您好,欢迎来到江浙沪招生考试网 !

设为首页|加入收藏|联系我们|网站地图|

江浙沪招生考试网

您现在的位置: test4exam >> 历年真题 >> it认证题库 >> 正文

思科认证Cisco 642-382 题库

日期:2015/8/28 12:21:34 来源:本站原创 访问量:
1. In what location is it recommended that the Cisco Catalyst 6500 Series WLSM be placed?
A. distribution layer
B. core layer
C. access layer
D. network management functional module
Answer: A 
2. Which three are different types of STP inconsistencies in a Layer 2 network? (Choose three.)
A. MAC inconsistency
B. root inconsistency
C. EtherChannel inconsistency
D. type inconsistency
E. PVID inconsistency
F. vendor inconsistency
Answer: BCD 
3. Which two statements are correct about OSPF in a multiarea environment? (Choose two.)
A. OSPF will by default summarize routing updates between areas.
B. OSPF requires the use of the area range configuration command only when nondefault summarization is
required.
C. OSPF ABR routers are needed only at the boundary of another OSPF area.
D. OSPF uses wildcard masks in the network statements but subnet masks in the area range statements.
E. OSPF requires that all areas have a least one ASBR.
Answer: CD 
4. A wireless autonomous 1200 access point running core feature set in root mode has its SSID set to
Factory_floor and provides connection to a repeater access point with its SSID set to Factory_floor. If the
root-mode access point is using channel 11, which channel will the repeater access point use?
A. channel 11
B. channel 1 or 6
C. any nonoverlapping channel
TestInside    642-382 
D. The root access point and the repeater will negotiate this setting.
Answer: A 
5. Refer to the exhibit.  
R2 is always in the init state. Which two statements are correct? (Choose two.)
A. R2 is seeing hello packets from R1.
B. R2 is not seeing hello packets from R1.
C. The exchanging of data between R1 and R2 is occurring because each is sending hello packets.
D. Two-way communication has not been established between R1 and R2 because R2 is not seeing its router ID in
the hello packets that it is receiving from R1.
E. R2 has an access list defined for S0 that is blocking an OSPF multicast IP address of 224.0.0.5.
Answer: AD 
6. You are migrating the network design from using point security products (perimeter router, firewall, VPN router,
IPS) to an integrated security solution using Cisco ISR. During the migration process, you determine that you
need to improve VPN performance. What can you do?
A. upgrade the Cisco IOS image on the ISR to the V3PN bundle
B. increase the RAM on the ISR
C. install AIM-VPN EPII-PLUS on the ISR
D. enable transparent tunneling using IPSec over TCP
Answer: C 
7. Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager
configurations of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the
site-to-site VPN between Router A and Router B.
TestInside    642-382  
What is the mostly likely cause of this fault?
A. Router A is using a standard IP ACL (100-149) while Router B is using a Turbo ACL (150?99).
B. The IKE encryption methods on the two routers are different.
C. The IPSec policy map names on the two routers are different.
D. The IPSec rules on the two routers are not permitting the correct interesting traffic.
Answer: B 
8. Refer to the exhibit. A company has just set up an e-commerce webhost on the DMZ. It was designed so that
partners can enter their equipment orders via a secure interface on a security appliance. The first time a partner
tried to access the e-commerce webhost at http://172.16.1.2, the partner could not gain access to the webhost. 
After reviewing the network diagram, the Cisco Adaptive Security Device Manager translation table, and Cisco
ASDM access list configuration shown in the exhibit, what did the corporate network administrator determine to
be the cause of the problem?
TestInside    642-382  
A. The pnet static translation entry is not configured correctly.
B. The URL that the partner is using is not configured correctly.
C. The pnet-access access list is not configured correctly.
D. The pnet global address is not configured correctly.
Answer: B 
9. Which network management tool is designed to allow businesses to manage up to 40 devices?
A. CiscoWorks Unrestricted
B. CiscoWorks SNMS
C. Campus Manager
D. Resource Management Essentials
Answer: B 
10. Which command assigns a cost value of "17" to a switch port?
A. spanning-tree interface fastethernet 5/8 17
TestInside    642-382 
B. spanning-tree portcost 17
C. spanning-tree port cost 17
D. spanning-tree vlan 1 cost 17
Answer: D 
11. Refer to the exhibit. The Cisco Aironet 802.11a/b/g Wireless LAN Client Adapter has two LEDs. Which two
LED states indicate that the card is associated to an access point and is working properly? (Choose two.) 
A. green LED off; amber LED solid
B. green LED off; amber LED blinking sporadically
C. green LED blinking quickly; amber LED blinking quickly
D. green LED blinking slowly; amber LED blinking slowly
E. green LED blinking slowly; amber LED blinking quickly
Answer: CD 
12. When troubleshooting poor network performance, which two symptoms would typically be associated with a
network layer problem? (Choose two.)
A. Packet loss is more than 30 percent.
B. There is excessive broadcast traffic.
C. There are excessive CRC errors.
D. Pings succeed only part of the time.
E. Slips are detected on WAN interfaces.
F. ARP requests are timing out.
TestInside    642-382 
Answer: AD 
13. You are configuring a VLAN and the switch you are using requires that you do so within the VLAN database.
Which command allows you to enter the VLAN database?
A. Switch# vlan database
B. Switch(config)# vlan database
C. Switch(config-if)# vlan database
D. Switch(vlan)# vlan database
Answer: A 
14. Which critical issue should you account for when implementing an integrated network security management
design?
A. NAT interoperates with encrypted voice traffic
B. host-based intrusion detection systems reside in the network
C. all network devices are time-synchronized
D. SNMP community read-write strings are configured to allow for total management access
Answer: C 
15. A customer with a small enterprise network of 15 remote sites is trying to optimize its VPN by migrating some
remote sites using Frame Relay connections to the Internet to using cable connections to the Internet. Minimizing
costs is one of the customer's highest priorities. Only a moderate amount of IP traffic is passing through the
network, most of which is from the remote sites to the central site. IPSec should be used to provide VPN
functionality and basic confidentiality is desired. 
Based on the traffic patterns, which topology would be the easiest for this customer to set up and manage?
A. full mesh
B. partial mesh
C. point-to-multipoint
D. hub-and-spoke
Answer: D 
TestInside    642-382 
16. Refer to the exhibit. A host on the Sales subnet (10.0.2.0/24) is not able to initiate a web connection to an
outside website. According to the network diagram and partial Cisco Adaptive Security Device Manager
configuration shown in the exhibit, what is the cause of the problem? 
A. The dynamic NAT global pool is not configured correctly.
B. The source networks for static NAT are not configured correctly.
C. The administrator has not added an access list to allow the connection.
D. The source network for dynamic NAT is not configured correctly.
Answer: D 
17. A user is unable to connect to the Cisco Router and Security Device Manager via HTTPS. Which two of these
might have caused this problem? (Choose two.)
A. The ip https server command is missing from the running configuration.
B. The ip http secure-server command is missing from the running configuration.
C. The user is trying to launch Cisco Router and Security Device Manager from the inside (secured) interface with
a firewall enabled.
D. The user has a privilege level lower than 15.
E. The browser security level is set too high.
Answer: BD 
18. Which command can be used to verify that RIPv2 is running on a router?
TestInside    642-382 
A. show startup-config
B. show ip route
C. show ip route rip
D. show ip protocols
Answer: D 
19. Refer to the exhibit. According to the Cisco Adaptive Security Device Manager window, which statement
about address translation is correct?
A. Using Network Address Translation, any host on the DMZ1 subnet (172.16.1.0) will be translated to a mapped
address on the outside interface of 192.168.1.11.
B. Using port address translation, DMZ2 host 172.16.10.2 will be translated on DMZ1 to IP address 172.16.1.22
with a dynamically assigned port address.
C. Using Network Address Translation, host 10.0.1.10 on the inside network will be dynamically translated to a
mapped address from the address pool of 192.168.1.20 to 192.168.1.94.
D. Using port address translation, outside host 192.168.1.10 with a dynamically assigned port address will be
translated to 10.0.1.11 on the inside interface.
Answer: C 
20. When using Cisco Router and Security Device Manager to configure AAA login authentication policies, which
four methods are available? (Choose four.)
A. group RADIUS: use a list of RADIUS hosts
B. group TACACS+: use a list of TACACS+ hosts
C. enable: use enable password
D. otp: use one-time password
E. local: use local database
F. default: use line password
Answer: ABCE 
21. Refer to the exhibit. A network administrator is troubleshooting an EIGRP connection between Router A and
Router B. Given the debug output on Router A, which two statements are true? (Choose two.)
TestInside    642-382  
A. Router A received a hello packet with mismatched autonomous system numbers.
B. Router A received a hello packet with mismatched hello timers.
C. Router A received a hello packet with mismatched authentication parameters.
D. Router A received a hello packet with mismatched metric-calculation mechanisms.
E. Router A will form an adjacency with Router B.
F. Router A will not form an adjacency with Router B.
Answer: DF 
22. Which two statements best describe the wireless core feature set using autonomous access points when
implementing Wireless Domain Services? (Choose two.)
A. The primary Layer 2 WDS server address is configured via the infrastructure access point GUI.
B. The primary Layer 2 WDS server address is automatically discovered by the infrastructure access points
through multicast.
C. The primary Layer 2 WDS is selected by the highest MAC address, followed by priority number.
D. The primary Layer 2 WDS is selected by the highest priority number, followed by MAC address.
E. The primary Layer 2 WDS is selected by the highest IP address, followed by MAC address.
Answer: BD 
23. A concern has been expressed that the switched infrastructure in an integrated network is vulnerable to VLAN
hopping attacks. Which two configuration statements can be used to mitigate VLAN hopping? (Choose two.)
A. switchport port-security
B. switchport port-security tagging
C. switchport access vlan
D. switchport double-tag snooping
E. switchport mode access
Answer: CE 
TestInside    642-382 
24. You enter the command show ip ospf neighbor and see "two-way/DROTHER" listed as the state for neighbor
10.1.1.1. What does this status indicate?
A. The neighbor 10.1.1.1 is not a DR or BDR.
B. The neighbor relationship with 10.1.1.1 has not yet completed.
C. DR and BDR election is in progress.
D. The neighbor 10.1.1.1 is the BDR.
Answer: A 
25. A customer with a large enterprise network wants to allow employees to work from home over the Internet.
The customer anticipates a large amount of traffic, predominantly toward the central site. The customer also
requires a VPN using strong user authentication and encryption to protect highly sensitive data. 
Which solution best meets this customer's requirements?
A. remote-access VPN with software encryption
B. remote-access VPN with hardware encryption
C. site-to-site VPN with hub-and-spoke tunnels using 3DES and pre-shared secrets
D. site-to-site Cisco Easy VPN
Answer: B 
26. Which two statements are correct about using Cisco Router and Security Device Manager (SDM) to configure
the OSPF routing protocol? (Choose two.)
A. Cisco SDM enforces the creation of area 0 when configuring OSPF.
B. Cisco SDM will use the supplied wildcard mask to exclude the host bits from the configured network address.
C. Cisco SDM allows the configuration of an area range to allow route summarization between OSPF areas.
D. Cisco SDM allows the selection of OSPFv1 or OSPFv2.
E. Cisco SDM allows the configuration of passive interfaces.
Answer: BE 
27. Which three statements are correct about the IEEE 802.3af Power over Ethernet standard? (Choose three.)
A. It defines a port that acts as a power source to be a PSE.
B. It defines a powered device to be a PDE.
TestInside    642-382 
C. It defines how a powered device is detected.
D. It defines three methods of delivering Power over Ethernet to the discovered powered device.
E. It describes five power classes to which a device may belong.
F. It defines power class 0 as being reserved for future use.
Answer: ACE 
28. Users logging into Cisco Router and Security Device Manager should be authenticated using the Cisco ISR
local user database. Currently, none of the users can access Cisco Router and Security Device Manager via HTTP.
You should check the configuration of which command or commands when attempting to resolve this problem?
A. ip http secure-server
B. ip http authentication local
C. line vty 0 5
login local
D. aaa new-model
aaa authentication login default local
Answer: B 
29. A customer in Europe needs to establish an 11-Mbps wireless bridge link between two office buildings that are
approximately 1.3 km apart. The wireless link will pass through a public park, which contains a lake that is
surrounded by trees. You run the range calculation and determine that the Cisco Aironet 1300 Series Outdoor
Access Point/Bridge should work. You install the link using 10.5-dB yagis with 75 feet of standard Cisco cabling
and both radios set at 20 mW. The wireless bridges are not able to establish or maintain a link. 
What is needed to successfully complete this link?
A. An amplifier needs to be installed at one of the sites.
B. The antenna must be raised high enough to clear the trees.
C. Lower loss cabling needs to be used to bring the EIRP into legal limits.
D. Due to the trees, a 21-dBi dish needs to be used for its narrower beamwidth.
Answer: B 
30. The customer wants to implement wireless security through implementation of WPAv2. Which component of
TestInside    642-382 
WPAv2 would limit the rollout because of the continued use of old access points?
A. 48-bit IV
B. AES
C. TKIP
D. MIC
Answer: B 
31. Which statement is true about a Cisco Aironet 350 Series wireless client when its green LED appears to be off
and its amber LED is blinking?
A. The client adapter is scanning for a network.
B. The client adapter is in ad hoc mode.
C. The client adapter is performing a self-test.
D. The client adapter is in power-save mode.
Answer: D 
32. You are troubleshooting OSPF neighbor establishment problems, which are occurring over Frame Relay
interfaces that use the default OSPF network type. What should you verify in the router configuration?
A. the ip ospf network point-to-point statement under the Frame Relay interface
B. the ip ospf priority 0 statement on the Frame Relay interface on the designated router
C. the neighbor statements on the Frame Relay interface
D. the frame-relay map statement on the Frame Relay interface
Answer: D 
33. Refer to the exhibit. The tables contain information from the Cisco Router and Security Device Manager
configurations of Router A and Router B. Traffic between Host 1 and Host 2 is not successfully establishing the
site-to-site VPN between Router A and Router B. 
What is the mostly likely cause of this fault?
TestInside    642-382  
A. Router A is using a standard IP ACL (100-149) while Router B is using a Turbo ACL (150?99).
B. The IPSec encryption methods used by each router do not match.
C. The D-H Group settings on the two routers are the same.
D. The IPSec rules on the two routers are not permitting the correct interesting traffic.
Answer: B 
34. Refer to the exhibit. According to the error log, VLAN 1 is where the BPDU was received, and VLAN 2 is
where the BPDU originated. When inconsistency is detected, what happens? 
A. VLAN 1 is blocked, while VLAN 2 is forwarding.
B. VLAN 1 is blocked, while VLAN 2 is listening.
TestInside    642-382 
C. Both VLANs are listening on the port from which this BPDU is sent.
D. Both VLANs are blocked on the port from which this BPDU is received.
Answer: D 
35. A company needs to provide site-to-site VPN, remote access VPN, and firewall protection. Which device best
supports all three functions?
A. Cisco PIX
B. Cisco ASA
C. Cisco Concentrator
D. Cisco Router and Security Device Manager
Answer: B 
36. The network administrator has configured the SSID value in a wireless Cisco Aironet client card. What is the
result of the client-to-access-point association if the client SSID1 is left blank, and the SSID2 is assigned a value
of my_ssid?
A. The client will consider SSID1 a null value, causing the client to request the SSID from the access point.
B. The client software will not allow this configuration and will create an error message until the configuration is
corrected.
C. The client software will replace SSID1 with SSID2, and use my_ssid to attempt association with the access
point.
D. The client software will attempt association with the access point using a null value of SSID1, and if not
successful it will rotate to use the SSID2 value of my_ssid.
Answer: C 
37. You have applied a firewall configuration to your router using the Cisco Router and Security Device Manager
(SDM) Firewall wizard. You find that you are now locked out and access via Cisco SDM is denied. After
accessing the router via the console port, what must you do to regain access via Cisco SDM?
A. Generate an RSA key pair between the host and device to allow secure access.
B. Specify the Cisco SDM management port number to gain access.
C. Create a loopback interface and connect to that IP address for management purposes when the configuration
has been applied to the router.
TestInside    642-382 
D. Modify the access list that denies Cisco SDM access.
Answer: D 
38. Which two statements best describe the wireless core feature set using autonomous access points when
implementing Wireless Domain Services? (Choose two.)
A. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated
Services Router.
B. Layer 2 services can be configured in a Cisco Aironet autonomous AP or a Cisco Integrated Services Router.
C. Layer 2 and Layer 3 services can be configured in a Cisco Aironet autonomous AP or controllers.
D. Layer 3 services can be configured in WLSM.
E. Layer 3 services can be configured in WLSE.
Answer: BD 
39. OSPF routes are being redistributed into EIGRP but they are not showing up in the routing table. What are two
possible causes? (Choose two.)
A. CEF has not been enabled.
B. Synchronization has been turned off.
C. Incorrect distribute lists have been configured.
D. No default metric has been configured for EIGRP.
E. The ip classless command is missing.
F. There are mismatched autonomous system numbers.
Answer: CD 
40. A North American customer is using 2.4-GHz radios in a point-to-point configuration. The radio power level is
17 dBm and is transmitting at 11 Mbps. The customer is using 21.5-dBi dish antennas and 50 feet of cabling, with
a loss of 8.4 dB per 100 feet. The customer increased the distance between the transmitter stations and began
experiencing link problems. 
Without using a professional installer, which step should the customer take to fix the situation?
A. Use a cable with lower loss.
B. Upgrade to an 802.11a radio.
TestInside    642-382 
C. Install a higher gain antenna.
D. Increase the transmitter power.
Answer: A 
41. In an infrastructure based on a wireless advanced feature set using lightweight access points, by which method
is a rogue contained?
A. The WCS sends excessive traffic to the rogue, thus overloading the access point.
B. The rogue MAC address is used to spoof broadcast deassociation packets.
C. The rogue MAC address is used to spoof broadcast deauthentication packets.
D. The WCS sends out excessive signals on the same channel when the rogue is detected.
Answer: C 
42. Refer to the exhibit. According to the Cisco VPN Client software outputs shown, which two statements are
correct about the connection entry named isr? (Choose two.)
TestInside    642-382  
A. HMAC-SHA1 is used to authenticate the remote users.
B. Preshared key is used to authenticate the remote peer.
C. AES is used to provide data confidentiality.
D. The Cisco VPN Client software is assigned an internal IP address of 192.168.1.1.
E. The PC that is running the Cisco VPN Client software will not have access to the local LAN once the PC is
connected into the VPN.
Answer: BE 
43. You have configured and applied a Cisco IOS Firewall access rule to the inbound, untrusted interface. You
suspect that the rule may be blocking necessary traffic onto the network. What must you do to delete that rule
TestInside    642-382 
when using Cisco Router and Security Device Manager?
A. Select ACL Editor > Access Rules to delete the rule.
B. You must remove the association between the rule and the interface before deleting the rule.
C. You must delete the associated access list on the interface, then reconfigure the access list as required, and then
reapply the access group to the proper interface.
D. Go to the Edit Firewall Policy tab to delete the rule.
Answer: B 
44. Refer to the exhibit. This display has been truncated to remove information that is not relevant to the question.
What would be a reason that there have been 21 ignored packets? 
A. Ethernet0 has no CDP neighbors.
B. There are no free input buffers to accept new packets.
C. There are no free output buffers for packets, which are traversing the router, to go into for transmission.
D. Ethernet0 and the neighbor that it is connected to are not running the same routing protocol.
E. This is not a valid error display. The display has been modified to show that there have been ignored packets.
Answer: B 
45. After configuring VTP, you no longer receive updates as expected. Which command can you use to verify the
number of VTP advertisements being transmitted?
A. show vtp database
B. show vtp counters
C. show vtp statistics
D. show vtp status
Answer: B 
46. You have just configured HSRP and need to determine which router is active. Which command should you
enter?
TestInside    642-382 
A. show ip hsrp active
B. show standby active
C. show standby
D. show active
Answer: C 
47. An 802.11b telephone is receiving an audio signal from an access point, but cannot send audio. What is a
possible cause?
A. The RSSI value on the telephone is greater than 35.
B. The access point is set to receive only at 802.11g data rates.
C. The security settings in the telephone do not match the settings in the access point.
D. The transmit power in the telephone is significantly lower than the transmit power in the access point.
Answer: D 
48. Which two features are only supported when using the Cisco Router and Security Device Manager (SDM)
Advanced Firewall wizard and not supported when using the Cisco SDM Basic Firewall wizard? (Choose two.)
A. deep-packet inspections
B. IP unicast Reverse Path Forwarding on the outside (untrusted) interface
C. DMZ services
D. custom inspection rules
E. proxy authentication
Answer: CD 
49. Refer to the exhibit. Which statement is correct about the information in the Cisco Adaptive Security Device
Manager General and License Information screen?
TestInside    642-382  
A. The security appliance supports active/active failover only.
B. The security appliance supports 3DES-AES only.
C. The managed device is a Cisco ASA 5540 Security Appliance with VPN premium license enabled.
D. The managed device is a Cisco PIX 515E Security Appliance.
Answer: D 
50. A client is experiencing lower throughput and more packet retransmits in one area of the wireless network. At
these times, the client utility shows high signal strength but low signal quality. What may be causing this issue?
A. The client does not support Cisco Compatible Extensions version 2.
B. Diversity is not enabled in the access point.
C. The WDS is failing to register the client card in the WLSM.
D. The channel is set incorrectly in the access point or in the client configuration.
Answer: B
相关阅读

Copyright ©2013-2015 江浙沪招生考试网 All Rights Reserved.
地址: 苏州市姑苏区阊胥路483号(工投创业园)  电话:0512-85551931 邮编: 214000
邮箱: [email protected] 版权所有:苏州迈峰教育科技有限公司 苏ICP备15050684号-2