299-01 Riverbed Certified Solutions Professional - Network Performance Management Questions and Answers

Ability to identify Scanners and Worm Propagations.

Ability to provide information for a firewall rule when a user defined policy is violated.

Ability to alert on security policy (e.g. an insecure policies, such as FTP, is in use).

Ability to identify Worms by name.

Apply a View on the live interface and then start a Capture Job on the capture port to analyze traffic later.

Start a Capture Job on the capture port with a BPF filter and apply a View on the live interface for the same capture job.

Start a Capture Job on the capture port, apply a View on the live interface and create a trace clip for the time window of interest.

Never create a Capture Job to prevent packet drops.

sourceIP, destIP, protocol, sourcePort, destPort, QoS

sourceIP, destIP, protocol, destPort

sourceIP, destIP, protocol, sourcePort, destPort

destIP, protocol, destPort

sourceIP, destIP, protocol

Administrator

Operator

Monitor

Dashboard Viewer

dbadmin

Event Viewer

The time span of the report does not cover any connection set-up points

Server delay is zero.

The protocol used by the application in not TCP-based.

Application traffic was not seen by a Cascade Sensor.

The server plug-in is needed to measure "Server Delay" and not functioning correctly.

The flow includes the UDP protocol.

The traffic was not reported by a Cascade Sensor or Cascade Shark appliance.

The traffic was not reported by a Steelhead appliance's CascadeFlow

The start time for the connection was prior to the timeframe selected for the traffic query.

The packets involved in the initial setup of the TCP connection were not seen by a Cascade Sensor or Cascade Shark appliance.

You must consider how many capture cards are required.

You must consider how much disk space is required.

You must consider the write-to-disk speed required.

You must consider how many Cascade Pilot consoles will be connecting.

You must consider how many Cascade Profilers the appliance will export to.

Vacl-flow

sFlow

NetFlow

IPFIX

ERSPAN

Connect a cross-over cable from your laptop to the Ethernet management port and connect through the Web browser to the default IP Address of 192.168.1.10.

Connect a cross-over cable from your laptop to the Auxiliary Ethernet port and connect through the Web browser to the default IP Address of 192.168.1.10.

Connect by KVM or Serial Console and run the command line tool, sa_wizard, to perform the initial configuration.

Connect to the appliance using the Riverbed Central Management Console (CMC) on its default IP Address and perform the initial configuration.

Interactive views based upon time control.

A time control window for creating trace clips.

A panel displaying current time in the packet capture (pcap) file under analysis.

A triggering and alerting capability based upon traffic views.

A triggering and alerting capability using an optional fault management add-on for monitoring routers and switches.

About 34 hours with a captured length of 65535 bytes and a packet rate of 400kbps

About 9 hours with a captured length of 1000 bytes and an average traffic rate of 1Gbps.

About 18 hours with a captured length of 65535 bytes and an average traffic rate of 500Mbps.

About 20 hours with a captured length of 500 bytes and an average packet rate of 400kbps.

It uses IETF's IPFIX protocol.

Is uses whichever flow protocol it received the data on.

It uses a proprietary compressed and encrypted connection.

It sends data over SYSLOG port 514 which is compressed and encrypted via proprietary technology.

It sends data over TCP/41017.

Placed in an unassigned group.

Not placed into a group within the group type.

Not allowed

Flagged as an error.

Likely to cause errors in the future.

Allows Cascade Pilot to load views that take advantage of the Index more quickly.

Includes the number of bytes and packets for each conversation seen by the Cascade Shark appliance.

It is configured on a per-port basis.

It is configured using the sa-wizard as part of the initial configuration.

It is enabled by default per capture job.

tcp/8443

udp/123

tcp/41017

tcp/42999

tcp/123

Preserve order as received at Gateway.

Preserve order as received at Profiler.

Sensors, Sensor-VEs, Steelheads, xFlow (NetFlow, sFlow, Jflow, Cflow…).

Steelheads, Sensors, Sensor-VEs, xFlow (NetFlow, sFlow, Jflow, Cflow…).

xFlow (NetFlow, sFlow, Jflow, Cflow…), Steelheads, Sensors, Sensor-VEs.

1

2

5

8

10

Host Baseline Profiles

Custom Port Definitions

Host Groupings

Mitigation Configuration

Firewall Configuration

Host Scan

Port Scan

Link Availability

Suspicious Connection

There is no event that triggers before a worm event.

Cascade Pilot is started with administrator privileges.

Cascade Shark is configured to show capture ports.

You apply a View to the interface and create a Watch on Web traffic.

You have privileges to do so in your user profile.

Interface centric

Application centric

Host centric

Port centric

The Cascade Profiler does not have two approaches

1 second on a local System, 10 milliseconds on Cascade Sharks.

1 millisecond for any View.

1 millisecond for specific Views.

Generally minimum 1 second, maximum 1 day.

They all point to the same NTP server.

The Profiler, ideally, points to an NTP server (although it can use local time as well), the Gateway and Sensor get their time information from the Profiler which acts as their NTP Server.

For security reasons, all components use local time. The same time should be set on each component.

They all synchronize their time via timestamps in Netflow sources.

Is either a BPF or Wireshark Display filter only.

Can be created from a chart.

Can be changed after applying a View.

Is the equivalent of the Wireshark "display filter input".

Packets can be captured from multiple capture ports on one Cascade Shark appliance.

The maximum length the packet data can be specified.

Packets can be filtered on host IP addresses.

SSL traffic can be decoded if the appropriate certificate are loaded in the Cascade Shark appliance.

The maximum storage bandwidth for the job can be specified in bits/sec.

Multiple packet capture jobs can run concurrently.

Copy the file onto a Cascade Shark to ensure better performance.

Create an index so that processing of the View analytics will be faster.

Apply a View with a specific filter.

Use Wireshark tools to split the trace file in multiple and smaller trace files.

200,000 flows per minute per port

300,000 flows per minute per port

500,000 flows per minute per port

500,000 flows per minute total

600,000 flows per minute total

User name

Host IP address

Host MAC address

The physical switch port a specific host is connected to

Switch port traffic levels

Switch port status

SNMP traps from the switch

The correct communication port(s) are NOT open on the firewall between Cascade Pilot and Cascade Shark.

The Cascade Shark is placed in "passthru" mode so Cascade Pilot access is not available

The Cascade Shark appliance has no capture jobs configured.

You may be running Cascade Pilot-Personal-Edition (PE). You need the full version of Cascade Pilot to connect to Cascade Shark.

Trend/Index data is disabled on the Cascade Shark Appliance.

from the Cascade Sensor

NetFlow

NBAR

Packeteer

User Defined

Enhanced sFlow

Cascade Shark

Router

Layer 3 switch

Steelhead appliance

Cascade Sensor

Accessing the Cascade Profiler's MIB by third-party applications for monitoring.

Obtaining interface information from routers.

Obtaining host MAC address information from switches.

Obtaining network device status through the Cascade Profiler receiving SNMP traps.

A, B, and D.

host_name, device_type, read_only_community_string, write_community_string

host_name, IP_address, read_only_community_string, write_community_string

host_name, IP_address, device_type, read_only_community_string, write_community_string

host_name, IP_address, device_type, read_only_community_string, write_community_string, pass phrase