Exam Title

: Nortel 920-441 : NNCDE Contivity Security Exam

Version : R6.1

www.prepking.com

Prepking - King of Computer Certification Important Information, Please Read Carefully

Other Prepking products A) Offline Testing engine Use the offline Testing engine product to practice the questions in an exam environment. B) Study Guide (not available for all exams) Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is updated. Free updates are available for 90 days after the purchase. You should check your member zone at Prepking and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.Prepking.com 2.Click on Member zone/Log in (right side) 3. Then click My Account 4.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@Prepking.com. You should include the following: Exam number, version, page number, question number, and your login ID. Our experts will answer your mail promptly. Copyright Each PDF file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular PDF file is being distributed by you, Prepking reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@Prepking.com..

www.prepking.com

 1. A customer is concerned about limiting factors of the Contivity firewall. What should the customer consider as the primary limiting factor of the Contivity firewall? A. number of firewall rules B. number of firewall session C. maximum sustainable aggregate throughput D. the amount of system memory related to the firewall Answer: C

2. A customer wants to optimize their firewall performance using firewall rule sets. How can the customer achieve this objective? A. Firewall rules sets should be based on protocol usage. B. There is no way to optimize firewall performance using rule sets. C. Firewall rules should be placed such that the highest utilized rules are seen later in the rule set so to limit the number of rules the firewall needs to compare to pass the traffic. D. Firewall rules should be placed such that the highest utilized rules are seen early in the rule set so to limit the number of rules the firewall needs to compare to pass the traffic. Answer: D

3. A designer has recommended that rule sets on a firewall be limited to 30 rules. What rationale did the designer use to make this recommendation? A. performance concerns B. Contivity can't handle more rules C. simplicity of rules to prevent rule conflicts D. the lack of training of most Firewall Administrators Answer: C

4. Which security method does Firewall User Authentication use during the authentication process? A. IKE B. IPSec C. HTTPS
www.prepking.com

 D. Digital Certificates Answer: C 5. A designer has designed a firewall system with a DMZ. What are two types of traffic that should not be normally allowed? (Choose two.) A. traffic initiated from the DMZ B. traffic from the Internet to the DMZ C. traffic from internal users to the DMZ D. traffic from internal services to the DMZ Answer: AC

6. Which statement best describes Perfect Forward Secrecy? A. ensures that the ISAKMP negotiations cannot be compromised by hackers B. ensures that during rekeying for IPSec that the keys are protected during the exchange C. ensures that keying materials will always be strong enough to protect data confidentiality D. ensures that one key being compromised cannot result in the compromise of subsequent keys Answer: D

7. A customer wants to optimize their firewall performance using firewall rule sets. How can the customer achieve this objective? A. Firewall rules sets should be based on protocol usage. B. There is no way to optimize firewall performance using rule sets. C. Firewall rules should be placed such that the highest utilized rules are seen later in the rule set so to limit the number of rules the firewall needs to compare to pass the traffic. D. Firewall rules should be placed such that the highest utilized rules are seen early in the rule set so to limit the number of rules the firewall needs to compare to pass the traffic. Answer: D

8. Your company has initiated a VoIP solution that utilizes IPSec tunnels to protect certain confidential phone connections. The system has implemented QoS on all of its interfaces utilizing DiffServ. Recent communications have shown poor VoIP performance during maximum traffic load times relating solely to
www.prepking.com

 the IPSec protected traffic. Which IPSec related functionality is likely related to the problem? A. ISAKMP B. 3DES encryption C. Anti-Replay protection D. Perfect Forward Secrecy Answer: C

9. Your company has recently added a large acquisition to your network infrastructure that includes a large number of Remote Access users. Some sections of this group have shown suspicious use on the VPN connections that you wish to curtail. At what level can the Contivity Firewall apply filters or stateful firewall rules to secure these connections? A. individual User B. group of users C. all users uniformly D. only applies to branch office tunnels Answer: B

10. A designer is considering utilizing the Contivity Stateful Firewall feature. What effects can be expected if logging is utilized for large volume traffic? A. Logging will improve system performance. B. Logging will affect the system only if using syslog. C. Significant logging will have no affect on the system. D. Significant logging will cause performance degradation of the system. Answer: D

11. Your company is partnered with a service company with multiple small locations. ? Their present security policy does not allow for the use of the Contivity client for remote access. ? Their internal solution for remote access is to utilize the Windows 2000 server native L2TP client to make remote connections in the default configuration. ? Your local security policy will require that data transferred must be encrypted using IPSec. Which infrastructure will your network require in order to support the partner company's
www.prepking.com

 connections? A. SecurID B. External LDAP C. Digital Certificate Service D. Hardware tokens with RADIUS Answer: C

12. A customer has Contivity clients behind a firewall. Which protocols would the customer need to allow through the firewall for the connection to a remote Contivity? (Choose two.) A. Protocol 47 [GRE] B. Protocol 50 [ESP] and 51 [AH] C. Protocol 17 [UDP] and UDP port 500 [source and destination] D. Protocol 6 [TCP] Source port >1023 and Destination port 1723 E. Protocol 17 [UDP] Source port >1023 and Destination port 1701 Answer: BC

13. A designer has recommended that rule sets on a firewall be limited to 30 rules. What rationale did the designer use to make this recommendation? A. performance concerns B. Contivity can't handle more rules C. simplicity of rules to prevent rule conflicts D. the lack of training of most Firewall Administrators Answer: C

14. A customer is considering terminating Contivity VPN traffic behind a third party firewall. Which situations would make Contivity VPN traffic unsuitable for terminating behind a third party firewall? (Choose two.) A. Additional firewall protection will improve performance and security. B. Additional traffic through the firewall will be improperly routed to the Contivity. C. Additional firewall configurations to allow VPN traffic through the firewall without providing any additional security.
www.prepking.com

 D. The additional traffic overhead of both the firewall and the VPN device lowers bandwidth and increases traffic latency. Answer: CD

15. A customer is considering using the IP Sec Contivity VPN Client Monitor for network statistics related to the users PC. They are concerned about statistical updates. Which statement is true about statistical updates? A. For IPSec connection performance, statistic counters are updated once a second. B. For IPSec connection performance, statistic counters are updated every 2 seconds. C. For IPSec connection performance, statistic counters are updated every 5 seconds. D. For IPSec connection performance, statistic counters are updated every 3 seconds. Answer: A 16. A designer has implemented a Contivity Network consisting of Windows 95 users using a Windows 95 native client. The users are experiencing disconnect problems after the data transfer state. What did the designer fail to take into consideration? A. The Microsoft Auto Disconnect feature is disabled. B. The Microsoft Auto Dialer feature does not recognize data activity unless it passes through NetScape. C. The Microsoft Auto Disconnect feature does not recognize data activity unless it passes through NetScape. D. The Microsoft Auto Disconnect feature does not recognize data activity unless it passes through Internet Explorer. Answer: D

17. A customer is experiencing performance problems on the Contivity router. They are having OSPF routing issues running a recent software release. Which scaling consideration should initially be considered to resolve the problem? A. Implement route policies B. downgrade to a software release C. upgrade to a higher software release D. calculate the overall memory requirement for the Contivity
www.prepking.com

 Answer: D

18. A service provider needs to provide managed VPN service to an automobile manufacturing company. This customer has seven regional offices and around 1,000 sales offices. The seven regional offices have high-speed connections over fiber optics. The internet access connections of these 1000 sales offices range from DSL to modem Dialup connections. Which routing protocol will provide the best solution for this network scenario? A. Static Routing over BO tunnels B. Dynamic Routing (OSPF) of BO tunnels C. Static Routing with static failover for the 7 regional office D. OSPF for 7 regional offices and static routing with static failover for the branch office Answer: D

19. An engineer needs to design an IPSec VPN over a DSL network. A remote Contivity connecting to the Central Office will need to establish a branch office tunnel. The IP addresses on the remote branch offices are dynamically allocated. A. DHCP B. PPPoE C. L2TP Branch Office Tunnel D. Asymmetric Branch Office Tunnel Answer: D Which feature on the Contivity addresses this issue?

20. A customer wants to provide remote access services to 1,000 simultaneous users with the use of client load balancing. Which solution will provide the most cost effective client load balancing? A. two co-located Contivity 2700s with Contivity VPN Client B. two co-located Contivity 1700s with Contivity VPN Client C. three co-located Contivity 600s with Contivity VPN Client D. two co-located Contivity 1700s with Microsoft PPTP client E. two co-located Contivity 2700s with Microsoft PPTP Client Answer: B
www.prepking.com

21. A designer is tasked to evaluate a customer's existing Contivity network. The designer is concerned about Link State Database(LSDB) stability. The network consists of the following: ? peer-to-peer connections ? 150 OSPF Tunnels ? hub and spoke ? static tunnels Which statement is true in regards to assuring LSDB stability in this scenario? A. OSPF tunnels should be designed with symmetric link metrics on static tunnels. B. OSPF tunnels should be designed with asymmetric link metrics on static tunnels. C. OSPF tunnels should be designed with symmetric link metrics on dynamic tunnels. D. OSPF tunnels should be designed with asymmetric link metrics on dynamic tunnels. Answer: A

22. A customer is concerned about convergence time in their OSPF network. Their network consists of the following: ? Peer-to-Peer connections ? 150 OSPF Tunnels ? hub and spoke ? Contivity 4600 What should the customer do to improve convergence time? A. limit the OSPF tunnels to 100 B. limit the OSPF tunnels to 120 C. limit the OSPF tunnels to 110 D. limit the OSPF tunnels to 115 Answer: A

23. A customer is concerned about the level convergence time on their RIP network. Their network consists of the following: ? Peer-to-Peer connections ? 500 RIP Tunnels ? hub and spoke ? Contivity 4600 What should the customer do to improve convergence time? A. limit the RIP tunnels to 200 B. limit the OSPF tunnels to 120 C. limit the OSPF tunnels to 110 D. limit the OSPF tunnels to 115 Answer: A

24. A Contivity network is using the Alteon Web switch for large scale client load balancing. What is the
www.prepking.com

 maximum number of tunnels that the Alteon load balancing solution supports? A. 100,000 B. 150,000 C. 200,000 D. 250,000 E. 300,000 Answer: D

25. A designer is planning to implement redundant links for a customer. Which scaling factors should the designer consider? (Choose two.) A. recovery will not be impacted B. redundancy can cause router performance problems C. redundancy can cause the convergence time to increase D. redundancy can cause the convergence time to decrease Answer: BC

26. A stock exchange is planning to provide secure access to 1000 financial institutions as well as stockbrokers. The stock market is open for set time periods only. Which kind of Branch Office tunnel can help the stockbrokers to process their transaction at all times? A. PPTP BO B. Static BO with backup Tunnel C. Nail-up BO with Backup tunnel D. Asymmetric Branch Office Tunnel Answer: C

27. A designer is implementing a large SOHO Contivity network consisting of the following: ? A variety of broadband services will be used for connectivity ? IP SEC Traffic ? Users will be mixed between remote access services and having a local gateway Which IP addressing scheme will be needed for the SOHO Contivity devices? A. static IP Addresses on the Private Interface only
www.prepking.com

100% Pass Guaranteed or Full Refund Word to Word Real Exam Questions from Real Test Buy full version of exam from this link below http://www.prepking.com/920-441.htm