2019 Free Microsoft EnsurePass 300-115 Dumps VCE and PDF Download Part 12

EnsurePass
Exam Dumps
300-115 Dumps VCE and PDF
2019 300-115 Dumps VCE and PDF

 

QUESTION 111

Which command is needed to enable DHCP snooping if a switchport is connected to a DHCP server?

 

A.

ip dhcp snooping trust

B.

ip dhcp snooping

C.

ip dhcp trust

D.

ip dhcp snooping information

 

Correct Answer: A

Explanation:

When configuring DHCP snooping, follow these guidelines:

DHCP snooping is not active until you enable the feature on at least one VLAN, and enable DHCP globally on the switch.

Before globally enabling DHCP snooping on the switch, make sure that the devices acting as the DHCP server and the DHCP relay agent are configured and enabled.

If a Layer 2 LAN port is connected to a DHCP server, configure the port as trusted by entering the “ip dhcp snooping trust” interface configuration command.

If a Layer 2 LAN port is connected to a DHCP client, configure the port as untrusted by entering the no ip dhcp snooping trust interface configuration command.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.html

 

 

QUESTION 112

Which AAA Authorization type includes PPP, SLIP, and ARAP connections?

 

A.

network

B.

IP mobile

C.

EXEC

D.

auth-proxy

 

Correct Answer: A

Explanation:

Method lists for authorization define the ways that authorization will be performed and the sequence in which these methods will be performed. A method list is simply a named list describing the authorization methods to be queried (such as RADIUS or TACACS+), in sequence. Method lists enable you to designate one or more security protocols to be used for authorization, thus ensuring a backup system in case the initial method fails. Cisco IOS software uses the first method listed to authorize users for specific network services; if that method fails to respond, the Cisco IOS software selects the next method listed in the method list. This process continues until there is successful communication with a listed authorization method, or all methods defined are exhausted. Method lists are specific to the authorization type requested:

Auth-proxy–Applies specific security policies on a per-user basis. For detailed information on the authentication proxy feature, refer to the chapter “Configuring Authentication Proxy” in the “Traffic Filtering and Firewalls” part of this book.

Commands–Applies to the EXEC mode commands a user issues. Command authorization attempts authorization for all EXEC mode commands, including global configuration commands, associated with a specific privilege level.

EXEC–Applies to the attributes associated with a user EXEC terminal session.

Network–Applies to network connections. This can include a PPP, SLIP, or ARAP connection.

Reverse Access–Applies to reverse Telnet sessions. When you create a named method list, you are defining a particular list of authorization methods for the indicated authorization type.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathor.html

 

 

QUESTION 113

Which switch feature prevents traffic on a LAN from being overwhelmed by continuous multicast or broadcast traffic?

 

A.

storm control

B.

port security

C.

VTP pruning

D.

VLAN trunking

 

Correct Answer: A

Explanation:

A traffic storm occurs when packets flood the LAN, which creates excessive traffic and degrades network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast, multicast, or unicast traffic storm on physical interfaces from either mistakes in network configurations or from users issuing a DoS attack.

Reference: http://3c3cc.com/c/en/us/td/docs/routers/7600/ios/122SR/configuration/guide/sw cg/dos.pdf

QUESTION 114

When IP Source Guard with source IP filtering is enabled on an interface, which feature must be enabled on the access VLAN for that interface?

 

A.

DHCP snooping

B.

storm control

C.

spanning-tree portfast

D.

private VLAN

 

Correct Answer: A

Explanation:

IP Source Guard Configuration Guidelines

You can configure static IP bindings only on nonrouted ports. If you enter the ip source binding mac-address vlan vlan-id ip-address interface interface-id global configuration command on a routed interface, this error message appears:

Static IP source binding can only be configured on switch port.

When IP source guard with source IP filtering is enabled on an interface, DHCP snooping must be enabled on the access VLAN for that interface.

If you are enabling IP source guard on a trunk interface with multiple VLANs and DHCP snooping is enabled on all the VLANs, the source IP address filter is applied on all the VLANs.

You can enable this feature when 802.1x port-based authentication is enabled.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01110.html

 

 

QUESTION 115

The command storm-control broadcast level 75 65 is configured under the switch port connected to the corporate mail server. In which three ways does this command impact the traffic? (Choose three.)

 

A.

SNMP traps are sent by default when broadcast traffic reaches 65% of the lower-level threshold.

B.

The switchport is disabled when unicast traffic reaches 75% of the total interface bandwidth.

C.

The switch resumes forwarding broadcasts when they are below 65% of bandwidth.

D.

Only broadcast traffic is limited by this particular storm control configuration.

E.

Multicast traffic is dropped at 65% and broadcast traffic is dropped at 75% of the total interface bandwidth.

F.

The switch drops broadcasts when they reach 75% of bandwidth.

 

Correct Answer: CDF

Explanation:

storm-control{broadcast|multicast|unicast}level{level[level-low] |ppspps[pps-low]}

Configure broadcast, multicast, or unicast storm control. By default, storm control is disabled.

The keywords have these meanings:

 

For level, specify the rising threshold level for broadcast, multicast, or unicast traffic as a

percentage (up to two decimal places) of the bandwidth. The port blocks traffic when the rising

threshold is reached. The range is 0.00 to 100.00.

 

(Optional) For level-low, specify the falling threshold level as a percentage (up to two decimal

places) of the bandwidth. This value must be less than or equal to the rising suppression value.

The port forwards traffic when traffic drops below this level. If you do not configure a falling

suppression level, it is set to the rising suppression level. The range is 0.00 to 100.00.

 

In this case, the broadcast keyword was used so only broadcast traffic is limited.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/3550SCG/swtrafc.html

 

 

QUESTION 116

Which private VLAN can have only one VLAN and be a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports and the gateway?

 

A.

isolated VLAN

B.

primary VLAN

C.

community VLAN

D.

promiscuous VLAN

 

Correct Answer: A

Explanation:

Understanding Primary, Isolated, and Community Private VLANs Primary VLANs and the two types of secondary VLANs (isolated and community) have these characteristics:

Primary VLAN– The primary VLAN carries traffic from the promiscuous ports to the host ports, both isolated and community, and to other promiscuous ports.

Isolated VLAN –An isolated VLAN is a secondary VLAN that carries unidirectional traffic upstream from the hosts toward the promiscuous ports.You can configure multiple isolated VLANs in a private VLAN domain; all the traffic remains isolated within each one. Each isolated VLAN can have several isolated ports, and the traffic from each isolated port also remains completely separate.

Community VLAN–A community VLAN is a secondary VLAN that carries upstream traffic from the community ports to the promiscuous port and to other host ports in the same community. You can configure multiple community VLANs in a private VLAN domain. The ports within one community can communicate, but these ports cannot communicate with ports in any other community or isolated VLAN in the private VLAN.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/PrivateVLANs.html

 

 

QUESTION 117

Refer to the exhibit. When a network administrator is attempting an SSH connection to the device, in which order does the device check the login credentials?

 

image073

A.

RADIUS server, local username, line password

B.

RADIUS server, line password, local username

C.

Line password, local username, RADIUS server

D.

Line password, RADIUS server, local username

 

Correct Answer: A

Explanation:

SSH sessions use the vty lines, where the configured authentication method is named “default.” The AAA default login preference is stated in order from first to last, so here the “aaa authentication login default group radius local line” means to use RADIUS first, then if that fails use the local user database. Finally, if that fails use the line password.

 

 

QUESTION 118

A server with a statically assigned IP address is attached to a switch that is provisioned for DHCP snooping. For more protection against malicious attacks, the network team is considering enabling dynamic ARP inspection alongside DHCP snooping. Which solution ensures that the server maintains network reachability in the future?

 

A.

Disable DHCP snooping information option.

B.

Configure a static DHCP snooping binding entry on the switch.

C.

Trust the interface that is connected to the server with the ip dhcp snooping trust command.

D.

Verify the source MAC address of all untrusted interfaces with ip dhcp snooping verify mac-address command.

 

Correct Answer: B

Explanation:

Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks. Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.

The switch performs these activities:

Intercepts all ARP requests and responses on untrusted ports

Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination.

Drops invalid ARP packets

Dynamic ARP inspection determines the validity of an ARP packet based on valid IP-to- MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid. To ensure network reachability to the server, configure a static DHCP snooping binding entry on the switch.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/releas e/12-2_55_se/configuration/guide/scg3750/swdynarp.html

 

 

QUESTION 119

Which command would a network engineer apply to error-disable a switchport when a packet-storm is detected?

 

A.

router(config-if)#storm-control action shutdown

B.

router(config-if)#storm-control action trap

C.

router(config-if)#storm-control action error

D.

router(config-if)#storm-control action enable

 

Correct Answer: A

Explanation:

Configuring the Traffic Storm Control Shutdown Mode

To configure the traffic storm control shutdown mode on an interface, perform this task:

 

Command

Purpose

Step 1

Router(config)#interface{{type1 slot/port} | {port-channelnumber}}

Selects an interface to configure.

Step 2

Router(config-if)#storm-control actionshutdown

(Optional) Configures traffic storm control to error-disable ports when a traffic storm occurs.

Enter theno storm-control action shutdowncommand to revert to the default action (drop).

Use the error disable detection and recovery feature, or theshutdownandno shutdown

commands to reenable ports.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/storm.html

 

 

QUESTION 120

A DHCP configured router is connected directly to a switch that has been provisioned with DHCP snooping. IP Source Guard with the ip verify source port-security command is configured under the interfaces that connect to all DHCP clients on the switch. However, clients are not receiving an IP address via the DHCP server. Which option is the cause of this issue?

 

A.

The DHCP server does not support information option 82.

B.

The DHCP client interfaces have storm control configured.

C.

Static DHCP bindings are not configured on the switch.

D.

DHCP snooping must be enabled on all VLANs, even if they are not utilized for dynamic address allocation.

 

Correct Answer: A

Explanation:

When you enable both IP Source Guard and Port Security, using the ip verify source port- security interface configuration command, there are two caveats:

The DHCP server must support option 82, or the client is not assigned an IP address.

The MAC address in the DHCP packet is not learned as a secure address. The MAC address of the DHCP client is learned as a secure address only when the switch receives non-DHCP data traffic.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/releas e/12-2_25_see/configuration/guide/3550SCG/swdhcp82.html#wp1069615


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps