2b0-104 1-0
DESCRIPTION
14TRANSCRIPT
2B0-104
Enterasys Certified Internetworking Engineer(ECIE)
Version 1.0
QUESTION NO: 1
An Acceptable Use Policy for the network should define:
A. Which types of traffic trusted users only are allowed to generate on the network
B. Which types of traffic untrusted users only are allowed to generate on the network
C. Which types of traffic trusted and untrusted users are allowed to generate on the network
D. Which types of traffic guest users only are allowed to generate on the network
Answer: C
QUESTION NO: 2
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. If a network administrator desires to
prevent infected devices from being further exploited within the enterprise network, the network
administrator should configure and enforce policy for infected devices to the Active Edge of the
network that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: B
QUESTION NO: 3
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, reduces
network congestion by removing legacy protocols from the network such as IPX?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Threat Management service
D. Limit Exposure to DoS Attacks service
Answer: A
QUESTION NO: 4
In a multi-vendor environment where 3 rd party devices are located at the edge of the network
and are not policy-capable, installing a policy-capable device in the distribution layer:
A. Protects the network core from internally sourced attacks
B. Protects the server farm from internally sourced attacks
C. Secures other access layer segments connected through the policy-capable distribution layer
device
D. All of the above
Answer: D
QUESTION NO: 5
In a multi-vendor environment, where is the placement of a policy capable device most effective
in discarding malicious traffic and protecting the entire network:
A. At the access layer edge
B. At the distribution layer
C. In the DMZ
D. In the core
Answer: A
QUESTION NO: 6
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from Denial of Service attacks on the network?
A. Deny Unsupported Protocol Access service
B. Deny DoS Attacks service
C. Limit Exposure to DoS Attacks service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 7
As defined in NetSight Policy Managers demo.pmd file, the Secure Guest Access Service Group:
A. Allows PPTP and HTTP traffic only, and discards all other traffic
B. Allows HTTP, DNS, and DHCP traffic only, and discards all other traffic
C. Allows PPTP, HTTP, DNS, and DHCP traffic, and denies access to all other TCP/UDP ports
and unsupported protocols on the network
D. Discards all traffic
Answer: C
QUESTION NO: 8
The RADIUS Filter-ID parameter is used to:
A. Authenticate users
B. Authenticate a RADIUS client
C. Pass policy information to a switch to authorize an authenticated user with a level of network
access
D. Discard traffic destined for a RADIUS server
Answer: C
QUESTION NO: 9
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from a user masquerading as a valid service on the network?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Application Provisioning AUP service
D. Limit Exposure to DoS Attacks service
Answer: B
QUESTION NO: 10
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. If a network administrator desires to
prevent an internal user from connecting to an infected device, the network administrator
should configure and enforce policy for malicious users to the Active Edge of the network that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: A
QUESTION NO: 11
The following components are mandatory for dynamic policy deployment on the network:
A. NetSight Policy Manager and policy-capable devices
B. NetSight Policy Manager, policy-capable devices, and authentication services
C. NetSight Policy Manager and any device
D. NetSight Policy Manager only
Answer: B
QUESTION NO: 12
Which of the following is not a pre-defined Port Group in NetSight Policy Manager to:
A. All ports
B. Authenticated ports
C. Logical ports
D. CDP ports
Answer: B
QUESTION NO: 13
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role is
associated to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Secure Guest Access service group
Answer: D
QUESTION NO: 14
Fill in the blank. It is necessary to ______ policy configuration changes to the switches in
NetSight Policy Manager before the changes can take effect.
A. Mediate
B. Enforce
C. Compile
D. Encrypt
Answer: B
QUESTION NO: 15
A new policy role, Staff, is created under the Roles tab in NetSight Policy Manager. To use the
Staff policy role to classify ingressed traffic for static policy deployment, the network administrator
must at a minimum:
A. Do nothing else. Once the Staff policy role is created in NetSight Policy Manager, the network
begins classifying traffic according to the configuration of Staff
B. Enforce NetSight Policy Managers policy configuration to policy-capable devices only
C. Enforce NetSight Policy Managers policy configuration to policy-capable devices and also
assign the Staff policy role to a port
D. Enforce NetSight Policy Managers policy configuration to policy-capable devices, assign the
Staff policy role to a port, and enable authentication on the port.
Answer: C
QUESTION NO: 16
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role should be
assigned to ports where:
A. Only IT operations may access the network
B. Only trusted users may access the network
C. Trusted users may access the network as well as untrusted users
D. The Guest Access policy role should only be dynamically assigned to ports as a result of
successful authentication
Answer: C
QUESTION NO: 17
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. Since port X is not used for any businesscritical
applications on the network, the network administrator can most effectively protect
his/her network without severely impacting business continuity by configuring and enforcing policy
to the Active Edge that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: D
QUESTION NO: 18
If a policy role is configured in NetSight Policy Manager to allow all traffic by default, then to
increase the security level of the policy role, the classification rules associated to this policy role
should be configured to:
A. Allow traffic
B. Prioritize traffic to CoS Priority 5
C. Rewrite the ToS field of traffic
D. Deny traffic
Answer: D
QUESTION NO: 19
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning - AUP
service is designed to group classification rules that:
A. Discard malicious traffic
B. Prioritize traffic by assigning various classes of service to different applications
C. Discard unsupported protocols
D. Discard traffic associated to DoS attacks
Answer: B
QUESTION NO: 20
When deploying static policy to the network,:
A. The NetSight Policy configuration must be enforced to the policy-capable devices before policy
roles are assigned to ports
B. The Phased Implementation Approach should be used to minimize inadvertent negative impact to business-critical applications on the network
C. Updating the policy configuration across the entire network requires enforcing the altered
policy configuration in NetSight Policy Manager and then reassigning the altered policy roles to
device ports
D. A and B
Answer: D
QUESTION NO: 21
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. Since port X is used for a business-critical
application on the network, the network administrator can most effectively protect his/her network
without severely impacting business continuity by configuring and enforcing policy to the Active
Edge that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: C
QUESTION NO: 22
In the deployment of static policy on the network, a policy-capable device, such as the Matrix Nseries,:
A. Classifies ingressed traffic on the network
B. Centrally defines and pushes out the policy configuration for the network
C. Periodically updates the policy configuration in NetSight Policy Manager
D. Maintains periodic contact with other policy-capable switches on the network
Answer: A
QUESTION NO: 23
As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role is associated
to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Acceptable Use Policy service group
Answer: A
QUESTION NO: 24
A Policy Profile:
A. Defines a collection of classification rules and default packet handling logic
B. Maps to an organizational role within the enterprise for the allocation of network resources
C. May be assigned to multiple ports on a device
D. All of the above
Answer: D
QUESTION NO: 25
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from well-known layer 4 ports utilized in various attacks and exploits on the network?
A. Deny Unsupported Protocol Access service
B. Deny Layer 4 Attack Ports service
C. Threat Management service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 26
Which of the following is not a traffic attribute for which a classification rule may be configured?
A. MAC address
B. PHY and PMD sub-layers
C. TCP/UDP port number
D. IP address
Answer: B
QUESTION NO: 27
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning -
Supplemental service is associated to the:
A. Enterprise User role only
B. Enterprise User role and Enterprise Access role
C. Enterprise Access role only
D. Enterprise Access and Guest Access role
Answer: A
QUESTION NO: 28
Which of the following authentication methods requires a default policy role to be assigned to the
port when the authentication method is enabled:
A. MAC-based authentication
B. 802.1X authentication
C. Port Web Authentication
D. All of the above
Answer: C
QUESTION NO: 29
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. Since port X is not used for any businesscritical
applications on the network, the network administrator can most effectively protect his/her
network without severely impacting business continuity by configuring and enforcing policy to the
Active Edge that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: D
QUESTION NO: 30
By not dropping packets formatted with TCP/UDP source port 67 and TCP/UDP source port 53
on user ports, a user can:
A. Execute DNS server spoofing attacks
B. Execute man-in-the-middle-attacks to compromise data confidentiality
C. Execute a DoS attack by allocating bogus IP address to other end systems on the network
D. All of the above
Answer: D
QUESTION NO: 31
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from well-known layer 4 ports utilized in various attacks and exploits on the network?
A. Deny Unsupported Protocol Access service
B. Deny Layer 4 Attack Ports service
C. Threat Management service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 32
An Acceptable Use Policy for the network should define:
A. Which types of traffic trusted users only are allowed to generate on the network
B. Which types of traffic untrusted users only are allowed to generate on the network
C. Which types of traffic trusted and untrusted users are allowed to generate on the network
D. Which types of traffic guest users only are allowed to generate on the network
Answer: C
QUESTION NO: 33
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning -
Supplemental service is designed to:
A. Discard malicious traffic
B. Prioritize mission critical traffic by provisioning on-demand QoS
C. Discard unsupported protocols
D. Rate limit traffic associated to DoS attacks
Answer: B
QUESTION NO: 34
The Device Configuration Wizard and Port Configuration Wizard in NetSight Policy Manager can
e used to:
A. Configure a group of devices or ports on devices with the same configuration at one time
B. Add/remove network elements in NetSight Policy Manager
C. Enforce the NetSight Policy Manager policy configuration to a group of devices
D. Configure user-to-policy role mapping on the enterprise networks RADIUS server
Answer: A
QUESTION NO: 35
If a policy role is configured in NetSight Policy Manager to allow all traffic by default, then to
increase the security level of the policy role, the classification rules associated to this policy role
should be configured to:
A. Allow traffic
B. Prioritize traffic to CoS Priority 5
C. Rewrite the ToS field of traffic
D. Deny traffic
Answer: D
QUESTION NO: 36
The following components are mandatory for dynamic policy deployment on the network:
A. NetSight Policy Manager and policy-capable devices
B. NetSight Policy Manager, policy-capable devices, and authentication services
C. NetSight Policy Manager and any device
D. NetSight Policy Manager only
Answer: B
QUESTION NO: 37
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. If a network administrator desires to
prevent infected devices from being further exploited within the enterprise network, the network
administrator should configure and enforce policy for infected devices to the Active Edge of the
network that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: B
QUESTION NO: 38
Which of the following is not a pre-defined Port Group in NetSight Policy Manager to:
A. All ports
B. Authenticated ports
C. Logical ports
D. CDP ports
Answer: B
QUESTION NO: 39
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from Denial of Service attacks on the network?
A. Deny Unsupported Protocol Access service
B. Deny DoS Attacks service
C. Limit Exposure to DoS Attacks service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 40
The RADIUS Filter-ID parameter is used to:
A. Authenticate users
B. Authenticate a RADIUS client
C. Pass policy information to a switch to authorize an authenticated user with a level of network
access
D. Discard traffic destined for a RADIUS server
Answer: C
QUESTION NO: 41
In a multi-vendor environment where 3 rd party devices are located at the edge of the network
and are not policy-capable, installing a policy-capable device in the distribution layer:
A. Protects the network core from internally sourced attacks
B. Protects the server farm from internally sourced attacks
C. Secures other access layer segments connected through the policy-capable distribution layer
device
D. All of the above
Answer: D
QUESTION NO: 42
A new policy role, Staff, is created under the Roles tab in NetSight Policy Manager. To use the
Staff policy role to classify ingressed traffic for static policy deployment, the
network administrator must at a minimum:
A. Do nothing else. Once the Staff policy role is created in NetSight Policy Manager, the network
begins classifying traffic according to the configuration of Staff
B. Enforce NetSight Policy Managers policy configuration to policy-capable devices only
C. Enforce NetSight Policy Managers policy configuration to policy-capable devices and also
assign the Staff policy role to a port
D. Enforce NetSight Policy Managers policy configuration to policy-capable devices, assign the
Staff policy role to a port, and enable authentication on the port.
Answer: C
QUESTION NO: 43
In a multi-vendor environment, where is the placement of a policy capable device most effective
in discarding malicious traffic and protecting the entire network:
A. At the access layer edge
B. At the distribution layer
C. In the DMZ
D. In the core
Answer: A
QUESTION NO: 44
In the deployment of static policy on the network, a policy-capable device, such as the Matrix Nseries,:
A. Classifies ingressed traffic on the network
B. Centrally defines and pushes out the policy configuration for the network
C. Periodically updates the policy configuration in NetSight Policy Manager
D. Maintains periodic contact with other policy-capable switches on the network
Answer: A
QUESTION NO: 45
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role should be
assigned to ports where:
A. Only IT operations may access the network
B. Only trusted users may access the network
C. Trusted users may access the network as well as untrusted users
D. The Guest Access policy role should only be dynamically assigned to ports as a result of
successful authentication
Answer: C
QUESTION NO: 46
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role is
associated to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Secure Guest Access service group
Answer: D
QUESTION NO: 47
Which of the following questions is a consideration when defining an Acceptable Use Policy for
the network:
A. Which applications are business-critical to trusted users on the network?
B. Where are untrusted users allowed to connect to the network?
C. Which protocols should not be utilized by untrusted and trusted users, representing an attack
or misuse of the network?
D. All of the above
Answer: D
QUESTION NO: 48
As defined in NetSight Policy Managers demo.pmd file, the Secure Guest Access Service Group:
A. Allows PPTP and HTTP traffic only, and discards all other traffic
B. Allows HTTP, DNS, and DHCP traffic only, and discards all other traffic
C. Allows PPTP, HTTP, DNS, and DHCP traffic, and denies access to all other TCP/UDP ports and unsupported protocols on the network
D. Discards all traffic
Answer: C
QUESTION NO: 49
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from a user masquerading as a valid service on the network?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Application Provisioning AUP service
D. Limit Exposure to DoS Attacks service
Answer: B
QUESTION NO: 50
As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role is
associated to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Acceptable Use Policy service group
Answer: D
QUESTION NO: 51
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning - AUP
service is designed to group classification rules that:
A. Discard malicious traffic
B. Prioritize traffic by assigning various classes of service to different applications
C. Discard unsupported protocols
D. Discard traffic associated to DoS attacks
Answer: B
QUESTION NO: 52
If a policy role is configured in NetSight Policy Manager to allow all traffic by default, then to
increase the security level of the policy role, the classification rules associated to this policy role
should be configured to:
A. Allow traffic
B. Prioritize traffic to CoS Priority 5
C. Rewrite the ToS field of traffic
D. Deny traffic
Answer: D
QUESTION NO: 53
Which of the following is not a traffic attribute for which a classification rule may be configured?
A. MAC address
B. PHY and PMD sub-layers
C. TCP/UDP port number
D. IP address
Answer: B
QUESTION NO: 54
The RADIUS Filter-ID parameter is used to:
A. Authenticate users
B. Authenticate a RADIUS client
C. Pass policy information to a switch to authorize an authenticated user with a level of network
access
D. Discard traffic destined for a RADIUS server
Answer: C
QUESTION NO: 55
As defined in NetSight Policy Managers demo.pmd file, the Administrator policy role is associated
to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Acceptable Use Policy service group
Answer: A
QUESTION NO: 56
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. If a network administrator desires to
prevent an internal user from connecting to an infected device, the network administrator
should configure and enforce policy for malicious users to the Active Edge of the network that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a low priority
D. Rate limit traffic destined or sourced to TCP port X
Answer: A
QUESTION NO: 57
An Acceptable Use Policy for the network should define:
A. Which types of traffic trusted users only are allowed to generate on the network
B. Which types of traffic untrusted users only are allowed to generate on the network
C. Which types of traffic trusted and untrusted users are allowed to generate on the network
D. Which types of traffic guest users only are allowed to generate on the network
Answer: C
QUESTION NO: 58
A new policy role, Staff, is created under the Roles tab in NetSight Policy Manager. To use the
Staff policy role to classify ingressed traffic for static policy deployment, the network administrator
must at a minimum:
A. Do nothing else. Once the Staff policy role is created in NetSight Policy Manager, the network
begins classifying traffic according to the configuration of Staff
B. Enforce NetSight Policy Managers policy configuration to policy-capable devices only
C. Enforce NetSight Policy Managers policy configuration to policy-capable devices and also
assign the Staff policy role to a port
D. Enforce NetSight Policy Managers policy configuration to policy-capable devices, assign the
Staff policy role to a port, and enable authentication on the port.
Answer: C
QUESTION NO: 59
In the deployment of dynamic policy, the authentication of an end system on the network can:
A. Dynamically assign a policy role to the port of connection based on the users business-aligned
organizational unit
B. Allow location-independent network resource allocation for authenticating users on the network
C. Deny network access to end systems with invalid credentials
D. All of the above
Answer: D
QUESTION NO: 60
In a multi-vendor environment where 3 rd party devices are located at the edge of the network
and are not policy-capable, installing a policy-capable device in the distribution layer:
A. Protects the network core from internally sourced attacks
B. Protects the server farm from internally sourced attacks
C. Secures other access layer segments connected through the policy-capable distribution layer device
D. All of the above
Answer: D
QUESTION NO: 61
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from well-known layer 4 ports utilized in various attacks and exploits on the network?
A. Deny Unsupported Protocol Access service
B. Deny Layer 4 Attack Ports service
C. Threat Management service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 62
As defined in NetSight Policy Managers demo.pmd file, the Application Provisioning -
Supplemental service is designed to:
A. Discard malicious traffic
B. Prioritize mission critical traffic by provisioning on-demand QoS
C. Discard unsupported protocols
D. Rate limit traffic associated to DoS attacks
Answer: B
QUESTION NO: 63
When deploying static policy to the network,:
A. The NetSight Policy configuration must be enforced to the policy-capable devices before policy
roles are assigned to ports
B. The Phased Implementation Approach should be used to minimize inadvertent negative impact
to business-critical applications on the network
C. Updating the policy configuration across the entire network requires enforcing the altered
policy configuration in NetSight Policy Manager and then reassigning the altered policy roles to
device ports
D. A and B
Answer: D
QUESTION NO: 64
In the deployment of static policy on the network, a policy-capable device, such as the Matrix Nseries,:
A. Classifies ingressed traffic on the network
B. Centrally defines and pushes out the policy configuration for the network
C. Periodically updates the policy configuration in NetSight Policy Manager
D. Maintains periodic contact with other policy-capable switches on the network
Answer: A
QUESTION NO: 65
Port Groups can be used in NetSight Policy Manager to:
A. Group ports based on location
B. Group ports based on speed
C. Group ports based on whether untrusted users have physical access to these ports
D. All of the above
Answer: D
QUESTION NO: 66
When configuring a highly restrictive policy role in NetSight Policy Manager with the highest level
of security, such as the Quarantine policy, the default access control setting for the policy role
should be set to:
A. Deny
B. Allow
C. Redirect to a remediation server
D. CoS Priority 0
Answer: A
QUESTION NO: 67
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, protects
the network from Denial of Service attacks on the network?
A. Deny Unsupported Protocol Access service
B. Deny DoS Attacks service
C. Limit Exposure to DoS Attacks service
D. Application Provisioning - AUP service
Answer: C
QUESTION NO: 68
Which of the following services, as defined by demo.pmd in NetSight Policy Manager, reduces
network congestion by removing legacy protocols from the network such as IPX?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Threat Management service
D. Limit Exposure to DoS Attacks service
Answer: A
QUESTION NO: 69
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role is
associated to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Secure Guest Access service group
Answer: D
QUESTION NO: 70
A new virus has been identified on the Internet causing an infected system to listen to TCP port X
for allowing remote connections to the infected device. Since port X is used for a business-critical
application on the network, the network administrator can most effectively protect his/her network
without severely impacting business continuity by configuring and enforcing policy to the Active
Edge that:
A. Discards traffic destined to TCP port X
B. Discards traffic sourced from TCP port X
C. Prioritizes traffic destined or sourced to TCP port X to a lower priority with rate limiting
D. Discards traffic sourced or destined to TCP port X
Answer: C
QUESTION NO: 71
In a multi-vendor environment, where is the placement of a policy capable device most effective
in discarding malicious traffic and protecting the entire network:
A. At the access layer edge
B. At the distribution layer
C. In the DMZ
D. In the core
Answer: A
QUESTION NO: 72
A network administrator has identified that a new operating system installed on a large number of
end devices on the network natively supports IPv6 as well as IPv4, and these end systems
attempt to communicate over IPv4 and IPv6 by default. To improve the network utilization
efficiency and avoid reconfiguring each individual end system, to which service would the network
administrator most likely add a drop IPv6 traffic classification rule?
A. Deny Unsupported Protocol Access service
B. Deny Spoofing & other Administrative Protocols service
C. Threat Management service
D. Limit Exposure to DoS Attacks service
Answer: A
QUESTION NO: 73
A Policy Profile:
A. Defines a collection of classification rules and default packet handling logic
B. Maps to an organizational role within the enterprise for the allocation of network resources
C. May be assigned to multiple ports on a device
D. All of the above
Answer: D
QUESTION NO: 74
As defined in NetSight Policy Managers demo.pmd file, the Guest Access policy role should be
assigned to ports where:
A. Only IT operations may access the network
B. Only trusted users may access the network
C. Trusted users may access the network as well as untrusted users
D. The Guest Access policy role should only be dynamically assigned to ports as a result of
successful authentication
Answer: C
QUESTION NO: 75
As defined in NetSight Policy Managers demo.pmd file, the Enterprise Access policy role is
associated to:
A. No services
B. The Deny Spoofing & Other Administrative Protocols service only
C. The Deny Unsupported Protocol Access service only
D. All services grouped under the Acceptable Use Policy service group
Answer: D