HP HP0-Y40 Dumps
Exam: Network Infrastructure Security
HP HP0-Y40 Exam Tutorial
Question No : 1
You are the network administrator for an organization with a security policy that limits
network access to specific computers. Which restriction can you specify if you enable Port
Security on an HP E5400 zl switch?
A. single specific permitted MAC address per port
B. single permitted user name and password pair per port
C. list of permitted MAC addresses per switch
D. enable MAC Lockdown for each computer and port combination
E. list of permitted user names and password pairs per switch
Question No : 2
Which Port Security learn mode on the HP E5400 zl is used in conjunction with 802.1X to
temporarily learn a MAC address of an 802.1X authenticated session?
Question No : 3
An administrator of an HP E5400 zl switch must implement an ACL to block telnet and
SNMP traffic, but permit all other traffic. Which statements about ACLs are true? (Select
A. Criteria may include Layer 3 and Layer 4 identifiers.
B. Each ACL includes the hidden allow any Access Control Entry.
C. It may be assigned to a physical port, a static trunk, or a VLAN interface.
D. ACLs may be written to include Layer 2 through 7 attributes.
E. Port Security must be enabled.
Question No : 4
An administrator of the HP E5400 zl switch wants the DHCP Snooping binding database to
survive switch reboots. Which method can be used to accomplish this?
A. The binding database is saved on the switch's flash.
B. It is not possible to save the binding database across reboots.
C. The switch is configured to store the database to a TFTP server.
D. The switch is configured to store the database to an FTP server.
Question No : 5
Which Port Security learn mode on an HP E5400 zl allows a MAC address to be
dynamically learned as a device connects to a port?
Question No : 6
What is one security challenge that is specifically addressed by dynamically refreshing
A. Users forget their passwords and forget how to connect.
B. Hackers are more likely to crack a key when they have many frames encrypted with that key.
C. Asymmetric keys, which are more secure than symmetric keys, must be distributed dynamically.
D. Static encryptions keys can protect data's privacy, but not its integrity.
Question No : 7
What are the minimum configuration steps you must take to implement the HP E5400 zl
switch's DHCP Snooping feature on a switch? (Select three.)
A. Enable it globally.
B. Define trusted ports.
C. Specify option 82 parameters.
D. Activate it on one or more VLANs.
E. Identify the DHCP server's IP address.
F. Enable ARP Protection.
G. Configure a DHCP relay.
Question No : 8
What is one purpose of defining IP-to-MAC address bindings on an HP E5400 zl switch
that has Dynamic ARP Protection enabled?
A. to specify clients connected to trusted ports
B. to identify devices that do not use DHCP, but have a static IP address assigned
C. to create a list of allowed DHCP clients
D. to provide security on those ports where different clients may connect over time
E. to create a list of clients that are permitted by Port Security when Dynamic ARP Protection is enabled
F. to specify clients connected to untrusted ports
G. to protect uplink ports that connect to other switches that do not support Dynamic ARP Protection
Question No : 9
Normally a switch will only forward network traffic based on the destination MAC address.
Occasionally it is desirable to have traffic copied and sent to an additional location. Which
sources can be specified for the HP E5400 zl switch Traffic Mirroring feature? (Select
A. network port
B. LLDP-MED identifier
C. console port
F. port group
Question No : 10
MAC Lockdown is a security feature supported on the HP E5400 zl Series switch. Which
statement is true about MAC Lockdown?
A. A MAC address can be locked down to one or more trunks.
B. It is enforced globally by configuring the feature on a core switch.
C. Once a port becomes locked down, the network administrator must disable and then re- enable the port to connect another device.
D. The device with a specified MAC address, which has been locked down, must access the network by passing through the assigned port andVLAN.
Question No : 11
A company help desk requests access to the web interface of various networking devices.
The network administrator decides to implement aA company? help desk requests access
to the web interface of various networking devices. The network administrator decides to
implement a secure web interface using SSL. Which step is necessary to complete this
task on an HP E5400 zl switch?
A. import the certificate authority certificateimport the certificate authority? certificate
B. configure RADIUS for user login
C. generate a self-signed certificate
D. enable SSH
Question No : 12
How does the HP E5400 zl switch Connection-rate Filtering feature operate?
A. When a source IP address generates a rate of connection requests to multiple destinations that exceeds a threshold, a configured action is applied.
B. When the number of TCP SYN requests sent to any one of the switch's management interfaces exceeds a configured limit, the source port is disabled.
C. When the aggregate flow of packets sent over a trunk or list of ports reaches a threshold, selected packets are dropped.
D. When an excessive number of source IP addresses attempt to create a Denial of Service attack on a given destination IP address, the source ports are throttled.
Question No : 13
You have an HP Networking Switch A5800 that has two configured VLANs. VLAN 100 has
an IP address range of 10.1.100.0/24 and is where the servers reside. VLAN 36 has an IP
address range of 10.1.36.0/24 and is where the network clients reside. You configure an
ACL with the following entries:
When you apply this ACL statically to ports in VLAN 36, what is the effect on the clients
located in VLAN 36?
A. They have no access because the ACL is misconfigured.
B. They cannot access anything in the 10.1.100.0 subnet because IP has not been specified in the ACL.
C. They are allowed only FTP, HTTPS, and SSH access to 10.1.100.10, but no access elsewhere.
D. They are allowed full access to everything in the 10.1.100.0 subnet.
Question No : 14
Why should the HP E5400 zl switch's BPDU Protection feature be enabled on a port?
A. to stop the port from receiving BPDUs
B. to send topology change when a port's link status changes
C. to configure the port as the root port in the Spanning Tree
D. to enable Spanning Tree on the port
Question No : 15
What is a benefit of the HP E5400 zl switch BPDU Filtering feature?
A. It allows you to permit or deny selected user traffic on individual Spanning Tree ports.
B. It is used to block a port when a BPDU is received.
C. It prevents a port from being part of a Spanning Tree topology that may otherwise cause a topology loop.
D. It controls Spanning Tree operation on selected ports that you do not want to participate in Spanning Tree communications.
Question No : 16
When using DHCP Snooping on an HP E5400 zl switch, which action can the switch
perform if a client sends a DHCP message with option 82 set?
A. It marks the source client as untrusted and forwards it to an untrusted DHCP server.
B. It replaces the field with the switch's IP address and the source port identifier.
C. The switch does not understand option 82 and drops the DHCP message.
D. It authenticates the DHCP message and forwards it if the client is attached to a trusted port.
E. It moves the client to a quarantine VLAN for further threat detection.
Question No : 17
What is one difference between TACACS+ and RADIUS?
A. TACACS+ supports authentication, authorization, and accounting.
B. RADIUS provides options for setting the level of access a user logging into a switch interface receives.
C. TACACS+ can be more stable because it uses a connection-based transport protocol.
D. RADIUS cannot be implemented with Extended Authentication Protocol.
Question No : 18
What is one purpose of a Certificate Authority (CA)?
A. to generate private keys for all entities for which it signs certificates
B. to participate in the Diffie-Hellman exchange with all entities within the certificate chain
C. to validate that the entity holding a certificate is who it claims to be in its subject name
D. to interface between an LDAP server and a RADIUS server
Question No : 19
An administrator of a network of A5800s has found evidence that an unauthorized device is
gaining access to the network. All the administrator knows about the device is its MAC
address. Assuming that the action she takes does not require special actions for guest
devices, what can she do to keep the device from connecting to the network?
A. Implement MAC authentication.
B. Lock out the MAC for the device, using the mac-address command.
C. Lock out the MAC for the device, and statically assign the device to the ull?interface using static-mac command.
D. Implement Port Security in the autoLearn mode.
Question No : 20
An administrator of a hotel wants to keep the guests of the hotel from communicating with
each other on the hotel network. The network uses HP 5400 zl switches. Which feature
restricts this communication without implementing additional VLANs?
A. Source Port Filters
B. Port Security
C. MAC Lockdown
D. DHCP Snooping
E. ARP Protection