CCNA3 Final Exam
Which Diffie-Hellman group choices are no longer recommended?
1,2, and 5
Which choices provide for the Confidentiality function in the IPsec framework? (Choose three.) 3DES AES AH DH24 PSK SEAL SHA
3DES AES SEAL
IPsec can protect traffic in which OSI Layers?
4,5,6,7
Which two options describe a WAN? (Choose two.) A WAN is owned and managed by an organization or home user. A WAN provides networking services over large geographical areas. WAN services are provided for a fee. WANs providers offer low bandwidth speeds over short distances. WANs guarantee security between the endpoints.
A WAN provides networking services over large geographical areas. WAN services are provided for a fee.
Which IPsec framework protocol provides data integrity and data authentication, but does not provide data confidentiality?
AH
Which choices are packet encapslation options suported by IPsec? (Choose two.) AES AH DH24 ESP PSK RSA SHA
AH ESP
Which two traditional WAN connectivity options are packet-switched?
ATM Frame Relay
What address translation is performed by static NAT? An inside local address is translated to a specified outside local address. An inside local address is translated to a specified inside global address. An outside local address is translated to a specified outside global address. An inside local address is translated to a specified outside global address.
An inside local address is translated to a specified inside global address.
Why is NAT not needed in IPv6? Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large. The end-to-end connectivity problems that are caused by NAT are solved because the number of routes increases with the number of nodes that are connected to the Internet. The problems that are induced by NAT applications are solved because the IPv6 header improves packet handling by intermediate routers. Because IPv6 has integrated security, there is no need to hide the IPv6 addresses of internal networks.
Any host or user can get a public IPv6 network address because the number of available IPv6 addresses is extremely large.
Which IPsec function uses pre-shared passwords, digital certificates, or RSA certificates?
Authentication
Which queuing algorithm provides support for user-defined traffic classes?
CBWFQ
Which two devices operate in a similar manner to the voiceband modem but use higher broadband frequencies and transmission speeds. (Choose two.) Cable Modem CSU/DSU DSL Modem Optical Converter Voiceband Modem
Cable Modem DSL Modem
What type of protocol is GRE?
Carrier Protocol
What is one advantage of using NAT at the edge of the network? NAT enables end-to-end IPv4 traceability, making troubleshooting easier. Changing ISPs is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes. Dynamic NAT allows devices from outside the local network to easily initiate TCP connections to inside hosts. Performance is significantly increased because the router does not have to perform as many route lookups.
Changing ISPs is simpler because the devices on the inside network do not have to be configured with new addresses when the outside address changes.
What type of VPN can be established with a web browser using HTTPS?
Clientless VPN
The use of 3DES within the IPsec framework is an example of which of the five IPsec building blocks?
Confidentiality
Which VPN benefit allows an enterprise to increase the bandwidth for remote sites without necessarily adding more equipment or WAN links?
Cost Savings
What type of VPN enables an enterprise to rapidly scale secure access across the organization?
DMVPN
Which service provider fiber-optic technology increases the data-carrying capacity using different wavelengths?
DWDM
A customer needs a metropolitan area WAN connection that provides high-speed, dedicated bandwidth between two sites. Which type of WAN connection would best fulfill this need?
Ethernet WAN
Which two WAN connectivity options are packet-switched technologies? (Choose two.) Ethernet WAN Frame Relay ISDN PSTN
Ethernet WAN Frame Relay
Which queuing algorithm is effective for large links that have little delay and minimal congestion?
FIFO
The IPsec framework must be updated each time a new standard is developed.
False
The use of NAT makes end-to-end traceability between source and destination easier.
False
With NAT overload, each inside local IP address is translated to a unique inside global IP address on a one-for-one basis.
False
All VPNs securely transmit clear text across the Internet.
Fasle
What algorithm is used to provide data integrity of a message through the use of a calculated hash value?
HMAC
Which VPN solutions are typically managed by an enterprise? MPLS Layer 2 MPLS Layer 3 IPsec SSL Frame Relay DMVPN
IPsec SSL DMVPN
Which two traditional WAN connectivity options are circuit-switched? (Choose two.)
ISDN PTSN
What are two tasks to perform when configuring static NAT? Define the outside global address. Define the inside global address on the server Create a mapping between the inside local and inside global addresses. Configure a NAT pool. Identify the participating interfaces as inside or outside interfaces.
Identify the participating interfaces as inside or outside interfaces. Create a mapping between the inside local and inside global addresses.
Into what type of address has the IPv4 address for PC1 been translated (i.e., 209.165.200.226)?
Inside Global
What benefit does NAT64 provide? It allows sites to use private IPv4 addresses, and thus hides the internal addressing structure from hosts on public IPv4 networks. It allows sites to connect multiple IPv4 hosts to the Internet via the use of a single public IPv4 address. It allows sites to use private IPv6 addresses and translates them to global IPv6 addresses. It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to IPv4 addresses.
It allows sites to connect IPv6 hosts to an IPv4 network by translating the IPv6 addresses to IPv4 addresses.
Which two statements about the WAN OSI Layer 1 are true? It describes how data will be encapsulated into a frame. It describes the electrical, mechanical, and operational components needed to transmit bits. It includes protocols such as PPP, HDLC, and Ethernet. It includes protocols such as SDH, SONET, and DWDM.
It includes protocols such as SDH, SONET, and DWDM. It describes the electrical, mechanical, and operational components needed to transmit bits.
Which two statements describe a remote access VPN? (Choose two.) It may require VPN client software on hosts. It is used to connect individual hosts securely to a company network over the Internet. It requires static configuration of the VPN tunnel. It connects entire networks to each other. It requires hosts to send TCP/IP traffic through a VPN gateway.
It is used to connect individual hosts securely to a company network over the Internet. It may require VPN client software on hosts.
Which statement accurately describes dynamic NAT? It always maps a private IP address to a public IP address. It provides an automated mapping of inside local to inside global IP addresses. It provides a mapping of internal host names to IP addresses. It dynamically provides IP addressing to internal hosts.
It provides an automated mapping of inside local to inside global IP addresses.
Which queuing algorithm allows delay-sensitive data such as voice to be sent before packets in other queues?
LLQ
Which VPN type is a service provider managed VPN?
Layer 3 MPLS VPN
Which traditional WAN connectivity option uses T-Carrier or E-Carrier lines?
Leased lines
Which choices provide for the Integrity function in the IPsec framework? (Choose two.) AES AH DH24 MD5 PSK SEAL SHA
MD5 SHA
Which is a service provider WAN solution that uses labels to direct the flow of packets through the provider network?
MPLS
What type of VPN enables an enterprise to emulate an Ethernet multiaccess LAN with remote sites?
MPLS VPN
Which WAN connectivity option is based on Ethernet LAN technology?
Metro Ethernet
Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? NAT improves packet handling. NAT will impact negatively on switch performance.
NAT provides a solution to slow down the IPv4 address depletion. NAT introduces problems for some applications that require end-to-end connectivity.
Which feature describes SSL VPNs? All IP-based applications are supported Only requires a web browser on a host Specific devices with specific configurations can connect Uses two-way authentication with shared keys or digital certificates
Only requires a web browser on a host
What type of NAT address is the IP address of the Web Server (i.e., 209.165.201.10)?
Outside Global
Which version of NAT allows many hosts inside a private network to simultaneously use a single inside global address for connecting to the Internet? dynamic NAT PAT port forwarding static NAT
PAT
Which two WAN connectivity options are circuit-switched technologies? (Choose two.) ATM Ethernet WAN Frame Relay ISDN PSTN
PSTN ISDN
What are two common types of circuit-switched WAN technologies? PSTN ISDN DSL Frame Relay ATM
PSTN ISDN
Which WAN term defines the point where the subscriber connects to the service providers network. Customer Premises Equipment (CPE) Data Communications Equipment (DCE) Demarcation point Local Loop Point-of-Presence (POP)
Point-of-Presence (POP)
Which choices are available for the Authentication function in the IPsec framework? (Choose two.) AES AH DH24 PSK RSA SEAL SHA
RSA PSK
Which type of VPN is used to connect a mobile user?
Remote-access
A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task? Router# debug ip nat translations Router# show ip nat statistics Router# show ip nat translations Router# clear ip nat translations
Router# show ip nat translations
Which VPN benefit allows an enterprise to easily add more users to the network?
Scalability
Which VPN benefit uses advanced encryption and authentication protocols to protect data from unauthorized access?
Security
Which communication method is used in all WAN connections? Circuit-Switched Packet-Switched Parallel Serial
Serial
Which statement describes the effect of key length in deterring an attacker from hacking through an encryption key? The longer the key, the more key possibilities exist. The length of a key does not affect the degree of security. The shorter the key, the harder it is to break. The length of a key will not vary between encryption algorithms.
The longer the key, the more key possibilities exist.
When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool? The request to the server for the seventh user fails. The first user gets disconnected when the seventh user makes the request. All users can access the server. No users can access the server.
The request to the server for the seventh user fails.
What is a disadvantage of NAT? The internal hosts have to use a single public IPv4 address for external communication. There is no end-to-end addressing. The router does not need to alter the checksum of the IPv4 packets. The costs of readdressing hosts can be significant for a publicly addressed network.
There is no end-to-end addressing.
A side effect of NAT is that it hides the inside local IP address of a host from the outside network.
True
Tunneling protocols such as IPsec do not work well through NAT.
True
What is the recommended technology to use over a public WAN infrastructure when a branch office is connected to the corporate site?
VPN
A company is expanding its business to other countries. All branch offices must remain connected to corporate headquarters at all times. Which network technology is required to support this scenario?
WAN
Which type of network would be used by a company to connect locations across the country?
WAN
Which statement describes a characteristic of a WAN? All serial links are considered WAN connections. WAN networks are owned by service providers. A WAN provides end-user network connectivity to the campus backbone. A WAN operates within the same geographic scope of a LAN but has serial links.
WAN networks are owned by service providers.
What is a characteristic of a WAN? A WAN is typically owned by an enterprise which wants to interconnect its LANs. WANs always use physical cables to connect LANs. WAN service providers include carriers such as a telephone network or satellite service. A WAN operates inside the geographic scope of a LAN.
WAN service providers include carriers such as a telephone network or satellite service.
Which queuing algorithm applies priority, or weights, to identify traffic and classify it?
WFQ
Which queuing algorithm classifies traffic into different flows based on packet header addressing?
WFQ
Which queuing algorithm simultaneously schedules interactive traffic to the front of a queue to reduce response time?
WFQ
A small company with 10 employees uses a single LAN to share information between computers. Which type of connection to the Internet would be appropriate for this company?
a broadband service, such as DSL, through their local service provider
What is a security feature of using NAT on a network? denies all internal hosts from communicating outside their own network denies all packets that originate from private IP addresses allows internal IP addresses to be concealed from external users allows external IP addresses to be concealed from internal users
allows internal IP addresses to be concealed from external users
Which QoS model requires no special QoS mechanisms?
best effort
Which type of traffic tends to consume a large portion of network capacity?
data
To which two layers of the OSI model do WAN technologies provide services?
data link layer physical layer
Which is a type of WAN carrier connection that provides redundancy?
dual-carrier WAN
A company designs its network so that the PCs in the internal network are assigned IP addresses from DHCP servers, and the packets that are sent to the Internet are translated through a NAT-enabled router. What type of NAT enables the router to populate the translation table from a pool of unique public addresses, as the PCs send packets through the router to the Internet? PAT ARP dynamic NAT static NAT
dynamic NAT
A company has been assigned the 203.0.113.0/27 block of IP addresses by the ISP. The company has over 6000 internal devices. What type of NAT would be most appropriate for the employee workstations of the company? dynamic NAT overload using the pool of addresses PAT off the external router interface dynamic NAT port forwarding static NAT
dynamic NAT overload using the pool of addresses
Which technique is necessary to ensure a private transfer of data using a VPN?
encryption
Which medium do service providers use to transmit data over WAN connections with SONET, SDH, and DWDM
fiber-optic
Which type of WAN network design is the most fault-tolerant?
fully-meshed topology
An enterprise has four branches. The headquarters needs full connectivity to all branches. The branches do not need to be connected directly to each other. Which WAN topology is most suitable?
hub and spoke
What are the two fundamental Dynamic Multipoint VPN tunnel types? (Choose two.)
hub-to-spoke spoke-to-spoke
What type of NAT address is the IP address of PC1 (i.e., 192.168.10.10)?
inside Local
Using NAT terminology, what is the address of the source host on a private network as seen from inside the network? outside global inside global inside local outside local
inside local
Which QoS model provides per-request policy admission control?
integrated services
What is caused by variation in delay?
jitter
Which topology type describes the virtual connection between source to destination?
logical topology
Packet loss
packet loss
What is the variable amount of time it takes for a frame to traverse the links between the source and destination?
propagation delay
An intercity bus company wants to offer constant Internet connectivity to the users traveling on the buses. Which two types of WAN infrastructure would meet the requirements? (Choose two.) private infrastructure dedicated public infrastructure circuit-switched cellular
public infrastructure cellular
A new corporation needs a data network that must meet certain requirements. The network must provide a low-cost connection to salespeople dispersed over a large geographical area. Which two types of WAN infrastructure would meet the requirements? dedicated private infrastructure public infrastructure Internet satellite
public infrastructure Internet
Which solution allows workers to telecommute effectively and securely?
remote-access VPN
Which type of VPN may require the Cisco VPN Client software?
remote-access VPN
What is the fixed amount of time it takes to transmit a frame from the NIC to the wire?
serialization delay
What is a type of VPN that is generally transparent to the end user?
site-to-site
What are two reasons a company would use a VPN? (Choose two.) to increase bandwidth to the network to eliminate the need of having a gateway to test network connections to remote users to allow suppliers to access the network to connect remote users to the network
to allow suppliers to access the network to connect remote users to the network
Which type of traffic is unpredictable, inconsistent, and bursty?
video
Which type of traffic requires at least 384 Kbs of bandwidth?
video
Which type of traffic can be predictable and smooth?
voice
Which type of traffic cannot be retransmitted if lost?
voice
Which type of traffic must receive a higher UDP priority?
voice
