[Full Version] 2016 Lead2pass New Updated 642-997 Exam Questions (61-80)

2016 November Cisco Official New Released 642-997 Dumps in Lead2pass.com!

100% Free Download! 100% Pass Guaranteed!

Lead2pass is now offering Lead2pass 642-997 dumps PDF and Test Engine with 100% passing guarantee. Buy Lead2pass 642-997 PDF and pass your exam easily. If you want real exam simulation then buy test engine and install on your pc for preparation.

Following questions and answers are all new published by Cisco Official Exam Center: http://www.lead2pass.com/642-997.html

QUESTION 61
Refer to the exhibit. Which corrective action is taken to resolve the problem?

611

A.    Trunk four VLANs on interface ethernet 199/1/1.
B.    Use the shut and no shut interface ethernet 199/1/1so that the VLANs come up.
C.    Place interface ethernet 199/1/1 in VLAN 4 in the N5K-2 configuration.
D.    Prune all but four VLANs from vPC 199.
E.    Add VLAN 4 to vPC 199.

Answer: C
Explanation:
Place interface ethernet 199/1/1 in VLAN 4 in the N5K-2 configuration.

QUESTION 62
What is an Overlay Transport Virtualization extended VLAN?

A.    the VLAN used to locate other AEDs
B.    the VLAN used to access the overlay network by the join interface
C.    the user VLAN that exists in multiple sites
D.    the VLAN that must contain the overlay interface

Answer: C

QUESTION 63
Refer to the exhibit. What is the consequence of configuring peer-gateway on the two vPC peers N7K-1 and N7K-2?

631

A.    Nothing, this is the standard vPC configuration to make the feature work.
B.    The downstream device detects only one of the vPC peers as its gateway.
C.    The downstream device can use DMAC of N7K-1 on the link to N7K-2, and N7K-2 forwards the packet.
D.    This configuration enables the downstream device to use DHCP to obtain its default gateway.

Answer: C
Explanation:
Beginning with Cisco NX-OS 4.2(1), you can configure vPC peer devices to act as the gateway even for packets that are destined to the vPC peer device’s MAC address. Use the peer-gateway command to configure this feature.
Some network-attached storage (NAS) devices or load-balancers may have features aimed to optimize the performances of particular applications. Essentially these features avoid performing a routing-table lookup when responding to a request that originated form a host not locally attached to the same subnet. Such devices may reply to traffic using the MAC address of the sender Cisco Nexus 7000 device rather than the common HSRP gateway. Such behavior is non-complaint with some basic Ethernet RFC standards. Packets reaching a vPC device for the non-local router MAC address are sent across the peer-link and could be dropped by the built in vPC loop avoidance mechanism if the final destination is behind another vPC. The vPC peer-gateway capability allows a vPC switch to act as the active gateway for packets that are addressed to the router MAC address of the vPC peer. This feature enables local forwarding of such packets without the need to cross the vPC peer-link. In this scenario, the feature optimizes use of the peer-link and avoids potential traffic loss. Configuring the peer-gateway feature needs to be done on both primary and secondary vPC peers and is non-disruptive to the operations of the device or to the vPC traffic. The vPC peer-gateway feature can be configured globally under the vPC domain submode. When enabling this feature it is also required to disable IP redirects on all interface VLANs mapped over a vPC VLAN to avoid generation of IP redirect messages for packets switched through the peer gateway router. When the feature is enabled in the vPC domain, the user is notified of such a requirement through an appropriate message. Packets arriving at the peer-gateway vPC device will have their TTL decremented, so packets carrying TTL = 1 may be dropped in transit due to TTL expire. This needs to be taken into account when the peer-gateway feature is enabled and particular network protocols sourcing packets with TTL = 1 operate on a vPC VLAN.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_2/nx-os/interfaces/configuration/guide/if_nxos/if_vPC.html

QUESTION 64
Refer to the exhibit. Which three statements about the Cisco Nexus 7000 switch are true? (Choose three.)

641

A.    An emulated switch ID must be unique when the vPC+ feature is used.
B.    Switches with FabricPath and vPC+ consume two switch IDs.
C.    Emulated switch IDs must be numbered from 1 to 99.
D.    Each switch ID must be unique in the FabricPath topology.
E.    Switch IDs must be configured manually.

Answer: BDE
Explanation:
To understand this feature, please refer to the link given below.
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/guide_c07-690079.html#wp9000065

QUESTION 65
Which statement about core-edge SAN topology is true?

A.    Converged FCoE links connect the core and edge MDS switches.
B.    The SAN core connects to the network aggregation layer.
C.    Separate links with the same I/O are used for SAN and LAN traffic.
D.    Storage devices are accessed via FCoE over the LAN network.

Answer: B
Explanation:
The Aggregation layer of the data center provides connectivity for the Access layer switches in the server farm, an aggregates them into a smaller number of interfaces to be connected into the Core layer. In most data center environments, the Aggregation layer is the transition point between the purely Layer 3 routed Core layer, and the Layer 2-switched Access layer. 802.1Q trunks extend the server farm VLANs between Access and Aggregation layers. The Aggregation layer also provides a common connection point to insert services into the data flows between clients and servers, or between tiers of servers in a multi-tier application.

QUESTION 66
What configuration is required when implementing FCoE?

A.    disable LAN traffic on the interface
B.    configure PortFast on the access port
C.    permit all VLANs on the interface
D.    permit all VSANs on the interface

Answer: A
Explanation:
DCBX allows the switch to send a LAN Logical Link Status (LLS) message to a directly-connected CNA. Enter the shutdown lan command to send an LLS-Down message to the CNA. This command causes all VLANs on the interface that are not enabled for FCoE to be brought down. If a VLAN on the interface is enabled for FCoE, it continues to carry SAN traffic without any interruption.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/fcoe/b_Cisco_Nexus_5000_Series_NX-
OS_Fibre_Channel_over_Ethernet_Configuration_Guide_/Cisco_Nexus_5000_Series_NX-OS_Fibre_Channel_over_Ethernet_Configuration_Guide__chapter3.html

QUESTION 67
Drag and Drop Question
Drag the network characteristics on the left to the most appropriate design layer on the right.

671

Answer:

672

Explanation:
The access layer is the first tier or edge of the campus. It is the place where end devices (PCs, printers, cameras, and the like) attach to the wired portion of the campus network. It is also the place where devices that extend the network out one more level are attached — IP phones and wireless access points (APs) being the prime two key examples of devices that extend the connectivity out one more layer from the actual campus access switch. The wide variety of possible types of devices that can connect and the various services and dynamic configuration mechanisms that are necessary, make the access layer one of the most feature-rich parts of the campus network.
You can enable an 802.1X port for port security by using the dot1x multiple-hosts interface configuration command. You must also configure port security on the port by using the switchport port-security interface configuration command. With the multiple-hosts mode enabled, 802.1X authenticates the port, and port security manages network access for all MAC addresses, including that of the client. You can then limit the number or group of clients that can access the network through an 802.1X multiple-host port.

QUESTION 68
Which topology is not supported when using vPC?

A.    a single-homed server to a single FEX that is connected to two Cisco Nexus 5500 Series Switches
B.    a dual-homed server to two FEXs, each connected to two Cisco Nexus 5500 Series Switches
C.    a dual-homed server to two FEXs that are connected to one Cisco Nexus 5500 Series Switch
D.    a dual-homed server to a single FEX that is connected to two Cisco Nexus 5500 Series Switches

Answer: C
Explanation:
The figure shows unsupported topology where a vPC is between hosts and two FEXs that are connected to one Cisco Nexus 5500 Series device. This topology does not provide a good high availability solution because the server loses the connectivity to the network when the Cisco Nexus 5000 Series device fails.
If you need to connect a multi-homing server to a pair of FEXs when there is only one Cisco Nexus 5000 Series device, you have the option to run active or standby NIC teaming from the server.
http://www.cisco.com/en/US/docs/switches/datacenter/nexus5000/sw/mkt_ops_guides/513_n1_1/ n5k_enhanced_vpc.html

QUESTION 69
Which protocol is the foundation for unified fabric as implemented in Cisco NX-OS?

A.    Fibre Channel
B.    Data Center Bridging
C.    Fibre Channel over Ethernet
D.    N proxy virtualization
E.    N Port identifier virtualization

Answer: C
Explanation:
Fibre Channel over Ethernet (FCoE) is one of the major components of a Unified Fabric. FCoE is a new technology developed by Cisco that is standardized in the Fibre Channel Backbone 5 (FC-BB-5) working group of Technical Committee T11 of the International Committee for Information Technology Standards (INCITS). Most large data centers have huge installed bases of Fibre Channel and want a technology that maintains the Fibre Channel model. FCoE assumes a lossless Ethernet, in which frames are never dropped (as in Fibre Channel) and that therefore does not use IP and TCP.
http://www.cisco.com/c/en/us/products/collateral/switches/nexus-5000-series-switches/white_paper_c11-495142.html

QUESTION 70
Drag and Drop Question
Drag the description on the left to the most appropriate FCoE protocol or feature on the right.

701

Answer:

702

Explanation:
ENODES: During FLOGI or FDISC, the ENode advertises the addressing modes it supports. If the FC switch supports an addressing mode that the ENode uses, the virtual link can be established, and the devices can communicate.

FIP: FIP is the set of control plane functions that enable discovery of FCoE-capable devices across FCoE passthrough switches and establishment of legal combinations of virtual links.

FCF: FCoE Initialization Protocol (FIP) is the FCoE control protocol responsible for establishing and maintaining Fibre Channel virtual links between pairs of FCoE devices (ENodes or FCFs). During the virtual link establishment phase, FIP first discovers FCoE VLANs and remote virtual FC interfaces; then it performs virtual link initialization functions (fabric login [FLOGI] and fabric discovery [FDISC], or exchange link parameters [ELP]) similar to their native Fibre Channel equivalents. After the virtual link is established, Fibre Channel payloads can be exchanged on the virtual link, and FIP remains in the background to perform virtual link maintenance functions; it continuously verifies reachability between the two virtual FC interfaces on the Ethernet network, and it offers primitives to delete the virtual link in response to administrative actions to that effect. This document does not describe the virtual link maintenance functions of FIP.

QUESTION 71
Drag and Drop Question
Drag the description on the left to the most appropriate Nexus product on the right.

711

Answer:

712

QUESTION 72
Drag and Drop Question
Drag the security description on the left to the appropriate security feature on the right.

721

Answer:

722

Explanation:
IP Source guard: IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host’s IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.

Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host’s ability to attack the network by claiming a neighbor host’s IP address. IP Source Guard is a port-based feature that automatically creates an implicit port access control list (PACL).

CoPP: Control Plane Policing (CoPP) introduced the concept of early rate-limiting protocol specific traffic destined to the processor by applying QoS policies to the aggregate control-plane interface. Control Plane Protection extends this control plane functionality by providing three additional control-plane subinterfaces under the top-level (aggregate) control-plane interface. Each subinterface receives and processes a specific type of control-plane traffic.

Dynamic Arp Inspection: Dynamic ARP inspection is a security feature that validates ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed. The switch performs these activities:
• Intercepts all ARP requests and responses on untrusted ports
• Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination
• Drops invalid ARP packets

Unicast RPF: The Unicast RPF feature reduces problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of Denial-of-Service (DoS) attacks, including Smurf and Tribal Flood Network (TFN) attacks, can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. Unicast RPF deflects attacks by forwarding only the packets that have source addresses that are valid and consistent with the IP routing table.
When you enable Unicast RPF on an interface, the device examines all ingress packets received on that interface to ensure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This examination of source addresses relies on the Forwarding Information Base (FIB).

Traffic Storm Control: A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 1-second interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

QUESTION 73
Drag and Drop Question
VSANs and SAN Zoning have similar security goals, but also have different qualities. Drag the characteristic on the left to the appropriate column heading (VSAN or Zoning) on the right.

731

Answer:

732

QUESTION 74
Hotspot Question
741

742

743

744

On a Cisco Nexus 7000 switches what is true regarding Cisco FabricPath requirements?

A.    Ensure that you have installed the Enhanced Layer 2 license and that you have installed an F
Series module
B.    Ensure that you have installed the Enhanced Layer 2 license and that you have installed an M
Series module
C.    Ensure that you have installed the Enhanced Layer 3 license and that you have installed an M
Series module
D.    Ensure that you have installed the Scalable Feature License license and that you have installed
an F Series module

Answer: A
Explanation: 
FabricPath switching has the following prerequisites:
You should have a working knowledge of Classical Ethernet Layer 2 functioning.
You must install the FabricPath feature set on the default and nondefault VDC before you enable FabricPath on the switch.
See Configuring Feature Set for FabricPath for information on installing the FabricPath feature set.
You are logged onto the device.
Ensure that you have installed the Enhanced Layer 2 license.
You are in the correct virtual device context (VDC). A VDC is a logical representation of a set of system resources.
You can use the switchto vdc command with a VDC number.
You are working on the F Series module.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/5_x/nx-os/fabricpath/configuration/guide/fp_switching.html

QUESTION 75
Hotspot Question
751

752

753

754

What is effect of the command “fabric path load-balance unicast layer 3”?

A.    It configures F2 VDC FabricPath unicast load balancing
B.    The command automatically load balances broadcast traffic
C.    It configures F1/MI VDC FabricPath unicast load balancing
D.    It configures M1 VDC FabricPath unicast load balancing

Answer: C
Explanation:
The F1 cards are complemented by M1 card for routing purposes. When using M1 cards in the same virtual device context (VDC) as the F1 card, routing is offloaded to the M1 cards, and more routing capacity is added to the F1 card by putting more M1 ports into the same VDC as the F1 card.

QUESTION 76
761

762

763

764

Customer has configured fabricpath allocate-delay to 600. What is the effect of this?

A.    The allocate-delay is the time for FP to go Into forwarding state
B.    It specifies the time delay for a transitioned value to be propagated throughout the network
C.    It specifies the time delay for a link bringup to detect conflicts
D.    The allocate-delay is the time delay for a new resource to be propagated throughout the network

Answer: D
Explanation:
Specifies the time delay for a new resource to be propagated throughout the network.
http://www.cisco.com/web/techdoc/dc/reference/cli/nxos/commands/fpath/fabricpath_timers.html

QUESTION 77
Hotspot Question

771

772

773

774

FabricPath switch-id is 25 and load-balance is configured for L3/L4 and rotate amount is 14 byte. What information is true about FabricPath switch-id?

A.    FabricPath topology requires manual configuration of switch-id which has a range from 1 to 4095
B.    Every FabricPath must have a manually configured switch-id for it to form a FabricPath topology
C.    FabricPath topology requires manual configuration of switch-id which has a range from 1 to 4099
D.    You do not have to manually assign a switch ID unless you are running a virtual port channel plus
(vPC*) because the system assigns a switch ID for you when you enable FabricPath

Answer: D
Explanation:
fabricpath switch-id (vPC)
To configure a virtual port channel plus (vPC+) switch ID, use the fabricpath switch-id command. To remove the FabricPath switch from a vPC domain, use the no form of this command.
fabricpath switch-id switch-id
no fabricpath switch-id [ switch-id ]
Usage Guidelines
You do not have to manually assign a switch ID (unless you are running a vPC+); the system assigns a switch ID for you when you enable FabricPath.
Note You must assign the same vPC+ switch ID to each of the two vPC+ peer devices before they can form an adjacency.
This command requires an Enhanced Layer 2 license.
Examples
This example shows how to configure a vPC+ switch ID on a FabricPath-enabled device:
switch# configure terminal
switch(config)# vpc domain 1
switch(config-vpc-domain)# fabricpath switch-id 1
Configuring fabricpath switch id will flap vPCs. Continue (yes/no)? [no]

QUESTION 78
Hotspot Question
781

782

783

What is the status of FCoE license on Cisco Nexus 5548 switch?

A.    FCoE license is not installed
B.    FCoE license is installed, but it is expired
C.    FCoE license is installed and status is enabled
D.    FCoE license does not need to be installed because it is part of ENTERPRISE_PKG

Answer: A

QUESTION 79
Hotspot Question
791

792

793

Ethernet interface 1/5 on Cisco Nexus 5548 is connected to Cisco UCB C220 rack server.
What is the status of Ethernet 1/5 interface for FCoE functionality?

A.    Interface reset on Ethernet 1/5 is preventing the FCoE connection from coming up
B.    MTU size of 1500 on Ethernet interface 1/5 needs to be changed for FCoE to come UP
C.    Cisco Nexus 5548 needs a layer 3 daughter card for FCoE to come UP on the Ethernet interface 1/5
D.    Ethernet interface 1/5 is operational for FCoE and the status is UP

Answer: D

QUESTION 80
Hotspot Question
801

802

803

What is the status of FC interface associated with ethernet 1/5 indicate?

A.    Trunk VSAN 11 is isolated
B.    Interface vfc 5 is up and running for the assigned VSAN
C.    Trunk VSAN 11 is initializing
D.    VSAN to FC mapping is not working as expected

Answer: B

Now we are one step ahead in providing updated real exam dumps for 642-997. We provide 100% 642-997 exam passing guarantee as we will provide you same questions of 642-997 exam with their answers. Our Cisco 642-997 new questions are verified by experts.

642-997 new questions on Google Drive: https://drive.google.com/open?id=0B3Syig5i8gpDWnlXTnB1WEMzSjQ

2016 Cisco 642-997 exam dumps (All 137 Q&As) from Lead2pass:

http://www.lead2pass.com/642-997.html [100% Exam Pass Guaranteed]