Which action or configuration step should you take when implementing remote mirroring using the ProCurve Traffic Mirroring feature?
enabling jumbo frames
configuring a connection-rate filter
enabling SNMP message throttling
enabling the instrumentation monitor
Which type of information is displayed in the switch configuration file when the include-credentials command is enabled? (Select three.)
public keys of SSH clients
DHCP Snooping IP-to-MAC address binding database
shared secret used to communicate with a RADIUS server
SSL public/private key pair of the switch's Web authenticator
plaintext passwords of the operator and manager user accounts
SNMPv3 user name and authentication and privacy protocol settings
Which statements describing SSL operations on the ProCurve Switch 5400zl series are correct? (Select two.)
Common public and private keys can be used for SSH and SSL
Symmetric encryption algorithms supported include 3DES and DES. C. The switch's certificate can be viewed, but the SSL public key cannot.
With SSL enabled, if you attempt to access the switch using HTTP, the Web browser is automatically redirected.
If a self-signed certificate is used, a Web browser initiates a challenge to verify the identity of the signer of the certificate.
You have a ProCurve Switch 3500yl-48G which has two configured VLANs. VLAN 10 has an IP address range of 10.1.10.0/24 and is where the servers reside. VLAN 24 has
an IP address range of 10.1.24.0/24 and is where the network clients reside. You configure an ACL with these entries:
permit tcp 10.1.24.0 0.0.0.0 10.1.10.10 255.255.255.255 eq ftp permit tcp 10.1.24.0
10.1.10.10 255.255.255.255 eq http permit tcp 10.1.24.0 0.0.0.0 10.1.10.10
255.255.255.255 eq telnet
When you apply this ACL statically to ports in VLAN 24, what is the effect on the clients located in VLAN 24?
They would have no access at all because the ACL is misconfigured.
They could not access anything in the 10.1.10.0 subnet because IP has not been specified in the ACL
They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but no access anywhere else.
They would be allowed only FTP, HTTP, and telnet access to 10.1.10.10, but full access to everything else in the 10.1.10.0 subnet.
Which statements describing a dynamic port ACL are correct? (Select two.)
It can be implemented as either a standard or extended ACL
It filters switched IP traffic either inbound or outbound on a designated port.
It requires the use of 802.1X, Web, or MAC authentication services on the switch. D. It is useful where clients with differing access needs are likely to use the same port.
E. Configuration of the ACL is done on the switch and then read dynamically by a RADIUS server when a user connects.
A network administrator plans to use centralized authentication to control switch management access to all ProCurve switches through the console port. It is decided that the RADIUS server will be the primary authentication method and no secondary authentication method will be allowed. What will be the result of this proposed configuration?
The primary authentication method for operator-level access through the console port is the RADIUS server; if no RADIUS server is found, access is denied.
The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, access is denied.
This configuration is not allowed because the console port must allow the use of a user name from the local switch database in the event that the RADIUS server is not reachable.
The primary authentication method for manager-level access through the console port is the RADIUS server; if no RADIUS server is found, only operator-level access is granted.
MAC Lockdown has been configured to lock down a device on port A1 in VLAN 10. During a maintenance task, the device is accidentally connected to port B5 in VLAN 8. Which statement correctly describes the state of port B5?
The port is operational because it is not the port configured for MAC Lockdown.
The port is listed as enabled and up, but the device is prevented from transmitting into the network.
The port is listed as disabled and down and the device is prevented from transmitting into the network.
Because the MAC Lockdown feature is not configured on the second module, the device can successfully connect to the port.
The port is listed as throttled and will automatically be re-examined after a delay period. If the device is still connected it will be blocked.
What are the main components of the ProCurve ProActive Defense network security solution? (Select three.)
intrusion prevention system
antivirus andantispam integration
What are the minimum configuration steps required to implement the ProCurve DHCP Snooping feature on a switch? (Select three.)
Enable it globally.
Define trusted ports.
Specify option 82 parameters.
Activate it on one or more VI_ANs.
Identify the DHCP server's IP address.
Specify the server where the lease database is stored.
Specify the maximum number of IP addresses per subnet allowed to be assigned by a DHCP server.
When configuring SSH on a ProCurve switch, which user authentication methods can be specified? (Select four.)
local user name and password
A Network Resource Access Rule in ProCurve Identity Driven Manager is most similar to which object?
Access Policy Group
Access Control Entry
Remote Access Policy
Network Dial-in Restrictions
Authorized RADIUS Servers List
You have configured Open VLAN mode for the 802.1X authenticator ports in your company's network. After a client connects to a port and the user is successfully authenticated, the port's membership is changed to untagged in one of the following VLANs.
a Underlying VLAN configured for the port b VLAN from the user's RADIUS profile
c Authorized VLAN
What is the order of priority used to determine the VLAN?
What is a benefit of the ProCurve BPDU Protection feature?
It eliminates the need for a topology change when a port's link status changes.
It ignores received BPDUs and does not send its own BPDUs on designated ports.
It protects the active spanning-tree topology by preventing spoofed BPDUs from entering the spanning-tree domain.
It prevents a spanning-tree port from changing between various operational states during a broadcast storm or when a loop is detected.
You have configured a list of ports on a ProCurve switch for 802.1X port-access authentication. Which configuration step is required to complete the configuration?
Configure the authorized VLAN identifier.
Set the state of the ports to authorized for802.1X.
Use the start-eapol command to enable 802.1X operations.
Use theaaa port-access authenticator active command to activate the ports.