2019 Free Microsoft EnsurePass 300-115 Dumps VCE and PDF Download Part 13

EnsurePass
Exam Dumps
300-115 Dumps VCE and PDF
2019 300-115 Dumps VCE and PDF

 

QUESTION 121

Which switch feature determines validity based on IP-to-MAC address bindings that are stored in a trusted database?

 

A.

Dynamic ARP Inspection

B.

storm control

C.

VTP pruning

D.

DHCP snooping

Correct Answer: A

Explanation:

Dynamic ARP inspection determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.

Reference: http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/72846-layer2-secftrs-catl3fixed.html

 

 

QUESTION 122

Which command creates a login authentication method named “login” that will primarily use RADIUS and fail over to the local user database?

 

A.

(config)# aaa authentication login default radius local

B.

(config)# aaa authentication login login radius local

C.

(config)# aaa authentication login default local radius

D.

(config)# aaa authentication login radius local

 

Correct Answer: B

Explanation:

In the command “aaa authentication login login radius local” the second login is the name of the AAA method. It also lists radius first then local, so it will primarily use RADIUS for authentication and fail over to the local user database only if the RADIUS server is unreachable.

 

 

QUESTION 123

Which authentication service is needed to configure 802.1x?

 

A.

RADIUS with EAP Extension

B.

TACACS+

C.

RADIUS with CoA

D.

RADIUS using VSA

 

Correct Answer: A

Explanation:

With 802.1x, the authentication server–performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not theclient is authorized to access the LAN and switch services. Because the switch acts as the proxy, the authentication service is transparent to the client.The Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP) extensions is the only supported authentication server.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2940/software/release/12-1_19_ea1/configuration/guide/2940scg_1/sw8021x.pdf

 

 

QUESTION 124

Which feature describes MAC addresses that are dynamically learned or manually configured, stored in the address table, and added to the running configuration?

 

A.

sticky

B.

dynamic

C.

static

D.

secure

 

Correct Answer: A

Explanation:

With port security, you can configure MAC addresses to be sticky. These can be dynamically learned or manually configured, stored in the address table, and added to the running configuration. If these addresses are saved in the configuration file, the interface does not need to dynamically relearn them when the switch restarts. Although sticky secure addresses can be manually configured, it is not recommended.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.pdf

 

 

QUESTION 125

When you configure private VLANs on a switch, which port type connects the switch to the gateway router?

 

A.

promiscuous

B.

community

C.

isolated

D.

trunked

 

Correct Answer: A

Explanation:

There are mainly two types of ports in a Private VLAN: Promiscuous port (P-Port) and Host port.

Host port further divides in two types – Isolated port (I-Port) and Community port (C-port).

Reference: http://en.wikipedia.org/wiki/Private_VLAN

 

 

QUESTION 126

SWITCH.com is an IT company that has an existing enterprise network comprised of two layer 2 only switches; DSW1 and ASW1. The topology diagram indicates their layer 2 mapping. VLAN 20 is a new VLAN that will be used to provide the shipping personnel access to the server. Corporate polices do not allow layer 3 functionality to be enabled on the switches. For security reasons, it is necessary to restrict access to VLAN 20 in the following manner:

 

Users connecting to VLAN 20 via portfO/1 on ASW1 must be authenticated before they are given access to the network. Authentication is to be done via a Radius server:

 

Radius server host: 172.120.40.46

 

Radius key: rad123

 

Authentication should be implemented as close to the host as possible.

 

Devices on VLAN 20 are restricted to the subnet of 172.120.40.0/24.

 

Packets from devices in the subnet of 172.120.40.0/24 should be allowed on VLAN 20.

 

Packets from devices in any other address range should be dropped on VLAN 20.

 

Filtering should be implemented as close to the serverfarm as possible.

 

The Radius server and application servers will be installed at a future date. You have been tasked with implementing the above access control as a pre-condition to installing the servers. You must use the available IOS switch features.

 

image074

image075

image076

 

Correct Answer:

Step1: Console to ASW1 from PC console 1

ASW1(config)#aaa new-model

ASW1(config)#radius-server host 172.120.39.46 key rad123

ASW1(config)#aaa authentication dot1x default group radius

ASW1(config)#dot1x system-auth-control

ASW1(config)#inter fastEthernet 0/1

ASW1(config-if)#switchport mode access

ASW1(config-if)#dot1x port-control auto

ASW1(config-if)#exit

ASW1#copy run start

Step2: Console to DSW1 from PC console 2

DSW1(config)#ip access-list standard 10

DSW1(config-ext-nacl)#permit 172.120.40.0 0.0.0.255

DSW1(config-ext-nacl)#exit

DSW1(config)#vlan access-map PASS 10

DSW1(config-access-map)#match ip address 10

DSW1(config-access-map)#action forward

DSW1(config-access-map)#exit

DSW1(config)#vlan access-map PASS 20

DSW1(config-access-map)#action drop

DSW1(config-access-map)#exit

DSW1(config)#vlan filter PASS vlan-list 20

DSW1#copy run start

 

 

 

 

 

QUESTION 127

Which private VLAN access port belongs to the primary VLAN and can communicate with all interfaces, including the community and isolated host ports?

 

A.

promiscuous port

B.

isolated port

C.

community port

D.

trunk port

 

Correct Answer: A

Explanation:

The types of private VLAN ports are as follows:

Promiscuous–A promiscuous port belongs to the primary VLAN.The promiscuous port can communicate with all interfaces, including the community and isolated host ports, that belong to those secondary VLANs associated to the promiscuous port and associated with the primary VLAN. You can have several promiscuous ports in a primary VLAN. Each promiscuous port can have several secondary VLANs, or no secondary VLANs, associated to that port. You can associate a secondary VLAN to more than one promiscuous port, as long as the promiscuous port and secondary VLANs are within the same primary VLAN. You may want to do this for load-balancing or redundancy purposes. You can also have secondary VLANs that are not associated to any promiscuous port.

Isolated–An isolated port is a host port that belongs to an isolated secondary VLAN. This port has complete isolation from other ports within the same private VLAN domain, except that it can communicate with associated promiscuous ports. Private VLANs block all traffic to isolatedports except traffic from promiscuous ports. Traffic received from an isolated port is forwarded only to promiscuous ports. You can have more than one isolated port in a specified isolated VLAN. Each port is completely isolated from all other ports in the isolated VLAN.

Community–A community port is a host port that belongs to a community secondary VLAN. Community ports communicate with other ports in the same community VLAN and with associated promiscuous ports. These interfaces are isolated from all other interfaces in other communities and from all isolated ports within the private VLAN domain.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/PrivateVLANs.html

 

 

QUESTION 128

Which command globally enables AAA on a device?

 

A.

aaa new-model

B.

aaa authentication

C.

aaa authorization

D.

aaa accounting

 

Correct Answer: A

Explanation:

To configure AAA authentication, enable AAA by using the aaa new-model global configuration command. AAA features are not available for use until you enable AAA globally by issuing the aaa new-model command.

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfathen.html

 

 

 

 

QUESTION 129

The network monitoring application alerts a network engineer of a client PC that is acting as a rogue DHCP server. Which two commands help trace this PC when the MAC address is known? (Choose two.)

 

A.

switch# show mac address-table

B.

switch# show port-security

C.

switch# show ip verify source

D.

switch# show ip arp inspection

E.

switch# show mac address-table address <mac address>

 

Correct Answer: AE

Explanation:

These two commands will show the MAC address table, including the switch port that the particular host is using. Here is an example output:

Switch>show mac-address-table

 

Dynamic Addresses Count: 9

Secure Addresses (User-defined) Count: 0

Static Addresses (User-defined) Count: 0

System Self Addresses Count: 41

Total MAC addresses: 50

Non-static Address Table:

Destination Address Address Type VLAN Destination Port

——————- ———— —- ——————–

0010.0de0.e289 Dynamic 1 FastEthernet0/1

0010.7b00.1540 Dynamic 2 FastEthernet0/5

0010.7b00.1545 Dynamic 2 FastEthernet0/5

 

 

QUESTION 130

Which type of information does the DHCP snooping binding database contain?

 

A.

untrusted hosts with leased IP addresses

B.

trusted hosts with leased IP addresses

C.

untrusted hosts with available IP addresses

D.

trusted hosts with available IP addresses

 

Correct Answer: A

Explanation:

DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:

Validates DHCP messages received from untrusted sources and filters out invalid messages.

Rate-limits DHCP traffic from trusted and untrusted sources.

Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.

Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst6500/ios/12-2SX/configuration/guide/book/snoodhcp.pdf


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps