QUESTION 261
A network administrator wants to detect a login attack against a router. What IOS command can make the attack recorded in syslog server?
|
A. |
Login detect login-failure log |
|
B. |
none of the above |
|
C. |
Logging detect fail-login |
|
D. |
Login on-failure log |
|
E. |
Logging login on-failure |
Correct Answer: D
QUESTION 262
How many content definitions does CSG allow?
|
A. |
40 |
|
B. |
400 |
|
C. |
4000 |
|
D. |
40,000 |
Correct Answer: C
Explanation:
CISCO CSG CONFIGURATION LIMITS
256 total virtual LANs (client and server)
4000 content definitions
1024 services
16,000 access control list (ACL) items
Up to six Cisco CSGs and/or CSMs can be installed in a Cisco Catalyst 6500 Series or Cisco 7600 Series chassis
QUESTION 263
What are the differences between LLQ and CBWFQ? (Choose two.)
|
A. |
LLQ priority queue bandwidth is policed with a congestion aware policer. |
|
B. |
With LLQ, bandwidth allocations for the priority queue and all the CBWFQ queues are configured using the priority command. |
|
C. |
LLQ does not support WFQ on the default traffic class (class-default). |
|
D. |
LLQ supports the addition of strict priority queuing. |
|
E. |
LLQ is configured using MQC and CBWFQ is configured using the fair-queue command. |
Correct Answer: AD
QUESTION 264
Which two statements about NTP version 4 are true? (Choose two)
|
A. |
It supports fast synchronization at starting and before network failures. |
|
B. |
It supports automatic server discovery. |
|
C. |
It uses a fixed-point arithmetic |
|
D. |
It supports the “nanokernel” kernel implementation. |
|
E. |
It does not support Public-Key Cryptography |
Correct Answer: BD
Explanation:
4.1.9. What’s new in Version 4?
According to the NTP Version 4 Release Notes found in release.htm, the new features of version four (as compared to version three) are.
Use of floating-point arithmetic instead of fixed-point arithmetic.
Redesigned clock discipline algorithm that improves accuracy, handling of network jitter, and polling intervals.
Support for the nanokernel kernel implementation that provides nanosecond precision as well as improved algorithms.
Public-Key cryptography known as autokey that avoids having common secret keys.
Automatic server discovery (manycast mode)
Fast synchronization at startup and after network failures (burst mode)
New and revised drivers for reference clocks
Support for new platforms and operating systems
QUESTION 265
Which four statements about NetFlow are true? (Choose four.)
|
A. |
NetFlow records bidirectional IP traffic flow. |
|
B. |
NetFlow export can be implemented over IPv4. |
|
C. |
NetFlow export can be implemented over IPv6. |
|
D. |
NetFlow records multicast IP traffic flow. |
|
E. |
NetFlow records ingress traffic. |
|
F. |
NetFlow records egress traffic. |
Correct Answer: BDEF
QUESTION 266
Which MQC-based output queueing method is designed to support multiple traffic classes including VoIP traffic, mission-critical traffic, bulk traffic, interactive traffic and default class traffic?
|
A. |
Custom Queueing |
|
B. |
CB-WRED |
|
C. |
WRR Queueing |
|
D. |
LLQ |
|
E. |
CBWFQ |
Correct Answer: D
QUESTION 267
Which four statements about an IP service level agreement (SLA) are true? (Choose four.)
|
A. |
SLA responder knows type of operation, the port used, and duration. |
|
B. |
SLA responder inserts in and out timestamps in the packet payload. |
|
C. |
SLA sender and responder use the IP SLA Control Protocol to communicate with each other before sending test packets. |
|
D. |
SLA sender and responder communication can be encrypted. |
|
E. |
SLA sender and responder communication can be authenticated with MD5. |
Correct Answer: ABCE
QUESTION 268
How many token buckets are needed to support a multi-actions policer that meters conforming, exceeding and violating traffic?
|
A. |
1 |
|
B. |
3 |
|
C. |
5 |
|
D. |
2 |
|
E. |
6 |
|
F. |
4 |
Correct Answer: D
QUESTION 269
What is the typical marked DSCP value for a voice signaling packet in VoIP technology?
|
A. |
BE |
|
B. |
AF41 |
|
C. |
AF21 |
|
D. |
EF |
|
E. |
AF31 |
Correct Answer: E
QUESTION 270
How would you characterize the source and type in a denial of service attack on a router?
|
A. |
By perform a show ip interface to see the type and source of the attack based upon the access-list matches. |
|
B. |
By setting up an access-list to permit all ICMP, TCP, and UDP traffic with the log or log- input commands, then use the show access-list and show log commands to determine the type and source of attack. |
|
C. |
By performing a show interface to see the transmitted load “txload” and receive load “rxload”, if the interface utilization is not maxed out, there is no attack underway. |
|
D. |
By applying an access-list to all incoming and outgoing interfaces, turning off route- cache on all interfaces, then, when telnetting into the router perform a debug IP packet detail. |
Correct Answer: B
Free VCE & PDF File for Cisco 400-201 Real Exam
Instant Access to Free VCE Files: CCNA | CCNP | CCIE …
Instant Access to Free PDF Files: CCNA | CCNP | CCIE …