HP-Y3: IMPLEMENTING HP NETWORK INFRASTRUCTURE SOLUTIONS HP Networking Exam preparation guide
HP-Y3: IMPLEMENTING HP NETWORK INFRASTRUCTURE SOLUTIONS HP Networking Exam preparation guide Overview Requirements for successful completion This guide helps you to study for the Implementing HP Network Infrastructure Solutions (HP-Y3) exam. You can benefit from this guide whether you are attempting to expand your existing HP certification or you have a former H3C or a Cisco background and want to get certified with HP. To pass the exam, you will need to demonstrate knowledge of intermediate routing and switching technologies, such as Open Shortest Path First (OSPF) routing, multicast forwarding, multicast routing, Quality of Service (QoS), WAN technologies, and more as well as the ability to implement these technologies on HP A-Series and E-Series products. You must also be able to implement a wide variety of security technologies built into HP products. 2
Table of Contents Why take the exam?... 5 HP ASE Network Infrastructure [2] certification... 5 Path... 5 Path 2... 5 Path 3... 5 HP ASE Wireless Networks [2] certification... 6 Path... 6 Path 2... 7 Path 3... 7 Path 4... 7 Who should take the exam?... 8 Who does not need to take this exam?... 9 How to study for the exam... 9 Study tips based on your certification... HP AIS [2]... Any ASE certification... H3CSE certification... CCNP Routing and Switching or Wireless certification... Attend recommended ILTs... Implementing HP E-Series Networks... 2 Topics covered... 2 Format offered... 2 More information... 2 Implementing HP A-Series Networks... 2 Topics covered... 2 Format offered... 3 More information... 3 Implementing HP Network Infrastructure Security... 3 Topics covered... 3 Format offered... 3 More information... 4 Accelerated Implementing HP A & E-Series Secure Infrastructure Networks... 4 Topics covered... 4 Format offered... 4 More information... 4 Purchase self-study materials... 4 Complete recommended WBTs... 4 HP Switching and Routing Technologies... 5 Topics covered... 5 Format offered... 5 More information... 5 HP Internet and WAN Technologies... 5 Topics covered... 6 Format offered... 6 More information... 6 HP Network Infrastructure Security Technologies... 7 Topics covered... 7 Format offered... 8 More information... 8 Refer to additional materials... 8 Obtain hands-on experience... 8 3
How to take the Implementing HP Network Infrastructure Solutions (HP-Y3) exam... 8 Exam content... 9 Comments on the exam... 2 Tips for taking HP exams... 2 Register... 2 Sample questions... 22 Conclusion... 25 Appendix: Answers to the sample questions... 25 4
Why take the exam? Passing this test gives you one component toward two HP Accredited Systems Engineer (ASE) certifications, described below. NOTE Anyone can take the exam, but passing it only helps you to achieve certification if you have one of the prior achievements listed in Table. If you are a new candidate, obtain the HP ASE Network Infrastructure [2] certification first. HP ASE Network Infrastructure [2] certification The HP ASE Network Infrastructure [2] certification indicates that you can: Design, implement, and troubleshoot secure network solutions for large and complex, multivendor campus LAN environments using HP E- and A-Series network technologies Design and implement an HP open-standards based network solution, including those that interoperate with non-hp networking solutions There are three paths to achieve this certification, as outlined below. The exams you must pass are dependent upon which achievements you currently hold. Path This path is designed for networking professionals who have one of the following certifications: ASE HP ProCurve (26 or later) and HP Enterprise Networking Products Technical Qualification [2] ASE HP ProCurve Campus LANs [2] and HP Enterprise Networking Products Technical Qualification [2] HP ASE Wireless Networks [2] If you meet one of these criteria, you do not need to take the HP-Y3 exam; passing the HP-Y32 alone gives you the certification. By completing this path, you will also be granted the HP AIS Network Infrastructure [2] certification. Path 2 This path is designed for networking professionals who have one of the following certifications. ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] H3CSE CCNP Routing and Switching If you meet one of these criteria, you must pass the Implementing HP Network Infrastructure Solutions (HP-Y3) exam and Designing & Troubleshooting Open Standard Networks (HP-Y32) exam to earn the certification. If you complete this path, you will also be granted the HP AIS Network Infrastructure [2] certification. Path 3 If you do not meet the requirements for path or path 2, then you must complete this path, which is designed for new candidates. First, you must achieve the prerequisite certification, HP AIS Network Infrastructure [2]. Second, you must pass the following exams: Implementing HP Network Infrastructure Solutions (HP-Y3) Designing & Troubleshooting Open Standard Networks (HP-Y32) Table summarizes the requirements for all three paths. 5
Table : HP ASE Network Infrastructure [2] requirements based on current achievement Current achievements Path Path 2 Path 3 HP Enterprise Networking Products Technical Certification [2] + either: ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] HP ASE Wireless Networks H3CSE CCNP Routing and Switching* Either ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] New or any other candidate Requirements for HP ASE Network Infrastructure certification HP AIS Network Infrastructure [2] certification Proctored Exam Implementing HP Network Infrastructure Solutions (HP-Y3) Proctored Exam Designing & Troubleshooting Open-Standard Networks (HP-Y32) X X X X X X X X X X X *Note: CCNP specialties such as Voice, Security, or Routing, and Switching do not apply toward HP ASE Network Infrastructure [2] certification. HP ASE Wireless Networks [2] certification The HP ASE Wireless Networks [2] achievement certifies that you: Can design and implement complex WLAN network solutions for large campus LAN environments using HP E-Series wireless technologies Have the foundational skills needed to implement A-Series wireless solutions There are four paths to achieve this certification, as outlined below. The exams you must pass are dependent upon which achievements you currently hold. The HP-Y3 exam is required only for Path 2 and Path 4 (but the other paths are described for your reference). Path This path is designed for networking professionals who have one of the following certifications: HP ASE Network Infrastructure [2] HP Enterprise Networking Products Technical Qualification [2] and ASE HP ProCurve (26 or later) HP Enterprise Networking Products Technical Qualification [2] and ASE HP ProCurve Campus LANs [2] 6
If you meet one of these criteria, then passing the HP-Y33 exam alone gives you the certification. By completing this path, you will also be granted the HP AIS Network Infrastructure [2] certification if you do not already have it. Path 2 This path is designed for networking professionals who have one of the following certifications. ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] H3CSE CCNP Wireless If you meet one of these criteria, you must pass the HP-Y3 exam and the Implementing HP Wireless Networks (HP-Y33) exam. By completing this path, you will also be granted the HP AIS Network Infrastructure [2] certification. Path 3 This path is designed for networking professionals who have the ASE HP ProCurve Mobility [29 or 2] certification. If you meet this criterion, you must pass the Wireless Networks ASE 2 Delta (HP-Y35) exam. By completing this path, you will also be granted the HP AIS Network Infrastructure [2] certification. Path 4 If you do not meet the requirements for path, path 2, or path 3, then you must complete this path, which is designed for new candidates. First, you must achieve the prerequisite certification, HP AIS Network Infrastructure [2]. Second, you must pass the following exams: Implementing HP Network Infrastructure Solutions (HP-Y3) exam Implementing HP Wireless Networks (HP-Y33) exam Table summarizes these requirements. 7
Table : HP ASE Wireless Networks [2] requirements based on current achievement Current achievements Path Path 2 Path 3 Path 4 HP ASE Network Infrastructure [2] HP Enterprise Networking Products Technical Certification [2] + either: ASE HP ProCurve (26 or later) Either: ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] H3CSE CCNP Wireless* ASE HP ProCurve Mobility [29 or 2] New or any other candidate ASE HP ProCurve Campus LANs [2] HP AIS Network Infrastructure [2] certification X Requirements for ASE Wireless certification Proctored Exam Implementing HP Network Infrastructure Solutions (HP-Y3) Proctored Exam Implementing HP Wireless Networks (HP-Y33) X X X X X X X X X X Proctored Exam Wireless Networks ASE 2 Delta (HP-Y35) X *Note: CCNP specialties such as Voice, Security, or Routing, and Switching do not apply toward HP ASE Wireless Networks [2] certification. Who should take the exam? Anyone can take the Implementing HP Network Infrastructure Solutions (HP-Y3) exam, but most successful candidates have two years of real-world experience implementing or maintaining network infrastructure solutions in a campus LAN or enterprise environment. Successful candidates also prepare for the test in a variety of ways. This guide describes some of these ways and provides references to materials for further preparation. 8
NOTE Anyone can take the exam, but passing it only helps you to achieve certification if you have one of the prior achievements listed in Table or Table 2. If you are a new candidate, obtain the HP AIS [2] certification first. Who does not need to take this exam? You do not need to take this exam if you have achieved any of the following: ASE HP ProCurve (26 or later) and HP Enterprise Networking Products Technical Qualification [2] ASE HP ProCurve Campus LANs [2] and HP Enterprise Networking Products Technical Qualification [2] HP ASE Wireless Networks [2] ASE HP ProCurve Mobility (29 or 2) certification If you have any of the first three achievements, you only need to take the Designing and Troubleshooting Open Standard Networks (HP-Y32) exam to obtain the HP ASE Network Infrastructure [2] certification. If you need the HP ASE Wireless Networks [2] certification, you can then take only the Implementing HP Wireless Networks (HP-Y33) exam. If you have ASE HP ProCurve Mobility (29 or 2) certification, take only the Wireless Networks ASE 2 Delta (HP-Y35) exam to earn the HP ASE Wireless Networks [2] certification. Then, after you pass the Designing and Troubleshooting Open Standard Networks (HP-Y32) exam, you also receive the HP ASE Network Infrastructure [2] certification. How to study for the exam The Implementing HP Network Infrastructure Solutions (HP-Y3) exam tests you on topics that are covered in several HP instructor-led training (ILT) and Web-based training (WBT) courses. Table 3 indicates the training specifically recommended for you based on your current achievements. While it is recommended that you complete this training, the training is neither required nor does it guarantee that you will pass the exam. It is expected that you will also study on your own and draw on your real-world experience. Read the sections below to further assess your options. Even if you do not intend to complete the recommended ILTs and WBTs, you should examine the topics that they cover because the exam will test you on your mastery of these topics. 9
Table 3: Recommended training based on current achievement Current achievements HP AIS [2] ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] H3CSE CCNP Routing and Switching CCNP Wireless Implementing HP A-Series Networks (5-day ILT) X X X X X Courses for the HPY3 exam Implementing HP E-Series Networks (4-day ILT) Implementing HP Network Infrastructure Security (2-day ILT) HP Switching and Routing Technologies (WBT) Internet and WAN Technologies (WBT) HP Network Infrastructure Security Technologies (WBT) Total days for recommended training X X X X X X X X X X X X X X days 5 days 5 days 6 days days days NOTE There is also a fourth HP ILT, Accelerated Implementing HP A & E-Series Secure Infrastructure Networks, which combines the content covered in the three ILTs listed in Table 3 and is completed in just 5 days. More information on all four ILTs including the recommended qualifications for candidates attending the Accelerated course is available in this exam preparation guide. More information is also provided on the WBTs. Study tips based on your certification First you might want to choose topics on which to focus based on your current skills: HP AIS Network Infrastructure [2] Any ASE H3CSE CCNP Routing and Switching or Wireless You can then read about specific study methods. HP AIS [2] With your current certification, you are ready to succeed at training at the ASE level. All of the training at this level is recommended for you to give you the best chances at succeeding. This guide also provides other suggestions for preparing. To learn more about ways to prepare for the Implementing HP Network Infrastructure Solutions (HP-Y3) exam, continue reading, beginning at: Attend recommended ILTs.
Any ASE certification Your current knowledge of HP E-Series products, including their security features, should be sufficient. (Of course, you might need to review if you received your certification several years ago.) However, you will need to expand your knowledge of the HP A-Series products and technologies to pass the exam. As indicated in the table, you might consider taking just the Implementing HP A-Series Networks ILT and reviewing the Internet and WAN Technologies WBT, if you have not completed that WBT before. To learn more about ways to prepare for the Implementing HP Network Infrastructure Solutions (HP-Y3) exam, continue reading, beginning at: Attend recommended ILTs. H3CSE certification Your current knowledge of HP A-Series products should be sufficient. However, you must understand how to implement the same protocols with which you are familiar on A-Series products on E-Series products as well. In addition, you must be able to implement network security on both HP A-Series and E-Series products as well as understand general concepts related to HP security technologies. You should take the ILTs and WBTs recommended to you. To learn more about ways to prepare for the Implementing HP Network Infrastructure Solutions (HP-Y3) exam, continue reading, beginning at: Attend recommended ILTs. CCNP Routing and Switching or Wireless certification The Implementing HP Network Infrastructure Solutions (HP-Y3) exam tests both your general knowledge of intermediate switching, routing, and security technologies as well as your specific ability to implement these technologies on HP products. As a Cisco-certified professional, you should not find the general knowledge questions difficult although you might want to review concepts that you have not studied recently using the WBTs described later in this guide. In particular, if you have the Wireless certification, you might need to expand your knowledge of switching and security technologies. While you do not need to produce exact CLI commands from memory, you must demonstrate that you can navigate HP products CLIs and follow the proper procedures to configure settings. If you do not attend the recommended ILTs, which provide hands-on experience in a lab, you should practice configuring the switching and routing technologies covered in the courses on actual HP A-Series and E-Series products. To learn more about ways to prepare for the exam, continue reading, beginning at: Attend recommended ILTs. Attend recommended ILTs Four ILTs are available to help you to prepare for this exam. The first three are: Implementing HP E-Series Networks, Rev.4 or later (4 days) Implementing HP A-Series Networks, Rev..4 or later (5 days) Implementing HP Network Infrastructure Security, Rev..4 or later (2 days) You are highly encouraged to attend these courses, where you will expand your knowledge of networking and security technologies and gain hands-on experience implementing these technologies on HP equipment. You may also have the option of taking Accelerated Implementing HP A & E-Series Secure Infrastructure Networks, Rev..3 or later as an alternative to the three ILTs listed above. This ILT combines Implementing HP E-Series Networks, Implementing HP A-Series Networks, and Implementing HP Network Infrastructure Security and delivers the material in a compressed timeframe: 5 days instead of. Qualifications for this course are listed below. You can register for these ILTs in The Learning Center of your HP Partner Portal, which is the HP Learning Management System for HP customers and partners. You will require an HP Learner ID to register for a class. Note that, while it only takes a few minutes to request the ID, the process of activating it may take up to several days. Please obtain this ID and then register for classes at least one week in advance. Costs and scheduling vary according to region.
Implementing HP E-Series Networks Implementing HP E-Series Networks describes techniques for designing and implementing resilient switched and routed converged networks based on the HP E-Series ProVision ASIC switches. These networks will be capable of fulfilling the triple play requirement of supporting voice, video, and data transmissions on a unified infrastructure. Topics covered In this course, you learn about: E-Series ProVision ASIC networking products and technologies Providing redundant links and default gateways with Multiple Spanning Tree Protocol (MSTP)/Virtual Router Redundancy Protocol (VRRP) Designing and implementing IPv4 networks Designing and implementing OSPFv2 routing Designing and implementing Layer 2 and Layer 3 QoS Designing and implementing Internet Group Management Protocol (IGMP), Protocol Independent Multicast Sparse Mode (PIM-SM), and PIM-Dense (PIM-DM) Designing and implementing QinQ Designing and implementing IPv6, OSPFv3, and DHCPv6 Format offered 4-day instructor-led course, 4% lecture and 6% hands-on labs and classroom activities. The course may be delivered using a remote lab environment. More information If you are interested, the course datasheet discusses Implementing HP E-Series Networks in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. Implementing HP A-Series Networks The Implementing HP A-Series Networks course focuses on the advanced features required in enterprise level networks and how they can be implemented in HP Networking A-Series switches and routers. After successful completion of this course, you will have acquired the concepts and the skills necessary to install, maintain and troubleshoot an HP A-Series enterprise level network. Topics covered This course teaches you about these topics: Special VLAN types: o Port-based VLANs o Protocol-based VLANs o IP-subnet-based VLANs o MAC-address-based VLANs o SuperVLANs o Isolate-user VLANs IP gateway features IP routing o Local-proxy-ARP o MSTP + VRRP redundancy solution o OSPF network types and multi-area networks o ebgp 2
IP multicast QoS o IGMP o IGMP snooping o Multicast VLAN o PIM-DM o PIM-SM o QoS policies o ACLs o Prioritization o QoS applications Network management o Port mirroring (local and remote) o SNMP configuration o IMC fundamentals Intelligent Resilient Framework (IRF) Format offered 5-day instructor-led, 5% lecture, 35% learner research/group analysis, and 5% hands-on labs More information If you are interested, the course datasheet discusses Implementing HP A-Series Networks in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. Implementing HP Network Infrastructure Security The Implementing HP Network Infrastructure Security course prepares network engineers and network administrators to configure, troubleshoot and implement security features used to protect a network. Network protection features on both the A-Series and E-Series devices will be explored. Topics covered This course teaches you about these topics: Certificate Authority (CA)-signed certificates Traffic mirroring Access control lists (ACLs) used to filter network traffic MAC address protection Port security Traffic filters o Source port filters o Port isolation Spanning tree protection o DHCP protection o Address Resolution Protocol (ARP) protection o IP spoofing protection o Threat detection and Virus Throttling Format offered 2-day instructor-led, 5% lecture, 5% activity and 6% hands-on labs 3
More information If you are interested, the course datasheet discusses Implementing HP Network Infrastructure Security in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. Accelerated Implementing HP A & E-Series Secure Infrastructure Networks The Accelerated Implementing HP A & E-Series Secure Infrastructure Networks ILT combines the material presented in the Implementing HP E-Series Networks, Implementing HP A-Series Networks, and Implementing HP Network Infrastructure Security ILTs. It is delivered in less time than it would take to attend the ILTs separately. NOTE Given the compressed timeframe, the Accelerated course is designed to train only experienced network administrators in these topics. To attend Accelerated Implementing HP A & E-Series Secure Infrastructure Networks, you should have one of the following active certifications: ASE HP ProCurve (26 or later) ASE HP ProCurve Campus LANs [2] H3CSE CCNP Routing and Switching Topics covered In this course you learn about: Deploying and configuring HP A-Series and E-Series switches Designing, implementing, and troubleshooting routed and bridged networks using industry-standard protocols, focusing on OSPF, VRRP, and MSTP Designing and implementing triple play networks using HP prioritization and QoS features Designing and implementing IGMP, PIM Dense, and PIM Sparse Designing and implementing IPv6 and OSPFv3 Designing and implementing IRF Designing and implementing secure infrastructure networks focusing on STP, DHCP, and ARP protection; traffic mirroring; access control lists (ACLs); and Virus Throttling Format offered Five-day instructor-led, 2% lecture and 8% lab and classroom activities. The course may be delivered using a remote lab environment. More information If you are interested, the course datasheet discusses Accelerated Implementing HP A & E-Series Secure Infrastructure Networks in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-network-infrastructure.aspx. Purchase self-study materials Rather than attend the ILT, you can prepare for HP certification exams at your convenience, with HP-approved Official Exam Certification Guides. Learn at your own pace, with self-study guides written by industry experts. Each guide takes you through complex subjects with detailed, step-by-step explanations, diagrams, chapter quizzes and a practice exam. Remember that simply reading the self-study materials will not give you the hands-on experience provided by labs in the ILT. Both the study guide and exam assumes that you have real-world experience implementing enterprise networks. To purchase the self-study materials associated with this exam, visit http://www.hppress.com. 4
Complete recommended WBTs HP also recommends that you complete several WBTs, which delve into the technologies that underlie HP networking solutions: HP Switching and Routing Technologies, Rev.4or later (a prerequisite for the Implementing HP E- Series Networks and Implementing HP A-Series Networks ILTs described above) HP Internet and WAN Technologies, Rev.4 or later HP Network Infrastructure Security Technologies, Rev.4 or later (a prerequisite for the Implementing HP Network Infrastructure Security ILT described above) These WBTs are freely available through the Learning Center of your HP Partner Portal. You will need to register for the WBT, which requires an HP Learner ID. Note that, while it only takes a few minutes to request the ID, the process of activating it up may take several days. Please do not wait until the last minute. HP Switching and Routing Technologies This course describes the operation of standards and protocols that facilitate resilient and predictable network operation. It begins by aligning the standards with strategies for utilizing redundant links and network devices, and it concludes with a discussion of commonly used standards that enable an infrastructure to support converged applications. Topics covered The WBT teaches you about these concepts: Interactions among network devices that support VRRP v2 Strategies for sharing default gateway responsibilities between two Layer 3 switches IP router forwarding decisions for packets that match with multiple route table entries Comparison of automatic and manual IP address space summarization OSPF characteristics that make it suitable to resilient, large-scale intranets OSPF router roles and the significance each has to sharing route information The function and scope of each OSPF message type Proper use of OSPF area types The roles of IGMP and PIM in multicast communications, and the scope of each protocol The operation of PIM Dense and PIM Sparse and their appropriate network deployments The characteristics of and requirements for data traffic versus real-time traffic Layer 2 and Layer 3 prioritization standards and their appropriate implementations in contemporary enterprise networks The LLDP-MED standard and its relevance to QoS for VoIP and other applications Format offered The WBT is a four-hour, self-paced course, which features animation and interaction. At the end of the WBT, you take a test to assess what you have learned. More information If you are interested, the course datasheet discusses HP Switching and Routing Technologies in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. HP Internet and WAN Technologies This WBT is designed and delivered by an industry expert to help you understand the technologies that power the Internet and Wide Area Networks (WANs). The Internet has permeated every corner of the globe. Most large corporations are multi-national. High-speed connectivity to the rest of the world is now a must-have. But how is that connectivity provided? 5
There are several technologies one can choose from to enable connectivity. Service providers offer many access options to their managed networks or to the Internet. These networks then employ various technologies to enable logical connectivity for public Internet traffic, or for Virtual Private Networks (VPNs). This WBT gives you the knowledge to identify the various protocols and technologies used in service delivery. Topics covered The WBT teaches you about these concepts: Internet basics o History of the Internet o Current and future trends o Next Generation Internet requirements IP routing fundamentals IS-IS routing BGP routing MPLS o Control Plane/Data Plane fundamentals o Static versus dynamic routing o Categories of dynamic routing protocols o IS-IS terminology o IS-IS hierarchy and operation o IS-IS addressing o IS-IS messaging o IS-IS compared to OSPF o BGP terminology o Protocol interaction o BGP use models o Route advertising principals o BGP route attributes o MPLS protocols o Control plane/data plane operation o MPLS traffic engineering o MPLS Support of IPVPN o MPLS Support of Layer 2 VPNs Access and WAN technologies o Access to the Internet for consumers and businesses o Layer 2 backbone technologies o High-speed data links Format offered The WBT is a four-hour, self-paced course, which features animation and interaction. At the end of the WBT, you take a test to assess what you have learned. More information If you are interested, the course datasheet discusses HP Internet and WAN Technologies in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. 6
HP Network Infrastructure Security Technologies The HP Network Infrastructure Security Technologies WBT covers a wide variety of security technologies. It introduces network technicians to the Defense in Depth strategy for confronting contemporary threats to network security. Specifically, it covers the network infrastructure security component of this strategy, explaining technologies built into a trusted network infrastructure as well as access control and threat management technologies. Topics covered The WBT teaches you about these concepts: Types of threats o Network reconnaissance o Unauthorized access o Impersonation o Malware o Denial of Service (DoS) o Viruses and worms Defense in Depth Data privacy, integrity, and authenticity for wired and wireless communications Key management o Digital certificates o Public Key Infrastructure (PKI) Built-in protections against common protocol exploits o STP protection o DHCP snooping o ARP protection o Virus Throttle Access control Firewalls o Static VLANs o ACLs o Traditional firewall technologies, including stateful-inspection firewalls with Application Level Gateways (ALGs) or Application Specific Packet Filtering (ASPF) o Next Generation Firewalls (NGFWs) Network access control technologies o Authentication protocols such as Challenge Handshake Authentication Protocol (CHAP) and Extended Authentication Protocol (EAP) o Authentication, Authorization, and Accounting (AAA) protocols such as RADIUS and TACACS+ o 82.X o Web authentication (captive portal o MAC authentication o Directories Endpoint integrity o Personal anti-virus and firewall solutions o Web browser security o Patches o Implementation of endpoint-integrity-based NAC 7
Virtual Private Network (VPN) technologies o IPsec with Internet Key Exchange version (IKEv) o Layer 2 Tunneling Protocol (L2TP) o Point-to-Point Tunneling Protocol (PPTP) o MACsec Threat management solutions o Signature-based and anomaly-based systems o Intrusion Detection Systems (IDSs) o Intrusion Prevention Systems (IPSs o Deployment strategies Format offered The WBT is a five-hour, self-paced course, which features animation and interaction. At the end of the WBT, you take a test to assess what you have learned. More information If you are interested, the course datasheet discusses HP Network Infrastructure Security Technologies in more detail. It is available at http://h77.www.hp.com/us/en/training/certifications/technical/ase-networkinfrastructure.aspx. Refer to additional materials You might want to refer to some additional materials, particularly if you have not completed the recommended training. HP provides product documentation, which explains how to implement the technologies covered in the training. Visit http://www.hp.com/networking/support to search for the appropriate manuals. Obtain hands-on experience If possible, practice setting up technologies on actual HP equipment (refer to the earlier lists of technologies covered in the recommended training). You learn the most by configuring several switches that function together as they would in the real-world, which is the advantage of the safe lab environment provided in the ILTs. How to take the Implementing HP Network Infrastructure Solutions (HP-Y3) exam Table 4 provides details about the exam. Note that this is a proctored exam, which you must complete at a scheduled time and authorized location. You will not be allowed to take any reference materials with you. Table 4: HP-Y3 exam details Parameter Description Number of items 7 Item types Exam time Passing score Additional guidelines Multiple choice (single response) Multiple choice (multiple responses) Drag and drop 2 hours (2 minutes) 69 percent (49 correct answers) No online or hard copy reference material will be allowed at the testing site. 8
Exam content The following testing objectives represent the specific areas of content covered in the exam. Use this outline to guide your study and to check your readiness for the exam. The exam measures your understanding of these areas. Table 5: HP-Y3 exam content HP-Y3 Sections/Objectives 9% Threats and the Need for Security Defense in Depth Threats Certificates Encryption Authentication, Authorization, Accounting RADIUS 6% ACLs Describe and implement ACLs (IPv4 and IPv6) Standard vs Extended RACLs, VACLs, and PACLs % MAC Lockdown and Lockout Describe and implement MAC Lockdown and MAC Lockout % Port Security Describe and implement port security % Source Port Filters Describe and implement source port filters 3% Spanning Tree Protection BPDU Filtering BPDU Protection 3% DHCP Snooping Describe and implement DHCP snooping Integration with Option 82 % ARP Protection Describe and implement dynamic ARP protection/ MAC Spoofing % Dynamic IP Lockdown Describe and implement Dynamic IP Lockdown % Virus Throttling Describe and implement Connection-rate Filtering % Traffic Mirroring Describe and implement traffic mirroring 3% VLANs and IP Gateway Features VLANs and IP Gateway Features 7% IPv4 Routing IPv4 Routing 4% IP Multicast IP Multicast 3% Quality of Service Quality of Service 9
HP-Y3 Sections/Objectives % Network Management 3% IRF Network Management IRF 6% Resilient, Adaptive Networks Identify the characteristics and business benefits of Triple Play networks Describe the business and technological forces that are driving the development of converged networks Describe the challenges to providing high-quality voice and video on a data network Describe the HP Networking E-Series convergence strategies and solutions 9% Providing Redundant Links and Gateways Describe how VRRP and MSTP can be used to enhance network resilience and availability Describe the support for VRRP provided by the E-Series ProVision ASIC switches Describe the support for MSTP provided by the E-Series ProVision ASIC switches Given a design and customer requirements, configure MSTP on the E-Series ProVision ASIC switches Given a design and customer requirements, configure VRRP on the E-Series ProVision ASIC switches Monitor, confirm, and troubleshoot VRRP and MSTP configuration 3% Designing and Configuring IP Networks View and evaluate the contents of an IP routing table Given a set of customer requirements, design an IP network addressing and routing scheme for E-Series ProVision ASIC switches 4% OSPF Routing in the Adaptive Network Given a set of customer requirements, configure and monitor OSPF on E-Series ProVision ASIC switches Given a set of customer requirements, design an OSPF routing solution to meet enterprise needs Given a set of customer requirements, define OSPF areas to enable efficient storage and use of routing information 9% Delivering Quality of Service (QoS) Compare and contrast the characteristics and requirements for data traffic and real-time traffic Define QoS and the technologies that support it Describe Layer 2 and Layer 3 prioritization standards and their appropriate implementations in enterprise networks Describe the LLDP-MED standard and its relevance to QoS for VoIP and other applications Describe the default QoS settings on E-Series ProVision ASIC switches Given a set of customer requirements, determine if the default QoS features of the E-Series ProVision ASIC switches will adequately address the real-time traffic needs of a particular network Given a set of customer requirements, design, configure, and monitor a QoS solution using E-Series ProVision ASIC switches 2
HP-Y3 Sections/Objectives 6% Supporting IP Multicast 3% QinQ Supporting IP Multicast Explain the role of multicast routing protocols in multicast communications Describe the operation of PIM-Dense and PIM-Sparse and their appropriate network deployments Given a set of customer requirements, configure multicast support on the E-Series ProVision ASIC switches Describe the basics of QinQ Design a service provider network supporting multiple customer connections % E-Series - IPv6, OSPFv3, DHCPv6 Describe the foundations of IPv6 Describe the functions and support for IPv6 Autoconfiguration addressing Describe the functions and support for IPv6 Manual addressing Describe the functions and support for basic IPv6 routing Describe the functions and support for IPv6-OSPFv3 routing Describe the functions and support for IPv6-DHCPv6 relay Basic IPv6 troubleshooting Comments on the exam During the exam, participants can make specific comments about the items (i.e., accuracy, appropriateness to audience, etc.). HP welcomes these comments as part of our continuous improvement process. Tips for taking HP exams Rather than emphasize simple memorization, HP exams attempt to assess whether you have the knowledge and skills that a networking professional requires on the job. Therefore, some questions feature exhibits or scenarios. As you see, you will have an average of just less than two minutes per question. Some questions will take much less time, and some will require a bit more. If allowed by the systems, you might want to answer the questions about which you are sure first and then move back to the others. Before you do answer a question, take the time to read the question and all of the options carefully. If the question indicates that it features an exhibit, study the exhibit and reread the question. Make sure to select the answer that correctly responds to the question that is asked not simply an answer that includes some correct information. If the question asks for more than one answer, remember to select each correct answer. You do not receive partial credit for a partially correct answer. Register To register for this exam, visit The Learning Center at: http://www.hp.com/go/expertone You will need an HP Learner ID 2
Sample questions Use these questions to help to assess whether you are ready to take the exam. An appendix at the end of this guide provides answers and explanations.. Your network is routing multicast messages using Protocol Independent Multicast-Sparse Mode (PIM-SM). A multicast source begins to a new stream. What message does the default router for the multicast source send? a. a Join message to the Bootstrap Router (BSR) b. a Join message to the Rendezvous Point (RP) c. a Register message to the Bootstrap Router (BSR) d. a Register message to the Rendezvous Point (RP) 2. Examine the exhibit. While configuring the HP E822 zl switch to be an ABR for OSPF areas and 2, you entered this command in the switch s CLI: E546(ospf) )# area 2 stub 2 no-summary Figure : Exhibit for question 2 If you assume that all the connections are up and the OSPF routers have achieved adjacency, which routes could you see on the E542 zl switch in area 2? The routing tables associated with each option are listed on the next pages. a. A b. B c. C d. D 22
Option A IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../6.2.. 2 ospf InterArea 2.../6.2.. 2 ospf InterArea 2.2../29 VLAN2 2 connected.2../24 VLAN2 2 connected.2.2./24 VLAN22 22 connected.2../6.2..2 ospf InterArea.3../6.2.. ospf InterArea 2 27.../8 reject static 27.../32 lo connected Option B IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../.2.. 2 ospf InterArea 2.2../29 VLAN2 2 connected.2../24 VLAN2 2 connected.2.2./24 VLAN22 22 connected 27.../8 reject static 27.../32 lo connected Option C IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../6.2.. 2 ospf InterArea 2.../6.2.. 2 ospf InterArea 2.2../29 VLAN2 2 connected.2../24 VLAN2 2 connected.2.2./24 VLAN22 22 connected.3../6.2.. 2 ospf InterArea 2 27.../8 reject static 27.../32 lo connected Option D IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.2../29 VLAN2 2 connected.2../24 VLAN2 2 connected.2.2./24 VLAN22 2 connected 27.../8 reject static 27.../32 lo connected 3. The LAN shown in the exhibit is being designed as a single DiffServ domain. On which ports should packets be marked (or remarked) to comply with the DiffServ Model? (Select two.) a. inter-switch ports between the distribution layer switches b. the ports that connect the edge switches to the distribution switches c. the ports that connect the distribution ports to the edge switches d. client access ports e. server access ports 23
Figure 2: Exhibit for question 3 4. An HP A58 switch enforces an ACL, which is shown in the configuration under the exhibit. You want to allow the client shown in the exhibit to access FTP services on the server. Which is true? a. You do not need to enter a command because the current configuration permits this traffic. b. You could perm permit it the traffic with this command: permit tcp source..7....255 destination..4.2 destination destination-port range 2-2 c. You could permit the traffic with this command: permit tcp source..7.2 destination..4.2 destination destination-port range 2-2 d. You could permit the traffic with this command: rule 8 permit source..7....255 destination..4.2 destination destination-port range 2-2 e. You could permit the traffic with this command: rule 3 permit source..7. destination..4.2 destination destination-port range 2-2 Figure 3: Exhibit for question 4 A58 ACL configuration [A58] display acl 33 Advanced ACL 33, named lab, 6 rules ACL s step is 5 rule permit tcp source......255 destination..4.2 destinationdestination port range 2-2 rule 5 permit tcp source..7....255 destination..4.2 destinationdestination port eq www rule 6 permit udp source..7....255 destination..4.2 destinationdestination port eq dns rule 7 permit icmp source..7....255 destination..4.2 rule deny ip source.....255.255 destination.....255.255. logging rule 5 permit ip Figure 4: Exhibit 2 for question 4 24
5. An endpoint that supports both IPv4 and IPv6 is connected to your HP A36 switch. You want to assign to IPv4 traffic to VLAN 4 and the IPv6 traffic to VLAN 6. How do you do so? Conclusion a. Specify VLAN 6 as a protocol-based VLAN that selects IPv6. Configure the endpoint s port as a hybrid port. Set VLAN 4 as the PVID and VLAN 6 as a protocol VLAN. b. Configure the endpoint s port as a trunk port. Set VLAN 4 as the PVID and allow VLAN 6. c. Specify VLAN 6 as a protocol-based VLAN that selects IPv6. Configure the endpoint s port as a trunk port. Allow both VLAN 4 and 6, setting either VLAN as the PVID. d. Configure the endpoint s port as an access port set to VLAN 4. Then specify VLAN 6 as the access port s protocol-based VLAN setting. HP wishes you success in the HP ExpertONE Program and in passing the exam for which you are preparing. Appendix: Answers to the sample questions This section provides answers and explanations for the sample questions.. Your network is routing multicast messages using Protocol Independent Multicast-Sparse Mode (PIM-SM). A multicast source begins to a new stream. What message does the default router for the multicast source send? a. a Join message to the Bootstrap Router (BSR) b. a Join message to the Rendezvous Point (RP) c. a Register message to the Bootstrap Router (BSR) d. a Register message to the Rendezvous Point (RP) Explanation: In PIM-SIM, a router sends a Join message to indicate that it needs to join the PIM-SM tree so that it can receive multicasts for hosts connected to it or to a downstream router. It is a Register message that indicates that the router is the first-hop router for a multicast source. Therefore, the correct answer must specify a Register message, and answers a and b are incorrect. The BSR is responsible for distributing RP-to-multicast address mappings. The RP is responsible for acting as the root of the tree for a particular multicast address, and Register messages are addressed to it. Answer d is correct. 2. Examine the exhibit. While configuring the HP E822 zl switch to be an ABR for OSPF areas and 2, you entered this command in the switch s CLI: E546(ospf)# area 2 stub 2 no-summary 25
Figure : Exhibit for question 2 If you assume that all the connections are up and the OSPF routers have achieved adjacency, which routes could you see on the E542 zl switch in area 2? The routing tables associated with each option are listed on the next pages. a. A b. B c. C d. D Explanation: : A stub area typically receives interarea routes that summarize the networks in other areas. However, the command shown for the E822 zl ABR configures the routing switch to suppress those summary routes in its advertisements to routers in area 2. The ABR will only send an advertisement for a default route into area 2. The routing tables in answers a and c include OSPF interarea routes summarizing other areas, so these answerss are incorrect. In addition, the table in answer a includes a summary route for this internal routing switch s own area, which is also incorrect. The routing table in answer d does not include interarea summary routes, which is correct, but it also lacks a default route. The E822 zl automatically injects a default route into stub areas without summary routes. Therefore, answer d is incorrect. The only interarea OSPF route shown in answer b is the default route. This answer is correct. Option A IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../6.../6.2../29.2../24.2.2./24.2../6.3../6 27.../8 27.../32.2...2.. VLAN2 VLAN2 VLAN22.2..2.2.. reject lo 2 ospf 2 ospf 2 connected 2 connected 22 connected ospf ospf static connected InterArea 2 InterArea 2 InterArea InterArea 2 26
Option B IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../.2../29.2../24.2.2./24 27.../8 27.../32.2.. VLAN2 VLAN2 VLAN22 reject lo 2 ospf 2 connected 2 connected 22 connected static connected InterArea 2 Option C IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.../6.../6.2../29.2../24.2.2./24.3../6 27.../8 27.../32.2...2.. VLAN2 VLAN2 VLAN22.2.. reject lo 2 ospf 2 ospf 2 connected 2 connected 22 connected 2 ospf static connected InterArea 2 InterArea 2 InterArea 2 Option D IP Route Entries Destination Gateway VLAN Type Sub-Type Metric Dist. ------------------ --------------- ---- --------- ---------- ---------- -----.2../29.2../24.2.2./24 27.../8 27.../32 VLAN2 VLAN2 VLAN22 reject lo 2 connected 2 connected 2 connected static connected 3. The LAN shown in the exhibit is being designed as a single DiffServ domain. On which ports should packets be marked (or remarked) to comply with the DiffServ Model? Select two. a. inter-switch ports between the distribution layer switches b. the ports that connect the edge switches to the distribution switches c. the ports that connect the distribution ports to the edge switches d. clientt access ports IRF Member 3 remains Master. e. serverr access ports Figure 2: Exhibit for question 3 27
Explanation:: The DiffServ model specifies that you mark traffic (or remark already marked traffic) with a DSCP as close to the source as possible. For traffic destined to servers, the closest ports are the client access ports, so answer d is one correct answer. For return traffic from the servers to the clients, the closest ports as the server access ports, so answer e is another correct answer. In a LAN that is a single DiffServ domain, the inter inter-switch ports rts should trust the DSCP marks placed by the client or server edge switches. However, they do not need to remark those values; therefore, answers a, b, and c are incorrect. 4. An HP A58 switch enforces an ACL, which is shown in the configuration under the exhibit. You want to allow the client shown in the exhibit to access FTP services on the server. Which is true? a. You do not need to enter a command because the current configuration permits this traffic. b. You could permit the traffic with this command: perm permit it tcp source..7....255 destination..4.2 destination destination-port range 2-2 c. You could permit the traffic with this command: permit tcp source..7.2 destination..4.2 destination destination-port range 2-2 d. You could permit the traffic with this command: rule 8 permit source..7....255 destination..4.2 destination destination-port range 2-2 e. You could permit the traffic with this command: rule 3 permit source..7. destination..4.2 destination destination-port range 2-2 Explanation:: First examine the ACL to determine whether it already permits the desired traffic: Rule permits FTP traffic to the server ((destination-port port range 2 2); 2 however, it only permits this traffic from sources in.../24, and the client is in..7./24...7. Therefore, this rule does not permit the desired traffic. Rule 5 deals with HTTP traffic ((destination-port eq www). ). Therefore, it does not affect the traffic in question. Similarly, rules 6 and 7 relate to DNS and ICMP traffic and do not affect the traffic tr in question. Rule denies all other IP traffic between endpoints in.../6. This rule affects the traffic in question, which is between..7.2 and..4.2. Therefore, the ACL as it is will drop the desired traffic, and answer a is incorrect. incor Next, you must determine a valid command for altering the ACL to permit the desired traffic. You know that you must add the rule that permits the traffic before the rule that currently drops it in it other words before rule. The commands in answers b and c add the new rule at the end of the list, so they are incorrect. The commands in both answers d and e add the rule in a valid order. However, the command in answer e does not select the correct traffic. Entering for the wildcard bits (source (..7. ) forces an exact match with the listed IP address, which is not a valid IP address in this instance. You want to match the exact IP address,..7.2, or the entire..7./24 subnet. Answer d includes the correct wildcard bits for the second op option (source source..7....255)....255 Answer d is correct. Figure 3: Exhibit for question 4 28
29
A58 ACL configuration [A58] display acl 33 Advanced ACL 33, named lab, 6 rules ACL s step is 5 rule permit tcp source......255 destination..4.2 destinationport range 2-2 rule 5 permit tcp source..7....255 destination..4.2 destinationport eq www rule 6 permit udp source..7....255 destination..4.2 destinationport eq dns rule 7 permit icmp source..7....255 destination..4.2 rule deny ip source.....255.255 destination.....255.255. logging rule 5 permit ip Figure 4: Exhibit 2 for question 4 5. An endpoint that supports both IPv4 and IPv6 is connected to your HP A36 switch. You want to assign to IPv4 traffic to VLAN 4 and the IPv6 traffic to VLAN 6. How do you do so? a. Specify VLAN 6 as a protocol-based VLAN that selects IPv6. Configure the endpoint s port as a hybrid port. Set VLAN 4 as the PVID and VLAN 6 as a protocol VLAN. b. Configure the endpoint s port as a hybrid port. Set VLAN 4 as the PVID and allow VLAN 6. c. Specify VLAN 6 as a protocol-based VLAN that selects IPv6. Configure the endpoint s port as a trunk port. Allow both VLAN 4 and 6, setting either VLAN as the PVID. d. Configure the endpoint s port as an access port set to VLAN 4. Then specify VLAN 6 as the port s IPv6 protocol-based VLAN setting. Explanation: To assign IPv4 and IPv6 traffic received on the same port to different VLANs, you must complete several steps. You must create a protocol-based VLAN that specifies the correct VLAN ID and desired protocol. In addition, the port receiving the IPv4 and IPv6 traffic must be a hybrid port with the VLAN for IPv4 traffic as the PVID and the protocol-specific VLAN also specified. Answer b correctly includes specifying the port as a hybrid port, but itt does not correctly describe how to create the protocol-based VLAN for IPv6 traffic. Answer c includes thet correct method for creating the protocol-based VLAN, but it specifies the port as a trunk port, which is incorrect. Answer d is entirely incorrect, with the wrong type of port (access rather than hybrid) and an invalid way of specifying the settings for the protocol-based VLAN. Only answer a includes all of the correct steps. To learn more about HP networking, visit www.hp.com/networking Copyright 2 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. HP-Y3: Implementing HP Network Infrastructure Solutions Exam Preparation Guide / May 2