Welcome to download the newest Pass4itsure 117-201 VCE dumps: http://www.pass4itsure.com/117-201.html
100% Valid And Pass With latest Cisco 642-813 exam dumps, you will never fail your Cisco 642-813 exam. All the questions and answers are updated and added to the new version timely by our experts.Also now Cisco 642-813 is offering free Cisco 642-813 exam VCE player and PDF files for free on their website.
QUESTION 110
Which two characteristics apply to Cisco Catalyst 6500 Series Switch supervisor redundancy using NSF? (Choose two.)
A. supported by RIPv2, OSPF, IS-IS, and EIGRP
B. dependent on FIB tables
C. supports IPv4 and IPv6 multicast
D. prevents route flapping
E. independent of SSO
F. NSF combined with SSO enables supervisor engine load balancing
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 111
Cat6500(config)# router ospf 1 Cat6500(config-router)# network 0.0.0.0 255.255.255.255 area 0 Cat6500(config-router)# nsf Cat6500(config-router)#end
Refer to the exhibit. The configuration is used to enable nonstop forwarding for OSPF on a Catalyst 6500 Series Switch with redundant supervisor engines.
The default CEF configuration is unchanged. After testing, user traffic is interrupted and NSF is not operational. What is the most likely reason?
A. CEF was not properly configured.
B. OSPF was not properly configured for graceful restart.
C. Stateful switchover was not correctly configured.
D. NSF for OSPF is only supported in area 0.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 112
You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?
A. IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats
B. a list of the customer requirements
C. detailed security device specifications
D. results from pilot network testing
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 113
You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?
A. IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats
B. detailed security device specifications
C. results from pilot network testing
D. results from a network audit
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 114
You are tasked with designing a security solution for your network. What information should be gathered prior to designing the solution?
A. a list of applications currently in use in the network
B. IP addressing design plans so that the network can be appropriately segmented to mitigate potential network threats
C. detailed security device specifications
D. results from pilot network testing
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 115
Which two are needed components when designing and implementing a security solution? (Choose two.)
A. detailed VLAN information
B. an incident response plan
C. results of testing the new network configuration
D. an existing hierarchical network topology
E. a security policy for your organization
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 116
Which two components should be part of a security implementation plan? (Choose two.)
A. detailed list of personnel assigned to each task within the plan
B. a Layer 2 spanning tree design topology
C. rollback guidelines
D. placing all unused access ports in VLAN 1 to proactively manage port security
E. enabling SNMP access to Cisco Discovery Protocol data for logging and forensic analysis
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 117
When creating a network security solution, which two pieces of information should you have previously obtained to assist in designing the solution? (Choose two.)
A. a list of existing network applications currently in use on the network
B. network audit results to uncover any potential security holes
C. a planned Layer 2 design solution
D. a proof-of-concept plan
E. device configuration templates
Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 118
What action should you be prepared to take when verifying a security solution?
A. having alternative addressing and VLAN schemes
B. having a rollback plan in case of unwanted or unexpected results
C. running a test script against all possible security threats to insure that the solution will mitigate all potential threats
D. isolating and testing each security domain individually to insure that the security design will meet overall requirements when placed into production as an entire system
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 119
What is needed to verify that a newly implemented security solution is performing as expected?
A. a detailed physical and logical topology
B. a cost analysis of the implemented solution
C. detailed logs from the AAA and SNMP servers
D. results from audit testing of the implemented solution
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 120
What is an important step to take when verifying a newly proposed network security solution?
A. Test the design on a pilot network for expected results prior to implementing on the production network.
B. Run a network audit to determine types of traffic in use on the network.
C. Launch campus updates into the production network and monitor impact to see if configuration changes are needed.
D. Create an interruption of data flow to determine test “back-door” access methods.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 121
When configuring port security on a Cisco Catalyst switch port, what is the default action taken by the switch if a violation occurs?
A. protect (drop packets with unknown source addresses)
B. restrict (increment SecurityViolation counter)
C. shut down (access or trunk port)
D. transition (the access port to a trunking port)
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 122
When you enable port security on an interface that is also configured with a voice VLAN, what is the maximum number of secure MAC addresses that should be set on the port?
A. No more than one secure MAC address should be set.
B. The default will be set.
C. The IP phone should use a dedicated port, therefore only one MAC address is needed per port.
D. No value is needed if the switchport priority extend command is configured.
E. No more than two secure MAC addresses should be set.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 123
Refer to the exhibit. From the configuration shown, what can be determined?
A. The sticky addresses will only be those manually configured MAC addresses enabled with the sticky keyword.
B. The remaining secure MAC addresses will be dynamically learned, converted to sticky secure MAC addresses, and added to the running configuration.
C. Since a voice VLAN is configured in this example, port security should be set for a maximum of 2.
D. A security violation will restrict the number of addresses to a maximum of 10 addresses per access VLAN and voice VLAN. The port will be shut down if more than 10 devices per VLAN attempt to access the port.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 124
hostname Switch1 interface Vlan10 ip address 172.16.10.32 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers 1 5 standby 1 priority 130 hostname Switch2 interface Vlan10 ip address 172.16.10.33 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers 1 5 standby 1 priority 120
HSRP was implemented and configured on two switches while scheduled network maintenance was performed.
After the two switches have finished rebooting, you notice via show commands that Switch2 is the HSRP active router. Which two items are most likely the cause of Switch1 not becoming the active router? (Choose two.)
A. booting delays
B. standby group number does not match VLAN number
C. IP addressing is incorrect
D. premption is disabled
E. incorrect standby timers
F. IP redirect is disabled
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 125
hostname Switch1 interface Vlan10 ip address 172.16.10.32 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers msec 200 msec 700 standby 1 preempt
hostname Switch2 interface Vlan10 ip address 172.16.10.33 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers msec 200 msec 750 standby 1 priority 110 standby 1 preempt
hostname Switch3 interface Vlan10 ip address 172.16.10.34 255.255.255.0 no ip redirects standby 1 ip 172.16.10.110 standby 1 timers msec 200 msec 750 standby 1 priority 150 standby 1 preempt
Refer to the exhibit. Three switches are configured for HSRP.
Switch1 remains in the HSRP listen state. What is the most likely cause of this status?
A. this is normal operation
B. standby group number does not match VLAN number
C. IP addressing is incorrect
D. incorrect priority commands
E. incorrect standby timers
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 126
Three Cisco Catalyst switches have been configured with a first-hop redundancy protocol. While reviewing
some show commands, debug output, and the syslog, you discover the following information:
Jan 9 08:00:42.623: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Standby -> Active
Jan 9 08:00:56.011: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Active -> Speak
Jan 9 08:01:03.011: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Speak -> Standby
Jan 9 08:01:29.427: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Standby -> Active
Jan 9 08:01:36.808: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Active -> Speak
Jan 9 08:01:43.808: %STANDBY-6-STATECHANGE: Standby: 49:
Vlan149 state Speak -> Standby
What conclusion can you infer from this information?
A. VRRP is initializing and operating correctly.
B. HSRP is initializing and operating correctly.
C. GLBP is initializing and operating correctly.
D. VRRP is not properly exchanging three hello messages.
E. HSRP is not properly exchanging three hello messages.
F. GLBP is not properly exchanging three hello messages.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 127
By itself, what does the command aaa new-model enable?
A. It globally enables AAA on the switch, with default lists applied to the VTYs.
B. Nothing; you must also specify which protocol (RADIUS or TACACS) will be used for AAA.
C. Enables AAA on all dot1x ports.
D. Nothing; you must also specify where (console, TTY, VTY, dot1x) AAA is being applied.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 128
You are implementing basic switch security best practices. Which of these is a tactic that you can use to mitigate compromises from being launched through the switch?
A. Make all ports private VLAN ports.
B. Place all unused ports in native VLAN 1 until needed.
C. Proactively configure unused switch ports as access ports.
D. Disable Cisco Discovery Protocol globally.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 129
What are three results of issuing the switchport host command? (Choose three.)
A. disables EtherChannel
B. enables port security
C. disables Cisco Discovery Protocol
D. enables PortFast
E. disables trunking
F. enables loopguard
Correct Answer: ADE Section: (none) Explanation
Explanation/Reference:
QUESTION 130
Private VLANS can be configured as which three of these port types? (Choose three.)
A. isolated
B. protected
C. private
D. associated
E. promiscuous
F. community
Correct Answer: AEF Section: (none) Explanation
Explanation/Reference:
QUESTION 131
When configuring private VLANs, which configuration task must you do first?
A. Configure the private VLAN port parameters.
B. Configure and map the secondary VLAN to the primary VLAN.
C. Disable IGMP snooping.
D. Set the VTP mode to transparent.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 132
Refer to the exhibit. From the configuration shown, what can you determine about the private VLAN configuration?
A. Only VLAN 503 will be the community PVLAN because multiple community PVLANs are not allowed.
B. Users of VLANs 501 and 503 will be able to communicate.
C. VLAN 502 is a secondary VLAN.
D. VLAN 502 will be a standalone VLAN because it is not associated with any other VLANs.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 133
Refer to the exhibit. Consider the following scenario:
Packet A is a TCP packet from host 10.2.2.2., port 65000, going to host 10.1.1.1 on the SMTP port. Assuming that this ACL is properly applied on the switch, if this packet is fragmented, which two of the following statements are true, based on the configuration shown in the exhibit? (Choose two.)
A. The first fragment matches the first ACE because it contains all the Layer 3 information required by the ACE.
B. The first fragment matches the first ACE as if it were a complete packet because all Layer 4 information is present.
C. The remaining fragments also contain the needed Layer 4 information and will be permitted.
D. The remaining fragments also match the first ACE, even though they do not contain the Layer 4 port information, because the first ACE only checks Layer 3 information when applied to fragments.
E. The remaining fragments will be dropped because the needed Layer 4 information is missing in fragmented packets. An additional established keyword needs to be added to the ACE.
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 134
Refer to the exhibit. Consider the following scenario:
A packet sourced from host 10.2.2.2, port 65001, is going to host 10.1.1.2 on the Telnet port. Assuming that this ACL is properly applied on the switch, if this packet is fragmented, which of the following conditions will result, based upon the access list shown in the exhibit?
A. Because the first fragment is denied, host 10.1.1.2 cannot reassemble a complete packet, and a TCP reset is sent to the source host, informing the host to stop sending additional traffic.
B. All fragments will be denied due to the Layer 4 requirement of the ACE.
C. The remaining fragments in the packet do not match the second ACE because they are missing Layer 4 information. Instead, they match the third ACE (a permit).
D. The source host on 10.2.2.2 will not receive an acknowledgement reply to the initial Telnet packet from host 10.1.1.2. Therefore, the host will abort the attempted Telnet session.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 135
Which of these is true regarding the configuration and application of port access control lists?
A. PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface.
B. At Layer 2, a MAC address PACL will take precedence over any existing Layer 3 PACL.
C. When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.
D. PACLs are not supported on EtherChannel interfaces.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 136
Refer to the exhibit. Which of these is true based upon the output shown in the command?
A. If the number of devices attempting to access the port exceeds 11, the port will shut down for 20 minutes, as configured.
B. The port has security enabled and has shut down due to a security violation.
C. The port is operational and has reached its configured maximum allowed number of MAC addresses.
D. The port will allow access for 11 MAC addresses in addition to the 3 configured MAC addresses.
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 137
Switch# show ip sla application IP SLAs Version: 2.2.0 Round Trip Time MIB, Infrastructure Engine-II Time of last change in whole IP SLAs: 22:17:39.117 UTC Fri Jun Estimated system max number of entries:15801 Estimated number of configurable operations: 15801 Number of Entries configured: 0 Number of active Entries: 0 Number of pending Entries: 0 Number of inactive Entries:0 Supported Operation Types Type of Operation to Perform: 802.1agEcho Type of Operation to Perform: 802.1agJitter Type of Operation to Perform: dhcp Type of Operation to Perform: dns Type of Operation to Perform: echo Type of Operation to Perform: ftp Type of Operation to Perform: http Type of Operation to Perform: jitter Type of Operation to Perform: pathEcho Type of Operation to Perform: pathJitter Type of Operation to Perform: tcpConnect Type of Operation to Perform: udpEcho IP SLAs low memory water mark: 21741224 Refer to the exhibit. What best describes the Cisco IOS IP SLA command and output in the exhibit?
A. verifies which operation types have been enabled for IP SLA responder
B. verifies which operation types have been enabled for IP SLA source
C. verifies which operation types are supported in software
D. verifies enabled operation types that are not running
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 138
Which statement best describes first-hop redundancy protocol status, given the command output in the exhibit?
Switch# show ip arp ProtocolAddressAge(min)Hardware AddrTypeInterface Internet172.16.233.2290000.0c59.f892ARPAVlan10 Internet172.16.233.2180000.0c63.1300ARPAVlan10 Internet172.16.233.19-0000.0c07.ac0bARPAVlan10
A. The first-hop redundancy protocol is not configured for this interface.
B. HSRP is configured for group 10.
C. HSRP is configured for group 11.
D. VRRP is configured for group 10.
E. VRRP is configured for group 11.
F. GLBP is configured with a single AVF.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 139
Which statement best describes implementing a Layer 3 EtherChannel?
A. EtherChannel is a Layer 2 and not a Layer 3 feature.
B. Implementation requires switchport mode trunk and matching parameters between switches.
C. Implementation requires disabling switchport mode.
D. A Layer 3 address is assigned to the channel-group interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 140
What benefit results from implementation of Layer 3 switching versus Layer 2 switching in a fully meshed campus network?
A. ease of IP address assignment versus use of external routers
B. redundancy from trunking between distribution layer switches
C. provides first-hop redundancy to clients
D. allows inter-VLAN communication without requiring complexity of routing protocols
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Worried about Cisco 642-813 exam pass results? Adopt most reliable way of exam preparation that is Cisco 642-813 Questions & Answers with explanations to get reliable high Cisco 642-813 exam pass result.Flydumps definitely guarantees it!
Pass4itsure 117-201 dumps with PDF + Premium VCE + VCE Simulator: http://www.pass4itsure.com/117-201.html
Cisco 642-813 Actual Questions, Buy Best Cisco 642-813 Certificate With 100% Pass Rate