200-601 Managing Industrial Networking for Manufacturing with Cisco Technologies

Page 1   
Question 1

What security component can be deployed to increase the defense in depth and
specifically can be positioned against 'man-in-the-middle' attack?

  • A. Deploy 802.1AE
  • B. Deploy 802.1X
  • C. Deploy 802.1Q
  • D. Deploy 802.1AX

Answer : A

Question 2

Which configuration enables an Industrial Ethernet switch to participate in PTP clock
selection and sets the priority value that would break the tie between switches with
matching default criteria to 50?

  • A. ptp mode boundary ptp priority1 10 ptp priority2 50
  • B. ptp mode boundary ptp priority1 50 ptp priority2 10
  • C. ptp mode e2etransparent ptp priority1 50 ptp priority2 10
  • D. ptp mode e2etransparent ptp priority1 10 ptp priority2 50

Answer : A

Question 3

Which CLI command will display IGMP snooping information in a Cisco IE2000 or Stratix
5700 switch?

  • A. switch#show snooping ip igmp
  • B. switch#show igmp snooping
  • C. switch#show ip igmp snooping
  • D. switch#show ip snooping

Answer : C

Question 4

Refer to the exhibit.

SW1, SW2 and virtual switch are connected in a loop. SW1 and SW2 are standard layer-2
switches. Which loop prevention mechanism is best suited for use within this topology?

  • A. Per-VLAN Rapid Spanning Tree Protocol+
  • B. End-Host Mode
  • C. Multi-chassis EtherChannel
  • D. BPDU Guard

Answer : B

Question 5

Refer to the exhibit.

Network Faceplates have not been installed on the HMI and so you need to map a network
based on information available from RSLinx. Which most accurately represents the network

  • A.
  • B.
  • C.
  • D.

Answer : B

Question 6

Refer to the exhibit.

CIP Implicit messages from I/O#1 are being marked IP DSCP 47 by the endpoint and this
marking is trusted by L2SW4. L2SW4 is configured to map DSCP 47 to output queue 1
threshold 1. You have received feedback that some of these messages are not being
received. Executing the show mls interface GigabitEthernet statistics command on L2SW4
results in:
L2SW4# show mls interface GigabitEthernet 1/1 statistics
<output omitted>
output queues dropped:
queue: threshold1 threshold2 threshold3
queue 0 0 0 0
queue 1 309232345 450 0
queue 2 300 10 0
queue 3 91 0 0
Repeating this command results in the counters incrementing for queue 1 threshold 1.
What are two options for reducing the packet loss on this interface while preserving the
end-to-end DSCP marking? (Choose two)

  • A. Configure I/O#1 to mark this traffic with a different DSCP that is mapped to a less congested queue
  • B. Increase the buffer allocation for input queue 1
  • C. Increase the buffer allocation for output queue 1
  • D. Alter the service policy to police to a higher CIR
  • E. Change the egress queue map on L2SW4 to map this traffic to a less congested queue

Answer : C,E

Question 7

Which two are possible solutions to control which devices can communicate between
industrial zones? (Choose two)

  • A. Use per zone private IP addressing and deploy NAT to control traffic between zones
  • B. Put access control lists on switches connecting industrial zones to control traffic
  • C. Attach each zone to a firewall to control intra-zone traffic
  • D. Deploy QoS traffic shaping to limit the volume of traffic between industrial zones
  • E. Deploy an IDS system between the zones to control intra-zone traffic

Answer : B,C

Question 8

Refer to the exhibit.

Which values are correct for AP 2 to allow for efficient roaming?

  • A. Channel 6, SSID Sittingduck, BSSID 00:0a:0b:0c:0d:0e
  • B. Channel 1, SSID Sittingduck, BSSID 00:01:02:03:04:05
  • C. Channel 1, SSID Sittingduck, BSSID 00:0a:0b:0c:0d:0e
  • D. Channel 6, SSID Sittingduck, BSSID 00:01:02:03:04:05

Answer : A

Question 9

Refer to the exhibit.

L3SW1 has a spanning-tree priority of 8192 set on VLANs 1, 300, and 301, and these
VLANs are configured on and trunked between all switches. Executing the command show
spanning-tree blockedports on L2SW5 results in:
L2SW5# show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0001 Gi1/1
VLAN0300 Gi1/1
VLAN0301 Gi1/1
An additional VLAN, VLAN302, is defined on all switches and trunked between them.
VLAN302 access ports are set up on each of the switches and PLC#1, I/O#1, and the
PanelView are attached. You expect the new VLAN to be listed as blocked on interface
GigabitEthernet1/1 of L2SW5 but it is not. The three new devices are able to communicate
with each other.
After executing the same command on all switches you see this output on L2SW4:
L2SW4# show spanning-tree blockedports
Name Blocked Interfaces List
-------------------- ------------------------------------
VLAN0001 Gi1/2
VLAN0300 Gi1/2
VLAN0301 Gi1/2
Why is VLAN302 forwarding on L2SW5 interface GigabitEthernet 1/1 and L2SW4 interface
GigabitEthernet 1/1 and 1/2?

  • A. VLAN302 is not configured in the VLAN database on L2SW5
  • B. VLAN302 is not in the allowed list on the L2SW5 interface GigabitEthernet1/1 trunk
  • C. L2SW4 is the spanning tree root for VLAN 302
  • D. The FO3 fiber-optic cable between L2SW4 and L2SW5 is damaged

Answer : C

Question 10

You have reached the limit of IPv4 IGMP groups available on a Cisco IE 3000 switch that
was deployed using the Express Setup. Which CLI command will increase the number of
available IPv4 IGMP groups and multicast routes from 256 to 1000 on this switch?

  • A. switch(config)#sdm prefer routing
  • B. switch(config)#sdm prefer vlan igmp
  • C. switch(config)#sdm prefer routing igmp
  • D. switch(config)#sdm prefer vlan

Answer : A

Question 11

It is determined that an intermittent high packet loss event is occurring within a segment of
the network. The assigned task is to determine the cause. Which of these conditions
should be suspected?

  • A.
  • B.
  • C.
  • D.

Answer : D

Question 12

Your supervisor calls you and tells you that one of the Stratix 5700 switches is not
assigning all CIP explicit messages to the proper QoS queue. The switch was deployed
with the ab-global macro and CIP explicit messages were previously being assigned to the
proper QoS queue. You suspect the access-lists associated with the ab-global macro have
been changed. Look at the following access list from the switch configuration:
access-list 101 permit udp any eq 2222 any dscp 55
access-list 102 permit udp any eq 2222 any dscp 47
access-list 103 permit udp any eq 2222 any dscp 43
access-list 104 permit udp any eq 2222 any
access-list 105 permit udp any eq 44818 any
access-list 105 permit tcp any eq 44816 any
What needs to be done to fix the above access list?

  • A. Access list 105 should reference udp port 44816
  • B. Access lists 101-104 should reference udp port 2212
  • C. Access list 105 should reference tcp port 44818
  • D. Access list 104 should be a deny access list rather than a permit access list

Answer : C

Question 13

Which in-depth approach is used when deploying defense in an industrial zone?

  • A. Use PLCs and control systems from multiple vendors in such a way that the process will become resilient for failures of one vendor.
  • B. Deploy two factor authentications for all operators which need to login remote while working from home.
  • C. Collect log files at a central location for easy back-up and encryption to provide privacy.
  • D. Create multiple zones in the industrial zone and protect / inspect traffic between the zones with firewalls and intrusion monitors.

Answer : D

Question 14

Which statement is correct regarding ProfiNET communication classes?

  • A. ProfiNET-RT traffic is carried in UDP and TCP packets
  • B. ProfiNET-NRT is used to carry time critical status information
  • C. ProfiNET-IRT requires switches with hardware time scheduling capabilities
  • D. ProfiNET-NRT is prioritized as Layer-2 Class-of-Service 1 (CoS 1)

Answer : C

Question 15

Which selection is a reason why IGMP snooping should be configured on a switched

  • A. IGMP snooping populates the snooping table with the results of DHCP requests and can be used by Dynamic ARP Inspection to block IP spoofing attacks at Layer-2.
  • B. IGMP snooping verifies the source IP address of every IPv4 packet to ensure that it hasn't been originated from a port different than its return path.
  • C. IGMP snooping is used to filter ping requests and results to avoid overflowing the MAC address table of the switch.
  • D. IGMP snooping allows a Layer-2 switch to limit the transmission of multicast frames to only the ports that have members of the relevant IGMP group.

Answer : D

Page 1