HP.ActualTests.HP0-207.v2008-05-14.by.Ramon.191q Number: HP0-207 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-207 Title : ProCurve Adaptive Edge Fundamentals Ver : 05-14-2008 HP0-207
Exam A QUESTION 1 You need to configure VLANs on a ProCurve Switch 5308xl that is currently set to the factory defaults. You issue the following CLI command: no vlan 1 untagged a1-a4 What will be the result of this command? A. B. C. D.
Ports a1-a4 will be removed from VLAN 1. The ports will become tagged members of VLAN 1. An error message will be displayed indicating that you cannot remove the ports from VLAN 1. A prompt will be displayed asking which VLAN the ports should be assigned to.
Answer: C Section: (none) Explanation/Reference:
QUESTION 2 Which features are supported on the ProCurve Secure Router 7000dl series? Select THREE. A. B. C. D. E. F.
RIPv1 and RIPv2 SONET interfaces IPSec VPNs Fast EtherChannel 802.1Q VLANs 10-GbE ports
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 3 You must develop the IP addressing scheme for a small network that will use a private Class C address range. Which address corresponds to a private Class C network? A. B. C. D.
192.1.5.0 192.200.5.0 192.150.5.0 192.168.5.0
Answer: D Section: (none) Explanation/Reference:
QUESTION 4 You are comparing the trade-offs between using a single 10 Gigabit Ethernet link and five 1 Gigabit links aggregated as a trunk for switch-to-switch connectivity. Which statement is true?
A. The 10 Gigabit link would be limited to a distance of 20 kilometers using fiber, whereas the 1 Gigabit links could cover a distance up to 70 kilometers using fiber. B. A 10 Gigabit link would require multi-mode fiber, whereas single-mode or multi-mode fiber could be used for the 1-Gigabit links. C. Copper cabling could be used for the 1-Gigabit links, but fiber must be used for the 10-Gigabit link. D. A file transfer between any two servers traversing a trunk with 5 links cannot exceed 1 Gbps, but could over the 10 Gigabit link. Answer: D Section: (none) Explanation/Reference:
QUESTION 5 You have just finished configuring Multiple Spanning Tree Protocol (MST) on several ProCurve Switch 3500yl switches at a customer site. While checking your configuration, you notice that two of the switches have declared themselves to be the Root in one MST instance. How can you correct this configuration error? A. B. C. D.
Modify the port priorities on the links between the switches so that one switch has a higher value. Change the VLAN assignments on the switches so that they match. Configure the switches so that they have the same configuration name and revision number. Change the bridge priorities on the switches to distinct values.
Answer: C Section: (none) Explanation/Reference:
QUESTION 6 You have configured four ProCurve Switch 5348xl switches for HP Switch Meshing. How will a switch in the mesh domain handle broadcast and multicast traffic that originates from a port outside the mesh? A. Define a loop-free broadcast path and forward broadcast and multicast traffic over ports that are part of its broadcast path. B. Send a query to its directly connected neighbors to find out whether any of the neighbor's connected hosts can respond to broadcasts and multicasts. C. Replace broadcast and multicast addresses with the unicast MAC addresses of its neighbors in the mesh. D. Flood broadcast and multicast traffic through meshed and non-meshed ports. Answer: A Section: (none) Explanation/Reference:
QUESTION 7 An existing 1000Base-T link between two ProCurve 5348xl switches at a small university is configured as a member of the faculty VLAN. After you configure a four-port trunk between the switches, members of the college's faculty report that they can no longer access servers that were available before the trunk was installed. Which statement describes a likely solution for this problem?
A. A new link must be configured for the VLAN because the maximum number of VLANs that the port trunk can support has been exceeded. B. The port trunk must be configured for tagged membership in the faculty VLAN because port trunks do not support untagged VLANs. C. The switch-to-switch link must be added to the port trunk because the switches cannot simultaneously support port trunks and single-port links between switches. D. The port trunk must be configured for membership in the faculty VLAN because the trunk ports are automatically assigned to the default VLAN as untagged members. Answer: D Section: (none) Explanation/Reference:
QUESTION 8 While using the CLI to configure a ProCurve switch, you must change context from the manager level to the global configuration level. Which command do you use? A. B. C. D. E.
global write exit configure enable
Answer: D Section: (none) Explanation/Reference:
QUESTION 9 Which operating systems are supported by ProCurve Manager? Select TWO. A. B. C. D. E. F.
Macintosh Microsoft Windows Server 2003 HP-UX IBM AIX Red Hat Enterprise Linux ES Microsoft Windows XP
Answer: BF Section: (none) Explanation/Reference:
QUESTION 10 While deploying multiple ProCurve 5400zl Series switches, you plan to assign an IP address to each switch and then download a generic configuration file. Which command do you include in the switch's configuration file? A. ip maintain B. ip declared
C. ip retain D. ip preserve Answer: D Section: (none) Explanation/Reference:
QUESTION 11 You are configuring a four-port trunk on a ProCurve Switch 5412zl. While examining the switch configuration, you notice that port c3 is a tagged member of VLAN 50. You then proceed to issue the following command through the CLI: trunk c1-c4 trk1 lacp Which statement describes the affect of this command on VLAN 50? A. Port c3 will not forward traffic for VLAN 50 because the trunk has not been made a member of VLAN 50. B. The trunk will automatically become a member of VLAN 50 and of all other VLANs configured for ports c1 through c4. C. Port c3 will continue to forward traffic for VLAN 50, but other ports in the trunk will not. D. Port c3 will not be included in the trunk until the trunk is made a tagged member of VLAN 50. Answer: A Section: (none) Explanation/Reference:
QUESTION 12 You are configuring a ProCurve Switch 3500yl-48G-PWR that will act as a default gateway for devices in VLAN 70. Which configuration steps are necessary to enable the switch to perform this function? Select TWO. A. B. C. D. E.
Configure the switch with a default gateway. Enable IP routing. Assign an IP address to VLAN 70. Add the switch's uplink ports to VLAN 70. Configure all ports that are members of VLAN 70 as tagged.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 13 You have just enabled spanning tree for the first time on a ProCurve Switch 3500yl Series. Which statements describe the switch's default spanning tree configuration? Select TWO. A. B. C. D.
The version used is Multiple Spanning Tree Protocol. The version used is the Rapid Spanning Tree Protocol. All ports are set to Fast Uplink mode. Each port on the switch will interoperate with neighboring switches that use the Spanning Tree Protocol or Rapid Spanning Tree Protocol version. E. The version used is the Spanning Tree Protocol.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 14 You are configuring spanning tree on four ProCurve switches at a customer site. After you complete the configuration, users in the company's marketing VLAN report that they can no longer contact critical servers in the accounting and manufacturing VLANs. Which statement describes a likely cause for this problem? A. B. C. D.
A switch in the spanning tree does not support 802.1Q VLAN tags. All links between the marketing VLAN and the servers are blocked. The marketing VLAN is connected to a switch that does not support spanning tree. The servers and the users are connected to switches in different spanning tree regions.
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 You must remotely manage a customer's switch using Telnet. Which configuration/monitoring interfaces are available? Select TWO. A. B. C. D. E.
menu interface boot monitor interface web interface command line interface ProCurve Manager
Answer: AD Section: (none) Explanation/Reference:
QUESTION 16 Which activities correspond to the Analysis step of the six step problem solving methodology? Select TWO. A. B. C. D. E.
Develop a problem definition. Develop a back-out plan. Determine whether hardware or software is being used correctly. Validate a hypothesis. Examine previous changes made to a system.
Answer: CE Section: (none) Explanation/Reference:
QUESTION 17 As a first step in securing the wireless network that you are configuring for your customer, you decide to enable the Closed System parameter on each of the customer's ProCurve Access Point 420 devices. What is the main difference between Open and Closed wireless networks? A. An Open system requires the use of 802.1X and RADIUS authentication, a Closed system does not require the use of 802.1X and RADIUS authentication. B. In an Open system, the SSID of the access point is broadcast to clients, in a Closed system it is not broadcast to clients. C. A Closed system requires the client's wireless MAC address be configured on the access point, an Open system does not require MAC authentication. D. A Closed system requires the client to have a pre-shared key, an Open system does not require a preshared key. Answer: B Section: (none) Explanation/Reference:
QUESTION 18 What is the purpose of redistributing connected routes for RIP on a ProCurve Secure Router 7000dl series? A. It allows RIP to advertise static routes that have been locally configured. B. It enables a network associated with an interface that does not have RIP enabled to be advertised in RIP updates. C. It enables a network dynamically learned from a neighbor router over one interface to be advertised over all other interfaces. D. It enables RIP to send dynamic updates over any connected interface. Answer: B Section: (none) Explanation/Reference:
QUESTION 19 Exhibit:
Which activity is performed as part of the process of forwarding a packet from Host Certkiller A to Host Certkiller B through Router Certkiller 2? A. Host Certkiller A sends an ARP request to Host Certkiller B to determine the MAC address of Host Certkiller B. B. Router Certkiller 2 sets the destination address to the MAC address of Host Certkiller B and sends the packet to Host Certkiller B. C. Host Certkiller A broadcasts the data packet initially and sends a unicast after Host Certkiller B responds.
D. Router Certkiller 2 broadcasts the packet on all interfaces other than the interface the packet was received. Answer: B Section: (none) Explanation/Reference:
QUESTION 20 While using the CLI to configure a ProCurve switch, you must move from the global configuration level to the port context configuration level for port a1. Which command do you use? A. B. C. D.
port a1 interface a1 ethernet a1 configure a1
Answer: B Section: (none) Explanation/Reference:
QUESTION 21 Exhibit:
Which activity is performed as part of the process of forwarding a packet from Router Certkiller A to Router Certkiller B through Router Certkiller 2? A. Router Certkiller A broadcasts an ARP request to determine the MAC address of Router Certkiller 2. B. Router Certkiller 2 broadcasts an ARP request on subnet 10.1.20.0 and returns the response to Router Certkiller A. C. Router Certkiller A sets the destination IP address to Router Certkiller 2's IP address and the destination MAC address to Router Certkiller B's MAC address. D. Router Certkiller 2 changes the destination IP address and destination MAC address to Router Certkiller B's IP address and MAC address. Answer: A Section: (none) Explanation/Reference:
QUESTION 22 You are designing a new network for a small financial services firm. One of the customer's goals is to prevent access by the clerical staff to the servers that maintain the financial planner's client records. How
can you configure the customer ProCurve switches to help reach this goal? A. B. C. D.
Define separate VLANs for the financial planners and the clerical staff. Enable MAC-address filtering on ports connected to financial planners?resources. Define separate Multiple Spanning Tree regions for the financial planners and clerical staff. Configure alerts that are triggered when traffic between the clerical staff and the financial planning resources exceed acceptable limits.
Answer: A Section: (none) Explanation/Reference:
QUESTION 23 A network administrator reports high levels of broadcast traffic. Why is this a potential problem? Select TWO. A. B. C. D. E.
Broadcast traffic causes all network adapters to lose synchronization. Broadcast traffic interrupts the CPU on each network station. Broadcast traffic takes up a configurable percentage of bandwidth for control purposes. Broadcast traffic wastes network bandwidth because it is flooded through all switch ports. Broadcast traffic indicates that network infrastructure devices are overloaded and could soon fail.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 24 You are about to configure HP Switch Meshing on four ProCurve switches at a customer site. All of the ports that will be included in the mesh are configured for membership in customer VLANs. How will the mesh configuration affect the VLAN configuration? A. The mesh ports will automatically become a member of the default VLAN and must be configured for other VLAN membership. B. The mesh ports will automatically become a tagged member of all configured VLANs. C. The mesh ports will not be 802.1Q-compliant and will only be able to retain membership in a single untagged VLAN. D. The mesh ports will not be a member of any VLANs until you manually configure its VLAN assignments. Answer: B Section: (none) Explanation/Reference:
QUESTION 25 Host A uses the default gateway 192.168.204.1 and must communicate with Host B which uses the default gateway 192.168.205.1. Both default gateways are ports on a single router. What will the router insert in the packets it forwards from Host A to Host B? A. a new Layer 2 header that uses the address of Host A as the source address and the address of Host B as the destination address
B. a new Layer 2 header that uses its address as the source address and the address of Host B as the destination address C. a new Layer 3 header that uses its address as the source address and the address of Host B as the destination address D. new Layer 2 and Layer 3 headers that use its address as the source address and the address of Host B as the destination address Answer: B Section: (none) Explanation/Reference:
QUESTION 26 You are about to update the software on a ProCurve switch. Which command do you use to view a list of all software versions stored on the switch? A. B. C. D.
show startup show flash show version show run
Answer: B Section: (none) Explanation/Reference:
QUESTION 27 While configuring a ProCurve 5412zl switch at a customer site, you enter the command ip routing at the CLI. How does this command affect the switch's VLAN configuration? A. B. C. D.
The command is unrelated to VLANs and has no effect. The switch can now route between physical IP subnets and it no longer supports VLANs. The switch can now use IP address information instead of 802.1Q tagging to determine the VLAN ID. The switch can now act as a gateway for VLANs that have an IP address configured.
Answer: D Section: (none) Explanation/Reference:
QUESTION 28 The network administrator at a customer site reports that ProCurve Manager Plus (PCM+) has not discovered any manageable devices except those on the subnet where the PCM+ Management Server resides. How do you explain this? A. This behavior is normal because PCM+ automatically discovers only those devices residing on the same subnet as the configured default gateway. B. This behavior is normal because PCM+ discovery uses Cisco Discovery Protocol, which only survives one switch-to-switch hop. C. This behavior indicates that PCM+ has been configured with an incorrect default gateway. D. This behavior is normal because PCM+ discovery messages do not cross router interfaces.
Answer: A Section: (none) Explanation/Reference:
QUESTION 29 You are configuring VLAN 20 on ProCurve switches to support a finance department at a customer site. Under which circumstances should a switch port be made a tagged member of VLAN 20? Select TWO. A. B. C. D. E.
When the port connects to an 802.1Q-compliant end station that is a member of VLAN 20. When the port connects to another switch that is an untagged member of VLAN 20. When the port connects to an end station that cannot insert or remove 802.1Q tags. When the port connects to another switch that is a tagged member of VLAN 20. When the port connects to another switch that cannot insert or remove 802.1Q tags.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 30 You are planning the installation of several ProCurve 3500yl switches at a customer site. The customer has asked you about Link Layer Discovery Protocol (LLDP) support capabilities on the ProCurve switches. Which statement regarding LLDP operation is true? A. It is globally disabled by default to avoid any performance impact. B. The ports placed in Blocked state by Spanning Tree Protocol prevent LLDP messages from being transmitted. C. LLDP neighbors table contains the system name and MAC address of neighbors. D. The hop count is configurable, but defaults to 1. Answer: C Section: (none) Explanation/Reference:
QUESTION 31 You have completed a series of configuration steps on a customer's ProCurve switch. Which command do you use to ensure the switch maintains this configuration when it is rebooted? A. B. C. D.
write running save memory write memory save config
Answer: C Section: (none) Explanation/Reference:
QUESTION 32 On switches that support the Switch Setup screen interface, which parameters can be configured on the Switch Setup screen? Select TWO. A. B. C. D. E.
STP bridge priority IP address and subnet mask for the default VLAN IP address and subnet mask for each VLAN system name and contact information IP address of the TACACS+ server
Answer: BD Section: (none) Explanation/Reference:
QUESTION 33 When designing a wireless network, it is very important to consider the frequency range in which the network operates and the maximum throughput of the network to ensure that it can meet the customer's needs. Which of these wireless LAN standards specify frequency and maximum throughput of wireless networks? Select THREE. A. B. C. D. E. F. G.
802.11b 802.11e 802.11d 802.11g 802.11f 802.11a 802.11i
Answer: ADF Section: (none) Explanation/Reference:
QUESTION 34 A small office building provides network infrastructure and Internet connectivity for several small insurance firms. What is the primary benefit for each firm having its own VLAN? A. It enables each firm to add as many new workstations as it requires without consulting with the building's network administrators. B. It ensures that network administrators can easily manage the Internet bandwidth required for each firm. C. It enables monitoring of Internet usage by employees in each firm. D. It ensures each firm's computing resources are isolated from those of other firms. Answer: D Section: (none) Explanation/Reference:
QUESTION 35 How is traffic prioritization accomplished with IEEE 802.1p?
A. B. C. D.
802.1Q-compliant devices set one of 8 values in a 3-bit field in the VLAN tag. 802.1Q-compliant devices set one of 64 values in a 6-bit field in the IP datagram header. 802.1Q-compliant devices enforce priorities based on VLAN ID. 802.1Q-compliant devices dedicate a portion of available bandwidth to each prioritized conversation.
Answer: A Section: (none) Explanation/Reference:
QUESTION 36 You are about to update the software on a ProCurve switch. Which command do you use to view a list of all software versions stored on the switch? A. B. C. D.
show startup show version show run show flash
Answer: D Section: (none) Explanation/Reference:
QUESTION 37 Which statement describing routing table information is true? A. A route with a destination address of 10.2.0.0/16 on a host with IP address 10.2.10.50/16 would represent an indirect route. B. A default route is represented using a destination address of 0.0.0.0 and the subnet mask 255.255.255.255. C. When defining a direct route on a host, the IP address of the next-hop gateway can be in a different subnet than the host. D. A directly connected route on a host is derived from the IP address and subnet mask defined for one of its local interfaces Answer: D Section: (none) Explanation/Reference:
QUESTION 38 The network administrator at a customer site reports that ProCurve Manager Plus (PCM+) has not discovered any manageable devices except those on the subnet where the PCM+ Management Server resides. How do you explain this? A. This behavior is normal because PCM+ discovery messages do not cross router interfaces. B. This behavior indicates that PCM+ has been configured with an incorrect default gateway. C. This behavior is normal because PCM+ discovery uses Cisco Discovery Protocol, which only survives one switch-to-switch hop. D. This behavior is normal because PCM+ automatically discovers only those devices residing on the same subnet as the configured default gateway.
Answer: D Section: (none) Explanation/Reference:
QUESTION 39 You are assigned to a team that is designing a new ProCurve solution. The team will soon begin work on determining how many edge ports and wiring closets the solution will require. Which phase of the design process is appropriate for this activity? A. B. C. D.
Implementing and documenting the solution. This is not part of the design process. Assessing customer needs. Developing and proposing a solution.
Answer: C Section: (none) Explanation/Reference:
QUESTION 40 An employee is moved from one building on a company's campus to another. Which configuration parameters should be reviewed and/or changed to ensure that the employee's access to computing resources does not change? Select TWO. A. VLAN membership for the uplink port on the switch that will provide connectivity for the employee's workstation B. IP addressing for the default VLAN on the switch that will provide connectivity for the employee's workstation C. VLAN membership for the switch port that will provide connectivity for the employee's workstation D. IP helper address on the default VLAN E. VLAN membership for other workstations in the employee's new area Answer: AC Section: (none) Explanation/Reference:
QUESTION 41 You have configured client ports a1 through a4 to be untagged members of VLAN 60 on a ProCurve Switch 5412zl in the edge layer of an enterprise network. The default gateway for workstations in this VLAN will be a routing interface on a core switch in another building. What additional configuration step is necessary on the edge switch to provide Internet connectivity for workstations in this VLAN? A. Configure a routing interface so the edge switch can forward traffic at Layer 3 to the core switch. B. No further configuration is necessary because the edge switch will automatically forward traffic toward the core. C. Ensure that the ports connecting the edge switch and the core switch are members of VLAN 60. D. Configure the edge switch to use the core switch as its default gateway. Answer: C Section: (none)
Explanation/Reference:
QUESTION 42 You issue the show spanning-tree and show lldp info remote-device commands at the CLI of a ProCurve Switch 5348xl to examine the switching topology of a customer network. You notice that the Link Layer Discovery Protocol (LLDP) command output shows a neighboring ProCurve switch is visible over a link that is blocked in the spanning tree. What is a possible explanation for your observation? A. B. C. D.
The LLDP cache must be flushed to reflect the current state of the spanning tree. A redundant Layer 3 path must exist. The LLDP command shows static configuration information not dynamic connectivity state information. The LLDP messages are sent and received over ports in the blocked state.
Answer: D Section: (none) Explanation/Reference:
QUESTION 43 You are configuring a ProCurve Switch 3500yl-48G-PWR that will act as a default gateway for devices in VLAN 70. Which configuration steps are necessary to enable the switch to perform this function? Select TWO. A. B. C. D. E.
Configure the switch with a default gateway. Configure all ports that are members of VLAN 70 as tagged. Add the switch's uplink ports to VLAN 70. Enable IP routing. Assign an IP address to VLAN 70.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 44 A network administrator at a customer site reports that devices deleted from the navigation pane in the ProCurve Manager Home Page reappear within a day or two. How do you respond to this report? A. This behavior is normal. To remove devices permanently, the network administrator should add them to the Excluded Devices list. B. This behavior is normal. Only users with Administrator rights can permanently delete devices from the navigation pane. C. This behavior indicates that the discovery process in ProCurve Manager is misconfigured. The administrator should check the discovery options in the Preferences window. D. This behavior indicates that the ProCurve Manager client software on the network administrators' workstations must be updated. Acquire the latest software from the ProCurve web site. Answer: A Section: (none) Explanation/Reference:
QUESTION 45 The users in a medium-sized corporation report that they experience delays in accessing six servers connected to a ProCurve Switch 6108 in the corporation's data center. You analyze the situation and determine that a bottleneck is being created by the 1000Base-T connection between the 6108 and a ProCurve Switch 5348xl in the network's distribution layer. How can you increase throughput between the switches? A. B. C. D.
Configure jumbo frame support. Configure the servers for Fast EtherChannel. Configure a port trunk between the 6108 and the 5348xl. Configure the 6108 for broadcast limiting.
Answer: C Section: (none) Explanation/Reference:
QUESTION 46 What is a difference between the RIP implementation on a ProCurve Switch 5300xl series and a ProCurve Secure Router 7000dl series? A. On the 5300xl series, RIPv1 and RIPv2 are supported, on the 7000dl series, only RIPv2 is supported. B. On the 5300xl series, periodic and triggered updates are supported, on the 7000dl series, only periodic updates are supported. C. On the 5300xl series, RIP can advertise locally configured static routes, on the 7000dl series; locally configured static routes cannot be advertised. D. On the 5300xl series, RIP is enabled on a VLAN, on the 7000dl series, RIP is enabled on an interface. Answer: D Section: (none) Explanation/Reference:
QUESTION 47 You have configured an interface to provide WAN connectivity for your customer. However, the interface is not passing traffic and the status of the interface is "administratively down". What must you do to enable this interface? A. B. C. D.
bind the interface with a virtual protocol interface enter the no shutdown command on the interface enter the interface up command on the interface enter the enable command on the interface
Answer: B Section: (none) Explanation/Reference:
QUESTION 48 You have installed ProCurve Manager on a customer network and must now log on to the Management Server for the first time. What is the default user name and password?
A. B. C. D.
user name is the value configured during the installation and the password is "ProCurve" user name is "Manager" and the password is "HP" user name is "Administrator" and the password is the value configured during the installation user name is "Administrator" and the password is "admin"
Answer: C Section: (none) Explanation/Reference:
QUESTION 49 You are part of a team that is designing a new ProCurve solution. While evaluating the customer's current infrastructure, you learn that the site includes several 100-meter CAT-3 UTP cable runs that cannot be replaced due to budgetary constraints. Which configuration can you implement to address this issue? A. B. C. D.
The switch ports supporting these segments should be configured for 100 Mbps transmission. The switch ports connected to these segments should be configured for auto-negotiation. The switch ports supporting these segments should be configured for 10 Mbps transmission. The workstations connected to these segments should be configured for auto-negotiation.
Answer: C Section: (none) Explanation/Reference:
QUESTION 50 You must enable routing on a ProCurve Switch 5406zl-48G at a customer site. Which statement describes the procedure to accomplish this task? A. B. C. D.
Enter the command ip bootp-dhcp within each VLAN context configuration level. Define a system-wide IP address and mask at the global configuration level. Enter the command ip routing at the global configuration level. Enter the command ip routing within each VLAN context configuration level.
Answer: C Section: (none) Explanation/Reference:
QUESTION 51 The users in a medium-sized corporation report that they experience delays in accessing six servers connected to a ProCurve Switch 6108 in the corporation's data center. You analyze the situation and determine that a bottleneck is being created by the 1000Base-T connection between the 6108 and a ProCurve Switch 5348xl in the network's distribution layer. How can you increase throughput between the switches? A. B. C. D.
Configure a port trunk between the 6108 and the 5348xl. Configure jumbo frame support. Configure the servers for Fast EtherChannel. Configure the 6108 for broadcast limiting.
Answer: A Section: (none) Explanation/Reference:
QUESTION 52 While examining the spanning tree configuration on a ProCurve switch, you notice that one of the ports is in the Blocking state. Which statement describes how this port will function in this state? A. B. C. D.
The switch will not forward user traffic through that port, but will forward telnet traffic. The switch forwards user traffic through that port, but does not receive user traffic through that port. The switch will not forward user traffic through that port, but will forward BPDUs through that port. The port is completely blocked for all purposes.
Answer: C Section: (none) Explanation/Reference:
QUESTION 53 The office layout for a small manufacturing firm requires that workstations for the marketing and engineering employees be connected to the same wiring closets. However, members of the two teams require access to different information resources. What are the advantages of implementing VLANs rather than traditional IP subnets? Select TWO. A. VLANs require less network bandwidth because routing decisions are made at the edge layer rather than the core layer. B. VLANs are simpler to configure and make it easier to alter a computer's access to resources if the firm's layout is changed. C. VLANs can be multinetted, but an IP subnet interface cannot. D. VLANs enable administrators to assign IP addresses and control access to resources based on business needs rather than physical location. E. VLANs enable the use of private IP addresses, while IP subnets require public IP addresses. Answer: BD Section: (none) Explanation/Reference:
QUESTION 54 You are implementing a fully connected HP Switch Mesh at a customer site. Which statement describes a valid design guideline for HP Switch Meshing? A. A switch may be connected to no more than four mesh domains. B. When a switch is configured for HP Switch Meshing protocol, all of the ports on that switch must participate in the mesh. C. Up to five Switch 5400zl Series switches can be included in a full mesh. D. All links in a full mesh must operate at the same speed and use the same media type. Answer: C Section: (none) Explanation/Reference:
QUESTION 55 While troubleshooting connectivity outages on a ProCurve Switch 5300xl, you decide to try using the show tech command to obtain a comprehensive report of the switch status. What is the minimum privilege level that you must enter to use this command? A. B. C. D. E.
boot ROM global configuration port configuration manager operator
Answer: D Section: (none) Explanation/Reference:
QUESTION 56 When building an Infrastructure mode wireless network, you must specify a network name to which wireless clients associate. What is this network name called? A. B. C. D.
Pre-shared key Shared secret Independent Basic Service Set Service Set Identifier
Answer: D Section: (none) Explanation/Reference:
QUESTION 57 You are configuring a ProCurve Layer 2 switch to obtain time information from an SNTP server located on a different IP network than the switch. Which configuration steps are necessary on the switch to enable this functionality? A. The switch cannot be configured to obtain time information from a server on a different IP network. B. Assign a port on the switch to a VLAN that includes the SNTP server, enable SNTP, configure the switch for SNTP unicast mode. C. Configure an IP address on the same IP network as the SNTP server, enable TimeP, configure the switch for SNTP broadcast mode. D. Define a default gateway for the switch, enable SNTP, use the sntp server command to enter the IP address of the server. Answer: D Section: (none) Explanation/Reference:
QUESTION 58 At a customer site, you have configured four ProCurve switches for HP Switch Meshing and Multiple
Spanning Tree Protocol. How will the mesh appear to non-mesh switches in the same spanning tree domain? A. B. C. D.
as a set of devices without redundant links as a single device as devices that cannot participate in the spanning tree as a set of devices with spanning tree enabled to block redundant links
Answer: B Section: (none) Explanation/Reference:
QUESTION 59 What are the primary solution categories of the Adaptive EDGE Architecture? Select THREE. A. B. C. D. E. F. G.
security availability convergence reliability cost-effectiveness upgradeability mobility
Answer: ACG Section: (none) Explanation/Reference:
QUESTION 60 Which statement is true regarding the web interface for ProCurve Switch 5300xl Series? A. The web interface is useful for monitoring the switch, but it does not support switch configuration. B. If a manager username and/or password has been assigned at the CLI, the same username and/or password will be required for read/write access in the web interface. C. You can access the web interface from the Telnet command line interface by entering the command web . D. The web interface may be accessed through a direct serial console connection. Answer: B Section: (none) Explanation/Reference:
QUESTION 61 What is the function of a TDM group on a ProCurve Secure Router 7000dl series? A. B. C. D.
It defines the number of channels used for an E1 or T1 interface. It associates two or more E1 or T1 interfaces that use a common CSU/DSU configuration. It identifies the number of virtual circuits assigned to a Frame Relay interface. It specifies the number of E1- or T1-carrier lines comprising a multi-link PPP configuration.
Answer: A Section: (none) Explanation/Reference:
QUESTION 62 The first widely implemented 802.11 wireless security protocol used static encryption keys and the RC4 algorithm to encrypt wireless data. What is this protocol called? A. B. C. D.
Wireless Authenticated Protocol 802.11i Wi-Fi Protected Access Wired Equivalent Privacy
Answer: D Section: (none) Explanation/Reference:
QUESTION 63 Which statements describing dynamic routing protocols are true? Select TWO. A. B. C. D. E.
BGP is an exterior gateway protocol. OSPF sends periodic updates containing a subset of known routes. RIP is a distance vector protocol. RIP is a link state protocol. OSPF is used for controlling multicast traffic.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 64 Which 10 Gigabit Ethernet technology uses multimode fiber and supports a maximum distance up to 300 meters? A. B. C. D.
10-GbE ER 10-GbE SR 10-GbE LR 10-GbE X2-CX4
Answer: B Section: (none) Explanation/Reference:
QUESTION 65 Under which condition does a Layer 2 switch forward a frame?
A. B. C. D.
when the frame's source and destination addresses are reached through the same port when a frame's source address is not found in the forwarding table lookup the natural operation of a Layer 2 switch requires it to forward traffic through all of its ports when a frame's source and destination addresses are reached through different ports
Answer: D Section: (none) Explanation/Reference:
QUESTION 66 You are working with your IT services group to explain a problem-solving methodology that could be used for managing problem resolution at customer sites. Your problem-solving methodology consists of six steps. What is the correct sequence for three of the six steps? A. B. C. D.
Identification, Hypothesis, Verification Hypothesis, Validation, Analysis Verification, Analysis, Identification Implementation, Verification, Identification
Answer: A Section: (none) Explanation/Reference:
QUESTION 67 How long is the free trial period for ProCurve Manager Plus? A. B. C. D.
180 days 60 days 15 days 30 days
Answer: D Section: (none) Explanation/Reference:
QUESTION 68 Which statements describe limitations of classical core networks? Select TWO. A. Traffic must reach the network core before routing, security, and prioritization tasks can be performed. B. They lack the capacity for implementing Layer 2 and Layer 3 redundancy technologies. C. Routers in core-centric networks must perform more complicated packet manipulation than routers in edge-centric networks. D. Emerging protocols and standards such as IPv6 cannot be supported. E. As each switch is added at the edge it increases the decision making load in the core and constrains scalability. Answer: AE
Section: (none) Explanation/Reference:
QUESTION 69 On a ProCurve switch, a frame is received on port a1, which is a tagged member of VLAN 20, and is to be forwarded through port b1, which is an untagged member of VLAN 20. Which statement describes an action the switch takes when forwarding the frame out through port b1? A. B. C. D.
The switch changes the VLAN identifier in the tag to 20. The switch adds a tag corresponding to the default VLAN. The switch forwards the frame without a tag. The switch forwards the frame without modification.
Answer: C Section: (none) Explanation/Reference:
QUESTION 70 You have been asked to configure HP Switch Meshing on four ProCurve switches at a customer site. While planning the configuration, you note that one of the switches acts as a default gateway for members of the customer's marketing VLAN. How will the mesh configuration affect the switch's ability to act in this role? A. The switch will continue to act as a default gateway for ports not included in the mesh. B. The switch will be unable to act as a default gateway because a meshed switch cannot perform IP routing duties. C. The switch's IP routing configuration will automatically be transferred to the mesh so that the mesh will become the default gateway for the marketing VLAN. D. The switch's ability to perform IP routing duties will be unaffected by the mesh configuration. Answer: B Section: (none) Explanation/Reference:
QUESTION 71 The network administrator at a customer site asks you to describe the differences between ProCurve Manager Plus and ProCurve Manager. Which features are only included in ProCurve Manager Plus? Select TWO. A. B. C. D. E. F.
scheduled software updates CLI device management traffic analysis automatic discovery alerts network topology mapping
Answer: AC Section: (none) Explanation/Reference:
QUESTION 72 You are visiting a customer who has an existing 802.11b wireless network. They want to increase the performance of their wireless network while still providing connectivity to their existing clients. What would be the most appropriate wireless LAN standard to suggest for this customer? A. B. C. D.
802.11e 802.11a 802.11g 802.11i
Answer: C Section: (none) Explanation/Reference:
QUESTION 73 You are assigned to configure ProCurve switches at a customer site for in-band management. Which are inband management methods? Select TWO. A. B. C. D. E.
Telnet serial console XMODEM menu interface SNMP
Answer: AE Section: (none) Explanation/Reference:
QUESTION 74 You are configuring spanning tree on ProCurve switches at a customer site. Why might you configure a particular switch to have a higher bridge priority? Select TWO. A. B. C. D. E.
to cause the switch to remove BPDUs from the network to increase the path cost of all switch links to force all of the switch's ports to be blocked to make it more likely that the switch will become the root to make it less likely that the switch's ports will be blocked
Answer: DE Section: (none) Explanation/Reference:
QUESTION 75 A customer network will use private addressing. Which statement describes the typical use of private addressing?
A. Private addresses are known only to network administrators; they are usually assigned to devices in the management VLAN. B. Private addresses are unique and routable across the public Internet. C. Private addresses are never shared with neighbors; private addressing can allow multiple hosts within the same network to concurrently use the same address. D. Many hosts within a typical enterprise do not require a public identity; their addresses can be kept within the enterprise and not advertised to the public Internet. Answer: D Section: (none) Explanation/Reference:
QUESTION 76 You must reconfigure 50 ProCurve 5406zl switches to use a new SNTP server. Which feature in ProCurve Manager can help you simplify this task? A. B. C. D.
Configuration Wizard Switch Update Wizard CLI Wizard Time-Sync Wizard
Answer: C Section: (none) Explanation/Reference:
QUESTION 77 During a planning meeting at a customer site, the network manager mentions that he wants to configure ProCurve Manager Plus so that junior staff members can manage network devices, but cannot alter user accounts or rights. Which ProCurve Manager Plus user type will fulfill this requirement? A. B. C. D.
manager operator viewer administrator
Answer: B Section: (none) Explanation/Reference:
QUESTION 78 An employee is moved from one building on a company's campus to another. Which configuration parameters should be reviewed and/or changed to ensure that the employee's access to computing resources does not change? Select TWO. A. VLAN membership for other workstations in the employee's new area B. VLAN membership for the switch port that will provide connectivity for the employee's workstation C. VLAN membership for the uplink port on the switch that will provide connectivity for the employee's workstation
D. IP addressing for the default VLAN on the switch that will provide connectivity for the employee's workstation E. IP helper address on the default VLAN Answer: BC Section: (none) Explanation/Reference:
QUESTION 79 You have been asked to configure IGMP on a ProCurve Switch 6200yl at a customer site. What are the steps for enabling IGMP on the switch? A. Enter the interface configuration context for each port configured with a VLAN, then issue the ip igmp command. B. Enter the VLAN context for each VLAN that will support IGMP, then issue the ip igmp command. C. Enter the manager level, then issue the ip igmp command. D. Enter the global configuration context, then issue the ip igmp command. Answer: B Section: (none) Explanation/Reference:
QUESTION 80 Which activities correspond to the Identification step of the six step problem-solving methodology? Select TWO. A. B. C. D. E.
Identify side effects. Validate a hypothesis. Develop a back-out plan. Document probable failures. Develop a problem definition.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 81 A customer is planning a Power over Ethernet deployment for a large call center that will use VoIP telephones. While planning the wiring closets for the deployment, the customer suggests using the uplink ports of a ProCurve Switch 2650-PWR to provide power to a ProCurve Switch 2600-8-PWR. Which statement describes a correct response to this suggestion? A. B. C. D.
It is only possible if the second switch is a ProCurve Switch 2626-PWR. It is not recommended because the second switch will not have adequate power redundancy. It is not possible because the 2600-8-PWR cannot act as a Powered Device. It is only possible if the customer adds a ProCurve 600 EPS/RPS to the first switch.
Answer: C Section: (none)
Explanation/Reference:
QUESTION 82 On a ProCurve switch, a frame is received on port a1, which is a tagged member of VLAN 20, and is to be forwarded through port b1, which is an untagged member of VLAN 20. Which statement describes an action the switch takes when forwarding the frame out through port b1? A. B. C. D.
The switch forwards the frame without modification. The switch changes the VLAN identifier in the tag to 20. The switch forwards the frame without a tag. The switch adds a tag corresponding to the default VLAN.
Answer: C Section: (none) Explanation/Reference:
QUESTION 83 You are implementing a network design that specifies 1000Base-T uplinks between two switches. Which statements are true with regard to 1000Base-T? Select TWO. A. B. C. D. E.
An existing Category 5 cabling infrastructure should be tested before upgrading to 1000Base-T. 1000Base-T may be run over fiber cable with the addition of a conditioning cable. 1000Base-T supports longer cable runs than most fiber optic technologies. 1000Base-T interfaces transmit data over all four pairs in the twisted pair bundle. 1000Base-T interfaces can use category 3 twisted pair cable.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 84 You have been asked to install and configure ProCurve switches in a network that includes switches manufactured by Cisco Systems, Inc. During a planning session, the network's administrator repeatedly refers to the "access ports" on the Cisco switches. What is an equivalent term or feature on a ProCurve switch? A. B. C. D.
untagged ports trunk ports uplink ports LAG ports
Answer: A Section: (none) Explanation/Reference:
QUESTION 85 A network administrator asks you about the differences in the discovery features of ProCurve Manager and
ProCurve Manager Plus. Which statement describes these differences? A. ProCurve Manager Plus will discover devices from manufacturers other than HP. ProCurve Manager will only discover ProCurve devices. B. ProCurve Manager Plus supports discovery based on LLDP, CDP and FDP. ProCurve Manager supports discovery based on CDP and FDP only. C. There is no difference between the discovery processes used by the two applications. D. ProCurve Manager Plus enables the scheduling of auto-discovery. ProCurve Manager requires users to initiate discovery manually. Answer: C Section: (none) Explanation/Reference:
QUESTION 86 You have been sent to install and configure ProCurve switches on a network that already includes switches manufactured by Cisco Systems, Inc. During planning meetings, the network administrator often refers to "trunk ports". What does the administrator mean? A. B. C. D.
ports that carry multiple VLANs ports that connect the distribution and core layers ports that are aggregated into a single logical port ports that are configured for gigabit or 10 gigabit connectivity
Answer: A Section: (none) Explanation/Reference:
QUESTION 87 You have installed ProCurve Manager on a customer network and must now log on to the Management Server for the first time. What is the default user name and password? A. B. C. D.
user name is "Manager" and the password is "HP" user name is the value configured during the installation and the password is "ProCurve" user name is "Administrator" and the password is the value configured during the installation user name is "Administrator" and the password is "admin"
Answer: C Section: (none) Explanation/Reference:
QUESTION 88 A customer site uses a ProCurve Switch 5412zl to aggregate traffic at the distribution level. What is the maximum number of port -trunks you can define on the switch? A. B. C. D.
36 24 12 8
Answer: A Section: (none) Explanation/Reference:
QUESTION 89 A network administrator at a customer site asks about the impact of classifying some high-priority traffic with an 802.1p value of 7 and other traffic with an 802.1p value of 6 on a ProCurve Switch 5308xl which supports 4 priority queues. What will be the affect of this configuration? A. It will provide more granular control over forwarding priority. B. It will make no difference in actual forwarding because both priorities are placed in the same physical queue on these switches before forwarding. C. It will introduce network latency by making forwarding more complicated. D. This change is not possible because the 802.1p field does not support a value of 7. Answer: B Section: (none) Explanation/Reference:
QUESTION 90 While using the CLI on a ProCurve switch, you decide to move to the manager level. Which command do you use? A. B. C. D.
configure write manager enable
Answer: D Section: (none) Explanation/Reference:
QUESTION 91 While configuring a ProCurve switch using the CLI, the following command prompt is displayed: Switch_1A# What does this prompt indicate? A. B. C. D.
current context is the manager level host name for the switch has not been defined current context is the user level current context is the global configuration level
Answer: A Section: (none) Explanation/Reference:
QUESTION 92 Which WAN interface types are supported on the ProCurve Secure Router 7102dl? A. B. C. D.
T1/E1, ADSL and analog backup HSSI, ISDN and G.703 T1/E1, T3/E3 and ISDN Serial, ADSL and fractional T3/E3
Answer: A Section: (none) Explanation/Reference:
QUESTION 93 You have just finished uploading software into the secondary flash memory on a ProCurve switch and want to test the software before copying it to the primary flash memory. Which command do you use to test this image? A. B. C. D.
boot image secondary reload flash secondary boot system flash secondary reload image secondary
Answer: C Section: (none) Explanation/Reference:
QUESTION 94 Which statement describing routing table information is true? A. The destination address and mask of a default route could be represented in a routing table as 0.0.0.0/32. B. The destination address of an indirect route can be a network or subnet address, but not a host-specific address. C. A directly connected route is used to reach a host in the same subnet. D. When defining a direct route on a host, the IP address of the next-hop gateway can be in the same or different subnet as the host. Answer: C Section: (none) Explanation/Reference:
QUESTION 95 You are assigned to a team that is designing a new ProCurve solution. The team will soon begin work on determining how many edge ports and wiring closets the solution will require. Which phase of the design process is appropriate for this activity? A. This is not part of the design process. B. Developing and proposing a solution. C. Implementing and documenting the solution.
D. Assessing customer needs. Answer: D Section: (none) Explanation/Reference:
QUESTION 96 You are working with your IT services group to explain a problem-solving methodology that could be used for managing problem resolution at customer sites. Your problem-solving methodology consists of six steps. What is the correct sequence for three of the six steps? A. B. C. D.
Implementation, Verification, Identification Hypothesis, Validation, Analysis Verification, Analysis, Identification Identification, Hypothesis, Verification
Answer: D Section: (none) Explanation/Reference:
QUESTION 97 You are about to configure HP Switch Meshing on four ProCurve switches at a customer site. All of the ports that will be included in the mesh are configured for membership in customer VLANs. How will the mesh configuration affect the VLAN configuration? A. The mesh ports will not be a member of any VLANs until you manually configure its VLAN assignments. B. The mesh ports will not be 802.1Q-compliant and will only be able to retain membership in a single untagged VLAN. C. The mesh ports will automatically become a member of the default VLAN and must be configured for other VLAN membership. D. The mesh ports will automatically become a tagged member of all configured VLANs. Answer: D Section: (none) Explanation/Reference:
QUESTION 98 You are designing a new network for a small financial services firm. One of the customer's goals is to prevent access by the clerical staff to the servers that maintain the financial planner's client records. How can you configure the customer ProCurve switches to help reach this goal? A. Configure alerts that are triggered when traffic between the clerical staff and the financial planning resources exceed acceptable limits. B. Enable MAC-address filtering on ports connected to financial planners?resources. C. Define separate VLANs for the financial planners and the clerical staff. D. Define separate Multiple Spanning Tree regions for the financial planners and clerical staff. Answer: C Section: (none)
Explanation/Reference:
QUESTION 99 While troubleshooting connectivity outages on a ProCurve Switch 5300xl, you decide to try using the show tech command to obtain a comprehensive report of the switch status. What is the minimum privilege level that you must enter to use this command? A. B. C. D. E.
port configuration manager operator boot ROM global configuration
Answer: B Section: (none) Explanation/Reference:
QUESTION 100 You have just finished configuring a ProCurve Secure Router 7000dl series and want to save your changes before you logout. Which command would you enter to ensure that your configuration survives a reboot of the device? A. B. C. D.
write nvram write config write memory save config
Answer: C Section: (none) Explanation/Reference:
QUESTION 101 You configured Rapid Spanning Tree Protocol on four ProCurve Switch 5348xl switches at a customer site. During the configuration, you forgot to configure the switches so that switch-to-switch links are not defined as edge ports. Which statement describes the consequence of your oversight? A. The switches will be unable to elect a Root bridge and will not be able to forward traffic until the configuration is corrected. B. The switches will require more time to elect the Root bridge and resolve the topology, but the spanning tree will otherwise function normally. C. The switches in the spanning tree will elect multiple Root bridges. D. The switches will reject the spanning tree configuration and block all ports until the configuration is corrected. Answer: B Section: (none) Explanation/Reference:
QUESTION 102 To enable any interface on a ProCurve Secure Router 7000dl series, which command must be entered in the interface configuration context level? A. B. C. D.
no shutdown start unbind enable
Answer: A Section: (none) Explanation/Reference:
QUESTION 103 You are installing a new ProCurve switch at a customer site. Which statements describe the possible procedures for configuring the IP addressing information of the switch? Select TWO. A. Connect to the switch using the serial console interface, enter the global configuration level, enable DHCP, and assign an address scope. B. Connect to the switch using the Telnet interface, enter the global configuration level, and assign a boxwide IP address. C. Leave the switch at its default settings and allow it to acquire an IP address, mask, and default gateway from a DHCP server. D. Connect to the switch using the serial console interface, enter the global configuration level, and assign an IP address and mask within the VLAN 1 context configuration level. E. Connect to the switch using the serial console interface, enter the global configuration level, and assign a box-wide IP address and mask. Answer: CD Section: (none) Explanation/Reference:
QUESTION 104 You have just enabled spanning tree for the first time on a ProCurve Switch 5300xl Series. Which statements describe the switch's default spanning tree configuration? Select TWO. A. Each port on the switch will interoperate with neighboring switches that use either the Spanning Tree Protocol or Rapid Spanning Tree Protocol version. B. The version used is the Spanning Tree Protocol. C. The switch will automatically participate in Multiple Spanning Tree (MST) instances if it detects other MST switches. D. The version used is the Rapid Spanning Tree Protocol. E. All ports are set to Fast Uplink mode. Answer: AD Section: (none) Explanation/Reference:
QUESTION 105
You are installing a ProCurve Switch 5348xl at a customer site where administrators prefer to use a web interface to manage devices. Which configuration step is necessary to enable web management for the switch? A. B. C. D.
Generate SSL encryption keys. Assign an IP address. Configure the switch with a web proxy server. Enable the switch's web server at the CLI.
Answer: B Section: (none) Explanation/Reference:
QUESTION 106 You must configure VLANs on a ProCurve Switch 4200vl Series that is currently set to the factory defaults. At the global configuration level, you issue the following command: vlan 10 untagged a1-a4 What is the result of this command? A. Ports a1 through a4 are added to VLAN 10 as untagged members and are removed from VLAN 1. B. A prompt is displayed notifying you that the command will remove these ports from VLAN 1 and asking if you want to proceed. C. You receive an error message saying that ports cannot be untagged members of two VLANs. D. Ports a1 through a4 are added to VLAN 10 as untagged members and are added to VLAN 1 as tagged members. Answer: A Section: (none) Explanation/Reference:
QUESTION 107 During a meeting with some colleagues, you share several files over a wireless connection without the aid of an access point. In what mode is your wireless adapter operating? A. B. C. D.
Infrastructure Extended Basic Service Set Pre-shared key Ad-hoc
Answer: D Section: (none) Explanation/Reference:
QUESTION 108 You have configured client ports a1 through a4 to be untagged members of VLAN 60 on a ProCurve Switch 5412zl in the edge layer of an enterprise network. The default gateway for workstations in this VLAN will be a routing interface on a core switch in another building. What additional configuration step is necessary on the edge switch to provide Internet connectivity for workstations in this VLAN?
A. No further configuration is necessary because the edge switch will automatically forward traffic toward the core. B. Configure the edge switch to use the core switch as its default gateway. C. Ensure that the ports connecting the edge switch and the core switch are members of VLAN 60. D. Configure a routing interface so the edge switch can forward traffic at Layer 3 to the core switch. Answer: C Section: (none) Explanation/Reference:
QUESTION 109 What are the key principles of the Adaptive EDGE architecture? Select TWO. A. B. C. D. E.
Control to the Desktop Control to the Edge Command from the Center Management from Anywhere Security throughout the Network
Answer: BC Section: (none) Explanation/Reference:
QUESTION 110 You have been asked to configure IGMP on a ProCurve Switch 5406zl at a customer site. While planning the configuration, you determine that the network does not currently include an IGMP Querier. What must the switch be configured with to act as IGMP Querier? A. B. C. D.
a Class D IP address an IP address for each VLAN that will support multicasting a box-wide default gateway 802.1p prioritization settings for each VLAN that will support multicasting
Answer: B Section: (none) Explanation/Reference:
QUESTION 111 You configured Rapid Spanning Tree Protocol on four ProCurve Switch 5348xl switches at a customer site. During the configuration, you forgot to configure the switches so that switch-to-switch links are not defined as edge ports. Which statement describes the consequence of your oversight? A. The switches will require more time to elect the Root bridge and resolve the topology, but the spanning tree will otherwise function normally. B. The switches will be unable to elect a Root bridge and will not be able to forward traffic until the configuration is corrected. C. The switches in the spanning tree will elect multiple Root bridges. D. The switches will reject the spanning tree configuration and block all ports until the configuration is corrected.
Answer: A Section: (none) Explanation/Reference:
QUESTION 112 While configuring a ProCurve 5412zl switch at a customer site, you enter the command ip routing at the CLI. How does this command affect the switch's VLAN configuration? A. B. C. D.
The switch can now route between physical IP subnets and it no longer supports VLANs. The switch can now use IP address information instead of 802.1Q tagging to determine the VLAN ID. The command is unrelated to VLANs and has no effect. The switch can now act as a gateway for VLANs that have an IP address configured.
Answer: D Section: (none) Explanation/Reference:
QUESTION 113 You are assigned to configure Power over Ethernet (PoE) on a ProCurve Switch 2650-PWR that is currently set to the factory defaults. What is the procedure for this configuration? A. No configuration is necessary because PoE is automatically enabled. B. Enter the manager level and then issue the power command. C. Enter the interface configuration level for the ports that will provide PoE and then issue the power command. D. Enter the global configuration level and then issue the power command. Answer: A Section: (none) Explanation/Reference:
QUESTION 114 You must update the software on a customer's ProCurve Switch 5412zl. Which statement correctly describes the process for this operation? Select TWO. A. B. C. D. E.
Use FTP for in-band transfer of the software through an IP network. Transfer the software from your workstation using a direct serial transfer. Use TFTP for direct serial transfer of the software. Use TFTP for in-band transfer of the software through an IP network. Instruct the switch to search for any available TFTP server without knowing its IP address.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 115 How do ProCurve switches, configured with link aggregation (also known as port trunking), handle broadcast traffic? A. The switch sends a query and receives permission from potential receivers before flooding. B. Broadcast traffic is flooded through non-trunked ports, but forwarded only through one of the ports in the trunk. C. Broadcast traffic is handled in exactly the same way it would be without port trunking configured. D. Broadcast traffic is flooded through all of the ports in the trunk. Answer: B Section: (none) Explanation/Reference:
QUESTION 116 Which methods are used by ProCurve Manager for the discovery process? Select THREE. A. B. C. D. E. F.
FTP telnet ARP TFTP ping LLDP
Answer: CEF Section: (none) Explanation/Reference:
QUESTION 117 Which statements describing dynamic routing protocols are true? Select TWO. A. OSPF is a link state protocol. B. A metric of 16 is used to indicate infinity for an OSPF route. C. The destination IP address is a broadcast address for RIPv1 update and a multicast address for RIPv2 update. D. A RIP update includes the network of a local interface when sent over that local interface. E. BGP is an interior gateway protocol. Answer: AC Section: (none) Explanation/Reference:
QUESTION 118 You are installing a ProCurve switch at a customer site and must enable remote management for network administrators. Which configuration parameter is necessary to ensure that administrators can manage the switch even if they are on different IP networks? A. default VLAN
B. default management profile C. default password D. default gateway Answer: D Section: (none) Explanation/Reference:
QUESTION 119 What are the primary solution categories of the Adaptive EDGE Architecture? Select THREE. A. B. C. D. E. F. G.
upgradeability cost-effectiveness availability security mobility convergence reliability
Answer: DEF Section: (none) Explanation/Reference:
QUESTION 120 While examining the spanning tree configuration on a ProCurve switch, you notice that one of the ports is in the Blocking state. Which statement describes how this port will function in this state? A. B. C. D.
The switch will not forward user traffic through that port, but will forward BPDUs through that port. The switch forwards user traffic through that port, but does not receive user traffic through that port. The switch will not forward user traffic through that port, but will forward telnet traffic. The port is completely blocked for all purposes.
Answer: A Section: (none) Explanation/Reference:
QUESTION 121 During a planning meeting at Certkiller .com site, Certkiller .com representative mentions that they would like to consider using the GARP VLAN Registration Protocol (GVRP) to automate VLAN assignments. Which statement describes a reason to reject this option? A. GVRP cannot be used to configure Layer 3 switches because it is a Layer 2 protocol. B. GVRP is a proprietary technology that is not supported by HP Pro Curve switches. C. GVRP can compromise network security because it enables users with GVRP-compliant network adapters to set their own VLAN assignments. D. GVRP introduces significant network overhead because of its reliance on broadcasts to propagate VLAN configurations.
Answer: C Section: (none) Explanation/Reference:
QUESTION 122 While troubleshooting a network outwork outage, you decide to examine the Event log of an HP Pro Curve Switch 5348xl. Identify the command that filters reports of normal behavior from the console display. A. B. C. D.
Console events -n Console events critical Console events not-info Console events -c
Answer: A Section: (none) Explanation/Reference:
QUESTION 123 You are preparing to install cable to support a 1000Base- T uplink between switches. What is the maximum length for the cable in this run? A. B. C. D.
3 meters 100 meters 220 meters 500 meters
Answer: B Section: (none) Explanation/Reference:
QUESTION 124 While troubleshooting connectivity outages on an HP ProCurve Switch 5348xl, you decide to issue the show tech command to obtain a comprehensive report of switch status. You must first enter the ______ level. A. B. C. D.
Global configuration Manager Operator Port configuration
Answer: B Section: (none) Explanation/Reference:
QUESTION 125 You have been assigned to upgrade the firmware on an HP ProCurve switch. Identify the command will you use to view a list of all firmware versions stored on the switch.
A. B. C. D.
show startup show version show run show flash
Answer: D Section: (none) Explanation/Reference:
QUESTION 126 The network administrator at Certkiller .com site asks you to describe the differences between HP ProCurve Manager Plus and HP ProCurve manager Plus and HP ProCurve Manage. Which statements describe feature that you are included only in HP ProCurve Manager Plus? Select Two. A. an interface for defining configurations that can be applied to multiple devices simultaneously B. an interface for configuration pager alerts when the application detects unauthorized attempts to access device management features C. an interface for tracking and logging configuration changes D. an interfaces for determining what types of devices arte connected to each port on discovered switches E. maps of VLANs and physical network topology Answer: AC Section: (none) Explanation/Reference:
QUESTION 127 During a planning meeting for a new HP ProCurve solution, Certkiller .com representative asks you to explain the primary difference between layer 3 switches and layer 2 switches. Which statement describes this difference? A. Layer 3 switches can forward traffic using information in the layer 3 header, layer 2 switches forward traffic using information in the layer 2 header. B. Layer 3 switches typically have a higher port density than layer 2 switches C. Layer 3 switches can be configured with IP addresses; layer 2 switches cannot D. Layer 3 switches are usually placed at the access layer 2 switches are usually placed at the distribution layer. Answer: A Section: (none) Explanation/Reference:
QUESTION 128 You have installed new firmware in the secondary flash area on an HP ProCurve switch and verified its operation. Identify the command you will use to copy the firmware to the primary flash area. A. B. C. D.
copy secondary flash primary copy flash secondary primary copy flash flash primary copy flash flash secondary
Answer: C Section: (none) Explanation/Reference:
QUESTION 129 Several users of an enterprise network report intermittent loss of connectivity. While investigating these reports, you determine that all the users are connected to a single HP ProCurve Switch 5348xl. Identify the command you will use to view the operational status all ports. A. B. C. D.
show interfaces brief show interfaces show interfaces -o show interfaces status
Answer: A Section: (none) Explanation/Reference:
QUESTION 130 Which conditions could cause a layer 2 switch to flood traffic? Select TWO. A. B. C. D. E.
The switch receives a frame whose destination is either a broadcast or multicast address. The switch receives a frame with a source address not in its forwarding table The switch receives a frame with a destination not in its forwarding table. The switch receives a frame destination address on the same port as the source address. The switch receives a frame with a destination address on the same port as the source address.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 131 You have configured port a 1 on an HP ProCurve switch as an untagged member of VLAN 20. The port is not a member of any other VLANs. Which statement describes an action the switch takes when forwarding a frame through port a 1? A. B. C. D.
The switch adds a tag that be interpreted by the device connected that port. The switch strips any tag that may have been included with the frame when it was received HP switches require tagged status on all ports. The switch changes the VLAN id of any tag to 20.
Answer: B Section: (none) Explanation/Reference:
QUESTION 132 You are assigned to configure HP ProCurve switches at customer site for in-band management. Which of the following are in-band management methods? Select TWO. A. B. C. D. E.
SNMP XMODEM Serial console Telnet Menu interface
Answer: AD Section: (none) Explanation/Reference:
QUESTION 133 You have been asked to install and configure HP ProCurve switch in a network that includes switches manufactured by Cisco systems, Inc. During a planning session, the network's administrator repeatedly refers to the "access ports" on the Cisco switches. What is an equivalent term or feature on HP ProCurve switches? A. B. C. D.
edge ports untagged ports uplink ports trunk ports
Answer: B Section: (none) Explanation/Reference:
QUESTION 134 You must manage Certkiller .com's switch remotely using Telnet. Which configuration/monitoring interfaces are available to you? Select TWO. A. B. C. D. E.
command line interface web interface menu interface boot monitor interface HP ProCurve Manager
Answer: AC Section: (none) Explanation/Reference: There are only 2 ways to manage a switch via Telnet and that would be CLI or Menu. HP ProCurve Manager utilizes SNMP.
QUESTION 135 Certkiller .com's network requires Power over Ethernet (PoE) to support Wireless Access Points (WAPs) throughout the company's warehouse. The switch that can fulfill customer's requirement is the ______________.
A. B. C. D.
2800 4100gl 5300xl 6108
Answer: C Section: (none) Explanation/Reference:
QUESTION 136 You have just finished configuring Multiple Spanning Tree (MST) on HP ProCurve 5348xl switches at Certkiller .com site. While checking your configuration, you notice that two switches have declared themselves to be the Root in one MST instance. How can you correct this configuration error? Reconfigure the ___________. A. B. C. D.
bridge priority on one of the switches switches so that they have the same configuration name and revision number VLAN assignments on the switches port priorities on the links between the switches
Answer: B Section: (none) Explanation/Reference:
QUESTION 137 You will be installing HP ProCurve switches at Certkiller .com site that includes switches that do not support HP Port Trucking. However, the existing switches do support Cisco Fast EtherChannel. What configuration setups are necessary to enable link aggregation between the existing switches and the ProCurve switches? A. Upgrade the firmware on the HP ProCurve switches to enable support for FEC. B. No special configuration is necessary because the Pro Curve switches automatically will recognize switches' FEC configuration. C. Configure the HP ProCurve switches for static FEC and the existing switches for dynamic FEC. D. Configure all switches for Link Aggregation Control Protocol (LACP) because FEC and HP Port Trunking are not compatible. Answer: C Section: (none) Explanation/Reference:
QUESTION 138 DRAG DROP You are a member of a team designing an HP Pro Curve solution. Click the task button and match each task with appropriate design phase.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 139 A network administrator at Certkiller .com site asks about the impact of classifying some high-priority traffic for an 802.1p value of 7 and other traffic for an 802.1p value of 6. What will the effect of this configuration be? The change in 802.1p value _______. A. B. C. D.
is not possible because the 802.1p field does not support a value of 7 will introduce network latency by marking forwarding more complicated will provide more granular control over forwarding priority will make no difference in actual forwarding because both priorities are placed in the same physical queue on switches before forwarding
Answer: D
Section: (none) Explanation/Reference: Explanation: Incorrect Answers: A. 802.1p supports 0-7 (3 bits) B. Just not true C. Will not provide more granular control since 6 and 7 map to the same queue. Check out the diagram in the QOS module that shows the mapping of the priorities to the queues. The mappings of priorities to queues is as follows: Q4 - 6,7 Q3 - 5,4 Q2 - 3,0 Q1 - 2,1 Within a queue, the priority is irrelevant...FIFO. So 6 & 7 are treated the same. Note that some switches have 2 queues (2500 and 4000) or 3 queues (4100). All other switches have 4 queues.
QUESTION 140 Under witch condition does a layer 2 switch forward a frame? A. B. C. D.
when the frame's and destination addresses are reached through ports when a frame's source and destination addresses are reached through different ports when a frame's source address is not found in the forwarding table lookup the natural operation of a layer 2 switch requires it to forward all traffic through all of its ports.
Answer: B Section: (none) Explanation/Reference:
QUESTION 141 Certkiller .com is purchasing new infrastructure equipment to support Certkiller .com service team. Because of wiring and space constraints, each new edge switch must simultaneously support 28 10/100 clients and 26 10/100/1000 clients. Which of the following HP ProCurve switches is appropriate for this deployment? A. B. C. D.
2824 4160gl 6108 9300
Answer: B Section: (none) Explanation/Reference:
QUESTION 142 While configuring an HP ProCurve switch at the CLI, you are presented with the command prompt below. What does this prompt indicate? Switch_ 1A#. A. B. C. D.
The current context is global configuration level. The current context is manager level The host name has not been defined The current context is user level.
Answer: B Section: (none) Explanation/Reference:
QUESTION 143 While using the CLI configure an HP ProCurve switch, you must change context from the manager level to the global configuration level. Identify the command you will use. A. B. C. D. E.
global enable exit configure write
Answer: D Section: (none) Explanation/Reference:
QUESTION 144 You are installing an HP ProCurve switch at Certkiller .com site and must enable remote management for network administrators. What configuration parameter is necessary to ensure that administrators can manage the switch event if they are on different IP networks? A. B. C. D.
default VLAN default password default gateway default management profile
Answer: C Section: (none) Explanation/Reference:
QUESTION 145 You have been asked to configure IGMP on an HP ProCurve Switch 5348xl at Certkiller .com site. While planning the configuration, you determine that the network does not currently include an IGMP Querier. To act as IGMP Querier, the switch must be configured with _____________. A. B. C. D.
an IP address for each VLAN that will support multicasting a Class d IP address 802.1p prioritization setting for each VLAN that will support multicasting a box-wide default gateway
Answer: A Section: (none) Explanation/Reference:
QUESTION 146 You are configuring a four-port trunk on an HP ProCurve Switch 538xl. While examining the switch's configuration, you note that port c3 is a tagged member of VLAN 50. You issue the command trunk c1 -c4 trk1 at the CLI. Which statement describes the effect of this command on VLAN 50? A. B. C. D.
Port c3 will not be forward traffic VLAN 50 because the trunk has not been made a member of VLAN 50. Port c3 will not be included in the trunk until the trunk is made a tagged member of VLAN 50 Port c3 will continue to forward traffic for VLAN 50, but other ports in the trunk will not The trunk will automatically become a member of VLAN 50 and of all other VLANs configured for ports c1-c4
Answer: A Section: (none) Explanation/Reference: Page 5-18 of HPProCurve- Adaptive EDGE Fundamentals; Student Guide states- "Port Trunking has implications for Vlan configuration. Because aggregated ports CAN NOT be configured individually for Vlan membership, the TRUNK must be added by name as a tagged member of any VLAN whose traffic it must carry." Example: "Core_1 (config) # vlan 50 tagged Trk1"
QUESTION 147 A network administrator at Certkiller .com site wants to test HP ProCurve Manager Plus for free before deciding whether to purchase it. The trial period for HP ProCurve Manager Plus is __________ days. A. B. C. D.
14 30 60 180
Answer: B Section: (none) Explanation/Reference:
QUESTION 148 The network administrator at Certkiller .com site wants to ensure that users in VLAN 70 cannot set their traffic for a high forwarding priority. All of the users in VLAN 70 are connected to an HP ProCurve Switch 5348xl. How can you configure the switch to address the administrator's need? A. B. C. D.
configure an acceptable priority for VLAN 70 that will override the users' priority settings disable support for port-based prioritization on VLAN 70 No configuration is available that address this problem Configure the switch to filter all traffic from VLAN 70 that includes 802.1Q tag
Answer: A Section: (none) Explanation/Reference:
QUESTION 149 What is the most important difference between data-driven IGMP and IGMP snooping?
A. There is no difference between data-driven IGMP and IGMP snooping. They describe the same technology. B. A switch that uses data-driven IGMP filters multicast traffic unit it learns where the receivers are; IGMP snooping causes the switch to flood until it learns the locations of receivers. C. A switch that uses data-driven IGMP floods multicast traffic until learns where the receivers are IGMP snooping causes the switch to flood until it learns the locations of receivers. D. Data-driven IGMP is used by an HP ProCurve switch that is acting as a querier; all other switches use IGMP snooping Answer: B Section: (none) Explanation/Reference:
QUESTION 150 You have been asked to configuration HP Switch Meshing on four 5348xl switches at Certkiller .com site. While planning the configuration, you note that one of the switches acts as a default gateway for members of the customer's marketing VLAN. How will the mesh configuration affect the switch's ability to act in this role? A. The switch will continue to act as a default gateway for ports not included in the mesh. B. The switch will not be able to act as a default gateway because a meshed switch cannot perform IP routing duties. C. The switch's ability to perform IP routing duties will not be affected by the mesh configuration. D. The switch's IP routing configuration will automatically be transferred to the mesh so that the mesh will become the default gateway for the marketing VLAN. Answer: B Section: (none) Explanation/Reference:
QUESTION 151 DRAG DROP Click the task button and match each IEEE standard with the spanning tree protocol it describes.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 152 Why are edge-centric networks more scalable than core-centric networks? A. B. C. D.
because higher port densities on edge devices enable more users to connect because edge-centric networks provide users with faster edge ports than core-centric networks because edge-centric networks reduce network traffic by placing resources closer to users because intelligence and decision-making power are added whenever a new switch is deployed
Answer: D Section: (none) Explanation/Reference:
QUESTION 153 What parameter can be configured form the setup menu interface on HP ProCurve 4100gl and 5300xl series switches? Select TWO. A. B. C. D. E.
IP address and subnet mask for each VLAN IP address and subnet mask for the default VLAN IP address of the TACACS+ server system name and contact information STP bridge priority
Answer: BD Section: (none) Explanation/Reference:
QUESTION 154 What are the three Pillars of the Adaptive EDGE Architecture? Select THREE. A. B. C. D. E. F. G.
convergence cost-effectiveness security availability upgradability reliability mobility
Answer: ACG Section: (none) Explanation/Reference:
QUESTION 155 You are assigned to a team that is designing a new HP ProCurve solution. The team soon will begin work on diagramming the network's physical connectivity. What is the appropriate phase of the design process for this activity? A. B. C. D.
assess customer needs develop and propose a solution implement and document the solution it can be done in any phase
Answer: B Section: (none) Explanation/Reference:
QUESTION 156 How does an IP host determine which destination addresses are local and which are remote?
A. B. C. D.
The host derives a rang of local addresses by applying its configured subnet mask to its own IP address. The host broadcasts an ICMP request to its local router and requests a hop-by-hop path. The host broadcast an ICMP request to all routers in the enterprise and requests a hop-by-hop path. The host creates and maintains a table that lists remote address ranges and the next hop router for each rang.
Answer: A Section: (none) Explanation/Reference:
QUESTION 157 What device is traditionally used to segment broadcast domains in a network? A. B. C. D.
bridge switch router multi-homed server
Answer: C Section: (none) Explanation/Reference:
QUESTION 158 A network administrator asks you the differences in the discovery features of HP ProCurve Manger and HP ProCurve Manger Plus. Which statement describes these differences? A. There is no difference between the discovery processes used by the two applications. B. HP Pro Curve Manger plus enables the scheduling of auto-discovery. HP Pro Curve Manger requires users to initiate discovery manually. C. HP Pro Curve Manger Plus will discovery devices from manufactures other then HP.HP Pro Curve Manger will discovery only Pro Curve devices. D. HP Pro Curve Manger Plus supports discovery based on CDP and FDP.HP Pro Curve Manger dose not support discovery based on FDP. Answer: A Section: (none) Explanation/Reference:
QUESTION 159 You are part of a team recommending an HP ProCurve solution at Certkiller .com site. A network administrator at the site notes that the company is considering implementation of VoIP solution that will require prioritization across WAN interfaces. The HP ProCurve 5300XI series switch appropriate for this because it ______________. A. B. C. D.
supports the mapping of 802.1p priorities to IP DiffServ codepoints. can be used as a WAN router, which en able it to enforce traffic priorities at the WAN interface. can be configured to set IP DiffServ code points when IP routing is enabled supports eight forwarding queues, enable it to provide very granular priority settings
Answer: A Section: (none) Explanation/Reference:
QUESTION 160 Host A with default of 192.168.204.1 must communicate Host B with a default gateway of 192.168.205.1. Both default gateways are ports on a single router. Which statement describes how the router will alter the packets will it forwards in this transmission? The routers will insert ___________________. A. New layer 2 and layer 3 headers that use its address as the source address and the address of Host B as the destination address B. A new layer 3 header that use its address as the source address and the address and the address of Host B as the destination address C. A new layer 2 header that uses the address of Host A as the source address and the address of Host B as the destination address D. A new layer 2 header that uses its address as the source address and the address of Host B as the destination address Answer: D Section: (none) Explanation/Reference:
QUESTION 161 You are configuring VLAN 20 HP ProCurve switches to finance department at Certkiller .com site. Under what circumstances should a switch port be made a tagged member of VLAN 20? When it is connected to a _______________. Select TWO A. B. C. D. E.
802.1Q-compliant end station that is a member of VLAN 20 Port on another switch that is an untagged member of VLAN 20 Port on another switch that is a tagged member of VLAN 20 End station that cannot insert or remove 802.1Q tags Port on another switch that cannot insert or remove 802.1Q tags
Answer: AC Section: (none) Explanation/Reference:
QUESTION 162 You have been sent to install and configure HP ProCurve switches on a network that already includes switches manufactured by Cisco Systems Inc. During planning meetings, the network administrator often refers to "trunk ports." What dose the administrator mean? A. B. C. D.
Ports that connect the distribution and core layers Ports that are configured for gigabit connectivity Ports that are aggregated into a single logical port Ports that carry multiple VLANs
Answer: D Section: (none)
Explanation/Reference:
QUESTION 163 You have configured HP ProCurve 5349XI switches for switch meshing. How will a switch meshing. How will a switch in the mesh domain handle broadcast and multicast traffic that originates from a port outside the mesh? A. send a query to its directly connect neighbors to find out whether any of the neighbor's connected hosts can respond to broadcasts and multicasts B. replace broadcast and multicast addresses with the unicast MAC addresses of its neighbors in the mesh C. define a loop-free broadcast path and forward broadcast and multicast traffic over ports that are part of its broadcast path D. flood broadcast and multicast traffic through meshed and non-meshed ports Answer: C Section: (none) Explanation/Reference:
QUESTION 164 During a planning meeting at Certkiller .com site, the network manager mentions that he wants to configure HP ProCurve Manager Plus so that junior staff members can manager network devices, but cannot alert user accounts or rights. The ProCurve Manager user type will fulfill this requirement is ___________. A. B. C. D.
Administrator Viewer Operator Manager
Answer: C Section: (none) Explanation/Reference:
QUESTION 165 You are configuring an HP ProCurve 5300xl switch that will act as a default gateway for devices in VLAN 70. What configure steps are necessary to enable the switch to perform this function? Select TWO. A. B. C. D. E.
Add the switch's uplink ports to VLAN 70 Assign an IP address to the switch's VLAN 70 interface. Enable IP routing Configure all ports that are members of VLAN 70 as tagged. Configure the switch with a default gateway.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 166 After you configure a two-port trunk between two HP ProCurve 5300xl series switches, traffic analysis
reveals that only one of links is being used to full capacity. The other link is operating well bellow capacity. Which statement explains this analysis? A. B. C. D.
You incorrectly configure port trunking and must reconfigure the port trunk. This behavior is normal because a port trunk does not use adaptive load balancing. The second link is in standby mode and will only be used to full capacity if the first link fails. Load balancing is only effective when trunks include four or more links.
Answer: A Section: (none) Explanation/Reference:
QUESTION 167 An employed is moved from one building on a company's campus to another. What configuration parameters should be reviewed and/or changed to ensure that the employee's access to computing resources does not change? Select TWO A. VLAN membership for the switch port that will provide connectivity for the employee's workstation B. VLAN membership for the other workstation in the employee's new area C. IP addressing for the default VLAN on the switch that will provide connectivity for the employee's workstation D. VLAN membership for the uplink port on the switch that will provide connectivity for the employee's workstation E. VLAN membership on the switch in the employee's original location Answer: AD Section: (none) Explanation/Reference:
QUESTION 168 You are going to install and configure HP ProCurve switches in a network that includes a core switch manufactured by Cisco System, Inc. what VLAN configuration step is necessary to ensure compatibility with native VLAN on the Cisco switch? A. B. C. D.
Configure the VLAN for untagged status on the HP ProCurve switches. Configure the VLAN as the default VLAN on the HP ProCurve switches. Configure the GARP VLAN Registration Protocol on the HP ProCurve switches. Configure the VLAN for management access to the HP ProCurve switches
Answer: A Section: (none) Explanation/Reference:
QUESTION 169 You are assisting in the design of an HP ProCurve solution that will utilize Gigbit Ethernet for switch-toswitch connections. Which statements are true with regard to Gigbit Ethernet transceivers and media types? Select TWO. A. 1000Base-T requires multimedia fiber
B. C. D. E.
1000Base-LX allows you to use single mode or multimode fiber. 1000Base-LX requires you to use single-mode fiber. 1000Base-SX requires the use of multimode fiber. 1000Base-SX requires the use of single mode fiber.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 170 What are the key principles of the Adaptive EDGA architecture? Select TWO. A. B. C. D. E.
Control to the Edge Control to the Desktop Security throughout the Network Management from Anywhere Command from the Center
Answer: AE Section: (none) Explanation/Reference:
QUESTION 171 You are installing a new HP ProCurve switch at Certkiller .com site. Which statements describes for configuring the switch's IP addressing information? Select TWO. A. Connect to the switch using the serial console interface, enter the global configuration level, enable DHCP, and assign an address scope. B. Connect to the switch using the serial console interface, enter the global configuration level, and assign a box-wide IP address and mask. C. Connect to the switch using the serial console interface, enter the global configuration level, and assign an IP address and mask within the VLAN 1 context configuration level. D. Leave the switch at its default settings and allow it to acquire a reserved IP address, mask, and default gateway from a DHCP server E. Connect to the switch using the Telnet interface, enter the global configuration level, and assign a boxwide address. Answer: CD Section: (none) Explanation/Reference:
QUESTION 172 You are evaluation the HP ProCurve Switch 2848 and HP ProCurve Switch 4140gl deployment in the distribution layer of a network that will make extensive use of IP multicasting. Which statement describes a difference between the models' support for multicasting technology? A. The 2848 supports 256 multicast addresses; the 4140gl supports 1024. B. The 2848 can act as an IGMP Querier; the 4140gl cannot. C. The 2848 supports Guaranteed Minimum Bandwidth (GMB); the 4140gl supports rate limiting.
D. The 2848 supports data-driven IGMP; the 4140gl supports IGMP snooping. Answer: D Section: (none) Explanation/Reference:
QUESTION 173 Which statements describe limitations of classical core networks? Select TOW A. Routers in core-centric networks must perform more complicated packet manipulation than routers in edge-centric networks. B. Emerging protocols and standards such as Ipv6 cannot be support C. Traffic must reach the network core before routing and prioritization than routers in edge-centric networks. D. Security must be enforced at the core because edge devices aren't intelligent. E. Core-centric networks must rely on traditional routers while edge-centric networks can use wirespeed routing switches. Answer: CD Section: (none) Explanation/Reference:
QUESTION 174 When comparing HP ProCurve 4100gl and 5300xl series switches, which statements are true? Select TWO. A. B. C. D. E.
HP ProCurve proprietary transceivers may be used with 4100gl and5300xl series switches. Mini-GBIC transceivers may be used with 4100gl and 5300xl series switches. Both 4100gl and 5300xl series switches support port-based VLANs. Both 4100gl and 5300xl series switches support OSPF routing. Both 4100gl and 5300xl series switches support PoE modules.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 175 You have been asked to configure IGMP on an HP ProCurve Switch 5348xl at Certkiller .com site. What are the steps for enabling IGMP on the switch? A. Enter the global configuration context, then issue the ip igmp command. B. Enter the VLAN context for each VLAN that will support IBMP, then issue the ip igmp command. C. Enter the interface configuration context for each port configured with a VLAN, then issue the ip igmp command. D. Enter the manager level, then issue the ip igmp command. Answer: B Section: (none)
Explanation/Reference:
QUESTION 176 At Certkiller .com site, you have configured four HP ProCurve 5300xl series switches for meshing and Spanning Tree Protocol (STP). How will the mesh appear to non-mesh switches in the same STP domain? A. B. C. D.
as devices that cannot participate in the Spanish tree as a set devices without redundant links as a signal devices as a set of devices with Spanning Tree Protocol (STP) enable to block redundant links
Answer: C Section: (none) Explanation/Reference:
QUESTION 177 Certkiller .com is planning a power over Ethernet (PoE) deployment for a large call center that will use VoIP telephones. While planning the Writing closets for the deployment, the customer suggests using the ports of an HP ProCurve Switch 2650-pwr to provide power to another HP ProCurve Switch 2650-PWR. Which statement describes a correct response to this suggestion? This configuration is ____________________. A. B. C. D.
not recommended because the second switch will not have adequate power redundancy not possible because the 2650-PWR cannot act a Powered Device only possible if the second switch is an ProCurve Switch 2626-PWR only possible if the customer adds as HP ProCurve 600 EPS/RPS to the first switch
Answer: B Section: (none) Explanation/Reference:
QUESTION 178 You are about to configure HP Switch Meshing on four 5348xl switches at Certkiller .com site. All of the ports that will be included in the mesh are configure for membership in customer VLANs. How will are mesh configuration affect the VLAN configuration? The mesh will _____________. A. Not be a member of any VLANs until you manually configure is VLAN assignments B. not be 802.1 Q complaint and will only be able to retain membership in a single untagged VLAN C. automatically become a tagged member of the default VLAN and must be configured for other VLAN membership D. automatically become a tagged member of all configure VLANs Answer: A Section: (none) Explanation/Reference:
QUESTION 179 You are troubleshooting reports of connectivity outages and determine that all users reporting problems are connected to ports on a single HP ProCurve Switch 5348xl. Identify the command that enable you to learn if
any ports have non-default configurations. A. B. C. D.
show interfaces Config show interface non-def show interface * show interface *
Answer: A Section: (none) Explanation/Reference:
QUESTION 180 You have just enable spanning tree for the first time on an HP ProCurve 5300xl series. Which statements describe the switch's default spanning tree configuration? Select TWO. A. The version is the IEEE 802.1 D spanning Tree Protocol. B. Each port on the switch will interoperate with neighboring Switches that either 802.1w spanning tree versions. C. The version is the IEEE 802.1 w Rapid Reconfiguration Spanning Tree Protocol. D. All ports are set to Fast Uplink mode. E. The switch will automatically participate in Multiple Spanning Tree instances if it detects other MST switches. Answer: BC Section: (none) Explanation/Reference:
QUESTION 181 You have installed HP ProCurve Manager on Certkiller .com network and must mow log on to the Management Server for the first time. What is the default user name and password? A. B. C. D.
The user is "Admin." The password is " ProCurve." The user is "Manager." The password is " HP." The user is " administrator." The password is " admin." The user is " administrator." The password was configured during the installation.
Answer: D Section: (none) Explanation/Reference:
QUESTION 182 You are assigned to a team designing a new HP ProCurve solution. The team soon will begin work on determining how many edge ports and wring closets the solution will require. What is the optimal phase of the design process for this activity? A. B. C. D.
assess customer needs develop and proposed a solution implement and document the solution it can be done in any phase
Answer: A Section: (none) Explanation/Reference:
QUESTION 183 You need to configure VLANs on an HP ProCurve 5300xl switch that is currently set to factory defaults. You issue the CLI command no vain 1untagged a1-a4 What will the result of this command be? A. B. C. D.
Ports a1-a4 will be remove from VLAN 1 You will revive an error saying you cannot remove the ports from VLAN 1. The ports will become tagged members of VLAN 1. You will receive a prompt asking which VLAN the ports should be assigned to.
Answer: B Section: (none) Explanation/Reference:
QUESTION 184 Certkiller .com site uses an HP ProCurve 5300xl series switch to aggregate traffic at the distribution level. You must install port trunks to ensure adequate capacity for switch-to-switch links. How many trunks can you define on the switch? A. B. C. D.
8 12 24 36
Answer: A Section: (none) Explanation/Reference: Explanation: 802.3ad Link Aggregation Control Protocol (LACP) and ProCurve trunking: supports up to 36 trunks, each with up to 8 links (ports) per trunk; trunking across modules is supported
QUESTION 185 The network administrator at Certkiller .com site reports that HP ProCurve Manager Plus has not discovery any manageable devices except those on the subnet where the PCM Management Server resides. How do you explain this? A. This behavior is normal because PCM discovery massages do not cross router interfaces. The administrator should install PCM on a station in each subnet, then use the PCM Preferences Window to link the PCM Management Servers. B. This behavior is normal because PCM automatically discovers only those devices residing on the same subnet as the configured default gateway. The administrator can use the Preferences Window to add other Managed Subnets. C. The behavior indicates that PCM has been configured with an incorrect default gateway. The administrator should correct the gateway configuration, then manually initiated a new discovery. D. This behavior is normal because PCM discovery uses Cisco Discovery Protocol (CDP), which only survivors one switch-to-switch hop. The administrator should use HP Open View to discovery and manage devices on multiple subnets.
Answer: B Section: (none) Explanation/Reference:
QUESTION 186 Which statement is true regarding subnet masks? A. Two hosts in different address ranges must have the same subnet mask to enable communication. B. A subnet mask uses zero to represent the etwork" portion of the address and ones to represent the ost" portion of the address. C. A subnet mask uses a contiguous series of ones to represent the etwork" portion of the address. D. Masks are unnecessary when using classless IP addressing. Answer: C Section: (none) Explanation/Reference:
QUESTION 187 The office layout for a small manufacturing firm requires that workstations for marketing and engineering employees be connected to the same write closets. However, members of the two teams require access to different information resources. What are advantages to the firm of implementing VLANs rather than traditional IP subnet? Select TWO. A. VLANs enable administrators to assign IP addresses and access to resources based on business needs rather than physical location. B. VLANs require less network bandwidth because routing decisions are made at the edge layer rather then the core layer. C. VLANs enable the use of private IP addresses, while IP subnets require public IP addresses D. There is no advantage because VLANs and IP subnet are identical E. VLANs are simpler to configure and make it easier to alert a workstation's access to resources if the firm's layout is changed. Answer: AE Section: (none) Explanation/Reference:
QUESTION 188 You must install new HP ProCurve switches at Certkiller .com site. What password is required to gain read/ write access to an HP ProCurve switch set to factory defaults? A. B. C. D.
super admin no password ProCurve
Answer: C Section: (none) Explanation/Reference:
QUESTION 189 How many traffic prioritization accomplished with IEEE 802.1 p? A. B. C. D.
802.1Q-compliment devices set one of a value in a 3-bit field the Q tag 802.1Q-compliment devices enforce priorities based on VLAN ID. 802.1Q-compliment devices set one of 64 values in the IP data gram header. 802.1Q-compliment devices a portion of available bandwidth to each prioritized conversation.
Answer: A Section: (none) Explanation/Reference:
QUESTION 190 The network administrator asks you to explain the difference between the usermanagement features of HP ProCurve Manager and HP ProCurve Manager Plus. Which statement describes these differences? A. HP ProCurve Manager Plus supports five user types. HP ProCurve Manager only three. B. HP ProCurve Manager Plus can use RADIUS servers to automatic ate users. HP ProCurve Manager relies on its own user database. C. There are no differences in user-management features. D. HP ProCurve Manager Plus support up to 256client users. HP ProCurve Manager supports 64 client users. Answer: C Section: (none) Explanation/Reference:
QUESTION 191 You have just finished uploading firmware into the secondary flash memory on an HP ProCurve switch and want to test firmware before coping it to the primary flash memory. Identify the command you will use this task. A. B. C. D.
reload flash secondary boot image secondary boot system flash secondary reload image secondary
Answer: C Section: (none) Explanation/Reference:
HP.ActualTests.HP0-632.v2009-04-08.by.Ramon.142q Number: HP0-632 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-632 Title : OpenView Network Node Manager I Ver : 04.08.09 HP0-632
Exam A QUESTION 1 Which statements are TRUE regarding the netmon new node discovery polling process/algorithm? Select TWO. A. B. C. D.
Polling intervals can be dynamic depending on the number of new nodes discovered. Polling continues for one day after starting NNM. It then stops unless restarted by the user. Polling intervals can be static regardless of the number of new nodes discovered. Polling is NOT started automatically when NNM is started. It must be first configured by the user and then started.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 2 What is the minimum supported Java Plug-in required for Microsoft Internet Explorer when used to display Dynamic Views? A. B. C. D.
JPI 1.3.1_02 Microsoft Java Virtual Machine build 3805 JPI 1.4.1_05 JPI 1.4.2_01
Answer: D Section: (none) Explanation/Reference:
QUESTION 3 Which user can re-do initial discovery? A. B. C. D.
any ovw user the owner of the default map the network administrators the root user
Answer: D Section: (none) Explanation/Reference:
QUESTION 4 NNM automatically detects poorly performing DNS Servers by timing DNS requests. The network administrator can improve NNM performance by modifying _____________ . A. B. C. D.
xnmevents.conf netmon.lrf SnmpCollect_DNS.arf trapd.conf
E. ovet_disco.lrf Answer: B Section: (none) Explanation/Reference:
QUESTION 5 To clean out old trend data from the data warehouse without affecting the SNMPCollect database, the command parameter would be _______. A. B. C. D.
-delpriorto -trimpriorto -exportpriorto -unloadpriorto
Answer: B Section: (none) Explanation/Reference:
QUESTION 6 You have specified a map name in your Network Presenter URL. No ovw session has that map open. What will the Network Presenter do? A. B. C. D.
use the Launcher to launch an ovw session with the right map default to an ovw session with the default map open return an error message and let you try again look in your session.conf file to see if you have a second choice configured
Answer: C Section: (none) Explanation/Reference:
QUESTION 7 Which mechanisms can be used to tune the ET discovery process in large scaled environments? Select TWO. A. B. C. D.
Enable "Use ARP Cache". Configure Discovery zones. Set "OIDs per PDU" parameter. Use incremental discovery.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 8
What is the ovwdb process responsible for? A. B. C. D.
maintaining of the OVW map database maintaining the OVW object database monitoring of Microsoft Windows devices converting topology information into map information
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 What is the ovspmd process responsible for? A. B. C. D.
starting and stopping Network Node Manager processes monitoring the disk space used by the Network Node Manager databases monitoring the load Network Node Manager processes are putting on the system alerting Network Node Manager processes if processes on which they depend die
Answer: A Section: (none) Explanation/Reference:
QUESTION 10 What is the pmd daemon responsible for? A. B. C. D.
routing events to other processes receiving SNMP traps from port 162 routing electronic mail between OVW users running specialized scripts based upon events received
Answer: A Section: (none) Explanation/Reference:
QUESTION 11 What is included in the Network Node Manager product? Select TWO. A. B. C. D.
an SNMP Extensible Agent an SNMP discovery and monitoring engine an SNMP proxy agent an EMANATE SNMP manager
Answer: BD Section: (none) Explanation/Reference:
QUESTION 12 SNMP is built upon what protocol? A. B. C. D.
IPX TCP/IP SNA UDP
Answer: D Section: (none) Explanation/Reference:
QUESTION 13 Which statement is TRUE regarding NNM's SNMP EMANATE agent? A. B. C. D.
It is based upon a master agent, sub-agent technology. It is able to send CMIP events. It relies on sub-agents to provide information for all SNMP Requests. It is based upon the TCP protocol stack
Answer: A Section: (none) Explanation/Reference:
QUESTION 14 Which agent does NNM automatically install? A. B. C. D.
ISI/Epilogue SNMP agent SNMP Extensible agent SNMP simple agent SNMP EMANATE agent
Answer: D Section: (none) Explanation/Reference:
QUESTION 15 With respect to agent technology, what is TRUE of ovtopmd in NNM? A. B. C. D.
ovtopmd is a sub-agent. ovtopmd is a master agent. ovtopmd assumes the simple agent role via EMANATE. ovtopmd is a light-weight agent implementing worker threads.
Answer: A Section: (none) Explanation/Reference:
QUESTION 16 How is information on a target host's ARP cache retrieved by NNM's Network Configuration option? A. B. C. D.
through FTP through ICMP through SNMP through rnetstat
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 When an event occurs, which process logs the event information under NNM? A. B. C. D.
pmd trapd ovtrapd ovrepld
Answer: A Section: (none) Explanation/Reference:
QUESTION 18 If NNM is NOT installed on the system, which items does an operator need to use ovw? Select TWO. A. B. C. D.
a Java-capable version of Netscape or Internet Explorer the URL for the Launcher a management console the Network Presenter installed
Answer: AB Section: (none) Explanation/Reference:
QUESTION 19 Which items must be running on an NNM server system if operators using the Network Presenter wish to access maps? Select THREE. A. B. C. D. E.
web server ovlaunch.exe web browser ovw ovsessionmgr
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 20 What is the purpose of the ovaddobj utility? A. B. C. D.
to add an object to the topology database to add an object to the OVW object database to configure startup parameters for an OpenView process to configure a menu item to be added to the OVW menu bar
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 After modifying a local registration file (LRF) for a background process, which command should be executed to configure the change in the background process the next time it is started? A. B. C. D.
ovaddobj ovdelobj ovconfobj ovmodobj
Answer: A Section: (none) Explanation/Reference:
QUESTION 22 Which item has NO affect on the set of IP devices that Network Node Manager will discover? A. B. C. D.
a seed file a running netmon process a configured DHCP filter a subnet mask
Answer: C Section: (none) Explanation/Reference:
QUESTION 23 Which protocols are used in the netmon discovery process? Select TWO. A. CMIP
B. DHCP C. ICMP D. SNMP Answer: CD Section: (none) Explanation/Reference:
QUESTION 24 What is discovered, beyond default netmon discovery, when using a seed file to extend initial netmon discovery? A. the devices listed in the seed file and the networks that contain them only B. devices listed in the seed file, the networks that contain them and only connector devices found in the networks C. devices listed in the seed file and the networks directly attached to them D. devices listed in the seed file, the networks that contain them and only devices that support SNMP found in the networks Answer: C Section: (none) Explanation/Reference:
QUESTION 25 Which user can re-do initial netmon discovery? A. B. C. D.
any ovw user the owner of the default map the network administrators the root user
Answer: D Section: (none) Explanation/Reference:
QUESTION 26 Nodes without an IP address can be discovered by netmon based on _______. A. B. C. D.
the ARP cache of a router local to the node the ARP cache of a bridge on the same segment as the node a response to a ping from the management station to the node information extracted via SNMP from a bridge on the same segment as the node
Answer: D Section: (none) Explanation/Reference:
QUESTION 27 Once a node's sysObjectID is retrieved, which file is used to associate the system oid to the device's capabilities? A. B. C. D.
MIB snmpd.conf oid_to_type (or HPoid2type) oid_to_enterprise
Answer: C Section: (none) Explanation/Reference:
QUESTION 28 Which NNM Editions are available to serve specific customer needs in terms of functionality, scalability and pricing? A. B. C. D. E.
NNM Starter Edition NNM Enterprise Edition NNM Advanced Edition NNM Standalone Edition NNM Manager of Manager (MoM) Edition
Answer: AC Section: (none) Explanation/Reference:
QUESTION 29 The management of your network requires support of IPv6. Which additional SPI needs to be purchased? A. B. C. D. E.
NNM SPI for LAN/WAN Edge NNM SPI for MPLS VPN NNM SPI for Advanced Routing NNM SPI for Multicast No additional SPI needed
Answer: C Section: (none) Explanation/Reference:
QUESTION 30 Typically, in Service Provider Environments, managing overlapping address domains is a topic. Which NNM component is responsible for providing the required functionality? A. Netmon B. Extended Topology C. Active Problem Analyzer
D. Intelligent Diagnostics E. Problem Diagnosis Answer: B Section: (none) Explanation/Reference:
QUESTION 31 Identify 4 components of NNM. Select FOUR. A. B. C. D. E. F.
Correlation Composer ECS Runtime ECS Designer Dynamic Views Extended Topology Performance Analyzer
Answer: ABDE Section: (none) Explanation/Reference:
QUESTION 32 It is common practice to install vendor specific "Element Manager" to extend NNMs functionality for specific network devices. What integration mechanism is typically used? A. B. C. D. E.
NNM Developer Kit NNM API Application Registration File (ARF) Local Registration File (LRF) NNM SPI Developer Kit
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 Which OpenView product requires that NNM is installed? A. B. C. D. E.
HP OpenView Performance Insight HP OpenView Operations for Windows HP OpenView Operations for Unix HP OpenView GlancePlus HP OpenView Performance Manager
Answer: C Section: (none) Explanation/Reference:
QUESTION 34 Which product should you select to provide enterprise class reporting in the arena of network technologies? A. B. C. D.
HP OpenView Performance Manager HP OpenView Performance Insight HP OpenView Operations HP OpenView Service Information Portal
Answer: B Section: (none) Explanation/Reference:
QUESTION 35 In order to extend the focus of NNM in the direction of systems and applications management, which product would fit into your solution architecture? A. B. C. D.
HP OpenView Operations HP OpenView Service Desk HP OpenView Service Quality Manager HP OpenView Service Information Portal
Answer: A Section: (none) Explanation/Reference:
QUESTION 36 What key functionality does NNM Problem Diagnosis provide? A. B. C. D.
Web-based software probing framework knowledge base for acknowledged events IP network path analysis service availability probing
Answer: C Section: (none) Explanation/Reference:
QUESTION 37 Which key functionality does the ovw program provide? Select THREE. A. B. C. D. E.
It is a graphical user interface for NNM. It is the map-server for topology maps. It is a daemon process serving GUI requests. It provides a graphical map of the environment being managed. It can use a map database and object database on a remote management server.
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 38 Which statement is TRUE regarding Dynamic Views? Dynamic Views ________. A. B. C. D. E.
are based upon ovw technology can be customized in the same way as ovw is just the new name for Network Presenter can be launched from within the Home Base can be launched directly from within the HP OpenView Launcher
Answer: D Section: (none) Explanation/Reference:
QUESTION 39 NNM Problem Diagnosis is _______. Select THREE. A. B. C. D. E.
using Probe-based technology the Integration of OVIS into NNM detecting Blackouts and Brownouts end-to-end related testing different protocols, such as http and DNS
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 40 What is the supported mechanism for authorizing users in NNM7 Dynamic Views? A. B. C. D.
operating system based user and password Java Naming and Directory Interface (JNDI) Tomcat memory realms ODBC realms
Answer: C Section: (none) Explanation/Reference:
QUESTION 41 An existing NNM Advanced Edition installation is required to support monitoring of Cisco HSRP groups.
Which additional Smart Plug-in (SPI) software license needs to be purchased? A. B. C. D.
SPI for Advanced Routing SPI for Multicast SPI for LAN/WAN edge SPI for MPLS
Answer: A Section: (none) Explanation/Reference:
QUESTION 42 You have finished installing several connector-type network devices that only have a MAC address and would like to discover them using your management stations. What do you need to verify next? A. B. C. D.
that NNM ET discovery is enabled that the Discover Level-2 Objects box under IP Discovery Polling options is checked that the Don't Discover Level-2 Objects box under IP Discovery Polling options is NOT checked that the Perform Topology Checks on Connector devices box under General Polling is checked
Answer: B Section: (none) Explanation/Reference:
QUESTION 43 Which tool will create an ovw menu item that will query MIB objects using SNMP? A. B. C. D.
MIB Application Builder SNMP Data Presenter Web MIB Browser SNMP Data Collector
Answer: A Section: (none) Explanation/Reference:
QUESTION 44 Dynamic Views in NNM 7 allow nodes to be added and deleted from the discovered topology. Which statement is true? A. Dynamic Views now support a read-write mode. B. These actions are secured by allowing them only to occur on a browser session launched locally on the NNM system. C. The menu items to perform these actions are not enabled by default. D. These actions are secured based on NNM user credentials. Answer: D Section: (none)
Explanation/Reference:
QUESTION 45 NNM Advanced Edition 7 on Unix now provides a function to convert syslog messages to SNMP traps. Where is this feature documented? A. B. C. D.
This is an unsupported feature so no documentation exists. in the Using Extended Topology manual in the Syslog Integration white paper in the Unix man pages
Answer: C Section: (none) Explanation/Reference:
QUESTION 46 Which command backs up the Extended Topology database? A. B. C. D.
ovbackup.ovpl BackupExtTopo.ovpl ovet_backup.ovpl ovet_topodump.ovpl
Answer: A Section: (none) Explanation/Reference:
QUESTION 47 Which programming language was used to create the ovbackup and ovrestore scripts that are part of the NNM built-in backup capability? A. B. C. D. E.
Posix Shell Scripting Language C Shell Scripting Language Onyx Perl Windows Scripting Host (WSH)
Answer: D Section: (none) Explanation/Reference:
QUESTION 48 What can the operator do (by default) when the alarm browser is started from the Network Presenter? Select THREE. A. filter alarms
B. C. D. E. F.
read alarms in all categories acknowledge an alarm he or she sees. forward an alarm to another operator read alarms only in the Error and Threshold categories delete an alarm only from the current view, leaving it for other operators
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 49 Which items must be running on an NNM system if operators WITHOUT NNM installed wish to access ovw maps? Select THREE. A. B. C. D. E.
ovsessionmgr ovlaunch.exe web server web browser ovw
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 50 In order for an operator to access SNMP MIB information from a managed node, community names could be entered correctly in which areas? Select TWO. A. B. C. D.
on the management station in the snmpd.conf file on the management station in the SNMP Configuration dialog box on the web client in the snmpd.conf file on the web MIB browser's dialog box
Answer: BD Section: (none) Explanation/Reference:
QUESTION 51 Which applications are available from the Launcher. Select THREE. A. B. C. D. E.
Network Presenter SNMP Data Grapher Data Warehouse Browser Alarm Browser SNMP MIB Browser
Answer: ADE Section: (none)
Explanation/Reference:
QUESTION 52 The status of a node which has neither an IP address nor an IPX address is based on _______. A. B. C. D.
obtaining the node's system name traps sent by the node's MAC agent response to a ping from the router closest to the node traffic from the node having been recently observed by a local connecting device
Answer: D Section: (none) Explanation/Reference:
QUESTION 53 Nodes without an IP address can be discovered by NNM based on _______. A. B. C. D.
the ARP cache of a router local to the node the ARP cache of a bridge on the same segment as the node a response to a ping from the management station to the node information extracted via SNMP from a bridge on the same segment as the node
Answer: D Section: (none) Explanation/Reference:
QUESTION 54 Another network administrator in your team has installed NNM in a test management station. The station has been running for two months. She is now asking if that management station can be shipped to another location without having to make any major modifications. If she has a new license, what would be the most appropriate answer? A. B. C. D.
Configure a new discovery filter via xnmsnmpconf, and re-do initial discovery. Re-install NNM from scratch. Shutdown and restart all NNM processes. It can be done if you follow the steps for re-doing initial discovery.
Answer: D Section: (none) Explanation/Reference:
QUESTION 55 It has been brought to your attention that the OpenView NNM database has become corrupt in your test management station. You do not have a backup. You are about to re-do initial discovery. What background process is involved in the new node discovery process, and what flag could be used to speed up this process?
A. B. C. D. E.
ovtopmd , -O flag netmon , -S flag netmon , -J flag netmon , -M flag ovtopmd, -b flag
Answer: C Section: (none) Explanation/Reference:
QUESTION 56 Which items affect discovery? Select THREE. A. B. C. D. E.
seedfile pmd's configuration configuration check interval incorrectly configured subnet masks lack of SNMP access to devices
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 57 What is discovered, beyond default discovery, when using a seed file to extend initial discovery? A. the devices listed in the seed file and the networks that contain them only B. devices listed in the seed file, the networks that contain them and only connector devices found in the networks C. devices listed in the seed file and the networks directly attached to them D. devices listed in the seed file, the networks that contain them and only devices that support SNMP found in the networks Answer: C Section: (none) Explanation/Reference:
QUESTION 58 After modifying an LRF for a background process, which command should be executed to configure the change in the background process the next time it is started? A. B. C. D.
ovaddobj ovdelobj ovconfobj ovmodobj
Answer: A Section: (none)
Explanation/Reference:
QUESTION 59 Which pathname should be used to execute the ovdwquery command? A. B. C. D.
$OV_BIN/ ovdwquery $OV_DB/ ovdwquery $OV_CONF/ ovdwquery $OV_TOOLS/ ovdwquery
Answer: A Section: (none) Explanation/Reference:
QUESTION 60 How are the variables used in the Universal Pathnames initialized? A. B. C. D.
Upon installation, they are automatically invoked. They must be run manually by a script. There is an option at the end of the installation process. They must be run manually by executing a contrib-program.
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 Which files contribute to hostname resolution? Select TWO. A. B. C. D.
hosts inetd.conf resolv.conf resolv.hosts
Answer: AC Section: (none) Explanation/Reference:
QUESTION 62 The command nslookup may use _______. Select THREE. A. B. C. D.
NIS DNS DHCP X.500
E. hostfile Answer: ABE Section: (none) Explanation/Reference:
QUESTION 63 Which command tests name resolution for a machine called reality? A. B. C. D.
finger reality ping reality nslookup reality whereis reality
Answer: C Section: (none) Explanation/Reference:
QUESTION 64 Which statement best describes Quick Navigator? A. an add-on OpenView product which traverses multiple maps simultaneously B. a history stack of submaps which have been opened during the current ovw session and allows the "reopen submap from the stack" capability C. a graphical tree of all submaps with the ability to double-click anywhere and open the respective submap D. an NNM window which can be configured with GOTO symbols for frequently accessed submaps Answer: D Section: (none) Explanation/Reference:
QUESTION 65 When creating a new ovw map, what is the purpose of Compound Status? A. B. C. D.
on-demand object operational status propagate only most critical status objects propagate symbol status from children to parent symbol status propagation at rearm levels
Answer: C Section: (none) Explanation/Reference:
QUESTION 66 For maps managed by ipmap, the submap hierarchy includes submaps for the following levels ________. (The answer should be in the correct order.)
A. B. C. D. E.
Internet -> Network -> Subnetwork -> Segment -> Node Root -> Internet -> Network -> Segment -> Node Root -> Internet -> Network -> Subnetwork -> Node Root -> Intranet -> Internet -> Network -> Segment -> Node Intranet -> Internet -> Network -> Subnetwork -> Node
Answer: B Section: (none) Explanation/Reference:
QUESTION 67 Which type of symbol does the node submap level contain? A. B. C. D.
hubs nodes segments interfaces
Answer: D Section: (none) Explanation/Reference:
QUESTION 68 Which symbols are contained on a properly configured network level submap? Select FOUR. A. B. C. D. E. F.
hubs interfaces bridges networks segments gateways
Answer: ACEF Section: (none) Explanation/Reference:
QUESTION 69 Which statement correctly defines an OpenView map? A. B. C. D.
a view of network devices and their current status managed by the ipmap process the OpenView Databases, including network status, network events and data collection a window containing symbols, connections corresponding to a given level of a network's hierarchy a collection of submaps and corresponding symbols which comprise a hierarchical view of a network and its systems
Answer: D Section: (none)
Explanation/Reference:
QUESTION 70 In a very large enterprise, you have just opened a new map which uses the default status propagation rules. Browsing through the map, you find that the symbol representing your IP Network is yellow. What does that mean? The status of _______. A. B. C. D. E.
the underlying object (or child symbols) is unknown multiple child symbols are normal, and status of multiple child symbols are NOT normal all child symbols, except one, are normal only one child symbol is normal, the rest are NOT normal the underlying object (or all child symbols) is NOT normal
Answer: B Section: (none) Explanation/Reference:
QUESTION 71 What are the options to gather the interface/node ratio? Select TWO. A. B. C. D. E.
ovobjprint ovtopodump Home Base / Discovery Status / View Topology Summary ovdwquery ovstatus
Answer: BC Section: (none) Explanation/Reference:
QUESTION 72 How do you configure the size of the binary event store? A. B. C. D. E.
modify trapd.conf modify ov_event.lrf use xnmevents use ovalarmadm modify pmd.lrf
Answer: E Section: (none) Explanation/Reference:
QUESTION 73 You are using NNM's standard web reporting functionality in combination with your own reporting solution based on NNM's Data Warehouse. Scheduled exports of SNMP data collections into the Data Warehouse
are created for that purpose. Select the appropriate action to avoid collisions between scheduled exports to the Data Warehouse and Web Report generation. A. B. C. D.
Set the timeout parameter appropriately. Schedule exports as infrequently as possible. Use "post_exec" statement instead of generation timer. Specify retry intervals randomly.
Answer: B Section: (none) Explanation/Reference:
QUESTION 74 What functionality is provided by the process syslogTrap? A. B. C. D.
writes NNM Unix error messages to the syslog file monitors the syslog daemon reviews the UNIX syslog file and converts it to OV events maintains statistics about logged traps in the Data Warehouse schema
Answer: C Section: (none) Explanation/Reference:
QUESTION 75 Which condition would result in FAILURE to pass the filter? A. B. C. D.
The object does NOT exist. The attribute does NOT exist. The attribute value is correct. The assertion is a tautology.
Answer: B Section: (none) Explanation/Reference:
QUESTION 76 The filters file could be used to _______. A. B. C. D.
specify which filter is used for discovery define the content of a discovery filter list the new node discovery interval monitor as discovery proceeds
Answer: B Section: (none) Explanation/Reference:
QUESTION 77 What is the purpose of a discovery filter? A. B. C. D.
specify the systems which netmon will ping control what netmon will place in the local topology database keep nodes out of the map database avoid managing PC's
Answer: B Section: (none) Explanation/Reference:
QUESTION 78 When a DHCP filter has been established, what is the effect for the specified nodes? A. B. C. D.
They are pinged less frequently than other nodes. They are NOT stored in the topology database. The management station does NOT indicate that the node is down. The management station does NOT report certain MAC address events.
Answer: D Section: (none) Explanation/Reference:
QUESTION 79 If one user wants to have a view of only the network elements and another user wants to see only the servers, which kind of filters would be used? A. B. C. D.
Discovery Persistence Important nodes Map
Answer: D Section: (none) Explanation/Reference:
QUESTION 80 What does a filter expression specify? A. B. C. D.
symbols that may pass filters that are to be checked attributes that are to be checked sets that are to be checked
Answer: B Section: (none)
Explanation/Reference:
QUESTION 81 When writing a map filter, care must be taken to include _______. A. B. C. D.
networks and segments. hubs, bridges, and switches. networks and routers. partitioned submaps.
Answer: A Section: (none) Explanation/Reference:
QUESTION 82 Which section must the filter file contain? A. B. C. D.
FilterSets Filters FilterExpressions FilterCheck
Answer: B Section: (none) Explanation/Reference:
QUESTION 83 Which item may be used when specifying the name of a filter to be applied? A. B. C. D.
AVA Set Attribute Filter Expression
Answer: D Section: (none) Explanation/Reference:
QUESTION 84 An attribute value assertion (AVA) always contains a reference to a (an) ______. A. B. C. D.
object attribute filter set
Answer: B Section: (none) Explanation/Reference:
QUESTION 85 Which command may be employed to apply a filter? A. B. C. D.
Xnmpolling (Options: Network Polling Configuration) Ovtopodump Ovfiltertest Ovobjprint
Answer: A Section: (none) Explanation/Reference:
QUESTION 86 Which attribute value assertion(AVA) is syntactically correct? A. B. C. D.
Is IPX isRouter TopM Interface Count > 2 IP Host ~ "15.*.1.1"
Answer: B Section: (none) Explanation/Reference:
QUESTION 87 NNM is able to identify an event storm. The user gets notified by the event OV_EventStorm. Which mechanism is used to configure "Events per second" as a parameter of the event detection? A. B. C. D.
pmd.lrf Event Configuration trapd.conf ECS DataStore - EventStorm.ds
Answer: A Section: (none) Explanation/Reference:
QUESTION 88 Which Dynamic Views GUI command would you use to test SNMP connectivity from a management station to a managed node? A. Trace Route
B. Ping C. Test IP / TCP / SNMP D. Telnet Answer: C Section: (none) Explanation/Reference:
QUESTION 89 If Home Base does not display, which troubleshooting step can be used? A. B. C. D.
Use ovet_topodump.ovpl to query Extended Topology data. Run ovdumpevents to see the formatted output from the Binary Event Store. Stop and restart browser. Verify the Java plug-in version/browser combination.
Answer: D Section: (none) Explanation/Reference:
QUESTION 90 How do you configure Extended Topology's SNMP access to managed devices? A. B. C. D.
Run ETsSnmpConfig.ovpl. Select Options:SNMP Configuration. From Home Base, click [Extended Topology Configuration] and go to the SNMP tab. Run setupExtTopo.ovpl and answer all the questions.
Answer: B Section: (none) Explanation/Reference:
QUESTION 91 Why would an SNMP manager fail to communicate to a node via SNMP? Select THREE A. B. C. D. E.
The SNMP agent is not running on the remote node. The node does not have DNS configured. The node is configured to speak SNMP on a port other than 161. The SNMP manager does not have the node's SNMP community name. The SNMP proxy is not configured.
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 92
What are the assumptions required for the execution of the NNM remote ping? Select TWO. A. B. C. D.
The source node is running the icmp daemon. The source node is running an HP-UX SNMP subagent. The source node is running the internet superserver inetd. The source node and NNM manager can communicate over SNMP.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 93 What type of license is valid for approximately 60 days? A. B. C. D.
an Evaluation license an Emergency license an Instant-On license a Temporary license
Answer: C Section: (none) Explanation/Reference:
QUESTION 94 What is the quickest way to obtain the complete version of NNM running on a system? A. B. C. D.
Run nnmlicvers -v. Run ovversion -patchlist. Select Help: About and click [More Info] in ovw. Start Home Base and click [Version List].
Answer: C Section: (none) Explanation/Reference:
QUESTION 95 What are the results of the nmdemandpoll of a previously discovered node? Select TWO. A. B. C. D.
Status changes are reflected. The oid_to_sym file is dynamically updated. The oid_to_type file is dynamically updated. Information on IP addresses and installed interfaces appears.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 96 Which statements are TRUE regarding the reconfiguration of threshold event numbers? Select TWO. A. B. C. D.
values between 1 and 10000 connect threshold and rearm events allow different actions for different events allow automatic data collection when exceeded
Answer: AC Section: (none) Explanation/Reference:
QUESTION 97 Which file would you view to see the complete details regarding which event variables are logged for a specific event? A. B. C. D.
trapd.conf event.conf ovsnmp.conf pmd.conf
Answer: A Section: (none) Explanation/Reference:
QUESTION 98 When an event occurs, which process logs the event information under NNM? A. B. C. D.
pmd trapd ovtrapd ovrepld
Answer: A Section: (none) Explanation/Reference:
QUESTION 99 What are the steps for troubleshooting the Network Presenter? Select TWO. A. B. C. D.
Verify registration files. Launch Home Base. Verify permissions. Verify remote console support.
Answer: AC Section: (none)
Explanation/Reference:
QUESTION 100 If the process ovet_daCDP is NOT_RUNNING _______. A. B. C. D.
run ovstart to restart it wait for the next discovery cycle when it will be active run ovstop ovet_disco and ovstart ovet_disco run ovstatus -v ovet_daCDP to determine the problem
Answer: B Section: (none) Explanation/Reference:
QUESTION 101 Which supported command should be used to query the Extended Topology database to determine if a node has been discovered? A. B. C. D.
dumpDiscoStatus.ovpl ovet_topoquery ovet_topodump.ovpl ovtopodump
Answer: C Section: (none) Explanation/Reference:
QUESTION 102 Which step must be completed to re-do initial discovery? A. B. C. D.
Reinstall the NNM product. Reconfigure netmon to use the -J option. Delete all objects found in the NNM databases. Delete only objects found in the NNM map databases.
Answer: C Section: (none) Explanation/Reference:
QUESTION 103 What is the purpose for the Launcher? A. B. C. D.
command and control capabilities for all NNM commands security for jovw access to NNM a hierarchical portal to NNMs jovw web interfaces direct access to ovw
Answer: BC Section: (none) Explanation/Reference:
QUESTION 104 If NNM is NOT installed on the system, which items does an operator need in order to use NNM Dynamic Views? Select TWO. A. B. C. D.
A management console The Network Presenter installed A Java-capable version of Netscape or Internet Explorer The URL for the NNM Home base
Answer: CD Section: (none) Explanation/Reference:
QUESTION 105 Which items must be running on an NNM system if operators WITHOUT NNM installed wish to access the Network Presenter? Select THREE. apply. A. B. C. D. E.
ovsessionmgr web browser web server ovw ovlaunch.exe
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 106 The Web SNMP MIB Browser allows you to _______. A. B. C. D.
configure data collection on a particular MIB object view MIB object information for a particular node find a particular MIB object in the MIB table read RFCs to determine which particular MIB to load on the system
Answer: B Section: (none) Explanation/Reference:
QUESTION 107 The Network Presenter allows operators to __________. Select THREE.
A. B. C. D. E. F. G.
view submaps in tabular or graphical format update persistence levels save snapshots of the open map to their local system make copies of maps see changes other operators make to submaps as they happen maintain their own Home submap execute network troubleshooting polling commands remotely
Answer: AEG Section: (none) Explanation/Reference:
QUESTION 108 Which command helps you identify where symbols are placed on an ovw map? A. B. C. D.
ovobjprint ovmapdump ovtopodump ovw -objectlist
Answer: B Section: (none) Explanation/Reference:
QUESTION 109 When you look at the Packet Rate under Performance -> Network Connectivity in ovw, what protocol is used to gather the packet data? A. B. C. D.
TCP SNMP 802.1 ICMP
Answer: B Section: (none) Explanation/Reference:
QUESTION 110 What does the ovw Fault -> Network Connectivity -> Locate Route via SNMP selection require? A. B. C. D.
the gateway responds to SNMP requests direct access to the router's routing tables the gateway use the RIP link state protocol the gateway use the OSPF link state protocol
Answer: A Section: (none)
Explanation/Reference:
QUESTION 111 NNM can map SNMP sysObjectID to the type of symbol displayed on ovw GUI. Where is this information stored for NNM7? A. B. C. D. E.
only in the file $OV_CONF/oid_to_sym only in the file $OV_CONF/oid_to_type and files under the directory $OV_REGISTRATION in the file $OV_CONF/oid_to_sym and files under the directory $OV_CONF/oid_to_sym_reg/ in files under the directory $OV_CONF/oid_to_sym/ only in files under the directory $OV_CONF/oid_to_sym_reg
Answer: C Section: (none) Explanation/Reference:
QUESTION 112 Which statements are TRUE about rearming thresholds in the NNM Data Collector? Select TWO. A. An event may be configured to be sent when the threshold has been rearmed. B. A sample of a single MIB instance may be configured to rearm thresholds configured for several other instances. C. The rearm may be configured to occur after multiple consecutive samples within the configured rearm threshold have been received. D. The rearm may be configured to occur when a specified period of time has passed since the threshold has been exceeded. Answer: AC Section: (none) Explanation/Reference:
QUESTION 113 What type of NAT (Network Address Translation) configuration is supported by NNM 7? A. B. C. D.
DSCP-based NAT Static NAT Port Address Translation Dynamic NAT
Answer: B Section: (none) Explanation/Reference:
QUESTION 114 How would you determine how long an interface has been in the critical status in Neighbor Views?
A. B. C. D.
Select the interface and then select the menu Fault -> Alarms. Right-click on the node and select Status. Right-click on the interface and select Status Poll. Place the cursor over the interface.
Answer: D Section: (none) Explanation/Reference:
QUESTION 115 When do you need to use the Neighbor View? Select TWO. A. B. C. D.
to display all nodes with a given IP range to see a connectivity relationship of a specific device to the rest of the network to display connected networks on the same submap to find out where a specific device is logically connected in the network
Answer: BD Section: (none) Explanation/Reference:
QUESTION 116 Which command is used to manage users and passwords for web authentication of HP Openview Launcher? A. B. C. D. E.
ovhtpasswd ovlaunchpasswd ovlaunch ovhtpasswd ovwebpasswd
Answer: A Section: (none) Explanation/Reference:
QUESTION 117 The session configuration file provides security for accessing the HP OpenView Launcher. What is the parameter to enable security? A. B. C. D. E. F.
AccessControl Authentication AccessLogging LoginLogging EnableSecurity UserLogin
Answer: F Section: (none)
Explanation/Reference:
QUESTION 118 To configure an HP OpenView Launcher session, what configuration file can be used? A. B. C. D. E.
launcher.arf session.conf ov_session.conf http_session.cfg ovsessionmgr.lrf
Answer: B Section: (none) Explanation/Reference:
QUESTION 119 What is the user password file for securing the HP Openview Web user interface? A. B. C. D. E.
htpasswd ov_session.cfg inetd.sec tomcat.pwd apache.acl
Answer: A Section: (none) Explanation/Reference:
QUESTION 120 Which process is responsible for ET discovery? A. B. C. D.
ov_etdd ov_etdisco ov_etd ovet_disco
Answer: D Section: (none) Explanation/Reference:
QUESTION 121 When creating a new ovw map, what is the purpose of Compound Status? A. On-Demand object Operational status B. Propagate only most critical status objects
C. Propagate symbol status from children to parent D. Symbol status propagation at Rearm levels Answer: C Section: (none) Explanation/Reference:
QUESTION 122 Location container objects can be added to any ovw submap level. However, ipmap will only maintain status if location container objects are added to which level? A. B. C. D. E.
node root network segment internet
Answer: E Section: (none) Explanation/Reference:
QUESTION 123 The configuration file xnmeventsExt.conf can be used to specify which specific views can be launched in the context of an event. Which Dynamic Views can be launched for a selected event from within the Alarm Browser using the default configuration file? Select TWO. A. B. C. D. E.
Neighbor View Node View Path View Table View Root Cause View
Answer: AC Section: (none) Explanation/Reference:
QUESTION 124 Which commands check the status of OV background processes? Select TWO. A. B. C. D. E.
ovprocess -v ovstatus -v ovstatus -c ovstatus -s OVs_WELL_BEHAVED ovprocess -c
Answer: BC Section: (none)
Explanation/Reference:
QUESTION 125 Which commands stop all OV background processes? Select TWO. A. B. C. D. E.
ovstop OVs_DEAMON ovstop ovw ovstop -v ovstop -kill netmon ovstop -c
Answer: CE Section: (none) Explanation/Reference:
QUESTION 126 What is the difference between a map and a submap? A. B. C. D.
A map is a collection of submaps while a submap contains symbols and connections. Maps contain network icons and symbols while submaps contain network objects and connections. Submaps contain network icons and symbols while maps contain network objects and connections. There is no difference.
Answer: A Section: (none) Explanation/Reference:
QUESTION 127 What type of NNM data can be exported into the Data Warehouse? Select THREE. A. B. C. D. E. F.
topology data report data configuration data event data et data trend data
Answer: ADF Section: (none) Explanation/Reference:
QUESTION 128 Which command manages event filters to control the number of events exported to the NNM data warehouse? A. NNM filters file
B. ovdweventflt C. nnm_event_filters file D. dw_event_filters database table Answer: B Section: (none) Explanation/Reference:
QUESTION 129 What are the basic characteristics of the automated backup capability of NNM? Select THREE. A. B. C. D. E.
NNM ships with a backup script that runs "out of the box" as soon as you schedule it. Private user data will be backed up without having to make any modifications. The backup script is capable of using tape drives as the destination device. The backup script creates a duplicate image of the NNM database on disk. The backup script can be integrated with other OpenView data storage tools.
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 130 Which backup phase performs the NNM data warehouse embedded database backup? A. B. C. D. E.
checkpoint analytical operational integrated default
Answer: B Section: (none) Explanation/Reference:
QUESTION 131 The MAP database and the OBJECT database are examples of information that need to be backed up regularly. Which commands assure that these databases are saved? Select Two. A. B. C. D. E. F. G.
backup.ovpl ovbackup.ovpl -checkpoint backup.ovpl -analytical ovbackup.ovpl, -analytical backup.ovpl -operational ovbackup.ovpl -operational ovbackup.ovpl
Answer: FG Section: (none)
Explanation/Reference:
QUESTION 132 During the NNM backup process, which NNM application is paused? A. B. C. D.
SNMP data collection reception of SNMP events OVW sessions displaying of alarms
Answer: C Section: (none) Explanation/Reference:
QUESTION 133 Which databases are used in displaying an ovw map? Select THREE. A. B. C. D. E. F. G.
Object database Trend database Datawarehouse database Event database Factstore database Topology database Map database
Answer: AFG Section: (none) Explanation/Reference:
QUESTION 134 Which items describe the contents of the ov map database? Select THREE. A. B. C. D. E. F.
Each map has its own set of database files. It contains visually oriented information. It contains user access information. It contains exact symbol placement on submaps. It contains mapping information between object type and symbols. It contains objects capability information.
Answer: ABD Section: (none) Explanation/Reference:
QUESTION 135 Which configuration utility provides both a GUI and a command line to maintain the NNM SNMP
configuration database? A. B. C. D. E.
xnmsnmpconf ovsnmpconf ovw -conf ovsnmp snmpconf
Answer: A Section: (none) Explanation/Reference:
QUESTION 136 What types of configurations can be modified using xnmsnmpconf? Select TWO. A. B. C. D. E. F.
specific nodes external file list IP address & wildcard protocol default IP address class default DNS domain default
Answer: AC Section: (none) Explanation/Reference:
QUESTION 137 Which database is used to store SNMP configuration information? A. B. C. D. E.
Flatfile ovsnmp.conf RDBMS ovdwsnmp NDBM database ovsnmp.conf_db RAIMA database ov_snmp.veloc Solid database ovsnmp.db
Answer: C Section: (none) Explanation/Reference:
QUESTION 138 Which items describe the contents of the object database? Select THREE. A. B. C. D. E.
The object version information is tracked along with the object. It contains the objects selection name. It contains the number of maps that manage the object. It contains the name of the SNMP sub-poller that discovered the object. It contains MIB enterprise id of the mib-branch.
F. It contains object capabilities. Answer: BCF Section: (none) Explanation/Reference:
QUESTION 139 Identify the command to retrieve the object IP status of all objects in the object database. A. B. C. D.
ovobjprint -s ".IPstatus" ovobjqry -sql "where obj.selection = 'ip_status'" ovobjprint -e ip_status ovobjprint -a "IP Status"
Answer: D Section: (none) Explanation/Reference:
QUESTION 140 Which command will check the consistency between the map database and the object database? A. B. C. D.
ovw -verify ovw -consistency ovw -mapcount ovobjprint -mapcount
Answer: C Section: (none) Explanation/Reference:
QUESTION 141 Which items describes the contents of the topology database? Select TWO. A. B. C. D.
It contains the community strings to query the topology. It contains IP address, IP hostname, Subnet mask and number of IP interfaces. It contains information to track the relationships between objects. It contains information about symbol placement on the sub-maps.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 142 Which command prints out the contents of the IP Topology database as maintained by ovtopmd? A. ovtopmd -export
B. C. D. E.
ovtopofix -contents ovtopolist printhosts ovtopodump
Answer: E Section: (none) Explanation/Reference:
HP.ActualTests.HP0-633.v2009-04-08.by.Ramon.78q Number: HP0-633 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-633 Title : OpenView Network Node Manager II (7.X) - Customization Ver : 04-08-2009 HP0-633
Exam A QUESTION 1 By default, how does data get from Problem Diagnosis probes to the server? A. B. C. D.
they maintain a TCP connection with a heartbeat through an HTTP upload the probe stores data until the server sends a request the probe packs the data in an OV event
Answer: B Section: (none) Explanation/Reference:
QUESTION 2 What are the steps to manage distributed data collection files so you can view a single report from the management station? A. copy the raw files to the management station, export them to the data warehouse using ovcoltosql B. export the data to the data warehouse on the collection station using ovcoltosql, replicate to the management station C. from the management station, run ovdwtrend -export pointing to the files on the collection station D. run ovdwtrend -export on the collection station pointing to the data warehouse on the management station Answer: A Section: (none) Explanation/Reference:
QUESTION 3 Which of these can be accomplished by creating or editing an ARF? Select TWO. A. B. C. D.
You can create cascading menus. You can add a URL icon to the menu bar. Menu items can only be added to new menu bar items. You can add new sub-menu items to an existing menu bar item.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 4 How does a collection station distinguish itself from a management console? Collection stations_______________ . A. B. C. D.
offload the overhead associated with ovw from a management station are always deployed on the same segment as the management station offload netmon's polling responsibilities from the management station use NFS to connect to a management station; whereas management consoles use TCP
Answer: C Section: (none) Explanation/Reference:
QUESTION 5 Which features of NNM are scaleable? Select TWO. A. B. C. D.
collection stations 3 tier hierarchical management map persistence specifications merged event/trap namespace
Answer: AC Section: (none) Explanation/Reference:
QUESTION 6 By default, when a management station and a collection station both report on the same object, the management station____________ . A. B. C. D.
deletes its own version and reports the collection station's version deletes the collection station version and reports its own combines the versions, resolving any conflicts internally reports the object twice
Answer: A Section: (none) Explanation/Reference:
QUESTION 7 How is the primary collection station determined? A. B. C. D.
The first collection station to report in declares itself to be the primary. Collection stations negotiate primary status using the Network Priority Protocol. The management station determines the primary. The managed node identifies its nearest collection station as the primary.
Answer: C Section: (none) Explanation/Reference:
QUESTION 8 What is the replication process, ovrepld, responsible for? A. exporting topology changes from a collection station to the management station
B. synchronizing the topology database of the collection station managed objects with the management station C. polling the collection station to request topology changes D. resolving conflicting information from multiple collection stations Answer: B Section: (none) Explanation/Reference:
QUESTION 9 What is the NNM process that forwards events? A. B. C. D.
netmon SNMP agent pmd ovactiond
Answer: C Section: (none) Explanation/Reference:
QUESTION 10 Which step is necessary to cause all non-SNMP nodes to be marked as unmanaged at discovery? A. B. C. D.
Re-start discovery. Change oidtotype. Exit ovw then re-start ovw. Run ovtopofix (with some options).
Answer: B Section: (none) Explanation/Reference:
QUESTION 11 A symbol must be defined in a Symbol Registration File in order to use it_________ . A. B. C. D.
on the toolbar in a submap on a tab sheet in the oid2type file
Answer: B Section: (none) Explanation/Reference:
QUESTION 12
Which file needs to be modified to create a custom symbol? A. B. C. D.
oid_to_sym oid_to_type sysObjectID HPoid2type
Answer: A Section: (none) Explanation/Reference:
QUESTION 13 What are the steps to assign a custom symbol to all nodes with a particular sysObjectID? A. B. C. D.
Configure oid_to_type then find objects by symbol type. Edit the symbol registration file, customize the ipmap ARF, then restart ipmap. Configure HPoid2type, then resynchronize the topology database. Edit oid_to_sym, then discover the nodes.
Answer: D Section: (none) Explanation/Reference:
QUESTION 14 Once the Demand level is set, what is true of a symbol found in transient submaps? A. B. C. D.
they are in memory only when in a resident submap they are in memory only when found in a persistent submap they are never in memory because the submap is transient they are always in memory, the Demand level only affects disk space
Answer: A Section: (none) Explanation/Reference:
QUESTION 15 What are the benefits of using the Applications Builder? Select TWO. A. B. C. D.
to integrate a web-based management tool with Openview Databases into ECS to build a basic ARF which can be further edited to design a customized object or symbol and apply it to the map to add a new application for an executable symbol
Answer: BD Section: (none) Explanation/Reference:
QUESTION 16 How do you unlink a Problem Diagnosis server from a remote probe? A. B. C. D.
From Problem Diagnosis view, select the probe from the list and [Delete]. Edit pdconfig.xml and remove the block. Execute pdconfig.ovpl -unlink on the server. Edit npprobe.conf and remove the server name.
Answer: B Section: (none) Explanation/Reference:
QUESTION 17 Brownout analysis is done by _______. A. B. C. D.
the probe, which stores the data for collection by the server the probe, which sends OV_Brownout to the server the Problem Diagnosis server as the data arrives snmpCollect so the threshold can be monitored
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 On which systems can you install a Problem Diagnosis probe? Select TWO. A. B. C. D. E.
a Collection Station running NNM Advanced Edition a monitored Linux system any router a Collection Station running NNM Starter Edition any Cisco device
Answer: AD Section: (none) Explanation/Reference:
QUESTION 19 To enable a Problem Diagnosis probe to report to multiple servers, you can______. A. B. C. D.
configure the probe in the configuration file of each server configure the probe to monitor the path to each server initiate a trek using the probe to add it to servers automatically configure all the server names in the probe configuration file
Answer: A Section: (none)
Explanation/Reference:
QUESTION 20 Which function does a topology filter perform? A. B. C. D.
It directly eliminates topology objects from a map. It prevents topology objects from being locally discovered. It affects the topology view exported by a collection station. It dictates a particular topology object be resident on a particular map.
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 A topology filter may________ . Select THREE. A. B. C. D. E.
reduce polling cycle time on the collection station. limit which objects are viewable on the management station's map. reduce computer resources and overhead on the management station. cause the collection station to remove information from its database. cause the management station to resynchronize with the collection station when applied.
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 22 A failover filter is configured________ . A. on the management station to match the topology filter of a specific collection station B. on the management station to indicate which objects, that passed a specific collection station's topology filter, to monitor C. one per management station to cover the subset of all collection stations' objects to monitor D. on the collection station to indicate which topology filter objects to monitor Answer: B Section: (none) Explanation/Reference:
QUESTION 23 What are the best items to place in a failover filter? Select TWO. A. critical servers B. desktop workstations
C. D. E. F.
remote collection stations local collection stations connector devices DHCP devices
Answer: AE Section: (none) Explanation/Reference:
QUESTION 24 To apply a topology filter, you must _______. A. B. C. D.
execute xnmtopoconf -f filter_name edit ovtopmd.lrf to add the filter name edit ovrepld.lrf to add the filter name select Options:Network Polling IP and enter the filter name
Answer: B Section: (none) Explanation/Reference:
QUESTION 25 During normal processing, you have automatic failover configured on a management station for a collection station. Which overlap mode is most efficient? A. AllowOverlap keeps active copies of all objects at the management station so failover takes the least processing. B. UnmanageSecondary holds a space for each object so failover takes less time. C. DeleteSecondary frees the most space and processing time on the management station, and failover handles the rare occurrence where the collection station goes down. D. NoOverlap allows the management station to discontinue monitoring the objects. Answer: C Section: (none) Explanation/Reference:
QUESTION 26 How long does a management station take to recognize that a collection station is down and to initiate failover polling? A. B. C. D.
5 minutes 20 minutes 4 polling cycles One failed poll
Answer: C Section: (none) Explanation/Reference:
QUESTION 27 What must be true for a management station to implement failover of a collection station? A. B. C. D.
The collection station must have a failover filter in place. The management station must have access to the monitored objects. At least two collection stations must have been reporting on the objects. The management station must have its overlap mode set to DeleteSecondary.
Answer: B Section: (none) Explanation/Reference:
QUESTION 28 What happens when a failed over collection station returns to normal status? A. The management station immediately synchronizes to the collection station's current version of each object. B. The management station waits to synchronize until the collection station has updated its database by polling the objects. C. The collection station synchronizes from the management station version of object status as the most current. D. The collection station informs the management station of its object status one at a time as it completes its first polling cycle. Answer: A Section: (none) Explanation/Reference:
QUESTION 29 Your management station manages a domain of its own in addition to receiving information from a remote collection station. You just got a large bill from your WAN provider for last month when your remote collection station went down. How can you avoid that in the future? Select TWO. A. B. C. D.
Configure overlapping domains so the management station will not have to resynchronize everything. Configure a failover filter to minimize management station polling. Add a backup collection station at the remote location to manage the remote domain redundantly. Configure the -nosynchronize option to allow natural updating of the management station when a collection station returns to normal operation.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 30 To improve bandwidth utilization in DIM, you could___________ .
A. force a complete synchronization every morning using nmdemandpoll so data is more accurate for the rest of the day B. stop and restart the collection station on a regular schedule to re-establish a clean link C. avoid restarting the management station D. configure ovtopmd.lrf with the -minTopo parameter so less data is uploaded Answer: C Section: (none) Explanation/Reference:
QUESTION 31 Which event should you configure to be forwarded from a collection station to a management station? A. B. C. D.
threshold events from data collection node status events from netmon connectorDown events created by ECS node added and deleted events from netmon
Answer: A Section: (none) Explanation/Reference:
QUESTION 32 You have configured a topology filter on a collection station so only connector devices are uploaded to the management station. You have also configured threshold events to be forwarded to the management station. When a server violates a threshold, what appears in the Alarm Browser on the management station? A. B. C. D.
the server threshold alarm from the collection station no alarm appears a warning from the collection station that a threshold has been violated on an un-replicated node the server threshold alarm generated by the management station
Answer: A Section: (none) Explanation/Reference:
QUESTION 33 The difference between an NNM Advanced Edition collection station and an NNM Advanced Edition management station is that on the collection station_______ . A. B. C. D.
only the collecting software is installed only the collecting processes are running the replication process is running the replication process is not running
Answer: D Section: (none)
Explanation/Reference:
QUESTION 34 Which factors affect the time required for synchronization of the collection station with the management station? Select TWO. A. B. C. D. E.
number of objects size of event history for each node time since last synchronization number of data collection objects network bandwidth
Answer: AE Section: (none) Explanation/Reference:
QUESTION 35 You want to do trend analysis in your distributed management environment and always be able to see the most recent six months of data from your management station. What is the architecture of your data collection? A. Configure each collection station to monitor the data, store the data, and send reports to the management station? B. Configure each collection station to monitor the data, upload the data to the management station, and create reports at the management station. C. Configure collection at the collection station and have NNM automatically synchronize data back to the management station for reporting. D. Configure collection at the management station and it automatically partitions collection and assigns it to the nearest collection station. Answer: B Section: (none) Explanation/Reference:
QUESTION 36 Which statements are true regarding Active Tables? Select TWO. A. B. C. D.
You can modify the table element by right-clicking on the element and selecting Modify. You can hide a column by Right-clicking on the column title in the table header and selecting Hide. You can search for data by right-clicking in the table header and selecting Find. You can save the changes to the Dynamic Views by selecting File->Save.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 37 What are the possible path statuses in Problem Diagnosis?
A. B. C. D.
up, down normal, unknown, critical normal, warning, minor, major, critical managed, unmanaged
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 How do you display port labels in Neighbor Views? A. B. C. D.
Select the menu: Tools --> Neighbor View --> Port Labels. Select the menu: View -> Labels -> Toggle Port Labels. Set the environment variable Display_Port_Labels and restart the server. Right-click on the port symbol and select Display Port Label from the popup menu.
Answer: B Section: (none) Explanation/Reference:
QUESTION 39 Problem Diagnosis can monitor packet round trip times. When round trip times exceed a pre-configured threshold, Problem Diagnosis generates a brownout event indicating a potential performance problem. In which Alarm category will this event be displayed? A. B. C. D. E.
Application Alert Alarms Problem Diagnosis Threshold Alarms Status Alarms Threshold Alarms Problem Diagnosis Alarms
Answer: E Section: (none) Explanation/Reference:
QUESTION 40 Using an NNM GUI, how do you get a list of unused IP addresses from the NNM topology database? A. From the Network View, list the IP addresses already in use, then determine the unused IP addresses according to the subnet mask. B. From the Network View, select menu View -> Unused IP addresses. C. From a Dynamic View, select Tools -> Unused IP Addresses. D. From a Dynamic View, select --> Views --> Used IP addresses. Answer: C Section: (none)
Explanation/Reference:
QUESTION 41 If multiple entries are found that map the same SNMP sysObjectID to different symbol types, which mapping entry will be used in ovw? A. B. C. D.
The first entry read by ovw. The last entry read by ovw. It is undetermined, ovw randomly selects an entry. No entry is selected for this sysObjectID, and ovw reports an error.
Answer: B Section: (none) Explanation/Reference:
QUESTION 42 How do you display long label names for devices on a map? A. B. C. D.
In a Dynamic View, select View -> Labels -> Long Name. In ovw, select View -> Labels -> Long Name. Use the -u option for the ipmap process. In a Dynamic View, right-click the device symbol and select Details.
Answer: A Section: (none) Explanation/Reference:
QUESTION 43 How do you view the details of the source node for a selected alarm? A. From the Web Alarm Browser, select Actions -> Views... -> Source Details; but this is not available in the native Alarm Browser. B. From the Web Alarm Browser, select Actions -> Views... -> Source Details; or from the native Alarm Browser, select Actions -> Highlight Source On Map. C. From the Web Alarm Browser, select Actions -> Views... -> Source Details; or from the native Alarm Browser, select Actions -> Views -> Source Details. D. From the Web Alarm Browser, double click on the selected alarm. Answer: C Section: (none) Explanation/Reference:
QUESTION 44 What are the benefits of dividing an NNM ET discovery domain into multiple zones? Select TWO. A. It overcomes license limit by introducing additional zones.
B. Users can potentially see discovered zones faster. C. It allows for administration based on organizational boundaries. D. It consumes fewer memory resources. Answer: BD Section: (none) Explanation/Reference:
QUESTION 45 What can you use to limit NNM ET discovery? A. B. C. D.
zone configuration special ET discovery filters NNM netmon discovery filter (netmon.nodiscover) ET protocol configuration
Answer: C Section: (none) Explanation/Reference:
QUESTION 46 Before enabling Extended Topology it is recommended to _______. Select THREE. A. B. C. D. E. F.
setup SNMP configuration properly remove all NNM netmon discovery data setup NNM netmon discovery filter export NNM netmon discovery data into the Data Warehouse finish NNM netmon discovery remove the oid_to_type file
Answer: ACE Section: (none) Explanation/Reference:
QUESTION 47 Which command is used to enable Extended Topology? A. B. C. D.
etrestart.ovpl setupExtTopo.sh setupExtTopo.ovpl ovet_disco.ovpl
Answer: C Section: (none) Explanation/Reference:
QUESTION 48 What statements are true in regards to NNM Extended Topology discovery? Select THREE. A. B. C. D. E.
ovet_dffile uses entries in hosts.nnm ovet_disco reads the NNM topology database status can be viewed using ovstatus -v ovet_disco status can be viewed using the status web page results are made available continously while discovery runs for the default zone only
Answer: ACD Section: (none) Explanation/Reference:
QUESTION 49 What should be used to restrict a particular user from gaining access to ovw's Options menu? Select THREE. A. B. C. D. E.
Change the OVwRegDir environment variable. Modify the appropriate directory and file permissions in the ARF tree. Create an appropriate entry in htgroup. Change the permissions of all of the maps. Copy a portion of the ARF sub-tree.
Answer: ABE Section: (none) Explanation/Reference:
QUESTION 50 With NNM, how would you create a new MIB application under the NNM menu bar? Select TWO. A. B. C. D.
Run xnmappmon. Create/modify an LRF. Create/modify an ARF. Use the Application Builder.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 51 When files have been directly edited to customize an ovw menu item, when do the changes in customization take effect? A. after ovw has been restarted B. immediately, depending on the selection rule C. after ovexec has been restarted with the -verify option
D. after xnmappmon has been restarted Answer: A Section: (none) Explanation/Reference:
QUESTION 52 A SelectionRule="isCiscoRouter" statement is used for an ovw menu called CustomApp in an Application Registration File. What is the effect of this statement in the menu? A. B. C. D.
CustomApp appears in the menu only when the correct object is selected. CustomApp appears only in a submap where the correct type of symbol appears. CustomApp always appears in the popup menu and works regardless of submap. CustomApp is grayed-out until the correct type of object is selected.
Answer: D Section: (none) Explanation/Reference:
QUESTION 53 Setting the environment variable IPMAP_NO_SYMBOL_CHANGES for ovw sessions____________ . A. B. C. D.
enables cut and paste of host and segment symbols into network submaps allows creation of Location symbols at any submap hierarchical level prevents ipmap from changing symbol types or symbol labels on ovw map denies users the ability to edit symbol class:subclass or export maps
Answer: C Section: (none) Explanation/Reference:
QUESTION 54 How would you set the ovw On-Demand submap level? Select TWO. A. B. C. D.
ovtopmd.lrf file ipmap registration file $OV_CONF/C/filters file IP Map Configuration dialog box
Answer: BD Section: (none) Explanation/Reference:
QUESTION 55 Once the ovw On-Demand level is set, what is true of changing the demand level?
A. B. C. D.
It can be changed at any time. It can never be reset once it has been set. It can be changed only after using the "Unset" option. It can be changed only when opening/creating a new map.
Answer: A Section: (none) Explanation/Reference:
QUESTION 56 Which steps are necessary for customizing an ovw Submap Context? Select THREE. A. B. C. D. E.
Run ovw -fields. Exit ovw, then restart ovw. Restart the daemons (re-run ovstart). Edit the appropriate ARF by adding the new context identifier. Add the new context identifier to the submap Description Dialog box.
Answer: BDE Section: (none) Explanation/Reference:
QUESTION 57 A common block within a dynamic view menu extension file would be____ . A. B. C. D.
NodeSelected Tab TableSort MenuBar
Answer: D Section: (none) Explanation/Reference:
QUESTION 58 To start a web-based application from a dynamic view menu, which keywords are required? Select TWO. A. B. C. D. E.
URL WebWindow ActionId Command WindowName
Answer: AC Section: (none) Explanation/Reference:
QUESTION 59 To pass the selection name of a selected object to an application launched from a dynamic view menu, use the syntax ________. A. B. C. D.
$OV_SELECTION1 ${name} $OV_NAME
Answer: C Section: (none) Explanation/Reference:
QUESTION 60 One menu type you can add to dynamic views that is unavailable in ovw is a_________ . A. B. C. D.
background popup menu selected node popup menu toolbar button list item
Answer: A Section: (none) Explanation/Reference:
QUESTION 61 When do dynamic view menu configuration changes appear? Select TWO. A. B. C. D.
when the file is saved, all dynamic views are updated the next time a dynamic view is opened or manually refreshed after ovas is stopped and restarted after the browser is restarted
Answer: BC Section: (none) Explanation/Reference:
QUESTION 62 You want to integrate a text-based application into dynamic view menus. Which utility allows the display of text output from a dynamic view? A. B. C. D.
xnmappmon webappmon ovexec CGIwrap
Answer: B
Section: (none) Explanation/Reference:
QUESTION 63 Which file would you edit to enable a login for operators using web-based dynamic views? A. B. C. D.
session.conf tomcatSecurity.xml ovas.conf dynamicViewsUsers.xml
Answer: D Section: (none) Explanation/Reference:
QUESTION 64 Which item, accessible from Home Base, requires a login by default? A. B. C. D. E.
Discovery Status Extended Topology Configuration Views to be launched Alarm Browser Analyzer Status
Answer: B Section: (none) Explanation/Reference:
QUESTION 65 For dynamic views, MD5 allows_______ . A. B. C. D.
password encryption during transmission encryption of all data transmission enabling ssh for some remote users encryption of stored passwords
Answer: D Section: (none) Explanation/Reference:
QUESTION 66 Which processes do not run locally on an NNM remote console? Select TWO. A. ovw B. ipmap C. ovwdb
D. ovtopmd E. xnmevents Answer: CD Section: (none) Explanation/Reference:
QUESTION 67 What type of data is exported into the NNM Data Warehouse? Select THREE. A. B. C. D. E.
SNMP Data Event Data Topology Data Map Data Object Data
Answer: ABC Section: (none) Explanation/Reference:
QUESTION 68 Part of the Data Warehouse can be trimmed periodically. The data that can be trimmed includes the ____. Select TWO. A. B. C. D.
Map data topology data event data SNMP trend data
Answer: CD Section: (none) Explanation/Reference:
QUESTION 69 Which command would you use to filter data exported into the NNM Data Warehouse? A. B. C. D.
snmpColdump ovdwtrendflt ovdwtopo ovdweventflt
Answer: D Section: (none) Explanation/Reference:
QUESTION 70
Which commands would export NNM collected data to the NNM Data Warehouse? Select THREE. A. B. C. D. E.
ovdwtrend ovdwquery ovdwunloader ovdwtopo ovdwevent
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 71 When no relational database is used, where is the data warehouse stored? A. B. C. D.
in an embedded database in a flat file in a system-specific format in hierarchical directories
Answer: A Section: (none) Explanation/Reference:
QUESTION 72 What type of data cannot be trimmed? A. B. C. D.
data warehouse events topology trends
Answer: C Section: (none) Explanation/Reference:
QUESTION 73 Which process (from the multiple processes) must be running in the background for a topology export? A. B. C. D. E.
ovdb ovdw ovtopmd ovexportmgr ovspmd
Answer: C Section: (none)
Explanation/Reference:
QUESTION 74 You can retrieve information from the Data Warehouse using ._____ Select TWO. A. B. C. D. E.
SQL enabled applications ovdwquery to run SQL statements ovdbcheck a text editor ovtopodump and grep for topology information
Answer: AB Section: (none) Explanation/Reference:
QUESTION 75 In historical analysis of a device failure, you can use Data Warehouse information to _____. Select TWO. A. B. C. D. E. F.
see the events reported by the device in the last 5 minutes report changes in the device's network utilization from year to year use an SQL query to gather MIB statistics from the device's SNMP agent graph the device's current network utilization determine which collection station is monitoring the device review threshold violation patterns for the device
Answer: BF Section: (none) Explanation/Reference:
QUESTION 76 The Data Warehouse helps you view historical data about managed devices more efficiently by______ . A. B. C. D.
letting you create reports combining information from topology, event, and data collection databases providing faster access times than the embedded databases mirroring the operational databases for fail over access providing automatic prediction of network device failures
Answer: A Section: (none) Explanation/Reference:
QUESTION 77 The Data Warehouse -trim* command____ . A. ensures that only relevant information appears in reports B. controls the size and growth of the data warehouse
C. filters which data goes into the Data Warehouse D. summarizes a week's worth of daily data into the weekly aggregate table Answer: B Section: (none) Explanation/Reference:
QUESTION 78 The command "ovdwtrend -exportinterval 10 -trim" exports_______ . A. raw snmptrend data to the Data Warehouse every 10 minutes, and deletes data from the snmpCollect files B. the last 10 hours of snmp collection data to the Data Warehouse and deletes the previous data from the Warehouse C. snmptrend data to the Data Warehouse, summarizing a point every 10 minutes and deleting existing data in the Warehouse D. snmptrend data to the Data Warehouse, summarizing a point every 10 minutes, and deleting the files in the snmpCollect directory Answer: C Section: (none) Explanation/Reference:
HP.ActualTests.HP0-729.v2009-04-08.by.Ramon.153q Number: HP0-729 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-729 Title : ProCurve Secure Mobility Solutions 6.41 Ver : 04-08-09 HP0-729
Exam A QUESTION 1 Which port is automatically placed in VLAN1 when an xl Access Controller Module is successfully installed in a Switch 5300xl? A. B. C. D.
Client Port Access Port Virtual Uplink port Virtual downlink port
Answer: C Section: (none) Explanation/Reference:
QUESTION 2 Certkiller.com site requires a new wireless network with 19 access points. The customer is evaluating solutions based on the Wireless Edge Services xl Module and on standalone AP 530s. Why is the Wireless Module a superior solution for the deployment of multiple ProCurve radios? A. The Wireless Module Supports 802.1x authentication. The standalone AP solution supports only web authentication B. The Wireless Module provides centralized management and configuration for all associated RPs. The standalone AP solution requires separate configuration of each AP C. The Wireless Module supports Layer 2 roaming. The standalone AP solution provides no roaming support D. The Wireless Module provides PoE for associated RPs. The standalone AP solution requires purchase of a separate PoE switch, such as a ProCurve 2600-PWR Answer: B Section: (none) Explanation/Reference:
QUESTION 3 By default, how do users identify themselves to the Secure Access 700wl Series as guests? A. B. C. D.
The users must click the "Guest" button on the logon page The users must be associated with an SSID reserved for guests The users must be assigned to the "Guest Access" identify Profile The users must be associated with a System-defined Guest Access Connection Profile
Answer: A Section: (none) Explanation/Reference:
QUESTION 4 Which applications must be hosted on the same computer to enable ProCurve Manger Plus/Identify Driven Manager to function in a Windows Environment? (Choose two.) A. PCM+ Server
B. C. D. E.
DHCP Server Identify Driven Manager Internet Authentication Services Active Directory Domain Controller
Answer: AC Section: (none) Explanation/Reference:
QUESTION 5 At Certkiller .com site, users in the Graphics Department use peer-to-peer applications to share source files. Which feature must be configured on the Secure Access 700wl Series to support these applications? A. B. C. D.
VPN Encryption Real IP Addressing Adaptive Client Support Network Address Translation
Answer: B Section: (none) Explanation/Reference:
QUESTION 6 At Certkiller .com site, you must configure a Wireless Edge Services xl Module and associated Radio Ports to assign users to administratively defined VLANs based on job function. This will enable access control for wireless users based on router-based ACLs. How can you accomplish this without configuration a separate SSID for each job function and VLAN? A. B. C. D.
Configure ProCurve Mobility Manager to apply VLAN tags based on the users connection parameters Configure the customers RADIUS server to provide a VLAN ID in the authentication response Configure a separate Radio Port for each user type and associate it with a VLAN ID Configure the switch port that supports each Radio Port to be a tagged member of all required user VLANs
Answer: B Section: (none) Explanation/Reference:
QUESTION 7 At Certkiller .com site, you must configure a Secure Access 700wl system to use LDAP and Active Directory to authenticate Sales users. Which element of the Rights Assignment must match the Active Directory group name for these users? A. B. C. D.
Identify Profile Access Policy Connection Profile Authentication Policy
Answer: A
Section: (none) Explanation/Reference:
QUESTION 8 Exhibit:
John is a user associated with the "Marketing" identity Profile who connects through an xl access Controller Module associated with the "Main Office" Connection Profile. In the Exhibit, identify the row in the Rights Assignment table that will apply to John while the Secure Access 700wl system is evaluating his credentials. A. B. C. D. E.
1 2 3 4 5
Answer: D Section: (none) Explanation/Reference:
QUESTION 9 Which ProCurve secure mobility solution enables the setting of priorities for taffic entering through any AP? A. B. C. D.
Mobility Manager Procurve Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 10 By default, What access is allowed by the outside world Allowed Traffic filter on the Secure Access 700wl Series? A. All addresses not defined by the @INTRANET@ address variable B. All addresses associated with the @INTERNET@ address variable
C. All Addresses not associated with system-defined address variable D. All addresses not discovered on routers and switches during 700wl installation Answer: A Section: (none) Explanation/Reference:
QUESTION 11 What is the default IP Addressing setting for clients of the secure Access 700wl Series? A. B. C. D.
Never NAT Requires NAT Relay DHCP NAT when necessary
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 A Secure Access 700wl system at Certkiller .com site uses the default "Guest Access" Access policy. Which step is necessary to enable guest users to access the Internet? A. B. C. D.
Define an @INTERNET@ address variable Configure a custom "Internet" Redirected Traffic Filter for guest users Associate the "Outside World" Allowed Traffic Filter with the Access Policy Create a Global Network On the ACS with an IP Address in the guest address range
Answer: C Section: (none) Explanation/Reference:
QUESTION 13 At Certkiller .com site, the business Office Authenticated Access Policy requires encryption for PPTP clients. The business office unauthenticated access policy does not allowed encryption. What is the effect of this configuration on clients using VPN software? A. The users will be able to access the network but their credentials will be rejected B. The users will not be able to access the network because the encryption settings do not match C. The users will be required to initiate their VPN connections after authentication through browser-based logon D. The 700wl system will automatically initiate VPN connections after users are authenticated through Active Directory Answer: B Section: (none) Explanation/Reference:
QUESTION 14 At Certkiller .com site, you are configuring web authentication for guest users who will authenticate through a wireless Edge Services xl Module. Users associating with the Guest SSID will receive addresses in the range of 192.168.64.0/24 and will be associated with VLAN 64. Why is it necessary to assign an IP Address in the range of 192.168.64.0/24 to the VLAN 64 interface on the Wireless Edge Services xl Module? A. B. C. D.
To Enable Clients to communicate with the VLAN 64 default gateway To enable client browsers to be redirected to the web authentication page To enable the Wireless Module to act as a RADIUS client for VLAN 64 users To enable the Wireless Module to communicate with Procurve Manager Plus
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 At Certkiller .com site, an administrator has changed the configuration for the Inventory Access Profile in identity Driven Manager so that users will be associated with VLAN 64 instead of VLAN 48. However, when users log on, they are still assigned to VLAN 48. Which steps is necessary to correct this error? A. B. C. D.
Deploy the policy to the realm Manually re-discover VLAN 64 Delete VLAN 48 from ProCurve Manager Plus Re-import affected users into identity Driven Manager
Answer: A Section: (none) Explanation/Reference:
QUESTION 16 Certkiller .com requires a centralized secure mobility solution while continuing to employ access points from multiple vendors. Which Procurve secure mobility solution is most appropriate for this requirement? A. B. C. D.
Mobility Manager Identity Driven Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 Which parameter is used to authenticate an access point associated with the secure access 700wl series? A. The APs IP Address B. The ACS shared secret
C. The APs series number D. The APs MAC Address Answer: D Section: (none) Explanation/Reference:
QUESTION 18 In a windows Environment, what is a role of the IDM RADIUS Agent? A. To add RADIUS attribute to a RADIUS-ACCEPT packet from IAS B. To act as a RAIDUS proxy server for all clients associating through Locations defined in IDM C. To monitor the Windows Active Directory and IAS for evidence of unauthorized logins or access attempts D. To ensure that user accounts created in RADIUS databases on Procurve access points and are correctly added to Active Directory on the Domain Controller Answer: A Section: (none) Explanation/Reference:
QUESTION 19 At Certkiller .com site, you are configuring web authentication for guest users who will through a Wireless Edge Servers xl Module. Users associating with the Guest SSID will receive addresses in the range of 192.168.64.0/24 and will be associated with VLAN 64. Why is it necessary to assign an IP Address in the range of 192.168.64.0/24 to the VLAN 64 interface on the Wireless Edge Services xl Module? A. B. C. D.
To enable clients to communicate with the VLAN 64 default gateway To enable client browsers to be redirected to the Web authentication page To enable the Wireless Module to act as a RADIUS client for VLAN 64 users To enable the Wireless Module to communicate with Procurve Manager Plus
Answer: B Section: (none) Explanation/Reference:
QUESTION 20 What is the default encryption setting for a 700wl Access Policy? A. B. C. D.
Required Disabled Negotiated Allowed, but not required
Answer: B Section: (none) Explanation/Reference:
QUESTION 21 What is the default logon method for clients associating through the Secure Access 700wl Series? A. B. C. D.
Monitored logon Web-based logon 802.1X/WPA logon Wireless Data Privacy logon
Answer: B Section: (none) Explanation/Reference:
QUESTION 22 What source of user identify are directly supported by the user import feature in Identity Driven Manager? (Choose three.) A. B. C. D. E. F. G.
XML File CSV File RADIUS Server LDAP Server SQL Database ODBC database Windows Active Directory
Answer: ADG Section: (none) Explanation/Reference:
QUESTION 23 At Certkiller .com site, users in the Accounting offices must be placed in VLAN 66 after associating with an Access Point 530 under the control of a Secure Access 700wl System. The AP is directly connected to the Switch 5300xl that houses the xl Access Controller Module. Which steps are necessary to enable the VLAN assignment? (Choose three.) A. B. C. D. E. F.
Assign an address in the VLAN 66 range to the ACS uplink Define the AC Module uplink as a tagged member of VLAN 66 Assign an address in the VLAN 66 range to the AC Module uplink Configure a connection Profile that will tag user traffic for VLAN 66 Define the port connected to the AP 530 as an untagged member of VLAN 66 Define the port connecting the 5300xl to the ACS as a tagged member of VLAN 66
Answer: BCD Section: (none) Explanation/Reference:
QUESTION 24 Which Procurve secure mobility solution provides for RF management of associated Radio Ports?
A. B. C. D.
Mobility Manager Identify Driven Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: D Section: (none) Explanation/Reference:
QUESTION 25 At Certkiller .com site, you must install the IDM RADIUS Agent. What is the process for this task? A. At the ProCurve Manager Plus Server, associate the RADIUS server to an IDM realm and deploy the current policy B. At the RADIUS Server, use a web browser to access the PCM server, download the agent installer and install it using the usual Windows Process C. At the RADIUS server, run the Procurve Manager Installer and select Configure RADIUS Agent when prompted for installation instructions D. At a client computer, log on to the network from a Location defined in IDM and attempt to authenticate through the RAIDUS Server Answer: B Section: (none) Explanation/Reference:
QUESTION 26 Which element in a 700wl Rights Assignment is associated with limitations on client bandwidth? A. B. C. D.
Traffic Filter Identify Profile Access Policy Connection Profile
Answer: C Section: (none) Explanation/Reference:
QUESTION 27 Which device must be configured as a RADIUS client to enable authentication by clients associated with a Secure Access 700wl System? A. B. C. D.
Access Point Client Computer Access Control Server Xl Access controller Module
Answer: C Section: (none)
Explanation/Reference:
QUESTION 28 On the Secure Access 700wl series, which tool provides the specific rights of an LDAP user in XML format? A. B. C. D.
User Rights Simulator LDAP Transaction Tracer Locations Manager Matrix RADIUS Transaction Tracer
Answer: A Section: (none) Explanation/Reference:
QUESTION 29 All sales representatives at Certkiller .com site must obtain real IP Addresses from a DHCP server on the secure network. Which items must be configured on the secure Access 700wl series to support this requirement? (Choose two.) A. A connection profile that places all sales representatives in the same VLAN B. Authenticated Access Policies for sales representatives that include NAT options set to "When Necessary" C. A DHCP scope on the xl Access Controller Module Synchronized with the scope used by the internal DHCP server D. DHCP Relay enabling the Access Control Server 745wl to relay all DHCP requests to the xl Access Controller Module E. A Connection Profile and Unauthenticated Access Policy that allows the users to obtain real IP Addresses before authentication Answer: BE Section: (none) Explanation/Reference:
QUESTION 30 Which element in a 700wl Rights Assignment is associated with al allowed Traffic Filter? A. B. C. D.
Identify Profile Access Policy Connection Profile Access Profile Group
Answer: B Section: (none) Explanation/Reference:
QUESTION 31 At Certkiller .com site, you note that the address variable for a Secure Access 700wl system include two
entries for @INTENET@. How will the system interpret this variable in allowed Traffic Filters? A. B. C. D.
The system will use the default value The system will use the user-defined value The system will merge the values into a single variable The system will use the value that appears last in the table
Answer: B Section: (none) Explanation/Reference:
QUESTION 32 Under what circumstances is it necessary to configure a virtualized connection profile on the secure Access 700wl series? A. B. C. D.
When a single xl Access Controller Module must support multiple access points When a single Switch 5300xl must support xl access controller modules When a single Access Control Server must support multiple xl Access Controller modules When a single xl Access Controller Module must support multiple addressing or encryption needs
Answer: D Section: (none) Explanation/Reference:
QUESTION 33 At Certkiller .com site, you must configure identity driven manager to enforce access policies for users who will connect through a Procurve Radio Port 230 adopted by a wireless edge services xl Module. Which device must be identified as a RADIUS client in Windows Internet Authentication service? A. B. C. D.
Radio Port 230 Identify Driven Manager Server Wireless Edge Services xl Module Switch 5300xl housing the Wireless Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 34 At Certkiller .com site, you have created a Finance Access Profile in identity Driven Manager and associated it with a Network Access Rule applied to users in the Finance Access Policy Group. You have imported all the finance users into the Finance Access Policy Group and deployed the policy to the realm. However, during testing, you find that a finance user is associated with the default Access Profile. How can you correct this error? A. B. C. D.
Delete the default Access Policy Group Reorder the Access Rules for these users Re-discover the VLAN assigned to Finance users Re-import all Finance users into the Access Policy Group
Answer: B Section: (none) Explanation/Reference:
QUESTION 35 By default, what types of traffic are allowed for users subject to the Guest Access Policy on the Secure Access 700wl Series? A. B. C. D.
All IP Internet Only DNS and DHCP RADIUS authentication
Answer: C Section: (none) Explanation/Reference:
QUESTION 36 At Certkiller .com site, a Wireless Edge Services xl Module default settings has adopted 12 Radio Ports Connected to the 5300xl hosting the module. The customer must add five RPs to provide coverage in a new area. What must be installed to support this requirement? A. B. C. D.
12-unit RP license A redundant power supply A second Wireless Module A certificate for each new RP
Answer: A Section: (none) Explanation/Reference:
QUESTION 37 In identity Driven Manager, which object is used to configure VLAN, QoS, bandwidth settings and a list of permitted and denied resources? A. B. C. D.
Identity profile Access profile Access Policy Group Network Resource Access Rule
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 What is displayed on the Local Networks page of the Administrative Console of a secure Access 700wl
system? A. A list of all network subnets discovered by the Access Control Server during installation B. A list of all network subnets defined on the downlink of the system access control server C. A list of all network subnets defined on the downlinks of all xl Access Controller Modules Associated with the Access Control Server D. A list of all network subnets defines on the selected xl Access Controller Module or Access Control Server Answer: D Section: (none) Explanation/Reference:
QUESTION 39 A client of the Secure Access 700wl series using a real IP address is authenticated at an xl Access Controller Module named "AC3". The user successfully roams to an ACM named "AC1". How will the 700wl system handle sessions the user initiates after the roam? A. The sessions will be turned from AC3 to Ac4 before being forwarded to the destination host B. The sessions will be tunneled from AC4 to AC3 before being forwarded to the destination host C. The sessions will be established with the destination host though AC4 with no further involvement by AC3 D. The sessions will be established with the destination host through AC3 with no further involvement by AC4 Answer: B Section: (none) Explanation/Reference:
QUESTION 40 At Certkiller .com site, a user associates with a Secure Access 700wl system and is subject to an unauthorized Access policy that allows real IP. After logging on, the user is subject to an authenticated Access Policy that requires NAT. How will the 700wl system handle this clients address? A. The client will be forced to reauthenticate and associate with an Access Policy that allows real IP B. The client will be reassigned an address in the range of the xl Access Controller Module downlink C. The client will not be allowed to keep the real IP address as allowed in the unauthenticated Access Policy D. The client will keep the address assigned during association, but the 700wl system will translate the address Answer: D Section: (none) Explanation/Reference:
QUESTION 41 By default, which port or host become members of VLAN 2100 when a wireless Edge Services xl Module is installed in a 5300xl switch? A. Ports where PoE is enabled
B. Ports connected to PoE switches C. Wireless Module virtual uplink port D. Wireless Module virtual downlink port Answer: D Section: (none) Explanation/Reference:
QUESTION 42 Which Procurve secure mobility solution supports Layer 3(network) roaming? A. B. C. D.
access point 530 Access Point 420 Identity Driven Manager Secure Access 700wl Series
Answer: D Section: (none) Explanation/Reference:
QUESTION 43 At Certkiller .com site, a user associated with a Secure Access 700wl system enters http://1.1.1.1 in the location bar of a web browser. What does the browser display? A. B. C. D.
The 700wl Stop page The 700wl Logon Page The 700wl Administrative Console The Resource defined by the @INTERNAL@ address variable
Answer: B Section: (none) Explanation/Reference:
QUESTION 44 At Certkiller .com site, a technician creates a new Sales group in Active Directory and adds 20 new users to the group. When the technician imports the users into IDM, they are all assigned to the Default Access Policy Group. What is the cause of this assignment? A. B. C. D.
The technician did not include the Sales group in the import The technician did deploy the policy to the realm after importing users The technician did not enable the IDM RADIUS Agent before importing users The technician did not create a Sales Access Policy Group before importing users
Answer: A Section: (none) Explanation/Reference:
QUESTION 45 Exhibit:
What does this except from the session detail for a client of a Secure Access 700wl system indicate about the clients IP Address? A. The client has a real IP Address received from a DHCP server on the secured network B. The client has an inner tunnel address and an outer tunnel address to enable support for a VPN C. The client received an address from the 700wl system that is translated to the IP address of an xl Access Controller Module uplink D. The client has a static IP Address, but it is being translated to the 700wl downlink address because it is not compatible with the secured network Answer: C Section: (none) Explanation/Reference:
QUESTION 46 Which configuration item must you access to define an address variable at the Administrative Console of a Secure Access 700wl System? A. B. C. D.
Location Traffic Filter Local Network Global Network
Answer: B Section: (none) Explanation/Reference:
QUESTION 47 At Certkiller .com site, you have installed ProCurve Access Point 530 and have configured the network infrastructure to enable the AP to communicate with a Secure Access 700wl system. Which steps are necessary to enable the 530 to be managed from within the secure network? A. Define the AP as a Network Equipment user and associate it with the Access Points Identity Profile B. Enter the IP address of the AP 530 into the user database of the 700wl system and configure a connection Profile to support it
C. Define an IP Address on the AC Module downlink in the same range as the AP's address and wait for the AP to be discovered by the Access Control Server 745wl. D. Enter the ACS shared secret into the AP 530 interface and configure an IP Address on the xl Access Controller Module downlink port in the same range as the AP Address Answer: A Section: (none) Explanation/Reference:
QUESTION 48 Which QoS technologies are supported by the Wireless Edge Services xl Module? (Choose two.) A. B. C. D. E.
IP ToS DiffServ Wireless Multimedia 802.1p priority markers SpectraLink Voice Priority
Answer: CE Section: (none) Explanation/Reference:
QUESTION 49 What are the components of a 700wl Rights Assignment? (Choose three.) A. B. C. D. E. F.
User Profile Group Profile Identity Profile Access Policy Security Policy Connection Profile
Answer: CDF Section: (none) Explanation/Reference:
QUESTION 50 At Certkiller .com site, PCM+/IDM displays two realm names for the company's domain. One is company. com. the other realm name is company. What is a likely explanation for this configuration? A. Windows Active Directory reported the realm name in two formats, the domain name and the NetBIOS name B. The administrator configured the second realm to contain users who connect by VPN from remote locations C. One realm contains users authenticated through RADIUS. The other realm contains users who authenticate through LDAP D. One realm name is associated with the primary RADIUS server. The other real name is associated with the secondary server
Answer: A Section: (none) Explanation/Reference:
QUESTION 51 When an xl Access Controller Module is successfully installed in a Switch 5300xl, what is the default VLAN membership of the modules downlink port? A. B. C. D.
Untagged member of VLAN 1 Tagged member of VLAN 2000 Untagged member of next available client-port VLAN Tagged member of VLAN associated with xl Access Controller Module uplink
Answer: B Section: (none) Explanation/Reference:
QUESTION 52 In a Windows Environment, where does the IDM RADIUS Agent reside? A. B. C. D.
Windows XP Client Computers ProCurve Manger Plus Server Active Directory Domain Controller Internet Authentication Server (IAS) server
Answer: D Section: (none) Explanation/Reference:
QUESTION 53 At Certkiller .com site, You have installed Identity Driven Manager and imported users from the customers Active Directory Domain Controller. However, you have not yet created any Access Policy Groups or Access Profiles. What are the default rights for these users? A. B. C. D.
The users have all rights allowed by the Default Access Profile The users have rights to all Network Resources defined by default in IDM The users have no rights until they are explicitly assigned to Access Policy Groups The users have rights only to subnets already discovered by ProCurve Manager Plus
Answer: A Section: (none) Explanation/Reference:
QUESTION 54 At Certkiller .com site, several Inventory users have authenticated through the Secure Access 700wl system in the customer Warehouse and received the Any/Any/Authenticated Rights Assignment. You configure a new Rights Assignment that places these users in the Inventory Identity Profile and the Warehouse
Connection Profile at the top of the Rights Assignment table. However, while verifying your configuration, you notice one of the clients still is subject to the Any/Any/Authenticated Rights Assignment. How can you resolve this issue? A. B. C. D.
Refresh user rights Restart the Access Point Deploy the Policy to the realm Restart the Access Control Server 745wl
Answer: A Section: (none) Explanation/Reference:
QUESTION 55 At Certkiller .com site, you must configure a ProCurve Switch 5308xl to support 10 Radio Ports. The 5308x; is already provisioned with a 10/100 PoE Module. What additional component must be installed with the switch to provide PoE for the RPs? A. B. C. D.
External Power Supply xl Access Controller Module Wireless Module RP License Wireless Edge Services xl Module
Answer: A Section: (none) Explanation/Reference:
QUESTION 56 On the Secure Access 700wl series, what is the difference between a custom Traffic Filter and a simple Traffic Filter? A. All simple traffic filter are defined by default when the 700wl is installed. A custom Traffic Filter is user defined B. A simple Traffic Filter can apply only to one Access Policy. A custom Traffic Filter can apply to multiple Access Points C. A simple Traffic Filter can apply only to one address range or port. A custom Traffic Filter can apply to multiple Address ranges or ports D. A simple Traffic Filter uses source Address as the only criterion for matching. A custom Traffic filter can use IP Protocol and TCP or UDP Source or destination Port Answer: C Section: (none) Explanation/Reference:
QUESTION 57 Under default settings, how is the client address pool allocated among xl Access Controller Modules associated with a single Access Control Server 745wl? A. Each Module can access the entire client pool and can assign any address to any client
B. Each module can assign any address that is not in use by a client associated with anther Module C. Each module receives a portion of the address pool according to the number of clients it typically serves D. Each Module receives a share of the address pool based on the number of Module associated with the Access Control Server Answer: A Section: (none) Explanation/Reference:
QUESTION 58 By default, what is the level of support of Layer 2 (RF) roaming offered by the Wireless Edge Services xl Module? A. A client can associate with any Radio Port that has been defined with Identity Driven Manager B. A Client can associate with any Radio Port with an uplink in the same IP network as the RP where the client first associated C. A client can associate with any Radio Port Configured with the same SSID, encryption and authentication settings D. A client can associate with any Radio Port that supports an SSID that can tag user traffic with the VLAN ID associated with the clients access policy Answer: C Section: (none) Explanation/Reference:
QUESTION 59 At Certkiller .com site, you must install a Wireless Edge Services xl Module into fully populated 5308xl switch that is powered on and performing switching tasks. What is the process for this installation? A. Power down the switch, remove a module and replace it with the Wireless Module B. Remove a Module, replace it with the Wireless Module and wait for the switch to automatically restart and recognize the new module C. Disable all ports on the module to be replaced, insert the Wireless Module and enable it using the web management interface D. Remove a module, replace it with the Wireless Module and enable the Wireless Module at the CLI Answer: A Section: (none) Explanation/Reference:
QUESTION 60 What is displayed on the Global Networks page of the Administrative Console of a Secure Access 700wl System? A. A list of all network subnets defined on the uplink of the Systems Access Control Server B. A list of all network subnets configured on the uplinks of all xl Access Controller Module associated with the system Access Control server C. A list of all network subnets defined on the downlinks of all xl Access Controller Modules associated with the Systems Access Control Server
D. A list of all network subnets defined on all switches, APs and infrastructure devices discovered by the systems Access Control Server Answer: B Section: (none) Explanation/Reference:
QUESTION 61 What is the purpose of an address variable in the configuration of the Secure Access 700wl Series? A. B. C. D.
To identify DHCP scope for real IP clients To identify network resources in traffic filters To identify address range used by AC uplinks To identify Address range for xl Access Controller Modules
Answer: B Section: (none) Explanation/Reference:
QUESTION 62 At Certkiller .com site, five xl Access Controller Modules are associated with an Access Control Server 745wl that uses the 700wl system's default address range for clients. If a sixth AC Module is added, which address will be assigned to it's virtual downlink? A. B. C. D.
An address in the 42.0.0.0/8 range assigned by the 745wl 42.0.0.6, the sixth address in the range defined for AC Modules 42.0.0.1, the same as the downlink address of the other modules An address received from the DHCP server on the secure network
Answer: C Section: (none) Explanation/Reference:
QUESTION 63 Which ProCurve Radio Device features a built-in RADIUS server? A. B. C. D.
Radio Port 210 Radio Port 230 Access Point 420 Access Point 530
Answer: D Section: (none) Explanation/Reference:
QUESTION 64
Match each parameter with the Rights Assignment Component with which it is associated on the Secure Access 700wl Series.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 65 Exhibit:
What does the configuration shown in the exhibit indicate about users affected by this Access Profile who log on wirelessly using 802.1x? A. B. C. D.
The users will receive IP Addresses in the range associated with VLAN 1 The users will receive IP Addresses in the range associated with VLAN 128 The users will be allowed to use static IP Addresses in the range associated with VLAN 128 The users will receive IP addresses in the range associated with the VLAN configured on the switch port or SSID where they connect
Answer: D Section: (none) Explanation/Reference:
QUESTION 66 Which ProCurve Secure Mobility solution provides an administrative interface for the definition and application of user-based access policies? A. B. C. D.
Mobility Manager Access Point 530 Secure Access 700wl Series Wireless Edge Services xl Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 67 At Certkiller .com site, you are configuring the first user-defined client port on an xl Access Controller Module at default settings. What is the effect of the following command? 5300xl(Config)#access-controller a client-ports d1 A. B. C. D.
Port D1 becomes a tagged member of VLAN 1 Port D1 becomes an untagged member of VLAN 2000 Port D1 becomes an untagged member of VLAN 2001 Port D1 becomes an untagged member of the VLAN associated with the modules uplink
Answer: B Section: (none) Explanation/Reference:
QUESTION 68 Under what circumstances does the Access Control Server 745wl forward user traffic? A. B. C. D.
The ACS never forwards user traffic The ACS forwards user traffic for real IP clients The ACS only forwards user traffic during roams The ACS forwards user traffic while the user is being authenticated
Answer: A Section: (none) Explanation/Reference:
QUESTION 69 You must configure an xl Access Controller Module that has not received an IP Address through DHCP. How can you configure an IP Address for this component? A. B. C. D.
Start a Telnet session with the default IP Address 42.0.0.1 Start a web browser session using the default IP address 42.0.0.1 Start a Telnet session with the 5300xl hosting the module and configure the IP Address at the CLI Use the Administrative Console to locate the AC Module by its MAC address and select it from the list of available devices
Answer: C Section: (none) Explanation/Reference:
QUESTION 70 Exhibit:
Please refer to the exhibit. What does the value in the "Group Identity Field" represent? A. B. C. D.
the group name returned by the RADIUS server The RADIUS attribute that will return Group information The group name of a user after the RADIUS authentication The RADIUS attribute sent to the RADIUS server for matching the user data
Answer: B Section: (none) Explanation/Reference:
QUESTION 71 On the Secure Access 700wl series, which component of the Rights Assignment contains limitations on days and hours when network access is allowed? A. B. C. D.
Identity Profile Access Profile Connection Profile Authentication Policy
Answer: C Section: (none) Explanation/Reference:
QUESTION 72 At Certkiller .com site, a technician configures 802.1X authentication for four switch ports on a ProCurve Swtichs 5300xl. The technician does not issue a command specifying an unauthenticated VLAN ID. Presuming DHCP is properly configured for all VLANs, how will this configuration affect VLAN membership and IP addressing for unauthenticated users?
A. The users will receive addresses in the range associated with VLAN 1 B. The users will receive addresses in the range associated with the untagged VLAN on the ports where they connect C. The users will be assigned addresses in the range associated with the VLAN ID returned by the RADIUS server D. The users will not be assigned to any VLAN. Windows XP Clients will receive private addresses in the 169.254.0.0./16 range Answer: D Section: (none) Explanation/Reference:
QUESTION 73 How many ProCurve Radio Ports can a single Wireless Edge Services xl Module support without requiring the purchase of additional RP licenses? A. B. C. D.
8 12 16 24
Answer: B Section: (none) Explanation/Reference:
QUESTION 74 Which option cannot be enabled in a 700wl Access Policy that must support real IP Clients? A. B. C. D.
HTTP Proxy QoS marking VPN Encryption VLAN tag matching
Answer: C Section: (none) Explanation/Reference:
QUESTION 75 What is specified by the Linger Timer on a Secure Access 700wl system? A. B. C. D.
The length of time that can elapse before clients are forced to reauthenticate The length of time the system will maintain an association with an inactive client The length of time the system will allow clients to maintain tunneled sessions after roaming The length of time that an unauthenticated client is allowed to remain associated with the system
Answer: B Section: (none)
Explanation/Reference:
QUESTION 76 Which ProCurve secure mobility solution requires installation of a specialized RADIUS agent? A. B. C. D.
Access Point 530 Identity Driven Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: B Section: (none) Explanation/Reference:
QUESTION 77 Which ProCurve secure mobility solution supports the configuration of VPNs for associated users? A. B. C. D.
Access Point 530 Identity Driven Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 78 Which element of a 700wl Rights Assignment is associated with the Authentication Policy? A. B. C. D.
Identity Profile Access Profile Connection Profile Access Profile Group
Answer: C Section: (none) Explanation/Reference:
QUESTION 79 By Default, which port or ports become tagged members of VLAN 1 when a Wireless Edge Services xl module is installed in a 5300xl switch? A. B. C. D.
Ports where PoE is enabled Ports connected to PoE switches Wireless Module Virtual Uplink port Wireless Module Virtual Downlink Port
Answer: C Section: (none) Explanation/Reference:
QUESTION 80 At Certkiller .com Site, You are configuring web authentication for guest users who will authenticate through a Wireless Edge Services xl Module. Users associating with the Guest SSID will receive addresses in the range of 192.168.64.0/24 and will be associated with VLAN 64. Why is it necessary to assign an IP Address in the range of 192.168.64.0/24 to the VLAN 64 to the VLAN 64 interface on the Wireless Edge Service xl Module? A. B. C. D.
To enable clients to communicate with the VLAN 64 default gateway To enable client browsers to be redirected to the web authentication page To enable the Wireless Module to act as a RADIUS client for VLAN 64 users To enable the Wireless Module to communicate with ProCurve Manager Plus
Answer: B Section: (none) Explanation/Reference:
QUESTION 81 Which ProCurve Secure mobility solution provides for policy management for users connecting through radios from multiple vendors? A. B. C. D.
Mobility Manager Identity Driven Manager Secure Access 700wl series Wireless Edge Services xl Module
Answer: C Section: (none) Explanation/Reference:
QUESTION 82 Which ProCurve secure mobility solution provides an interface for setting user access policies applied at switch ports as well as wireless access points? A. B. C. D.
Mobility Manager Identity Driven Manager Secure Access 700wl Series Wireless Edge Services xl Module
Answer: B Section: (none) Explanation/Reference:
QUESTION 83
What is the default IP addressing setting for clients of the Secure Access 700wl Series? A. B. C. D.
Never NAT Require NAT Relay DHCP NAT When Necessary
Answer: B Section: (none) Explanation/Reference:
QUESTION 84 Which port is automatically placed in VLAN 1 when an xl Access Controller Module is successfully installed in a Switch 5300xl? A. B. C. D.
Client Port Access Port Virtual uplink Port Virtual downlink Port
Answer: C Section: (none) Explanation/Reference:
QUESTION 85 Which element in a 700wl Rights Assignment is associated with a custom logon page? A. B. C. D.
Identity Profile Access Policy Connection Profile Authentication Policy
Answer: C Section: (none) Explanation/Reference:
QUESTION 86 At Certkiller .com site, you must configure a Wireless Edge Services xl Module and associated Radio Ports to assign users to administratively defined VLANs based on job function. This will enable access control for wireless users based on router-based ACLs. How can you accomplish this without configuration a separate SSID for each job function and VLAN? A. B. C. D.
Configure ProCurve Mobility Manager to apply VLAN tags based on the users connection parameters Configure the customers RADIUS server to provide a VLAN ID in the authentication response Configure a separate Radio Port for each user type and associate it with a VLAN ID Configure the switch port that supports each Radio Port to be a tagged member of all required user VLANs
Answer: B
Section: (none) Explanation/Reference:
QUESTION 87 In identity, Driven Manager, which object contains the Time, Location and System parameters? A. B. C. D.
Identity Profile Access Profile Access Policy Group Network Resource Access Rule
Answer: C Section: (none) Explanation/Reference:
QUESTION 88 Which option can't be enabled in a 700wl Access Policy that must support real IP Clients? A. B. C. D.
HTTP Proxy QoS marking VPN Encryption VLAN tag matching
Answer: C Section: (none) Explanation/Reference:
QUESTION 89 At Certkiller .com site, you note that the address variable for a Secure Access 700wl system include two entries for @INTENET@. How will the system interpret this variable in allowed Traffic Filters? A. B. C. D.
The system will use the default value The system will use the user-defined value The system will merge the values into a single variable The system will use the value that appears last in the table
Answer: B Section: (none) Explanation/Reference:
QUESTION 90 You must configure an xl Access Controller Module that has not received an IP Address through DHCP. How can you configure an IP Address for this component? A. Start a Telnet session with the default IP Address 42.0.0.1 B. Start a web browser session using the default IP address 42.0.0.1
C. Start a Telnet session with the 5300xl hosting the module and configure the IP Address at the CLI D. Use the Administrative Console to locate the AC Module by its MAC address and select it from the list of available devices Answer: C Section: (none) Explanation/Reference:
QUESTION 91 By Default, which port or ports become members of VLAN 2100 when a Wireless Edge Services xl Module is installed in a 5300xl Swtich? A. B. C. D.
Ports Where PoE is enabled Ports connected to PoE switches Wireless Module virtual uplink port Wireless Module Virtual downlink port
Answer: D Section: (none) Explanation/Reference:
QUESTION 92 By Default, which port or ports become members of VLAN 2100 when a Wireless Edge Services xl Module is installed in a 5300xl Swtich? A. B. C. D.
Ports Where PoE is enabled Ports connected to PoE switches Wireless Module virtual uplink port Wireless Module Virtual downlink port
Answer: C Section: (none) Explanation/Reference:
QUESTION 93 At Certkiller .com site, an Access Point 530 is connected to port D1 on a Swtich 5300xl that also hosts an xl Access Controller Module. What 5300xl configuration is necessary to enable communication between the 530 and the module? A. B. C. D.
Define D1 as a 700wl client port Enable D1 to act as 802.1X Authenticator Disable the "unknown VLAN" setting for D1 Assign D1 to the VLAN associated with the modules uplink port
Answer: A Section: (none) Explanation/Reference:
QUESTION 94 What is the function of the shared secret entered at the CLI of an Access Control Server 745wl? A. B. C. D.
Enable encrypted communication between the 745wl and VPN clients Enable encrypted communication between the 745wl and the RADIUS server Enable encrypted communication between the 745wl and Administrator workstations Enable encrypted communication between the 745wl and xl Access Controller Modules
Answer: D Section: (none) Explanation/Reference:
QUESTION 95 At Certkiller .com site, the business Office Authenticated Access Policy requires encryption for PPTP clients. The business office unauthenticated access policy does not allowed encryption. What is the effect of this configuration on clients using VPN software? A. The users will be able to access the network but their credentials will be rejected B. The users will not be able to access the network because the encryption settings do not match C. The users will be required to initiate their VPN connections after authentication through browser-based logon D. The 700wl system will automatically initiate VPN connections after users are authenticated through Active Directory Answer: B Section: (none) Explanation/Reference:
QUESTION 96 What is the default logon method for clients associating through the Secure Access 700wl Series? A. B. C. D.
Monitored logon Web-based logon 802.1X/WPA logon Wireless Data Privacy logon
Answer: B Section: (none) Explanation/Reference:
QUESTION 97 Exhibit:
At Certkiller .com site, you have configured a Wireless Edge Services xl Module with the Marketing SSID. Clients associating through this SSID will authenticate using 802.1X and be assigned to VLAN 24 or 48 on the basis of VLAN IDs returned by a RADIUS server. On the 5300xl, which command is necessary to enable connectivity for VLAN 24 clients? A. B. C. D.
5300xl(vlan-24)#tag CDP 5300xl(vlan-24)#tag CUP 5300xl(Vlan-24)#tag b7-b12 5300xl(Wireless-services-c)#client-ports vlan 24
Answer: B Section: (none) Explanation/Reference:
QUESTION 98 By Default, what access is allowed for users subject to the Guest Access Policy on the Secure Access 700wl Series? A. B. C. D.
Access to the Internet Access to no resources Access to authentication services Access to resources not specified in the @INTENET@ variable
Answer: C Section: (none) Explanation/Reference:
QUESTION 99 Which element in a 700wl Rights Assignment is associated with al allowed Traffic Filter? A. B. C. D.
Identify Profile Access Policy Connection Profile Access Profile Group
Answer: B Section: (none) Explanation/Reference:
QUESTION 100 When you are performing a backup on the 740wl, the system _______. A. creates an image of the system and copies it to the default directory on a TFTP server B. creates an image of the system and copies it to its hard disk C. creates a text file that contains all of the configuration settings and copies it to a directory of your choice on the HTTP client computer D. logs off all users before beginning the backup Answer: B Section: (none) Explanation/Reference:
QUESTION 101 Which LDAP extension contains group information returned by Microsoft Active Directory? A. B. C. D.
cn SAMAccountName memberOf groupofuniquename
Answer: C Section: (none) Explanation/Reference:
QUESTION 102 Requiring wireless clients to authenticate to the network reduces the risk that _______. A. B. C. D.
wireless signals will be intercepted messages will be delivered to the wrong recipient access points will be subjected to denial of service attacks persons who are not entitled will gain access to the network
Answer: D Section: (none) Explanation/Reference:
QUESTION 103 The 700wl system is more scalable than wireless security solutions that are based on access points and router ACLs. This is true because the 700wl system _________. A. B. C. D.
enables efficient use of bandwidth by assigning users to APs that are not fully subscribed enables the implementation of network-wide policies from a single location enables users to roam from AP to AP without re-authenticating ensures that users are authenticated before gaining access to the secure network
Answer: B Section: (none) Explanation/Reference:
QUESTION 104 What are the components of a 700wl Rights Assignment? (Choose three) A. B. C. D. E. F.
User Profile Identity Profile Connection Profile Security Policy Group Policy Access Policy
Answer: BCF Section: (none) Explanation/Reference:
QUESTION 105 Under what circumstances does the HP ProCurve Access Control Server 740wl forward user traffic to the secure network? The 740wl ___________. A. B. C. D.
forwards user traffic during roaming forwards user traffic if an Access Controller fails never forwards user traffic forwards user traffic until the user is authenticated
Answer: C Section: (none) Explanation/Reference:
QUESTION 106 A 720wl's default downlink IP address is ________. A. B. C. D.
used as the default gateway for all clients used by the 740wl to communicate with the 720wl dictated by the 740wl for all 720wls in a 700wl system the address to which NAT clients' source addresses translated
Answer: C Section: (none) Explanation/Reference:
QUESTION 107 At approximately 7:30 p.m., a user complains that she cannot access her mail server from a conference
room. She claims she was able to access the mail server earlier in the day from her desk. What system tool is most useful for troubleshooting this user's network access problem? A. B. C. D.
Client Status page User Rights Simulator LDAP Transaction Tracer RADIUS Transaction Tracer
Answer: B Section: (none) Explanation/Reference:
QUESTION 108 At a customer site, all guest users who log on through the 700wl system can access the customer's intranet servers. To improve security, you configure a Redirected Traffic Filter so that guests, who attempt to access intranet resources, will be redirected to a Web page displaying guest access rules. When testing the filter, you see that guest users actually receive a "Page not available" error when attempting to access these resources. To troubleshoot this problem, you should make sure you _______. A. B. C. D.
disabled all default Redirected Traffic Filters to ensure they do not conflict with your custom filter configured an Authentication Policy and logon procedure for all guest users associated the new Redirected Traffic Filter with the Access Policy that affects guests configured an Allowed Traffic Filter to specify the destination of the redirected traffic
Answer: D Section: (none) Explanation/Reference:
QUESTION 109 You are troubleshooting an HP ProCurve Integrated Access Manager 760wl that is not reachable through the web or Telnet. Which information about the device's configuration can be gathered from the LCD panel on the device's front panel? Select TWO. A. B. C. D. E.
system time system uptime IP addressing information number of transmitted packets installed software version
Answer: CE Section: (none) Explanation/Reference:
QUESTION 110 At a customer site, you are configuring an HP ProCurve Access Control Server 740wl. Which tasks can be performed at the CLI? Select TWO. A. configure IP address B. configure a connected 720wl
C. set administrative password D. add users to built-in database E. configure LDAP authentication Answer: AC Section: (none) Explanation/Reference:
QUESTION 111 You are configuring a 740wl at a customer site. To set the shared secret without echoing it to the console, you must enter set sharedsecret with _____________ A. B. C. D.
the noecho parameter the shared secret as a parameter no parameters the administrative password
Answer: C Section: (none) Explanation/Reference:
QUESTION 112 You must configure a 720wl that has not received an IP address through DHCP. How can you configure an IP address for this system? A. Use the Administrative Console to locate the 740wl by its MAC address and select it from the list of available devices. B. Start a web browser session using the default IP address 42.0.0.1. C. Start a web browser session using the factory-assigned IP address of the uplink port. D. Start a Telnet session with the default IP address 42.0.0.1. E. Start a direct serial console session and configure the device's IP address at the CLI. Answer: E Section: (none) Explanation/Reference:
QUESTION 113 Which statement is true about the date and time configuration of the 700wl devices? A. B. C. D.
Time settings must be dynamically acquired or statically defined each time the 740wl is rebooted. The 740wl can be configured to obtain time services from an NTP server. The 740wl and each 720wl cannot be configured to obtain time services from different servers. The 720wl acquires its time settings from the 740wl.
Answer: B Section: (none) Explanation/Reference:
QUESTION 114 When organizing 720wl Access Controllers into folders in the Administrative Console, you cannot _______. A. B. C. D.
place more than five devices in a folder create folders within folders create custom folders configure more than five folders
Answer: B Section: (none) Explanation/Reference:
QUESTION 115 Which statement is true regarding this naming convention? 740wl-760wl-dist-4.1.1.37. The file ________. A. B. C. D.
is invalid because the filename has no extension is designated for use in local updates must be compiled before installation must be accompanied by a checksum file
Answer: B Section: (none) Explanation/Reference:
QUESTION 116 The administrator of a 700wl system is performing a remote update on multiple 720wl devices. To simplify this task, the administrator changes the names of the image and checksum files. The administrator is careful to not change the file extensions. The update will ________. A. B. C. D.
fail on devices currently running version 3 software succeed for all devices fail for all devices fail if it is not performed at the CLI
Answer: C Section: (none) Explanation/Reference:
QUESTION 117 A user at a customer site connects to a port on a 720wl with a wireless PC. The 700wl system will make a Rights Assignment for this client _______. A. B. C. D.
immediately after the client is authenticated when the client first attempts to access an intranet server when the client submits authentication credentials immediately after the client sends an IP packet
Answer: D Section: (none) Explanation/Reference:
QUESTION 118 Exhibit:
John is a user associated with the "Marketing" Identity Profile who connects through a 720wl port associated with the "Main Office" Connection Profile. In the exhibit, identify the row in the Rights Assignment table that will apply to John while the 700wl system is evaluating John's credentials. A. B. C. D. E.
1 2 3 4 5
Answer: D Section: (none) Explanation/Reference:
QUESTION 119 A client of a 700wl system, configured with the default "Authenticated" Access Policy, enters "http://1.1.1.1" into the location bar of a Web browser. The browser displays _______. A. B. C. D.
the 700wl Stop Page the Administrative Console the 700wl Logon Page a "page not available" error
Answer: C Section: (none) Explanation/Reference:
QUESTION 120 IP addresses for the five system-defined address variables on a 740wl are _______. A. entered in its network configuration B. learned from interactions with clients
C. validated with the transaction trace tool D. acquired by querying upstream routers Answer: A Section: (none) Explanation/Reference:
QUESTION 121 At default settings, how often does the 700wl system require authenticated clients to resubmit their credentials? A. B. C. D.
every hour every six hours never every day at 12:00 a.m.
Answer: C Section: (none) Explanation/Reference:
QUESTION 122 The administrator of a 700wl system can associate limitations on days and hours of network access with the _______. A. B. C. D.
Identify Profile Authentication Policy Connection Profile Access Policy
Answer: C Section: (none) Explanation/Reference:
QUESTION 123 A Location may be associated with _______. Select TWO. A. B. C. D. E. F.
all uplink ports on an Access Controller all downlink ports on an Access Controller all downlink ports on an Access Control Server one downlink port on an Access Controller one uplink port on an Access Controller one downlink port on an Access Control Server
Answer: BD Section: (none) Explanation/Reference:
QUESTION 124 Address variables _______. A. B. C. D.
are required in custom traffic filters make it easier to associate a resource with multiple Identity Profiles must be used in tcpdump expressions instead of actual IP addresses make it easier to update traffic filters if the address of a resource changes
Answer: D Section: (none) Explanation/Reference:
QUESTION 125 You are configuring a 700wl system to require clients with high-level security access to re-authenticate to the system every day, even if they are currently connected to the system. To configure this, you could either _______ or ________. Select TWO. A. set the Linger Timeout in the clients' Access Policies to 24 hours B. configure a custom Redirected Traffic filter to ensure that all users are redirected to the Logon page at a specified time each day C. set the relative authentication timer in the clients' Access Policies to 24 hours D. configure a Time Window in the clients' Connection Profiles so that the network is not available to these users for some period each day E. set the absolute authentication timer in the clients' Access Policies to a specific time each day Answer: CE Section: (none) Explanation/Reference:
QUESTION 126 The 700wl system will create a tunnel between two 720wl Access Controllers when _______. A. B. C. D.
data must pass through untrusted networks a user has misconfigured DNS settings a user with open sessions roams between the 720wls data must be encrypted for Wireless Data Privacy
Answer: C Section: (none) Explanation/Reference:
QUESTION 127 A wireless user roams from one 720wl Access Controller to another 720wl. Both Access Controllers are managed by the same 740wl Access Control Server, and the user is subject to the same Access Policy in both locations. If the user has open sessions when the roam begins, the 740wl will _______. A. intercept client traffic and relay it to the first 720wl B. relay information about the client's state to the second 720wl
C. assume responsibility for forwarding the client's traffic D. require the client to re-authenticate in the second location Answer: B Section: (none) Explanation/Reference:
QUESTION 128 You are at a customer site to determine if a new 700wl system will be able to use information in the customer's existing authentication database to make 700wl Rights Assignments. To function in this way, the customer's authentication service must support _______ or _______. Select TWO. A. B. C. D. E.
802.1X LDAP web-based logon Windows monitored logon RADIUS
Answer: BE Section: (none) Explanation/Reference:
QUESTION 129 Exhibit:
In the exhibit, what does the value in the "Group Identity Field" represent? A. The RADIUS attribute sent to the RADIUS server for matching the user data.
B. The group name returned by the RADIUS server. C. The group name of a user after the RADIUS authentication. D. The RADIUS attribute that will return Group information. Answer: D Section: (none) Explanation/Reference:
QUESTION 130 Exhibit:
You are configuring a 740wl to authenticate users against an Active Directory Domain named "procurvedemos.com." To complete this task in the exhibit, you must enter _________. Select TWO. A. B. C. D. E.
"SAMAccountName" in the Username field "dc=procurvedemos.com" in the Base DN field "procurvedemos\\%s" in the "User bind string" field "Microsoft extensions" in the Additional Identity Search field "procurvedemos.com\\%s" in the "User bind string" field
Answer: AC Section: (none) Explanation/Reference:
QUESTION 131 Support for ________ is enabled when you select the RFC 2548 option in a RADIUS Authentication Service on the 700wl system. A. B. C. D.
PAP CHAP MS-CHAP Active Directory
Answer: C Section: (none) Explanation/Reference:
QUESTION 132 The authentication service that requires you to define 700wl users as "dial-in users" is _______. A. B. C. D.
Kerberos Microsoft Active Directory 802.1X Microsoft Internet Authentication Service
Answer: D Section: (none) Explanation/Reference:
QUESTION 133 When configuring Microsoft Internet Authentication Service to interact with the 700wl system, what must you define as a RADIUS client? A. B. C. D.
720wl Access Controller 740wl Access Control Server wireless access point client computer
Answer: B Section: (none) Explanation/Reference:
QUESTION 134 Which tool provides the specific rights of an LDAP user in XML format? A. B. C. D.
User Rights Simulator LDAP Transaction Tracer RADIUS Transaction Tracer Locations Manager matrix
Answer: A Section: (none)
Explanation/Reference:
QUESTION 135 A client of the 700wl system requires a real IP address when the client _______. Select TWO. A. cannot obtain an address in the system's default address range because all available addresses are in use B. must be contacted from within the secure network for management and administration C. is connected to a 720wl Access Controller that is in a different subnet than the 740wl Access Control Server D. is configured with a static IP address that is not valid in the secure network E. uses peer-to-peer applications that require peers to sometimes initiate conversations Answer: BE Section: (none) Explanation/Reference:
QUESTION 136 All sales representatives at a customer site must obtain real IP addresses from a DHCP server on the secure network. To enable the 700wl system to support this requirement, you must configure _______. Select TWO. A. the uplink port of the sales representatives' 740wl with an IP address in the same range as the DHCP server B. the 740wl to relay all DHCP requests to the internal network C. the 720wl's DHCP server to synchronize its address scope with the scope used by the internal DHCP server D. Access Policies for sales representatives that include NAT options set to "When Necessary" E. a Connection Profile that places all sales representatives in the same VLAN F. the 720wl port where sales representatives connect with an IP address in the same range as the addresses the representatives will receive from the server Answer: DF Section: (none) Explanation/Reference:
QUESTION 137 All account managers at a customer site must receive real IP addresses from a DHCP server on the company's secure network. The managers all connect to the network using wireless through a 700wl system. The default gateway for these users should be the address of _______. A. B. C. D.
the port subnet address of the 720wl port where the managers connect a router interface upstream from the 720wl a router interface situated between the managers' access points and the 720wl the 720wl's uplink port
Answer: B Section: (none)
Explanation/Reference:
QUESTION 138 User 2, a 'real' IP client, is authenticated at a 720wl Access Controller labeled 'AC3', and successfully roams to a 720wl Access Controller labeled 'AC4'. Sessions that are initiated after the roam are _______. A. B. C. D.
tunneled from AC3 to AC4 before being forwarded to the destination host established with the destination host through AC4 tunneled from AC4 to AC3 before being forwarded to the destination host established with the destination host through AC3
Answer: C Section: (none) Explanation/Reference:
QUESTION 139 Wireless Data Privacy uses hashing to _______. A. B. C. D.
verify the identities of authenticated users detect modifications made to transmitted packets create encrypted tunnels between clients and servers prevent Denial of Service attacks on network resources
Answer: B Section: (none) Explanation/Reference:
QUESTION 140 Symmetric cryptography _______. A. B. C. D.
operates on one bit at a time rather than a fixed size block is used for encrypting and decrypting data in real time operates on a fixed size block rather than one bit at a time uses separate, mathematically related keys for encryption and decryption
Answer: B Section: (none) Explanation/Reference:
QUESTION 141 As implemented on the 700wl system, SSH enables a client to _______. A. define an encryption key that will be used to encrypt all data it sends to the network B. set up an encrypted, authenticated tunnel and define types of traffic to be forwarded through the tunnel to the network C. log on to the secure network using PPTP or L2TP/IPSec D. choose whether to use machine-level authentication or user-level authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 142 Wireless Data Privacy protects the identity of source and destination IP addresses by _______. A. translating the actual destination IP address to that of the VPN gateway's network uplink B. encapsulating the original IP datagram as the payload of a new datagram C. replacing the original datagram with a fixed-size hash value that is encrypted by the sender and decrypted by the receiver D. translating the actual source IP address to that of the VPN gateway's network uplink Answer: B Section: (none) Explanation/Reference:
QUESTION 143 The sales representatives at a customer site will connect to the 700wl system using VPN client software that implements PPTP. To configure the 700wl system to support this requirement, you must enable PPTP in the _______. A. B. C. D.
Connection Profiles and Locations where these users will connect Access Policies that apply to these users before and after authentication Identity Profiles with which these users will be associated Authentication Policies that will affect these users
Answer: B Section: (none) Explanation/Reference:
QUESTION 144 Which authentication services are allowed when using PPTP? Select TWO. A. B. C. D. E. F.
128 bit MPPE Kerberos RADIUS with RFC 2548 LDAP with SSLv3 Built-in 802.1X
Answer: CE Section: (none) Explanation/Reference:
QUESTION 145 An IPSec Security Association is _______. A. a full-duplex logical connection that is negotiated by two IPSec peers B. a one-way negotiated agreement on encryption and authentication procedures and parameters between IPSec peers C. established between two IPSec peers after an L2TP tunnel is set up D. required when two peers are operating in Main Mode; Aggressive Mode does not require a Security Association Answer: B Section: (none) Explanation/Reference:
QUESTION 146 The 700wl system supports single sign-on using _______ logon. Select TWO. A. B. C. D. E.
802.1X Kerberos Windows domain LDAP browser-based
Answer: AC Section: (none) Explanation/Reference:
QUESTION 147 The role of the 700wl system in monitored logon is to _______. A. use information provided by the LDAP or RADIUS server to apply the correct Access Policies to wireless users B. submit authentication credentials of wireless clients to authentication servers for processing C. compare credentials returned by authentication servers with the built-in database D. listen passively for authentication messages and permit access after the user is authenticated Answer: D Section: (none) Explanation/Reference:
QUESTION 148 The 700wl system's adaptive guest support enables the system to _______. A. B. C. D.
identify guests who should not be permitted to access any network resources support guests whose computers are configured for 802.11a wireless connectivity support guest computers with network settings that are incorrect for the host network filter guest traffic according to individual guests' identities and relationship with the hosting enterprise
Answer: C Section: (none) Explanation/Reference:
QUESTION 149 A 700wl system at a customer site uses the default "Guest Access" Access Policy. What must be done to enable guest users to access the Internet? A. B. C. D.
configure a custom "Internet" Redirected Traffic Filter for guest users configure the 700wl system to allow all guest IP traffic associate the "Outside World" Allowed Traffic Filter with the Access Policy make no configuration changes because Internet access is enabled by default
Answer: C Section: (none) Explanation/Reference:
QUESTION 150 To enable the Automatic HTTP Proxy Service for guest users, you must define proxy server addresses for _______. A. B. C. D.
the "Guest Access" Access Policy each 720wl that will support guest users each Connection Profile that will support guest users every component of the 700wl system
Answer: B Section: (none) Explanation/Reference:
QUESTION 151 The full-edge deployment of the 700wl system provides for greater flexibility in policy definition than the single-gateway solution. This is because _______. A. B. C. D.
multiple 740wl Access Control Servers manage each 720wl each 720wl is connected directly to a 740wl each 720wl downlink port supports a single wireless access point each wireless access point is defined as a virtual location
Answer: C Section: (none) Explanation/Reference:
QUESTION 152 The single-gateway design for a 700wl system is suitable for smaller networks because it _______.
A. B. C. D.
does not require any configuration of network switches requires fewer 700wl devices than the full-edge solution enables more granular policies than the full-edge solution does not require the use of VLANs and virtualized locations
Answer: B Section: (none) Explanation/Reference:
QUESTION 153 You are designing a 700wl system for deployment at a landscaping and facility-maintenance firm. Which circumstance could require the use of virtualized locations? A. Users associated with the "Designers" Identity Profile must access the 700wl system from multiple locations. B. One 720wl downlink port must support the "Maintenance" Connection Profile and the "Design" Connection Profile. C. The system must support redundant 740wl Access Control Servers located in different subnets. D. Designers must use LDAP authentication, and maintenance personnel must use RADIUS authentication. Answer: B Section: (none) Explanation/Reference:
HP0-738 Number: 000-000 Passing Score: 71 Time Limit: 90 min File Version: 1.0
Exam A QUESTION 1 Your customer has told you that he is allocating the 10.1.1.0/24 subnet for use in his wireless network. Which command will statically assign an 1P address of 10.1.1.10 with a default gateway of 10.1.1.1 to an HP ProCurve 420 Access Point? A. B. C. D.
HP Pro curve Access Point 420(if-wireless g)# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Pro curve Access Point 420# ip address 10.1.1.10255.255.255.010.1.1.1 HP Pro curve Access Point 420(if-ethemet)# ip address 10.1.1.10255.255.255.0 HP Pro curve Access Point 420(if-ethemet)# ip address 10.1.1.10255.255.255.010.1.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 2 Which EAP protocols will an HP 520wl Access Point support? Select TWO. A. B. C. D. E.
SIM TLS LEAP PEAP EAP-OL
Answer: BD Section: (none) Explanation/Reference:
QUESTION 3 While working with a customer you see that they have an excessive amount of collisions on their wireless network. Which parameter could you adjust on the access point to enable collision avoidance to see if it improves performance? A. B. C. D.
WPA RTS threshold signal checking CRC checking
Answer: B Section: (none) Explanation/Reference:
QUESTION 4 Which frequency offers fast data rates but also the most potential for interference from cordless and Bluetooth devices? A. 900 MHz B. 2.4 GHz
phones
C. 5 GHz D. 7.2 GHz Answer: B Section: (none) Explanation/Reference:
QUESTION 5 The IEEE 802.Ila standard operates in the ------------- frequency range. A. 900 Mhz B. 2.4 Ghz C. 5 Ghz D. 10 Ghz Answer: C Section: (none) Explanation/Reference:
QUESTION 6 Which layers of the OSI model are defined by the 802.Il(a, b or g) specifications? A. B. C. D.
Physical, Data Link Physical, Data Link, Network Physical, Data Link, Network, Transport Physical, Data Link, Network, Transport, Session
Answer: A Section: (none) Explanation/Reference:
QUESTION 7 Two wireless stations are located in close proximity to the same access point. Which mechanisms prevent them from transmitting at the same time? Select TWO. A. B. C. D. E.
RTS/CTS CSMA-CD CSMA-CA MAC/LLC LBT/ACK
Answer: AC Section: (none) Explanation/Reference:
QUESTION 8 Which object will likely cause the most signal degradation or cancellation to a 2.4 GHz transmission? A. B. C. D.
chain link fence 1 foot thick concrete firewall drywall six inch concrete and tile flooring
Answer: A Section: (none) Explanation/Reference:
QUESTION 9 While testing for interference, you are getting simultaneous reception of multiple signals due to signal reflections. What is this called? A. B. C. D.
Single path reception multi path reception canned path reception dual path reception
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 You have installed HP 520wl Access Points with l60wl 802.1la kits for your client. At certain times of the day the customer notices significant connectivity issues. Upon further investigation, you determine that they are experiencing radio frequency interference issues. Which other technologies could be causing the interference that you are seeing? Select TWO. A. B. C. D. E.
Hyper-LAN devices Bluetooth devices microwave ovens fluorescent lights Radar
Answer: AE Section: (none) Explanation/Reference:
QUESTION 11 During a dinner meeting, you transfer some documents to a customer through your 802.11g wireless card without the aid of an access point. During this process you and he formed a/an ---A. Independent Basic Service Set B. Extended Basic Service Set C. WEP Key pair
D. Standard Basic Service Set Answer: A Section: (none) Explanation/Reference:
QUESTION 12 When you enabled your wireless card for the first time, you probed the wireless network and noticed that several different SSIDs were advertised. For these SSIDs to be advertised in this manner means the access points must be configured as: A. B. C. D.
open systems closed systems 802.1x enabled WPA enabled
Answer: A Section: (none) Explanation/Reference:
QUESTION 13 A client walks into your conference room and uses his wireless card to access the Internet and check his Email. The fact hat he is able to do this infers that his wireless card is in what state in relation to one of your access points? A. B. C. D.
Unauthenticated and Associated Authenticated and Unassociated Encrypted and Associated Authenticated and Associated
Answer: D Section: (none) Explanation/Reference:
QUESTION 14 A customer wants to upgrade their current 802.11 b wireless network to 54Mbps while maintaining compatibility with existing equipment. They would also like their access points to support IEEE 802.3af Power Over Ethernet for convenience and ease of installation. Which HP Pro Curve product would be the best fit for this customer? A. B. C. D.
HP ProCurve 520wl. HP ProCurve 150wl HP ProCurve 420 HP ProCurve 70wl Series
Answer: C Section: (none) Explanation/Reference:
QUESTION 15 During a wireless network installation you install HP ProCurve 150wl radio cards in slot B of your client's HP Pro Curve 520wl Access Points. Which SSID should you expect to see on a client station when the access points are first powered up? A. B. C. D.
My Wireless Network A Enterprise AP My Wireless Network B Pro Curve Wireless
Answer: C Section: (none) Explanation/Reference:
QUESTION 16 Your client has installed HP ProCurve 420 Access Points to provide wireless network access for her employees. When the access points are first powered on in a default state, which SSID will be broadcast? A. B. C. D.
My Wireless Network A My Wireless Network B Enterprise Wireless AP Pro curve Wireless
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 Three employees are sharing data during a meeting using an Independent Basic Service Set without the aid of an access point. Which mode are the employees' wireless cards in? A. B. C. D.
infrastructure in-cell relay ad-hoc bridge
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 An HP ProCurve 420 Access Point has been installed in a network that has no DHCP server. On which IP address would you be able to communicate with the access point to provide initial configuration? A. 10.0.0.1 B. 42.0.0.1
C. 172.16.1.1 D. 192.168.1.1 Answer: D Section: (none) Explanation/Reference:
QUESTION 19 You ate installing an HP Pro Curve 420 Access Point in a customer's office outside of North America. Which parameter must be set before the radio on the access point can be enabled? A. B. C. D.
WEP keys WPA pre-shared key country code RADIUS server
Answer: C Section: (none) Explanation/Reference:
QUESTION 20 You have just installed a second access point in your office and you notice that your real throughput has suffered. While doing an RF analysis of your office you notice that the two access points are broadcasting on the same radio channel and interfering with each other. To avoid interference in your wireless network, you wish to configure your access points to communicate on separate channels. What must you do first before configuring a given access point to communicate on a particular channel? A. B. C. D.
disables auto-channel select disable the radio enable the wireless distribution system enable WEP
Answer: A Section: (none) Explanation/Reference:
QUESTION 21 Your client has installed HP Pro Curve 520wl Access Points to provide wireless network access for his employees. When the access points are first powered on in a default state, which username/password pair would allow you to access the configuration interface? A. B. C. D.
[blank ]/public admin/[blank] admin/password [blank/password
Answer: A Section: (none)
Explanation/Reference:
QUESTION 22 Your client has installed HP ProCurve 420 Access Points to provide wireless network access for his employees. When the access points are first powered on in a default state which username/password pair would allow you to access the configuration interface? A. B. C. D.
admin/password [blank]/public admin/[blank] [blank]/password
Answer: C Section: (none) Explanation/Reference:
QUESTION 23 Which action is required to perform a reset to default configuration on the HP ProCurve Wireless Access Point 520wl? A. B. C. D. E.
Select RE-Initialize in the web interface Press the RESET button for about 10 seconds Press the RELOAD button for about 10 seconds Reboot the Access Point Toggle the Access Point's on/off switch
Answer: C Section: (none) Explanation/Reference:
QUESTION 24 You are at a customer site troubleshooting a problem and you are not able to manage the access point. For which reasons would you reset an access point to factory default values? Select TWO. A. B. C. D. E.
before a wireless distribution system is setup when the admin password is lost before an access point image is upgraded when the access point image is corrupt after installing a replacement wireless access point card
Answer: BD Section: (none) Explanation/Reference:
QUESTION 25 When a faulty access point image does not allow a successful boot up, you may need to use the -------- to download a new executable image.
A. B. C. D. E.
HP scan tool power switch in the reload position REBUILD AP IMAGE command boot loader CLl boot loader TTP server
Answer: D Section: (none) Explanation/Reference:
QUESTION 26 While working with an HP ProCurve 420 Access Point, your customer notices a file called "dflt-img.bin" in the flash memory of her access point and asks you what it is for. What is the purpose of this image file on the access point? A. B. C. D.
It is the default system image and will always be used to boot the access point. It is the default location for the most current configuration file It is a default system image that can be used if the custom system image is corrupted It has no purpose
Answer: C Section: (none) Explanation/Reference:
QUESTION 27 In designing a wire1essnetwork, the customer would like to have coverage in the cafeteria area where employees, contractors and visitors have meals and breaks. The wireless access would mainly be used for low-bandwidth applications such as web surfing and checking email. The cafeteria is wide open space with a few columns and typical cafeteria tables and chairs for furniture. To provide maximum coverage with the fewest access points, which antenna would you recommend? A. B. C. D.
parabolic dish antenna 360 degree omni-directional antenna directional patch antenna yagi phased array directional antenna
Answer: B Section: (none) Explanation/Reference:
QUESTION 28 In designing wireless network, the customer needs to have wireless coverage in their warehouse facility for the automated picking and bar-coding inventory system. The warehouse, while being a physically wide open space, is filled with tall multi-bay steel racks that are filled with an. inventory of large steel and metal pumps and valves. To get sufficient coverage down these long aisles, which antenna would you recommend? A. omni-directional mast antenna B. parabolic dish antenna
C. directional patch antenna D. omni-directional dipole antenna Answer: C Section: (none) Explanation/Reference:
QUESTION 29 You performed a site survey in a large warehouse facility with extremely high ceilings. You find that the ideal location for placement of the access points would be suspended in the air from the ceilings. Unfortunately, this would require a significant amount of electrical work as part of the installation, which would be very expensive. Using 802.af Power over Ethernet would alleviate the electrical installation issue. Which access point product would you need to specify? A. B. C. D.
HP ProCurve 520wl Access Point HP ProCurve 420 Access Point HP ProCurve Access Controller 720wl HP ProCurve Integrated Access Manager 760wl
Answer: B Section: (none) Explanation/Reference:
QUESTION 30 What arc: the general categories into which 802.11 wireless LAN antennas fall? A. B. C. D.
semi- and highly directional omni-directional omni-and highly directional omni-, semi, and highly directional
Answer: D Section: (none) Explanation/Reference:
QUESTION 31 A customer has asked you to design a wireless network for his office using HP 420 Access Points. In one area you decide to use a directional antenna to ensure that the wireless signal propagates down a long hallway. If you wish to limit the radiated power to 1 Watt, what is the highest gain directional antenna that you can use if the access point it is connected to is transmitting at full power? A. B. C. D.
2 dBm 6.5 dBm 10 dBm 14 dBm
Answer: C Section: (none)
Explanation/Reference:
QUESTION 32 What is the basic purpose of the antennas in a wireless LAN system? A. B. C. D.
to increase the range of wireless LAN systems to decrease the range of wireless LAN systems to secure the RF output to stabilize the range of wireless LAN systems
Answer: A Section: (none) Explanation/Reference:
QUESTION 33 When are omni directional antennas used? When coverage in A. B. C. D.
all directions around the horizontal axis of the antenna are required a single direction around the horizontal axis of the antenna is required a directional area around the horizontal axis of the antenna is required all directions around the vertical axis of the antenna are required
Answer: A Section: (none) Explanation/Reference:
QUESTION 34 Your client has decided that he wishes to upgrade the security on his wireless network by implementing WPA instead of WEP which he currently uses. One of the advantages of WPA is a protocol known as the Temporal Key Integrity Protocol (TKIP). This protocol improves security by: A. B. C. D.
creating new encryption keys for each packet of data transmitted on the wireless network rotating encryption keys on a configurable time schedule using an encryption algorithm that is more secure than RC4 providing encrypted communications between the access points at the edge of the network and an authentication server in the data center
Answer: A Section: (none) Explanation/Reference:
QUESTION 35 When used in conjunction with WEP, the 802.1x protocol provides a dynamic ------- key for each individual client and a dynamic -------------key for packets destined for all clients. A. session, broadcast B. broadcast, session
C. broadcast, multicast D. multicast, session Answer: A Section: (none) Explanation/Reference:
QUESTION 36 Which EAP protocols will an HP ProCurve 420 Access Point support? Select TWO. A. B. C. D. E.
TL S PEAP EAP-OL SIM LEAP
Answer: AB Section: (none) Explanation/Reference:
QUESTION 37 Which level of encryption is created by a WEP Key using a 40-bit secret key concatenated with the initialization vector? A. B. C. D.
24-bit level of encryption 64-bit level of encryption 40-bit level of encryption l28-bit level of encryption
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 One of your enterprise customers has engaged your services in designing and implementing their wireless network, which you expect to be very large and busy. What are two main factors that would make you choose to implement WPA rather than WEP? Select TWO. A. B. C. D.
WEP keys are statically .configured on all access points and clients. The XOR operation creates cipher text that is not complex enough. Encryption keys are sent over the air in clear text There is a flaw in the RC4 encryption algorithm
Answer: AC Section: (none) Explanation/Reference:
QUESTION 39 Which entities are required in 802.1.x port access authentication? Select THREE. A. B. C. D. E. F. G.
the supplicant the crypto-key server the authentication server a syslog server the LDAP authentication server the KERBEROS server the authenticator
Answer: ACG Section: (none) Explanation/Reference:
QUESTION 40 If your customer wants to implement mac access control via RADIUS, what must you configure in the RADIUS server database? A. B. C. D.
the MAC addresses of all stations the MAC addresses of the switches that provides the LAN to the access points the MAC addresses of all access points the MAC addresses of the switch closes to the RADUS server
Answer: C Section: (none) Explanation/Reference:
QUESTION 41 A customer installs a 520wl Access Point in the lobby of the building to allow guests to access the Internet while waiting for meetings. The 520wl has two 802.11 b interface cards installed. Because employees may want to also access the Internet and corporate intranet from the lobby, what VLAN settings should be configured? A. Card A and B are set to the same VLAN number other than 0 and further authentication is required. B. Card A and B are set to the same VLAN and no further authentication is required C. Card A and B are set to different VLAN Ids as a means to distinguish between guests and employee connections D. Card A is set to VLAN 0 for guests and card B is set to any VLAN number between 1 and 4094 Answer: C Section: (none) Explanation/Reference:
QUESTION 42 A network administrator in a small office wants to enable security on his newly installed wireless LAN. He has decided to use WEP encryption with a 5-character alphanumeric key. What level of encryption will this provide?
A. B. C. D.
64 bit 128 bit 152 bit 512 bit
Answer: A Section: (none) Explanation/Reference:
QUESTION 43 Your client has decided to implement WEP encryption on his wireless network built with HP Pro Curve 520wl Access Points. He has visitors and employees who have many different types of wireless client cards, and therefore would like to go with a standards-based solution. Which standards-compliant WEP encryption levels does the HP ProCurve 520wl Access Point support? Select TWO A. B. C. D. E.
64 bit 128 bit 152 bit 256 bit 5l2 bit
Answer: AB Section: (none) Explanation/Reference:
QUESTION 44 In a large multiple access point deployment, why might it be important to configure your access points to operate on non-overlapping channels, if allowed by government regulations? A. Channel overlap can interfere with encryption, negating security measures such as WEP or WPA and allowing unauthorized access to a wireless network. B. Certain non-overlapping channels provide better RF coverage areas because they have a higher power setting. C. Access. Points configured on non-overlapping channels will not introduce interference, which can lower throughput D. Some directional antennas will only transmit on known non-overlapping channels Answer: C Section: (none) Explanation/Reference:
QUESTION 45 You have been asked to connect two wired networks together, which currently share no other network connectivity. What mode would you place the access points in? A. root mode B. bridging mode C. root and bridging mode
D. repeater mode Answer: B Section: (none) Explanation/Reference:
QUESTION 46 A user is authenticated through an HP Pro Curve 420 Access Point with VLANs enabled. However, the RADIUS authentication server does not return a VLAN attribute. What will happen to the user? A. B. C. D.
He will be placed in the Unauthorized VLAN and have no access to internal network resources. He will be denied access completely He will be placed on the Management VLAN He will be placed in the access point's Native VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 47 What is the valid range for client VLANs on HP ProCurve 420 Access Points? A. B. C. D.
1-64 1-128 1-4095 1-2048
Answer: C Section: (none) Explanation/Reference:
QUESTION 48 In an Extended Service Set (ESS), strategic placement of APs in the environment increases density by increasing -------------. Select TWO. A. B. C. D. E.
available bandwidth to stations coverage of the SSID the number of VLANs encryption strength range and coverage of the WLAN
Answer: AE Section: (none) Explanation/Reference:
QUESTION 49
A customer has recently decided to expand the coverage area of their HP 520wl Access Point to provide service to a larger group of users within the open area cafeteria. Initially, the access point was 'configured to cover a small cell area of 80 feet in diameter. Now the customer wants to cover a medium cell area of 200 feet in diameter. Which of the following transmission rates will users now experience? A. 1 Mbps, 2Mbps, 5.5 Mps, up to 11 Mbps transmission rates depending on location of client in relation to the access point B. 1 Mbps, 2Mbps, and 5.5 Mbps transmission rates with burst transfer rates of 11 Mbps~22 Mbps for clients who use.802.tHec channel bonded connections to the access point C. between 1 Mbps and 2 Mbps transmission rates depending on location of client in relation to the access point D. 1 Mbps, 2 Mbps, up to 5.5 Mbps transmission rates depending on location of client in relation to the access point Answer: D Section: (none) Explanation/Reference:
QUESTION 50 Clients A and B attempt to communicate with access point C at the same time and a collision occurs because they cannot detect each other's transmissions. This is an illustration of the problem. A. B. C. D.
fast transform retransmission key miss-match hidden client
Answer: D Section: (none) Explanation/Reference:
HP.ActualTests.HP0-752.v2008-07-28.by.Ramon.164q Number: HP0-752 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-752 Title : ProCurve Mobility Ver : 07-28-08 HP0-752
Exam A QUESTION 1 You are configuring a ProCurve Access Point (AP) 530. What is one reason to enable the same wireless LAN (WLAN) on both radio 1 and radio 2? A. B. C. D.
To increase the capacity of the WLAN by using both radios To use radio 1 for wireless users and radio 2 for a wireless bridge only To Allow users to use one of two different types of security connects to the WLAN To separate different types of wireless traffic into different collision domains
Answer: A Section: (none) Explanation/Reference:
QUESTION 2 You are using a normal mode for WLAN configuration on the Wireless Edge Services xl Module. How many WLANs can operate in open system mode? A. B. C. D.
16 4 8 12
Answer: B Section: (none) Explanation/Reference:
QUESTION 3 Which steps should you take during a site survey to test the converge provided by access points (AP) or Radio Ports (RPs)? (Choose two.) A. B. C. D. E.
Configure encryption keys and attempts to crack them using readily-available software Set up wireless bridges between the APs to ensure that they can reach each other Look for areas of overlap between nearby cells and set overlapping cells to different channels Compare the coverage provided by an RP 210 and an RP 230 and decide between the products Analyze the signal to noise ratio (SNR) at different hours of operation
Answer: CE Section: (none) Explanation/Reference:
QUESTION 4 What is the highest level of security that you can configure for a wireless bridge on the ProCurve Access Point (AP) 530? A. Dynamic Wired Equivalent Privacy (WEP) B. Static WEP C. WPA2-PSK with Advanced Encryption Standard (AES)
D. Wi-Fi Protected Access-Pre-shared keys (WPA-PSK) with Temporal key Integrity Protocol (TKIP) Answer: C Section: (none) Explanation/Reference:
QUESTION 5 Your Wireless Edge Services xl Module provides Web Authentication (Web-Auth) through its interval web server. Which IP addresses must you place in the Allow list for the Web-Auth wireless LAN (WLAN)? (Choose two.) A. B. C. D. E.
Wireless services-enabled switch's IP Address Domain Name System (DNS) server's IP address Wireless Edge services xl Module's IP Address RADIUS server's IP address Dynamic Host Configuration Protocol (DHCP) server's IP Address
Answer: BC Section: (none) Explanation/Reference:
QUESTION 6 Certkiller .com has a ProCurve AP 420. Which method can be used to authenticate wireless users to your network? A. B. C. D.
Kerberos Extended Authentication (Xauth) Lightweight Extensible Authentication Protocol (LEAP) Extensible Authentication Protocol-Transport Layer Security (EAP-TLS)
Answer: D Section: (none) Explanation/Reference:
QUESTION 7 You connect a Radio Port (RP) to a ProCurve switch 2600-PWR Series, which is connected to a wireless service-enabled switch. On the 2600-PWR switch, port 5 connets to the RP, and port 1 connects to the wireless services-enabled switch. The 2600-PWR switch is sending traffic from other VLANs to the wireless services-enabled switch. Which commands must you enter on the 2600-PWR Switch to enable the Wireless Module to detect the RP? (Choose two.) A. B. C. D. E.
vlan 2100 tagged 1 vlan 2100 untagged 5 vlan 2100 tagged 5 autoprovisioning enable vlan 2100 untagged 1
Answer: AB Section: (none)
Explanation/Reference:
QUESTION 8 When you connect a ProCurve Radio Port (RP) to a switch port that requires 802.1X authentication, the RP sends its credentials. How do you configure these credentials? A. Connect directly to the RP and access it setup software, which enables limited configuration B. Select the credentials for each RP when you create and add an RP license C. You can't change the default credentials. Create an account for the RP that matches the default credentials D. Pre-adopt the RP and load its credentials through the wireless Edge services xl module Answer: D Section: (none) Explanation/Reference:
QUESTION 9 ProCurve Radio Ports (RP) and ProCurve Access Points (APs) implement ProCurve's Adaptive Edge Architecture in different ways. Compare the capabilities of an RP on its own to those of an AP: Make the appropriate matching.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 10 You network feature a full public key infrastructure (PKI) with digital certificates for users and workstations, as well as for servers. You are now adding a wireless LAN (WLAN) that implements 802.1X authentication with Extensible Authentication Protocol (EAP). Which EAP method should you select for the highest security? A. B. C. D.
EAP-Tunneled TLS (TTLS) EAP-Message Digest 5 (MD5) EAP-Transport Layer Security (TLS) Protected EAP (PEAP)
Answer: C Section: (none) Explanation/Reference:
QUESTION 11 Which ProCurve Wireless LAN System feature protects Certkiller .com if a Radio Port (RP) fails? A. B. C. D.
Interference avoidance Network self-healing Redundancy Group Radio Frequency (RF) patching
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 The AP 420's radio has 1 Basic Service Set Identifier (BSSID) and each of the AP 530's two radios has 16 BSSIDs. What implication does this difference have? A. B. C. D.
The AP 420 can support only 1 WLAN but the AP 530 can support 32 The AP 420 can advertise only 1 WLAN, but the AP 530 can advertise 16 The AP 420 can support only 1 WLAN, but the AP 530 can support 16 The AP 420 can advertise only 1 WLAN but the AP 530 can advertise 32
Answer: B Section: (none) Explanation/Reference:
QUESTION 13 Which steps should you take during a site survey to test the converge provided by access points (AP) or Radio Ports (RPs)? (Choose two.) A. B. C. D. E.
Compare the coverage provided by an RP 210 and an RP 230 and decide between the products Configure encryption keys and attempts to crack them using readily-available software Set up wireless bridges between the APs to ensure that they can reach each other Look for areas of overlap between nearby cells and set overlapping cells to different channels Analyze the signal to noise ratio (SNR) at different hours of operation
Answer: DE Section: (none) Explanation/Reference:
QUESTION 14 A station associates with the ProCurve Access Point (AP) 420, roams to another AP and then returns to the first AP 420. What speeds up roaming when the station returns to the AP 420 if the wireless LAN (WLAN) requires 802.1X with WPA2? A. B. C. D.
Pairwise master key (PMK) caching Pre-Shared Key (PSK) association Opportunistic key caching Pre-authentication Security Association (SA)
Answer: A Section: (none) Explanation/Reference:
QUESTION 15 Which statement defines a wave's frequency? A. B. C. D.
The distance between identical phases in two waves The highest point in the radio wave The number of times per second a wave's cycle repeats itself The strength of the wave (the amount of energy the wave transmits)
Answer: C Section: (none) Explanation/Reference:
QUESTION 16 Certkiller .com wants to use the 2.4 GHz frequency on both of your ProCurve Access Point (AP) 530 radios.
How do you configure the AP 530 for this capability? A. B. C. D.
Set both radios to either 802.11g or 802.11b Set one radio to 802.11g and one radio to 802.11b Install an 802.11b/g card on radio 2 and set both radios to either 802.11g or 802.11b Set both radios to either 802.11g or 802.11b and configure radio 2 for an external antenna
Answer: D Section: (none) Explanation/Reference:
QUESTION 17 What is one difference between setting up Virtual LANs (VLANs) for wireless LANs (WLANs) on the AP 350 and on the AP 420? A. B. C. D.
On the AP 530, you must specifically enable dynamic but not static VLANs On the AP 530, you can assign more than one WLAN to the same VLAN On the AP 420, using dynamic VLANs invalidates static VLANs On the AP 420, all VLANs are always tagged
Answer: B Section: (none) Explanation/Reference:
QUESTION 18 What purpose does the second software image on the ProCurve Access Point (AP) 420 serve? A. B. C. D.
It allows you to choose two different images to load onto the AP It allows you to keep the last software image that was loaded onto the AP It provides a failsafe image in case the primary image becomes corrupted It provides an alternate software version in case the primary does not support your configuration
Answer: C Section: (none) Explanation/Reference:
QUESTION 19 What does Spanning Tree Protocol (STP) on the ProCurve Access Point (AP) 530 prevent? A. B. C. D.
Loops over connections between stations in the wireless and the wired network Loops over connections to stations in the wireless network Loops over connections between only wireless stations associated with multiple APs Loops over the APs Ethernet and Wireless bridge connections
Answer: D Section: (none) Explanation/Reference:
QUESTION 20 Currently, your Procurve AP 530 Supports both 802.11b and 802.11g stations on both of its radios. However, users have been reporting slow connections. What is one way that you could attempt to raise throughout for 802.11g stations? A. B. C. D.
Lower the RTS/CTS threshold on the both radios Disable protection in the advanced radio settings for one radio Disable support for the long preamble on both radios Enable 802.11b on radio 1 and 802.11g only on radio 2
Answer: D Section: (none) Explanation/Reference:
QUESTION 21 Which mechanism are part of the 802.11h standard? (Choose two.) A. B. C. D. E. F.
Quality of Service (QoS) for wireless stations Fast roaming for 802.1X Inter-Access Point Protocol (IAPP) Fast roaming for Voice over IP (VoIP) Transmit Power control (TPC) Dynamic Frequency Selection (DFS)
Answer: EF Section: (none) Explanation/Reference:
QUESTION 22 ProCurve Mobility Infrastructure Solutions help you meet the challenges posed by a wireless network (as compared to a traditional wired network). What is one of these challenges? A. 802.11 standards do not provide any encryption, so you must create Virtual Private Network (VPN) tunnels to each end station B. 802.11 standards do not provide any guidelines for Layer 2 roaming C. Multiple users connect to the network through the same access point (AP), but access must be customized for each user D. Studies have found that users tend to be less productive when they have mobile access to a network Answer: C Section: (none) Explanation/Reference:
QUESTION 23 When does an Access Point (AP) that enforces 802.1X on a wireless LAN (WLAN) initiate the authentication process?
A. B. C. D.
Before the wireless station completes 802.11 authentication As soon As the wireless station begins sending data frames Before the wireless station completes 802.11 association As soon as the 802.11 association comes up
Answer: D Section: (none) Explanation/Reference:
QUESTION 24 Which feature of the AP 530 is most important for a small to medium business that has high security needs? A. B. C. D.
It monitors for excessive probes to detect possible intrusion attempts It supports 802.11a and hackers often do not check for networks on this frequency Its internal RADIUS server provides standalone support for 802.1X authentication Unlike the AP 420, it can operate all 16 of its wireless LANs in closed system
Answer: C Section: (none) Explanation/Reference:
QUESTION 25 Exhibit:
Which channel should you select for the cell with questions mark? A. B. C. D. E.
6 12 8 10 4
Answer: A Section: (none)
Explanation/Reference:
QUESTION 26 Which type of message does a Radio Port (RP) transmit so that a ProCurve Wireless Edge services xl Module can detect it on the network? A. B. C. D.
Link Layer Discovery Protocol (LLDP) Inter-Access Point Protocol (IAPP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP)
Answer: A Section: (none) Explanation/Reference:
QUESTION 27 Which mechanism does Wi-Fi Protected Access (WPA) use to ensure data integrity? A. B. C. D.
Michael Temporal Key Integrity Protocol (TKIP) Cyclic Redundancy Check (CRC) Message Digest 5 (MD5)
Answer: A Section: (none) Explanation/Reference:
QUESTION 28 Which configuration steps are completed automatically if auto-provisioning is enabled on a wireless-services enabled switch? (Choose two.) A. The downlink port on the Wireless Edge Services xl Module is made a tagged of the Radio Port VLAN B. The uplink port on the Wireless Edge Services xl module is made an untagged member of the Radio Port VLAN C. Any RPs directly connected to the wireless service-enabled switch automatically detect other RPs, allowin you to configure radio self-healing options D. The Wireless Edge Services xl Module automatically adopts any RPs it detects E. Both the uplink port and the downlink port on the Wireless Edge Services xl Module are made tagged members of the Radio Port Virtual LAN (VLAN) F. Any Wireless services-enabled switch ports that are directly connected to RPs become untagged members of the Radio Port VLAN Answer: AF Section: (none) Explanation/Reference:
QUESTION 29
The AP 420's radio has Basic Service Set Identifier (BSSID) and each of the AP 530's two radios has 16 BSSIDs. What implication does this difference have? A. B. C. D.
The AP 420 can advertise only 1 WLAN but the AP 530 can advertise 16 The AP 420 can advertise only 1 WLAN but the AP 530 can advertise 32 The AP 420 can support only 1 WLAN , but the AP 530 can support 32 The AP 420 can support only 1 WLAN, but the AP 530 can support 16
Answer: A Section: (none) Explanation/Reference:
QUESTION 30 Your wireless currently consists of an employees wireless LAN (WLAN). You are adding a second WLAN, named Guests. What steps should you take to enable your ProCurve Access Point (AP) 420 t advertise the Guests WLAN? A. B. C. D.
Add the guests WLAN and activate open system globally Add the Guests WLAN add choose this WLAN for the primary WLAN Activate closed system on the Employees WLAN. Add the Guests WLAN in open system Add the Guests WLAN and enable open system on it
Answer: B Section: (none) Explanation/Reference:
QUESTION 31 Which configuration steps are completed automatically if auto-provisioning is enabled on a wireless-services enabled switch? (Choose two.) A. The downlink port on the Wireless Edge Services xl Module is made a tagged of the Radio Port VLAN B. Any Wireless services-enabled switch ports that are directly connected to RPs become untagged members of the Radio Port VLAN C. The uplink port on the Wireless Edge Services xl module is made an untagged member of the Radio Port VLAN D. The Wireless Edge Services xl Module automatically adopts any RPs it detects E. Both the uplink port and the downlink port on the Wireless Edge Services xl Module are made tagged members of the Radio Port Virtual LAN (VLAN) F. Any RPs directly connected to the wireless service-enabled switch automatically detect other RPs, allowin you to configure radio self-healing options Answer: AB Section: (none) Explanation/Reference:
QUESTION 32 A wireless radio signal passes through a wall that introduces a 3 db attenuation of the signal. What happens to the power of the signal?
A. B. C. D.
It decreases by 3 percent It decreases by one-third It decreases by 1000 mW (1 W) It decreases by one-half
Answer: D Section: (none) Explanation/Reference:
QUESTION 33 A station is configured for passive scanning. Which statement describes its behavior? A. B. C. D.
The station listens for beacon frames from any access point (AP) within range The station sends probe requests on all supported channels The station listens only for beacon frames for previously-accessed wireless LANs (WLANs) The station sends probe requests on only one channel
Answer: A Section: (none) Explanation/Reference:
QUESTION 34 Which authentication method can be combined with any other supplemental authentication method? A. B. C. D.
MAC authentication Extensible Authentication Protocol (EAP) 802.1X authentication Preshared keys
Answer: A Section: (none) Explanation/Reference:
QUESTION 35 Which statement describes a ProCurve Radio Port (RP)? A. After receiving a configuration from the Wireless Edge Services xl Module, the RP saves that configuration to its internal flash B. If you change an RP's configuration, you must always reload the RP before that configuration can take effect C. When the RP receives wireless traffic from stations, it encapsulates that traffic before sending traffic it to the Wireless Edge Services xl module D. When the RP receives a wireless frame, it removes the 802.11 header and replaces it with an ethernet header Answer: C Section: (none) Explanation/Reference:
QUESTION 36 Which products would you purchase if Certkiller .com required 24 Radio Ports (RPs)? A. B. C. D.
Wireless Edge Services xl Module Wireless Edge Services xl Module and three additive RP licenses Wireless Edge Services xl Module and one additive RP licenses Wireless Edge Services xl Module and two additive RP licenses
Answer: C Section: (none) Explanation/Reference:
QUESTION 37 What might cause as excessive number of collisions in a wireless cell? A. B. C. D.
Disabling the long slot time on an 802.11b/g radio Setting the transmit power on an 802.11a radio too low Setting the RTS/CTS threshold too low Not putting a Layer 3 roaming solution in place
Answer: A Section: (none) Explanation/Reference:
QUESTION 38 When does supplemental authentication occur? A. After both the open-key 802.11 authentication and the 802.11 association are completely successfully B. After both the shared-key 802.11 authentication and the 802.11 association are completely successfully C. After the open-key 802.11 authentication is completed successfully but before the 802.1 association process begins D. After the shared-key 802.11 authentication is completed successfully but before the 802.11 association process begins Answer: A Section: (none) Explanation/Reference:
QUESTION 39 Certkiller .com has configured three wireless LANs (WLANs) on its Wireless Edge Services xl Module. These WLANs are assigned to three Virtual LANs (VLANs) - (VLANs) 8, 16 and 24. How must you configure the wireless service-enabled switch so that it transmits traffic from these VLANs onto the wired network? A. Make the Wireless Module's uplink port a tagged member of VLAN 8 and an untagged member of VLANs 16 and 24 B. Make the Wireless Module's uplink port an untagged member of VLANs 8, 16 and 24
C. Make the Wireless Module's downlink port a tagged member of VLANs 8,16 and 24 D. Make the Wireless Module's uplink port a tagged member of VLANs 8, 16 and 24 Answer: D Section: (none) Explanation/Reference:
QUESTION 40 You are providing consulting services to a bookstore that wants to set up a wireless network to provide complimentary internet access. Which security option should you choose to provide the widest support for customers who bring their own equipment? A. B. C. D.
Web Authentication (Web-Auth) MAC Authentication (MAC-Auth) Wi-Fi Protected Access (WPA) with preshared keys (PSK) Dynamic Wired Equivalent Privacy (WEP)
Answer: A Section: (none) Explanation/Reference:
QUESTION 41 You configure two access points (APs) to support a single wireless LAN (WLAN). One station associates with one AP and one station associates with the other AP. What do the two stations have in common? A. B. C. D.
Service Set Identifies (SSID) Wireless Cell Independent basic service set identifies (IBSSID) Basic service set identifier (BSSID)
Answer: A Section: (none) Explanation/Reference:
QUESTION 42 You want ProCurve Radio Port (RP) 1's radio to function as a neighbor for RP's radio. RP 1 will monitor RP 2 and take action if RP 2 becomes unavailable. Which actions can you configure RP 1's radio to take if RP 2 becomes unavailable? (Choose two.) A. B. C. D. E.
Open it s data rates Increase the radio's transmit power Order stations associated with RP 2 to roam Change the radio's channel Change the radio mode from 802.11a to 802.11b/g
Answer: AB Section: (none) Explanation/Reference:
QUESTION 43 Certkiller .com installs the ProCurve Wireless LAN system and requires two Radio Ports (RPs) for the cafeteria. One RP must be installed outside and one RP must be installed inside. Both RPs must support 802.11a, b and g. Which RPs should be company purchase? A. B. C. D.
One RP 220 and One RP 230 Two RP 210s One RP 220 and one RP 210 One RP 230 one RP 210
Answer: A Section: (none) Explanation/Reference:
QUESTION 44 Exhibit:
To which channel should you set the cell with the question mark if you want to increase capacity? A. B. C. D.
11 9 6 3
Answer: A Section: (none) Explanation/Reference:
QUESTION 45 For which scenario might you recommended the use of 802.11 pure-g mode? A. B. C. D.
An Environment with potential interference from military radar A wireless network that carries sensitive financial information A controlled environment with the latest high-tech equipment A public wireless network for customers and contractors
Answer: C Section: (none) Explanation/Reference:
QUESTION 46 Which mode allows you to connect two wired networks through a wireless connection? A. B. C. D.
In-cell relay mode Peer-to-peer mode Internetwork mode Infrastructure mode
Answer: A Section: (none) Explanation/Reference:
QUESTION 47 Why would you use ProCurve Mobility Manager (PMM)? A. B. C. D.
Centrally manage wireless LANs (WLANs) on multiple access point (AP) Enable failover between Access Point (APs) Configure dynamic Virtual LANs (VLANs) Enable Layer roaming
Answer: A Section: (none) Explanation/Reference:
QUESTION 48 What is a requirement for installing a ProCurve Radio Port (RP) 210? A. B. C. D.
Power Over Ethernet (PoE) 100Base-T or faster port Maximum of 100 meter distance from the Wireless Edge Services xl Module External Antenna
Answer: A Section: (none)
Explanation/Reference:
QUESTION 49 You configure a wireless bridge (Wireless distribution system) between two Access Point (AP) 530s and select Wi-Fi Protected Access with pre-shared keys (WPA-PSK) as the security for the wireless bridge. What are two of the settings that must match exactly? (Choose two.) A. The service set Identifies (SSID) for the wireless distribution system (WDS) must be the same on both APs B. WLAN1 must have the same SSID on both APs C. WLAN1 on both APs must be configured as an open system so that each AP can detect its peer's Basic Service Set Identifies (SSID) D. The radios establishing the wireless bridge must be set to the same channel E. The two APs must support the same wireless LANs (WLANs) Answer: AD Section: (none) Explanation/Reference:
QUESTION 50 What is true of an omnidirectional antenna? A. B. C. D.
It radiates the signal in all directions equally, vertically and horizontally until the 3 db line It radiates the signal in all directions equally, both vertically and horizontally It radiates the signal in all directions equally, horizontally but not vertically It radiates the signal in all directions equally, vertically but not horizontally
Answer: C Section: (none) Explanation/Reference:
QUESTION 51 You set your ProCurve Access Point (AP) 530's radio to 802.11g and leave advanced settings at their defaults. Which types of stations does the radio support? A. B. C. D.
g and a, but not b g only g and b, but not a g, a and b
Answer: C Section: (none) Explanation/Reference:
QUESTION 52 What advantage does Wi-Fi Protected Access 2 (WPA2) provide over WPA?
A. B. C. D.
WPA2 requires the use of 802.1X authentication WPA2 requires support for Advanced Encryption Standard (AES) WPA2 enforces Michael's countermeasures to ensure data integrity WPA2 enables a method for generating per-frame keys
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 Which software image or image does the ProCurve Access Point (AP) 530 store? A. B. C. D.
A primary image and as many images as flash memory can hold A Primary image only A primary image and a secondary image that you load A Primary image and a factory default image
Answer: D Section: (none) Explanation/Reference:
QUESTION 54 You are configuring wireless LAN 2 (WLAN 2) on the ProCurve Access Point (AP) 530 through its command line interface (CLI). You want to enable the WLAN on both of the APs radios. What must you do? A. B. C. D.
Configure exactly the same WLAN settings on both radios Configure WLAN settings on radio 1 but enable the WLAN on both radios Configure the WLAN settings on either radio but enable the WLAN on both radios Configure WLAN settings on both radios, they do not have to match
Answer: B Section: (none) Explanation/Reference:
QUESTION 55 .Why would you use ProCurve Mobility Manager (PMM)? A. B. C. D.
Configure Dynamic Virtual ALN (VLANs) Centrally Manager wireless LANs (WLANs) on multiple access points (APs) Enable Layer 3 roaming Enable failover between Access Points (APs
Answer: B Section: (none) Explanation/Reference:
QUESTION 56 Which encryption method uses key mixing to provide per-frame keys? A. B. C. D.
Static Wired Equivalent Privacy (WEP) Temporal Key Integrity Protocol (TKIP) Advanced Encryption Standard (AES) Dynamic WEP
Answer: B Section: (none) Explanation/Reference:
QUESTION 57 Which type of message does a Radio Port (RP) transmit so that a ProCurve Wireless Edge services xl Module can detect it on the network? A. B. C. D.
Internet Control Message Protocol (ICMP) Inter-Access Point Protocol (IAPP) Link Layer Discovery Protocol (LLDP) Address Resolution Protocol (ARP)
Answer: C Section: (none) Explanation/Reference:
QUESTION 58 Certkiller .com has installed the ProCurve Wireless LAN system. What is responsible for initiating the roaming process? A. B. C. D.
Wireless Edge Services xl Module Wireless Services-enabled switch Wireless Station Radio Port (RP)
Answer: C Section: (none) Explanation/Reference:
QUESTION 59 Why might you purchase a ProCurve Secure Access 700wl Series (Which includes an Access Control Server 745wl and Switch xl Access Controller Modules)? (Choose two.) A. B. C. D. E.
You want to use a Simple Network Management Protocol (SNMP) solution to manage your products You want to enable Layer 3 roaming between APs that Certkiller .com already owns You want a solution for end-to-end virtual private network (VPN) tunnels to wireless stations You want the higher availability enabled by network self-healing features such as neighbor recovery You want to implement the greater security of Wi-Fi Protected Access 2 (WPA2) in your wireless network
Answer: BC Section: (none) Explanation/Reference:
QUESTION 60 In which mode does the Procurve Access Point (AP) 420 Operate? A. B. C. D.
Mixed-cell mode Infrastructure mode Peer-to-peer mode In-cell relay mode
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 Your wireless network includes a Procurve Access Point (AP) 530 that enforces 802.1X authentication. A user calls and says that she is entering the correct username and password but can't connect to the network. Then you receive the same complaint from many other users. What is a likely source for the problem? A. B. C. D.
The AP 530 has the wrong shared RADIUS key The users have client utilities that do not support 802.1X All of the users are entering the wrong password The AP 530s Internal RADIUS server has been disabled
Answer: A Section: (none) Explanation/Reference:
QUESTION 62 Which function does a Wireless Edge Services xl Module provide in a ProCurve Wireless LAN system? A. B. C. D.
It establishes the radio signal for the wireless network It provides power over ethernet (PoE) for Radio Ports (RPs) It encapsulates wireless traffic in a proprietary protocol before sending it into the wired network It enforces the security settings that you configure for a wireless LAN (WLAN)
Answer: D Section: (none) Explanation/Reference:
QUESTION 63 Which statement describes a closed system?
A. B. C. D.
In a closed system, the wireless network name is not included in the header of any 802.11 frames In a closed system, the wireless network name is encrypted in the 802.11 header In a closed system, the wireless network name can't be detected in any 802.11 frames In a closed system, the wireless network name is not advertised in the 802.11 beacon frame
Answer: D Section: (none) Explanation/Reference:
QUESTION 64 Which steps should you take during a site survey to test the converge provided by access points (AP) or Radio Ports (RPs)? (Choose two.) A. B. C. D. E.
Look for areas of overlap between nearby cells and set overlapping cells to different channels Analyze the signal to noise ratio (SNR) at different hours of operation Set up wireless bridges between the APs to ensure that they can reach each other Compare the coverage provided by an RP 210 and an RP 230 and decide between the products Configure encryption keys and attempts to crack them using readily-available software
Answer: AB Section: (none) Explanation/Reference:
QUESTION 65 You can access your AP 420's command line interface (CLI) through a telnet session. However, you can't access the AP 420 through the Web browser interface. What might be the problem? A. B. C. D.
The AP is using an invalid IP Address or default gateway The uplink switch requires 802.1X authentication and the AP has the wrong credentials The AP's HTTP server has been manually disabled The AP has been configured for the wrong management virtual LAN (VLAN)
Answer: C Section: (none) Explanation/Reference:
QUESTION 66 You Wireless Network consists of a ProCurve Wireless LAN System that enforces 802.1X Authentication with Extensible Authentication Protocol (EAP). What devise must negotiate and agree on the EAP method? (Choose two.) A. B. C. D. E.
RADIUS Server Wireless Edge Services xl Module Radio Port (RP) Wireless Station Redundant Wireless Edge Services xl Module
Answer: AD
Section: (none) Explanation/Reference:
QUESTION 67 You Wireless network is experiencing slow connections. Technical support has requested that you enter the support tethereal command on you wireless edge services xl module and you have done so. Now you want to copy out the file you created. Where, in the Wireless Module' Web Browser interface, you can find this file? A. B. C. D.
With the panic snapshots With the configuration files With the software files With the core snapshots
Answer: D Section: (none) Explanation/Reference:
QUESTION 68 Your Wireless network is experiencing slow connections. Technical support has requested that you enter the support tethereal command on your Wireless Edge Services xl Module and you have done so. Now you want to copy out the file you created, where in the wireless module's web browser interface can you find this file? A. B. C. D.
With the core snapshots With the panic snapshots With the configuration files With the software files
Answer: A Section: (none) Explanation/Reference:
QUESTION 69 Exhibit:
The ProCurve Radio Port (RP) shown in the exhibit has not been adopted by the wireless Edge services xl module. What could be the reason? A. B. C. D.
The switch port that connects to the RP should be tagged for VLAN 2100 The wireless Module's internal uplink port should be untagged for VLAN 2100 The Wireless Edge Services xl Module runs rogue AP detection The switch port that connects to the RP enforces 802.1X authentication
Answer: D Section: (none) Explanation/Reference:
QUESTION 70 Why would you enable anomaly detection on the Wireless Edge Services xl Module? A. B. C. D.
To monitor 802.11 frames for spoofed MAC addresses To monitor the behavior of Radio Ports (RPs) and invoke self-healing features if an RP fails To monitor stations behavior and prevent denial of service (DOS) attacks To monitor the module for internal errors that might indicate hardware failure
Answer: C Section: (none) Explanation/Reference:
QUESTION 71 You need to calculate a device's Effective Isotropic Radiated Power (EIRP). How do you complete the calculation?
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 72 You are designing a security solution for Certkiller .com with a busy wireless network. You recommended Wi-Fi Protected Access (WPA) instead of static wired equivalent privacy (WEP). Which reason could you give for not choosing WEP? A. B. C. D.
Static WEP sends encryption keys over the wireless network in plain text The Rivest Cipher 4 (RC4) algorithm, which is used by WEP is flawed WEP does not support encryption keys that are as long as the keys supported by WPA WEP's initialization vector (IV) is too short to prevent reused keys
Answer: D Section: (none) Explanation/Reference:
QUESTION 73 You are configuring a ProCurve Access Point (AP) 530. You Configure two Wireless LANs (WLANs). What is one reason to enable the first WLAN only on radio 1 and the second WLAN only on radio 2? A. B. C. D.
To use radio 1 for wireless users and radio 2 for a wireless bridge only To double the capacity of each WLAN by using two radios To allow users to choose their radio but still connect to the same extended service set (ESS) To separate different types of wireless traffic into different collision domains
Answer: D Section: (none) Explanation/Reference:
QUESTION 74 You have used ProCurve Identity Driven Manager (IDM) to create user groups and dynamic VLAN policies on you network's RADIUS servers. Now you are establishing a wireless network and the Wireless Edge Service xl module enforces these policies for wireless users. Wireless users who are members of the Finance Department group complain that they can authenticate to the wireless network successfully but do no receive an IP address. What might be the problem? A. The dynamic Virtual LAN (VLAN) for the Finance group has not been tagged on the Wireless Module's uplink port
B. User accounts for the Finance group do not allow dial-in access C. Dynamic VLANs have not been enabled in the Wireless Module's Wireless LAN (WLAN) settings D. You have not enabled the Finance Group in the ProCurve IDM configuration Answer: A Section: (none) Explanation/Reference:
QUESTION 75 Which Virtual LAN (VLAN) or VLANs are automatically created in the Wireless service-enabled switch if auto-provisioning is enabled? A. B. C. D.
Any VLAN created on the wireless Edge Services xl Modules The VLAN assigned to WLAN 1 Any dynamic VLAN assigned to wireless users Radio Port VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 76 Certkiller .com is setting up a wireless network using a ProCurve Access Point (AP) 420. Users throughout the building complain that they can't see the name for your wireless network in their wireless client utilities. You ping the AP 420 and receive a response. What might be the problem? (Choose two.) A. B. C. D. E.
The APs radio has been dedicated to AP detection The APs country code has not been set The AP operates in open system but user's stations operate in closed system The AP has failed to boot The AP uses a different security options than the user's stations do
Answer: AB Section: (none) Explanation/Reference:
QUESTION 77 Why might you reduce an AP's or an RP's transmit power? (Choose two.) A. B. C. D. E.
To raise its receiver sensitivity, which is inversely proportional to power To keep a device with an external antenna within legal limits To reduce interference between closely spaced devise To extend the devices functional lifetime To focus the signal in a narrower but longer beam
Answer: BC Section: (none)
Explanation/Reference:
QUESTION 78 How does a diversity antenna (which includes two antennas) address the problem of multipath? A. For each receiving station, it chooses the antenna that provides the better signal-to-noise ratio (SNR) B. Each antenna changes the frequency at which it is transmitting, depending on the current SNR C. It uses one antenna to transmit and one to receive, improving the overall quality and performance of the wireless network D. It sends out two copies of the signal, so that the signal arrives with a high enough SNR Answer: A Section: (none) Explanation/Reference:
QUESTION 79 Exhibit:
These are the data rate sets configured on your ProCurve Access Point (AP) 530's radio. Which statements concerning capacity in the cell are true? (Choose two.) A. B. C. D. E.
Only one station at a time can transmit at 54 Mbps, but all can transmit at 6 Mbps The theoretical bandwidth for the cell 54 Mbps, but overhead reduces it to 6 Mbps At any given moment, one station can transmit at up to 54 Mbps Every station is allowed up to 6 Mbps bandwidth and the cell can support 9 stations Each station must be able to transmit at no less than 6 mbps in order to join the cell
Answer: CE Section: (none) Explanation/Reference:
QUESTION 80 Exhibit:
You are helping a user who is having trouble connecting to a wireless LAN (WLAN) supported by a ProCurve Access Point (AP) 530. You look in the AP 530's event log and see that the status of user's station is as show in the exhibit. What could be the problem? A. B. C. D.
The Station has failed MAC authentication The use has entered the wrong preshared key (or password) The station does not support the data rates required in the cell The station uses open-key rather than shared-key authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 81 You are the administrator of a wireless LAN built with ProCurve 520wl's. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building is illuminating an amber power LED and no other LEDs are lit. Why can't he connect to the wireless network? A. B. C. D.
The cards installed in the access point are incompatible with the current firmware image The access point has a corrupt firmware image The access point is rebooting The access point's radio card has been disabled
Answer: B Section: (none) Explanation/Reference:
QUESTION 82 You want to limit management of your 5304xl switches using IP Authorized Managers. You have configured an IP Authorized Manager entry of 10.1.10.4 255.255.255.248. How many IP addresses will be allowed to manage your 5300s? A. B. C. D.
1 4 6 8
Answer: D Section: (none) Explanation/Reference:
QUESTION 83
A customer wants to provide stricter access security for all network clients and implement a combination of 802.1X and MAC authentication. Which parameters must be configured on the RADIUS server to support the ports configured with MAC authentication? Select TWO. A. Configure PAP to support unencrypted authentication of network peripherals. B. Create a user on the RADIUS server using the MAC address of the device for the username and the password. C. Create a user on the RADIUS server using the MAC address of the device for the username and the RADIUS shared secret for the password. D. Configure EAP RADIUS for the authentication method. E. Create a user on the RADIUS server using the MAC address of the device for the username and do not configure a password (leave it blank). F. Configure CHAP RADIUS for the authentication method. Answer: BF Section: (none) Explanation/Reference:
QUESTION 84 You have implemented a network security solution for your client based upon the 802.1X protocol using the ProCurve Access Control Client, 2650-PWR switches and the Funk Steel-Belted RADIUS server. In this solution, the RADIUS server is acting as a ________. A. B. C. D.
policy repository policy decision point network access server policy enforcement point
Answer: B Section: (none) Explanation/Reference:
QUESTION 85 You have a new customer who is very concerned about the security of his internal campus network. You suggest that the HP ProCurve Access Control Solution may provide the level of safety and security that he is looking for. Which options are part of the HP ProCurve Access Control Solution? Select THREE. A. B. C. D. E. F. G.
Web Authentication Intrusion Detection Systems Hardware Firewalls Access Control Lists 802.1X Authentication Virtual Private Networks Anti-Virus Software
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 86 A pharmaceutical company has recently moved into a new three-story office building. They are sharing a core routing switch between two departments: human resources, and research and development. Both departments have edge switches deployed and neither department wants the other to have management access to their respective HP ProCurve edge switches. Which security measures would be recommended to limit management access to the respective departments? Select TWO. A. B. C. D. E.
SSH SSL Authorized IP Managers management VLANs Microsoft Windows User Domain Security limits
Answer: CD Section: (none) Explanation/Reference:
QUESTION 87 In designing a wireless network, the customer needs to have wireless coverage in their warehouse facility for the automated picking and bar-coding inventory system. The warehouse is a wide open space filled with tall, multi-bay steel racks that are filled with an inventory of large metal pumps and valves. To get sufficient coverage down these long aisles, which antenna would you recommend? A. B. C. D.
omni-directional mast parabolic dish directional patch omni-directional dipole
Answer: C Section: (none) Explanation/Reference:
QUESTION 88 A customer has asked you to design a wireless network for his office using HP 420 Access Points. In one area you decide to use a directional antenna to ensure that the wireless signal propagates down a long hallway. If you wish to limit the radiated power to 1 Watt, what is the highest gain directional antenna that you can use if the access point it is connected to is transmitting at full power? A. B. C. D.
2 dBm 6.5 dBm 10 dBm 14 dBm
Answer: C Section: (none) Explanation/Reference:
QUESTION 89 During a wireless implementation for a local college you plan to use omni-directional diversity antennas for the internal public areas of the campus. You chose these antennas because they provide RF coverage in
________ of the antenna. A. B. C. D.
a concentrated direction around the horizontal axis all directions around the vertical axis a particular direction along the vertical axis all directions around the horizontal axis
Answer: B Section: (none) Explanation/Reference:
QUESTION 90 When designing wireless networks, it is important to remember that government agencies limit the power of RF based networks in certain radio bands. The emitted power of a radio transmitter and any attached antenna is known as its ________. A. B. C. D.
Radiated Radio Frequency Power WIreless System Power Radiation Effective Isotropic Radiated Power Effective Total Power Output
Answer: C Section: (none) Explanation/Reference:
QUESTION 91 You are installing an access point that is transmitting at 16 dBm. It is connected to a directional patch antenna with a rating of 6.5 dBi through a cable and connector set that is rated at 2.5 dBi. What is the effective gain of this configuration? A. B. C. D.
25 dB 20 dB 12 dB 30 db
Answer: B Section: (none) Explanation/Reference:
QUESTION 92 Exhibit:
A customer is located on the top floor of a three-story building. The second floor already has an existing 802.11b network using channels 1, 6 and 11. The customer on the third floor wants to install an 802.11b network and requires three access points. Which channels should be used for the three access points? Select TWO. A. B. C. D. E.
AP-A: channel 1, AP-B: channel 6 and AP-C: channel 11 AP-A: channel 7, AP-B: channel 8 and AP-C: channel 9 AP-A: channel 11, AP-B: channel 1 and AP-C: channel 6 AP-A: channel 2, AP-B: channel 3 and AP-C: channel 4 AP-A: channel 6, AP-B: channel 11 and AP-C: channel 1
Answer: CE Section: (none) Explanation/Reference:
QUESTION 93 A user is authenticated through a ProCurve 420 with VLANs enabled. However, the RADIUS authentication server does not return a VLAN attribute. What will happen to the user? The user will be _______. A. B. C. D.
placed in the Unauthorized VLAN denied access completely placed on the Management VLAN placed in the access point's Native VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 94 What is the valid range for client VLAN IDs on a ProCurve 420? A. B. C. D.
1-64 1-128 1-2048 1-4095
Answer: D Section: (none) Explanation/Reference:
QUESTION 95 Clients A and B attempt to communicate with access point C at the same time and a collision occurs because they cannot detect each other's transmissions. Which problem does this illustrate? A. B. C. D.
fast transform retransmission key mis-match hidden client
Answer: D Section: (none) Explanation/Reference:
QUESTION 96 Two wireless stations are located in close proximity to the same access point. Which mechanisms prevent them from transmitting at the same time? Select TWO. A. B. C. D. E.
CSMA-CD SYN/ACK CSMA-CA MAC/LLC RTS/CTS
Answer: CE Section: (none) Explanation/Reference:
QUESTION 97 A customer has noticed that the throughput on his wireless network is not sufficient for his business requirements. As a first step in trying to alleviate this problem, you decide to increase the multicast rate on all of his access points to the maximum setting. This will help to improve real throughput because the multicast rate is the _______. A. rate at which WEP keys are refreshed
B. rate at which access points send out beacon frames to clients C. rate at which control and management frames are transmitted to all associated clients D. raw data rate at which packets are transmitted between a single client and access point Answer: C Section: (none) Explanation/Reference:
QUESTION 98 While probing a wireless network using the wireless client utility on you computer, you can see that several different SSIDs are shown to be available. Which procedure has your wireless card just performed? A. B. C. D.
a passive scan a WPA PSK refresh an active scan a WEP key refresh
Answer: C Section: (none) Explanation/Reference:
QUESTION 99 Given the complicated nature of wireless bridging, what must be considered before implementation? Select THREE. A. B. C. D. E. F. G.
auto channel select must be enabled circular links require spanning tree to be set WDS links need to be set to same frequency channel multiple hop links need to be reduced to less than three multiple hop links may lead to long end-to-end latency figures circular links can create IP loops leading to increased performance WDS links need to be set to alternating frequency channels using 1, 6 and 11
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 100 Range can be impacted by obstacles in the signal path of the radio that either absorb or reflect the radio signal. Which factors describe environmental interference that may impact the cell size used on an 802.11b or 802.11g network? Select TWO. A. B. C. D. E.
wireless IR entertainment system remote controls power lines and power stations wireless 5Ghz telephones 900 MHz wireless security alarm system walls that contain metal, cabinets, and metal desks
Answer: BE Section: (none) Explanation/Reference:
QUESTION 101 You are the administrator of a wireless LAN built with ProCurve 520wl's and you have just installed 170wl cards in all of the access points. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building has a red LED on card A. Why can't he connect to the wireless network? B. The access point has a corrupt firmware image. C. He has the wrong WEP key and the card has shut down because of the security violation. D. The card installed in slot A is incompatible with the current firmware image. E. The radio card in slot A has been disabled. Answer: C Section: (none) Explanation/Reference:
QUESTION 102 Site surveys are best done at the pre-sales stage in order to provide a customer with a rough estimate of what their investment will be. What are some important results derived from a site survey? Select TWO. A. B. C. D. E.
How far should the APs be spaced apart (what cell size is needed)? Are there available dedicated power circuits for AP usage to limit noise feedback? Base estimated cell radius of 33 meters supporting 60-90 users at 5.5 Mbps aggregate bandwidth. How many APs will be required in a given area (cell density)? Use an Ultrasonic Wave Analyzer to test signal to noise ratio for proper placement of access points.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 103 Which actions should be taken to test access point coverage during a site survey? Select THREE. A. Temporarily install an access point to test and measure signal to noise ratio levels. B. Use a wireless enabled portable device running an SNR analyzer tool. C. Configure all access points to use the same channel and enable bridge mode operation on all access points. Test connectivity and roaming once the site AP's are setup in bridge mode. D. Enable and verify 802.1X security to insure proper signal encryption and strength. E. Configure overlapping cells using non-overlapping channels and test for coverage. F. Configure WEP keys on client and access points. G. Configure a WDS link between two access points. Answer: ABE Section: (none)
Explanation/Reference:
QUESTION 104 There is a customer environment where both employees and visitors will have access to network resources. When considering issues dealing with physical security, which questions should you consider? Select THREE. A. B. C. D. E. F. G.
Which ports are assigned to the management VLAN? Who has access to the room? Is there a 'visitor' policy? Who knows the manager level passwords? Is it in a secure area of the building? Does the data center meet Military Level Security Requirements? Has accessibility been limited to administrators only?
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 105 SNMP version 3 introduces security features that may be incompatible with managment applications that use previous versions of SNMP. Which command allows an SNMPv2 management application to access an HP ProCurve switch that must also support SNMPv3 in a secure network environment? A. B. C. D.
snmpv3 community ro snmpv3 restricted-access snmpv3 enable-v2-access snmpv3 enable community ro
Answer: B Section: (none) Explanation/Reference:
QUESTION 106 Which authentication types does SSH support? Select TWO. A. B. C. D. E.
NDS switch user/password authentication LDAP public key authentication switch SSH and user password authentication PKI digital certificate authentication client RSA authentication
Answer: CE Section: (none) Explanation/Reference:
QUESTION 107 A customer, who is already using SSH for secure communications, wants the client to authenticate itself using client RS A. Which additional preparatory steps are necessary to set up client RSA authentication? Select TWO. B. Generate a public/private key pair on the switch. C. Copy the client public key to the switch. D. Copy the client private key to the switch. E. Copy the public/private key pair to the client. F. Generate a public/private key pair on the client computer. Answer: BE Section: (none) Explanation/Reference:
QUESTION 108 A customer currently manages all of their HP ProCurve switches using the plain text web interface. They now want to use SSL for encrypted web-based management. Which steps must be completed before enabling SSL? Select TWO. A. B. C. D. E.
generate a self-signed server certificate for HTTPS generate an HTTPS client certificate generate an RSA key file for HTTPS certificates disable plain text web management first import a certificate request from a Certificate Authority
Answer: AC Section: (none) Explanation/Reference:
QUESTION 109 What are the main steps for configuring SNMPv3 access management after enabling SNMPv3 on an HP ProCurve 5300xl switch? A. B. C. D.
Create communities; create groups; assign communities to groups Create users; assign users to groups Create users; create groups; assign users to groups Create users; create communities; assign users to communities
Answer: B Section: (none) Explanation/Reference:
QUESTION 110 When designing a management VLAN, which ProCurve solution should an administrator implement at the core and the Layer 2 edge devices?
A. Enable management VLANs to provide security at the core; apply an IP address only to the core switch; and use ACLs at the Layer 2 switches. B. Use ACLs to provide security at the core; enable management VLANs at the Layer 2 switches; and apply an IP address only to the management VLAN. C. Enable management VLANs to provide security at the core and at Layer 2 switches; ACLs are not required. D. Configure a separate management network with dedicated ports to isolate all management traffic at the core and at the Layer 2 switches. Answer: B Section: (none) Explanation/Reference:
QUESTION 111 Which statements are true with respect to the management VLAN feature? Select THREE. A. Management access to the switch is restricted to the console port because the management VLAN has no physical network ports. B. A management VLAN prevents unauthorized access to switches largely by not being visible to the data network. C. Management traffic is "virtually" isolated with absolute minimum port access. D. The VLAN ID of the management VLAN must be the largest available in the switch; this is typically 1023. E. You must execute the management-vlan menu option on all switches in the management VLAN. F. The management VLAN is a separate virtual network not accessible by data network traffic. It is used to help secure management access. G. A management VLAN cannot be used in a routed environment because it would allow someone from a user VLAN to access the management VLAN without a physical connection to the management VLAN. Answer: BCF Section: (none) Explanation/Reference:
QUESTION 112 An HP ProCurve 9308m Routing Switch has just been installed in your customer's data center. To prevent unauthorized users from making configuration changes, he wants to set passwords on the routing switch. Which type of password must he set on the routing switch to allow himself full access to all configuration commands? A. B. C. D.
super-user manager operator administrator
Answer: A Section: (none) Explanation/Reference:
QUESTION 113 You receive a call from a customer who cannot access the CLI interface on an HP ProCurve 5304xl switch
because she has forgotten the password. For security purposes she has disabled the password-clear function of the front-panel buttons. How could you help her to regain management access to the switch? A. Press the Reset button on the front panel of the switch for at least 20 seconds to return the switch to factory defaults. B. Press the Clear button on the front panel of the switch for at least 10 seconds to return the switch to factory defaults. C. Use the Reset and Clear buttons on the front panel of the switch together to return the switch to factory defaults. D. You will need to call HP Support and obtain a one-time-use password. This is the only way to regain management access to the switch once the password-clear function has been disabled. Answer: C Section: (none) Explanation/Reference:
QUESTION 114 You have a customer who has just installed a 5304xl switch in an open area of his office. Although the switch is installed in a closed rack with a locking door, he is concerned that it might be possible for someone to access the front panel buttons on the switch. Which commands will allow him to prevent the switch from having its passwords and configuration information cleared? Select TWO. A. B. C. D. E.
no front-panel-security factory-reset no front-panel-security password-clear reset-on-clear no front-panel-security password-recovery no front-panel-security password-clear front-panel-security password-clear reset-on-clear
Answer: AD Section: (none) Explanation/Reference:
QUESTION 115 The IT department of a local high school has recently installed new HP ProCurve switches. They are setting up Authorized IP Managers to limit management access to the switches. Which access levels can be granted to an Authorized IP Manager? Select TWO. A. B. C. D. E.
manager administrator supervisor aoperator user
Answer: AD Section: (none) Explanation/Reference:
QUESTION 116 A new customer who recently installed HP ProCurve switches wants to specify administrative stations using
the Authorized IP Managers list. When specifying the IP mask within the Authorized IP Managers list, which role does the IP mask serve? It _______. A. B. C. D.
specifies a range of IP addresses to deny management access provides the subnet mask that the IP address belongs to specifies a single or range of IP addresses for management access specifies a single IP address only for telnet access
Answer: C Section: (none) Explanation/Reference:
QUESTION 117 A customer is in the process of setting up and installing new HP ProCurve switches. As part of the setup, the Authorized IP Managers feature has been enabled. Which benefit will the customer realize? A. Web proxy servers should be implemented to complement the Authorized IP Managers security feature. B. A security system will be in place by allowing management access only from specified management stations. C. It requires less IP address planning than LDAP security. D. It can be enforced on Web, SSH, Telnet, and serial management sessions. Answer: B Section: (none) Explanation/Reference:
QUESTION 118 You are the manager of several individuals who have the authority to make configuration changes to the HP ProCurve 2650 and 6108 switches deployed within your organization. What is the most efficient way to authenticate individuals who log in to the switches with manager privileges? A. Define a unique local manager account for each member of the team. B. Leverage existing directory services by importing the team members' user name/password pairs to the local user database of each switch. C. Configure the switches to use the RADIUS protocol to access the existing directory service, and configure the server to accept authentication requests from the switches. D. Configure the switches to use a RADIUS server to authenticate users against an existing directory, and configure accounting services on the server to record each manager login event. Answer: C Section: (none) Explanation/Reference:
QUESTION 119 A network administrator plans to use a RADIUS server to authenticate access from the console to all the HP ProCurve switches. It is decided that the RADIUS server will be the primary authentication method and no secondary authentication method will be used. What will be the result of this proposed configuration? A. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, then access is denied.
B. The primary authentication method for operator-level access through the console port is the RADIUS server; if no RADIUS server is found, then access is denied. C. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, then only operator-level access is granted. D. This configuration is not allowed because the console port must allow the use of a username from the local database in the event that the RADIUS server is not reachable. Answer: D Section: (none) Explanation/Reference:
QUESTION 120 Secure communications are often passed through a hashing algorithm. The hash result is sent to the receiver along with the message. Which security function does this perform? A. B. C. D.
confidentiality authorization integrity authentication
Answer: C Section: (none) Explanation/Reference:
QUESTION 121 A customer uses a type of cipher that creates a 'keystream' that is combined with the plaintext message to produce ciphertext. Which one of this type of cipher is most commonly used today? A. B. C. D. E.
ArcFour DES - Data Encryption Standard RC4 - Rivest Cipher 4 AES - Advanced Encryption Standard Triple DES - 3DES
Answer: C Section: (none) Explanation/Reference:
QUESTION 122 A customer wants to implement a Hybrid encryption solution to provide a secure means of communication between their main office and remote sales offices. Which statement best describes a Hybrid encryption solution? A. B. C. D.
Use symmetric encryption to setup the session key, and use asymmetric encryption for the conversation. Use public key encryption to setup the session key, and use private key encryption for the conversation. Use asymmetric encryption to setup the session key, and use symmetric encryption for the conversation. Use Diffie-Hellman encryption to setup the session key, and use RSA Data Security encryption for the conversation.
Answer: C Section: (none) Explanation/Reference:
QUESTION 123 What is true with regard to Public Key Infrastructure (PKI)? A. PKI uses a key pair, one private and one public, but does not use digital certificates. B. PKI is a symmetric key scheme that uses digital certificates and certificate authorities to encrypt messages. C. PKI uses digital certificates and certificate authorities to manage key exchanges between a sender and receiver. D. PKI uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt the message to ensure confidentiality, authentication, integrity and non-repudiation. Answer: C Section: (none) Explanation/Reference:
QUESTION 124 What is the main difference between EAP-TLS and EAP-MD5? A. EAP-TLS uses a challenge/handshake mechanism for authentication; EAP-MD5 uses certificates for authentication. B. EAP-TLS uses a challenge/handshake mechanism for authentication and encryption; EAP-MD5 uses certificates for authentication and encryption. C. EAP-TLS uses a name and password along with digital certificates to produce a session key; EAP-MD5 uses a name and password to produce a session key. D. EAP-TLS uses digital certificates for mutual authentication; EAP-MD5 uses a challenge/handshake mechanism to authenticate the client to the server. Answer: D Section: (none) Explanation/Reference:
QUESTION 125 A software company uses 802.1X to authenticate all users on the network and to allow contract employees access to the network only during normal business hours. What is the best approach for configuring this time restriction? A. Configure a "Time Restriction" policy and assign the user accounts for each contract employee to the policy. B. Configure an access policy on the RADIUS server that associates a time restriction with usernames of the contract employees. C. Create a "contractors" group in Active Directory (LDAP) and assign time restrictions to the group. D. Configure an access policy on the RADIUS server that associates a time restriction with a "contractors" group. Answer: D Section: (none)
Explanation/Reference:
QUESTION 126 A Windows XP workstation is configured with an 802.1X supplicant client. When a client connects to a switch port with 802.1X authentication enabled, which messages may be generated by the client to gain access to the network? Select TWO. A. B. C. D. E.
EAP-response-identity EAP-request-identity EAP-access-challenge EAPOL-start EAP-access-request
Answer: AD Section: (none) Explanation/Reference:
QUESTION 127 Which role does an "authenticator" play in the 802.1X authentication process in an HP ProCurve switch network? A. The authenticator sends an "access-challenge" message to the supplicant to request client credentials. B. The authenticator provides two-way translation between EAP messages and RADIUS messages. C. The authenticator validates the "EAP-identity-request" and responds with either an "accept" or "reject" message. D. The authenticator encapsulates an "EAP-access-request" inside of a RADIUS "response-identity" packet and forwards it on for validation. Answer: B Section: (none) Explanation/Reference:
QUESTION 128 You support a network that has ports in a conference room that is regularly used by guests. You have decided to define a guest VLAN that allows access to the internet and prevents access to corporate resources. Which solution provides the most flexibility and lowest management overhead while placing the guest users in the appropriate VLAN? A. Require that guests connect only to ports in the conference room that are members of the guest VLAN. B. Enable 802.1X on the conference room ports. Give guests a temporary logon ID and provide them with 802.1X supplicant software. Associate guest user IDs with a guest VLAN that prevents access to corporate resources. C. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the authorized VLAN for these ports. D. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the unauthorized VLAN for these ports. Answer: D Section: (none)
Explanation/Reference:
QUESTION 129 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user shown in the diagram connects to the network as shown, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: D Section: (none) Explanation/Reference:
QUESTION 130 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user provides valid authentication information, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: A Section: (none) Explanation/Reference:
QUESTION 131 You want to use IEEE 802.1X port authentication to assign Microsoft Active Directory users to a particular VLAN based on their user IDs. What must be in place? Select TWO. A. B. C. D. E.
The VLAN ID must be defined in a GVRP configuration. The user must be a member of an Active Directory Group that has an associated RADIUS policy. The user must be a member of a group that is associated with a VLAN ID in a RADIUS policy. The VLAN ID must exist on the switch. The port through which the user is authenticating must be defined as a member of the VLAN.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 132 In an 802.1X authentication environment there are different methods by which a user can be placed on a VLAN. Which method has the highest priority on a given port? A. B. C. D.
an authorized VLAN assignment configured on the switch at the time 802.1X was enabled for the port a dynamic VLAN assignment from the RADIUS server the statically assigned VLAN configured for the port the priority determined by the command used to configure the port for 802.1X authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 133 You have a 5300xl switch which has two VLANs configured on it. VLAN 10 has an IP Address range of 10.1.10.0/24 and is where your servers reside. VLAN 20 has an IP Address range of 10.1.20.0/24 and is where your network clients reside. You configure an Access Control List 101 with these entries: permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet When you apply this ACL inbound on the interface for VLAN 20, what would be the end result for the clients on VLAN 20? A. They would be allowed only HTTP, FTP and telnet access to 10.1.10.10 and full access to everything else on the 10.1.10.0 subnet. B. They would be allowed only HTTP, FTP, and telnet access to 10.1.10.10 but no access anywhere else. C. They would not be able to access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL. D. They would have no access at all because the ACL is misconfigured Answer: B Section: (none) Explanation/Reference:
QUESTION 134 What is true with regard to standard and extended access control lists (ACLs) on the HP ProCurve 5300xl? A. A standard ACL can only specify a filter based on a destination IP address, while an extended ACL can specify both source and destination IP addresses. B. Standard and extended ACLs can both specify Layer 4 TCP/UDP ports, but only an extended ACL can specify precedence and type of service traffic. C. An extended ACL can filter traffic from a source TCP/UDP port to a destination IP address, while a standard ACL only supports filters based on the source IP address. D. An extended ACL supports filtering on both source and destination TCP/UDP ports, while a standard ACL only supports source TCP/UDP ports. Answer: C Section: (none) Explanation/Reference:
QUESTION 135 Exhibit:
A network administrator creates an ACL on the core 5300xl router that denies Telnet traffic from any IP source to any IP destination, but permits all other IP traffic. The ACL is applied as an "outbound" access group to VLAN 50. If no other ACLs have been configured on the router, what is a result of this configuration? A. B. C. D.
Clients in VLAN 50 can Telnet to local devices but not to devices in other VLANs. Clients in VLAN 50 cannot Telnet to VLAN 100 but they can access the web servers in that VLAN. Clients in VLAN 1 can Telnet only to local devices and to devices on VLAN 100. Clients in VLAN 1 can Telnet to all devices on all three VLANs.
Answer: C Section: (none) Explanation/Reference:
QUESTION 136 You have enabled port security using the "send-disable" action. Which administrative action, if any, is required after an intrusion to enable the device to return to normal operation? A. B. C. D.
No action is required. The intrusion flag must be cleared. The port must be enabled. The intrusion flag must be cleared and the port must be enabled.
Answer: D Section: (none) Explanation/Reference:
QUESTION 137 The network administrator of a university realizes that students in the on campus housing are connecting wireless access points and switches to the network. The administrator wants to limit a particular port to one MAC address at a time, but is not concerned about the actual address. Which security feature on the 5300xl provides flexibility while effectively limiting a port to a single MAC address at a time?
A. B. C. D.
Port security learn mode limited-continuous MAC lockdown learn mode limited-continuous MAC lockout learn mode limited-continuous 802.1X MAC authentication
Answer: A Section: (none) Explanation/Reference:
QUESTION 138 When using multiple RADIUS servers, what is true with regard to configuration of encryption keys or shared secrets on the HP ProCurve switch? A. B. C. D.
The keys for all servers in the domain must be the same. The keys for all servers in the domain must be different. A globally defined key overrides the key associated with an individual server. A key associated with a server overrides the globally defined key.
Answer: D Section: (none) Explanation/Reference:
QUESTION 139 The HP ProCurve Access Control Security solution helps protect valuable network resources and intellectual property from internal and external security threats. As part of this solution, 802.1X and RADIUS technology on HP switches controls network access based on which criteria? Select THREE. A. B. C. D. E. F. G.
locked out MAC addresses type of applications used on the network type of client OS login location on the network access control lists (ACLs) user's role within in an organization time of access
Answer: DFG Section: (none) Explanation/Reference:
QUESTION 140 What is the role of a NAS in the AAA security framework? A. B. C. D.
A Network Authentication Server stores AAA authorized user names and passwords. A Network Access Server contacts an AAA server to validate user credentials. A Network Accounting Server contains the logs that account for a user's activities. A Network Access Server provides user names and passwords for an AAA-compliant LDAP server.
Answer: B Section: (none) Explanation/Reference:
QUESTION 141 You are designing a network security solution for the sales office of a manufacturing company that is upgrading their current network while attempting to use some of their existing network equipment and servers. Acting on your suggestion, they have decided to implement 802.1X for network authentication. What are the requirements to implement 802.1X throughout their network? Select THREE A. B. C. D. E. F. G.
802.1X Supplicant software on all clients A RADIUS server to provide centralized authentication An 802.1X compliant web browser on all clients A database of all MAC Addresses that will access the network Access Control Lists on all network switches that require port access authentication network switches that support 802.1X port-based network authentication a DHCP server to provide IP Addresses for clients so they can begin the authentication dialog
Answer: ABF Section: (none) Explanation/Reference:
QUESTION 142 * You have just installed three new ProCurve 4100gl switches in a remote closet on your LAN. * You have assigned IP addresses to them and included a basic security configuration that includes operator and manager passwords and a listing of IP Authorized Managers. * When you return to the data center you connect to the switches from your management station to ensure that you can manage the switches remotely. * Later you are called to another building to deal with some end user problems. * When you are finished assisting the end-users, you attempt to telnet to the new switches but are unable to connect. * You can ping the switches from your current location, but all attempts at management through telnet and the Web interface fail. What is most likely the problem? A. B. C. D.
There is no telnet password assigned to the switches. SSH has not been enabled on the switches. Your current workstation is not one of the IP Authorized Managers. No RADIUS server has been configured on the switches.
Answer: C Section: (none) Explanation/Reference:
QUESTION 143 A RADIUS ACCESS-ACCEPT packet is sent by _______. A. a dial up user to a RADIUS client B. a dial up user to a RADIUS server
C. the RADIUS server to the client and may contain restrictions on the user's connection D. the RADIUS client to the server to acknowledge the connection parameters Answer: C Section: (none) Explanation/Reference:
QUESTION 144 You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication. All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors. Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources. You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you only see authentication requests coming from the third floor switch. Why can't the second floor users connect to the network? A. No default gateway has been configured on the second floor switch, therefore no authentication requests can reach the RADIUS Server B. The second floor users are using the wrong EAP type in their attempts to authenticate to the RADIUS Server. C. The RADIUS Server IP Address has not been configured on the second floor switch D. The RADIUS shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS Server. Answer: C Section: (none) Explanation/Reference:
QUESTION 145 A new employee has just joined your company in the Accounting department. You are using 802.1X for portbased authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can. What is most likely the problem? A. The switch to which he is connected has an incorrect RADIUS shared secret. B. The remote access permission has not been granted to his Active Directory user profile. C. The switch to which he is connecting has the wrong IP address configured for its RADIUS authentication server. D. The switch to which he is connecting has no default gateway, therefore the authentication requests can not reach the RADIUS server. Answer: B Section: (none) Explanation/Reference:
QUESTION 146 In the process of designing a security solution for a large library, the IT administrator tells you that they have a large section of workstations that both library staff and customers use. She does not want to have to install any new software on these stations but she does need to be able give library personnel access to resources
that can not be accessible to the public at large. What technology would best suit this situation? A. B. C. D.
Web Authentication MAC Authentication 802.1X Authentication Port Security
Answer: A Section: (none) Explanation/Reference:
QUESTION 147 You have implemented a network security solution for your client based upon the 802.1X protocol using 5300xl switches, the ProCurve Access Control Client and Microsoft IAS. In this solution, the 5300xl switches are acting as ________. A. B. C. D.
policy decision points policy enforcement points authentication servers proxy servers
Answer: B Section: (none) Explanation/Reference:
QUESTION 148 You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X authentication on the edge switches. The customer has limited rack space in his remote closets and consequently wants to use 1U stackable switches with the highest port density available. What HP ProCurve Switch series is the best fit for the edge switches in this solution? A. B. C. D.
HP ProCurve 5300xl HP ProCurve 4100gl HP ProCurve 2600 HP ProCurve 2500
Answer: C Section: (none) Explanation/Reference:
QUESTION 149 You have a customer who is considering implementing an IEEE 802.11-based wireless network. The customer manufactures and tests RADAR systems. Which feature of the 802.11g standard would make it the best fit for this customer? A. it operates in the 2.4 GHz frequency band B. it operates at a maximum data rate of 54 Mb/s C. It is compatible with 802.11a clients
D. it operates in the 5 GHz frequency band Answer: A Section: (none) Explanation/Reference:
QUESTION 150 Which frequency offers fast data rates, but also has the most potential for interference from microwave ovens, cordless phones, and Bluetooth devices? A. B. C. D.
900 MHz 2.4 GHz 5 GHz 7.2 GHz
Answer: B Section: (none) Explanation/Reference:
QUESTION 151 The 802.11 standard maps to which OSI layers? A. B. C. D.
Physical, Data Link Physical, Data Link, Network Physical, Data Link, Network, Transport Physical, Data Link, Network, Transport, Session
Answer: A Section: (none) Explanation/Reference:
QUESTION 152 During a dinner meeting, you transfer some documents to a customer through your 802.11g wireless card without the aid of an access point. During this process you and he formed ______________. A. B. C. D.
an Independent Basic Service Set an Extended Basic Service Set a WEP Key pair a Standard Basic Service Set
Answer: A Section: (none) Explanation/Reference:
QUESTION 153 You have installed an 802.11a access point for your customer. At certain times of the day the customer
notices significant connectivity issues. Upon further investigation, you determine that they are experiencing radio frequency interference issues. Which technologies could be causing this interference? Select TWO. A. B. C. D. E.
cordless phones Bluetooth devices microwave ovens fluorescent lights RADAR
Answer: AE Section: (none) Explanation/Reference:
QUESTION 154 A ProCurve 420 has been installed in a network that has no DHCP server. On which IP address would you be able to communicate with the access point to provide initial configuration? A. B. C. D.
10.0.0.1 42.0.0.1 172.16.1.1 192.168.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 155 Your customer has told you that he is allocating the 10.1.1.0/24 subnet for use in his wireless network. Which command will statically assign an IP address of 10.1.1.10 with a default gateway of 10.1.1.1 to an HP ProCurve 420 Access Point? A. B. C. D.
HP Procurve Access Point 420(if-wireless g)# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 10.1.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 156 Your client has installed ProCurve 520wls to provide wireless network access for his employees. When the access points are first powered on in a default state, which username/password pair would allow you to access the configuration from the web interface? A. B. C. D.
[blank]/public admin/[blank] admin/password [blank]/password
Answer: A Section: (none) Explanation/Reference:
QUESTION 157 While working with a ProCurve 420, your customer notices a file called "dflt-img.bin" in the flash memory of her access point. What is the purpose of this image file on the access point? A. B. C. D.
It is the default system image and will always be used to boot the access point. It is the default location for the most current configuration file It is a default system image that can be used if the current system image is corrupted. It has no purpose
Answer: C Section: (none) Explanation/Reference:
QUESTION 158 Your client has decided to upgrade the security on his wireless network by implementing WPA instead of WEP which he currently uses. One of the advantages of WPA is a protocol known as the Temporal Key Integrity Protocol (TKIP). This protocol improves security by _______. A. B. C. D.
creating new encryption keys for each packet of data transmitted on the wireless network rotating encryption keys on a configurable time schedule using an encryption algorithm that is more secure than RC4 providing encrypted communications between the access points at the edge of the network and an authentication server in the data center
Answer: A Section: (none) Explanation/Reference:
QUESTION 159 When used in conjunction with WEP, the 802.1X protocol provides a dynamic _______ key for each individual client and a dynamic _________ key for packets destined for all clients. A. B. C. D.
broadcast, session multicast, session broadcast, multicast session, broadcast
Answer: D Section: (none) Explanation/Reference:
QUESTION 160
Which Extensible Authentication Protocols will a ProCurve 520wl support? Select TWO. A. B. C. D. E.
SIM TLS LEAP PEAP EAP-OL
Answer: BD Section: (none) Explanation/Reference:
QUESTION 161 One of your enterprise customers has engaged your services in designing and implementing their wireless network. You expect this network to have high traffic levels. What are two weaknesses in WEP that would make you choose to implement WPA? Select TWO. A. B. C. D. E.
There is a flaw in the RC4 encryption algorithm in WEP. The XOR operation in WEP creates cipher text that is not complex enough. WEP encryption keys are sent over the air in clear text. WEP keys are statically configured on all access points and clients. The Initialization Vector (IV) in WEP is too short.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 162 A customer places a ProCurve 520wl with a single ProCurve 170wl 802.11g card installed in the lobby of the building to allow guests to access the Internet. Because employees may want to also access the Internet and corporate intranet from the lobby, he wishes to separate guest traffic from employee traffic using VLANs. How can he configure the access point to achieve this goal? A. Configure two separate tagged VLANs on the access point card and associate them both with the same SSID. B. Configure two separate tagged VLANs on the access point card and associate each with its own SSID. C. Configure two separate untagged VLANs on the access point card and associate each with its own SSID. D. Configure the access point to require 802.1X authentication and configure a RADIUS server to supply VLAN attributes based on individual logins. Answer: B Section: (none) Explanation/Reference:
QUESTION 163 You have a client who is upgrading his wireless network to improve security. He is going to implement Enterprise WPA instead of WEP. Which benefits will he gain by using WPA? Select TWO.
A. B. C. D. E.
port-access authentication using 802.1X better encryption of data using 3DES instead of RC4 seamless roaming through the use of a linger timer per packet encryption key rotation using TKIP client/access point authentication using shared keys
Answer: AD Section: (none) Explanation/Reference:
QUESTION 164 You have a customer who wants to use the web-based authentication feature on his ProCurve switch to improve security on his wireless LAN. In order for a client to access network resources, the customer must ________. A. configure a DHCP scope on the switch to provide temporary IP addresses while they are being authenticated B. set the client-limit switch parameter to at least 2 to permit more than one device to connect through a given port C. configure the switch with the MAC addresses of each wireless client that will connect through it D. enable the client-moves parameter to allow clients to move from wired connections to the wireless network Answer: B Section: (none) Explanation/Reference:
HP.ActualTests.HP0-756.v2009-04-09.by.Ramon.54q Number: HP0-756 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-756 Title : HP ProCurve Secure Mobility Solutions Ver : 04-09-09 HP0-756
Exam A QUESTION 1 When you are performing a backup on the 740wl, the system _______. A. creates an image of the system and copies it to the default directory on a TFTP server B. creates an image of the system and copies it to its hard disk C. creates a text file that contains all of the configuration settings and copies it to a directory of your choice on the HTTP client computer D. logs off all users before beginning the backup Answer: B Section: (none) Explanation/Reference:
QUESTION 2 Which LDAP extension contains group information returned by Microsoft Active Directory? A. B. C. D.
cn SAMAccountName memberOf groupofuniquename
Answer: C Section: (none) Explanation/Reference:
QUESTION 3 Requiring wireless clients to authenticate to the network reduces the risk that _______. A. B. C. D.
wireless signals will be intercepted messages will be delivered to the wrong recipient access points will be subjected to denial of service attacks persons who are not entitled will gain access to the network
Answer: D Section: (none) Explanation/Reference:
QUESTION 4 The 700wl system is more scalable than wireless security solutions that are based on access points and router ACLs. This is true because the 700wl system _________. A. B. C. D.
enables efficient use of bandwidth by assigning users to APs that are not fully subscribed enables the implementation of network-wide policies from a single location enables users to roam from AP to AP without re-authenticating ensures that users are authenticated before gaining access to the secure network
Answer: B
Section: (none) Explanation/Reference:
QUESTION 5 What are the components of a 700wl Rights Assignment? (Choose three) A. B. C. D. E. F.
User Profile Identity Profile Connection Profile Security Policy Group Policy Access Policy
Answer: BCF Section: (none) Explanation/Reference:
QUESTION 6 Under what circumstances does the HP ProCurve Access Control Server 740wl forward user traffic to the secure network? The 740wl ___________. A. B. C. D.
forwards user traffic during roaming forwards user traffic if an Access Controller fails never forwards user traffic forwards user traffic until the user is authenticated
Answer: C Section: (none) Explanation/Reference:
QUESTION 7 A 720wl's default downlink IP address is ________. A. B. C. D.
used as the default gateway for all clients used by the 740wl to communicate with the 720wl dictated by the 740wl for all 720wls in a 700wl system the address to which NAT clients' source addresses translated
Answer: C Section: (none) Explanation/Reference:
QUESTION 8 At approximately 7:30 p.m., a user complains that she cannot access her mail server from a conference room. She claims she was able to access the mail server earlier in the day from her desk. What system tool
is most useful for troubleshooting this user's network access problem? A. B. C. D.
Client Status page User Rights Simulator LDAP Transaction Tracer RADIUS Transaction Tracer
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 At a customer site, all guest users who log on through the 700wl system can access the customer's intranet servers. To improve security, you configure a Redirected Traffic Filter so that guests, who attempt to access intranet resources, will be redirected to a Web page displaying guest access rules. When testing the filter, you see that guest users actually receive a "Page not available" error when attempting to access these resources. To troubleshoot this problem, you should make sure you _______. A. B. C. D.
disabled all default Redirected Traffic Filters to ensure they do not conflict with your custom filter configured an Authentication Policy and logon procedure for all guest users associated the new Redirected Traffic Filter with the Access Policy that affects guests configured an Allowed Traffic Filter to specify the destination of the redirected traffic
Answer: D Section: (none) Explanation/Reference:
QUESTION 10 You are troubleshooting an HP ProCurve Integrated Access Manager 760wl that is not reachable through the web or Telnet. Which information about the device's configuration can be gathered from the LCD panel on the device's front panel? Select TWO. A. B. C. D. E.
system time system uptime IP addressing information number of transmitted packets installed software version
Answer: CE Section: (none) Explanation/Reference:
QUESTION 11 At a customer site, you are configuring an HP ProCurve Access Control Server 740wl. Which tasks can be performed at the CLI? Select TWO. A. configure IP address B. configure a connected 720wl C. set administrative password
D. add users to built-in database E. configure LDAP authentication Answer: AC Section: (none) Explanation/Reference:
QUESTION 12 You are configuring a 740wl at a customer site. To set the shared secret without echoing it to the console, you must enter set sharedsecret with _____________ A. B. C. D.
the noecho parameter the shared secret as a parameter no parameters the administrative password
Answer: C Section: (none) Explanation/Reference:
QUESTION 13 You must configure a 720wl that has not received an IP address through DHCP. How can you configure an IP address for this system? A. Use the Administrative Console to locate the 740wl by its MAC address and select it from the list of available devices. B. Start a web browser session using the default IP address 42.0.0.1. C. Start a web browser session using the factory-assigned IP address of the uplink port. D. Start a Telnet session with the default IP address 42.0.0.1. E. Start a direct serial console session and configure the device's IP address at the CLI. Answer: E Section: (none) Explanation/Reference:
QUESTION 14 Which statement is true about the date and time configuration of the 700wl devices? A. B. C. D.
Time settings must be dynamically acquired or statically defined each time the 740wl is rebooted. The 740wl can be configured to obtain time services from an NTP server. The 740wl and each 720wl cannot be configured to obtain time services from different servers. The 720wl acquires its time settings from the 740wl.
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 When organizing 720wl Access Controllers into folders in the Administrative Console, you cannot _______. A. B. C. D.
place more than five devices in a folder create folders within folders create custom folders configure more than five folders
Answer: B Section: (none) Explanation/Reference:
QUESTION 16 Which statement is true regarding this naming convention? 740wl-760wl-dist-4.1.1.37. The file ________. A. B. C. D.
is invalid because the filename has no extension is designated for use in local updates must be compiled before installation must be accompanied by a checksum file
Answer: B Section: (none) Explanation/Reference:
QUESTION 17 The administrator of a 700wl system is performing a remote update on multiple 720wl devices. To simplify this task, the administrator changes the names of the image and checksum files. The administrator is careful to not change the file extensions. The update will ________. A. B. C. D.
fail on devices currently running version 3 software succeed for all devices fail for all devices fail if it is not performed at the CLI
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 A user at a customer site connects to a port on a 720wl with a wireless PC. The 700wl system will make a Rights Assignment for this client _______. A. B. C. D.
immediately after the client is authenticated when the client first attempts to access an intranet server when the client submits authentication credentials immediately after the client sends an IP packet
Answer: D
Section: (none) Explanation/Reference:
QUESTION 19 Exhibit:
John is a user associated with the "Marketing" Identity Profile who connects through a 720wl port associated with the "Main Office" Connection Profile. In the exhibit, identify the row in the Rights Assignment table that will apply to John while the 700wl system is evaluating John's credentials. A. B. C. D. E.
1 2 3 4 5
Answer: D Section: (none) Explanation/Reference:
QUESTION 20 A client of a 700wl system, configured with the default "Authenticated" Access Policy, enters "http://1.1.1.1" into the location bar of a Web browser. The browser displays _______. A. B. C. D.
the 700wl Stop Page the Administrative Console the 700wl Logon Page a "page not available" error
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 IP addresses for the five system-defined address variables on a 740wl are _______. A. entered in its network configuration B. learned from interactions with clients C. validated with the transaction trace tool
D. acquired by querying upstream routers Answer: A Section: (none) Explanation/Reference:
QUESTION 22 At default settings, how often does the 700wl system require authenticated clients to resubmit their credentials? A. B. C. D.
every hour every six hours never every day at 12:00 a.m.
Answer: C Section: (none) Explanation/Reference:
QUESTION 23 The administrator of a 700wl system can associate limitations on days and hours of network access with the _______. A. B. C. D.
Identify Profile Authentication Policy Connection Profile Access Policy
Answer: C Section: (none) Explanation/Reference:
QUESTION 24 A Location may be associated with _______. Select TWO. A. B. C. D. E. F.
all uplink ports on an Access Controller all downlink ports on an Access Controller all downlink ports on an Access Control Server one downlink port on an Access Controller one uplink port on an Access Controller one downlink port on an Access Control Server
Answer: BD Section: (none) Explanation/Reference:
QUESTION 25 Address variables _______. A. B. C. D.
are required in custom traffic filters make it easier to associate a resource with multiple Identity Profiles must be used in tcpdump expressions instead of actual IP addresses make it easier to update traffic filters if the address of a resource changes
Answer: D Section: (none) Explanation/Reference:
QUESTION 26 You are configuring a 700wl system to require clients with high-level security access to re-authenticate to the system every day, even if they are currently connected to the system. To configure this, you could either _______ or ________. Select TWO. A. set the Linger Timeout in the clients' Access Policies to 24 hours B. configure a custom Redirected Traffic filter to ensure that all users are redirected to the Logon page at a specified time each day C. set the relative authentication timer in the clients' Access Policies to 24 hours D. configure a Time Window in the clients' Connection Profiles so that the network is not available to these users for some period each day E. set the absolute authentication timer in the clients' Access Policies to a specific time each day Answer: CE Section: (none) Explanation/Reference:
QUESTION 27 The 700wl system will create a tunnel between two 720wl Access Controllers when _______. A. B. C. D.
data must pass through untrusted networks a user has misconfigured DNS settings a user with open sessions roams between the 720wls data must be encrypted for Wireless Data Privacy
Answer: C Section: (none) Explanation/Reference:
QUESTION 28 A wireless user roams from one 720wl Access Controller to another 720wl. Both Access Controllers are managed by the same 740wl Access Control Server, and the user is subject to the same Access Policy in both locations. If the user has open sessions when the roam begins, the 740wl will _______. A. intercept client traffic and relay it to the first 720wl B. relay information about the client's state to the second 720wl C. assume responsibility for forwarding the client's traffic
D. require the client to re-authenticate in the second location Answer: B Section: (none) Explanation/Reference:
QUESTION 29 You are at a customer site to determine if a new 700wl system will be able to use information in the customer's existing authentication database to make 700wl Rights Assignments. To function in this way, the customer's authentication service must support _______ or _______. Select TWO. A. B. C. D. E.
802.1X LDAP web-based logon Windows monitored logon RADIUS
Answer: BE Section: (none) Explanation/Reference:
QUESTION 30 Exhibit:
In the exhibit, what does the value in the "Group Identity Field" represent? A. The RADIUS attribute sent to the RADIUS server for matching the user data. B. The group name returned by the RADIUS server.
C. The group name of a user after the RADIUS authentication. D. The RADIUS attribute that will return Group information. Answer: D Section: (none) Explanation/Reference:
QUESTION 31 Exhibit:
You are configuring a 740wl to authenticate users against an Active Directory Domain named "procurvedemos.com." To complete this task in the exhibit, you must enter _________. Select TWO. A. B. C. D. E.
"SAMAccountName" in the Username field "dc=procurvedemos.com" in the Base DN field "procurvedemos\\%s" in the "User bind string" field "Microsoft extensions" in the Additional Identity Search field "procurvedemos.com\\%s" in the "User bind string" field
Answer: AC Section: (none) Explanation/Reference:
QUESTION 32
Support for ________ is enabled when you select the RFC 2548 option in a RADIUS Authentication Service on the 700wl system. A. B. C. D.
PAP CHAP MS-CHAP Active Directory
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 The authentication service that requires you to define 700wl users as "dial-in users" is _______. A. B. C. D.
Kerberos Microsoft Active Directory 802.1X Microsoft Internet Authentication Service
Answer: D Section: (none) Explanation/Reference:
QUESTION 34 When configuring Microsoft Internet Authentication Service to interact with the 700wl system, what must you define as a RADIUS client? A. B. C. D.
720wl Access Controller 740wl Access Control Server wireless access point client computer
Answer: B Section: (none) Explanation/Reference:
QUESTION 35 Which tool provides the specific rights of an LDAP user in XML format? A. B. C. D.
User Rights Simulator LDAP Transaction Tracer RADIUS Transaction Tracer Locations Manager matrix
Answer: A Section: (none) Explanation/Reference:
QUESTION 36 A client of the 700wl system requires a real IP address when the client _______. Select TWO. A. cannot obtain an address in the system's default address range because all available addresses are in use B. must be contacted from within the secure network for management and administration C. is connected to a 720wl Access Controller that is in a different subnet than the 740wl Access Control Server D. is configured with a static IP address that is not valid in the secure network E. uses peer-to-peer applications that require peers to sometimes initiate conversations Answer: BE Section: (none) Explanation/Reference:
QUESTION 37 All sales representatives at a customer site must obtain real IP addresses from a DHCP server on the secure network. To enable the 700wl system to support this requirement, you must configure _______. Select TWO. A. the uplink port of the sales representatives' 740wl with an IP address in the same range as the DHCP server B. the 740wl to relay all DHCP requests to the internal network C. the 720wl's DHCP server to synchronize its address scope with the scope used by the internal DHCP server D. Access Policies for sales representatives that include NAT options set to "When Necessary" E. a Connection Profile that places all sales representatives in the same VLAN F. the 720wl port where sales representatives connect with an IP address in the same range as the addresses the representatives will receive from the server Answer: DF Section: (none) Explanation/Reference:
QUESTION 38 All account managers at a customer site must receive real IP addresses from a DHCP server on the company's secure network. The managers all connect to the network using wireless through a 700wl system. The default gateway for these users should be the address of _______. A. B. C. D.
the port subnet address of the 720wl port where the managers connect a router interface upstream from the 720wl a router interface situated between the managers' access points and the 720wl the 720wl's uplink port
Answer: B Section: (none) Explanation/Reference:
QUESTION 39 User 2, a 'real' IP client, is authenticated at a 720wl Access Controller labeled 'AC3', and successfully roams to a 720wl Access Controller labeled 'AC4'. Sessions that are initiated after the roam are _______. A. B. C. D.
tunneled from AC3 to AC4 before being forwarded to the destination host established with the destination host through AC4 tunneled from AC4 to AC3 before being forwarded to the destination host established with the destination host through AC3
Answer: C Section: (none) Explanation/Reference:
QUESTION 40 Wireless Data Privacy uses hashing to _______. A. B. C. D.
verify the identities of authenticated users detect modifications made to transmitted packets create encrypted tunnels between clients and servers prevent Denial of Service attacks on network resources
Answer: B Section: (none) Explanation/Reference:
QUESTION 41 Symmetric cryptography _______. A. B. C. D.
operates on one bit at a time rather than a fixed size block is used for encrypting and decrypting data in real time operates on a fixed size block rather than one bit at a time uses separate, mathematically related keys for encryption and decryption
Answer: B Section: (none) Explanation/Reference:
QUESTION 42 As implemented on the 700wl system, SSH enables a client to _______. A. define an encryption key that will be used to encrypt all data it sends to the network B. set up an encrypted, authenticated tunnel and define types of traffic to be forwarded through the tunnel to the network C. log on to the secure network using PPTP or L2TP/IPSec D. choose whether to use machine-level authentication or user-level authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 43 Wireless Data Privacy protects the identity of source and destination IP addresses by _______. A. translating the actual destination IP address to that of the VPN gateway's network uplink B. encapsulating the original IP datagram as the payload of a new datagram C. replacing the original datagram with a fixed-size hash value that is encrypted by the sender and decrypted by the receiver D. translating the actual source IP address to that of the VPN gateway's network uplink Answer: B Section: (none) Explanation/Reference:
QUESTION 44 The sales representatives at a customer site will connect to the 700wl system using VPN client software that implements PPTP. To configure the 700wl system to support this requirement, you must enable PPTP in the _______. A. B. C. D.
Connection Profiles and Locations where these users will connect Access Policies that apply to these users before and after authentication Identity Profiles with which these users will be associated Authentication Policies that will affect these users
Answer: B Section: (none) Explanation/Reference:
QUESTION 45 Which authentication services are allowed when using PPTP? Select TWO. A. B. C. D. E. F.
128 bit MPPE Kerberos RADIUS with RFC 2548 LDAP with SSLv3 Built-in 802.1X
Answer: CE Section: (none) Explanation/Reference:
QUESTION 46
An IPSec Security Association is _______. A. a full-duplex logical connection that is negotiated by two IPSec peers B. a one-way negotiated agreement on encryption and authentication procedures and parameters between IPSec peers C. established between two IPSec peers after an L2TP tunnel is set up D. required when two peers are operating in Main Mode; Aggressive Mode does not require a Security Association Answer: B Section: (none) Explanation/Reference:
QUESTION 47 The 700wl system supports single sign-on using _______ logon. Select TWO. A. B. C. D. E.
802.1X Kerberos Windows domain LDAP browser-based
Answer: AC Section: (none) Explanation/Reference:
QUESTION 48 The role of the 700wl system in monitored logon is to _______. A. use information provided by the LDAP or RADIUS server to apply the correct Access Policies to wireless users B. submit authentication credentials of wireless clients to authentication servers for processing C. compare credentials returned by authentication servers with the built-in database D. listen passively for authentication messages and permit access after the user is authenticated Answer: D Section: (none) Explanation/Reference:
QUESTION 49 The 700wl system's adaptive guest support enables the system to _______. A. B. C. D.
identify guests who should not be permitted to access any network resources support guests whose computers are configured for 802.11a wireless connectivity support guest computers with network settings that are incorrect for the host network filter guest traffic according to individual guests' identities and relationship with the hosting enterprise
Answer: C
Section: (none) Explanation/Reference:
QUESTION 50 A 700wl system at a customer site uses the default "Guest Access" Access Policy. What must be done to enable guest users to access the Internet? A. B. C. D.
configure a custom "Internet" Redirected Traffic Filter for guest users configure the 700wl system to allow all guest IP traffic associate the "Outside World" Allowed Traffic Filter with the Access Policy make no configuration changes because Internet access is enabled by default
Answer: C Section: (none) Explanation/Reference:
QUESTION 51 To enable the Automatic HTTP Proxy Service for guest users, you must define proxy server addresses for _______. A. B. C. D.
the "Guest Access" Access Policy each 720wl that will support guest users each Connection Profile that will support guest users every component of the 700wl system
Answer: B Section: (none) Explanation/Reference:
QUESTION 52 The full-edge deployment of the 700wl system provides for greater flexibility in policy definition than the single-gateway solution. This is because _______. A. B. C. D.
multiple 740wl Access Control Servers manage each 720wl each 720wl is connected directly to a 740wl each 720wl downlink port supports a single wireless access point each wireless access point is defined as a virtual location
Answer: C Section: (none) Explanation/Reference:
QUESTION 53 The single-gateway design for a 700wl system is suitable for smaller networks because it _______. A. does not require any configuration of network switches
B. requires fewer 700wl devices than the full-edge solution C. enables more granular policies than the full-edge solution D. does not require the use of VLANs and virtualized locations Answer: B Section: (none) Explanation/Reference:
QUESTION 54 You are designing a 700wl system for deployment at a landscaping and facility-maintenance firm. Which circumstance could require the use of virtualized locations? A. Users associated with the "Designers" Identity Profile must access the 700wl system from multiple locations. B. One 720wl downlink port must support the "Maintenance" Connection Profile and the "Design" Connection Profile. C. The system must support redundant 740wl Access Control Servers located in different subnets. D. Designers must use LDAP authentication, and maintenance personnel must use RADIUS authentication. Answer: B Section: (none) Explanation/Reference:
HP.ActualTests.HP0-757.v2009-04-10.by.Ramon.70q Number: HP0-757 Passing Score: 800 Time Limit: 120 min File Version: 1.0
HP0-757 Exam : HP ProCurve Security Titl e : 04.10.09 Ver : HP0-757
Exam A QUESTION 1 A school needs to deploy a 5300 series switch in a lab where students and faculty have physical access to the switch. If the network administrator disables the front panel "clear password" and "factory reset" options, what must the administrator do to recover from a lost manager-level password? A. Press the "Reset" button and issue the command no front-panel-security password-clear reset-on-clear from the serial port within 60 seconds. B. Contact HP Customer Care to obtain a one-time use password. C. From the CLI, issue the command no front-panel-security password-clear reset-on-clear and press the "clear" button on the front panel. D. Telnet from a client on the management VLAN, issue the command front-panel-security passwordrecovery and type pwrecover at the password prompt. Answer: B Section: (none) Explanation/Reference:
QUESTION 2 A software company uses 802.1X to authenticate all users on the network and to allow contract employees access to the network only during normal business hours. What is the best approach for configuring this time restriction? A. Configure a "Time Restriction" policy and assign the user accounts for each contract employee to the policy. B. Configure an access policy on the RADIUS server that associates a time restriction with usernames of the contract employees. C. Create a "contractors" group in Active Directory (LDAP) and assign time restrictions to the group. D. Configure an access policy on the RADIUS server that associates a time restriction with a "contractors" group. Answer: D Section: (none) Explanation/Reference:
QUESTION 3 The network administrator of a university realizes that students in the on campus housing are connecting wireless acccess points and switches to the network. The administrator wants to limit a particular port to one MAC address at a time, but is not concerned about the actual address. Which security feature on the 5300xl provides flexibility while effectively limiting a port to a single MAC address at a time? A. B. C. D.
Port security learn mode limited-continuous MAC lockdown learn mode limited-continuous MAC lockout learn mode limited-continuous 802.1X MAC authentication
Answer: A Section: (none) Explanation/Reference:
QUESTION 4 You have a new customer who is very concerned about the security of his internal campus network. You suggest that the HP ProCurve Access Control Solution may provide the level of safety and security that he is looking for. Which options are part of the HP ProCurve Access Control Solution? Select THREE. A. B. C. D. E. F. G.
Web Authentication Intrusion Detection Systems Hardware Firewalls Access Control Lists 802.1X Authentication Virtual Private Networks Anti-Virus Software
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 5 A pharmaceutical company has recently moved into a new three-story office building. They are sharing a core routing switch between two departments: human resources, and research and development. Both departments have edge switches deployed and neither department wants the other to have management access to their respective HP ProCurve edge switches. Which security measures would be recommended to limit management access to the respective departments? Select TWO. A. B. C. D. E.
SSH SSL Authorized IP Managers management VLANs Microsoft Windows User Domain Security limits
Answer: CD Section: (none) Explanation/Reference:
QUESTION 6 The HP ProCurve Access Control Security Solution is primarily designed to protect the edge of the internal network. Which problem could be solved by implementing the Access Control Security Solution? A. B. C. D.
a computer virus that infects PC operating systems an Internet hacker who compromises a public web server from outside the firewall an unauthorized user who gains access to the campus network through open ports an Internet hacker who launches a Denial of Service attack against a gateway router
Answer: C Section: (none) Explanation/Reference:
QUESTION 7
There is a customer environment where both employees and visitors will have access to network resources. When considering issues dealing with physical security, which questions should you consider? Select THREE. A. B. C. D. E. F. G.
Which ports are assigned to the management VLAN? Who has access to the room? Is there a 'visitor' policy? Who knows the manager level passwords? Is it in a secure area of the building? Does the data center meet Military Level Security Requirements? Has accessibility been limited to administrators only?
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 8 SNMP version 3 introduces security features that may be incompatible with managment applications that use previous versions of SNMP. Which command allows an SNMPv2 management application to access an HP ProCurve switch that must also support SNMPv3 in a secure network environment? A. B. C. D.
snmpv3 community ro snmpv3 restricted-access snmpv3 enable-v2-access snmpv3 enable community ro
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 When a customer is implementing SSH on HP ProCurve switches, what are the correct locations for the keys? Select TWO. A. B. C. D. E.
Client private keys are stored on the client. Switch private keys are stored on the client. Client public keys are stored on the switch. Client private keys are stored on the switch. Client private and public keys are stored on the client and switch.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 10 Which authentication types does SSH support? Select TWO. A. NDS switch user/password authentication
B. C. D. E.
switch SSH and user password authentication LDAP public key authentication client RSA authentication PKI digital certificate authentication
Answer: BD Section: (none) Explanation/Reference:
QUESTION 11 A customer, who is already using SSH for secure communications, wants the client to authenticate itself using client RS A. Which additional preparatory steps are necessary to set up client RSA authentication? Select TWO. B. Generate a public/private key pair on the switch. C. Copy the client public key to the switch. D. Copy the client private key to the switch. E. Copy the public/private key pair to the client. F. Generate a public/private key pair on the client computer. Answer: BE Section: (none) Explanation/Reference:
QUESTION 12 A customer has recently installed and configured 300 HP ProCurve switches supporting SSL security. What are the benefits of using SSL? Select TWO. A. B. C. D. E.
fully encrypted sessions for configuring the switch remotely via the serial console authenticates the switch to client using a digital certificate fully encrypted sessions for configuring the switch remotely via Telnet uses switch-based Java applet for secure authentication fully encrypted sessions for configuring the switch remotely via web browser
Answer: BE Section: (none) Explanation/Reference:
QUESTION 13 A customer currently manages all of their HP ProCurve switches using the plain text web interface. They now want to use SSL for encrypted web-based management. Which steps must be completed before enabling SSL? Select TWO. A. B. C. D.
generate a self-signed server certificate for HTTPS generate an HTTPS client certificate generate an RSA key file for HTTPS certificates disable plain text web management first
E. import a certificate request from a Certificate Authority Answer: AC Section: (none) Explanation/Reference:
QUESTION 14 What are the main steps for configuring SNMPv3 access management after enabling SNMPv3 on an HP ProCurve 5300xl switch? A. B. C. D.
Create communities; create groups; assign communities to groups Create users; assign users to groups Create users; create groups; assign users to groups Create users; create communities; assign users to communities
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 When designing a management VLAN, which ProCurve solution should an administrator implement at the core and the Layer 2 edge devices? A. Enable management VLANs to provide security at the core; apply an IP address only to the core switch; and use ACLs at the Layer 2 switches. B. Use ACLs to provide security at the core; enable management VLANs at the Layer 2 switches; and apply an IP address only to the management VLAN. C. Enable management VLANs to provide security at the core and at Layer 2 switches; ACLs are not required. D. Configure a separate management network with dedicated ports to isolate all management traffic at the core and at the Layer 2 switches. Answer: B Section: (none) Explanation/Reference:
QUESTION 16 Which statements are true with respect to the management VLAN feature? Select THREE. A. Management access to the switch is restricted to the console port because the management VLAN has no physical network ports. B. A management VLAN prevents unauthorized access to switches largely by not being visible to the data network. C. Management traffic is "virtually" isolated with absolute minimum port access. D. The VLAN ID of the management VLAN must be the largest available in the switch; this is typically 1023. E. You must execute the management-vlan menu option on all switches in the management VLAN. F. The management VLAN is a separate virtual network not accessible by data network traffic. It is used to help secure management access.
G. A management VLAN cannot be used in a routed environment because it would allow someone from a user VLAN to access the management VLAN without a physical connection to the management VLAN. Answer: BCF Section: (none) Explanation/Reference:
QUESTION 17 An HP ProCurve 9308m Routing Switch has just been installed in your customer's data center. To prevent unauthorized users from making configuration changes, he wants to set passwords on the routing switch. Which type of password must he set on the routing switch to allow himself full access to all configuration commands? A. B. C. D.
super-user manager operator administrator
Answer: A Section: (none) Explanation/Reference:
QUESTION 18 A customer consults you about network infrastructure security. She wants to allow one of her staff read-only access to the switches. She has not configured a manager password, only an operator password. You advise her that this is not an appropriate solution, because _______. A. passwords are case-sensitive, and entering the Operator password in all capitals enables full manager privileges B. when you configure only an Operator password, entering the Operator password enables full manager privileges C. a user with the Operator password can erase the startup configuration, reboot the switch, and gain access with full manager privileges D. even with the Operator password, a user can enter the hidden no password command, reboot the switch, and gain access with full manager privileges Answer: B Section: (none) Explanation/Reference:
QUESTION 19 You receive a frantic call from a customer who cannot access the CLI interface on an HP ProCurve 5304xl switch because she has forgotten the password. For security purposes she has disabled the password-clear function of the front-panel buttons. How could you help her to regain management access to the switch? A. Press the Reset button on the front panel of the switch for at least 20 seconds to return the switch to factory defaults. B. Press the Clear button on the front panel of the switch for at least 10 seconds to return the switch to factory defaults.
C. Use the Reset and Clear buttons on the front panel of the switch together to return the switch to factory defaults. D. You will need to call HP Support and obtain a one-time-use password. This is the only way to regain management access to the switch once the password-clear function has been disabled. Answer: C Section: (none) Explanation/Reference:
QUESTION 20 You have a customer who has just installed a 5304xl switch in an open area of his office. Although the switch is installed in a closed rack with a locking door, he is concerned that it might be possible for someone to access the front panel buttons on the switch. Which commands will allow him to prevent the switch from having its passwords and configuration information cleared? Select TWO. A. B. C. D. E.
no front-panel-security factory-reset no front-panel-security password-clear reset-on-clear no front-panel-security password-recovery no front-panel-security password-clear front-panel-security password-clear reset-on-clear
Answer: AD Section: (none) Explanation/Reference:
QUESTION 21 The IT department of a local high school has recently installed new HP ProCurve switches. They are setting up Authorized IP Managers to limit management access to the switches. Which access levels can be granted to an Authorized IP Manager? Select TWO. A. B. C. D. E.
administrator manager supervisor operator user
Answer: BD Section: (none) Explanation/Reference:
QUESTION 22 A customer would like to enhance the local password security currently used for switch management access. He is considering using the Authorized IP Manager feature. Which access methods are protected by this feature? Select THREE. A. B. C. D.
WMI access (with DMI options enabled) Web access Console port access LDAP username/password authentication
E. file transfers using Xmodem (for configurations and software updates) F. Telnet access G. SNMP access Answer: BFG Section: (none) Explanation/Reference:
QUESTION 23 A new customer who recently installed HP ProCurve switches wants to specify administrative stations using the Authorized IP Managers list. When specifying the IP mask within the Authorized IP Managers list, which role does the IP mask serve? It _______. A. B. C. D.
specifies a range of IP addresses to deny management access provides the subnet mask that the IP address belongs to specifies a single or range of IP addresses for management access specifies a single IP address only for telnet access
Answer: C Section: (none) Explanation/Reference:
QUESTION 24 You want to limit management of your 5304xl switches using IP Authorized Managers. You have configured an IP Authorized Manager entry of 10.1.10.4 255.255.255.248. How many IP addresses will be allowed to manage your 5300s? A. B. C. D.
1 4 6 8
Answer: D Section: (none) Explanation/Reference:
QUESTION 25 A customer is in the process of setting up and installing new HP ProCurve switches. As part of the setup, the Authorized IP Managers feature has been enabled. Which benefit will the customer realize? A. Web proxy servers should be implemented to complement the Authorized IP Managers security feature. B. A security system will be in place by allowing management access only from specified management stations. C. It requires less IP address planning than LDAP security. D. It can be enforced on Web, SSH, Telnet, and serial management sessions. Answer: B Section: (none)
Explanation/Reference:
QUESTION 26 You are the manager of several individuals who have the authority to make configuration changes to the HP ProCurve 2650 and 6108 switches deployed within your organization. What is the most efficient way to authenticate individuals who log in to the switches with manager privileges? A. Define a unique local manager account for each member of the team. B. Leverage existing directory services by importing the team members' user name/password pairs to the local user database of each switch. C. Configure the switches to use the RADIUS protocol to access the existing directory service, and configure the server to accept authentication requests from the switches. D. Configure the switches to use a RADIUS server to authenticate users against an existing directory, and configure accounting services on the server to record each manager login event. Answer: C Section: (none) Explanation/Reference:
QUESTION 27 A network engineer is responsible for setting up RADIUS authentication for 75 HP ProCurve switches. As part of the planning, which pieces of information will the network engineer need to obtain from the person who maintains the RADIUS server? Select TWO. A. B. C. D. E.
IP address and port number of the RADIUS server whether local authentication should be used as a secondary method whether a RADIUS server is available for use as a secondary authentication method the shared secret or encryption key used by the server the names of the users that should be authorized to use the switch
Answer: AD Section: (none) Explanation/Reference:
QUESTION 28 A network administrator plans to use a RADIUS server to authenticate access from the console to all the HP ProCurve switches. It is decided that the RADIUS server will be the primary authentication method and no secondary authentication method will be used. What will be the result of this proposed configuration? A. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, then access is denied. B. The primary authentication method for operator-level access through the console port is the RADIUS server; if no RADIUS server is found, then access is denied. C. The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, then only operator-level access is granted. D. This configuration is not allowed because the console port must allow the use of a username from the local database in the event that the RADIUS server is not reachable. Answer: D Section: (none)
Explanation/Reference:
QUESTION 29 Secure communications are often passed through a hashing algorithm. The hash result is sent to the receiver along with the message. Which security function does this perform? A. B. C. D.
confidentiality authorization integrity authentication
Answer: C Section: (none) Explanation/Reference:
QUESTION 30 A customer uses a type of cipher that creates a 'keystream' that is combined with the plaintext message to produce ciphertext. Which one of this type of cipher is most commonly used today? A. B. C. D. E.
ArcFour DES - Data Encryption Standard RC4 - Rivest Cipher 4 AES - Advanced Encryption Standard Triple DES - 3DES
Answer: C Section: (none) Explanation/Reference:
QUESTION 31 A customer wants to implement a Hybrid encryption solution to provide a secure means of communication between their main office and remote sales offices. Which statement best describes a Hybrid encryption solution? A. B. C. D.
Use symmetric encryption to setup the session key, and use asymmetric encryption for the conversation. Use public key encryption to setup the session key, and use private key encryption for the conversation. Use asymmetric encryption to setup the session key, and use symmetric encryption for the conversation. Use Diffie-Hellman encryption to setup the session key, and use RSA Data Security encryption for the conversation.
Answer: C Section: (none) Explanation/Reference:
QUESTION 32 Which statement correctly describes a hashing process? The computer takes a message and breaks it into _______.
A. random sized "blocks" based on the encryption used, and sequentially feeds the blocks into the hashing function B. predetermined sized "blocks", then encrypts and transmits the private key to begin the hashing algorithm C. predetermined sized "blocks" and sequentially feeds the blocks into the hashing function D. random sized "blocks" based on the encryption used, then encrypts and transmits the private key to begin the hashing algorithm Answer: C Section: (none) Explanation/Reference:
QUESTION 33 What is true with regard to Public Key Infrastructure (PKI)? A. PKI uses a key pair, one private and one public, but does not use digital certificates. B. PKI is a symmetric key scheme that uses digital certificates and certificate authorities to encrypt messages. C. PKI uses digital certificates and certificate authorities to manage key exchanges between a sender and receiver. D. PKI uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt the message to ensure confidentiality, authentication, integrity and non-repudiation. Answer: C Section: (none) Explanation/Reference:
QUESTION 34 A network administrator wants to prevent users in the marketing department from accessing servers on the finance network. Both departments are connected to the network with an 5300xl switch. Finance department users should have access to the finance servers as well as other common network resources. Which measures combined would accomplish this goal? Select TWO. A. Enforce resource operating system security on the finance servers in the form of user names and passwords. B. Place marketing department users in a different VLAN than the finance servers. C. Apply access control lists to router interfaces to prevent unauthorized traffic from reaching the finance servers. D. Isolate the "problem" users in the marketing department by placing them in a separate physical network. E. Provide multiple physical interfaces for the finance server. Answer: BC Section: (none) Explanation/Reference:
QUESTION 35 What is the main difference between EAP-TLS and EAP-MD5? A. EAP-TLS uses a challenge/handshake mechanism for authentication; EAP-MD5 uses certificates for authentication.
B. EAP-TLS uses a challenge/handshake mechanism for authentication and encryption; EAP-MD5 uses certificates for authentication and encryption. C. EAP-TLS uses a name and password along with digital certificates to produce a session key; EAP-MD5 uses a name and password to produce a session key. D. EAP-TLS uses digital certificates for mutual authentication; EAP-MD5 uses a challenge/handshake mechanism to authenticate the client to the server. Answer: D Section: (none) Explanation/Reference:
QUESTION 36 A Windows XP workstation is configured with an 802.1X supplicant client. When a client connects to a switch port with 802.1X authentication enabled, which messages may be generated by the client to gain access to the network? Select TWO. A. B. C. D. E.
EAP-request-identity EAP-response-identity EAP-access-challenge EAPOL-start EAP-access-request
Answer: BD Section: (none) Explanation/Reference:
QUESTION 37 Which role does an "authenticator" play in the 802.1X authentication process in an HP ProCurve switch network? A. The authenticator sends an "access-challenge" message to the supplicant to request client credentials. B. The authenticator provides two-way translation between EAP messages and RADIUS messages. C. The authenticator validates the "EAP-identity-request" and responds with either an "accept" or "reject" message. D. The authenticator encapsulates an "EAP-access-request" inside of a RADIUS "response-identity" packet and forwards it on for validation. Answer: B Section: (none) Explanation/Reference:
QUESTION 38 You support a network that has ports in a conference room that is regularly used by guests. You have decided to define a guest VLAN that allows access to the internet and prevents access to corporate resources. Which solution provides the most flexibility and lowest management overhead while placing the guest users in the appropriate VLAN? A. Require that guests connect only to ports in the conference room that are members of the guest VLAN.
B. Enable 802.1X on the conference room ports. Give guests a temporary logon ID and provide them with 802.1X supplicant software. Associate guest user IDs with a guest VLAN that prevents access to corporate resources. C. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the authorized VLAN for these ports. D. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the unauthorized VLAN for these ports. Answer: D Section: (none) Explanation/Reference:
QUESTION 39 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user shown in the diagram connects to the network as shown, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: D Section: (none) Explanation/Reference:
QUESTION 40 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user provides valid authentication information, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: C Section: (none) Explanation/Reference:
QUESTION 41 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user provides valid authentication information, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: A Section: (none) Explanation/Reference:
QUESTION 42 What is the benefit of dynamic VLAN assignment using 802.1X on HP ProCurve switches? It enables an administrator to __________. A. assign an edge port to a "guest" VLAN for users who cannot authenticate to the RADIUS server B. assign users to VLANs dynamically based on their network authentication information C. provide unlimited network access for users that have valid user credentials but do not have 802.1X supplicant software installed D. create and manage VLANs on a RADIUS server and dynamically assign them to edge switches Answer: B Section: (none) Explanation/Reference:
QUESTION 43 You want to use IEEE 802.1X port authentication to assign Microsoft Active Directory users to a particular VLAN based on their user IDs. What must be in place? Select TWO. A. B. C. D. E.
The VLAN ID must be defined in a GVRP configuration. The user must be a member of a group that is associated with a VLAN ID in a RADIUS policy. The user must be a member of an Active Directory Group that has an associated RADIUS policy. The VLAN ID must exist on the switch. The port through which the user is authenticating must be defined as a member of the VLAN.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 44 In an 802.1X authentication environment there are different methods by which a user can be placed on a VLAN. Which method has the highest priority on a given port? A. B. C. D.
an authorized VLAN assignment configured on the switch at the time 802.1X was enabled for the port a dynamic VLAN assignment from the RADIUS server the statically assigned VLAN configured for the port the priority determined by the command used to configure the port for 802.1X authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 45 The network administrator of a private college wants to enable web authentication for all access ports in the student housing buildings. In addition, he wants to address the growing problem of students using unauthorized switches to network more than one device per access port. What additional configuration is required to prevent more than one authenticated user from connecting to a port that has default web authentication enabled? A. B. C. D.
Enable port security with the address-limit 1 option. The default client limit is 1 for Web authentication so no further configuration is required. Enable port security with the learn-mode port-access option. Add an option to the port-access command that limits the number of MAC addresses to 1.
Answer: B Section: (none) Explanation/Reference:
QUESTION 46 A customer wants to provide stricter access security for all network clients and implement a combination of 802.1X and MAC authentication. Which parameters must be configured on the RADIUS server to support the ports configured with MAC authentication? Select TWO.
A. Configure PAP to support unencrypted authentication of network peripherals. B. Create a user on the RADIUS server using the MAC address of the device for the username and the password. C. Create a user on the RADIUS server using the MAC address of the device for the username and the RADIUS shared secret for the password. D. Configure CHAP RADIUS for the authentication method. E. Create a user on the RADIUS server using the MAC address of the device for the username and do not configure a password (leave it blank). F. Configure EAP RADIUS for the authentication method. Answer: BD Section: (none) Explanation/Reference:
QUESTION 47 You have a 5300xl switch which has two VLANs configured on it. VLAN 10 has an IP Address range of 10.1.10.0/24 and is where your servers reside. VLAN 20 has an IP Address range of 10.1.20.0/24 and is where your network clients reside. You configure an Access Control List 101 with these entries: permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet When you apply this ACL inbound on the interface for VLAN 20, what would be the end result for the clients on VLAN 20? A. They would be allowed only HTTP, FTP and telnet access to 10.1.10.10 and full access to everything else on the 10.1.10.0 subnet. B. They would be allowed only HTTP, FTP, and telnet access to 10.1.10.10 but no access anywhere else. C. They would not be able to access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL. D. They would have no access at all because the ACL is misconfigured Answer: B Section: (none) Explanation/Reference:
QUESTION 48 What is true with regard to standard and extended access control lists (ACLs) on the HP ProCurve 5300xl? A. A standard ACL can only specify a filter based on a destination IP address, while an extended ACL can specify both source and destination IP addresses. B. Standard and extended ACLs can both specify Layer 4 TCP/UDP ports, but only an extended ACL can specify precedence and type of service traffic. C. An extended ACL can filter traffic from a source TCP/UDP port to a destination IP address, while a standard ACL only supports filters based on the source IP address. D. An extended ACL supports filtering on both source and destination TCP/UDP ports, while a standard ACL only supports source TCP/UDP ports. Answer: C Section: (none) Explanation/Reference:
QUESTION 49 Exhibit:
A network administrator creates an ACL on the core 5300xl router that denies Telnet traffic from any IP source to any IP destination, but permits all other IP traffic. The ACL is applied as an "outbound" access group to VLAN 50. If no other ACLs have been configured on the router, what is a result of this configuration? A. B. C. D.
Clients in VLAN 50 can Telnet to local devices but not to devices in other VLANs. Clients in VLAN 50 cannot Telnet to VLAN 100 but they can access the web servers in that VLAN. Clients in VLAN 1 can Telnet only to local devices and to devices on VLAN 100. Clients in VLAN 1 can Telnet to all devices on all three VLANs.
Answer: C Section: (none) Explanation/Reference:
QUESTION 50 You have enabled port security using the "send-disable" action. Which administrative action, if any, is required after an intrusion to enable the device to return to normal operation? A. B. C. D.
No action is required. The intrusion flag must be cleared. The port must be enabled. The intrusion flag must be cleared and the port must be enabled.
Answer: D Section: (none) Explanation/Reference:
QUESTION 51 You are the network administrator for an organization with a security policy that limits network access to computers with a fixed set of applications installed. If you enable port security on HP ProCurve edge switches, you may specify a _______. A. single permitted user name/password pair per port
B. list of permitted user name/password pairs per switch C. single permitted MAC address per port D. list of permitted MAC addresses per switch Answer: C Section: (none) Explanation/Reference:
QUESTION 52 Which statement is true with regard to the AAA security framework? It _______. A. B. C. D.
defines standardized processes for access, authorization, and accountability defines standardized processes for authentication, authorization, and accounting is an application-neutral Internet standard that defines access control for layer 3 switches is an HP-proprietary specification that defines how HP ProCurve switches process login sessions
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 When using multiple RADIUS servers, what is true with regard to configuration of encryption keys or shared secrets on the HP ProCurve switch? A. B. C. D.
The keys for all servers in the domain must be the same. The keys for all servers in the domain must be different. A globally defined key overrides the key associated with an individual server. A key associated with a server overrides the globally defined key.
Answer: D Section: (none) Explanation/Reference:
QUESTION 54 The HP ProCurve Access Control Security solution helps protect valuable network resources and intellectual property from internal and external security threats. As part of this solution, 802.1X and RADIUS technology on HP switches controls network access based on which criteria? Select THREE. A. B. C. D. E. F. G.
locked out MAC addresses type of applications used on the network type of client OS login location on the network access control lists (ACLs) user's role within in an organization time of access
Answer: DFG Section: (none)
Explanation/Reference:
QUESTION 55 What is the role of a NAS in the AAA security framework? A. B. C. D.
A Network Authentication Server stores AAA authorized user names and passwords. A Network Access Server contacts an AAA server to validate user credentials. A Network Accounting Server contains the logs that account for a user's activities. A Network Access Server provides user names and passwords for an AAA-compliant LDAP server.
Answer: B Section: (none) Explanation/Reference:
QUESTION 56 What is the default state for a port configured to require IEEE 802.1X port authentication? A. B. C. D. E.
restricted unauthorized closed authorized disabled
Answer: B Section: (none) Explanation/Reference:
QUESTION 57 You are designing a network security solution for the sales office of a manufacturing company that is upgrading their current network while attempting to use some of their existing network equipment and servers. Acting on your suggestion, they have decided to implement 802.1X for network authentication. What are the requirements to implement 802.1X throughout their network? Select THREE A. B. C. D. E. F. G.
802.1X Supplicant software on all clients A RADIUS server to provide centralized authentication An 802.1X compliant web browser on all clients A database of all MAC Addresses that will access the network Access Control Lists on all network switches that require port access authentication network switches that support 802.1X port-based network authentication a DHCP server to provide IP Addresses for clients so they can begin the authentication dialog
Answer: ABF Section: (none) Explanation/Reference:
QUESTION 58
An important benefit of IEEE 802.1X authentication is that _________. A. users can be associated directly with network resources on the basis of their MAC address B. authenticated users can be dynamically assigned to a particular VLAN C. a switch can propose its own authentication information to a server on behalf of users connected to its ports D. each switch port can have a list of up to 8 authorized MAC addresses Answer: B Section: (none) Explanation/Reference:
QUESTION 59 Scenario: * You have just installed three new ProCurve 4100gl switches in a remote closet on your LAN. * You have assigned IP addresses to them and included a basic security configuration that includes operator and manager passwords and a listing of IP Authorized Managers. * When you return to the data center you connect to the switches from your management station to ensure that you can manage the switches remotely. * Later you are called to another building to deal with some end user problems. * When you are finished assisting the end-users, you attempt to telnet to the new switches but are unable to connect. * You can ping the switches from your current location, but all attempts at management through telnet and the Web interface fail. What is most likely the problem? A. B. C. D.
There is no telnet password assigned to the switches. SSH has not been enabled on the switches. Your current workstation is not one of the IP Authorized Managers. No RADIUS server has been configured on the switches.
Answer: C Section: (none) Explanation/Reference:
QUESTION 60 A RADIUS ACCESS-ACCEPT packet is sent by _______. A. B. C. D.
a dial up user to a RADIUS client a dial up user to a RADIUS server the RADIUS server to the client and may contain restrictions on the user's connection the RADIUS client to the server to acknowledge the connection parameters
Answer: C Section: (none) Explanation/Reference:
QUESTION 61 Which message is sent by a RADIUS client to a RADIUS server?
A. B. C. D.
ACCESS-REQUEST ACCESS-QUERY ACCESS-CHALLENGE ACCESS-RESPONSE
Answer: A Section: (none) Explanation/Reference:
QUESTION 62 You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication. All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors. Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources. You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you only see authentication requests coming from the third floor switch. Why can't the second floor users connect to the network? A. No default gateway has been configured on the second floor switch, therefore no authentication requests can reach the RADIUS Server B. The second floor users are using the wrong EAP type in their attempts to authenticate to the RADIUS Server. C. The RADIUS Server IP Address has not been configured on the second floor switch D. The RADIUS shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS Server. Answer: C Section: (none) Explanation/Reference:
QUESTION 63 You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication. All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors. Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources. You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you see that authentication requests coming from the second floor switch are being denied because they are coming from an unauthorized client. Why can't second floor users connect to the network? A. The second floor users are using the wrong EAP type in their attempts to authenticate to the RADIUS Server. B. IP Routing has not been enabled on the second floor switch;therefore no authentication requests can reach the RADIUS Server. C. The second floor switch has not been configured as a client on the RADIUS server. D. The RADIUS shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS Server Answer: C Section: (none) Explanation/Reference:
QUESTION 64 A new employee has just joined your company in the Accounting department. You are using 802.1X for portbased authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can. What is most likely the problem? A. The switch to which he is connected has an incorrect RADIUS shared secret. B. The remote access permission has not been granted to his Active Directory user profile. C. The switch to which he is connecting has the wrong IP address configured for its RADIUS authentication server. D. The switch to which he is connecting has no default gateway, therefore the authentication requests can not reach the RADIUS server. Answer: B Section: (none) Explanation/Reference:
QUESTION 65 A new employee has just joined your company in the Human Resources department. You are using an ProCurve 5304xl switch with 802.1X enabled for port-based authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can. What is most likely the problem? A. The switch to which he is connected has an incorrect RADIUS shared secret. B. The switch to which he is connecting has the wrong IP address configured for its RADIUS authentication server. C. He is using an EAP type that is not allowed by the remote access policy to which his Active Directory user profile is associated. D. The switch to which he is connecting has no default gateway, therefore the authentication requests can not reach the RADIUS server. Answer: C Section: (none) Explanation/Reference:
QUESTION 66 In the process of designing a security solution for a large library, the IT administrator tells you that they have a large section of workstations that both library staff and customers use. She does not want to have to install any new software on these stations but she does need to be able give library personnel access to resources that can not be accessible to the public at large. What technology would best suit this situation? A. B. C. D.
Web Authentication MAC Authentication 802.1X Authentication Port Security
Answer: A
Section: (none) Explanation/Reference:
QUESTION 67 You have implemented a network security solution for your client based upon the 802.1X protocol using 5300xl switches, the ProCurve Access Control Client and Microsoft IAS. In this solution, the 5300xl switches are acting as ________. A. B. C. D.
policy decision points policy enforcement points authentication servers proxy servers
Answer: B Section: (none) Explanation/Reference:
QUESTION 68 You have implemented a network security solution for your client based upon the 802.1X protocol using the ProCurve Access Control Client, 2650-PWR switches and the Funk Steel-Belted RADIUS server. In this solution, the RADIUS server is acting as a ________. A. B. C. D.
policy repository policy decision point network access server policy enforcement point
Answer: B Section: (none) Explanation/Reference:
QUESTION 69 You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X, Web Authentication and ACLs configured locally on each of the edge switches. What HP ProCurve Switch series is the best fit for this solution? A. B. C. D.
HP ProCurve 2500 HP ProCurve 2600 HP ProCurve 5300xl HP ProCurve 9300m
Answer: C Section: (none) Explanation/Reference:
QUESTION 70
You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X authentication on the edge switches. The customer has limited rack space in his remote closets and consequently wants to use 1U stackable switches with the highest port density available. What HP ProCurve Switch series is the best fit for the edge switches in this solution? A. B. C. D.
HP ProCurve 5300xl HP ProCurve 4100gl HP ProCurve 2600 HP ProCurve 2500
Answer: C Section: (none) Explanation/Reference:
HP.ActualTests.HP0-758.v2009-04-10.by.Ramon.60q Number: HP0-758 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-758 Title : HP ProCurve Mobility Ver : 04-10-2009 HP0-758
Exam A QUESTION 1 Your client has decided to upgrade the security on his wireless network by implementing WPA instead of WEP which he currently uses. One of the advantages of WPA is a protocol known as the Temporal Key Integrity Protocol (TKIP). This protocol improves security by _______. A. B. C. D.
creating new encryption keys for each packet of data transmitted on the wireless network rotating encryption keys on a configurable time schedule using an encryption algorithm that is more secure than RC4 providing encrypted communications between the access points at the edge of the network and an authentication server in the data center
Answer: A Section: (none) Explanation/Reference:
QUESTION 2 Certkiller .com has asked you to design a wireless network for his office using HP 420 Access Points. In one area you decide to use a directional antenna to ensure that the wireless signal propagates down a long hallway. If you wish to limit the radiated power to 1 Watt, what is the highest gain directional antenna that you can use if the access point it is connected to is transmitting at full power? A. B. C. D.
2 dBm 6.5 dBm 10 dBm 14 dBm
Answer: C Section: (none) Explanation/Reference:
QUESTION 3 You have Certkiller .com who has decided to implement an 802.11a wireless network. To maximize performance, you want to avoid radio frequency interference where ever possible. What is the maximum number of non-overlapping channels supported by ProCurve 160wl 802.11a cards? A. B. C. D.
3 5 8 10
Answer: C Section: (none) Explanation/Reference:
QUESTION 4 You have Certkiller .com who is considering implementing an IEEE 802.11-based wireless network. The customer manufactures and tests RADAR systems. Which feature of the 802.11g standard would make it the best fit for this customer?
A. B. C. D.
it operates in the 2.4 GHz frequency band it operates at a maximum data rate of 54 Mb/s It is compatible with 802.11a clients it operates in the 5 GHz frequency band
Answer: A Section: (none) Explanation/Reference:
QUESTION 5 Which frequency offers fast data rates, but also has the most potential for interference from microwave ovens, cordless phones, and Bluetooth devices? A. B. C. D.
900 MHz 2.4 GHz 5 GHz 7.2 GHz
Answer: B Section: (none) Explanation/Reference:
QUESTION 6 The 802.11 standard maps to which OSI layers? A. B. C. D.
Physical, Data Link Physical, Data Link, Network Physical, Data Link, Network, Transport Physical, Data Link, Network, Transport, Session
Answer: A Section: (none) Explanation/Reference:
QUESTION 7 If you configure a wireless access point as a "closed system", then it will no longer broadcast the __________. A. B. C. D.
secure session ID service set identifier WEP Key multicast cipher
Answer: B Section: (none) Explanation/Reference:
QUESTION 8 During a dinner meeting, you transfer some documents to Certkiller .com through your 802.11g wireless card without the aid of an access point. During this process you and he formed ______________. A. B. C. D.
an Independent Basic Service Set an Extended Basic Service Set a WEP Key pair a Standard Basic Service Set
Answer: A Section: (none) Explanation/Reference:
QUESTION 9 While testing for interference, you are getting simultaneous reception of multiple signals due to signal reflections. What is this called? A. B. C. D.
singlepath reception multipath reception canned path reception dualpath reception
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 You have installed an 802.11a access point for your customer. At certain times of the day the customer notices significant connectivity issues. Upon further investigation, you determine that they are experiencing radio frequency interference issues. Which technologies could be causing this interference? Select TWO. A. B. C. D. E.
cordless phones Bluetooth devices microwave ovens fluorescent lights RADAR
Answer: AE Section: (none) Explanation/Reference:
QUESTION 11 For a wireless network to be considered an "open system", what information must be contained in the beacon frames sent by an access point? The ________. A. Service Set Identifier B. WPA Pre-Shared Key
C. Dynamic WEP Key D. CCK Modulation Element Answer: A Section: (none) Explanation/Reference:
QUESTION 12 During a wireless network installation, you install ProCurve 150wl radio cards in slot B of your client's ProCurve 520wl. Which SSID should you expect to see on a client station when the access points are first powered up? A. B. C. D.
Enterprise Wireless B Enterprise Wireless AP My Wireless Network B ProCurve Wireless
Answer: C Section: (none) Explanation/Reference:
QUESTION 13 A ProCurve 420 has been installed in a network that has no DHCP server. On which IP address would you be able to communicate with the access point to provide initial configuration? A. B. C. D.
10.0.0.1 42.0.0.1 172.16.1.1 192.168.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 14 Your customer has told you that he is allocating the 10.1.1.0/24 subnet for use in his wireless network. Which command will statically assign an IP address of 10.1.1.10 with a default gateway of 10.1.1.1 to an HP ProCurve 420 Access Point? A. B. C. D.
HP Procurve Access Point 420(if-wireless g)# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 10.1.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 15 Your client has installed ProCurve 520wls to provide wireless network access for his employees. When the access points are first powered on in a default state, which username/password pair would allow you to access the configuration from the web interface? A. B. C. D.
[blank]/public admin/[blank] admin/password [blank]/password
Answer: A Section: (none) Explanation/Reference:
QUESTION 16 Your client has installed ProCurve 420s to provide wireless network access for his employees. When the access points are first powered on in a default state, which username/password pair would allow you to access the configuration interface? A. B. C. D.
admin/password [blank]/public admin/[blank] [blank]/password
Answer: C Section: (none) Explanation/Reference:
QUESTION 17 You have been called in by Certkiller .com who has lost the management password for her 520wl access point. After trying several possible combinations, you decide to reset the access point to factory default configuration. How do you do this? A. B. C. D. E.
Select RE-INITIALIZE in the web interface. Press the RESET button for about 10 seconds. Press the RELOAD button for about 10 seconds. Reboot the Access Point. Toggle the Access Point's on/off switch.
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 While working with a ProCurve 420, your customer notices a file called "dflt-img.bin" in the flash memory of her access point. What is the purpose of this image file on the access point?
A. B. C. D.
It is the default system image and will always be used to boot the access point. It is the default location for the most current configuration file It is a default system image that can be used if the current system image is corrupted. It has no purpose
Answer: C Section: (none) Explanation/Reference:
QUESTION 19 When used in conjunction with WEP, the 802.1X protocol provides a dynamic _______ key for each individual client and a dynamic _________ key for packets destined for all clients. A. B. C. D.
broadcast, session multicast, session broadcast, multicast session, broadcast
Answer: D Section: (none) Explanation/Reference:
QUESTION 20 Which Extensible Authentication Protocols will a ProCurve 520wl support? Select TWO. A. B. C. D. E.
SIM TLS LEAP PEAP EAP-OL
Answer: BD Section: (none) Explanation/Reference:
QUESTION 21 Which Extensible Authentication Protocols will an HP ProCurve 420 Access Point support? Select TWO. A. B. C. D. E.
PEAP LEAP EAP-OL SIM TTLS
Answer: AE Section: (none) Explanation/Reference:
QUESTION 22 One of your enterprise customers has engaged your services in designing and implementing their wireless network. You expect this network to have high traffic levels. What are two weaknesses in WEP that would make you choose to implement WPA? Select TWO. A. B. C. D. E.
There is a flaw in the RC4 encryption algorithm in WEP. The XOR operation in WEP creates cipher text that is not complex enough. WEP encryption keys are sent over the air in clear text. WEP keys are statically configured on all access points and clients. The Initialization Vector (IV) in WEP is too short.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 23 You are the administrator of an 802.11a network built with ProCurve 520wl access points. You want to enable 802.1X authentication to improve network security. Which entities are required in 802.1X port access authentication? Select THREE. A. B. C. D. E. F. G.
supplicant crypto-key server authentication server syslog server LDAP authentication server KERBEROS server authenticator
Answer: ACG Section: (none) Explanation/Reference:
QUESTION 24 Certkiller .com places a ProCurve 520wl with a single ProCurve 170wl 802.11g card installed in the lobby of the building to allow guests to access the Internet. Because employees may want to also access the Internet and corporate intranet from the lobby, he wishes to separate guest traffic from employee traffic using VLANs. How can he configure the access point to achieve this goal? A. Configure two separate tagged VLANs on the access point card and associate them both with the same SSID. B. Configure two separate tagged VLANs on the access point card and associate each with its own SSID. C. Configure two separate untagged VLANs on the access point card and associate each with its own SSID. D. Configure the access point to require 802.1X authentication and configure a RADIUS server to supply VLAN attributes based on individual logins. Answer: B Section: (none)
Explanation/Reference:
QUESTION 25 A network administrator in a small office wants to enable security on his newly installed wireless LAN. He has decided to use WEP encryption with a 5-character alphanumeric key. Which overall length of encryption will this provide? A. B. C. D. E.
40 bit 64 bit 128 bit 152 bit 512 bit
Answer: B Section: (none) Explanation/Reference:
QUESTION 26 You have a client who wants to improve security on his wireless network by implementing WPA in place of WEP. He is worried that not all of his clients will be able to make the switch to the new security protocol. You reassure him that most of his clients will be able to make the switch with a simple firmware upgrade because both WEP and WPA can use the same encryption algorithm. Which encryption algorithm is supported by both WEP and WPA? A. B. C. D. E.
3DES CAST RC4 DES AES
Answer: C Section: (none) Explanation/Reference:
QUESTION 27 You are installing a new wireless network and have decided to use WPA as your security protocol. Which specific protocol provides for dynamic re-keying of encryption keys in WPA? A. B. C. D.
RC4 TLS TKIP WPA-PSK
Answer: C Section: (none) Explanation/Reference:
QUESTION 28 You have a client who is upgrading his wireless network to improve security. He is going to implement Enterprise WPA instead of WEP. Which benefits will he gain by using WPA? Select TWO. A. B. C. D. E.
better encryption of data using 3DES instead of RC4 port-access authentication using 802.1X seamless roaming through the use of a linger timer per packet encryption key rotation using TKIP client/access point authentication using shared keys
Answer: BD Section: (none) Explanation/Reference:
QUESTION 29 When used in conjunction with ProCurve access points, the ProCurve 5300xl switch can provide web-based authentication for wireless clients. Which network would be the best candidate for using web-based authentication? A. a campus-wide network where wireless clients need to roam between access points connected to multiple switches B. a medium sized network with several wireless printers located throughout the site C. a network which requires dynamic VLAN assignments based on user credentials D. a small office wireless network which has one wireless VLAN and only a few access points Answer: D Section: (none) Explanation/Reference:
QUESTION 30 You have Certkiller .com who wants to use the web-based authentication feature on his ProCurve switch to improve security on his wireless LAN. In order for a client to access network resources, the customer must ________. A. configure a DHCP scope on the switch to provide temporary IP addresses while they are being authenticated B. set the client-limit switch parameter to at least 2 to permit more than one device to connect through a given port C. configure the switch with the MAC addresses of each wireless client that will connect through it D. enable the client-moves parameter to allow clients to move from wired connections to the wireless network Answer: B Section: (none) Explanation/Reference:
QUESTION 31 You are designing a wireless network for a cafeteria that would mainly be used for low-bandwidth applications. The cafeteria is a wide open space with a few columns and typical cafeteria tables and chairs for furniture. To provide coverage with the fewest access points, which antenna would you recommend?
A. B. C. D.
parabolic dish antenna omni-directional antenna directional patch antenna yagi phased array directional antenna
Answer: B Section: (none) Explanation/Reference:
QUESTION 32 In designing a wireless network, the customer needs to have wireless coverage in their warehouse facility for the automated picking and bar-coding inventory system. The warehouse is a wide open space filled with tall, multi-bay steel racks that are filled with an inventory of large metal pumps and valves. To get sufficient coverage down these long aisles, which antenna would you recommend? A. B. C. D.
omni-directional mast parabolic dish directional patch omni-directional dipole
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 You performed a site survey in a large warehouse facility with very high ceilings. You find that the ideal location for placement of the access points would be suspended from the ceilings. Unfortunately, this would require a significant amount of expensive electrical work. Using 802.3af Power over Ethernet would eliminate the electrical installation issue. Which product would you need to specify? A. B. C. D.
ProCurve 520wl ProCurve 420 ProCurve 720wl ProCurve 760wl
Answer: B Section: (none) Explanation/Reference:
QUESTION 34 What are the general categories into which 802.11 wireless LAN antennas fall? A. B. C. D.
semi-directional, highly directional, and multi-directional omni-directional and fully directional omni-directional and highly directional omni-directional, semi-directional, and highly directional
Answer: D
Section: (none) Explanation/Reference:
QUESTION 35 During a wireless implementation for a local college, you plan to use omni-directional antennas for the external areas of the campus. What general purpose do antennas serve in wireless networks? They _________ of wireless LAN systems. A. B. C. D.
stabilize the coverage control the coverage decrease the coverage secure the RF output
Answer: B Section: (none) Explanation/Reference:
QUESTION 36 During a wireless implementation for a local college you plan to use omni-directional diversity antennas for the internal public areas of the campus. You chose these antennas because they provide RF coverage in ________ of the antenna. A. B. C. D.
a concentrated direction around the horizontal axis all directions around the vertical axis a particular direction along the vertical axis all directions around the horizontal axis
Answer: B Section: (none) Explanation/Reference:
QUESTION 37 When designing wireless networks, it is important to remember that government agencies limit the power of RF based networks in certain radio bands. The emitted power of a radio transmitter and any attached antenna is known as its ________. A. B. C. D.
Radiated Radio Frequency Power WIreless System Power Radiation Effective Isotropic Radiated Power Effective Total Power Output
Answer: C Section: (none) Explanation/Reference:
QUESTION 38 You are installing an access point that is transmitting at 16 dBm. It is connected to a directional patch
antenna with a rating of 6.5 dBi through a cable and connector set that is rated at 2.5 dBi. What is the effective gain of this configuration? A. B. C. D.
25 dB 20 dB 12 dB 30 db
Answer: B Section: (none) Explanation/Reference:
QUESTION 39 Exhibit:
Certkiller .com is located on the top floor of a three-story building. The second floor already has an existing 802.11b network using channels 1, 6 and 11. The customer on the third floor wants to install an 802.11b network and requires three access points. Which channels should be used for the three access points? Select TWO. A. B. C. D. E.
AP-A: channel 1, AP-B: channel 6 and AP-C: channel 11 AP-A: channel 7, AP-B: channel 8 and AP-C: channel 9 AP-A: channel 11, AP-B: channel 1 and AP-C: channel 6 AP-A: channel 2, AP-B: channel 3 and AP-C: channel 4 AP-A: channel 6, AP-B: channel 11 and AP-C: channel 1
Answer: CE Section: (none)
Explanation/Reference:
QUESTION 40 You have been asked to connect two wired networks together with a wireless link. They currently share no other network connectivity. What mode would you place the access points in? A. B. C. D.
root mode bridging mode root and bridging mode repeater mode
Answer: B Section: (none) Explanation/Reference:
QUESTION 41 A user is authenticated through a ProCurve 420 with VLANs enabled. However, the RADIUS authentication server does not return a VLAN attribute. What will happen to the user? The user will be _______. A. B. C. D.
placed in the Unauthorized VLAN denied access completely placed on the Management VLAN placed in the access point's Native VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 42 What is the valid range for client VLAN IDs on a ProCurve 420? A. B. C. D.
1-64 1-128 1-2048 1-4095
Answer: D Section: (none) Explanation/Reference:
QUESTION 43 You have Certkiller .com who uses VLANs to segment the network traffic from several groups on his network. He is in the process of installing a wireless network using ProCurve 520wl with 170wl AP cards. He is only going install one AP card in each of his access points. What is the maximum number of VLANs he can configure on each AP? A. 2
B. 8 C. 16 D. 32 Answer: C Section: (none) Explanation/Reference:
QUESTION 44 Clients A and B attempt to communicate with access point C at the same time and a collision occurs because they cannot detect each other's transmissions. Which problem does this illustrate? A. B. C. D.
fast transform retransmission key mis-match hidden client
Answer: D Section: (none) Explanation/Reference:
QUESTION 45 What is the Inter-Access Point Protocol? A. B. C. D.
It is used in wireless bridging. It allows station roaming between subnets. It is used for station roaming between access points. It is an internal access point protocol.
Answer: C Section: (none) Explanation/Reference:
QUESTION 46 What are the main classes of frames defined by the IEEE 802.11 standard? Select THREE. A. B. C. D. E. F. G.
control clear to send data beacon probe management request to send
Answer: ACF Section: (none) Explanation/Reference:
QUESTION 47 Two wireless stations are located in close proximity to the same access point. Which mechanisms prevent them from transmitting at the same time? Select TWO. A. B. C. D. E.
CSMA-CD SYN/ACK CSMA-CA MAC/LLC RTS/CTS
Answer: CE Section: (none) Explanation/Reference:
QUESTION 48 Certkiller .com has noticed that the throughput on his wireless network is not sufficient for his business requirements. As a first step in trying to alleviate this problem, you decide to increase the multicast rate on all of his access points to the maximum setting. This will help to improve real throughput because the multicast rate is the _______. A. B. C. D.
rate at which WEP keys are refreshed rate at which access points send out beacon frames to clients rate at which control and management frames are transmitted to all associated clients raw data rate at which packets are transmitted between a single client and access point
Answer: C Section: (none) Explanation/Reference:
QUESTION 49 While probing a wireless network using the wireless client utility on you computer, you can see that several different SSIDs are shown to be available. Which procedure has your wireless card just performed? A. B. C. D.
a passive scan a WPA PSK refresh an active scan a WEP key refresh
Answer: C Section: (none) Explanation/Reference:
QUESTION 50 Given the complicated nature of wireless bridging, what must be considered before implementation? Select THREE.
A. B. C. D. E. F. G.
auto channel select must be enabled circular links require spanning tree to be set WDS links need to be set to same frequency channel multiple hop links need to be reduced to less than three multiple hop links may lead to long end-to-end latency figures circular links can create IP loops leading to increased performance WDS links need to be set to alternating frequency channels using 1, 6 and 11
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 51 A client is near the edge of a cell and there is no other acceptable access point in the area. What will the client do? Select TWO. A. B. C. D. E.
load balance between two access points eventually lose association initialize offline mode enable QoS fall back to a lower data rate
Answer: BE Section: (none) Explanation/Reference:
QUESTION 52 What is the effect of a low signal to noise ratio? A. B. C. D.
The range of your wireless signal is increased. The access point is causing background noise. Your wireless signal is stronger than all of the background noise. Your radio cannot clearly distinguish a signal from background noise.
Answer: D Section: (none) Explanation/Reference:
QUESTION 53 Range can be impacted by obstacles in the signal path of the radio that either absorb or reflect the radio signal. Which factors describe environmental interference that may impact the cell size used on an 802.11b or 802.11g network? Select TWO. A. B. C. D. E.
wireless IR entertainment system remote controls power lines and power stations wireless 5Ghz telephones 900 MHz wireless security alarm system walls that contain metal, cabinets, and metal desks
Answer: BE Section: (none) Explanation/Reference:
QUESTION 54 You are the administrator of a wireless LAN built with ProCurve 520wl's. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building is illuminating an amber power LED and no other LEDs are lit. Why can't he connect to the wireless network? A. B. C. D.
The cards installed in the access point are incompatible with the current firmware image The access point has a corrupt firmware image The access point is rebooting The access point's radio card has been disabled
Answer: B Section: (none) Explanation/Reference:
QUESTION 55 You have configured a 128-bit WEP key on your access points and distributed the key to all wireless users on your campus. A new employee calls and complains that he cannot connect to the wireless network dispite the fact that he has enabled WEP and entered the 5 character key that he was given by another employee. He cannot connect to the wireless network because 128-bit WEP requires ________. A. B. C. D.
a 16 character alphanumeric key 802.1X supplicant software on the client a 13 character alphanumeric key that his client card support AES encryption
Answer: C Section: (none) Explanation/Reference:
QUESTION 56 You are the administrator of a wireless LAN built with ProCurve 520wl's and you have just installed 170wl cards in all of the access points. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building has a red LED on card A. Why can't he connect to the wireless network? B. The access point has a corrupt firmware image. C. He has the wrong WEP key and the card has shut down because of the security violation. D. The card installed in slot A is incompatible with the current firmware image. E. The radio card in slot A has been disabled. Answer: C Section: (none)
Explanation/Reference:
QUESTION 57 Site surveys are best done at the pre-sales stage in order to provide Certkiller .com with a rough estimate of what their investment will be. What are some important results derived from a site survey? Select TWO. A. B. C. D. E.
How far should the APs be spaced apart (what cell size is needed)? Are there available dedicated power circuits for AP usage to limit noise feedback? Base estimated cell radius of 33 meters supporting 60-90 users at 5.5 Mbps aggregate bandwidth. How many APs will be required in a given area (cell density)? Use an Ultrasonic Wave Analyzer to test signal to noise ratio for proper placement of access points.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 58 Which actions should be taken to test access point coverage during a site survey? Select THREE. A. Temporarily install an access point to test and measure signal to noise ratio levels. B. Use a wireless enabled portable device running an SNR analyzer tool. C. Configure all access points to use the same channel and enable bridge mode operation on all access points. Test connectivity and roaming once the site AP's are setup in bridge mode. D. Enable and verify 802.1X security to insure proper signal encryption and strength. E. Configure overlapping cells using non-overlapping channels and test for coverage. F. Configure WEP keys on client and access points. G. Configure a WDS link between two access points. Answer: ABE Section: (none) Explanation/Reference:
QUESTION 59 Your customer is a convention center that wants to provide 802.11b networking to trade show booths. The convention floor space is a very large area with high ceilings. A typical trade show may have over 300 booths, and any booth may request wireless services for the show at any time in any location. Prior to implementation, what is the best course of action in determining the appropriate distance between access points? A. Ask permission to test signal strength and coverage with one AP and one client at various locations during a live trade show. B. Divide the total square footage into cell sizes based on client density C. Evenly divide up the convention space based on square footage to create equal sized cells D. Estimate the number of stations and evenly spread out the appropriate number of APs that maximizes bandwidth per station Answer: A Section: (none)
Explanation/Reference:
QUESTION 60 You are installing a wireless network inside the local branch of a savings bank. The branch has two floors. The lobby, bank clerk and vault are on the first floor, and there are offices and conference rooms for the bank officers on the second floor. Which object will likely cause the most signal degradation or cancellation to a 2.4GHz transmission? A. B. C. D.
plasterboard in the second floor conference room fiberglass ceiling tiles in the lobby wire-mesh safety glass in front of the bank clerk oak panelling in the bank president's office
Answer: C Section: (none) Explanation/Reference:
HP.ActualTests.HP0-759.v2009-04-09.by.Ramon.84q Number: HP0-759 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-759 Title : HP ProCurve Combined Security and Mobility Exam Ver : 04-09-09 HP0-759
Exam A QUESTION 1 You are the administrator of a wireless LAN built with ProCurve 520wl's. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building is illuminating an amber power LED and no other LEDs are lit. Why can't he connect to the wireless network? A. B. C. D.
The cards installed in the access point are incompatible with the current firmware image The access point has a corrupt firmware image The access point is rebooting The access point's radio card has been disabled
Answer: B Section: (none) Explanation/Reference:
QUESTION 2 You want to limit management of your 5304xl switches using IP Authorized Managers. You have configured an IP Authorized Manager entry of 10.1.10.4 255.255.255.248. How many IP addresses will be allowed to manage your 5300s? A. B. C. D.
1 4 6 8
Answer: D Section: (none) Explanation/Reference:
QUESTION 3 A customer wants to provide stricter access security for all network clients and implement a combination of 802.1X and MAC authentication. Which parameters must be configured on the RADIUS server to support the ports configured with MAC authentication? Select TWO. A. Configure PAP to support unencrypted authentication of network peripherals. B. Create a user on the RADIUS server using the MAC address of the device for the username and the password. C. Create a user on the RADIUS server using the MAC address of the device for the username and the RADIUS shared secret for the password. D. Configure EAP RADIUS for the authentication method. E. Create a user on the RADIUS server using the MAC address of the device for the username and do not configure a password (leave it blank). F. Configure CHAP RADIUS for the authentication method. Answer: BF Section: (none) Explanation/Reference:
QUESTION 4 You have implemented a network security solution for your client based upon the 802.1X protocol using the ProCurve Access Control Client, 2650-PWR switches and the Funk Steel-Belted RADIUS server. In this solution, the RADIUS server is acting as a ________. A. B. C. D.
policy repository policy decision point network access server policy enforcement point
Answer: B Section: (none) Explanation/Reference:
QUESTION 5 You have a new customer who is very concerned about the security of his internal campus network. You suggest that the HP ProCurve Access Control Solution may provide the level of safety and security that he is looking for. Which options are part of the HP ProCurve Access Control Solution? Select THREE. A. B. C. D. E. F. G.
Web Authentication Intrusion Detection Systems Hardware Firewalls Access Control Lists 802.1X Authentication Virtual Private Networks Anti-Virus Software
Answer: ADE Section: (none) Explanation/Reference:
QUESTION 6 A pharmaceutical company has recently moved into a new three-story office building. They are sharing a core routing switch between two departments: human resources, and research and development. Both departments have edge switches deployed and neither department wants the other to have management access to their respective HP ProCurve edge switches. Which security measures would be recommended to limit management access to the respective departments? Select TWO. A. B. C. D. E.
SSH SSL Authorized IP Managers management VLANs Microsoft Windows User Domain Security limits
Answer: CD Section: (none) Explanation/Reference:
QUESTION 7 In designing a wireless network, the customer needs to have wireless coverage in their warehouse facility for the automated picking and bar-coding inventory system. The warehouse is a wide open space filled with tall, multi-bay steel racks that are filled with an inventory of large metal pumps and valves. To get sufficient coverage down these long aisles, which antenna would you recommend? A. B. C. D.
omni-directional mast parabolic dish directional patch omni-directional dipole
Answer: C Section: (none) Explanation/Reference:
QUESTION 8 A customer has asked you to design a wireless network for his office using HP 420 Access Points. In one area you decide to use a directional antenna to ensure that the wireless signal propagates down a long hallway. If you wish to limit the radiated power to 1 Watt, what is the highest gain directional antenna that you can use if the access point it is connected to is transmitting at full power? A. B. C. D.
2 dBm 6.5 dBm 10 dBm 14 dBm
Answer: C Section: (none) Explanation/Reference:
QUESTION 9 During a wireless implementation for a local college you plan to use omni-directional diversity antennas for the internal public areas of the campus. You chose these antennas because they provide RF coverage in ________ of the antenna. A. B. C. D.
a concentrated direction around the horizontal axis all directions around the vertical axis a particular direction along the vertical axis all directions around the horizontal axis
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 When designing wireless networks, it is important to remember that government agencies limit the power of RF based networks in certain radio bands. The emitted power of a radio transmitter and any attached antenna is known as its ________. A. Radiated Radio Frequency Power
B. WIreless System Power Radiation C. Effective Isotropic Radiated Power D. Effective Total Power Output Answer: C Section: (none) Explanation/Reference:
QUESTION 11 You are installing an access point that is transmitting at 16 dBm. It is connected to a directional patch antenna with a rating of 6.5 dBi through a cable and connector set that is rated at 2.5 dBi. What is the effective gain of this configuration? A. B. C. D.
25 dB 20 dB 12 dB 30 db
Answer: B Section: (none) Explanation/Reference:
QUESTION 12 Exhibit:
A customer is located on the top floor of a three-story building. The second floor already has an existing
802.11b network using channels 1, 6 and 11. The customer on the third floor wants to install an 802.11b network and requires three access points. Which channels should be used for the three access points? Select TWO. A. B. C. D. E.
AP-A: channel 1, AP-B: channel 6 and AP-C: channel 11 AP-A: channel 7, AP-B: channel 8 and AP-C: channel 9 AP-A: channel 11, AP-B: channel 1 and AP-C: channel 6 AP-A: channel 2, AP-B: channel 3 and AP-C: channel 4 AP-A: channel 6, AP-B: channel 11 and AP-C: channel 1
Answer: CE Section: (none) Explanation/Reference:
QUESTION 13 A user is authenticated through a ProCurve 420 with VLANs enabled. However, the RADIUS authentication server does not return a VLAN attribute. What will happen to the user? The user will be _______. A. B. C. D.
placed in the Unauthorized VLAN denied access completely placed on the Management VLAN placed in the access point's Native VLAN
Answer: D Section: (none) Explanation/Reference:
QUESTION 14 What is the valid range for client VLAN IDs on a ProCurve 420? A. B. C. D.
1-64 1-128 1-2048 1-4095
Answer: D Section: (none) Explanation/Reference:
QUESTION 15 Clients A and B attempt to communicate with access point C at the same time and a collision occurs because they cannot detect each other's transmissions. Which problem does this illustrate? A. B. C. D.
fast transform retransmission key mis-match hidden client
Answer: D Section: (none) Explanation/Reference:
QUESTION 16 Two wireless stations are located in close proximity to the same access point. Which mechanisms prevent them from transmitting at the same time? Select TWO. A. B. C. D. E.
CSMA-CD SYN/ACK CSMA-CA MAC/LLC RTS/CTS
Answer: CE Section: (none) Explanation/Reference:
QUESTION 17 A customer has noticed that the throughput on his wireless network is not sufficient for his business requirements. As a first step in trying to alleviate this problem, you decide to increase the multicast rate on all of his access points to the maximum setting. This will help to improve real throughput because the multicast rate is the _______. A. B. C. D.
rate at which WEP keys are refreshed rate at which access points send out beacon frames to clients rate at which control and management frames are transmitted to all associated clients raw data rate at which packets are transmitted between a single client and access point
Answer: C Section: (none) Explanation/Reference:
QUESTION 18 While probing a wireless network using the wireless client utility on you computer, you can see that several different SSIDs are shown to be available. Which procedure has your wireless card just performed? A. B. C. D.
a passive scan a WPA PSK refresh an active scan a WEP key refresh
Answer: C Section: (none) Explanation/Reference:
QUESTION 19 Given the complicated nature of wireless bridging, what must be considered before implementation? Select THREE. A. B. C. D. E. F. G.
auto channel select must be enabled circular links require spanning tree to be set WDS links need to be set to same frequency channel multiple hop links need to be reduced to less than three multiple hop links may lead to long end-to-end latency figures circular links can create IP loops leading to increased performance WDS links need to be set to alternating frequency channels using 1, 6 and 11
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 20 Range can be impacted by obstacles in the signal path of the radio that either absorb or reflect the radio signal. Which factors describe environmental interference that may impact the cell size used on an 802.11b or 802.11g network? Select TWO. A. B. C. D. E.
wireless IR entertainment system remote controls power lines and power stations wireless 5Ghz telephones 900 MHz wireless security alarm system walls that contain metal, cabinets, and metal desks
Answer: BE Section: (none) Explanation/Reference:
QUESTION 21 You are the administrator of a wireless LAN built with ProCurve 520wl's and you have just installed 170wl cards in all of the access points. One of your wireless users calls and informs you that he cannot connect to the wireless network in his office. When you arrive at his location, you notice that the access point that services this section of the building has a red LED on card A. Why can't he connect to the wireless network? B. The access point has a corrupt firmware image. C. He has the wrong WEP key and the card has shut down because of the security violation. D. The card installed in slot A is incompatible with the current firmware image. E. The radio card in slot A has been disabled. Answer: C Section: (none) Explanation/Reference:
QUESTION 22
Site surveys are best done at the pre-sales stage in order to provide a customer with a rough estimate of what their investment will be. What are some important results derived from a site survey? Select TWO. A. B. C. D. E.
How far should the APs be spaced apart (what cell size is needed)? Are there available dedicated power circuits for AP usage to limit noise feedback? Base estimated cell radius of 33 meters supporting 60-90 users at 5.5 Mbps aggregate bandwidth. How many APs will be required in a given area (cell density)? Use an Ultrasonic Wave Analyzer to test signal to noise ratio for proper placement of access points.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 23 Which actions should be taken to test access point coverage during a site survey? Select THREE. A. Temporarily install an access point to test and measure signal to noise ratio levels. B. Use a wireless enabled portable device running an SNR analyzer tool. C. Configure all access points to use the same channel and enable bridge mode operation on all access points. Test connectivity and roaming once the site AP's are setup in bridge mode. D. Enable and verify 802.1X security to insure proper signal encryption and strength. E. Configure overlapping cells using non-overlapping channels and test for coverage. F. Configure WEP keys on client and access points. G. Configure a WDS link between two access points. Answer: ABE Section: (none) Explanation/Reference:
QUESTION 24 There is a customer environment where both employees and visitors will have access to network resources. When considering issues dealing with physical security, which questions should you consider? Select THREE. A. B. C. D. E. F. G.
Which ports are assigned to the management VLAN? Who has access to the room? Is there a 'visitor' policy? Who knows the manager level passwords? Is it in a secure area of the building? Does the data center meet Military Level Security Requirements? Has accessibility been limited to administrators only?
Answer: BCE Section: (none) Explanation/Reference:
QUESTION 25 SNMP version 3 introduces security features that may be incompatible with managment applications that
use previous versions of SNMP. Which command allows an SNMPv2 management application to access an HP ProCurve switch that must also support SNMPv3 in a secure network environment? A. B. C. D.
snmpv3 community ro snmpv3 restricted-access snmpv3 enable-v2-access snmpv3 enable community ro
Answer: B Section: (none) Explanation/Reference:
QUESTION 26 Which authentication types does SSH support? Select TWO. A. B. C. D. E.
NDS switch user/password authentication LDAP public key authentication switch SSH and user password authentication PKI digital certificate authentication client RSA authentication
Answer: CE Section: (none) Explanation/Reference:
QUESTION 27 A customer, who is already using SSH for secure communications, wants the client to authenticate itself using client RS A. Which additional preparatory steps are necessary to set up client RSA authentication? Select TWO. B. Generate a public/private key pair on the switch. C. Copy the client public key to the switch. D. Copy the client private key to the switch. E. Copy the public/private key pair to the client. F. Generate a public/private key pair on the client computer. Answer: BE Section: (none) Explanation/Reference:
QUESTION 28 A customer currently manages all of their HP ProCurve switches using the plain text web interface. They now want to use SSL for encrypted web-based management. Which steps must be completed before enabling SSL? Select TWO. A. generate a self-signed server certificate for HTTPS B. generate an HTTPS client certificate
C. generate an RSA key file for HTTPS certificates D. disable plain text web management first E. import a certificate request from a Certificate Authority Answer: AC Section: (none) Explanation/Reference:
QUESTION 29 What are the main steps for configuring SNMPv3 access management after enabling SNMPv3 on an HP ProCurve 5300xl switch? A. B. C. D.
Create communicates;create groups ;assign communities to groups Create users;assign users to groups Create users;create groups;assign users to groups Create users;create communities;assign users to communities
Answer: B Section: (none) Explanation/Reference:
QUESTION 30 When designing a management VLAN, which ProCurve solution should an administrator implement at the core and the Layer 2 edge devices? A. Enable management VLANs to provide security at the core;apply an IP address only to the core switch; and use ACLs at the Layer 2 switches. B. Use ACls to provide security at the core;enable managment VLANs at the Layer 2 switches;and apply an IP address only to the managment VLAN. C. Enable managment VLANs to provide security at he core and at the Layer 2 switch;ACLs arr not required. D. Configure a separate management network with dedicated ports to isolate all management traffic at the core and at the Layer 2 switches. Answer: B Section: (none) Explanation/Reference:
QUESTION 31 Which statements are true with respect to the management VLAN feature? Select THREE. A. Management access to the switch is restricted to the console port because the management VLAN has no physical network ports. B. A management VLAN prevents unauthorized access to switches largely by not being visible to the data network. C. Management traffic is "virtually" isolated with absolute minimum port access. D. The VLAN ID of the management VLAN must be the largest available in the switch; this is typically 1023. E. You must execute the management-VLAN menu option on all switches in the management VLAN.
F. The management VLAN is a separate virtual network not accessible by data network traffic. It is used to help secure management access. G. A management VLAN cannot be used in a routed environment because it would allow someone from a user VLAN to access the management VLAN without a physical connection to the management VLAN. Answer: BCF Section: (none) Explanation/Reference:
QUESTION 32 An HP ProCurve 9308m Routing Switch has just been installed in your customer's data center. To prevent unauthorized users from making configuration changes, he wants to set passwords on the routing switch. Which type of password must he set on the routing switch to allow himself full access to all configuration commands? A. B. C. D.
super-user manager operator administrator
Answer: A Section: (none) Explanation/Reference:
QUESTION 33 You receive a call from a customer who cannot access the CLI interface on an HP ProCurve 5304xl switch because she has forgotten the password. For security purposes she has disabled the password-clear function of the front-panel buttons. How could you help her to regain management access to the switch? A. Press the Reset button on the front panel of the switch for at least 20 seconds to return the switch to factory defaults. B. Press the Clear button on the front panel of the switch for at least 10 seconds to return the switch to factory defaults. C. Use the Reset and Clear buttons on the front panel of the switch together to return the switch to factory defaults. D. You will need to call HP Support and obtain a one-time-use password. This is the only way to regain management access to the switch once the password-clear function has been disabled. Answer: C Section: (none) Explanation/Reference:
QUESTION 34 You have a customer who has just installed a 5304xl switch in an open area of his office. Although the switch is installed in a closed rack with a locking door, he is concerned that it might be possible for someone to access the front panel buttons on the switch. Which commands will allow him to prevent the switch from having its passwords and configuration information cleared? Select TWO. A. no front-panel-security factory-reset B. no front-panel-security password-clear reset-on-clear
C. no front-panel-security password-recovery D. no front-panel-security password-clear E. front-panel-security password-clear reset-on-clear Answer: AD Section: (none) Explanation/Reference:
QUESTION 35 The IT department of a local high school has recently installed new HP ProCurve switches. They are setting up Authorized IP Managers to limit management access to the switches. Which access levels can be granted to an Authorized IP Manager? Select TWO. A. B. C. D. E.
manager administrator supervisor aoperator user
Answer: AD Section: (none) Explanation/Reference:
QUESTION 36 A new customer who recently installed HP ProCurve switches wants to specify administrative stations using the Authorized IP Managers list. When specifying the IP mask within the Authorized IP Managers list, which role does the IP mask serve? It _______. A. B. C. D.
specifies a range of IP addresses to deny management access provides the subnet mask that the IP address belongs to specifies a single or range of IP addresses for management access specifies a single IP address only for telnet access
Answer: C Section: (none) Explanation/Reference:
QUESTION 37 A customer is in the process of setting up and installing new HP ProCurve switches. As part of the setup, the Authorized IP Managers feature has been enabled. Which benefit will the customer realize? A. Web proxy servers should be implemented to complement the Authorized IP Managers security feature. B. A security system will be in place by allowing management access only from specified management stations. C. It requires less IP address planning than LDAP security. D. It can be enforced on Web, SSH, Telnet, and serial management sessions. Answer: B Section: (none)
Explanation/Reference:
QUESTION 38 You are the manager of several individuals who have the authority to make configuration changes to the HP ProCurve 2650 and 6108 switches deployed within your organization. What is the most efficient way to authenticate individuals who log in to the switches with manager privileges? A. Define a unique local manager account for each member of the team. B. Leverage existing directory services by importing the team members' user name/password pairs to the local user database of each switch. C. Configure the switches to use the RADIUS protocol to access the existing directory service, and configure the server to accept authentication requests from the switches. D. Configure the switches to use a RADIUS server to authenticate users against an existing directory, and configure accounting services on the server to record each manager login event. Answer: C Section: (none) Explanation/Reference:
QUESTION 39 A network administrator plans to use a RADIUS server to authenticate access from the console to all the HP ProCurve switches. It is decided that the RADIUS server will be the primary authentication method and no secondary authentication method will be used. What will be the result of this proposed configuration? A. The primary authentication method for manager-level access through the console port is the RADIUS server;if no RADIUS server is found;then access is denied. B. The primary authentication method for operator-level access through the console port is the RADIUS server,if no RADIUS server is found,then access is denied. C. The primary authentication method for manager-level access through the console port is the RADIUS server ;if no RADIUS server is found,then only operator-level access is granted. D. This configuration is not allowed because the console port must allow the use of a username from the local database in the event that the RADIUS server is not reachable. Answer: D Section: (none) Explanation/Reference:
QUESTION 40 Secure communications are often passed through a hashing algorithm. The hash result is sent to the receiver along with the message. Which security function does this perform? A. B. C. D.
confidentiality authorization integrity authentication
Answer: C Section: (none) Explanation/Reference:
QUESTION 41 A customer uses a type of cipher that creates a 'keystream' that is combined with the plaintext message to produce ciphertext. Which one of this type of cipher is most commonly used today? A. B. C. D. E.
ArcFour DES - Data Encryption Standard RC4 - Rivest Cipher 4 AES - Advanced Encryption Standard Triple DES - 3DES
Answer: C Section: (none) Explanation/Reference:
QUESTION 42 A customer wants to implement a Hybrid encryption solution to provide a secure means of communication between their main office and remote sales offices. Which statement best describes a Hybrid encryption solution? A. B. C. D.
Use symmetric encryption to setup the session key, and use asymmetric encryption for the conversation. Use public key encryption to setup the session key, and use private key encryption for the conversation. Use asymmetric encryption to setup the session key, and use symmetric encryption for the conversation. Use Diffie-Hellman encryption to setup the session key, and use RSA Data Security encryption for the conversation.
Answer: C Section: (none) Explanation/Reference:
QUESTION 43 What is true with regard to Public Key Infrastructure (PKI)? A. PKI uses a key pair, one private and one public, but does not use digital certificates. B. PKI is a symmetric key scheme that uses digital certificates and certificate authorities to encrypt messages. C. PKI uses digital certificates and certificate authorities to manage key exchanges between a sender and receiver. D. PKI uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt the message to ensure confidentiality, authentication, integrity and non-repudiation. Answer: C Section: (none) Explanation/Reference:
QUESTION 44 What is the main difference between EAP-TLS and EAP-MD5?
A. EAP-TLS uses a chanllenge/handshake mechanism for authentication;EPA-MD5 uses certificates for authentication. B. EAP-TLS uses a chanllenge/handshake mechanism for authentication and encryption EAP-MD5 uses certificates for authentication and encryption. C. EAP-TLS uses a name and password along with digital certificates to produce a session key;EPA-MD5 uses a name and password to produce a session key. D. EAP-TLS uses a name and password along with digital certificates to produce a challenge/handshake mechanism to authenticate the client to the server. Answer: D Section: (none) Explanation/Reference:
QUESTION 45 A software company uses 802.1X to authenticate all users on the network and to allow contract employees access to the network only during normal business hours. What is the best approach for configuring this time restriction? A. Configure a "Time Restriction" policy and assign the user accounts for each contract employee to the policy. B. Configure an access policy on the RADIUS server that associates a time restriction with usernames of the contract employees. C. Create a "contractors" group in Active Directory (LDAP) and assign time restrictions to the group. D. Configure an access policy on the RADIUS server that associates a time restriction with a "contractors" group. Answer: D Section: (none) Explanation/Reference:
QUESTION 46 A Windows XP workstation is configured with an 802.1X supplicant client. When a client connects to a switch port with 802.1X authentication enabled, which messages may be generated by the client to gain access to the network? Select TWO. A. B. C. D. E.
EAP-response-identity EAP-request-identity EAP-access-challenge EAPOL-start EAP-access-request
Answer: AD Section: (none) Explanation/Reference:
QUESTION 47 Which role does an "authenticator" play in the 802.1X authentication process in an HP ProCurve switch network?
A. The authenticator sends an "access-challenge" message to the supplicant to request client credentials. B. The authenticator provides two-way translation between EAP messages and RADIUS messages. C. The authenticator validates the "EAP-identity-request" and responds with either an "accept" or "reject" message. D. The authenticator encapsulates an "EAP-access-request" inside of a RADIUS "response-identity" packet and forwards it on for validation. Answer: B Section: (none) Explanation/Reference:
QUESTION 48 You support a network that has ports in a conference room that is regularly used by guests. You have decided to define a guest VLAN that allows access to the internet and prevents access to corporate resources. Which solution provides the most flexibility and lowest management overhead while placing the guest users in the appropriate VLAN? A. Require that guests connect only to ports in the conference room that are members of the guest VLAN. B. Enable 802.1X on the conference room ports. Give guests a temporary logon ID and provide them with 802.1X supplicant software. Associate guest user IDs with a guest VLAN that prevents access to corporate resources. C. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the authorized VLAN for these ports. D. Enable IEEE 802.1X on the conference room ports and configure the guest VLAN as the unauthorized VLAN for these ports. Answer: D Section: (none) Explanation/Reference:
QUESTION 49 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user shown in the diagram connects to the network as shown, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: D Section: (none) Explanation/Reference:
QUESTION 50 Exhibit:
The RADIUS server and switch are correctly configured for proper interaction. The switch has the VLAN assignments and port-access commands shown in the diagram. When the user provides valid authentication information, port 10 will ________. A. B. C. D.
remain in an unauthorized state and prevent user traffic from being forwarded become a member of VLAN 20 become a member of VLAN 25 become a member of VLAN 200
Answer: A Section: (none) Explanation/Reference:
QUESTION 51 You want to use IEEE 802.1X port authentication to assign Microsoft Active Directory users to a particular VLAN based on their user IDs. What must be in place? Select TWO. A. B. C. D. E.
The VLAN ID must be defined in a GVRP configuration. The user must be a member of an Active Directory Group that has an associated RADIUS policy. The user must be a member of a group that is associated with a VLAN ID in a RADIUS policy. The VLAN ID must exist on the switch. The port through which the user is authenticating must be defined as a member of the VLAN.
Answer: CD Section: (none) Explanation/Reference:
QUESTION 52 In an 802.1X authentication environment there are different methods by which a user can be placed on a VLAN. Which method has the highest priority on a given port? A. B. C. D.
an authorized VLAN assignment configured on the switch at the time 802.1X was enabled for the port a dynamic VLAN assignment from the RADIUS server the statically assigned VLAN configured for the port the priority determined by the command used to configure the port for 802.1X authentication
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 You have a 5300xl switch which has two VLANs configured on it. VLAN 10 has an IP Address range of 10.1.10.0/24 and is where your servers reside. VLAN 20 has an IP Address range of 10.1.20.0/24 and is where your network clients reside. You configure an Access Control List 101 with these entries: permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.20.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet When you apply this ACL inbound on the interface for VLAN 20, what would be the end result for the clients on VLAN 20? A. They would be allowed only HTTP, FTP and telnet access to 10.1.10.10 and full access to everything else on the 10.1.10.0 subnet. B. They would be allowed only HTTP, FTP, and telnet access to 10.1.10.10 but no access anywhere else. C. They would not be able to access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL. D. They would have no access at all because the ACL is misconfigured Answer: B Section: (none) Explanation/Reference:
QUESTION 54 What is true with regard to standard and extended access control lists (ACLs) on the HP ProCurve 5300xl? A. A standard ACL can only specify a filter based on a destination IP address, while an extended ACL can specify both source and destination IP addresses. B. Standard and extended ACLs can both specify Layer 4 TCP/UDP ports, but only an extended ACL can specify precedence and type of service traffic. C. An extended ACL can filter traffic from a source TCP/UDP port to a destination IP address, while a standard ACL only supports filters based on the source IP address. D. An extended ACL supports filtering on both source and destination TCP/UDP ports, while a standard ACL only supports source TCP/UDP ports. Answer: C Section: (none) Explanation/Reference:
QUESTION 55 Exhibit:
A network administrator creates an ACL on the core 5300xl router that denies Telnet traffic from any IP source to any IP destination, but permits all other IP traffic. The ACL is applied as an "outbound" access group to VLAN 50. If no other ACLs have been configured on the router, what is a result of this configuration? A. B. C. D.
Clients in VLAN 50 can Telnet to local devices but not to devices in other VLANs. Clients in VLAN 50 cannot Telnet to VLAN 100 but they can access the web servers in that VLAN. Clients in VLAN 1 can Telnet only to local devices and to devices on VLAN 100. Clients in VLAN 1 can Telnet to all devices on all three VLANs.
Answer: C Section: (none) Explanation/Reference:
QUESTION 56 You have enabled port security using the "send-disable" action. Which administrative action, if any, is required after an intrusion to enable the device to return to normal operation? A. B. C. D.
No action is required. The intrusion flag must be cleared. The port must be enabled. The intrusion flag must be cleared and the port must be enabled.
Answer: D Section: (none) Explanation/Reference:
QUESTION 57 The network administrator of a university realizes that students in the on campus housing are connecting wireless access points and switches to the network. The administrator wants to limit a particular port to one MAC address at a time, but is not concerned about the actual address. Which security feature on the 5300xl provides flexibility while effectively limiting a port to a single MAC address at a time?
A. B. C. D.
Port security learn mode limited-continuous MAC lockdown learn mode limited-continuous MAC lockout learn mode limited-continuous 802.1X MAC authentication
Answer: A Section: (none) Explanation/Reference:
QUESTION 58 When using multiple RADIUS servers, what is true with regard to configuration of encryption keys or shared secrets on the HP ProCurve switch? A. B. C. D.
The keys for all servers in the domain must be the same. The keys for all servers in the domain must be different. A globally defined key overrides the key associated with an individual server. A key associated with a server overrides the globally defined key.
Answer: D Section: (none) Explanation/Reference:
QUESTION 59 The HP ProCurve Access Control Security solution helps protect valuable network resources and intellectual property from internal and external security threats. As part of this solution, 802.1X and RADIUS technology on HP switches controls network access based on which criteria? Select THREE. A. B. C. D. E. F. G.
locked out MAC addresses type of applications used on the network type of client OS login location on the network access control lists (ACLs) user's role within in an organization time of access
Answer: DFG Section: (none) Explanation/Reference:
QUESTION 60 What is the role of a NAS in the AAA security framework? A. B. C. D.
A Network Authentication Server stores AAA authorized user names and passwords. A Network Access Server contacts an AAA server to validate user credentials. A Network Accounting Server contains the logs that account for a user's activities. A Network Access Server provides user names and passwords for an AAA-compliant LDAP server.
Answer: B Section: (none) Explanation/Reference:
QUESTION 61 You are designing a network security solution for the sales office of a manufacturing company that is upgrading their current network while attempting to use some of their existing network equipment and servers. Acting on your suggestion, they have decided to implement 802.1X for network authentication. What are the requirements to implement 802.1X throughout their network? Select THREE A. B. C. D. E. F. G.
802.1X Supplicant software on all clients A RADIUS server to provide centralized authentication An 802.1X compliant web browser on all clients A database of all MAC Addresses that will access the network Access Control Lists on all network switches that require port access authentication network switches that support 802.1X port-based network authentication a DHCP server to provide IP Addresses for clients so they can begin the authentication dialog
Answer: ABF Section: (none) Explanation/Reference:
QUESTION 62 * You have just installed three new ProCurve 4100gl switches in a remote closet on your LAN. * You have assigned IP addresses to them and included a basic security configuration that includes operator and manager passwords and a listing of IP Authorized Managers. * When you return to the data center you connect to the switches from your management station to ensure that you can manage the switches remotely. * Later you are called to another building to deal with some end user problems. * When you are finished assisting the end-users, you attempt to telnet to the new switches but are unable to connect. * You can ping the switches from your current location, but all attempts at management through telnet and the Web interface fail. What is most likely the problem? A. B. C. D.
There is no telnet password assigned to the switches. SSH has not been enabled on the switches. Your current workstation is not one of the IP Authorized Managers. No RADIUS server has been configured on the switches.
Answer: C Section: (none) Explanation/Reference:
QUESTION 63 A RADIUS ACCESS-ACCEPT packet is sent by _______. A. a dial up user to a RADIUS client B. a dial up user to a RADIUS server
C. the RADIUS server to the client and may contain restrictions on the user's connection D. the RADIUS client to the server to acknowledge the connection parameters Answer: C Section: (none) Explanation/Reference:
QUESTION 64 You have just installed HP ProCurve 5304xl switches on the second and third floors of your office. You are using 802.1X for port-access authentication. All users have 802.1X supplicants installed on their client PCs and you have configured a RADIUS Server for centralized authentication with remote access policies for both floors. Shortly after connecting the client PCs, users on the second floor are complaining that they can not access any network resources. You are able to ping the RADIUS server from both switches, but when you check the RADIUS log, you only see authentication requests coming from the third floor switch. Why can't the second floor users connect to the network? A. No default gateway has been configured on the second floor switch, therefore no authentication requests can reach the RADIUS Server B. The second floor users are using the wrong EAP type in their attempts to authenticate to the RADIUS Server. C. The RADIUS Server IP Address has not been configured on the second floor switch D. The RADIUS shared secret configured on the second floor switch does not match the shared secret configured on the RADIUS Server. Answer: C Section: (none) Explanation/Reference:
QUESTION 65 A new employee has just joined your company in the Accounting department. You are using 802.1X for portbased authentication and he has been supplied by the company with a laptop which has 802.1X supplicant software installed and configured. You are using Microsoft IAS as a RADIUS authentication server and a user profile has been created for him in Active Directory. On his first day in the office, he calls you to report that he cannot get authenticated to the network though others in the department can. What is most likely the problem? A. The switch to which he is connected has an incorrect RADIUS shared secret. B. The remote access permission has not been granted to his Active Directory user profile. C. The switch to which he is connecting has the wrong IP address configured for its RADIUS authentication server. D. The switch to which he is connecting has no default gateway, therefore the authentication requests can not reach the RADIUS server. Answer: B Section: (none) Explanation/Reference:
QUESTION 66 In the process of designing a security solution for a large library, the IT administrator tells you that they have a large section of workstations that both library staff and customers use. She does not want to have to install any new software on these stations but she does need to be able give library personnel access to resources
that can not be accessible to the public at large. What technology would best suit this situation? A. B. C. D.
Web Authentication MAC Authentication 802.1X Authentication Port Security
Answer: A Section: (none) Explanation/Reference:
QUESTION 67 You have implemented a network security solution for your client based upon the 802.1X protocol using 5300xl switches, the ProCurve Access Control Client and Microsoft IAS. In this solution, the 5300xl switches are acting as ________. A. B. C. D.
policy decision points policy enforcement points authentication servers proxy servers
Answer: B Section: (none) Explanation/Reference:
QUESTION 68 You are designing a network security solution for a customer and in the process of your discussions you have decided that the best way to implement the solution is to use 802.1X authentication on the edge switches. The customer has limited rack space in his remote closets and consequently wants to use 1U stackable switches with the highest port density available. What HP ProCurve Switch series is the best fit for the edge switches in this solution? A. B. C. D.
HP ProCurve 5300xl HP ProCurve 4100gl HP ProCurve 2600 HP ProCurve 2500
Answer: C Section: (none) Explanation/Reference:
QUESTION 69 You have a customer who is considering implementing an IEEE 802.11-based wireless network. The customer manufactures and tests RADAR systems. Which feature of the 802.11g standard would make it the best fit for this customer? A. it operates in the 2.4 GHz frequency band B. it operates at a maximum data rate of 54 Mb/s C. It is compatible with 802.11a clients
D. it operates in the 5 GHz frequency band Answer: A Section: (none) Explanation/Reference:
QUESTION 70 Which frequency offers fast data rates, but also has the most potential for interference from microwave ovens, cordless phones, and Bluetooth devices? A. B. C. D.
900 MHz 2.4 GHz 5 GHz 7.2 GHz
Answer: B Section: (none) Explanation/Reference:
QUESTION 71 The 802.11 standard maps to which OSI layers? A. B. C. D.
Physical, Data Link Physical, Data Link, Network Physical, Data Link, Network, Transport Physical, Data Link, Network, Transport, Session
Answer: A Section: (none) Explanation/Reference:
QUESTION 72 During a dinner meeting, you transfer some documents to a customer through your 802.11g wireless card without the aid of an access point. During this process you and he formed ______________. A. B. C. D.
an Independent Basic Service Set an Extended Basic Service Set a WEP Key pair a Standard Basic Service Set
Answer: A Section: (none) Explanation/Reference:
QUESTION 73 You have installed an 802.11a access point for your customer. At certain times of the day the customer
notices significant connectivity issues. Upon further investigation, you determine that they are experiencing radio frequency interference issues. Which technologies could be causing this interference? Select TWO. A. B. C. D. E.
cordless phones Bluetooth devices microwave ovens fluorescent lights RADAR
Answer: AE Section: (none) Explanation/Reference:
QUESTION 74 A ProCurve 420 has been installed in a network that has no DHCP server. On which IP address would you be able to communicate with the access point to provide initial configuration? A. B. C. D.
10.0.0.1 42.0.0.1 172.16.1.1 192.168.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 75 Your customer has told you that he is allocating the 10.1.1.0/24 subnet for use in his wireless network. Which command will statically assign an IP address of 10.1.1.10 with a default gateway of 10.1.1.1 to an HP ProCurve 420 Access Point? A. B. C. D.
HP Procurve Access Point 420(if-wireless g)# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420# ip address 10.1.1.10 255.255.255.0 10.1.1.1 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 HP Procurve Access Point 420(if-ethernet)# ip address 10.1.1.10 255.255.255.0 10.1.1.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 76 Your client has installed ProCurve 520wls to provide wireless network access for his employees. When the access points are first powered on in a default state, which username/password pair would allow you to access the configuration from the web interface? A. B. C. D.
[blank]/public admin/[blank] admin/password [blank]/password
Answer: A Section: (none) Explanation/Reference:
QUESTION 77 While working with a ProCurve 420, your customer notices a file called "dflt-img.bin" in the flash memory of her access point. What is the purpose of this image file on the access point? A. B. C. D.
It is the default system image and will always be used to boot the access point. It is the default location for the most current configuration file It is a default system image that can be used if the current system image is corrupted. It has no purpose
Answer: C Section: (none) Explanation/Reference:
QUESTION 78 Your client has decided to upgrade the security on his wireless network by implementing WPA instead of WEP which he currently uses. One of the advantages of WPA is a protocol known as the Temporal Key Integrity Protocol (TKIP). This protocol improves security by _______. A. B. C. D.
creating new encryption keys for each packet of data transmitted on the wireless network rotating encryption keys on a configurable time schedule using an encryption algorithm that is more secure than RC4 providing encrypted communications between the access points at the edge of the network and an authentication server in the data center
Answer: A Section: (none) Explanation/Reference:
QUESTION 79 When used in conjunction with WEP, the 802.1X protocol provides a dynamic _______ key for each individual client and a dynamic _________ key for packets destined for all clients. A. B. C. D.
broadcast, session multicast, session broadcast, multicast session, broadcast
Answer: D Section: (none) Explanation/Reference:
QUESTION 80
Which Extensible Authentication Protocols will a ProCurve 520wl support? Select TWO. A. B. C. D. E.
SIM TLS LEAP PEAP EAP-OL
Answer: BD Section: (none) Explanation/Reference:
QUESTION 81 One of your enterprise customers has engaged your services in designing and implementing their wireless network. You expect this network to have high traffic levels. What are two weaknesses in WEP that would make you choose to implement WPA? Select TWO. A. B. C. D. E.
There is a flaw in the RC4 encryption algorithm in WEP. The XOR operation in WEP creates cipher text that is not complex enough. WEP encryption keys are sent over the air in clear text. WEP keys are statically configured on all access points and clients. The Initialization Vector (IV) in WEP is too short.
Answer: DE Section: (none) Explanation/Reference:
QUESTION 82 A customer places a ProCurve 520wl with a single ProCurve 170wl 802.11g card installed in the lobby of the building to allow guests to access the Internet. Because employees may want to also access the Internet and corporate intranet from the lobby, he wishes to separate guest traffic from employee traffic using VLANs. How can he configure the access point to achieve this goal? A. Configure two separate tagged VLANs on the access point card and associate them both with the same SSID. B. Configure two separate tagged VLANs on the access point card and associate each with its own SSID. C. Configure two separate untagged VLANs on the access point card and associate each with its own SSID. D. Configure the access point to require 802.1X authentication and configure a RADIUS server to supply VLAN attributes based on individual logins. Answer: B Section: (none) Explanation/Reference:
QUESTION 83 You have a client who is upgrading his wireless network to improve security. He is going to implement Enterprise WPA instead of WEP. Which benefits will he gain by using WPA? Select TWO.
A. B. C. D. E.
port-access authentication using 802.1X better encryption of data using 3DES instead of RC4 seamless roaming through the use of a linger timer per packet encryption key rotation using TKIP client/access point authentication using shared keys
Answer: AD Section: (none) Explanation/Reference:
QUESTION 84 You have a customer who wants to use the web-based authentication feature on his ProCurve switch to improve security on his wireless LAN. In order for a client to access network resources, the customer must ________. A. configure a DHCP scope on the switch to provide temporary IP addresses while they are being authenticated B. set the client-limit switch parameter to at least 2 to permit more than one device to connect through a given port C. configure the switch with the MAC addresses of each wireless client that will connect through it D. enable the client-moves parameter to allow clients to move from wired connections to the wireless network Answer: B Section: (none) Explanation/Reference:
HP.ActualTests.HP0-790.v2008-05-16.by.Ramon.107q Number: HP0-790 Passing Score: 800 Time Limit: 120 min File Version: 1.0
Exam : HP0-790 Title : HP ProCurve Routing Switch Essentials v5.21 Ver : 05-16-08 HP0-790
Exam A QUESTION 1 Which step is necessary to enable administrators to use the web interface to make configuration changes on a ProCurve Routing Switch 9300m? A. B. C. D.
Configure local user accounts. Assign a password to the system-defined super user. Configure SNMP management workstations at the CLI. Define a read/write SNMP community.
Answer: D Section: (none) Explanation/Reference:
QUESTION 2 What is a difference between the configuration of IP addresses on the ProCurve Routing Switch 9300m and the Switch 5300xl? A. On the 9300m, IP addresses are assigned to port interfaces associated with VLANs. On the 5300xl, IP addresses are assigned directly to VLANs. B. On the 9300m, IP addresses are assigned to virtual interfaces associated with VLANs. On the 5300xl, IP addresses are assigned directly to VLANs. C. On the 9300m, IP addresses are always assigned directly to ports, with ports in a VLAN sharing the same address. On the 5300xl, the IP addresses can be configured only for VLANs and not for individual ports. D. On the 9300m, a VLAN must have an IP address in order to be active. On the 5300xl, VLANs do not require IP addresses. Answer: B Section: (none) Explanation/Reference:
QUESTION 3 The global context in the running configuration of a ProCurve Routing Switch 9300m includes the spanningtree single 802-1w command. However, each of the VLAN contexts includes the spanning-tree command. How will the switch implement Spanning Tree? A. B. C. D.
The switch will implement the Spanning Tree version included in BPDUs it receives from neighbors. The switch will implement a single instance of IEEE 802.1w. The switch will not join a Spanning Tree because of the mismatch between configured versions. The switch will implement per-VLAN IEEE 802.1D and ignore the global configuration command.
Answer: B Section: (none) Explanation/Reference:
QUESTION 4 Clients in two separate subnets are associated with VLAN 40 on a ProCurve Routing Switch 9300m. Which technology must be implemented in order for the 9300m to provide default gateway service to all clients?
A. B. C. D.
Policy Based Routing variable subnet masks Network Address Translation multinetting
Answer: D Section: (none) Explanation/Reference:
QUESTION 5 On a ProCurve Routing Switch 9300m, the output of the show ip ospf int command shows that the BDR Router ID for interface ve 79 is 0.0.0.0. What does this indicate? A. B. C. D.
Routes through ve 79 are summarized. The 9300m is the BDR for interface ve 79. The 9300m has no neighbors on interface ve 79. No OSPF area has been configured for interface ve 79.
Answer: C Section: (none) Explanation/Reference:
QUESTION 6 What is a difference between the three models in the ProCurve Routing Switch 9300m series? A. B. C. D.
the number of available module slots the size of the frame buffer the number of supported routing protocols the number of supported Layer 3 protocols
Answer: A Section: (none) Explanation/Reference:
QUESTION 7 Certkiller .com network includes Novell NetWare legacy IPX clients. Which ProCurve switch can route packets on behalf of these clients? A. B. C. D.
3400cl 4100gl 5300xl 9300m
Answer: D Section: (none) Explanation/Reference:
QUESTION 8 Which routing protocols are supported by the ProCurve 9300m Routing Switch series? A. B. C. D.
MPLS, OSPF, RIP BGP, OSPF, RIP BGP, IS/IS, OSPF IGRP/EIGRP, OSPF, RIP
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 Which statement is true regarding the management module of the ProCurve Routing Switch 9300m? A. All transiting traffic is forwarded to the CPU on the management module for lookup using its routing table. B. The management module contains the master forwarding engine that handles all transiting traffic. C. The console port on the management module provides an out-of-band serial connection. D. The management module can assume forwarding responsibilities on behalf of any failed port module in the switch. Answer: C Section: (none) Explanation/Reference:
QUESTION 10 How many ports are available on a 10GbE port module for the ProCurve Routing Switch 9300m? A. B. C. D.
2 4 8 16
Answer: A Section: (none) Explanation/Reference:
QUESTION 11 How does the ProCurve Routing Switch 9300m's distributed switching architecture provide better performance than centralized switching architectures? A. Congestion is minimized because no packets transit the switch's central backplane. B. Security is enhanced because all packets are evaluated by the switch's central CPU. C. Availability is maximized because each module contains a separate copy of all known routing and configuration information.
D. Forwarding efficiency is improved because individual modules and groups of ports perform separate lookup operations. Answer: D Section: (none) Explanation/Reference:
QUESTION 12 What is the role of the shared memory switch fabric on a 16-port module on the ProCurve Routing Switch 9300m? A. B. C. D.
provide a buffer for all ports on the module provide a buffer for a group of four ports provide a buffer for all configured trunks on the module provide a buffer for communications with the management module
Answer: B Section: (none) Explanation/Reference:
QUESTION 13 You must configure a ProCurve Routing Switch 9300m that has two management modules and is set to factory defaults. You will use a direct serial connection to perform the initial configuration. To which management module should you connect? A. B. C. D.
The module with the Active LED lit. The module in the highest numbered slot. Either management module can be used. The module with the lowest MAC address.
Answer: A Section: (none) Explanation/Reference:
QUESTION 14 When is the boot code synchronized on redundant management modules of a ProCurve Routing Switch 9300m? A. B. C. D.
when an administrator issues the sync-standby boot command when the 9300m is rebooted using the sync-reload boot command when the second management module is inserted when an administrator issues the reset command
Answer: A Section: (none) Explanation/Reference:
QUESTION 15 You must issue the dual-mode command for port 1 inslot 4 on a ProCurve Routing Switch 9304m provisioned with two eight-port management modules and two 16-port 100/1000 modules. Which command will place you in the correct context? A. B. C. D.
9304m(config)#int e 4/1 9304m(config)#int e d1 9304m(config)#int e 33 9304m(config)#int e 1/4
Answer: A Section: (none) Explanation/Reference:
QUESTION 16 Which level in the CLI hierarchy of the ProCurve Switch 5300xl is similar to the "User EXEC" level on the Routing Switch 9300m? A. B. C. D.
Manager Privileged Configuration Operator
Answer: D Section: (none) Explanation/Reference:
QUESTION 17 You must copy the configurations of a ProCurve Switch 5300xl and a Routing Switch 9300m to a TFTP server. What is the difference between the processes for performing this task on the two switch models? A. The 5300xl allows you to enter the copy command from a configuration context. The 9300m requires you to enter the Privileged EXEC level. B. The 5300xl uses the copy command for this task. The 9300m uses a specialized backup command. C. The 5300xl requires you to exit all configuration contexts before entering the copy command. The 9300m allows you to enter the command in any context. D. The 5300xl requires you to enter the Manager context before issuing the copy command. The 9300m requires you to enter the global configuration context. Answer: A Section: (none) Explanation/Reference:
QUESTION 18 An administrator enters show ip interface ve 77 at the CLI of a ProCurve Routing Switch 9300m. The output of the command shows that the port state is "DOWN." What does this indicate? A. IP routing has not been enabled for ve 77.
B. The VLAN associated with ve 77 has no active ports. C. No VLAN is associated with ve 77. D. No IP address has been configured for ve 77. Answer: B Section: (none) Explanation/Reference:
QUESTION 19 Which configuration context must you enter before configuring an IP address associated with a VLAN on the ProCurve Routing Switch 9300m? A. B. C. D.
VLAN configuration context global configuration context router configuration context interface configuration context
Answer: D Section: (none) Explanation/Reference:
QUESTION 20 Which statements are true regarding Telnet access to the ProCurve Routing Switch 9300m? Select TWO. A. B. C. D. E.
Telnet can be disabled at any time. Telnet is enabled by default and cannot be disabled. Telnet cannot use local user accounts for authentication. Telnet is available as soon as IP is enabled on the first interface. Telnet must be manually enabled after configuration of the first IP interface.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 21 How is SNMP enabled on a ProCurve Routing Switch 9300m? A. B. C. D.
The administrator must enable individual SNMP traps and specify the hosts that will receive them. The administrator must define two read-only communities and a read/write community. SNMP is automatically enabled as soon as the first IP interface is active. SNMP is enabled the when the primary management module is initialized.
Answer: C Section: (none) Explanation/Reference:
QUESTION 22 An administrator enters enable super-user-password password at the CLI of a ProCurve Routing Switch 9300m. How does this command affect the privileges available in the User EXEC access level? A. B. C. D.
User EXEC privileges are greatly reduced. User EXEC privileges are not affected by this command. User EXEC privileges are identical to Privileged EXEC privileges. User EXEC privileges are eliminated until the administrator configures a read-only user.
Answer: A Section: (none) Explanation/Reference:
QUESTION 23 What are the management privilege levels on the ProCurve Routing Switch 9300m? Select THREE. A. B. C. D. E. F. G.
Admin Port configuration Manager Operator Read only Root Super user
Answer: BEG Section: (none) Explanation/Reference:
QUESTION 24 Click the Exhibit button.
In this interface, which step is necessary to create VLAN 128 inthe running configuration of the ProCurve
Routing Switch 9300m? A. B. C. D.
click Add click Save click Modify click Select Port Members
Answer: A Section: (none) Explanation/Reference:
QUESTION 25 What is the default privilege level when a new local user is created using the username command at the CLI of a ProCurve Routing Switch 9300m? A. B. C. D.
read-only port-config super-user Privileged EXEC
Answer: C Section: (none) Explanation/Reference:
QUESTION 26 You must configure a ProCurve Routing Switch 9300m so that administrators can use the same password to gain read/write access to the web interface and the Telnet interface. Which steps are necessary to enable this feature? A. Create a super-user password and enable super-user authentication for the web and Telnet interfaces. B. Create an SNMP read/write community and enable SNMP authentication for the web and Telnet interfaces. C. Create a port-config user and enable system-defined authentication for all management interfaces. D. Create a local user account and enable local-user authentication for the web and Telnet interfaces. Answer: D Section: (none) Explanation/Reference:
QUESTION 27 Which context must you enter in order to update the firmware on a ProCurve Routing Switch 9300m? A. B. C. D.
Global configuration User EXEC Manager Privileged EXEC
Answer: D Section: (none)
Explanation/Reference:
QUESTION 28 An administrator issues the reload command after copying a new system image from a TFTP server to the primary flash area of a ProCurve Routing Switch 9300m. What is the effect of this command? A. B. C. D.
The switch will restart using the system image that was specified in the last boot system command. The switch will restart but will not boot from a system image in flash memory. The CLI will return an error saying the command must specify a system image for booting. The switch will restart using the new image.
Answer: A Section: (none) Explanation/Reference:
QUESTION 29 How are changes to the running configuration of a ProCurve Routing Switch 9300m retained? A. B. C. D.
immediately written to dynamic memory written to dynamic memory when the administrator issues the write memory command immediately written to flash memory written to non-volatile memory when the switch is restarted
Answer: A Section: (none) Explanation/Reference:
QUESTION 30 An administrator enters copy tftp run 10.1.1.10 9300.cfg at the CLI of a ProCurve Routing Switch 9300m. Assuming the address and filename are valid, what is the effect of this command? A. B. C. D.
The CLI prompts the administrator to restart the switch using the reload command. The switch immediately implements the configuration instructions in 9300.cfg. The switch restarts and implements the configuration instructions in 9300.cfg. The CLI returns an error saying that "run" is not valid input for the copy command.
Answer: B Section: (none) Explanation/Reference:
QUESTION 31 Which function is available from the Boot Monitor? A. boot with a named configuration file B. boot system from the secondary flash area
C. Telnet to another router D. erase the startup configuration Answer: B Section: (none) Explanation/Reference:
QUESTION 32 What is the effect of issuing the no password command at the Boot Monitor? A. The system boots to the factory default configuration, with no password required to enter the Privileged EXEC level. B. The system boots with the startup configuration, with no password required to access the User EXEC level. C. The system boots with the factory default configuration, with no password required to access the global configuration context. D. The system boots with the startup configuration, but no password is required to access the Privileged EXEC level. Answer: D Section: (none) Explanation/Reference:
QUESTION 33 When is it necessary to enable dual mode for a port on the ProCurve Routing Switch 9300m? A. B. C. D.
when the port must support more than one IP address when the port must carry tagged and untagged traffic when the port must support a physical interface and a virtual interface when the port must be a tagged member of more than one VLAN
Answer: B Section: (none) Explanation/Reference:
QUESTION 34 What is the effect of the following command? 9300m(config-if-e1000-1/1)#dual-mode 10 A. B. C. D.
VLAN 10 becomes the Default VLAN. Port 1/1 becomes a tagged member of VLAN 10. Port 1/1 becomes an untagged member of VLAN 10. Port 1/1 can forward tagged or untagged traffic for VLAN 10.
Answer: C Section: (none) Explanation/Reference:
QUESTION 35 Port e 1/1 on a ProCurve Routing Switch 9300m is a tagged member of VLAN 30 only. What is the effect of the following command? 9300m(config-vlan-30)#no tag e1/1 A. B. C. D.
Port 1/1 becomes an untagged member of VLAN 30. Port 1/1 becomes a tagged member of the Default VLAN. The CLI returns an error saying you cannot create orphan ports. Port 1/1 becomes an untagged member of the Default VLAN.
Answer: D Section: (none) Explanation/Reference:
QUESTION 36 You have just created VLAN 64 on a ProCurve Routing Switch 9300m. How can you configure the switch to serve as the default gateway for hosts in this VLAN? A. B. C. D.
Create a virtual Ethernet interface in the VLAN 64 context and assign an address to the interface. Configure a physical interface for each port in VLAN 64 and assign an IP address to each interface. Configure a universal default gateway for all ports and VLANs on the routing switch. Enter the appropriate IP address and mask in the VLAN 64 context and enable IP routing.
Answer: A Section: (none) Explanation/Reference:
QUESTION 37 What is a difference between steps used to create VLANs on the ProCurve Routing Switch 9300m and the ProCurve Switch 5300xl? A. The 9300m allows the VLAN to be created and ports added as members in a single command statement. The 5300xl requires separate commands for these configuration items. B. The 9300m allows the VLAN to be created and an IP address configured for the VLAN with a single command statement. The 5300xl requires separate commands for these configuration items. C. The 5300xl requires you to create a virtual interface before adding an IP address. The 9300m enables you to complete both of these configuration items in a single step. D. The 5300xl allows the VLAN to be created and ports added as members with a single command statement. The 9300m requires separate commands for these configuration items. Answer: D Section: (none) Explanation/Reference:
QUESTION 38 You must configure port 1/1 on a ProCurve Routing Switch 9300m to act as a switch-to-switch link with a Switch 5300xl. The link must have the following characteristics: A. carry traffic for user VLANs 10 and 30
B. carry management traffic in VLAN 1 C. preserve all Layer 2 prioritization information inserted by hosts in the user VLANs Which steps are necessary to enable this configuration? D. Make port 1/1 an untagged member of VLAN 1 and issue the ip route command in the VLAN configuration contexts for VLAN 10 and VLAN 30. E. Make port 1/1 a tagged member of all three VLANs and configure an IP address in the switch's global configuration context. F. Make port 1/1 a tagged member of VLAN 10 and VLAN 30 and issue the dual-mode command in the interface configuration context. G. Make port 1/1 a tagged member of VLAN 10 and VLAN 30 and assign an IP address to the router interface associated with each VLAN. Answer: C Section: (none) Explanation/Reference:
QUESTION 39 What is a benefit of defining a static default route on a router or routing switch? A. B. C. D.
It minimizes the size of the routing table. It enables traffic to be balanced over several paths. It defines a set of router interfaces that support layer 2 forwarding. It enables the use of a loopback interface.
Answer: A Section: (none) Explanation/Reference:
QUESTION 40 What types of trunks can be configured on the ProCurve Routing Switch 9300m? Select TWO. A. B. C. D. E.
switch trunk uplink trunk server trunk edge trunk host trunk
Answer: AC Section: (none) Explanation/Reference:
QUESTION 41 On a ProCurve Routing Switch 9300m, port 1/1 is a tagged member of VLAN 10 and VLAN 20 and an untagged member of VLAN 1. Port 1/2 is an untagged member of VLAN 1 and has no other VLAN memberships. What is the effect of the following command? 9300m(config)# trunk e 1/1 to 1/2 A. The trunk is created with a combination of all VLAN memberships on the ports. B. The trunk is created with no VLAN memberships, which must be configured in a separate step.
C. The trunk is created with the VLAN memberships of port e 1/1. D. The trunk is not created because the VLAN memberships of the ports do not match. Answer: D Section: (none) Explanation/Reference:
QUESTION 42 Exhibit.
On Router Certkiller 2, which default route statement will enable hosts on VLAN 30 to connect to the Internet? A. B. C. D.
ip route 0.0.0.0/0 10.1.1.2 ip route 0.0.0.0/0 10.1.30.1 ip route 0.0.0.0/0 10.1.100.2 ip route 0.0.0.0/0 10.1.100.1
Answer: D Section: (none) Explanation/Reference:
QUESTION 43 You must configure a four-port trunk connecting a ProCurve Routing Switch 9300m and a Switch 5300xl. Which rule governs the speed and media type of the ports in the trunk? A. Ports must have the same speed but can have different media types.
B. Ports can have any speed or media type. C. Ports can have different speeds, but must have the same media type. D. Ports must have the same speed and media type. Answer: D Section: (none) Explanation/Reference:
QUESTION 44 A four-port trunk connects a ProCurve Routing Switch 9300m and a Switch 5300xl. You must add the trunk to VLAN 30 as a tagged member on both switches. How does the process for performing this task differ between the two switch models? A. On the 5300xl, the tag command must specify all ports in the trunk as a range. On the 9300m, the tag command must specify the trunk by its trunk ID. B. On the 5300xl, the tag command must be applied to each port in the trunk individually. On the 9300m, the tag command is applied to all ports simultaneously. C. On the 5300xl, the tag command specifies the trunk by its logical name. On the 9300m, the tag command specifies the primary port in the trunk. D. On the 5300xl, the tag command must specify the primary port in the trunk. On the 9300m, the tag command can specify any port in the trunk. Answer: C Section: (none) Explanation/Reference:
QUESTION 45 In the output of show trunk on a ProCurve Routing Switch 9300m, Trunk 40 is listed as a configured trunk, but not as an operational trunk. Which step is necessary to make Trunk 40 operational? A. B. C. D.
Issue the trunk deploy command. Connect the cables to the other end of the trunk. Add Trunk 40 to at least one VLAN. Ensure that Trunk 40 uses a valid primary port.
Answer: A Section: (none) Explanation/Reference:
QUESTION 46 You must configure a trunk on a ProCurve Routing Switch 9300m to include ports 2/1 and 2/2. Port 2/1 is already active and configured for a switch-to-switch link. Port 2/2 is at factory defaults. Which configuration of port 2/2 is necessary before you can configure the trunk? A. B. C. D.
The port must be configured as an uplink port. The port must be designated as a non-primary port. The port must be configured with VLAN memberships that match port 2/1. The port must be associated with all router interfaces that will apply to the trunk.
Answer: C Section: (none) Explanation/Reference:
QUESTION 47 A two-port 10GbE trunk connects two ProCurve 9300m routing switches. The switches are configured so that all traffic on the link is routed. How does this configuration affect the load-sharing characteristics of the trunk? A. B. C. D.
Traffic is shared between the links according to the TCP/UDP port number. Traffic is forwarded over one link because load sharing is based on VLAN ID. Traffic is shared between the links according to the destination MAC address of each conversation. Traffic is shared between the links according to the destination IP address of each conversation.
Answer: D Section: (none) Explanation/Reference:
QUESTION 48 The output of a show 802-1w command entered at the CLI of a ProCurve Routing Switch 9300m includes an STP instance owned by VLAN 4094. What does this indicate about the switch's configuration? A. B. C. D.
that Multiple Spanning Tree has been enabled that per-VLAN Spanning Tree has been enabled that single-instance Spanning Tree has been enabled that all VLANs on the switch are members of a single Spanning Tree
Answer: C Section: (none) Explanation/Reference:
QUESTION 49 The administrator of a ProCurve Routing Switch 9300m enters spanning-tree in the global configuration context. Which Spanning Tree topology is enabled on the switch? A. B. C. D.
Single-instance Spanning Tree Rapid Spanning Tree Extended Spanning Tree Per-VLAN Spanning Tree
Answer: D Section: (none) Explanation/Reference:
QUESTION 50 By default, which ProCurve switch includes an IEEE 802.1Q tag in its Spanning Tree BPDUs?
A. B. C. D.
3400cl 4100gl 5300xl 9300m
Answer: D Section: (none) Explanation/Reference:
QUESTION 51 You must set 802.1wBridgePriorities for a ProCurve Routing Switch 9300m and a Switch 5300xl. What is a difference between the Bridge Priority settings on these two models? A. B. C. D.
On the 9300m, the Bridge Priority is set at actual value. The 5300xl uses a multiplier. The 9300m supports 4096 Bridge Priority values. The 5300xl supports 16. On the 5300xl, 0 is the lowest Bridge Priority. On the 9300m, 0 is the normal priority. The 5300xl supports a separate Bridge Priority for each STP instance. On the 9300m, a single priority is applied to all STP instances.
Answer: A Section: (none) Explanation/Reference:
QUESTION 52 Certkiller .com network includes a ProCurve Routing Switch 9300m and several 5300xl switches. If the 5300s are configured at default, which protocol must be enabled on the 9300m in order for all the switches to participate in a single Spanning Tree domain? A. B. C. D.
IEEE 802.1X IEEE 802.1Q IEEE 802.1s IEEE 802.1w
Answer: D Section: (none) Explanation/Reference:
QUESTION 53 What is the reason for configuring track ports on the ProCurve Routing Switch 9300m? A. B. C. D.
to force the switch to abandon the Master role for a VRID if a specified link fails to force the switch to issue a RIP advertisement immediately if a specified link fails to force the switch to update the administrative distance for all affected routes if a specified link fails to force the switch to assume the role of Designated Router if a specified link fails
Answer: A Section: (none) Explanation/Reference:
QUESTION 54 What industry standard, for default gateway redundancy, is supported by the ProCurve Routing Switch 9300m? A. B. C. D.
HSRP VRRP VRRPE XRRP
Answer: B Section: (none) Explanation/Reference:
QUESTION 55 You must configure VRRP on two ProCurve 9300m routing switches that are also members of a singleinstance Spanning Tree. One of the routing switches is the root bridge in the Spanning Tree. How will the switch's role in the Spanning Tree affect its VRRP configuration? A. The Spanning Tree root should be Backup for all VRIDs. B. The Spanning Tree root should be Master for all VRIDs associated with its directly connected VLANs. C. The Spanning Tree root should be Backup for all VRIDs associated with VLANs for which it does not have direct links. D. The Spanning Tree root must also be Master of all VRIDs. Answer: D Section: (none) Explanation/Reference:
QUESTION 56 Two ProCurve 9300m routing switches are configured to share six VRIDs. The switches are also members of a single-instance Spanning Tree. Why is it necessary to configure the Master of the VRIDs to also be the Spanning Tree root bridge? A. B. C. D.
to ensure Spanning Tree does not block links between hosts and their default gateways to ensure Spanning Tree does not block the link that carries VRRP advertisements to ensure Spanning Tree does not block links between the Master and edge routers to ensure Spanning Tree does not block links that enable hosts to learn the appropriate virtual IP addresses
Answer: B Section: (none) Explanation/Reference:
QUESTION 57 How is the virtual IP address of a VRID determined in VRRPE? A. The virtual IP address is configured by administrators.
B. The virtual IP address is an IP interface on the Owner of each VRID. C. The virtual IP address is the address of the first interface to come "up" in a VRID. D. The virtual IP address is negotiated by VRRPE routers. Answer: A Section: (none) Explanation/Reference:
QUESTION 58 What is a difference between the Master selection processes in VRRP and VRRPE? A. In VRRP, the Master is the router with the lowest MAC address. In VRRPE, the Master is the router with the lowest IP address. B. In VRRP, the Master is the router configured with the real IP address that will be shared. In VRRPE, the Master is the router with the highest priority setting. C. In VRRP, the Master is the router with the highest priority setting. In VRRPE, the Master is the router with the lowest priority setting. D. In VRRP, the Master is the first router to come "up" with VRRP enabled. In VRRPE, the Master is the first router to advertise its configured VRIDs. Answer: B Section: (none) Explanation/Reference:
QUESTION 59 Which configuration context must you enter before defining a VRID on the ProCurve Routing Switch 9300m? A. B. C. D.
global VRID interface VLAN
Answer: C Section: (none) Explanation/Reference:
QUESTION 60 You must install a new ProCurve Routing Switch 9300m at Certkiller .com site that uses VRRPE. The new 9300m will share a VRID with another 9300m. Which configuration parameter determines which router becomes Master of the VRID? A. B. C. D.
MAC address root priority IP address backup priority
Answer: D Section: (none)
Explanation/Reference:
QUESTION 61 A network design calls for two ProCurve 9300m routing switches to provide VRRP services to four VLANs. No other routers will participate in these VRIDs. How can the designer enable load sharing between the routers? A. B. C. D.
Configure both routers with the same VRRP priority value. Configure each router to be Master for two VRIDs. Configure all links between the routers to carry all VLANs. Configure all VLANs for redundant links to both routers.
Answer: B Section: (none) Explanation/Reference:
QUESTION 62 On a network that uses VRRPE, which IP address must be configured as the default gateway on supported hosts? A. B. C. D.
redundant IP address backup IP address virtual IP address owner IP address
Answer: C Section: (none) Explanation/Reference:
QUESTION 63 Which statement describes a rule for the addressing of a loopback interface on a ProCurve Routing Switch 9300m? A. The IP address for a loopback interface must be 127.0.0.1 ;the mask can be defined by the user. B. The IP address for a loopback interface must be in the same subnet as the 9300m's Default VLAN. C. The IP address for a loopback interface must be in a subnet that is not used anywhere else in the domain. D. The IP address for a loopback interface must be in the same subnet as the loopback interfaces on other routers that must communicate with the 9300m. Answer: C Section: (none) Explanation/Reference:
QUESTION 64 You have configured a loopback interface on a ProCurve Routing Switch 9300m. How will this configuration affect the 9300m's route table?
A. The loopback address range will be listed in the route table as a directly connected network. B. The loopback address range will not be listed in the route table unless it is associated with a VLAN configured on the switch. C. The loopback address range will be listed in the route table with a type designation of "L." D. The loopback address range will not be listed in the route table unless a routing protocol is enabled in the loopback interface configuration context. Answer: A Section: (none) Explanation/Reference:
QUESTION 65 All ports on a ProCurve Routing Switch 9300m are configured with port-based IP interfaces, but no IPX interfaces. How will the switch handle IPX broadcast traffic originating in the Default VLAN? A. B. C. D.
The switch will drop the broadcast. The switch will flood the broadcast to all ports. The switch will flood the broadcast only to ports associated with virtual interfaces. The switch will flood the broadcast only to ports with addresses in the same range as the Default VLAN.
Answer: B Section: (none) Explanation/Reference:
QUESTION 66 Port 3/4 on a ProCurve Routing Switch 9300m is configured with a port-based IP interface. How will the switch handle a tagged packet arriving through this interface? A. B. C. D.
insert a new VLAN ID and forward. drop the packet flood the packet strip the tag and forward
Answer: B Section: (none) Explanation/Reference:
QUESTION 67 Which statement describes an advantage of using virtual interfaces instead of port-based interfaces on a ProCurve Routing Switch 9300m? A. B. C. D.
Virtual interfaces permit more flexibility in the definition of broadcast domains. Virtual interfaces enable the switch to participate in RIP and OSPF routing domains. Virtual interfaces enhance 9300m performance by forwarding all traffic at Layer 3. Virtual interfaces prevent loops from forming in the 9300m's Default VLAN.
Answer: A Section: (none)
Explanation/Reference:
QUESTION 68 How does the following command affect VLAN support on the ProCurve Routing Switch 9300m? 9300m(config-if-e1000-1/1)#ip address 10.1.65.1/24 A. B. C. D.
Port 1/1 is removed from the Default VLAN. No user VLANs can be configured on the switch. Port 1/1 cannot be added to any user VLANs. Only protocol-based VLANs can be configured on the switch.
Answer: C Section: (none) Explanation/Reference:
QUESTION 69 Which type of interface is associated with a routing switch but not with a traditional router? A. B. C. D.
physical redundant virtual loopback
Answer: C Section: (none) Explanation/Reference:
QUESTION 70 What is the significance of the Gateway field in the IP route table of a ProCurve Routing Switch 9300m? A. For remote networks, it contains the IP address of the next hop router. For local networks, it contains all zeros. B. For remote networks, it contains the number of gateways or routers between this router and the destination network. For local networks, it contains all zeros. C. It contains the identity of the local interface that leads to a remote network. D. It contains the IP address of the interface that is serving as the primary default gateway for connected hosts. Answer: A Section: (none) Explanation/Reference:
QUESTION 71 Exhibit
Assuming RIP is enabled on all interfaces on all 9308m routers, how can Router Certkiller 1 be configured to accept a default route only from Router Certkiller 2? A. B. C. D.
enter learn-default ve 30 in the RIP configuration context enter ip route 0.0.0.0/0 10.1.30.1 in the global configuration context enter ip rip no learn-default in the ve 31 and ve 32 contexts enter ip rip learn-default in the ve 30 context
Answer: D Section: (none) Explanation/Reference:
QUESTION 72 An administrator enters the following command at the CLI of a ProCurve Routing Switch 9300m: 9300m(config)#router rip What further step is required to enable RIP on the router? A. B. C. D.
Enable RIP in VLAN configuration context. Enable RIP in interface configuration context. Enable RIP in network configuration context. Enable RIP in IP configuration context.
Answer: B Section: (none) Explanation/Reference:
QUESTION 73 The output of the show span command on a ProCurve Routing Switch 9300m shows that port 7/2 is in Blocking state. How will this affect the switch's ability to send and receive IP routing updates on port 7/2?
A. B. C. D.
The 9300m will not send or receive routing updates through port 7/2. The 9300m will send routing updates through port 7/2 but will not accept updates from other routers. The 9300m will include routing updates in its Spanning Tree BPDUs sent through port 7/2. The 9300m will locate an unblocked path for all necessary routing updates.
Answer: A Section: (none) Explanation/Reference:
QUESTION 74 You must use the debug utility to examine information about RIP events on a ProCurve Routing Switch 9300m. Which 9300m management interface can you use for this task? A. B. C. D.
Telnet web console SNMP
Answer: C Section: (none) Explanation/Reference:
QUESTION 75 Which statements describe the conditions necessary to enable a group of networks to be manually summarized? Select TWO. A. B. C. D. E.
The address ranges to be summarized must be within different OSPF areas. All of the networks to be summarized must be directly connected to a neighbor router. All of the networks to be summarized must be accessible through a neighbor router interface. The address ranges to be summarized must include all of the subnets within a classful network. All of the networks to be summarized must be in a range that can be expressed using a starting address and mask.
Answer: CE Section: (none) Explanation/Reference:
QUESTION 76 A ProCurve Switch 5300xl is configured to perform auto-summarization. In the switch's IP route table, what type will be listed for the summarized ranges? A. B. C. D.
directly connected static RIP OSPF
Answer: C Section: (none)
Explanation/Reference:
QUESTION 77 When does a router use administrative distance to determine which route to include in its route table? A. when the router learned about multiple routes with equal-cost paths to the same destination B. when the router learned about multiple routes to the same destination from different routing protocols or static configuration C. when the router learned about multiple routes to the same destination from different sources using the same routing protocol D. when the router is configured with static routes to the same destination that specify the same cost but different next hop router interfaces Answer: B Section: (none) Explanation/Reference:
QUESTION 78 When performing manual summarization, why is it recommended to disable RIP on the interface that leads to the summarized networks? A. B. C. D.
to allow the router to auto-summarize ranges on other interfaces to avoid advertising the static route used for summarization to routers connected to the interface to enable the static route used for summarization to be advertised over downstream router interfaces to prevent the router from receiving information about networks already in the routing table
Answer: D Section: (none) Explanation/Reference:
QUESTION 79 What are the advantages of implementing IP routing technologies at the network edge? Select TWO. A. B. C. D. E.
decrease load on network core provide more bandwidth per user eliminate need for routing protocols create smaller, localized broadcast domains enhance support for default gateway redundancy
Answer: AD Section: (none) Explanation/Reference:
QUESTION 80 Exhibit.
Assume RIP is configured correctly on all routers. What is a potential problem with this topology? A. B. C. D.
Hosts in VLAN 10 cannot contact hosts in VLAN 30. VLAN 1 is susceptible to broadcast storms. Router1 is not Telnet accessible. The link between Router Certkiller 1 and Router Certkiller 2 will not carry user traffic.
Answer: B Section: (none) Explanation/Reference:
QUESTION 81 By default, how does a ProCurve Switch 5300xl select its OSPF Router ID? A. B. C. D.
The loopback address becomes the Router ID. The Default VLAN IP address becomes the Router ID. The lowest IP address assigned to an OSPF interface becomes the Router ID. The Router ID is determined by exchanging advertisements with adjacent routers.
Answer: C Section: (none) Explanation/Reference:
QUESTION 82 Which statement describes how the ProCurve Routing Switch 9300m handles equal-cost OSPF paths? A. When two equal cost paths exist, the routing switch can balance traffic across them.
B. When several equal cost paths exist, the switch will block all but one path. C. When two or more equal cost paths exist, the routing switch uses all paths to maintain redundant connections to other routers. D. When several equal cost paths exist, the routing switch uses the first path that appeared in the routing table. Answer: A Section: (none) Explanation/Reference:
QUESTION 83 Exhibit
What does the state of "2WAY/OTHER" indicate about this ProCurve Routing Switch 9300m and its OSPF neighbor on v100? A. B. C. D.
They are in different areas. They are both BDRs in an OSPF area. They are configured for different OSPF versions. They have not formed an adjacency.
Answer: D Section: (none) Explanation/Reference:
QUESTION 84 A ProCurve Routing Switch 9300m must evaluate two routes to the same destination network. One route was learned through OSPF. The other route is a static route. How will the 9300m forward traffic toward destinations in this network? A. B. C. D.
using both routes using the static route using the OSPF route using the first route it hears
Answer: B Section: (none) Explanation/Reference:
QUESTION 85 The event log of a ProCurve Routing Switch 9300m shows that OSPF Hello packets from one neighbor are rejected as "bad." What is a possible cause for this event? A. B. C. D.
The 9300m and the neighbor are forming an adjacency. The neighbor is configured as a DR. The area configurations of the routers do not match. OSPF is not enabled on the interface where the messages arrive.
Answer: C Section: (none) Explanation/Reference:
QUESTION 86 A ProCurve Routing Switch 9300m is configured for OSPF routing. The switch's IP route table includes two equal-cost paths to one network. How will the 9300m handle packets destined for this network? A. B. C. D.
It will use the path in the most recent LSA. It will forward to the gateway with the lowest Router ID. It will use the path with the lowest administrative distance. It will balance the load between the two paths.
Answer: D Section: (none) Explanation/Reference:
QUESTION 87 Which actions are required to define an OSPF router as an ABR? Select TWO. A. B. C. D. E.
Associate different OSPF interfaces with at least two area IDs. Set OSPF priority to 0 for all non-backbone interfaces. Enable OSPF only on interfaces that connect to unique areas. Enable OSPF redistribution in the OSPF configuration context. Define two or more area IDs within the OSPF configuration context.
Answer: AE Section: (none) Explanation/Reference:
QUESTION 88 All interfaces of a ProCurve Switch 5300xl are members of OSPF area 5. What does this indicate? A. B. C. D.
Area 5 is a transit area. Area 5 is a not so stubby area (NSSA). The 5300xl is an internal router. The 5300xl cannot be elected Designated Router.
Answer: C Section: (none) Explanation/Reference:
QUESTION 89 A ProCurve Routing Switch 9300m must be configured to be the ABR for OSPF areas 0 and 5. While enabling this configuration, an administrator enters the following command at the switch's CLI: 9300m(config-ospf-router)#area 5 stub 2 no-summary How will this affect the route tables of other routers in area 5? A. B. C. D.
Only directly connected routes will be listed. The only OSPF route will be the interface with the 9300m. Every route known to the 9300m will be listed with a separate gateway and cost. All OSPF routes outside area 5 will be summarized as a default route.
Answer: D Section: (none) Explanation/Reference:
QUESTION 90 A ProCurve Routing Switch 9300m will be the ABR for OSPF areas 0 and 6. While enabling this configuration, an administrator enters the following command at the switch's CLI: 9300m(config-lbif-1)#ip ospf area 6 What is the effect of this command? A. B. C. D.
The loopback interface will be included in the non-backbone area. The loopback interface will be a stub area. The loopback interface will not be advertised in summary LSAs. The loopback interface will not be accessible to hosts in networks outside of area 6.
Answer: A Section: (none) Explanation/Reference:
QUESTION 91 The IP route table of ProCurve Routing Switch 9300m includes routes learned through RIP and through OSPF. Which step is necessary to enable the router to include the RIP routes in its LinkStateAdvertisements? A. B. C. D.
Enable RIP on all OSPF interfaces. Configure RIP redistribution in the OSPF configuration context. Enable RIP auto-summarization in the OSPF configuration context. Configure the router as an ABR for all areas that should receive the RIP routes.
Answer: B Section: (none) Explanation/Reference:
QUESTION 92 What is the effect of the following command entered at the CLI of a ProCurve Routing Switch 9300m? 9300m(config-ospf-router)#redistribute connected A. B. C. D.
The 9300m will add directly connected routes to its Summary LSAs. The 9300m will broadcast information about its directly connected routes. The 9300m will issue special LSAs to inform neighbors of its directly connected routes. The 9300m will summarize the address ranges of directly connected routes in its Summary LSAs.
Answer: A Section: (none) Explanation/Reference:
QUESTION 93 What is a valid application for ACLs on the ProCurve Routing Switch 9300m? A. B. C. D.
balancing traffic across redundant links defining address pools to be used in NAT summarizing routes learned through OSPF choosing between equal-cost paths in the IP route table
Answer: B Section: (none) Explanation/Reference:
QUESTION 94 Why are extended ACLs more appropriate for traffic-filtering applications than standard ACLs? A. B. C. D.
Extended ACLs use simpler syntax. Extended ACLs use bandwidth more efficiently. Extended ACLs support more matching criteria. Extended ACLs are easier to deploy on multiple switches.
Answer: C Section: (none) Explanation/Reference:
QUESTION 95 While planning an ACL configuration, the administrator of a ProCurve Routing Switch 9300m chooses 101 as the ID for a numbered ACL. Which statement describes the ACL? A. B. C. D.
The ACL will not support the use of wildcard masks. The ACL can use only the source address for matching. The ACL can use only the destination address for matching. The ACL can use well-known port numbers as matching criteria.
Answer: D Section: (none)
Explanation/Reference:
QUESTION 96 What is the effect of the following ACL when it is applied inbound to a router interface? access-list 101 permit tcp any any eq telnet A. B. C. D.
The router will allow all Telnet traffic sent through this interface. Other traffic will be denied. The router will allow all Telnet traffic received through this interface. Other traffic will be denied. The router will deny all Telnet traffic sent through this interface. All other traffic will be permitted. The router will allow all Telnet traffic sent or received on this interface. Other traffic will be denied.
Answer: B Section: (none) Explanation/Reference:
QUESTION 97 The administrator of a ProCurve Routing Switch 9300m defines an ACL that includes four entries. How will the switch determine the order in which the entries will be applied to network traffic? A. B. C. D.
Packets will be tested against ACL entries in the order the entries were defined. Packets will be tested against ACL entries in ascending order by source address range. Packets will be tested against ACL entries in ascending order by destination address range. Packets will be tested against the ACL entries in an order configured by the administrator when the ACL is applied to the interface.
Answer: A Section: (none) Explanation/Reference:
QUESTION 98 How can you apply four ACL entries to a single interface on a 9300m? A. Assign the same ACL ID to each of the four entries and use a single statement to associate the common ACL ID with the interface. B. Assign a unique ACL ID to each of the four entries and use a single command to associate the four IDs with the interface. C. Assign a unique ACL ID to each of the four entries and use a separate statement to associate each ACL ID with the interface. D. Each interface can support only one inbound ACL entry and one outbound ACL entry. Answer: A Section: (none) Explanation/Reference:
QUESTION 99 What is a difference between numbered and named ACLs on the ProCurve Routing Switch 9300m?
A. Numbered ACLs must be standard ACLs. Named ACLs can be standard or extended. B. Numbered ACLs can be applied to any interface. Named ACLs can be applied only to virtual interfaces. C. Numbered ACLs are defined at the global configuration context. Named ACLs are defined within their own configuration context. D. Numbered ACLs support only destination address as a matching criterion. Named ACLs support other criteria, including TCP and UDP port number. Answer: C Section: (none) Explanation/Reference:
QUESTION 100 You must configure an ACL to accomplish two objectives: 1) Prevent all users from accessing hosts with addresses between 172.16.0.0 and 172.16.255.255 2) Allow all users to access all other hosts Which action will accomplish these objectives? A. B. C. D.
permit ip any not 172.16.0.0/16 permit ip any not 172.16.0.0 255.255.0.0 deny ip any 172.16.0.0 255.255.254.0; permit ip any any deny ip any 172.16.0.0/16 ; permit ip any any
Answer: D Section: (none) Explanation/Reference:
QUESTION 101 What is the size of the address range specified in the following ACL entry? access-list 1 permit 192.168.192.0 0.0.1.255? A. B. C. D. E.
256 addresses 512 addresses 1,024 addresses 65,536 addresses 16,777,216 addresses
Answer: B Section: (none) Explanation/Reference:
QUESTION 102 On the ProCurve Routing Switch 9300m, what is a difference between hardware-based ACLs and flowbased ACLs? A. Hardware-based ACLs must be extended ACLs. Flow-based ACLs can be extended or standard. B. Hardware-based ACLs use the route table in the management module to perform lookups. Flow-based ACLs use the interface module's session table. C. Packets subject to flow-based ACLs are compared with session table entries. Packets subject to hardware-based ACLs are compared with CAMentries.
D. The application of hardware-based ACLs results in static CAM entries. CAM entries for flow-based ACLs are created as needed and aged out when not needed. Answer: D Section: (none) Explanation/Reference:
QUESTION 103 On the ProCurve Routing Switch 9300m, which step is necessary to enable the logging of system events related to ACL matching? A. B. C. D.
Enable ACL logging in the global configuration context. Enable ACL logging in the configuration context for a named ACL. Use the log parameter in the statement that creates an ACL entry. Use the log parameter in the statement that binds an ACL to an interface.
Answer: C Section: (none) Explanation/Reference:
QUESTION 104 How can you determine if a particular ACL is assigned to an interface on a ProCurve Routing Switch 9300m? A. B. C. D.
Enter show ip interface with the as a parameter. Enable ACL logging in the interface configuration context. Enter show ip access-lists with the as a parameter. Enter show ip acl-traffic with the as a parameter.
Answer: A Section: (none) Explanation/Reference:
QUESTION 105 DRAG DROP Arrange the steps to associate an IP address with an existing VLAN on a ProCurve Routing Switch 9300m.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 106 DRAG DROP Arrange the steps necessary to enable RIP on the ProCurve Switch 5300xl.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 107 DRAG DROP Arrange the steps in the proper order to enable OSPF on the ProCurve Routing Switch 9300m.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
NNM III(7.x) Advanced Number: HP0-634 Passing Score: 800 Time Limit: 120 min File Version: 1.0 H P HP0-634 NNM III(7.x) Advanced 130 Q&A Version 2.16
Exam A QUESTION 1 The default popup menu on a selected node in the Dynamic Views allows you to ____. Select TWO. A. B. C. D. E.
telnet to the node change the status of the node start a SSH session to the node perform trace route to the node view the alarms for that node Select TWO.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 2 How do you display long label names for devices on a map? A. B. C. D.
In a Dynamic View, select View -> Labels -> Long Name. In ovw, select View -> Labels -> Long Name. Use the -u option for the ipmap process. In a Dynamic View, right-click the device symbol and select Details.
Answer: A Section: (none) Explanation/Reference:
QUESTION 3 What type of statistical information is available in the Polling/Analysis summary tab in NNM Home Base? Select TWO. A. B. C. D.
nodes polled using SNMP nodes polled using ICMP interfaces polled using SNMP addresses polled using ICMP
Answer: CD Section: (none) Explanation/Reference:
QUESTION 4 What are valid HSRP Group statuses in the HSRP view? Select TWO. A. B. C. D.
major down standby unknown
E. active Answer: AD Section: (none) Explanation/Reference:
QUESTION 5 The status of devices in Overlapping Address Domains are monitored by _____ A. B. C. D. E.
netmon ovet_poll ovet_oad ovet_disco ovtopmd
Answer: B Section: (none) Explanation/Reference:
QUESTION 6 What does the OSPF table display? Select TWO. A. B. C. D.
OSPF Link cost router input and output statistics OSPF threshold alarms neighbor router name and ID
Answer: AD Section: (none) Explanation/Reference:
QUESTION 7 In NNM 7.01, a user reported that Status Polling tab is grayed out when selecting the menu Options -> Network Polling Configuration: IP/IPX, what can be the cause of this? A. B. C. D.
The NNM process netmon is running behind on polling. The NNM process netmon is not running on the collection station. You are not logged in as root or Administrator on the system. Active Problem Analyzer is configured to monitor general IP nodes.
Answer: D Section: (none) Explanation/Reference:
QUESTION 8
How do you start the Neighbor View from the Alarm Browser? A. Select Actions -> Views... -> Neighbor; or from the native Alarm Browser, select Actions -> Highlight Source On Map. B. Select Actions -> Views... -> Neighbor; but not possible from the native Alarm Browser. C. Double click on the selected alarm. D. Select Actions -> Views... -> Neighbor; or from the native Alarm Browser, select Actions -> Views -> Neighbor. Answer: D Section: (none) Explanation/Reference:
QUESTION 9 How do you print a large map onto multiple sheets of paper? A. Select File -> Poster Print Options..., then specify the number of rows and columns. B. Select a rectangular part of the graph and then select File -> Print Selected Area. Repeat the process for other parts of the graph. C. Use the Pan/View button and then move part of the graph into view and select File -> Print. Repeat the process for other parts of the graph. D. Select File -> Grid Printing..., then specify the number of rows and columns. Answer: A Section: (none) Explanation/Reference:
QUESTION 10 How would you determine how long an interface has been in the critical status in Neighbor Views? A. B. C. D.
Select the interface and then select the menu Fault -> Alarms. Right-click on the node and select Status. Right-click on the interface and select Status Poll. Place the cursor over the interface.
Answer: D Section: (none) Explanation/Reference:
QUESTION 11 What is the best description of NNM Extended Topology recurring discovery? A. Recurring discovery updates discovered information between two discovery cycles. B. Recurring discovery updates data about the network continuously. C. Recurring discovery captures data about the network as it exists during a discovery cycle regardless of previously discovered information. D. Recurring discovery captures data about the network regarding previously discovered information. Answer: C
Section: (none) Explanation/Reference:
QUESTION 12 What does NNM Extended Topology discover? A. B. C. D.
ATM Information new devices using Layer 2 MIBs and protocols Layer 4 connections between devices new devices using VLAN information
Answer: A Section: (none) Explanation/Reference:
QUESTION 13 Acme has just acquired a new company and must add new users and network services. When would they reconfigure their ET Zone Configuration. A. B. C. D.
to create or change a map filter to load new MIBs for your devices to activate SNMP Agents on managed nodes to manage existing nodes that were previously unmanaged
Answer: D Section: (none) Explanation/Reference:
QUESTION 14 What is the purpose of the ovet_bridge process? A. B. C. D.
to poll bridges and hubs to create seed files for ET Discovery to maintain the ET topology database to poll all nodes for connectivity information
Answer: B Section: (none) Explanation/Reference:
QUESTION 15 What Information is leveraged from NNM to Extended Topology for discovery purposes? Select TWO. A. NNM IP address and hostname configuration B. PD Probe configuration information C. NNM SNMP community string information
D. NNM Filter configuration E. NNM map configuration Answer: AC Section: (none) Explanation/Reference:
QUESTION 16 What is the purpose of the ovet agents? A. B. C. D.
to expand the functionality of managed devices to have device specific knowledge and send the information to ovet_disco to poll the devices continuously for changes to expand the functionality of netmon for polling devices
Answer: B Section: (none) Explanation/Reference:
QUESTION 17 Which files have to be created to configure an Overlapping IP Address Domain configuration? Select TWO. A. B. C. D. E.
oad.seed private_ip.conf dupip.seed ovdupip dupip.conf
Answer: CE Section: (none) Explanation/Reference:
QUESTION 18 Why would you rerun setupExtTopo.ovpl? Select TWO. A. B. C. D. E.
to configure Extended Topology discovery to run every 6 hours to disable certain protocols for Extended Topology to enable certain protocols for Extended Topology to add new nodes to each Zone Configuration for Extended Topology to change SNMP Configuration for Extended Topology
Answer: BC Section: (none) Explanation/Reference:
QUESTION 19
How can you configure syslog message patterns in an NNM standalone configuration? A. B. C. D.
Create pattern configurations with setupSyslog.ovpl -config and deploy with ovsyslogcfg -deploy. Use NNM event configuration GUI to create syslog message pattern. Use OVO Management Console for configuration and deployment of syslog message pattern. Create pattern configurations with ovsyslogcfg and deploy with setupSyslog.ovpl -deploy.
Answer: D Section: (none) Explanation/Reference:
QUESTION 20 How can you start a PD probe on a Windows system? A. B. C. D.
Switch to installation directory and run pdprobe.bat -start. Switch to installation directory and run pdcentral.ovpl -start. Open the services applet and start the Netpath service. Run ovstart pd from command line.
Answer: C Section: (none) Explanation/Reference:
QUESTION 21 Which statement is TRUE regarding the syslog functionality of NNM? Select TWO. A. B. C. D. E.
It writes NNM log messages into syslog. It is available for Windows environments. It is used in root cause analysis. It converts OV traps into syslog messages. It allows configurable message patterns to match.
Answer: CE Section: (none) Explanation/Reference:
QUESTION 22 How can you access the Extended Topology summary? Select TWO. A. B. C. D. E.
Run ovtopodump -et from the command line. Run ovet_topodump.ovpl from the command line. Run ovet_objectcount.ovpl from the command line. Launch any Dynamic View and select Tools -->Topology Summary Select About tab from Home Base
Answer: BD Section: (none)
Explanation/Reference:
QUESTION 23 How can you start PD probe on Unix? A. B. C. D.
Run ovstart pd from command line. Switch to the bin directory on the installation path and run pdcentral.sh -start Switch to the bin directory on the installation path and run pdprobe -start from command line. Switch to the bin directory on the installation path and run pdstart.sh
Answer: B Section: (none) Explanation/Reference:
QUESTION 24 How can you test the syslog message configuration? Select TWO. A. B. C. D. E.
test the syntax with opcpat send sample messages with opcpat send sample messages with the UNIX command line tool logger test the syntax with the UNIX command line tool awk use ovtrapgen to generate events for syslog
Answer: AC Section: (none) Explanation/Reference:
QUESTION 25 In which case do you need to create a correlation with correlation composer? When the problem requires ________. A. B. C. D.
event filtering the relationship of ascii and snmp events the relationship of events to other events event de-duplication
Answer: C Section: (none) Explanation/Reference:
QUESTION 26 You want to convert Cisco traps from your log file into NNM events. Although you have installed NNM 7, the syslogTrap process is not running. What should you run? A. setupSyslog.ovpl -standalone B. setupSyslog.ovpl -start
C. setupExtTopo.ovpl and ovstart syslogTrap D. ovstart syslogTrap Answer: A Section: (none) Explanation/Reference:
QUESTION 27 How can you determine if ovet_poll is keeping up with the defined polling intervals? A. B. C. D.
Select the Polling/Analysis Summary tab on Home Base. Review the graphs available by selecting Performance: Network Polling. Run paStatus.ovpl. Execute ovstatus -v ovet_poll.
Answer: A Section: (none) Explanation/Reference:
QUESTION 28 When converting syslog messages to SNMP traps, on which system must the syslog.log file reside? A. B. C. D.
NNM Mgmt Station on Windows NNM Mgmt Station on Unix NNM Managed Device Net Infrastructure Device
Answer: B Section: (none) Explanation/Reference:
QUESTION 29 You have configured all Extended Topology Discover Zones. After completing an Extended Topology discovery, how can you track down missing nodes? A. B. C. D.
Run ETsNoSnmpNodes .ovpl to identify nodes that did not respond. Execute snmpWalkAll.ovpl to verify SNMP access to all nodes. Compare the list of nodes in the Extended Topology database to a known good list. Query connector devices to determine which ports are unconnected.
Answer: A Section: (none) Explanation/Reference:
QUESTION 30
What is the problem If ovstatus -c shows ovet_daCDP is NOT_RUNNING? A. B. C. D.
It needs to be started; run ovstart to restart it. It is asleep; wait for the next discovery cycle when it will be active. It needs restarting; run ovstop ovet_disco and ovstart ovet_disco. It has errors; run ovstatus -v ovet_daCDP to determine the problem.
Answer: B Section: (none) Explanation/Reference:
QUESTION 31 How do you configure Extended Topology's SNMP access to managed devices? A. B. C. D.
Run ETsSnmpConfig.ovpl. Select Options:SNMP Configuration from the GUI. From Home Base, click Extended Topology Configuration and go to the SNMP tab. Run setupExtTopo.ovpl and answer all the questions.
Answer: B Section: (none) Explanation/Reference:
QUESTION 32 Which supported command should be used to query the Extended Topology database to determine if a node has been discovered? A. B. C. D.
dumpDiscoStatus.ovpl ovet_topoquery ovet_topodump.ovpl ovtopodump
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 If Extended Topology processes fail, where would you look for failure details? A. B. C. D.
syslog $OV_LOG on Unix $OV_PRIV_LOG $OV_CONF
Answer: C Section: (none) Explanation/Reference:
QUESTION 34 What are the requirements for VLAN discovery when implementing Network Node Manager v7.0 Advanced Edition solution to layout VLAN connectivity in a managed network? Select TWO. A. B. C. D.
The VLAN devices should be added to the netmon.noDiscover file. The VLAN devices should be listed in the extended topology device support list. The VLAN devices must be accessible via SNMP during the Extended Topology discovery process. Manually edit the hosts.nnm file and add the VLAN devices you wish to discover with extended topology.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 35 Which command backs-up the Extended Topology database? A. B. C. D.
ovbackup.ovpl BackupExtTopo.ovpl ovet_backup.ovpl ovet_topodump.ovpl
Answer: A Section: (none) Explanation/Reference:
QUESTION 36 NNM Advanced Edition 7 on Unix now provides a function to convert syslog messages to SNMP traps. Where is this feature documented? A. B. C. D.
in the Managing your Network with NNM manual in the Using Extended Topology manual in the Syslog Integration white paper in the Unix man pages
Answer: C Section: (none) Explanation/Reference:
QUESTION 37 What is the fastest way to define users, passwords, and associate user roles for controlling basic authentication and authorization for Dynamic Views in NNM v7.0 Starter Edition? A. B. C. D.
Modify the ovweb.conf. Modify the dynamicViewsUsers.xml. Run ovhtpasswd. Modify the tomcat.auth file.
Answer: B Section: (none) Explanation/Reference:
QUESTION 38 What is the supported mechanism for authorizing users in NNM 7 Dynamic Views? A. B. C. D.
Tomcat memory realms operating system-based user and password Java Naming and Directory Interface (JNDI) ODBC realms
Answer: A Section: (none) Explanation/Reference:
QUESTION 39 What type of encryption can be used to secure access to the Dynamic Views on a Network Node Manager Starter Edition system? A. B. C. D.
MD5 encryption Secure MD2 encryption Java Security Message Digest class MD6 Securing dynamic views in not applicable to Network Node Manager Starter Edition.
Answer: A Section: (none) Explanation/Reference:
QUESTION 40 An NNM 7 system is required to act as a Management Station in a Distributed Internet Management (DIM) environment. What is the minimum configuration of NNM 7 that needs to be ordered to support this role? A. B. C. D. E.
NNM Starter Edition 250 node pack NNM Advanced Edition 250 node pack NNM Advanced Edition 1000 node pack NNM Advanced Edition 5000 node pack NNM Advanced Edition Unlimited node pack
Answer: B Section: (none) Explanation/Reference:
QUESTION 41 An existing NNM 6.41 installation is using MS SQL server 2000 SP1 for the Data Warehouse function. It is desired to update to NNM 7. Which set of steps will result in a supported configuration?
A. update to MS SQL Server 2000 SP3; update to NNM Advanced Edition 7.0; enable Extended Topology B. update to MS SQL Server 2000 SP3; update to NNM Advanced Edition 7.0; enable Extended Topology; configure Extended Topology to use Oracle 8.1.7 C. update to MS SQL Server 2000 SP3; update to NNM Advanced Edition 7.0; enable Extended Topology; configure Extended Topology to use embedded Solid D. export all data from data warehouse; update to NNM Advanced Edition 7.0; convert system to use embedded Solid or Oracle 9.2.0.3; import data to new data warehouse, enable Extended Topology Answer: D Section: (none) Explanation/Reference:
QUESTION 42 Dynamic Views in NNM 7 allow nodes to be added and deleted from the discovered topology. Which statement is true? A. Dynamic Views now support a read-write mode. B. These actions are secured by allowing them only to occur on a browser session launched locally on the NNM system. C. The menu items to perform these actions are not enabled by default. D. These actions are secured based on NNM user credentials. Answer: D Section: (none) Explanation/Reference:
QUESTION 43 Which management cases require an Advanced Routing SPI? Select TWO. A. B. C. D.
management of VLANs management of HSRP environments management of ATM networks management of IPv6 environments
Answer: BD Section: (none) Explanation/Reference:
QUESTION 44 What does Active Problem Analyzer (APA) provide? Select TWO. A. B. C. D.
monitoring Overlapping Address Domain nodes monitoring of Frame Relay DLCIs monitoring of HSRP groups and maintaining their status path analysis for IP networks
Answer: AC Section: (none) Explanation/Reference:
QUESTION 45 Which components are only available in NNM Advanced Edition? Select TWO. A. B. C. D. E.
Active Problem Analyzer NNM Dynamic Views Problem Diagnosis Correlation Composer Home Base
Answer: AC Section: (none) Explanation/Reference:
QUESTION 46 Which components are part of NNM Starter Edition? Select TWO. A. B. C. D. E.
Problem Diagnosis Probes Dynamic Views Active Problem Analyzer Intelligent Diagnostics for Networks Correlation Composer
Answer: BE Section: (none) Explanation/Reference:
QUESTION 47 NNM can manage multiple domains that use private IP addresses. It is common to have the same (duplicate) private IP addresses in more than one domain. What is the correct process for configuring NNM to collect in Overlapping Address Domains (OAD)? A. Create seed files for one domain; initiate discovery for all zones; test with ovdupip syntax checker. B. Define overlapping domains; create seed file per domain; test with ovdupip syntax checker; initiate discovery for client zones that contain OAD nodes. C. Define overlapping domains; test with ovdupip syntax checker; close all browsers; restart NNM processes. D. Create seed files for all domains and initiate discovery for all zones. Answer: B Section: (none) Explanation/Reference:
QUESTION 48 If changes are made to a device's SNMP community string configuration in NNM, Extended Topology will _______. A. apply the changes during the next polling cycle if APA polling is enabled B. need to be stopped, and have the new SNMP community string added to the PaConfig.xml file C. disregard the device until all NNM processes are stopped and restarted to recognize the new configuration D. apply the changes during the next discovery cycle Answer: D Section: (none) Explanation/Reference:
QUESTION 49 You can limit the discovery domain of the Extended Topology discovery by adding nodes you do not wish to discover to _________. A. B. C. D.
netmon.migrateable etNode.noDiscover apa.noDiscover bridge.noDiscover
Answer: D Section: (none) Explanation/Reference:
QUESTION 50 In the Syslog integration, NNM includes 10 out-of-the-box template conditions for which Syslog messages are mapped to OpenView SNMP traps. It is possible to customize the Syslog to NNM template. Which command is used to launch the Syslog Trap Mapping Configuration interface? A. B. C. D.
ovsetupsyslog syslogtrap.bat syslogcfg.ovpl ovsyslogcfg
Answer: D Section: (none) Explanation/Reference:
QUESTION 51 Which files can be used to configure NNM to manage Overlapping Address Domains (OAD)? A. B. C. D.
ovdupip.exe and dupip.set dupip.conf and dupip.seed dupip.conf and dupip.set ovdupip.seed and dupip.address
Answer: B Section: (none) Explanation/Reference:
QUESTION 52 How can you test Extended Topology discovery zones for validity? Select TWO. A. B. C. D.
OVW Options menu > Extended Topology Configuration Home Base > Extended Topology Configuration Command Line > etZoneTest.ovpl Command Line > autozone.ovpl
Answer: AB Section: (none) Explanation/Reference:
QUESTION 53 You want to manually adjust the Active Problem Analyzer (APA) status polling frequencies based upon extended topology filters using NNM 7.01. Which file located in the %OV_CONF%\nnmet directory should you modify? A. B. C. D.
paConfig.xml APApollingInterval.conf poller.conf statusConfig.xml
Answer: A Section: (none) Explanation/Reference:
QUESTION 54 If NNM attempts to contact a node using SNMP and the SNMP request times out, which file does NNM look for so it can be configured to contain additional community names for the node? A. B. C. D.
netmon.cmstr snmp.conf ovCommunityString.conf cmstr.xml
Answer: A Section: (none) Explanation/Reference:
QUESTION 55 The command ovfiltertest is used to test filter definitions against which NNM database?
A. B. C. D. E.
Topology Event Object Trend Map
Answer: C Section: (none) Explanation/Reference:
QUESTION 56 In an NNM distributed environment, a Collection Station has unmanaged devices in topology. When ET is enabled on this Collection Station, these unmanaged devices appear in the ET dynamic views. What is the appropriate way to limit these unmanaged devices from being discovered and polled by ET? A. B. C. D.
list these devices in the snmp.noDiscover file and redo discovery list these devices in the bridge.noDiscover file and redo discovery build a map filter that does not include these devices delete these devices in the NNM ovw map
Answer: B Section: (none) Explanation/Reference:
QUESTION 57 Which actions are allowed in Correlation Composer Operator Mode? Select TWO. A. B. C. D.
Deploy correlators into production environment. Create new correlators. Create correlator stores Configure parameters for existing correlations.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 58 How do you configure Problem Diagnosis (PD) Probes to report to multiple PD Servers? Select TWO. A. B. C. D. E.
Add Probe to pdconfig.xml on your PD Management Server. Add PD Management Server to npprobe.conf on the probe system. Add PD Management Server to pdconfig.xml on the probe system. Add Probe to npprobe.conf on your PD Management Server. Select Probe in PD View on Home Base.
Answer: AB Section: (none)
Explanation/Reference:
QUESTION 59 How can you get a list of nodes that do not respond to SNMP requests during Extended Topology discovery? A. B. C. D.
Run ovet_topodump.ovpl -NoSnmp from the command line. Run ETsNoSnmpNodes.ovpl from the command line. Run dumpDiscoStatus.ovpl -NoSnmpNodes from the command line. Run ovet_topoobjcount.ovpl from the command line.
Answer: B Section: (none) Explanation/Reference:
QUESTION 60 In Correlation Composer, the Enhance correlator template is used to _________. A. B. C. D. E.
create new events or to augment the information content of an event define a relationship among different incoming event types count the number of events in a time period; it can issue a threshold event if too many are received discard duplicate events within a time window discard unwanted events
Answer: A Section: (none) Explanation/Reference:
QUESTION 61 How do you control the frequency of status polling for IPv6 nodes? A. IPv6 status polling occurs in the same intervals like ET discovery and has to be controlled over Extended Topology configuration from Homebase. B. Edit IPv6Prefix.conf and enter the systems, polling interval, and timeout values. C. Edit IPv6Polling.conf and enter the systems, polling interval, and timeout values. D. IPv6 status polling is configured in the SNMP Polling configuration from NNM. Answer: C Section: (none) Explanation/Reference:
QUESTION 62 How can you start the Correlation Composer in Developer Mode? A. Run ovcomposer -m d from the command line. B. Run ovcomposer -m o from the command line. C. Run ecsmgr -m o from command line.
D. In ECS Configuration Management GUI, select Composer row and click the [Modify] - button. Answer: A Section: (none) Explanation/Reference:
QUESTION 63 How can you check details of Extended Topology discovery progress and status from the command line? A. B. C. D. E.
Execute ovet_topodump.ovpl. Execute ETsNoSNMPNodes.ovpl. Execute ovstatus -v netmon. Execute dumpDiscoStatus.ovpl. Execute ovstatus -v ovet_disco.
Answer: E Section: (none) Explanation/Reference:
QUESTION 64 You are integrating a new router management application into the Dynamic Views menu through a URL. You only want your router-certified operators to have access to this application. What should you edit to create a new role for router operators? A. B. C. D.
web.xml file session.conf and run ovhtpasswd.ovpl web.xml and the dynamicViewsUsers.xml files dynamicViews.xml and menusettings.xml files
Answer: C Section: (none) Explanation/Reference:
QUESTION 65 How can you configure event de-duplication? A. B. C. D.
Create a suppress correlation in Correlation Composer. Add Alarm signature to OV_CONF\dedup.conf. Configure a filter in the alarm browser. Create an event filter in NNM event configuration.
Answer: B Section: (none) Explanation/Reference:
QUESTION 66
What is the supported mechanism for authorizing users in NNM 7 Dynamic Views? A. B. C. D.
Tomcat memory realms operating system-based user and password Java Naming and Directory Interface (JNDI) ODBC realms
Answer: A Section: (none) Explanation/Reference:
QUESTION 67 Dynamic Views in NNM 7 allow nodes to be added and deleted from the discovered topology. Which statement is true? A. Dynamic Views now support a read-write mode. B. These actions are secured by allowing them only to occur on a browser session launched locally on the NNM system. C. The menu items to perform these actions are not enabled by default. D. These actions are secured based on NNM user credentials. Answer: D Section: (none) Explanation/Reference:
QUESTION 68 An NNM 7 system is required to act as a Management Station in a Distributed Internet Management (DIM) environment. What is the minimum configuration of NNM 7 that needs to be ordered to support this role? A. B. C. D. E.
NNM Starter Edition 250 node pack NNM Advanced Edition 250 node pack NNM Advanced Edition 1000 node pack NNM Advanced Edition 5000 node pack NNM Advanced Edition Unlimited node pack
Answer: B Section: (none) Explanation/Reference:
QUESTION 69 What is the fastest way to define users, passwords, and associate user roles for controlling basic authentication and authorization for Dynamic Views in NNM v7.0 Starter Edition? A. B. C. D.
Modify the ovweb.conf. Modify the dynamicViewsUsers.xml. Run ovhtpasswd. Modify the tomcat.auth file.
Answer: B Section: (none) Explanation/Reference:
QUESTION 70 The Extended Topology component of NNM Advanced Edition 7 only supports specific devices. Where can this device list be found? A. B. C. D.
in the Using Extended Topology online manual from the online help menu item: Device Support on the web site: http://www.openview.hp.com by executing the command: checkETDevices.ovpl
Answer: C Section: (none) Explanation/Reference:
QUESTION 71 What are the requirements for VLAN discovery when implementing Network Node Manager v7.0 Advanced Edition solution to layout VLAN connectivity in a managed network? Select TWO. A. B. C. D.
The VLAN devices should be added to the netmon.noDiscover file. The VLAN devices should be listed in the extended topology device support list. The VLAN devices must be accessible via SNMP during the Extended Topology discovery process. Manually edit the hosts.nnm file and add the VLAN devices you wish to discover with extended topology.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 72 Which command backs-up the Extended Topology database? A. B. C. D.
ovbackup.ovpl BackupExtTopo.ovpl ovet_backup.ovpl ovet_topodump.ovpl
Answer: A Section: (none) Explanation/Reference:
QUESTION 73 What type of encryption can be used to secure access to the Dynamic Views on a Network Node Manager Starter Edition system?
A. B. C. D.
MD5 encryption Secure MD2 encryption Java Security Message Digest class MD6 Securing dynamic views in not applicable to Network Node Manager Starter Edition.
Answer: A Section: (none) Explanation/Reference:
QUESTION 74 Which browser is supported on NNM 7.0 Dynamic Views? A. B. C. D.
Netscape Navigator 6.2 Opera 7.23 Mozilla 1.4 MS Internet Explorer 5.0
Answer: C Section: (none) Explanation/Reference:
QUESTION 75 In the Syslog integration, NNM includes 10 out-of-the-box template conditions for which Syslog messages are mapped to OpenView SNMP traps. It is possible to customize the Syslog to NNM template. Which command is used to launch the Syslog Trap Mapping Configuration interface? A. B. C. D.
ovsetupsyslog syslogtrap.bat syslogcfg.ovpl ovsyslogcfg
Answer: D Section: (none) Explanation/Reference:
QUESTION 76 How do you enable Active Problem Analyzer polling and disable status polling using the netmon process? A. B. C. D.
etConfig.ovpl PAPolling apaConfig.ovpl nable ovet_apaConfig.ovpl nable APAPolling et_apaConfig.ovpl nable
Answer: C Section: (none) Explanation/Reference:
QUESTION 77 NNM can manage multiple domains that use private IP addresses. It is common to have the same (duplicate) private IP addresses in more than one domain. What is the correct process for configuring NNM to collect in Overlapping Address Domains (OAD)? A. Create seed files for one domain; initiate discovery for all zones; test with ovdupip syntax checker. B. Define overlapping domains; create seed file per domain; test with ovdupip syntax checker; initiate discovery for client zones that contain OAD nodes. C. Define overlapping domains; test with ovdupip syntax checker; close all browsers; restart NNM processes. D. Create seed files for all domains and initiate discovery for all zones. Answer: B Section: (none) Explanation/Reference:
QUESTION 78 After installing NNM, the Problem Diagnosis probes need to be configured. How can the parameters be adjusted in the pdconf.xml file? A. B. C. D.
add probes, tune brownout parameters, change server and probe ports assign probes to multiple servers, configure routing hop limits, declare path names a)deploy remote probes, tune alarm conditions, declare loopback address add probes, configure routing hop limits, change ports
Answer: A Section: (none) Explanation/Reference:
QUESTION 79 You can limit the discovery domain of the Extended Topology discovery by adding nodes you do not wish to discover to _________. A. B. C. D.
netmon.migrateable etNode.noDiscover apa.noDiscover bridge.noDiscover
Answer: D Section: (none) Explanation/Reference:
QUESTION 80 You want to manually adjust the Active Problem Analyzer (APA) status polling frequencies based upon extended topology filters using NNM 7.01. Which file located in the %OV_CONF%\nnmet directory should you modify? A. paConfig.xml
B. APApollingInterval.conf C. poller.conf D. statusConfig.xml Answer: A Section: (none) Explanation/Reference:
QUESTION 81 After the initial Extended Topology discovery has finished, by default, Extended Topology will not initiate another discovery until _______. A. B. C. D.
1 week from when the last discovery finished NNM is restarted a new Extended Topology discovery is manually initiated 2500 NNM topology changes occur
Answer: D Section: (none) Explanation/Reference:
QUESTION 82 NNM can manage network equipment using Syslog messages. Certain types of network equipment do not have SNMP traps nor support MIBs for all error and warning conditions. What is the correct command to install the Syslog services for NNM in standalone mode? A. B. C. D.
setupSyslog.ovpl ?server setupSyslog.ovpl ?server_name setupSyslog.ovpl tandalone setupSyslog.ovpl eploy
Answer: C Section: (none) Explanation/Reference:
QUESTION 83 Which URL can you use to access the NNM Home Base from your browser? A. B. C. D.
http://hostname:3443 http://hostname:80/HomeBase.html http://hostname:7510 http://hostname:8880
Answer: C Section: (none) Explanation/Reference:
QUESTION 84 In an NNM distributed environment, a Collection Station has unmanaged devices in topology. When ET is enabled on this Collection Station, these unmanaged devices appear in the ET dynamic views. What is the appropriate way to limit these unmanaged devices from being discovered and polled by ET? A. B. C. D.
list these devices in the snmp.noDiscover file and redo discovery list these devices in the bridge.noDiscover file and redo discovery build a map filter that does not include these devices delete these devices in the NNM ovw map
Answer: B Section: (none) Explanation/Reference:
QUESTION 85 How do you control the frequency of status polling for IPv6 nodes? A. IPv6 status polling occurs in the same intervals like ET discovery and has to be controlled over Extended Topology configuration from Homebase. B. Edit IPv6Prefix.conf and enter the systems, polling interval, and timeout values. C. Edit IPv6Polling.conf and enter the systems, polling interval, and timeout values. D. IPv6 status polling is configured in the SNMP Polling configuration from NNM. Answer: C Section: (none) Explanation/Reference:
QUESTION 86 How can you configure event de-duplication? A. B. C. D.
Create a suppress correlation in Correlation Composer. Add Alarm signature to OV_CONF\dedup.conf. Configure a filter in the alarm browser. Create an event filter in NNM event configuration.
Answer: B Section: (none) Explanation/Reference:
QUESTION 87 How can you check details of Extended Topology discovery progress and status from the command line? A. B. C. D.
Execute ovet_topodump.ovpl. Execute ETsNoSNMPNodes.ovpl. Execute ovstatus -v netmon. Execute dumpDiscoStatus.ovpl.
E. Execute ovstatus -v ovet_disco. Answer: E Section: (none) Explanation/Reference:
QUESTION 88 In the Correlation Composer, the Suppress correlator template is used to _________. A. B. C. D. E.
create new events or to augment the information content of an event to define a relationship among different incoming event types count the number of events in a time period. It can issue a threshold event if too many are received discard duplicate events within a time window discard unwanted events
Answer: E Section: (none) Explanation/Reference:
QUESTION 89 How can you get a list of nodes that do not respond to SNMP requests during Extended Topology discovery? A. B. C. D.
Run ovet_topodump.ovpl -NoSnmp from the command line. Run ETsNoSnmpNodes.ovpl from the command line. Run dumpDiscoStatus.ovpl -NoSnmpNodes from the command line. Run ovet_topoobjcount.ovpl from the command line.
Answer: B Section: (none) Explanation/Reference:
QUESTION 90 Which actions are allowed in Correlation Composer Operator Mode? Select TWO. A. B. C. D.
Deploy correlators into production environment. Create new correlators. Create correlator stores Configure parameters for existing correlations.
Answer: AD Section: (none) Explanation/Reference:
QUESTION 91 How do you configure Problem Diagnosis (PD) Probes to report to multiple PD Servers? Select TWO.
A. B. C. D. E.
Add Probe to pdconfig.xml on your PD Management Server. Add PD Management Server to npprobe.conf on the probe system. Add PD Management Server to pdconfig.xml on the probe system. Add Probe to npprobe.conf on your PD Management Server. Select Probe in PD View on Home Base.
Answer: AB Section: (none) Explanation/Reference:
QUESTION 92 How can you start the Correlation Composer in Operator mode? A. B. C. D.
Run ovcomposer -m d from the command line. Start -> Programs -> HP Openview -> Correlation Composer Run ovcomposer -m o from the command line. Run ecsmgr -m o from the command line.
Answer: C Section: (none) Explanation/Reference:
QUESTION 93 Dynamic Views security is based on _______. A. B. C. D.
user credentials from the operating system tomcat memory realms user credentials created by ovhtpasswd user credentials from web launcher
Answer: B Section: (none) Explanation/Reference:
QUESTION 94 How do you obtain the complete version number of NNM installed on a system? A. B. C. D.
Run nnmlicvers -v. Run ovversion -patchlist. Select Help:About and click [More Info] in ovw. Start Home Base and click [Version List].
Answer: C Section: (none) Explanation/Reference:
QUESTION 95 Which supported command should be used to query the Extended Topology database to determine if a node has been discovered? A. B. C. D.
dumpDiscoStatus.ovpl ovet_topoquery ovet_topodump.ovpl ovtopodump
Answer: C Section: (none) Explanation/Reference:
QUESTION 96 You have configured all Extended Topology Discover Zones. After completing an Extended Topology discovery, how can you track down missing nodes? A. B. C. D.
Run ETsNoSnmpNodes .ovpl to identify nodes that did not respond. Execute snmpWalkAll.ovpl to verify SNMP access to all nodes. Compare the list of nodes in the Extended Topology database to a known good list. Query connector devices to determine which ports are unconnected.
Answer: A Section: (none) Explanation/Reference:
QUESTION 97 Which information is logged in the Composer $MERGE_LOG_FILE? A. B. C. D.
details of correlator development details of correlator deployment all events entering the ECS engine user changes to correlations
Answer: B Section: (none) Explanation/Reference:
QUESTION 98 How do you configure Extended Topology's SNMP access to managed devices? A. B. C. D.
Run ETsSnmpConfig.ovpl. Select Options:SNMP Configuration from the GUI. From Home Base, click Extended Topology Configuration and go to the SNMP tab. Run setupExtTopo.ovpl and answer all the questions.
Answer: B
Section: (none) Explanation/Reference:
QUESTION 99 How can you determine if ovet_poll is keeping up with the defined polling intervals? A. B. C. D.
Select the Polling/Analysis Summary tab on Home Base. Review the graphs available by selecting Performance: Network Polling. Run paStatus.ovpl. Execute ovstatus -v ovet_poll.
Answer: A Section: (none) Explanation/Reference:
QUESTION 100 You want to convert Cisco traps from your log file into NNM events. Although you have installed NNM 7, the syslogTrap process is not running. What should you run? A. B. C. D.
setupSyslog.ovpl -standalone setupSyslog.ovpl -start setupExtTopo.ovpl and ovstart syslogTrap ovstart syslogTrap
Answer: A Section: (none) Explanation/Reference:
QUESTION 101 What is the problem If ovstatus -c shows ovet_daCDP is NOT_RUNNING? A. B. C. D.
It needs to be started; run ovstart to restart it. It is asleep; wait for the next discovery cycle when it will be active. It needs restarting; run ovstop ovet_disco and ovstart ovet_disco. It has errors; run ovstatus -v ovet_daCDP to determine the problem.
Answer: B Section: (none) Explanation/Reference:
QUESTION 102 What are valid HSRP Group statuses in the HSRP view? Select TWO. A. major B. down
C. standby D. unknown E. active Answer: AD Section: (none) Explanation/Reference:
QUESTION 103 What type of statistical information is available in the Polling/Analysis summary tab in NNM Home Base? Select TWO. A. B. C. D.
nodes polled using SNMP nodes polled using ICMP interfaces polled using SNMP addresses polled using ICMP
Answer: CD Section: (none) Explanation/Reference:
QUESTION 104 Which statement is true regarding Active Tables? Select TWO. A. B. C. D.
You can modify the table element by right-clicking on the element and selecting Modify. You can hide a column by Right-clicking on the column title in the table header and selecting Hide. You can Search for data by Right-clicking in the table header and selecting Find. You can save the changes to the Dynamic Views by selecting File->Save.
Answer: BC Section: (none) Explanation/Reference:
QUESTION 105 How do you display long label names for devices on a map? A. B. C. D.
In a Dynamic View, select View -> Labels -> Long Name. In ovw, select View -> Labels -> Long Name. Use the -u option for the ipmap process. In a Dynamic View, right-click the device symbol and select Details.
Answer: A Section: (none) Explanation/Reference:
QUESTION 106
What are the possible path statuses in Problem Diagnosis? A. B. C. D.
normal, unknown, critical up, down normal, warning, minor, major, critical managed, unmanaged
Answer: A Section: (none) Explanation/Reference:
QUESTION 107 What does the OSPF table display? Select TWO. A. B. C. D.
OSPF Link cost router input and output statistics OSPF threshold alarms neighbor router name and ID
Answer: AD Section: (none) Explanation/Reference:
QUESTION 108 Which processes are necessary to run NNM Dynamic Views? Select TWO. A. B. C. D. E.
ovas ovw ovdbcheck ovet_disco ovet_poll
Answer: AC Section: (none) Explanation/Reference:
QUESTION 109 The default popup menu on a selected node in the Dynamic Views allows you to ____. Select TWO. A. B. C. D. E.
telnet to the node change the status of the node start a SSH session to the node perform trace route to the node view the alarms for that node
Answer: AD Section: (none)
Explanation/Reference:
QUESTION 110 NNM can map SNMP sysObjectID to the type of symbol displayed on ovw GUI. Where is this information stored for NNM 7? A. B. C. D. E.
only in the file $OV_CONF/oid_to_sym only in the file $OV_CONF/oid_to_type and files under the directory $OV_REGISTRATION in the file $OV_CONF/oid_to_sym and files under the directory $OV_CONF/oid_to_sym_reg/ in files under the directory $OV_CONF/oid_to_sym/ only in files under the directory $OV_CONF/oid_to_sym_reg
Answer: C Section: (none) Explanation/Reference:
QUESTION 111 When do you need to use the Neighbor View? Select TWO. A. B. C. D.
to display all nodes with a given IP range to see a connectivity relationship of a specific device to the rest of the network to display connected networks on the same submap to find out where a specific device is logically connected in the network
Answer: BD Section: (none) Explanation/Reference:
QUESTION 112 The NNM Syslog feature is based on _______. A. B. C. D.
Network SPI for NNM ovspmd controlled syslog process OV Operations agent for Unix Management Server OV Operations agent for Windows Management Server
Answer: C Section: (none) Explanation/Reference:
QUESTION 113 Which statement is TRUE regarding the syslog functionality of NNM? Select TWO. A. It converts OV traps into syslog messages. B. It converts syslog messages into OV traps. C. It is used in root cause analysis.
D. It is available for Windows environments. E. It writes NNM log messages into syslog. Answer: BC Section: (none) Explanation/Reference:
QUESTION 114 How can you enable the syslog message feature when OVO is also installed on the Management server? A. B. C. D.
run setupSyslog.ovpl -enable run setupSyslog.ovpl -deploy run setupSyslog.ovpl -standalone run setupSyslog.ovpl -server
Answer: D Section: (none) Explanation/Reference:
QUESTION 115 How can you access the Extended Topology summary? Select TWO. A. B. C. D. E.
Run ovtopodump -et from command line. Run ovet_topodump.ovpl from command line. Run ovet_objectcount.ovpl from command line. From Home Base Discovery Status tab select Topology Summary. Select About tab from Home Base.
Answer: BD Section: (none) Explanation/Reference:
QUESTION 116 Which statement is TRUE regarding Brownout detection? Select TWO. A. B. C. D. E.
Brownout detection can be configured in pdconfig.xml. Brownout detection can be configured in Extended Topology Configuration. A Brownout event occurs if a target can be reached but the packet time is above a statistical threshold. A Brownout event occurs if a target is not reachable. Brownout detection can be configured in event configuration.
Answer: AC Section: (none) Explanation/Reference:
QUESTION 117
In which case do you need to create a correlation with correlation composer? When the problem requires ________. A. B. C. D.
event filtering the relationship of ascii and snmp events the relationship of events to other events event de-duplication
Answer: C Section: (none) Explanation/Reference:
QUESTION 118 What is the correct way to stop a PD probe on a Windows system? A. B. C. D.
Stop the associated java processes in taskmanager. Open the services applet and stop the Netpath service. Switch to installation directory and run pdcentral.ovpl -stop. Run ovstop pd from command line.
Answer: B Section: (none) Explanation/Reference:
QUESTION 119 What does NNM Problem Diagnosis provide? A. B. C. D.
IP network device testing suite a help database for common network problems automatic verification of network problems IP network path analysis
Answer: D Section: (none) Explanation/Reference:
QUESTION 120 Which components are only available in NNM Advanced Edition? Select TWO. A. B. C. D. E.
Active Problem Analyzer NNM Dynamic Views Problem Diagnosis Correlation Composer Home Base
Answer: AC Section: (none)
Explanation/Reference:
QUESTION 121 Which components are part of NNM Starter Edition? Select TWO. A. B. C. D. E.
Problem Diagnosis Probes Dynamic Views Active Problem Analyzer Intelligent Diagnostics for Networks Correlation Composer
Answer: BE Section: (none) Explanation/Reference:
QUESTION 122 Which management cases require an Advanced Routing SPI? Select TWO. A. B. C. D.
management of VLANs management of HSRP environments management of ATM networks management of IPv6 environments
Answer: BD Section: (none) Explanation/Reference:
QUESTION 123 How can you manually start a full NNM Extended Topology Discovery? Select TWO. A. B. C. D. E.
execute ovstart ovet_disco from command-line choose the Initiate Full Discovery Now button in Extended Topology configuration on Homebase execute ovstart ovet_etrestart from command-line choose the Discover Zones button in Extended Topology configuration on Homebase execute etrestart.ovpl from command-line
Answer: BE Section: (none) Explanation/Reference:
QUESTION 124 Which file lists the nodes from netmon discovery that are passed to Extended Topology discovery? A. netmon.ETDiscover B. hosts.nnm C. ovet_nodes
D. rd0.arp Answer: B Section: (none) Explanation/Reference:
QUESTION 125 Which process informs ovet_disco which nodes require Extended topology discovery? A. B. C. D.
ovet_disco makes its own node discovery ovtopmd will be asked from ovet_disco ovet_bridge creates a list of nodes for ovet_disco netmon creates a list of nodes for ovet_disco
Answer: C Section: (none) Explanation/Reference:
QUESTION 126 What is leveraged from NNM to Extended Topology for discovery purposes? Select TWO. A. B. C. D. E.
PD Probe configuration information NNM SNMP port information NNM filter configuration NNM ARP Cache information NNM license information
Answer: BD Section: (none) Explanation/Reference:
QUESTION 127 Which components are part of the Active Problem Analyzer? Select TWO. A. B. C. D. E.
Polling Engine ECS Engine Database Access Module Configuration GUI Status Analyzer
Answer: AE Section: (none) Explanation/Reference:
QUESTION 128 What does NNM Extended Topology discover? Select TWO.
A. B. C. D.
new devices using Layer 2 MIBs and protocols Layer 2 connections on already discovered devices Overlapping Address Domain nodes new devices using VLAN information
Answer: BC Section: (none) Explanation/Reference:
QUESTION 129 How can you start the automatic zone configuration utility? Select TWO. A. B. C. D. E.
Run Automatic Zone discovery from Extended Topology Configuration tab in Home Base. Run etrestart.ovpl from the command line. Run Discover Zones from Extended Topology Configuration tab in Home Base. Run Test All Zones from Extended Topology Configuration tab in Home Base. Run setupExtTopo.ovpl from the command line.
Answer: AE Section: (none) Explanation/Reference:
QUESTION 130 NNM Advanced Edition allows you to manage Overlapping IP Address Domains (OAD). What are the supported configurations? Select TWO. A. B. C. D. E.
OAD using Dynamic Network Address Translation (NAT) OAD using Static Network Address Translation (NAT) Routable Overlapping OAD using Port Address Translation Dynamic Source Configuration Protocol (DSCP) based NAT
Answer: BC Section: (none) Explanation/Reference:
HP ProCurve Convergence Number: HP0-791 Passing Score: 800 Time Limit: 120 min File Version: 1.0 H P HP0-791 HP ProCurve Convergence 60 Q&A Version 2.73
Exam A QUESTION 1 A converged network ________________. A. B. C. D.
can transmit voice, video, and data over a single infrastructure deploys circuit-switching instead of packet-switching can serve more users than a conventional IP network features an edge-oriented architecture
Answer: A Section: (none) Explanation/Reference:
QUESTION 2 Ethernet and IP are the fundamental technologies for converged networks because they ___________. Select TWO. A. B. C. D. E.
offer mature standards tolerate high packet loss are widely deployed offer high levels of security aren't disrupted by power outages
Answer: AC Section: (none) Explanation/Reference:
QUESTION 3 How does the ProCurve Adaptive EDGE Architecture support convergence? A. B. C. D.
by enhancing edge compression of video streams by ensuring that traffic is prioritized at the edge of the network by translating analog signals to digital signals at the edge of the network by supporting a variety of Layer 3 protocols at the edge and in the core of the network
Answer: B Section: (none) Explanation/Reference:
QUESTION 4 In a converged network, what does video traffic require in comparison to voice traffic? A. B. C. D.
less delay higher priority more bandwidth more expensive cabling
Answer: C Section: (none) Explanation/Reference:
QUESTION 5 What is the measurable degree to which an IT staff can successfully guarantee the predictable behavior of network services? A. B. C. D.
Type of Service (ToS) Class of Service (CoS) Quality of Service (QoS) Guarantee of Service (GoS)
Answer: C Section: (none) Explanation/Reference:
QUESTION 6 Click the Task button. Match the type of traffic (voice, video, or data) with the appropriate description.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 7 In comparison to streaming video traffic, voice traffic is typically more ______________. A. difficult to route B. insensitive to jitter
C. sensitive to delay D. bandwidth-intensive Answer: C Section: (none) Explanation/Reference:
QUESTION 8 What is IP Type of Service (ToS) an example of? A. B. C. D.
hard QoS soft QoS continual QoS virtual QoS
Answer: B Section: (none) Explanation/Reference:
QUESTION 9 A user of a new VoIP infrastructure reports that she unintentionally speaks at the same time as the person on the other end of the line. This condition could be caused by excessive _____________. A. B. C. D.
jitter delay echo packet collisions
Answer: B Section: (none) Explanation/Reference:
QUESTION 10 Why does network congestion often cause more network congestion? A. B. C. D.
QoS settings require switches to retransmit all real-time traffic. TCP applications request retransmission of dropped packets. 802.1p priorities are ignored after congestion reaches a user-defined threshold. RSVP routers allocate more bandwidth to UDP applications.
Answer: B Section: (none) Explanation/Reference:
QUESTION 11 You are planning a network upgrade at a small company. During a meeting, you learn that the customer will
install VoIP telephones that set Layer 2 and Layer 3 priority markers for all voice traffic. The VoIP traffic will not cross any WAN links. To support these phones, the customer's new ProCurve 5300xl series switches will require ___________________. A. B. C. D.
rate limiting on all ports that support VoIP phones GMB settings for voice traffic an IEEE 802.1p-to-DSCP map for voice traffic no QoS configuration changes
Answer: D Section: (none) Explanation/Reference:
QUESTION 12 Under what condition does the IEEE 802.1p field provide end-to-end prioritization? A. B. C. D.
source and destination hosts are in the same VLAN the network is experiencing high levels of congestion all switches can classify traffic based on DSCP all links in the path between source and destination are tagged
Answer: D Section: (none) Explanation/Reference:
QUESTION 13 At default settings, all managed ProCurve switches can _______________. A. B. C. D.
classify traffic according to TCP port number translate Layer 2 priority markers to Layer 3 priority markers classify traffic based on priority markers set by other devices map DSCP values to physical queues
Answer: C Section: (none) Explanation/Reference:
QUESTION 14 At a customer site, you must determine if the default settings for ProCurve 5300xl series switches will provide adequate QoS for a multimedia training application. To make this determination, you must learn if the application ____________. A. B. C. D.
uses TCP or UDP as a transport protocol inserts Layer 2 or Layer 3 priority markers supports Guaranteed Minimum Bandwidth distributes content through IP multicast
Answer: B Section: (none)
Explanation/Reference:
QUESTION 15 How many priority levels are specified by the IEEE 802.1p standard? A. B. C. D.
4 8 16 32
Answer: B Section: (none) Explanation/Reference:
QUESTION 16 You are designing a QoS solution for a customer site. While reviewing the client's current infrastructure, you notice that a ProCurve 5308xl series switch provides 100Base-TX connections for 145 general office users. The switch has a gigabit uplink to the network core. If all end-users are simultaneously communicating with the network core, when is the uplink congested? A. B. C. D.
whenever end users require more than 0.7 percent of available bandwidth whenever end users require more than 7 percent of available bandwidth under no circumstances during IP multicast transmissions
Answer: B Section: (none) Explanation/Reference:
QUESTION 17 You are designing a VoIP solution for a small college. The client's current infrastructure includes several 10/100 hubs that provide desktop connectivity for faculty members. To provide adequate QoS, the hubs should be replaced with switches because hubs ___________. A. B. C. D.
support only IEEE 802.1p priority cannot transmit voice traffic do not forward multicast traffic use bandwidth ineffectively
Answer: D Section: (none) Explanation/Reference:
QUESTION 18 Click the Task button. Match each term with the correct definition.
A. B. C. D. Answer: Section: (none) Explanation/Reference:
QUESTION 19 How does a dedicated voice VLAN enhance QoS for a VoIP implementation? A. B. C. D.
It ensures that priorities set by phones will be enforced. It isolates phones from data broadcasts. It enables routing without Layer 3 priority markers. It eliminates the need for Layer 2 priority markers.
Answer: B Section: (none) Explanation/Reference:
QUESTION 20 A network administrator is configuring IP multicast on a ProCurve 5304xl switch. RIP is enabled. All VLANs have been defined and IP addresses assigned to all routed interfaces. IGMP has been enabled for all VLANs that will support multicast hosts. To enable PIM, the administrator issues the following commands: Edge_1A(config)#ip route Edge_1A(config)#ip multicast-routing Edge_1A(config)#router pim What is the remaining step in this process? A. Enable IGMP at the global configuration level. B. Enable PIM only on interfaces that lead to other routers.
C. Enable PIM for every VLAN that will support Layer 3 multicast. D. Enable sparse mode for every VLAN that will support Layer 3 multicast. Answer: C Section: (none) Explanation/Reference:
QUESTION 21 In order to configure IP multicast on a ProCurve 5304xl switch, you must enable IGMP _____________. A. B. C. D.
for all VLANs defined on the switch for all switch-to-switch links in the global configuration context for all VLANs that will support multicast hosts
Answer: D Section: (none) Explanation/Reference:
QUESTION 22 You must configure a ProCurve 5304xl switch for IP multicast. The switch's route table includes two equalcost paths to a network that will often be the source of multicast traffic. What must you do to ensure proper PIM operation? A. B. C. D.
Assign a higher OSPF cost to one of the paths. Enable VRRP to prevent multicast loops. Enable PIM with no special configuration. Make sure PIM is not enabled on the link to one of the paths.
Answer: C Section: (none) Explanation/Reference:
QUESTION 23 Click the Exhibit button. You must configure IP multicast on Switch_2. To enable the host to receive multicasts from the server, you must enable PIM on ___________________.
A. B. C. D.
VLAN 100 VLAN 210 VLAN 100 and VLAN 210 no VLANs
Answer: D Section: (none) Explanation/Reference:
QUESTION 24 The IGMP table of a ProCurve 5304xl switch configured with multiple VLANs shows active hosts who are members of multicast group 239.192.11.11. The multicast is in progress, and all hosts are receiving the content. However, the multicast group does not appear in the switch's PIM route table. What does this indicate? A. B. C. D.
All hosts are connected directly to the switch. PIM has not been enabled globally. The switch is forwarding the multicast at Layer 2. The switch is Querier for the group.
Answer: C Section: (none) Explanation/Reference:
QUESTION 25 You must configure IP multicast on a ProCurve 5304xl switch in the distribution layer of a customer network. PIM must be enabled globally and for ______________. A. B. C. D.
every user-defined VLAN VLAN 1 and switch-to-switch links every VLAN that will carry multicast traffic ports with directly connected users
Answer: C Section: (none) Explanation/Reference:
QUESTION 26 You must configure IP multicast on a ProCurve 5304xl switch. Before enabling multicast routing globally, what must you enable? A. B. C. D.
PIM RIP DVMRP IP routing
Answer: D Section: (none) Explanation/Reference:
QUESTION 27 You are configuring a ProCurve 5304xl switch at the edge of a customer network. The switch must participate in Querier election on VLAN 70. What must you do to fulfill this requirement? A. B. C. D.
Define an IP address for VLAN 70. Enable IP routing. Define a static route for VLAN 70. Enable IGMP v3.
Answer: A Section: (none) Explanation/Reference:
QUESTION 28 Click the Exhibit button. To enable hosts in VLAN 70 to receive multicasts from the server, you must enable both PIM and IGMP on ___________________.
A. B. C. D.
VLAN 70 VLAN 110 VLAN 70 and VLAN 110 neither VLAN 70 nor VLAN 110
Answer: C Section: (none)
Explanation/Reference:
QUESTION 29 How can you configure a ProCurve Switch 5300xl to emulate strict queuing? A. B. C. D.
Configure all queues for 25 percent of available bandwidth. Disable Guaranteed Minimum Bandwidth on all ports. Remove the default minimum values for all queues. Enable rate limiting on all ports.
Answer: C Section: (none) Explanation/Reference:
QUESTION 30 What is the effect when the following command is entered at the CLI of a ProCurve 5308xl switch? Edge_1A(vlan-111)#qos dscp 001110 A. Packets entering the switch through VLAN 111 will be marked at Layer 3 with the DSCP value of 001110. B. All packets entering the switch will be marked at Layer 3 with the DSCP value of 001110. C. The CLI will prompt the user for an IEEE 802.1p value to be mapped to this DSCP value. D. The effect cannot be determined without more information about the switch's configuration. Answer: A Section: (none) Explanation/Reference:
QUESTION 31 You are designing a prioritization scheme based on the IEEE 802.1p standard. HTTP traffic should receive low priority treatment. To fulfill this requirement, what should the 802.1p value for HTTP traffic be set to? Select TWO. A. B. C. D. E.
0 1 2 3 4
Answer: BC Section: (none) Explanation/Reference:
QUESTION 32 You must configure a ProCurve Routing Switch 9300m to alter the DSCP values in packets arriving from a network with different QoS policies. To begin this process from default settings, what must you enable on all interfaces connected to the network?
A. B. C. D.
DSCP CoS ToS 802.1p
Answer: C Section: (none) Explanation/Reference:
QUESTION 33 What is the effect when the following command is entered at the CLI of a ProCurve 5308xl switch? Edge_1A(vlan-111)#qos priority 2 A. B. C. D.
Packets entering the switch through VLAN 111 will be forwarded with higher than normal priority. Packets entering the switch through VLAN 111 will be forwarded with lower than normal priority. Packets entering the switch through VLAN 111 will be forwarded with normal priority. The effect cannot be determined without more information about the switch's configuration.
Answer: B Section: (none) Explanation/Reference:
QUESTION 34 A customer network includes a ProCurve 5304xl switch. The switch is currently configured to use the DSCP interpretation of the IP ToS field. You must configure the switch to support traffic from devices using both DSCP and IP Precedence interpretation. What must you do to ensure that this traffic maintains its priority? A. B. C. D.
enable DSCP/IP Precedence mapping on untagged ports define custom ACLs to assign the traffic to the appropriate queues ensure proper IEEE 802.1p mapping values for all DSCP interpretations of the IP ToS values in use isolate this traffic in a dedicated VLAN and assign priority by VLAN ID
Answer: C Section: (none) Explanation/Reference:
QUESTION 35 Click the Exhibit button. In this network, all hosts in VLANs 70 and 90 insert IEEE 802.1p priority markers. What can you do to ensure that priorities are maintained from end-to-end?
A. B. C. D.
Make the link between Switch_A and Switch_B a tagged member of VLAN 50. Make the link between Switch_A and Switch_B an untagged member of all VLANs. Define a network-wide QoS VLAN that will include all ports that require prioritization settings. Implement identical priority settings on both switches.
Answer: A Section: (none) Explanation/Reference:
QUESTION 36 The administrator of a ProCurve 5308xl switch must increase the bandwidth available for high-priority traffic on ports b1-b24. The administrator switches to the port configuration context for these ports and enters bandwidth-min output 0 20 20 59. The lowest-priority queue will now be _________________. A. B. C. D.
used only for the forwarding of untagged traffic unchanged because 0 is not a valid parameter disabled unless the administrator changes the GMB setting starved unless the other queues are not using all available bandwidth
Answer: D Section: (none) Explanation/Reference:
QUESTION 37 An administrator must configure a ProCurve 5304xl switch to insert a Layer 2 priority marker into packets that arrive with only a Layer 3 marker. All the packets in question arrive on ports that are members of VLAN 10. The administrator begins the process by entering qos type-of-service diff-services at the global configuration level. What is the next step in this process? A. B. C. D.
Enable DSCP mapping in the VLAN 10 configuration context. Enable DSCP mapping in the global configuration context. Verify that all ports in VLAN 10 are untagged. No further steps are necessary.
Answer: D Section: (none) Explanation/Reference:
QUESTION 38 A network administrator must configure a ProCurve 5304xl switch to assign traffic entering the switch through VLAN 125 to a higher priority queue. Currently, the IEEE 802.1p priority for this VLAN is 4. In the VLAN 125 context, the administrator enters qos priority 5. Why will this command have no effect on QoS for this VLAN? A. B. C. D.
The highest available IEEE 802.1p priority is 4. Priorities 4 and 5 are mapped to the same DSCP codepoint. Priorities 4 and 5 are mapped to the same physical queue. It must be entered in the port configuration context.
Answer: C Section: (none) Explanation/Reference:
QUESTION 39 Click the Exhibit button. At this prompt, an administrator enters qos dscp 011110, a DSCP codepoint that maps to an IEEE 802.1p priority value of 4. What is the effect of this command?
A. B. C. D.
The current VLAN 90 priority of 7 will be replaced with a new priority of 4. The Layer 2 and Layer 3 priorities for VLAN 90 will be different. The command will have no effect because the higher priority will take precedence. The DSCP codepoint will be re-mapped to 802.1p priority 7 for VLAN 90.
Answer: A Section: (none) Explanation/Reference:
QUESTION 40 You must configure QoS on a ProCurve Switch 5300xl in the core layer of a network. One interface on the switch receives traffic that uses only Layer 3 markers to indicate priority. What must you do to enable the switch to forward this traffic with correct priority? A. configure custom IEEE 802.1p maps for all ports forwarding this traffic B. set the QoS trust level to the appropriate value C. configure port-based priorities for all ports forwarding this traffic
D. enable the appropriate interpretation of the IP ToS field Answer: D Section: (none) Explanation/Reference:
QUESTION 41 You are designing a switching infrastructure that must support an existing VoIP installation. The client's current telephones do not support IP ToS. To enable end-to-end prioritization for calls that must cross WAN links, the ProCurve switches that will provide connectivity to these phones must _______________. A. B. C. D.
insert DSCP values forward only at Layer 2 perform IP routing insert IEEE 802.1p values
Answer: A Section: (none) Explanation/Reference:
QUESTION 42 Administrators at a customer network want to classify all traffic according to VLAN ID. Which ProCurve switch model will fulfill this requirement? A. B. C. D.
2500 4100gl 5300xl 6108
Answer: C Section: (none) Explanation/Reference:
QUESTION 43 You are specifying ProCurve products for a network upgrade. The customer's network administrators have requested the ability to configure switches to override priority settings configured by end users. Which ProCurve switch model will fulfill this requirement? A. B. C. D.
2800 4100gl 5300xl 6108
Answer: C Section: (none) Explanation/Reference:
QUESTION 44 Where is an IGMP General Query sent? A. B. C. D.
to all networks containing IGMP hosts to all hosts that have issued Joins to the All Systems address to the All Routers address
Answer: C Section: (none) Explanation/Reference:
QUESTION 45 Why does IP multicast distribute multimedia content more efficiently than unicast? A. B. C. D.
It enhances the performance of video codecs. It provides bandwidth guarantees. It forces synchronization of audio and video. It places less load on network infrastructure.
Answer: D Section: (none) Explanation/Reference:
QUESTION 46 The Distance Vector Multicast Routing Protocol (DVMRP) ________________. A. B. C. D.
enables multicast tunneling does not support Reverse Path Forwarding uses bandwidth sparingly does not require IGMP
Answer: A Section: (none) Explanation/Reference:
QUESTION 47 A Layer 2 switch that does not support IP multicast receives a multicast transmission. What does the switch do? A. B. C. D.
It forwards the traffic toward its default gateway. It drops the traffic. It forwards the traffic through all ports. It forwards the traffic as a unicast through all ports.
Answer: C Section: (none)
Explanation/Reference:
QUESTION 48 A ProCurve 5308xl switch receives two Joins for the same multicast group. The switch makes two entries in its IGMP table. What does this indicate about the hosts? A. B. C. D.
They are not using IGMPv3. They are in different scopes. They are a sender and a receiver. They are on different networks.
Answer: D Section: (none) Explanation/Reference:
QUESTION 49 What is the root node in a multicast distribution tree? A. B. C. D.
The router closest to the multicast source. The Rendezvous Point (RP) for the domain. The Querier for all networks in the tree. The first PIM router to transmit a Hello message.
Answer: A Section: (none) Explanation/Reference:
QUESTION 50 Click the Task button. Match each IGMP message type with the correct description.
A. B. C.
D. Answer: Section: (none) Explanation/Reference:
QUESTION 51 Why is PIM protocol independent? A. B. C. D.
It supports all multicast application protocols. It supports dense and sparse modes. It is compatible with other multicast routing protocols. It operates with any IP routing protocol.
Answer: D Section: (none) Explanation/Reference:
QUESTION 52 Analysis of traffic on an enterprise network indicates that a multicast-enabled router floods multicast traffic to all networks. Which type of protocol is the router using? A. B. C. D.
sparse-mode dense-mode group-management protocol-independent
Answer: B Section: (none) Explanation/Reference:
QUESTION 53 Routing protocols such as RIPv2 and OSPF use multicast addresses in the __________. A. B. C. D.
global scope local scope autonomous scope administrative scope
Answer: B Section: (none) Explanation/Reference:
QUESTION 54 Which address is valid for IP multicast?
A. B. C. D.
198.54.19.4 229.17.83.9 241.16.17.2 220.18.34.5
Answer: B Section: (none) Explanation/Reference:
QUESTION 55 A router that does not support IP multicast receives a multicast transmission. The router handles the traffic as if it were a _____________. A. B. C. D.
unicast broadcast packet error router error
Answer: B Section: (none) Explanation/Reference:
QUESTION 56 A ProCurve 5308xl switch acts as the IGMP Querier for three networks. During a multimedia transmission, the switch sends General Queries to all three networks. After the transmission ends, no multicast traffic is present on the networks. What will the switch do? A. B. C. D.
stop sending queries until it detects a new multicast stream send queries only to networks that include other IGMP routers send queries directly to identified IGMP hosts continue sending periodic queries to all networks
Answer: D Section: (none) Explanation/Reference:
QUESTION 57 During a multicast transmission, a PIM-Dense router receives Leave Group messages from all downstream IGMP hosts that had requested the transmission. The router sends a PIM Prune message upstream and _____________. A. B. C. D.
queries PIM neighbors to determine if it should keep the multicast group's S,G pair in its PIM table immediately drops the multicast group's S,G pair from its PIM table maintains the multicast group's S,G pair in its PIM table as long as the stream is being transmitted drops the multicast group's S,G pair from its PIM table after the Holdtime expires
Answer: C Section: (none)
Explanation/Reference:
QUESTION 58 Why does an IGMP host transmit a Host Membership Report? Select TWO. A. B. C. D. E.
to respond to a query to initiate a group to identify the Querier to join a group to leave a group
Answer: AD Section: (none) Explanation/Reference:
QUESTION 59 Analysis of an IGMP Host Membership Report shows that it contains a list of host addresses. What is the content of the list? A. B. C. D.
all PIM-enabled routers between the host and the multicast source the sources from which the host will accept multicasts all known members of the multicast group on the host's own network all known sources of multicast traffic for the specified group
Answer: B Section: (none) Explanation/Reference:
QUESTION 60 When does a PIM-enabled router add an S,G pair to its PIM routing table? A. B. C. D.
when it receives a PIM Graft message when it receives a multicast transmission when it receives a multicast advertisement when it receives a Hello message from a neighbor
Answer: B Section: (none) Explanation/Reference:
