brocade.passguide.150-420.v2015-03-12.by.elvis - … · a brocade adx was configured with the...

Passguide 150-420 101q

Number: 150-420Passing Score: 800Time Limit: 120 minFile Version: 14.5

http://www.gratisexam.com/

150-420

Brocade Certified Layer 4-7 Professional 2010

Modified few questions, fixed few spelling mistakes and typos.

Exam A

QUESTION 1Given the command shown below, which statement is true? aaa authentication enable default radius local

A. Console access is authenticated using a RADIUS server.B. If a user is unknown to the RADIUS server, the local user account list is used.C. If the RADIUS server is unavailable, the local user account list is used.D. If an incorrect password is received by the RADIUS server, the local user account list is used.

Correct Answer: CSection: (none)Explanation

Explanation/Reference:Explanation:

QUESTION 2Your operations staff is complaining about entering their login credentials multiple times when accessing the Brocade ADX. What can be done to enable a user toenter a username and password only once?

A. Enter the aaa authentication enable default none command.B. Enter the enable super-user-password command.C. Enter the aaa authentication enable implicit-user command.D. Enter the aaa authentication login privilege-mode command.

Correct Answer: DSection: (none)Explanation


QUESTION 3When using ACLs to restrict access to management functions, which two statements are true? (Choose two.)

A. The ACLs must use deny statements.B. The ACL IDs must be different for each management access method.C. The ACLs must be standard ACLs.

D. The access group command only applies to telnet, SSH, and Web access.

Correct Answer: CDSection: (none)Explanation


QUESTION 4Your management server has IP address 10.10.100.10/24. The upstream router has an address of 10.10.10.10/24. Management communication to the BrocadeADX management port is not working. Which command must be added to the configuration shown in the exhibit to make this work?

A. ServerIronADX(config)# interface management 1ServerIronADX(config-if-mgmt-1)# ip route 0.0.0.0 0.0.0.0 10.10.10.10B. ServerIronADX(config)# ip route 10.10.100.10 255.255.255.0 interface management 1C. ServerIronADX(config)# ip route 0.0.0.0 0.0.0.0 interface management 1D. ServerIronADX(config)# interface management 1ServerIronADX(config-if-mgmt-1)# ip route 10.10.100.0 255.255.255.0 10.10.10.10



QUESTION 5When using the GUI on a Brocade ADX running router code, which two fields are available for configuration under the "IP address" tab? (Choose two.)

A. Management IPB. InterfaceC. IP AddressD. VLAN

Correct Answer: BCSection: (none)Explanation


QUESTION 6When using the GUI on a Brocade ADX running switch code, which three fields are available for configuration under the "IP address" tab? (Choose three.)


A. Management IPB. InterfaceC. Subnet MaskD. Default GatewayE. VLAN

Correct Answer: ACDSection: (none)Explanation


QUESTION 7Which three Health Check types can be configured using the Element HC tab from the Brocade ADX GUI? (Choose three.)

A. BooleanB. DNSC. SSLD. TCPE. UDP

Correct Answer: ADESection: (none)Explanation

Explanation/Reference:

Explanation:

QUESTION 8Given the exhibit from the Brocade ADX GUI,

which two tabs can be used to enable/disable a real server? (Choose two.)

A. AdvancedB. BasicC. PortD. Summary

Correct Answer: BDSection: (none)Explanation


QUESTION 9The Brocade ADX GUI is supported by which browser?

A. Internet ExplorerB. SafariC. LynxD. IronView



QUESTION 10The exhibit shows a step of which feature provided by the Brocade ADX GUI?

A. OverviewB. Traffic ManagementC. SecurityD. Layer 7 Switching



QUESTION 11A Brocade ADX was configured with the command shown below:ServerIron(config-rs-zip)# port http status-code 200 201 300 302

A Layer 7 Health Check is sent to the server by the Brocade ADX. The server returns a status code of 301.

Which statement is true?

A. The server will be marked as healthy and added to the load balancing rotation.B. The server will be marked as testing and a syslog entry will be created.C. The server will be marked as failed and not included in load balancing.D. The server will be ignored and its MAC entry will be aged out.

Correct Answer: ASection: (none)Explanation


QUESTION 12The Brocade ADX syslog shows that a customer's Web service is flapping. The administrator finds that the server in question is completing the TCP handshake butthe Web page is not returning status codes. Which feature can be added to the existing configuration to prevent this from occurring?

A. server sticky-ageB. server transparent-vipC. port http status_codeD. server no-fast-bringup



QUESTION 13In the exhibit, your customer has configured the Health Check for their internal Web site. This configuration is an example of which two Health Checks? (Choosetwo.)


A. scriptedB. well-knownC. BooleanD. Layer 7

Correct Answer: ADSection: (none)Explanation


QUESTION 14Two real servers are failing to respond to URL GET requests within the acceptable parameters defined. An investigation reveals that during peak hours the serversare not able to respond within the keepalive parameters specified on the Brocade ADX configuration for that HTTP application port. Which statement is correct?

A. The servers that are failing to respond will be excluded from further load balancing.B. All the connections to the servers failing to respond will be dropped and no further traffic will be sent to that server until the server passes Health Checks.C. Load balancing to all servers will continue to be distributed in agreement with the defined predictor.D. Traffic will be distributed in accordance with the connection table from the last known acceptable Health Check polling.



QUESTION 15You have configured a real server with HTTP Layer 7 Health Checks. The Web server returns a status-code 301. What will happen next on the Brocade ADX?

A. The port will be marked failed.B. The VIP will be marked down.C. The ADX will send a SYN-ACK.D. The real server is added to the rotation.



QUESTION 16Your developers have written a custom application that uses TCP over port 8080. The Brocade ADX is not passing the Health Checks to those real servers. Theclients can reach the servers directly and the application is functional. What would you do to resolve this?

A. You can only use well known ports on the VIP facing the clients.B. You need to configure no port 8080 translate on the real server.C. You need to specify alias ports under the virtual server.D. You need to specify TCP under the port profile.



QUESTION 17The customer has a server application port that relies on other ports to function properly. Which three features will allow you to associate the health of the masterport to multiple other application ports? (Choose three.)

A. BooleanB. track groupC. port status-code

D. track portE. VIP-group

Correct Answer: ABDSection: (none)Explanation


QUESTION 18The Brocade ADX is performing a UDP Health Check. The real server does not respond to the UDP query. What does this mean?

A. The UDP query was successful.B. The UDP query failed.C. The real server is unreachable.D. The real server failed.



QUESTION 19A Brocade ADX is performing a TCP Health Check.What does the Brocade ADX look for to determine that the port is alive?

A. A TCP ACK is received.B. A SYN ACK is received.C. A TCP Reset is received.D. A TCP SYN is received.

Correct Answer: BSection: (none)Explanation


Explanation:

QUESTION 20You have configured a real server with TCP port 7777. Which feature is required to enable periodic Layer 4 Health Checks?

A. periodic-arp-intervalB. keepaliveC. slow-startD. l4-bringup-interval



QUESTION 21Following a successful Layer 3 Health Check, the Brocade ADX performs a Layer 4 Health Check to an unknown UDP port on a real server. The ADX does notreceive any response. What is the current state according to show server real output?


A. ACTB. ENBC. FALD. TST



Explanation:

QUESTION 22You have configured the server shown below for DNS:

ADX1(config)#server remote r1 1.1.1.1ADX1(config-rs-r1)#port dns l4-check-only

Which two Health Checks will be performed to the real server? (Choose two.)

A. Layer 2B. Layer 3C. Layer 4D. Layer 7



QUESTION 23In the exhibit, which two virtual server configurations must be implemented to load balance all SSL and HTTP traffic to RS1? (Choose two.)

A. bind http RS1 180 real-port 443B. bind http RS1 httpC. bind ssl RS1 180 real-port 80D. bind http RS1 ssl RS1



QUESTION 24Your customer is complaining that inactive TCP sessions are not being cleared from the session table fast enough. The Brocade ADX is configured for defaultvalues.

Which port profile will resolve their problem?

A. server port 80tcptcp keepalive 0B. server port 80tcptcp 2C. server port 80tcptcp 0D. server port 80tcptcp keepalive disable



QUESTION 25Your customer would like the Brocade ADX to send a message to their external Syslog server when the ADX creates a session table entry. Which port profilewould you configure?

A. ServerIron(config)# server port 80ServerIron(config-port-80)# connection-log allB. ServerIron(config)# server port 80ServerIron(config-port-80)# connection-log syslog allC. ServerIron(config)# server port 80ServerIron(config-port-80)# log allD. ServerIron(config)# server port 80ServerIron(config-port-80)# syslog all



QUESTION 26In the exhibit, the command output from a pair of Brocade ADXs running Layer 3 firmware is shown. Which two statements are true? (Choose two.)

A. All traffic to 10.100.10.1 will go to Brocade ADX 1.B. All traffic to 10.100.10.2 will go to Brocade ADX 1.C. If Brocade ADX 1 fails, all traffic to 10.100.10.1 will go to Brocade ADX 2.D. If Brocade ADX 1 fails, all traffic to 10.100.10.2 will go to Brocade ADX 2.

Correct Answer: AC

Section: (none)Explanation


QUESTION 27During a recent network failure, a pair of Brocade ADXs configured in sym-active mode experienced a VRRP-E failover. After the failure, the active VRRP-E routerwas not the owner for all VIPs. Which statement is true?

A. Track ports were not configured on the VRIDs.B. The sym-priority value was not defined.C. All real servers were configured as remote servers.D. A VIP group was not defined.



QUESTION 28Users are accessing the servers through an upstream router to the 192.168.10.0/24 network. All users can access the VIPs but server administrators cannotmanage the individual real servers.


Referring to the exhibit, which two statements are true? (Choose two.)

A. Redistribute static is not configured under router ospf.B. Redistribute connected is not configured under router ospf.C. Interface ve 10 is not a part of OSPF area 0.D. An OSPF virtual link is not configured.



QUESTION 29Which three routing features are supported on the Brocade ADX? (Choose three.)

A. RIPB. OSPFC. EIGRPD. VRRP-EE. HSRP

Correct Answer: CDESection: (none)Explanation


QUESTION 30A client would like to implement the Brocade ADX into an OSPF environment. However, the client does not want OSPF packets to be seen by the real servers.What are two possible actions? (Choose two.)

A. Configure redistribute connected under router ospf.B. Configure ip ospf passive under the real server's interface.C. Configure ip ospf passive on all OSPF interfaces.D. Configure redistribute connected under the real server's interface.

Correct Answer: ABSection: (none)Explanation


QUESTION 31Referring to the exhibit, what is being configured?

A. server redirect to 10.10.10.201B. Layer 7 Health CheckC. real sever HTTP configurationD. route health injection



QUESTION 32You are configuring Route Health Injection and you do not configure ip-dont-advertise.What will happen in the network?

A. Advertisements of the network are not blocked, the switch will advertise a route to the network containing the Web site even if the Web site itself is unavailable.B. Advertisements of the network are blocked, the switch will not advertise a route to the network containing the Web site even if the Web site itself is available.C. Advertisements will not be blocked and the port will become flooded causing network performance to be degraded.D. Advertisements will be blocked and no Web sites will be advertised in the routing table.



QUESTION 33Referring to the exhibit, "vrid 10" is not responding.

What could cause this condition?

A. Only IPv4 addressing is allowed.B. Global unicast IPv6 address is not used.

C. You cannot mix IPv4 and IPv6 addressing.D. Link local unicast IPv6 address is not used.



QUESTION 34Referring to the exhibit, what will complete the configuration?

A. ServerIron(config)# server virtual vs2 300::faceServerIron(config-rs-vs2)# port httpServerIron(config-rs-vs2)# bind http rs3 http V41 httpB. ServerIron(config)# server virtual vs2 300::faceServerIron(config-rs-vs2)# port httpServerIron(config-rs-vs2)# bind http rs3 httpC. ServerIron(config)# server virtual vs2 31.31.31.250ServerIron(config-rs-vs2)# port httpServerIron(config-rs-vs2)# bind http rs3 http V41 httpD. ServerIron(config)# server virtual vs2 31.31.31.250ServerIron(config-rs-vs2)# port httpServerIron(config-rs-vs2)# bind http rs3 http



QUESTION 35Referring to the exhibit, you have configured VLAN 10 for rs1 and rs2. A client is making a request to the Web servers rs1 and rs2.

Which IP address would be in the source field of the frame that is sent back to the client from rs1?

A. 206.65.10.253B. 206.65.10.1C. 206.65.10.10D. 206.65.10.254



QUESTION 36Referring to the exhibit,

which VLAN configuration command is missing for the client to communicate with the load balanced servers rs1 and rs2?

A. int ve 10B. int e2/5C. int vip1 10.10.10.1/24D. int tagged e2/6 e2/7



QUESTION 37Servers are connected remotely to the Brocade ADX through two different routers, R1 and R2. Health Check probes are sent to R1 but responses are receivedfrom R2. Which two statements are true if you configure server use-learned-mac? (Choose two.)


A. Health Check probes will be sent to R1.B. Health Check probes will be sent to R2.C. Health Check will fail because responses are received from R2.D. Health Check will fail if responses are received alternating between R1 and R2.



QUESTION 38Your Brocade ADX is on the 10.10.10.0/24 subnet with interface 10.10.10.1. The real servers are on the 192.168.1.0/24 subnet. With DSR configured, whichscenario is true?

A. The traffic replying to the clients must traverse the Brocade ADX.B. The traffic replying to the clients responds directly bypassing the Brocade ADX.C. The traffic is dropped.D. The traffic is replied to the Brocade ADX based on source-nat.



QUESTION 39You have two real servers, both on different subnets than the Brocade ADX. Which two parameters are required to be configured on the Brocade ADX to ensurethat the return traffic from the real servers returns back through to the Brocade ADX? (Choose two.)

A. server source-IPB. alias portC. policy-based SLBD. source-NAT



QUESTION 40There are two real servers, rs1 and rs2, that are not directly attached to the Brocade ADX. rs1 is on the same subnet and VLAN as the Brocade ADX; rs2 is on adifferent subnet and VLAN.Both servers are to load balance HTTP traffic.

Referring to the exhibit, which configuration is correct to configure real servers rs1 and rs2?

A. AB. BC. CD. D



QUESTION 41Which statement is true about policy-based SLB?

A. Policy-based SLB can coexist with FWLB, NAT, and TCS.B. Policy-based SLB can coexist on the same VIP with CSW.C. Policy-based SLB is enabled globally on virtual servers.D. Policy-based SLB can be enabled on some VIPs while disabled on others.



QUESTION 42You have a Brocade ADX and you want to direct requests to a server group, based on the source IP address of the request. What would you configure on yourBrocade ADX to accomplish this?

A. Policy-Based CacheB. Policy-Based Content SwitchingC. Policy-Based Global Server Load BalancingD. Policy-Based Server Load Balancing



QUESTION 43A network manager has configured on a Brocade ADX the predictor to be dynamic weighted reverse. The real servers support SNMP version 2. Which two actionsmust be performed for this configuration to work? (Choose two.)

A. Configure the SNMP-request object ID (OID) globally.B. Configure the SNMP community string.C. Configure the SNMP request UDP port.D. Configure the SNMP-request object ID (OID) on the real servers.



QUESTION 44SLB is configured as shown in the exhibit.Which SLB method is used?

A. hash functionB. round-robinC. weightedD. least connections



QUESTION 45A network manager wants to balance the load on a pool of servers based on CPU utilization and memory consumption of these servers. Which two actions mustthe network manager perform? (Choose two.)


A. Configure the virtual server with a dynamic weighted predictor.B. Configure the virtual server with an enhanced weighted predictor.C. Configure the Brocade ADX to generate SNMP queries to the servers.D. Install INM to exchange MIB information between the Brocade ADX and the servers.

Correct Answer: ACSection: (none)Explanation


QUESTION 46The weights for rsA, rsB, and rsC are configured as shown in the exhibit. The configured server predictor is enhanced-weighted. Where are the first three requestssent?

A. The first request is sent to server rsA, the second request is sent to server rsB and the third request is sent to server rsC.B. The first request is sent to server rsC, the second request is sent to server rsB and the third request is sent to server rsA.C. All three requests will be sent to server rsA.D. All three requests will be sent to server rsC.



QUESTION 47Referring to the exhibit, the hot standby HA is not working correctly.

What is the problem with this configuration?

A. A loop has been created in the network due to cabling.B. Both Brocade ADXs have the same management IP address.C. Both Brocade ADXs have the same VIP address.D. There is no synchronization cable between the Brocade ADX pair.



QUESTION 48You have a sym-active SLB configuration with track groups. Your VRRP-E addresses failover following a link failure; however, the VIPs do not transition. Whichfeature will allow your VIPs to failover correctly?

A. vip-groupB. transparent-vipC. sym-activeD. vip-offset



QUESTION 49You have configured a hot standby SLB between a pair of Brocade ADXs. You are using SSL termination on the VIP to HTTP on the real servers. The SSLtermination and load balancing is working correctly; however, after testing a failover to the secondary unit, the SSL user sessions are required to log in again.

Why are the users being forced to re-authenticate?

A. The standby Brocade ADX does not have the SSL termination license installed.B. The session-sync command is missing from the configuration.C. Sym-active is not applied to the VIP.D. SSL sessions cannot be synchronized across Brocade ADXs.



QUESTION 50You have a pair of Brocade ADXs running Layer 3 code. You require stateful session failover in the event of a Brocade ADX device or link failure. Which two HAdesigns will meet your objective? (Choose two.)

A. symmetric SLB

B. hot standby SLBC. sym-active SLBD. global SLB



QUESTION 51What is required when deploying the Brocade ADX in an HA design?

A. one Brocade routerB. one Brocade switchC. redundant ASM modulesD. two Brocade ADXs



QUESTION 52You want all users accessing your Web site "www.brocade.com" to be redirected to "www.brocade.com/exchange" using SSL. Which command would implementthis change?

A. default redirect all all 443B. match "r1" rewrite response-header-replace "www.brocade.com" "/" 443C. match "r1" rewrite response-header-replace "www.brocade.com" "/exchange" 443D. default redirect "brocade.com" "/exchange" 443



QUESTION 53Your customer would like to replace all references to "www.foundrynet.com" with "www.brocade.com" on their Web site.

Referring to the exhibit, what is missing from the CWS configuration to accomplish this?

A. match "r21" rewrite response-header-rewrite "www.brocade.com" offset 0 length 4B. match "r21" rewrite response-body-replace "www.brocade.com" offset 0 length 18C. match "r21" rewrite response-header-replace "www.brocade.com" offset 0 length 18D. match "r21" rewrite response-body-rewrite "www.brocade.com" offset 0 length 4



QUESTION 54Your customer would like all data on Web pages containing the string "http://www.brocade.com/" to be rewritten with "https://www.brocade.com/". Which two CSWconfigurations would you implement? (Choose two.)


A. csw-rule r21 response-body pattern http://www.brocade.com/B. match "r11" rewrite response-header-replace "https://www.brocade.com/" offset 0 length 19C. csw-rule r11 response-header "Location" pattern "http://www.brocade.com"D. match "r21" rewrite response-body-replace "https://www.brocade.com/" offset 0 length 22

Correct Answer: ADSection: (none)

Explanation


QUESTION 55Your customer wants the virtual server on the Brocade ADX to insert a specific header on all responses to the clients. Which matching rule will accomplish thisrequest?

A. match r1 rewrite insert-header "WelcomeToBrocade"B. match r1 rewrite response-body-replace-header "WelcomeToBrocade"C. match r1 rewrite request-insert header "WelcomeToBrocade"D. match r1 rewrite response-insert header "WelcomeToBrocade"



QUESTION 56Referring to the exhibit, which two statements are true? (Choose two.)

A. If a CSW rule is matched, the Brocade ADX rewrites the HTTP request and forwards it to Web server 2 with server ID 1026 and IP address 1.1.1.2.B. If a CSW rule is matched, the ServerIron rewrites the HTTP request and forwards it to Web server 1 with server ID 1025 and IP address 1.1.1.1.C. If no CSW rule is matched, the ServerIron takes the default action, sending the HTTP request to Web server 2 with server ID 1026 and IP address 1.1.1.2.D. If no CSW rule is matched, the ServerIron takes the default action, sending the HTTP request to server 1 with server ID 1025 and IP address 1.1.1.1.



QUESTION 57A network administrator needs to configure cookie insertion with cookie switching in the Brocade ADX. Which three steps should be taken? (Choose three.)

A. Configure CSW rules and policy.B. Enable CSW rules and policy on the interface.C. Bind the CSW policy to a VIP.D. Bind the CSW policy to a real server.E. Enable CSW on the VIP.

Correct Answer: ACESection: (none)Explanation


QUESTION 58Which two statements are true about the Brocade ADX new advanced Layer 7 content switching features? (Choose two.)

A. URL switching and Layer 7 content switching simultaneously on the same virtual server can be enabled.B. Ability to make complex load-balancing decisions based on multiple HTTP headers or XML tags.C. Content-rewrite functions, including cookie and HTTP header insertion and deletion support.D. Layer 7 content switching load balancing is supported where both sticky connections and track groupfeatures are configured.



QUESTION 59Your customer's Web site is designed to send a client to a different Web page based on the client IP address using HTTP redirects. For compliance reasons, trafficnow needs to be encrypted but they do not want to make any modifications on the application.

After installing a Brocade ADX, which two tasks must be configured to accomplish the goal? (Choose two.)

A. Configure SSL termination.B. Configure SSL Proxy.C. Configure a CSW policy to rewrite the headers from HTTP to HTTPS.D. Configure the real server to listen on port 443.



QUESTION 60Which type of CSW persistence assigns cookies based on a method using a checksum type operation performed by the Brocade ADX?

A. cookie hashingB. cookie insertionC. sticky cookieD. rewrite cookie



QUESTION 61A Brocade ADX administrator decides to create the rule shown below:SLB(config-csw-p1)# default rewrite request-insert client-ip

What is the administrator trying to achieve?

A. A request is generated to rewrite the client-IP.B. The Brocade ADX issues the request-insert command to the HTTP controller.C. The client-IP header is inserted in the HTTP rewrite message.D. The client-IP is inserted in the HTTP request message.



Explanation:

QUESTION 62A customer wants to use content switching (CSW) to manage the application. What information must the customer configure in the CLI? (Choose three.)

A. Define the rules.B. Bind the policy to virtual server.C. Define the policy.D. Bind rules.E. Define real server.

Correct Answer: ABCSection: (none)Explanation


QUESTION 63Given an IP prefix, you want to give preference to a specific GSLB site Brocade ADX.Which feature will you use?


A. GSLB affinityB. GSLB administrative preferenceC. GSLB geo-prefixD. GSLB TTL



QUESTION 64Given the commands shown below:

gslb policydns active-onlydns cache-proxy

Which statement is true regarding DNS replies sent by the Brocade ADX to clients?

A. The replies will include only a single IP address that is healthy.B. The replies will include only healthy IP addresses.C. The replies will include all VIPs reported only from active site ADXs.D. The replies will include all VIPs reported from site ADXs.



QUESTION 65You are asked to configure the Brocade ADX to provide transparent redundancy between two physical data centers. Which feature must you enable to supportthis?

A. GSLBB. FWLBC. LLBD. SSL



QUESTION 66What is the result when the command shown below is implemented? ServerIron(config-gslb-policy)# metric-order set round-trip-time capacity num-sessionflashback

A. Round-trip-time, capacity, num-session, and flashback are excluded from GSLB policy evaluation.B. Flashback, capacity, num-session, and round-trip-time, are the only metrics evaluated in the stated order.C. Round-trip-time, capacity, num-session, flashback, and Health Check status are evaluated first, then the remaining metrics.D. Round-trip-time, capacity, num-session, and flashback are the only metrics evaluated in the stated order.



QUESTION 67What is the purpose of the SSL Alert protocol?

A. to set an SSL MIB trapB. to alert the user to an ongoing SSL hacking attemptC. to notify user of a protocol problemD. to alert the user that an SSL problem has been restored



QUESTION 68An administrator observes SSL information exchanged between the browser and the server and notices that the server sends its certificate to the browser. Whichpart of the SSL protocol exchange is taking place?

A. SSL handshake protocolB. SSL certificate protocolC. SSL record protocolD. SSL certificate exchange protocol



QUESTION 69What are the three fundamentals of SSL security? (Choose three.)

A. confidentialityB. prevention of DOS attacksC. authenticationD. prevention of dictionary attackE. integrity



QUESTION 70A hacker is listening on the line and picks up the public key of the server.What is the result?

A. The SSL session has now been compromised.B. The SSL connection is compromised and will drop.C. The SSL communication is still secure.D. The SSL will issue a fatal warning message.



QUESTION 71Referring to the exhibit, a client is accessing an SSL VIP terminated by a Brocade ADX and received an error.

Which statement is true?

A. No CA certificate was configured for the ADX.B. No certificate was configured for the VIP.C. A self-signed certificate was configured for the VIP.D. Only a CA certificate was configured for the VIP.



QUESTION 72

Referring to the exhibit, which three statements are true? (Choose three.)

A. A bind is configured between SSL on a virtual server and HTTP on a real server.B. A bind is configured between SSL on a real server and HTTP on a virtual server.C. ServerIron ADX is configured for SSL acceleration in SSL Termination mode.D. ServerIron ADX is configured for SSL acceleration in SSL Proxy mode.E. An SSL profile is specified on the SSL port of the virtual server.



QUESTION 73All addresses are being translated to only one outside address before reaching the Brocade ADX. You have configured Layer 4 SSL load balancing with sticky butall the traffic goes to only one server. What can be done to more evenly distribute the load to all the real servers?

A. Configure SSL termination mode.B. Change port sticky to port concurrent under SSL VIP.C. Configure cookie-based persistence for SSL.D. Configure SSL session ID switching.



QUESTION 74After configuring SSL termination, instead of getting better application response time you have degraded the performance. You have called Brocade Support andthe solution provided is shown in the exhibit.

After applying this configuration to the SSL profile, why does everything work?

A. The Brocade ADX was performing SSL acceleration in software instead of hardware.B. The TCP handshake was intermittently failing due to a faulty TCP stack.

C. The TCP sender buffers the data until it is acknowledged or until there is a full packet worth of data to send.D. The TCP checksum was failing and causing re-transmissions.



QUESTION 75A network administrator wants to perform SSL offload (acceleration) but the configuration is not working.


Referring to the exhibit, which two configuration changes are needed? (Choose two.)

A. Change to port ssl ssl-proxy clientprofile serverprofile under the VIP.B. Change the predictor to dynamic weighted under the VIP.C. Change the bind statement to bind ssl rs1 http rs2 http.D. Change the real server ports to port http.



QUESTION 76A customer has been performing Layer 7 load balancing HTTP traffic using a non-SSL Brocade ADX 1000. For compliance reasons, full encrypted connectivity isrequired from the client to the server using SSL. Which two actions must the customer perform to comply with the requirement? (Choose two.)

A. Replace the Brocade ADX 1000 with a Brocade ADX 4000.

B. Enable the Brocade ADX 1000 SSL offload feature with an SSL license.C. Configure the Brocade ADX for SSL Proxy mode configuration.D. Configure the Brocade ADX for SSL Termination mode configuration.



QUESTION 77Which two statements are true if the commands shown in the exhibit were executed on a Brocade ADX? (Choose two.)

A. A regular security filter rule has been configured.B. A generic security filter rule has been configured.C. A TCP packet with source-IP greater than 10.10.1.100 and TCP dest-port greater than 20 with string "400" at the third byte offset from l4-data will be dropped

and the action logged.D. A TCP packet with source-IP greater than 10.10.1.100 and TCP dest-port greater than 20 with string "400" at the third byte offset from l4-data will be dropped.



QUESTION 78Syn-proxy applies to which type of network traffic?

A. UDPB. TCPC. ARPD. ICMP



QUESTION 79The exhibit shows the payload of a worm that attacks Web servers.

Which embedded security feature can be used to match the payload and drop the offending packet?

A. IP ACLB. syn-proxyC. security filtersD. CSW string matching



QUESTION 80Given the command shown below:ServerIron# server prioritize-mgmt-traffic 1.1.1.0 255.255.255.0 200.1.1.1 6 22

What will happen when applying this command on the Brocade ADX?

A. It will prioritize Web management traffic destined for management IP address 200.1.1.1.B. It will prioritize any management traffic destined for real servers.C. It will prioritize secure shell management traffic destined for management IP address 200.1.1.1.D. It will prioritize traffic with destination TCP ports 6 to 22.



QUESTION 81A Web server is directly attached to interface 1 of the Brocade ADX. What are two results after performing this configuration? (Choose two.)

A. The violation condition is met if the client exceeds 80 TCP connections per minute.B. The violation condition is met if the client exceeds 80 HTTP transactions per second.C. If the client falls under the violation condition, it will be blocked permanently.D. If the client falls under the violation condition, it will be blocked for 10 minutes.



QUESTION 82Referring to the exhibit,

which two statements are true? (Choose two.)

A. Syn-defense protection is enabled.B. Syn-proxy protection is enabled.C. A special TCP sequence number will be used in the TCP SYN-ACK.D. The Brocade ADX will create security session entry when it receives a TCP SYN.

Correct Answer: BC



QUESTION 83You are performing routine housekeeping on your Brocade ADX by reviewing your current configuration. You have no Layer 7 Health Checks configured on yourBrocade ADX. Which command is safe to remove from the configuration?


A. port http stickyB. server no-fast-bringupC. source-natD. port http max-tcp-conn-rate 100



QUESTION 84Referring to the exhibit, what would happen if the gigRegister.html page is missing?

A. The port would be flapping.B. The Layer 4 and 7 Health Check would show as failed.C. Error "301 page cannot be found" would be detected on the Brocade ADX.D. The Layer 4 Health Check would show failed Layer 7 Health Check would show active.

Correct Answer: A



QUESTION 85A Brocade ADX is configured with a transparent VIP using a stateless port for DNS. What are two options for real server selection? (Choose two.)

A. weighted round-robinB. a hashing mechanismC. round-robinD. least-connection



QUESTION 86Given the configuration shown in the exhibit, how will the Brocade ADX handle requests for port DNS?

A. both TCP and UDP statefullB. both TCP and UDP statelessC. TCP statefull and UDP statelessD. TCP stateless and UDP statefull



QUESTION 87Given the network shown in the exhibit, all ADXs are configured with the same VIP. The VIP's IP address should not be owned by any of the ADXs. Internet usersmust be balanced over RS1, RS2, RS3, and RS4.

Which two statements are true? (Choose two.)

A. The VIP on each ADX is configured stateless.B. The VIP on each ADX is configured statefull.C. The VIP on each ADX is configured as a transparent VIP.D. The VIP on each ADX is not configured as a transparent VIP.



QUESTION 88Given the network shown in the exhibit, Internet users must be balanced over RS3 and RS4. Local users at ADX_1 must be balanced over RS1 and RS2.

How can you achieve this?

A. Configure transparent VIP on ADX_1.B. Configure transparent VIP on ADX_2.C. Configure DSR on ADX_1.D. Configure DSR on ADX_2.



Explanation:

QUESTION 89You inherit multiple Brocade ADXs that have been running for several months. You begin to troubleshoot an SSL issue using the packet capture utility. Whenattempting to specify a filter ID using the specify command it fails.Why does this happen?

A. The Brocade ADX is running switch code.B. You have not turned on debugging.C. You have exceeded the filter ID limit.D. The Brocade ADX is running router code.



QUESTION 90Given the command shown below:

ServerIronADX 1000(debug-filter-MP)#packet 128

What is the result?

A. The packet buffer size is set to 128 MB.B. The packet buffer size is set to 128 bytes.C. The packet length is set to 128 MB.D. The packet length is set to 128 bytes.



QUESTION 91What does the command shown below accomplish?

ServerIron(debug-filter-spec-1)# pattern 24 2 1203

A. Captures packets that contain a pattern of a specified length; starting from a specified offset from the beginning of the packet.B. Captures packets that contain a pattern of a specified field; and a specified length beginning of the packet.C. Captures packets that contain a pattern of a specified length;, starting from a specified offset from the end of the packet.D. Captures packets that contain a pattern of a specified field; and a specified length end of the packet.



QUESTION 92Your Brocade ADX has been working properly for months but suddenly Health Checks to a particular server fail. You verify that your configuration has not changedand that the server is up and running. You configure your Brocade ADX to capture HTTP traffic. You start your capture and let it run for fifteen seconds.

Which two commands would you use to view the contents of the capture? (Choose two.)

A. ServerIron (debug-filter-MP) # showB. ServerIron (debug-filter-MP) # tcp-dump <packet#>C. ServerIron (debug-filter-MP) # summaryD. ServerIron (debug-filter-MP) # ascii-dump <packet#>



QUESTION 93You have uploaded a valid SSL key and certificate to your Brocade ADX, created an SSL profile, created your real servers and virtual server; and correctly boundthe VIP, real servers, and SSL profile into an SSL Proxy configuration. When you browse to the VIP, you receive the error messagE. "the security certificatepresented by this Web site is not issued by a trusted certificate authority".

What would cause this error?

A. The certificate for the site has expired.B. No intermediate certificate was appended to the server certificate.C. The wrong real servers are bound to the VIP.D. The wrong cipher suite was configured for the SSL profile.



QUESTION 94You are configuring your Brocade ADX for SSL Termination. You cannot successfully bind your real servers to your VIP.

Referring to the exhibit, what is the correct configuration syntax to use for vip1?

A. ServerIronADX(config-vs-vip1)# port sslServerIronADX(config-vs-vip1)# port ssl ssl- terminate foo.comServerIronADX(config-vs-vip1)# bind http rs1 http rs2http

B. ServerIronADX(config-vs-vip1)# port httpServerIronADX(config-vs-vip1)# port http ssl- terminate foo.comServerIronADX(config-vs-vip1)# bind http rs1 http rs2http

C. ServerIronADX(config-vs-vip1)# port sslServerIronADX(config-vs-vip1)# port ssl ssl- terminate foo.comServerIronADX(config-vs-vip1)# bind ssl rs1 ssl rs2 sslD. ServerIronADX(config-vs-vip1)# port sslServerIronADX(config-vs-vip1)# port ssl ssl- terminate foo.comServerIronADX(config-vs-vip1)# bind ssl rs1 http rs2 http



QUESTION 95You have been running standard Layer 4 SLB for SSL sessions to two real servers. Each real server is running standard Microsoft IIS but they are at peak CPUutilization due to SSL overhead. You have determined that implementing SSL Acceleration on your Brocade ADXs will solve the CPU utilization. You export theexisting SSL certificates from IIS and change the extension from .pfs to .pem and upload them to the Brocade ADX. When you attempt to create an SSL profile,you get the error message "certificate does not exist".

What is needed to create the SSL profile?

A. Your file transfer was corrupted; upload the certificate using SCP again.B. Use a self-signed certificate instead of the certificate from the IIS server.C. Use OpenSSL to convert the IIS PFX certificate to PEM format before upload.D. When you implement SSL acceleration you need new certificates from your CA.



QUESTION 96You have uploaded a certificate and key for foo.com to your Brocade ADX to perform SSL offload. When you tried to bind the certificate to the SSL profile, it isrejected. To troubleshoot, you first scroll up in your terminal window to see the commands you entered for foo.com, then you examine your running-configuration.

Referring to the exhibit, what do you conclude?

A. The certificate for foo.com has expired.B. The key for foo.com has expired.C. The cipher suite configured for foo.com is wrong.D. The key and certificate do not match.



QUESTION 97On checking the Brocade ADX log the user finds the output shown below:

Jan 7 13:49:41 L4 server 10.33.24.38 njmpprodapp06 port 2262 is down due to MAC-delete

What could be the problem?

A. The IP address has been deleted by mistake.B. The real server was moved to a different port.

C. Port 2262 did not accept the MAC address.D. The port is configured with duplicate MACs.



QUESTION 98How many valid SLB sessions are shown in the exhibit?

A. 5B. 1C. 3D. 7



Explanation:

QUESTION 99When verifying the log, the user finds the output shown in the exhibit.

What would cause this output in the log?

A. Service is down due to port 80 being disabled.B. All real servers bound to port 80 are down at Layer 2.C. All real servers bound to port 80 are down at Layer 3.D. All virtual servers bound to port 80 are down.



QUESTION 100You are required to log client IP addresses on your Web servers. The Web servers are remote to the Brocade ADX so you have implemented source-nat on yourreal server configurations. You have created a CSW rule to perform client IP insertion header creation. However, you are still not seeing the original client IPaddresses in your Web server logs.

Referring to the exhibit, what is causing this?

A. default rewrite request-insert client-ip under the p1 CSW Policy is incorrect.B. Syslog has not been configured on the Brocade ADX.C. The default gateway for the server source-IP address is incorrect.D. The real servers are pulling the IP addresses from the IP packet header.



QUESTION 101Referring to the exhibit, four new servers are to be added to an existing VIP's HTTP application port. One of the servers fails to participate in load balancing.

Why is this happening?

A. R2 has been bound to both HTTP and 8080 ports.B. R3 has been bound to both HTTP and FTP ports.C. R1 has a real server description.D. R4 is remotely connected.




brocade.passguide.150-420.v2015-03-12.by.elvis - … · a brocade adx was configured with the...

Documents