642-997試験無料問題集（152題）「Cisco Implementing Cisco Data Center Unified Fabric (DCUFI) 認定」

出題：1

Which two functions are enabled when you set up vPC+ at the FabricPath edge? (Choose two.)

A. the ability to attach additional Classic Ethernet switches in vPC+ mode

B. the ability to stop all Layer 3 egress traffic

C. the ability to attach servers to edge switches with port-channel teaming

D. the ability to attach Cisco Fabric Extenders in FEX active/active mode

正解：C,D 解答を投票する

出題：2

Which option shows how to configure an ERSPAN Type III source session in Cisco NX-OS
6.2?
A)

B)

C)

D)

A. Option D

B. Option C

C. Option A

D. Option B

正解：B 解答を投票する

出題：3

What is effect of the command "fabricpath load-balance unicast Iayer3"?

A. It configures M1 VDC FabricPath unicast load balancing

B. The command automatically load balances broadcast traffic

C. It configures F1/MI VDC FabricPath unicast load balancing

D. It configures F2 VDC FabricPath unicast load balancing

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：4

What is an Overlay Transport Virtualization extended VLAN?

A. the VLAN that must contain the overlay interface

B. the user VLAN that exists in multiple sites

C. the VLAN used to locate other AEDs

D. the VLAN used to access the overlay network by the join interface

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：5

For which two reasons would you enter these commands in a Cisco Nexus 5000 Series switch? (Choose two.) n5k(config)# int ethernet 1/21 n5k(config-if)# priority-flow-control mode on

A. UDLD is also configured on interface ethernet 1/21.

B. The Cisco Nexus 5000 chassis is not DCBX capable.

C. Unexpected DCBX negotiation occurred with the peer device.

D. The peer device does not support LLDP.

E. The peer device requires this configuration for proper spanning-tree operation.

正解：C,D 解答を投票する

出題：6

FabricPath switch-id is 25 and load-balance is configured for L3/L4 and rotate amount is 14 byte. What information is true about FabricPath switch-id?

A. FabricPath topology requires manual configuration of switch-id which has a range from 1 to 4095

B. You do not have to manually assign a switch ID unless you are running a virtual port channel plus (vPC+) because the system assigns a switch ID for you when you enable
FabricPath

C. FabricPath topology requires manual configuration of switch-id which has a range from 1 to 4099

D. Every FabricPath must have a manually configured switch-id for it to form a FabricPath topology

正解：B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：7

Between which two types of ports does FIP establish Fibre Channel virtual links? (Choose two.)

A. N Ports and F Ports

B. E Ports and E Ports

C. VN Ports and VF Ports

D. VE Ports and VF Ports

E. VE Ports and VE Ports

F. VP Ports and VE Ports

正解：C,E 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：8

DRAG DROP
Drag the security description on the left to the appropriate security feature on the right.

正解：

Explanation:

IP Source guard: IP Source Guard provides source IP address filtering on a Layer 2 port to prevent a malicious host from impersonating a legitimate host by assuming the legitimate host's IP address. The feature uses dynamic DHCP snooping and static IP source binding to match IP addresses to hosts on untrusted Layer 2 access ports.
Initially, all IP traffic on the protected port is blocked except for DHCP packets. After a client receives an IP address from the DHCP server, or after static IP source binding is configured by the administrator, all traffic with that IP source address is permitted from that client. Traffic from other hosts is denied. This filtering limits a host's ability to attack the network by claiming a neighbor host's IP address. IP Source Guard is a port-based feature that automatically creates an implicit port access control list (PACL).
CoPP: Control Plane Policing (CoPP) introduced the concept of early rate-limiting protocol specific traffic destined to the processor by applying QoS policies to the aggregate control- plane interface. Control Plane Protection extends this control plane functionality by providing three additional control-plane subinterfaces under the top-level (aggregate) control-plane interface. Each subinterface receives and processes a specific type of control-plane traffic.
Dynamic Arp Inspection: Dynamic ARP inspection is a security feature that validates
ARP packets in a network. It intercepts, logs, and discards ARP packets with invalid IP-to-
MAC address bindings. This capability protects the network from certain man-in-the-middle attacks.
Dynamic ARP inspection ensures that only valid ARP requests and responses are relayed.
The switch performs these activities:
*

Intercepts all ARP requests and responses on untrusted ports

*
Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate

destination
*
Drops invalid ARP packets
Unicast RPF: The Unicast RPF feature reduces problems that are caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of Denial-of-Service (DoS) attacks, including Smurf and Tribal Flood
Network (TFN) attacks, can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. Unicast RPF deflects attacks by forwarding only the packets that have source addresses that are valid and consistent with the IP routing table.
When you enable Unicast RPF on an interface, the device examines all ingress packets received on that interface to ensure that the source address and source interface appear in the routing table and match the interface on which the packet was received. This examination of source addresses relies on the Forwarding Information Base (FIB).
Traffic Storm Control: A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. You can use the traffic storm control feature to prevent disruptions on Layer 2 ports by a broadcast, multicast, or unicast traffic storm on physical interfaces.
Traffic storm control (also called traffic suppression) allows you to monitor the levels of the incoming broadcast, multicast, and unicast traffic over a 1-second interval. During this interval, the traffic level, which is a percentage of the total available bandwidth of the port, is compared with the traffic storm control level that you configured. When the ingress traffic reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the interval ends.

出題：9

Which two statements about SAN zoning on Cisco Nexus switches are true? (Choose two.)

A. Only one zone set can be activated at any time.

B. Zone configuration changes are nondisruptive.

C. Zoning is enforced by examining the destination ID field.

D. Zoning must be administered from the primary SAN switch in the fabric.

E. Devices can only belong to one zone.

F. A zone can only be a member one zone set.

正解：A,B 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

出題：10

After enabling strong, reversible 128-bit Advanced Encryption Standard password type-6 encryption on a Cisco Nexus 7000, which command would convert existing plain or weakly encrypted passwords to type-6 encrypted passwords?

A. switch(config)# feature password encryption aes

B. switch# encryption decrypt type6

C. switch# encryption re-encrypt obfuscated

D. switch# key config-key ascii

正解：C 解答を投票する

解説: (GoShiken メンバーにのみ表示されます)

642-997試験無料問題集「Cisco Implementing Cisco Data Center Unified Fabric (DCUFI) 認定」