ActualTests.Cisco.640-802.Exam.Q.and.A.08.15.08-DDU (1130589), страница 33
Текст из файла (страница 33)
Port security with sticky MAC addresses retains dynamically learned MACaddresses during a link-down condition.If you enter a write memory or copy running-config startup-config command, then portsecurity with sticky MAC addresses saves dynamically learned MAC addresses in thestartup-config file and the port does not have to learn addresses from ingress traffic afterbootup or a restart.Since the maximum number of MAC addresses has been configured to 1, only hostCertkiller A will be able to send frames on interface fa 0/1, making choice E correct.QUESTION 261:You have configured a Certkiller switch as shown below:Certkiller 3(config-if)# switchport port-securityCertkiller 3(config-if)# switchport port-security mac-address stickySelect the action below that results from executing these commands.A. A dynamically learned MAC address is saved in the VLAN database.B.
A dynamically learned MAC address is saved in the startup-configuration file.C. Statically configured MAC addresses are saved in the startup-configuration file ifframes from that address are received.D. A dynamically learned MAC address is saved in the running-configuration file.E. Statically configured MAC addresses are saved in the running-configuration file ifframes from that address are received.F. None of the aboveAnswer: DExplanation:With port security, the switch supports these types of secure MAC addresses:Static secure MAC addresses-These are manually configured by using the switchportport-security mac-address mac-address interface configuration command, stored in theaddress table, and added to the switch running configuration.Dynamic secure MAC addresses-These are dynamically configured, stored only in theaddress table, and removed when the switch restarts.Sticky secure MAC addresses-These are dynamically configured, stored in the addresstable, and added to the running configuration.
If these addresses are saved in theconfiguration file, when the switch restarts, the interface does not need to dynamicallyreconfigure them.You can configure an interface to convert the dynamic MAC addresses to sticky secureMAC addresses and to add them to the running configuration by enabling sticky learning.To enable sticky learning, enter the switchport port-security mac-address sticky interfaceActualtests.com - The Power of Knowing640-802configuration command. When you enter this command, the interface converts all thedynamic secure MAC addresses, including those that were dynamically learned beforesticky learning was enabled, to sticky secure MAC addresses. The interface adds all thesticky secure MAC addresses to the running configuration.The sticky secure MAC addresses do not automatically become part of the configurationfile, which is the startup configuration used each time the switch restarts.
If you save thesticky secure MAC addresses in the configuration file, when the switch restarts, theinterface does not need to relearn these addresses. If you do not save the sticky secureaddresses, they are lost.Reference:http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_11_ea1/configuration/guide/sQUESTION 262:Why would the Certkiller network administrator configure port security on a newCertkiller switch?A. To prevent unauthorized Telnet access to a switch port.B. To limit the number of Layer 2 broadcasts on a particular switch port.C. To prevent unauthorized hosts from accessing the LAN.D.
To protect the IP and MAC address of the switch and associated ports.E. To block unauthorized access to the switch management interfaces over common TCPports.F. None of the aboveAnswer: CExplanation:You can use the port security feature to restrict input to an interface by limiting andidentifying MAC addresses of the stations allowed to access the port. When you assignsecure MAC addresses to a secure port, the port does not forward packets with sourceaddresses outside the group of defined addresses. If you limit the number of secure MACaddresses to one and assign a single secure MAC address, the workstation attached tothat port is assured the full bandwidth of the port.If a port is configured as a secure port and the maximum number of secure MACaddresses is reached, when the MAC address of a station attempting to access the port isdifferent from any of the identified secure MAC addresses, a security violation occurs.Also, if a station with a secure MAC address configured or learned on one secure portattempts to access another secure port, a violation is flagged.Reference:http://www.cisco.com/en/US/products/hw/switches/ps628/products_configuration_guide_chapter09186a00800d6Actualtests.com - The Power of Knowing640-802QUESTION 263:Certkiller is using private IP addressing in their network.
Which of the following IPaddresses is a private IP address? (Select all that apply)A. 12.0.0.1B. 168.172.19.39C. 172.20.14.36D. 172.33.194.30E. 192.168.42.34F. 11.11.11.1Answer: C, EExplanation:Range of IPAddressesClass of NetworksNumber of Network10.0.0.0 to10.255.255.255.255A1172.16.0.0 to172.31.255.255B16192.168.0.0 to192.168.255.255C256QUESTION 264:Certkiller is migrating to a private IP addressing scheme. Which of the followingdescribe the use of private IP addresses? (Choose two)A.
Addresses chosen by Certkiller .com to communicate with the Internet.B. Addresses that cannot be routed through the public Internet.C. Addresses that can be routed through the public Internet.D. A scheme to conserve public addresses.E. Addresses licensed to enterprise or ISPs by an Internet registry organization.Answer: B, DExplanation:Private IP address space has been allocated via RFC 1918. This means the addresses areavailable for any use by anyone and therefore the same private IP addresses can beActualtests.com - The Power of Knowing640-802reused. However they are defined as not routable on the public Internet. They are usedextensively in private networks due to the shortage of publicly registered IP addressspace and therefore network address translation is required to connect those networks tothe Internet.QUESTION 265:Certkiller is using IP addressing according to RFC 1918.
Which three addressranges are used for internal private address blocks as defined by RFC 1918?(Choose all that apply)A. 0.0.0.0 to 255.255.255B. 10.0.0.0 to 10.255.255.255C. 172.16.0.0 to 172.16.255.255D. 172.16.0.0 to 172.31.255.255E. 127.0.0.0. to 127.255.255.255F. 192.168.0.0 to 192.168.255.255G.
224.0.0.0 to 239.255.255.255Answer: B, D, FExplanation:RFC 1918 defines three different IP address ranges as private, meaning that they can beused by any private network for internal use, and these ranges are not to be used in theInternet. The class A private range is 10.0.0.0 to 10.255.255.255. The class B addressrange is 172.16.0.0 to 172.31.255.255. The class C private IP address range is192.168.0.0 to 192.168.255.255.Incorrect Answers:A. The 0.0.0.0 network address is invalid and can not be used.C. The correct address range is 172.16.X.X through 172.31.X.XE. The 127.0.0.1 address is reserved for the internal loopback IP address, but the entire127.X.X.X range is not defined in RFC 1918 as a private address range for networks.G.
This address range describes the class D multicast address range.QUESTION 266:Certkiller needs to ensure their IP network can be reached from the Internet. Whichof the following host addresses are members of networks that can be routed acrossthe public Internet? (Choose three.)A. 10.172.13.65B. 172.16.223.125C. 172.64.12.29Actualtests.com - The Power of Knowing640-802D. 192.168.23.252E.
198.234.12.95F. 212.193.48.254Answer: C, E, FExplanation:In Internet terminology, a private network is a network that uses RFC 1918 IP addressspace. Computers may be allocated addresses from this address space when it's necessaryfor them to communicate with other computing devices on an internal (non-Internet)network but not directly with the Internet.Three blocks of IP addresses are reserved for private use and are not routed over theInternet. Companies can assign these addresses to nodes on their private LANs at anytime without conflict.CIDRFrom To Representation10.0.0.0 10.255.255.255 10/8172.16.0.0 172.31.255.255 172.16/12192.168.0.0 192.168.255.255 192.168/16QUESTION 267:From where does a small network typically get its IP network addresses or IPblock?A.
From the Internet Domain Name Registry (IDNR)B. From the Internet Assigned Numbers Authority (IANA)C. From the Internet Service Provider (ISP)D. From the Internet Architecture Board (IAB)E. None of the aboveAnswer: CExplanation:Normally a small network will be assigned a number of IP addresses from their ISP, or insome cases, such as DSL and cable modem, a single dynamic IP address will be assignedby the ISP.
Only very large networks requiring a large IP block (normally more than a/20) will register with IANA, RIPE, or ARIN (American Registry of Internet Numbers)to obtain their IP addresses.QUESTION 268:Which protocol automates all of the following functions for hosts on a network: IPconfiguration, IP addresses, subnet masks, default gateways, and DNS serverActualtests.com - The Power of Knowing640-802information?A. CDPB. SNMPC. DHCPD.
ARPE. DNSF. None of the aboveAnswer: CExplanation:DHCP uses the concept of the client making a request and the server supplying the IPaddress to the client, plus other information such as the default gateway, subnet mask,DNS IP address, and other information.Incorrect Answers:A. CDP is the Cisco Discovery Protocol. It is used by Cisco devices at the data link layerto obtain information about their directly connected neighbors.B. SNMP is the Simple Network Management Protocol.
This is used for the maintenance,management, and monitoring of network devices.D. ARP is the Address Resolution Protocol, which is used to resolve layer 2 MACaddresses to layer 3 IP addresses.E. DNS is the Domain Name Service.
It is used to resolve domain names (for example,www. Certkiller .com) to IP addresses. The IP address location of primary and secondaryDNS resolver servers can be obtained for hosts using DHCP.QUESTION 269:Regarding DHCP (dynamic host configuration protocol), which two of the followingchoices below are true? (Select two answer choices)A. The DHCP Discover message uses FF-FF-FF-FF-FF as the Layer 2 destinationaddress.B. The DHCP Discover message uses UDP as the transport layer protocol.C.
![](https://s.studizba.com/z.php?f=/templates/si/i/noavatar.png&w=100&h=100&t=1"){kind=avatar}
