Deploying HP ProCurve Products Number: HP0-Y23 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam A QUESTION 1 You must define a hostname on an HP ProCurve 5406zl switch. Which configuration context must you enter to perform this task? A. B. C. D.
interface global configuration manager operator
Answer: B Section: (none) Explanation/Reference:
QUESTION 2 Besides the CLI, which configuration interface enables an administrator to configure a user name for access to the Manager privilege level on an HP ProCurve switch? A. B. C. D.
menu interface web interface setup interface Management Interface Wizard
Answer: B Section: (none) Explanation/Reference:
QUESTION 3 What is the effect of the following command entered at the CLI of an HP ProCurve switch with factory default settings? ProCurveSwitch# exit A. B. C. D.
All switch ports are enabled The user is logged out of the CLI. The privilege level moves from Manager to Operator. The CLI displays an authentication prompt.
Answer: C Section: (none) Explanation/Reference:
QUESTION 4 Which options are available at the following prompt in the CLI of an HP ProCurve 3500yl switch? (Select three.) 3500yl-24G# A. enable IP routing B. update switch software C. disable ports
D. E. F. G.
erase startup configuration define management passwords restart the switch assign IP address to VLAN interface
Answer: BDF Section: (none) Explanation/Reference:
QUESTION 5 You must configure an IP interface on an HP ProCurve switch. Which CLI context will enable you to perform this task? A. B. C. D.
router manager CLI passthrough VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 6 What is the different between the output of the following two commands issued at the CLI of an HP ProCurve switch? ProCurve Switch# show interface ProCurve Switch# show interface brief A. The show interface command provides a dynamic display of port activity. The show interface brief command provides a static display of port activity. B. The show interface command displays current port statistics. The show interface brief command displays parameters such as actual speed and duplex status. C. The show interface command shows all friendly names assigned to ports. The show interface brief command shows only the port and module designation. D. The show interface command provides detailed information about each port configuration, including VLAN membership and Spanning command provides detailed information about each port? configuration, including VLAN membership and Spanning Tree status. The show interface brief command provides information only about which ports are enabled and which are disabled. Answer: B Section: (none) Explanation/Reference:
QUESTION 7 Which HP ProCurve switch models display the following prompt in the interface configuration context? (Select two.) ProCurve Switch(eth-C1)#
A. B. C. D. E.
2910al 3500yl 5400zl 6600 8200zl
Answer: CE Section: (none) Explanation/Reference:
QUESTION 8 What is the effect of the following command issued at the CLI of an HP ProCurve 5406zl switch? 5406zl# configure terminal A. The CLI moves to the global configuration context. B. The CLI provides an interface for configuring persistent terminal variables such as line length. C. The CLI displays user input in the terminal. D. The CLI displays current configuration parameters. Answer: A Section: (none) Explanation/Reference:
QUESTION 9 Which devices receive outbound LLDP advertisements from an HP ProCurve switch? A. B. C. D.
all devices with interfaces in VLAN1 all devices that receive the switch s broadcasts all devices directly connected to the switch all devices in the LLDP multicast group
Answer: C Section: (none) Explanation/Reference:
QUESTION 10 Which privilege level is indicated by the following prompt at the CLI of an HP ProCurve switch? 3500yl-24G> A. B. C. D.
operator interface global configuration manager
Answer: A Section: (none)
Explanation/Reference:
QUESTION 11 You must configure an IP interface for VLAN 22 on HP ProCurve switch. Besides the IP address, which parameter is required? A. B. C. D.
subnet mask DNS server default gateway port members
Answer: A Section: (none) Explanation/Reference:
QUESTION 12 At the CLI of HP ProCurve 2610-24 switch, you have assigned ports 1-4 to VLAN 50 as untagged members. The 2610 is connected through port 24 to a 5406zl with IP routing enabled. All other configuration parameters on the 2610 are at default settings. On the 2610, what must you do to enable the 5406zl to act as the default gateway for VLAN 50 clients? A. B. C. D.
Configure the 5406zl to be the default gateway for the 2610. Define an IP inter in VLAN 50. Add a static route to the 5406zl to the 2610 route table. Add port 24 to VLAN 50.
Answer: D Section: (none) Explanation/Reference:
QUESTION 13 You have defined VLANs 44 and 45 on an HP ProCurve switch and assigned untagged ports to both VLANs. You have defined IP address to both VLAN interfaces. You have configured IP helper to enable clients in VLAN 44 to receive IP addresses from a DHCP server in VLAN 45. What other feature must be enabled before the clients will receive addresses from the server? A. B. C. D.
RIP DNS IP routing DHCP Relay
Answer: C Section: (none) Explanation/Reference:
QUESTION 14 You have defined VLAN 100 and VLAN 101 on an HP ProCurve 5406zl switch. You have added two ports to each VLAN as untagged members. All other switch settings are at defaults.
What must you do to enable communications between hosts in the two VLANS? (Select two.) A. B. C. D. E.
Define an IP address for each VLAN. Remove all four ports from the Default VLAN. Define a default gateway for the switch. Configure static routes to both VLANS. Enable IP routing globally
Answer: AE Section: (none) Explanation/Reference:
QUESTION 15 You have configured untagged port members of VLAN 55 and VLAN 75 on an HP ProCurve 8212zl switch. Additionally, you have assigned IP addresses to interfaces in both VLANs. However, while testing the configuration, you learn that nodes in the two VLANs cannot ping each other, The nodes are configured correctly and connected to the correct ports. What must you do on the 8212zl to enable communication between the nodes? A. B. C. D.
Disable ICMP blocking. Enable IP routing. Define a default gateway Add connected ports to both VLANs.
Answer: B Section: (none) Explanation/Reference:
QUESTION 16 Which type of ports on HP ProCurve switches is similar to trunk ports on Cisco switches? A. B. C. D.
ports configured for link aggregation ports that carry multiple VLANs ports that support 10-GbE connectivity ports that connect the distribution and core layers
Answer: B Section: (none) Explanation/Reference:
QUESTION 17 Which feature on HP ProCurve switches is similar to access ports on Cisco switches? A. B. C. D.
edge ports uplink ports untagged ports LAG ports
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 Which UDP-based protocol can be used to back up and restore configuration files on an HP ProCurve switch? A. B. C. D.
SCP TFTP FTP SFTP
Answer: B Section: (none) Explanation/Reference:
QUESTION 19 Click the Exhibit button. In the configuration shown in the exhibit, which users can access the Telnet interface of the 3500yl?
A. B. C. D.
users in VLAN 11 only users in VLAN 1 only users in all VLANs directly connected to the 3500yl users in all VLANs connected to either switch
Answer: D Section: (none) Explanation/Reference:
QUESTION 20
Click the Exhibit button. What is indicated by the CLI output shown in the exhibit?
A. B. C. D.
Port 24 is a member of VLAN 10, but no device is connected. Port 24 is learning a new VLAN assignment, based on GVRP messages. Port 24 has been disabled by the switch administrator. Port 24 is configured for 802.1X authentication and is awaiting an authentication outcome.
Answer: A Section: (none) Explanation/Reference:
QUESTION 21 What can be used as a destination when backing up the configuration on an HP ProCurve 3500yl switch? (Select two.) A. B. C. D. E.
FTP server compact flash neighboring switch USB flash drive FTP server
Answer: AD Section: (none) Explanation/Reference:
QUESTION 22 Which command saves the running configuration of an HP ProCurve switch to its startup configuration? A. B. C. D.
Write memory Save running-config Copy running-config startup-config Write config
Answer: A Section: (none)
Explanation/Reference:
QUESTION 23 You must update the software on an HP ProCurve Intelligent Edge switch. Which devices can be used as sources for the copy command? (Select two.) A. B. C. D. E.
FTP server USB drive TFTP server flash area of another ProCurve switch management workstation hard drive
Answer: BC Section: (none) Explanation/Reference:
QUESTION 24 Click the Exhibit button. Which command enables the switch in the exhibit to execute the config2 configuration file?
A. B. C. D.
config active config2 boot system flash secondary erase config1 copy config2 flash primary
Answer: B Section: (none) Explanation/Reference:
QUESTION 25 The front-panel security settings on an HP proCurve switch are at default. HP can you gain access to the CLI of the switch if the manager and operator passwords have been lost? A. press the Reset button on the switch s front panel and it down until the switch restarts. B. Power cycle the switch and access the ROM console to dear passwords at the manager prompt. C. Press the Clear button on the switch s front panel and hold it down for three seconds or more. D. Reset the passwords using the Secure Access Wizard in ProCurve Manager Plus.
Answer: C Section: (none) Explanation/Reference:
QUESTION 26 What is the difference between the reload and boot commands on an HP ProCurve switch? A. The reload command restarts the switch without running full diagnostics. The boot command restarts the switch with full diagnostics. B. The reload command enables you to choose a configuration file to execute. The boot command always restarts with the current startup configuration. C. The reload command always restarts the switch with the primary image. The boot command enables you to choose an image. D. The reload command enables you to choose the image the switch will use when it starts. The boot command automatically restarts with the image used on the last reload. Answer: A Section: (none) Explanation/Reference:
QUESTION 27 When does an HP ProCurve switch execute configuration changes entered at the CLI? A. B. C. D.
Immediately When the changes are saved On the next boot On the next reload
Answer: A Section: (none) Explanation/Reference:
QUESTION 28 What is the effect of the following command issued at the CLI of an HP ProCurve 5406zl switch? 5406zl# show logging a1 A. B. C. D.
The CLI displays the logging options configured for port a1. The CLI displays security alerts concerning port a1. The CLI displays an hourly summary of the traffic for port a1. The CLI displays all events in the system log that include the string 1
Answer: D Section: (none) Explanation/Reference:
QUESTION 29 Click the Exhibit button. What is indicated by this entry in the IP route table of an HP ProCurve
8212zl switch?
A. The switch will not permit communications with any loopback interface. B. The switch has been configured with an ACL that blocks communications with the loopback interfaces. C. The switch will drop all communications with the default loopback address that arrive on non-loopback interfaces. D. A loopback interface is configured with 127.0.0.0. Answer: C Section: (none) Explanation/Reference:
QUESTION 30 What is the effect of the following command, issued at the CLI of an HP ProCurve 3500yl switch with IP routing enabled? 3500yl(config)# ip route 0.0.0.0/0 192.111.254.1 A. B. C. D.
The switch will drop all traffic arriving on interface 192.111.254.1. The switch will forward all broadcast traffic to 192.111.254.1. The switch will act as default gateway for all hosts in the address range of 192.111.254.0/24. The switch will forward all packets with destination addresses for which it does not know a specific route toward 192.111.254.1.
Answer: D Section: (none) Explanation/Reference:
QUESTION 31 You have entered the following command at the CLI of an HP ProCurve 3500yl switch: 3500yl(config)# router rip 3500yl(rip)# which additional step is necessary to enable RIP functionality A. B. C. D.
Configure a static route to nearest RIP peer. Configure redistribution for all connected routes that must advertised in RIP updates. Disable OSPF for every IP interface where the switch is expected to locate RIP peers. Enable RIP for every VLAN where the switch is expected to locate RIP peers.
Answer: D Section: (none) Explanation/Reference:
QUESTION 32 What is an advantage of using OSPF rather than RIP for dynamic routing? A. B. C. D.
faster convergence support for IPv6 simpler configuration capable of auto-summarization
Answer: A Section: (none) Explanation/Reference:
QUESTION 33 Which routing protocol is classified as a distance vector? A. B. C. D.
PIM IS-IS OSPF RIP
Answer: D Section: (none) Explanation/Reference:
QUESTION 34 You are part of a team designing an HP ProCurve network for a customer site. The customer site includes a large word-processing department You are part of a team designing an HP ProCurve network for a customer site. The customer? site includes a large word-processing department with PC workstations that support only 10/100 connectivity. The customer does not want to purchase switches with gigabit connectivity for these users,bu dot does want access to advanced routing features such as OSPF and VRRP. Which ProCurve switch series includes products that will meet this requirement? A. B. C. D.
2610 2910al 3500 4200vl
Answer: C Section: (none) Explanation/Reference:
QUESTION 35 Installation of a Premium License on an HP ProCurve 5406zl switch adds which routing protocol? A. IS-IS B. OSPF C. EIGRP
D. RIP Answer: Section: (none) Explanation/Reference:
QUESTION 36 Which HP ProCurve switch series features redundant management capability and fabric modules? A. B. C. D.
3500yl 5400zl 6600 8200zl
Answer: D Section: (none) Explanation/Reference:
QUESTION 37 What is the VLAN membership of wireless traffic exiting the bridge port on an HP ProCurve MSM AP with default VLAN settings? A. B. C. D.
VLAN 192 untagged VLAN on connected switch port VLAN 2100 VLAN assigned by RADIUS profile
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 What is the maximum amount of power that can be provided to a wireless access point by a switch using the PoE (802.3af) standard? A. B. C. D.
7.4 watts 15.4 watts 22.4 watts 30.4 watts
Answer: B Section: (none) Explanation/Reference:
QUESTION 39
What is the default operating mode of an HP ProCurve MSM AP? A. B. C. D.
Controlled Mode Learning Mode Autonomous Mode Broadcast Mode
Answer: A Section: (none) Explanation/Reference:
QUESTION 40 What is a Virtual Service Community (VSC)? A. B. C. D.
a group of settings applied to a WLAN on ProCurve mobility products a custom group for managing non-ProCurve switches in HP ProCurve Manager Plus a group of switches that share the same Virtual Router Redundancy Protocol (VRRP) ID a group of switches that share the same VLAN topology
Answer: A Section: (none) Explanation/Reference:
QUESTION 41 What is the advantage of HP ProCurve Integrated Services APs? A. B. C. D.
They integrate the configuration of all SSID settings into a single interface. They combine the features of an AP with some features of the centralized controller. They can act ad centralized controllers for other APs, including APs from other vendors. They provide automatic detection of unauthorized WLAN use.
Answer: B Section: (none) Explanation/Reference:
QUESTION 42 What are the advantages of deploying 802.11n wireless technology instead of 802.11g technology? A. B. C. D. E.
wider operating distance backward compatibility with 802.11b more powerful encryption options higher transmission rates support for centralized WLAN architecture
Answer: AD Section: (none)
Explanation/Reference:
QUESTION 43 How can you access the management interface of an HP ProCurve MSM AP at factory default settings? A. Connect a workstation to the AP bridge port using a DB9-to-RJ45 console cable. Connect a workstation to the AP? Bridge port using a DB9-to-RJ45 console cable. B. Configure a workstation with an address in the 192.168.1.0/24 range and connect it to the MSM bridge port. C. Configure a workstation to accept a DHCP address from the AP. D. Connect the MSM AP to a PoE port that is a tagged member of a VLAN properly configured for DHCP relay. Answer: B Section: (none) Explanation/Reference:
QUESTION 44 How does the optimized WLAN architecture of HP ProCurve overcome the limitations of the centralized WLAN architecture? A. B. C. D.
by providing centralized control of intelligent APs by supporting the 802.11n wireless standard for all nodes by supporting QoS and virus throttling technologies by providing a centralized interface for VLAN configuration
Answer: A Section: (none) Explanation/Reference:
QUESTION 45 Port C1 on an HP ProCurve 5412zl is a tagged member of VLAN 50 and an untagged member of VLAN 1. Port C2 and port C3 are at default VLAN settings. What is the effect of the following command entered at the CLI? 5412zl(config)# trunk c1-c3 trk1 A. B. C. D.
The trunk is defined as an untagged member of VLAN 1,but port c1 is not included. The trunk is defined as an untagged member of VLAN 1, but is not a member of VLAN 50. The trunk is defined as an untagged member of VLAN 1 and a tagged member of VLAN 50. The trunk is not defined because the ports' VLAN memberships do not match.
Answer: B Section: (none) Explanation/Reference:
QUESTION 46 What is the effect of the following command entered at the CLI of an HP ProCurve 5406zl switch? 5406zl(config)# trunk c5-c8 trk12
A. B. C. D.
A static LACP trunk is defined. An HP port trunk is defined. A dynamic LACP trunk is defined. The CLI issues an error saying a trunking protocol must be specified.
Answer: B Section: (none) Explanation/Reference:
QUESTION 47 What are possible configuration options for links participating in an LACP dynamic trunk? (Select two.) A. B. C. D. E.
blocked transmitting passive listening active
Answer: CE Section: (none) Explanation/Reference:
QUESTION 48 How does HP Port Trunking differ from LACP? A. B. C. D.
HP Port Trunking does not use a protocol. HP Port Trunking supports more links in each trunk. HP Port Trunking supports standby links. HP Port Trunking supports more sophisticated load balancing.
Answer: A Section: (none) Explanation/Reference:
QUESTION 49 When configuring Link Aggregation Control Protocol (LACP) on HP ProCurve switches, what is an advantage of using static LACP rather than dynamic LAVP? A. B. C. D.
Static LACP supports load balancing based on traffic volumes. Static LACP supports more configuration options for aggregated links. Static LACP automatically provides protection against broadcast storms. Static LACP supports standby links to provide for link redundancy.
Answer: B Section: (none)
Explanation/Reference:
QUESTION 50 What is default user name and password for HP ProCurve Manager Plus? A. The user name is “Manager,” and the password is “procurve.” B. The user name is “Administrator,” and the password is the value entered during the installation. C. The user name is “Administrator,” and the password is “admin.” D. The user name is the value configured during the installation, and the password is “procurve.” Answer: B Section: (none) Explanation/Reference:
QUESTION 51 Which protocols and tools are used for device discovery in HP ProCurve Manager and HP ProCurve Manager Plus? (Select four.) A. B. C. D. E. F. G.
LLDP sFlow SNMP RMON ARP Ping sweep Layer 2 link-test
Answer: ACEF Section: (none) Explanation/Reference:
QUESTION 52 Which operating systems are supported by HP ProCurve Manager client? (Select two.) A. B. C. D. E.
Microsoft Windows 98 Microsoft Windows XP MAC OS X Red Hat Enterprise Linux 5 Desktop Microsoft Windows Vista
Answer: BE Section: (none) Explanation/Reference:
QUESTION 53 Which user profile types are available in HP ProCurve Manager Plus? (Select three.)
A. B. C. D. E. F. G.
Manager Administrator Remote User Backup Root Viewer Operator
Answer: AFG Section: (none) Explanation/Reference:
QUESTION 54 At a customer site, a network administrator reports that he has successfully installed the HP ProCurve Manager remote client on his workstation, but he is denied access to connect to the PCM+server. The IP address of his workstation is 172.16.17.100/16. The IS address of the PCM+server 172.15.15.100/16. How can you resolve this problem? A. Add the administrator's user ID to the User Profiles in PCM+. B. Add the IP address of the administrator's workstation to the access.txt file on the PCM+server. C. Add 172.16.0.0/16 to the Managed Subnets list in the PCM+ discovery setup window. D. Add the IP address of the administrator workstation to the Authorized Managers list on the switch that the PCM+ server uses as a seedAdd the IP address of the administrator? workstation to the Authorized Managers list on the switch that the PCM+ server uses as a seed device. Answer: B Section: (none) Explanation/Reference:
QUESTION 55 What is the free trial period for HP ProCurve Manager Plus version 3.0? A. B. C. D.
14 days 30 days 60 days 90 days
Answer: C Section: (none) Explanation/Reference:
QUESTION 56 At a customer site, network administrators report that an HP ProCurve Manager Plus (PCM+) server does not discover any manageable devices except those on the subnet where the server resides. What is a possible explanation for this behavior?
A. PCM+ discovery messages do not cross router interfaces. B. The PCM+ server has been configured with an incorrect seed device. C. PCM+ discovery uses Link Layer Discovery Protocol. which only survives one switch-toswitch hop. D. By default, PCM+ automatically discovers only devices on the subnet where the PCM+server resides. Answer: D Section: (none) Explanation/Reference:
QUESTION 57 You have just installed an HP ProCurve 2610-48-PWR switch at a customer site and have used Manual Discovery to add it the HP ProCurve Manager Plus(PCM+) database. Hpwever, PCM+does not display a configuration for the switch. What can you do to obtain configuration information in PCM+? A. B. C. D.
Use the Scan tool to update the configuration database for the switch. Use the copy command to back up the switch's configuration to PCM+ Update the SNMP community names in the switch CLI. Upgrade the switch's software to enable full PCM+ support.
Answer: A Section: (none) Explanation/Reference:
QUESTION 58 At a customer site, network administrators have installed an HP ProCurve Manager Plus (PCM+) server in the main office and want to use the application to manage network devices in all of the company offices. However, they have noticed that the server discovery processesapplication to manage network devices in all of the company? Offices. However, they have noticed that the server? discovery processes sometimes generate excessive traffic on WAN links connecting the main office. How can you resolve this problem? A. B. C. D.
Install a PCM+ remote agent in each branch office. Install a slave PCM+ server in each branch office. Remove the subnets in the branch offices from the Managed Subnets list. Install a PCM+ Client in each branch office for local management.
Answer: A Section: (none) Explanation/Reference:
QUESTION 59 You have defined VLANs and IP interfaces and enabled routing on an HP ProCurve 8212zl switch. Otherwise, the switch is at default settings. What is the effect of the following command? 8212zl (config)# spanning-tree
A. RSTP is enabled globally. To enable MSTP, you must enter spanning-tree protocol-version mstp. B. MSTP is enabled globally. The switch will function as if RSTP were enabled until other MSTP parameters are defined. C. MSTP is enabled globally. The switch will acquire MSTP parameters from other switches in the Spanning Tree domain. D. STP is enabled globally. The switch will not participate in a Spanning Tree domain until a Spanning Tree version is configured with the spanning-tree protocol-version command. Answer: B Section: (none) Explanation/Reference:
QUESTION 60 The output of show spanning-tree instance 1 on two HP ProCurve 8212zl switches indicates are the Root of MST instance 1. What is an accurate explanation for this output? A. B. C. D.
The switches have identical Bridge Priorities. The switches have different MST configuration names. The switches have identical Port Priorities for ports associated with the instance. One of the switches has been configured for RSTP operation.
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 The output of show spanning-tree on an HP ProCurve 5406zl switch indicates that port A1 ois forwarding. However, the MAC address of the Designated Bridge for port A1 is not the MAC address of the Root Bridge. Which statement explains this output? A. B. C. D.
Port A1 configured with a low Port Priority. Port A1 configured to the Root Bridge. Port A1 configured to a switch that does not support Spanning Tree. Port A1 configured to the Root Bridge through an intervening switch.
Answer: D Section: (none) Explanation/Reference:
QUESTION 62 You enter the following command at the CLI of an HP ProCurve 3500yl switch: 3500yl (config)# spanning-tree priority 2 Which Bridge Priority value is displayed when you enter show spanning-tree? A. B. C. D.
2 2048 4096 8192
Answer: D Section: (none) Explanation/Reference:
QUESTION 63 You must configure Multiple Spanning Tree Protocol (MSTP) on two HP ProCurve 8212zl switches and four 5406zl switches. What is required to ensure that all to of the switches join the same MST region? A. The switches must be configured to discard BPDUs from switches using STP or RSTP. B. The switches must be configured with identical config-names, config-revisions, and VLANtoinstance mappings. C. Bridge Priorities on all switches must be configured so that each MST instance has a different Root Bridge. D. The switches must have identical Port Priorities for shared links in each MST instance. Answer: B Section: (none) Explanation/Reference:
QUESTION 64 You must configure an HP ProCurve 3500yl switch for installation in a network that uses RSTP to from a single-instance Spanning Tree. What must you do to ensure that the 3500yl will participate in this Spanning Tree? A. Enter spanning-tree in the global configuration context. B. Enter spanning-tree rstp in the configuration context for every VLAN the switch shares with another switch. C. Enter spanning-tree protocol-version rstp in the Spanning Tree configuration context. D. Enter spanning-tree autodetect in the configuration context of every port where the switch will hear Spanning Tree BPDUs. Answer: A Section: (none) Explanation/Reference:
QUESTION 65 How can you ensure that a particular switch will be elected Root Bridge of an MST instance, assuming all Spanning Tree settings on other switches are at the default? A. B. C. D.
Set the CIST Bridge Priority to 0. Set the Bridge Priority for the instance to 0. Set the Port Priority for each port in the instance to 0. Set the Bridge Priority for each VLAN in the instance to 0.
Answer: B Section: (none) Explanation/Reference:
HP0-Y22 Implementing HP ProCurve MultiService Number: HP0-Y22 Passing Score: 810 Time Limit: 105 min File Version: 1.0
Exam A QUESTION 1 1.How many administrators can be logged in to an MSM Controller at one time? A. B. C. D.
1 2 3 4
Answer: A Section: (none) Explanation/Reference:
QUESTION 2 By default,every Mobility Controller is configure as the Primary Mobility Controller.After checking the Mobility Controller Discovery box on the Discovery screen,which unique address needs to be entered to indicate that this is not the primary controller? A. B. C. D.
IP Address of your device IP Address of the primary controller MAC Address of your device MAC Address of the primary controller
Answer: B Section: (none) Explanation/Reference:
QUESTION 3 A customer has been locked out after attempting to log into the MSM Controller.At default setting,how long will he have to wait before being allowed to login again? A. B. C. D.
1 minute 5 minute 10 minute until the MSM Controller has been reset
Answer: B Section: (none) Explanation/Reference:
QUESTION 4 You have been asked by your customer to create a wireless network in public area with centralized user authentication.Given the following chioces,which authentication method would you choose to implement? A. B. C. D.
802.1X authentication MAC authentication Web authentication WEP authentication
Answer: C Section: (none) Explanation/Reference:
QUESTION 5 When is AP Provisioning required before deploying controlled APs in a simple network topology? A. B. C. D. E.
when using a local mesh to connect to the network when an AP needs to be deployed with dynamic IP address when the access point is using a Group other than the Default Group discovery of third party access points when you have Layer 2 connectivity to a controller
Answer: A Section: (none) Explanation/Reference:
QUESTION 6 You have an operational Local Mesh environment that employs multiple Master Nodes to the same wired network.Each Master node supports a Local Mesh Protocol infrastructure of several levels including both Alternate Master nodes and Slave nodes.Each access point is configured to Automatically find mesh ID.An Alternate Master node fails. What will the downstream node or nodes do? A. automatically by-pass the defective node and reconnect to the original path uplink from the defective node B. automatically select a new available uplink connection with the lowest path cost within its own Mesh ID C. automatically select a new available uplink with the lowest path cost in any Mesh ID D. not reconnect and wait until the defective node is replaced or otherwise becomes operational again Answer: C Section: (none) Explanation/Reference:
QUESTION 7 What are the three Local Mesh roles?(select three) A. B. C. D. E. F.
Master Sister Slave Alternate Slave Center Device Slave Alternate Master
Answer: AEF Section: (none) Explanation/Reference:
QUESTION 8 What are the two types of Local Mesh methods? A. B. C. D.
autonomous;controlled indoor;outdoor short distance;long distance static;dynamic
Answer: D Section: (none) Explanation/Reference:
QUESTION 9 What is the maximum number of MSM765zl modules you can install in a ProCurve switch? A. B. C. D.
1 2 4 No limitation
Answer: C Section: (none) Explanation/Reference:
QUESTION 10 You have powered on your MSM760 Controller and the power light indicator is on steady indicating that your MSM760 is operational.You notice that the LED on the right side of the LAN port(port 2)is on solid. What does this indicate? A. B. C. D.
The port is transmitting and receiving packets. There is no Ethernet link. There is a link but there is no transmit and receive activity A fault has occurred on this Ehternet port.
Answer: C Section: (none) Explanation/Reference:
QUESTION 11 The MSM760 and MSM765zl can be licensed to support a maximum of how many Access Points? A. B. C. D.
100 200 500 1000
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 After installing an MSM765zl module in a ProCurve switch,which tasks must be completed to activate the module?(select three) A. B. C. D. E. F.
Install the Product License Key. Obtain the Activation Hardware ID. Set the module to its factory default settings. Upgrade the software on the module. Register the MSM765zl with ProCurve. Reboot the ProCurve switch.
Answer: ABE Section: (none) Explanation/Reference:
QUESTION 13 The MSM765zl is a module based on the ProCurve ONE platform and supported on which ProCurve switch platforms?(selcet two) A. B. C. D. E.
3500 5300 5400 6600 8200
Answer: CE Section: (none) Explanation/Reference:
QUESTION 14 Which version of ProCurve Mobility Manager(PMM) is used to manage the MSM760 and MSM765zl controllers? A. B. C. D.
PMM 2.0 PMM 3.0 PMM 3.0 with AU1 PMM 3.0 with AU2
Answer: C Section: (none) Explanation/Reference:
QUESTION 15 The MSM760 Controller has two Ethernet ports located on its front panel.Port 1 is often referred to as the Internet port and port 2 the LAN port.Both ports are auto-sensing and operate at what speed or speeds? A. B. C. D.
10/100 Mbps 10/100/1000 Mbps only 100 Mbps only 1000 Mbps
Answer: B Section: (none) Explanation/Reference:
QUESTION 16 The MSM730 has 4 Ethernet ports;one for the LAN and another for the Internet.What is the function of the other two Ethernet ports? A. B. C. D.
CLI access client connectivity reserved for future expansion uplinks
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 Which 802.11n frequency ranges are supported on the MSM422?(select two) A. B. C. D. E.
2.4 GHz 5 GHz 20 MHz 72 MHz 105.7 MHz
Answer: AB Section: (none) Explanation/Reference:
QUESTION 18 What is true regarding the CNMS 200 product?(select two) A. B. C. D. E.
automatic discover of network components restricts the use of remote management from a Web browser supports a maximum of 1000 Access Points requires Red Hat Enterprise Linux 5.0 or CentOS 5.0 operating system hardware platform requires at least 2 Gigabytes of memory
Answer: AD Section: (none) Explanation/Reference:
QUESTION 19 Which MSM310/320/325 Ethernet port or ports can be used to supply the device with PoE? A. B. C. D.
port 2 LAN port port 1 Internet port
Answer: C Section: (none) Explanation/Reference:
QUESTION 20 What is the internal connectivity of the two Ethernet ports on an MSM 310/320/325? A. B. C. D.
The ports are connected via a fixed VLAN The ports do not communicate with each other The ports are bridged The ports are routed
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 How many Ehternet ports are on the MSM325/422 Access Point? A. B. C. D.
1 2 3 4
Answer: A Section: (none) Explanation/Reference:
QUESTION 22 How many Virtual Service Communities (VSCs) does the M110 support? A. 1 B. 2 C. 3
D. 4 Answer: B Section: (none) Explanation/Reference:
QUESTION 23 When enabled,the L3 Mobility feature allows which unique function? A. B. C. D.
easy replacement of a defective access point seamless exchange between a 3G phone and different WLANs WPA2 Opportunistic Key Cashing client roaming across subnets
Answer: D Section: (none) Explanation/Reference:
QUESTION 24 What are the key features of PorCurve Guest Management Software(formerly VMT)?(select two) A. B. C. D. E.
the ability to create user logo designs the ability to perfom batch creation of user accounts the ability to print X.509 certificates the ability to manage a visitor's account on MSM controllers the ability to import special programs for customer use
Answer: BD Section: (none) Explanation/Reference:
QUESTION 25 In which modes do MSM Access Points operate?(select two) A. B. C. D. E.
stand-alone mode autonomous mode automatic mode controlled mode off-line mode
Answer: BD Section: (none) Explanation/Reference:
QUESTION 26 Which ProCurve Mobility product offers three radios?
A. B. C. D.
MSM310 MSM335 MSM422 MSM730
Answer: B Section: (none) Explanation/Reference:
QUESTION 27 ProCurve's RF Planner is made specifically for which operating system? A. B. C. D.
Linux MAC OS Microsoft Windows Sun Microsystems Solaris
Answer: C Section: (none) Explanation/Reference:
QUESTION 28 What is the primary difference between the MSM320 and MSM325? A. B. C. D.
The MSM325 has a factory installed RF Manager Sensor license The MSM320 has a factory installed RF Manager Sensor license The MSM325 can be upgraded after purchase with an RF Manager Sensor license The MSM325 has two RF Manager Sensor licenses
Answer: A Section: (none) Explanation/Reference:
QUESTION 29 On the MSM710,PoE can power device from which port? A. B. C. D.
port 1 Internet port LAN port only as a backup to the direct DC power adapter
Answer: C Section: (none) Explanation/Reference:
QUESTION 30 If a DHCP server does not exist on a network, the Ethernet port on an autonomoous mode MSM Access Point would be assigned a default IP address of 192.168.1.1.Given this information,which statement is correct? A. An internal DHCP server in the MSM Access Point can be configured to assign any appropriate IP Address to the port B. An internal dip switch can be configured to change the default IP address of the Ethernet port C. An autonomous mode MSM Access Point can be ordered with the option of a different Default IP Address that could be assigned to its Ehternet port D. Without an external DHCP server,the port will always remain at 192.168.1.1 Answer: D Section: (none) Explanation/Reference:
QUESTION 31 How does a client associated to an MSM Access Point recevie its DHCP IP Address? A. B. C. D.
from either the AP's internal DHCP server or an external DHCP server it cannot receive a DHCP IP Address and a static IP Address is required through an external DHCP server with the AP's internal DHCP server
Answer: C Section: (none) Explanation/Reference:
QUESTION 32 What is the maximum number of simultaneous guest access users supported by the MSM730? A. B. C. D.
100 200 500 2000
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 Which access point can operate as an RF Manager Sensor? A. B. C. D.
MSM310 MSM335 MSM410 MSM422
Answer: B
Section: (none) Explanation/Reference:
QUESTION 34 Which process matches VSCs with Groups? A. B. C. D.
batching binding grouping synchronizing
Answer: B Section: (none) Explanation/Reference:
QUESTION 35 In a controlled mode network,what are the levels of Access Point inheritance?(select three) A. B. C. D. E. F.
Group Network Controlled APs(global) Server Individual AP VLAN
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 36 Which statement accurately describes an important characteristic when using VSCs? A. B. C. D.
Multiple radios can be configured in to a goup Multiple SSIDs can be configured on a single AP The use of a single radio for Local Mesh and Access Point functionality becomes recommended Multiple VLANs can be attached to a single client thereby eliminating the need for additional Access Points
Answer: B Section: (none) Explanation/Reference:
QUESTION 37 The common settings,such as the IP Address,for all ports on an MSM Access Point are represented by a port name.What is this port called?
A. B. C. D.
Bridge Common Global Switch
Answer: A Section: (none) Explanation/Reference:
QUESTION 38 Which feature provides a wireless link between two MSM Access Points? A. B. C. D.
peer-to-peer Local Mesh ad-hoc WiMAX
Answer: B Section: (none) Explanation/Reference:
QUESTION 39 In what situation would the IP address of the Internet port on an MSM Controller be set to "No Address"? A. B. C. D.
when NAT is disabled when NAT is enabled when only VLAN traffic is passing through the Internet port when only authenticated traffic is passing through the Internet port
Answer: C Section: (none) Explanation/Reference:
QUESTION 40 What are the default login credentials(syntax;username,password) for all MSM mobility devices? A. B. C. D.
admin,admin administrator,procurve root,admin root,procuve
Answer: A Section: (none) Explanation/Reference:
QUESTION 41
A basic customized login screen is comprised of five files.Four of the names are login.html,session.html,fail. html,and logo.gif.What is the name of the fifth file? A. B. C. D.
goodbye.html logout.html trasport.html welcome.html
Answer: C Section: (none) Explanation/Reference:
QUESTION 42 What happans when the RTS Threshold option is enabled? A. B. C. D.
Packets larger than this threshold do not cause the RTS/CTS handshake protocol to occur Packets smaller than this threshold will be transmitted without the RTS/CTS handshake protocol Packets larger than this threshold will be given higher priority Packets smaller than this threshold will be dropped
Answer: B Section: (none) Explanation/Reference:
QUESTION 43 When Centralized Access Control is configured as Automatic,under which condition is a user data tunnel created? A. B. C. D.
when IPsec is set up between two Controllers if more than one Controller is on the network that has the same Access Control configuration if tunnels are manually configured and available if a synchronized AP and its Controller are on different subnets
Answer: D Section: (none) Explanation/Reference:
QUESTION 44 What is the term used for the role of an MSM Controller when it is managing RADIUS server logins? A. B. C. D.
RADIUS authenticator RADIUS client RADIUS proxy RADIUS supplicant
Answer: B Section: (none) Explanation/Reference:
QUESTION 45 How many QoS priority levels are available to chose from per VSC? A. B. C. D.
1 2 3 4
Answer: D Section: (none) Explanation/Reference:
QUESTION 46 In addition to the priority level,what other QoS choices are available?(select three) A. B. C. D. E. F.
802.1Q Diffsrv IPQoS leaky bucked ToS traffic shaping
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 47 In addition to the data Transmit Rate,what other parameter is configurable for the QoS Priority levels? A. B. C. D.
Drop or Queue choice Notification of blocking enable Recevie rate Retry amount
Answer: C Section: (none) Explanation/Reference:
QUESTION 48 What is the RF Manager's primary function? A. B. C. D.
Centralized Management of WLAN networks which use ProCurve mobility devices RF statistical gathering and reporting WLAN networking performance reporting IDS/IPS
Answer: D Section: (none) Explanation/Reference:
QUESTION 49 VSCs can be configured with Wireless security filters.Which categories of Wireless security filters are available?(select three) A. B. C. D. E. F.
access point's default gateway broadcast custom IP address local subnet multicast MAC address
Answer: ACF Section: (none) Explanation/Reference:
QUESTION 50 Which configuration categories are included in Bandwidth Management in an MSM Controller?(select three) A. B. C. D. E. F.
Customer rate limits HTML user login Internet port rate limit Wireless security filters Level definitions SSID priority level
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 51 Which new 5.3.1 software feature allows centralization of Controllers in a Network Operations Center? A. B. C. D.
AreoScout Support NAT Traversal Security Traffic Tunneling Session Persistence
Answer: A Section: (none) Explanation/Reference:
QUESTION 52 The MSM317 Access Decvice is a combination access point and LAN switch.How many of the five ports on the MSM317 can support PoE power forwarding to a Voice-over-IP phone? A. B. C. D.
1 2 3 5
Answer: A Section: (none) Explanation/Reference:
QUESTION 53 Each of the four bridged LAN ports on the MSM317 Access Device can support how many VLANs? A. B. C. D.
1 16 265 4095
Answer: A Section: (none) Explanation/Reference:
QUESTION 54 On an MSM317,how many authenticated 802.1X clients or MAC addresses are supported per LAN port? A. B. C. D.
1 4 16 100
Answer: A Section: (none) Explanation/Reference:
QUESTION 55 Which configuration information is unique to the MSM317 Access Device?(select two) A. B. C. D. E.
The MSM317 operates in controlled mode only The MSM317 has a single b/g/n radio The MSM317 four prot LAN switch is linked to the pass-through port The MSM317 LAN ports and wireless port are not active until a link is established with a MSM Controller The MSM317 pass-through port can be configured to be part of the four port LAN switch by the MSM Controller
Answer: AD
Section: (none) Explanation/Reference:
QUESTION 56 When L3 Mobility is enabled and a DHCP client roams to a new subnet,what happens to its IP Address? A. B. C. D.
If the DHCP server is available,it will change the IP Address It remains unchanged due to tunneling The access point forces the client to get a new address The access point IP range changes to the IP Address of the new subnet
Answer: B Section: (none) Explanation/Reference:
QUESTION 57 From the perspective of one MSM controller in a network operating L3 Mobility(L3 Roaming).What is the name given to a Home client that has roamed to another subnet? A. B. C. D.
Roamer Trasported Traveler Visitor
Answer: C Section: (none) Explanation/Reference:
QUESTION 58 To enable L3 Mobility on a VSC,which parameter on the VSC must be disabled? A. B. C. D.
Access Control Authentication VLANs Wireless security filters
Answer: A Section: (none) Explanation/Reference:
QUESTION 59 Which feature would you enable to enhance Layer 2(L2) Roaming? A. rapid authentication B. seamless roaming C. single network AP hopping
D. WPA2 Opportunistic Key Caching Answer: D Section: (none) Explanation/Reference:
QUESTION 60 In a controlled mode network,when is the MSM Access Point egress VLAN configured? A. B. C. D.
during the discovery process during the VSC to Group bingding process during the network VLAN creation process during the Virtual Service Community creation process
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 When configuring the MSM Controller for a Controlled mode network,at what point is the AP's VSC egress VLAN configured? A. B. C. D.
when the Group is created when the AP is synchronized with its Group when the specified VLAN is created when the VSC is bound to the Group
Answer: D Section: (none) Explanation/Reference:
QUESTION 62 A wired client is sending its incoming traffic to the VLAN port on an MSM Controller.In a WLAN configured with VSCs 1-4,which VSC will be selected to pass the traffic from the wired client? A. B. C. D.
Default VSC VSC 2 VSC 3 VSC 4
Answer: A Section: (none) Explanation/Reference:
QUESTION 63 On a VSC,which options can be specified for egress VLANs?(select three)
A. B. C. D. E. F.
Authenticated traffic Default gateway traffic IP filtered traffic Intercepted traffic Unauthenticated traffic Untagged traffic
Answer: ADE Section: (none) Explanation/Reference:
HP.Braindump.HP0-Y13.128q Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Exam Name: ProCurve Network Management Exam Type: HP Exam Code: HP0-Y13 Total
Exam A QUESTION 1 Which modifications can you make to PCM using the CIP? (Select three.) A. B. C. D. E.
Modify the color scheme used for PCM windows Add a right-click menu to the Devices List window Add a tab to the Network Management Home page Display third-party SNMP traps in the Events browser Add an authentication method for PCM management users
Answer: BCD Section: (none) Explanation/Reference:
QUESTION 2 You have a device that is not natively supported by PCM. You want to allow PCM to manage it. You have decided to use the CIP to take advantage of the device management capabilities of PCM. What is an example of a PCM capability that can be provided for the device through the CIP? A. B. C. D.
Displaying a Live View of the device Performing endpoint integrity testing of the device Adding IDM attributes that can be applied to device ports Downloading software updates from the ProCurve support site
Answer: A Section: (none) Explanation/Reference:
QUESTION 3 Which CIP file type is used to customize the PCM+ user interface by adding a button to the global toolbar? A. B. C. D.
Global property Object identifier Image property User-interface trigger
Answer: D Section: (none) Explanation/Reference:
QUESTION 4 Which authentication mechanisms can be supported on an edge device when used with IDM? (Select two.) A. B. C. D.
MAC WPA 802.1X Local user
E. Switch-to-switch Answer: AC Section: (none) Explanation/Reference:
QUESTION 5 Which IDM options can be enabled or disabled using the IDM Preferences window? (Select two.) A. B. C. D. E.
Monitor only mode RADIUS server support Enhanced wireless support 802.1X user authentication Only send supported attributes to devices
Answer: Section: (none) Explanation/Reference:
QUESTION 6 Which information must be specified when installing the IDM agent? (Select two.) A. B. C. D. E.
Domain or realm name Type of user authentication Dns name of the user directory Whether a ProCurve NAC 800 is used IP address of the IDM management server
Answer: DE Section: (none) Explanation/Reference:
QUESTION 7 Where does the IDM agent need to be installed? A. B. C. D. E.
On the edge switch On the DHCP server On the RADIUS server On the remote PCM+ client On the Active Directory server
Answer: C Section: (none) Explanation/Reference:
QUESTION 8
Which information must be specified when installing the IDM management server? A. B. C. D.
Type of RADIUS server Domain or realm name Ip address of the user directory Whether a ProCurve NAC 800 will be used
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 What do you do to install the latest released software update for a ProCurve switch using PCM+? A. B. C. D.
Scan the switch using the Configuration Manager. Run the PCM+ consistency check policy against the switch. Download the software versions list to the PCM+ management server. Download the software image file and unpack it in the PCM+ management server's download folder.
Answer: C Section: (none) Explanation/Reference:
QUESTION 10 Which capabilities are supported by the Software Update Wizard? (Select three.) A. B. C. D. E.
Boot ROM compatibility checking Configuration backup after updating Automated rollback of a failed update Identification of duplicate schedules, if any Determination of current installed version
Answer: Section: (none) Explanation/Reference:
QUESTION 11 While running the Software Update Wizard, you notice that you cannot select the latest version of software recently released for a ProCurve 5406zl switch. What is an explanation for this problem? A. B. C. D.
The software image file has not been unpacked in the PCM download folder. A My ProCurve account has not been correctly specified in the Preferences window. The installed PCM license does not support installation of updates using the wizard. The latest procurve_firmware.prp file has not been downloaded using the Preferences window.
Answer: D Section: (none)
Explanation/Reference:
QUESTION 12 Which information does PCM discovery acquire from a device using LLDP? A. B. C. D. E.
VLAN list ARP table Bridge MIB Routing table Neighbor table
Answer: E Section: (none) Explanation/Reference:
QUESTION 13 Which statements are true about the operation of the PCM discovery process? (Select two.) A. B. C. D. E.
Custom discovery methods can be defined. It consists of four phases that run at configurable intervals. Telnet or SSH are used to learn device attribute information. The scope of discovery is limited to the managed subnets list. A Layer 3 routing protocol is used to determine the network topology.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 14 Which management user profiles are defined in PCM? (Select two.) A. B. C. D. E.
Viewer Manager Database System level Administrator
Answer: AE Section: (none) Explanation/Reference:
QUESTION 15 How is the starting point for PCM discovery determined? A. Configured seed device IP address B. First device to respond to an SNMP get request
C. Lowest IP address on the management server's subnet D. Highest MAC address in the management server's ARP table Answer: A Section: (none) Explanation/Reference:
QUESTION 16 Which protocol is used during the PCM Neighbor Discovery phase? A. B. C. D.
LLDP sFlow VRRP OSPF or RIP
Answer: A Section: (none) Explanation/Reference:
QUESTION 17 Which statement is true about the types of management users supported in PCM? A. B. C. D.
Custom user types can be created using predefined permission levels. Only the administrator created during installation can create additional users. Users can be imported from Active Directory instead of manually defining them. For the administrator created during installation, only the password can be changed.
Answer: D Section: (none) Explanation/Reference:
QUESTION 18 Which restriction applies to the viewer type of PCM management user? A. B. C. D.
Cannot view network topologies Cannot change his own password Cannot access the Preferences tool Cannot make configuration changes
Answer: D Section: (none) Explanation/Reference:
QUESTION 19 Which methods or protocols can be used to authenticate PCM management users? (Select two.)
A. B. C. D. E.
802.1X RADIUS TACACS+ Web-based Local username/password database
Answer: BE Section: (none) Explanation/Reference:
QUESTION 20 Which CLI commands perform functions equivalent to those done using the Configuration Manager's Deploy Wizard? (Select two.) A. B. C. D. E.
Ip preserve Write terminal Copy tftp startup Startup-default primary Boot system flash primary
Answer: CE Section: (none) Explanation/Reference:
QUESTION 21 Which file management and performance options does the Configuration Manager allow you to configure? (Select two.) A. B. C. D. E.
Minimum software version allowed Number of Syslog entries maintained Number of concurrent scan operations Number of configuration files to maintain per device Number of alerts per hour if configuration change is detected
Answer: CD Section: (none) Explanation/Reference:
QUESTION 22 Which function is equivalent to using the "Capture configuration" option of the Configuration Manager's CLI Wizard? A. B. C. D.
Scanning the configuration Saving the changes to flash memory Displaying a snapshot of the wizard results Copying the configuration to the secondary flash
Answer: A
Section: (none) Explanation/Reference:
QUESTION 23 Which automatic customization capability does the Configuration Manager support when a configuration template file is deployed to multiple devices? A. B. C. D. E.
Designation of uplink ports Substitution of IP addresses Assignment of ports to VLANs Identification of ports in the Secure Management VLAN Specification of unique manager and operator passwords
Answer: B Section: (none) Explanation/Reference:
QUESTION 24 Which device management capabilities does the Configuration Manager support? (Select three.) A. B. C. D. E.
Upgrading the boot ROM of a switch Backing up the configuration file of a switch Viewing a list of modules installed in a chassis switch Performing a consistency check of uplink port settings Applying a configuration template to a newly discovered switch
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 25 Which statement is true about licensing options for PCM+ and its supported plug-ins? A. B. C. D.
PCM+ licensing is based on the number of devices managed. Identity Driven Manager licensing is based on the number of devices managed. Mobility Manager licensing is based on the number of wireless clients managed. Network Immunity Manager licensing is based on the number of installed instances.
Answer: A Section: (none) Explanation/Reference:
QUESTION 26 Which features are only available in PCM+? (Select two.) A. Node-to-node path trace tool
B. C. D. E.
VLAN network topology views Device discovery using LLDP/MED Switch-to-switch consistency checking Device access through web and CLI interfaces
Answer: AD Section: (none) Explanation/Reference:
QUESTION 27 Which statements are true about the PCM architecture? (Select two.) A. B. C. D. E.
PCM uses its own Java instance. The PCM client is a web-based interface that supports SSL. The PCM datastore is implemented as a set of indexed flat files. The PCM management server is comprised of three Windows services. The PCM client collects network management information and stores it on the PCM management server.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 28 Which product integrated with PCM+ uses Network Behavior Anomaly Detection to detect attacks? A. B. C. D. E.
Mobility Manager Identity Driven Manager Network Access Controller Network Immunity Manager HP OpenView Network Manager
Answer: D Section: (none) Explanation/Reference:
QUESTION 29 Which statement is true about PCM or PCM+? A. B. C. D.
PCM+ is supported on Linux in addition to Windows. PCM is included at no cost with all ProCurve manageable devices. PCM is implemented as a Microsoft Management Console snap-in on Windows. PCM+ is intended as a complete replacement for the switch CLI and web management interfaces.
Answer: B Section: (none) Explanation/Reference:
QUESTION 30 Which products are supported as plug-ins to PCM+? (Select two.) A. B. C. D. E.
Policy Manager Mobility Manager Traffic Analysis Manager Secure Access Manager Network Immunity Manager
Answer: Section: (none) Explanation/Reference:
QUESTION 31 Which methods of traffic data collection supported by the Traffic Monitor involve examining packet headers? (Select two.) A. B. C. D. E.
vmstat sFlow PerfMon XRMON MIB-II statistics
Answer: BD Section: (none) Explanation/Reference:
QUESTION 32 Which statements are true about the operation of the Traffic Monitor? (Select three.) A. B. C. D. E.
sFlow traffic data are sent to the PCM+ management server using SSL. XRMON sends traffic statistics to the PCM+ management server using SNMP. Threshold-based alarms can be customized at the port level for each traffic metric. The Top Talkers graphical view can differentiate traffic volume due to data, voice, and video traffic. The HP ProCurve Traffic Launch Service must be running on the PCM+ management server for collected data to be processed.
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 33 Which statistical attributes are displayed by the Traffic Monitor? (Select two.) A. Frames/second
B. C. D. E.
Memory utilization Multicasts/second Min/max free buffers Packet size distribution
Answer: AC Section: (none) Explanation/Reference:
QUESTION 34 Which methods of traffic data collection are provided by the Traffic Monitor? (Select three.) A. B. C. D. E.
sFlow PerfMon XRMON load averaged MIB II statistics
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 35 Which detailed attribute does the Traffic Monitor's Top Talkers window allow you to examine for the utilization percentage statistic? A. Link errors B. Multicasts Answer: Section: (none) Explanation/Reference:
QUESTION 36 Which VLAN Manager capability is supported by PCM and PCM+? A. B. C. D.
Synchronizing VLAN names Viewing a graphical map of VLANs Deleting a VLAN from a single device Setting the maximum VLANs per device
Answer: B Section: (none) Explanation/Reference:
QUESTION 37
Which VLAN settings can be configured using the VLAN Manager? (Select two.) A. B. C. D. E.
Traffic mirroring Managed subnet IP helper address Multinetted IP addresses Secure Management VLAN
Answer: BD Section: (none) Explanation/Reference:
QUESTION 38 Which statements are true about the VLAN Manager? (Select two.) A. B. C. D. E.
A device can be enabled or disabled as an IGMP querier. The name of a VLAN can be synchronized across all devices. VRRP operation can be enabled or disabled on a single VLAN. A VLAN ACL can be applied to one or more devices in a VLAN. 802.1X port-access authentication can be enabled on one or more ports of a VLAN.
Answer: AB Section: (none) Explanation/Reference:
QUESTION 39 Which method can be used to access the PCM database externally? A. B. C. D. E.
XML SSH MMC ODBC MIB browser
Answer: D Section: (none) Explanation/Reference:
QUESTION 40 Which statement is true about external access to the PCM database? A. B. C. D.
Access is supported from the PCM management server station only. To access the database, a user must be authenticated through RADIUS. Read-write access is provided by default, but can be restricted to read only. To access the database, a PCM management user must have the necessary permission enabled.
Answer: Section: (none)
Explanation/Reference:
QUESTION 41 Which attributes can be referenced in an IDM Access Rule to determine the Access Profile that will apply? (Select two.) A. B. C. D. E.
Location Username Time period VLAN identifier 802.1X EAP method
Answer: AC Section: (none) Explanation/Reference:
QUESTION 42 Which attributes can IDM apply to a session after a user has been authenticated? (Select two.) A. B. C. D. E.
ACL Logout time QoS setting Broadcast limit Login session limit
Answer: AC Section: (none) Explanation/Reference:
QUESTION 43 Which object is equivalent to a Network Resource Access Rule in IDM? A. B. C. D.
Access Policy Group Access Control Entry Remote Access Policy Network Dial-in Restrictions
Answer: B Section: (none) Explanation/Reference:
QUESTION 44 Which statements are true about the PCM client? (Select two.) A. An SSL browser session is required to access the PCM user interface. B. The PCM user interface can be accessed from a Windows or Macintosh computer.
C. PCM allows only one simultaneous client connection; PCM+ allows an unlimited number. D. To download the PCM client using a web browser, you connect to port 8040 of the PCM management server. E. The PCM management server can use an IP address, DNS name, or shared secret to authorize a remote PCM client. Answer: DE Section: (none) Explanation/Reference:
QUESTION 45 What is required to use the automatic product registration feature in PCM? A. The devices to be registered must support SSH. B. The devices must be based on the ProVision ASIC hardware. C. The username and password of a My ProCurve account must be provided. Answer: Section: (none) Explanation/Reference:
QUESTION 46 Which statements are true about the registration and licensing of PCM and PCM+? (Select two.) A. B. C. D.
The registration ID is needed only if you are licensing PCM+. To generate a license for PCM or PCM+, you need to provide an installation ID. To download product updates for PCM and any plug-ins, the products must be registered. A license is automatically downloaded by the management server the first time a check for updates occurs. E. A licensed instance of PCM+ can be installed on up to one additional server for standby backup operations. Answer: AB Section: (none) Explanation/Reference:
QUESTION 47 Which information are you prompted for when running the PCM Installation Wizard? (Select three.) A. B. C. D. E. F.
DNS name or IP address of a RADIUS server IP address of a device to start discovery from SNMP version to be used for device management SSL port number to use for secure web management maximum number of switch and access points to be managed manager-level username and password used for switch access
Answer: BCF Section: (none)
Explanation/Reference:
QUESTION 48 Which statements are true about the PCM access.txt permissions file? (Select two.) A. B. C. D. E.
A range of IP addresses can be specified using CIDR notation. Only PCM+ clients using static IP addresses can be allowed access. Read-only or read-and-write access can be specified for each PCM client. By default, the file is empty, which allows access from the local PCM client only. Multiple PCM clients can be allowed access, based on a DNS domain name with a wildcard.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 49 Which criterion must be met for PCM to process received traps? A. B. C. D.
The SNMP trap receiver service must be started. The SNMP trap port must be enabled in the PCM Preferences tool. The IP address of each SNMP trap sender must be defined in PCM. The SNMP community string must be set to "public" in received traps.
Answer: D Section: (none) Explanation/Reference:
QUESTION 50 Which criterion can be specified when you use the Find Node tool to locate n end-user computer? A. B. C. D.
Slot ID of a switch MAC address of the client NetBIOS name of the client IP address of the PCM server
Answer: B Section: (none) Explanation/Reference:
QUESTION 51 Which statement is true about PCM custom groups? A. A given device can belong to, at most, one custom group. B. A device can be added to a custom group automatically or manually. C. To create a custom group, you must use the Configurable Integration Platform API.
D. A custom group is used to contain non-ProCurve devices that lack support for SNMP. Answer: B Section: (none) Explanation/Reference:
QUESTION 52 Which information is shown if the Find Node tool successfully locates a ProCurve switch? A. B. C. D.
System information summary List of connected neighbor devices Status of untagged and tagged ports Graphical representation of the front panel
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 Which statements are true about how PCM device access settings can be managed? (Select three.) A. B. C. D. E.
CLI parameters can be configured per device. SNMPv3 access can only be configured in PCM+. WebAgent access can be enabled or disabled globally. 802.1X, Web, or MAC authentication can be optionally enabled. Default SSH settings can be defined for each PCM administrator.
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 54 Which statements are true about the PCM live view of a device? (Select two.) A. B. C. D.
The Java Runtime Environment must be installed on the PCM client. The operating temperature and fan speeds of a device can be displayed. The device can be shut down or rebooted by clicking the emulated front panel buttons. It provides a graphical rendering of the front panel or rendering of the front and back panels.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 55 Which statement is true about PCM device groups?
A. The End-nodes group is used to hold edge switches and wireless APs. B. The Unknown device group is used to contain discovered devices that have become unreachable. C. If a ProCurve device is assigned to a custom group, it will be automatically removed from its default group. D. A product family-specific group is created below the Interconnect Devices folder when the first device instance is discovered. Answer: D Section: (none) Explanation/Reference:
QUESTION 56 Which criterion can be used to specify the source or target devices when configuring a policy using the Policy Manager? A. B. C. D.
Custom groups Software versions Dns names with a wildcard Ip addresses using CIDR notation
Answer: A Section: (none) Explanation/Reference:
QUESTION 57 Which file formats does the Policy Manager support for policies that generate reports? (Select three.) A. B. C. D. E. F.
CGI XML SQL CSV PDF HTML
Answer: DEF Section: (none) Explanation/Reference:
QUESTION 58 Which option can be specified when configuring a schedule-driven alert using the Policy Manager? A. B. C. D.
Sleep time, if no problems are detected Number of retries, if a device is unreachable Run at first opportunity, if a schedule is missed Allow only a PCM administrator level user to enable
Answer: C Section: (none)
Explanation/Reference:
QUESTION 59 When can you use the Policy Manager? (Select three.) A. B. C. D. E.
When taking an action in response to an alert notification When running a network consistency check report on-demand When performing periodic configuration scans for a group of devices When initiating endpoint integrity testing when a device connects to a switch port When synchronizing the PCM management users database with Active Directory
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 60 Which criteria can be specified when configuring an event-based alert using the Policy Manager? (Select two.) A. B. C. D. E.
User group DNS domain Message text Time duration IP address range
Answer: CD Section: (none) Explanation/Reference:
QUESTION 61 Which IGMP settings can be configured using the VLAN Manager? (Select two.) A. B. C. D. E.
Forced fast leave IP multicast mode Allocated bandwidth Multicast IP address Maximum members of multicast group
Answer: AB Section: (none) Explanation/Reference:
QUESTION 62 Which VLAN Manager capabilities are supported by both PCM and PCM+? (Select two.) A. Viewing a list of VLANs
B. C. D. E.
Adding a VLAN to multiple devices Viewing a graphical map of VLANs Deleting a VLAN from a single device Viewing authentication status of 802.1X ports
Answer: AC Section: (none) Explanation/Reference:
QUESTION 63 Which VLAN settings can be configured using the VLAN Manager? (Select two.) A. B. C. D. E.
Jumbo frames DHCP snooping Quality of service Ip configuration method Untagged or tagged port status
Answer: DE Section: (none) Explanation/Reference:
QUESTION 64 Which secure network management features are available in PCM+? (Select three.) A. B. C. D. E.
SSH switch access SNMPv3 switch access IPSec VPN tunnel to PCM+ SSL web interface to PCM+ RADIUS authentication of PCM+ administrators
Answer: ABE Section: (none) Explanation/Reference:
QUESTION 65 Which statement is true about the PCM client architecture? A. B. C. D.
The client can be installed on Windows, Linux, and Macintosh computers. The client can be installed on several types of computers without requiring a license. The client performs network data collection and stores the data on the management server. The client installation is initiated using a browser and connecting to port 443 of the management server.
Answer: B Section: (none) Explanation/Reference:
QUESTION 66 Which product integrated with PCM+ can dynamically assign an ACL to a switch port? A. B. C. D.
Mobility Manager Identity Driven Manager Network Node Manager Network Access Controller
Answer: B Section: (none) Explanation/Reference:
QUESTION 67 Which statement is true about licensing options for PCM+ and its upported plug-ins? A. B. C. D.
Identity Driven Manager licensing is based on the number of users managed. Mobility Manager licensing is based on the number of wireless clients managed. ProCurve Manager Plus licensing is based on the number of installed instances. Network Immunity Manager licensing is based on the number of NAC 800s managed.
Answer: A Section: (none) Explanation/Reference:
QUESTION 68 Which products are supported as plug-ins for PCM+? (Select two.) A. B. C. D. E.
Events Manager Identity Driven Manager Network Immunity Manager Device Configuration Manager Vulnerability Database Manager
Answer: BC Section: (none) Explanation/Reference:
QUESTION 69 Which features are only available in PCM+? (Select three.) A. B. C. D. E.
Events browser Custom device groups Configuration templates Sflow traffic monitoring Configurable Integration Platform
Answer: CDE Section: (none) Explanation/Reference:
QUESTION 70 You have set the Prefer the latest version parameter in the Preferences window. Which additional step must you take to ensure that you can install the most recent software updates? A. B. C. D.
Download the procurve_firmware.prp file using the Preferences window. Modify the PCM permissions file to allow access to the ProCurve support site. Define a policy using the Policy Manager that will download the software image files. Determine the current device software versions using the Configuration Manager scan tool.
Answer: A Section: (none) Explanation/Reference:
QUESTION 71 Which capability does PCM+ support for managing ProCurve device software updates? A. The PCM+ management server can periodically download a software versions list to determine if updates are available. B. ProCurve switches that support the PCM+ Policy Manager can be scheduled to check the ProCurve download FTP site directly. C. Software image files can be downloaded directly to a USB drive on switches that support them and scheduled for installation at a later time. D. Checking for software updates to PCM+ and its plug-ins includes retrieving any available software updates for currently discovered devices. Answer: A Section: (none) Explanation/Reference:
QUESTION 72 Which capabilities are supported by the Software Update Wizard? (Select three.) A. B. C. D. E.
Optional device reboot after updating Automated rollback of a failed update Selection of primary or secondary flash Scheduled installation of a software update Configuration consistency check after updating
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 73 Which CIP file type must be configured to add a non-ProCurve device to PCM? A. B. C. D.
Object identifier Trap configuration User-defined action User-interface trigger
Answer: A Section: (none) Explanation/Reference:
QUESTION 74 You have a device that is not natively supported by PCM. You want to allow PCM to manage it. You have decided to use the CIP to take advantage of the device management capabilities of PCM. What is an example of a PCM capability that can be provided for the device through the CIP? A. B. C. D.
Loading the XRMON agent onto the device Adding IDM attributes that can be applied to device ports Defining the custom group to which the device is assigned Using the Instrumentation Monitor to collect performance data from the device
Answer: C Section: (none) Explanation/Reference:
QUESTION 75 Which CIP file type references the Action ID that is defined in the user-defined action file? A. B. C. D.
Global property Object identifier Trap configuration User-interface trigger
Answer: D Section: (none) Explanation/Reference:
QUESTION 76 What can the Configuration Manager use to transfer a configuration file between the PCM management server and a device? (Select two.) A. B. C. D. E. F.
SSL FTP Telnet SCP TFTP FTPS
G. HTTP Answer: DE Section: (none) Explanation/Reference:
QUESTION 77 Which type of information does the Configuration Manager allow you to export for a previously discovered device? A. B. C. D.
System performance statistics Authentication status of 802.1X ports Software version and boot ROM version Percentage of ports connected during a time period
Answer: C Section: (none) Explanation/Reference:
QUESTION 78 Which CLI command is equivalent to using the Commit to flash option of the Configuration Manager's CLI Wizard? A. B. C. D.
Reload Write memory Copy flash flash Boot system flash primary
Answer: B Section: (none) Explanation/Reference:
QUESTION 79 How many configuration files can be compared at the same time using PCM+ if each one is from a different device? A. B. C. D. E.
Zero Two Three Four Five
Answer: B Section: (none) Explanation/Reference:
QUESTION 80 Which device management capabilities are supported by the Configuration Manager? (Select three.) A. B. C. D. E.
Restoring a configuration to a switch Changing the discovery seed device Comparing the configuration files of two different switches Applying a configuration template to a newly discovered switch Triggering an alert after a specified number of configuration file saves
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 81 Which statements are true about the XRMON and sFlow methods used by the Traffic Monitor? (Select two.) A. B. C. D. E.
Layer 2, 3, and 4 packet headers are examined by each method. XRMON is an IETF standard that has been derived from the sFlow method. Each method requires that an agent be individually installed on the PCM+ management server. The results displayed in the Traffic Monitor are equivalent for data collected using either method. Wirespeed performance is achieved on high-end switches because the methods are implemented in software.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 82 Which statements are true about the RMON Manager? (Select three.) A. B. C. D. E.
Alarm thresholds can be configured at the port level. It provides the same traffic data as sFlow and XRMON. It provides statistics that include packet size distribution. It is an optional plug-in that is separate from the Traffic Monitor. It operates based on rising and falling threshold levels being detected.
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 83 Which method of traffic data collection supported by the Traffic Monitor includes the equivalent information provided by MIB-II counters? A. vmstat B. sFlow C. PerfMon
D. NetFlow Answer: B Section: (none) Explanation/Reference:
QUESTION 84 Which detailed attribute does the Traffic Monitor's Top Talkers window allow you to examine for the utilization percentage statistic? A. B. C. D.
Runts Unicasts Link errors Sources or destinations
Answer: D Section: (none) Explanation/Reference:
QUESTION 85 Which methods of traffic data collection supported by the Traffic Monitor use a sampling technique? (Select two.) A. B. C. D. E.
sFlow virtMon XRMON Load averaged MIB II statistics
Answer: AC Section: (none) Explanation/Reference:
QUESTION 86 Which method can be used to access the PCM database externally? A. B. C. D.
SSH MMC v2 MySQL CLI MIB browser
Answer: C Section: (none) Explanation/Reference:
QUESTION 87
Which type of database architecture does the PCM database use? A. B. C. D.
Relational Networked Linked files Double linked list
Answer: A Section: (none) Explanation/Reference:
QUESTION 88 Which configuration task must you perform to use an event-driven policy? A. B. C. D.
Create an alert. Define a schedule. Assign a custom group. Customize event messages.
Answer: A Section: (none) Explanation/Reference:
QUESTION 89 Which delivery methods does the Policy Manager support for policies that generate reports? (Select two.) A. B. C. D. E.
FTP Email SCP HTTP Secure tunnel
Answer: AB Section: (none) Explanation/Reference:
QUESTION 90 Which criteria can be specified when configuring an event-based alert using the Policy Manager? (Select two.) A. B. C. D. E.
OID value Timestamp Software version IP address range Message severity
Answer: AE Section: (none)
Explanation/Reference:
QUESTION 91 Which criterion can be specified when configuring a schedule-driven alert using the Policy Manager? A. B. C. D.
The days of the week and a time for each day that a policy can run The maximum occurrences that a policy can run, after which it will be disabled The minimum number of occurrences a policy must run in a configurable time period The upper limit on the elapsed execution time of a policy, after which it will be queued again
Answer: B Section: (none) Explanation/Reference:
QUESTION 92 Which Policy Manager option can be configured using the Preferences window? A. B. C. D.
Forwarding policy events generated during policy execution as traps Performing virus scanning before committing changes made by a policy Checking for device software updates after a threshold error limit is reached Logging actions that would be taken by policies, but do not allow device configuration changes
Answer: D Section: (none) Explanation/Reference:
QUESTION 93 You are deploying IDM in a network that will include a ProCurve 5406zl switch and Microsoft IAS. Which protocols are supported by the switch for communication with the RADIUS server that authenticates 802.1X supplicants? (Select two.) A. B. C. D. E.
EAP-RADIUS MD5-RADIUS CHAP-RADIUS PAP-SPAP-RADIUS MS-CHAPv2-RADIUS
Answer: AC Section: (none) Explanation/Reference:
QUESTION 94 Which attributes can be referenced in an IDM Access Rule to determine the Access Profile that will apply? (Select two.) A. Username
B. C. D. E.
IP address WLAN SSID Operating system Endpoint integrity status
Answer: CE Section: (none) Explanation/Reference:
QUESTION 95 Which attributes can IDM apply to a session after a user has been authenticated? (Select two.) A. B. C. D. E.
User group Logout time VLAN identifier Ingress rate limit Egress rate limit
Answer: Section: (none) Explanation/Reference:
QUESTION 96 What must you do if the IDM management server operates with a remote RADIUS server? A. B. C. D.
Import the RADIUS remote access policies into IDM. Define the IDM management server as a RADIUS client. Specify the IP address of the RADIUS server in the access.txt file. Configure the shared secret of the RADIUS server in the IDM Preferences window.
Answer: C Section: (none) Explanation/Reference:
QUESTION 97 Which IDM options can be enabled or disabled using the IDM Preferences window? (Select two.) A. B. C. D. E.
radius server support endpoint integrity support Macintosh platform support 802.1X user authentication Automatic configuration deployment to IDM agents
Answer: BE Section: (none) Explanation/Reference:
QUESTION 98 Which authentication mechanisms are supported on an edge device when used with IDM? (Select two.) A. B. C. D. E.
Web WPA 802.1X Local user Switch-to-switch
Answer: AC Section: (none) Explanation/Reference:
QUESTION 99 Which data sources can be used for importing users into IDM? (Select three.) A. B. C. D. E.
XML CSV HTML LDAP Active Directory
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 100 Which statements are true about the implementation of PCM+ and IDM? (Select two.) A. B. C. D.
The PCM+ access.txt file is used to authorize access from remote PCM clients. Deploying the IDM configuration involves sending updates to selected IDM agents. The IDM management server cannot be installed on the same system as the IDM agent. A PCM management user must have the IDM permission enabled to edit the IDM configuration.
Answer: Section: (none) Explanation/Reference:
QUESTION 101 Which criterion can be specified when you use the Find Node tool to locate an access point? A. B. C. D.
SSID WLAN VLAN ID IP address
Answer: D Section: (none) Explanation/Reference:
QUESTION 102 Which criteria can be specified when using the Node to Node Path Trace tool? (Select three.) A. B. C. D. E. F. G. H.
DNS NAMES Device types IP addresses Search all paths MAC addresses Subnet addresses Maximum Layer 3 hops Strict source routing paths
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 103 Which actions can be initiated within the PCM Live View window of a device? (Select two.) A. B. C. D.
Access the CLI Display an ACL Quarantine a port Disable or enable a port
Answer: AD Section: (none) Explanation/Reference:
QUESTION 104 Which switch feature can be configured using the PCM Port List window? A. B. C. D.
Meshing Port security Virus throttling Authentication method
Answer: C Section: (none) Explanation/Reference:
QUESTION 105 Which criteria can be used to assign a device to a custom group when it is discovered? (Select two.)
A. B. C. D. E.
Port speeds Product class Contact name Number of ports Mac address range
Answer: BC Section: (none) Explanation/Reference:
QUESTION 106 Which device group folder is used when assigning devices through the Configurable Integration Platform API? A. B. C. D.
Others End-nodes Unknown Devices User-defined Devices
Answer: D Section: (none) Explanation/Reference:
QUESTION 107 Which statement is true about the PCM live view of a device? A. B. C. D.
The WebAgent must be enabled on the device. It provides a summary of key performance indicators. It includes indicators for the operating temperature and fan speeds of a device. For a modular switch, a module can be taken offline by clicking the emulated front panel slot.
Answer: A Section: (none) Explanation/Reference:
QUESTION 108 PCM creates graphical maps after the completion of which discovery phase? A. B. C. D.
ARP Topology Config scan VLAN discovery
Answer: D Section: (none) Explanation/Reference:
QUESTION 109 Which options can be configured for a PCM management user? (Select two.) A. B. C. D. E.
Disable idle logout timer Use only RADIUS authentication Require confirmation of device changes Grant external access to PCM database Restrict viewing and access to devices by type
Answer: BD Section: (none) Explanation/Reference:
QUESTION 110 Which protocol does the Ping Sweep phase of PCM discovery use to query all devices in a managed subnet? A. B. C. D.
ARP LLDP VRRP SNMP
Answer: D Section: (none) Explanation/Reference:
QUESTION 111 Which statement is true about management user types supported in PCM? A. B. C. D.
Any user can change his own password without restrictions. The no permissions user type is used to temporarily disable a user's access to PCM. The minimum length of a password is eight characters and must contain at least one special character. At most, one administrator user type can be defined, but an unlimited number of other user types can be defined.
Answer: A Section: (none) Explanation/Reference:
QUESTION 112 Which management user profiles are defined in PCM? (Select two.) A. Operator B. Super user C. System level
D. No permissions E. Device Manager Answer: AD Section: (none) Explanation/Reference:
QUESTION 113 Which statements are true about the registration and licensing of PCM or PCM+? (Select two.) A. B. C. D.
Each installation instance of PCM results in a new installation ID. For PCM+, the license key is based on the registration ID and installation ID. PCM+ features become unavailable in the user interface after 90 days if a license is not installed. The automatic device registration feature is used to maintain compliance with the number of licensed PCM+ clients.
Answer: AB Section: (none) Explanation/Reference:
QUESTION 114 Which statement is true about the PCM automatic updates feature? A. B. C. D.
Updates can be scheduled, based on the day of the week and time of day. PCM services must be stopped before initiating updates from the local download folder. For updates to be installed from a local folder, the files must be extracted from the bundled file. When PCM services are stopped during an update, PCM is unable to process any SNMP traps.
Answer: D Section: (none) Explanation/Reference:
QUESTION 115 Which information are you prompted for when running the PCM Installation Wizard without optional plug-ins selected? (Select three.) A. B. C. D. E. F.
Default domain or realm Registration ID and license key Whether HTTP proxy will be used Password for PCM+ administrator Use of telnet or SSH for default mode of CLI access User groups to import from Active Directory or an LDAP server
Answer: CDE Section: (none) Explanation/Reference:
QUESTION 116 Which file must be configured on the PCM management server to authorize a remote PCM client? A. B. C. D.
Registry Access.txt Pcmclient.db Authorize.cfg
Answer: B Section: (none) Explanation/Reference:
QUESTION 117 Which statement is true about installation of PCM+? A. A SQL server must be installed and running prior to initiating the PCM+ installation. B. The installation of Mobility Manager with PCM+ requires the use of a local or remote RADIUS server. C. Optionally, the local PCM+ client can be installed as an MMC snap-in on the PCM+ management server. D. When installed on the same system as HP OpenView Network Node Manager, PCM+ installs itself as a plug-in. E. Plug-in components can be installed on the same server as PCM+ or as standalone applications on a separate server. Answer: D Section: (none) Explanation/Reference:
QUESTION 118 Where is the information stored that is displayed in the Events browser? A. B. C. D.
Alarms Log Events Table Device Syslog Alerts Database
Answer: B Section: (none) Explanation/Reference:
QUESTION 119 Which statements are true about the management of PCM events? (Select two.) A. B. C. D.
The percentage of events maintained can be configured per severity level. Acknowledging an event causes PCM to send a trap to the specified device. By default, archived events are saved to the FTP server defined in the Preferences tool. When the maximum number of events is reached, the events are automatically archived.
E. Event filtering allows PCM to drop received traps matching specified criteria during high traffic periods. Answer: AD Section: (none) Explanation/Reference:
QUESTION 120 How many configuration files from a single device can be compared at the same time using PCM+? A. B. C. D.
Two Three Four Five
Answer: A Section: (none) Explanation/Reference:
QUESTION 121 Which statements are true about the operation of the PCM discovery process? (Select two.) A. B. C. D. E.
A discovered device must support SNMPv3 to be managed by PCM. PCM automaticaily excludes a discovered device if excessive traffic flow is detected. The management server can assign itself as a trap receiver on a discovered device. By default, supported ProCurve devices are assigned to the Interconnect Devices folder. A list of managed subnets is generated, based on the interfaces of each discovered router.
Answer: CD Section: (none) Explanation/Reference:
ProCure Security 7.31 Number: HP0-Y11 Passing Score: 800 Time Limit: 120 min File Version: 1.0 H P HP0-Y11 ProCure Security 7.31 132 Q&A Version 2.73
Exam A QUESTION 1 Which EAP methods support authentication of an 802.1X supplicant based on a user's name and password? (Select two.) A. B. C. D. E. F.
SIM TLS TTLS SPAP PEAP CHAP
Answer: CE Section: (none) Explanation/Reference:
QUESTION 2 Which statements describing Web authentication support on ProCurve switches are correct? (Select two.) A. B. C. D.
An SSL-based login is required. It can be configured on ports that also have MAC authentication assigned. A successfully authenticated user can be redirected to a configurable URL. The switch's built-in DHCP, ARP, and DNS services assist with Web authentication while a port is in the authenticating state. E. When a client connects to a Web authenticator port and a Web browser is opened, the Web browser is automatically redirected to the switch's Web-Auth home page. Answer: CD Section: (none) Explanation/Reference:
QUESTION 3 Which EAP method is considered the least secure solution for implementing 802.1X user authentication on a wireless LAN? A. B. C. D. E. F.
SIM MD5 TTLS FAST LEAP PEAP
Answer: B Section: (none) Explanation/Reference:
QUESTION 4 What is a capability of the Secure Access Wizard supported by ProCurve Identity Driven Manager?
A. B. C. D.
It configures 802.1X authenticator ports and RADIUS server settings on a switch. It verifies the integrity of the ProCurve Identity Driven Manager database using Active Directory. It conceals all security-related credentials stored in the switch configuration before backing up the file. It checks a switch configuration file's 802.1X, Web, or MAC authentication settings for consistency and reports any errors.
Answer: A Section: (none) Explanation/Reference:
QUESTION 5 You want to use 802.1X port-access authentication to assign Microsoft Active Directory users to a particular VLAN based on user credentials. Which condition must exist? A. B. C. D.
The VLAN ID must exist on the switch. The VLAN ID must be defined in a GVRP configuration. The port through which the user is authenticating must be defined as a member of the VLAN. The user must be a member of an Active Directory Group that has an associated RADIUS remoteaccess policy.
Answer: A Section: (none) Explanation/Reference:
QUESTION 6 Click the Exhibit button. The RADIUS server and switch are correctly configured. The switch has the VLAN assignments and portaccess commands configured, as shown in the diagram. What happens to port 10 after the user connects to the network?
A. B. C. D.
remains in an unauthorized state becomes a member of VLAN 20 becomes a member of VLAN 25 becomes a member of VLAN 200
Answer: D Section: (none) Explanation/Reference:
QUESTION 7 Which statements describing the 802.1X user authentication process are correct? (Select two.) A. The supplicant and authentication server must support the same EAP method for the authentication process to proceed. B. A switch passes EAP messages between the supplicant and authentication switch without modification or translation. C. After a RADIUS server confirms a user is authenticated, the switch sends an EAP-Success message and sets the port state to authorized. D. Different RADIUS servers must be configured on the switch if authentication of both switch management users and 802.1X supplicants will be performed. E. If a supplicant receives an EAP-Request message specifying a particular EAP method to be supported, the authentication session is closed if the supplicant does not support that EAP method. Answer: AC Section: (none) Explanation/Reference:
QUESTION 8 Which statement describing Web authentication support on the ProCurve Switch 5400zl series is correct? A. B. C. D.
User credentials or a digital certificate can authenticate the client. It is mutually exclusive of other authentication methods on the same port. After successful user authentication, a port is assigned to a VLAN based on an order of priority. If a port is configured to support multiple users, different static untagged VLANs can be assigned concurrently.
Answer: C Section: (none) Explanation/Reference:
QUESTION 9 What is an operational difference between the TLS and MD5 EAP methods? A. TLS uses a challenge/handshake mechanism for authentication; MD5 uses certificates for authentication. B. TLS uses a challenge/handshake mechanism for authentication and encryption; MD5 uses certificates for authentication and encryption. C. TLS uses digital certificates for mutual authentication; MD5 uses a challenge/handshake mechanism to authenticate the client to the server. D. TLS uses a name and password along with digital certificates to produce a session key; MD5 uses a name and password to produce a session key. Answer: C Section: (none) Explanation/Reference:
QUESTION 10 Which statements describing MAC authentication on ProCurve switches are correct? (Select two.) A. B. C. D.
It can be configured on the same port with Web authentication and 802.1X authentication. The device's MAC address is sent to the RADIUS server as the user name and password. The switch's built-in DHCP server initially assigns an IP address in the 192.168.0.0 private subnet. The switch automatically initiates user authentication of a device when the device communicates on a MAC authenticator port. E. Configuration involves defining ports as MAC authenticators, the RADIUS authentication protocol to use, and then activating the ports for MAC authentication operation. Answer: BD Section: (none) Explanation/Reference:
QUESTION 11 Which statement describing dynamic VLAN assignment for 802.1X authenticator ports on ProCurve switches is correct?
A. B. C. D.
If a GVRP-learned VLAN is used, the RADIUS server must specify that attribute. The VLAN used may be statically defined on the switch or learned through GVRP. If a client fails authentication, the port is reassigned to the Secure Management VLAN. If a client is authenticated, but no VLAN attribute is returned by a RADIUS server, the switch blocks the port.
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 Which two EAP methods support tunneling of a weaker authentication method such as MS-CHAPv2? A. B. C. D.
TLS and SIM PAP and SPAP LEAP and FAST PEAP and TTLS
Answer: D Section: (none) Explanation/Reference:
QUESTION 13 Which protocols are supported by a ProCurve switch for communication with a RADIUS server that is used to authenticate 802.1X supplicants? (Select two.) A. B. C. D. E.
EAP-RADIUS MD5-RADIUS CHAP-RADIUS PAP-SPAP-RADIUS MS-CHAPv2-RADIUS
Answer: AC Section: (none) Explanation/Reference:
QUESTION 14 You have ProCurve Identity Driven Manager currently deployed in your network and have recently modified an Access Profile. Which task should you perform next? A. B. C. D. E. F.
Restart the IDM Agent. Deploy the configuration. Run the Secure Access Wizard. Update the Access Policy Groups. Start Active Directory synchronization. Rediscover switches affected by the changes.
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 Which statements describing the ProCurve switch debug facility are correct? (Select two.) A. B. C. D.
The instrumentation monitor must be enabled first. Specific debug message categories can be selectively enabled. The debug destinations can be set to a session window and a Syslog server concurrently. Debug messages have the same format as standard Event Log messages including the event type and timestamp.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 16 You have just installed two ProCurve 5406zl switches, one on the second floor and one on the third floor of your office. You are using 802.1X for port-access authentication. All users have an 802.1X supplicant installed on their computers and you have configured a RADIUS server with a remote access policy for each floor. Shortly after connecting the computers, users on the second floor report that they cannot access any network resources. You can ping the RADIUS server from both switches, but when you check the RADIUS log, you see authentication requests coming only from the third floor switch. Why are the second floor users unable to connect to the network? A. The IP address of the RADIUS server has not been configured on the second floor switch. B. The second floor computers are using the wrong EAP type for authentication with the RADIUS server. C. The shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS server. D. No default gateway has been configured on the second floor switch, therefore no authentication requests can reach the RADIUS server. Answer: A Section: (none) Explanation/Reference:
QUESTION 17 A customer calls you and describes a switch management access problem involving SSH. The customer indicates that he is denied access after supplying the login credentials. The customer is using a RADIUS server for centralized authentication, and has used the ping command to verify that the SSH client, switch, and RADIUS server are all reachable. What is a potential cause of this problem? A. B. C. D.
A self-signed digital certificate has not been installed on the switch. SSH has not been configured for the login access level on the switch. A remote-access policy on the RADIUS server has not been configured to support the CHAP protocol. The digital certificate of the public Certificate Authority used by the switch has not been installed in the SSH client.
Answer: C
Section: (none) Explanation/Reference:
QUESTION 18 Authentication of switch management or general network users can involve multiple network components. Which statement describing these network components is correct? A. A user directory server operates as the policy enforcement point. B. The authentication server is also known as the policy decision point. C. A ProCurve switch functions as a policy repository for switch management access using a remote user account. D. A RADIUS access-accept message is used by a client to acknowledge authentication settings assigned by the server. Answer: B Section: (none) Explanation/Reference:
QUESTION 19 A university shares a core routing switch between two departments. Each department has a separate ProCurve edge switch deployed and neither department wants the other to have management access to their respective switch. Which security measures can prevent management access by the respective departments? (Select three.) A. B. C. D. E.
Enable the Privilege Mode option. Configure Authorized IP Managers. Define Secure Management VLANs. Implement Command Authorization. Use RADIUS authentication with separate policies.
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 20 Network security can be described in terms of multiple layers of security. Which action describes a perimeter security measure? A. B. C. D.
limiting switch access to SSH deploying 802.1X authentication installing an Intrusion Prevention System using a secure operating system for network applications
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 What are infrastructure defense capabilities provided by the ProCurve ProActive Defense network security solution? (Select four.) A. B. C. D. E. F.
virus throttling device hosting ICMP throttling host-based IPS dynamic ARP protection DHCP spoofing protection
Answer: ACEF Section: (none) Explanation/Reference:
QUESTION 22 What is the benefit of saving the DHCP Snooping binding database that contains IP address to MAC address mappings? A. B. C. D.
It will be available after a reboot of the switch. It conserves switch ASIC memory resources. It allows the switch to determine if a DHCP server is a rogue system. It protects the switch from rogue DHCP servers while the switch is rebooting.
Answer: A Section: (none) Explanation/Reference:
QUESTION 23 Which statement describing the MAC Lockdown feature supported on the ProCurve Switch 5400zl series is correct? A. A MAC address can be locked down to one or more trunks. B. It is enforced at the network edge by configuring the feature globally on a core switch. C. Once a port becomes locked down, the network administrator must disable and then re-enable the port to connect another device. D. To be locked down, a device with a specified MAC address must access the network by passing through the assigned port and VLAN. Answer: D Section: (none) Explanation/Reference:
QUESTION 24 Which statement describing standard and extended ACLs on the ProCurve Switch 5400zl series is correct? A. An extended ACL supports filtering on both source and destination TCP/UDP ports, while a standard ACL supports only source TCP/UDP ports.
B. Standard and extended ACLs can both specify TCP/UDP ports, but only an extended ACL can specify the precedence and type of service identifiers. C. A standard ACL can specify only a filter based on a destination IP address, while an extended ACL can specify both source and destination IP addresses. D. An extended ACL can filter traffic from a source TCP/UDP port to a destination IP address, while a standard ACL filters only traffic based on the source IP address. Answer: D Section: (none) Explanation/Reference:
QUESTION 25 Which statement describes the type of traffic that a VLAN ACL (VACL) filters? A. B. C. D. E.
IP traffic routed between different VLANs routed or switched IP traffic leaving a static VLAN IP traffic entering a physical port, port list, or static trunk IP traffic routed between different subnets of the same VLAN switched IP traffic moving between ports belonging to the same VLAN
Answer: E Section: (none) Explanation/Reference:
QUESTION 26 To provide maximum security when deploying DHCP Snooping on a ProCurve switch, which configuration tasks should be performed on the switch for a local DHCP server? (Select two.) A. B. C. D. E.
Specify the subnets associated with the scopes. Enable encryption for the IP address lease database. Define the port connecting to the DHCP server as trusted. Define the DHCP server's IP address as an authorized server. Configure the optional authorization protocol used to communicate with the DHCP server.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 27 Which statements describing ACLs on the ProCurve Switch 5400zl series are correct? (Select two.) A. B. C. D. E.
A sequence number is used for each Access Control Entry. Criteria may include Layer 2, Layer 3, and Layer 4 identifiers. Each new Access Control Entry is appended to the beginning of the list. It can filter IP traffic to or from a host, a group of hosts, or entire subnets. It can be assigned to the console port, a physical port, a static trunk, or a VLAN interface.
Answer: AD
Section: (none) Explanation/Reference:
QUESTION 28 Which configuration steps must you perform to implement the ProCurve Dynamic ARP protection feature on a switch? (Select three.) A. B. C. D. E. F.
Enable it globally. Define trusted ports. Activate it on one or more VLANs. Enable validation of source MAC addresses. Allocate the IP-to-MAC address binding database. Specify the valid MAC address formats supported.
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 29 What is a benefit of the ProCurve BPDU Protection feature? A. It eliminates the need for a topology change when a port's link status changes. B. It ignores received BPDUs and does not send its own BPDUs on designated ports. C. It protects the active spanning-tree topology by preventing spoofed BPDUs from entering the spanningtree domain. D. It prevents a spanning-tree port from changing between various operational states during a broadcast storm or when a loop is detected. Answer: C Section: (none) Explanation/Reference:
QUESTION 30 Which action or configuration step should you take when implementing remote mirroring using the ProCurve Traffic Mirroring feature? A. B. C. D.
enabling jumbo frames configuring a connection-rate filter enabling SNMP message throttling enabling the instrumentation monitor
Answer: A Section: (none) Explanation/Reference:
QUESTION 31
Which sources can be specified for the ProCurve Traffic Mirroring feature? (Select three.) A. B. C. D. E. F.
trunk VLAN port group network port console port LLDP-MED identifier
Answer: ABD Section: (none) Explanation/Reference:
QUESTION 32 Which Port Security learn mode is used in conjunction with 802.1X to temporarily learn a MAC address of an 802.1X authenticated session? A. B. C. D. E.
static configured continuous port-access limited-continuous
Answer: D Section: (none) Explanation/Reference:
QUESTION 33 You are the network administrator for an organization with a security policy that limits network access to specific computers. Which restriction can you specify if you enable Port Security on ProCurve edge switches? A. B. C. D.
list of permitted MAC addresses per switch single specific permitted MAC address per port single permitted user name and password pair per port list of permitted user name and password pairs per switch
Answer: B Section: (none) Explanation/Reference:
QUESTION 34 You are configuring an ACL and want to identify all addresses in the range: 10.1.32.0 through 10.1.47.255 that have a common value in the first 20 bits. Which format represents the correct ACL mask that could be used? A. 10.1.32.0 0.0.0.255 B. 10.1.32.0 0.0.15.255
C. 10.1.32.0 0.0.20.255 D. 10.1.32.0 0.0.240.255 E. 10.1.32.0 0.0.255.255 Answer: B Section: (none) Explanation/Reference:
QUESTION 35 When using DHCP Snooping, which action can the switch perform if a client sends a DHCP message with option 82 set? A. B. C. D. E.
Send a negative acknowledgement to the client. Remove the option 82 field and relay the DHCP message. Block the client's port and log a message in the Intrusion Log. Replace the field with the switch's MAC address and the source port identifier. Simulate a DHCP response to the potential rogue client using the internal DHCP server on the switch.
Answer: D Section: (none) Explanation/Reference:
QUESTION 36 The network administrator of a university realizes that students in campus housing buildings are connecting wireless access points and small-scale switches to the network. The administrator wants to limit a particular port to one MAC address at a time, but is not concerned about the actual address. Which security feature provides flexibility while effectively limiting a port to a single MAC address at a time? A. B. C. D.
802.1X MAC authentication MAC Lockout learn mode static MAC Lockdown learn mode continuous Port Security learn mode limited-continuous
Answer: D Section: (none) Explanation/Reference:
QUESTION 37 How does the ProCurve Connection-rate Filtering feature operate? A. When the aggregate flow of packets sent over a trunk or list of ports reaches a threshold, selected packets are dropped. B. When a source IP address generates a rate of connection requests to multiple destinations that exceeds a threshold, a configured action is applied. C. When the number of TCP SYN requests sent to any one of the switch's management interfaces exceeds a configured limit, the source port is disabled. D. When an excessive number of source IP addresses attempt to create a Denial of Service attack on a given destination IP address, the source ports are throttled.
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 Which statement describing the ProCurve Connection-rate Filtering feature is correct? A. B. C. D.
The connection-rate filter sensitivity is configurable on a per-port basis. It protects against both known and unknown threats, but requires intrusion signature updates. It uses the Traffic Monitoring feature to determine whether traffic activity represents an intrusion. A connection-rate ACL can be used to allow some or all inbound traffic through a port that has been throttled or blocked.
Answer: D Section: (none) Explanation/Reference:
QUESTION 39 Which statements describing a static port ACL are correct? (Select two.) A. B. C. D. E.
It can be implemented as an extended ACL only. Adding a port to a trunk applies the trunk's ACL configuration to the new member. It is useful where clients with differing access needs are likely to use the same port. Can be conditionally assigned to a port based on the connecting device's MAC address. It filters any inbound IP traffic on the designated port, regardless of whether it is switched or routed.
Answer: BE Section: (none) Explanation/Reference:
QUESTION 40 Which statements describing the ProCurve SNMP Message Throttling feature are correct? (Select two.) A. Message throttling can be enabled or disabled based on the event severity level. B. The amount of time that repeating events are throttled depends on the severity level. C. Messages are throttled based on having the same severity level and the duration between repeated messages. D. It controls the rate that SNMP traps are sent to one or more trap receivers and messages are sent to the switch Event Log. E. If a given type of event continues to occur after a configurable number of cycles, generation of subsequent messages are disabled until the administrator unblocks them. Answer: BD Section: (none) Explanation/Reference:
QUESTION 41 Which statements describe capabilities of the ProCurve Instrumentation Monitor? (Select two.) A. B. C. D. E. F.
The anomaly detection engine can detect zero-day attacks. Alerts can be sent to the switch Event Log or to SNMP trap receivers. It supports integration with the ProCurve Manager Traffic Monitor component. Predefined threshold levels can be used or specific values can be set for thresholds. Ports are automatically blocked if the number of intrusions of a given category is exceeded. System resource usage based on 802.1X, Web, and MAC authentication sessions can be monitored.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 42 What is the purpose of defining IP-to-MAC address bindings on a ProCurve switch that has Dynamic ARP Protection enabled? A. B. C. D. E.
to specify clients connected to untrusted ports to lock down the switch's IP addresses to its base MAC address to identify devices that do not use DHCP, but have a static IP address assigned to provide security on those ports where different clients may connect over time to protect uplink ports that connect to other switches that do not support Dynamic ARP Protection
Answer: C Section: (none) Explanation/Reference:
QUESTION 43 Under which condition should the ProCurve BPDU Filtering feature be enabled on a port? A. B. C. D.
The port is not at risk of receiving spoofed BPDUs. The port exhibits excessively high data utilization rates. You do not want the port to participate in BPDU communications. The port receives an abnormally high number of BPDUs due to frequent topology changes.
Answer: C Section: (none) Explanation/Reference:
QUESTION 44 Various ProCurve switches support the Privileged Mode feature for switch management users authenticated through RADIUS. Which benefit does this feature provide when enabled? A. It automatically provides manager-level access to an authenticated user. B. It provides an SNMPv3 user with read/write access to the switch authentication MIB. C. It allows an unauthenticated user to issue the enable command without requiring a local password.
D. It enables an authenticated user with operator-level access to view security credentials stored in the switch configuration file. Answer: A Section: (none) Explanation/Reference:
QUESTION 45 When designing a Secure Management VLAN, which ProCurve solution should an administrator implement at the core and Layer 2 edge devices for greater security? A. Enable Secure Management VLANs to provide security at the core and at the Layer 2 switches; ACLs are not required. B. Configure a separate management network with dedicated ports to isolate all management traffic at the core and at the Layer 2 switches. C. Enable Secure Management VLANs to provide security at the core; apply an IP address only to the core switch, and use ACLs at the Layer 2 switches. D. Use ACLs to provide security at the core; enable Secure Management VLANs at the Layer 2 switches, and apply IP address only to the Secure Management VLAN. Answer: D Section: (none) Explanation/Reference:
QUESTION 46 Which front panel security features are enabled by default? (Select three.) A. B. C. D. E. F.
factory-reset reset-on-clear password-clear include-credentials password-recovery flash-memory-protection
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 47 You are the manager of several IT staff members who have the authority to make configuration changes to ProCurve 3500yl switches deployed within your organization. How can you centralize authentication of IT staff members who log in to the switches with manager privileges? A. Define a unique manager account for each IT staff member on each switch. B. Configure RADIUS accounting services on the server to record each manager login event. C. Leverage existing directory services by importing the team members' user name/password pairs to the local user database of each switch. D. Configure the switches to use a RADIUS server that accesses the existing user directory, and configure the server to accept authentication requests from the switches.
Answer: D Section: (none) Explanation/Reference:
QUESTION 48 To configure RADIUS authentication of switch management users on a ProCurve switch, the RADIUS server must support unencrypted authentication using which protocol? A. B. C. D. E. F.
HTTP PEAP CHAP MS-CHAP PAP or SPAP MD5 or SHA-1
Answer: E Section: (none) Explanation/Reference:
QUESTION 49 Which statements describing SSL operations on the ProCurve Switch 5400zl series are correct? (Select two.) A. B. C. D.
Common public and private keys can be used for SSH and SSL. Symmetric encryption algorithms supported include 3DES and DES. The switch's certificate can be viewed, but the SSL public key cannot. With SSL enabled, if you attempt to access the switch using HTTP, the Web browser is automatically redirected. E. If a self-signed certificate is used, a Web browser initiates a challenge to verify the identity of the signer of the certificate. Answer: BC Section: (none) Explanation/Reference:
QUESTION 50 A network engineer is responsible for setting up RADIUS authentication of management users for ProCurve switches. As part of the planning, which information must the network engineer obtain from the person who manages the RADIUS server? (Select three.) A. B. C. D. E. F.
EAP method that is configured IP address of the RADIUS server authentication port number of the RADIUS server shared secret or encryption key used by the RADIUS server names of the users that will be authorized to use the switch whether local authentication can be supported as a secondary method
Answer: BCD
Section: (none) Explanation/Reference:
QUESTION 51 You want to limit management of your ProCurve Switch 5412zl using IP Authorized Managers. You have configured an IP Authorized Manager entry of 10.1.8.0 255.255.255.248. What is the maximum number of distinct IP addresses that will be allowed to manage the switch? A. B. C. D. E.
1 4 8 254 256
Answer: C Section: (none) Explanation/Reference:
QUESTION 52 Which statement describes how SSL operates when using a Web browser to access the switch management interface? A. The client downloads and verifies the switch's certificate; creates a message containing the client's public key, and encrypts the message using the switch's private key. B. The client downloads and verifies the switch's public key, creates a message containing a Diffie-Hellman value, and encrypts the message using the client's private key. C. The client downloads and verifies the switch's certificate, creates a message containing a symmetric key, and encrypts the message using the switch's public key. D. The client downloads a preshared key from the switch, creates a challenge message containing a hash of the preshared key, and the switch then verifies the challenge response. Answer: C Section: (none) Explanation/Reference:
QUESTION 53 Which statements describing SSH support on the ProCurve Switch 5400zl series are correct? (Select three.) A. B. C. D. E.
Each SSH client's public key is stored in switch flash memory. Acquiring a digital certificate from a Certificate Authority is optional. A switch is always authenticated to a client using the switch's public key. An SSH client can be authenticated based on user credentials or a public key. Multiple SSH public and private key pairs for the switch can be used for increased security.
Answer: ACD Section: (none)
Explanation/Reference:
QUESTION 54 What are the effects of issuing the management-vlan command on a ProCurve switch? (Select two.) A. B. C. D.
It bypasses the Authorized IP Managers list, if configured. It requires that the local switch manager or operator user account be used to log in to the switch. It allows management stations within the Secure Management VLAN to source traffic to other VLANs. It provides encrypted and authenticated session flow between the switch and the management station in the Secure Management VLAN. E. It disables the ability for a switch to receive management traffic on any IP address other than the one assigned to the Secure Management VLAN. Answer: CE Section: (none) Explanation/Reference:
QUESTION 55 Which statements describing the implementation of Authorized IP Managers are correct? (Select two.) A. B. C. D.
An access level of manager or operator can be optionally assigned. An allowed management station can be specified using an IP address or DNS name. A potential management station is authorized before RADIUS authentication is performed. The maximum number of entries that can be defined depends on whether single IP address or IP address ranges are configured. E. The IP mask specified must be inclusive of the underlying subnet mask of the IP addresses assigned to the management stations. Answer: AC Section: (none) Explanation/Reference:
QUESTION 56 Which statements describing SNMPv3 support on the ProCurve Switch 3500yl series are correct? (Select three.) A. B. C. D. E.
Message privacy can be implemented using RSA encryption. SNMPv1 and SNMPv2c access can be restricted to read-only. When SNMPv3 is first enabled, a user called initial is automatically created. By default, all SNMPv3, SNMPv2c, and SNMPv1 are enabled but not configured. An SNMPv3 user's access rights are based on the group to which it is assigned.
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 57
What are the main steps for configuring SNMPv3 management access after enabling SNMPv3 on a ProCurve Switch 5406zl? A. B. C. D.
create users; assign users to groups create users; create groups; assign users to groups create users; create communities; assign users to communities create communities; create groups; assign communities to groups
Answer: A Section: (none) Explanation/Reference:
QUESTION 58 Which statement describes security technology implemented in SNMPv3? A. B. C. D.
Examples of encryption algorithms commonly used are MD5 and SHA-1. The AES algorithm produces a larger message digest than the DES algorithm. Symmetric cryptography uses a pair of mathematically related keys to encrypt and decrypt messages. A hash function takes a message of arbitrary bit length and creates a fixed-length string representing a message digest.
Answer: D Section: (none) Explanation/Reference:
QUESTION 59 Which statement describing RADIUS accounting support on the ProCurve Switch 5400zl series is correct? A. The network accounting option is used to collect statistics for switch management sessions. B. The switch can be configured to allow the RADIUS server to query the switch for periodic updates of accounting statistics. C. ProCurve IDM can be used to parse the accounting logs on the RADIUS server and produce reports accessible in ProCurve Manager. D. The start-stop accounting option causes the switch to create an accounting statistic record when a user's login session begins and ends. Answer: D Section: (none) Explanation/Reference:
QUESTION 60 You receive an urgent call from a customer who forgot his password, and therefore cannot access the CLI of a ProCurve 5406zl switch. For security purposes, the front panel password-clear function was previously disabled. How can you help the customer regain management access to the switch? A. Contact ProCurve support to obtain the default password. B. Use the Reset and Clear buttons on the front panel of the switch together to return the switch to factory defaults.
C. Press the Clear button on the front panel of the switch for at least 10 seconds to return the switch to factory defaults. D. Press the Reset button on the front panel of the switch for at least 20 seconds to return the switch to factory defaults. Answer: B Section: (none) Explanation/Reference:
QUESTION 61 When configuring SSH on a ProCurve switch, which user authentication methods can be specified? (Select four.) A. B. C. D. E. F. G.
802.1X RADIUS Kerberos public key TACACS+ Web browser local user name and password
Answer: BDEG Section: (none) Explanation/Reference:
QUESTION 62 Which change occurs when the include-credentials command is enabled on the ProCurve Switch 5400zl series? A. B. C. D. E.
SSH authentication for switch management access will include the Web browser's public key. Configured user names for operator and manager accounts are viewable in the switch configuration file. Administrative privilege level is enabled for switch management access by authenticated RADIUS users. An SNMPv3 account with authentication and privacy support is required for SNMP access to the switch. Windows domain login credentials are passed to a RADIUS server by the switch for users authenticated using 802.1X.
Answer: B Section: (none) Explanation/Reference:
QUESTION 63 Which statements describing SSH operations on the ProCurve Switch 3500yl series are correct? (Select three.) A. B. C. D.
Erasing the switch public and private keys automatically disables SSH. The switch's public and private SSH keys can be viewed using a CLI show command. The maximum number of client public keys stored in switch flash memory is configurable. If secure file transfer is enabled for SSH, the switch TFTP server is automatically disabled.
E. When erasing client public keys, you can specify the operator-access or manager-access level. Answer: ADE Section: (none) Explanation/Reference:
QUESTION 64 Which statement describing Public Key Infrastructure (PKI), as typically used for SSL, is correct? A. It uses digital certificates to manage symmetric key exchanges between a sender and a receiver. B. It is a symmetric key scheme that uses digital certificates and certificate authorities to encrypt messages. C. It uses a mathematically complementary key pair, one private and one public, but does not use digital certificates. D. It uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt the message to ensure confidentiality, authentication, integrity and nonrepudiation. Answer: A Section: (none) Explanation/Reference:
QUESTION 65 Hash functions are used in various network security applications including SNMPv3. Which statement describes the process that is performed on a message during the hash operation? A. Predetermined sized blocks are created and then encrypted using a private key. B. Predetermined sized blocks are created and sequentially fed into the hashing function. C. Random sized blocks are created based on the encryption algorithm used and then encrypted using a private key. D. Random sized blocks are created based on the encryption algorithm used and sequentially fed into the hashing function. Answer: B Section: (none) Explanation/Reference:
QUESTION 66 Which statements describing the Command Authorization feature on the ProCurve Switch 5400zl series are correct? (Select three.) A. B. C. D.
It requires the use of a RADIUS authentication server. AAA accounting for commands must be enabled on the switch. It can be used only to limit commands issued within the manager-access level. Two vendor-specific attributes are used to define a list of commands and whether the commands are allowed or denied. E. It is applicable to switch management users accessing the switch through the console port or the Web browser interface. F. A list of allowed or denied commands is sent to the switch by the RADIUS server after the user is successfully authenticated.
Answer: ADF Section: (none) Explanation/Reference:
QUESTION 67 Which type of message is sent by a RADIUS client to a RADIUS server? A. B. C. D.
access-query access-request access-challenge access-response
Answer: B Section: (none) Explanation/Reference:
QUESTION 68 You have just installed two ProCurve 5406zl switches, one on the second floor and one on the third floor of your office. You are using 802.1X for port-access authentication. All users have an 802.1X supplicant installed on their computers and you have configured a RADIUS server with a remote access policy for each floor. Shortly after connecting the computers, users on the second floor report that they cannot access any network resources. You can ping the RADIUS server from both switches, but when you check the RADIUS log, you see authentication requests coming only from the third floor switch. Why are the second floor users unable to connect to the network? A. The IP address of the RADIUS server has not been configured on the second floor switch. B. The second floor computers are using the wrong EAP type for authentication with the RADIUS server. C. The shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS server. D. No default gateway has been configured on the second floor switch, therefore no authentication requests can reach the RADIUS server. Answer: A Section: (none) Explanation/Reference:
QUESTION 69 Which statements describing the ProCurve switch debug facility are correct? (Select two.) A. B. C. D.
The instrumentation monitor must be enabled first. Specific debug message categories can be selectively enabled. The debug destinations can be set to a session window and a Syslog server concurrently. Debug messages have the same format as standard Event Log messages including the event type and timestamp.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 70 A customer calls you and describes a switch management-access problem involving SSL. The customer accesses the SSL login page, but he is denied access after supplying the login credentials. The customer is using a RADIUS server for centralized authentication, and has used the ping command to verify that the client, switch, and RADIUS server are all reachable. What is a potential cause of this problem? A. B. C. D.
The client's public key has not been stored in switch flash memory. The HTTP Web management server is enabled, but not the SSL Web management server. The switch has not been configured to use RADIUS for the login access level for Web management. A remote access policy on the RADIUS server has not been configured to support the correct EAP method.
Answer: C Section: (none) Explanation/Reference:
QUESTION 71 A customer wants to provide stricter network access for devices connecting to a ProCurve Switch 5406zl by implementing a combination of 802.1X and MAC authentication. Which configuration tasks must be performed on the RADIUS server to support the ports configured with MAC authentication? (Select two.) A. B. C. D.
Configure EAP RADIUS for the authentication method. Configure CHAP RADIUS for the authentication method. Configure PAP to support unencrypted authentication of network devices. Create a user in the user directory using the MAC address of the device for the user name and password. E. Create a user on the RADIUS server using the MAC address of the device for the user name and the RADIUS shared secret for the password. Answer: BD Section: (none) Explanation/Reference:
QUESTION 72 A Windows XP workstation is configured with 802.1X supplicant software. When a client connects to a switch port with 802.1X authentication enabled, which EAP messages may be generated by the supplicant to gain access to the network? (Select two.) A. B. C. D. E.
EAPOL-start EAP-request-identity EAP-access-request EAP-response-identity EAP-access-challenge
Answer: AD Section: (none) Explanation/Reference:
QUESTION 73 What is configured on a ProCurve switch to implement switch-to-switch 802.1X authentication? A. B. C. D.
user name and a password EAP method and a shared secret RADIUS protocol to use and a shared secret base MAC address of the peer and a password
Answer: A Section: (none) Explanation/Reference:
QUESTION 74 Which EAP method supports authentication of an 802.1X supplicant based on a user's digital certificate? A. B. C. D. E. F.
TLS MD5 FAST TTLS LEAP PEAP
Answer: A Section: (none) Explanation/Reference:
QUESTION 75 Which EAP methods support authentication of a RADIUS server based on a digital certificate? (Select three.) A. B. C. D. E. F.
AKA TLS MD5 TTLS LEAP PEAP
Answer: BDF Section: (none) Explanation/Reference:
QUESTION 76 You have configured a list of ports on a ProCurve switch for 802.1X port-access authentication. Which configuration step is required to complete the configuration?
A. B. C. D.
Configure the authorized VLAN identifier. Set the state of the ports to authorized for 802.1X. Use the start-eapol command to enable 802.1X operations. Use the aaa port-access authenticator active command to activate the ports.
Answer: D Section: (none) Explanation/Reference:
QUESTION 77 The network administrator of a private college wants to enable Web authentication for all switch edge ports in the student housing buildings. In addition, the administrator wants to address the growing problem of students using unauthorized switches to connect multiple devices through a port. Which additional configuration helps prevent more than one authenticated user from connecting to a port that has Web authentication enabled with the default settings? A. B. C. D.
Enable port security with the address-limit 1 option. The default client limit is 1, so no further configuration is required. Enable port security with the learn-mode port-access option. Add an option to the port-access command that limits the number of MAC addresses to 1.
Answer: B Section: (none) Explanation/Reference:
QUESTION 78 A Web authenticator port is currently in the authenticating state. Which statement is correct? A. The client can communicate with any destination located in the authorized VLAN. B. Any DNS name resolves to the switch IP address and any IP address resolves to the switch MAC address. C. By default, a client connected to a Web authenticator port is initially assigned an IP address in the VLAN to which it is connected. D. The client is prevented from communicating with any IP address until the RADIUS server responds indicating the user has been authenticated. Answer: B Section: (none) Explanation/Reference:
QUESTION 79 What is the default state of a port configured for IEEE 802.1X port-access authentication? A. B. C. D.
disabled restricted authorized unauthorized
Answer: D
Section: (none) Explanation/Reference:
QUESTION 80 A Network Resource Access Rule in ProCurve Identity Driven Manager is most similar to which object? A. B. C. D. E.
Access Policy Group Access Control Entry Remote Access Policy Network Dial-in Restrictions Authorized RADIUS Servers List
Answer: B Section: (none) Explanation/Reference:
QUESTION 81 Which role does the authenticator play in the 802.1X authentication process? A. The authenticator provides two-way translation between EAP messages and RADIUS messages. B. The authenticator validates the EAP-identity-request and responds with either an accept or reject message. C. The authenticator sends an access-challenge message to the supplicant to request client credentials. D. The authenticator encapsulates an EAP-access-request inside of a RADIUS response-identity packet and forwards it for validation. Answer: A Section: (none) Explanation/Reference:
QUESTION 82 You have configured Open VLAN mode for the 802.1X authenticator ports in your company's network. After a client connects to a port and the user is successfully authenticated, the port's membership is changed to untagged in one of the following VLANs. A. Underlying VLAN configured for the port B. VLAN from the user's RADIUS profile C. Authorized VLAN What is the order of priority used to determine the VLAN? D. A, B, C E. A, C, B F. B, A, C G. B, C, A H. C, A, B I. C, B, A Answer: D Section: (none)
Explanation/Reference:
QUESTION 83 Click the Exhibit button. The RADIUS server and switch are correctly configured. The switch has the VLAN assignments and portaccess commands configured, as shown in the exhibit. What happens to port 10 after the user provides valid authentication information?
A. B. C. D.
remains in an unauthorized state becomes a member of VLAN 20 becomes a member of VLAN 25 becomes a member of VLAN 200
Answer: C Section: (none) Explanation/Reference:
QUESTION 84 Which attributes can ProCurve Identity Driven Manager apply to a user's session after the user is authenticated? (Select three.) A. ACL B. user group C. QoS setting
D. bandwidth limit E. login session limit F. unauthorized VLAN ID Answer: ACD Section: (none) Explanation/Reference:
QUESTION 85 What are the main components of the ProCurve ProActive Defense network security solution? (Select three.) A. B. C. D. E. F.
stateful firewall access control network immunity secure infrastructure intrusion prevention system antivirus and antispam integration
Answer: BCD Section: (none) Explanation/Reference:
QUESTION 86 Which method or feature can control access for both switch management and general network users? A. B. C. D. E.
Port Security Open VLAN mode MAC authentication RADIUS authentication SSH client digital certificates
Answer: D Section: (none) Explanation/Reference:
QUESTION 87 Network security can be described in terms of multiple layers of security. Which actions describe examples of network access control measures? (Select three.) A. B. C. D. E.
implementing dynamic ACLs using only SSL for switch access implementing Web authentication defining Port Security on switch ports deploying an Intrusion Detection System in a server farm
Answer: ACD
Section: (none) Explanation/Reference:
QUESTION 88 Which configuration steps must you perform to implement the ProCurve Dynamic ARP protection feature on a switch? (Select three.) A. B. C. D. E. F.
Enable it globally. Define trusted ports. Activate it on one or more VLANs. Enable validation of source MAC addresses. Allocate the IP-to-MAC address binding database. Specify the valid MAC address formats supported.
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 89 Which statements describing a dynamic port ACL are correct? (Select two.) A. B. C. D. E.
It can be implemented as either a standard or extended ACL. It filters switched IP traffic either inbound or outbound on a designated port. It requires the use of 802.1X, Web, or MAC authentication services on the switch. It is useful where clients with differing access needs are likely to use the same port. Configuration of the ACL is done on the switch and then read dynamically by a RADIUS server when a user connects.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 90 You are configuring Dynamic ARP Protection on a ProCurve switch that connects to another downstream switch, which has Dynamic ARP Protection enabled. Which configuration step should you perform? A. B. C. D. E.
Define the downstream port as trusted. Identify the upstream switch as the primary ARP authenticator. Verify that Dynamic ARP Protection is not enabled on overlapping VLANs. Allow sharing of the DHCP binding database stored on an external server. Enable validation of all IP-to-MAC address bindings associated with the downstream switch.
Answer: A Section: (none) Explanation/Reference:
QUESTION 91 You have enabled Port Security and specified the send-disable response option. Which administrative action, if any, is required after an intrusion occurs to enable the port to return to normal operation? A. B. C. D.
The port must be enabled. The intrusion flag must be cleared. The port is automatically reset after a delay timer expires. The intrusion flag must be cleared and the port must be enabled.
Answer: D Section: (none) Explanation/Reference:
QUESTION 92 What is a benefit of the ProCurve BPDU Filtering feature? A. B. C. D.
It allows you to permit or deny selected user traffic on individual spanning-tree ports. It balances the traffic load between two or more spanning-tree ports currently in the forwarding state. It prevents a port from being part of a spanning-tree topology that may otherwise cause a topology loop. It controls spanning-tree operation on selected ports that you do not want to participate in spanning-tree communications.
Answer: D Section: (none) Explanation/Reference:
QUESTION 93 Which vulnerability is the ProCurve DHCP Snooping feature designed to protect against? (Select two.) A. B. C. D. E. F.
exhaustion of the IP address pool by a DHCP client spoofing of IP address leases by a rogue DHCP server excessive rate of connection attempts to the DHCP port broadcast storms consisting of DHCP responses from unknown IP addresses replacing a responding DHCP server's IP address with an erroneous IP address substitution of one DHCP client's MAC address with another client's MAC address
Answer: AB Section: (none) Explanation/Reference:
QUESTION 94 MAC Lockdown has been configured to lock down a device on port A1 in VLAN 10. During a maintenance task, the device is accidentally connected to port B5 in VLAN 8. Which statement correctly describes the state of port B5? A. The port is operational because it is not the port configured for MAC Lockdown. B. The port is listed as enabled and up, but the device is prevented from transmitting into the network. C. The port is listed as disabled and down and the device is prevented from transmitting into the network.
D. Because the MAC Lockdown feature is not configured on the second module, the device can successfully connect to the port. E. The port is listed as throttled and will automatically be re-examined after a delay period. If the device is still connected it will be blocked. Answer: B Section: (none) Explanation/Reference:
QUESTION 95 What are the minimum configuration steps required to implement the ProCurve DHCP Snooping feature on a switch? (Select three.) A. B. C. D. E. F. G.
Enable it globally. Define trusted ports. Specify option 82 parameters. Activate it on one or more VLANs. Identify the DHCP server's IP address. Specify the server where the lease database is stored. Specify the maximum number of IP addresses per subnet allowed to be assigned by a DHCP server.
Answer: ABD Section: (none) Explanation/Reference:
QUESTION 96 Which statement describes the type of traffic that a Routed ACL (RACL) filters? (Select two.) A. B. C. D. E.
IP traffic entering a physical port, port list, or static trunk switched IP traffic moving between ports belonging to the same VLAN routed IP traffic arriving on one VLAN and leaving through another VLAN switched IP traffic moving between ports belonging to the same subnet of a multinetted VLAN routed IP traffic arriving on one subnet and leaving through another subnet within the same multinetted VLAN
Answer: CE Section: (none) Explanation/Reference:
QUESTION 97 Which criteria can selectively identify traffic to be mirrored using the ProCurve Traffic Mirroring feature? (Select two.) A. B. C. D.
ACL traffic direction packet size range LLDP-MED identifier
Answer: AB Section: (none) Explanation/Reference:
QUESTION 98 Which benefits are provided by the ProCurve SNMP Message Throttling feature? (Select two.) A. It automatically regulates duplicate messages for a given recurring event. B. It blocks SNMP connection attempts after a configured number of failed logins. C. It limits the consumption of switch CPU resources when collecting statistics during heavy network loading. D. It suppresses any repeating messages sent to the switch Intrusion Log after a configured threshold is reached. E. It controls the rate that SNMP traps are sent to one or more trap receivers and messages are sent to the switch Event Log. Answer: AE Section: (none) Explanation/Reference:
QUESTION 99 When using DHCP Snooping, which action can the switch perform if a client sends a DHCP message with option 82 set? A. B. C. D.
Mark the source client as untrusted and forward to a valid DHCP server. Replace the field with the switch's IP address and the source port identifier. Ignore the DHCP message because this is not a capability of DHCP Snooping. Authenticate the DHCP message and forward it if the client is attached to a trusted port.
Answer: B Section: (none) Explanation/Reference:
QUESTION 100 Which statements describing capabilities of Port Security on ProCurve switches are correct? (Select two.) A. It can be applied to an edge port, static trunk, or dynamic trunk. B. It can be concurrently active with MAC Lockout on a switch if the same MAC addresses are configured. C. A port can be configured for traffic monitoring mode and access attempts silently logged when an intrusion is detected. D. The default operating mode is continuous, which allows any device to access a port without causing a security response. E. It includes eavesdrop protection, which prevents use of a port for flooding unicast packets addressed to MAC addresses unknown to the switch. Answer: DE Section: (none) Explanation/Reference:
QUESTION 101 Which statement describing the ProCurve Connection-rate Filtering feature is correct? A. B. C. D.
When enabled, it is automatically globally activated. Any outbound traffic destined for a host that has been throttled or blocked is permitted. It protects against both known and unknown threats, but requires intrusion signature updates. It uses the Traffic Monitoring feature to determine whether traffic activity represents an intrusion.
Answer: B Section: (none) Explanation/Reference:
QUESTION 102 Which action should an administrator take if the ProCurve Connection-rate Filtering feature blocks a port? A. B. C. D.
Unblock the port so that traffic can flow again. Clear the intrusion flag and then re-enable the port. Wait for the throttling period to expire before unblocking the port. The port will be automatically unblocked after the received packet rate drops below a threshold.
Answer: A Section: (none) Explanation/Reference:
QUESTION 103 You have a ProCurve Switch 3500yl-48G which has two configured VLANs. VLAN 10 has an IP address range of 10.1.10.0/24 and is where the servers reside. VLAN 24 has an IP address range of 10.1.24.0/24 and is where the network clients reside. You configure an ACL with these entries: permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet When you apply this ACL statically to ports in VLAN 24, what is the effect on the clients located in VLAN 24? A. B. C. D.
They would have no access at all because the ACL is misconfigured. They could not access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL. They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but no access anywhere else. They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but full access to everything else in the 10.1.10.0 subnet.
Answer: C Section: (none) Explanation/Reference:
QUESTION 104 Why should the ProCurve BPDU Protection feature be enabled on a port?
A. B. C. D.
The port needs to participate in BPDU communications. This ensures the port does not continue to receive BPDUs. A topology change should occur when a port's link status changes. The port is permanently configured as the root port in the spanning-tree.
Answer: B Section: (none) Explanation/Reference:
QUESTION 105 Which capabilities are supported for extended ACLs on the ProCurve Switch 3500yl series? (Select two.) A. B. C. D. E.
sequence number for each Access Control Entry ACL numeric identifier can be between 1 and 1024 optional use of log option for allow and deny actions specification of well-known ICMP and IGMP message types selectable action of allow or deny for the hidden Access Control Entry
Answer: AD Section: (none) Explanation/Reference:
QUESTION 106 For what purpose can the ProCurve Instrumentation Monitor be used? A. B. C. D.
identify well-known intrusions based on predefined signatures collect traffic statistics that can be used to determine historical trends monitor network traffic on selected ports and send the packets to an IDS or IPS report anomalies on the switch caused by common attacks or irregular conditions
Answer: D Section: (none) Explanation/Reference:
QUESTION 107 Which statements describing ACLs on the ProCurve Switch 3500yl series are correct? (Select two.) A. B. C. D. E.
IP routing must be enabled. Criteria may include Layer 3 and Layer 4 identifiers. Each ACL includes the hidden allow any Access Control Entry. Each new Access Control Entry is appended to the beginning of the list. It may be assigned to a physical port, a static trunk, or a VLAN interface.
Answer: BE Section: (none) Explanation/Reference:
QUESTION 108 Which Port Security learn mode allows any MAC address to be dynamically learned as a device connects to a port? A. B. C. D.
static configured continuous port-access
Answer: C Section: (none) Explanation/Reference:
QUESTION 109 Which action or configuration step should you take when implementing remote mirroring using the ProCurve Traffic Mirroring feature? A. B. C. D.
enabling jumbo frames configuring a connection-rate filter enabling SNMP message throttling enabling the instrumentation monitor
Answer: A Section: (none) Explanation/Reference:
QUESTION 110 A customer currently manages all ProCurve switches using unencrypted Web-based management, but now wants to use SSL for encrypted Web-based management. Which steps must be completed before enabling SSL? (Select two.) A. B. C. D. E.
Generate an HTTPS client certificate. Disable unencrypted Web-based management first. Generate a self-signed server certificate for HTTPS. Import a certificate request from a Certificate Authority. Generate public and private keys for an HTTPS certificate.
Answer: CE Section: (none) Explanation/Reference:
QUESTION 111 Which statement describing SSH support on the ProCurve Switch 3500yl series is correct? A. Authentication of the switch to an SSH client is optional. B. An SSH client key pair created using RSA or DSA can be used. C. An SSH client can be authenticated based on user credentials or a public key.
D. Each concurrently connected SSH client must use a distinct public key if RSA is used. Answer: C Section: (none) Explanation/Reference:
QUESTION 112 Which type of information is displayed in the switch configuration file when the include-credentials command is enabled? (Select three.) A. B. C. D. E. F.
public keys of SSH clients DHCP Snooping IP-to-MAC address binding database shared secret used to communicate with a RADIUS server SSL public/private key pair of the switch's Web authenticator plaintext passwords of the operator and manager user accounts SNMPv3 user name and authentication and privacy protocol settings
Answer: ACF Section: (none) Explanation/Reference:
QUESTION 113 Which security technology, supported in SSHv2 on the ProCurve Switch 5400zl series, allows new symmetric keys to be generated periodically during a session with an SSH client? A. B. C. D. E.
RSA AES HMAC Diffie-Hellman Public and private keys
Answer: D Section: (none) Explanation/Reference:
QUESTION 114 Which statements describing SSL operations for ProCurve switch management access are correct? (Select four.) A. B. C. D. E.
A self-signed certificate is contained in the switch's private key. The server-side SSL port number on the switch is configurable. The public key used for SSL is separate from the one used for SSH. You must generate a self-signed digital certificate or acquire a CA-signed certificate. A CA-signed certificate contains the switch's public key and is digitally signed using a Certificate Authority's private key. F. When Web-based management through SSL is enabled, unencrypted Web-based management is automatically disabled.
Answer: BCDE Section: (none) Explanation/Reference:
QUESTION 115 Which access methods can be configured on a ProCurve switch for authentication of switch management users through a RADIUS server? (Select four.) A. B. C. D. E. F. G.
SSH Telnet WLAN 802.1X console TACACS+ Web browser
Answer: ABEG Section: (none) Explanation/Reference:
QUESTION 116 Which statements describing SNMPv3 support on the ProCurve Switch 5400zl series are correct? (Select three.) A. B. C. D. E.
Message authentication can be implemented using MD5 or SHA-1. Privacy and authentication protocols are configured on a per-user basis. Public and private keys must be created before SNMPv3 can be enabled. A password must be defined when selecting a privacy or authentication protocol. SNMPv1 and SNMPv2c access must be restricted to read-only if SNMPv3 is enabled.
Answer: ABD Section: (none) Explanation/Reference:
QUESTION 117 You have a customer who has just installed a ProCurve 3500yl switch in an open area of his office. Although the switch is installed in a closed rack with a locking door, the customer is concerned that someone could access the front panel buttons on the switch. Which commands allow the customer to prevent the switch from having its passwords and configuration information cleared? (Select two.) A. B. C. D. E. F.
front-panel-security lockdown no front-panel-security factory-reset no front-panel-security password-clear no front-panel-security password-recovery front-panel-security password-clear reset-on-clear no front-panel-security password-clear reset-on-clear
Answer: BC
Section: (none) Explanation/Reference:
QUESTION 118 Which statement correctly describes the effect of configuring the encryption keys for multiple RADIUS servers on a ProCurve switch? A. B. C. D.
The encryption keys for all servers in the domain must be different. The encryption keys for all servers in the domain must be the same. An encryption key associated with a server overrides the globally defined key. A globally defined encryption key overrides the key associated with an individual server.
Answer: C Section: (none) Explanation/Reference:
QUESTION 119 Which SNMPv3 security enhancements supported on ProCurve switches are not available in SNMPv1 and SNMPv2c? (Select two.) A. B. C. D. E.
message privacy user-based read and write access restrictions configurable command, response, and trap receiver ports TCP-based message flow control and acknowledgements management station access control based on IP address or DNS name
Answer: AB Section: (none) Explanation/Reference:
QUESTION 120 Which statements describing the implementation of Authorized IP Managers are correct? (Select three.) A. B. C. D.
It has precedence over any authentication methods that may be configured. It requires that the user account used for switch management access has manager-level access. If you specify the IP address 10.1.8.0 without an IP mask, a single IP address will be allowed access. It is most useful for insecure switch management access methods that include console port, Telnet, and TFTP. E. The IP mask of an Authorized IP Manager entry has no dependency on the subnet mask of the IP addresses assigned to management stations. Answer: ACE Section: (none) Explanation/Reference:
QUESTION 121
Which security attributes are accomplished by using a Hashed Message Authentication Code (HMAC)? (Select two.) A. B. C. D. E.
privacy integrity authenticity nonrepudiation secure key distribution
Answer: BC Section: (none) Explanation/Reference:
QUESTION 122 When configuring SSL on a ProCurve switch, which user authentication methods can be specified? (Select three.) A. B. C. D. E. F.
802.1X RADIUS Kerberos public key TACACS+ local user name and password
Answer: BEF Section: (none) Explanation/Reference:
QUESTION 123 You are providing network access in several conference rooms for employees and visitors. When dealing with physical access to equipment, what should you consider? (Select three.) A. B. C. D. E. F. G.
Who has access to the room? Is there a guest access policy? Is it in a secure area of the building? Who knows the manager-level passwords? Has accessibility been limited to administrators only? Which ports are assigned to the management VLAN? Does the data center meet military-level security requirements?
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 124 When designing a Secure Management VLAN, which ProCurve solution should an administrator implement at the core and Layer 2 edge devices for greater security?
A. Enable Secure Management VLANs to provide security at the core and at the Layer 2 switches; ACLs are not required. B. Configure a separate management network with dedicated ports to isolate all management traffic at the core and at the Layer 2 switches. C. Enable Secure Management VLANs to provide security at the core; apply an IP address only to the core switch, and use ACLs at the Layer 2 switches. D. Use ACLs to provide security at the core; enable Secure Management VLANs at the Layer 2 switches, and apply IP address only to the Secure Management VLAN. Answer: D Section: (none) Explanation/Reference:
QUESTION 125 The customer is considering using the Authorized IP Managers feature. What are examples of switch management access that can be protected by this feature? (Select four.) A. B. C. D. E. F.
SSL telnet TFTP SNMP 802.1X console
Answer: ABCD Section: (none) Explanation/Reference:
QUESTION 126 To configure RADIUS authentication of switch management users on a ProCurve switch, the RADIUS server must support which authentication method? A. B. C. D. E. F.
encrypted authentication using SSL encrypted authentication using PEAP encrypted authentication using CHAP unencrypted authentication using HTTP unencrypted authentication using MS-CHAP unencrypted authentication using PAP or SPAP
Answer: F Section: (none) Explanation/Reference:
QUESTION 127 A customer, who is already using SSH for secure communications, wants the client to be authenticated by the switch using RSA. Which additional steps are necessary to set up client authentication? (Select two.) A. Copy the client public key to the switch.
B. C. D. E.
Copy the client private key to the switch. Generate a public and private key pair on the client. Generate a public and private key pair on the switch. Copy the switch public and private key pair to the client.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 128 A network administrator plans to use centralized authentication to control switch management access to all ProCurve switches through the console port. It is decided that the RADIUS server will be the primary authentication method and no secondary authentication method will be allowed. What will be the result of this proposed configuration? A. The primary authentication method for operator-level access through the console port is the RADIUS server; if no RADIUS server is found, access is denied. B. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, access is denied. C. This configuration is not allowed because the console port must allow the use of a user name from the local switch database in the event that the RADIUS server is not reachable. D. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, only operator-level access is granted. Answer: C Section: (none) Explanation/Reference:
QUESTION 129 What are the capabilities of centralized authentication for management users of ProCurve switches? (Select three.) A. B. C. D. E.
It can use the local switch user accounts as a security fallback option. A RADIUS, TACACS+, or Kerberos authentication server can be used. It can control access from the console port, Telnet clients, SSH clients, and Web browsers. It supports many of the more commonly used EAP methods including PEAP, TLS and TTLS. Individual user names and passwords can be used for stronger management and accounting.
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 130 What are the effects of implementing a Secure Management VLAN on a ProCurve switch? (Select two.) A. It prevents IP routing between the user VLANs configured on the switch. B. Switch management access is limited to those ports assigned to the Secure Management VLAN. C. It allows one management IP address per physical switch, regardless of the number of user VLANs.
D. It allows switch management access only through SSH, SSL Web browser, and SNMPv3 secure client applications. E. It provides encrypted and authenticated session flow between the switch and the management station in the Secure Management VLAN. Answer: BC Section: (none) Explanation/Reference:
QUESTION 131 Which statement describes the security technology implemented in SNMPv3? A. B. C. D.
Public and private keys are used to encrypt and decrypt messages. Examples of encryption algorithms commonly supported are DES and AES. The MD5 algorithm produces a larger message digest than the SHA-1 algorithm. A hash function takes a message of arbitrary bit length and produces ciphertext using a shared secret.
Answer: B Section: (none) Explanation/Reference:
QUESTION 132 Which statements describing RADIUS accounting support on the ProCurve Switch 3500yl series are correct? (Select three.) A. B. C. D. E.
The network accounting option is applicable only to 802.1X user sessions. RADIUS accounting can control commands available at the management interface. The Layer 4 port to which accounting statistics are sent is configurable on the switch. The accounting statistics can be optionally stored in switch flash memory if a reboot occurs. ProCurve IDM uses RADIUS accounting information to provide user session monitoring and reporting information.
Answer: ACE Section: (none) Explanation/Reference:
Building ProCurve Resilient, Adaptive Networks Number: HP0-Y12 Passing Score: 800 Time Limit: 120 min File Version: 1.0 H P HP0-Y12 Building ProCurve Resilient, Adaptive Networks 116 Q&A Version 2.73
Exam A QUESTION 1 When does a router use administrative distance to determine which route to include in its route table? A. when the router learned about multiple routes with equal-cost paths to the same destination B. when the router learned about multiple routes to the same destination from different sources using the same routing protocol C. when the router learned about multiple routes to the same destination from different routing protocols or static configuration D. when the router is configured with static routes to the same destination that specify the same cost but different next hop router interfaces Answer: C Section: (none) Explanation/Reference:
QUESTION 2 What is an advantage of locating routing intelligence at the edge of an enterprise network instead of in the core? A. The edge-oriented strategy requires fewer VLANs and networks. B. The edge-oriented strategy supports VRRP and other protocols for default gateway redundancy. C. The edge-oriented strategy enables ACLs and other traffic filters to be applied before traffic traverses any part of the network. D. The edge-oriented strategy simplifies summarization because each router must support VLANs only for directly connected users. Answer: C Section: (none) Explanation/Reference:
QUESTION 3 What is the difference between administrative distance and cost? A. Administrative distance is applied only to routes learned through OSPF. Cost applies to RIP routes as well as OSPF routes. B. Administrative distance indicates the distance to remote networks learned through routing protocols. Cost applies static routes and directly connected networks. C. Administrative distance is determined solely through interactions among routers that share a routing protocol. Cost can be defined by the administrator of each router. D. Administrative distance is a locally significant value that can be used to break ties between routes learned from different sources. Cost is a cumulative metric that indicates the number of hops to a remote network. Answer: D Section: (none) Explanation/Reference:
QUESTION 4
By default, what type of route is redistributed in RIP updates by ProCurve ProVision ASIC switches? A. B. C. D.
static default OSPF connected
Answer: D Section: (none) Explanation/Reference:
QUESTION 5 What are the advantages of implementing IP routing technologies at the network edge? (Select two.) A. B. C. D. E.
provide per-user QoS decrease the load on network core eliminate the need for routing protocols create smaller, localized broadcast domains enhance support for default gateway redundancy
Answer: BD Section: (none) Explanation/Reference:
QUESTION 6 You enter the following command at the CLI of a ProCurve Switch 3500yl: 3500yl(config)#ip route 22.0.0.0/8 172.16.100.100 However, when you enter show ip route to confirm your entry, no route to 22.0.0.0/8 appears in the route table. Which statement explains this condition? A. B. C. D.
The interface connected to 172.16.100.100 is down. The switch has learned another route to 22.0.0.0/8 through OSPF. The route table already includes a default route using 172.16.100.100. The switch has not been configured with an IP address of 172.16.100.100.
Answer: A Section: (none) Explanation/Reference:
QUESTION 7 Which condition is necessary to enable a group of networks to be auto-summarized by a ProCurve Switch 3500yl? A. B. C. D.
The address ranges to be summarized must be within different OSPF areas. The address ranges to be summarized must be within a classful network boundary. The address ranges to be summarized must be directly connected to a neighbor router. The address ranges to be summarized must be accessible through a neighbor router interface.
Answer: B Section: (none) Explanation/Reference:
QUESTION 8 You must design an IP addressing scheme for a network that must support 16 different types of users, each with different resource and security requirements. What is an advantage of ensuring that the number of networks assigned to each type of user is a power of 2? A. B. C. D.
It enables automatic summarization at classful boundaries. It minimizes the number of VLANs required to support each type of user. It ensures that an adequate number of IP addresses will be available for each type of user. It simplifies summarization because all networks for each type of user can be summarized in a single routing statement.
Answer: D Section: (none) Explanation/Reference:
QUESTION 9 What is a difference between voice traffic and video traffic? A. B. C. D.
Voice traffic is typically more difficult to route than streaming video traffic. Voice traffic is typically more sensitive to delay than streaming video traffic. Voice traffic is typically less sensitive to jitter than streaming video traffic. Voice traffic is typically more bandwidth-intensive than streaming video traffic.
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 While analyzing network traffic, you notice that many packets have an 802.1p value of 0. On a ProCurve switch with default QoS settings, what does this indicate? A. B. C. D.
No prioritization settings are in effect on the network. The traffic will be mapped to the normal priority queue. The network relies on Layer 3 classification technologies The network is not using the default settings on ProCurve switches.
Answer: B Section: (none) Explanation/Reference:
QUESTION 11 What is the effect when the following command is entered at the CLI of a ProCurve Switch 5406zl? 5406zl
(vlan-111)#qos priority 2 A. B. C. D.
Packets entering the switch through VLAN 111 will be forwarded with normal priority. Packets entering the switch through VLAN 111 will be forwarded with lower than normal priority. Packets entering the switch through VLAN 111 will be forwarded with higher than normal priority. Packets entering the switch through VLAN 111 will retain the priority marker set by another device.
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 Why does network congestion often cause more network congestion? A. B. C. D.
RSVP routers allocate more bandwidth to UDP applications. TCP applications request retransmission of dropped packets. QoS settings require switches to retransmit all real-time traffic. 802.1p priorities are ignored after congestion reaches a user-defined threshold.
Answer: B Section: (none) Explanation/Reference:
QUESTION 13 You must determine if the default settings on ProCurve 5406zl switches will provide adequate QoS for a multimedia training application. What must you learn about the application in order to make this determination? A. B. C. D.
if it recognizes IGMP joins from receivers if it uses TCP or UDP as a transport protocol if it inserts Layer 2 or Layer 3 priority markers if it supports Guaranteed Minimum Bandwidth
Answer: C Section: (none) Explanation/Reference:
QUESTION 14 When does an LLDP-enabled switch start sending LLDP advertisements? A. B. C. D.
when QoS is enabled when IP multicast is enabled immediately after it has started when it receives an LLDP request from a neighbor
Answer: C Section: (none) Explanation/Reference:
QUESTION 15 Under what condition does the IEEE 802.1p field provide end-to-end prioritization? A. B. C. D.
All switches can classify traffic based on DSCP. Source and destination hosts are in the same VLAN. The network is experiencing high levels of congestion. All links in the path between source and destination are tagged.
Answer: D Section: (none) Explanation/Reference:
QUESTION 16 How many priority levels are specified by the IEEE 802.1p standard? A. B. C. D.
4 7 8 16
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 While analyzing network traffic using a port monitor on a ProCurve Switch 8212zl, you notice that many packets have an 802.1p value of 1. If the switch has default QoS settings, what does this indicate? A. B. C. D.
The 8212zl has marked the traffic for low-priority forwarding. The 8212zl has marked the traffic for high-priority forwarding. Another device has marked the traffic for low-priority forwarding. Another device has marked the traffic for high-priority forwarding.
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 You must configure QoS on a ProCurve Switch 8212zl in the core layer of a network. One interface on the switch receives traffic that uses only Layer 3 markers to indicate priority. What must you do to enable the switch to forward this traffic with correct priority? A. Set the QoS trust level to the appropriate value. B. Enable the appropriate interpretation of the IP ToS field. C. Configure port-based priorities for all ports forwarding this traffic.
D. Configure custom IEEE 802.1p maps for all ports forwarding this traffic. Answer: B Section: (none) Explanation/Reference:
QUESTION 19 You will connect an IP telephone that supports LLDP-MED to port 8 on a ProCurve Switch 3500yl. Which configuration step will enable the switch to auto-configure the appropriate VLAN for the phone?? A. B. C. D.
Enable LLDP-MED in the VLAN 1 configuration context. Configure port 8 as a tagged member of a voice VLAN. Enable LLDP-MED in the configuration context for a voice VLAN. Define port 8 as an LLDP-MED port in the global configuration context.
Answer: B Section: (none) Explanation/Reference:
QUESTION 20 What is the role of an OSPF Area Border Router? A. B. C. D.
to connect multiple non-backbone areas to connect a backbone area to non-backbone areas to connect OSPF domains with domains that use other routing protocols to connect a backbone area to the backbones of other OSPF routing domains
Answer: B Section: (none) Explanation/Reference:
QUESTION 21 The IP route table of ProCurve Switch 8212zl includes routes learned through RIP and through OSPF. Which step is necessary to enable the router to include the RIP routes in its Link State Advertisements? A. B. C. D.
Enable RIP on all OSPF interfaces. Configure RIP redistribution in the OSPF configuration context. Enable RIP auto-summarization in the OSPF configuration context. Configure the router as an ABR for all areas that should receive the RIP routes.
Answer: B Section: (none) Explanation/Reference:
QUESTION 22 Which actions are required to define an OSPF router as an ABR? (Select two.)
A. B. C. D. E.
Delete the backbone area. Set OSPF priority to 0 for all non-backbone interfaces. Enable OSPF redistribution in the OSPF configuration context. Associate different OSPF interfaces with at least two area IDs. Define two or more area IDs within the OSPF configuration context.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 23 A ProCurve Switch 8212zl must be configured to be the ABR for OSPF areas 0 and 5. While implementing this configuration, you enter the following command at the switch's CLI: 8212zl(ospf)#area 5 stub 2 no-summary How will this affect the route tables of other routers in area 5? A. B. C. D.
Only directly connected routes will be listed. The only OSPF route will be the interface with the 8212zl. All networks outside area 5 will be summarized as a default route. Every route known to the 8212zl will be listed with a separate gateway and cost.
Answer: C Section: (none) Explanation/Reference:
QUESTION 24 You have enabled OSPF in the global configuration context and in the VLAN 222 context of a ProCurve Switch 8212zl. All OSPF areas have been created and associated with the correct VLANs. All other OSPF settings are at default. What is the effect of the following command? 8212zl(vlan-222)#ip ospf cost 100 A. B. C. D.
The OSPF link using VLAN 222 as a gateway will use the default cost. The OSPF link using VLAN 222 will become the preferred route to the backbone area. The OSPF link using VLAN 222 as a gateway will have higher cost than OSPF links with a default cost. The OSPF link using VLAN 222 as a gateway will have lower cost than OSPF links with a default cost.
Answer: C Section: (none) Explanation/Reference:
QUESTION 25 The output of show ip ospf neighbor for a ProCurve Switch 8212zl indicates a 2WAY state for one of the switch's OSPF neighbor relationships. What does this indicate about the 8212zl and its neighbor? A. They are in different OSPF areas.
B. They are both BDRs for an OSPF area. C. They are configured with different OSPF versions. D. They are neighbors, but have not formed an adjacency. Answer: D Section: (none) Explanation/Reference:
QUESTION 26 What is an OSPF virtual link? A. B. C. D.
a link that connects an ABR to the backbone area through a non-backbone area a link that provides a redundant connection between an internal router and an ABR a link that enables an ABR to exchange routes with a router in another OSPF domain a link that provides a redundant connection between an ASBR and a non-OSPF domain
Answer: A Section: (none) Explanation/Reference:
QUESTION 27 How does a ProCurve Switch 5406zl handle two equal-cost OSPF paths? A. B. C. D.
It blocks one of the paths. It shares the load over the two paths. It balances the load per TCP session. It uses the first path that appeared in the routing table.
Answer: B Section: (none) Explanation/Reference:
QUESTION 28 What is the impact on memory usage when defining multiple OSPF areas on a ProCurve Switch 5412zl? A. B. C. D.
It is decreased because non-backbone routes are summarized. It is increased because it must maintain more routes in its route table. It is increased because it must maintain link-state databases for each area. It is decreased because all backbone routes are summarized as the default route.
Answer: C Section: (none) Explanation/Reference:
QUESTION 29 How does the ProCurve Adaptive EDGE Architecture support
convergence? A. B. C. D.
by enhancing edge compression of video streams by supporting prioritized traffic at the edge of the network by translating analog signals to digital signals at the edge of the network by supporting a variety of Layer 3 protocols at the edge and in the core of the network
Answer: B Section: (none) Explanation/Reference:
QUESTION 30 Why are Ethernet and IP the fundamental technologies for converged networks? (Select two.) A. B. C. D.
They are widely deployed. They offer mature standards. They offer high levels of security. They are not disrupted by power outages.
Answer: AB Section: (none) Explanation/Reference:
QUESTION 31 What is a Triple Play network? A. B. C. D.
a network that supports IP, IPX/SPX, and AppleTalk a network that includes 10 Mbps, 100 Mbps, and 1 Gpbs clients a network that carries voice, video, and data over a single infrastructure a network that features a core layer, a distribution layer, and an edge layer
Answer: C Section: (none) Explanation/Reference:
QUESTION 32 Why is VoIP more sensitive to network congestion than traditional data applications? A. B. C. D.
VoIP uses more bandwidth than data applications. VoIP requires dedicated virtual circuits to provide adequate voice quality. VoIP depends on frequent broadcasts to maintain location and inventory information. VoIP requires that packets be transmitted and received at predictable, fixed intervals.
Answer: D Section: (none) Explanation/Reference:
QUESTION 33 Which items are synchronized when a second management module is installed in a ProCurve Switch 8212zl? (Select three) A. B. C. D. E. F.
IP route tables boot directives uncompressed OS running configuration startup configuration stored software images
Answer: BEF Section: (none) Explanation/Reference:
QUESTION 34 A ProCurve Switch 8212zl is provisioned with two 1500W power supplies. What is the status of the switch's ability to provide PoE? A. B. C. D.
The switch requires a power shelf to provide any PoE power. The switch requires two additional power supplies to provide any PoE power. The switch can provide up to 900 watts of PoE power to six interface modules. The switch can provide up to 1800 watts of PoE power to 12 interface modules.
Answer: D Section: (none) Explanation/Reference:
QUESTION 35 At a customer site, you upload a new software version to the primary flash area of a ProCurve Switch 8212zl. The secondary flash area is unchanged and continues to hold the currently running software. When you reboot the system using the primary flash image, the CLI is not available because of software corruption. How can you recover access to the switch? A. Power down the switch, remove the active management module, and then restart the switch. B. Use the Clear and Reset buttons on the management module to erase the current configuration and restart the switch. C. Connect to the active management module with a serial connection, restart the switch, and select secondary from the Boot Profiles menu. D. Press and hold the System Reset button on the System Support Module to force a management module switchover. Answer: C Section: (none) Explanation/Reference:
QUESTION 36
What is the effect of a fabric module failure on a ProCurve Switch 8212zl with two fabric modules installed? A. B. C. D.
The switch can no longer support 10 GbE modules. Only half of the switch's interface ports continue forwarding. Switch forwarding is interrupted for 30 seconds by the fabric module switchover. All ports continue forwarding, but maximum switching capacity is reduced by 50 percent.
Answer: D Section: (none) Explanation/Reference:
QUESTION 37 Which items are interchangeable between the ProCurve Switch 5412zl and the Switch 8212zl? (Select two.) A. B. C. D. E.
fabric module software image interface module management module system support module
Answer: BC Section: (none) Explanation/Reference:
QUESTION 38 What is the role of the System Support Module on a ProCurve Switch 8212zl? A. B. C. D.
enable remote access by ProCurve support personnel provide an interface for out-of band management access maintain forwarding during management module switchover host system-level components such as fan control and system clock
Answer: D Section: (none) Explanation/Reference:
QUESTION 39 If the active management module of a ProCurve Switch 8212zl is in Slot 2, what is the effect of the following CLI commands? 8212zl#redundancy switchover ... Do you want to continue [y/n]? y Do you want to save current configuration [y/n]? y A. The module in Slot 1 is set to become the active module on the next boot. B. The system is restarted, and the module in Slot 1 assumes the active role. C. The module in Slot 1 reboots immediately and becomes the active module.
D. The module in Slot 2 is restarted, and the module in Slot 1 assumes the active role. Answer: D Section: (none) Explanation/Reference:
QUESTION 40 What are differences between the software features of the ProCurve Switch 5412zl and the Switch 8212zl? (Select two.) A. The 8212zl supports IPv4 and IPv6. The 5412zl supports only IPv4. B. The 8212zl supports PIM-Dense and PIM-Sparse. The 5412zl supports only PIM-Dense. C. The 8212zl supports commands to manage redundant management modules. The 5412zl does not support these commands. D. The 8212zl supports multiple configuration files that can be associated with different flash areas. The 5412zl does not support multiple configuration files. E. The 8212zl supports advanced features such as OSPF and VRRP by default. The 5412zl requires a Premium License to support these features. Answer: CE Section: (none) Explanation/Reference:
QUESTION 41 Which commands can be accessed during a serial console session with the standby management module on a ProCurve Switch 8212zl? (Select two.) A. B. C. D.
all show commands all commands available to Operator level users show commands related to redundancy show commands related to flash contents on the standby module
Answer: CD Section: (none) Explanation/Reference:
QUESTION 42 Why is PIM called protocol independent? A. B. C. D.
because it offers dense and sparse modes because it supports all multicast application protocols because it is compatible with other multicast routing protocols because it can use information derived from any IP routing source
Answer: D Section: (none) Explanation/Reference:
QUESTION 43 Which part of the multicast address range is used by routing protocols such as RIPv2 and OSPF? A. B. C. D.
AD-HOC Block Internetwork Control Block Local Network Control Block Administratively Scoped Address Block
Answer: C Section: (none) Explanation/Reference:
QUESTION 44 You must configure IP multicast on a ProCurve Switch 5406zl. In which context is it necessary to enable IGMP? A. B. C. D.
in the global configuration context for all VLANs defined on the switch for all VLANs that will support multicast hosts for all VLANs associated with switch-to-switch links
Answer: C Section: (none) Explanation/Reference:
QUESTION 45 You must configure IP multicast on a ProCurve Switch 5412zl in the distribution layer of a customer network. Where will it be necessary to enable PIM? A. B. C. D.
every user-defined VLAN VLAN 1 and switch-to-switch links ports with directly connected users every VLAN that will carry multicast traffic
Answer: D Section: (none) Explanation/Reference:
QUESTION 46 During a multicast transmission, a PIM-Dense router receives Leave Group messages from all downstream IGMP hosts that had requested the transmission. After sending a PIM Prune message upstream, which action does the router take? A. immediately drops the multicast group's S,G pair from its PIM table B. queries PIM neighbors to determine if it should keep the multicast group's S,G pair in its PIM table C. drops the multicast group's S,G pair after forwarding the Leave Group messages to neighboring PIM routers
D. maintains the multicast group's S,G pair in its PIM table as long as the stream is being transmitted Answer: D Section: (none) Explanation/Reference:
QUESTION 47 When designing a multicast solution, what circumstance requires that you specify PIM as well as IGMP? A. B. C. D.
Multicasts need to be routed. Multicasts will have multiple sources. Multicasts will have high usage among end users. Multicasts will require large amounts of bandwidth.
Answer: A Section: (none) Explanation/Reference:
QUESTION 48 Which circumstances might make PIM-Dense a better solution than PIM-Sparse for a multicast domain? (Select two.) A. B. C. D. E.
All domain routers support IGMP as well as PIM. The domain must support more than 50 routers. Bandwidth is plentiful on links connecting routers. Routers with group presence are in close proximity. All domain routers support Layer 3 prioritization markers.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 49 An unmanaged Layer 2 switch that does not support IP multicast receives a multicast transmission. What does the switch do? A. B. C. D.
It drops the traffic. It forwards the traffic through all ports. It forwards the traffic toward its default gateway. It forwards the traffic as a unicast through all ports.
Answer: B Section: (none) Explanation/Reference:
QUESTION 50
In a PIM-Sparse domain, what is the responsibility of the Bootstrap Router (BSR)? A. B. C. D.
maintaining a PIM route table for all domain routers providing a boundary with PIM-Dense routing domains distributing associations between Rendezvous Points and multicast groups providing the root of multicast distribution trees for administratively defined groups
Answer: C Section: (none) Explanation/Reference:
QUESTION 51 What is an advantage of implementing Multiple Spanning Tree Protocol (MSTP) instead of Rapid Spanning Tree Protocol (RSTP)? A. B. C. D.
MSTP provides better support for legacy STP. MSTP generates less traffic for STP convergence. MSTP enables more complete use of all switch-to-switch links. MSTP provides for faster failover if the root bridge becomes unavailable.
Answer: C Section: (none) Explanation/Reference:
QUESTION 52 You must configure VRRP on two ProCurve 8212zl switches that are also members of a single-instance Spanning Tree. One of the switches is the Root bridge in the Spanning Tree. How will the switch's role in the Spanning Tree affect its VRRP configuration? A. B. C. D.
The Spanning Tree root must be Backup for all VRIDs. The Spanning Tree root must also be Master of all VRIDs. The Spanning Tree root must be Backup for all VRIDs associated with its directly connected VLANs. The Spanning Tree root must be Master for all VRIDs associated with VLANs for which it does not have direct links.
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 What is a difference between router redundancy support on the 5304xl and the 5406zl? A. B. C. D.
The 5406zl supports VRRP. The 5304xl supports XRRP. The 5406zl supports VRRP and VRRP-E. The 5304xl supports only VRRP-E. The 5406zl can support 255 virtual routers. The 5304xl can support only 128 virtual routers. The 5406zl can be Master or Backup for any VRRP instance. The 5304xl can be only Backup.
Answer: A
Section: (none) Explanation/Reference:
QUESTION 54 On a ProCurve Switch 8212zl, which feature must be enabled before you can enable VRRP? A. B. C. D.
RIP MSTP IP routing IP multicast
Answer: C Section: (none) Explanation/Reference:
QUESTION 55 Which Spanning Tree version is enabled when the following command is issued at the CLI of a ProCurve Switch 8212zl? 8212zl(config)# spanning-tree A. B. C. D.
STP PVST RSTP MSTP
Answer: D Section: (none) Explanation/Reference:
QUESTION 56 You must design an MSTP solution for a new customer network that will deploy 8212zl switches in the core and 3500yl and 5400zl switches at the edge. All of the switches will belong to a single MST region. Which factor will determine how many MST instances the region will require to ensure that all links are in a forwarding state for at least one VLAN? A. B. C. D.
the number of switches at the network edge the total number of VLANs configured on the switches the number of switches with shared VLAN configurations the number of redundant paths between one edge switch and the core
Answer: D Section: (none) Explanation/Reference:
QUESTION 57 At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicates
that both switches are the Root of MST instance 1. Which statement explains this output? A. B. C. D.
The switches have identical Bridge Priorities. The switches have different MST configuration names. One of the switches has been configured for RSTP operation. The switches have identical Port Priorities for ports associated with the instance.
Answer: B Section: (none) Explanation/Reference:
QUESTION 58 You must configure Multiple Spanning Tree Protocol (MSTP) on two ProCurve 8212zl switches and four 5406zl switches. Which step is necessary to ensure that all of the switches join the same MST region? A. B. C. D.
Configure the switches with identical Port Priorities for shared links in each MST instance. Configure all switch-to-switch links in each MST instance as tagged members of all user VLANs. Configure Bridge Priorities on all switches so that each MST instance has a different Root Bridge. Configure the switches with identical config-names, config-revisions, and VLAN-to-instance mappings.
Answer: D Section: (none) Explanation/Reference:
QUESTION 59 What is the effect of a fabric module failure on a ProCurve Switch 8212zl with two fabric modules installed? A. B. C. D.
The switch can no longer support 10 GbE modules. Only half of the switch's interface ports continue forwarding. Switch forwarding is interrupted for 30 seconds by the fabric module switchover. All ports continue forwarding, but maximum switching capacity is reduced by 50 percent.
Answer: D Section: (none) Explanation/Reference:
QUESTION 60 What is the minimum number of power supplies required to enable forwarding by all interface modules in a fully populated ProCurve Switch 8212zl? A. B. C. D.
1 2 3 4
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 You install two new management modules in a ProCurve Switch 8212zl. Assuming that both modules pass self-test, which module will become active when the switch is started? A. B. C. D.
the module in Slot 1 the module that passes self-test first the module with the lowest MAC address the module with the most recent software version
Answer: A Section: (none) Explanation/Reference:
QUESTION 62 What is the effect of executing the following commands entered at the prompt of a ProCurve Switch 8212zl? 8212zl(config)#reload ... Do you want to continue [y/n]? y A. B. C. D.
The active management module is rebooted and goes to standby status. Both management modules are rebooted. The standby module becomes active. All modules are rebooted. The management modules retain their standby or active status. The active management module and all interface modules are rebooted. The active management module remains active.
Answer: A Section: (none) Explanation/Reference:
QUESTION 63 At a customer site, you must install a second management module in Slot 2 on a ProCurve Switch 8212zl. Both flash memory areas of the new management module contain software version K.12.44. The primary and secondary flash memory areas of the module already in Slot 1 contain software version K.12.43. How will the installation affect the contents of the modules' memory areas? A. K.12.44 will be installed in both areas on the Slot 1 module. B. K.12.43 will be installed in both areas on the Slot 2 module. C. K.12.43 will be installed in the primary area of the Slot 2 module. K.12.44 will be installed in the secondary area of the Slot 1 module. D. K.12.44 will be installed in the inactive area on the Slot 1 module. K.12.43 will be installed in the secondary area of the Slot 2 module. Answer: B Section: (none) Explanation/Reference:
QUESTION 64 What is the purpose of the RJ-45 port on the management module of a ProCurve Switch 8212zl? A. B. C. D.
provide 10 GbE uplink provide serial connection for console access provide interface for out-of-band Ethernet management provide interface for IP access when no interface modules are installed
Answer: B Section: (none) Explanation/Reference:
QUESTION 65 If the active management module of a ProCurve Switch 8212zl is in Slot 2, what is the immediate effect of the following CLI commands? 8212zl(config)#redundancy active-management management-module1 8212zl(config)#write memory A. B. C. D.
The module in Slot 1 immediately becomes the active module. The module in Slot 1 is set to become the active module on the next boot. The system is restarted, and the module in Slot 1 assumes the active role. The module in Slot 2 is restarted, and the module in Slot 1 assumes the active role.
Answer: B Section: (none) Explanation/Reference:
QUESTION 66 What are differences between the architecture of the ProCurve Switch 5412zl and the Switch 8212zl? (Select two.) A. B. C. D.
The 8212zl can support 12 10 GbE modules. The 5412zl can support only 10. The 8212zl can support two management modules. The 5412zl can only support one. The 8212zl can use only zl interface modules. The 5412zl can use zl modules and xl modules. The 8212zl features a modular switching fabric. The switching fabric of the 5412zl is located on the backplane. E. The 8212zl can provide PoE only on modules in Slot A and Slot B. The 5412zl can provide PoE on all interface modules. Answer: BD Section: (none) Explanation/Reference:
QUESTION 67 A ProCurve Switch 8212zl is provisioned with two 1500W power supplies. What is the status of the switch's ability to provide PoE?
A. B. C. D.
The switch requires a power shelf to provide any PoE power. The switch requires two additional power supplies to provide any PoE power. The switch can provide up to 900 watts of PoE power to six interface modules. The switch can provide up to 1800 watts of PoE power to 12 interface modules.
Answer: D Section: (none) Explanation/Reference:
QUESTION 68 Why are Ethernet and IP the fundamental technologies for converged networks? (Select two.) A. B. C. D.
They are widely deployed. They offer mature standards. They offer high levels of security. They are not disrupted by power outages.
Answer: AB Section: (none) Explanation/Reference:
QUESTION 69 How does a dedicated voice VLAN enhance QoS for a VoIP implementation? A. B. C. D.
It isolates phones from data broadcasts. It eliminates the need for Layer 2 priority markers. It enables routing without Layer 3 priority markers. It ensures that priorities set by phones will be enforced.
Answer: A Section: (none) Explanation/Reference:
QUESTION 70 How does the ProCurve Adaptive EDGE Architecture support convergence? A. B. C. D.
by enhancing edge compression of video streams by supporting prioritized traffic at the edge of the network by translating analog signals to digital signals at the edge of the network by supporting a variety of Layer 3 protocols at the edge and in the core of the network
Answer: B Section: (none) Explanation/Reference:
QUESTION 71 What are the benefits offered by converged networks? (Select two.) A. B. C. D. E.
simplified adds, moves, changes unified support for IPv4 and for IPv6 lowered costs for switches and routers enhanced quality for voice transmissions integrated support for voice, video, and data
Answer: AE Section: (none) Explanation/Reference:
QUESTION 72 By default, what type of route has the lowest administrative distance on a ProCurve Switch 3500yl? A. B. C. D.
RIP static OSPF directly connected
Answer: D Section: (none) Explanation/Reference:
QUESTION 73 You must configure RIP on a ProCurve Switch 3500yl. Why is it not necessary to enable RIP in the context of VLANs connected only to end stations? A. B. C. D.
because the 3500yl route table already includes routes to the end stations because the 3500yl automatically includes connected routes in RIP updates because the 3500yl automatically summarizes routes to all networks without RIP neighbors because the 3500yl only exchanges information about router-to-router links with RIP neighbors
Answer: B Section: (none) Explanation/Reference:
QUESTION 74 Which address is valid for the loopback interface of a ProCurve Switch 5406zl? A. B. C. D.
192.168.1.1/8 192.168.1.1/16 192.168.1.1/24 192.168.1.1/32
Answer: D
Section: (none) Explanation/Reference:
QUESTION 75 What is the default metric for a RIP interface on ProCurve switches? A. B. C. D.
1 10 15 120
Answer: A Section: (none) Explanation/Reference:
QUESTION 76 Click the Exhibit button. Assume RIP is configured correctly on all routers. What is a potential problem with this topology?
A. B. C. D.
Router1 is not Telnet accessible. VLAN 1 is susceptible to broadcast storms. Hosts in VLAN 27 cannot contact hosts in VLAN 46. The link between Router1 and Router2 will not carry user traffic.
Answer: B Section: (none) Explanation/Reference:
QUESTION 77 What is the significance of the Gateway field in the IP route table of a ProCurve Switch 8212zl? A. It identifies the local interface that leads to a remote network. B. For remote networks, it identifies the number of hops between this router and the destination network. For local networks, it contains all zeros. C. It identifies the IP address of the interface that is serving as the primary default gateway for connected hosts in the VLAN associated with the interface.
D. For remote networks, it identifies the IP address of the next hop router. For local networks, it identifies the VLAN ID associated with the network interface on the switch. Answer: D Section: (none) Explanation/Reference:
QUESTION 78 Click the Exhibit button. What is indicated by this entry from the IP route table of a ProCurve Switch 8212zl?
A. B. C. D.
The switch's neighbor on VLAN 172 is not available. The switch's address on VLAN 172 is 192.168.1.254. All traffic forbidden by ACLs will be redirected to 192.168.1.254. VLAN 172 is the gateway to networks not specified by other route table entries.
Answer: D Section: (none) Explanation/Reference:
QUESTION 79 When performing manual summarization, why is it recommended to disable RIP on the interface that leads to the summarized networks? A. B. C. D.
to allow the router to auto-summarize ranges on other interfaces to prevent the router from receiving information about networks already in the route table to avoid advertising the static route used for summarization to routers connected to the interface to enable the static route used for summarization to be advertised over downstream router interfaces
Answer: B Section: (none) Explanation/Reference:
QUESTION 80 You are configuring IP multicast on a ProCurve Switch 5406zl. OSPF is enabled. All VLANs have been defined and IP addresses assigned to all routed interfaces. IGMP has been enabled for all VLANs that will support multicast hosts. To enable PIM, you issue the following commands: 5406zl(config)#ip multicast-routing 5406zl(config)#router pim
What is the remaining step in this process? A. B. C. D.
Enable IGMP at the global configuration level. Enable PIM only on interfaces that lead to other routers. Enable PIM for every VLAN that will support Layer 3 multicast. Enable sparse mode for every VLAN that will support Layer 3 multicast.
Answer: C Section: (none) Explanation/Reference:
QUESTION 81 When designing a multicast solution, what circumstance requires that you specify PIM as well as IGMP? A. B. C. D.
Multicasts need to be routed. Multicasts will have multiple sources. Multicasts will have high usage among end users. Multicasts will require large amounts of bandwidth.
Answer: A Section: (none) Explanation/Reference:
QUESTION 82 In a PIM-Sparse routing domain, which router is the root node of a multicast distribution tree? A. B. C. D.
Bootstrap Router Rendezvous Point first router to receive an IGMP join router closest to the mulitcast source
Answer: B Section: (none) Explanation/Reference:
QUESTION 83 Which multicast address scope is recommended by the IANA for multicasts that will be contained within a single organization? A. B. C. D.
local scope global scope enterprise scope administrative scope
Answer: D Section: (none) Explanation/Reference:
QUESTION 84 When does a PIM-Dense router add an S,G pair to its PIM routing table? A. B. C. D.
when it receives a PIM Graft message when it receives a multicast transmission when it receives a multicast advertisement when it receives a Hello message from a neighbor
Answer: B Section: (none) Explanation/Reference:
QUESTION 85 Analysis of traffic on an enterprise network indicates that a multicast-enabled router floods multicast traffic to all networks. Which type of protocol is the router using? A. B. C. D.
sparse-mode dense-mode group-management protocol-dependent
Answer: B Section: (none) Explanation/Reference:
QUESTION 86 You have verified that a ProCurve Switch 5406zl is correctly configured for PIM dense mode. The switch's IGMP table shows active hosts who are members of multicast group 239.192.11.11. The multicast is in progress and all hosts are receiving the content. However, the multicast group does not appear in the switch's PIM route table. What does this indicate about the 239.192.11.11 multicast group? A. B. C. D.
PIM has not been enabled globally. The switch is Querier for the group. The server and receivers are in different VLANs. The switch is forwarding the multicast at Layer 2.
Answer: D Section: (none) Explanation/Reference:
QUESTION 87 Why does IP multicast distribute multimedia content more efficiently than unicast? A. It provides bandwidth guarantees. B. It forces synchronization of audio and video. C. It places less load on network infrastructure.
D. It enhances the performance of video codecs. Answer: C Section: (none) Explanation/Reference:
QUESTION 88 Click the Exhibit button. To enable hosts in VLAN 70 to receive multicasts from the server, where must you enable both PIM and IGMP?
A. B. C. D.
VLAN 70 VLAN 110 VLAN 70 and VLAN 110 VLAN 1 and VLAN 110
Answer: C Section: (none) Explanation/Reference:
QUESTION 89 You connect an IP telephone that supports LLDP-MED to a port on a ProCurve Switch 5406zl. The port is a member of an administratively defined voice VLAN and also requires 802.1X authentication. How will LLDPMED and 802.1X interact? A. The switch will permit LLDP-MED communication with the phone after authentication is complete. B. The switch will exempt the phone from the 802.1X requirement after confirming its LLDP-MED information. C. The switch will use information from the phone's first LLDP-MED frame to submit its authentication credentials. D. The switch will submit the phone's authentication credentials to a RADIUS server after the devices exchange LLDP-MED information. Answer: A Section: (none) Explanation/Reference:
QUESTION 90 Which prioritization capability is provided at default settings by all managed ProCurve switches? A. B. C. D.
Map DSCP values to physical queues. Classify traffic according to TCP port number. Classify traffic based on 802.1p values set by other devices. Translate Layer 2 priority markers to Layer 3 priority markers.
Answer: C Section: (none) Explanation/Reference:
QUESTION 91 You are planning a network upgrade at a small company. During a meeting, you learn that the customer will install VoIP telephones that set Layer 2 priority markers for all voice traffic. The VoIP traffic will not cross any routed links. What is necessary to ensure that ProVision ASIC switches maintain the priorities set by the phones? (Select two.) A. B. C. D. E.
GMB settings for voice traffic default QoS configuration settings tagged links for all voice VLAN traffic an IEEE 802.1p-to-DSCP map for voice traffic rate limiting on all ports that support VoIP phones
Answer: BC Section: (none) Explanation/Reference:
QUESTION 92 How does LLDP-MED enhance LLDP? A. B. C. D.
by enabling network devices to discover endpoints by enabling network devices to discover IGMP hosts by enabling network devices to discover PSTN PBX devices by enabling network devices to discover multicast routers
Answer: A Section: (none) Explanation/Reference:
QUESTION 93 A user of a new VoIP infrastructure reports that she unintentionally speaks at the same time as the person on the other end of the line. What is a likely cause of this condition? A. B. C. D.
excessive jitter excessive delay excessive echo excessive packet collisions
Answer: B Section: (none) Explanation/Reference:
QUESTION 94 Click the Exhibit button. At this prompt, you enter qos dscp 011100, a DSCP codepoint that maps to an IEEE 802.1p priority value of 4. What is the effect of this command?
A. B. C. D.
The Layer 2 and Layer 3 priorities for VLAN 90 will be different. The DSCP codepoint will be re-mapped to 802.1p priority 7 for VLAN 90. The current VLAN 90 priority of 7 will be replaced with a new priority of 4. The command will have no effect because the higher priority will take precedence.
Answer: C Section: (none) Explanation/Reference:
QUESTION 95 You must configure Guaranteed Minimum Bandwidth on a ProCurve Switch 5412zl to increase the bandwidth available for high-priority video traffic. Which CLI configuration context must you enter to complete this task? A. B. C. D.
port QoS global VLAN
Answer: A Section: (none) Explanation/Reference:
QUESTION 96 What is the default number of queues on a ProCurve Switch 8212zl? A. 2 B. 4 C. 7
D. 8 E. 12 Answer: D Section: (none) Explanation/Reference:
QUESTION 97 You are designing a prioritization scheme based on the IEEE 802.1p standard. HTTP traffic should receive low priority treatment. Which 802.1p values will fulfill this requirement? (Select two.) A. B. C. D. E.
0 1 2 3 4
Answer: BC Section: (none) Explanation/Reference:
QUESTION 98 In a converged network, what does video traffic require in comparison to voice traffic? A. B. C. D.
less delay higher priority more bandwidth more expensive cabling
Answer: C Section: (none) Explanation/Reference:
QUESTION 99 What is Class of Service (CoS)? A. B. C. D.
a synonym for Quality of Service (QoS) a method for measuring Quality of Service (QoS) a proprietary solution for Quality of Service (QoS) a mechanism for providing Quality of Service (QoS)
Answer: D Section: (none) Explanation/Reference:
QUESTION 100
How can you minimize delay for all traffic types in your network infrastructure? A. B. C. D.
Implement PIM-Sparse instead of PIM-Dense. Deploy non-blocking switches whenever possible. Install gigabit network interface cards in end stations. Configure all switches to implement prioritization technologies.
Answer: B Section: (none) Explanation/Reference:
QUESTION 101 A ProCurve Switch 8212zl will be the ABR for OSPF areas 0 and 6. While enabling this configuration, you enter the following command at the switch's CLI: 8212zl(lo-0)#ip ospf all area 6 What is the effect of this command? A. B. C. D.
The loopback interface will be a stub area. The loopback interface will not be advertised in summary LSAs. The loopback interface will be included in the non-backbone area. The loopback interface will not be accessible to hosts in networks outside of area 6.
Answer: C Section: (none) Explanation/Reference:
QUESTION 102 Which step is necessary to enable an OSPF-enabled ProCurve Switch 8212zl to act as an Autonomous System Boundary Router (ASBR)? A. B. C. D.
Enable redistribution. Define an area range summary. Enable equal-cost multipath routing. Define multiple non-backbone areas.
Answer: A Section: (none) Explanation/Reference:
QUESTION 103 What is the advantage of defining multiple OSPF areas for a large intranet? A. B. C. D.
reduce the processing load on ABRs provide multiple paths from internal routers to ASBRs reduce the total number of LSAs maintained by internal routers enable all routers to communicate directly with the backbone area
Answer: C Section: (none) Explanation/Reference:
QUESTION 104 What is an OSPF virtual link? A. B. C. D.
a link that connects an ABR to the backbone area through a non-backbone area a link that provides a redundant connection between an internal router and an ABR a link that enables an ABR to exchange routes with a router in another OSPF domain a link that provides a redundant connection between an ASBR and a non-OSPF domain
Answer: A Section: (none) Explanation/Reference:
QUESTION 105 What is the role of an OSPF Autonomous System Boundary Router? A. B. C. D.
to connect multiple non-backbone areas to connect backbone areas to non-backbone areas to connect OSPF domains with domains that use other routing protocols to connect a backbone area to the backbones of other OSPF routing domains
Answer: C Section: (none) Explanation/Reference:
QUESTION 106 The output of show ip ospf link-state on a ProCurve Switch 3500yl shows that the age of one Network Link State Advertisement (LSA) is 1819. How will this affect the router's behavior? A. B. C. D.
The router will request a new LSA from the neighbor that sent it. The router will ignore all LSAs from the neighbor until they are refreshed. The router will ignore the advertisement when running its Shortest Path First (SPF) algorithm The router will place the advertised route in its IP route table if it has not learned another route to the same network.
Answer: C Section: (none) Explanation/Reference:
QUESTION 107 All IP interfaces defined on a ProCurve Switch 5406zl are members of OSPF area 5. What does this indicate?
A. B. C. D.
Area 5 is a transit area. The 5406zl is an internal router. Area 5 is a not so stubby area (NSSA). The 5406zl cannot be elected Designated Router.
Answer: B Section: (none) Explanation/Reference:
QUESTION 108 By default, how will a ProCurve Switch 5406zl select its OSPF Router ID if the ID is not configured by the administrator? (Select two.) A. B. C. D. E.
The Default VLAN IP address becomes the Router ID. The lowest IP address assigned to an OSPF interface becomes the Router ID. The highest IP address assigned to an OSPF interface becomes the Router ID. The lowest IP address on the lowest numbered loopback interface becomes the Router ID. The highest IP address on the highest numbered loopback interface becomes the Router ID.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 109 Which protocol for default gateway redundancy is supported by the ProVision ASIC switches? A. B. C. D.
XRRP VRRP HSRP FSRP
Answer: B Section: (none) Explanation/Reference:
QUESTION 110 While configuring two 8212zl switches, you enable VRRP on the Backup router before enabling VRRP on the Owner. What is the effect of this procedure? A. B. C. D.
No default gateway will be available until the Master is enabled. Users will experience a brief interruption when VRRP is enabled on the Master. The Backup router will issue an error when it does not find a Master on the VRIDs. The routers will not assume the correct roles unless the Backup is restarted after VRRP is enabled on the Master.
Answer: B Section: (none)
Explanation/Reference:
QUESTION 111 How can you ensure that a particular switch will be elected Root Bridge of an MST instance, assuming all Spanning Tree settings on other switches are at the default ? A. B. C. D.
Set the CIST Bridge Priority to 0. Set the Bridge Priority for the instance to 0. Set the Port Priority for each port in the instance to 0. Set the Bridge Priority for each VLAN in the instance to 0.
Answer: B Section: (none) Explanation/Reference:
QUESTION 112 You must configure a ProCurve Switch 8212zl to be the Owner of a VRID associated with VLAN 10. What must be true of the virtual IP address for the VRID? A. B. C. D.
It must use a classful network mask. It must be an address on a multi-netted interface. It must match the router's address for the VLAN 10 interface. It must match the address assigned to VLAN 10 on the Backup router.
Answer: C Section: (none) Explanation/Reference:
QUESTION 113 Which Spanning Tree protocol is implemented on the ProVision ASIC switches? A. B. C. D.
STP PVST MSTP RSTP
Answer: C Section: (none) Explanation/Reference:
QUESTION 114 How does the Virtual Router Redundancy Protocol (VRRP) enhance network availability? A. B. C. D.
by providing redundant default gateways for clients by providing redundant links between edge and core layers by enabling routers to learn redundant paths to remote networks by supporting the configuration of redundant gateways on VRRP-aware clients
Answer: A Section: (none) Explanation/Reference:
QUESTION 115 You must design a Virtual Router Redundancy Protocol (VRRP) solution for a new customer network that will deploy two 8212zl switches in the core and 3500yl switches at the edge. The 8212zl switches will provide default gateway services for all hosts. MSTP will be enabled on all switches. How can your VRRP design ensure that the direct paths between hosts and their default gateways are not blocked by Spanning Tree when all links are up? A. B. C. D.
Ensure that one core router is configured as Owner of all VRIDs. Ensure that the VLANs in each MST instance are associated with different VRIDs. Ensure that the Root Bridge of the Common Spanning Tree (CST) is also Owner of all VRIDs. Ensure that the Root Bridge of each MST instance is also the Owner of all VRIDs associated with VLANs in that instance.
Answer: D Section: (none) Explanation/Reference:
QUESTION 116 At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicates that both switches are the Root of MST instance 1. Which statement explains this output? A. B. C. D.
The switches have identical Bridge Priorities. The switches have different MST configuration names. One of the switches has been configured for RSTP operation. The switches have identical Port Priorities for ports associated with the instance.
Answer: B Section: (none) Explanation/Reference:
HP0-Y18 dump 20q_v2.73.20q Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 Pass4Side HP HP0-Y18 HP HP0-Y18 ProCurve Mobility
Exam A QUESTION 1 What is the default management username and password on the ProCurve AP 530? A. B. C. D.
The username is admin, and the password is admin. The username is admin, and the password is procurve. The username is manager, and the password is procurve. The username is admin, and there is no default password.
Answer: A Section: (none) Explanation/Reference:
QUESTION 2 Which security option was part of the original 802. 11 standard? A. B. C. D.
802. 1X Shared-key WEP Dynamic Wired Equivalent Privacy (WEP) Wi-Fi Protected Access with preshared keys (WPA-PSK)
Answer: B Section: (none) Explanation/Reference:
QUESTION 3 When can a station no longer communicate with an AP? A. B. C. D.
when the received signal falls below 0 dBm when the received signal falls below the background noise when the received signal falls below the station's receiver sensitivity when the received signal falls below the fade margin for the wireless cell
Answer: C Section: (none) Explanation/Reference:
QUESTION 4 What does the slot time determine? A. the number of seconds the AP waits between sending beacons B. the length of time the station waits between detecting a transmission and sending a frame C. the beginning of the 802. 11 frame, which enables the AP and the station to synchronize their transmissions D. how long the station can "sleep" before it must become active and check the AP to see if there are any transmissions waiting for it Answer: B
Section: (none) Explanation/Reference:
QUESTION 5 You want ProCurve Radio Port (RP) 1's radio to function as a neighbor for RP 2's radio.RP 1 will monitor RP 2 and take action if RP 2 becomes unavailable.You configure RP 1's radio to take which action if RP 2 becomes unavailable? (Select two. ) A. B. C. D. E.
Open its data rates. Change the radio's channel. Increase the radio's transmit power. Order stations associated with RP 2 to roam. Change the radio mode from 802. 11a to 802. 11b/g.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 6 The ProCurve Mobility Manager (PMM) site-planning tool provides an Auto Placement tool.What does this tool take into account as it places devices on the floor plan? A. B. C. D.
the existing RF interference the obstacles that you have defined other devices already placed on the floor plan the floor plan dimensions and desired capacity
Answer: D Section: (none) Explanation/Reference:
QUESTION 7 Wireless networks present certain challenges.Which wireless network challenge does ProCurve Mobility Infrastructure Solutions help you address? A. B. C. D.
Users are less productive when using a wireless connection. 802. 11 standards do not provide any guidelines for Layer 2 roaming. 802. 11 standards do not provide any encryption, so you must create VPN tunnels to each end station. Multiple users connect to the network through the same AP, but access must be authorized for each user.
Answer: D Section: (none) Explanation/Reference:
QUESTION 8 What is a function of ProCurve Identity Driven Manager (IDM)?
A. It identifies which wireless users must associate to the wireless network. B. It enables you to load different configuration files onto your ProCurve Mobility Infrastructure devices. C. It guides you in creating policies that can be applied, through RADIUS, to either wired or wireless users. D. It adds special features to ProCurve Manager (PCM) for configuring radio and wireless security settings.
Answer: C Section: (none) Explanation/Reference:
QUESTION 9 You need to provide a wireless network for a small area that will require two access points.For this wireless network, you want to support both 802. 11b/g and 802. 11a radios throughout the entire coverage area. What would you choose? A. B. C. D.
two ProCurve AP 420s two ProCurve AP 530s ProCurve Wireless LAN System with two Radio Port (RP) 210s ProCurve Wireless LAN System with one RP 230 and one RP 210
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 What does Spanning Tree Protocol (STP) on the ProCurve AP 530 prevent? A. B. C. D.
loops over connections to stations in the wireless network loops over the APs Ethernet and wireless bridge connections loops over connections between stations in the wireless and the wired network loops over connections between only wireless stations associated with multiple APs
Answer: B Section: (none) Explanation/Reference:
QUESTION 11 Which Quality of Service (QoS) mechanism do both the ProCurve AP 420 and the ProCurve AP 530 support? A. B. C. D.
Wi-Fi Multimedia (WMM) SpectraLink Voice Priority (SVP) Differentiated Services (DiffServ) Wi-Fi Multimedia Extensions (WME)
Answer: B Section: (none)
Explanation/Reference:
QUESTION 12 The ProCurve AP 420 radio has one Basic Service Set Identifier (BSSID), and each of the two AP 530 radios has 16 BSSIDs.What is the implication of this difference? A. B. C. D.
The AP 420 can advertise only 1 WLAN, but the AP 530 can advertise 16. The AP 420 can support only 1 WLAN, but the AP 530 can support 32. The AP 420 can support only 1 WLAN, but the AP 530 can support 16. The AP 420 can advertise only 1 WLAN, but the AP 530 can advertise 32.
Answer: A Section: (none) Explanation/Reference:
QUESTION 13 What purpose does the second software image on the ProCurve AP 420 serve? A. B. C. D.
It allows you to choose two different images to load onto the AP. It allows you to keep the last software image that was loaded onto the AP. It provides a failsafe image in the event the primary image becomes corrupted. It provides an alternate software version in the event the primary does not support your configuration.
Answer: C Section: (none) Explanation/Reference: Pass4Side Help you pass any IT Exams! Pass4Side HP HP0-Y18
Page 4 of 6
QUESTION 14 How many configuration files can be stored on the ProCurve AP 420? A. B. C. D.
2: the startup-config and the factory default config 3: the startup-config, the factory default config, and one custom config 3: the factory default config, the startup-config, and the backup startup-config 4: the factory default config, the startup-config, the backup startup-config, and one custom config
Answer: A Section: (none) Explanation/Reference:
QUESTION 15 Your company has a branch office down the street from your main office.You want to connect the networks between the two offices, and physical cabling is not an option.Which wireless devices should you select for this environment? A. two ProCurve AP 420s
B. two ProCurve AP 530s C. two RP 230s and a Wireless Edge Services xl Module D. two RP 220s with Yagi antennas and a Wireless Edge Services zl Module Answer: B Section: (none) Explanation/Reference:
QUESTION 16 You are configuring a ProCurve AP 530.You configure two WLANs.What is one reason to enable the first WLAN only on radio 1 and the second WLAN only on radio 2? A. B. C. D.
to overcome environmental obstacles to double the capacity of each WLAN by using two radios to separate different types of wireless traffic into different collision domains to allow users to choose their radio but still connect to the same Basic Service Set (BSS)
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 Your company wants to use the 2. 4GHz frequency on both of your ProCurve AP 530 radios.What must you do so that both radios can use this frequency? A. B. C. D.
Set both radios to either 802. 11g or 802. 11b. Set both radios to either 802. 11g or 802. 11b, and install an external antenna for radio 2. Install an 802. 11b/g card on radio 2, and set both radios to either 802. 11g or 802. 11b. Set one radio to 802. 11g and one radio to 802. 11b, install an external antenna for radio 1, and configure radio 1 to use an external antenna.
Answer: B Section: (none) Explanation/Reference:
QUESTION 18 Which ProCurve AP 530 feature is most beneficial for a small to medium business that has strong security needs? A. B. C. D.
It monitors for excessive probes to detect possible intrusion attempts. Its internal RADIUS server provides standalone support for 802. 1X authentication. Unlike the ProCurve AP 420, it can operate all 16 of its wireless LANs in closed system. It supports 802. 11a, and hackers generally do not check for networks on this frequency.
Answer: B Section: (none) Explanation/Reference:
QUESTION 19 Your network includes a building with multiple ProCurve AP 530s. You want the APs to enforce the same security settings, but the APs require different radio settings. What is required for ProCurve Mobility Managers (PMMs) to successfully configure the APs? A. You must use a configuration template instead of custom groups to configure the AP 530s. B. You cannot place the AP 530s into a custom group. You must configure all settings individually. C. You must place the AP 530s into a custom group and configure settings from the custom group and configure radio settings individually. D. You must configure the radio settings individually before you place the AP 530s into a custom group; then you can configure other settings. Answer: C Section: (none) Explanation/Reference:
QUESTION 20 When the AP 530 submits the administrator's login credentials to the RADIUS server, the RADIUS server returns a dynamic VLAN assignment of 10 to the AP 530.The AP 530 is using the default settings for dynamic and static VLAN support. In which VLAN does the AP 530 place the network administrator's traffic? A. B. C. D.
32, because dynamic VLANs are disabled by default the default management VLAN, because there is a VLAN conflict 10, because dynamic VLAN assignments override static VLAN assignments 32, because static VLAN assignments override dynamic VLAN assignments
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 You are configuring a WLAN on the ProCurve AP 420.When students, faculty members, and administrators associate to the WLAN, you want them to receive the dynamic VLAN assignment for their particular group. However, when staff members associate to the WLAN you want their traffic to be placed in the VLAN that is assigned to the WLAN. How do you configure the AP 420 to support these VLAN assignments? A. You select the Dynamic VLAN option for the WLAN.Static VLANs are supported by default. B. You select both the Static and Dynamic VLAN options.These global options apply to the entire AP 420. C. You select the Enable VLAN option for the WLAN.This option enables support for both static and dynamic VLANs on this WLAN only. D. You select the Dynamic VLAN option, which enables both static and dynamic VLANs.This global option applies to the entire AP 420. Answer: D Section: (none)
Explanation/Reference:
QUESTION 22 Which ProCurve Mobility Manager (PMM) feature allows you to prevent a station from associating to any AP or a Radio Port (RP) managed by PMM? A. B. C. D.
MAC lockout Inter-station blocking Client deauthentication Access Control List (ACL)
Answer: A Section: (none) Explanation/Reference:
QUESTION 23 Which radio settings can you configure for a ProCurve Radio Port (RP) using ProCurve Mobility Manager (PMM)? (Select two.) Case Study Title (Case Study):
A. B. C. D. E.
Slot time Preamble length Self healing radios Enable or disable a radio Automatic Channel Selection (ACS)
Answer: DE Section: (none) Explanation/Reference:
QUESTION 24 Your company wants to use the 2.4GHz frequency on both of your ProCurve AP 530 radios. What must you do so that both radios can use this frequency? A. B. C. D.
Set both radios to either 802.11g or 802.11b. Set both radios to either 802.11g or 802.11b, and install an external antenna for radio 2. Install an 802.11b/g card on radio 2, and set both radios to either 802.11g or 802.11b. Set one radio to 802.11g and one radio to 802.11b, install an external antenna for radio 1, and configure radio 1 to use an external antenna.
Answer: B Section: (none) Explanation/Reference:
QUESTION 25 Which Quality of Service (QoS) mechanism do both the ProCurve AP 420 and the ProCurve AP 530
support? A. B. C. D.
Wi-Fi Multimedia (WMM) SpectraLink Voice Priority (SVP) Differentiated Services (DiffServ) Wi-Fi Multimedia Extensions (WME)
Answer: B Section: (none) Explanation/Reference:
ProCurve Accelerated ASE Mobility Number: HP0-Y19 Passing Score: 800 Time Limit: 120 min File Version: 3.63
HP0-Y19 ProCurve Accelerated ASE Mobility Version 3.63
Exam A QUESTION 1 What does this output from the show ip ospf neighbor command indicate about the OSPF neighbor relationship between this router and the router with ID 10.3.0.1?
A. B. C. D.
They are in different OSPF areas. They have not formed an adjacency. They are configured with different OSPF versions. They are not eligible to be elected DR or BDR.
Answer: Section: (none) Explanation/Reference: B
QUESTION 2 You are planning a network upgrade at a small company. During a meeting, you learn that the customer will install VoIP telephones that set Layer 2 priority markers for all voice traffic, and the VoIP traffic will not cross any routed links. What is necessary to ensure that ProVision ASIC switches maintain the priorities set by the phones? (Select two.) A. B. C. D. E.
LLDP-MED for all voice VLANs an IEEE 802.1p-to-DSCP map for voice traffic port-based priorities for ports connected to phones default QoS settings tagged links for all voice VLAN traffic
Answer: Section: (none) Explanation/Reference: D, E
QUESTION 3 You connect an IP telephone that supports LLDP-MED to a port on a ProCurve Switch 5406zl. The port is a
member of a voice VLAN and also requires 802.1X authentication. How will LLDP-MED and 802.1X interact? A. The switch will exempt the phone from the 802.1X requirement after confirming its LLDP-MED information. B. The switch will submit the phone's authentication credentials to a RADIUS server after the devices exchange LLDP-MED information. C. The switch will permit LLDP-MED communication with the phone after authentication is complete. D. The switch will use information from the phone's first LLDP-MED frame to submit its authentication credentials. Answer: Section: (none) Explanation/Reference: C
QUESTION 4 Which part of the multicast address range is reserved for applications that will remain within an enterprise intranet? A. B. C. D.
Internetwork Control Block AD-HOC Block Administratively Scoped Address Block Local Network Control Block
Answer: Section: (none) Explanation/Reference: C
QUESTION 5 What is the role of this Switch 3500yl in the OSPF routing domain?
A. B. C. D.
ASBR virtual router ABR internal router
Answer: Section: (none) Explanation/Reference: D
QUESTION 6 You configured VLAN 10 and VLAN 24 on a ProCurve Switch 3500yl-48G. The network servers reside in VLAN 10, which has an IP address range of 10.1.10.0/24. Network clients reside in VLAN 24, which has an IP address range of 10.1.24.0/24. You configure an ACL with these entries and apply it statically to ports in VLAN 24: permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet What is the effect of these ACLs on the clients located in VLAN 24? A. They would have no access at all, because the ACL is misconfigured. B. They would be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but no access anywhere else. C. They would be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but full access to everything else in the 10.1.10.0 subnet. D. They could not access anything in the 10.1.10.0 subnet, because IP has not been specified in the ACL. Answer: Section: (none) Explanation/Reference: B
QUESTION 7 Port C1 on a ProCurve Switch 5412zl is a tagged member of VLAN 50 and an untagged member of VLAN 1. Port C2 and port C3 are at default VLAN settings. What is the effect of the following command entered at the CLI? 5412zl(config)# trunk c1-c3 trk1 A. B. C. D.
The trunk is defined as an untagged member of VLAN 1, but port C1 is not included. The trunk is not defined, because the ports' VLAN memberships do not match. The trunk is defined as an untagged member of VLAN 1 and a tagged member of VLAN 50. The trunk is defined as an untagged member of VLAN 1 but is not a member of VLAN 50.
Answer: Section: (none) Explanation/Reference: D
QUESTION 8 You must configure a ProCurve Switch 8212zl to be the Backup router for a VRID associated with VLAN 10. What must be true of the virtual IP address for the VRID on this router? A. B. C. D.
It must be an address assigned to a multi-netted interface. It must be an address that is not assigned to any interface on either router. It must match the Backup router's address for the VLAN 10 interface. It must match the Owner router's address for the VLAN 10 interface.
Answer: Section: (none) Explanation/Reference: D
QUESTION 9 On a ProCurve Switch 8212zl, which feature must be enabled before you can enable VRRP? A. B. C. D.
MSTP IP routing IP multicast RIP
Answer: Section: (none) Explanation/Reference: B
QUESTION 10 You must configure Multiple Spanning Tree Protocol (MSTP) on two ProCurve 8212zl switches and four 5406zl switches. Which configuration is necessary to ensure that all of the switches join the same MST region? A. The switches must have identical Port Priorities for shared links in each MST instance. B. Bridge Priorities on all switches must be configured so that each MST instance has a different Root Bridge. C. All switch-to-switch links in each MST instance must be tagged members of all user VLANs. D. The switches must be configured with identical config-names, config-revisions, and VLAN-to-instance mappings. Answer: Section: (none) Explanation/Reference: D
QUESTION 11 How can you ensure that a particular switch will be elected Root Bridge of an MST instance, assuming all Spanning Tree settings on other switches are at the default? A. B. C. D.
Set the Bridge Priority for the instance to 0. Set the Port Priority for each port in the instance to 0. Set the Bridge Priority for each VLAN in the instance to 0. Set the CIST Bridge Priority to 0.
Answer: Section: (none) Explanation/Reference: A
QUESTION 12 While analyzing network traffic, you notice that many packets have an 802.1p value of 0. On a ProCurve switch with default QoS settings, what does this indicate? A. B. C. D.
No prioritization settings are in effect on the network. The network relies on Layer 3 classification technologies. The traffic will be mapped to the normal priority queue. The network is not using the default settings on ProCurve switches.
Answer: Section: (none) Explanation/Reference: C
QUESTION 13 At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicates that both switches are the Root of MST instance 1. Which statement explains this output? A. B. C. D.
The switches have different MST configuration names. One of the switches has been configured for RSTP operation. The switches have identical Port Priorities for ports associated with the instance. The switches have identical Bridge Priorities.
Answer: Section: (none) Explanation/Reference: A
QUESTION 14 You must determine if a customer's RADIUS server will support authentication of switch management users for ProCurve switches. Which authentication method is required? A. B. C. D.
PEAP PAP/SPAP MS-CHAP/MS-CHAPv2 CHAP
Answer: Section: (none) Explanation/Reference: B
QUESTION 15 While configuring two 8212zl Switches, you enable VRRP on the Backup router before enabling VRRP on the Owner. What is the effect of this procedure? A. B. C. D.
Users will experience a brief interruption when VRRP is enabled on the Master. The Backup router will issue an error when it does not find a Master on the VRIDs. No default gateway will be available until the Master is enabled. The routers will not assume the correct roles unless the Backup is restarted after VRRP is enabled on the Master.
Answer: Section: (none) Explanation/Reference: A
QUESTION 16 You must configure VRRP on two ProCurve 8212zl switches that are also members of a single-instance
Spanning Tree. One of the switches is the Root Bridge in the Spanning Tree. How will the switch's role in the Spanning Tree affect its VRRP configuration? A. The Spanning Tree root must also be Master of all VRIDs. B. The Spanning Tree root must be Master for all VRIDs associated with VLANs for which it does not have direct links. C. The Spanning Tree root must be Backup for all VRIDs associated with its directly connected VLANs. D. The Spanning Tree root must be Backup for all VRIDs. Answer: Section: (none) Explanation/Reference: A
QUESTION 17 Which protocol is enabled when the following command is entered at the CLI of a Switch 3500yl? 3500yl(config)# spanning-tree A. B. C. D.
PVST RSTP MSTP STP
Answer: Section: (none) Explanation/Reference: C
QUESTION 18 An existing 1000Base-T link between two ProCurve 5406zl Switches at a small university is configured as a member of the faculty VLAN. After an IT manager configures a four-port trunk between the switches, members of the college's faculty report that they can no longer access servers that were available before the trunk was installed. Which statement describes a likely solution for this problem? A. A new link must be configured for the VLAN, because the maximum number of VLANs that the port trunk can support has been exceeded. B. The switch-to-switch link must be added to the port trunk, because the switches cannot simultaneously support port trunks and single-port links between switches. C. The port trunk must be configured for tagged membership in the faculty VLAN, because port trunks do not support untagged VLANs. D. The port trunk must be configured for membership in the faculty VLAN, because the trunk ports are automatically assigned to the default VLAN as untagged members. Answer: Section: (none) Explanation/Reference: D
QUESTION 19 You enabled and activated 802.1X authentication for ports 1-4 on a Switch 3500yl. VLAN membership of the ports is at default settings. Users connecting to the switch will authenticate using Windows IAS and be assigned to VLANs based on policies applied by Identity Driven Manager. You enter the following command:
3500yl(config)#aaa port-access authenticator ethernet 1-4 unauth-vid 33 What is the VLAN membership of these ports while no clients are connected? A. B. C. D.
VLAN 1 VLAN assigned by RADIUS server VLAN 33 VLAN assigned by IDM
Answer: Section: (none) Explanation/Reference: A
QUESTION 20 What is the default state of a ProCurve switch port configured for port-based authentication using 802.1X? A. B. C. D.
authorized learning unauthorized authenticated
Answer: Section: (none) Explanation/Reference: C
QUESTION 21 Besides IP address, which criteria can be used to identify a Network Resource in Identity Driven Manager? (Select two.) A. B. C. D. E.
WLAN MAC address TCP/UDP port SSID Protocol
Answer: Section: (none) Explanation/Reference: C, E
QUESTION 22 What is the purpose of the Global Address Pool on the AP 530? A. B. C. D.
to provide DHCP service for locations without dedicated DHCP servers to provide addresses to Web-Auth users during authentication to provide addresses for users authenticated through the local RADIUS server to provide addresses for MAC-Auth devices that cannot access enterprise DHCP servers
Answer: Section: (none)
Explanation/Reference: B
QUESTION 23 You must configure IP multicast on a ProCurve Switch 5406zl. In which context is it necessary to enable IGMP? A. B. C. D.
for all VLANs defined on the switch for all VLANs associated with switch-to-switch links for all VLANs that will support multicast hosts in the global configuration context
Answer: Section: (none) Explanation/Reference: C
QUESTION 24 What does the value of N.A in this table indicate about the Radio Port (RP)?
A. The RP requires a bootloader code update to enable it to receive an IP address by DHCP. B. The DHCP server on the Wireless Module must be enabled, so that the RP can obtain a valid IP address. C. The Wireless Module must be configured with an IP address in the same network as the switch hosting the RP. D. The RP has been adopted at Layer 2. Answer: Section: (none) Explanation/Reference: D
QUESTION 25 You must install the Identity Driven Manager (IDM) RADIUS Agent for Windows. What is the process for this task? A. At the ProCurve Manager Plus server, associate the RADIUS server with an IDM realm, and deploy the current policy. B. At the RADIUS server, run the ProCurve Manager installer, and select Configure RADIUS Agent when prompted for installation instructions. C. At a client computer, log on to the network from a Location defined in IDM, and attempt to authenticate through the RADIUS server.
D. At the RADIUS server, use a Web browser to access the PCM server, and then download and run the agent installer. Answer: Section: (none) Explanation/Reference: D
QUESTION 26 What are the options for enabling a ProCurve Radio Port (RP) to learn the IP address of a Wireless Module during Layer 3 adoption? (Select two.) A. B. C. D. E.
Define option 189 on the enterprise DHCP server to provide the address. Enable the module's built-in DHCP server. Configure an IAS Remote Access Policy to provide the address during authentication. Configure the enterprise DNS server to provide a hostname for the module. Configure the module with an interface in the RP's Radio Port VLAN.
Answer: Section: (none) Explanation/Reference: A, D
QUESTION 27 When does a ProCurve Radio Port require an IP address? A. B. C. D.
when routing is enabled on the Wireless Module when it must be subject to ACLs configured on the Wireless Module when it must participate in a Layer 3 mobility domain when it resides in a different broadcast domain than the Wireless Module
Answer: Section: (none) Explanation/Reference: D
QUESTION 28 Which user-defined object in Identity Driven Manager is similar to an Access Control Entry (ACE) configured on a ProCurve switch? A. B. C. D.
Access Profile Network Resource Access Policy Network Resource Access Rule
Answer: Section: (none) Explanation/Reference: D
QUESTION 29 Which sources of user identity are directly supported by the user import feature in Identity Driven Manager? (Select three.) A. B. C. D. E. F. G.
CSV file XML file RADIUS server Windows Active Directory LDAP server ODBC database SQL database
Answer: Section: (none) Explanation/Reference: B, D, E
QUESTION 30 You must configure a Wireless Edge Services Module and associated Radio Ports (RPs), which are currently at factory defaults. Which item must be defined before the module can adopt any RPs? A. B. C. D.
primary WLAN configuration mode RP VLAN IP address country code
Answer: Section: (none) Explanation/Reference: D
QUESTION 31 Which capability of the Secure Access Wizard is supported by ProCurve Identity Driven Manager (IDM)? A. B. C. D.
encryption of security-related credentials stored in switch configurations verification of a switch's 802.1X, Web, and MAC authentication settings synchronization of the ProCurve IDM database with Active Directory configuration of 802.1X authenticator ports and RADIUS server settings on a switch
Answer: Section: (none) Explanation/Reference: D
QUESTION 32 In a Windows environment, what is a role of the Identity Driven Manager (IDM) RADIUS Agent? A. to act as a RADIUS proxy server for all clients associating through locations defined in IDM B. to add RADIUS attributes to an Access-Accept packet from IAS
C. to monitor the Window Active Directory user accounts for evidence of unauthorized logins or access attempts D. to ensure that user accounts created in RADIUS databases on ProCurve access points are correctly added to Active Directory on the Domain Controller Answer: Section: (none) Explanation/Reference: B
QUESTION 33 You must create a user in Windows Active Directory to support MAC authentication for a ProCurve switch. What is the password for the switch's user? A. B. C. D.
IP address serial number MAC address RADIUS shared secret
Answer: Section: (none) Explanation/Reference: C
QUESTION 34 A ProCurve Switch 8212zl must be configured to be the ABR for OSPF areas 0 and 5. While implementing this configuration, you enter the following command at the switch's CLI: 8212zl(ospf)#area 5 stub 2 no-summary How will this affect the route tables of other routers in area 5? A. B. C. D.
The only OSPF route will be the interface with the 8212zl. All networks outside area 5 will be summarized as a default route. Only directly connected routes will be listed. Every route known to the 8212zl will be listed with a separate gateway and cost.
Answer: Section: (none) Explanation/Reference: B
QUESTION 35 In Identity Driven Manager, which user-defined object identifies specific switch ports and access points where users connect to the network? A. B. C. D.
Location Access Profile Network Resource Interconnect Devices
Answer: Section: (none)
Explanation/Reference: A
QUESTION 36 You have connected a Radio Port (RP) 230 to a ProCurve Switch 2610-24-PWR connected to a 5406zl hosting a Wireless Module. The switches are connected at Layer 2 with interfaces in the network 192.168.1.0/24. You have defined the port connected to the RP as an untagged member of VLAN 2100, but the RP has not been adopted by the Wireless Module. Which step is necessary to enable adoption? A. B. C. D.
Upgrade the RP bootloader code. Tag VLAN 2100 on the link between the two switches. Enable IP routing on the Wireless Module. Configure Option 189 on the enterprise DHCP server.
Answer: Section: (none) Explanation/Reference: B
QUESTION 37 Which criteria can be used as parameters for Access Rules in Identity Driven Manager? (Select three.) A. B. C. D. E. F.
TCP port Time Location System IP address VLAN ID
Answer: Section: (none) Explanation/Reference: B, C, D
QUESTION 38 Which EAP methods support authentication of an 802.1X supplicant based on a user's name and password? (Select two.) A. B. C. D. E. F.
TLS SPAP SIM TTLS PEAP CHAP
Answer: Section: (none) Explanation/Reference: D, E
QUESTION 39
You installed ProCurve Manager Plus and Identity Driven Manager (IDM) at a customer site that uses Active Directory (AD) for user authentication. You must now configure AD Sync to enable automatic synchronization of users and groups by IDM and the Domain Controller. Which further information do you require to complete this task? A. B. C. D.
RADIUS shared secret Domain Controller IP address AD administrator credentials Certification Authority IP address
Answer: Section: (none) Explanation/Reference: C
QUESTION 40 You must configure 802.1X authentication for users connecting through ports on a ProCurve Switch 3500yl at a customer site. Which protocols are supported for communication between the switch and the customer's RADIUS server? (Select two.) A. B. C. D. E.
EAP-RADIUS LEAP-RADIUS MD5-RADIUS CHAP-RADIUS FAST-RADIUS
Answer: Section: (none) Explanation/Reference: A, D
QUESTION 41 Which statement about MAC authentication on ProCurve switches is correct? A. The switch's built-in DHCP server initially assigns an IP address in the 192.168.0.0 private subnet. B. MAC-Auth can be configured on the same port with Web authentication and 802.1X authentication. C. The switch automatically initiates user authentication of a device when the device communicates on a MAC authenticator port. D. Configuration involves defining ports as MAC authenticators, the RADIUS authentication protocol to use, and then activating the ports for MAC authentication operation. Answer: Section: (none) Explanation/Reference: C
QUESTION 42 Which statement is true about 802.1X user authentication on ProCurve switches? A. A switch passes EAP messages between the supplicant and authentication switch without modification or translation.
B. Different RADIUS servers must be configured on the switch if authentication of both switch management users and 802.1X supplicants will be performed. C. The supplicant and authentication server must support the same EAP method for the authentication process to proceed. D. When a supplicant receives an EAP-Request message specifying a particular EAP method to be supported, the authentication session is closed if the supplicant does not support that EAP method. Answer: Section: (none) Explanation/Reference: C
QUESTION 43 Which statements describing Web authentication support on ProCurve switches are correct? (Select two.) A. B. C. D. E.
An SSL-based login is required. Authenticated users can be redirected to a configurable URL. It can be configured on ports that also have MAC authentication assigned. The switches provide DHCP, ARP, and DNS services to clients while a port is in the authenticating state. When a client connects to a Web authenticator port and a Web browser is opened, the Web browser is automatically redirected to the switch's Web-Auth home page.
Answer: Section: (none) Explanation/Reference: B, D
QUESTION 44 At a customer site, you configured a Wireless Edge Services zl Module with the Marketing SSID. Clients associating through this SSID will authenticate using 802.1X and be assigned to VLAN 24 or 48 on the basis of VLAN IDs returned by a RADIUS server. On the 5400zl, which command is necessary to enable connectivity for VLAN 24 clients?
A. 5400zl(vlan-24)# tag CDP B. 5400zl(wireless-services-c)# client-ports vlan 24
C. 5400zl(vlan-24)# tag b1-b12 D. 5400zl(vlan-24)# tag CUP Answer: Section: (none) Explanation/Reference: D
QUESTION 45 To enable hosts in VLAN 70 to receive multicasts from the server, where must you enable both PIM and IGMP?
A. B. C. D.
VLAN 1 and VLAN 110 VLAN 70 VLAN 70 and VLAN 110 VLAN 110
Answer: Section: (none) Explanation/Reference: C
QUESTION 46 You must configure SSL for access to device management on a ProCurve Switch 6200yl. Which authentication methods are available? (Select two.) A. B. C. D. E.
RADIUS 802.1X public key local user name and password Web-Auth
Answer: Section: (none) Explanation/Reference: A, D
QUESTION 47 In ProCurve Manager Plus, which protocol is used during the first phase of auto-discovery?
A. B. C. D.
ICMP LLDP ARP SNMP
Answer: Section: (none) Explanation/Reference: B
QUESTION 48 Which steps are necessary before enabling SSL on a ProCurve switch? (Select two.) A. B. C. D. E.
Generate a self-signed server certificate. Disable unencrypted Web-based management. Generate an HTTPS client certificate. Generate public and private keys. Import a certificate from a Certificate Authority.
Answer: Section: (none) Explanation/Reference: A, D
QUESTION 49 You must enable dynamic ARP protection on a ProCurve Switch 8212zl. Which other feature must be enabled to ensure the switch can dynamically update IP-to-MAC address bindings? A. B. C. D.
ARP caching DHCP snooping MAC-address aging IP routing
Answer: Section: (none) Explanation/Reference: B
QUESTION 50 In ProCurve Manager Plus, which user type can configure and manage network devices but cannot add, delete, or modify user accounts? A. B. C. D.
operator manager viewer administrator
Answer: Section: (none)
Explanation/Reference: A
QUESTION 51 Which ProCurve Manager Plus wizard simplifies the task of changing the SNTP server IP address parameter on 50 ProCurve 5406zl Switches? A. B. C. D. E.
Configuration Wizard IP Networking Wizard Network Services Wizard CLI Wizard Switch Update Wizard
Answer: Section: (none) Explanation/Reference: D
QUESTION 52 The front-panel security settings on a ProCurve switch are at default. How can you gain access to the CLI of the switch if the manager and operator passwords have been lost? A. B. C. D.
by pressing the Reset button on the switch's front panel and holding it down until the switch restarts by pressing the Clear button on the switch's front panel and holding it down for three seconds or more by power cycling the switch and accessing the ROM console to clear passwords at the manager prompt by resetting the passwords using the Secure Access Wizard in ProCurve Manager Plus
Answer: Section: (none) Explanation/Reference: B
QUESTION 53 What is the default username and password for the ProCurve Manager Management Server? A. B. C. D. E.
username: Administrator; password: admin username: Administrator; password: value configured during installation username: Manager; password: value configured during installation username: Manager; password: password username: value configured during installation; password: value configured during installation
Answer: Section: (none) Explanation/Reference: B
QUESTION 54 What is the effect of the following command entered at the CLI of a ProCurve Switch 5406zl? 5406zl(vlan-100)#interface a1 A. The CLI displays the status of port A1.
B. Port A1 becomes a tagged member of VLAN 100. C. The CLI enters the configuration context for port A1. D. Port A1 is enabled. Answer: Section: (none) Explanation/Reference: C
QUESTION 55 Which authentication methods are supported by the SSH service on ProCurve switches? (Select three.) A. B. C. D. E. F.
RADIUS MAC-auth Kerberos local username and password public key 802.1X
Answer: Section: (none) Explanation/Reference: A, D, E
QUESTION 56 What is the effect of the following command entered at the CLI of a ProCurve Switch 5406zl with default settings for QoS queue configuration? 5406zl(vlan-111)# qos priority 2 A. B. C. D.
Packets entering the switch through VLAN 111 will be forwarded with lower than normal priority. Packets entering the switch through VLAN 111 will retain the priority marker set by another device. Packets entering the switch through VLAN 111 will be forwarded with normal priority. Packets entering the switch through VLAN 111 will be forwarded with higher than normal priority.
Answer: Section: (none) Explanation/Reference: A
QUESTION 57 Which command, entered at the CLI of a ProCurve switch, saves the switch's running configuration to its startup configuration? A. B. C. D. E.
write config save running-config save startup-config write memory copy running-config startup-config
Answer: Section: (none)
Explanation/Reference: D
QUESTION 58 You have defined VLAN 100 and VLAN 101 on a ProCurve Switch 5406zl, and added two ports to each VLAN as untagged members. All other switch settings are at defaults. Which additional steps are necessary to enable communications between hosts in the two VLANs? (Select two.) A. B. C. D. E.
Add all four ports to both VLANs. Define an IP address for each VLAN. Enable IP routing globally. Configure static routes to both VLANs. Remove all four ports from the Default VLAN.
Answer: Section: (none) Explanation/Reference: B, C
QUESTION 59 What is the effect of the following command entered at the CLI of a ProCurve switch? ProCurve Switch> enable A. B. C. D.
Configuration changes are saved. The CLI displays an authentication prompt. The privilege level moves from Operator to Manager. All switch ports are enabled.
Answer: Section: (none) Explanation/Reference: C
QUESTION 60 Which features are available in ProCurve Manager Plus, but not in ProCurve Manager? (Select two.) A. B. C. D. E. F.
alerts notification scheduled software updates CLI device management automatic discovery network topology mapping traffic analysis
Answer: Section: (none) Explanation/Reference: B, F
QUESTION 61 You have enabled OSPF in the global configuration context and in the VLAN 222 context of a ProCurve
Switch 8212zl. All OSPF areas have been created and associated with the correct VLANs. All other OSPF settings are at default. What is the effect of the following command? 8212zl(vlan-222)#ip ospf cost 100 A. B. C. D.
The OSPF link using VLAN 222 will become the preferred route to the backbone area. The OSPF link using VLAN 222 as a gateway will have lower cost than OSPF links with a default cost. The OSPF link using VLAN 222 as a gateway will use the default cost. The OSPF link using VLAN 222 as a gateway will have higher cost than OSPF links with a default cost.
Answer: Section: (none) Explanation/Reference: D
QUESTION 62 At this prompt, you enter qos dscp 101110, a DSCP codepoint that maps to an IEEE 802.1p priority value of 7. If the 3500yl is configured with the default number of forwarding queues, what is the effect of this command?
A. B. C. D.
Packets will be forwarded with higher priority. Packets will be forwarded with the same priority. Packets will be forwarded with lower priority. Packets will be marked for best effort delivery.
Answer: Section: (none) Explanation/Reference: A
QUESTION 63 You have verified that a ProCurve Switch 3500yl is correctly configured for PIM dense mode. The switch's IGMP table shows active hosts who are members of multicast group 239.193.22.22. The multicast is in progress, and all hosts are receiving the content. However, the multicast group does not appear in the switch's PIM route table. What does this indicate about the 239.193.22.22 multicast group? A. B. C. D.
The switch is forwarding the multicast at Layer 2. The switch is Querier for the group. The server and IGMP hosts are in different VLANs. Other multicast routers are configured for PIM sparse.
Answer: Section: (none) Explanation/Reference: A
