[Free] Download New Updated (August 2016) Cisco 642-997 Real Exam 11-20

Ensurepass

QUESTION 11

Which statement about SNMP support on Cisco Nexus switches is true?

 

A.

Cisco NX-OS only supports SNMP over IPv4.

B.

Cisco NX-OS supports one instance of the SNMP per VDC.

C.

SNMP is not VRF-aware.

D.

SNMP requires the LAN_ENTERPRISE_SERVICES_PKG license.

E.

Only users belonging to the network operator RBAC role can assign SNMP groups.

 

Correct Answer: B

Explanation:

Cisco NX-OS supports one instance of the SNMP per virtual device context (VDC). By default, Cisco NX-OS places you in the default VDC. SNMP supports multiple MIB module instances and maps them to logical network entities. SNMP is also VRF aware. You can configure SNMP to use a particular VRF to reach the SNMP notification host receiver. You can also configure SNMP to filter notifications to an SNMP host receiver based on the VRF where the notification occurred.

 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_9snmp.html

 

 

QUESTION 12

Which protocol is the foundation for unified fabric as implemented in Cisco NX-OS?

 

A.

Fibre Channel

B.

Data Center Bridging

C.

Fibre Channel over Ethernet

D.

N proxy virtualization

E.

N Port identifier virtualization

 

Correct Answer: C

Explanation:

Fibre Channel over Ethernet (FCoE) is one of the major components of a Unified Fabric. FCoE is a new technology developed by Cisco that is standardized in the Fibre Channel Backbone 5 (FC-BB-5) working group of Technical Committee T11 of the International Committee for Information Technology Standards (INCITS). Most large data centers have huge installed bases of Fibre Channel and want a technology that maintains the Fibre Channel model. FCoE assumes a lossless Ethernet, in which frames are never dropped (as in Fibre Channel) and that therefore does not use IP and TCP.

 

Reference: http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white_paper_c11-495142.html

 

 

QUESTION 13

After enabling strong, reversible 128-bit Advanced Encryption Standard password type-6 encryption on a Cisco Nexus 7000, which command would convert existing plain or weakly encrypted passwords to type-6 encrypted passwords?

 

A.

switch# key config-key ascii

B.

switch(config)# feature password encryption aes

C.

switch# encryption re-encrypt obfuscated

D.

switch# encryption decrypt type6

 

Correct Answer: C

Explanation:

This command converts existing plain or weakly encrypted passwords to type-6 encrypted passwords.

 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX- OS_Security_Configuration_Guide__Release_5-x/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_5-x_chapter_010101.html

 

 

QUESTION 14

In the dynamic vNIC creation wizard, why are choices for Protection important?

 

A.

They allow reserve vNICs to be allocated out of the spares pool.

B.

They enable hardware-based failover.

C.

They select the primary fabric association for dynamic vNICs.

D.

They allow dynamic vNICs to be reserved for fabric failover.

 

Correct Answer: C

Explanation:

Number of Dynamic vNICs – This is the number of vNICs that will be available for dynamic assignment to VMs. Remember that the VIC has a limit to the number of vNICs that it can support and this is based on the number of uplinks between the IOM and the FI. At least this is the case with the 2104 IOM and the M81KR VIC, which supports ((# IOM Links * 15) – 2)). Also remember that your ESXi server will already have a number of vNICs used for other traffic such as Mgmt, vMotion, storage, etc, and that these count against the limit.

 

Adapter Policy – This determines the vNIC adapter config (HW queue config, TCP offload, etc) and you must select VMWarePassThru to support VM-FEX in High Performance mode.

 

Protection – This determines the initial placement of the vNICs, either all of them are placed on fabric A or Fabric B or they are alternated between the two fabrics if you just select the “Protected” option. Failover is always enabled on these vNICs and there is no way to disable the protection.

 

Reference: http://infrastructureadventures.com/2011/10/09/deploying-cisco-ucs-vm-fex-for-vsphere-%E2%80%93-part-2-ucsm-config-and-vmware-integration/

 

 

QUESTION 15

How is a dynamic vNIC allocated?

 

A.

Dynamic vNICs are assigned to VMs in vCenter.

B.

Dynamic vNICs can only be bound to the service profile through an updating template.

C.

Dynamic vNICs are bound directly to a service profile.

D.

Dynamic vNICs are assigned by binding a port profile to the service profile.

 

Correct Answer: C

Explanation:

The dynamic vNIC connection policy determines how the connectivity between VMs and dynamic vNICs is configured. This policy is required for Cisco UCS domains that include servers with VIC adapters on which you have installed VMs and configured dynamic vNICs. Each dynamic vNIC connection policy includes an Ethernet adapter policy and designates the number of vNICs that can be configured for any server associated with a service profile that includes the policy.

For VM-FEX that has all ports on a blade in standard mode, you need to use the VMware adapter policy.

For VM-FEX that has at least one port on a blade in high-performance mode, use the VMwarePassThrough adapter policy or create a custom policy. If you need to create a custom policy, the resources provisioned need to equal the resource requirements of the guest OS that needs the most resources and for which you will be using high-performance mode.

 

Reference: http://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/sw/vm_fex/vmware/gui/config_guide/b_GUI_VMware_VM-FEX_UCSM_Configuration_Guide/b_GUI_VMware_VM-FEX_UCSM_Configuration_Guide_chapter_010.html

 

 

QUESTION 16

Which two security features are only supported on the Cisco Nexus 7000 Series Switches? (Choose two.)

 

A.

IP source guard

B.

traffic storm control

C.

CoPP

D.

DHCP snooping

E.

Dynamic ARP Inspection

F.

NAC

 

Correct Answer: BF

Explanation:

A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces. Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 10-millisecond interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

 

Reference:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter17.html

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/dcnm/security/configurati on/guide/b_Cisco_DCNM_Security_Configuration_Guide__Release_5- x/Cisco_DCNM_Security_Configuration_Guide__Release_5-x_chapter1.html

 

 

QUESTION 17

Which statement about the implementation of Cisco TrustSec on Cisco Nexus 7000 Series Switches is true?

 

A.

While SGACL enforcement and SGT propagation are supported on the M and F modules, 802.1AE (MACsec) support is available only on the M module.

B.

SGT Exchange Protocol is required to propagate the SGTs across F modules that lack hardware support for Cisco TrustSec.

C.

AAA authentication and authorization is supported using TACACS or RADIUS to a Cisco Secure Access Control Server.

D.

Both Cisco TrustSec and 802.1X can be configured on an F or M module interface.

 

Correct Answer: A

Explanation:

The M-Series modules on the Nexus 7000 support 802.1AE MACSEC on all ports, including the new M2-series modules. The F2e modules will have this feature enabled in the future.

It is important to note that because 802.1AE MACSEC is a link-level encryption, the two MACSEC-enabled endpoints, Nexus 7000 devices in our case, must be directly L2 adjacent.
This means we direct fiber connection or one facilitated with optical gear is required. MACSEC has integrity checks for the frames and intermediate devices, like another switch, even at L2, will cause the integrity checks to fail. In most cases, this means metro-Ethernet services or carrier-provided label switched services will not work for a MACSEC connection.

 

Reference: http://www.ciscopress.com/articles/article.asp?p=2065720

 

 

QUESTION 18

When a local RBAC user account has the same name as a remote user account on an AAA server, what happens when a user with that name logs into a Cisco Nexus switch?

 

A.

The user roles from the remote AAA user account are applied, not the configured local user roles.

B.

All the roles are merged (logical OR).

C.

The user roles from the local user account are applied, not the remote AAA user roles.

D.

Only the roles that are defined on both accounts are merged (logical AND).

 

Correct Answer: C

Explanation:

If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not the user roles configured on the AAA server.

 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html

 

 

QUESTION 19

Which statement about implementation of Cisco TrustSec on Cisco Nexus 5546 or 5548 switches are true?

 

A.

Cisco TrustSec support varies depending on Cisco Nexus 5500 Series Switch model.

B.

The hardware is not able to support MACsec switch-port-level encryption based on IEEE 802.1AE.

C.

The maximum number of RBACL TCAM user configurable entries is 128k.

D.

The SGT Exchange Protocol must use the management (mgmt 0) interface.

 

Correct Answer: B

Explanation:

https://scadahacker.com/library/Documents/Manuals/Cisco%20-%20TrustSec%20Solution%20Overview.pdf

 

 

QUESTION 20

Which statement is true if password-strength checking is enabled?

 

A.

Short, easy-to-decipher passwords will be rejected.

B.

The strength of existing passwords will be checked.

C.

Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.

D.

Passwords become case-sensitive.

 

Correct Answer: A

Explanation:

If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled. Be sure to configure a strong password. Passwords are case sensitive.

 

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_01000.pdf

 

Free VCE & PDF File for Cisco 642-997 Real Exam

Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …