hp2-z04 questions

Thursday, January 14, 2010, 8:48

Exam Topics
647 views
Add a comment

Check below the questions; please anybody can share us and provide us the answers!!!

What must be enabled on a Cisco switch for Cisco PVST+ to interoperate with ProCurve devices running 802.1s (MSTP) spanning tree?

http://www.passguide.com/HP2-Z04.html

A.
VLAN 4096
B.
the native VLAN
C.
PVST+ compatibility mode
D.
802.1s (MSTP) compatibility mode
E.
VLAN 1

What is the maximum number of untagged VLAN assignments on each port of an HP ProCurve Switch 3500yl-24PoE?

A.
1
B.
2
C.
10
D.
the number set with the max-VLANs command

You want a ProCurve switch to send SNMPv2c traps to a management station. What must you configure? (Select two.)

A.
the correct SNMP encryption password
B.
the IP address of the host that will receive the traps
C.
SNMP Read/Write access to the host that will receive the traps
D.
the correct SNMP username and password for the host that will receive the traps
E.
the SNMP community string of the host that will receive the traps

What does Secure Shell (SSH) use to conceal the content management traffic from eavesdroppers?

A.
asymmetric cryptography
B.
symmetric cryptography
C.
message authentication codes
D.
username and password authentication

Your network includes only one DHCP server, which is in a different VLAN from many DHCP clients. Which statement is true about configuring a DHCP Helper address on the DHCP clients’ VLANs?

A.
The DHCP Helper address converts the VLAN tag of the client’s broadcasts to allow the DHCP server to assign the correct unicast IP address.
B.
The DHCP Helper address is not required because switches automatically forward DHCP requests to the appropriate DHCP servers.
C.
The DHCP Helper includes a list of addresses that the switch assigns to clients in unicast DHCP replies.
D.
For the DHCP clients’ broadcasts to reach the server, the switch must translate them to traffic directed to the DHCP helper address.

An IT manager wants to form a dynamic LACP trunk between two switches to increase bandwidth in the network. What are valid configurations for achieving this goal? (Select two.)

A.
Switch 1 ports = LACP Passive; Switch 2 ports = LACP Passive
B.
Switch 1 ports = LACP Active; Switch 2 ports = LACP Active
C.
Switch 1 ports = LACP Active; Switch 2 ports = LACP Passive
D.
Switch 1 ports = HP Trunguide; Switch 2 ports = LACP trunguide
E.
Switch 1 ports = 100FDx; Switch 2 ports = 1000FDx
What is achieved by a shared secret, configured on both the RADIUS server and the RADIUS client? (Select two.)

A.
It defines the authentication domain.
B.
It authenticates the server and client to each other.
C.
It sets the password for users allowed to connect to the network.
D.
It sets the password for switch managers.
E.
It verifies the integrity of RADIUS messages.

placed in blocguide

Which value composes the unique byte of a Master VRRP router’s MAC address?

A.
the default priority of the original VRRP Master
B.
a random number between 1-255 that is generated when the VRRP instance is created
C.
the Master’s loopback address
D.
the ID associated with the VRRP instance
You have created a port trunk consisting of three links between two HP ProCurve switches: Switch A and Switch B. When Device C sends a packet to Server D, Switch A forwards the packet over link 1 in the trunk.

Which statement is true about how Switch A will transmit the next packet between Device C and Server D?

A.
It will send the packet over link 1 unless link 1 has reached the congestion threshold.
B.
It will send the packet over link 2 or link 3.
C.
It will send the packet over any of the three links, selected randomly.
D.
It will send the packet over link 1.

You are attempting to estimate the range of your wireless access point’s signal. Which factors affect the Effective Isotropic Radiated Power (EIRP) of its radio?

A.
data rate and signal attenuation
B.
cable loss and antenna gain
C.
traffic patterns and antenna gain
D.
transmit power and signal attenuation

Which security technology in Internet Key Exchange (IKE) allows endpoints to generate secure keys without agreeing to them beforehand?

A.
AES
B.
Diffie-Hellman
C.
RSA
D.
HMAC
Which statement is correct about security technology implemented in SNMPv3?

A.
SNMPv3 applies authentication keys and algorithms to management traffic so that the recipient can verify that packets have not been tampered with.
B.
SNMPv3 utilizes symmetric cryptography, which uses a pair of mathematically related hash functions to encrypt and decrypt messages.
C.
SNMPv3 uses hash functions and encryption algorithms such as MD5 and SHA-1.
D.
When using the AES algorithm with SNMPv3, it produces a larger message digest than the DES algorithm.

Your company’s security policies require managers to use HTTPS to access Web browser interfaces of infrastructure products. Which tasks must you complete on each product? (Select two.)

A.
Generate a self-signed server certificate for HTTPS.
B.
Install a server certificate for HTTPS obtained from a Certificate Authority.
C.
Install a client certificate for HTTPS obtained from a Certificate Authority.
D.
Generate a certificate revocation list for HTTPS.
E.
Generate an HTTPS client certificate.

You are running Secure Shell (SSH) on your HP ProCurve switch, and you want to authenticate the device that you use to manage the switch using the SSH-Client-Public-Key method. What must you do?

A.
Generate a public and private key pair on the client, copying the client private key to the switch.
B.
Generate a public and private key pair on the switch.
C.
Copy the switch public and private key pair to the client.
D.
Generate a public and private key pair on the client, copying the public key to the switch.

A router has several interfaces that are all in the same OSPF areas. You want the router to receive a default route and summary routes but no routes that have been redistributed into OSPF from another routing method. How should you define the router’s OSPF area?

A.
Stub Area
B.
Not-So-Stubby Area
C.
transit Area
D.
type 3 area
Which type of OSPF Link State Advertisement (LSA) does an Area Border Router (ABR) send into one area to advertise a summary route to all networks in another area?

A.
type 5
B.
type 3
C.
type 2
D.
type 1
Which parameter should you configure on an Autonomous System Border Router (ASBR) to allow it to produce special Link State Advertisements (LSAs) that advertise external routes in a stub area?

A.
Not-So-Stubby Area
B.
Static Route Mapping
C.
Stub Area
D.
Backup Designated Router
You want to establish a WAN connection using an X.21 cable. What is the correct Layer 2 protocol to configure on your router to support this connection?

A.
ATM
B.
Frame Relay
C.
HDLC
D.
PPPoE
A multicast packet is received on a switch in a VLAN that does not have IGMP enabled. How is the packet handled?

A.
The packet is flooded to a subset of the hosts on the VLAN, based on the source IP address of the multicast stream.
B.
The packet is transmitted on all ports that belong to the VLAN.
C.
Because the routing interface for the VLAN has no way of resolving which hosts on the VLAN wish to join the multicast, the packet is dropped.
D.
Because the switch has no way of resolving which hosts on the VLAN wish to join the multicast, the packet is flooded to all Rendezvous Points for proper routing.
A multicast packet is received on a switch in a VLAN that does not have IGMP enabled. How is the packet handled?

Which statements are correct about the VLAN membership of a given single port? (Select two.)

A.
A port may be an untagged member of only one VLAN at a given time.
B.
A port must be a tagged member of every VLAN for which it will be forwarding traffic.
C.
Any uplink port that connects two switches must be a tagged member of all VLANs that exist on both switches.
D.
A port may be a tagged member of only one VLAN at a given time.
E.
A port must be a member, either tagged or untagged, of at least one VLAN.

A frame arrives on an HP ProCurve switch port that is a tagged member of VLAN 3. It is destined for the switch’s MAC address because the switch is the router for this VLAN. The switch finds a route for the traffic that uses VLAN 6 as the forwarding interface. VLAN 6 is untagged on one of the switch’s ports.

How does the switch handle the traffic?

A.
It drops the frame because it cannot create the proper Layer 2 header.
B.
It replaces the VLAN 3 tag with the VLAN 6 tag so that it can forward the traffic correctly.
C.
It forwards the traffic through the VLAN 6 port, creating a new Layer 2 header for the frame.
D.
It forwards traffic through the VLAN 6 port, creating a new Layer 3 header in order to route the traffic to the new VLAN.
What is one benefit of forcing management users of HP ProCurve switches to authenticate to a network RADIUS server?

A.
You minimize the chances of a failed network link cutting off management access to your switches.
B.
You can create different usernames and passwords for each user.
C.
You can choose any EAP method that you want to authenticate the users.
D.
Authenticated users with manager rights automatically receive manager-level access.

Port b12 on an HP ProCurve Switch 4204vl is a tagged member of VLAN 4. Which device can communicate through this port?

A.
a switch port or any other device including an endpoint that tags traffic for VLAN 4
B.
only a switch port that is an untagged or tagged member of VLAN 4
C.
an endpoint that cannot insert or remove 802.1Q tags
D.
only another switch port that is a tagged member of VLAN 4
You have made configurations in the CLI of your HP ProCurve switch. Which command should you enter if you want the configurations to persist when you reboot it?

A.
save startup-config
B.
write memory
C.
save running-config
D.
copy running-config startup-config
E.
write config
A company requires network administrators to use secure, encrypted CLI sessions to access their HP ProCurve Switches 5406zl. Which authentication methods can they use to log in? (Select three.)

A.
Web-Auth
B.
802.1X
C.
Kerberos
D.
local username and password
E.
public key
F.
RADIUS
You have accessed the CLI of your HP ProCurve Switch 3500yl-24G-PWR. You want to copy a new software revision from your management station to the switch. Which methods can you use? (Select two.)

A.
FTP over IP connection
B.
TFTP over serial port connection
C.
direct serial port transfer
D.
TFTP over IP connection
E.
SNMPv3 transfer over IP connection
SSH users can log in to a switch’s CLI as operators or managers, which determines the tasks they can perform. How can you further limit certain SSH users’ access so that they can only enter a set list of commands?

A.
Configure the authorized commands in Identity Driven Manager.
B.
Use SNMPv3 access levels to restrict these users’ access.
C.
Enable command authorization for RADIUS authentication.
D.
Create local user accounts, which specify the commands that users can enter.

You are configuring the settings on HP ProCurve switches so that they can authenticate management users to your network RADIUS server. What information must you know about the RADIUS server? (Select three.)

A.
EAP method used by RADIUS server
B.
port on which it listens for authentication messages
C.
shared secret or encryption key used by the RADIUS server
D.
name of the Active Directory group for management users
E.
names of the users that will be authorized to use the switch
F.
IP address

Which methods are used by ProCurve Manager Plus to discover manageable devices? (Select three.)

A.
scanning TCP ports
B.
performing ICMP echo sweeps
C.
scanning for ProCurve-specific protocols
D.
examining the table switches used to map IP address to MAC addresses
E.
using pings to obtain access to their CLI
F.
looguide up switches’ CDP and LLDP tables
Which event triggers an HP ProCurve switch enforcing the Virus Throttle technology to take action?

A.
A source IP address attempts to open more sessions within a certain time period than is allowed by the configured threshold.
B.
The aggregate flow of packets sent over a trunk or a list of ports reaches a configured threshold.
C.
The number of source IP addresses that have attempted to create a denial of service (DoS) attack exceeds a configured threshold.
D.
The number of TCP SYN requests sent to any one of the switch’s management interfaces exceeds a configured threshold.

When configuring remote mirroring between two ProCurve switches, why must you enable jumbo frames?

A.
because remote mirroring cannot encapsulate normal-size Ethernet frames
B.
because remote mirroring copies all the traffic received on a port, which increases the traffic volume
C.
because remote mirroring adds a header that might increase the size of a frame beyond the typical maximum
D.
because jumbo frames are required in order for remote mirroring to copy all of the necessary information

A switch is running Multiple Spanning Tree Protocol (MSTP). What is achieved by setting its Bridge Priority for an MST instance to 0?

A.
The switch is always elected root bridge of that instance unless another switch has the same priority.
B.
The switch is always elected root bridge of that instance.
C.
A different switch is always elected root bridge of that instance.
D.
A different path through the network is selected in preference to one that uses this switch.

Which statement is correct about the role in VRRP of the switch shown at the top of the exhibit?

A.
It must be configured to be Master of VRIDs associated with VLANs 10, 20, and 30.
B.
It must be Master for the VRIDs associated with VLANs 20 and 30 and can be Master or Backup for the VRID associated with VLAN 10.
C.
It must be Backup for VRIDs for VLANs 10, 20, and 30.
D.
It must be Master for the VRID associated with VLAN 10 and can be Master or Backup for the VRIDs associated with VLAN 20 and 30.

You are configuring Multiple Spanning Tree Protocol (MSTP) on three ProCurve 5412zl Switches and two 3500 Series switches. You want the switches to join the same region. Which settings must match exactly on all of the switches? (Select two.)

A.
port priorities for shared links in each MST instance
B.
tagged VLAN membership on all switch-to-switch links in an MST instance
C.
configuration name and revision
D.
VLANs mapped to each MST instance
E.
link mappings for each MST instance
Port a1 on a ProCurve Switch 8212zl is a tagged member of VLAN 10 and an untagged member of VLAN 2. Port a2 and port a3 are untagged members of VLAN 2. What is the effect of entering the following command at the CLI?

Switch 8212zl(config)# trunk a1-a3 trk1

A.
The trunk is not defined because the ports’ VLAN memberships do not match.
B.
The only effect is that the trunk is defined as an untagged member of VLAN 2.
C.
The trunk is defined as an untagged member of the default VLAN.
D.
The trunk is defined as an untagged member of VLAN 2 and a tagged member of VLAN 10.

Which characteristics must an OSPF ABR router have? (Select two.)

A.
at least one interface in a not-so-stubby area
B.
at least one interface in a non-backbone area
C.
route redistribution enabled
D.
at least one interface in the backbone area

E.
at least one interface in a totally stub area
You configure VLAN 10 and VLAN 24 on a ProCurve Switch 5406zl. The network servers reside in VLAN 10, which has an IP address range of 10.1.10.0/24. Network clients reside in VLAN 24, which has an IP address range of 10.1.24.0/24. You configure an ACL with these entries and apply it statically to ports in VLAN 24:

permit tcp 10.1.24.0 0.0.0.255 10.1.10.10 0.0.0.0 eq ftp
permit tcp 10.1.24.0 0.0.0.255 10.1.10.10 0.0.0.0 eq http
permit tcp 10.1.24.0 0.0.0.255 10.1.10.10 0.0.0.0 eq telnet
deny tcp 10.1.24.0 0.0.0.255 10.1.10.10 0.0.0.0
permit tcp 10.1.24.0 0.0.0.255 10.1.10.0 0.0.0.255

What is the effect of these ACLs on the clients located in VLAN 24?

A.
They will be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but full access to everything else in the 10.1.10.0 subnet.
B.
They will be allowed only FTP, HTTP, and Telnet access to 10.1.10.10, but no access anywhere else.
C.
They cannot access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL.
D.
They will have no access because the ACL is misconfigured.
What does this output from the show ip ospf neighbor command indicate about the OSPF neighbor relationship between this router and the router with ID 10.3.0.1?

A.
They are in different OSPF areas and cannot achieve adjacency.
B.
They have been unable to exchange their LSA databases.
C.
They are configured with different OSPF versions.

D.
They are not eligible to be elected DR or BDR.
You must configure ProCurve switches to provide QoS for a VoIP solution at a customer site. Which feature must be supported on the VoIP phones in order for you to use the switches’ default QoS settings?

A.
support for setting their traffic’s 802.1p level
B.
support for Power over Ethernet (PoE)
C.
ability to use DiffServ or IP ToS to mark the Layer 2 priority
D.
LLDP-MED
What are administratively scoped multicast addresses?

A.
addresses that are used by infrastructure devices
B.
addresses that are associated with well-known protocols such an RIP and OSPF
C.
addresses for multicast traffic that must remain within the local intranet
D.
addresses that are reserved for future applications and protocols
You connect an IP telephone that supports LLDP-MED to a port on a ProCurve Switch 2610-48-PWR. The port is a member of a voice VLAN and also requires 802.1X authentication. How will LLDP-MED and 802.1X interact?

A.
The switch will permit the phone to submit its LLDP-MED information, which if valid, will also suffice for 802.1X authentication.
B.
The phone must verify its identity to a RADIUS server before it can send any non-EAP messages, including LLDP-MED ones.
C.
The switch will permit the phone’s first LLDP-MED frame, from which it will extract information, to submit the phone’s 802.1X authentication credentials.
D.
The switch will submit the phone’s authentication credentials to a RADIUS server after the devices exchange LLDP-MED information.

VRRP routers send each other messages to indicate they are still up. How many of these messages can the router currently in charge of routing traffic miss sending, before other routers considered it to have failed?

Which device in a VRRP instance has the default priority of 255?

the router that owns the VRRP instance

the router that owns the virtual router IP address

the master router that owns the virtual router IP address

the backup router that owns the virtual router IP address
Which messages can an interface transmit when placed in blocguide state by STP?

STP BPDUs and LLDP advertisements

STP BPDUs and OSPF LSAs

switch management traffic and ProCurve Manager Discovery traffic

LLDP advertisements and switch management traffic
Which protocol uses the 244.0.0.18 multicast group address?

OSPF

VRRP

RIPv2

IGMP
Which type of encryption is used for Wi-Fi Protected Access (WPA) version 2?

RC4

EAP-TTLS

AES-CCM

TKIP
A WLAN does not broadcast the service set identifier (SSID), allowing only clients that know the SSID to associate. What is this feature called?

Wired Equivalent Protocol (WEP)

802.11 authentication

closed system

Wi-Fi Protected Access (WPA)
Which security attributes are accomplished by using authentication algorithms to create message digests?

privacy and non-repudiation

integrity and authenticity

privacy and authenticity

non-repudiation and secure key distribution
Which statements are correct about Secure Shell (SSH) authentication? (Select two.)

Authentication of a device to an SSH client is mandatory.

An SSH client key pair created using RSA or DSA can be used.

An SSH client can submit a user’s credentials in order to be authenticated.

Each concurrently connected SSH client must be authenticated based on a distinct public key if RSA is used.

An SSH client can be authenticated by its public key.
Item 20 of 60
Mark item for review

Which statement is correct about Public Key Infrastructure (PKI) as typically used for SSL?

It uses digital certificates to manage symmetric key exchanges between a sender and a receiver.

It is a symmetric key scheme that uses digital certificates and certificate authorities to encrypt messages.

It uses a mathematically complementary key pair, one private and one public, but does not use digital certificates.

It uses a symmetric key scheme to manage key exchange and uses digital certificates to encrypt the message to ensure confidentiality, authentication, integrity, and nonrepudiation.

You are running Secure Shell (SSH) on your HP ProCurve switch, and you want to authenticate the device that you use to manage the switch using the SSH-Client-Public-Key method. What must you do?

Generate a public and private key pair on the client, copying the client private key to the switch.

Generate a public and private key pair on the switch.

Copy the switch public and private key pair to the client.

Generate a public and private key pair on the client, copying the public key to the switch.
You have configured values for the Tunnel-Type, Tunnel-Pvt-Group-ID, and Tunnel-Medium-Type attributes in a policy on your RADIUS server. Which dynamic setting(s) have you created?

dynamic ACL only

dynamic VLAN only

dynamic rate limit only

dynamic rate limit and dynamic VLAN

dynamic ACL and dynamic VLAN

PassGuide Cisco Exams Questions & Training Materials

Share
Delicious Digg Design Float Mixx Reddit StumbleUpon Technorati

Tags: hp

About the Author

PassGuide Free Certification Exam Download has written 11070 stories on this site.

If you have any doubts about legality of content or you have another suspicions, feel free to contact us:CertGuard@Gmail.com