Free Download Cisco 350-001 VCE Test Engine Full Version Now (201-210)
QUESTION 201
Having multiple unknown unicast frames in a switch would most likely deplete which of these resources?
A. available MAC addresses in the system
B. available memory for frame buffering
C. available bandwidth
D. electrical power
E. TCAM entries
Answer: C
QUESTION 202
Which mechanism can you use to achieve sub-second failover for link failure detection when a
switched Ethernet media is used and loss of signal is not supported by the link provider?
A. OSPF standard hellos
B. Cisco Discovery Protocol link detection
C. Bidirectional Forwarding Detection
D. Fast Link Pulse
E. autonegotiation
Answer: C
Explanation:
BFD is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators. Because the network administrator can use BFD to detect forwarding path failures at a uniform rate, rather than the variable rates for different routing protocol hello mechanisms, network profiling and planning will be easier, and reconvergence time will be consistent and predictable
http://www.cisco.com/en/US/docs/ios/12_0s/feature/guide/fs_bfd.html
QUESTION 203
While troubleshooting a network, you need to verify the liveness of hosts in the subnet
192.168.1.64/26. All of the hosts are able to reply to ping requests. How would you confirm the
existing nodes using one single command?
A. ping 192.168.1.255
B. ping with sweep option
C. ping 192.168.1.127
D. ping 192.168.1.64
E. ping with broadcast option
Answer: C
Explanation:
The 192.168.1.27 is the broadcast address of the 192.168.1.64/26 sub-network so by sending a ping request to this address all the hosts in this subnet will reply (to the broadcast address). But it is not quite right nowadays as all the Casco’s routers which have IOS version 12.0 or above will simply drop these pings. If you wish to test this function then you have to turn on the ip directed-broadcast function (which is disabled by default from version 12.0). The purpose of the ip directed-broadcast command is to enable forwarding of directed broadcasts. When this is turned on for an interface, the interface will respond to broadcast messages that are sent to its subnet. Cisco introduced this command in IOS version 10 (and it is enabled by default) but they soon realized this command was being exploited in denial of service attacks and disabled it from version 12.0. As you can guess, a ping to the broadcast address requires all hosts in that subnet to reply and it consumes much traffic if many are sent. A type of this attack is smurf attack, in which the attacker tries to borrow the victims IP address as the source address and sends ICMP packets to the broadcast address of the network. When all the hosts in that subnet hear the ICMP request, they will reply to the computer which the attacker borrowed the IP address from. You can try this function by enabling ip directed-broadcast command in interface mode. Then from the directly connected router issue the ping to the broadcast address of that subnet (or ping 255.255.255.255).
QUESTION 204
When troubleshooting a network, the output of the command show interfaces indicates a large
number of runts. What is a runt?
A. the number of packets that are discarded because they exceed the maximum packet size of the
medium
B. errors created when the CRC generated by the originating LAN station or far-end device does not
match the checksum calculated from the data received.
C. the number of packets that are discarded because they are smaller than the minimum packet size
of the medium
D. the number of received packets that were ignored by the interface because the interface hardware
ran low on internal buffers
E. the number of times that the interface requested another interface within the router to slow down
Answer: C
Explanation:
In networks, a runt is a packet that is too small. For example, the Ethernet protocol requires that each packet be at least 64 bytes long. In Ethernet, which operates on the idea that two parties can attempt to get use of the line at the same time and sometimes do, runts are usually the fragments of packet collisions. Runts can also be the result of bad wiring or electrical interference. Runts are recorded by programs that use the Remote Network Monitoring (RNM) standard information base for network administration. RMON calls them “undersize packets”.
A giant is a packet that’s oversize.
QUESTION 205
Which two of these elements need to be configured prior to enabling SSH? (Choose two.)
A. hostname
B. loopback address
C. default gateway
D. domain name
E. SSH peer address
Answer: AD
Explanation:
To enable Secure Shell (SSHv2) version 2 (disable version 1) on a Cisco router an IOS with 3des encryption is required. When there is no SSH version configured, version 1 and 2 will be supported both.
Follow the next steps to enable SSH:
1. Configure the hostname command.
2. Configure the DNS domain.
3. Generate RSA key to be used.
4. Enable SSH transport support for the virtual type terminal (vty) Example SSH version 2 configuration:
hostname ssh-router
aaa new-model
username cisco password cisco
ip domain-name routers.local
!
Specifies which RSA keypair to use for SSH usage.
ip ssh rsa keypair-name sshkeys
!
Enables the SSH server for local and remote authentication on the router.
!
For SSH Version 2, the modulus size must be at least 768 bits. crypto key generate rsa usage-keys label
sshkeys modulus 768 !
Configures SSH control variables on your router.
ip ssh timeout 120
!
configure SSH version 2 (will disable SSH version 1)
ip ssh version 2
!
disable Telnet and enable SSH
line vty 0 4
transport input SSH
Commands to verify SSH configuration:
show ssh
show ip ssh
debug ip ssh
QUESTION 206
What is an important consideration that should be taken into account when configuring shaped
round robin?
A. It enables policing.
B. Strict priority is not supported.
C. WRED must be previously enabled.
D. It enables WRR.
Answer: B
Explanation:
First we need to understand how round robin algorithm works. The round robin uses multiple queues and dispatches one packet from each queue in each round with no prioritization. For example, it dispatches:
Dispatch one packet from Queue 1
Dispatch one packet from Queue 2
Dispatch one packet from Queue 3
Repeat from Queue 1
There are three implementations of Round Robin scheduling on the Catalyst 6500 and they include Weighted Round Robin (WRR), Deficit Weighted Round Robin (DWRR) and Shaped Round Robin (SRR).
The Weighted Round Robin allows prioritization, meaning that it assigns a “weight” to each queue and dispatches packets from each queue proportionally to an assigned weight. For example:
Dispatch 3 packets from Queue 1 (Weight 3)
Dispatch 2 packets from Queue 2 (Weight 2)
Dispatch 1 packet from Queue 1 (Weight 1)
Repeat from Queue 1 (dispatch 3 next packets)
Unlike Priority Queuing, which always empties the first queue before going to the next queue, this kind of queue prevents starvation of other applications such as if a large download is in progress. The Weighted Round Robin can be used with Strict Priority by setting its weight to 0. That means
packets in the other queues will not be serviced until queue 4 is emptied. The problem of WRR is the router is allowed to send the entire packet even if the sum of all bytes is more than the threshold and can make other applications starved. The Deficit Round Robin solves problem of WRR by keeping track of the number of “extra” bytes dispatched in each round ?the “deficit” and then add the “deficit” to the number of bytes dispatched in the next round. Shaped Round Robin (SRR) is scheduling service for specifying the rate at which packets are dequeued. With SRR there are two modes, shaped and shared. Shaped mode is only available on the egress queues. Shaped egress queues reserve a set of port bandwidth and then send evenly spaced packets as per the reservation. Shared egress queues are also guaranteed a configured share of bandwidth, but do not reserve the bandwidth. That is, in shared mode, if a higher priority queue is empty, instead of the servicer waiting for that reserved bandwidth to expire, the lower priority queue can take the unused bandwidth. Neither shaped SRR nor shared SRR is better than the other. Shared SRR is used to get the maximum efficiency out of a queuing system, because unused time slots can be reused by queues with excess traffic. This is not possible in a standard Weighted Round Robin. Shaped SRR is used to shape a queue or set a hard limit on how much bandwidth a queue can use. When you use shaped SRR, you can shape queues within a port’s overall shaped rate.
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps7078/prod_qas0900aecd805bacc 7.html
QUESTION 207
Which of the following is the encryption algorithm used for priv option when using SNMPv3?
A. HMAC-SHA
B. HMAC-MD5
C. CBC-DES
D. AES
E. 3DES
Answer: C
Explanation:
SNMPv3
Feature Summary
Simple Network Management Protocol Version 3 (SNMPv3) is an interoperable standards-based protocol for network management. SNMPv3 provides secure access to devices by a combination of authenticating and encrypting packets over the network. The security features provided in SNMPv3 are:
Message integrity–Ensuring that a packet has not been tampered with in-transit. Authentication–Determining the message is from a valid source. Encryption–Scrambling the contents of a packet prevent it from being seen by an unauthorized source.
SNMPv3 provides for both security models and security levels. A security model is an authentication strategy that is set up for a user and the group in which the user resides. A security level is the permitted level of security within a security model. A combination of a security model and a security level will determine which security mechanism is employed when handling an SNMP packet. Three security models are available:
SNMPv1, SNMPv2c, and SNMPv3. Table 1 identifies what the combinations of security models and levels mean:
Table 1 SNMP Security Models and Levels
http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html#wp4363 http://www.cisco.com/en/US/docs/ios/12_0t/12_0t3/feature/guide/Snmp3.html http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/snmpv3ae.html
QUESTION 208
Which RMON group stores statistics for conversations between sets of two addresses?
A. hostTopN
B. matrix
C. statistics
D. history
E. packet capture
F. host
Answer: B
Explanation:
RMON tables can be created for buffer capture, filter, hosts, and matrix information. The buffer capture table details a list of packets captured off of a channel or a logical data or events stream. The filter table details a list of packet filter entries that screen packets for specified conditions as they travel between interfaces. The hosts table details a list of host entries. The matrix table details a list of traffic matrix entries indexed by source and destination MAC addresses.
QUESTION 209
Which of the following describes the appropriate port assignment and message exchange in a
standard TFTP transaction?
A. Server: 10.0.0.1:69 RRQ/WRQ Sent
Client: 10.0.0.2:1888 RRQ/WRQ Received
B. Server: 10.0.0.1:1888 RRQ/WRQ Received
Client: 10.0.0.2:69 RRQ/WRQ Received
C. Server: 10.0.0.1:69 RRQ/WRQ Received
Client: 10.0.0.2:69 RRQ/WRQ Sent
D. Server: 10.0.0.1:69 RRQ/WRQ Received
Client: 10.0.0.2:1888 RRQ/WRQ Sent
E. Server: 10.0.0.1:1888 RRQ/WRQ Sent
Client: 10.0.0.2:69 RRQ/WRQ Sent
F. Server: 10.0.0.1:1888 RRQ/WRQ Received
Client: 10.0.0.2:69 RRQ/WRQ Sent
Answer: D
Explanation:
TFTP Daemons listen on UDP port 69 but respond from a dynamically allocated high port. Therefore, enabling this port will allow the TFTP service to receive incoming TFTP requests but will not allow the selected server to respond to those requests. Allowing the selected server to respond to inbound TFTP requests cannot be accomplished unless the TFTP server is configured to respond from port 69.
http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol http://social.technet.microsoft.com/Forums/en-CA/configmgrosd/thread/9b9bd9e2-6b2e-4073-96af-2703ad6a3249
QUESTION 210
You are responsible for network monitoring and need to monitor traffic over a routed network from a remote source to an IDS or IPS located in the headquarters site. What would you use in order to accomplish this?
A. VACLs and VSPAN
B. RSPAN
C. ERSPAN
D. NetFlow
Answer: C
Explanation:
http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/span.pdf
If you want to pass Cisco 350-001 exam successfully, donot missing to read latest lead2pass Cisco 350-001 practice exams.
If you can master all lead2pass questions you will able to pass 100% guaranteed.