Categories
Fortinet Exam Dumps
fortinet nse4_fgt-6.4 dumps (pdf + vce)
fortinet nse4_fgt-6.2 dumps (pdf + vce)
fortinet nse5_faz-6.4 dumps (pdf + vce)
fortinet nse5_faz-6.2 dumps (pdf + vce)
fortinet nse5_fct-6.2 dumps (pdf + vce)
fortinet nse5_fmg-6.4 dumps (pdf + vce)
fortinet nse5_fmg-6.2 dumps (pdf + vce)
fortinet nse6_fml-6.2 dumps (pdf + vce)
fortinet nse6_fnc-8.5 dumps (pdf + vce)
fortinet nse7_efw-6.4 dumps (pdf + vce)
fortinet nse7_efw-6.2 dumps (pdf + vce)
fortinet nse7_sac-6.2 dumps (pdf + vce)
fortinet nse7_sdw-6.4 dumps (pdf + vce)
fortinet nse8_811 dumps (pdf + vce)
Tags
Free Sharing –How to pass the Cisco 642-813 exam quickly? How to prepare for the changed exam? Free download Cisco 642-813 Exam practice test with all new exam questions.You can also get more new version on Flydumps.com
QUESTION 66
PassGuide is implementing 802.1X in order to increase network security. In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Select three)
A. EAP-over-LAN
B. EAP MD5
C. STP
D. protocols not filtered by an ACL
E. CDP
F. TACACS+
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference:
QUESTION 67
VLAN maps have been configured on switch PG1. Which of the following actions are taken in a VLAN map that does not contain a match clause?
A. Implicit deny feature at end of list.
B. Implicit deny feature at start of list.
C. Implicit forward feature at end of list
D. Implicit forward feature at start of list.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 68
A PassGuide switch was configured as shown below:
switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address 0002.0002.0002 switchport port-security violation shutdown
Given the configuration output shown above, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port?
A. The host will be allowed to connect.
B. The port will shut down.
C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.
D. The host will be refused access.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 69
You need to configure port security on switch PG1. Which two statements are true about this technology? (Select two)
A. Port security can be configured for ports supporting VoIP.
B. With port security configured, four MAC addresses are allowed by default. C. The network administrator must manually enter the MAC address for each device in order for the switch to allow connectivity.
C. With port security configured, only one MAC addresses is allowed by default.
D. Port security cannot be configured for ports supporting VoIP.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 70
The PassGuide is concerned about Layer 2 security threats. Which statement is true about these threats?
A. MAC spoofing attacks allow an attacking device to receive frames intended for a different network host.
B. Port scanners are the most effective defense against dynamic ARP inspection. C. MAC spoofing, in conjunction with ARP snooping, is the most effective counter-measure against reconnaissance attacks that use dynamic ARP inspection (DAI) to determine vulnerable attack points.
C. Dynamic ARP inspection in conjunction with ARP spoofing can be used to counter DHCP snooping attacks.
D. DHCP snooping sends unauthorized replies to DHCP queries.
E. ARP spoofing can be used to redirect traffic to counter dynamic ARP inspection.
F. None of the other alternatives apply.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 71
An attacker is launching a DoS attack on the PassGuide network using a hacking tool designed to exhaust the IP address space available from the DHCP servers for a period of time. Which procedure would best defend against this type of attack?
A. Configure only trusted interfaces with root guard.
B. Implement private VLANs (PVLANs) to carry only user traffic.
C. Implement private VLANs (PVLANs) to carry only DHCP traffic.
D. Configure only untrusted interfaces with root guard.
E. Configure DHCP spoofing on all ports that connect untrusted clients. F. Configure DHCP snooping only on ports that connect trusted DHCP servers.
F. None of the other alternatives apply
Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 72
In order to enhance security on the PassGuide network, users must be authenticated using 802.1X. When authentication is required, where must 802.1X be configured in order to connect a PC to a switch?
A. Switch port and local router port
B. Switch port, client PC, and authentication server
C. Client PC only
D. Switch port only
E. None of the other alternatives apply
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 73
PassGuide has implemented 802.1X authentication as a security enhancement. Which statement is true about 802.1x port-based authentication?
A. TACACS+ is the only supported authentication server type.
B. If a host initiates the authentication process and does not receive a response, it assumes it is not authorized.
C. RADIUS is the only supported authentication server type.
D. Before transmitting data, an 802.1x host must determine the authorization state of the switch.
E. Hosts are required to have a 802.1x authentication client or utilize PPPoE.
F. None of the other alternatives apply.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 74
The DAI feature has been implemented in the PassGuide switched LAN. Which three statements are true about the dynamic ARP inspection (DAI) feature? (Select three)
A. DAI can be performed on ingress ports only.
B. DAI can be performed on both ingress and egress ports.
C. DAI is supported on access ports, trunk ports, EtherChannel ports, and private VLAN ports. D. DAI should be enabled on the root switch for particular VLANs only in order to secure the ARP caches of hosts in the domain.
D. DAI should be configured on all access switch ports as untrusted and on all switch ports connected to other switches as trusted.
E. DAI is supported on access and trunk ports only.
Correct Answer: ACE Section: (none) Explanation
Explanation/Reference: QUESTION 75
In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? Select three.
A. STP
B. CDP
C. EAP MD5
D. TACACS+
E. EAP-over-LAN
F. protocols not filtered by an ACL
Correct Answer: ABE Section: (none) Explanation
Explanation/Reference:
QUESTION 76
As the network technician at PassGuide, you need to configure DHCP snooping on a new switch. Which three steps are required? (Select 3)
A. Configure the switch to insert and remove DHCP relay information (option-82 field) in forwarded DHCP request messages.
B. Configure DHCP snooping globally.
C. Configure the switch as a DHCP server.
D. Configure DHCP snooping on an interface.
E. Configure all interfaces as DHCP snooping trusted interfaces.
F. Configure DHCP snooping on a VLAN or range of VLANs.
Correct Answer: BDF Section: (none) Explanation
Explanation/Reference:
QUESTION 77
On a PassGuide switch named PG1 you configure the following:
ip arp inspection vlan 10-12, 15
What is the purpose of this global configuration command made on PG1?
A. Discards ARP packets with invalid IP-to-MAC address bindings on trusted ports B. Validates outgoing ARP requests for interfaces configured on VLAN 10, 11, 12, or 15 C. Intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings D. Intercepts all ARP requests and responses on trusted ports
B. None of the other alternatives apply
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 78
What is true about access control on bridged and routed VLAN traffic? (Select three)
A. Router ACLs can be applied to the input and output directions of a VLAN interface. B. Bridged ACLs can be applied to the input and output directions of a VLAN interface.
B. Only router ACLs can be applied to a VLAN interface.
C. VLAN maps and router ACLs can be used in combination.
D. VLAN maps can be applied to a VLAN interface
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 79
Switch PG1 has been configured with Private VLANs. With that type of PVLAN port should the default gateway be configured?
A. Trunk
B. Isolated
C. Primary
D. Community
E. Promiscuous
F. None of the other alternatives apply
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 80
PassGuide has implemented numerous multilayer switches that utilize FIB tables. Which statement is true about the Forward Information Base (FIB) table?
A. The FIB is derived from the IP routing table and is optimized for maximum lookup throughput.
B. The FIB table is derived from the Address Resolution Protocol table, and it contains Layer 2 rewrite (MAC) information for the next hop.
C. When the FIB table is full, a wildcard entry redirects traffic to the Layer 3 engine.
D. The FIB lookup is based on the Layer 2 destination MAC address.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 81
The PassGuide network needs to pass traffic between VLANs. Which device should be used to accomplish this?
A. Hub
B. Switch
C. Router
D. Bridge
E. None of the other alternatives apply
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 82
Inter-VLAN routing has been implemented in the PassGuide network. In VLAN routing, what are some of the disadvantages of designing a router-on-stick configuration? (Select three)
A. InterVLAN routing cannot be filtered by the router.
B. The router becomes a single point of failure for the network.
C. Routers will not route STP BPDUs.
D. There is a possibility of inadequate bandwidth for each VLAN.
E. Additional overhead on the router can occur.
F. NetFlow Switching is required for InterVLAN accounting.
Correct Answer: BDE Section: (none) Explanation
Explanation/Reference:
QUESTION 83
Which of the following could be used to provide a Layer 3 data path between separate VLANs? (Choose two.)
A. VLAN trunking
B. An external router
C. An internal route processor
D. VLAN capable bridge
E. EtherChannel
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 84
You are configuring a Cisco multilayer switch for the PassGuide network. Which command would you use to configure a port to act as a routed interface?
A. ip routing
B. switchport mode trunk
C. no switchport
D. switchport trunk native vlan 1
E. None of the other alternatives apply
Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 85
The PassGuide security administrator is concerned with VLAN hopping based attacks. Which two statements about these attacks are true? (Select two)
A. Attacks are prevented by utilizing the port-security feature.
B. An end station attempts to gain access to all VLANs by transmitting Ethernet frames in the 802.1q encapsulation.
C. Configuring an interface with the switchport mode dynamic command will prevent VLAN hopping.
D. An end station attempts to redirect VLAN traffic by transmitting Ethernet frames in the 802.1q encapsulation.
E. Configuring an interface with the “switchport mode access” command will prevent VLAN hopping.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
Flydumps.com will provide you with the most updates material to prepare for the tests all the Cisco 642-813 torrent are available at the site. Studying with dumps makes it much easier to pass the certification. Number of networking downloads including the Cisco 642-813 download are available on the website. Various websites offering such information have information in various formats you can easily download the format that is suitable for you it can be in Cisco 642-813 Testing Engine or in html.
Written by Ralph K. Merritt
We are here to help you study for Cisco certification exams. We know that the Cisco series (CCNP, CCDE, CCIE, CCNA, DevNet, Special and other certification exams are becoming more and more popular, and many people need them. In this era full of challenges and opportunities, we are committed to providing candidates with the most comprehensive and comprehensive Accurate exam preparation resources help them successfully pass the exam and realize their career dreams. The Exampass blog we established is based on the Pass4itsure Cisco exam dump platform and is dedicated to collecting the latest exam resources and conducting detailed classification. We know that the most troublesome thing for candidates during the preparation process is often the massive amount of learning materials and information screening. Therefore, we have prepared the most valuable preparation materials for candidates to help them prepare more efficiently. With our rich experience and deep accumulation in Cisco certification, we provide you with the latest PDF information and the latest exam questions. These materials not only include the key points and difficulties of the exam, but are also equipped with detailed analysis and question-answering techniques, allowing candidates to deeply understand the exam content and master how to answer questions. Our ultimate goal is to help you study for various Cisco certification exams, so that you can avoid detours in the preparation process and get twice the result with half the effort. We believe that through our efforts and professional guidance, you will be able to easily cope with exam challenges, achieve excellent results, and achieve both personal and professional improvement. In your future career, you will be more competitive and have broader development space because of your Cisco certification.
Recent Posts
- Cisco CCNA 200-301 Exam Latest Questions And Perspectives
- Most Accurate And Most Likely Cisco 400-007 Questions Sharing
- New CCNP ENCOR 350-401 Exam Questions And Experience Sharing
- Latest CCNP and CCIE Collaboration Certification 350-801 Exam Questions Online
- Prepare For The 350-601 Exam New Insights And The Latest Exam Questions To Share
2023 Pass4itsure Cisco dumps
Cisco CCDA Dumps
- 200-901 dumps (PDF+VCE)
Cisco CCDE Dumps
- 400-007 dumps (PDF+VCE)
Cisco CCDP Dumps
- 300-910 Dumps (PDF+VCE)
- 300-915 Dumps (PDF+VCE)
- 300-920 Dumps (PDF+VCE)
- 350-901 Dumps (PDF+VCE)
Cisco CCIT Dumps
- 100-490 Dumps (PDF+VCE)
Cisco CCNA Dumps
- 200-301 Dumps (PDF+VCE)
Cisco CCNP Dumps
- 350-401 Dumps (PDF+VCE)
- 300-410 Dumps (PDF+VCE)
- 300-415 Dumps (PDF+VCE)
- 300-420 Dumps (PDF+VCE)
- 300-425 Dumps (PDF+VCE)
- 300-430 Dumps (PDF+VCE)
- 300-435 Dumps (PDF+VCE)
- 350-501 Dumps (PDF+VCE)
- 300-510 Dumps (PDF+VCE)
- 300-515 Dumps (PDF+VCE)
- 300-535 Dumps (PDF+VCE)
- 350-601 Dumps (PDF+VCE)
- 300-610 Dumps (PDF+VCE)
- 300-615 Dumps (PDF+VCE)
- 300-620 Dumps (PDF+VCE)
- 300-625 Dumps (PDF+VCE)
- 300-630 Dumps (PDF+VCE)
- 300-635 Dumps (PDF+VCE)
- 350-701 Dumps (PDF+VCE)
- 300-710 Dumps (PDF+VCE)
- 300-715 Dumps (PDF+VCE)
- 300-720 Dumps (PDF+VCE)
- 300-725 Dumps (PDF+VCE)
- 300-730 Dumps (PDF+VCE)
- 300-735 Dumps (PDF+VCE)
- 350-801 Dumps (PDF+VCE)
- 300-810 Dumps (PDF+VCE)
- 300-815 Dumps (PDF+VCE)
- 300-820 Dumps (PDF+VCE)
- 300-825 Dumps (PDF+VCE)
- 300-835 Dumps (PDF+VCE)
Cisco CCT Dumps
- 010-151 Dumps (PDF+VCE)
Cisco CyberOps Associate dumps
- 200-201 Dumps (PDF+VCE)
Cisco CyberOps Professional dumps
- 300-215 Dumps (PDF+VCE)
- 350-201 Dumps (PDF+VCE)