New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

299-01 Riverbed Certified Solutions Professional - Network Performance Management Questions and Answers

Questions 4

What is a benefit that Cascade Profiler might provide to Security Operations? (Select 3)

Options:

A.

Ability to identify Scanners and Worm Propagations.

B.

Ability to provide information for a firewall rule when a user defined policy is violated.

C.

Ability to alert on security policy (e.g. an insecure policies, such as FTP, is in use).

D.

Ability to identify Worms by name.

Buy Now
Questions 5

To better analyze live traffic on Cascade Shark from Cascade Pilot you should:

Options:

A.

Apply a View on the live interface and then start a Capture Job on the capture port to analyze traffic later.

B.

Start a Capture Job on the capture port with a BPF filter and apply a View on the live interface for the same capture job.

C.

Start a Capture Job on the capture port, apply a View on the live interface and create a trace clip for the time window of interest.

D.

Never create a Capture Job to prevent packet drops.

Buy Now
Questions 6

What does Cascade use as the flow key to identify a unique flow?

Options:

A.

sourceIP, destIP, protocol, sourcePort, destPort, QoS

B.

sourceIP, destIP, protocol, destPort

C.

sourceIP, destIP, protocol, sourcePort, destPort

D.

destIP, protocol, destPort

E.

sourceIP, destIP, protocol

Buy Now
Questions 7

The Cascade Profiler account roles arE. (Select 5)

Options:

A.

Administrator

B.

Operator

C.

Monitor

D.

Dashboard Viewer

E.

dbadmin

F.

Event Viewer

Buy Now
Questions 8

If a report table on Cascade Profiler includes the "Server Delay" column but shows no value for "Server Delay" in some cells, what are the possible causes? (Select 3)

Options:

A.

The time span of the report does not cover any connection set-up points

B.

Server delay is zero.

C.

The protocol used by the application in not TCP-based.

D.

Application traffic was not seen by a Cascade Sensor.

E.

The server plug-in is needed to measure "Server Delay" and not functioning correctly.

Buy Now
Questions 9

What are possible explanations for no Server Delay measurement being reported for a particular flow? (Select 4)

Options:

A.

The flow includes the UDP protocol.

B.

The traffic was not reported by a Cascade Sensor or Cascade Shark appliance.

C.

The traffic was not reported by a Steelhead appliance's CascadeFlow

D.

The start time for the connection was prior to the timeframe selected for the traffic query.

E.

The packets involved in the initial setup of the TCP connection were not seen by a Cascade Sensor or Cascade Shark appliance.

Buy Now
Questions 10

Which is a true statement regarding choosing between a 2U and a 3U Cascade Shark base appliancE. (Select 2)

Options:

A.

You must consider how many capture cards are required.

B.

You must consider how much disk space is required.

C.

You must consider the write-to-disk speed required.

D.

You must consider how many Cascade Pilot consoles will be connecting.

E.

You must consider how many Cascade Profilers the appliance will export to.

Buy Now
Questions 11

Protocols that are used for flow export include of IPv4 conversations include (select 3):

Options:

A.

Vacl-flow

B.

sFlow

C.

NetFlow

D.

IPFIX

E.

ERSPAN

Buy Now
Questions 12

To install Cascade Shark, the best practice to initially configure the IP Address to be used on the network is:

Options:

A.

Connect a cross-over cable from your laptop to the Ethernet management port and connect through the Web browser to the default IP Address of 192.168.1.10.

B.

Connect a cross-over cable from your laptop to the Auxiliary Ethernet port and connect through the Web browser to the default IP Address of 192.168.1.10.

C.

Connect by KVM or Serial Console and run the command line tool, sa_wizard, to perform the initial configuration.

D.

Connect to the appliance using the Riverbed Central Management Console (CMC) on its default IP Address and perform the initial configuration.

Buy Now
Questions 13

Watches within Cascade Pilot refer to:

Options:

A.

Interactive views based upon time control.

B.

A time control window for creating trace clips.

C.

A panel displaying current time in the packet capture (pcap) file under analysis.

D.

A triggering and alerting capability based upon traffic views.

E.

A triggering and alerting capability using an optional fault management add-on for monitoring routers and switches.

Buy Now
Questions 14

What is the typical retention time of packets of a CSK-01100 Cascade Shark appliance with 1 capture job?

Options:

A.

About 34 hours with a captured length of 65535 bytes and a packet rate of 400kbps

B.

About 9 hours with a captured length of 1000 bytes and an average traffic rate of 1Gbps.

C.

About 18 hours with a captured length of 65535 bytes and an average traffic rate of 500Mbps.

D.

About 20 hours with a captured length of 500 bytes and an average packet rate of 400kbps.

Buy Now
Questions 15

Which of the following describes how a Cascade Gateway transfers flow data to a Cascade Profiler? (Select 2)

Options:

A.

It uses IETF's IPFIX protocol.

B.

Is uses whichever flow protocol it received the data on.

C.

It uses a proprietary compressed and encrypted connection.

D.

It sends data over SYSLOG port 514 which is compressed and encrypted via proprietary technology.

E.

It sends data over TCP/41017.

Buy Now
Questions 16

Hosts that do not match group definitions within a group type are:

Options:

A.

Placed in an unassigned group.

B.

Not placed into a group within the group type.

C.

Not allowed

D.

Flagged as an error.

E.

Likely to cause errors in the future.

Buy Now
Questions 17

Which of the following are true about Trend/Index data on a Cascade Shark appliancE. (Select 3)

Options:

A.

Allows Cascade Pilot to load views that take advantage of the Index more quickly.

B.

Includes the number of bytes and packets for each conversation seen by the Cascade Shark appliance.

C.

It is configured on a per-port basis.

D.

It is configured using the sa-wizard as part of the initial configuration.

E.

It is enabled by default per capture job.

Buy Now
Questions 18

When sending data from a Gateway or Sensor to a Profiler which ports must be opened between the devices? (Select 3)

Options:

A.

tcp/8443

B.

udp/123

C.

tcp/41017

D.

tcp/42999

E.

tcp/123

Buy Now
Questions 19

If Cascade is unable to keep a record of all hops traversed due to exceeding its limits, what is the order of preference for selecting which hops to preserve?

Options:

A.

Preserve order as received at Gateway.

B.

Preserve order as received at Profiler.

C.

Sensors, Sensor-VEs, Steelheads, xFlow (NetFlow, sFlow, Jflow, Cflow…).

D.

Steelheads, Sensors, Sensor-VEs, xFlow (NetFlow, sFlow, Jflow, Cflow…).

E.

xFlow (NetFlow, sFlow, Jflow, Cflow…), Steelheads, Sensors, Sensor-VEs.

Buy Now
Questions 20

How many signatures can a Layer-7 Fingerprint have?

Options:

A.

1

B.

2

C.

5

D.

8

E.

10

Buy Now
Questions 21

Which configuration option is it highly recommended that every Cascade Profiler Deployment implement?

Options:

A.

Host Baseline Profiles

B.

Custom Port Definitions

C.

Host Groupings

D.

Mitigation Configuration

E.

Firewall Configuration

Buy Now
Questions 22

For a worm security event to be triggered on Cascade Profiler, what event must have occurred first?

Options:

A.

Host Scan

B.

Port Scan

C.

Link Availability

D.

Suspicious Connection

E.

There is no event that triggers before a worm event.

Buy Now
Questions 23

You can analyze data on Cascade Pilot received from live interfaces iF. (Select 2)

Options:

A.

Cascade Pilot is started with administrator privileges.

B.

Cascade Shark is configured to show capture ports.

C.

You apply a View to the interface and create a Watch on Web traffic.

D.

You have privileges to do so in your user profile.

Buy Now
Questions 24

Cascade Profiler is able to report traffic using two different approaches (centricities). Two approaches can result in different results when using the same report criteria due to the way data is aggregated and counted. What are these two approaches? (Select 2)

Options:

A.

Interface centric

B.

Application centric

C.

Host centric

D.

Port centric

E.

The Cascade Profiler does not have two approaches

Buy Now
Questions 25

What is the chart granularity possible through the Cascade Pilot UI? (Select 2)

Options:

A.

1 second on a local System, 10 milliseconds on Cascade Sharks.

B.

1 millisecond for any View.

C.

1 millisecond for specific Views.

D.

Generally minimum 1 second, maximum 1 day.

Buy Now
Questions 26

How do all the Cascade components stay time synchronized?

Options:

A.

They all point to the same NTP server.

B.

The Profiler, ideally, points to an NTP server (although it can use local time as well), the Gateway and Sensor get their time information from the Profiler which acts as their NTP Server.

C.

For security reasons, all components use local time. The same time should be set on each component.

D.

They all synchronize their time via timestamps in Netflow sources.

Buy Now
Questions 27

Filtering in Cascade Pilot: (Select 2)

Options:

A.

Is either a BPF or Wireshark Display filter only.

B.

Can be created from a chart.

C.

Can be changed after applying a View.

D.

Is the equivalent of the Wireshark "display filter input".

Buy Now
Questions 28

Which of the following are TRUE concerning packet capture jobs on the Cascade Shark appliancE. (Select 4)

Options:

A.

Packets can be captured from multiple capture ports on one Cascade Shark appliance.

B.

The maximum length the packet data can be specified.

C.

Packets can be filtered on host IP addresses.

D.

SSL traffic can be decoded if the appropriate certificate are loaded in the Cascade Shark appliance.

E.

The maximum storage bandwidth for the job can be specified in bits/sec.

F.

Multiple packet capture jobs can run concurrently.

Buy Now
Questions 29

When analyzing a large (100GB, for example) trace file within Cascade Pilot, you should:

Options:

A.

Copy the file onto a Cascade Shark to ensure better performance.

B.

Create an index so that processing of the View analytics will be faster.

C.

Apply a View with a specific filter.

D.

Use Wireshark tools to split the trace file in multiple and smaller trace files.

Buy Now
Questions 30

What is the maximum limit of configurable flows that can be exported from the Cascade Shark appliance? (Select 2)

Options:

A.

200,000 flows per minute per port

B.

300,000 flows per minute per port

C.

500,000 flows per minute per port

D.

500,000 flows per minute total

E.

600,000 flows per minute total

Buy Now
Questions 31

Cascade Profiler's Switch Integration feature uses SNMP and adds the capability for Cascade to report on which of the followinG. (Select 2)

Options:

A.

User name

B.

Host IP address

C.

Host MAC address

D.

The physical switch port a specific host is connected to

E.

Switch port traffic levels

F.

Switch port status

G.

SNMP traps from the switch

Buy Now
Questions 32

If unable to connect to the Cascade Shark Appliance from the Cascade Pilot console it could be becausE. (Select 2)

Options:

A.

The correct communication port(s) are NOT open on the firewall between Cascade Pilot and Cascade Shark.

B.

The Cascade Shark is placed in "passthru" mode so Cascade Pilot access is not available

C.

The Cascade Shark appliance has no capture jobs configured.

D.

You may be running Cascade Pilot-Personal-Edition (PE). You need the full version of Cascade Pilot to connect to Cascade Shark.

E.

Trend/Index data is disabled on the Cascade Shark Appliance.

Buy Now
Questions 33

What are the sources of Layer7 Fingerprints as shown in the Cascade Profiler GUI? (Select 4)

Options:

A.

from the Cascade Sensor

B.

NetFlow

C.

NBAR

D.

Packeteer

E.

User Defined

F.

Enhanced sFlow

Buy Now
Questions 34

When links in a network are using WAN optimization, it is best if the Cascade Profiler or Express receives data from a _________or _________ monitoring traffic on the LAN side of the Steelhead that is located on the server side of the optimized connection. This is necessary in order to determine server delay.

(Select 2)

Options:

A.

Cascade Shark

B.

Router

C.

Layer 3 switch

D.

Steelhead appliance

E.

Cascade Sensor

Buy Now
Questions 35

Simple Network Management Protocol can be used on Cascade Profiler for:

Options:

A.

Accessing the Cascade Profiler's MIB by third-party applications for monitoring.

B.

Obtaining interface information from routers.

C.

Obtaining host MAC address information from switches.

D.

Obtaining network device status through the Cascade Profiler receiving SNMP traps.

E.

A, B, and D.

Buy Now
Questions 36

On the Cascade Profiler, when importing a switch mitigation device list, it needs to be in the following format:

Options:

A.

host_name, device_type, read_only_community_string, write_community_string

B.

host_name, IP_address, read_only_community_string, write_community_string

C.

host_name, IP_address, device_type, read_only_community_string, write_community_string

D.

host_name, IP_address, device_type, read_only_community_string, write_community_string, pass phrase

Buy Now
Exam Code: 299-01
Exam Name: Riverbed Certified Solutions Professional - Network Performance Management
Last Update: Dec 27, 2024
Questions: 245
299-01 pdf

299-01 PDF

$25.5  $84.99
299-01 Engine

299-01 Testing Engine

$30  $99.99
299-01 PDF + Engine

299-01 PDF + Testing Engine

$40.5  $134.99