3COM certification 3COM
Adobe certification Adobe
Apple certification Apple
Avaya certification Avaya
BEA certification BEA Systems
Business Objects certification Business Objects
Check Point certification Check Point
Cisco certification Cisco
Citrix certification Citrix
CIW certification CIW
CompTIA certification CompTIA
CWNP certification CWNP
EC-Council certification EC-Council
EMC certification EMC
Exam Express certification Exam Express
Exin certification Exin
Foundry certification Foundry Networks
HDI certification HDI
HP certification HP
Hitachi certification Hitachi
IBM certification IBM
ISC certification ISC
ISEB certification ISEB
Juniper certification Juniper Networks
Lotus certification Lotus
LPI certification LPI
Microsoft certification Microsoft
Mile2 certification Mile2
Network Appliance certification Network Appliance
Nortel certification Nortel
Novell certification Novell
Oracle certification Oracle
PMI certification PMI
RedHat certification RedHat
RSA certification RSA Security
SAIR certification SAIR
SAS certification SAS Institute
SNIA certification SNIA
Sun certification Sun
Sybase certification Sybase
Symantec certification Symantec
Teradata certification Teradata
Tibco certification Tibco
Veritas certification Veritas
VMware certification VMware
All Exams

Nortel 920-468 Exam - Passitexam.com

Free 920-468 Sample Questions:

Q: 1 Virtual Router Redundancy Protocol (VRRP) has been configured to run as master on a physical interface of a VPN Router. Three additional interfaces, each in a separate interface group, have been associated with this master VRRP interface. Assume one of the three additional interface has gone down. How will the VPN Router react?
A. It will force a VRRP fail-over.
B. It will reroute traffic to the associated VRRP master interface.
C. It will reroute traffic to one of the two remaining additional interface groups.
D. No action necessary, since two additional interfaces are available to the master.
Answer: A

Q: 2 A customer needs to provide fail-over support capability on their statically routed branch office tunnels and would like to configure the VPN Routers with redundant static routes.
Which step can be used to configure static tunnels for fail-over?
A. Create a single static tunnel.
B. Give subsequent static routes a lower cost.
C. Configure static tunnel fail-over using keep-alive and/or idle time out.
D. Give the primary static route a higher cost.
Answer: C

Q: 3 A customer would like their remote users to be able to establish a VPN tunnel with an alternate VPN Router, if the primary VPN Router fails.
What would need to be configured to ensure Fail-over protection?
A. Demand Services
B. Firewall and DHCP settings on the remote PC
C. Only LDAP group parameters
D. VPN Router user tunnel for IPSec fail-over service
Answer: D

Q: 4 In a VPN Router network, a technician has enabled the Fail-over feature so that all remote users working offsite using the Nortel VPN Client will attempt to connect to one or more alternate VPN Router devices if the primary VPN Router fails. Which statement is true regarding the IP addresses specified for the alternate VPN Router devices in the Fail-over?
A. The IP addresses must be for public interfaces.
B. The IP addresses must be for private interfaces.
C. The IP addresses must match the VPN Router management interface address.
D. The IP addresses must match the primary VPN Router interface address.
Answer: A

Q: 5 Virtual Router Redundancy Protocol (VRRP) has been configured to run as master on a physical interface of a VPN Router. Two additional interface groups have been associated with this master VRRP interface by use of an interface group. Assume these two additional interface groups have gone down. Which statement describes the state of the VRRP master interface in this scenario?
A. The VRRP master interface remains in the up state as long as the master physical interface is up.
B. The VRRP master interface stays in the down state until all associated interface groups come up.
C. The VRRP master interface goes into a hold state until at least one of the two interface groups comes up.
D. The VRRP master interface goes into a down state until at least one of the two interface groups comes up.
Answer: B

Q: 6 Virtual Router Redundancy Protocol (VRRP) has been configured on the VPN Routers of a customer's network. However, all of the traffic is being routed to the Backup and not the Master. What could be a possible reason for this problem?
A. The Virtual Router ID (VRID) is not configured correctly.
B. The Backup and Master VPN Routers are running two different versions of code.
C. The Priority Value of the Master is set to 100, and the Backup is set to a higher value.
D. The authentication string in the Authentication Data field is not set.
Answer: C

Q: 7 To enable Fail-over support in a VPN Router configuration, a technician is setting up Static Tunnel Fail-over for Branch Office Tunnels. Primary and subsequent static routes will be created. To provide the required Fail-over support, how will the primary tunnel be configured?
A. It must be nailed up.
B. It must use RIP only.
C. It must use OSPF only.
D. It must be a virtual tunnel.
Answer: A

Q: 8 Employees at the company headquarters and out in the field have found that they are moving from an Ethernet connection to a wireless connection and back, on a regular basis while still having a VPN tunnel established. A network administrator has been tasked with finding a solution that preserves the IPSec tunnel while roaming within the LAN, without affecting applications that use the VPN tunnel. Which solution would you recommend for this customer?
A. IPSec fail-over
B. Nortel IPSec Mobility
C. Tunnel Persistance Mode
D. Virtual Router Redundancy Protocol (VRRP)
Answer: B

Q: 9 A high-profile customer dealing with electronic commerce requires non-repudiation of a signature and needs a way to guarantee both the integrity of the data and the authenticity of a sender. You recommend the use of digital certificates and the associated digital signature algorithm. Which statement about the digital signature algorithm is false?
A. The digital signature is computed using a set of rules and a set of parameters such that the identity of the signatory and integrity of the data can be verified.
B. Each user possesses a private and public key pair. Anyone can verify the signature of a user by employing that user's public key.
C. The digital signature shows who actually ordered the merchandise and but cannot guarantee that the information on the order has not been changed.
D. A private key is restricted for signature use.
Answer: C

Q: 10 A VPN Router customer is using certificate authentication for user and branch office tunnels. A supervisor has suggested configuring Certificate Management Protocol (CMP) on the VPN Routers company wide in order to reduce the administrator's workload. In what way would the configuration of CMP benefit the administrator?
A. CMP automates the processes of Certificate Revocation List (CRL) updates and CRL distributions to all VPN Routers.
B. CMP allows the VPN Router to act as a Certification Authority (CA) for other VPN Routers on the
network.
C. CMP automates the process of client certificate distribution, so the clients do not need to generate a certificate request.
D. CMP offers management of the entire certificate and key life cycle for the server of the VPN Router.
Answer: D

Q: 11 A customer's VPN Router is configured to authenticate users by their user certificates. Each user is placed into a default group upon successful authentication. Since the customer's user base is growing rapidly, they would like to create a user group for each department within the company and have each user be placed into respective groups upon successful authentication.
Which approach will support this solution?
A. Configure a 'User Access Policy' from the user's group IPsec configuration screen.
B. Configure a 'User Access Policy' in the Certification Authority certificate details section to determine group membership.
C. Use a separate Certification Authority (CA) for each group, and set each group as the 'Default Group' for its respective CA certificate.
D. Configure 'Group Access Control' in the Certification Authority certificate details section to use the Subject DN of the user certificate to determine group membership.
Answer: D

Q: 12 A customer would like to implement an authentication method that can verify both devices involved with each secure connection. Which scenario would require the use of digital certificates?
A. The LDAP Server Secure Sockets layer (SSL) encryption that provides privacy between the VPN Router and an external LDAP server.
B. The setup of an IPSec tunnel when token security is used in place of user ID and password authentication.
C. A distributed security system that uses an authentication server to verify dial-up connection attributes and authenticate connections.
D. The setup of the IPSec connection between a VPN Router and a Windows 2000 client.
Answer: A

Q: 13 A merchant requires the most stringent proof of identity requirements because its certificate is used in the Server Secure Sockets Layer (SSL) protocol to both authenticate the merchant site and is also used as part of the keying material used to encrypt customer credit card information. Which class of certification would you recommend for this merchant?
A. Class One
B. Priority Class
C. Class A1
D. Class Three
Answer: D

Q: 14 A customer has eight VPN Router 5000 systems that share an external LDAP server. Users are authenticated by the switch, which requires a valid user certificate and a user account in the LDAP database. The IT Director is concerned that someone may gain access to confidential employee information during LDAP authentication between the VPN Router and the external LDAP server. What can be done to ensure security?
A. Transfer the user accounts from the external LDAP database to an external RADIUS server.
B. Create a separate subnet just for the external LDAP database server to isolate its network traffic.
C. Configure the VPN Router and the external LDAP server to communicate via Secure Socket Layer (SSL).
D. Switch the external LDAP database to an internal LDAP database on each switch to avoid authentication over the network.
Answer: C

Q: 15 A network administrator has worked with and configured Secure Sockets Layer (SSL) /Transport Layer Security (TLS) on their VPN Router and has been made aware of a security vulnerability involving Cipher Block Chaining. What information is important to the network administrator?
A. Block ciphers are the most common in cryptography and are therefore prone to security risks.
B. Block ciphers split the message into fixed blocks of text and encrypt them individually.
C. Optional padding has been added as a countermeasure and the VPN Router default setting has been set to Not Enabled.
D. The end of the message is padded with random contents to ensure the entire message is aligned on block boundaries.
Answer: C