IT인증,IT자격증,IT자격증시험,IT인증시험

http://www.pass4test.net/

Cisco 642-813 (Implementing Cisco IP Switched Networks) 덤프

Pass4Test는 여러분들한테 최고의  Cisco 642-813 (Implementing Cisco IP Switched Networks)  문제와 답을 제공함으로  높은 적중율을 자랑합니다, 여러분은  Cisco 642-813 (Implementing Cisco IP Switched Networks)  인증시험의 패스로 IT업계와  직장에서 한층 업그레이드 되실수 있습니다. 여러분의 미래는 더욱더 아름다울 것입니다. Cisco 642-813 (Implementing Cisco IP Switched Networks)  시험의 인기는 날마다 더해갑니다. Cisco 642-813 (Implementing Cisco IP Switched Networks)  시험에 응시하는 분들도 날마다 더 많아지고 있습니다. Cisco 642-813 (Implementing Cisco IP Switched Networks)  인증시험 준비중인 여러분은 어떤 자료를 준비하였나요?Pass4Test는 전문적인 IT인증시험덤프를 제공하는 사이트입니다. Cisco 642-813 (Implementing Cisco IP Switched Networks)  인증시험을 패스하려면Pass4Test을 선택하시면 아주 현명한 선택입니다. Pass4Test에서는  Cisco 642-813 (Implementing Cisco IP Switched Networks)  관련 자료도 제공함으로 여러분처럼 IT 인증시험에 관심이 많은 분들한테 아주 유용한 자료이자 학습가이드입니다. Pass4Test는 여러분이 원하는 최신 최고버전의  Cisco 642-813 (Implementing Cisco IP Switched Networks)  문제와 답을 제공합니다. Cisco 642-813 (Implementing Cisco IP Switched Networks)  인증덤프는 IT업계전문가들이 끊임없는 노력과 지금까지의 경험으로 연구하여 만들어낸 제일 정확한 시험문제와 답들로 만들어졌습니다. Pass4Test의 문제집으로 여러분은 충분히 안전이 시험을 패스하실 수 있습니다. 우리 Pass4Test 의 문제집들은 모두 100%합격율을 자랑하며 Pass4Test의 제품을 구매하였다면  Cisco 642-813 (Implementing Cisco IP Switched Networks)  관련 시험패스와 자격증 취득은 근심하지 않으셔도 됩니다. 여러분은 IT업계에서 또 한층 업그레이드 될것입니다.

 

 

NO.1 Which statement is true about RSTP topology changes?

A. Any change in the state of the port generates a TC BPDU.

B. Only nonedge ports moving to the forwarding state generate a TC BPDU.

C. If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated.

D. Only edge ports moving to the blocking state generate a TC BPDU.

E. Any loss of connectivity generates a TC BPDU.

Answer: B




NO.2 Which statement is true about Layer 2 security threats?

A. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against

reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points.

B. DHCP snooping sends unauthorized replies to DHCP queries.

C. ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.

D. Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping

attacks.

E. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.

F. Port scanners are the most effective defense against Dynamic ARP Inspection.

Answer: E




NO.3 Refer to the exhibit.

DHCP snooping is enabled for selected VLANs to provide security on the network. How do the switch

ports handle the DHCP messages?

A. A DHCPOFFER packet from a DHCP server received on Ports Fa2/1 and Fa2/2 is dropped.

B. A DHCP packet received on ports Fa2/1 and Fa2/2 is dropped if the source MAC address and the

DHCP client hardware address does not match Snooping database.

C. A DHCP packet received on ports Fa2/1 and Fa2/2 is forwarded without being tested.

D. A DHCPRELEASE message received on ports Fa2/1 and Fa2/2 has a MAC address in the DHCP

snooping binding database, but the interface information in the binding database does not match the

interface on which the message was received and is dropped.

Answer: C




NO.4 Refer to the exhibit.

GLBP has been configured on the network. When the interface serial0/0/1 on router R1 goes down, how

is the traffic coming from Host1 handled?

A. The traffic coming from Host1 and Host2 is forwarded through router R2 with no disruption.

B. The traffic coming from Host2 is forwarded through router R2 with no disruption. Host1 sends an ARP

request to resolve the MAC address for the new virtual gateway.

C. The traffic coming from both hosts is temporarily interrupted while the switchover to make R2 active

occurs.

D. The traffic coming from Host2 is forwarded through router R2 with no disruption. The traffic from Host1

is dropped due to the disruption of the load balancing feature configured for the GLBP group.

Answer: A




NO.5 Refer to the exhibit.

What information can be derived from the output?

A. Interfaces FastEthernet3/1 and FastEthernet3/2 are connected to devices that are sending BPDUs

with a superior root bridge parameter and no traffic is forwarded across the ports. After the sending of

BPDUs has stopped, the interfaces must be shut down administratively, and brought back up, to resume

normal operation.

B. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a

superior root bridge parameter, but traffic is still forwarded across the ports.

C. Devices connected to interfaces FastEthernet3/1 and FastEthernet3/2 are sending BPDUs with a

superior root bridge parameter and no traffic is forwarded across the ports. After the inaccurate BPDUs

have been stopped, the interfaces automatically recover and resume normal operation.

D. Interfaces FastEthernet3/1 and FastEthernet3/2 are candidates for becoming the STP root port, but

neither can realize that role until BPDUs with a superior root bridge parameter are no longer received on

at least one of the interfaces.

Answer: C




NO.6 What does the command udld reset accomplish?

A. allows a UDLD port to automatically reset when it has been shut down

B. resets all UDLD enabled ports that have been shut down

C. removes all UDLD configurations from interfaces that were globally enabled

D. removes all UDLD configurations from interfaces that were enabled per-port

Answer: B




NO.7 What does the global configuration command ip arp inspection vlan 10-12,15 accomplish?

A. validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15

B. intercepts all ARP requests and responses on trusted ports

C. intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings

D. discards ARP packets with invalid IP-to-MAC address bindings on trusted ports "Pass

Answer: C




NO.8 What is one method that can be used to prevent VLAN hopping?

A. Configure ACLs.

B. Enforce username and password combinations.

C. Configure all frames with two 802.1Q headers.

D. Explicitly turn off DTP on all unused ports.

E. Configure VACLs.

Answer: D




NO.9 Refer to the exhibit.

Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses

from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP

spoof attack toward Host_A ?

A. The spoof packets are inspected at the ingress port of switch SW_A and are permitted.

B. The spoof packets are inspected at the ingress port of switch SW_A and are dropped.

C. The spoof packets are not inspected at the ingress port of switch SW_A and are permitted.

D. The spoof packets are not inspected at the ingress port of switch SW_A and are dropped.

Answer: C




NO.10 What are two methods of mitigating MAC address flooding attacks? (Choose two.)

A. Place unused ports in a common VLAN.

B. Implement private VLANs.

C. Implement DHCP snooping.

D. Implement port security.

E. Implement VLAN access maps

Answer: DE




NO.11 Refer to the exhibit.

Which four statements about this GLBP topology are true? (Choose four.)

A. Router A is responsible for answering ARP requests sent to the virtual IP address.

B. If router A becomes unavailable, router B forwards packets sent to the virtual MAC address of router A.

C. If another router is added to this GLBP group, there would be two backup AVGs.

D. Router B is in GLBP listen state.

E. Router A alternately responds to ARP requests with different virtual MAC addresses.

F. Router B transitions from blocking state to forwarding state when it becomes the AVG.

Answer: ABDE




NO.12 Why is BPDU guard an effective way to prevent an unauthorized rogue switch from altering the

spanning-tree topology of a network?

A. BPDU guard can guarantee proper selection of the root bridge.

B. BPDU guard can be utilized along with PortFast to shut down ports when a switch is connected to the

port.

C. BPDU guard can be utilized to prevent the switch from transmitting BPDUs and incorrectly altering the

root bridge election.

D. BPDU guard can be used to prevent invalid BPDUs from propagating throughout the network.

Answer: B




NO.13 Which description correctly describes a MAC address flooding attack?

A. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking

device then becomes the destination address found in the Layer 2 frames sent by the valid network

device.

B. The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking

device then becomes the source address found in the Layer 2 frames sent by the valid network device.

C. The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The

switch then forwards frames destined for the valid host to the attacking device.

D. The attacking device spoofs a source MAC address of a valid host currently in the CAM table.

The switch then forwards frames destined for the valid host to the attacking device.

E. Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space.

The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is

subsequently flooded out all ports.

F. Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space.

The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is

subsequently flooded out all ports.

Answer: F




NO.14 Refer to the exhibit.

Which VRRP statement about the roles of the master virtual router and the backup virtual router is true?

A. Router A is the master virtual router, and router B is the backup virtual router. When router A fails,

router B becomes the master virtual router. When router A recovers, router B maintains the role of master

virtual router.

B. Router A is the master virtual router, and router B is the backup virtual router. When router A fails,

router B becomes the master virtual router. When router A recovers, it regains the master virtual router

role.

C. Router B is the master virtual router, and router A is the backup virtual router. When router B fails,

router A becomes the master virtual router. When router B recovers, router A maintains the role of master

virtual router.

D. Router B is the master virtual router, and router A is the backup virtual router. When router B fails,

router A becomes the master virtual router. When router B recovers, it regains the master virtual router

role.

Answer: B




NO.15 Refer to the exhibit.

Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Which statement is true?

A. Because of the invalid timers that are configured, DSw1 does not reply.

B. DSw1 replies with the IP address of the next AVF.

C. DSw1 replies with the MAC address of the next AVF.

D. Because of the invalid timers that are configured, DSw2 does not reply.

E. DSw2 replies with the IP address of the next AVF.

F. DSw2 replies with the MAC address of the next AVF.

Answer: F




NO.16 What two steps can be taken to help prevent VLAN hopping? (Choose two.)

A. Place unused ports in a common unrouted VLAN.

B. Enable BPDU guard.

C. Implement port security.

D. Prevent automatic trunk configurations.

E. Disable Cisco Discovery Protocol on ports where it is not necessary.

Answer: AD




NO.17 Refer to the exhibit.

An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server

for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?

A. All switch ports in the Building Access block should be configured as DHCP trusted ports.

B. All switch ports in the Building Access block should be configured as DHCP untrusted ports.

C. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted

ports.

D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP

untrusted ports.

E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.

F. All switch ports connecting to servers in the Server Farm block should be configured as DHCP

untrusted ports.

Answer: D




NO.18 When an attacker is using switch spoofing to perform VLAN hopping, how is the attacker able to gather

information?

A. The attacking station uses DTP to negotiate trunking with a switch port and captures all traffic that is

allowed on the trunk.

B. The attacking station tags itself with all usable VLANs to capture data that is passed through the switch,

regardless of the VLAN to which the data belongs.

C. The attacking station generates frames with two 802.1Q headers to cause the switch to forward the

frames to a VLAN that would be inaccessible to the attacker through legitimate means.

D. The attacking station uses VTP to collect VLAN information that is sent out and then tags itself with the

domain information to capture the data.

Answer: A




NO.19 Refer to the exhibit.

The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security

reasons, the servers should not communicate with each other, although they are located on the same

subnet. However, the servers do need to communicate with a database server located in the inside

network. Which configuration isolates the servers from each other?

A. The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to

the two firewalls are defined as primary VLAN promiscuous ports.

B. The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to

the two firewalls are defined as primary VLAN promiscuous ports.

C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN

promiscuous ports.

D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN

community ports.

Answer: A




NO.20 Refer to the exhibit.

Assume that Switch_A is active for the standby group and the standby device has only the default HSRP

configuration. Which statement is true?

A. If port Fa1/1 on Switch_A goes down, the standby device takes over as active.

B. If the current standby device had the higher priority value, it would take over the role of active for the

HSRP group.

C. If port Fa1/1 on Switch_A goes down, the new priority value for the switch would be 190.

D. If Switch_A had the highest priority number, it would not take over as active router.

Answer: C

 


Posted 2013/1/21 6:45:44  |  Category: 미분류  |  Tag: