web analytics

Passleader Real Cisco 642-813 PDF & VCE Exam Dumps For Free (41-50)

QUESTION 41
Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. However, the servers do need to communicate with a database server located in the inside network. Which configuration isolates the servers from each other?

411

A.    The switch ports 3/1 and 3/2 are defined as secondary VLAN isolated ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
B.    The switch ports 3/1 and 3/2 are defined as secondary VLAN community ports. The ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
C.    The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN promiscuous ports.
D.    The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls are defined as primary VLAN community ports.

Answer: A

QUESTION 42
What does the command "udld reset" accomplish?

A.    allows a UDLD port to automatically reset when it has been shut down
B.    resets all UDLD enabled ports that have been shut down
C.    removes all UDLD configurations from interfaces that were globally enabled
D.    removes all UDLD configurations from interfaces that were enabled per-port

Answer: B

QUESTION 43
Which statement is true about Layer 2 security threats?

A.    MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use Dynamic ARP Inspection to determine vulnerable attack points.
B.    DHCP snooping sends unauthorized replies to DHCP queries.
C.    ARP spoofing can be used to redirect traffic to counter Dynamic ARP Inspection.
D.    Dynamic ARP Inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
E.    MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
F.    Port scanners are the most effective defense against Dynamic ARP Inspection.

Answer: E

QUESTION 44
Refer to the exhibit. Dynamic ARP Inspection is enabled only on switch SW_A. Host_A and Host_B acquire their IP addresses from the DHCP server connected to switch SW_A. What would the outcome be if Host_B initiated an ARP spoof attack toward Host_A ?
441

A.    The spoof packets are inspected at the ingress port of switch SW_A and are permitted.
B.    The spoof packets are inspected at the ingress port of switch SW_A and are dropped.
C.    The spoof packets are not inspected at the ingress port of switch SW_A and are permitted.
D.    The spoof packets are not inspected at the ingress port of switch SW_A and are dropped.

Answer: C

QUESTION 45
What does the global configuration command "ip arp inspection vlan 10-12,15" accomplish?

A.    validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15
B.    intercepts all ARP requests and responses on trusted ports
C.    intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings
D.    discards ARP packets with invalid IP-to-MAC address bindings on trusted ports

Answer: C

QUESTION 46
Refer to the exhibit. Host A has sent an ARP message to the default gateway IP address 10.10.10.1. Which statement is true?
461

A.    Because of the invalid timers that are configured, DSw1 does not reply.
B.    DSw1 replies with the IP address of the next AVF.
C.    DSw1 replies with the MAC address of the next AVF.
D.    Because of the invalid timers that are configured, DSw2 does not reply.
E.    DSw2 replies with the IP address of the next AVF.
F.    DSw2 replies with the MAC address of the next AVF.

Answer: F

QUESTION 47
When configuring private VLANs, which configuration task must you do first?

A.    Configure the private VLAN port parameters.
B.    Configure and map the secondary VLAN to the primary VLAN.
C.    Disable IGMP snooping.
D.    Set the VTP mode to transparent.

Answer: D

QUESTION 48
Which statement about the configuration and application of port access control lists is true?

A.    PACLs can be applied in the inbound or outbound direction of a Layer 2 physical interface.
B.    At Layer 2, a MAC address PACL takes precedence over any existing Layer 3 PACL.
C.    When you apply a port ACL to a trunk port, the ACL filters traffic on all VLANs present on the trunk port.
D.    PACLs are not supported on EtherChannel interfaces.

Answer: C

QUESTION 49
Refer to the exhibit. Which statement about the command output is true?
491
A.    If the number of devices attempting to access the port exceeds 11, the port shuts down for 20 minutes, as configured.
B.    The port has security enabled and has shut down due to a security violation.
C.    The port is operational and has reached its configured maximum allowed number of MAC addresses.
D.    The port allows access for 11 MAC addresses in addition to the three configured MAC addresses.

Answer: C

QUESTION 50
Which statement best describes implementing a Layer 3 EtherChannel?

A.    EtherChannel is a Layer 2 feature and not a Layer 3 feature.
B.   Implementation requires switchport mode trunk and matching parameters between switches.
C.    Implementation requires disabling switchport mode.
D.    A Layer 3 address is assigned to the physical interface.

Answer: C

Passleader Real Cisco 642-813 PDF & VCE Exam Dumps For Free

Welcome To Visit PassLeader