[March 2018] Free Share Lead2pass VMware 2V0-642 VCE Dumps With New Update Exam Questions 313q

Free Sharing Of VMware 2V0-642 Brain Dumps From Lead2pass:

https://www.lead2pass.com/2v0-642.html

QUESTION 11
What are three switch features found only on vSphere Distributed Switches? (Choose three.)

A.    Network I/O Control
B.    CDP
C.    LLDP
D.    SR-IOV
E.    Port Mirroring

Answer: ACE

QUESTION 12
You have deployed a two-tiered application using four virtual machines:

– Two virtual machines are web application servers
– Two virtual machines providing a clustered database service

What feature can you configure to provide the most accurate account for only the traffic between the web servers and the clustered database?

A.    On the vSphere Distributed Switch, configure the use of a port mirroring session using the Encapsulated Remote Mirroring (L3) Source session type.
B.    On the vSphere Distributed Switch, configure the use of a port mirroring session using the Remote Mirroring Destination session type.
C.    On the vSphere Distributed Switch, configure the use of an Isolated Private VLAN for the ports of the four virtual machines.
D.    On the vSphere Distributed Switch, configure Netflow for the distributed virtual port group and enable Process internal flows only for the distributed switch.

Answer: D

QUESTION 13
Which three network policy settings can only be configured on a vSphere 5.5 Distributed Switch? (Choose three.)

A.    Access Control Lists (ACLs)
B.    Network I/O Control
C.    LACP v2
D.    NetFlow
E.    DSCP Marking

Answer: ACE

QUESTION 14
Which two vSphere components are required for NSX? (Choose two.)

A.    Standard vSwitch
B.    Network I/O Control
C.    Distributed Port Group
D.    VMkernel port

Answer: CD

QUESTION 15
What is the minimum MTU size recommended by VMware for the physical network when deploying NSX for vSphere?

A.    1550
B.    1600
C.    2148
D.    9000

Answer: B

QUESTION 16
A company wants to deploy VMware NSX for vSphere with no PIM and no IGMP configured in the underlying physical network. This company also must ensure that non- ESXi hosts do not receive broadcast, unknown unicast or multicast (BUM) traffic.
Which replication mode should the logical switches be deployed with?

A.    Unicast Replication Mode
B.    Multicast Replication Mode
C.    Hybrid Replication Mode
D.    Transport Zone Mode

Answer: A

QUESTION 17
Your data center clusters are configured as shown in the exhibit:

171

Core0 uses Virtual SAN and hosts virtual machines running the following components:

– vCenter Server
– Single Sign-On Server
– Update Manager
– SQL Server database

Core1, Core2, and Core3 use a single Fibre Channel attached storage array. Core1 hosts over 500 virtual machines. Core2 hosts over 400 virtual machines. Core3 hosts 100 virtual machines.
Following VMware’s best practices, NSX Controller components should be deployed to which location(s)?

A.    Deploy three NSX Controllers, one on each host of Core0.
B.    Deploy four NSX controllers, one on each cluster in the data center.
C.    Deploy 27 NSX controllers, one for each host in the data center.
D.    Deploy three NSX controllers. Deploy one in Core1, one in Core2, and one in Core3.

Answer: A

QUESTION 18
Your data center is made up of two VMware vCenter Server instances.
Each vCenter Server manages three clusters with 16 hosts per cluster.
In preparing for your VMware NSX deployment, how many vShield Endpoint instances will you have?

A.    2
B.    6
C.    48
D.    96

Answer: D

QUESTION 19
After deploying NSX, an administrator does not see the Networking & Security tab when connecting to the vCenter Server using the vSphere Web Client.
What should the administrator do?

A.    Register the NSX Manager with the vCenter Server.
B.    Register the NSX Manager with the Inventory Service.
C.    The NSX Controllers must be deployed before NSX Manager is available.
D.    The NSX Manager must be configured to use Single Sign-On before it will be available.

Answer: A

QUESTION 20
A company hosts an internal website on multiple virtual machines attached to a Logical Switch with VNI 7321. A Distributed Router serves as the virtual machines’ default gateway.
When an user resolves the URL for the website, the internal DNS server responds with the IP address of one of the virtual machine’s IP addresses in a round robin fashion. This approach results in some virtual machines having a much higher number of user sessions than others.
The company wants to deploy a NSX Edge Service Load Balancer to improve on this situation. Which distribution method can be configured on the NSX Edge Load Balancer to meet the company’s needs?

A.    LEAST_CONN
B.    IP_HASH
C.    LEAST_LOAD
D.    URI

Answer: A

2V0-642 dumps full version (PDF&VCE): https://www.lead2pass.com/2v0-642.html

Large amount of free 2V0-642 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDOXNjQ3RFdDhydUU

[March 2018] 100% Pass Lead2pass 2V0-622D New Questions Free Version 168q

100% Valid Lead2pass VMware 2V0-622D New Questions Free Version:

https://www.lead2pass.com/2v0-622d.html

QUESTION 11
Which three prerequisites must be in place prior to enabling secure boot for a virtual machine? (Choose three.)

A.    VirtualMachine.Config.Settings privileges
B.    an encrypted USB drive
C.    Virtual Hardware version 13 or later
D.    Virtual Hardware version 12 or later
E.    EFI firmware

Continue reading

[March 2018] Ensure Pass 2V0-622 Exam By Training Lead2pass New PDF Dumps 399q

Ensure Pass 2V0-622 Exam With Lead2pass New 2V0-622 Brain Dumps:

https://www.lead2pass.com/2v0-622.html

QUESTION 11
Which two methods are recommended for managing the VMware Directory Service? (Choose two.)

A.    Utilize the vmdir command.
B.    Manage through the vSphere Web Client.
C.    Manage using the VMware Directory Service.
D.    Utilize the dc rep command.

Continue reading

[March 2018] New Lead2pass VMware 2V0-621D New Questions Free Download 256q

New Released Exam 2V0-621D PDF Free From the Lead2pass:

https://www.lead2pass.com/2v0-621d.html

QUESTION 11
Which two methods are recommended for managing the VMware Directory Service? (Choose two.)

A.    Utilize the vmdir command.
B.    Manage through the vSphere Web Client.
C.    Manage using the VMware Directory Service.
D.    Utilize the dc rep command.

Answer: AB
Explanation:
To manage VMware directory service, you can use vmdir command and vsphere web client. VMware directory service is always managed using vmdir command which is specifically used for directory services.

QUESTION 12
What are two sample roles that are provided with vCenter Server by default? (Choose two.)

A.    Virtual machine User
B.    Network Administrator
C.    Content Library Administrator
D.    Storage Administrator

Answer: AB
Reference:
https://books.google.com.pk/books?id=35TE4cSycNAC&pg=PA97&lpg=PA97&dq=sample+roles+that+are+provided+with+vCenter+Server+by+default&source=bl&ots=ggd5VKGky5 &sig=-lc0Juby-tkvddWsrG_zHgEDTQY&hl=en&sa=X&ved=0CDcQ6AEwBWoVChMIlZH2x8WExgIVxDoUCh2N1AC2#v=onepage&q=sample%20roles%20that%20are%20provided%20with%20vCenter%20Server%20by%20default&f=false

QUESTION 13
Which three services can be enabled/disabled in the Security Profile for an ESXi host? (Choose three.)

A.    CIM Server
B.    Single Sign-On
C.    Direct Console UI
D.    Syslog Server
E.    vSphere Web Access

Answer: ACD

QUESTION 14
An administrator would like to use the VMware Certificate Authority (VMCA) as an Intermediate Certificate Authority (CA). The first two steps performed are:

– Replace the Root Certificate
– Replace Machine Certificates (Intermediate CA)

Which two steps would need to be performed next? (Choose two.)

A.    Replace Solution User Certificates (Intermediate CA)
B.    Replace the VMware Directory Service Certificate (Intermediate CA)
C.    Replace the VMware Directory Service Certificate
D.    Replace Solution User Certificates

Answer: AC
Explanation:
You can replace the VMCA root certificate with a third-party CA-signed certificate that includes VMCA in the certificate chain. Going forward, all certificates that VMCA generates include the full chain. You can replace existing certificates with newly generated certificates. This approach combines the security of third-party CA-signed certificate with the convenience of automated certificate management.
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-5FE583A2-3737-4B62-A905-5BB38D479AE0.html

QUESTION 15
Which three options are available for ESXi Certificate Replacement? (Choose three.)

A.    VMware Certificate Authority mode
B.    Custom Certificate Authority mode
C.    Thumbprint mode
D.    Hybrid Deployment
E.    VMware Certificate Endpoint Authority Mode

Answer: ABC
Explanation:
You can perform different types of certificate replacement depending on company policy and requirements for the system that you are configuring. You can perform each replacement with the vSphere Certificate Manager utility or manually by using the CLIs included with your installation.
VMCA is included in each Platform Services Controller and in each embedded deployment. VMCA provisions each node, each vCenter Server solution user, and each ESXi host with a certificate that is signed by VMCA as the certificate authority. vCenter Server solution users are groups of vCenter Server services. See vSphere Security for a list of solution users.
You can replace the default certificates. For vCenter Server components, you can use a set of command-line tools included in your installation. You have several options.
Reference: http://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-4469A6D3-048A-471C-9CB4-518A15EA2AC0.html

QUESTION 16
Lockdown Mode has been enabled on an ESXi 6.x host and users are restricted from logging into the Direct Console User Interface (DCUI).
Which two statements are true given this configuration? (Choose two.)

A.    A user granted administrative privileges in the Exception User list can login.
B.    A user defined in the DCUI.Access without administrative privileges can login.
C.    A user defined in the ESXi Admins domain group can login.
D.    A user set to the vCenter Administrator role can login.

Answer: AB
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html

QUESTION 17
Strict Lockdown Mode has been enabled on an ESXi host.
Which action should an administrator perform to allow ESXi Shell or SSH access for users with administrator privileges?

A.    Grant the users the administrator role and enable the service.
B.    Add the users to Exception Users and enable the service.
C.    No action can be taken, Strict Lockdown Mode prevents direct access.
D.    Add the users to vsphere.local and enable the service.

Answer: B
Reference: https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-F8F105F7-CF93-46DF-9319-F8991839D265.html

QUESTION 18
A common root user account has been configured for a group of ESXi 6.x hosts.
Which two steps should be taken to mitigate security risks associated with this configuration? (Choose two.)

A.    Remove the root user account from the ESXi host.
B.    Set a complex password for the root account and limit its use.
C.    Use ESXi Active Directory capabilities to assign users the administrator role.
D.    Use Lockdown mode to restrict root account access.

Answer: BC
Explanation:
To address the security risks, you need to set a complex password for the root account and make sure only authorized personnel use it. The second step is to use ESXi active directory to assign the administrator role to users.

QUESTION 19
An administrator wants to configure an ESXi 6.x host to use Active Directory (AD) to manage users and groups. The AD domain group ESX Admins is planned for administrative access to the host.
Which two conditions should be considered when planning this configuration? (Choose two.)

A.    If administrative access for ESX Admins is not required, this setting can be altered.
B.    The users in ESX Admins are not restricted by Lockdown Mode.
C.    An ESXi host provisioned with Auto Deploy cannot store AD credentials.
D.    The users in ESX Admins are granted administrative privileges in vCenter Server.

Answer: AC
Explanation:
The setting can be altered if administrative access for ESX admins is not required. The second rule is that the ESX admins users should not be restricted by Lockdown mode.

QUESTION 20
Which two advanced features should be disabled for virtual machines that are only hosted on a vSphere system? (Choose two.)

A.    isolation.tools.unity.push.update.disable
B.    isolation.tools.ghi.launchmenu.change
C.    isolation.tools.bbs.disable
D.    isolation.tools.hgfsServerSet.enable

Answer: AB
Explanation:
Because VMware virtual machines run in many VMware products in addition to vSphere, some virtual machine parameters do not apply in a vSphere environment. Although these features do not appear in vSphere user interfaces, disabling them reduces the number of vectors through which a guest operating system could access a host. Use the following .vmx setting to disable these features:
isolation.tools.unity.push.update.disable = “TRUE” isolation.tools.ghi.l”unch”enu.change = “TRUE” isolation.tools.ghi.a”tolo”on.disable = “TRUE” isolation.tools.hgfsS”rver”et.disable = “TRUE” isolation.tools.memSc”edFa”eSampleStats.disable = “TRUE” isolation.tools.getCr”ds.d”sable = “TRUE”
Reference: https://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vmtools.install.doc%2FGUID-685722FA-9009-439C-9142-18A9E7C592EA.html

2V0-621D dumps full version (PDF&VCE): https://www.lead2pass.com/2v0-621d.html

Large amount of free 2V0-621D exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDa2xCVTdHZXoxYjA

[March 2018] Latest 2V0-602 Dumps PDF Free Download In Lead2pass 313q

Latest 2V0-602 Dumps PDF Free Download In Lead2pass 100% 2V0-602 Exam Pass Guaranteed:

https://www.lead2pass.com/2v0-602.html

QUESTION 11
A Long-Distance vMotion migration cannot complete.
Which three situations could cause this? (Choose three.)

A.    The license currently in use for the two hosts in vSphere Enterprise Edition.
B.    The round-trip time between the hosts is greater than 150 milliseconds.
C.    The virtual machine is configured to use Virtual NVMe disks.
D.    The vMotion traffic to the destination host is on the default TCP/IP stack.
E.    The license currently in use for the two hosts is vSphere Enterprise Plus Edition.

Answer: BDE
Explanation:
https://kb.vmware.com/s/article/2106949

QUESTION 12
Which Distributed Switch Load Balancing option requires configuration of the physical Ethernet switch to operate properly?

A.    Route based on originating virtual port
B.    Use explicit failover
C.    Route based on IP hash
D.    Route based on physical NIC load
E.    Route based on source MAC hash

Answer: C
Explanation:
http://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/landing-pages/virtual-support-day-best-practices-virtual-networking-june-2012.pdf

QUESTION 13
Which two choices are valid ways to patch an ESXi host? (Choose two.)

A.    utilizing the esxcli Command Line Interface
B.    vSphere Update Manager
C.    vRealize Operations Manager
D.    configuring a Host Profile

Answer: AB

QUESTION 14
Which three virtual hardware configurations will allow snapshots? (Choose three.)

A.    Physical Mode RDMs
B.    bus sharing
C.    Full memory reservation
D.    Virtual Mode RDMs
E.    16+ vCPU

Answer: BDE

QUESTION 15
What tool is utilized for detailed performance monitoring of the vCenter Server Appliance?

A.    vim-cmd
B.    esxtop
C.    Perfmon
D.    vimtop

Answer: B
Explanation:
https://pubs.vmware.com/vsphere-60/topic/com.vmware.Icbase/PDF/vsphere-esxi-vcenter-server-60-monitoring-performance-guide.pdf

QUESTION 16
Which is the VDP appliance available storage configuration maximum?

A.    2 TB
B.    62 TB
C.    8 TB
D.    4 TB

Answer: A
Explanation:
https://blogs.vmware.com/vsphere/2012/08/setting-the-record-straight-on-vmware-vsphere-data-protection.html

QUESTION 17
A vSphere Administrator has been tasked with ensuring that 500 virtual desktops are unable to communicate with one another, but can communicate with required services.
Which two solutions does VMware recommend? (Choose two.)

A.    VMware NSX Distributed Firewall
B.    Private VLAN
C.    vSphere Host Firewall
D.    Port Filtering

Answer: BC

QUESTION 18
What is the maximum supported number of Virtual SCSI adapters per VM in vSphere 6.5?

A.    8
B.    4
C.    2
D.    6

Answer: B
Explanation:
https://www.vmware.com/pdf/vsphere6/r65/vsphere-65-configuration-maximums.pdf (page 9)

QUESTION 19
A VMware vSphere 6.x Administrator is tasked with expanding a current vRealize Log Insight Deployment.
What two steps will accomplish this task? (Choose two.)

A.    Run the startup wizard and select Join Existing Deployment.
B.    Login to the vRealize Log Insight Management UI and select Add New Node.
C.    Deploy another vRealize Log Insight server from the OVF.
D.    Deploy and install vRealize Log Insight on a new Linux virtual machine.

Answer: AB

QUESTION 20
Which two resource types can be limited on the vApp level? (Choose two.)

A.    CPU
B.    Storage
C.    Memory
D.    Network

Answer: BD

2V0-602 dumps full version (PDF&VCE): https://www.lead2pass.com/2v0-602.html

Large amount of free 2V0-602 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDOC1HV3FZMTYxWFU

[March 2018] Lead2pass Free Citrix 1Y0-311 Braindumps VCE Updated 85q

Lead2pass Latest 1Y0-311 Free Dumps Guarantee 1Y0-311 Certification Exam 100% Success:

https://www.lead2pass.com/1y0-311.html

QUESTION 31
Scenario: A Citrix user is connecting to a Virtual Delivery Agent (VDA) in an environment where Flash redirection is enabled for the entire Site with the default settings. However, the HDX protocol is NOT able to determine network security.
What will occur when the user attempts to access Flash content within the user session for the first time?

A.    A dialog box appear and lets the user choose how Flash is handled for that session.
B.    No dialog box appears and Flash content is automatically played on the server.
C.    A dialog box appears and lets the user choose how Flash is handled for future sessions.
D.    No dialog box appears and Flash content is automatically played on the client device.

Continue reading

[March 2018] Free Sharing Of Citrix 1Y0-230 Brain Dumps From Lead2pass 75q

Free Sharing Of Updated 1Y0-230 VCE And PDF Dumps From Lead2pass:

https://www.lead2pass.com/1y0-230.html

QUESTION 11
What does a Citrix Administrator need to do on NetScaler Gateway to ensure that users accept the terms and conditions before they can log on using NetScaler Gateway?

A.    Configure a Responder policy.
B.    Upload an HTML file to the NetScaler appliance.
C.    Create an end user license agreement (EULA).
D.    Configure a Rewrite policy.

Continue reading

[March 2018] Free Lead2pass 1Y0-203 PDF Guarantee 100% Get 1Y0-203 Certification 85q

Free Lead2pass Citrix 1Y0-203 PDF Dumps With New Update Exam Questions:

https://www.lead2pass.com/1y0-203.html

QUESTION 11
A Citrix Administrator needs to update a master image for random/non-persistent desktops based on Machine Creation Services.

Which consequence does the administrator need to be aware of when updating the master image?

A.    A full new vDisk will be created.
B.    A new Personal vDisk will be created.
C.    A new full copy from the snapshot will be created.
D.    The differencing disks will be merged. Continue reading

[March 2018] Free Lead2pass Citrix 1Y0-202 Exam Questions Download 314q

Free Share 1Y0-202 PDF Dumps With Lead2pass Updated Exam Questions:

https://www.lead2pass.com/1y0-202.html

QUESTION 41
Scenario: A Citrix Administrator needs to set up an alert on a service that is important for Desktop OS machine performance. The infrastructure includes 3000 Desktop OS machines and two Provisioning Services servers.

Which service on the Provisioning Services server should the administrator monitor?

A.    TFTP
B.    BootP
C.    Stream
D.    Two-Stage Boot

Answer: C

QUESTION 42
Which tool could a Citrix Administrator use to generate a graphical performance report of memory for the last two quarters?

A.    XenCenter
B.    Citrix Studio
C.    Citrix Director
D.    XenServer tools
E.    Provisioning Services Console

Answer: A

QUESTION 43
Scenario: A line of business application has been deployed as a hosted server application in XenDesktop. The deadline for a critical project is quickly approaching. Users report that the application is slower than usual. The Server OS machines are non-persistent.

Where should a Citrix Administrator gather information to resolve the performance issue?

A.    Citrix Studio
B.    Citrix Director
C.    Provisioning Services vDisk statistics
D.    Performance Monitor on the Delivery Controller

Answer: B

QUESTION 44
Scenario: A Citrix Administrator performed maintenance activities in a XenDesktop environment. The next day, a second Citrix Administrator discovers that server-hosted applications are missing from Citrix Receiver.

Where could the second administrator go to determine the cause of this issue?

A.    Citrix Director
B.    StoreFront store
C.    Configuration Logging
D.    Delivery Controller Windows Event logs

Answer: C

QUESTION 45
Scenario: A Citrix Administrator manages a XenDesktop site for a Call Center consisting of 2000 Desktop OS machines. Many users are unable to log on to the Desktop OS machines.
The administrator suspects there is an issue with the Desktop OS machines that is impacting the user’s ability to log on.

Where should the administrator look to gather information about this issue?

A.    HDX Insight in Citrix Director
B.    Logging node of Citrix Studio
C.    Citrix Director on the Failed Desktop OS machines node
D.    The Provisioning Services Console on the Device Collection node

Answer: C

QUESTION 46
Scenario: Users in an environment access hosted applications from thin clients connected to overhead projectors. Some of these users have complained about delays and interruptions in the video playing when viewing videos that require Adobe Flash player.

Where could a Citrix Administrator gather information to resolve this issue?

A.    Logging node in Citrix Studio
B.    Session Detail in Citrix Director
C.    Activity Manager in Citrix Director
D.    Event logs on the Delivery Controller

Answer: B

QUESTION 47
Where in Citrix Director could a Citrix Administrator validate that Flash Redirection is enabled?

A.    User Details
B.    Activity Monitor
C.    The Network tab
D.    The Sessions tab

Answer: A

QUESTION 48
Where in Citrix Director could a Citrix Administrator monitor slow performing applications?

A.    Dashboard
B.    Sessions tab
C.    User session details
D.    Logon performance tab

Answer: C

1Y0-202 dumps full version (PDF&VCE): https://www.lead2pass.com/1y0-202.html

Large amount of free 1Y0-202 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDU2xnUlQ4NTdWbTQ

Maybe you also need:

1Y0-311 exam dumps: https://drive.google.com/open?id=0B3Syig5i8gpDakxVRXg3aUpmTE0

[March 2018] Lead2pass Offers Free SY0-501 Dumps Files for Free Downloading By SY0-501 Exam Expert 182q

Lead2pass Offering Free SY0-501 Dumps Files For Free Downloading By SY0-501 Exam Candidates:

https://www.lead2pass.com/sy0-501.html

QUESTION 31
Which of the following characteristics differentiate a rainbow table attack from a brute force attack? (Select TWO).

A.    Rainbow table attacks greatly reduce compute cycles at attack time.
B.    Rainbow tables must include precompiled hashes.
C.    Rainbow table attacks do not require access to hashed passwords.
D.    Rainbow table attacks must be performed on the network.
E.    Rainbow table attacks bypass maximum failed login restrictions.

Continue reading

[March 2018] Lead2pass Latest CompTIA SY0-401 Exam Questions Free Downloading 1868q

Lead2pass SY0-401 Dumps PDF Free Download:

https://www.lead2pass.com/sy0-401.html

QUESTION 11
An administrator would like to review the effectiveness of existing security in the enterprise. Which of the following would be the BEST place to start?

A.    Review past security incidents and their resolution
B.    Rewrite the existing security policy
C.    Implement an intrusion prevention system
D.    Install honey pot systems

Answer: C
Explanation:
The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it

QUESTION 12
A company has proprietary mission critical devices connected to their network which are configured remotely by both employees and approved customers. The administrator wants to monitor device security without changing their baseline configuration.
Which of the following should be implemented to secure the devices without risking availability?

A.    Host-based firewall
B.    IDS
C.    IPS
D.    Honeypot

Answer: B
Explanation:
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDS come in a variety of “flavors” and approach the goal of detecting suspicious traffic in different ways. There are network based (NIDS) and host based (HIDS) intrusion detection systems. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats and deterring individuals from violating security policies. IDPSes have become a necessary addition to the security infrastructure of nearly every organization.
IDPSes typically record information related to observed events, notify security administrators of important observed events and produce reports. Many IDPSes can also respond to a detected threat by attempting to prevent it from succeeding. They use several response techniques, which involve the IDPS stopping the attack itself, changing the security environment (e.g. reconfiguring a firewall) or changing the attack’s content.

QUESTION 13
Lab Sim – Configure the Firewall
Task: Configure the firewall (fill out the table) to allow these four rules:

– Only allow the Accounting computer to have HTTPS access to the Administrative server.
– Only allow the HR computer to be able to communicate with the Server 2 System over SCP.
– Allow the IT computer to have access to both the Administrative Server 1 and Administrative Server 2

131
132

Answer:
Use the following answer for this simulation task.
Below table has all the answers required for this question.

133

Explanation:
Firewall rules act like ACLs, and they are used to dictate what traffic can pass between the firewall and the internal network. Three possible actions can be taken based on the rule’s criteria:

Block the connection
Allow the connection
Allow the connection only if it is secured

TCP is responsible for providing a reliable, one-to-one, connection-oriented session.
TCP establishes a connection and ensures that the other end receives any packets sent.
Two hosts communicate packet results with each other. TCP also ensures that packets are decoded and sequenced properly. This connection is persistent during the session.
When the session ends, the connection is torn down.
UDP provides an unreliable connectionless communication method between hosts.
UDP is considered a best-effort protocol, but it’s considerably faster than TCP.
The sessions don’t establish a synchronized session like the kind used in TCP, and UDP doesn’t guarantee error-free communications.
The primary purpose of UDP is to send small packets of information.
The application is responsible for acknowledging the correct reception of the data.
Port 22 is used by both SSH and SCP with UDP.
Port 443 is used for secure web connections ?HTTPS and is a TCP port.
Thus to make sure only the Accounting computer has HTTPS access to the Administrative server you should use TCP port 443 and set the rule to allow communication between 10.4.255.10/24 (Accounting) and 10.4.255.101 (Administrative server1) Thus to make sure that only the HR computer has access to Server2 over SCP you need use of TCP port 22 and set the rule to allow communication between 10.4.255.10/23 (HR) and 10.4.255.2 (server2)
Thus to make sure that the IT computer can access both the Administrative servers you need to use a port and accompanying port number and set the rule to allow communication between:
10.4.255.10.25 (IT computer) and 10.4.255.101 (Administrative server1)
10.4.255.10.25 (IT computer) and 10.4.255.102 (Administrative server2)

QUESTION 14
Hotspot Question
The security administrator has installed a new firewall which implements an implicit DENY policy by default Click on the firewall and configure it to allow ONLY the following communication.

1. The Accounting workstation can ONLY access the web server on the public network over the default HTTPS port. The accounting workstation should not access other networks.
2. The HR workstation should be restricted to communicate with the Financial server ONLY, over the default SCP port
3. The Admin workstation should ONLY be able to access the servers on the secure network over the default TFTP port.

Instructions: The firewall will process the rules in a top-down manner in order as a first match The port number must be typed in and only one port number can be entered per rule Type ANY for all ports. The original firewall configuration can be reset at any time by pressing the reset button. Once you have met the simulation requirements, click save and then Done to submit.

141

142

Answer:

143

Explanation:
Implicit deny is the default security stance that says if you aren’t specifically granted access or privileges for a resource, you’re denied access by default.
Rule #1 allows the Accounting workstation to ONLY access the web server on the public network over the default HTTPS port, which is TCP port 443.
Rule #2 allows the HR workstation to ONLY communicate with the Financial server over the default SCP port, which is TCP Port 22
Rule #3 & Rule #4 allow the Admin workstation to ONLY access the Financial and Purchasing servers located on the secure network over the default TFTP port, which is Port 69.

QUESTION 15
Which of the following firewall rules only denies DNS zone transfers?

A.    deny udp any any port 53
B.    deny ip any any
C.    deny tcp any any port 53
D.    deny all dns packets

Answer: C
Explanation:
DNS operates over TCP and UDP port 53. TCP port 53 is used for zone transfers.

QUESTION 16
A security administrator suspects that an increase in the amount of TFTP traffic on the network is due to unauthorized file transfers, and wants to configure a firewall to block all TFTP traffic.
Which of the following would accomplish this task?

A.    Deny TCP port 68
B.    Deny TCP port 69
C.    Deny UDP port 68
D.    Deny UDP port 69

Answer: D
Explanation:
Trivial File Transfer Protocol (TFTP) is a simple file-exchange protocol that doesn’t require authentication. It operates on UDP port 69.

QUESTION 17
Sara, a security technician, has received notice that a vendor coming in for a presentation will require access to a server outside of the network. Currently, users are only able to access remote sites through a VPN connection. How could Sara BEST accommodate the vendor?

A.    Allow incoming IPSec traffic into the vendor’s IP address.
B.    Set up a VPN account for the vendor, allowing access to the remote site.
C.    Turn off the firewall while the vendor is in the office, allowing access to the remote site.
D.    Write a firewall rule to allow the vendor to have access to the remote site.

Answer: D
Explanation:
Firewall rules are used to define what traffic is able pass between the firewall and the internal network. Firewall rules block the connection, allow the connection, or allow the connection only if it is secured. Firewall rules can be applied to inbound traffic or outbound traffic and any type of network.

QUESTION 18
A technician is deploying virtual machines for multiple customers on a single physical host to reduce power consumption in a data center. Which of the following should be recommended to isolate the VMs from one another?

A.    Implement a virtual firewall
B.    Install HIPS on each VM
C.    Virtual switches with VLANs
D.    Develop a patch management guide

Answer: C
Explanation:
A virtual local area network (VLAN) is a hardware-imposed network segmentation created by switches. VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments.

QUESTION 19
A router has a single Ethernet connection to a switch. In the router configuration, the Ethernet interface has three sub-interfaces, each configured with ACLs applied to them and 802.1q trunks.
Which of the following is MOST likely the reason for the sub-interfaces?

A.    The network uses the subnet of 255.255.255.128.
B.    The switch has several VLANs configured on it.
C.    The sub-interfaces are configured for VoIP traffic.
D.    The sub-interfaces each implement quality of service.

Answer: B
Explanation:
A subinterface is a division of one physical interface into multiple logical interfaces. Routers commonly employ subinterfaces for a variety of purposes, most common of these are for routing traffic between VLANs. Also, IEEE 802.1Q is the networking standard that supports virtual LANs (VLANs) on an Ethernet network.

QUESTION 20
Joe, a technician at the local power plant, notices that several turbines had ramp up in cycles during the week. Further investigation by the system engineering team determined that a timed .exe file had been uploaded to the system control console during a visit by international contractors. Which of the following actions should Joe recommend?

A.    Create a VLAN for the SCADA
B.    Enable PKI for the MainFrame
C.    Implement patch management
D.    Implement stronger WPA2 Wireless

Answer: A
Explanation:
VLANs are used for traffic management. VLANs can be used to isolate traffic between network segments. This can be accomplished by not defining a route between different VLANs or by specifying a deny filter between certain VLANs (or certain members of a VLAN). Any network segment that doesn’t need to communicate with another in order to accomplish a work task/function shouldn’t be able to do so.

SY0-401 dumps full version (PDF&VCE): https://www.lead2pass.com/sy0-401.html

Large amount of free SY0-401 exam questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDLXZsWm9MWmh0a0E

You may also need:

SY0-501 exam dumps: https://drive.google.com/open?id=1Hm6GQHDVOsEnyhNf3EHqIGEtor5IUsfu

[March 2018] Lead2pass PMP Exam Questions Guarantee PMP Certification Exam 100% Success 1720q

Lead2pass Free PMP Exam Questions Download 100% Pass PMP Exam:

https://www.lead2pass.com/pmp-exam.html

QUESTION 11
You are managing a project in an organization is characterized by with rigid rules and policies and strict supervisory controls. Your project, sponsored by your CEO who is new to the company, is to make the organization less bureaucratic and more participative. You are developing your project management plan. Given the organization as it now is set up, as you prepare your plan, you can use which of the following organizational process assets______________.

A.    Guidelines and criteria
B.    Project management body of knowledge for your industry
C.    Organizational structure and culture
D.    The existing infrastructure

Answer: B
Explanation:
While you are managing a different type of project, the organization has managed projects before and therefore may have as part of its organizational process assets a project management template, which sets forth guidelines and criteria to tailor the organization’s processes to satisfy specific needs of the project.

QUESTION 12
You are fairly new to managing a project but have been a team member for many years. You are pleased you were selected to manage your company’s 2015 model line of hybrid vehicles. You are now planning your project and have been preparing the subsidiary plans as well. You realize some project documents also are required to help manage your project. An example of one that you believe will be especial helpful is the______________.

A.    Business case
B.    Key performance indicators
C.    Project management information system
D.    Project statement of work

Answer: D
Explanation:
The project statement of work is a useful document as it describes the products, services, or results the project is to deliver. It references the business need, product scope description, and the strategic plan.

QUESTION 13
You work for a telecommunications company, and when developing a project management plan for a new project, you found that you must tailor some company processes because the product is so different than those products typically produced by your company. To tailor these processes, you will follow______________.

A.    Standardized guidelines and work instructions
B.    Stakeholder risk tolerances
C.    Expert judgment
D.    Structure of your company

Answer: A
Explanation:
Standardized guidelines and work instructions are an organizational process asset to consider as the project management plan is developed. They include guidelines and criteria to tailor the organization’s set of standard processes to satisfy the specific needs of the project.

QUESTION 14
You are implementing a project management methodology for your company that requires you to establish a change control board. Which one of the following statements best describes a change control board?

A.    Recommended for use on all (large and small) projects
B.    Used to review, evaluate, approve, delay, or reject changes to the project
C.    Managed by the project manager, who also serves as its secretary
D.    Composed of key project team members

Answer: B
Explanation:
Used to review, evaluate, approve, delay, or reject changes to the project The change control board’s powers and responsibilities should be well defined and agreed upon by key stakeholders. On some projects, multiple change control boards may exist with different
areas of responsibility.

QUESTION 15
An automated tool, project records, performance indicators, data bases, and financials are examples of items in______________.

A.    Organizational process assets
B.    Project management information systems
C.    Project management planning approaches
D.    The tools and techniques for project plan development

Answer: B
Explanation:
The items listed are part of these systems, a tool and technique in both processes.
PMI®, PMBOK® Guide, 2013, 84, 92

QUESTION 16
You realize that projects represent change, and on your projects, you always seem to have a number of change requests to consider. In your current project to manage the safety of the nation’s cheese products and the testing methods used, you decided to prepare a formal change management plan. An often overlooked type of change request is______________.

A.    Adding new subject matter experts to your team
B.    Updates
C.    Work performance information
D.    Enhancing the reviews performed by your project’s governance board

Answer: B
Explanation:
Change requests may include corrective actions, preventive actions, defect repairs, or updates. Updates are changes to formally controlled project documents or plans to reflect modified or additional content.

QUESTION 17
You have been directed to establish a change control system for your company, but must convince your colleagues to use it. To be effective, the change control system must include______________.

A.    Procedures that define how project documents may be changed
B.    Specific change requests expected on the project and plans to respond to each one
C.    Performance reports that forecast project changes
D.    A description of the functional and physical characteristics of an item or system

Answer: A
Explanation:
A change control system is a collection of formal, documented procedures that define the process used to control change and approve or reject changes to project documents, deliverables, or baselines. It includes the paperwork, tracking systems, and approval levels necessary to authorize changes.

QUESTION 18
You are working on the next generation of software for mobile phones for your telecommunications company. While time to market is critical, you know from your work on other projects that management reviews can be helpful and plan to use them on your project. You are documenting them as part of your______________.

A.    Governance plan
B.    Change management plan
C.    Performance reviews
D.    Project management plan

Answer: D
Explanation:
The project management plan describes how the project will be executed and monitored and controlled. While it contains a number of subsidiary plans, it also contains other items including information on key management reviews for contents, their extent, and timing to address open
issues and pending decisions.

QUESTION 19
Your cost control specialist has developed a budget plan for your project to add a second surgical center to the Children’s Hospital. As you analyze cash flow requirements, you notice that cash flow activity is greatest in the closing phase. You find this unusual because on most projects the largest portion of the budget spent during______________.

A.    Initiating
B.    Monitoring and Controlling
C.    Controlling
D.    Executing

Answer: D
Explanation:
Executing is where the majority of the budget is spent because this is the process where all of the resources (people, material, etc.) are applied to the activities and tasks in the project management plan.
PMI®, PMBOK® Guide, 2013, 56

QUESTION 20
You are project manager for a systems integration effort and need to procure the hardware components from external sources. Your subcontracts administrator has told you to prepare a product description, which is referenced in a______________.

A.    Project statement of work
B.    Contract scope statement
C.    Request for proposal
D.    Contract

Answer: A
Explanation:
Project statement of work
The project statement of work describes in a narrative form the products, services, or results that
the project will deliver. It references the product scope description as well as the business needs and the strategic plan.

PMP dumps full version (PDF&VCE): https://www.lead2pass.com/pmp-exam.html

Large amount of free PMP exam questions on Google Drive: https://drive.google.com/open?id=1tWlQiea0M4b98i8adjUSdp1vjK6tanR_