deploying hp procurve products - freejosh00b.free.fr/hpy.pdf · brief a. the show interface command...

Deploying HP ProCurve Products

Number: HP0-Y23Passing Score: 800Time Limit: 120 minFile Version: 1.0

Exam A

QUESTION 1You must define a hostname on an HP ProCurve 5406zl switch. Which configuration contextmust you enter to perform this task?

A. interface

B. global configuration

C. manager

D. operator

Answer: B

Section: (none)

Explanation/Reference:

QUESTION 2Besides the CLI, which configuration interface enables an administrator to configure a username for access to the Manager privilege level on an HP ProCurve switch?

A. menu interface

B. web interface

C. setup interface

D. Management Interface Wizard

Answer: B

Section: (none)


QUESTION 3What is the effect of the following command entered at the CLI of an HP ProCurve switch withfactory default settings?ProCurveSwitch# exit

A. All switch ports are enabled

B. The user is logged out of the CLI.

C. The privilege level moves from Manager to Operator.

D. The CLI displays an authentication prompt.

Answer: C

Section: (none)


QUESTION 4Which options are available at the following prompt in the CLI of an HP ProCurve 3500ylswitch? (Select three.) 3500yl-24G#

A. enable IP routing

B. update switch software

C. disable ports

D. erase startup configuration

E. define management passwords

F. restart the switch

G. assign IP address to VLAN interface

Answer: BDF

Section: (none)


QUESTION 5You must configure an IP interface on an HP ProCurve switch. Which CLI context will enableyou to perform this task?

A. router

B. manager

C. CLI passthrough

D. VLAN

Answer: D

Section: (none)


QUESTION 6What is the different between the output of the following two commands issued at the CLI ofan HP ProCurve switch? ProCurve Switch# show interface ProCurve Switch# show interfacebrief

A. The show interface command provides a dynamic display of port activity.The show interface brief command provides a static display of port activity.

B. The show interface command displays current port statistics.The show interface brief command displays parameters such as actual speed and duplexstatus.

C. The show interface command shows all friendly names assigned to ports.The show interface brief command shows only the port and module designation.

D. The show interface command provides detailed information about each port configuration,including VLAN membership and Spanning command provides detailed information abouteach port? configuration, including VLAN membership and SpanningTree status.The show interface brief command provides information only about which ports are enabledand which are disabled.

Answer: B

Section: (none)


QUESTION 7Which HP ProCurve switch models display the following prompt in the interface configurationcontext? (Select two.)ProCurve Switch(eth-C1)#

A. 2910al

B. 3500yl

C. 5400zl

D. 6600

E. 8200zl

Answer: CE

Section: (none)


QUESTION 8What is the effect of the following command issued at the CLI of an HP ProCurve 5406zlswitch? 5406zl# configure terminal

A. The CLI moves to the global configuration context.

B. The CLI provides an interface for configuring persistent terminal variables such as linelength.

C. The CLI displays user input in the terminal.

D. The CLI displays current configuration parameters.

Answer: A

Section: (none)


QUESTION 9Which devices receive outbound LLDP advertisements from an HP ProCurve switch?

A. all devices with interfaces in VLAN1

B. all devices that receive the switch>s broadcasts

C. all devices directly connected to the switch

D. all devices in the LLDP multicast group

Answer: C

Section: (none)


QUESTION 10Which privilege level is indicated by the following prompt at the CLI of an HP ProCurve switch?3500yl-24G>

A. operator

B. interface

C. global configuration

D. manager

Answer: A

Section: (none)


QUESTION 11You must configure an IP interface for VLAN 22 on HP ProCurve switch. Besides the IPaddress, which parameter is required?

A. subnet mask

B. DNS server

C. default gateway

D. port members

Answer: A

Section: (none)


QUESTION 12At the CLI of HP ProCurve 2610-24 switch, you have assigned ports 1-4 to VLAN 50 asuntagged members. The 2610 is connected through port 24 to a 5406zl with IP routingenabled. All other configuration parameters on the 2610 are at default settings. On the 2610,what must you do to enable the 5406zl to act as the default gateway for VLAN 50 clients?

A. Configure the 5406zl to be the default gateway for the 2610.

B. Define an IP inter in VLAN 50.

C. Add a static route to the 5406zl to the 2610 route table.

D. Add port 24 to VLAN 50.

Answer: D

Section: (none)


QUESTION 13You have defined VLANs 44 and 45 on an HP ProCurve switch and assigned untagged portsto both VLANs. You have defined IP address to both VLAN interfaces. You have configured IPhelper to enable clients in VLAN 44 to receive IP addresses from a DHCP server in VLAN 45.What other feature must be enabled before the clients will receive addresses from the server?

A. RIP

B. DNS

C. IP routing

D. DHCP Relay

Answer: C

Section: (none)


QUESTION 14You have defined VLAN 100 and VLAN 101 on an HP ProCurve 5406zl switch. You haveadded two ports to each VLAN as untagged members. All other switch settings are at defaults.

What must you do to enable communications between hosts in the two VLANS? (Select two.)

A. Define an IP address for each VLAN.

B. Remove all four ports from the Default VLAN.

C. Define a default gateway for the switch.

D. Configure static routes to both VLANS.

E. Enable IP routing globally

Answer: AE

Section: (none)


QUESTION 15You have configured untagged port members of VLAN 55 and VLAN 75 on an HP ProCurve8212zl switch. Additionally, you have assigned IP addresses to interfaces in both VLANs.However, while testing the configuration, you learn that nodes in the two VLANs cannot pingeach other, The nodes are configured correctly and connected to the correct ports. What mustyou do on the 8212zl to enable communication between the nodes?

A. Disable ICMP blocking.

B. Enable IP routing.

C. Define a default gateway

D. Add connected ports to both VLANs.

Answer: B

Section: (none)


QUESTION 16Which type of ports on HP ProCurve switches is similar to trunk ports on Cisco switches?

A. ports configured for link aggregation

B. ports that carry multiple VLANs

C. ports that support 10-GbE connectivity

D. ports that connect the distribution and core layers

Answer: B

Section: (none)


QUESTION 17Which feature on HP ProCurve switches is similar to access ports on Cisco switches?

A. edge ports

B. uplink ports

C. untagged ports

D. LAG ports

Answer: C

Section: (none)


QUESTION 18Which UDP-based protocol can be used to back up and restore configuration files on an HPProCurve switch?

A. SCP

B. TFTP

C. FTP

D. SFTP

Answer: B

Section: (none)


QUESTION 19Click the Exhibit button. In the configuration shown in the exhibit, which users can access theTelnet interface of the 3500yl?

A. users in VLAN 11 only

B. users in VLAN 1 only

C. users in all VLANs directly connected to the 3500yl

D. users in all VLANs connected to either switch

Answer: D

Section: (none)


QUESTION 20

Click the Exhibit button. What is indicated by the CLI output shown in the exhibit?

A. Port 24 is a member of VLAN 10, but no device is connected.

B. Port 24 is learning a new VLAN assignment, based on GVRP messages.

C. Port 24 has been disabled by the switch administrator.

D. Port 24 is configured for 802.1X authentication and is awaiting an authentication outcome.

Answer: A

Section: (none)


QUESTION 21What can be used as a destination when backing up the configuration on an HP ProCurve3500yl switch? (Select two.)

A. FTP server

B. compact flash

C. neighboring switch

D. USB flash drive

E. FTP server

Answer: AD

Section: (none)


QUESTION 22Which command saves the running configuration of an HP ProCurve switch to its startupconfiguration?

A. Write memory

B. Save running-config

C. Copy running-config startup-config

D. Write config

Answer: A

Section: (none)


QUESTION 23You must update the software on an HP ProCurve Intelligent Edge switch. Which devices canbe used as sources for the copy command? (Select two.)

A. FTP server

B. USB drive

C. TFTP server

D. flash area of another ProCurve switch

E. management workstation hard drive

Answer: BC

Section: (none)


QUESTION 24Click the Exhibit button. Which command enables the switch in the exhibit to execute theconfig2 configuration file?

A. config active config2

B. boot system flash secondary

C. erase config1

D. copy config2 flash primary

Answer: B

Section: (none)


QUESTION 25The front-panel security settings on an HP proCurve switch are at default. HP can you gainaccess to the CLI of the switch if the manager and operator passwords have been lost?

A. press the Reset button on the switch>s front panel and it down until the switch restarts.

B. Power cycle the switch and access the ROM console to dear passwords at the managerprompt.

C. Press the Clear button on the switch>s front panel and hold it down for three seconds ormore.

D. Reset the passwords using the Secure Access Wizard in ProCurve Manager Plus.

Answer: C

Section: (none)


QUESTION 26What is the difference between the reload and boot commands on an HP ProCurve switch?

A. The reload command restarts the switch without running full diagnostics.The boot command restarts the switch with full diagnostics.

B. The reload command enables you to choose a configuration file to execute.The boot command always restarts with the current startup configuration.

C. The reload command always restarts the switch with the primary image.The boot command enables you to choose an image.

D. The reload command enables you to choose the image the switch will use when it starts.The boot command automatically restarts with the image used on the last reload.

Answer: A

Section: (none)


QUESTION 27When does an HP ProCurve switch execute configuration changes entered at the CLI?

A. Immediately

B. When the changes are saved

C. On the next boot

D. On the next reload

Answer: A

Section: (none)


QUESTION 28What is the effect of the following command issued at the CLI of an HP ProCurve 5406zlswitch? 5406zl# show logging a1

A. The CLI displays the logging options configured for port a1.

B. The CLI displays security alerts concerning port a1.

C. The CLI displays an hourly summary of the traffic for port a1.

D. The CLI displays all events in the system log that include the string 1

Answer: D

Section: (none)


QUESTION 29Click the Exhibit button. What is indicated by this entry in the IP route table of an HP ProCurve

8212zl switch?

A. The switch will not permit communications with any loopback interface.

B. The switch has been configured with an ACL that blocks communications with the loopbackinterfaces.

C. The switch will drop all communications with the default loopback address that arrive onnon-loopback interfaces.

D. A loopback interface is configured with 127.0.0.0.

Answer: C

Section: (none)


QUESTION 30What is the effect of the following command, issued at the CLI of an HP ProCurve 3500ylswitch with IP routing enabled? 3500yl(config)# ip route 0.0.0.0/0 192.111.254.1

A. The switch will drop all traffic arriving on interface 192.111.254.1.

B. The switch will forward all broadcast traffic to 192.111.254.1.

C. The switch will act as default gateway for all hosts in the address range of 192.111.254.0/24.

D. The switch will forward all packets with destination addresses for which it does not know aspecific route toward 192.111.254.1.

Answer: D

Section: (none)


QUESTION 31You have entered the following command at the CLI of an HP ProCurve 3500yl switch:3500yl(config)# router rip 3500yl(rip)# which additional step is necessary to enable RIPfunctionality

A. Configure a static route to nearest RIP peer.

B. Configure redistribution for all connected routes that must advertised in RIP updates.

C. Disable OSPF for every IP interface where the switch is expected to locate RIP peers.

D. Enable RIP for every VLAN where the switch is expected to locate RIP peers.

Answer: D

Section: (none)


QUESTION 32What is an advantage of using OSPF rather than RIP for dynamic routing?

A. faster convergence

B. support for IPv6

C. simpler configuration

D. capable of auto-summarization

Answer: A

Section: (none)


QUESTION 33Which routing protocol is classified as a distance vector?

A. PIM

B. IS-IS

C. OSPF

D. RIP

Answer: D

Section: (none)


QUESTION 34You are part of a team designing an HP ProCurve network for a customer site. The customersite includes a large word-processing department You are part of a team designing an HPProCurve network for a customer site. The customer? site includes a large word-processingdepartment with PC workstations that support only 10/100 connectivity. The customer does notwant to purchase switches with gigabit connectivity for these users,bu dot does want access toadvanced routing features such as OSPF and VRRP. Which ProCurve switch series includesproducts that will meet this requirement?

A. 2610

B. 2910al

C. 3500

D. 4200vl

Answer: C

Section: (none)


QUESTION 35Installation of a Premium License on an HP ProCurve 5406zl switch adds which routingprotocol?

A. IS-IS

B. OSPF

C. EIGRP

D. RIP

Answer:

Section: (none)


QUESTION 36Which HP ProCurve switch series features redundant management capability and fabricmodules?

A. 3500yl

B. 5400zl

C. 6600

D. 8200zl

Answer: D

Section: (none)


QUESTION 37What is the VLAN membership of wireless traffic exiting the bridge port on an HP ProCurveMSM AP with default VLAN settings?

A. VLAN 192

B. untagged VLAN on connected switch port

C. VLAN 2100

D. VLAN assigned by RADIUS profile

Answer: B

Section: (none)


QUESTION 38What is the maximum amount of power that can be provided to a wireless access point by aswitch using the PoE (802.3af) standard?

A. 7.4 watts

B. 15.4 watts

C. 22.4 watts

D. 30.4 watts

Answer: B

Section: (none)


QUESTION 39

What is the default operating mode of an HP ProCurve MSM AP?

A. Controlled Mode

B. Learning Mode

C. Autonomous Mode

D. Broadcast Mode

Answer: A

Section: (none)


QUESTION 40What is a Virtual Service Community (VSC)?

A. a group of settings applied to a WLAN on ProCurve mobility products

B. a custom group for managing non-ProCurve switches in HP ProCurve Manager Plus

C. a group of switches that share the same Virtual Router Redundancy Protocol (VRRP) ID

D. a group of switches that share the same VLAN topology

Answer: A

Section: (none)


QUESTION 41What is the advantage of HP ProCurve Integrated Services APs?

A. They integrate the configuration of all SSID settings into a single interface.

B. They combine the features of an AP with some features of the centralized controller.

C. They can act ad centralized controllers for other APs, including APs from other vendors.

D. They provide automatic detection of unauthorized WLAN use.

Answer: B

Section: (none)


QUESTION 42What are the advantages of deploying 802.11n wireless technology instead of 802.11gtechnology?

A. wider operating distance

B. backward compatibility with 802.11b

C. more powerful encryption options

D. higher transmission rates

E. support for centralized WLAN architecture

Answer: AD

Section: (none)


QUESTION 43How can you access the management interface of an HP ProCurve MSM AP at factory defaultsettings?

A. Connect a workstation to the AP bridge port using a DB9-to-RJ45 console cable. Connect aworkstation to the AP? Bridge port using a DB9-to-RJ45 console cable.

B. Configure a workstation with an address in the 192.168.1.0/24 range and connect it to theMSM bridge port.

C. Configure a workstation to accept a DHCP address from the AP.

D. Connect the MSM AP to a PoE port that is a tagged member of a VLAN properly configuredfor DHCP relay.

Answer: B

Section: (none)


QUESTION 44How does the optimized WLAN architecture of HP ProCurve overcome the limitations of thecentralized WLAN architecture?

A. by providing centralized control of intelligent APs

B. by supporting the 802.11n wireless standard for all nodes

C. by supporting QoS and virus throttling technologies

D. by providing a centralized interface for VLAN configuration

Answer: A

Section: (none)


QUESTION 45Port C1 on an HP ProCurve 5412zl is a tagged member of VLAN 50 and an untagged memberof VLAN 1. Port C2 and port C3 are at default VLAN settings. What is the effect of the followingcommand entered at the CLI? 5412zl(config)# trunk c1-c3 trk1

A. The trunk is defined as an untagged member of VLAN 1,but port c1 is not included.

B. The trunk is defined as an untagged member of VLAN 1, but is not a member of VLAN 50.

C. The trunk is defined as an untagged member of VLAN 1 and a tagged member of VLAN 50.

D. The trunk is not defined because the ports' VLAN memberships do not match.

Answer: B

Section: (none)


QUESTION 46What is the effect of the following command entered at the CLI of an HP ProCurve 5406zlswitch? 5406zl(config)# trunk c5-c8 trk12

A. A static LACP trunk is defined.

B. An HP port trunk is defined.

C. A dynamic LACP trunk is defined.

D. The CLI issues an error saying a trunking protocol must be specified.

Answer: B

Section: (none)


QUESTION 47What are possible configuration options for links participating in an LACP dynamic trunk?(Select two.)

A. blocked

B. transmitting

C. passive

D. listening

E. active

Answer: CE

Section: (none)


QUESTION 48How does HP Port Trunking differ from LACP?

A. HP Port Trunking does not use a protocol.

B. HP Port Trunking supports more links in each trunk.

C. HP Port Trunking supports standby links.

D. HP Port Trunking supports more sophisticated load balancing.

Answer: A

Section: (none)


QUESTION 49When configuring Link Aggregation Control Protocol (LACP) on HP ProCurve switches, whatis an advantage of using static LACP rather than dynamic LAVP?

A. Static LACP supports load balancing based on traffic volumes.

B. Static LACP supports more configuration options for aggregated links.

C. Static LACP automatically provides protection against broadcast storms.

D. Static LACP supports standby links to provide for link redundancy.

Answer: B

Section: (none)


QUESTION 50What is default user name and password for HP ProCurve Manager Plus?

A. The user name is “Manager,” and the password is “procurve.”

B. The user name is “Administrator,” and the password is the value entered during theinstallation.

C. The user name is “Administrator,” and the password is “admin.”

D. The user name is the value configured during the installation, and the password is“procurve.”

Answer: B

Section: (none)


QUESTION 51Which protocols and tools are used for device discovery in HP ProCurve Manager and HPProCurve Manager Plus? (Select four.)

A. LLDP

B. sFlow

C. SNMP

D. RMON

E. ARP

F. Ping sweep

G. Layer 2 link-test

Answer: ACEF

Section: (none)


QUESTION 52Which operating systems are supported by HP ProCurve Manager client? (Select two.)

A. Microsoft Windows 98

B. Microsoft Windows XP

C. MAC OS X

D. Red Hat Enterprise Linux 5 Desktop

E. Microsoft Windows Vista

Answer: BE

Section: (none)


QUESTION 53Which user profile types are available in HP ProCurve Manager Plus? (Select three.)

A. Manager

B. Administrator

C. Remote User

D. Backup

E. Root

F. Viewer

G. Operator

Answer: AFG

Section: (none)


QUESTION 54At a customer site, a network administrator reports that he has successfully installed the HPProCurve Manager remote client on his workstation, but he is denied access to connect to thePCM+server. The IP address of his workstation is 172.16.17.100/16. The IS address of thePCM+server 172.15.15.100/16. How can you resolve this problem?

A. Add the administrator's user ID to the User Profiles in PCM+.

B. Add the IP address of the administrator's workstation to the access.txt file on thePCM+server.

C. Add 172.16.0.0/16 to the Managed Subnets list in the PCM+ discovery setup window.

D. Add the IP address of the administrator workstation to the Authorized Managers list on theswitch that the PCM+ server uses as a seedAdd the IP address of the administrator?workstation to the Authorized Managers list on the switch that the PCM+ server uses as a seeddevice.

Answer: B

Section: (none)


QUESTION 55What is the free trial period for HP ProCurve Manager Plus version 3.0?

A. 14 days

B. 30 days

C. 60 days

D. 90 days

Answer: C

Section: (none)


QUESTION 56At a customer site, network administrators report that an HP ProCurve Manager Plus (PCM+)server does not discover any manageable devices except those on the subnet where theserver resides. What is a possible explanation for this behavior?

A. PCM+ discovery messages do not cross router interfaces.

B. The PCM+ server has been configured with an incorrect seed device.

C. PCM+ discovery uses Link Layer Discovery Protocol. which only survives one switch-toswitchhop.

D. By default, PCM+ automatically discovers only devices on the subnet where thePCM+server resides.

Answer: D

Section: (none)


QUESTION 57You have just installed an HP ProCurve 2610-48-PWR switch at a customer site and haveused Manual Discovery to add it the HP ProCurve Manager Plus(PCM+) database. Hpwever,PCM+does not display a configuration for the switch. What can you do to obtain configurationinformation in PCM+?

A. Use the Scan tool to update the configuration database for the switch.

B. Use the copy command to back up the switch's configuration to PCM+

C. Update the SNMP community names in the switch CLI.

D. Upgrade the switch's software to enable full PCM+ support.

Answer: A

Section: (none)


QUESTION 58At a customer site, network administrators have installed an HP ProCurve Manager Plus(PCM+) server in the main office and want to use the application to manage network devices inall of the company offices. However, they have noticed that the server discoveryprocessesapplication to manage network devices in all of the company? Offices. However,they have noticed that the server?discovery processes sometimes generate excessive traffic on WAN links connecting the mainoffice. How can you resolve this problem?

A. Install a PCM+ remote agent in each branch office.

B. Install a slave PCM+ server in each branch office.

C. Remove the subnets in the branch offices from the Managed Subnets list.

D. Install a PCM+ Client in each branch office for local management.

Answer: A

Section: (none)


QUESTION 59You have defined VLANs and IP interfaces and enabled routing on an HP ProCurve 8212zlswitch. Otherwise, the switch is at default settings. What is the effect of the following command?8212zl (config)# spanning-tree

A. RSTP is enabled globally. To enable MSTP, you must enter spanning-tree protocol-versionmstp.

B. MSTP is enabled globally. The switch will function as if RSTP were enabled until otherMSTP parameters are defined.

C. MSTP is enabled globally. The switch will acquire MSTP parameters from other switches in theSpanning Tree domain.

D. STP is enabled globally. The switch will not participate in a Spanning Tree domain until aSpanning Tree version is configured with the spanning-tree protocol-version command.

Answer: B

Section: (none)


QUESTION 60The output of show spanning-tree instance 1 on two HP ProCurve 8212zl switches indicatesare the Root of MST instance 1. What is an accurate explanation for this output?

A. The switches have identical Bridge Priorities.

B. The switches have different MST configuration names.

C. The switches have identical Port Priorities for ports associated with the instance.

D. One of the switches has been configured for RSTP operation.

Answer: B

Section: (none)


QUESTION 61The output of show spanning-tree on an HP ProCurve 5406zl switch indicates that port A1 oisforwarding. However, the MAC address of the Designated Bridge for port A1 is not the MACaddress of the Root Bridge. Which statement explains this output?

A. Port A1 configured with a low Port Priority.

B. Port A1 configured to the Root Bridge.

C. Port A1 configured to a switch that does not support Spanning Tree.

D. Port A1 configured to the Root Bridge through an intervening switch.

Answer: D

Section: (none)


QUESTION 62You enter the following command at the CLI of an HP ProCurve 3500yl switch: 3500yl (config)#spanning-tree priority 2 Which Bridge Priority value is displayed when you enter showspanning-tree?

A. 2

B. 2048

C. 4096

D. 8192

Answer: D

Section: (none)


QUESTION 63You must configure Multiple Spanning Tree Protocol (MSTP) on two HP ProCurve 8212zlswitches and four 5406zl switches. What is required to ensure that all to of the switches join the same MSTregion?

A. The switches must be configured to discard BPDUs from switches using STP or RSTP.

B. The switches must be configured with identical config-names, config-revisions, and VLANto-instance mappings.

C. Bridge Priorities on all switches must be configured so that each MST instance has adifferent Root Bridge.

D. The switches must have identical Port Priorities for shared links in each MST instance.

Answer: B

Section: (none)


QUESTION 64You must configure an HP ProCurve 3500yl switch for installation in a network that uses RSTPto from a single-instance Spanning Tree. What must you do to ensure that the 3500yl willparticipate in this Spanning Tree?

A. Enter spanning-tree in the global configuration context.

B. Enter spanning-tree rstp in the configuration context for every VLAN the switch shares withanother switch.

C. Enter spanning-tree protocol-version rstp in the Spanning Tree configuration context.

D. Enter spanning-tree autodetect in the configuration context of every port where the switchwill hear Spanning Tree BPDUs.

Answer: A

Section: (none)


QUESTION 65How can you ensure that a particular switch will be elected Root Bridge of an MST instance,assuming all Spanning Tree settings on other switches are at the default?

A. Set the CIST Bridge Priority to 0.

B. Set the Bridge Priority for the instance to 0.

C. Set the Port Priority for each port in the instance to 0.

D. Set the Bridge Priority for each VLAN in the instance to 0.

Answer: B

Section: (none)


HP0-Y22 Implementing HP ProCurve MultiService


Exam A

QUESTION 11.How many administrators can be logged in to an MSM Controller at one time?

A. 1

B. 2

C. 3

D. 4

Answer: A

Section: (none)


QUESTION 2By default,every Mobility Controller is configure as the Primary Mobility Controller.After checking the MobilityController Discovery box on the Discovery screen,which unique address needs to be entered to indicatethat this is not the primary controller?

A. IP Address of your device

B. IP Address of the primary controller

C. MAC Address of your device

D. MAC Address of the primary controller

Answer: B

Section: (none)


QUESTION 3A customer has been locked out after attempting to log into the MSM Controller.At default setting,how longwill he have to wait before being allowed to login again?

A. 1 minute

B. 5 minute

C. 10 minute

D. until the MSM Controller has been reset

Answer: B

Section: (none)


QUESTION 4You have been asked by your customer to create a wireless network in public area with centralized userauthentication.Given the following chioces,which authentication method would you choose to implement?

A. 802.1X authentication

B. MAC authentication

C. Web authentication

D. WEP authentication

Answer: C

Section: (none)


QUESTION 5When is AP Provisioning required before deploying controlled APs in a simple network topology?

A. when using a local mesh to connect to the network

B. when an AP needs to be deployed with dynamic IP address

C. when the access point is using a Group other than the Default Group

D. discovery of third party access points

E. when you have Layer 2 connectivity to a controller

Answer: A

Section: (none)


QUESTION 6You have an operational Local Mesh environment that employs multiple Master Nodes to the same wirednetwork.Each Master node supports a Local Mesh Protocol infrastructure of several levels including bothAlternate Master nodes and Slave nodes.Each access point is configured to Automatically find mesh ID.AnAlternate Master node fails. What will the downstream node or nodes do?

A. automatically by-pass the defective node and reconnect to the original path uplink from the defectivenode

B. automatically select a new available uplink connection with the lowest path cost within its own Mesh ID

C. automatically select a new available uplink with the lowest path cost in any Mesh ID

D. not reconnect and wait until the defective node is replaced or otherwise becomes operational again

Answer: C

Section: (none)


QUESTION 7What are the three Local Mesh roles?(select three)

A. Master

B. Sister Slave

C. Alternate Slave

D. Center Device

E. Slave

F. Alternate Master

Answer: AEF

Section: (none)


QUESTION 8What are the two types of Local Mesh methods?

A. autonomous;controlled

B. indoor;outdoor

C. short distance;long distance

D. static;dynamic

Answer: D

Section: (none)


QUESTION 9What is the maximum number of MSM765zl modules you can install in a ProCurve switch?

A. 1

B. 2

C. 4

D. No limitation

Answer: C

Section: (none)


QUESTION 10You have powered on your MSM760 Controller and the power light indicator is on steady indicating thatyour MSM760 is operational.You notice that the LED on the right side of the LAN port(port 2)is on solid.What does this indicate?

A. The port is transmitting and receiving packets.

B. There is no Ethernet link.

C. There is a link but there is no transmit and receive activity

D. A fault has occurred on this Ehternet port.

Answer: C

Section: (none)


QUESTION 11The MSM760 and MSM765zl can be licensed to support a maximum of how many Access Points?

A. 100

B. 200

C. 500

D. 1000

Answer: B

Section: (none)


QUESTION 12After installing an MSM765zl module in a ProCurve switch,which tasks must be completed to activate themodule?(select three)

A. Install the Product License Key.

B. Obtain the Activation Hardware ID.

C. Set the module to its factory default settings.

D. Upgrade the software on the module.

E. Register the MSM765zl with ProCurve.

F. Reboot the ProCurve switch.

Answer: ABE

Section: (none)


QUESTION 13The MSM765zl is a module based on the ProCurve ONE platform and supported on which ProCurve switchplatforms?(selcet two)

A. 3500

B. 5300

C. 5400

D. 6600

E. 8200

Answer: CE

Section: (none)


QUESTION 14Which version of ProCurve Mobility Manager(PMM) is used to manage the MSM760 and MSM765zlcontrollers?

A. PMM 2.0

B. PMM 3.0

C. PMM 3.0 with AU1

D. PMM 3.0 with AU2

Answer: C

Section: (none)


QUESTION 15The MSM760 Controller has two Ethernet ports located on its front panel.Port 1 is often referred to as theInternet port and port 2 the LAN port.Both ports are auto-sensing and operate at what speed or speeds?

A. 10/100 Mbps

B. 10/100/1000 Mbps

C. only 100 Mbps

D. only 1000 Mbps

Answer: B

Section: (none)


QUESTION 16The MSM730 has 4 Ethernet ports;one for the LAN and another for the Internet.What is the function of theother two Ethernet ports?

A. CLI access

B. client connectivity

C. reserved for future expansion

D. uplinks

Answer: C

Section: (none)


QUESTION 17Which 802.11n frequency ranges are supported on the MSM422?(select two)

A. 2.4 GHz

B. 5 GHz

C. 20 MHz

D. 72 MHz

E. 105.7 MHz

Answer: AB

Section: (none)


QUESTION 18What is true regarding the CNMS 200 product?(select two)

A. automatic discover of network components

B. restricts the use of remote management from a Web browser

C. supports a maximum of 1000 Access Points

D. requires Red Hat Enterprise Linux 5.0 or CentOS 5.0 operating system

E. hardware platform requires at least 2 Gigabytes of memory

Answer: AD

Section: (none)


QUESTION 19Which MSM310/320/325 Ethernet port or ports can be used to supply the device with PoE?

A. port 2

B. LAN port

C. port 1

D. Internet port

Answer: C

Section: (none)


QUESTION 20What is the internal connectivity of the two Ethernet ports on an MSM 310/320/325?

A. The ports are connected via a fixed VLAN

B. The ports do not communicate with each other

C. The ports are bridged

D. The ports are routed

Answer: C

Section: (none)


QUESTION 21How many Ehternet ports are on the MSM325/422 Access Point?

A. 1

B. 2

C. 3

D. 4

Answer: A

Section: (none)


QUESTION 22How many Virtual Service Communities (VSCs) does the M110 support?

A. 1

B. 2

C. 3

D. 4

Answer: B

Section: (none)


QUESTION 23When enabled,the L3 Mobility feature allows which unique function?

A. easy replacement of a defective access point

B. seamless exchange between a 3G phone and different WLANs

C. WPA2 Opportunistic Key Cashing

D. client roaming across subnets

Answer: D

Section: (none)


QUESTION 24What are the key features of PorCurve Guest Management Software(formerly VMT)?(select two)

A. the ability to create user logo designs

B. the ability to perfom batch creation of user accounts

C. the ability to print X.509 certificates

D. the ability to manage a visitor's account on MSM controllers

E. the ability to import special programs for customer use

Answer: BD

Section: (none)


QUESTION 25In which modes do MSM Access Points operate?(select two)

A. stand-alone mode

B. autonomous mode

C. automatic mode

D. controlled mode

E. off-line mode

Answer: BD

Section: (none)


QUESTION 26Which ProCurve Mobility product offers three radios?

A. MSM310

B. MSM335

C. MSM422

D. MSM730

Answer: B

Section: (none)


QUESTION 27ProCurve's RF Planner is made specifically for which operating system?

A. Linux

B. MAC OS

C. Microsoft Windows

D. Sun Microsystems Solaris

Answer: C

Section: (none)


QUESTION 28What is the primary difference between the MSM320 and MSM325?

A. The MSM325 has a factory installed RF Manager Sensor license

B. The MSM320 has a factory installed RF Manager Sensor license

C. The MSM325 can be upgraded after purchase with an RF Manager Sensor license

D. The MSM325 has two RF Manager Sensor licenses

Answer: A

Section: (none)


QUESTION 29On the MSM710,PoE can power device from which port?

A. port 1

B. Internet port

C. LAN port

D. only as a backup to the direct DC power adapter

Answer: C

Section: (none)


QUESTION 30If a DHCP server does not exist on a network, the Ethernet port on an autonomoous mode MSM AccessPoint would be assigned a default IP address of 192.168.1.1.Given this information,which statement iscorrect?

A. An internal DHCP server in the MSM Access Point can be configured to assign any appropriate IPAddress to the port

B. An internal dip switch can be configured to change the default IP address of the Ethernet port

C. An autonomous mode MSM Access Point can be ordered with the option of a different Default IPAddress that could be assigned to its Ehternet port

D. Without an external DHCP server,the port will always remain at 192.168.1.1

Answer: D

Section: (none)


QUESTION 31How does a client associated to an MSM Access Point recevie its DHCP IP Address?

A. from either the AP's internal DHCP server or an external DHCP server

B. it cannot receive a DHCP IP Address and a static IP Address is required

C. through an external DHCP server

D. with the AP's internal DHCP server

Answer: C

Section: (none)


QUESTION 32What is the maximum number of simultaneous guest access users supported by the MSM730?

A. 100

B. 200

C. 500

D. 2000

Answer: C

Section: (none)


QUESTION 33Which access point can operate as an RF Manager Sensor?

A. MSM310

B. MSM335

C. MSM410

D. MSM422

Answer: B

Section: (none)


QUESTION 34Which process matches VSCs with Groups?

A. batching

B. binding

C. grouping

D. synchronizing

Answer: B

Section: (none)


QUESTION 35In a controlled mode network,what are the levels of Access Point inheritance?(select three)

A. Group

B. Network

C. Controlled APs(global)

D. Server

E. Individual AP

F. VLAN

Answer: ACE

Section: (none)


QUESTION 36Which statement accurately describes an important characteristic when using VSCs?

A. Multiple radios can be configured in to a goup

B. Multiple SSIDs can be configured on a single AP

C. The use of a single radio for Local Mesh and Access Point functionality becomes recommended

D. Multiple VLANs can be attached to a single client thereby eliminating the need for additional AccessPoints

Answer: B

Section: (none)


QUESTION 37The common settings,such as the IP Address,for all ports on an MSM Access Point are represented by aport name.What is this port called?

A. Bridge

B. Common

C. Global

D. Switch

Answer: A

Section: (none)


QUESTION 38Which feature provides a wireless link between two MSM Access Points?

A. peer-to-peer

B. Local Mesh

C. ad-hoc

D. WiMAX

Answer: B

Section: (none)


QUESTION 39In what situation would the IP address of the Internet port on an MSM Controller be set to "No Address"?

A. when NAT is disabled

B. when NAT is enabled

C. when only VLAN traffic is passing through the Internet port

D. when only authenticated traffic is passing through the Internet port

Answer: C

Section: (none)


QUESTION 40What are the default login credentials(syntax;username,password) for all MSM mobility devices?

A. admin,admin

B. administrator,procurve

C. root,admin

D. root,procuve

Answer: A

Section: (none)


QUESTION 41

A basic customized login screen is comprised of five files.Four of the names are login.html,session.html,fail.html,and logo.gif.What is the name of the fifth file?

A. goodbye.html

B. logout.html

C. trasport.html

D. welcome.html

Answer: C

Section: (none)


QUESTION 42What happans when the RTS Threshold option is enabled?

A. Packets larger than this threshold do not cause the RTS/CTS handshake protocol to occur

B. Packets smaller than this threshold will be transmitted without the RTS/CTS handshake protocol

C. Packets larger than this threshold will be given higher priority

D. Packets smaller than this threshold will be dropped

Answer: B

Section: (none)


QUESTION 43When Centralized Access Control is configured as Automatic,under which condition is a user data tunnelcreated?

A. when IPsec is set up between two Controllers

B. if more than one Controller is on the network that has the same Access Control configuration

C. if tunnels are manually configured and available

D. if a synchronized AP and its Controller are on different subnets

Answer: D

Section: (none)


QUESTION 44What is the term used for the role of an MSM Controller when it is managing RADIUS server logins?

A. RADIUS authenticator

B. RADIUS client

C. RADIUS proxy

D. RADIUS supplicant

Answer: B

Section: (none)


QUESTION 45How many QoS priority levels are available to chose from per VSC?

A. 1

B. 2

C. 3

D. 4

Answer: D

Section: (none)


QUESTION 46In addition to the priority level,what other QoS choices are available?(select three)

A. 802.1Q

B. Diffsrv

C. IPQoS

D. leaky bucked

E. ToS

F. traffic shaping

Answer: BCE

Section: (none)


QUESTION 47In addition to the data Transmit Rate,what other parameter is configurable for the QoS Priority levels?

A. Drop or Queue choice

B. Notification of blocking enable

C. Recevie rate

D. Retry amount

Answer: C

Section: (none)


QUESTION 48What is the RF Manager's primary function?

A. Centralized Management of WLAN networks which use ProCurve mobility devices

B. RF statistical gathering and reporting

C. WLAN networking performance reporting

D. IDS/IPS

Answer: D

Section: (none)


QUESTION 49VSCs can be configured with Wireless security filters.Which categories of Wireless security filters areavailable?(select three)

A. access point's default gateway

B. broadcast

C. custom

D. IP address

E. local subnet multicast

F. MAC address

Answer: ACF

Section: (none)


QUESTION 50Which configuration categories are included in Bandwidth Management in an MSM Controller?(select three)

A. Customer rate limits

B. HTML user login

C. Internet port rate limit

D. Wireless security filters

E. Level definitions

F. SSID priority level

Answer: ACE

Section: (none)


QUESTION 51Which new 5.3.1 software feature allows centralization of Controllers in a Network Operations Center?

A. AreoScout Support

B. NAT Traversal

C. Security Traffic Tunneling

D. Session Persistence

Answer: A

Section: (none)


QUESTION 52The MSM317 Access Decvice is a combination access point and LAN switch.How many of the five ports onthe MSM317 can support PoE power forwarding to a Voice-over-IP phone?

A. 1

B. 2

C. 3

D. 5

Answer: A

Section: (none)


QUESTION 53Each of the four bridged LAN ports on the MSM317 Access Device can support how many VLANs?

A. 1

B. 16

C. 265

D. 4095

Answer: A

Section: (none)


QUESTION 54On an MSM317,how many authenticated 802.1X clients or MAC addresses are supported per LAN port?

A. 1

B. 4

C. 16

D. 100

Answer: A

Section: (none)


QUESTION 55Which configuration information is unique to the MSM317 Access Device?(select two)

A. The MSM317 operates in controlled mode only

B. The MSM317 has a single b/g/n radio

C. The MSM317 four prot LAN switch is linked to the pass-through port

D. The MSM317 LAN ports and wireless port are not active until a link is established with a MSM Controller

E. The MSM317 pass-through port can be configured to be part of the four port LAN switch by the MSMController

Answer: AD

Section: (none)


QUESTION 56When L3 Mobility is enabled and a DHCP client roams to a new subnet,what happens to its IP Address?

A. If the DHCP server is available,it will change the IP Address

B. It remains unchanged due to tunneling

C. The access point forces the client to get a new address

D. The access point IP range changes to the IP Address of the new subnet

Answer: B

Section: (none)


QUESTION 57From the perspective of one MSM controller in a network operating L3 Mobility(L3 Roaming).What is thename given to a Home client that has roamed to another subnet?

A. Roamer

B. Trasported

C. Traveler

D. Visitor

Answer: C

Section: (none)


QUESTION 58To enable L3 Mobility on a VSC,which parameter on the VSC must be disabled?

A. Access Control

B. Authentication

C. VLANs

D. Wireless security filters

Answer: A

Section: (none)


QUESTION 59Which feature would you enable to enhance Layer 2(L2) Roaming?

A. rapid authentication

B. seamless roaming

C. single network AP hopping

D. WPA2 Opportunistic Key Caching

Answer: D

Section: (none)


QUESTION 60In a controlled mode network,when is the MSM Access Point egress VLAN configured?

A. during the discovery process

B. during the VSC to Group bingding process

C. during the network VLAN creation process

D. during the Virtual Service Community creation process

Answer: B

Section: (none)


QUESTION 61When configuring the MSM Controller for a Controlled mode network,at what point is the AP's VSC egressVLAN configured?

A. when the Group is created

B. when the AP is synchronized with its Group

C. when the specified VLAN is created

D. when the VSC is bound to the Group

Answer: D

Section: (none)


QUESTION 62A wired client is sending its incoming traffic to the VLAN port on an MSM Controller.In a WLAN configuredwith VSCs 1-4,which VSC will be selected to pass the traffic from the wired client?

A. Default VSC

B. VSC 2

C. VSC 3

D. VSC 4

Answer: A

Section: (none)


QUESTION 63On a VSC,which options can be specified for egress VLANs?(select three)

A. Authenticated traffic

B. Default gateway traffic

C. IP filtered traffic

D. Intercepted traffic

E. Unauthenticated traffic

F. Untagged traffic

Answer: ADE

Section: (none)


HP.Braindump.HP0-Y13.128q

Number: 000-000Passing Score: 800Time Limit: 120 minFile Version: 1.0

Exam Name: ProCurve Network ManagementExam Type: HPExam Code: HP0-Y13 Total

Exam A

QUESTION 1

Which modifications can you make to PCM using the CIP? (Select three.)

A. Modify the color scheme used for PCM windows

B. Add a right-click menu to the Devices List window

C. Add a tab to the Network Management Home page

D. Display third-party SNMP traps in the Events browser

E. Add an authentication method for PCM management users

Answer: BCD

Section: (none)


QUESTION 2

You have a device that is not natively supported by PCM. You want to allow PCM to manage it. You havedecided to use the CIP to take advantage of the device management capabilities of PCM. What is anexample of a PCM capability that can be provided for the device through the CIP?

A. Displaying a Live View of the device

B. Performing endpoint integrity testing of the device

C. Adding IDM attributes that can be applied to device ports

D. Downloading software updates from the ProCurve support site

Answer: A

Section: (none)


QUESTION 3

Which CIP file type is used to customize the PCM+ user interface by adding a button to the global toolbar?

A. Global property

B. Object identifier

C. Image property

D. User-interface trigger

Answer: D

Section: (none)


QUESTION 4

Which authentication mechanisms can be supported on an edge device when used with IDM? (Select two.)

A. MAC

B. WPA

C. 802.1X

D. Local user

E. Switch-to-switch

Answer: AC

Section: (none)


QUESTION 5

Which IDM options can be enabled or disabled using the IDM Preferences window? (Select two.)

A. Monitor only mode

B. RADIUS server support

C. Enhanced wireless support

D. 802.1X user authentication

E. Only send supported attributes to devices

Answer:

Section: (none)


QUESTION 6

Which information must be specified when installing the IDM agent? (Select two.)

A. Domain or realm name

B. Type of user authentication

C. Dns name of the user directory

D. Whether a ProCurve NAC 800 is used

E. IP address of the IDM management server

Answer: DE

Section: (none)


QUESTION 7

Where does the IDM agent need to be installed?

A. On the edge switch

B. On the DHCP server

C. On the RADIUS server

D. On the remote PCM+ client

E. On the Active Directory server

Answer: C

Section: (none)


QUESTION 8

Which information must be specified when installing the IDM management server?

A. Type of RADIUS server

B. Domain or realm name

C. Ip address of the user directory

D. Whether a ProCurve NAC 800 will be used

Answer: B

Section: (none)


QUESTION 9

What do you do to install the latest released software update for a ProCurve switch using PCM+?

A. Scan the switch using the Configuration Manager.

B. Run the PCM+ consistency check policy against the switch.

C. Download the software versions list to the PCM+ management server.

D. Download the software image file and unpack it in the PCM+ management server's download folder.

Answer: C

Section: (none)


QUESTION 10

Which capabilities are supported by the Software Update Wizard? (Select three.)

A. Boot ROM compatibility checking

B. Configuration backup after updating

C. Automated rollback of a failed update

D. Identification of duplicate schedules, if any

E. Determination of current installed version

Answer:

Section: (none)


QUESTION 11

While running the Software Update Wizard, you notice that you cannot select the latest version of softwarerecently released for a ProCurve 5406zl switch. What is an explanation for this problem?

A. The software image file has not been unpacked in the PCM download folder.

B. A My ProCurve account has not been correctly specified in the Preferences window.

C. The installed PCM license does not support installation of updates using the wizard.

D. The latest procurve_firmware.prp file has not been downloaded using the Preferences window.

Answer: D

Section: (none)


QUESTION 12

Which information does PCM discovery acquire from a device using LLDP?

A. VLAN list

B. ARP table

C. Bridge MIB

D. Routing table

E. Neighbor table

Answer: E

Section: (none)


QUESTION 13

Which statements are true about the operation of the PCM discovery process? (Select two.)

A. Custom discovery methods can be defined.

B. It consists of four phases that run at configurable intervals.

C. Telnet or SSH are used to learn device attribute information.

D. The scope of discovery is limited to the managed subnets list.

E. A Layer 3 routing protocol is used to determine the network topology.

Answer: BD

Section: (none)


QUESTION 14

Which management user profiles are defined in PCM? (Select two.)

A. Viewer

B. Manager

C. Database

D. System level

E. Administrator

Answer: AE

Section: (none)


QUESTION 15

How is the starting point for PCM discovery determined?

A. Configured seed device IP address

B. First device to respond to an SNMP get request

C. Lowest IP address on the management server's subnet

D. Highest MAC address in the management server's ARP table

Answer: A

Section: (none)


QUESTION 16

Which protocol is used during the PCM Neighbor Discovery phase?

A. LLDP

B. sFlow

C. VRRP

D. OSPF or RIP

Answer: A

Section: (none)


QUESTION 17

Which statement is true about the types of management users supported in PCM?

A. Custom user types can be created using predefined permission levels.

B. Only the administrator created during installation can create additional users.

C. Users can be imported from Active Directory instead of manually defining them.

D. For the administrator created during installation, only the password can be changed.

Answer: D

Section: (none)


QUESTION 18

Which restriction applies to the viewer type of PCM management user?

A. Cannot view network topologies

B. Cannot change his own password

C. Cannot access the Preferences tool

D. Cannot make configuration changes

Answer: D

Section: (none)


QUESTION 19

Which methods or protocols can be used to authenticate PCM management users? (Select two.)

A. 802.1X

B. RADIUS

C. TACACS+

D. Web-based

E. Local username/password database

Answer: BE

Section: (none)


QUESTION 20

Which CLI commands perform functions equivalent to those done using the Configuration Manager'sDeploy Wizard? (Select two.)

A. Ip preserve

B. Write terminal

C. Copy tftp startup

D. Startup-default primary

E. Boot system flash primary

Answer: CE

Section: (none)


QUESTION 21

Which file management and performance options does the Configuration Manager allow you to configure?(Select two.)

A. Minimum software version allowed

B. Number of Syslog entries maintained

C. Number of concurrent scan operations

D. Number of configuration files to maintain per device

E. Number of alerts per hour if configuration change is detected

Answer: CD

Section: (none)


QUESTION 22

Which function is equivalent to using the "Capture configuration" option of the Configuration Manager's CLIWizard?

A. Scanning the configuration

B. Saving the changes to flash memory

C. Displaying a snapshot of the wizard results

D. Copying the configuration to the secondary flash

Answer: A

Section: (none)


QUESTION 23

Which automatic customization capability does the Configuration Manager support when a configurationtemplate file is deployed to multiple devices?

A. Designation of uplink ports

B. Substitution of IP addresses

C. Assignment of ports to VLANs

D. Identification of ports in the Secure Management VLAN

E. Specification of unique manager and operator passwords

Answer: B

Section: (none)


QUESTION 24

Which device management capabilities does the Configuration Manager support? (Select three.)

A. Upgrading the boot ROM of a switch

B. Backing up the configuration file of a switch

C. Viewing a list of modules installed in a chassis switch

D. Performing a consistency check of uplink port settings

E. Applying a configuration template to a newly discovered switch

Answer: BCE

Section: (none)


QUESTION 25

Which statement is true about licensing options for PCM+ and its supported plug-ins?

A. PCM+ licensing is based on the number of devices managed.

B. Identity Driven Manager licensing is based on the number of devices managed.

C. Mobility Manager licensing is based on the number of wireless clients managed.

D. Network Immunity Manager licensing is based on the number of installed instances.

Answer: A

Section: (none)


QUESTION 26

Which features are only available in PCM+? (Select two.)

A. Node-to-node path trace tool

B. VLAN network topology views

C. Device discovery using LLDP/MED

D. Switch-to-switch consistency checking

E. Device access through web and CLI interfaces

Answer: AD

Section: (none)


QUESTION 27

Which statements are true about the PCM architecture? (Select two.)

A. PCM uses its own Java instance.

B. The PCM client is a web-based interface that supports SSL.

C. The PCM datastore is implemented as a set of indexed flat files.

D. The PCM management server is comprised of three Windows services.

E. The PCM client collects network management information and stores it on the PCM managementserver.

Answer: AD

Section: (none)


QUESTION 28

Which product integrated with PCM+ uses Network Behavior Anomaly Detection to detect attacks?

A. Mobility Manager

B. Identity Driven Manager

C. Network Access Controller

D. Network Immunity Manager

E. HP OpenView Network Manager

Answer: D

Section: (none)


QUESTION 29

Which statement is true about PCM or PCM+?

A. PCM+ is supported on Linux in addition to Windows.

B. PCM is included at no cost with all ProCurve manageable devices.

C. PCM is implemented as a Microsoft Management Console snap-in on Windows.

D. PCM+ is intended as a complete replacement for the switch CLI and web management interfaces.

Answer: B

Section: (none)


QUESTION 30

Which products are supported as plug-ins to PCM+? (Select two.)

A. Policy Manager

B. Mobility Manager

C. Traffic Analysis Manager

D. Secure Access Manager

E. Network Immunity Manager

Answer:

Section: (none)


QUESTION 31

Which methods of traffic data collection supported by the Traffic Monitor involve examining packetheaders? (Select two.)

A. vmstat

B. sFlow

C. PerfMon

D. XRMON

E. MIB-II statistics

Answer: BD

Section: (none)


QUESTION 32

Which statements are true about the operation of the Traffic Monitor? (Select three.)

A. sFlow traffic data are sent to the PCM+ management server using SSL.

B. XRMON sends traffic statistics to the PCM+ management server using SNMP.

C. Threshold-based alarms can be customized at the port level for each traffic metric.

D. The Top Talkers graphical view can differentiate traffic volume due to data, voice, and video traffic.

E. The HP ProCurve Traffic Launch Service must be running on the PCM+ management server forcollected data to be processed.

Answer: BCE

Section: (none)


QUESTION 33

Which statistical attributes are displayed by the Traffic Monitor? (Select two.)

A. Frames/second

B. Memory utilization

C. Multicasts/second

D. Min/max free buffers

E. Packet size distribution

Answer: AC

Section: (none)


QUESTION 34

Which methods of traffic data collection are provided by the Traffic Monitor? (Select three.)

A. sFlow

B. PerfMon

C. XRMON

D. load averaged

E. MIB II statistics

Answer: ACE

Section: (none)


QUESTION 35

Which detailed attribute does the Traffic Monitor's Top Talkers window allow you to examine for theutilization percentage statistic?

A. Link errors

B. Multicasts

Answer:

Section: (none)


QUESTION 36

Which VLAN Manager capability is supported by PCM and PCM+?

A. Synchronizing VLAN names

B. Viewing a graphical map of VLANs

C. Deleting a VLAN from a single device

D. Setting the maximum VLANs per device

Answer: B

Section: (none)


QUESTION 37

Which VLAN settings can be configured using the VLAN Manager? (Select two.)

A. Traffic mirroring

B. Managed subnet

C. IP helper address

D. Multinetted IP addresses

E. Secure Management VLAN

Answer: BD

Section: (none)


QUESTION 38

Which statements are true about the VLAN Manager? (Select two.)

A. A device can be enabled or disabled as an IGMP querier.

B. The name of a VLAN can be synchronized across all devices.

C. VRRP operation can be enabled or disabled on a single VLAN.

D. A VLAN ACL can be applied to one or more devices in a VLAN.

E. 802.1X port-access authentication can be enabled on one or more ports of a VLAN.

Answer: AB

Section: (none)


QUESTION 39

Which method can be used to access the PCM database externally?

A. XML

B. SSH

C. MMC

D. ODBC

E. MIB browser

Answer: D

Section: (none)


QUESTION 40

Which statement is true about external access to the PCM database?

A. Access is supported from the PCM management server station only.

B. To access the database, a user must be authenticated through RADIUS.

C. Read-write access is provided by default, but can be restricted to read only.

D. To access the database, a PCM management user must have the necessary permission enabled.

Answer:

Section: (none)


QUESTION 41

Which attributes can be referenced in an IDM Access Rule to determine the Access Profile that will apply?(Select two.)

A. Location

B. Username

C. Time period

D. VLAN identifier

E. 802.1X EAP method

Answer: AC

Section: (none)


QUESTION 42

Which attributes can IDM apply to a session after a user has been authenticated? (Select two.)

A. ACL

B. Logout time

C. QoS setting

D. Broadcast limit

E. Login session limit

Answer: AC

Section: (none)


QUESTION 43

Which object is equivalent to a Network Resource Access Rule in IDM?

A. Access Policy Group

B. Access Control Entry

C. Remote Access Policy

D. Network Dial-in Restrictions

Answer: B

Section: (none)


QUESTION 44

Which statements are true about the PCM client? (Select two.)

A. An SSL browser session is required to access the PCM user interface.

B. The PCM user interface can be accessed from a Windows or Macintosh computer.

C. PCM allows only one simultaneous client connection; PCM+ allows an unlimited number.

D. To download the PCM client using a web browser, you connect to port 8040 of the PCM managementserver.

E. The PCM management server can use an IP address, DNS name, or shared secret to authorize aremote PCM client.

Answer: DE

Section: (none)


QUESTION 45

What is required to use the automatic product registration feature in PCM?

A. The devices to be registered must support SSH.

B. The devices must be based on the ProVision ASIC hardware.

C. The username and password of a My ProCurve account must be provided.

Answer:

Section: (none)


QUESTION 46

Which statements are true about the registration and licensing of PCM and PCM+? (Select two.)

A. The registration ID is needed only if you are licensing PCM+.

B. To generate a license for PCM or PCM+, you need to provide an installation ID.

C. To download product updates for PCM and any plug-ins, the products must be registered.

D. A license is automatically downloaded by the management server the first time a check for updatesoccurs.

E. A licensed instance of PCM+ can be installed on up to one additional server for standby backupoperations.

Answer: AB

Section: (none)


QUESTION 47

Which information are you prompted for when running the PCM Installation Wizard? (Select three.)

A. DNS name or IP address of a RADIUS server

B. IP address of a device to start discovery from

C. SNMP version to be used for device management

D. SSL port number to use for secure web management

E. maximum number of switch and access points to be managed

F. manager-level username and password used for switch access

Answer: BCF

Section: (none)


QUESTION 48

Which statements are true about the PCM access.txt permissions file? (Select two.)

A. A range of IP addresses can be specified using CIDR notation.

B. Only PCM+ clients using static IP addresses can be allowed access.

C. Read-only or read-and-write access can be specified for each PCM client.

D. By default, the file is empty, which allows access from the local PCM client only.

E. Multiple PCM clients can be allowed access, based on a DNS domain name with a wildcard.

Answer: DE

Section: (none)


QUESTION 49

Which criterion must be met for PCM to process received traps?

A. The SNMP trap receiver service must be started.

B. The SNMP trap port must be enabled in the PCM Preferences tool.

C. The IP address of each SNMP trap sender must be defined in PCM.

D. The SNMP community string must be set to "public" in received traps.

Answer: D

Section: (none)


QUESTION 50

Which criterion can be specified when you use the Find Node tool to locate n end-user computer?

A. Slot ID of a switch

B. MAC address of the client

C. NetBIOS name of the client

D. IP address of the PCM server

Answer: B

Section: (none)


QUESTION 51

Which statement is true about PCM custom groups?

A. A given device can belong to, at most, one custom group.

B. A device can be added to a custom group automatically or manually.

C. To create a custom group, you must use the Configurable Integration Platform API.

D. A custom group is used to contain non-ProCurve devices that lack support for SNMP.

Answer: B

Section: (none)


QUESTION 52

Which information is shown if the Find Node tool successfully locates a ProCurve switch?

A. System information summary

B. List of connected neighbor devices

C. Status of untagged and tagged ports

D. Graphical representation of the front panel

Answer: B

Section: (none)


QUESTION 53

Which statements are true about how PCM device access settings can be managed? (Select three.)

A. CLI parameters can be configured per device.

B. SNMPv3 access can only be configured in PCM+.

C. WebAgent access can be enabled or disabled globally.

D. 802.1X, Web, or MAC authentication can be optionally enabled.

E. Default SSH settings can be defined for each PCM administrator.

Answer: ABC

Section: (none)


QUESTION 54

Which statements are true about the PCM live view of a device? (Select two.)

A. The Java Runtime Environment must be installed on the PCM client.

B. The operating temperature and fan speeds of a device can be displayed.

C. The device can be shut down or rebooted by clicking the emulated front panel buttons.

D. It provides a graphical rendering of the front panel or rendering of the front and back panels.

Answer: AD

Section: (none)


QUESTION 55

Which statement is true about PCM device groups?

A. The End-nodes group is used to hold edge switches and wireless APs.

B. The Unknown device group is used to contain discovered devices that have become unreachable.

C. If a ProCurve device is assigned to a custom group, it will be automatically removed from its defaultgroup.

D. A product family-specific group is created below the Interconnect Devices folder when the first deviceinstance is discovered.

Answer: D

Section: (none)


QUESTION 56

Which criterion can be used to specify the source or target devices when configuring a policy using thePolicy Manager?

A. Custom groups

B. Software versions

C. Dns names with a wildcard

D. Ip addresses using CIDR notation

Answer: A

Section: (none)


QUESTION 57

Which file formats does the Policy Manager support for policies that generate reports? (Select three.)

A. CGI

B. XML

C. SQL

D. CSV

E. PDF

F. HTML

Answer: DEF

Section: (none)


QUESTION 58

Which option can be specified when configuring a schedule-driven alert using the Policy Manager?

A. Sleep time, if no problems are detected

B. Number of retries, if a device is unreachable

C. Run at first opportunity, if a schedule is missed

D. Allow only a PCM administrator level user to enable

Answer: C

Section: (none)


QUESTION 59

When can you use the Policy Manager? (Select three.)

A. When taking an action in response to an alert notification

B. When running a network consistency check report on-demand

C. When performing periodic configuration scans for a group of devices

D. When initiating endpoint integrity testing when a device connects to a switch port

E. When synchronizing the PCM management users database with Active Directory

Answer: ABC

Section: (none)


QUESTION 60

Which criteria can be specified when configuring an event-based alert using the Policy Manager? (Selecttwo.)

A. User group

B. DNS domain

C. Message text

D. Time duration

E. IP address range

Answer: CD

Section: (none)


QUESTION 61

Which IGMP settings can be configured using the VLAN Manager? (Select two.)

A. Forced fast leave

B. IP multicast mode

C. Allocated bandwidth

D. Multicast IP address

E. Maximum members of multicast group

Answer: AB

Section: (none)


QUESTION 62

Which VLAN Manager capabilities are supported by both PCM and PCM+? (Select two.)

A. Viewing a list of VLANs

B. Adding a VLAN to multiple devices

C. Viewing a graphical map of VLANs

D. Deleting a VLAN from a single device

E. Viewing authentication status of 802.1X ports

Answer: AC

Section: (none)


QUESTION 63

Which VLAN settings can be configured using the VLAN Manager? (Select two.)

A. Jumbo frames

B. DHCP snooping

C. Quality of service

D. Ip configuration method

E. Untagged or tagged port status

Answer: DE

Section: (none)


QUESTION 64

Which secure network management features are available in PCM+? (Select three.)

A. SSH switch access

B. SNMPv3 switch access

C. IPSec VPN tunnel to PCM+

D. SSL web interface to PCM+

E. RADIUS authentication of PCM+ administrators

Answer: ABE

Section: (none)


QUESTION 65

Which statement is true about the PCM client architecture?

A. The client can be installed on Windows, Linux, and Macintosh computers.

B. The client can be installed on several types of computers without requiring a license.

C. The client performs network data collection and stores the data on the management server.

D. The client installation is initiated using a browser and connecting to port 443 of the management server.

Answer: B

Section: (none)


QUESTION 66

Which product integrated with PCM+ can dynamically assign an ACL to a switch port?

A. Mobility Manager


C. Network Node Manager

D. Network Access Controller

Answer: B

Section: (none)


QUESTION 67

Which statement is true about licensing options for PCM+ and its upported plug-ins?

A. Identity Driven Manager licensing is based on the number of users managed.

B. Mobility Manager licensing is based on the number of wireless clients managed.

C. ProCurve Manager Plus licensing is based on the number of installed instances.

D. Network Immunity Manager licensing is based on the number of NAC 800s managed.

Answer: A

Section: (none)


QUESTION 68

Which products are supported as plug-ins for PCM+? (Select two.)

A. Events Manager


C. Network Immunity Manager

D. Device Configuration Manager

E. Vulnerability Database Manager

Answer: BC

Section: (none)


QUESTION 69

Which features are only available in PCM+? (Select three.)

A. Events browser

B. Custom device groups

C. Configuration templates

D. Sflow traffic monitoring

E. Configurable Integration Platform

Answer: CDE

Section: (none)


QUESTION 70

You have set the Prefer the latest version parameter in the Preferences window. Which additional stepmust you take to ensure that you can install the most recent software updates?

A. Download the procurve_firmware.prp file using the Preferences window.

B. Modify the PCM permissions file to allow access to the ProCurve support site.

C. Define a policy using the Policy Manager that will download the software image files.

D. Determine the current device software versions using the Configuration Manager scan tool.

Answer: A

Section: (none)


QUESTION 71

Which capability does PCM+ support for managing ProCurve device software updates?

A. The PCM+ management server can periodically download a software versions list to determine ifupdates are available.

B. ProCurve switches that support the PCM+ Policy Manager can be scheduled to check the ProCurvedownload FTP site directly.

C. Software image files can be downloaded directly to a USB drive on switches that support them andscheduled for installation at a later time.

D. Checking for software updates to PCM+ and its plug-ins includes retrieving any available softwareupdates for currently discovered devices.

Answer: A

Section: (none)


QUESTION 72

Which capabilities are supported by the Software Update Wizard? (Select three.)

A. Optional device reboot after updating

B. Automated rollback of a failed update

C. Selection of primary or secondary flash

D. Scheduled installation of a software update

E. Configuration consistency check after updating

Answer: ACD

Section: (none)


QUESTION 73

Which CIP file type must be configured to add a non-ProCurve device to PCM?

A. Object identifier

B. Trap configuration

C. User-defined action


Answer: A

Section: (none)


QUESTION 74

You have a device that is not natively supported by PCM. You want to allow PCM to manage it. You havedecided to use the CIP to take advantage of the device management capabilities of PCM. What is anexample of a PCM capability that can be provided for the device through the CIP?

A. Loading the XRMON agent onto the device

B. Adding IDM attributes that can be applied to device ports

C. Defining the custom group to which the device is assigned

D. Using the Instrumentation Monitor to collect performance data from the device

Answer: C

Section: (none)


QUESTION 75

Which CIP file type references the Action ID that is defined in the user-defined action file?

A. Global property

B. Object identifier

C. Trap configuration


Answer: D

Section: (none)


QUESTION 76

What can the Configuration Manager use to transfer a configuration file between the PCM managementserver and a device? (Select two.)

A. SSL

B. FTP

C. Telnet

D. SCP

E. TFTP

F. FTPS

G. HTTP

Answer: DE

Section: (none)


QUESTION 77

Which type of information does the Configuration Manager allow you to export for a previously discovereddevice?

A. System performance statistics

B. Authentication status of 802.1X ports

C. Software version and boot ROM version

D. Percentage of ports connected during a time period

Answer: C

Section: (none)


QUESTION 78

Which CLI command is equivalent to using the Commit to flash option of the Configuration Manager's CLIWizard?

A. Reload

B. Write memory

C. Copy flash flash

D. Boot system flash primary

Answer: B

Section: (none)


QUESTION 79

How many configuration files can be compared at the same time using PCM+ if each one is from a differentdevice?

A. Zero

B. Two

C. Three

D. Four

E. Five

Answer: B

Section: (none)


QUESTION 80

Which device management capabilities are supported by the Configuration Manager? (Select three.)

A. Restoring a configuration to a switch

B. Changing the discovery seed device

C. Comparing the configuration files of two different switches

D. Applying a configuration template to a newly discovered switch

E. Triggering an alert after a specified number of configuration file saves

Answer: ACD

Section: (none)


QUESTION 81

Which statements are true about the XRMON and sFlow methods used by the Traffic Monitor? (Selecttwo.)

A. Layer 2, 3, and 4 packet headers are examined by each method.

B. XRMON is an IETF standard that has been derived from the sFlow method.

C. Each method requires that an agent be individually installed on the PCM+ management server.

D. The results displayed in the Traffic Monitor are equivalent for data collected using either method.

E. Wirespeed performance is achieved on high-end switches because the methods are implemented insoftware.

Answer: AD

Section: (none)


QUESTION 82

Which statements are true about the RMON Manager? (Select three.)

A. Alarm thresholds can be configured at the port level.

B. It provides the same traffic data as sFlow and XRMON.

C. It provides statistics that include packet size distribution.

D. It is an optional plug-in that is separate from the Traffic Monitor.

E. It operates based on rising and falling threshold levels being detected.

Answer: ACE

Section: (none)


QUESTION 83

Which method of traffic data collection supported by the Traffic Monitor includes the equivalent informationprovided by MIB-II counters?

A. vmstat

B. sFlow

C. PerfMon

D. NetFlow

Answer: B

Section: (none)


QUESTION 84

Which detailed attribute does the Traffic Monitor's Top Talkers window allow you to examine for theutilization percentage statistic?

A. Runts

B. Unicasts

C. Link errors

D. Sources or destinations

Answer: D

Section: (none)


QUESTION 85

Which methods of traffic data collection supported by the Traffic Monitor use a sampling technique? (Selecttwo.)

A. sFlow

B. virtMon

C. XRMON

D. Load averaged

E. MIB II statistics

Answer: AC

Section: (none)


QUESTION 86

Which method can be used to access the PCM database externally?

A. SSH

B. MMC v2

C. MySQL CLI

D. MIB browser

Answer: C

Section: (none)


QUESTION 87

Which type of database architecture does the PCM database use?

A. Relational

B. Networked

C. Linked files

D. Double linked list

Answer: A

Section: (none)


QUESTION 88

Which configuration task must you perform to use an event-driven policy?

A. Create an alert.

B. Define a schedule.

C. Assign a custom group.

D. Customize event messages.

Answer: A

Section: (none)


QUESTION 89

Which delivery methods does the Policy Manager support for policies that generate reports? (Select two.)

A. FTP

B. Email

C. SCP

D. HTTP

E. Secure tunnel

Answer: AB

Section: (none)


QUESTION 90

Which criteria can be specified when configuring an event-based alert using the Policy Manager? (Selecttwo.)

A. OID value

B. Timestamp

C. Software version

D. IP address range

E. Message severity

Answer: AE

Section: (none)


QUESTION 91

Which criterion can be specified when configuring a schedule-driven alert using the Policy Manager?

A. The days of the week and a time for each day that a policy can run

B. The maximum occurrences that a policy can run, after which it will be disabled

C. The minimum number of occurrences a policy must run in a configurable time period

D. The upper limit on the elapsed execution time of a policy, after which it will be queued again

Answer: B

Section: (none)


QUESTION 92

Which Policy Manager option can be configured using the Preferences window?

A. Forwarding policy events generated during policy execution as traps

B. Performing virus scanning before committing changes made by a policy

C. Checking for device software updates after a threshold error limit is reached

D. Logging actions that would be taken by policies, but do not allow device configuration changes

Answer: D

Section: (none)


QUESTION 93

You are deploying IDM in a network that will include a ProCurve 5406zl switch and Microsoft IAS. Whichprotocols are supported by the switch for communication with the RADIUS server that authenticates 802.1Xsupplicants? (Select two.)

A. EAP-RADIUS

B. MD5-RADIUS

C. CHAP-RADIUS

D. PAP-SPAP-RADIUS

E. MS-CHAPv2-RADIUS

Answer: AC

Section: (none)


QUESTION 94

Which attributes can be referenced in an IDM Access Rule to determine the Access Profile that will apply?(Select two.)

A. Username

B. IP address

C. WLAN SSID

D. Operating system

E. Endpoint integrity status

Answer: CE

Section: (none)


QUESTION 95

Which attributes can IDM apply to a session after a user has been authenticated? (Select two.)

A. User group

B. Logout time

C. VLAN identifier

D. Ingress rate limit

E. Egress rate limit

Answer:

Section: (none)


QUESTION 96

What must you do if the IDM management server operates with a remote RADIUS server?

A. Import the RADIUS remote access policies into IDM.

B. Define the IDM management server as a RADIUS client.

C. Specify the IP address of the RADIUS server in the access.txt file.

D. Configure the shared secret of the RADIUS server in the IDM Preferences window.

Answer: C

Section: (none)


QUESTION 97

Which IDM options can be enabled or disabled using the IDM Preferences window? (Select two.)

A. radius server support

B. endpoint integrity support

C. Macintosh platform support

D. 802.1X user authentication

E. Automatic configuration deployment to IDM agents

Answer: BE

Section: (none)


QUESTION 98

Which authentication mechanisms are supported on an edge device when used with IDM? (Select two.)

A. Web

B. WPA

C. 802.1X

D. Local user

E. Switch-to-switch

Answer: AC

Section: (none)


QUESTION 99

Which data sources can be used for importing users into IDM? (Select three.)

A. XML

B. CSV

C. HTML

D. LDAP

E. Active Directory

Answer: ADE

Section: (none)


QUESTION 100

Which statements are true about the implementation of PCM+ and IDM? (Select two.)

A. The PCM+ access.txt file is used to authorize access from remote PCM clients.

B. Deploying the IDM configuration involves sending updates to selected IDM agents.

C. The IDM management server cannot be installed on the same system as the IDM agent.

D. A PCM management user must have the IDM permission enabled to edit the IDM configuration.

Answer:

Section: (none)


QUESTION 101

Which criterion can be specified when you use the Find Node tool to locate an access point?

A. SSID

B. WLAN

C. VLAN ID

D. IP address

Answer: D

Section: (none)


QUESTION 102

Which criteria can be specified when using the Node to Node Path Trace tool? (Select three.)

A. DNS NAMES

B. Device types

C. IP addresses

D. Search all paths

E. MAC addresses

F. Subnet addresses

G. Maximum Layer 3 hops

H. Strict source routing paths

Answer: ACE

Section: (none)


QUESTION 103

Which actions can be initiated within the PCM Live View window of a device? (Select two.)

A. Access the CLI

B. Display an ACL

C. Quarantine a port

D. Disable or enable a port

Answer: AD

Section: (none)


QUESTION 104

Which switch feature can be configured using the PCM Port List window?

A. Meshing

B. Port security

C. Virus throttling

D. Authentication method

Answer: C

Section: (none)


QUESTION 105

Which criteria can be used to assign a device to a custom group when it is discovered? (Select two.)

A. Port speeds

B. Product class

C. Contact name

D. Number of ports

E. Mac address range

Answer: BC

Section: (none)


QUESTION 106

Which device group folder is used when assigning devices through the Configurable Integration PlatformAPI?

A. Others

B. End-nodes

C. Unknown Devices

D. User-defined Devices

Answer: D

Section: (none)


QUESTION 107

Which statement is true about the PCM live view of a device?

A. The WebAgent must be enabled on the device.

B. It provides a summary of key performance indicators.

C. It includes indicators for the operating temperature and fan speeds of a device.

D. For a modular switch, a module can be taken offline by clicking the emulated front panel slot.

Answer: A

Section: (none)


QUESTION 108

PCM creates graphical maps after the completion of which discovery phase?

A. ARP

B. Topology

C. Config scan

D. VLAN discovery

Answer: D

Section: (none)


QUESTION 109

Which options can be configured for a PCM management user? (Select two.)

A. Disable idle logout timer

B. Use only RADIUS authentication

C. Require confirmation of device changes

D. Grant external access to PCM database

E. Restrict viewing and access to devices by type

Answer: BD

Section: (none)


QUESTION 110

Which protocol does the Ping Sweep phase of PCM discovery use to query all devices in a managedsubnet?

A. ARP

B. LLDP

C. VRRP

D. SNMP

Answer: D

Section: (none)


QUESTION 111

Which statement is true about management user types supported in PCM?

A. Any user can change his own password without restrictions.

B. The no permissions user type is used to temporarily disable a user's access to PCM.

C. The minimum length of a password is eight characters and must contain at least one special character.

D. At most, one administrator user type can be defined, but an unlimited number of other user types can bedefined.

Answer: A

Section: (none)


QUESTION 112

Which management user profiles are defined in PCM? (Select two.)

A. Operator

B. Super user

C. System level

D. No permissions

E. Device Manager

Answer: AD

Section: (none)


QUESTION 113

Which statements are true about the registration and licensing of PCM or PCM+? (Select two.)

A. Each installation instance of PCM results in a new installation ID.

B. For PCM+, the license key is based on the registration ID and installation ID.

C. PCM+ features become unavailable in the user interface after 90 days if a license is not installed.

D. The automatic device registration feature is used to maintain compliance with the number of licensedPCM+ clients.

Answer: AB

Section: (none)


QUESTION 114

Which statement is true about the PCM automatic updates feature?

A. Updates can be scheduled, based on the day of the week and time of day.

B. PCM services must be stopped before initiating updates from the local download folder.

C. For updates to be installed from a local folder, the files must be extracted from the bundled file.

D. When PCM services are stopped during an update, PCM is unable to process any SNMP traps.

Answer: D

Section: (none)


QUESTION 115

Which information are you prompted for when running the PCM Installation Wizard without optional plug-insselected? (Select three.)

A. Default domain or realm

B. Registration ID and license key

C. Whether HTTP proxy will be used

D. Password for PCM+ administrator

E. Use of telnet or SSH for default mode of CLI access

F. User groups to import from Active Directory or an LDAP server

Answer: CDE

Section: (none)


QUESTION 116

Which file must be configured on the PCM management server to authorize a remote PCM client?

A. Registry

B. Access.txt

C. Pcmclient.db

D. Authorize.cfg

Answer: B

Section: (none)


QUESTION 117

Which statement is true about installation of PCM+?

A. A SQL server must be installed and running prior to initiating the PCM+ installation.

B. The installation of Mobility Manager with PCM+ requires the use of a local or remote RADIUS server.

C. Optionally, the local PCM+ client can be installed as an MMC snap-in on the PCM+ managementserver.

D. When installed on the same system as HP OpenView Network Node Manager, PCM+ installs itself as aplug-in.

E. Plug-in components can be installed on the same server as PCM+ or as standalone applications on aseparate server.

Answer: D

Section: (none)


QUESTION 118

Where is the information stored that is displayed in the Events browser?

A. Alarms Log

B. Events Table

C. Device Syslog

D. Alerts Database

Answer: B

Section: (none)


QUESTION 119

Which statements are true about the management of PCM events? (Select two.)

A. The percentage of events maintained can be configured per severity level.

B. Acknowledging an event causes PCM to send a trap to the specified device.

C. By default, archived events are saved to the FTP server defined in the Preferences tool.

D. When the maximum number of events is reached, the events are automatically archived.

E. Event filtering allows PCM to drop received traps matching specified criteria during high traffic periods.

Answer: AD

Section: (none)


QUESTION 120

How many configuration files from a single device can be compared at the same time using PCM+?

A. Two

B. Three

C. Four

D. Five

Answer: A

Section: (none)


QUESTION 121

Which statements are true about the operation of the PCM discovery process? (Select two.)

A. A discovered device must support SNMPv3 to be managed by PCM.

B. PCM automaticaily excludes a discovered device if excessive traffic flow is detected.

C. The management server can assign itself as a trap receiver on a discovered device.

D. By default, supported ProCurve devices are assigned to the Interconnect Devices folder.

E. A list of managed subnets is generated, based on the interfaces of each discovered router.

Answer: CD

Section: (none)


ProCure Security 7.31


H P HP0-Y11

ProCure Security 7.31

132 Q&A

Version 2.73

Exam A

QUESTION 1Which EAP methods support authentication of an 802.1X supplicant based on a user's name andpassword? (Select two.)

A. SIM

B. TLS

C. TTLS

D. SPAP

E. PEAP

F. CHAP

Answer: CE

Section: (none)


QUESTION 2Which statements describing Web authentication support on ProCurve switches are correct? (Select two.)

A. An SSL-based login is required.

B. It can be configured on ports that also have MAC authentication assigned.

C. A successfully authenticated user can be redirected to a configurable URL.

D. The switch's built-in DHCP, ARP, and DNS services assist with Web authentication while a port is in theauthenticating state.

E. When a client connects to a Web authenticator port and a Web browser is opened, the Web browser isautomatically redirected to the switch's Web-Auth home page.

Answer: CD

Section: (none)


QUESTION 3Which EAP method is considered the least secure solution for implementing 802.1X user authentication ona wireless LAN?

A. SIM

B. MD5

C. TTLS

D. FAST

E. LEAP

F. PEAP

Answer: B

Section: (none)


QUESTION 4What is a capability of the Secure Access Wizard supported by ProCurve Identity Driven Manager?

A. It configures 802.1X authenticator ports and RADIUS server settings on a switch.

B. It verifies the integrity of the ProCurve Identity Driven Manager database using Active Directory.

C. It conceals all security-related credentials stored in the switch configuration before backing up the file.

D. It checks a switch configuration file's 802.1X, Web, or MAC authentication settings for consistency andreports any errors.

Answer: A

Section: (none)


QUESTION 5You want to use 802.1X port-access authentication to assign Microsoft Active Directory users to a particularVLAN based on user credentials. Which condition must exist?

A. The VLAN ID must exist on the switch.

B. The VLAN ID must be defined in a GVRP configuration.

C. The port through which the user is authenticating must be defined as a member of the VLAN.

D. The user must be a member of an Active Directory Group that has an associated RADIUS remote-access policy.

Answer: A

Section: (none)


QUESTION 6Click the Exhibit button.

The RADIUS server and switch are correctly configured. The switch has the VLAN assignments and port-access commands configured, as shown in the diagram.

What happens to port 10 after the user connects to the network?

A. remains in an unauthorized state

B. becomes a member of VLAN 20

C. becomes a member of VLAN 25

D. becomes a member of VLAN 200

Answer: D

Section: (none)


QUESTION 7Which statements describing the 802.1X user authentication process are correct? (Select two.)

A. The supplicant and authentication server must support the same EAP method for the authenticationprocess to proceed.

B. A switch passes EAP messages between the supplicant and authentication switch without modificationor translation.

C. After a RADIUS server confirms a user is authenticated, the switch sends an EAP-Success messageand sets the port state to authorized.

D. Different RADIUS servers must be configured on the switch if authentication of both switch managementusers and 802.1X supplicants will be performed.

E. If a supplicant receives an EAP-Request message specifying a particular EAP method to be supported,the authentication session is closed if the supplicant does not support that EAP method.

Answer: AC

Section: (none)


QUESTION 8Which statement describing Web authentication support on the ProCurve Switch 5400zl series is correct?

A. User credentials or a digital certificate can authenticate the client.

B. It is mutually exclusive of other authentication methods on the same port.

C. After successful user authentication, a port is assigned to a VLAN based on an order of priority.

D. If a port is configured to support multiple users, different static untagged VLANs can be assignedconcurrently.

Answer: C

Section: (none)


QUESTION 9What is an operational difference between the TLS and MD5 EAP methods?

A. TLS uses a challenge/handshake mechanism for authentication; MD5 uses certificates forauthentication.

B. TLS uses a challenge/handshake mechanism for authentication and encryption; MD5 uses certificatesfor authentication and encryption.

C. TLS uses digital certificates for mutual authentication; MD5 uses a challenge/handshake mechanism toauthenticate the client to the server.

D. TLS uses a name and password along with digital certificates to produce a session key; MD5 uses aname and password to produce a session key.

Answer: C

Section: (none)


QUESTION 10Which statements describing MAC authentication on ProCurve switches are correct? (Select two.)

A. It can be configured on the same port with Web authentication and 802.1X authentication.

B. The device's MAC address is sent to the RADIUS server as the user name and password.

C. The switch's built-in DHCP server initially assigns an IP address in the 192.168.0.0 private subnet.

D. The switch automatically initiates user authentication of a device when the device communicates on aMAC authenticator port.

E. Configuration involves defining ports as MAC authenticators, the RADIUS authentication protocol to use,and then activating the ports for MAC authentication operation.

Answer: BD

Section: (none)


QUESTION 11Which statement describing dynamic VLAN assignment for 802.1X authenticator ports on ProCurveswitches is correct?

A. If a GVRP-learned VLAN is used, the RADIUS server must specify that attribute.

B. The VLAN used may be statically defined on the switch or learned through GVRP.

C. If a client fails authentication, the port is reassigned to the Secure Management VLAN.

D. If a client is authenticated, but no VLAN attribute is returned by a RADIUS server, the switch blocks theport.

Answer: B

Section: (none)


QUESTION 12Which two EAP methods support tunneling of a weaker authentication method such as MS-CHAPv2?

A. TLS and SIM

B. PAP and SPAP

C. LEAP and FAST

D. PEAP and TTLS

Answer: D

Section: (none)


QUESTION 13Which protocols are supported by a ProCurve switch for communication with a RADIUS server that is usedto authenticate 802.1X supplicants? (Select two.)

A. EAP-RADIUS

B. MD5-RADIUS

C. CHAP-RADIUS

D. PAP-SPAP-RADIUS

E. MS-CHAPv2-RADIUS

Answer: AC

Section: (none)


QUESTION 14You have ProCurve Identity Driven Manager currently deployed in your network and have recently modifiedan Access Profile. Which task should you perform next?

A. Restart the IDM Agent.

B. Deploy the configuration.

C. Run the Secure Access Wizard.

D. Update the Access Policy Groups.

E. Start Active Directory synchronization.

F. Rediscover switches affected by the changes.

Answer: B

Section: (none)


QUESTION 15Which statements describing the ProCurve switch debug facility are correct? (Select two.)

A. The instrumentation monitor must be enabled first.

B. Specific debug message categories can be selectively enabled.

C. The debug destinations can be set to a session window and a Syslog server concurrently.

D. Debug messages have the same format as standard Event Log messages including the event type andtimestamp.

Answer: BC

Section: (none)


QUESTION 16You have just installed two ProCurve 5406zl switches, one on the second floor and one on the third floor ofyour office. You are using 802.1X for port-access authentication. All users have an 802.1X supplicantinstalled on their computers and you have configured a RADIUS server with a remote access policy for eachfloor. Shortly after connecting the computers, users on the second floor report that they cannot access anynetwork resources. You can ping the RADIUS server from both switches, but when you check the RADIUSlog, you see authentication requests coming only from the third floor switch. Why are the second floor usersunable to connect to the network?

A. The IP address of the RADIUS server has not been configured on the second floor switch.

B. The second floor computers are using the wrong EAP type for authentication with the RADIUS server.

C. The shared secret configured on the second floor switch does not match the shared secret configuredon the RADIUS server.

D. No default gateway has been configured on the second floor switch, therefore no authentication requestscan reach the RADIUS server.

Answer: A

Section: (none)


QUESTION 17A customer calls you and describes a switch management access problem involving SSH. The customerindicates that he is denied access after supplying the login credentials. The customer is using a RADIUSserver for centralized authentication, and has used the ping command to verify that the SSH client, switch,and RADIUS server are all reachable. What is a potential cause of this problem?

A. A self-signed digital certificate has not been installed on the switch.

B. SSH has not been configured for the login access level on the switch.

C. A remote-access policy on the RADIUS server has not been configured to support the CHAP protocol.

D. The digital certificate of the public Certificate Authority used by the switch has not been installed in theSSH client.

Answer: C

Section: (none)


QUESTION 18Authentication of switch management or general network users can involve multiple network components.Which statement describing these network components is correct?

A. A user directory server operates as the policy enforcement point.

B. The authentication server is also known as the policy decision point.

C. A ProCurve switch functions as a policy repository for switch management access using a remote useraccount.

D. A RADIUS access-accept message is used by a client to acknowledge authentication settings assignedby the server.

Answer: B

Section: (none)


QUESTION 19A university shares a core routing switch between two departments. Each department has a separateProCurve edge switch deployed and neither department wants the other to have management access totheir respective switch. Which security measures can prevent management access by the respectivedepartments? (Select three.)

A. Enable the Privilege Mode option.

B. Configure Authorized IP Managers.

C. Define Secure Management VLANs.

D. Implement Command Authorization.

E. Use RADIUS authentication with separate policies.

Answer: BCE

Section: (none)


QUESTION 20Network security can be described in terms of multiple layers of security.

Which action describes a perimeter security measure?

A. limiting switch access to SSH

B. deploying 802.1X authentication

C. installing an Intrusion Prevention System

D. using a secure operating system for network applications

Answer: C

Section: (none)


QUESTION 21What are infrastructure defense capabilities provided by the ProCurve ProActive Defense network securitysolution? (Select four.)

A. virus throttling

B. device hosting

C. ICMP throttling

D. host-based IPS

E. dynamic ARP protection

F. DHCP spoofing protection

Answer: ACEF

Section: (none)


QUESTION 22What is the benefit of saving the DHCP Snooping binding database that contains IP address to MACaddress mappings?

A. It will be available after a reboot of the switch.

B. It conserves switch ASIC memory resources.

C. It allows the switch to determine if a DHCP server is a rogue system.

D. It protects the switch from rogue DHCP servers while the switch is rebooting.

Answer: A

Section: (none)


QUESTION 23Which statement describing the MAC Lockdown feature supported on the ProCurve Switch 5400zl series iscorrect?

A. A MAC address can be locked down to one or more trunks.

B. It is enforced at the network edge by configuring the feature globally on a core switch.

C. Once a port becomes locked down, the network administrator must disable and then re-enable the portto connect another device.

D. To be locked down, a device with a specified MAC address must access the network by passing throughthe assigned port and VLAN.

Answer: D

Section: (none)


QUESTION 24Which statement describing standard and extended ACLs on the ProCurve Switch 5400zl series is correct?

A. An extended ACL supports filtering on both source and destination TCP/UDP ports, while a standardACL supports only source TCP/UDP ports.

B. Standard and extended ACLs can both specify TCP/UDP ports, but only an extended ACL can specifythe precedence and type of service identifiers.

C. A standard ACL can specify only a filter based on a destination IP address, while an extended ACL canspecify both source and destination IP addresses.

D. An extended ACL can filter traffic from a source TCP/UDP port to a destination IP address, while astandard ACL filters only traffic based on the source IP address.

Answer: D

Section: (none)


QUESTION 25Which statement describes the type of traffic that a VLAN ACL (VACL) filters?

A. IP traffic routed between different VLANs

B. routed or switched IP traffic leaving a static VLAN

C. IP traffic entering a physical port, port list, or static trunk

D. IP traffic routed between different subnets of the same VLAN

E. switched IP traffic moving between ports belonging to the same VLAN

Answer: E

Section: (none)


QUESTION 26To provide maximum security when deploying DHCP Snooping on a ProCurve switch, which configurationtasks should be performed on the switch for a local DHCP server? (Select two.)

A. Specify the subnets associated with the scopes.

B. Enable encryption for the IP address lease database.

C. Define the port connecting to the DHCP server as trusted.

D. Define the DHCP server's IP address as an authorized server.

E. Configure the optional authorization protocol used to communicate with the DHCP server.

Answer: CD

Section: (none)


QUESTION 27Which statements describing ACLs on the ProCurve Switch 5400zl series are correct? (Select two.)

A. A sequence number is used for each Access Control Entry.

B. Criteria may include Layer 2, Layer 3, and Layer 4 identifiers.

C. Each new Access Control Entry is appended to the beginning of the list.

D. It can filter IP traffic to or from a host, a group of hosts, or entire subnets.

E. It can be assigned to the console port, a physical port, a static trunk, or a VLAN interface.

Answer: AD

Section: (none)


QUESTION 28Which configuration steps must you perform to implement the ProCurve Dynamic ARP protection feature ona switch? (Select three.)

A. Enable it globally.

B. Define trusted ports.

C. Activate it on one or more VLANs.

D. Enable validation of source MAC addresses.

E. Allocate the IP-to-MAC address binding database.

F. Specify the valid MAC address formats supported.

Answer: ABC

Section: (none)


QUESTION 29What is a benefit of the ProCurve BPDU Protection feature?

A. It eliminates the need for a topology change when a port's link status changes.

B. It ignores received BPDUs and does not send its own BPDUs on designated ports.

C. It protects the active spanning-tree topology by preventing spoofed BPDUs from entering the spanning-tree domain.

D. It prevents a spanning-tree port from changing between various operational states during a broadcaststorm or when a loop is detected.

Answer: C

Section: (none)


QUESTION 30Which action or configuration step should you take when implementing remote mirroring using the ProCurveTraffic Mirroring feature?

A. enabling jumbo frames

B. configuring a connection-rate filter

C. enabling SNMP message throttling

D. enabling the instrumentation monitor

Answer: A

Section: (none)


QUESTION 31

Which sources can be specified for the ProCurve Traffic Mirroring feature? (Select three.)

A. trunk

B. VLAN

C. port group

D. network port

E. console port

F. LLDP-MED identifier

Answer: ABD

Section: (none)


QUESTION 32Which Port Security learn mode is used in conjunction with 802.1X to temporarily learn a MAC address ofan 802.1X authenticated session?

A. static

B. configured

C. continuous

D. port-access

E. limited-continuous

Answer: D

Section: (none)


QUESTION 33You are the network administrator for an organization with a security policy that limits network access tospecific computers. Which restriction can you specify if you enable Port Security on ProCurve edgeswitches?

A. list of permitted MAC addresses per switch

B. single specific permitted MAC address per port

C. single permitted user name and password pair per port

D. list of permitted user name and password pairs per switch

Answer: B

Section: (none)


QUESTION 34You are configuring an ACL and want to identify all addresses in the range:10.1.32.0 through 10.1.47.255 that have a common value in the first 20 bits. Which format represents thecorrect ACL mask that could be used?

A. 10.1.32.0 0.0.0.255

B. 10.1.32.0 0.0.15.255

C. 10.1.32.0 0.0.20.255

D. 10.1.32.0 0.0.240.255

E. 10.1.32.0 0.0.255.255

Answer: B

Section: (none)


QUESTION 35When using DHCP Snooping, which action can the switch perform if a client sends a DHCP message withoption 82 set?

A. Send a negative acknowledgement to the client.

B. Remove the option 82 field and relay the DHCP message.

C. Block the client's port and log a message in the Intrusion Log.

D. Replace the field with the switch's MAC address and the source port identifier.

E. Simulate a DHCP response to the potential rogue client using the internal DHCP server on the switch.

Answer: D

Section: (none)


QUESTION 36The network administrator of a university realizes that students in campus housing buildings are connectingwireless access points and small-scale switches to the network. The administrator wants to limit a particularport to one MAC address at a time, but is not concerned about the actual address. Which security featureprovides flexibility while effectively limiting a port to a single MAC address at a time?

A. 802.1X MAC authentication

B. MAC Lockout learn mode static

C. MAC Lockdown learn mode continuous

D. Port Security learn mode limited-continuous

Answer: D

Section: (none)


QUESTION 37How does the ProCurve Connection-rate Filtering feature operate?

A. When the aggregate flow of packets sent over a trunk or list of ports reaches a threshold, selectedpackets are dropped.

B. When a source IP address generates a rate of connection requests to multiple destinations that exceedsa threshold, a configured action is applied.

C. When the number of TCP SYN requests sent to any one of the switch's management interfaces exceedsa configured limit, the source port is disabled.

D. When an excessive number of source IP addresses attempt to create a Denial of Service attack on agiven destination IP address, the source ports are throttled.

Answer: B

Section: (none)


QUESTION 38Which statement describing the ProCurve Connection-rate Filtering feature is correct?

A. The connection-rate filter sensitivity is configurable on a per-port basis.

B. It protects against both known and unknown threats, but requires intrusion signature updates.

C. It uses the Traffic Monitoring feature to determine whether traffic activity represents an intrusion.

D. A connection-rate ACL can be used to allow some or all inbound traffic through a port that has beenthrottled or blocked.

Answer: D

Section: (none)


QUESTION 39Which statements describing a static port ACL are correct? (Select two.)

A. It can be implemented as an extended ACL only.

B. Adding a port to a trunk applies the trunk's ACL configuration to the new member.

C. It is useful where clients with differing access needs are likely to use the same port.

D. Can be conditionally assigned to a port based on the connecting device's MAC address.

E. It filters any inbound IP traffic on the designated port, regardless of whether it is switched or routed.

Answer: BE

Section: (none)


QUESTION 40Which statements describing the ProCurve SNMP Message Throttling feature are correct? (Select two.)

A. Message throttling can be enabled or disabled based on the event severity level.

B. The amount of time that repeating events are throttled depends on the severity level.

C. Messages are throttled based on having the same severity level and the duration between repeatedmessages.

D. It controls the rate that SNMP traps are sent to one or more trap receivers and messages are sent to theswitch Event Log.

E. If a given type of event continues to occur after a configurable number of cycles, generation ofsubsequent messages are disabled until the administrator unblocks them.

Answer: BD

Section: (none)


QUESTION 41Which statements describe capabilities of the ProCurve Instrumentation Monitor? (Select two.)

A. The anomaly detection engine can detect zero-day attacks.

B. Alerts can be sent to the switch Event Log or to SNMP trap receivers.

C. It supports integration with the ProCurve Manager Traffic Monitor component.

D. Predefined threshold levels can be used or specific values can be set for thresholds.

E. Ports are automatically blocked if the number of intrusions of a given category is exceeded.

F. System resource usage based on 802.1X, Web, and MAC authentication sessions can be monitored.

Answer: BD

Section: (none)


QUESTION 42What is the purpose of defining IP-to-MAC address bindings on a ProCurve switch that has Dynamic ARPProtection enabled?

A. to specify clients connected to untrusted ports

B. to lock down the switch's IP addresses to its base MAC address

C. to identify devices that do not use DHCP, but have a static IP address assigned

D. to provide security on those ports where different clients may connect over time

E. to protect uplink ports that connect to other switches that do not support Dynamic ARP Protection

Answer: C

Section: (none)


QUESTION 43Under which condition should the ProCurve BPDU Filtering feature be enabled on a port?

A. The port is not at risk of receiving spoofed BPDUs.

B. The port exhibits excessively high data utilization rates.

C. You do not want the port to participate in BPDU communications.

D. The port receives an abnormally high number of BPDUs due to frequent topology changes.

Answer: C

Section: (none)


QUESTION 44Various ProCurve switches support the Privileged Mode feature for switch management users authenticatedthrough RADIUS. Which benefit does this feature provide when enabled?

A. It automatically provides manager-level access to an authenticated user.

B. It provides an SNMPv3 user with read/write access to the switch authentication MIB.

C. It allows an unauthenticated user to issue the enable command without requiring a local password.

D. It enables an authenticated user with operator-level access to view security credentials stored in theswitch configuration file.

Answer: A

Section: (none)


QUESTION 45When designing a Secure Management VLAN, which ProCurve solution should an administrator implementat the core and Layer 2 edge devices for greater security?

A. Enable Secure Management VLANs to provide security at the core and at the Layer 2 switches; ACLsare not required.

B. Configure a separate management network with dedicated ports to isolate all management traffic at thecore and at the Layer 2 switches.

C. Enable Secure Management VLANs to provide security at the core; apply an IP address only to the coreswitch, and use ACLs at the Layer 2 switches.

D. Use ACLs to provide security at the core; enable Secure Management VLANs at the Layer 2 switches,and apply IP address only to the Secure Management VLAN.

Answer: D

Section: (none)


QUESTION 46Which front panel security features are enabled by default? (Select three.)

A. factory-reset

B. reset-on-clear

C. password-clear

D. include-credentials

E. password-recovery

F. flash-memory-protection

Answer: ACE

Section: (none)


QUESTION 47You are the manager of several IT staff members who have the authority to make configuration changes toProCurve 3500yl switches deployed within your organization. How can you centralize authentication of ITstaff members who log in to the switches with manager privileges?

A. Define a unique manager account for each IT staff member on each switch.

B. Configure RADIUS accounting services on the server to record each manager login event.

C. Leverage existing directory services by importing the team members' user name/password pairs to thelocal user database of each switch.

D. Configure the switches to use a RADIUS server that accesses the existing user directory, and configurethe server to accept authentication requests from the switches.

Answer: D

Section: (none)


QUESTION 48To configure RADIUS authentication of switch management users on a ProCurve switch, the RADIUSserver must support unencrypted authentication using which protocol?

A. HTTP

B. PEAP

C. CHAP

D. MS-CHAP

E. PAP or SPAP

F. MD5 or SHA-1

Answer: E

Section: (none)


QUESTION 49Which statements describing SSL operations on the ProCurve Switch 5400zl series are correct? (Selecttwo.)

A. Common public and private keys can be used for SSH and SSL.

B. Symmetric encryption algorithms supported include 3DES and DES.

C. The switch's certificate can be viewed, but the SSL public key cannot.

D. With SSL enabled, if you attempt to access the switch using HTTP, the Web browser is automaticallyredirected.

E. If a self-signed certificate is used, a Web browser initiates a challenge to verify the identity of the signerof the certificate.

Answer: BC

Section: (none)


QUESTION 50A network engineer is responsible for setting up RADIUS authentication of management users for ProCurveswitches. As part of the planning, which information must the network engineer obtain from the person whomanages the RADIUS server? (Select three.)

A. EAP method that is configured

B. IP address of the RADIUS server

C. authentication port number of the RADIUS server

D. shared secret or encryption key used by the RADIUS server

E. names of the users that will be authorized to use the switch

F. whether local authentication can be supported as a secondary method

Answer: BCD

Section: (none)


QUESTION 51You want to limit management of your ProCurve Switch 5412zl using IP Authorized Managers. You haveconfigured an IP Authorized Manager entry of 10.1.8.0 255.255.255.248.

What is the maximum number of distinct IP addresses that will be allowed to manage the switch?

A. 1

B. 4

C. 8

D. 254

E. 256

Answer: C

Section: (none)


QUESTION 52Which statement describes how SSL operates when using a Web browser to access the switchmanagement interface?

A. The client downloads and verifies the switch's certificate; creates a message containing the client'spublic key, and encrypts the message using the switch's private key.

B. The client downloads and verifies the switch's public key, creates a message containing a Diffie-Hellmanvalue, and encrypts the message using the client's private key.

C. The client downloads and verifies the switch's certificate, creates a message containing a symmetrickey, and encrypts the message using the switch's public key.

D. The client downloads a preshared key from the switch, creates a challenge message containing a hashof the preshared key, and the switch then verifies the challenge response.

Answer: C

Section: (none)


QUESTION 53Which statements describing SSH support on the ProCurve Switch 5400zl series are correct? (Selectthree.)

A. Each SSH client's public key is stored in switch flash memory.

B. Acquiring a digital certificate from a Certificate Authority is optional.

C. A switch is always authenticated to a client using the switch's public key.

D. An SSH client can be authenticated based on user credentials or a public key.

E. Multiple SSH public and private key pairs for the switch can be used for increased security.

Answer: ACD

Section: (none)


QUESTION 54What are the effects of issuing the management-vlan command on a ProCurve switch? (Select two.)

A. It bypasses the Authorized IP Managers list, if configured.

B. It requires that the local switch manager or operator user account be used to log in to the switch.

C. It allows management stations within the Secure Management VLAN to source traffic to other VLANs.

D. It provides encrypted and authenticated session flow between the switch and the management station inthe Secure Management VLAN.

E. It disables the ability for a switch to receive management traffic on any IP address other than the oneassigned to the Secure Management VLAN.

Answer: CE

Section: (none)


QUESTION 55Which statements describing the implementation of Authorized IP Managers are correct? (Select two.)

A. An access level of manager or operator can be optionally assigned.

B. An allowed management station can be specified using an IP address or DNS name.

C. A potential management station is authorized before RADIUS authentication is performed.

D. The maximum number of entries that can be defined depends on whether single IP address or IPaddress ranges are configured.

E. The IP mask specified must be inclusive of the underlying subnet mask of the IP addresses assigned tothe management stations.

Answer: AC

Section: (none)


QUESTION 56Which statements describing SNMPv3 support on the ProCurve Switch 3500yl series are correct? (Selectthree.)

A. Message privacy can be implemented using RSA encryption.

B. SNMPv1 and SNMPv2c access can be restricted to read-only.

C. When SNMPv3 is first enabled, a user called initial is automatically created.

D. By default, all SNMPv3, SNMPv2c, and SNMPv1 are enabled but not configured.

E. An SNMPv3 user's access rights are based on the group to which it is assigned.

Answer: BCE

Section: (none)


QUESTION 57

What are the main steps for configuring SNMPv3 management access after enabling SNMPv3 on aProCurve Switch 5406zl?

A. create users; assign users to groups

B. create users; create groups; assign users to groups

C. create users; create communities; assign users to communities

D. create communities; create groups; assign communities to groups

Answer: A

Section: (none)


QUESTION 58Which statement describes security technology implemented in SNMPv3?

A. Examples of encryption algorithms commonly used are MD5 and SHA-1.

B. The AES algorithm produces a larger message digest than the DES algorithm.

C. Symmetric cryptography uses a pair of mathematically related keys to encrypt and decrypt messages.

D. A hash function takes a message of arbitrary bit length and creates a fixed-length string representing amessage digest.

Answer: D

Section: (none)


QUESTION 59Which statement describing RADIUS accounting support on the ProCurve Switch 5400zl series is correct?

A. The network accounting option is used to collect statistics for switch management sessions.

B. The switch can be configured to allow the RADIUS server to query the switch for periodic updates ofaccounting statistics.

C. ProCurve IDM can be used to parse the accounting logs on the RADIUS server and produce reportsaccessible in ProCurve Manager.

D. The start-stop accounting option causes the switch to create an accounting statistic record when auser's login session begins and ends.

Answer: D

Section: (none)


QUESTION 60You receive an urgent call from a customer who forgot his password, and therefore cannot access the CLIof a ProCurve 5406zl switch. For security purposes, the front panel password-clear function was previouslydisabled. How can you help the customer regain management access to the switch?

A. Contact ProCurve support to obtain the default password.

B. Use the Reset and Clear buttons on the front panel of the switch together to return the switch to factorydefaults.

C. Press the Clear button on the front panel of the switch for at least 10 seconds to return the switch tofactory defaults.

D. Press the Reset button on the front panel of the switch for at least 20 seconds to return the switch tofactory defaults.

Answer: B

Section: (none)


QUESTION 61When configuring SSH on a ProCurve switch, which user authentication methods can be specified? (Selectfour.)

A. 802.1X

B. RADIUS

C. Kerberos

D. public key

E. TACACS+

F. Web browser

G. local user name and password

Answer: BDEG

Section: (none)


QUESTION 62Which change occurs when the include-credentials command is enabled on the ProCurve Switch 5400zlseries?

A. SSH authentication for switch management access will include the Web browser's public key.

B. Configured user names for operator and manager accounts are viewable in the switch configuration file.

C. Administrative privilege level is enabled for switch management access by authenticated RADIUS users.

D. An SNMPv3 account with authentication and privacy support is required for SNMP access to the switch.

E. Windows domain login credentials are passed to a RADIUS server by the switch for users authenticatedusing 802.1X.

Answer: B

Section: (none)


QUESTION 63Which statements describing SSH operations on the ProCurve Switch 3500yl series are correct? (Selectthree.)

A. Erasing the switch public and private keys automatically disables SSH.

B. The switch's public and private SSH keys can be viewed using a CLI show command.

C. The maximum number of client public keys stored in switch flash memory is configurable.

D. If secure file transfer is enabled for SSH, the switch TFTP server is automatically disabled.

E. When erasing client public keys, you can specify the operator-access or manager-access level.

Answer: ADE

Section: (none)


QUESTION 64Which statement describing Public Key Infrastructure (PKI), as typically used for SSL, is correct?

A. It uses digital certificates to manage symmetric key exchanges between a sender and a receiver.

B. It is a symmetric key scheme that uses digital certificates and certificate authorities to encryptmessages.

C. It uses a mathematically complementary key pair, one private and one public, but does not use digitalcertificates.

D. It uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt themessage to ensure confidentiality, authentication, integrity and nonrepudiation.

Answer: A

Section: (none)


QUESTION 65Hash functions are used in various network security applications including SNMPv3. Which statementdescribes the process that is performed on a message during the hash operation?

A. Predetermined sized blocks are created and then encrypted using a private key.

B. Predetermined sized blocks are created and sequentially fed into the hashing function.

C. Random sized blocks are created based on the encryption algorithm used and then encrypted using aprivate key.

D. Random sized blocks are created based on the encryption algorithm used and sequentially fed into thehashing function.

Answer: B

Section: (none)


QUESTION 66Which statements describing the Command Authorization feature on the ProCurve Switch 5400zl series arecorrect? (Select three.)

A. It requires the use of a RADIUS authentication server.

B. AAA accounting for commands must be enabled on the switch.

C. It can be used only to limit commands issued within the manager-access level.

D. Two vendor-specific attributes are used to define a list of commands and whether the commands areallowed or denied.

E. It is applicable to switch management users accessing the switch through the console port or the Webbrowser interface.

F. A list of allowed or denied commands is sent to the switch by the RADIUS server after the user issuccessfully authenticated.

Answer: ADF

Section: (none)


QUESTION 67Which type of message is sent by a RADIUS client to a RADIUS server?

A. access-query

B. access-request

C. access-challenge

D. access-response

Answer: B

Section: (none)


QUESTION 68You have just installed two ProCurve 5406zl switches, one on the second floor and one on the third floor ofyour office. You are using 802.1X for port-access authentication. All users have an 802.1X supplicantinstalled on their computers and you have configured a RADIUS server with a remote access policy for eachfloor. Shortly after connecting the computers, users on the second floor report that they cannot access anynetwork resources. You can ping the RADIUS server from both switches, but when you check the RADIUSlog, you see authentication requests coming only from the third floor switch. Why are the second floor usersunable to connect to the network?

A. The IP address of the RADIUS server has not been configured on the second floor switch.

B. The second floor computers are using the wrong EAP type for authentication with the RADIUS server.

C. The shared secret configured on the second floor switch does not match the shared secret configuredon the RADIUS server.

D. No default gateway has been configured on the second floor switch, therefore no authentication requestscan reach the RADIUS server.

Answer: A

Section: (none)


QUESTION 69Which statements describing the ProCurve switch debug facility are correct? (Select two.)

A. The instrumentation monitor must be enabled first.

B. Specific debug message categories can be selectively enabled.

C. The debug destinations can be set to a session window and a Syslog server concurrently.

D. Debug messages have the same format as standard Event Log messages including the event type andtimestamp.

Answer: BC

Section: (none)


QUESTION 70A customer calls you and describes a switch management-access problem involving SSL. The customeraccesses the SSL login page, but he is denied access after supplying the login credentials. The customer isusing a RADIUS server for centralized authentication, and has used the ping command to verify that theclient, switch, and RADIUS server are all reachable. What is a potential cause of this problem?

A. The client's public key has not been stored in switch flash memory.

B. The HTTP Web management server is enabled, but not the SSL Web management server.

C. The switch has not been configured to use RADIUS for the login access level for Web management.

D. A remote access policy on the RADIUS server has not been configured to support the correct EAPmethod.

Answer: C

Section: (none)


QUESTION 71A customer wants to provide stricter network access for devices connecting to a ProCurve Switch 5406zl byimplementing a combination of 802.1X and MAC authentication. Which configuration tasks must beperformed on the RADIUS server to support the ports configured with MAC authentication? (Select two.)

A. Configure EAP RADIUS for the authentication method.

B. Configure CHAP RADIUS for the authentication method.

C. Configure PAP to support unencrypted authentication of network devices.

D. Create a user in the user directory using the MAC address of the device for the user name andpassword.

E. Create a user on the RADIUS server using the MAC address of the device for the user name and theRADIUS shared secret for the password.

Answer: BD

Section: (none)


QUESTION 72A Windows XP workstation is configured with 802.1X supplicant software.

When a client connects to a switch port with 802.1X authentication enabled, which EAP messages may begenerated by the supplicant to gain access to the network? (Select two.)

A. EAPOL-start

B. EAP-request-identity

C. EAP-access-request

D. EAP-response-identity

E. EAP-access-challenge

Answer: AD

Section: (none)


QUESTION 73What is configured on a ProCurve switch to implement switch-to-switch 802.1X authentication?

A. user name and a password

B. EAP method and a shared secret

C. RADIUS protocol to use and a shared secret

D. base MAC address of the peer and a password

Answer: A

Section: (none)


QUESTION 74Which EAP method supports authentication of an 802.1X supplicant based on a user's digital certificate?

A. TLS

B. MD5

C. FAST

D. TTLS

E. LEAP

F. PEAP

Answer: A

Section: (none)


QUESTION 75Which EAP methods support authentication of a RADIUS server based on a digital certificate? (Selectthree.)

A. AKA

B. TLS

C. MD5

D. TTLS

E. LEAP

F. PEAP

Answer: BDF

Section: (none)


QUESTION 76You have configured a list of ports on a ProCurve switch for 802.1X port-access authentication. Whichconfiguration step is required to complete the configuration?

A. Configure the authorized VLAN identifier.

B. Set the state of the ports to authorized for 802.1X.

C. Use the start-eapol command to enable 802.1X operations.

D. Use the aaa port-access authenticator active command to activate the ports.

Answer: D

Section: (none)


QUESTION 77The network administrator of a private college wants to enable Web authentication for all switch edge portsin the student housing buildings. In addition, the administrator wants to address the growing problem ofstudents using unauthorized switches to connect multiple devices through a port. Which additionalconfiguration helps prevent more than one authenticated user from connecting to a port that has Webauthentication enabled with the default settings?

A. Enable port security with the address-limit 1 option.

B. The default client limit is 1, so no further configuration is required.

C. Enable port security with the learn-mode port-access option.

D. Add an option to the port-access command that limits the number of MAC addresses to 1.

Answer: B

Section: (none)


QUESTION 78A Web authenticator port is currently in the authenticating state. Which statement is correct?

A. The client can communicate with any destination located in the authorized VLAN.

B. Any DNS name resolves to the switch IP address and any IP address resolves to the switch MACaddress.

C. By default, a client connected to a Web authenticator port is initially assigned an IP address in the VLANto which it is connected.

D. The client is prevented from communicating with any IP address until the RADIUS server respondsindicating the user has been authenticated.

Answer: B

Section: (none)


QUESTION 79What is the default state of a port configured for IEEE 802.1X port-access authentication?

A. disabled

B. restricted

C. authorized

D. unauthorized

Answer: D

Section: (none)


QUESTION 80A Network Resource Access Rule in ProCurve Identity Driven Manager is most similar to which object?

A. Access Policy Group

B. Access Control Entry

C. Remote Access Policy

D. Network Dial-in Restrictions

E. Authorized RADIUS Servers List

Answer: B

Section: (none)


QUESTION 81Which role does the authenticator play in the 802.1X authentication process?

A. The authenticator provides two-way translation between EAP messages and RADIUS messages.

B. The authenticator validates the EAP-identity-request and responds with either an accept or rejectmessage.

C. The authenticator sends an access-challenge message to the supplicant to request client credentials.

D. The authenticator encapsulates an EAP-access-request inside of a RADIUS response-identity packetand forwards it for validation.

Answer: A

Section: (none)


QUESTION 82You have configured Open VLAN mode for the 802.1X authenticator ports in your company's network. Aftera client connects to a port and the user is successfully authenticated, the port's membership is changed tountagged in one of the following VLANs.

A. Underlying VLAN configured for the port

B. VLAN from the user's RADIUS profile

C. Authorized VLANWhat is the order of priority used to determine the VLAN?

D. A, B, C

E. A, C, B

F. B, A, C

G. B, C, A

H. C, A, B

I. C, B, A

Answer: D

Section: (none)



The RADIUS server and switch are correctly configured. The switch has the VLAN assignments and port-access commands configured, as shown in the exhibit.

What happens to port 10 after the user provides valid authentication information?

A. remains in an unauthorized state

B. becomes a member of VLAN 20

C. becomes a member of VLAN 25

D. becomes a member of VLAN 200

Answer: C

Section: (none)


QUESTION 84Which attributes can ProCurve Identity Driven Manager apply to a user's session after the user isauthenticated? (Select three.)

A. ACL

B. user group

C. QoS setting

D. bandwidth limit

E. login session limit

F. unauthorized VLAN ID

Answer: ACD

Section: (none)


QUESTION 85What are the main components of the ProCurve ProActive Defense network security solution? (Selectthree.)

A. stateful firewall

B. access control

C. network immunity

D. secure infrastructure

E. intrusion prevention system

F. antivirus and antispam integration

Answer: BCD

Section: (none)


QUESTION 86Which method or feature can control access for both switch management and general network users?

A. Port Security

B. Open VLAN mode

C. MAC authentication

D. RADIUS authentication

E. SSH client digital certificates

Answer: D

Section: (none)


QUESTION 87Network security can be described in terms of multiple layers of security.

Which actions describe examples of network access control measures? (Select three.)

A. implementing dynamic ACLs

B. using only SSL for switch access

C. implementing Web authentication

D. defining Port Security on switch ports

E. deploying an Intrusion Detection System in a server farm

Answer: ACD

Section: (none)


QUESTION 88Which configuration steps must you perform to implement the ProCurve Dynamic ARP protection feature ona switch? (Select three.)



C. Activate it on one or more VLANs.

D. Enable validation of source MAC addresses.

E. Allocate the IP-to-MAC address binding database.

F. Specify the valid MAC address formats supported.

Answer: ABC

Section: (none)


QUESTION 89Which statements describing a dynamic port ACL are correct? (Select two.)

A. It can be implemented as either a standard or extended ACL.

B. It filters switched IP traffic either inbound or outbound on a designated port.

C. It requires the use of 802.1X, Web, or MAC authentication services on the switch.

D. It is useful where clients with differing access needs are likely to use the same port.

E. Configuration of the ACL is done on the switch and then read dynamically by a RADIUS server when auser connects.

Answer: CD

Section: (none)


QUESTION 90You are configuring Dynamic ARP Protection on a ProCurve switch that connects to another downstreamswitch, which has Dynamic ARP Protection enabled. Which configuration step should you perform?

A. Define the downstream port as trusted.

B. Identify the upstream switch as the primary ARP authenticator.

C. Verify that Dynamic ARP Protection is not enabled on overlapping VLANs.

D. Allow sharing of the DHCP binding database stored on an external server.

E. Enable validation of all IP-to-MAC address bindings associated with the downstream switch.

Answer: A

Section: (none)


QUESTION 91You have enabled Port Security and specified the send-disable response option. Which administrativeaction, if any, is required after an intrusion occurs to enable the port to return to normal operation?

A. The port must be enabled.

B. The intrusion flag must be cleared.

C. The port is automatically reset after a delay timer expires.

D. The intrusion flag must be cleared and the port must be enabled.

Answer: D

Section: (none)


QUESTION 92What is a benefit of the ProCurve BPDU Filtering feature?

A. It allows you to permit or deny selected user traffic on individual spanning-tree ports.

B. It balances the traffic load between two or more spanning-tree ports currently in the forwarding state.

C. It prevents a port from being part of a spanning-tree topology that may otherwise cause a topology loop.

D. It controls spanning-tree operation on selected ports that you do not want to participate in spanning-treecommunications.

Answer: D

Section: (none)


QUESTION 93Which vulnerability is the ProCurve DHCP Snooping feature designed to protect against? (Select two.)

A. exhaustion of the IP address pool by a DHCP client

B. spoofing of IP address leases by a rogue DHCP server

C. excessive rate of connection attempts to the DHCP port

D. broadcast storms consisting of DHCP responses from unknown IP addresses

E. replacing a responding DHCP server's IP address with an erroneous IP address

F. substitution of one DHCP client's MAC address with another client's MAC address

Answer: AB

Section: (none)


QUESTION 94MAC Lockdown has been configured to lock down a device on port A1 in VLAN 10. During a maintenancetask, the device is accidentally connected to port B5 in VLAN 8. Which statement correctly describes thestate of port B5?

A. The port is operational because it is not the port configured for MAC Lockdown.

B. The port is listed as enabled and up, but the device is prevented from transmitting into the network.

C. The port is listed as disabled and down and the device is prevented from transmitting into the network.

D. Because the MAC Lockdown feature is not configured on the second module, the device cansuccessfully connect to the port.

E. The port is listed as throttled and will automatically be re-examined after a delay period. If the device isstill connected it will be blocked.

Answer: B

Section: (none)


QUESTION 95What are the minimum configuration steps required to implement the ProCurve DHCP Snooping feature ona switch? (Select three.)



C. Specify option 82 parameters.

D. Activate it on one or more VLANs.

E. Identify the DHCP server's IP address.

F. Specify the server where the lease database is stored.

G. Specify the maximum number of IP addresses per subnet allowed to be assigned by a DHCP server.

Answer: ABD

Section: (none)


QUESTION 96Which statement describes the type of traffic that a Routed ACL (RACL) filters? (Select two.)

A. IP traffic entering a physical port, port list, or static trunk

B. switched IP traffic moving between ports belonging to the same VLAN

C. routed IP traffic arriving on one VLAN and leaving through another VLAN

D. switched IP traffic moving between ports belonging to the same subnet of a multinetted VLAN

E. routed IP traffic arriving on one subnet and leaving through another subnet within the same multinettedVLAN

Answer: CE

Section: (none)


QUESTION 97Which criteria can selectively identify traffic to be mirrored using the ProCurve Traffic Mirroring feature?(Select two.)

A. ACL

B. traffic direction

C. packet size range

D. LLDP-MED identifier

Answer: AB

Section: (none)


QUESTION 98Which benefits are provided by the ProCurve SNMP Message Throttling feature? (Select two.)

A. It automatically regulates duplicate messages for a given recurring event.

B. It blocks SNMP connection attempts after a configured number of failed logins.

C. It limits the consumption of switch CPU resources when collecting statistics during heavy networkloading.

D. It suppresses any repeating messages sent to the switch Intrusion Log after a configured threshold isreached.

E. It controls the rate that SNMP traps are sent to one or more trap receivers and messages are sent to theswitch Event Log.

Answer: AE

Section: (none)


QUESTION 99When using DHCP Snooping, which action can the switch perform if a client sends a DHCP message withoption 82 set?

A. Mark the source client as untrusted and forward to a valid DHCP server.

B. Replace the field with the switch's IP address and the source port identifier.

C. Ignore the DHCP message because this is not a capability of DHCP Snooping.

D. Authenticate the DHCP message and forward it if the client is attached to a trusted port.

Answer: B

Section: (none)


QUESTION 100Which statements describing capabilities of Port Security on ProCurve switches are correct? (Select two.)

A. It can be applied to an edge port, static trunk, or dynamic trunk.

B. It can be concurrently active with MAC Lockout on a switch if the same MAC addresses are configured.

C. A port can be configured for traffic monitoring mode and access attempts silently logged when anintrusion is detected.

D. The default operating mode is continuous, which allows any device to access a port without causing asecurity response.

E. It includes eavesdrop protection, which prevents use of a port for flooding unicast packets addressed toMAC addresses unknown to the switch.

Answer: DE

Section: (none)


QUESTION 101Which statement describing the ProCurve Connection-rate Filtering feature is correct?

A. When enabled, it is automatically globally activated.

B. Any outbound traffic destined for a host that has been throttled or blocked is permitted.

C. It protects against both known and unknown threats, but requires intrusion signature updates.

D. It uses the Traffic Monitoring feature to determine whether traffic activity represents an intrusion.

Answer: B

Section: (none)


QUESTION 102Which action should an administrator take if the ProCurve Connection-rate Filtering feature blocks a port?

A. Unblock the port so that traffic can flow again.

B. Clear the intrusion flag and then re-enable the port.

C. Wait for the throttling period to expire before unblocking the port.

D. The port will be automatically unblocked after the received packet rate drops below a threshold.

Answer: A

Section: (none)


QUESTION 103You have a ProCurve Switch 3500yl-48G which has two configured VLANs. VLAN 10 has an IP addressrange of 10.1.10.0/24 and is where the servers reside. VLAN 24 has an IP address range of 10.1.24.0/24and is where the network clients reside. You configure an ACL with these entries:

permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.24.0 0.0.0.0 10.1.10.10255.255.255.255 eq http permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet

When you apply this ACL statically to ports in VLAN 24, what is the effect on the clients located in VLAN 24?

A. They would have no access at all because the ACL is misconfigured.

B. They could not access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL.

C. They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but no access anywhere else.

D. They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but full access to everythingelse in the 10.1.10.0 subnet.

Answer: C

Section: (none)


QUESTION 104Why should the ProCurve BPDU Protection feature be enabled on a port?

A. The port needs to participate in BPDU communications.

B. This ensures the port does not continue to receive BPDUs.

C. A topology change should occur when a port's link status changes.

D. The port is permanently configured as the root port in the spanning-tree.

Answer: B

Section: (none)


QUESTION 105Which capabilities are supported for extended ACLs on the ProCurve Switch 3500yl series? (Select two.)

A. sequence number for each Access Control Entry

B. ACL numeric identifier can be between 1 and 1024

C. optional use of log option for allow and deny actions

D. specification of well-known ICMP and IGMP message types

E. selectable action of allow or deny for the hidden Access Control Entry

Answer: AD

Section: (none)


QUESTION 106For what purpose can the ProCurve Instrumentation Monitor be used?

A. identify well-known intrusions based on predefined signatures

B. collect traffic statistics that can be used to determine historical trends

C. monitor network traffic on selected ports and send the packets to an IDS or IPS

D. report anomalies on the switch caused by common attacks or irregular conditions

Answer: D

Section: (none)


QUESTION 107Which statements describing ACLs on the ProCurve Switch 3500yl series are correct? (Select two.)

A. IP routing must be enabled.

B. Criteria may include Layer 3 and Layer 4 identifiers.

C. Each ACL includes the hidden allow any Access Control Entry.

D. Each new Access Control Entry is appended to the beginning of the list.

E. It may be assigned to a physical port, a static trunk, or a VLAN interface.

Answer: BE

Section: (none)


QUESTION 108Which Port Security learn mode allows any MAC address to be dynamically learned as a device connects toa port?

A. static

B. configured

C. continuous

D. port-access

Answer: C

Section: (none)


QUESTION 109Which action or configuration step should you take when implementing remote mirroring using the ProCurveTraffic Mirroring feature?

A. enabling jumbo frames

B. configuring a connection-rate filter

C. enabling SNMP message throttling

D. enabling the instrumentation monitor

Answer: A

Section: (none)


QUESTION 110A customer currently manages all ProCurve switches using unencrypted Web-based management, but nowwants to use SSL for encrypted Web-based management. Which steps must be completed before enablingSSL? (Select two.)

A. Generate an HTTPS client certificate.

B. Disable unencrypted Web-based management first.

C. Generate a self-signed server certificate for HTTPS.

D. Import a certificate request from a Certificate Authority.

E. Generate public and private keys for an HTTPS certificate.

Answer: CE

Section: (none)


QUESTION 111Which statement describing SSH support on the ProCurve Switch 3500yl series is correct?

A. Authentication of the switch to an SSH client is optional.

B. An SSH client key pair created using RSA or DSA can be used.

C. An SSH client can be authenticated based on user credentials or a public key.

D. Each concurrently connected SSH client must use a distinct public key if RSA is used.

Answer: C

Section: (none)


QUESTION 112Which type of information is displayed in the switch configuration file when the include-credentials commandis enabled? (Select three.)

A. public keys of SSH clients

B. DHCP Snooping IP-to-MAC address binding database

C. shared secret used to communicate with a RADIUS server

D. SSL public/private key pair of the switch's Web authenticator

E. plaintext passwords of the operator and manager user accounts

F. SNMPv3 user name and authentication and privacy protocol settings

Answer: ACF

Section: (none)


QUESTION 113Which security technology, supported in SSHv2 on the ProCurve Switch 5400zl series, allows newsymmetric keys to be generated periodically during a session with an SSH client?

A. RSA

B. AES

C. HMAC

D. Diffie-Hellman

E. Public and private keys

Answer: D

Section: (none)


QUESTION 114Which statements describing SSL operations for ProCurve switch management access are correct? (Selectfour.)

A. A self-signed certificate is contained in the switch's private key.

B. The server-side SSL port number on the switch is configurable.

C. The public key used for SSL is separate from the one used for SSH.

D. You must generate a self-signed digital certificate or acquire a CA-signed certificate.

E. A CA-signed certificate contains the switch's public key and is digitally signed using a CertificateAuthority's private key.

F. When Web-based management through SSL is enabled, unencrypted Web-based management isautomatically disabled.

Answer: BCDE

Section: (none)


QUESTION 115Which access methods can be configured on a ProCurve switch for authentication of switch managementusers through a RADIUS server? (Select four.)

A. SSH

B. Telnet

C. WLAN

D. 802.1X

E. console

F. TACACS+

G. Web browser

Answer: ABEG

Section: (none)


QUESTION 116Which statements describing SNMPv3 support on the ProCurve Switch 5400zl series are correct? (Selectthree.)

A. Message authentication can be implemented using MD5 or SHA-1.

B. Privacy and authentication protocols are configured on a per-user basis.

C. Public and private keys must be created before SNMPv3 can be enabled.

D. A password must be defined when selecting a privacy or authentication protocol.

E. SNMPv1 and SNMPv2c access must be restricted to read-only if SNMPv3 is enabled.

Answer: ABD

Section: (none)


QUESTION 117You have a customer who has just installed a ProCurve 3500yl switch in an open area of his office. Althoughthe switch is installed in a closed rack with a locking door, the customer is concerned that someone couldaccess the front panel buttons on the switch. Which commands allow the customer to prevent the switchfrom having its passwords and configuration information cleared? (Select two.)

A. front-panel-security lockdown

B. no front-panel-security factory-reset

C. no front-panel-security password-clear

D. no front-panel-security password-recovery

E. front-panel-security password-clear reset-on-clear

F. no front-panel-security password-clear reset-on-clear

Answer: BC

Section: (none)


QUESTION 118Which statement correctly describes the effect of configuring the encryption keys for multiple RADIUSservers on a ProCurve switch?

A. The encryption keys for all servers in the domain must be different.

B. The encryption keys for all servers in the domain must be the same.

C. An encryption key associated with a server overrides the globally defined key.

D. A globally defined encryption key overrides the key associated with an individual server.

Answer: C

Section: (none)


QUESTION 119Which SNMPv3 security enhancements supported on ProCurve switches are not available in SNMPv1 andSNMPv2c? (Select two.)

A. message privacy

B. user-based read and write access restrictions

C. configurable command, response, and trap receiver ports

D. TCP-based message flow control and acknowledgements

E. management station access control based on IP address or DNS name

Answer: AB

Section: (none)


QUESTION 120Which statements describing the implementation of Authorized IP Managers are correct? (Select three.)

A. It has precedence over any authentication methods that may be configured.

B. It requires that the user account used for switch management access has manager-level access.

C. If you specify the IP address 10.1.8.0 without an IP mask, a single IP address will be allowed access.

D. It is most useful for insecure switch management access methods that include console port, Telnet, andTFTP.

E. The IP mask of an Authorized IP Manager entry has no dependency on the subnet mask of the IPaddresses assigned to management stations.

Answer: ACE

Section: (none)


QUESTION 121

Which security attributes are accomplished by using a Hashed Message Authentication Code (HMAC)?(Select two.)

A. privacy

B. integrity

C. authenticity

D. nonrepudiation

E. secure key distribution

Answer: BC

Section: (none)


QUESTION 122When configuring SSL on a ProCurve switch, which user authentication methods can be specified? (Selectthree.)

A. 802.1X

B. RADIUS

C. Kerberos

D. public key

E. TACACS+

F. local user name and password

Answer: BEF

Section: (none)


QUESTION 123You are providing network access in several conference rooms for employees and visitors. When dealingwith physical access to equipment, what should you consider? (Select three.)

A. Who has access to the room?

B. Is there a guest access policy?

C. Is it in a secure area of the building?

D. Who knows the manager-level passwords?

E. Has accessibility been limited to administrators only?

F. Which ports are assigned to the management VLAN?

G. Does the data center meet military-level security requirements?

Answer: ABC

Section: (none)


QUESTION 124When designing a Secure Management VLAN, which ProCurve solution should an administrator implementat the core and Layer 2 edge devices for greater security?

A. Enable Secure Management VLANs to provide security at the core and at the Layer 2 switches; ACLsare not required.

B. Configure a separate management network with dedicated ports to isolate all management traffic at thecore and at the Layer 2 switches.

C. Enable Secure Management VLANs to provide security at the core; apply an IP address only to the coreswitch, and use ACLs at the Layer 2 switches.

D. Use ACLs to provide security at the core; enable Secure Management VLANs at the Layer 2 switches,and apply IP address only to the Secure Management VLAN.

Answer: D

Section: (none)


QUESTION 125The customer is considering using the Authorized IP Managers feature.

What are examples of switch management access that can be protected by this feature? (Select four.)

A. SSL

B. telnet

C. TFTP

D. SNMP

E. 802.1X

F. console

Answer: ABCD

Section: (none)


QUESTION 126To configure RADIUS authentication of switch management users on a ProCurve switch, the RADIUSserver must support which authentication method?

A. encrypted authentication using SSL

B. encrypted authentication using PEAP

C. encrypted authentication using CHAP

D. unencrypted authentication using HTTP

E. unencrypted authentication using MS-CHAP

F. unencrypted authentication using PAP or SPAP

Answer: F

Section: (none)


QUESTION 127A customer, who is already using SSH for secure communications, wants the client to be authenticated bythe switch using RSA. Which additional steps are necessary to set up client authentication? (Select two.)

A. Copy the client public key to the switch.

B. Copy the client private key to the switch.

C. Generate a public and private key pair on the client.

D. Generate a public and private key pair on the switch.

E. Copy the switch public and private key pair to the client.

Answer: AC

Section: (none)


QUESTION 128A network administrator plans to use centralized authentication to control switch management access to allProCurve switches through the console port. It is decided that the RADIUS server will be the primaryauthentication method and no secondary authentication method will be allowed. What will be the result ofthis proposed configuration?

A. The primary authentication method for operator-level access through the console port is the RADIUSserver; if no RADIUS server is found, access is denied.

B. The primary authentication method for manager-level access through the console port is the RADIUSserver; if no RADIUS server is found, access is denied.

C. This configuration is not allowed because the console port must allow the use of a user name from thelocal switch database in the event that the RADIUS server is not reachable.

D. The primary authentication method for manager-level access through the console port is the RADIUSserver; if no RADIUS server is found, only operator-level access is granted.

Answer: C

Section: (none)


QUESTION 129What are the capabilities of centralized authentication for management users of ProCurve switches? (Selectthree.)

A. It can use the local switch user accounts as a security fallback option.

B. A RADIUS, TACACS+, or Kerberos authentication server can be used.

C. It can control access from the console port, Telnet clients, SSH clients, and Web browsers.

D. It supports many of the more commonly used EAP methods including PEAP, TLS and TTLS.

E. Individual user names and passwords can be used for stronger management and accounting.

Answer: ACE

Section: (none)


QUESTION 130What are the effects of implementing a Secure Management VLAN on a ProCurve switch? (Select two.)

A. It prevents IP routing between the user VLANs configured on the switch.

B. Switch management access is limited to those ports assigned to the Secure Management VLAN.

C. It allows one management IP address per physical switch, regardless of the number of user VLANs.

D. It allows switch management access only through SSH, SSL Web browser, and SNMPv3 secure clientapplications.

E. It provides encrypted and authenticated session flow between the switch and the management station inthe Secure Management VLAN.

Answer: BC

Section: (none)


QUESTION 131Which statement describes the security technology implemented in SNMPv3?

A. Public and private keys are used to encrypt and decrypt messages.

B. Examples of encryption algorithms commonly supported are DES and AES.

C. The MD5 algorithm produces a larger message digest than the SHA-1 algorithm.

D. A hash function takes a message of arbitrary bit length and produces ciphertext using a shared secret.

Answer: B

Section: (none)


QUESTION 132Which statements describing RADIUS accounting support on the ProCurve Switch 3500yl series arecorrect? (Select three.)

A. The network accounting option is applicable only to 802.1X user sessions.

B. RADIUS accounting can control commands available at the management interface.

C. The Layer 4 port to which accounting statistics are sent is configurable on the switch.

D. The accounting statistics can be optionally stored in switch flash memory if a reboot occurs.

E. ProCurve IDM uses RADIUS accounting information to provide user session monitoring and reportinginformation.

Answer: ACE

Section: (none)


Building ProCurve Resilient, Adaptive Networks


H P HP0-Y12

Building ProCurve Resilient, Adaptive Networks

116 Q&A

Version 2.73

Exam A

QUESTION 1When does a router use administrative distance to determine which route to include in its route table?

A. when the router learned about multiple routes with equal-cost paths to the same destination

B. when the router learned about multiple routes to the same destination from different sources using thesame routing protocol

C. when the router learned about multiple routes to the same destination from different routing protocols orstatic configuration

D. when the router is configured with static routes to the same destination that specify the same cost butdifferent next hop router interfaces

Answer: C

Section: (none)


QUESTION 2What is an advantage of locating routing intelligence at the edge of an enterprise network instead of in thecore?

A. The edge-oriented strategy requires fewer VLANs and networks.

B. The edge-oriented strategy supports VRRP and other protocols for default gateway redundancy.

C. The edge-oriented strategy enables ACLs and other traffic filters to be applied before traffic traversesany part of the network.

D. The edge-oriented strategy simplifies summarization because each router must support VLANs only fordirectly connected users.

Answer: C

Section: (none)


QUESTION 3What is the difference between administrative distance and cost?

A. Administrative distance is applied only to routes learned through OSPF. Cost applies to RIP routes aswell as OSPF routes.

B. Administrative distance indicates the distance to remote networks learned through routing protocols.Cost applies static routes and directly connected networks.

C. Administrative distance is determined solely through interactions among routers that share a routingprotocol. Cost can be defined by the administrator of each router.

D. Administrative distance is a locally significant value that can be used to break ties between routeslearned from different sources. Cost is a cumulative metric that indicates the number of hops to aremote network.

Answer: D

Section: (none)


QUESTION 4

By default, what type of route is redistributed in RIP updates by ProCurve ProVision ASIC switches?

A. static

B. default

C. OSPF

D. connected

Answer: D

Section: (none)


QUESTION 5What are the advantages of implementing IP routing technologies at the network edge? (Select two.)

A. provide per-user QoS

B. decrease the load on network core

C. eliminate the need for routing protocols

D. create smaller, localized broadcast domains

E. enhance support for default gateway redundancy

Answer: BD

Section: (none)


QUESTION 6You enter the following command at the CLI of a ProCurve Switch 3500yl:

3500yl(config)#ip route 22.0.0.0/8 172.16.100.100

However, when you enter show ip route to confirm your entry, no route to 22.0.0.0/8 appears in the routetable. Which statement explains this condition?

A. The interface connected to 172.16.100.100 is down.

B. The switch has learned another route to 22.0.0.0/8 through OSPF.

C. The route table already includes a default route using 172.16.100.100.

D. The switch has not been configured with an IP address of 172.16.100.100.

Answer: A

Section: (none)


QUESTION 7Which condition is necessary to enable a group of networks to be auto-summarized by a ProCurve Switch3500yl?

A. The address ranges to be summarized must be within different OSPF areas.

B. The address ranges to be summarized must be within a classful network boundary.

C. The address ranges to be summarized must be directly connected to a neighbor router.

D. The address ranges to be summarized must be accessible through a neighbor router interface.

Answer: B

Section: (none)


QUESTION 8You must design an IP addressing scheme for a network that must support 16 different types of users, eachwith different resource and security requirements. What is an advantage of ensuring that the number ofnetworks assigned to each type of user is a power of 2?

A. It enables automatic summarization at classful boundaries.

B. It minimizes the number of VLANs required to support each type of user.

C. It ensures that an adequate number of IP addresses will be available for each type of user.

D. It simplifies summarization because all networks for each type of user can be summarized in a singlerouting statement.

Answer: D

Section: (none)


QUESTION 9What is a difference between voice traffic and video traffic?

A. Voice traffic is typically more difficult to route than streaming video traffic.

B. Voice traffic is typically more sensitive to delay than streaming video traffic.

C. Voice traffic is typically less sensitive to jitter than streaming video traffic.

D. Voice traffic is typically more bandwidth-intensive than streaming video traffic.

Answer: B

Section: (none)


QUESTION 10While analyzing network traffic, you notice that many packets have an 802.1p value of 0. On a ProCurveswitch with default QoS settings, what does this indicate?

A. No prioritization settings are in effect on the network.

B. The traffic will be mapped to the normal priority queue.

C. The network relies on Layer 3 classification technologies

D. The network is not using the default settings on ProCurve switches.

Answer: B

Section: (none)


QUESTION 11What is the effect when the following command is entered at the CLI of a ProCurve Switch 5406zl? 5406zl

(vlan-111)#qos priority 2

A. Packets entering the switch through VLAN 111 will be forwarded with normal priority.

B. Packets entering the switch through VLAN 111 will be forwarded with lower than normal priority.

C. Packets entering the switch through VLAN 111 will be forwarded with higher than normal priority.

D. Packets entering the switch through VLAN 111 will retain the priority marker set by another device.

Answer: B

Section: (none)


QUESTION 12Why does network congestion often cause more network congestion?

A. RSVP routers allocate more bandwidth to UDP applications.

B. TCP applications request retransmission of dropped packets.

C. QoS settings require switches to retransmit all real-time traffic.

D. 802.1p priorities are ignored after congestion reaches a user-defined threshold.

Answer: B

Section: (none)


QUESTION 13You must determine if the default settings on ProCurve 5406zl switches will provide adequate QoS for amultimedia training application. What must you learn about the application in order to make thisdetermination?

A. if it recognizes IGMP joins from receivers

B. if it uses TCP or UDP as a transport protocol

C. if it inserts Layer 2 or Layer 3 priority markers

D. if it supports Guaranteed Minimum Bandwidth

Answer: C

Section: (none)


QUESTION 14When does an LLDP-enabled switch start sending LLDP advertisements?

A. when QoS is enabled

B. when IP multicast is enabled

C. immediately after it has started

D. when it receives an LLDP request from a neighbor

Answer: C

Section: (none)


QUESTION 15Under what condition does the IEEE 802.1p field provide end-to-end prioritization?

A. All switches can classify traffic based on DSCP.

B. Source and destination hosts are in the same VLAN.

C. The network is experiencing high levels of congestion.

D. All links in the path between source and destination are tagged.

Answer: D

Section: (none)


QUESTION 16How many priority levels are specified by the IEEE 802.1p standard?

A. 4

B. 7

C. 8

D. 16

Answer: C

Section: (none)


QUESTION 17While analyzing network traffic using a port monitor on a ProCurve Switch 8212zl, you notice that manypackets have an 802.1p value of 1. If the switch has default QoS settings, what does this indicate?

A. The 8212zl has marked the traffic for low-priority forwarding.

B. The 8212zl has marked the traffic for high-priority forwarding.

C. Another device has marked the traffic for low-priority forwarding.

D. Another device has marked the traffic for high-priority forwarding.

Answer: C

Section: (none)


QUESTION 18You must configure QoS on a ProCurve Switch 8212zl in the core layer of a network. One interface on theswitch receives traffic that uses only Layer 3 markers to indicate priority.

What must you do to enable the switch to forward this traffic with correct priority?

A. Set the QoS trust level to the appropriate value.

B. Enable the appropriate interpretation of the IP ToS field.

C. Configure port-based priorities for all ports forwarding this traffic.

D. Configure custom IEEE 802.1p maps for all ports forwarding this traffic.

Answer: B

Section: (none)


QUESTION 19You will connect an IP telephone that supports LLDP-MED to port 8 on a ProCurve Switch 3500yl. Whichconfiguration step will enable the switch to auto-configure the appropriate VLAN for the phone??

A. Enable LLDP-MED in the VLAN 1 configuration context.

B. Configure port 8 as a tagged member of a voice VLAN.

C. Enable LLDP-MED in the configuration context for a voice VLAN.

D. Define port 8 as an LLDP-MED port in the global configuration context.

Answer: B

Section: (none)


QUESTION 20What is the role of an OSPF Area Border Router?

A. to connect multiple non-backbone areas

B. to connect a backbone area to non-backbone areas

C. to connect OSPF domains with domains that use other routing protocols

D. to connect a backbone area to the backbones of other OSPF routing domains

Answer: B

Section: (none)


QUESTION 21The IP route table of ProCurve Switch 8212zl includes routes learned through RIP and through OSPF.Which step is necessary to enable the router to include the RIP routes in its Link State Advertisements?

A. Enable RIP on all OSPF interfaces.

B. Configure RIP redistribution in the OSPF configuration context.

C. Enable RIP auto-summarization in the OSPF configuration context.

D. Configure the router as an ABR for all areas that should receive the RIP routes.

Answer: B

Section: (none)


QUESTION 22Which actions are required to define an OSPF router as an ABR? (Select two.)

A. Delete the backbone area.

B. Set OSPF priority to 0 for all non-backbone interfaces.

C. Enable OSPF redistribution in the OSPF configuration context.

D. Associate different OSPF interfaces with at least two area IDs.

E. Define two or more area IDs within the OSPF configuration context.

Answer: DE

Section: (none)


QUESTION 23A ProCurve Switch 8212zl must be configured to be the ABR for OSPF areas 0 and 5. While implementingthis configuration, you enter the following command at the switch's CLI:

8212zl(ospf)#area 5 stub 2 no-summary

How will this affect the route tables of other routers in area 5?

A. Only directly connected routes will be listed.

B. The only OSPF route will be the interface with the 8212zl.

C. All networks outside area 5 will be summarized as a default route.

D. Every route known to the 8212zl will be listed with a separate gateway and cost.

Answer: C

Section: (none)


QUESTION 24You have enabled OSPF in the global configuration context and in the VLAN 222 context of a ProCurveSwitch 8212zl. All OSPF areas have been created and associated with the correct VLANs. All other OSPFsettings are at default. What is the effect of the following command?

8212zl(vlan-222)#ip ospf cost 100

A. The OSPF link using VLAN 222 as a gateway will use the default cost.

B. The OSPF link using VLAN 222 will become the preferred route to the backbone area.

C. The OSPF link using VLAN 222 as a gateway will have higher cost than OSPF links with a default cost.

D. The OSPF link using VLAN 222 as a gateway will have lower cost than OSPF links with a default cost.

Answer: C

Section: (none)


QUESTION 25The output of show ip ospf neighbor for a ProCurve Switch 8212zl indicates a 2WAY state for one of theswitch's OSPF neighbor relationships. What does this indicate about the 8212zl and its neighbor?

A. They are in different OSPF areas.

B. They are both BDRs for an OSPF area.

C. They are configured with different OSPF versions.

D. They are neighbors, but have not formed an adjacency.

Answer: D

Section: (none)


QUESTION 26What is an OSPF virtual link?

A. a link that connects an ABR to the backbone area through a non-backbone area

B. a link that provides a redundant connection between an internal router and an ABR

C. a link that enables an ABR to exchange routes with a router in another OSPF domain

D. a link that provides a redundant connection between an ASBR and a non-OSPF domain

Answer: A

Section: (none)


QUESTION 27How does a ProCurve Switch 5406zl handle two equal-cost OSPF paths?

A. It blocks one of the paths.

B. It shares the load over the two paths.

C. It balances the load per TCP session.

D. It uses the first path that appeared in the routing table.

Answer: B

Section: (none)


QUESTION 28What is the impact on memory usage when defining multiple OSPF areas on a ProCurve Switch 5412zl?

A. It is decreased because non-backbone routes are summarized.

B. It is increased because it must maintain more routes in its route table.

C. It is increased because it must maintain link-state databases for each area.

D. It is decreased because all backbone routes are summarized as the default route.

Answer: C

Section: (none)


QUESTION 29How does the ProCurve Adaptive EDGE Architecture support

convergence?

A. by enhancing edge compression of video streams

B. by supporting prioritized traffic at the edge of the network

C. by translating analog signals to digital signals at the edge of the network

D. by supporting a variety of Layer 3 protocols at the edge and in the core of the network

Answer: B

Section: (none)


QUESTION 30Why are Ethernet and IP the fundamental technologies for converged networks? (Select two.)

A. They are widely deployed.

B. They offer mature standards.

C. They offer high levels of security.

D. They are not disrupted by power outages.

Answer: AB

Section: (none)


QUESTION 31What is a Triple Play network?

A. a network that supports IP, IPX/SPX, and AppleTalk

B. a network that includes 10 Mbps, 100 Mbps, and 1 Gpbs clients

C. a network that carries voice, video, and data over a single infrastructure

D. a network that features a core layer, a distribution layer, and an edge layer

Answer: C

Section: (none)


QUESTION 32Why is VoIP more sensitive to network congestion than traditional data applications?

A. VoIP uses more bandwidth than data applications.

B. VoIP requires dedicated virtual circuits to provide adequate voice quality.

C. VoIP depends on frequent broadcasts to maintain location and inventory information.

D. VoIP requires that packets be transmitted and received at predictable, fixed intervals.

Answer: D

Section: (none)


QUESTION 33Which items are synchronized when a second management module is installed in a ProCurve Switch8212zl? (Select three)

A. IP route tables

B. boot directives

C. uncompressed OS

D. running configuration

E. startup configuration

F. stored software images

Answer: BEF

Section: (none)


QUESTION 34A ProCurve Switch 8212zl is provisioned with two 1500W power supplies.

What is the status of the switch's ability to provide PoE?

A. The switch requires a power shelf to provide any PoE power.

B. The switch requires two additional power supplies to provide any PoE power.

C. The switch can provide up to 900 watts of PoE power to six interface modules.

D. The switch can provide up to 1800 watts of PoE power to 12 interface modules.

Answer: D

Section: (none)


QUESTION 35At a customer site, you upload a new software version to the primary flash area of a ProCurve Switch8212zl. The secondary flash area is unchanged and continues to hold the currently running software. Whenyou reboot the system using the primary flash image, the CLI is not available because of softwarecorruption. How can you recover access to the switch?

A. Power down the switch, remove the active management module, and then restart the switch.

B. Use the Clear and Reset buttons on the management module to erase the current configuration andrestart the switch.

C. Connect to the active management module with a serial connection, restart the switch, and selectsecondary from the Boot Profiles menu.

D. Press and hold the System Reset button on the System Support Module to force a management moduleswitchover.

Answer: C

Section: (none)


QUESTION 36

What is the effect of a fabric module failure on a ProCurve Switch 8212zl with two fabric modules installed?

A. The switch can no longer support 10 GbE modules.

B. Only half of the switch's interface ports continue forwarding.

C. Switch forwarding is interrupted for 30 seconds by the fabric module switchover.

D. All ports continue forwarding, but maximum switching capacity is reduced by 50 percent.

Answer: D

Section: (none)


QUESTION 37Which items are interchangeable between the ProCurve Switch 5412zl and the Switch 8212zl? (Select two.)

A. fabric module

B. software image

C. interface module

D. management module

E. system support module

Answer: BC

Section: (none)


QUESTION 38What is the role of the System Support Module on a ProCurve Switch 8212zl?

A. enable remote access by ProCurve support personnel

B. provide an interface for out-of band management access

C. maintain forwarding during management module switchover

D. host system-level components such as fan control and system clock

Answer: D

Section: (none)


QUESTION 39If the active management module of a ProCurve Switch 8212zl is in Slot 2, what is the effect of the followingCLI commands?

8212zl#redundancy switchover...

Do you want to continue [y/n]? yDo you want to save current configuration [y/n]? y

A. The module in Slot 1 is set to become the active module on the next boot.

B. The system is restarted, and the module in Slot 1 assumes the active role.

C. The module in Slot 1 reboots immediately and becomes the active module.

D. The module in Slot 2 is restarted, and the module in Slot 1 assumes the active role.

Answer: D

Section: (none)


QUESTION 40What are differences between the software features of the ProCurve Switch 5412zl and the Switch 8212zl?(Select two.)

A. The 8212zl supports IPv4 and IPv6. The 5412zl supports only IPv4.

B. The 8212zl supports PIM-Dense and PIM-Sparse. The 5412zl supports only PIM-Dense.

C. The 8212zl supports commands to manage redundant management modules. The 5412zl does notsupport these commands.

D. The 8212zl supports multiple configuration files that can be associated with different flash areas. The5412zl does not support multiple configuration files.

E. The 8212zl supports advanced features such as OSPF and VRRP by default. The 5412zl requires aPremium License to support these features.

Answer: CE

Section: (none)


QUESTION 41Which commands can be accessed during a serial console session with the standby management moduleon a ProCurve Switch 8212zl? (Select two.)

A. all show commands

B. all commands available to Operator level users

C. show commands related to redundancy

D. show commands related to flash contents on the standby module

Answer: CD

Section: (none)


QUESTION 42Why is PIM called protocol independent?

A. because it offers dense and sparse modes

B. because it supports all multicast application protocols

C. because it is compatible with other multicast routing protocols

D. because it can use information derived from any IP routing source

Answer: D

Section: (none)


QUESTION 43Which part of the multicast address range is used by routing protocols such as RIPv2 and OSPF?

A. AD-HOC Block

B. Internetwork Control Block

C. Local Network Control Block

D. Administratively Scoped Address Block

Answer: C

Section: (none)


QUESTION 44You must configure IP multicast on a ProCurve Switch 5406zl. In which context is it necessary to enableIGMP?

A. in the global configuration context

B. for all VLANs defined on the switch

C. for all VLANs that will support multicast hosts

D. for all VLANs associated with switch-to-switch links

Answer: C

Section: (none)


QUESTION 45You must configure IP multicast on a ProCurve Switch 5412zl in the distribution layer of a customernetwork. Where will it be necessary to enable PIM?

A. every user-defined VLAN

B. VLAN 1 and switch-to-switch links

C. ports with directly connected users

D. every VLAN that will carry multicast traffic

Answer: D

Section: (none)


QUESTION 46During a multicast transmission, a PIM-Dense router receives Leave Group messages from all downstreamIGMP hosts that had requested the transmission. After sending a PIM Prune message upstream, whichaction does the router take?

A. immediately drops the multicast group's S,G pair from its PIM table

B. queries PIM neighbors to determine if it should keep the multicast group's S,G pair in its PIM table

C. drops the multicast group's S,G pair after forwarding the Leave Group messages to neighboring PIMrouters

D. maintains the multicast group's S,G pair in its PIM table as long as the stream is being transmitted

Answer: D

Section: (none)


QUESTION 47When designing a multicast solution, what circumstance requires that you specify PIM as well as IGMP?

A. Multicasts need to be routed.

B. Multicasts will have multiple sources.

C. Multicasts will have high usage among end users.

D. Multicasts will require large amounts of bandwidth.

Answer: A

Section: (none)


QUESTION 48Which circumstances might make PIM-Dense a better solution than PIM-Sparse for a multicast domain?(Select two.)

A. All domain routers support IGMP as well as PIM.

B. The domain must support more than 50 routers.

C. Bandwidth is plentiful on links connecting routers.

D. Routers with group presence are in close proximity.

E. All domain routers support Layer 3 prioritization markers.

Answer: CD

Section: (none)


QUESTION 49An unmanaged Layer 2 switch that does not support IP multicast receives a multicast transmission. Whatdoes the switch do?

A. It drops the traffic.

B. It forwards the traffic through all ports.

C. It forwards the traffic toward its default gateway.

D. It forwards the traffic as a unicast through all ports.

Answer: B

Section: (none)


QUESTION 50

In a PIM-Sparse domain, what is the responsibility of the Bootstrap Router (BSR)?

A. maintaining a PIM route table for all domain routers

B. providing a boundary with PIM-Dense routing domains

C. distributing associations between Rendezvous Points and multicast groups

D. providing the root of multicast distribution trees for administratively defined groups

Answer: C

Section: (none)


QUESTION 51What is an advantage of implementing Multiple Spanning Tree Protocol (MSTP) instead of Rapid SpanningTree Protocol (RSTP)?

A. MSTP provides better support for legacy STP.

B. MSTP generates less traffic for STP convergence.

C. MSTP enables more complete use of all switch-to-switch links.

D. MSTP provides for faster failover if the root bridge becomes unavailable.

Answer: C

Section: (none)


QUESTION 52You must configure VRRP on two ProCurve 8212zl switches that are also members of a single-instanceSpanning Tree. One of the switches is the Root bridge in the Spanning Tree.

How will the switch's role in the Spanning Tree affect its VRRP configuration?

A. The Spanning Tree root must be Backup for all VRIDs.

B. The Spanning Tree root must also be Master of all VRIDs.

C. The Spanning Tree root must be Backup for all VRIDs associated with its directly connected VLANs.

D. The Spanning Tree root must be Master for all VRIDs associated with VLANs for which it does not havedirect links.

Answer: B

Section: (none)


QUESTION 53What is a difference between router redundancy support on the 5304xl and the 5406zl?

A. The 5406zl supports VRRP. The 5304xl supports XRRP.

B. The 5406zl supports VRRP and VRRP-E. The 5304xl supports only VRRP-E.

C. The 5406zl can support 255 virtual routers. The 5304xl can support only 128 virtual routers.

D. The 5406zl can be Master or Backup for any VRRP instance. The 5304xl can be only Backup.

Answer: A

Section: (none)


QUESTION 54On a ProCurve Switch 8212zl, which feature must be enabled before you can enable VRRP?

A. RIP

B. MSTP

C. IP routing

D. IP multicast

Answer: C

Section: (none)


QUESTION 55Which Spanning Tree version is enabled when the following command is issued at the CLI of a ProCurveSwitch 8212zl?

8212zl(config)# spanning-tree

A. STP

B. PVST

C. RSTP

D. MSTP

Answer: D

Section: (none)


QUESTION 56You must design an MSTP solution for a new customer network that will deploy 8212zl switches in the coreand 3500yl and 5400zl switches at the edge. All of the switches will belong to a single MST region. Whichfactor will determine how many MST instances the region will require to ensure that all links are in aforwarding state for at least one VLAN?

A. the number of switches at the network edge

B. the total number of VLANs configured on the switches

C. the number of switches with shared VLAN configurations

D. the number of redundant paths between one edge switch and the core

Answer: D

Section: (none)


QUESTION 57At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicates

that both switches are the Root of MST instance 1. Which statement explains this output?



C. One of the switches has been configured for RSTP operation.

D. The switches have identical Port Priorities for ports associated with the instance.

Answer: B

Section: (none)


QUESTION 58You must configure Multiple Spanning Tree Protocol (MSTP) on two ProCurve 8212zl switches and four5406zl switches. Which step is necessary to ensure that all of the switches join the same MST region?

A. Configure the switches with identical Port Priorities for shared links in each MST instance.

B. Configure all switch-to-switch links in each MST instance as tagged members of all user VLANs.

C. Configure Bridge Priorities on all switches so that each MST instance has a different Root Bridge.

D. Configure the switches with identical config-names, config-revisions, and VLAN-to-instance mappings.

Answer: D

Section: (none)


QUESTION 59What is the effect of a fabric module failure on a ProCurve Switch 8212zl with two fabric modules installed?

A. The switch can no longer support 10 GbE modules.

B. Only half of the switch's interface ports continue forwarding.

C. Switch forwarding is interrupted for 30 seconds by the fabric module switchover.

D. All ports continue forwarding, but maximum switching capacity is reduced by 50 percent.

Answer: D

Section: (none)


QUESTION 60What is the minimum number of power supplies required to enable forwarding by all interface modules in afully populated ProCurve Switch 8212zl?

A. 1

B. 2

C. 3

D. 4

Answer: B

Section: (none)


QUESTION 61You install two new management modules in a ProCurve Switch 8212zl.

Assuming that both modules pass self-test, which module will become active when the switch is started?

A. the module in Slot 1

B. the module that passes self-test first

C. the module with the lowest MAC address

D. the module with the most recent software version

Answer: A

Section: (none)


QUESTION 62What is the effect of executing the following commands entered at the prompt of a ProCurve Switch 8212zl?

8212zl(config)#reload...

Do you want to continue [y/n]? y

A. The active management module is rebooted and goes to standby status.

B. Both management modules are rebooted. The standby module becomes active.

C. All modules are rebooted. The management modules retain their standby or active status.

D. The active management module and all interface modules are rebooted. The active managementmodule remains active.

Answer: A

Section: (none)


QUESTION 63At a customer site, you must install a second management module in Slot 2 on a ProCurve Switch 8212zl.Both flash memory areas of the new management module contain software version K.12.44. The primaryand secondary flash memory areas of the module already in Slot 1 contain software version K.12.43. Howwill the installation affect the contents of the modules' memory areas?

A. K.12.44 will be installed in both areas on the Slot 1 module.

B. K.12.43 will be installed in both areas on the Slot 2 module.

C. K.12.43 will be installed in the primary area of the Slot 2 module. K.12.44 will be installed in thesecondary area of the Slot 1 module.

D. K.12.44 will be installed in the inactive area on the Slot 1 module. K.12.43 will be installed in thesecondary area of the Slot 2 module.

Answer: B

Section: (none)


QUESTION 64What is the purpose of the RJ-45 port on the management module of a ProCurve Switch 8212zl?

A. provide 10 GbE uplink

B. provide serial connection for console access

C. provide interface for out-of-band Ethernet management

D. provide interface for IP access when no interface modules are installed

Answer: B

Section: (none)


QUESTION 65If the active management module of a ProCurve Switch 8212zl is in Slot 2, what is the immediate effect ofthe following CLI commands?

8212zl(config)#redundancy active-management management-module1 8212zl(config)#write memory

A. The module in Slot 1 immediately becomes the active module.

B. The module in Slot 1 is set to become the active module on the next boot.

C. The system is restarted, and the module in Slot 1 assumes the active role.

D. The module in Slot 2 is restarted, and the module in Slot 1 assumes the active role.

Answer: B

Section: (none)


QUESTION 66What are differences between the architecture of the ProCurve Switch 5412zl and the Switch 8212zl?(Select two.)

A. The 8212zl can support 12 10 GbE modules. The 5412zl can support only 10.

B. The 8212zl can support two management modules. The 5412zl can only support one.

C. The 8212zl can use only zl interface modules. The 5412zl can use zl modules and xl modules.

D. The 8212zl features a modular switching fabric. The switching fabric of the 5412zl is located on thebackplane.

E. The 8212zl can provide PoE only on modules in Slot A and Slot B. The 5412zl can provide PoE on allinterface modules.

Answer: BD

Section: (none)


QUESTION 67A ProCurve Switch 8212zl is provisioned with two 1500W power supplies.

What is the status of the switch's ability to provide PoE?

A. The switch requires a power shelf to provide any PoE power.

B. The switch requires two additional power supplies to provide any PoE power.

C. The switch can provide up to 900 watts of PoE power to six interface modules.

D. The switch can provide up to 1800 watts of PoE power to 12 interface modules.

Answer: D

Section: (none)


QUESTION 68Why are Ethernet and IP the fundamental technologies for converged networks? (Select two.)

A. They are widely deployed.

B. They offer mature standards.

C. They offer high levels of security.

D. They are not disrupted by power outages.

Answer: AB

Section: (none)


QUESTION 69How does a dedicated voice VLAN enhance QoS for a VoIPimplementation?

A. It isolates phones from data broadcasts.

B. It eliminates the need for Layer 2 priority markers.

C. It enables routing without Layer 3 priority markers.

D. It ensures that priorities set by phones will be enforced.

Answer: A

Section: (none)


QUESTION 70How does the ProCurve Adaptive EDGE Architecture supportconvergence?

A. by enhancing edge compression of video streams

B. by supporting prioritized traffic at the edge of the network

C. by translating analog signals to digital signals at the edge of the network

D. by supporting a variety of Layer 3 protocols at the edge and in the core of the network

Answer: B

Section: (none)


QUESTION 71What are the benefits offered by converged networks? (Select two.)

A. simplified adds, moves, changes

B. unified support for IPv4 and for IPv6

C. lowered costs for switches and routers

D. enhanced quality for voice transmissions

E. integrated support for voice, video, and data

Answer: AE

Section: (none)


QUESTION 72By default, what type of route has the lowest administrative distance on a ProCurve Switch 3500yl?

A. RIP

B. static

C. OSPF

D. directly connected

Answer: D

Section: (none)


QUESTION 73You must configure RIP on a ProCurve Switch 3500yl. Why is it not necessary to enable RIP in the contextof VLANs connected only to end stations?

A. because the 3500yl route table already includes routes to the end stations

B. because the 3500yl automatically includes connected routes in RIP updates

C. because the 3500yl automatically summarizes routes to all networks without RIP neighbors

D. because the 3500yl only exchanges information about router-to-router links with RIP neighbors

Answer: B

Section: (none)


QUESTION 74Which address is valid for the loopback interface of a ProCurve Switch 5406zl?

A. 192.168.1.1/8

B. 192.168.1.1/16

C. 192.168.1.1/24

D. 192.168.1.1/32

Answer: D

Section: (none)


QUESTION 75What is the default metric for a RIP interface on ProCurve switches?

A. 1

B. 10

C. 15

D. 120

Answer: A

Section: (none)



Assume RIP is configured correctly on all routers. What is a potential problem with this topology?

A. Router1 is not Telnet accessible.

B. VLAN 1 is susceptible to broadcast storms.

C. Hosts in VLAN 27 cannot contact hosts in VLAN 46.

D. The link between Router1 and Router2 will not carry user traffic.

Answer: B

Section: (none)


QUESTION 77What is the significance of the Gateway field in the IP route table of a ProCurve Switch 8212zl?

A. It identifies the local interface that leads to a remote network.

B. For remote networks, it identifies the number of hops between this router and the destination network.For local networks, it contains all zeros.

C. It identifies the IP address of the interface that is serving as the primary default gateway for connectedhosts in the VLAN associated with the interface.

D. For remote networks, it identifies the IP address of the next hop router. For local networks, it identifiesthe VLAN ID associated with the network interface on the switch.

Answer: D

Section: (none)



What is indicated by this entry from the IP route table of a ProCurve Switch 8212zl?

A. The switch's neighbor on VLAN 172 is not available.

B. The switch's address on VLAN 172 is 192.168.1.254.

C. All traffic forbidden by ACLs will be redirected to 192.168.1.254.

D. VLAN 172 is the gateway to networks not specified by other route table entries.

Answer: D

Section: (none)


QUESTION 79When performing manual summarization, why is it recommended to disable RIP on the interface that leadsto the summarized networks?

A. to allow the router to auto-summarize ranges on other interfaces

B. to prevent the router from receiving information about networks already in the route table

C. to avoid advertising the static route used for summarization to routers connected to the interface

D. to enable the static route used for summarization to be advertised over downstream router interfaces

Answer: B

Section: (none)


QUESTION 80You are configuring IP multicast on a ProCurve Switch 5406zl. OSPF is enabled. All VLANs have beendefined and IP addresses assigned to all routed interfaces. IGMP has been enabled for all VLANs that willsupport multicast hosts. To enable PIM, you issue the following commands:

5406zl(config)#ip multicast-routing5406zl(config)#router pim

What is the remaining step in this process?

A. Enable IGMP at the global configuration level.

B. Enable PIM only on interfaces that lead to other routers.

C. Enable PIM for every VLAN that will support Layer 3 multicast.

D. Enable sparse mode for every VLAN that will support Layer 3 multicast.

Answer: C

Section: (none)


QUESTION 81When designing a multicast solution, what circumstance requires that you specify PIM as well as IGMP?

A. Multicasts need to be routed.

B. Multicasts will have multiple sources.

C. Multicasts will have high usage among end users.

D. Multicasts will require large amounts of bandwidth.

Answer: A

Section: (none)


QUESTION 82In a PIM-Sparse routing domain, which router is the root node of a multicast distribution tree?

A. Bootstrap Router

B. Rendezvous Point

C. first router to receive an IGMP join

D. router closest to the mulitcast source

Answer: B

Section: (none)


QUESTION 83Which multicast address scope is recommended by the IANA for multicasts that will be contained within asingle organization?

A. local scope

B. global scope

C. enterprise scope

D. administrative scope

Answer: D

Section: (none)


QUESTION 84When does a PIM-Dense router add an S,G pair to its PIM routing table?

A. when it receives a PIM Graft message

B. when it receives a multicast transmission

C. when it receives a multicast advertisement

D. when it receives a Hello message from a neighbor

Answer: B

Section: (none)


QUESTION 85Analysis of traffic on an enterprise network indicates that a multicast-enabled router floods multicast trafficto all networks. Which type of protocol is the router using?

A. sparse-mode

B. dense-mode

C. group-management

D. protocol-dependent

Answer: B

Section: (none)


QUESTION 86You have verified that a ProCurve Switch 5406zl is correctly configured for PIM dense mode. The switch'sIGMP table shows active hosts who are members of multicast group 239.192.11.11. The multicast is inprogress and all hosts are receiving the content. However, the multicast group does not appear in theswitch's PIM route table. What does this indicate about the 239.192.11.11 multicast group?

A. PIM has not been enabled globally.

B. The switch is Querier for the group.

C. The server and receivers are in different VLANs.

D. The switch is forwarding the multicast at Layer 2.

Answer: D

Section: (none)


QUESTION 87Why does IP multicast distribute multimedia content more efficiently than unicast?

A. It provides bandwidth guarantees.

B. It forces synchronization of audio and video.

C. It places less load on network infrastructure.

D. It enhances the performance of video codecs.

Answer: C

Section: (none)



To enable hosts in VLAN 70 to receive multicasts from the server, where must you enable both PIM andIGMP?

A. VLAN 70

B. VLAN 110

C. VLAN 70 and VLAN 110

D. VLAN 1 and VLAN 110

Answer: C

Section: (none)


QUESTION 89You connect an IP telephone that supports LLDP-MED to a port on a ProCurve Switch 5406zl. The port is amember of an administratively defined voice VLAN and also requires 802.1X authentication. How will LLDP-MED and 802.1X interact?

A. The switch will permit LLDP-MED communication with the phone after authentication is complete.

B. The switch will exempt the phone from the 802.1X requirement after confirming its LLDP-MEDinformation.

C. The switch will use information from the phone's first LLDP-MED frame to submit its authenticationcredentials.

D. The switch will submit the phone's authentication credentials to a RADIUS server after the devicesexchange LLDP-MED information.

Answer: A

Section: (none)


QUESTION 90Which prioritization capability is provided at default settings by all managed ProCurve switches?

A. Map DSCP values to physical queues.

B. Classify traffic according to TCP port number.

C. Classify traffic based on 802.1p values set by other devices.

D. Translate Layer 2 priority markers to Layer 3 priority markers.

Answer: C

Section: (none)


QUESTION 91You are planning a network upgrade at a small company. During a meeting, you learn that the customer willinstall VoIP telephones that set Layer 2 priority markers for all voice traffic. The VoIP traffic will not crossany routed links. What is necessary to ensure that ProVision ASIC switches maintain the priorities set by thephones? (Select two.)

A. GMB settings for voice traffic

B. default QoS configuration settings

C. tagged links for all voice VLAN traffic

D. an IEEE 802.1p-to-DSCP map for voice traffic

E. rate limiting on all ports that support VoIP phones

Answer: BC

Section: (none)


QUESTION 92How does LLDP-MED enhance LLDP?

A. by enabling network devices to discover endpoints

B. by enabling network devices to discover IGMP hosts

C. by enabling network devices to discover PSTN PBX devices

D. by enabling network devices to discover multicast routers

Answer: A

Section: (none)


QUESTION 93A user of a new VoIP infrastructure reports that she unintentionally speaks at the same time as the personon the other end of the line. What is a likely cause of this condition?

A. excessive jitter

B. excessive delay

C. excessive echo

D. excessive packet collisions

Answer: B

Section: (none)



At this prompt, you enter qos dscp 011100, a DSCP codepoint that maps to an IEEE 802.1p priority value of4. What is the effect of this command?

A. The Layer 2 and Layer 3 priorities for VLAN 90 will be different.

B. The DSCP codepoint will be re-mapped to 802.1p priority 7 for VLAN 90.

C. The current VLAN 90 priority of 7 will be replaced with a new priority of 4.

D. The command will have no effect because the higher priority will take precedence.

Answer: C

Section: (none)


QUESTION 95You must configure Guaranteed Minimum Bandwidth on a ProCurve Switch 5412zl to increase thebandwidth available for high-priority video traffic. Which CLI configuration context must you enter tocomplete this task?

A. port

B. QoS

C. global

D. VLAN

Answer: A

Section: (none)


QUESTION 96What is the default number of queues on a ProCurve Switch 8212zl?

A. 2

B. 4

C. 7

D. 8

E. 12

Answer: D

Section: (none)


QUESTION 97You are designing a prioritization scheme based on the IEEE 802.1p standard. HTTP traffic should receivelow priority treatment. Which 802.1p values will fulfill this requirement? (Select two.)

A. 0

B. 1

C. 2

D. 3

E. 4

Answer: BC

Section: (none)


QUESTION 98In a converged network, what does video traffic require in comparison to voice traffic?

A. less delay

B. higher priority

C. more bandwidth

D. more expensive cabling

Answer: C

Section: (none)


QUESTION 99What is Class of Service (CoS)?

A. a synonym for Quality of Service (QoS)

B. a method for measuring Quality of Service (QoS)

C. a proprietary solution for Quality of Service (QoS)

D. a mechanism for providing Quality of Service (QoS)

Answer: D

Section: (none)


QUESTION 100

How can you minimize delay for all traffic types in your network infrastructure?

A. Implement PIM-Sparse instead of PIM-Dense.

B. Deploy non-blocking switches whenever possible.

C. Install gigabit network interface cards in end stations.

D. Configure all switches to implement prioritization technologies.

Answer: B

Section: (none)


QUESTION 101A ProCurve Switch 8212zl will be the ABR for OSPF areas 0 and 6. While enabling this configuration, youenter the following command at the switch's CLI:

8212zl(lo-0)#ip ospf all area 6

What is the effect of this command?

A. The loopback interface will be a stub area.

B. The loopback interface will not be advertised in summary LSAs.

C. The loopback interface will be included in the non-backbone area.

D. The loopback interface will not be accessible to hosts in networks outside of area 6.

Answer: C

Section: (none)


QUESTION 102Which step is necessary to enable an OSPF-enabled ProCurve Switch 8212zl to act as an AutonomousSystem Boundary Router (ASBR)?

A. Enable redistribution.

B. Define an area range summary.

C. Enable equal-cost multipath routing.

D. Define multiple non-backbone areas.

Answer: A

Section: (none)


QUESTION 103What is the advantage of defining multiple OSPF areas for a large intranet?

A. reduce the processing load on ABRs

B. provide multiple paths from internal routers to ASBRs

C. reduce the total number of LSAs maintained by internal routers

D. enable all routers to communicate directly with the backbone area

Answer: C

Section: (none)


QUESTION 104What is an OSPF virtual link?

A. a link that connects an ABR to the backbone area through a non-backbone area

B. a link that provides a redundant connection between an internal router and an ABR

C. a link that enables an ABR to exchange routes with a router in another OSPF domain

D. a link that provides a redundant connection between an ASBR and a non-OSPF domain

Answer: A

Section: (none)


QUESTION 105What is the role of an OSPF Autonomous System Boundary Router?

A. to connect multiple non-backbone areas

B. to connect backbone areas to non-backbone areas

C. to connect OSPF domains with domains that use other routing protocols

D. to connect a backbone area to the backbones of other OSPF routing domains

Answer: C

Section: (none)


QUESTION 106The output of show ip ospf link-state on a ProCurve Switch 3500yl shows that the age of one Network LinkState Advertisement (LSA) is 1819. How will this affect the router's behavior?

A. The router will request a new LSA from the neighbor that sent it.

B. The router will ignore all LSAs from the neighbor until they are refreshed.

C. The router will ignore the advertisement when running its Shortest Path First (SPF) algorithm

D. The router will place the advertised route in its IP route table if it has not learned another route to thesame network.

Answer: C

Section: (none)


QUESTION 107All IP interfaces defined on a ProCurve Switch 5406zl are members of OSPF area 5. What does thisindicate?

A. Area 5 is a transit area.

B. The 5406zl is an internal router.

C. Area 5 is a not so stubby area (NSSA).

D. The 5406zl cannot be elected Designated Router.

Answer: B

Section: (none)


QUESTION 108By default, how will a ProCurve Switch 5406zl select its OSPF Router ID if the ID is not configured by theadministrator? (Select two.)

A. The Default VLAN IP address becomes the Router ID.

B. The lowest IP address assigned to an OSPF interface becomes the Router ID.

C. The highest IP address assigned to an OSPF interface becomes the Router ID.

D. The lowest IP address on the lowest numbered loopback interface becomes the Router ID.

E. The highest IP address on the highest numbered loopback interface becomes the Router ID.

Answer: BD

Section: (none)


QUESTION 109Which protocol for default gateway redundancy is supported by the ProVision ASIC switches?

A. XRRP

B. VRRP

C. HSRP

D. FSRP

Answer: B

Section: (none)


QUESTION 110While configuring two 8212zl switches, you enable VRRP on the Backup router before enabling VRRP onthe Owner. What is the effect of this procedure?

A. No default gateway will be available until the Master is enabled.

B. Users will experience a brief interruption when VRRP is enabled on the Master.

C. The Backup router will issue an error when it does not find a Master on the VRIDs.

D. The routers will not assume the correct roles unless the Backup is restarted after VRRP is enabled onthe Master.

Answer: B

Section: (none)


QUESTION 111How can you ensure that a particular switch will be elected Root Bridge of an MST instance, assuming allSpanning Tree settings on other switches are at the default ?

A. Set the CIST Bridge Priority to 0.

B. Set the Bridge Priority for the instance to 0.

C. Set the Port Priority for each port in the instance to 0.

D. Set the Bridge Priority for each VLAN in the instance to 0.

Answer: B

Section: (none)


QUESTION 112You must configure a ProCurve Switch 8212zl to be the Owner of a VRID associated with VLAN 10. Whatmust be true of the virtual IP address for the VRID?

A. It must use a classful network mask.

B. It must be an address on a multi-netted interface.

C. It must match the router's address for the VLAN 10 interface.

D. It must match the address assigned to VLAN 10 on the Backup router.

Answer: C

Section: (none)


QUESTION 113Which Spanning Tree protocol is implemented on the ProVision ASIC switches?

A. STP

B. PVST

C. MSTP

D. RSTP

Answer: C

Section: (none)


QUESTION 114How does the Virtual Router Redundancy Protocol (VRRP) enhance network availability?

A. by providing redundant default gateways for clients

B. by providing redundant links between edge and core layers

C. by enabling routers to learn redundant paths to remote networks

D. by supporting the configuration of redundant gateways on VRRP-aware clients

Answer: A

Section: (none)


QUESTION 115You must design a Virtual Router Redundancy Protocol (VRRP) solution for a new customer network thatwill deploy two 8212zl switches in the core and 3500yl switches at the edge. The 8212zl switches willprovide default gateway services for all hosts. MSTP will be enabled on all switches. How can your VRRPdesign ensure that the direct paths between hosts and their default gateways are not blocked by SpanningTree when all links are up?

A. Ensure that one core router is configured as Owner of all VRIDs.

B. Ensure that the VLANs in each MST instance are associated with different VRIDs.

C. Ensure that the Root Bridge of the Common Spanning Tree (CST) is also Owner of all VRIDs.

D. Ensure that the Root Bridge of each MST instance is also the Owner of all VRIDs associated withVLANs in that instance.

Answer: D

Section: (none)


QUESTION 116At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicatesthat both switches are the Root of MST instance 1. Which statement explains this output?



C. One of the switches has been configured for RSTP operation.

D. The switches have identical Port Priorities for ports associated with the instance.

Answer: B

Section: (none)


HP0-Y18 dump 20q_v2.73.20q

Number: 000-000Passing Score: 800Time Limit: 120 minFile Version: 1.0

Pass4Side HP HP0-Y18

HP HP0-Y18

ProCurve Mobility

Exam A

QUESTION 1What is the default management username and password on the ProCurve AP 530?

A. The username is admin, and the password is admin.

B. The username is admin, and the password is procurve.

C. The username is manager, and the password is procurve.

D. The username is admin, and there is no default password.

Answer: A

Section: (none)


QUESTION 2Which security option was part of the original 802. 11 standard?

A. 802. 1X

B. Shared-key WEP

C. Dynamic Wired Equivalent Privacy (WEP)

D. Wi-Fi Protected Access with preshared keys (WPA-PSK)

Answer: B

Section: (none)


QUESTION 3When can a station no longer communicate with an AP?

A. when the received signal falls below 0 dBm

B. when the received signal falls below the background noise

C. when the received signal falls below the station's receiver sensitivity

D. when the received signal falls below the fade margin for the wireless cell

Answer: C

Section: (none)


QUESTION 4What does the slot time determine?

A. the number of seconds the AP waits between sending beacons

B. the length of time the station waits between detecting a transmission and sending a frame

C. the beginning of the 802. 11 frame, which enables the AP and the station to synchronize theirtransmissions

D. how long the station can "sleep" before it must become active and check the AP to see if there are anytransmissions waiting for it

Answer: B

Section: (none)


QUESTION 5You want ProCurve Radio Port (RP) 1's radio to function as a neighbor for RP 2's radio.RP 1 will monitorRP 2 and take action if RP 2 becomes unavailable.You configure RP 1's radio to take which action if RP 2becomes unavailable? (Select two. )

A. Open its data rates.

B. Change the radio's channel.

C. Increase the radio's transmit power.

D. Order stations associated with RP 2 to roam.

E. Change the radio mode from 802. 11a to 802. 11b/g.

Answer: AC

Section: (none)


QUESTION 6The ProCurve Mobility Manager (PMM) site-planning tool provides an Auto Placement tool.What does thistool take into account as it places devices on the floor plan?

A. the existing RF interference

B. the obstacles that you have defined

C. other devices already placed on the floor plan

D. the floor plan dimensions and desired capacity

Answer: D

Section: (none)


QUESTION 7Wireless networks present certain challenges.Which wireless network challenge does ProCurve MobilityInfrastructure Solutions help you address?

A. Users are less productive when using a wireless connection.

B. 802. 11 standards do not provide any guidelines for Layer 2 roaming.

C. 802. 11 standards do not provide any encryption, so you must create VPN tunnels to each end station.

D. Multiple users connect to the network through the same AP, but access must be authorized for eachuser.

Answer: D

Section: (none)


QUESTION 8What is a function of ProCurve Identity Driven Manager (IDM)?

A. It identifies which wireless users must associate to the wireless network.

B. It enables you to load different configuration files onto your ProCurve Mobility Infrastructure devices.

C. It guides you in creating policies that can be applied, through RADIUS, to either wired or wireless users.

D. It adds special features to ProCurve Manager (PCM) for configuring radio and wireless security settings.

Answer: C

Section: (none)


QUESTION 9You need to provide a wireless network for a small area that will require two access points.For this wirelessnetwork, you want to support both 802. 11b/g and 802. 11a radios throughout the entire coverage area.What would you choose?

A. two ProCurve AP 420s

B. two ProCurve AP 530s

C. ProCurve Wireless LAN System with two Radio Port (RP) 210s

D. ProCurve Wireless LAN System with one RP 230 and one RP 210

Answer: B

Section: (none)


QUESTION 10What does Spanning Tree Protocol (STP) on the ProCurve AP 530 prevent?

A. loops over connections to stations in the wireless network

B. loops over the APs Ethernet and wireless bridge connections

C. loops over connections between stations in the wireless and the wired network

D. loops over connections between only wireless stations associated with multiple APs

Answer: B

Section: (none)


QUESTION 11Which Quality of Service (QoS) mechanism do both the ProCurve AP 420 and the ProCurve AP 530support?

A. Wi-Fi Multimedia (WMM)

B. SpectraLink Voice Priority (SVP)

C. Differentiated Services (DiffServ)

D. Wi-Fi Multimedia Extensions (WME)

Answer: B

Section: (none)


QUESTION 12The ProCurve AP 420 radio has one Basic Service Set Identifier (BSSID), and each of the two AP 530radios has 16 BSSIDs.What is the implication of this difference?

A. The AP 420 can advertise only 1 WLAN, but the AP 530 can advertise 16.

B. The AP 420 can support only 1 WLAN, but the AP 530 can support 32.

C. The AP 420 can support only 1 WLAN, but the AP 530 can support 16.

D. The AP 420 can advertise only 1 WLAN, but the AP 530 can advertise 32.

Answer: A

Section: (none)


QUESTION 13What purpose does the second software image on the ProCurve AP 420 serve?

A. It allows you to choose two different images to load onto the AP.

B. It allows you to keep the last software image that was loaded onto the AP.

C. It provides a failsafe image in the event the primary image becomes corrupted.

D. It provides an alternate software version in the event the primary does not support your configuration.

Answer: C

Section: (none)

Explanation/Reference:Pass4Side Help you pass any IT Exams! Page 4 of 6 Pass4Side HP HP0-Y18

QUESTION 14How many configuration files can be stored on the ProCurve AP 420?

A. 2: the startup-config and the factory default config

B. 3: the startup-config, the factory default config, and one custom config

C. 3: the factory default config, the startup-config, and the backup startup-config

D. 4: the factory default config, the startup-config, the backup startup-config, and one custom config

Answer: A

Section: (none)


QUESTION 15Your company has a branch office down the street from your main office.You want to connect the networksbetween the two offices, and physical cabling is not an option.Which wireless devices should you select forthis environment?

A. two ProCurve AP 420s

B. two ProCurve AP 530s

C. two RP 230s and a Wireless Edge Services xl Module

D. two RP 220s with Yagi antennas and a Wireless Edge Services zl Module

Answer: B

Section: (none)


QUESTION 16You are configuring a ProCurve AP 530.You configure two WLANs.What is one reason to enable the firstWLAN only on radio 1 and the second WLAN only on radio 2?

A. to overcome environmental obstacles

B. to double the capacity of each WLAN by using two radios

C. to separate different types of wireless traffic into different collision domains

D. to allow users to choose their radio but still connect to the same Basic Service Set (BSS)

Answer: C

Section: (none)


QUESTION 17Your company wants to use the 2. 4GHz frequency on both of your ProCurve AP 530 radios.What must youdo so that both radios can use this frequency?

A. Set both radios to either 802. 11g or 802. 11b.

B. Set both radios to either 802. 11g or 802. 11b, and install an external antenna for radio 2.

C. Install an 802. 11b/g card on radio 2, and set both radios to either 802. 11g or 802. 11b.

D. Set one radio to 802. 11g and one radio to 802. 11b, install an external antenna for radio 1, andconfigure radio 1 to use an external antenna.

Answer: B

Section: (none)


QUESTION 18Which ProCurve AP 530 feature is most beneficial for a small to medium business that has strong securityneeds?

A. It monitors for excessive probes to detect possible intrusion attempts.

B. Its internal RADIUS server provides standalone support for 802. 1X authentication.

C. Unlike the ProCurve AP 420, it can operate all 16 of its wireless LANs in closed system.

D. It supports 802. 11a, and hackers generally do not check for networks on this frequency.

Answer: B

Section: (none)


QUESTION 19Your network includes a building with multiple ProCurve AP 530s. You want the APs to enforce the samesecurity settings, but the APs require different radio settings. What is required for ProCurve MobilityManagers (PMMs) to successfully configure the APs?

A. You must use a configuration template instead of custom groups to configure the AP 530s.

B. You cannot place the AP 530s into a custom group. You must configure all settings individually.

C. You must place the AP 530s into a custom group and configure settings from the custom group andconfigure radio settings individually.

D. You must configure the radio settings individually before you place the AP 530s into a custom group;then you can configure other settings.

Answer: C

Section: (none)


QUESTION 20When the AP 530 submits the administrator's login credentials to the RADIUS server, the RADIUS serverreturns a dynamic VLAN assignment of 10 to the AP 530.The AP 530 is using the default settings fordynamic and static VLAN support. In which VLAN does the AP 530 place the network administrator's traffic?

A. 32, because dynamic VLANs are disabled by default

B. the default management VLAN, because there is a VLAN conflict

C. 10, because dynamic VLAN assignments override static VLAN assignments

D. 32, because static VLAN assignments override dynamic VLAN assignments

Answer: C

Section: (none)


QUESTION 21You are configuring a WLAN on the ProCurve AP 420.When students, faculty members, and administratorsassociate to the WLAN, you want them to receive the dynamic VLAN assignment for their particular group.However, when staff members associate to the WLAN you want their traffic to be placed in the VLAN that isassigned to the WLAN. How do you configure the AP 420 to support these VLAN assignments?

A. You select the Dynamic VLAN option for the WLAN.Static VLANs are supported by default.

B. You select both the Static and Dynamic VLAN options.These global options apply to the entire AP 420.

C. You select the Enable VLAN option for the WLAN.This option enables support for both static anddynamic

VLANs on this WLAN only.

D. You select the Dynamic VLAN option, which enables both static and dynamic VLANs.This global optionapplies to the entire AP 420.

Answer: D

Section: (none)


QUESTION 22Which ProCurve Mobility Manager (PMM) feature allows you to prevent a station from associating to anyAP or a Radio Port (RP) managed by PMM?

A. MAC lockout

B. Inter-station blocking

C. Client deauthentication

D. Access Control List (ACL)

Answer: A

Section: (none)


QUESTION 23Which radio settings can you configure for a ProCurve Radio Port (RP) using ProCurve Mobility Manager(PMM)? (Select two.)

Case Study Title (Case Study):

A. Slot time

B. Preamble length

C. Self healing radios

D. Enable or disable a radio

E. Automatic Channel Selection (ACS)

Answer: DE

Section: (none)


QUESTION 24Your company wants to use the 2.4GHz frequency on both of your ProCurve AP 530 radios. What must youdo so that both radios can use this frequency?

A. Set both radios to either 802.11g or 802.11b.

B. Set both radios to either 802.11g or 802.11b, and install an external antenna for radio 2.

C. Install an 802.11b/g card on radio 2, and set both radios to either 802.11g or 802.11b.

D. Set one radio to 802.11g and one radio to 802.11b, install an external antenna for radio 1, andconfigure radio 1 to use an external antenna.

Answer: B

Section: (none)


QUESTION 25Which Quality of Service (QoS) mechanism do both the ProCurve AP 420 and the ProCurve AP 530

support?

A. Wi-Fi Multimedia (WMM)

B. SpectraLink Voice Priority (SVP)

C. Differentiated Services (DiffServ)

D. Wi-Fi Multimedia Extensions (WME)

Answer: B

Section: (none)


ProCurve Accelerated ASE Mobility


HP0-Y19

ProCurve Accelerated ASE Mobility

Version3.63

Exam A

QUESTION 1What does this output from the show ip ospf neighbor command indicate about the OSPF neighborrelationship between this router and the router with ID 10.3.0.1?

A. They are in different OSPF areas.

B. They have not formed an adjacency.

C. They are configured with different OSPF versions.

D. They are not eligible to be elected DR or BDR.

Answer:

Section: (none)

Explanation/Reference:B

QUESTION 2You are planning a network upgrade at a small company. During a meeting, you learn that the customer willinstall VoIP telephones that set Layer 2 priority markers for all voice traffic, and the VoIP traffic will not crossany routed links. What is necessary to ensure that ProVision ASIC switches maintain the priorities set by thephones? (Select two.)

A. LLDP-MED for all voice VLANs

B. an IEEE 802.1p-to-DSCP map for voice traffic

C. port-based priorities for ports connected to phones

D. default QoS settings

E. tagged links for all voice VLAN traffic

Answer:

Section: (none)

Explanation/Reference:D, E

QUESTION 3You connect an IP telephone that supports LLDP-MED to a port on a ProCurve Switch 5406zl. The port is a

member of a voice VLAN and also requires 802.1X authentication. How will LLDP-MED and 802.1Xinteract?

A. The switch will exempt the phone from the 802.1X requirement after confirming its LLDP-MEDinformation.

B. The switch will submit the phone's authentication credentials to a RADIUS server after the devicesexchange LLDP-MED information.

C. The switch will permit LLDP-MED communication with the phone after authentication is complete.

D. The switch will use information from the phone's first LLDP-MED frame to submit its authenticationcredentials.

Answer:

Section: (none)

Explanation/Reference:C

QUESTION 4Which part of the multicast address range is reserved for applications that will remain within an enterpriseintranet?

A. Internetwork Control Block

B. AD-HOC Block

C. Administratively Scoped Address Block

D. Local Network Control Block

Answer:

Section: (none)


QUESTION 5What is the role of this Switch 3500yl in the OSPF routing domain?

A. ASBR

B. virtual router

C. ABR

D. internal router

Answer:

Section: (none)

Explanation/Reference:D

QUESTION 6You configured VLAN 10 and VLAN 24 on a ProCurve Switch 3500yl-48G. The network servers reside inVLAN 10, which has an IP address range of 10.1.10.0/24. Network clients reside in VLAN 24, which has anIP address range of 10.1.24.0/24. You configure an ACL with these entries and apply it statically to ports inVLAN 24:permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftppermit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq http permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq telnet What is the effect of these ACLs on the clients located in VLAN 24?

A. They would have no access at all, because the ACL is misconfigured.

B. They would be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but no access anywhere else.

C. They would be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but full access to everythingelse in the 10.1.10.0 subnet.

D. They could not access anything in the 10.1.10.0 subnet, because IP has not been specified in the ACL.

Answer:

Section: (none)


QUESTION 7Port C1 on a ProCurve Switch 5412zl is a tagged member of VLAN 50 and an untagged member of VLAN1. Port C2 and port C3 are at default VLAN settings. What is the effect of the following command entered atthe CLI?5412zl(config)# trunk c1-c3 trk1

A. The trunk is defined as an untagged member of VLAN 1, but port C1 is not included.

B. The trunk is not defined, because the ports' VLAN memberships do not match.

C. The trunk is defined as an untagged member of VLAN 1 and a tagged member of VLAN 50.

D. The trunk is defined as an untagged member of VLAN 1 but is not a member of VLAN 50.

Answer:

Section: (none)


QUESTION 8You must configure a ProCurve Switch 8212zl to be the Backup router for a VRID associated with VLAN 10.What must be true of the virtual IP address for the VRID on this router?

A. It must be an address assigned to a multi-netted interface.

B. It must be an address that is not assigned to any interface on either router.

C. It must match the Backup router's address for the VLAN 10 interface.

D. It must match the Owner router's address for the VLAN 10 interface.

Answer:

Section: (none)


QUESTION 9On a ProCurve Switch 8212zl, which feature must be enabled before you can enable VRRP?

A. MSTP

B. IP routing

C. IP multicast

D. RIP

Answer:

Section: (none)


QUESTION 10You must configure Multiple Spanning Tree Protocol (MSTP) on two ProCurve 8212zl switches and four5406zl switches. Which configuration is necessary to ensure that all of the switches join the same MSTregion?

A. The switches must have identical Port Priorities for shared links in each MST instance.

B. Bridge Priorities on all switches must be configured so that each MST instance has a different RootBridge.

C. All switch-to-switch links in each MST instance must be tagged members of all user VLANs.

D. The switches must be configured with identical config-names, config-revisions, and VLAN-to-instancemappings.

Answer:

Section: (none)


QUESTION 11How can you ensure that a particular switch will be elected Root Bridge of an MST instance, assuming allSpanning Tree settings on other switches are at the default?

A. Set the Bridge Priority for the instance to 0.

B. Set the Port Priority for each port in the instance to 0.

C. Set the Bridge Priority for each VLAN in the instance to 0.

D. Set the CIST Bridge Priority to 0.

Answer:

Section: (none)

Explanation/Reference:A

QUESTION 12While analyzing network traffic, you notice that many packets have an 802.1p value of 0. On a ProCurveswitch with default QoS settings, what does this indicate?

A. No prioritization settings are in effect on the network.

B. The network relies on Layer 3 classification technologies.

C. The traffic will be mapped to the normal priority queue.

D. The network is not using the default settings on ProCurve switches.

Answer:

Section: (none)


QUESTION 13At a customer site, the output of show spanning-tree instance 1 on two ProCurve 8212zl switches indicatesthat both switches are the Root of MST instance 1. Which statement explains this output?

A. The switches have different MST configuration names.

B. One of the switches has been configured for RSTP operation.

C. The switches have identical Port Priorities for ports associated with the instance.

D. The switches have identical Bridge Priorities.

Answer:

Section: (none)


QUESTION 14You must determine if a customer's RADIUS server will support authentication of switch management usersfor ProCurve switches. Which authentication method is required?

A. PEAP

B. PAP/SPAP

C. MS-CHAP/MS-CHAPv2

D. CHAP

Answer:

Section: (none)


QUESTION 15While configuring two 8212zl Switches, you enable VRRP on the Backup router before enabling VRRP onthe Owner. What is the effect of this procedure?

A. Users will experience a brief interruption when VRRP is enabled on the Master.

B. The Backup router will issue an error when it does not find a Master on the VRIDs.

C. No default gateway will be available until the Master is enabled.

D. The routers will not assume the correct roles unless the Backup is restarted after VRRP is enabled onthe Master.

Answer:

Section: (none)


QUESTION 16You must configure VRRP on two ProCurve 8212zl switches that are also members of a single-instance

Spanning Tree. One of the switches is the Root Bridge in the Spanning Tree. How will the switch's role inthe Spanning Tree affect its VRRP configuration?

A. The Spanning Tree root must also be Master of all VRIDs.

B. The Spanning Tree root must be Master for all VRIDs associated with VLANs for which it does not havedirect links.

C. The Spanning Tree root must be Backup for all VRIDs associated with its directly connected VLANs.

D. The Spanning Tree root must be Backup for all VRIDs.

Answer:

Section: (none)


QUESTION 17Which protocol is enabled when the following command is entered at the CLI of a Switch 3500yl? 3500yl(config)# spanning-tree

A. PVST

B. RSTP

C. MSTP

D. STP

Answer:

Section: (none)


QUESTION 18An existing 1000Base-T link between two ProCurve 5406zl Switches at a small university is configured as amember of the faculty VLAN. After an IT manager configures a four-port trunk between the switches,members of the college's faculty report that they can no longer access servers that were available beforethe trunk was installed. Which statement describes a likely solution for this problem?

A. A new link must be configured for the VLAN, because the maximum number of VLANs that the porttrunk can support has been exceeded.

B. The switch-to-switch link must be added to the port trunk, because the switches cannot simultaneouslysupport port trunks and single-port links between switches.

C. The port trunk must be configured for tagged membership in the faculty VLAN, because port trunks donot support untagged VLANs.

D. The port trunk must be configured for membership in the faculty VLAN, because the trunk ports areautomatically assigned to the default VLAN as untaggedmembers.

Answer:

Section: (none)


QUESTION 19You enabled and activated 802.1X authentication for ports 1-4 on a Switch 3500yl. VLAN membership of theports is at default settings. Users connecting to the switch will authenticate using Windows IAS and beassigned to VLANs based on policies applied by Identity Driven Manager. You enter the following command:

3500yl(config)#aaa port-access authenticator ethernet 1-4 unauth-vid 33 What is the VLAN membership of these ports while no clients are connected?

A. VLAN 1

B. VLAN assigned by RADIUS server

C. VLAN 33

D. VLAN assigned by IDM

Answer:

Section: (none)


QUESTION 20What is the default state of a ProCurve switch port configured for port-based authentication using 802.1X?

A. authorized

B. learning

C. unauthorized

D. authenticated

Answer:

Section: (none)


QUESTION 21Besides IP address, which criteria can be used to identify a Network Resource in Identity Driven Manager?(Select two.)

A. WLAN

B. MAC address

C. TCP/UDP port

D. SSID

E. Protocol

Answer:

Section: (none)

Explanation/Reference:C, E

QUESTION 22What is the purpose of the Global Address Pool on the AP 530?

A. to provide DHCP service for locations without dedicated DHCP servers

B. to provide addresses to Web-Auth users during authentication

C. to provide addresses for users authenticated through the local RADIUS server

D. to provide addresses for MAC-Auth devices that cannot access enterprise DHCP servers

Answer:

Section: (none)


QUESTION 23You must configure IP multicast on a ProCurve Switch 5406zl. In which context is it necessary to enableIGMP?

A. for all VLANs defined on the switch

B. for all VLANs associated with switch-to-switch links

C. for all VLANs that will support multicast hosts

D. in the global configuration context

Answer:

Section: (none)


QUESTION 24What does the value of N.A in this table indicate about the Radio Port (RP)?

A. The RP requires a bootloader code update to enable it to receive an IP address by DHCP.

B. The DHCP server on the Wireless Module must be enabled, so that the RP can obtain a valid IPaddress.

C. The Wireless Module must be configured with an IP address in the same network as the switch hostingthe RP.

D. The RP has been adopted at Layer 2.

Answer:

Section: (none)


QUESTION 25You must install the Identity Driven Manager (IDM) RADIUS Agent for Windows. What is the process for thistask?

A. At the ProCurve Manager Plus server, associate the RADIUS server with an IDM realm, and deploy thecurrent policy.

B. At the RADIUS server, run the ProCurve Manager installer, and select Configure RADIUS Agent whenprompted for installation instructions.

C. At a client computer, log on to the network from a Location defined in IDM, and attempt to authenticatethrough the RADIUS server.

D. At the RADIUS server, use a Web browser to access the PCM server, and then download and run theagent installer.

Answer:

Section: (none)


QUESTION 26What are the options for enabling a ProCurve Radio Port (RP) to learn the IP address of a Wireless Moduleduring Layer 3 adoption? (Select two.)

A. Define option 189 on the enterprise DHCP server to provide the address.

B. Enable the module's built-in DHCP server.

C. Configure an IAS Remote Access Policy to provide the address during authentication.

D. Configure the enterprise DNS server to provide a hostname for the module.

E. Configure the module with an interface in the RP's Radio Port VLAN.

Answer:

Section: (none)

Explanation/Reference:A, D

QUESTION 27When does a ProCurve Radio Port require an IP address?

A. when routing is enabled on the Wireless Module

B. when it must be subject to ACLs configured on the Wireless Module

C. when it must participate in a Layer 3 mobility domain

D. when it resides in a different broadcast domain than the Wireless Module

Answer:

Section: (none)


QUESTION 28Which user-defined object in Identity Driven Manager is similar to an Access Control Entry (ACE) configuredon a ProCurve switch?

A. Access Profile

B. Network Resource

C. Access Policy

D. Network Resource Access Rule

Answer:

Section: (none)


QUESTION 29Which sources of user identity are directly supported by the user import feature in Identity Driven Manager?(Select three.)

A. CSV file

B. XML file

C. RADIUS server

D. Windows Active Directory

E. LDAP server

F. ODBC database

G. SQL database

Answer:

Section: (none)

Explanation/Reference:B, D, E

QUESTION 30You must configure a Wireless Edge Services Module and associated Radio Ports (RPs), which arecurrently at factory defaults. Which item must be defined before the module can adopt any RPs?

A. primary WLAN

B. configuration mode

C. RP VLAN IP address

D. country code

Answer:

Section: (none)


QUESTION 31Which capability of the Secure Access Wizard is supported by ProCurve Identity Driven Manager (IDM)?

A. encryption of security-related credentials stored in switch configurations

B. verification of a switch's 802.1X, Web, and MAC authentication settings

C. synchronization of the ProCurve IDM database with Active Directory

D. configuration of 802.1X authenticator ports and RADIUS server settings on a switch

Answer:

Section: (none)


QUESTION 32In a Windows environment, what is a role of the Identity Driven Manager (IDM) RADIUS Agent?

A. to act as a RADIUS proxy server for all clients associating through locations defined in IDM

B. to add RADIUS attributes to an Access-Accept packet from IAS

C. to monitor the Window Active Directory user accounts for evidence of unauthorized logins or accessattempts

D. to ensure that user accounts created in RADIUS databases on ProCurve access points are correctlyadded to Active Directory on the Domain Controller

Answer:

Section: (none)


QUESTION 33You must create a user in Windows Active Directory to support MAC authentication for a ProCurve switch.What is the password for the switch's user?

A. IP address

B. serial number

C. MAC address

D. RADIUS shared secret

Answer:

Section: (none)


QUESTION 34A ProCurve Switch 8212zl must be configured to be the ABR for OSPF areas 0 and 5. While implementingthis configuration, you enter the following command at the switch's CLI:8212zl(ospf)#area 5 stub 2 no-summaryHow will this affect the route tables of other routers in area 5?

A. The only OSPF route will be the interface with the 8212zl.

B. All networks outside area 5 will be summarized as a default route.

C. Only directly connected routes will be listed.

D. Every route known to the 8212zl will be listed with a separate gateway and cost.

Answer:

Section: (none)


QUESTION 35In Identity Driven Manager, which user-defined object identifies specific switch ports and access pointswhere users connect to the network?

A. Location

B. Access Profile

C. Network Resource

D. Interconnect Devices

Answer:

Section: (none)


QUESTION 36You have connected a Radio Port (RP) 230 to a ProCurve Switch 2610-24-PWR connected to a 5406zlhosting a Wireless Module. The switches are connected at Layer 2 with interfaces in the network192.168.1.0/24. You have defined the port connected to the RP as an untagged member of VLAN 2100, butthe RP has not been adopted by the Wireless Module. Which step is necessary to enable adoption?

A. Upgrade the RP bootloader code.

B. Tag VLAN 2100 on the link between the two switches.

C. Enable IP routing on the Wireless Module.

D. Configure Option 189 on the enterprise DHCP server.

Answer:

Section: (none)


QUESTION 37Which criteria can be used as parameters for Access Rules in Identity Driven Manager? (Select three.)

A. TCP port

B. Time

C. Location

D. System

E. IP address

F. VLAN ID

Answer:

Section: (none)

Explanation/Reference:B, C, D

QUESTION 38Which EAP methods support authentication of an 802.1X supplicant based on a user's name andpassword? (Select two.)

A. TLS

B. SPAP

C. SIM

D. TTLS

E. PEAP

F. CHAP

Answer:

Section: (none)

Explanation/Reference:D, E

QUESTION 39

You installed ProCurve Manager Plus and Identity Driven Manager (IDM) at a customer site that uses ActiveDirectory (AD) for user authentication. You must now configure AD Sync to enable automaticsynchronization of users and groups by IDM and the Domain Controller. Which further information do yourequire to complete this task?

A. RADIUS shared secret

B. Domain Controller IP address

C. AD administrator credentials

D. Certification Authority IP address

Answer:

Section: (none)


QUESTION 40You must configure 802.1X authentication for users connecting through ports on a ProCurve Switch 3500ylat a customer site. Which protocols are supported for communication between the switch and thecustomer's RADIUS server? (Select two.)

A. EAP-RADIUS

B. LEAP-RADIUS

C. MD5-RADIUS

D. CHAP-RADIUS

E. FAST-RADIUS

Answer:

Section: (none)


QUESTION 41Which statement about MAC authentication on ProCurve switches is correct?

A. The switch's built-in DHCP server initially assigns an IP address in the 192.168.0.0 private subnet.

B. MAC-Auth can be configured on the same port with Web authentication and 802.1X authentication.

C. The switch automatically initiates user authentication of a device when the device communicates on aMAC authenticator port.

D. Configuration involves defining ports as MAC authenticators, the RADIUS authentication protocol to use,and then activating the ports for MAC authentication operation.

Answer:

Section: (none)


QUESTION 42Which statement is true about 802.1X user authentication on ProCurve switches?

A. A switch passes EAP messages between the supplicant and authentication switch without modificationor translation.

B. Different RADIUS servers must be configured on the switch if authentication of both switch managementusers and 802.1X supplicants will be performed.

C. The supplicant and authentication server must support the same EAP method for the authenticationprocess to proceed.

D. When a supplicant receives an EAP-Request message specifying a particular EAP method to besupported, the authentication session is closed if the supplicant does not support that EAP method.

Answer:

Section: (none)


QUESTION 43Which statements describing Web authentication support on ProCurve switches are correct? (Select two.)

A. An SSL-based login is required.

B. Authenticated users can be redirected to a configurable URL.

C. It can be configured on ports that also have MAC authentication assigned.

D. The switches provide DHCP, ARP, and DNS services to clients while a port is in the authenticating state.

E. When a client connects to a Web authenticator port and a Web browser is opened, the Web browser isautomatically redirected to the switch's Web-Auth home page.

Answer:

Section: (none)

Explanation/Reference:B, D

QUESTION 44At a customer site, you configured a Wireless Edge Services zl Module with the Marketing SSID. Clientsassociating through this SSID will authenticate using 802.1X and be assigned to VLAN 24 or 48 on the basisof VLAN IDs returned by a RADIUS server. On the 5400zl, which command is necessary to enableconnectivity for VLAN 24 clients?

A. 5400zl(vlan-24)# tag CDP

B. 5400zl(wireless-services-c)# client-ports vlan 24

C. 5400zl(vlan-24)# tag b1-b12

D. 5400zl(vlan-24)# tag CUP

Answer:

Section: (none)


QUESTION 45To enable hosts in VLAN 70 to receive multicasts from the server, where must you enable both PIM andIGMP?

A. VLAN 1 and VLAN 110

B. VLAN 70

C. VLAN 70 and VLAN 110

D. VLAN 110

Answer:

Section: (none)


QUESTION 46You must configure SSL for access to device management on a ProCurve Switch 6200yl. Whichauthentication methods are available? (Select two.)

A. RADIUS

B. 802.1X

C. public key

D. local user name and password

E. Web-Auth

Answer:

Section: (none)


QUESTION 47In ProCurve Manager Plus, which protocol is used during the first phase of auto-discovery?

A. ICMP

B. LLDP

C. ARP

D. SNMP

Answer:

Section: (none)


QUESTION 48Which steps are necessary before enabling SSL on a ProCurve switch? (Select two.)

A. Generate a self-signed server certificate.

B. Disable unencrypted Web-based management.

C. Generate an HTTPS client certificate.

D. Generate public and private keys.

E. Import a certificate from a Certificate Authority.

Answer:

Section: (none)


QUESTION 49You must enable dynamic ARP protection on a ProCurve Switch 8212zl. Which other feature must beenabled to ensure the switch can dynamically update IP-to-MAC address bindings?

A. ARP caching

B. DHCP snooping

C. MAC-address aging

D. IP routing

Answer:

Section: (none)


QUESTION 50In ProCurve Manager Plus, which user type can configure and manage network devices but cannot add,delete, or modify user accounts?

A. operator

B. manager

C. viewer

D. administrator

Answer:

Section: (none)


QUESTION 51Which ProCurve Manager Plus wizard simplifies the task of changing the SNTP server IP addressparameter on 50 ProCurve 5406zl Switches?

A. Configuration Wizard

B. IP Networking Wizard

C. Network Services Wizard

D. CLI Wizard

E. Switch Update Wizard

Answer:

Section: (none)


QUESTION 52The front-panel security settings on a ProCurve switch are at default. How can you gain access to the CLI ofthe switch if the manager and operator passwords have been lost?

A. by pressing the Reset button on the switch's front panel and holding it down until the switch restarts

B. by pressing the Clear button on the switch's front panel and holding it down for three seconds or more

C. by power cycling the switch and accessing the ROM console to clear passwords at the manager prompt

D. by resetting the passwords using the Secure Access Wizard in ProCurve Manager Plus

Answer:

Section: (none)


QUESTION 53What is the default username and password for the ProCurve Manager Management Server?

A. username: Administrator; password: admin

B. username: Administrator; password: value configured during installation

C. username: Manager; password: value configured during installation

D. username: Manager; password: password

E. username: value configured during installation; password: value configured during installation

Answer:

Section: (none)


QUESTION 54What is the effect of the following command entered at the CLI of a ProCurve Switch 5406zl?5406zl(vlan-100)#interface a1

A. The CLI displays the status of port A1.

B. Port A1 becomes a tagged member of VLAN 100.

C. The CLI enters the configuration context for port A1.

D. Port A1 is enabled.

Answer:

Section: (none)


QUESTION 55Which authentication methods are supported by the SSH service on ProCurve switches? (Select three.)

A. RADIUS

B. MAC-auth

C. Kerberos

D. local username and password

E. public key

F. 802.1X

Answer:

Section: (none)

Explanation/Reference:A, D, E

QUESTION 56What is the effect of the following command entered at the CLI of a ProCurve Switch 5406zl with defaultsettings for QoS queue configuration?5406zl(vlan-111)# qos priority 2

A. Packets entering the switch through VLAN 111 will be forwarded with lower than normal priority.

B. Packets entering the switch through VLAN 111 will retain the priority marker set by another device.

C. Packets entering the switch through VLAN 111 will be forwarded with normal priority.

D. Packets entering the switch through VLAN 111 will be forwarded with higher than normal priority.

Answer:

Section: (none)


QUESTION 57Which command, entered at the CLI of a ProCurve switch, saves the switch's running configuration to itsstartup configuration?

A. write config

B. save running-config

C. save startup-config

D. write memory

E. copy running-config startup-config

Answer:

Section: (none)


QUESTION 58You have defined VLAN 100 and VLAN 101 on a ProCurve Switch 5406zl, and added two ports to eachVLAN as untagged members. All other switch settings are at defaults. Which additional steps are necessaryto enable communications between hosts in the two VLANs? (Select two.)

A. Add all four ports to both VLANs.

B. Define an IP address for each VLAN.

C. Enable IP routing globally.

D. Configure static routes to both VLANs.

E. Remove all four ports from the Default VLAN.

Answer:

Section: (none)

Explanation/Reference:B, C

QUESTION 59What is the effect of the following command entered at the CLI of a ProCurve switch? ProCurve Switch> enable

A. Configuration changes are saved.

B. The CLI displays an authentication prompt.

C. The privilege level moves from Operator to Manager.

D. All switch ports are enabled.

Answer:

Section: (none)


QUESTION 60Which features are available in ProCurve Manager Plus, but not in ProCurve Manager? (Select two.)

A. alerts notification

B. scheduled software updates

C. CLI device management

D. automatic discovery

E. network topology mapping

F. traffic analysis

Answer:

Section: (none)

Explanation/Reference:B, F

QUESTION 61You have enabled OSPF in the global configuration context and in the VLAN 222 context of a ProCurve

Switch 8212zl. All OSPF areas have been created and associated with the correct VLANs. All other OSPFsettings are at default. What is the effect of the following command? 8212zl(vlan-222)#ip ospf cost 100

A. The OSPF link using VLAN 222 will become the preferred route to the backbone area.

B. The OSPF link using VLAN 222 as a gateway will have lower cost than OSPF links with a default cost.

C. The OSPF link using VLAN 222 as a gateway will use the default cost.

D. The OSPF link using VLAN 222 as a gateway will have higher cost than OSPF links with a default cost.

Answer:

Section: (none)


QUESTION 62At this prompt, you enter qos dscp 101110, a DSCP codepoint that maps to an IEEE 802.1p priority value of7. If the 3500yl is configured with the default number of forwarding queues, what is the effect of thiscommand?

A. Packets will be forwarded with higher priority.

B. Packets will be forwarded with the same priority.

C. Packets will be forwarded with lower priority.

D. Packets will be marked for best effort delivery.

Answer:

Section: (none)


QUESTION 63You have verified that a ProCurve Switch 3500yl is correctly configured for PIM dense mode. The switch'sIGMP table shows active hosts who are members of multicast group 239.193.22.22. The multicast is inprogress, and all hosts are receiving the content. However, the multicast group does not appear in theswitch's PIM route table. What does this indicate about the 239.193.22.22 multicast group?

A. The switch is forwarding the multicast at Layer 2.

B. The switch is Querier for the group.

C. The server and IGMP hosts are in different VLANs.

D. Other multicast routers are configured for PIM sparse.

Answer:

Section: (none)


deploying hp procurve products - freejosh00b.free.fr/hpy.pdf · brief a. the show interface command...

Documents