2014 Latest Cisco 350-001 Dump Free Download(211-220)!

QUESTION 211
What is a requirement to enable Cisco IOS IPS with 5.x signature?

A.    disable Zone-Based Firewall as the two features are not compatible
B.    disable Cisco Express Forwarding as the two features are not compatible
C.    generate a certificate and export on Cisco.com to receive a signature update
D.    import the public RSA key from the Cisco IPS team that allows the router to verify that a signature
update (which was signed by this key) comes from Cisco

Answer: D
Explanation:
http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_ios_ips/configuration/12-4t/sec-ips5-sig- fs-ue.html

QUESTION 212
What is the minimum key size to enable SSH v2?

A.    512 bits
B.    768 bits
C.    1024 bits
D.    2048 bits

Answer: B
Explanation:
Technical description for port 1812:
The RADIUS (Remote Authentication Dial-In User Service) protocol running on the system port 1812 is related to its authentication module. This service is primarily an element of a networking protocol which allows for a deployment of centralized accounting, authorization and access procedures. This protocol allows for the management of network resources for the efficient usage of network services.
When a user or a device attempts to connect to a network service, the authentication process is normally executed. The protocol using the computer port 1812 determines the appropriate user privileges for the entered credentials. A corresponding record of the network access is recorded into the accounting server for the implementation of the Triple A process. The protocol supported by the network port 1812 is normally deployed by ISPs (Internet Service Providers) due to its ubiquitous support nature.
This service also supports the implementation of VPNs (Virtual Private Networks) and wireless networking environments.
UDP port numbers
RADIUS has been officially assigned UDP ports 1812 for RADIUS Authentication and 1813 for RADIUS Accounting by the Internet Assigned Numbers Authority (IANA). However, prior to IANA allocation of ports 1812 and 1813, ports 1645 and 1646 (authentication and accounting, respectively) were used unofficially and became the default ports assigned by many RADIUS Client/Server implementations of the time. The tradition of using 1645 and 1646 for backwards compatibility continues to this day. For this reason many RADIUS Server implementations monitor both sets of UDP ports for RADIUS requests. Microsoft RADIUS servers default to 1812 and 1813. Cisco RADIUS servers listen on RADIUS ports UDP 1645 and UDP 1812 for authentication; on ports 1646 and 1813 for accounting and can be configured with non-standard ports. Juniper Networks’ RADIUS servers listen on both unofficial and official ports 1645, 1812, 1646 and 1813 by default but can be configured with arbitrary ports.
http://en.wikipedia.org/wiki/RADIUS
http://www.pc-library.com/ports/tcp-udp-port/1812/

QUESTION 213
Refer to the exhibit. An enterprise network has an upstream connection to two different ISPs that are using eBGP and a publicly assigned PI network.
ISP1 is used as the primary provider, while ISP2 is used for backup. Due to packet loss on the link to ISP1, the network engineers changed the default route on R1 to point to ISP2, but they could not establish any connection until they changed the default route to point back at ISP1.
Which two are possible root causes of the issue? (Choose two.)

clip_image002

A.    “ip verify unicast source reachable-via rx” is configured on the R1 uplinks.
B.    “ip verify unicast source reachable-via any” is configured on the R1 uplinks.
C.    “ip verify unicast source reachable-via rx” is configured on the ISP1 link to R1.
D.    “ip verify unicast source reachable-via any” is configured on the ISP1 link to R1.
E.    “ip verify unicast source reachable-via rx” is configured on the ISP2 link to R1.
F.    “ip verify unicast source reachable-via any” is configured on the ISP2 link to R1.

Answer: AE
Explanation:
ip verify unicast source reachable-via
To enable Unicast Reverse Path Forwarding (Unicast RPF), use the ip verify unicast source reachable- via command in interface configuration mode. To disable Unicast RPF, use the no form of this command.
ip verify unicast source reachable-via {rx | any} [allow-default] [allow-self-ping] [list] no ip verify unicast source reachable-via

clip_image002
http://www.cisco.com/en/US/docs/ios/12_3/security/command/reference/sec_i2g.html#wp110374

QUESTION 214
Which two statements are true about bandwidth guarantee? (Choose two)

A.    When congestion isn’t present, the bandwidth command doesn’t allow exceeding the allocated rate.
B.    When congestion is present, the bandwidth command allows exceeding the allocated rate
C.    When congestion is present, the bandwidth command doesn’t allow exceeding the allocated rate
D.    When congestion isn’t present, the bandwidth command allows exceeding the allocated rate

Answer: BD
Explanation:
http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a0080103eae.shtml

QUESTION 215
Which three protocols should be explicitly managed by using Control Plane Policing on an Internet border router? (Choose three.)

A.    LDAP
B.    ICMP
C.    RTP
D.    BGP
E.    SSH
F.    RDP

Answer: BDE
Explanation:
Control Plane Security and Packet QoS Overview
To protect the CP on a router from DoS attacks and to provide packet QoS, the Control Plane Policing feature treats the CP as a separate entity with its own ingress (input) and egress (output) ports, which are like ports on a router and switch. Because the Control Plane Policing feature treats the CP as a separate entity, a set of rules can be established and associated with the ingress and egress port of the CP.
These rules are applied only after the packet has been determined to have the CP as its destination or when a packet exits from the CP. Thereafter, you can configure a service policy to prevent unwanted packets from progressing after a specified rate limit has been reached; for example, a system administrator can limit all TCP/SYN packets that are destined for the CP to a maximum rate of 1 megabit per second. Input CP services are executed after router input port services and a routing decision on the input path have been made. As shown in Figure 2, CP security and packet QoS are applied on:
An aggregate level by the central switch engine and applied to all CP packets received from all line cards on the router (see Aggregate Control Plane Services) A distributed level by the distributed switch engine of a line card and applied to all CP packets received from all interfaces on the line card (see Distributed Control Plane Services) Figure 2 Input Control Plane Services: Aggregate and Distributed Services

clip_image001

The following types of Layer 3 packets are forwarded to the control plane and processed by aggregate and distributed control plane policing:
Routing protocol control packets
Packets destined for the local IP address of the router Packets from management protocols (such as Simple Network Management Protocol [SNMP], Telnet, and secure shell [SSH])
Note Ensure that Layer 3 control packets have priority over other packet types that are destined for the control plane.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtrtlimt.html

QUESTION 216
What is a characteristic of Network Time Protocol?

A.    NTP updates are sent in the timezone they are collected in, and the syslog server will adjust based
on the input time.
B.    NTP authentication verifies the source, not the recipient.
C.    NTP authentication requires that the recipient has multiple strata clocks to ensure accuracy.
D.    Secure NTP can be configured to use SHA-1 hashing, since NTP is very insecure.
E.    A stratum 0 clock should be configured at the core of every network, so it can connect to an accurate
time source.

Answer: B
Explanation:
http://www.ine.com/resources/01700369.htm

QUESTION 217
You are the network administrator of a Layer 3 switched network. Users in one VLAN are complaining that access to the server VLAN is very slow from time to time. Traffic in the local VLAN works without any issue, and users in other VLANs do not have any complaint to reach the server VLAN. What is most likely the cause of this issue?

A.    routing issue
B.    denial-of-service attack
C.    MAC flooding
D.    spanning-tree recalculation
E.    Layer 2 loop
F.    ARP spoofing attack

Answer: F
Explanation:
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a00801f9eb3.shtml

QUESTION 218
You are the network administrator of an enterprise company that just deployed a global IP telephony environment. In order to guarantee good voice quality, you asked your provider to implement QoS on the CE routers of your MPLS network. On your LAN, you have also deployed QoS.
Users, however, keep complaining about bad voice quality, and the provider does not see matches on the DSCP values that you have asked him to match upon. What is most likely the problem?

A.    The phones are not sending traffic with the correct DSCP value.
B.    The Cisco CallManager is not marking the traffic correctly.
C.    This is most likely a bug on the CE routers.
D.    Your LAN QoS is incorrectly configured.

Answer: D
Explanation:
Show ip ospf rib
To display information for the OSPF local Routing Information Base (RIB) or locally redistributed routes, use the show ip ospf rib command in privileged EXEC mode. Show ip ospf process-id rib [redistribution] [network-prefix] [network-mask] [detail] Reference
http://www.cisco.com/en/US/docs/ios/iproute_ospf/command/reference/iro_osp3.html

QUESTION 219
Which configuration would make an IP SLA probe use a precedence value of 5?

A.    ip sla 1
icmp-echo 1.1.1.1
tos 160
B.    ip sla 1
icmp-echo 1.1.1.1
tos 20
C.    ip sla 1
icmp-echo 1.1.1.1
precedence 5
D.    ip sla 1
icmp-echo 1.1.1.1
dscp 20

Answer: A
Explanation:
SUMMARY STEPS
1. enable
2. configure terminal
3. ip sla monitor operation-number
4. type echo protocol ipIcmpEcho {destination-ip-address | destination-hostname} [source-ipaddr {ip-address |
hostname} | source-interface interface-name]
5. buckets-of-history-kept size
6. distributions-of-statistics-kept size
7. enhanced-history [interval seconds] [buckets number-of-buckets]
8. filter-for-history {none | all | overThreshold | failures}
9. frequency seconds
10. hours-of-statistics-kept hours
11. lives-of-history-kept lives
12. owner owner-id
13. request-data-size bytes
14. statistics-distribution-interval milliseconds
15. tag text
16. threshold milliseconds
17. timeout milliseconds
18. tos number
19. verify-data
20. vrf vrf-name
21. exit
22. ip sla monitor schedule operation-number [life {forever | seconds}] [start-time {hh:mm[:ss] [month day | day
month] | pending | now | after hh:mm:ss] [ageout seconds] [recurring]
23. exit
24. show ip sla monitor configuration [operation-number] tos number Example:
Router(config-sla-monitor-echo)# tos 160
(Optional) Defines a type of service (ToS) byte in the IP header of an IP SLAs operation.
http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/configuration/guide/hsicmp.html

QUESTION 220
Multicast is being deployed in the network, and only ip pim sparse-dense mode has been configured on all interfaces in the network to support a new video streaming application. No other multicast configuration was applied anywhere in the network. Since enabling multicast, the network monitoring tools show periodic spikes in link utilization throughout the network, even in areas where the video application is not being used. What could be a possible cause?

A.    PIM sparse mode is being used.
B.    PIM dense mode is being used.
C.    The BGP multicast address family has not been configured.
D.    IGMP version 3 is being used.
E.    IP PIM neighbor filters have not been applied.

Answer: B
Explanation:
PIM DM builds source-based multicast distribution trees. In dense mode, a PIM DM router or multilayer switch assumes that all other routers or multilayer switches forward multicast packets for a group. If a PIM DM device receives a multicast packet and has no directly connected members or PIM neighbors present, a prune message is sent back to the source to stop unwanted multicast traffic. Subsequent multicast packets are not flooded to this router or switch on this pruned branch because branches without receivers are pruned from the distribution tree, leaving only branches that contain receivers.

If you want to pass the Cisco 350-001 Exam sucessfully, recommend to read latest Cisco 350-001 Dump full version.

clip_image001