ccnp 642-845
18.Which three techniques should be used to secure management protocols? (Choose three.)
A.Configure SNMP with only read-only community strings.
B.Encrypt TFTP and syslog traffic in an IPSec tunnel.
C.Implement RFC 2827 filtering at the perimeter router when allowing syslog access from devices on the
outside of a firewall.
D.Synchronize the NTP master clock with an Internet atomic clock.
E.Use SNMP version 2.
F.Use TFTP version 3 or above because these versions support a cryptographic authentication
mechanism between peers.
Answer:A B C
19.Which two active response capabilities can be configured on an intrusion detection system (IDS) in
response to malicious traffic detection? (Choose two.)
A.the initiation of dynamic access lists on the IDS to prevent further malicious traffic
B.the configuration of network devices to prevent malicious traffic from passing through
C.the shutdown of ports on intermediary devices
D.the transmission of a TCP reset to the offending end host
E.the invoking of SNMP-sourced controls
Answer:B D
20.What are three objectives that the no ip inspect command achieves? (Choose three.)
A.removes the entire CBAC configuration
B.removes all associated static ACLs
C.turns off the automatic audit feature in SDM
D.denies HTTP and Java applets to the inside interface but permits this traffic to the DMZ
E.resets all global timeouts and thresholds to the defaults
F.deletes all existing sessions
Answer:A E F
22.Which statement is true about a worm attack?
A.Human interaction is required to facilitate the spread.
B.The worm executes arbitrary code and installs copies of itself in the memory of the infected computer.
C.Extremely large volumes of requests are sent over a network or over the Internet.
D.Data or commands are injected into an existing stream of data. That stream is passed between a client
and server application.
Answer:B
23.Which three categories of signatures can a Cisco IPS microengine identify? (Choose three.)
A.DDoS signatures
B.strong signatures
C.exploit signatures
D.numeric signatures
E.spoofing signatures
F.connection signatures
2009-10-27 (Tue) 20:20 | Posted in ccnp | admin
642-845 考試是屬於CCNP的一種
11. What three statements are true about the various deployments of the 802.1x Extensible Authentication
Protocol (EAP)? (Choose three.)
Select 3 response(s).
A. EAP-FAST has the ability to tie login with non-Microsoft user databases.
B. EAP-TLS supports static passwords.
C. PEAP supports one-time passwords.
D. LEAP does not support multiple operating systems.
E. LEAP supports Layer 3 roaming.
F. PEAP does not work with WPA.
Answer: ACE
12. What are three security problems with Wi-Fi Protected Access (WPA)? (Choose three.)
Select 3 response(s).
A. WPA is based on the outdated IEEE 802.11i standard.
B. WPA uses RSN, which uses the same base encryption algorithm as RC4.
C. WPA requires a hardware upgrade that may not be supported by all vendors.
D. WPA uses TKIP, which uses the same base encryption algorithm as WEP.
E. WPA is susceptible to a DoS attack when it receives two packets in quick succession with bad MICs,
forcing the AP to shut down the entire Basic Service Set (BSS) for one minute.
F. WPA is susceptible to a security weakness when preshared keys are used.
Answer: DEF
13. Which three methods would help prevent critical network-traffic packet loss on high speed serial
interfaces? (Choose three.)
Select 3 response(s).
A. policy routing
B. increase link capacity
C. WRED
D. CBWFQ
E. LFI
F. WFQ
Answer: BCD
14. Interface congestion is causing drops in voice packets and TCP packets. The drops result in jerky
speech quality and slower FTP traffic flows. Which two technologies would proactively address the TCP
transfer rate and the voice problems? (Choose two.)
Select 2 response(s).
A. CBWFQ
B. LLQ
C. traffic shaping
D. WRED
Answer: BD
15. Which two statements about the DiffServ QoS model are true? (Choose two.)
Select 2 response(s).
A. DiffServ requires RSVP to set up a path through the network to accommodate the requested QoS.
B. Network traffic is identified by class, and the level of service is chosen for each class.
C. The DiffServ model relies on a fairly simple mechanism to provide QoS over a wide range of
equipment.
D. RSVP enables the DiffServ model to provide end-to-end QoS.
E. The DiffServ model is more scalable than the IntServ model.
F. The flow-based approach of the DiffServ model is ideal for large scalable implementations such as the
public Internet.
Answer: BE
2009-10-26 (Mon) 19:56 | Posted in 未分类 | admin
CCNP 642-845 (Optimizing Converged Cisco Networks)考題由我們的專業團隊破解PROMETRIC或VUE考試系統數據包,經過資深IT認證講師和技術專家精心編輯整理。包括了當前最新的642-845考試問題,包括選擇題、多選擇題、實作(Lab)題.,全部附有正確答案。現在購買《642-845 考題》您將享受4倍(365天)免費升級服務時間,保證了您有充分時間完成考試.
1.What best describes an FXO interface?
A. analog trunks that provide the Survivable Remote Site Telephony (SRST) feature
B. analog trunks that provide VoIP gateway functionality
C. analog trunks that connect a gateway to plain old telephone service (POTS) device such as analog
phones, fax machines, and legacy voice-mail systems
D. analog trunks that connect a gateway to a central office (CO) or private branch exchange (PBX)
Answer. D
2 Which two steps are executed in the deployment of Cisco AutoQoS for Enterprise? (Choose two.)
A. The customer uses SNMP statistics to create the policy.
B. QoS policy templates are generated and installed on the interface.
C. RTP is used to generate the policy.
D. LLQ, cRTP, and LFI are used to automatically discover the policy.
E. The auto-generated policy is manually optimized before implementation.
F. Auto-discovery is used to determine what traffic is on the interface.
Answer. B F
4. Which two statements are true about the application of QoS in a converged network? (Choose two.)
A. End-to-end network delay times that exceed 50 ms for real-time traffic are considered unacceptable.
B. End-to-end network delay times that exceed 250 ms for real-time traffic are considered unacceptable.
C. End-to-end network delay is not a factor as long as the delay is consistent.
D. Some packet loss can be corrected by codec algorithms.
E. RSVP handles voice packet retransmission.
F. Fragmentation is a result of packet loss.
Answer. B D
5. What are two of the three predefined classes for the Cisco SDM wizard? (Choose two.)
A. business-critical
B. high priority
C. middle class
D. voice
E. best effort
F. scavenger
Answer. A E
2009-10-23 (Fri) 19:58 | Posted in 未分类 | admin
