Friday, 7 October 2016

300-375 WISECURE Securing Wireless Enterprise Networks

Exam Number 300-375
Associated Certifications CCNP Wireless
Duration 90 Minutes (60 - 70 questions)
Available Languages English

This exam tests a candidate's knowledge of implementing client device security, identity based authentication and services, along with securing and monitoring the Enterprise wireless infrastructure.

The 300-375 Securing Wireless Enterprise Networks (WISECURE) exam is a 90-minute, 60-70 question assessment that is associated with the CCNP Wireless certification. This exam tests a candidate's knowledge of implementing client device security, identity based authentication and services, along with securing and monitoring the Enterprise wireless infrastructure. Candidates can prepare for this exam by taking the Securing Wireless Enterprise Networks (WISECURE) course.

The following topics are general guidelines for the content that is likely to be included on the exam. However, other related topics may also appear on any specific instance of the exam. To better reflect the contents of the exam and for clarity purposes, these guidelines may change at any time without notice.

1.0 Integrate Client Device Security 19%

1.1. Describe Extensible Authentication Protocol (EAP) authentication process

1.2. Configure client for secure EAP authentication

1.2.a. Native OS (iOS, Android, Windows, MAC OS, year 2013+) or AnyConnect client

1.3. Describe the impact of security configurations on application and client roaming

1.3.a. Key caching
1.3.b. 802.11r

1.4. Implement 802.11w Protected Management Frame (PMF) on the WLAN

1.4.a. Client support
1.4.b. PMF modes
1.4.c. Relevant timer settings

1.5. Implement Cisco Management Frame Protection (MFP)

1.5.a. Cisco Compatible Extensions (CCX)
1.5.b. Infrastructure mode
1.5.c. Client and infrastructure mode

1.6. Describe and configure client profiling

1.6.a. ISE
1.6.b. WLC

2.0 Implement Secure Distribution System Connectivity Services on the Wireless Infrastructure 24%

2.1. Describe the impact of BYOD on wireless security

2.1.a Additional security risks
2.1.b Loss of device control
2.1.c Increased complexity of policy enforcement

2.2. Implement BYOD policies

2.2.a. Single vs dual SSID
2.2.b.Self registration
2.2.c. mDNS sharing
2.2.d.Wi-Fi Direct

2.3. Implement AAA based Layer 3 security on the controller

2.3.a. Local Web Auth (LWA)
2.3.a.[i] External authentication)
2.3.a.[ii] Locally significant certificates
2.3.a.[iii] Pre-authentication ACL
2.3.a.[iv] Pass through configuration

2.4. Describe regulatory compliance considerations for protecting data and access and providing accountability

2.4.a. PCI

2.5. Utilize security audit tools for Distribution Systems

2.5.a. PI reports
2.5.b. PCI audit

3.0 Implement Secure Client Connectivity Services on the Wireless Infrastructure 27%

3.1. Implement 802.1x wireless client authentication

3.1.a. AireOS
3.1.a.[i] Local
3.1.a.[ii] Central
3.1.b. IOS-XE
3.1.c. Autonomous
3.1.c.[i] Local authentication
3.1.c.[ii] Remote authentication
3.1.d. FlexConnect
3.1.d.[i] Local authentication
3.1.d.[ii] Remote authentication

3.2. Implement Identity Based Networking (IBN)

3.2.a. AireOS
3.2.a.[i] VLANs
3.2.a.[ii] QoS
3.2.a.[iii] ACLs
3.2.b. IOS-XE
3.2.b.[i] VLANs
3.2.b.[ii] QoS
3.2.b.[iii] ACLs
3.2.c. Autonomous
3.2.c.[i] VLAN
3.2.d. FlexConnect
3.2.d.[i] VLAN
3.2.d.[ii] ACLs
3.2.d.[iii] QoS

3.3. Implement ISE AAA parameters for integration with the wireless network

3.3.a. Network device
3.3.b. IBN profile

3.4. Implement AAA based Layer 3 security using ISE

3.4.a. Utilizing ISE as AAA service
3.4.a.[i] Locally significant certificates on ISE
3.4.a.[ii] Using captive portal capabilities for guest access
3.4.b. Central Web Auth (CWA
3.4.b.[i] Returned values and overrides
3.4.b.[ii] Access accept
3.4.b.[iii] AAA override statement

3.5. Configure MSE based web authentication

3.6. Utilize security audit tools for client connectivity

3.6.a. PI reports
3.6.b. PCI audit

4.0 Implement Secure Management Access on the WLAN Infrastructure 14%

4.1. Controlling administrative access to the wireless infrastructure

4.1.a. RADIUS
4.1.b. TACACS
4.1.c. Controller and ISE integration
4.1.d. Access point administration credentials

4.2. Configure APs and switches for 802.1x access to the wired infrastructure

4.2.a. Controller based
4.2.b. Autonomous

4.3. Implement SNMPv3 on the wireless infrastructure

4.3.a. AireOS
4.3.b. IOS-XE
4.3.c. Autonomous

5.0 Monitoring Security on the WLAN Infrastructure 16%

5.1. Execute Security reports on PI

5.2. Perform Rogue Management

5.2.a. Rogue Containment on WLC and PI
5.2.b. RLDP on WLC and PI
5.2.c. SwitchPort tracing on PI
5.2.d. Location on PI
5.2.e. Rogue Rules on WLC and PI

5.3. Monitor rogue APs and clients

5.3.a. PI Maps
5.3.b. Controller

5.4. Monitor Alarms

5.4.a. 2 items
5.4.b. PI Security Tab
5.4.c. Controller Trap Logs

5.5. Identify RF related Security interferers on WLC and PI Maps

5.5.a. Jammers
5.5.b. Inverted Wi-Fi
5.5.c. Wi-Fi invalid channel

5.6. Implement wIPS

5.6.a. Enhanced Local Mode (ELM)
QUESTION 1
An engineer configures the wireless LAN controller to perform 802.1x user authentication. Which option must be enabled to ensure that client devices can connect to the wireless, even when WLC cannot communicate with the RADIUS?

A. local EAP
B. authentication caching
C. pre-authentication
D. Cisco Centralized Key Management

Answer: A

QUESTION 2
When you configure BYOD access to the network, you face increased security risks and challenges. Which challenge is resolved by deploying digital client certificates?

A. managing the increase connected devices
B. ensuring wireless LAN performance and reliability
C. providing device choice and support
D. enforcing company usage policies

Answer: D

QUESTION 3
Which two events are possible outcomes of a successful RF jamming attack? (Choose two.)

A. unauthentication association
B. deauthentication multicast
C. deauthentication broadcast
D. disruption of WLAN services
E. physical damage to AP hardware

Answer: D,E

Posted by at No comments:
Labels: , , , , , , , ,

Tuesday, 4 October 2016

400-251 CCIE Security

Exam Number 400-251 CCIE Security
Associated Certifications CCIE Security
Duration 120 minutes (90 - 110 questions)
Available Languages English

The written exam validates experts who have the knowledge and skills to architect, engineer, implement, troubleshoot, and support the full suite of Cisco security technologies and solutions using the latest industry best practices to secure systems and environments against modern security risks, threats, vulnerabilities, and requirements.

Topics include network functionality and security-related concepts and best practices, as well as Cisco network security products, solutions, and technologies in areas such as next generation intrusion prevention, next generation firewalls, identity services, policy management, device hardening, and malware protection.

The written exam utilizes the unified exam topics which includes emerging technologies, such as Cloud, Network Programmability (SDN), and Internet of Things (IoT).

Unified Written and Lab Exam Topics v5.0 (Recommended for candidates scheduled to take the test ON January 31, 2017 and beyond)

Exam Description
The CCIE Security Version 5.0 exam unifies written and lab exam topics documents into a unique curriculum, while explicitly disclosing which domains pertain to which exam, and the relative weight of each domain.

The Cisco CCIE Security Written Exam (400-251) version 5.0 is a two-hour test with 90–110 questions that validate professionals who have the expertise to describe, design, implement, operate, and troubleshoot complex security technologies and solutions. Candidates must understand the requirements of network security, how different components interoperate, and translate it into the device configurations. The exam is closed book and no outside reference materials are allowed.

The Cisco CCIE Security Lab Exam version 5.0 is an eight-hour, hands-on exam that requires a candidate to plan, design, implement, operate, and troubleshoot complex security scenarios for a given specification. Knowledge of troubleshooting is an important skill and candidates are expected to diagnose and solve issues as part of the CCIE lab exam.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Perimeter Security and Intrusion Prevention 21%

1.1 Describe, implement, and troubleshoot HA features on Cisco ASA and Cisco FirePOWER Threat Defense (FTD)

1.2 Describe, implement, and troubleshoot clustering on Cisco ASA and Cisco FTD

1.3 Describe, implement, troubleshoot, and secure routing protocols on Cisco ASA and Cisco FTD

1.4 Describe, implement, and troubleshoot different deployment modes such as routed, transparent, single, and multicontext on Cisco ASA and Cisco FTD

1.5 Describe, implement, and troubleshoot firewall features such as NAT (v4,v6), PAT, application inspection, traffic zones, policy-based routing, traffic redirection to service modules, and identity firewall on Cisco ASA and Cisco FTD

1.6 Describe, implement, and troubleshoot IOS security features such as Zone-Based Firewall (ZBF), application layer inspection, NAT (v4,v6), PAT and

TCP intercept on Cisco IOS/IOS-XE

1.7 Describe, implement, optimize, and troubleshoot policies and rules for traffic control on Cisco ASA, Cisco FirePOWER and Cisco FTD

1.8 Describe, implement, and troubleshoot Cisco Firepower Management Center (FMC) features such as alerting, logging, and reporting

1.9 Describe, implement, and troubleshoot correlation and remediation rules on Cisco FMC

1.10 Describe, implement, and troubleshoot Cisco FirePOWER and Cisco FTD deployment such as in-line, passive, and TAP modes

1.11 Describe, implement, and troubleshoot Next Generation Firewall (NGFW) features such as SSL inspection, user identity, geolocation, and AVC (Firepower appliance)

1.12 Describe, detect, and mitigate common types of attacks such as DoS/DDoS, evasion techniques, spoofing, man-in-the-middle, and botnet

2.0 Advanced Threat Protection and Content Security 17%

2.1 Compare and contrast different AMP solutions including public and private cloud deployment models

2.2 Describe, implement, and troubleshoot AMP for networks, AMP for endpoints, and AMP for content security (CWS, ESA, and WSA)

2.3 Detect, analyze, and mitigate malware incidents

2.4 Describe the benefit of threat intelligence provided by AMP Threat GRID

2.5 Perform packet capture and analysis using Wireshark, tcpdump, SPAN, and RSPAN

2.6 Describe, implement, and troubleshoot web filtering, user identification, and Application Visibility and Control (AVC)

2.7 Describe, implement, and troubleshoot mail policies, DLP, email quarantines, and SenderBase on ESA

2.8 Describe, implement, and troubleshoot SMTP authentication such as SPF and DKIM on ESA

2.9 Describe, implement, and troubleshoot SMTP encryption on ESA

2.10 Compare and contrast different LDAP query types on ESA

2.11 Describe, implement, and troubleshoot WCCP redirection

2.12 Compare and contrast different proxy methods such as SOCKS, Auto proxy/WPAD, and transparent

2.13 Describe, implement, and troubleshoot HTTPS decryption and DLP

2.14 Describe, implement, and troubleshoot CWS connectors on Cisco IOS routers, Cisco ASA, Cisco AnyConnect, and WSA

2.15 Describe the security benefits of leveraging the OpenDNS solution.

2.16 Describe, implement, and troubleshoot SMA for centralized content security management

2.17 Describe the security benefits of leveraging Lancope

3.0 Secure Connectivity and Segmentation 17%

3.1 Compare and contrast cryptographic and hash algorithms such as AES, DES, 3DES, ECC, SHA, and MD5

3.2 Compare and contrast security protocols such as ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, and MKA

3.3 Describe, implementc and troubleshoot remote access VPN using technologies such as FLEXVPN, SSL-VPN between Cisco firewalls, routers, and end hosts

3.4 Describe, implement, and troubleshoot the Cisco IOS CA for VPN authentication

3.5 Describe, implement, and troubleshoot clientless SSL VPN technologies with DAP and smart tunnels on Cisco ASA and Cisco FTD

3.6 Describe, implement, and troubleshoot site-to-site VPNs such as GETVPN, DMVPN and IPsec

3.7 Describe, implement, and troubleshoot uplink and downlink MACsec (802.1AE)

3.8 Describe, implement, and troubleshoot VPN high availability using Cisco ASA VPN clustering and dual-hub DMVPN deployments

3.9 Describe the functions and security implications of cryptographic protocols such as AES, DES, 3DES, ECC, SHA, MD5, ISAKMP/IKEv1, IKEv2, SSL, TLS/DTLS, ESP, AH, SAP, MKA, RSA, SCEP/EST, GDOI, X.509, WPA, WPA2, WEP, and TKIP

3.10 Describe the security benefits of network segmentation and isolation

3.11 Describe, implement, and troubleshoot VRF-Lite and VRF-Aware VPN

3.12 Describe, implement, and troubleshoot microsegmentation with TrustSec using SGT and SXP

3.13 Describe, implement, and troubleshoot infrastructure segmentation methods such as VLAN, PVLAN, and GRE

3.14 Describe the functionality of Cisco VSG used to secure virtual environments

3.15 Describe the security benefits of data center segmentation using ACI, EVPN, VXLAN, and NVGRE

4.0 Identity Management, Information Exchange, and Access Control 22%

4.1 Describe, implement, and troubleshoot various personas of ISE in a multinode deployment

4.2 Describe, implement, and troubleshoot network access device (NAD), ISE, and ACS configuration for AAA

4.3 Describe, implement, and troubleshoot AAA for administrative access to Cisco network devices using ISE and ACS

4.4 Describe, implement, verify, and troubleshoot AAA for network access with 802.1X and MAB using ISE.

4.5 Describe, implement, verify, and troubleshoot cut-through proxy/auth-proxy using ISE as the AAA server

4.6 Describe, implement, verify, and troubleshoot guest life cycle management using ISE and Cisco network infrastructure

4.7 Describe, implement, verify, and troubleshoot BYOD on-boarding and network access flows with an internal or external CA

4.8 Describe, implement, verify, and troubleshoot ISE and ACS integration with external identity sources such as LDAP, AD, and external RADIUS

4.9 Describe ISE and ACS integration with external identity sources such as RADIUS Token, RSA SecurID, and SAML

4.10 Describe, implement, verify, and troubleshoot provisioning of AnyConnect with ISE and ASA

4.11 Describe, implement, verify, and troubleshoot posture assessment with ISE

4.12 Describe, implement, verify, and troubleshoot endpoint profiling using ISE and Cisco network infrastructure including device sensor

4.13 Describe, implement, verify, and troubleshoot integration of MDM with ISE

4.14 Describe, implement, verify, and troubleshoot certificate based authentication using ISE

4.15 Describe, implement, verify, and troubleshoot authentication methods such as EAP Chaining and Machine Access Restriction (MAR)

4.16 Describe the functions and security implications of AAA protocols such as RADIUS, TACACS+, LDAP/LDAPS, EAP (EAP-PEAP, EAP-TLS, EAP-TTLS, EAP-FAST, EAP-TEAP, EAP- MD5, EAP-GTC), PAP, CHAP, and MS-CHAPv2

4.17 Describe, implement, and troubleshoot identity mapping on ASA, ISE, WSA and FirePOWER

4.18 Describe, implement, and troubleshoot pxGrid between security devices such as WSA, ISE, and Cisco FMC

5.0 Infrastructure Security, Virtualization, and Automation 13%

5.1 Identify common attacks such as Smurf, VLAN hopping, and SYNful knock, and their mitigation techniques

5.2 Describe, implement, and troubleshoot device hardening techniques and control plane protection methods, such as CoPP and IP Source routing.

5.3 Describe, implement, and troubleshoot management plane protection techniques such as CPU and memory thresholding and securing device access

5.4 Describe, implement, and troubleshoot data plane protection techniques such as iACLs, uRPF, QoS, and RTBH

5.5 Describe, implement, and troubleshoot IPv4/v6 routing protocols security

5.6 Describe, implement, and troubleshoot Layer 2 security techniques such as DAI, IPDT, STP security, port security, DHCP snooping, and VACL

5.7 Describe, implement, and troubleshoot wireless security technologies such as WPA, WPA2, TKIP, and AES

5.8 Describe wireless security concepts such as FLEX Connect, wIPS, ANCHOR, Rogue AP, and Management Frame Protection (MFP)

5.9 Describe, implement, and troubleshoot monitoring protocols such as NETFLOW/IPFIX, SNMP, SYSLOG, RMON, NSEL, and eSTREAMER

5.10 Describe the functions and security implications of application protocols such as SSH, TELNET, TFTP, HTTP/HTTPS, SCP, SFTP/FTP, PGP, DNS/DNSSEC, NTP, and DHCP

5.11 Describe the functions and security implications of network protocols such as VTP, 802.1Q, TCP/UDP, CDP, LACP/PAgP, BGP, EIGRP, OSPF/OSPFv3, RIP/RIPng, IGMP/CGMP, PIM, IPv6, and WCCP

5.12 Describe the benefits of virtualizing security functions in the data center using ASAv, WSAv, ESAv, and NGIPSv

5.13 Describe the security principles of ACI such as object models, endpoint groups, policy enforcement, application network profiles, and contracts

5.14 Describe the northbound and southbound APIs of SDN controllers such as APIC-EM

5.15 Identify and implement security features to comply with organizational security policies, procedures, and standards such as BCP 38, ISO 27001, RFC 2827, and PCI-DSS

5.16 Describe and identify key threats to different places in the network (campus, data center, core, edge) as described in Cisco SAFE

5.17 Validate network security design for adherence to Cisco SAFE recommended practices

5.18 Interpret basic scripts that can retrieve and send data using RESTful API calls in scripting languages such as Python

5.19 Describe Cisco Digital Network Architecture (DNA) principles and components.

6.0 Evolving Technologies 10%

6.1 Cloud
6.1.a Compare and contrast Cloud deployment models
6.1.a [i] Infrastructure, platform, and software services (XaaS)
6.1.a [ii] Performance and reliability
6.1.a [iii] Security and privacy
6.1.a [iv] Scalability and interoperability
6.1.b Describe Cloud implementations and operations
6.1.b [i] Automation and orchestration
6.1.b [ii] Workload mobility
6.1.b [iii] Troubleshooting and management
6.1.b [iv] OpenStack components

6.2 Network Programmability (SDN)
6.2.a Describe functional elements of network programmability (SDN) and how they interact
6.2.a [i] Controllers
6.2.a [ii] APIs
6.2.a [iii] Scripting
6.2.a [iv] Agents
6.2.a [v] Northbound vs. Southbound protocols
6.2.b Describe aspects of virtualization and automation in network environments
6.2.b [i] DevOps methodologies, tools and workflows
6.2.b [ii] Network/application function virtualization (NFV, AFV)
6.2.b [iii] Service function chaining
6.2.b [iv] Performance, availability, and scaling considerations

6.3 Internet of Things (IoT)
6.3.a Describe architectural framework and deployment considerations for Internet of Things
6.3.a [i] Performance, reliability and scalability
6.3.a [ii] Mobility
6.3.a [iii] Security and privacy
6.3.a [iv] Standards and compliance
6.3.a [v] Migration
6.3.a [vi] Environmental impacts on the network
Posted by at No comments:
Labels: , , , , , , , ,

Friday, 23 September 2016

650-042 MITFE Mobile Internet Technology for Field Engineers

QUESTION NO: 1
Which logical interface is the communications path between the SGSN and the Cisco GGSN?

A. IuPS interface
B. Gi interface
C. Gn interface
D. MAP interface

Answer: C
Explanation:


QUESTION NO: 2
What is the HLR configuration imsi starts-with command used for?

A. to specify the IMSI number
B. IMSI analysis
C. to change the IMSI number
D. to display point-code definition

Answer: A
Explanation:



QUESTION NO: 3
What is the show alarm outstanding verbose command used for?

A. to view alarms and some details about each one
B. to view some general alarm-related statistics
C. to view alarms that have been sent to a trap manager
D. to view a cumulative count of traps that have been sent

Answer: A
Explanation:



QUESTION NO: 4
Which of the following is one of the three nodes of Cisco ASR 5000 services that comprise the Evolved Packet Core?

A. Cisco PDSN
B. SGSN
C. Cisco MME
D. Cisco GGSN

Answer: C
Explanation:



QUESTION NO: 5
Which criteria is used to measure the maximum rate (in bits per second) that the subscriberpackets can be transmitted and received for the subscriber during the sampling?

A. Burst size
B. committed data rate
C. peak data rate
D. subscriber data rate

Answer: A
Explanation:

Posted by at No comments:
Labels: , , , , , , , ,

Wednesday, 21 September 2016

Exam 70-692 Upgrading Your Windows XP Skills to MCSA Windows 8

Published: November 3, 2014
Languages: English
Audiences: IT professionals
Technology: Windows 8.1
Credit toward certification: MCP, MCSA

Skills measured
This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Exam 70-687
Install and upgrade to Windows 8.1 (25–30%)
Install Windows 8.1
Choose between an upgrade and a clean installation; determine which SKU to use, including Windows RT; determine requirements for particular features, including Hyper-V, Miracast display, pervasive device encryption, virtual smart cards, and Secure Boot
Migrate and configure user data
Migrate user profiles; configure folder location; configure profiles, including profile version, local, roaming, and mandatory

Preparation resources
Install, deploy, and migrate to Windows 8
Windows 8 and Windows 8.1 upgrade paths
Getting started with the User State Migration Tool (USMT)

Configure hardware and applications (25–30%)
Install and configure desktop apps and Windows Store apps
Install and repair applications by using Windows Installer, configure default program settings, modify file associations, manage access to Windows Store
Configure Hyper-V
Create and configure virtual machines, including integration services; create and manage checkpoints; create and configure virtual switches; create and configure virtual disks; move a virtual machine’s storage

Preparation resources
Try it out: Sideload Windows Store Apps
Client Hyper-V

Configure remote access and mobility (20–25%)
Configure mobility options
Configure offline file policies, configure power policies, configure Windows To Go, configure sync options, configure Wi-Fi Direct
Configure security for mobile devices
Configure BitLocker and BitLocker To Go, configure startup key storage

Preparation resources

Deploy Windows To Go in your organization
Understanding Wi-Fi Direct in Windows 8
BitLocker Group Policy settings

Configure system and data recovery options (20–25%)
Configure system recovery
Configure a recovery drive, configure system restore, perform a refresh or recycle, perform a driver rollback, configure restore points

Preparation resources
Deploy Push-Button Reset features
Windows 8 Jump Start module 6: Recovery and security

Exam 70-688
Support operating system and application installation (30-35%)

Support operating system installation
Support Windows To Go; manage boot settings, including native virtual hard drive (VHD) and multiboot; manage desktop images; customize a Windows installation by using Windows Preinstallation Environment (PE)
Support desktop apps
Desktop app compatibility using Application Compatibility Toolkit (ACT), including shims and compatibility database; desktop application co-existence using Hyper-V, RemoteApp, and App-V; installation and configuration of User Experience Virtualization (UE-V); deploy desktop apps by using Microsoft Intune
Support Windows Store and cloud apps
Install and manage software by using Office 365 and Windows Store apps; sideload apps by using Microsoft Intune; sideload apps into online and offline images; deep link apps by using Microsoft Intune; integrate Microsoft account, including personalization settings and Trusted PC

Preparation resources
Deployment considerations for Windows To Go
ACT deployment options
Microsoft Office 365 management and deployment

Support resource access (30-35%)
Support data storage
Distributed File System (DFS) client, including caching settings; storage spaces, including capacity and fault tolerance; optimizing data access by using BranchCache; OneDrive

Preparation resources
Deploy BranchCache

Support Windows clients and devices (30-35%)
Support mobile devices
Support mobile device policies, including security policies, remote access, and remote wipe; support mobile access and data synchronization, including Work Folders and Sync Center; support broadband connectivity, including broadband tethering and metered networks; support Mobile Device Management by using Microsoft Intune, including Windows RT, Windows Phone 8.1, iOS, and Android
Support client compliance
Manage updates by using Windows Update and Microsoft Intune, including non-Microsoft updates; manage client security by using Windows Defender, Microsoft Intune Endpoint Protection, or Microsoft System Center 2012 Endpoint Protection; manage Internet Explorer 11 security; support Group Policy application, including Resultant Set of Policy (RSoP), policy processing, and Group Policy caching
Manage clients by using Microsoft Intune
Manage user and computer groups, configure monitoring and alerts, manage policies, manage remote computers

Preparation resources
Enabling mobile device management with Windows Intune
How to: Set up and use File History on Windows 8
Manage software with Windows Intune

QUESTION 1
A company has an Active Directory Domain Services (AD DS) domain. All client computers run Windows 7. You plan to upgrade the client computers to Windows 8.1 Pro.
You need to choose the methods that do not require the manual entry of a product key during the upgrade.
Which two methods should you choose? (Each correct answer presents a complete solution. Choose two.)

A. Extract the contents of the Windows 8.1 .iso image file to a new shared folder and run the setup program from that folder.
B. Use the Microsoft Deployment Toolkit.
C. Use the Windows 8.1 online upgrade tool.
D. Use Group Policy to assign the Windows 8 installation file to the client computers.

Answer: A,B
QUESTION 2
You manage computers that run Windows 8.1.
You plan to install a desktop app named MarketingApp on one of the client computers.
You need to display a progress bar to the user while installing the app.
Which command should you run?

A. msiexec /i marketingapp.msi /qn
B. msiexec /x marketingapp.msi /qb
C. msiexec /x marketingapp.msi /qn
D. msiexec /i marketingapp.msi /qb

Answer: B
QUESTION 3
You plan to purchase new Windows 8.1 tablets for your company network.
You need to ensure that tablet users are able to use the Windows 8.1 Snap feature.
Which hardware specifications should you meet in choosing tablets?

A. Monitor that supports at least five simultaneous touches
B. Monitor and video adapter that support a minimum screen resolution of 1024 x 768
C. Monitor and video adapter that support a minimum screen resolution of 1366 x 768
D. Monitor that supports at least three simultaneous touches

Answer: D
QUESTION 4
You support Windows 8.1 Enterprise computers that are members of a workgroup.
Users are able to download and install any app from Windows Store.
You need to ensure that only approved apps can be installed from Windows Store.
What should you do?

A. Configure a Software Restriction Policy Certificate rule.
B. Configure an AppLocker Publisher rule.
C. Enable Windows SmartScreen and select the Get administrator approval before running an unrecognized app from the Internet option.
D. Configure an AppLocker Packaged app rule.

Answer: D


Posted by at No comments:
Labels: , , , , , , ,

Saturday, 17 September 2016

648-247 CCPS2 Implementing Cisco Connected Physical Security 2 Exam

Exam Number 648-247
Duration 60 minutes (50-60 questions)
Available Languages English, Japanese

This exam tests the Sales and Field Engineer's knowledge of the Cisco Physical Access Control solution. Candidates will be tested on knowledge of the basics of physical access control and the Cisco Physical Access Manager software solution. In addition, the candidate will also be asked questions regarding the PAC hardware components consisting of the MSP server platform, Access Control gateway and I/O modules, and 3rd party devices. Candidates can prepare for this exam by taking the CPAM course offered by Cisco Advance Services Education.

Exam Topics
The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

Access control basics, legacy vs Cisco architectures
Hardware/software
Integration with 3rd party data systems
CPAM configuration workflow
High availability
Users, badges, I/O, edge policies, and maps
Schedules, backup, and troubleshooting


QUESTION 1
When a 24 VDC fail safe lock is being used to secure a door, how should power be supplied to the
lock from the control source?

A. connected +24 VDC directly to the lock
B. connected +24 VDC through common and normally close
C. connected +24 VDC through common and normally open
D. connected +5 VDC binary control signaling

Answer: B

Explanation:

QUESTION 2
What are the three common methods that are used for authentication with an access control
system?

A. badge card, key fob, and keypad PIN
B. badge card, keypad PIN, and password
C. something you know, something you have, and something you are
D. something you know, something you have, and something you did

Answer: C

Explanation:

QUESTION 3
Refer to the exhibit.



One or more expansion modules is connected to the Cisco Access Gateway via a CAN bus. How
should the CAN bus wires be connected after the last module in the chain?

A. The CAN bus wires should be looped back to the Cisco Access Gateway.
B. The CAN bus wires should be twisted together and tucked away.
C. The CAN bus wires should be plugged into a Layer 2 Ethernet switch.
D. The CAN bus wires should be terminated with a high-impedance resistor.

Answer: D

Explanation:
Posted by at No comments:
Labels: , , , , , , , ,

Monday, 12 September 2016

644-906 IMTXR Implementing and Maintaining Cisco Technologies Using IOS XR

Exam Number 644-906 IMTXR
Associated Certifications Cisco IOS XR Specialist
Duration 75 minutes (55-65 questions)
Available Languages English
Register Pearson VUE

The 644-906 Implementing and Maintaining Cisco Technologies Using IOS XR exam is associated with the Cisco IOS XR Specialist certification. This exam tests a candidate's knowledge of implementing, verification testing, and maintaining Cisco core and edge technologies, using the IOS XR based router platforms, which include the CRS, ASR 9000, and the XR12000 routers.

The 644-906 Implementing and Maintaining Cisco Technologies Using IOS XR (IMTXR) exam is associated with the Cisco IOS XR Specialist certification.This exam tests a candidate's knowledge of implementing, verification testing, and maintaining Cisco core and edge technologies, using the Cisco IOS XR-based router platforms, which include the CRS, ASR 9000, and the XR12000 routers. Candidates can prepare for this exam by taking the IMTXR Implementing and Maintaining Cisco Technologies using IOS XR course.

The following information provides general guidelines for the content likely to be included on the exam. However, other related topics may also appear on the specific delivery of the exam in order to better reflect the contents of the exam and for clarity purposes. The guidelines below may change at any time without notice.

1.0 Platform 21%

1.1 Power
Recommend PDU as a function of facility
Install appropriate PDU for chassis
Monitor system power level
Show power alarm values

1.2 Environmental
Recommend environmental levels for system installation
Verify system-detected environment is within tolerance levels
Show environmental alarm values
Clear environmental alarm
Gather system envinronmental output
Recommend rack space requirements
Use proper grounding for installation
Describe CRS air-flow
Describe Cisco ASR 9000 air flow

1.3 Physical Architecture
Identify CRS switch fabric
Identfy components of CRS fabric
Identify MSC
Identify PLIM
Identify RP CRS/ASR9000
Identify management interface
Identify cable management
Differentiate between single and multi-chassis
Identify ASR9000 line cards
Identify ASR9000 RSP
Identify ASR9000 PDU
Identify ASR9000 SIP-700/SPA
Identify CRS SIP/SPA
Identify CRS chassis
Identify ASR9000 chassis
Describe ASR9000 fabric

1.4 Inventory
Show card status via show platform
Show cards via show diags
Show inventory of the system
Differentiate between admin versus executive plane for show platform

1.5 Environmental (Merge?)
Show power usage
Show fan status
Diff between admin vs exec plane for show platform

1.6 Firmware
Undertanding what is a FPD.PIE
Configure Auto FPD
Understand what is Parallel FPD
Upgrade FPD and ROMMONUpgrade
Understand FPD versus ROMMON
Upgrading FPDs and ROMMONs
Showing current FPD version information

2.0 Operating System 19%

2.1 Install
Add a PIEs or SMUs
Using TFTP, FTP, USB thumbdrive, and hard drive as the source
With Activate flag
Using Source flag
Using TAR file

2.2 Licensing
Activate PIEs or SMUs
Initial or recovery software installation
ROMMON Variables
Turboboot Mini.VM file
Deactivate PIEs or SMUs
Remove inactive packages, PIEs, or SMUs
Committing the Installation Path
Check which packages are active
Check which packages are committed
Check installation log
See what install requests are currently active
Understanding security certificate in PIEs and SMUs

2.3 Packages
Understanding types of packages
Mini.PIE
Mini.VM
Optional PIEs
SMUs
Unstanding IOS-XR versioning and installation restrictions
Understand P versus PX images and the hardware they support

2.4 Two-Stage Commit
Understand what is Active Config
Understand what is Target Config
Understand when is a Syntax Check done
Understand when is a Semantic Check done
Going back to a previous configuration
Showing configuration IDs and labels
Show configuration history
Loading configuration
Committing the configuration
Atomic versus best effort
With labels and comments
Replacing the configuration
Using the commit confirm feature
Show Config Fail
Configure interfaces before the physical interface is available

2.5 Configuration Planes
Understand what configuration is in the Admin plane
Understand what configuration is in the Exec plane
Understand differences between owner and non-owner SDR in access to Admin plane and Exec plane
Understand the default VRF

2.6 Task-Based Authorization
Assigning user privilege to root-system
Assigning user privilege to root-lr
Assigning user privilege to cisco-support
Understand between admin user versus exec username
Understanding how task based authorization work

2.7 Process
How to perform process restart
How to check processes like state, no. of restarts, job id, pid, tid
Show where certain processes are running
How to find a blocked process
Check how much CPU a process is using

2.8 LPTS
Understand what LPTS is
Understand about LPTS Policer
How to use Show LPTS Commands
Show policer values and drop counts in LPTS

2.9 Memory
How to look at the memory utilization on the route processor
How to look at the memory utilization on the line card
Understand protected memory space versus shared memory and which area uses it
Check how much memory a process is using

2.10 Support
How to use Show Tech Support commands
Core file configuration locatioin including hard drive and FTP
Debug commands and with ACL filtering
Locate core files and moving them to a server

2.11 Parser (interacting with)
Using the parser with pipe, include, exclude, begin, regex

2.12 EEM
Base assumption of EEM knowledge - understand what is possible and not possible

3.0 Control Plane 21%

3.1 Configuring OSPF
Configure interfaces to be part of the backbone area
Configure additional interfaces to be part of non-backbone area
Configure non-default metric on some interfaces
Configure neighbor logging so adjacency changes can be monitored

3.2 Verify OSPF
Determine status of OSPF interfaces
Determine status of neighbors
Display OSPF database and determine which links are present

3.3 Configure ISIS
Configure the ISIS NET
Enable ISIS for ipv4 unicast routing
Configure interfaces for ISIS routing
Enable ISIS for ipv6 unicast routing
Enable some but not all of the ipv4 enabled interfaces for ipv6 routing

3.4 Verify ISIS
Determine status if interfaces configured for ISIS
Determine the status of the routing adjacencies
Display the ipv4 unicast route table
Turn and debugging for ISIS adjacencies and explain the information shown
Display the topologies for IPv4 and IPv6. Why are they different?

3.5 Add Static Routes
Configure static routes for IPv4 unicast in the global table
Configure static routes in for IPv4 unicast in two different VRFs

3.6 Configure BGP
Configure an autonomous system number for BGP to use
Configure BGP to support IPv4 routing
Configure BGP to support IPv6 routing
Configure iBGP neighbors with the typical configuration to use loopback addresses for peering:
Use neighbor-groups for identical configuration sections on multiple peers
Configure one iBGP neighbor to exchange both IPv4 and IPv6 prefixes over an IPv4 session
Configure one iBGP neighbor as an IPv6-only neighbor with IPv6 peer addresses
Configure eBGP neighbors for IPv4 routing
Configure a simple pass_all policy for those eBGP neighbors
Add VPNv4 capability to one iBGP peer
Add two VRFs into BGP and redistribute static routes into BGP for VPNv4
Configure one iBGP peer to support 6PE type functionality by adding address-familiy IPv6 labeled-unicast

3.7 Verify BGP
Display the peer summary status for IPv4 and IPv6
Display the IPv4 BGP table
Display a specific entry and explain AS path and next-hop information
Determine how much memory the BGP process uses

3.8 Understanding RPL Concepts
Configure RPL
Define an AS-set for use in RPL
Create a route policy that checks for an AS from the AS-set and adds a community for matching routes
Create a route-policy that uses an inline prefix-set and changes the local preference when a match is found
Create a route policy that adds a community where the community is used as a parameter when the policy is called

3.9 Verify RPL
Verify that communities are added as expected
Execute a show bgp… command using a route-policy to modify the output. Compare to regular show command.

3.10 MPLS LDP
Configure router to run LDP
Configure router to log neighbor events
Enable LDP on interfaces
Execute show command to verify status of LDP neighbors

3.11 MPLS TE
Configure OSPF to support traffic engineering extensions
Enable RSVP on interfaces
Create an MPLS TE tunnel with two different path options:
First path explicit
Second path dynamic

3.12 Execute Show Command to Determine Tunnel Status at Tunnel Head
Execute show command to determine tunnel midpoints traversing the router

3.13 Configure IP Multicast
Configure PIM-SM, PIM-SSM, PIM-SSM range
Configure static-RP, Auto-RP, and BSR for PIM-SM
Confiigure Multicast NSF
Configure Multicast VPN
Configure MSDP for interconnecting PIM-SM domains
Configure MoFRR
Configure P2MP-TE for IP Multicast

4.0 Data Plane 20%

4.1 General Forwarding
Understand and monitor interface counters
Clear interface counters
Modify interface counter load interval
Understand the flow of packets through a router
Describe the difference in processing of transit packets versus locally destined packets
Understand the information stored in a forwarding table entry
Troubleshoot packet drops

4.2 Access Control Lists (ACLs)
Implement ACLs to filter traffic on an interface
Monitor ACL counters
Modify an existing applied ACL
Apply ACLs in debug commands
Resequence an ACL

4.3 Quality of Service (QoS)
Implement a basic Quality of Service configuration
Monitor Quality of Service statistics and behaviors
Modify an existing QoS configuration
What is the difference with QoS on IOS XR

4.4 NetFlow
Describe NetFlow capabilities in IOS XR
Implement NetFlow packet sampling
Verify record export
Monitor the NetFlow cache

4.5 Unicast Reverse Path Forwarding (uRPF)
Implement uRPF on an interface
Verify uRPF behavior

4.6 Interface IP addresses
Configure IPv4 addresses on an interface
Configure IPv6 addresses on an interface
Resolve duplicate IP subnets configured on the router

4.7 IP Multicast
Describe Multicast forwarding on XR platforms (egress and fabric replication, etc.)
Monitor IP Multicast traffic
Troubleshoot IP Multicast (RPF, mrib, mfib, olist, etc.)

5.0 Management Plane 19%

5.1 Implementing SNMP on Cisco IOS-XR
Configuring SNMP (v1, v2c, v3) - Does everyone use SNMPv3?
Configuring SNMP trap notifications
Configuring SNMP views, SDRowner and Lrowner
Configuring SNMP ifIndex persistence
Verify SNMP configuration - e.g. using snmpget or snmpwalk

5.2 Implementing Logging Services on Cisco IOS-XR
Configuring logging buffer
Configuring syslog server host as logging destination
Configuring terminals for logging display (term mon)
Configuring logging facility
Configuring local logging device and archiving
Monitoring logging buffer and filtering messages

5.3 Implementing Physical and Virtual Terminals
Configuring line templates, vty pools
Configuring exec timeout
Securing vty line and vty access
Verify vty access-group configuration

5.4 Implementing SSH Access on Cisco IOS-XR
Configuring SSH server (including crypto key generation)
SSH client usage
Verify SSH configuration

5.5 Implementing Telnet Access on Cisco IOS-XR
Configuring telnet server on IOS-XR

5.6 Implementing XML Management on Cisco IOS-XR
Describe XML management on IOS-XR
Configuring XML agent on IOS-XR
Configuring VRF access for XML agent on IOS-XR

5.7 Implementing TACACS+ Authentication, Authorization and Accounting
Configuring AAA Authentication - Using TACACS+ and local as fallback
Confguring AAA Command Authorization - Using TACACS+ and local as fallback
Configuring AAA Command Accounting
Implementing TACACS+ - Assigning task groups and privileges
Verify AAA permissions upon command failure (i.e. debug aaa)

5.8 Configuring CDP on Cisco IOS-XR
Enable CDP on IOS-XR
Monitor CDP neighbors and parameters

5.9 Implementing Management Plane Protection (MPP) on Cisco IOS-XR
Configuring MPP to restrict access from specific IP Addresses and protocols
Configuring MPP to restrict access for out-of-band interface

5.10 Implementing NTP on Cisco IOS-XR
Configuring NTP server
Configuring NTP peer
Securing NTP configurations (NTP access groups)
Verifying NTP status

5.11 Implementing SDRs on IOS-XR
Understand SDR
Describe DSC
Assigning SDR access priviledges
Creating SDRs, adding nodes to non-owner SDRs
Creating username and passwords for non-owner SDRs
Rebooting non-owner SDRs

5.12 Chassis and Hardware Management
Displaying installed modules, status of modules
Displaying environmental status (fan, power, etc)
Enabling and disabling power to a specific line card or module
Reloading line card or module
Displaying chassis and module serial numbers
Reloading RP
Reloading entire chassis
Troubleshoot reason why PLIM/MSC is not booting up

5.13 Implementing EEM on Cisco IOS-XR
QUESTION 1
What is the maximum long-term normal operating temperature of the Cisco CRS-1, ASR 9000
Series Routers, and XR 12000 Series Routers?

A. 40C (104F)
B. 50C (122F)
C. 55C (131F)
D. 65C (149F)

Answer: A

Explanation:

QUESTION 2
The Cisco CRS 16-Slot Line Card Chassis Site Planning Guide suggests having 48 inches of
clearance behind the chassis. What would definitely happen to the system if there were only 28
inches of clearance behind the Cisco CRS 16-Slot Line Card Chassis?

A. The system would overheat due to inadequate airflow.
B. The fabric card could not be exchanged if one failed.
C. The modular services card (MSC) could not be exchanged if one failed.
D. The fan tray could not be exchanged if one failed.

Answer: D

Explanation:

QUESTION 3
How many planes are there in the Cisco CRS-3 switch fabric?

A. 1
B. 3
C. 7
D. 8

Answer: D

Explanation:

QUESTION 4
What is the cell size of the cells that traverse the switch fabric on the Cisco CRS-3?

A. 128 bytes
B. 136 bytes
C. 144 bytes
D. 200 bytes
E. 288 bytes

Answer: B

Explanation:

QUESTION 5
Where are client interfaces terminated on the Cisco CRS-3?

A. the modular services card
B. the physical layer interface module(s)
C. the switch fabric interface terminator
D. the Service Processor 40
E. the Service Processor 140

Answer: B

Explanation:


Posted by at No comments:
Labels: , , , , , , , ,

Monday, 5 September 2016

642-980 DCUFT Troubleshooting Cisco Data Center Unified Fabric

Exam Number 642-980 DCUFT
Associated Certifications CCNP Data Center Certification
Cisco Unified Fabric Support Specialist
Duration 90 minutes (65-75 questions)
Available Languages English

The 642-980 Troubleshooting Cisco Data Center Unified Fabric exam tests a candidate's troubleshooting skills in the Unified Fabric domain, troubleshooting connectivity issues, convergent I/O, Storage issues, as well as issues related to specific features like OTV (overlay transport virtualization) and it is associated with the CCNP DC certification and Cisco Unified Fabric Support Specialist certification.

The 642-980 Troubleshooting Cisco Data Center Unified Fabric exam tests a candidate's troubleshooting skills in the Unified Fabric domain, troubleshooting connectivity issues, convergent I/O, Storage issues, as well as issues related to specific features like OTV (overlay transport virtualization). This 90-minute, 65−75 question exam is associated with the CCNP DC certification and Cisco Unified Fabric Support Specialist certification. The exam is closed book and no outside reference materials are allowed.

The following topics are general guidelines for the content likely to be included on the exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.

1.0 Troubleshooting Layer 2 Connectivity Issues in a Cisco Data Center Network 20%

1.1 Identify and resolve Ethernet port-channels issues

1.2 Identify and resolve vPC issues

1.3 Identify and resolve FabricPath issues

1.4 Identify and resolve PVLAN issues

2.0 Troubleshooting FCoe Issues in a Cisco Data Center Network 9%

2.1 Identify and resolve performance issues

2.2 Identify and resolve DCBX issues

3.0 Troubleshooting Storage Area Network in a Cisco Data Center 26%

3.1 Identify and resolve Fabric merge issues

3.2 Identify and resolve npv/npiv issues

3.3 Identify and resolve SAN port-channels/trunk issues

4.0 Troubleshooting DCI Issues in a Cisco Data Center Network 19%

4.1 Identify and resolve OTV issues

4.2 Identify and resolve HSRP issue in a DCI

5.0 Troubleshooting Platform Specific Issues in a Cisco Data Center Network 26%

5.1 Identify and resolve cfs issues

5.2 Identify and resolve Config-Sync Issues

5.3 Identify and resolve ISSU issues

5.4 Identify and resolve Fex issues

5.5 Identify and resolve VDC issues

5.6 Identify and resolve Layer1 issues

5.7 Identify and resolve cpu memory

5.8 Identify and resolve control plane policing (COPP) issues
QUESTION 2
The traffic across your port channels seems to be favoring one link over the other. How can you adjust the load-balancing policy to include source and destination MAC addresses, IP address, and TCP port?

A. kcdc-5010-1(config-if)# port-channel load-balance ethernet source-dest-port
B. kcdc-5010-1(config-if)# port-channel load-balance ethernet source-dest mac ip port
C. kcdc-5010-1(config)# port-channel load-balance ethernet source-dest-port
D. kcdc-5010-1(config)# port-channel load-balance ethernet source-dest mac ip port

Answer: C
QUESTION 2
Which two commands are used to determine the CoPP profile used on Cisco Nexus 7000 Series? (Choose two.)

A. #show copp profile
B. #show copp diff profile
C. #show copp status
D. #show running-config copp
E. #show policy-map interface control-plane

Answer: C,D

QUESTION 3
Storage VDC creation has failed. Which two steps should be taken before creating the storage VDC? (Choose two.)

A. Check that the F1 module has the FCoE license installed.
B. Check that the FCoE feature is enabled on the N7K.
C. Check that you have allocated the interfaces of the F module on the VDC.
D. Check that the network QoS non-drop policy is configured for FCoE traffic.
E. Check that the FCoE VLANs are allocated on the VDC.
F. Check that the M2 module has the FCoE license installed.

Answer: B,D
QUESTION 4
What is the correct configuration for interface Ethernet 1/1 of a Cisco Nexus 5000 Series Switch when it is a member of port channel 101 connected to FEX 101?

A. interface Ethernet1/1 switchport mode trunk switchport trunk native vlan 10
switchport trunk allowed vlan 20,30 fex associate 101
channel-group 101
B. interface Ethernet1/1
switchport mode fex-fabric channel-group 101
C. interface Ethernet1/1 switchport mode access switchport access vlan 10 fex associate 101 channel-group 101
D. interface Ethernet1/1 switchport mode fex-fabric fex associate 101 channel-group 101

Answer: D

QUESTION 5
You have upgraded your Cisco Nexus 7009 Switches and converted the default VDC to an admin VDC. You notice that all of the ACLs are still present on the admin VDC after the
conversion. What should you do?

A. enable configuration synchronization between the admin VDC and the production VDCs
B. delete the ACLs
C. delete all ACLs except those related to CoPP
D. delete all ACLs except those bound to resource templates
E. use the system admin-vdc acl command to properly migrate ACLs

Answer: B
Posted by at No comments:
Labels: , , , , , , , ,
Subscribe to: Posts (Atom)