Latest Cisco CCNP 642-813 SWITCH Real Exam Download 1-10

Ensurepass

QUESTION 1

Which statement is true about RSTP topology changes?

 

A.        Any change in the state of the port generates a TC BPDU.

B.        Only nonedge ports moving to the forwarding state generate a TC BPDU.

C.        If either an edge port or a nonedge port moves to a block state, then a TC BPDU is generated.

D.        Only edge ports moving to the blocking state generate a TC BPDU.

E.         Any loss of connectivity generates a TC BPDU.

 

Correct Answer: B

 

 

QUESTION 2

Refer to the exhibit. Which three statements about this GLBP topology are true? (Choose three.)

 

clip_image002

 

A.        Router A is responsible for answering ARP requests sent to the virtual IP address.

B.        If router A becomes unavailable, router B forwards packets sent to the virtual MAC address of router A.

C.        If another router is added to this GLBP group, there would be two backup AVGs.

D.        Router B is in GLBP listen state.

E.         Router A alternately responds to ARP requests with different virtual MAC addresses.

F.         Router B transitions from blocking state to forwarding state when it becomes the AVG.

 

Correct Answer: ABE

 

 

QUESTION 3

Refer to the exhibit. Which VRRP statement about the roles of the master virtual router and the backup virtual router is true?

 

clip_image003

 

A.        Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, router B maintains the role of master virtual router.

B.        Router A is the master virtual router, and router B is the backup virtual router. When router A fails, router B becomes the master virtual router. When router A recovers, it regain the master virtual router role.

C.        Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, router A maintains the role of master virtual router.

D.        Router B is the master virtual router, and router A is the backup virtual router. When router B fails, router A becomes the master virtual router. When router B recovers, it regains the master virtual router role.

 

Correct Answer: B

QUESTION 4

Which description correctly describes a MAC address flooding attack?

 

A.        The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the destination address found in the Layer 2 frames sent by the valid network device.

B.        The attacking device crafts ARP replies intended for valid hosts. The MAC address of the attacking device then becomes the source address found in the Layer 2 frames sent by the valid network device.

C.        The attacking device spoofs a destination MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device.

D.        The attacking device spoofs a source MAC address of a valid host currently in the CAM table. The switch then forwards frames destined for the valid host to the attacking device.

E.         Frames with unique, invalid destination MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.

F.         Frames with unique, invalid source MAC addresses flood the switch and exhaust CAM table space. The result is that new entries cannot be inserted because of the exhausted CAM table space, and traffic is subsequently flooded out all ports.

 

Correct Answer: F

 

 

QUESTION 5

Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?

 

clip_image004

A.        All switch ports in the Building Access block should be configured as DHCP trusted ports.

B.        All switch ports in the Building Access block should be configured as DHCP untrusted ports.

C.        All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports.

D.        All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports.

E.         All switch ports in the Server Farm block should be configured as DHCP untrusted ports.

F.         All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports.

 

Correct Answer: D

 

 

QUESTION 6

Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. However, the servers do need to communicate with a database server located in the inside network. Which configuration isolates the servers from each other?

 

clip_image006

 

A.        The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.

B.        The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.

C.        The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.

D.        The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN community ports

 

Correct Answer: A

 

 

QUESTION 7

What does the command udld reset accomplish?

 

A.       allows a UDLD port to automatically reset when it has been shut down

B.       resets all UDLD enabled ports that have been shut down

C.       removes all UDLD configurations from interfaces that were globally enabled

D.      removes all UDLD configurations from interfaces that were enabled per-port

 

Correct Answer: B

 

 

QUESTION 8

Refer to the exhibit. Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ?

 

clip_image008

 

A.       The spoof packets are inspected at the ingress port of switch SW_A and are permitted.

B.       The spoof packets are inspected at the ingress port of switch SW_A and are dropped.

C.       The spoof packets are not inspected at the ingress port of switch SW_A and are permitted.

D.      The spoof packets are not inspected at the ingress port of switch SW_A and are dropped.

 

Correct Answer: C

 

 

QUESTION 9

Which statement is true about Layer 2 security threats?

 

A.        MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points.

B.        DHCP snooping sends unauthorized replies to DHCP queries.

C.        ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.

D.        Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.

E.         MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.

F.         Port scanners are the most effective defense against Dynamic ARP Inspection.

 

Correct Answer: E

 

 

QUESTION 10

What does the global configuration command "ip arp inspection vlan 10-12,15" accomplish?

 

A.        validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15

B.        intercepts all ARP requests and responses on trusted ports

C.        intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings

D.        discards ARP packets with invalid IP-to-MAC address bindings on trusted ports

 

Correct Answer: C

 

 

Download Latest Cisco 642-813 SWITCH Real Free Tests , help you to pass exam 100%.



Leave a Reply