2017 July CCNP 642-997 Exam Dumps with PDF and VCE New Updated in www.Braindump2go.com  Today!
100% Real Exam Questions! 100% Exam Pass Guaranteed!

1.|2017 New CCNP 642-997 Exam Dumps (PDF & VCE) 137Q&As Download:
http://www.braindump2go.com/642-997.html

2.|2017 New CCNP 642-997 Exam Questions & Answers:
https://drive.google.com/drive/folders/0B75b5xYLjSSNTDVuYlJWQVZ3RkU?usp=sharing

 

QUESTION 11
By default it will take 10 seconds for authentication to fail due to an unresponsive RADIUS server before a Cisco Nexus series switch reverts to another RADIUS server or local authentication. What is one efficient way to improve the reaction time to a RADIUS server failure?

A.    Decrease the global RADIUS retransmission count to 1.
B.    Decrease the global RADIUS timeout interval to 5 seconds.
C.    Configure the RADIUS retransmission count and timeout interval per server, versus globally.
D.    Configure per server a test idle timer, along with a username and password.

Answer: D
Explanation:
You can monitor the availability of RADIUS servers. These parameters include the username and password to use for the server and an idle timer. The idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. You can configure this option to test servers periodically. The test idle timer specifies the interval during which a RADIUS server receives no requests before the Nexus 5000 Series switch sends out a test packet. The default idle timer value is 0 minutes. When the idle time interval is 0 minutes, the Nexus 5000 Series switch does not perform periodic RADIUS server monitoring.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sec_radius.html

QUESTION 12
Which statement about RADIUS configuration distribution using Cisco Fabric Services on a Cisco
Nexus 7000 Series Switch is true?

A.    Cisco Fabric Services does not distribute the RADIUS server group configuration or server and
global keys.
B.    Enabling Cisco Fabric Services causes the existing RADIUS configuration on your Cisco NX- OS
device to be immediately distributed.
C.    When the RADIUS configuration is being simultaneously changed on more than one device in a
Cisco Fabric Services region, the most recent changes will take precedence.
D.    Only the Cisco NX-OS device with the lowest IP address in the Cisco Fabric Services region can
lock the RADIUS configuration.

Answer: A
Explanation:
CFS does not distribute the RADIUS server group configuration or server and global keys.
The keys are unique to the Cisco NX-OS device and are not shared with other Cisco NX-OS devices.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/6_x/nx-os/security/configuration/guide/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x/b_Cisco_Nexus_7000_NX-OS_Security_Configuration_Guide__Release_6-x_chapter_0101.html

QUESTION 13
When a local RBAC user account has the same name as a remote user account on an AAA server, what happens when a user with that name logs into a Cisco Nexus switch?

A.    The user roles from the remote AAA user account are applied, not the configured local user roles.
B.    All the roles are merged (logical OR).
C.    The user roles from the local user account are applied, not the remote AAA user roles.
D.    Only the roles that are defined on both accounts are merged (logical AND).

Answer: C
Explanation:
If you have a user account configured on the local Cisco NX-OS device that has the same name as a remote user account on an AAA server, the Cisco NX-OS software applies the user roles for the local user account to the remote user, not the user roles configured on the AAA server.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_nx-os-cfg/sec_rbac.html

QUESTION 14
Which statement is true if password-strength checking is enabled?

A.    Short, easy-to-decipher passwords will be rejected.
B.    The strength of existing passwords will be checked.
C.    Special characters, such as the dollar sign ($) or the percent sign (%), will not be allowed.
D.    Passwords become case-sensitive.

Answer: A
Explanation:
If a password is trivial (such as a short, easy-to-decipher password), the cisco NX_OS software will reject your password configuration if password-strength checking is enabled. Be sure to configure a strong password. Passwords are case sensitive.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/7-x/security/configuration/guide/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x/b_Cisco_Nexus_9000_Series_NX-OS_Security_Configuration_Guide_7x_chapter_01000.pdf

QUESTION 15
Which statement about RBAC user roles on a Cisco Nexus switch is true?

A.    If you belong to multiple roles, you can execute only the commands that are permitted by both roles
(logical AND).
B.    Access to a command takes priority over being denied access to a command.
C.    The predefined roles can only be changed by the network administrator (superuser).
D.    The default SAN administrator role restricts configuration to Fibre Channel interfaces.
E.    On a Cisco Nexus 7000 Series Switch, roles are shared between VDCs.

Answer: B
Explanation:
If you belong to multiple roles, you can execute a combination of all the commands permitted by these roles. Access to a command takes priority over being denied access to a command. For example, suppose a user has RoleA, which denied access to the configuration commands. However, the users also have RoleB, which has access to the configuration commands. In this case, the users have access to the configuration commands.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli/C LIConfigurationGuide/sec_rbac.html

QUESTION 16
Which two statements about SAN zoning on Cisco Nexus switches are true? (Choose two.)

A.    Unlike configured zones, default zone information is not distributed to the other switches in the fabric.
B.    Traffic can either be permitted or denied among members of the default zone. This information is
not distributed to all switches. It must be configured in each switch.
C.    The settings for default zone configurations cannot be changed.
D.    To activate a zone set, you must copy the running configuration to the startup configuration after
the zone set is configured.
E.    Soft zoning restrictions will not prevent a source device from accessing a device outside its zone,
if the source knows the Fibre Channel ID of the destination.
F.    Hard zoning is enforced by the hardware on each FLOGI sent by an N Port.

Answer: BE
Explanation:
Each member of a fabric (in effect a device attached to an Nx port) can belong to any zone. If a member is not part of any active zone, it is considered to be part of the default zone. Therefore, if no zone set is active in the fabric, all devices are considered to be in the default zone. Even though a member can belong to multiple zones, a member that is part of the default zone cannot be part of any other zone. The switch determines whether a port is a member of the default zone when the attached port comes up. Unlike configured zones, default zone information is not distributed to the other switches in the fabric Traffic can either be permitted or denied among members of the default zone. This information is not distributed to all switches; it must be configured in each switch.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/configuration/guides/f abric/DCNM-SAN/fm_fabric/zone.html

QUESTION 17
Which two statements about SAN zoning on Cisco Nexus switches are true? (Choose two.)

A.    Zoning is enforced by examining the destination ID field.
B.    Devices can only belong to one zone.
C.    Only one zone set can be activated at any time.
D.    A zone can only be a member one zone set.
E.    Zoning must be administered from the primary SAN switch in the fabric.
F.    Zone configuration changes are nondisruptive.

Answer: CF
Explanation:
A zone set can be activated or deactivated as a single entity across all switches in the fabric. Only one zone set can be activated at any time. If zoning is not activated, all devices are members of the default zone. If zoning is activated, any device that is not in an active zone (a zone that is part of an active zone set) is a member of the default zone. Zoning can be administered from any switch in the fabric. When you activate a zone (from any switch), all switches in the fabric receive the active zone set. Additionally, full zone sets are distributed to all switches in the fabric, if this feature is enabled in the source switch.
http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/sw/san-os/quick/guide/qcg_zones.html

QUESTION 18
The Connectivity Management Processor monitors the active supervisor module on a Cisco Nexus 7000 switch and will reboot the device in the event of a lights-out management issue. However, which option includes features that provide similar benefits in the absence of the Connectivity Management Processor?

A.    high-availability functionality from features such as vPC and NSF
B.    traditional system connectivity models like SNMP, GUI, or SSH
C.    Cisco FabricPath
D.    VDC failover

Answer: A
Explanation:
vPC uses the vPC peer-keepalive link to run hello messages that are used to detect a dual-active scenario. A Gigabit Ethernet port can be used to carry the peer-keepalive messages. A dedicated VRF is recommended to isolate these control messages from common data packets. When an out-of-band network infrastructure is present, the management interfaces of the Cisco Nexus 7000 supervisor could be also used to carry keep-alive connectivity using the dedicated management VRF. When the vPC peer-link is no longer detected, a dual-active situation occurs, and the system disables all vPC port channel member on the “secondary” vPC peer (lower vPC role priority value). Also SVI interfaces associated to a vPC VLAN are suspended on the secondary switch. As a result, in this condition only the “primary” vPC peer actively forwards traffic on the vPC VLANs. Multiple peer-keepalive links can be used to increase resiliency of the dual-active detection mechanism.
Both the Cisco Catalyst 6500 and the Cisco Nexus 7000 offer a variety of high-availability features. Some of the primary features to highlight are In Service Software Upgrade (ISSU), Stateful Switchover (SSO), and Nonstop Forwarding (NSF). The operation and the behavior of these features are unique to the respective platform and can be independently executed without affecting the interoperability between the two platforms.
http://www.cisco.com/c/en/us/products/collateral/switches/catalyst-6500-series-switches/white_paper_c11_589890.html

QUESTION 19
Which Cisco Nexus feature is best managed with DCNM-SAN?

A.    VSS
B.    domain parameters
C.    virtual switches
D.    AAA

Answer: B
Explanation:
The Fibre Channel domain (fcdomain) feature performs principal switch selection, domain
ID distribution, FC ID allocation, and fabric reconfiguration functions as described in the
FC-SW-2 standards. The domains are configured on a per VSAN basis. If you do not
configure a domain ID, the local switch uses a random ID.
This section describes each fcdomain phase:
Principal switch selection – This phase guarantees the selection of a unique principal switch across the fabric.
Domain ID distribution – This phase guarantees each switch in the fabric obtains a unique domain ID.
FC ID allocation – This phase guarantees a unique FC ID assignment to each device attached to the corresponding switch in the fabric.
Fabric reconfiguration – This phase guarantees a resynchronization of all switches in the fabric to ensure they simultaneously restart a new principal switch selection phase.
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/configuration/guides/sysmgnt/DCNM-SAN/sysmgmt_dcnm/sysmgmt_overview.html#wp1051962

QUESTION 20
Which of the following Cisco Nexus features is best managed with DCNM-LAN?

A.    VSS
B.    Domain parameters
C.    Virtual switches
D.    AAA

Answer: C


!!!RECOMMEND!!!

1.|2017 New CCNP 642-997 Exam Dumps (PDF & VCE) 137Q&As Download:
http://www.braindump2go.com/642-997.html

2.|2017 New CCNP 642-997 Study Guide Video:
https://youtu.be/P-9rGHWsmU8