Limited Time Discount Offer
30% Off - Ends in 02:00:00


HP HP0-Y40 Dumps

Network Infrastructure Security
Network Infrastructure Security

Questions & Answers for HP HP0-Y40

Showing 1-15 of 50 Questions

Question #1

You are the network administrator for an organization with a security policy that limits
network access to specific computers. Which restriction can you specify if you enable Port
Security on an HP E5400 zl switch?

A. single specific permitted MAC address per port

B. single permitted user name and password pair per port

C. list of permitted MAC addresses per switch

D. enable MAC Lockdown for each computer and port combination

E. list of permitted user names and password pairs per switch

Question #2

Which Port Security learn mode on the HP E5400 zl is used in conjunction with 802.1X to
temporarily learn a MAC address of an 802.1X authenticated session?

A. dynamic

B. configured

C. continuous

D. port-access

E. limited-continuous


Question #3

An administrator of an HP E5400 zl switch must implement an ACL to block telnet and
SNMP traffic, but permit all other traffic. Which statements about ACLs are true? (Select

A. Criteria may include Layer 3 and Layer 4 identifiers.

B. Each ACL includes the hidden allow any Access Control Entry.

C. It may be assigned to a physical port, a static trunk, or a VLAN interface.

D. ACLs may be written to include Layer 2 through 7 attributes.

E. Port Security must be enabled.

Question #4

An administrator of the HP E5400 zl switch wants the DHCP Snooping binding database to
survive switch reboots. Which method can be used to accomplish this?

A. The binding database is saved on the switch's flash.

B. It is not possible to save the binding database across reboots.

C. The switch is configured to store the database to a TFTP server.

D. The switch is configured to store the database to an FTP server.

Question #5

Which Port Security learn mode on an HP E5400 zl allows a MAC address to be
dynamically learned as a device connects to a port?

A. static

B. configured

C. continuous

D. port-access

E. dynamic


Question #6

What is one security challenge that is specifically addressed by dynamically refreshing
encryption keys?

A. Users forget their passwords and forget how to connect.

B. Hackers are more likely to crack a key when they have many frames encrypted with that key.

C. Asymmetric keys, which are more secure than symmetric keys, must be distributed dynamically.

D. Static encryptions keys can protect data's privacy, but not its integrity.

Question #7

What are the minimum configuration steps you must take to implement the HP E5400 zl
switch's DHCP Snooping feature on a switch? (Select three.)

A. Enable it globally.

B. Define trusted ports.

C. Specify option 82 parameters.

D. Activate it on one or more VLANs.

E. Identify the DHCP server's IP address.

F. Enable ARP Protection.

G. Configure a DHCP relay.

Question #8

What is one purpose of defining IP-to-MAC address bindings on an HP E5400 zl switch
that has Dynamic ARP Protection enabled?

A. to specify clients connected to trusted ports

B. to identify devices that do not use DHCP, but have a static IP address assigned

C. to create a list of allowed DHCP clients

D. to provide security on those ports where different clients may connect over time

E. to create a list of clients that are permitted by Port Security when Dynamic ARP Protection is enabled

F. to specify clients connected to untrusted ports

G. to protect uplink ports that connect to other switches that do not support Dynamic ARP Protection

Question #9

Normally a switch will only forward network traffic based on the destination MAC address.
Occasionally it is desirable to have traffic copied and sent to an additional location. Which
sources can be specified for the HP E5400 zl switch Traffic Mirroring feature? (Select

A. network port

B. LLDP-MED identifier

C. console port


E. trunk

F. port group

Question #10

MAC Lockdown is a security feature supported on the HP E5400 zl Series switch. Which
statement is true about MAC Lockdown?

A. A MAC address can be locked down to one or more trunks.

B. It is enforced globally by configuring the feature on a core switch.

C. Once a port becomes locked down, the network administrator must disable and then re- enable the port to connect another device.

D. The device with a specified MAC address, which has been locked down, must access the network by passing through the assigned port andVLAN.

Question #11

A company help desk requests access to the web interface of various networking devices.
The network administrator decides to implement aA company? help desk requests access
to the web interface of various networking devices. The network administrator decides to
implement a secure web interface using SSL. Which step is necessary to complete this
task on an HP E5400 zl switch?

A. import the certificate authority certificateimport the certificate authority? certificate

B. configure RADIUS for user login

C. generate a self-signed certificate

D. enable SSH

Question #12

How does the HP E5400 zl switch Connection-rate Filtering feature operate?

A. When a source IP address generates a rate of connection requests to multiple destinations that exceeds a threshold, a configured action is applied.

B. When the number of TCP SYN requests sent to any one of the switch's management interfaces exceeds a configured limit, the source port is disabled.

C. When the aggregate flow of packets sent over a trunk or list of ports reaches a threshold, selected packets are dropped.

D. When an excessive number of source IP addresses attempt to create a Denial of Service attack on a given destination IP address, the source ports are throttled.

Question #13

You have an HP Networking Switch A5800 that has two configured VLANs. VLAN 100 has
an IP address range of and is where the servers reside. VLAN 36 has an IP
address range of and is where the network clients reside. You configure an
ACL with the following entries:

When you apply this ACL statically to ports in VLAN 36, what is the effect on the clients
located in VLAN 36?

A. They have no access because the ACL is misconfigured.

B. They cannot access anything in the subnet because IP has not been specified in the ACL.

C. They are allowed only FTP, HTTPS, and SSH access to, but no access elsewhere.

D. They are allowed full access to everything in the subnet.

Question #14

Why should the HP E5400 zl switch's BPDU Protection feature be enabled on a port?

A. to stop the port from receiving BPDUs

B. to send topology change when a port's link status changes

C. to configure the port as the root port in the Spanning Tree

D. to enable Spanning Tree on the port

Question #15

What is a benefit of the HP E5400 zl switch BPDU Filtering feature?

A. It allows you to permit or deny selected user traffic on individual Spanning Tree ports.

B. It is used to block a port when a BPDU is received.

C. It prevents a port from being part of a Spanning Tree topology that may otherwise cause a topology loop.

D. It controls Spanning Tree operation on selected ports that you do not want to participate in Spanning Tree communications.