
You work as a network technician at TestKing.com. Please study the exhibit carefully.
Which statements is correct about the information in the Cisco Adaptive Security Device
Manager General and License information screen?
A. The managed device is a Cisco PIX 515E Security Appliance
B. The security appliance supports active.active failover only
C. The security appliance supports 3DES-AES onlyD. The managed device is a Cisco ASA 5540 Security Appliance with VPN premium
license enabled
Answer: A
QUESTION NO: 7
8/12/2019 IPadViewer - Cisco 642-383
49/77
Leading the way in IT testing and certification tools, www.testking.com- 49 -
OSPF routes are being redistributed into EIGRP but they are not showing up in the
routing table. What are two possible causes? (Choose two.)
A. No Default metric has been configured for EIGRP
B. The IP classless command is missing
C. Synchronization has been turned off
D. Incorrect distribute lists have been configured
E. There are mismatched autonomous system numbers
F. CEF has not been enabled
Answer: A,D
QUESTION NO: 8
TestKing.com needs to provide site-to-site VPN, Remote Access VPN and Firewallprotection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco Router and Security Device Manager
C. Cisco Concentrator
D. Cisco ASA
Answer: D
Explanation:
Both ASA and the PIX provide this functionality. However, the ASA is the currentproduct.
While the Cisco PIX can perform all those functions, it is being replaced by the ASA.
The ASA's purpose is a security device vs a router with security layers added to it.
Cisco [VPN] Concentrator also is being replaced by the ASA, although it didn't provide
firewall capabilities.
QUESTION NO: 9
Which three statements are correct about the IEEE 802.3af power over Ethernet standard?
(Choose three.)
A. Id defines a powered device to be a PDE
B. It defines three methods of delivering Power over Ethernet to the discovered power
device
C. It defines power class 0 as being reserved for future use
D. It defines a port that acts as a power source to be a PSE
E. It describes five power classes to which a device may belong
8/12/2019 IPadViewer - Cisco 642-383
50/77
Leading the way in IT testing and certification tools, www.testking.com- 50 -
F. It defines how a powered device is detected
Answer: D,E,F
Explanation:
PD is Powered device, not PDE
PSE is Power Sourced Device
There are 5 power classes, 0-4 (power class 4 is reserved, not future. It is PSEs classify as
Class 0
QUESTION NO: 10
When troubleshooting poor network performance, which two symptoms would typically
be associated with a network layer problem? (Choose two.)
A. There are excessive CRC errorsB. Slips are detected on WAN interfaces
C. ARP requests are timing out
D. Packet loss is more than 20 percent
E. Pings succeed only part of the time
F. There is excessive broadcast traffic
Answer: D,E
Explanation:
CRC errors are Layer 1 issues, which is the Physical layer.
SLIP, Broadcast traffic & ARPs are LAYER 2 issues, which is the Data Link layer
Packets & PINGs are Layer 3 issue, which is the Network layer.
QUESTION NO: 11
An 802.11b telephone is receiving an audio signal from an access point, but can't send
audio. What is a possible cause?
A. The transmit power in the telephone is significantly lower than the transmit power in
the access point
B. The RSSI value on the telephone is greater than 35
C. The security settings in the telephone do not match the settings in the access point
D. The access point is set to receive only at 802.11g data rates
Answer: A
8/12/2019 IPadViewer - Cisco 642-383
51/77
Leading the way in IT testing and certification tools, www.testking.com- 51 -
QUESTION NO: 12
You connect via Telnet to a Cisco access point and enter the command show dot11
linktest. Which output might you obtain?
A. TX packets dropped
B. RX packets per second
C. Incoming and outgoing signal strength
D. Signal-to-noise ratio
Answer: C
QUESTION NO: 13Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
52/77
Leading the way in IT testing and certification tools, www.testking.com- 52 -
You work as a network technician at TestKing.com. Please study the exhibit carefully. A
host on the Sales Subnet (10.0.2.0/24) is not able to initiate a web connection to an
outside website. According to the network diagram and partial Cisco Adaptive Security
Device manager Configuration shown in the exhibit, what is the cause of the problem?
A. The dynamic NAT global pool is not configured
B. The administrator has not added an access list to allow the connection
C. The source networks for static NAT are not configured correctly
D. The source network for dynamic NAT is not configured correctly
Answer: D
Explanation:
Well, according to this, you should be fine with your NAT. You have inside:any/0 set for
doing NAT, which would cover any IP address that SALES is on.
There is no network diagram exhibit provided, so perhaps that would shed some light on
why you made that choice. But as far as what is provided and assuming SALES is on the
inside, none of your listed answers are the 'why'. We would suspect that no route exists
from the ASA to the SALES subnet based on this information.
QUESTION NO: 14
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
53/77
Leading the way in IT testing and certification tools, www.testking.com- 53 -
8/12/2019 IPadViewer - Cisco 642-383
54/77
Leading the way in IT testing and certification tools, www.testking.com- 54 -
You work as a network technician at TestKing.com. Please study the exhibit carefully.
According to the Cisco VPN Client Software outputs shown, which two statements are
correct about the connection entry named is? (Choose two.)
A. AES is used to provide data confidentiality
B. The Cisco VPN client software is assigned an internal IP Address of 192.168.1.1
C. HMAC-SHA1 is used to authenticate the remote users
D. Preshared key is used to authentication the remote peer
E. The PC that is running the Cisco VPN client software will not have access to the Local
LAN once the PC is connected into the VPN
Answer: D,E
QUESTION NO: 15
Exhibit:
You work as a network technician at TestKing.com. Please study the exhibit carefully.
The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapter has two LEDs. Which two
LED states indicate that the card is associated to an access point and is working properly?
(Choose two.)
8/12/2019 IPadViewer - Cisco 642-383
55/77
Leading the way in IT testing and certification tools, www.testking.com- 55 -
A. Green LED off, amber LED solid
B. Green LED blinking slowly, amber LED blinking slowly
C. Green LED blinking slowly, amber LED blinking quickly
D. Green LED off, amber LED blinking sporadically
E. Green LED blinking quickly, amber LED blinking quickly
Answer: B,E
QUESTION NO: 16
A concern has been expressed that the switched infrastructure in an integrated network in
vulnerable to VLAN hopping attacks. Which two configuration statements can be used to
mitigate VLAN hopping? (Choose Two.)
A. Switchport mode access
B. Switchport double-tag snooping
C. Switchport port-security
D. Switchport access vlan
E. Swtichport port-security tagging
Answer: A,D
QUESTION NO: 17Exhibit:
*** Missing ***
You work as a network technician at TestKing.com. Please study the exhibit carefully.
According to the Cisco Adaptive Security Device Manager Window, Which statement
about address translation is correct?
A. Using port address translation, outside host 192.168.1.10 with a dynamically assigned
port address will be translated to 10.0.1.11 on the inside interface
B. Using Network Address Translation, any host on the DMZ1 subnet (172.16.1.0) will
be translated to a mapped address on the outside interface of 192.168.1.11
C. Using Network Address Translation, host 10.0.1.10 on the inside network will be
dynamically translated to a mapped address from the address pool of 192.168.1.20 to
192.168.1.94
D. Using port address translation, DMZ2 host 172.16.10.2 will be translated on DMZ1 to
IP Address 172.16.1.22 with a dynamically assigned port address
8/12/2019 IPadViewer - Cisco 642-383
56/77
Leading the way in IT testing and certification tools, www.testking.com- 56 -
Answer: C
QUESTION NO: 18
Which statement is true about a Cisco Aironet 350 Series wireless client when its green
LED appears to be off and its amber LED is blinking?
A. The client adapter is scanning for a network
B. The client adapter is in ad hoc mode
C. The client adapter is in power-save mode
D. The client adapter is performing a self-test
Answer: C
Explanation:
QUESTION NO: 19
TestKing.com wants to implement wireless security through implementation of WPAv2.
Which component of WPAv2 would limit the rollout because of the continued use of old
access points?
A. 48-bit IV
B. AES
8/12/2019 IPadViewer - Cisco 642-383
57/77
8/12/2019 IPadViewer - Cisco 642-383
58/77
Leading the way in IT testing and certification tools, www.testking.com- 58 -
What does PVST+ do to correct this?
A. Swtich TestKingC sends PVST+ BPDUs of VLAN 2 (to the SSTP address that is
flooded by Switch by Switch TestKingB) towards Switch TestKingC. Switch TestKingA
will put port TestKingC-TestKingB into a type-inconsistent state, which prevents the loop
B. Switch TestKingB sends PVST+ BPDUs of VLAN1 (to the SSTP address that is
flooded by Switch TestKingA) towards switch TestKingC. Switch will put port
TestKingC-TestKingB into a type-inconsistent state, which prevents the loop
C. Switch TestKingA sends PVST+ BPDUs of VLAN 1 (to the SSTP address that is
flooded by Switch TestKingB) towards Switch TestKingB. Switch TestKingA will put
port TestKingC-TestKingB into a type-inconsistent state, which prevents the loop
D. Switch TestKingA sends PVST+ PBDUs of VLAN 2 (to the SSTP address that is
flooded by Switch TestKingB) toward Switch TestKingC will put port
TestKingC-TestKingB into a type-inconsistent state, which prevents the loop
Answer: D
QUESTION NO: 21
Network topology exhibit:
Policy exhibit:
8/12/2019 IPadViewer - Cisco 642-383
59/77
Leading the way in IT testing and certification tools, www.testking.com- 59 -
You work as a network technician at TestKing.com. Please study the exhibits carefully.
The tables contain information from the Cisco Router and Security Device Manager
configuration of Router TestKing1 and Router TestKing2. Traffic between HostTestKingA and Host TestKingB is not successfully establish the site-to-site VPN between
Router TestKing1 and Router TestKing2. What is the mostly likely cause of this fault?
A. The IPSec rules on the two routers are not permitting the correct interesting traffic
B. The IPSec policy map names on the two routers do not match. They must be the same
on both routers
C. The D-H Group settings on the two routers are set to group 2. They must be set to
group 1 for SHA-1
D. The IPSec and IKE encryption methods do not match. They all have to be either 3DES
or AES
E. Router TestKing1 is using a standard IP ACL (100-149) while Router TestKing2 is
using a turbo ACL (150-199)
Answer: A
8/12/2019 IPadViewer - Cisco 642-383
60/77
Leading the way in IT testing and certification tools, www.testking.com- 60 -
QUESTION NO: 22
Which two statements are correct about using Cisco Router and Security Device Manager
(SDM) to configure the OSPF routing protocol? (Choose two.)
A. Cisco SDM allows the selection of OSPFv1 or OSPFv2
B. Cisco SDM will use the supplied wildcard mask to exclude the host bits from the
configured network address
C. Cisco SDM allows the configuration of passive interfaces
D. Cisco SDM enforces the creation of area 0 when configuring OSPF
E. Cisco SDM allows the configuration of an area range to allow route summarization
between OSPF areas
Answer: B,C
QUESTION NO: 23
Users logging into Cisco Router and Security Device Manager should be authenticated
using the Cisco ISR local user database. Currently, none of the users can access Cisco
Router and Security Device Manager via HTTP. You should check the configuration of
which command or commands when attempts to resolve this problem?
A. line vty 0 5
Login local
B. aaa new-model
Aaa authentication login default localC. ip http authentication local
D. ip http secure-server
Answer: C
QUESTION NO: 24
Which two statements best describes the wireless core features set using autonomous
access points when implementing wireless domain services? (Choose two.)
A. Layer 3 Services can be configured in WLSM
B. Layer 2 services can be configured in a Cisco Aironet Autonomous AP or a Cisco
Integrated Services Router
C. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or
collectors
D. Layer 3 services can be configured in WLSE
8/12/2019 IPadViewer - Cisco 642-383
61/77
Leading the way in IT testing and certification tools, www.testking.com- 61 -
E. Layer 2 and Layer 3 services can be configured in a Cisco Aironet Autonomous AP or
a Cisco Integrated Services Router
Answer: A,B
QUESTION NO: 25
You have configured and applied a Cisco IOS Firewall access rule to the inbound,
untrusted interface. You suspect that the rule may be blocking necessary traffic onto the
network. What must you do to delete that rule when using Cisco Router and Security
Device Manager?
A. Go to the Edit Firewall Policy tab to delete the rule
B. You must delete the associated access list on the interface, then configure the access
list as required and then reapply the access group to the proper interfaceC. You must remove the association between the rule and the interface before deleting the
rule
D. Select ACL Editor-> Access Rule to delete the rule
Answer: C
Explanation:
Cisco SDM does not allow you to delete a rule that is associated with an interface; you
must first remove the association between the rule and the interface, and then delete the
access rule.
QUESTION NO: 26
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
62/77
Leading the way in IT testing and certification tools, www.testking.com- 62 -
You work as a network technician at TestKing.com. Please study the exhibit carefully.
According to the error log, VLAN 1 is where the BPDU was received and VLAN 2 is
where the BPDU originated. When inconsistency is detected, what happens?
A. Both VLANs are blocked on the port from which this BPDU is received
B. Both VLANs are listening on the port from which this BPDU is sent
C. VLAN 1 is blocked, while VLAN 10 is listening
D. VLAN 1 is blocked, while VLAN 10 for forwarding
Answer: A
QUESTION NO: 27
TestKing.com in Europe needs to establish an 11-mbps wireless bridge link between two
office buildings that are approximately 1.3 k apart. The wireless link will pass through apublic park, which contains a lake that is surrounded by trees. You run the range
calculation and determine that the Cisco Aironet 1300 Series Outdoor Access
Point/Bridge should work. You install the link using 10.5-db yagis with 75 feet of
standard Cisco cabling and both radios set at 20 MW. The wireless bridge are not able to
establish or maintain a link.
What is needed to successfully complete this link?
A. Due to the trees, a 210dbi dish needs to be used for its narrower beamwidth
B. An amplifier needs to be installed at one of the sitesC. The antenna must be raised high enough to clear the trees
D. Lower Loss cabling needs to be used to bring the EIRP into legal limits
Answer: C
QUESTION NO: 28
After Configuring VTP, you no longer receive updates as expected. Which command can
you use to verify the number of VTP advertisement being transmitted?
A. show vtp statistics
B. show vtp database
C. show vtp status
D. show vtp counters
Answer: D
8/12/2019 IPadViewer - Cisco 642-383
63/77
Leading the way in IT testing and certification tools, www.testking.com- 63 -
QUESTION NO: 29
Network Topology exhibit:
Configuration exhibit:
You work as a network technician at TestKing.com. Please study the exhibits carefully.
Which two statements are correct about what is displayed? (Choose two.)
A. Router TestKing1 is the designated router because it has the lowest configured IP
address
B. If Router TestKing1 had a PRI of 0, it could not be a designated router or a backup
designated router
C. The IP Address that is used for the router ID must be reachableD. Router TestKing1 is the designed router because it has the highest configured
loopback address
E. Router TestKing1 has had its ID manually configured by using the Router-ID
command
Answer: B,D
Explanation:
8/12/2019 IPadViewer - Cisco 642-383
64/77
Leading the way in IT testing and certification tools, www.testking.com- 64 -
The router with the highest priority becomes the designated router (DR). If the priorities
are the same, then the router with the highest router ID becomes the DR. By default,
priorities are set to 1. The router ID is the highest IP address or the highest ip address
among loopback addresses (if one is configured) on the Cisco router or can be configured
manually by "router-id x.x.x.x"
A router with a priority of 0 never becomes a DR or a backup designated router (BDR); it
is always a DROTHER, meaning a router that is neither the DR or the BDR.
IP address of router ID doesn't need to be reachable.
QUESTION NO: 30
Which network management tool is designed to allow business to manage up to 40
devices?
A. Resource Management Essentials
B. CiscoWorks Unrestriced
C. Campus Manager
D. CiscoWorks SNMS
Answer: D
QUESTION NO: 31When using a Cisco Router and Security Device Manager to configure AAA login
authentication policies, which four methods are available? (Choose Four.)
A. Default: use line password
B. Enable: use the enable password
C. Group RADIUS: use a list of RADIUS hosts
D. Group TACACS+: use a list of TACACS+ hosts
E. Otp: use one-time password
F. Local: use local database
Answer: B,C,D,F
QUESTION NO: 32
You are troubleshooting OSPF neighbor establishment problem, which are occurring over
Frame-Relay Interface that use the default OSPF network type. What should you verify in
the router configuration?
8/12/2019 IPadViewer - Cisco 642-383
65/77
Leading the way in IT testing and certification tools, www.testking.com- 65 -
A. The neighbor statements on the frame relay interface
B. The ip ospf priority 0 statement on the frame relay interface on the designated router
C. The frame-relay map statement on the frame relay interface
D. The ip ospf network point-to-point statement under the frame relay interface
Answer: C
QUESTION NO: 33
The network administrator has configured the SSID value in a wireless Cisco Aironet
client card. What is the result of the client-to-access-point association if the client SSID 1
is the left blank and the SSID2 is assigned a value of my_ssid?
A. The client will consider SSID1 null value, causing the client to request the SSID fromthe access point
B. The client software will attempt association with the access point using a null value of
SSID1 and if not successful it will rotate to use the SSID2 value of my_ssid
C. The client software will not allow this configuration and will create an error message
until the configuration is corrected
D. The client software will replace SSID1 with SSID2 and use my_ssid to attempt
association with the access point
Answer: D
QUESTION NO: 34
You have just configured and enabled the Cisco IOS Firewall features set from a remote
location using the Cisco Router and Security Device Manager (SDM) Firewall wizard.
You later want to double-click your configuration using Cisco SDM. However, you find
that you can no longer connect to the Cisco IOS Firewall using Cisco SDM.
What is the probable cause of this failure?
A. You have been locked out via access lists that have been applied to the router as a
result of your Cisco SDM configuration
B. You must specify the host IP address of Cisco SDM in the configuration panel for
allowed management connections
C. You have not generated an RSA key pair between the host and the device to allow
secure access via Cisco SDM
D. You must additionally specify the Cisco SDM Management port number to gain
access when the configuration has been applied
8/12/2019 IPadViewer - Cisco 642-383
66/77
Leading the way in IT testing and certification tools, www.testking.com- 66 -
Answer: A
QUESTION NO: 35
TestKing.com with a large enterprise network wants to allow employees to work from
home over the internet. TestKing.com anticipates a large amount of traffic, predominantly
toward the central site. TestKing.com also requires a VPN using strong user
authentication and encryption to protect highly sensitive data.
Which solution best meets this customer's requirements?
A. Site-to-Site with hub-to-spoke tunnels using 3DES and pre-shared secrets
B. Site-to-Site Cisco Easy VPN
C. The IPSec rules on the two routers are not permitting the correct interesting trafficD. Remote-Access VPN with hardware encryption
E. Remote-Access VPN with software encryption
Answer: E
QUESTION NO: 36
TestKing.com needs to provide site-to-site VPN, remote access VPN and firewall and
protection. Which device best supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Answer: B
QUESTION NO: 37
Exhibit:
8/12/2019 IPadViewer - Cisco 642-383
67/77
Leading the way in IT testing and certification tools, www.testking.com- 67 -
You work as a network technician at TestKing.com. Please study the exhibit carefully.
This display has been truncated to remove information that is not relevant to the question.
What would be a reason that there have been 21 ignored packets?
A. Ethernet0 and the neighbor that it is connected to are not running the same routing
protocol
B. There are no free input buffers to accept new packets
C. There are no free output buffers for packets, which are transversing the router to go
into for transmission
D. This is not valid error display. The display has been modified to show that there have
been ignored packets
E. Ethernet0 has no CDP neighbors
Answer: BExplanation:Ignored packets are those that are discarded because the interface hardware does not have enough internal buffers
http://www.cisco.com/en/US/docs/routers/access/ics7750/software/26/troubleshooting/guide/tsether2.html
QUESTION NO: 38
TestKing.com with a small enterprise network of 15 remote sites is trying to optimize itsVPN by migrating some remote sites using Frame-Relay connections to the internet to
using cable connections to the internet. Minimizing costs is one of TestKing.com's
highest proprieties. Only a moderate amount of IP traffic is passing through the network,
most of the which is from the remote sites to the central site. IPSec should be used to
provide VPN functionality and basic confidentiality is desired.
Based on the traffic patterns, which topology would be the easiest for this customer to set
up and manager?
A. Full Mesh
B. Point-to-multipoint
C. Hub-and-Spoke
D. Partial Mesh
Answer: C
8/12/2019 IPadViewer - Cisco 642-383
68/77
Leading the way in IT testing and certification tools, www.testking.com- 68 -
QUESTION NO: 39
Which design phase service component includes the development and documentation of
the test case or cases used to verify that a deployed infrastructure meets operational,
functional, and interface requirements?
A. Implementation Plan
B. Systems Acceptance Test Plan Development
C. Staging Plan
D. Detailed Design Development
E. Business Plan
Answer: B
QUESTION NO: 40In an infrastructure based on a wireless advanced feature set using lightweight access
points, by which is a rogue contained? Select two.
A. The rogue MAC address is used to spoof broadcast deassociation packets
B. The WCS sends excessive traffic to the rogue, thus overloading the access point
C. The rogue MAC address is used to spoof broadcast deautheticaton packets
D. The WCS sends out excessive signals on the same channel when the rogue is detected
Answer: A, C
Explanation:According to this, it will discourage rogue access point clients by sending the clients
deauthenticate and disassociate messages whenever they associate with the rogue access
point).
http://www.cisco.com/en/US/docs/wireless/wcs/4.1/configuration/guide/wcssol.html#wp1040128
So, both are possibly correct.
Similar information says both are correct here:
http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008080dc8c.sht
QUESTION NO: 41
Which three are different types of STP inconsistencies in a Layer 2 network? (Choose
three.)
8/12/2019 IPadViewer - Cisco 642-383
69/77
Leading the way in IT testing and certification tools, www.testking.com- 69 -
A. Root inconsistency
B. EthernChannel Inconsistency
C. MAC Inconsistency
D. Type Inconsistency
E. PVID Inconsistency
F. Vendor Inconsistency
Answer: A,B,D
Explanation:
There can be different types of STP inconsistencies:
Loop inconsistency_This is detected by the Loop Guard feature.
Root inconsistency_This is detected by the Root Guard feature.
EtherChannel inconsistency_This is detected by the EtherChannel consistency detectionfeature.
Port VLAN ID (PVID) inconsistency_A per?VLAN spanning tree (PVST+) Bridge
Protocol Data
Unit (BPDU) is received on a different VLAN than it was originated: (Port VLAN ID
Mismatch
or *PVID_Inc).
Type inconsistency_A PVST+ BPDU is received on a non?802.1Q trunk.
The reason why PVID is NOT one of the answers is that they are assuming that since this
is a layer 2 network that there won't be multiple VLANs.
http://www.cisco.com/application/pdf/paws/24063/pvid_inconsistency_24063.pdf
QUESTION NO: 42
An 802.1b telephone is receiving an audio signal from an access point, but can't send
audio. What is a possible cause?
A. The access point is set to receive only at 802.11g data rates
B. The transmit power in the telephone is significantly lower than the transmit power in
the access point
C. The RSSI value on the telephone is greater than 35
D. The security settings in the telephone do not match the settings in the access point
Answer: B
8/12/2019 IPadViewer - Cisco 642-383
70/77
Leading the way in IT testing and certification tools, www.testking.com- 70 -
QUESTION NO: 43
Which command can be used to verify that RIPv2 is running on a router?
A. Show ip route rip
B. Show ip route
C. Show ip protocols
D. show startup-config
Answer: C
Explanation:
To display the parameters and current state of the active routing protocol process, use the
show ip protocols command in EXEC mode.
http://www.cisco.com/en/US/docs/ios/12_2/iproute/command/reference/1rfindp2.html#wp1022264
QUESTION NO: 44
A North American customer is using 2.4-GhZ radios in a point-to-point configuration.
The radio level is 17 dBm and is transmitting at 11 Mbps. TestKing.com is using
21.5-dBi dish antennas and 50 feet of cabling, with a loss of 8.4 dB per 100 feet.
TestKing.com increased the distance between the transmitter stations and began
experiencing link problems.
Without using a professional installer, which step should TestKing.com take to fix thesituation?
A. Increase the transmitter power
B. Install a higher gain antenna
C. Use a cable with lower loss
D. Upgrade to an 802.11a radio
Answer: C
QUESTION NO: 45
In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be
placed?
A. Core Layer
B. Distribution Layer
C. Network Management Functional Module
D. Access Layer
8/12/2019 IPadViewer - Cisco 642-383
71/77
Leading the way in IT testing and certification tools, www.testking.com- 71 -
Answer: B
Explanation:
Whenever possible, Cisco recommends placing the WLSM blade in one of the
distribution layer switches in the campus network.
QUESTION NO: 46
Which two statements are correct about OSPF in a multiarea environment? (Choose two.)
A. OSPF requires that all areas have a least one ASBR
B. OSPF requires the use of the area range configuration command only when
non-default summarization is required
C. OSPF uses wildcard masks in the network statements but subnet masks in the area
range statementsD. OSPF ABR routers are needed only at the boundary of another OSPF area
E. OSPF will by default summarize routing updates between areas
Answer: C,D
Explanation:
By definition, routers that belong to multiple areas, and connect these areas to the
backbone area are called area border routers (ABR).
If there were only 1 area, then there would be no ABR (which eliminates one of the
answers/options)
Summarization does not occur by default between areas, you need to configure it.
Network statements use wildcard bits, area ranges use network masks
QUESTION NO: 47
Network topology exhibit:
8/12/2019 IPadViewer - Cisco 642-383
72/77
Leading the way in IT testing and certification tools, www.testking.com- 72 -
Policy exhibit:
You work as a network technician at TestKing.com. Please study the exhibits carefully.
The tables contain information from the Cisco Router TestKing1 and Security Device
Manager Configurations of Router TestKing1 and Router TestKing2. Traffic between
Host 1 and Host 2 is not successfully establishing the site-to-site VPN between Router
TestKing1 and Router TestKing2.
What is the most likely cause of this fault?
8/12/2019 IPadViewer - Cisco 642-383
73/77
8/12/2019 IPadViewer - Cisco 642-383
74/77
Leading the way in IT testing and certification tools, www.testking.com- 74 -
Router# show standby
Ethernet0/1 - Group 1
State is Active
2 state changes, last state change 00:30:59
Virtual IP address is 10.1.0.20
Secondary virtual IP address 10.1.0.21
Active virtual MAC address is 0004.4d82.7981
Local virtual MAC address is 0004.4d82.7981 (bia)
Hello time 4 sec, hold time 12 sec
Next hello sent in 1.412 secs
Preemption enabled, min delay 50 sec, sync delay 40 sec
Active router is local
Standby router is 10.1.0.6, priority 75 (expires in 9.184 sec)
Priority 95 (configured 120)Tracking 2 objects, 0 up
Down Interface Ethernet0/2, pri 15
Down Interface Ethernet0/3
IP redundancy name is "HSRP1", advertisement interval is 34 sec
QUESTION NO: 50
You have just configured HSRP and need to determine which router is active. Which
command should you enter?
A. show standby
B. show standby active
C. show ip hsrp active
D. show active
Answer: A
QUESTION NO: 51
Which critical issue should you account for when implementing an integrated network
security management design?
A. NAT interoperates with encrypted voice traffic
B. SNMP community read-write strings are configured to allow for total management
access
C. Host-based intrusion detection systems reside in the network
D. All network devices are time-synchronized
8/12/2019 IPadViewer - Cisco 642-383
75/77
Leading the way in IT testing and certification tools, www.testking.com- 75 -
Answer: D
Explanation:
Time synchronization using Network Time Protocol (NTP) for network and security
devices is critical for network-wide security event analysis and correlation.
QUESTION NO: 52
TestKing.com in Europe needs to establish an 11-mbps wireless bridge link between two
office buildings that are approximately 1.3 k apart. The wireless link will pass through a
public park, which contains a lake that is surrounded by trees. You run the range
calculation and determine that the Cisco Aironet 1300 Series Outdoor Access
Point/Bridge should work. You install the link using 10.5-db yagis with 75 feet of
standard Cisco cabling and both radios set at 20 MW. The wireless bridge are not able to
establish or maintain a link.
What is needed to successfully complete this link?
A. Lower Loss cabling needs to be used to bring the EIRP into legal limits
B. Due to the trees, a 210dbi dish needs to be used for its narrower bandwidth
C. The antenna must be raised high enough to clear the trees
D. An amplifier needs to be installed at one of the sites
Answer: C
QUESTION NO: 53
Which two statements best describes the wireless implementation of Cisco Aironet root
and non-root bridging? (Choose two.)
A. Point-to-Point Access Points can be used if one is root and the other is non-