This page was exported from PassLeader New Cisco Exam Dumps - CCNA, CCNP, CCIE, DevNet, CCDE Certification Exam Dumps VCE and PDF and Braindumps and Practice Tests [ https://www.ciscovceplus.com ] Export date:Sun Mar 24 7:30:04 2024 / +0000 GMT ___________________________________________________ Title: Valid 642-997 Dumps with VCE and PDF for Free (Question 11 - Question 20) --------------------------------------------------- New 642-997 exam questions from PassLeader 642-997 dumps! Welcome to download the newest PassLeader 642-997 VCE and PDF dumps: http://www.passleader.com/642-997.html (137 Q&As) P.S. Free 642-997 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpS1BYSmhLTVRyeTg QUESTION 11By default it will take 10 seconds for authentication to fail due to an unresponsive RADIUS server before a Cisco Nexus series switch reverts to another RADIUS server or local authentication. What is one efficient way to improve the reaction time to a RADIUS server failure? A.    Decrease the global RADIUS retransmission count to 1.B.    Decrease the global RADIUS timeout interval to 5 seconds.C.    Configure the RADIUS retransmission count and timeout interval per server, versus globally.D.    Configure per server a test idle timer, along with a username and password. Answer: DExplanation:You can monitor the availability of RADIUS servers. These parameters include the username and password to use for the server and an idle timer. The idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. You can configure this option to test servers periodically. The test idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series switch does not perform periodic RADIUS server monitoring.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_radius.html QUESTION 12Which statement about RADIUS configuration distribution using Cisco Fabric Services on a Cisco Nexus 7000 Series Switch is true? A.    Cisco Fabric Services does not distribute the RADIUS server group configuration or server and global keys.B.    Enabling Cisco Fabric Services causes the existing RADIUS configuration on your Cisco NX-OS device to be immediately distributed.C.    When the RADIUS configuration is being simultaneously changed on more than one device in a Cisco Fabric Services region, the most recent changes will take precedence.D.    Only the Cisco NX-OS device with the lowest IP address in the Cisco Fabric Services region can lock the RADIUS configuration. Answer: AExplanation:CFS does not distribute the RADIUS server group configuration or server and global keys. The keys are unique to the Cisco NX-OS device and are not shared with other Cisco NX-OS devices.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x_chapter_0101.html QUESTION 13When a local RBAC user account has the same name as a remote user account on an AAA server, what happens when a user with that name logs into a Cisco Nexus switch? A.    The user roles from the remote AAA user account are applied, not the configured local user roles.B.    All the roles are merged (logical OR).C.    The user roles from the local user account are applied, not the remote AAA user roles.D.    Only the roles that are defined on both accounts are merged (logical AND). Answer: CExplanation:If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not the user roles configured on the AAA server.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html QUESTION 14Which statement is true if password-strength checking is enabled? A.    Short, easy-to-decipher passwords will be rejected.B.    The strength of existing passwords will be checked.C.    Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.D.    Passwords become case-sensitive. Answer: AExplanation:If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled. Be sure to configure a strong password. Passwords are case sensitive.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_01000.pdf QUESTION 15Which statement about RBAC user roles on a Cisco Nexus switch is true? A.    If you belong to multiple roles, you can execute only the commands that are permitted by both roles (logical AND).B.    Access to a command takes priority over being denied access to a command.C.    The predefined roles can only be changed by the network administrator (superuser).D.    The default SAN administrator role restricts configuration to Fibre Channel interfaces.E.    On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs. Answer: BExplanation:If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the users also have RoleB, which has access to the configuration commands. In this case, the users have access to the configuration commands.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/CLIConfigurationGuide/sec_rbac.html QUESTION 16Which two statements about SAN zoning on Cisco Nexus switches are true? (Choose two.) A.    Unlike configured zones, default zone information is not distributed to the other switches in the fabric.B.    Traffic can either be permitted or denied among members of the default zone. This information is not distributed to all switches. It must be configured in each switch.C.    The settings for default zone configurations cannot be changed.D.    To activate a zone set, you must copy the running configuration to the startup configuration after the zone set is configured.E.    Soft zoning restrictions will not prevent a source device from accessing a device outside its zone, if the source knows the Fibre Channel ID of the destination.F.    Hard zoning is enforced by the hardware on each FLOGI sent by an N Port. Answer: BEExplanation:Each member of a fabric (in effect a device attached to an Nx port) can belong to any zone. If a member is not part of any active zone, it is considered to be part of the default zone. Therefore, if no zone set is active in the fabric, all devices are considered to be in the default zone. Even though a member can belong to multiple zones, a member that is part of the default zone cannot be part of any other zone. The switch determines whether a port is a member of the default zone when the attached port comes up. Unlike configured zones, default zone information is not distributed to the other switches in the fabric Traffic can either be permitted or denied among members of the default zone. This information is not distributed to all switches; it must be configured in each switch.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/configuration/guides/fabric/DCNM-SAN/fm_fabric/zone.html QUESTION 17Which two statements about SAN zoning on Cisco Nexus switches are true? (Choose two.) A.    Zoning is enforced by examining the destination ID field.B.    Devices can only belong to one zone.C.    Only one zone set can be activated at any time.D.    A zone can only be a member one zone set.E.    Zoning must be administered from the primary SAN switch in the fabric.F.    Zone configuration changes are nondisruptive. Answer: CFExplanation:A zone set can be activated or deactivated as a single entity across all switches in the fabric. Only one zone set can be activated at any time. If zoning is not activated, all devices are members of the default zone. If zoning is activated, any device that is not in an active zone (a zone that is part of an active zone set) is a member of the default zone. Zoning can be administered from any switch in the fabric. When you activate a zone (from any switch), all switches in the fabric receive the active zone set. Additionally, full zone sets are distributed to all switches in the fabric, if this feature is enabled in the source switch.http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/san-os/quick/guide/qcg_zones.html QUESTION 18The Connectivity Management Processor monitors the active supervisor module on a Cisco Nexus 7000 switch and will reboot the device in the event of a lights-out management issue. However, which option includes features that provide similar benefits in the absence of the Connectivity Management Processor? A.    high-availability functionality from features such as vPC and NSFB.    traditional system connectivity models like SNMP, GUI, or SSHC.    Cisco FabricPathD.    VDC failover Answer: AExplanation:vPC uses the vPC peer-keepalive link to run hello messages that are used to detect a dual-active scenario. A Gigabit Ethernet port can be used to carry the peer-keepalive messages. A dedicated VRF is recommended to isolate these control messages from common data packets. When an out-of-band network infrastructure is present, the management interfaces of the Cisco Nexus 7000 supervisor could be also used to carry keep-alive connectivity using the dedicated management VRF. When the vPC peer-link is no longer detected, a dual-active situation occurs, and the system disables all vPC port channel member on the "secondary" vPC peer (lower vPC role priority value). Also SVI interfaces associated to a vPC VLAN are suspended on the secondary switch. As a result, in this condition only the "primary" vPC peer actively forwards traffic on the vPC VLANs. Multiple peer-keepalive links can be used to increase resiliency of the dual-active detection mechanism.Both the Cisco Catalyst 6500 and the Cisco Nexus 7000 offer a variety of high-availability features. Some of the primary features to highlight are In Service Software Upgrade (ISSU), Stateful Switchover (SSO), and Nonstop Forwarding (NSF). The operation and the behavior of these features are unique to the respective platform and can be independently executed without affecting the interoperability between the two platforms.http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_589890.html QUESTION 19Which Cisco Nexus feature is best managed with DCNM-SAN? A.    VSSB.    domain parametersC.    virtual switchesD.    AAA Answer: BExplanation:The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain ID distribution, FC ID allocation, and fabric reconfiguration functions as described in the FC-SW-2 standards. The domains are configured on a per VSAN basis. If you do not configure a domain ID, the local switch uses a random ID.This section describes each fcdomain phase:Principal switch selection - This phase guarantees the selection of a unique principal switch across the fabric.Domain ID distribution - This phase guarantees each switch in the fabric obtains a unique domain ID.FC ID allocation - This phase guarantees a unique FC ID assignment to each device attached to the corresponding switch in the fabric.Fabric reconfiguration - This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase.http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/configuration/guides/sysmgnt/DCNM-SAN/sysmgmt_dcnm/sysmgmt_overview.html#wp1051962 QUESTION 20Which of the following Cisco Nexus features is best managed with DCNM-LAN? A.    VSSB.    Domain parametersC.    Virtual switchesD.    AAA Answer: C New 642-997 exam questions from PassLeader 642-997 dumps! Welcome to download the newest PassLeader 642-997 VCE and PDF dumps: http://www.passleader.com/642-997.html (137 Q&As) P.S. Free 642-997 dumps are available on Google Drive shared by PassLeader: https://drive.google.com/open?id=0B-ob6L_QjGLpS1BYSmhLTVRyeTg --------------------------------------------------- Images: --------------------------------------------------- --------------------------------------------------- Post date: 2016-11-18 04:07:38 Post date GMT: 2016-11-18 04:07:38 Post modified date: 2016-11-18 04:07:38 Post modified date GMT: 2016-11-18 04:07:38 ____________________________________________________________________________________________ Export of Post and Page as text file has been powered by [ Universal Post Manager ] plugin from www.gconverters.com