Riverbed 299-01 Riverbed Certified Solutions Professional - Network Performance Management Exam Practice Test

192.168.1.120 is not in the 192.168.1.0/25 subnet

192.168.1.120 has been input as a trusted host in a security policy

Traffic to 192.168.1.120 was not picked up by a Sensor

Traffic to 192.168.1.120 was not picked up by a Gateway

192.168.1.120 never sent any traffic

sourceIP, destIP, protocol, sourcePort, destPort, QoS

sourceIP, destIP, protocol, destPort

sourceIP, destIP, protocol, sourcePort, destPort

destIP, protocol, destPort

sourceIP, destIP, protocol

Ability to identify Scanners and Worm Propagations.

Ability to provide information for a firewall rule when a user defined policy is violated.

Ability to alert on security policy (e.g. an insecure policies, such as FTP, is in use).

Ability to identify Worms by name.

Cascade Shark

Router

Layer 3 switch

Steelhead appliance

Cascade Sensor

Inter VLAN101 traffic will be monitored; Intra VLAN101 traffic will not.

Intra VLAN101 traffic will be monitored; Inter VLAN101 traffic will not.

Both inter and intra VLAN101 traffic will be monitored.

It is a best practice to configure the Cascade Shark monitoring port (the SPAN destination) with 'deduplication' enabled.

It is a best practice to configure the Cascade Shark monitoring port (the SPAN destination) without 'deduplication' enabled.

Cache the most recent 500 IPs.

Obey DNS TTLs.

Cascade does not cache DNS responses.

For 24 hours.

If the Layer 4 mapping override policy is not "Unknown/Unclassified", the Layer 4 mapping applies to flows not passing a Sensor or other application fingerprinting device as well as to flows not matching any defined Layer 7 fingerprint

If the Layer 4 mapping override policy is "Always", then the Layer 7 fingerprint will never be used for flows matching both criteria

If the Layer 4 mapping override policy is "Unclassified", the Layer 4 mapping only applies to flows not passing a Sensor or other application fingerprinting device

If the Layer 4 mapping override policy is "Unknown/Unclassified", the Layer 4 mapping applies to flows not passing a Sensor or other application fingerprinting device as well as to flows not matching any defined Layer 7 fingerprint

Care must be taken when defining reports and policies to reflect overlapping definitions and the Layer 4 override policy

The traffic Expression "app L7_fingerprint or app L4_mapping" will catch all traffic flows for the application data in a report

Cascade Gateway's poll via SNMP sources of Netflow, while Cascade Profiler, Cascade Gateway and Cascade Sensor sync NTP from a common source.

Cascade Profiler's poll via SNMP sources of Netflow, while Cascade Profiler, Cascade Gateway and Cascade Sensor sync NTP from a common source.

Cascade Profiler, Cascade Gateway and Cascade Sensor sync NTP from different sources, while Cascade Profiler's poll via SNMP sources of Netflow.

Cascade Profiler, Cascade Gateway and Cascade Sensor sync NTP from different sources, while Cascade Gateway's poll via SNMP sources of Netflow.

Cascade Profiler does all SNMP polling and is also the source of all NTP.

Allows enabling/disabling the detection of dips in the metric.

Allows tuning of the tolerance range of the metric.

Allows setting of a noise floor for the metric.

Allows adjusting the notifications for the metric.

Allows enabling/disabling the detection of spikes in the metric.

Edit each Service policy to increase the Tolerance slider for Low and High alerts.

Edit each Service policy and set a noise floor to specify the minimum amount of change that the policy can treat as deviation from normal behavior.

Edit the Service and select fewer metrics to monitor for each segment that comprises the Service.

Modify the location host group type used for monitoring end user traffic to use fewer groups (for example, Region instead of Site).

A, B, C, and D.

A and B only.

Network Round Trip measurement

Packet logging

Server Delay measurement

Connection Throughput measurement

Retransmission measurement

L7 application fingerprint checking

Send an email when the traffic reaches at least 1MB/sec.

Notify all Cascade Pilot users connected to a specific Cascade Shark appliance when a specified traffic event occurs.

Create a Web traffic report with a specific time window.

Start a Capture Job each time the VoIP traffic goes below 2MB/sec.

Copy the file onto a Cascade Shark to ensure better performance.

Create an index so that processing of the View analytics will be faster.

Apply a View with a specific filter.

Use Wireshark tools to split the trace file in multiple and smaller trace files.

Switch Port Discovery Protocol (SPDP)

Merging of CAM + ARP tables, both gathered via SNMP

Merging of IF and ARP tables, both gathered via SNMP

Merging of IF and CAM tables, both gathered via SNMP

Every DNS server in the AD environment

Any server in the MS domain

Every client desktop in the AD environment

Every NTP server in the MS domain

The Microsoft Event Collector component in the AD environment

Log Only, SNMP Only, Email Only, SNMP and Email

Log Only, Default, Owner, or any defined recipient

Log Only, Default, Owner or any User Account

Log Only, Default, Owner or any User Name obtained via the Identity Integration

echo "delete from hostinfo where ipaddr = '10.63.32.0/24';" | psql mazu postgres

Edit the Definition and remove the entry for 10.63.32.0/24 Bracknell_UK

echo "delete from hostinfo where group = 'Bracknell_UK;" | psql mazu postgres write_community_string

Go to Host Groups and insert " #10.63.32.0/24 Bracknell_UK"

Client Ports

Applications

Ports

Server

1

2

3

4

Unlimited

Set the disk space for that data resolution to 0 in Configuration > Flow Log.

Set the disk space for that data resolution to -1 in Configuration > Flow Log.

Set the disk space for that data resolution to -1 in Configuration > General Settings.

Set the disk space for that data resolution to 0 in Configuration > General Settings.

v1 and v5

v7

v9

all of the above

none of the above

Yes, 25

Yes, 50

Yes, 100

Yes 500

No Limit

ARP table on a layer 3 device (router)

CAM (Content Addressable Memory) on a layer 2 device (switch)

Both the ARP and CAM tables from a layer 2 device (switch)

All of the above

None of the above

Through Radius Server(s)

From Domain Controller(s)

Through LDAP queries

Via SNMP queries

Three weeks of historical traffic between the clients and servers defined on the policy.

Three days of historical traffic between the clients and servers defined on the policy.

Three weeks of historical traffic between the clients and servers defined on the policy, where retransmissions were reported in more than 50% of the 15 min windows over the three week period.

Three days of historical traffic between the clients and servers defined on the policy, where retransmissions were reported in more than 50% of the 15 min windows over the three day period.

The timeframe required to collect the baseline is not fixed, and is based on the variance of the traffic being monitored.

192.168.0.100/255.255.0.255 Philadelphia

192/8 Baltimore

172.168.1.1 Phoenix

10/16 Chicago

It obtains L2 retransmissions from switches and routers via SNMP.

It obtains TCP retransmissions by tracking TCP sessions via the Cascade Sensor.

Cascade does not track retransmissions.

Cascade obtains retransmissions from NetFlow and/or sFlow marked with the TCP push flag.

About 34 hours with a captured length of 65535 bytes and a packet rate of 400kbps

About 9 hours with a captured length of 1000 bytes and an average traffic rate of 1Gbps.

About 18 hours with a captured length of 65535 bytes and an average traffic rate of 500Mbps.

About 20 hours with a captured length of 500 bytes and an average packet rate of 400kbps.

The flows that are being viewed in Cascade Profiler must be reported by a Shark appliance.

The user's workstation requires a licensed copy of Cascade Pilot.

The user's workstation requires access to the Cascade Shark appliance on the appropriate TCP Port.

If there are multiple capture jobs configured on the Cascade Shark appliance, the user must select which one to apply the trace clip against.

All of the above.

Any active timeout can be used; Cascade will calculate the statistics accordingly and update the dashboard accordingly.

60 Seconds.

60 Milliseconds.

15 Minutes.

Any traffic using application "X" or port range "Y"

Any internal-only traffic using application "X" or port range "Y"

Any internal-only traffic using application "X" and port range "Y"

Any traffic between internal and external hosts using application "X" or port range "Y"

Any traffic between internal and external hosts using application "X" and port range "Y"

Any traffic from internal clients to external servers using application "X" or port range "Y"

Any traffic from internal clients to external servers using application "X" and port range "Y"

P2P application Activity

SpamBot Activity

Email traffic surge

Port Scan

P2P Port Activity

If the Steelhead is running a RioS version older than 5.5.3, the Steelhead WAN interfaces need to be manually added, and marked as Steelhead interfaces.

If the Steelhead is running a RioS version 5.5.3 or higher, the Steelhead WAN interfaces are automatically added to the WAN page, but the user must manually mark them as Steelhead interfaces.

If the Steelhead is running a RioS version 6.0.1 or higher, the Steelhead WAN interfaces are automatically added to the WAN page and are also be marked as a Steelhead interface.

All of the above are true.

A and C only are true.

http://10.1.1.1

https://10.1.1.1

https://10.1.1.1:443

https://10.1.1.1:8080

http://10.1.1.1:8080

Layer-7 Application Fingerprinting

Connection Duration Statistics

Riverbed RiOS Integration

Rotating Packet Log

Any dependency (connection graph) can be exported to SVG (Visio) format.

Reports are real time and can not be scheduled.

Reports can be sent via PDF, HTML, CSV, or DOC format.

Events can be sent via email or SNMP v1 or v3 traps.

Events can be sent to both an email list AND SNMP target.