150-420 - Brocade Certified Layer 4-7 Professional 2010
Go back to Brocade
You are performing routine housekeeping on your Brocade ADX by reviewing your current configuration. You have no Layer 7 Health Checks configured on your Brocade ADX. Which command is safe to remove from the configuration?
A network manager has configured on a Brocade ADX the predictor to be dynamic weighted reverse. The real servers support SNMP version 2. Which two actions must be performed for this configuration to work? (Choose two.)
Configure the SNMP community string.
Configure the SNMP-request object ID (OID) on the real servers.
Your customer would like all data on Web pages containing the string "http://www.brocade.com/" to be rewritten with "https://www.brocade.com/". Which two CSW configurations would you implement? (Choose two.)
csw-rule r21 response-body pattern http://www.brocade.com/
match "r21" rewrite response-body-replace "https://www.brocade.com/" offset 0 length 22
You inherit multiple Brocade ADXs that have been running for several months. You begin to troubleshoot an SSL issue using the packet capture utility. When attempting to specify a filter ID using the specify command it fails. Why does this happen?
You have exceeded the filter ID limit.
Syn-proxy applies to which type of network traffic?
Which statement is true about policy-based SLB?
Policy-based SLB can be enabled on some VIPs while disabled on others.
Your customer is complaining that inactive TCP sessions are not being cleared from the session table fast enough. The Brocade ADX is configured for default values. Which port profile will resolve their problem?
server port 80tcptcp 2
An administrator observes SSL information exchanged between the browser and the server and notices that the server sends its certificate to the browser. Which part of the SSL protocol exchange is taking place?
SSL handshake protocol
A customer has been performing Layer 7 load balancing HTTP traffic using a non-SSL Brocade ADX 1000. For compliance reasons, full encrypted connectivity is required from the client to the server using SSL. Which two actions must the customer perform to comply with the requirement? (Choose two.)
Enable the Brocade ADX 1000 SSL offload feature with an SSL license.
Configure the Brocade ADX for SSL Proxy mode configuration.
You are asked to configure the Brocade ADX to provide transparent redundancy between two physical data centers. Which feature must you enable to support this?
A network manager wants to balance the load on a pool of servers based on CPU utilization and memory consumption of these servers. Which two actions must the network manager perform? (Choose two.)
Configure the virtual server with a dynamic weighted predictor.
Configure the Brocade ADX to generate SNMP queries to the servers.
Your operations staff is complaining about entering their login credentials multiple times when accessing the Brocade ADX. What can be done to enable a user to enter a username and password only once?
Enter the aaa authentication login privilege-mode command.
You have uploaded a valid SSL key and certificate to your Brocade ADX, created an SSL profile, created your real servers and virtual server; and correctly bound the VIP, real servers, and SSL profile into an SSL Proxy configuration. When you browse to the VIP, you receive the error messagE. "the security certificate presented by this Web site is not issued by a trusted certificate authority". What would cause this error?
No intermediate certificate was appended to the server certificate.
A network administrator needs to configure cookie insertion with cookie switching in the Brocade ADX. Which three steps should be taken? (Choose three.)
Configure CSW rules and policy.
Bind the CSW policy to a VIP.
Enable CSW on the VIP.
All addresses are being translated to only one outside address before reaching the Brocade ADX. You have configured Layer 4 SSL load balancing with sticky but all the traffic goes to only one server. What can be done to more evenly distribute the load to all the real servers?
Configure SSL session ID switching.
Which type of CSW persistence assigns cookies based on a method using a checksum type operation performed by the Brocade ADX?
What is required when deploying the Brocade ADX in an HA design?
one Brocade router
The Brocade ADX syslog shows that a customer's Web service is flapping. The administrator finds that the server in question is completing the TCP handshake but the Web page is not returning status codes. Which feature can be added to the existing configuration to prevent this from occurring?
Given an IP prefix, you want to give preference to a specific GSLB site Brocade ADX. Which feature will you use?
You have been running standard Layer 4 SLB for SSL sessions to two real servers. Each real server is running standard Microsoft IIS but they are at peak CPU utilization due to SSL overhead. You have determined that implementing SSL Acceleration on your Brocade ADXs will solve the CPU utilization. You export the existing SSL certificates from IIS and change the extension from .pfs to .pem and upload them to the Brocade ADX. When you attempt to create an SSL profile, you get the error message "certificate does not exist". What is needed to create the SSL profile?
Use OpenSSL to convert the IIS PFX certificate to PEM format before upload.
When using the GUI on a Brocade ADX running switch code, which three fields are available for configuration under the "IP address" tab? (Choose three.)
A Brocade ADX is configured with a transparent VIP using a stateless port for DNS. What are two options for real server selection? (Choose two.)
a hashing mechanism
You have configured the server shown below for DNS: ADX1(config)#server remote r1 22.214.171.124 ADX1(config-rs-r1)#port dns l4-check-only Which two Health Checks will be performed to the real server? (Choose two.)
You want all users accessing your Web site "www.brocade.com" to be redirected to "www.brocade.com/exchange" using SSL. Which command would implement this change?
default redirect "brocade.com" "/exchange" 443
A client would like to implement the Brocade ADX into an OSPF environment. However, the client does not want OSPF packets to be seen by the real servers. What are two possible actions? (Choose two.)
Configure redistribute connected under router ospf.
Configure ip ospf passive under the real server's interface.
You have a pair of Brocade ADXs running Layer 3 code. You require stateful session failover in the event of a Brocade ADX device or link failure. Which two HA designs will meet your objective? (Choose two.)
Two real servers are failing to respond to URL GET requests within the acceptable parameters defined. An investigation reveals that during peak hours the servers are not able to respond within the keepalive parameters specified on the Brocade ADX configuration for that HTTP application port. Which statement is correct?
The servers that are failing to respond will be excluded from further load balancing.
What are the three fundamentals of SSL security? (Choose three.)
You have two real servers, both on different subnets than the Brocade ADX. Which two parameters are required to be configured on the Brocade ADX to ensure that the return traffic from the real servers returns back through to the Brocade ADX? (Choose two.)
You have a Brocade ADX and you want to direct requests to a server group, based on the source IP address of the request. What would you configure on your Brocade ADX to accomplish this?
Policy-Based Server Load Balancing
Given the command shown below, which statement is true? aaa authentication enable default radius local
If the RADIUS server is unavailable, the local user account list is used.
What does the command shown below accomplish? ServerIron(debug-filter-spec-1)# pattern 24 2 1203
Captures packets that contain a pattern of a specified length; starting from a specified offset from the beginning of the packet.
A Brocade ADX is performing a TCP Health Check. What does the Brocade ADX look for to determine that the port is alive?
A SYN ACK is received.
A Web server is directly attached to interface 1 of the Brocade ADX. What are two results after performing this configuration? (Choose two.)
The violation condition is met if the client exceeds 80 TCP connections per minute.
If the client falls under the violation condition, it will be blocked for 10 minutes.
Your Brocade ADX has been working properly for months but suddenly Health Checks to a particular server fail. You verify that your configuration has not changed and that the server is up and running. You configure your Brocade ADX to capture HTTP traffic. You start your capture and let it run for fifteen seconds. Which two commands would you use to view the contents of the capture? (Choose two.)
ServerIron (debug-filter-MP) # summary
ServerIron (debug-filter-MP) # ascii-dump <packet#>
A customer wants to use content switching (CSW) to manage the application. What information must the customer configure in the CLI? (Choose three.)
Define the rules.
Bind the policy to virtual server.
Define the policy.
On checking the Brocade ADX log the user finds the output shown below: Jan 7 13:49:41 L4 server 10.33.24.38 njmpprodapp06 port 2262 is down due to MAC-delete What could be the problem?
The real server was moved to a different port.
A Brocade ADX was configured with the command shown below: ServerIron(config-rs-zip)# port http status-code 200 201 300 302 A Layer 7 Health Check is sent to the server by the Brocade ADX. The server returns a status code of 301. Which statement is true?
The server will be marked as healthy and added to the load balancing rotation.
The customer has a server application port that relies on other ports to function properly. Which three features will allow you to associate the health of the master port to multiple other application ports? (Choose three.)
You have configured a real server with TCP port 7777. Which feature is required to enable periodic Layer 4 Health Checks?
A hacker is listening on the line and picks up the public key of the server. What is the result?
The SSL communication is still secure.
Given the commands shown below: gslb policy dns active-only dns cache-proxy Which statement is true regarding DNS replies sent by the Brocade ADX to clients?
The replies will include only healthy IP addresses.
Your customer's Web site is designed to send a client to a different Web page based on the client IP address using HTTP redirects. For compliance reasons, traffic now needs to be encrypted but they do not want to make any modifications on the application. After installing a Brocade ADX, which two tasks must be configured to accomplish the goal? (Choose two.)
Configure SSL termination.
Configure a CSW policy to rewrite the headers from HTTP to HTTPS.
Given the command shown below: ServerIron# server prioritize-mgmt-traffic 126.96.36.199 255.255.255.0 188.8.131.52 6 22 What will happen when applying this command on the Brocade ADX?
It will prioritize secure shell management traffic destined for management IP address 184.108.40.206.
Given the command shown below: ServerIronADX 1000(debug-filter-MP)#packet 128 What is the result?
The packet length is set to 128 bytes.
Your developers have written a custom application that uses TCP over port 8080. The Brocade ADX is not passing the Health Checks to those real servers. The clients can reach the servers directly and the application is functional. What would you do to resolve this?
You need to specify TCP under the port profile.
What is the result when the command shown below is implemented? ServerIron(config-gslb-policy)# metric-order set round-trip-time capacity num-session flashback
Round-trip-time, capacity, num-session, and flashback are the only metrics evaluated in the stated order.
During a recent network failure, a pair of Brocade ADXs configured in sym-active mode experienced a VRRP-E failover. After the failure, the active VRRP-E router was not the owner for all VIPs. Which statement is true?
A VIP group was not defined.
Servers are connected remotely to the Brocade ADX through two different routers, R1 and R2. Health Check probes are sent to R1 but responses are received from R2. Which two statements are true if you configure server use-learned-mac? (Choose two.)
Health Check probes will be sent to R2.
Health Check will fail if responses are received alternating between R1 and R2.
What is the purpose of the SSL Alert protocol?
to notify user of a protocol problem