Test 2 | Chapters 3 & 4
Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)?
3
What is the approximate distance limitation for providing a satisfactory ADSL service from the central office to a customer?
3.39 miles or 5.46 kilometers
What is a component of an ADSL connection that is located at the customer site?
CPE
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
ICMP message type destination UDP port number
Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1?
ICMPv6 packets that are destined to PC1
Which two statements describe a remote access VPN? (Choose two.)
It is used to connect individual hosts securely to a company network over the Internet. It may require VPN client software on hosts.
Which is a requirement of a site-to-site VPN?
It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.
How can the use of VPNs in the workplace contribute to lower operating costs?
VPNs can be used across broadband connections rather than dedicated links
Which three values or sets of values are included when creating an extended access control list entry? (Choose three.)
access list number between 100 and 199 destination address and wildcard mask source address and wildcard mask
What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.)
access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255
Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet?
access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp 192.168.10.0 0.0.0.255 any eq 23
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5access-list 105 permit ip any any R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out
Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.)
access-list 110 deny tcp any any eq https access-list 110 deny tcp any any gt 75
Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs?
an implicit permit of neighbor discovery packets
What is used by BGP to determine the best path to a destination?
attributes
Where is PPPoE configured on a Cisco router?
on the dialer interface
Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64?
permit tcp any host 2001:DB8:10:10::100 eq 25
In applying an ACL to a router interface, which traffic is designated as outbound?
traffic that is leaving the router and going toward the destination host
What two functions describe uses of an access control list? (Choose two.)
ACLs provide a basic level of security for network access ACLs can control which areas a host can access on a network
What command specifies a BGP neighbor that has an IP address of 5.5.5.5/24 and that is in AS 500?
(config-router)# neighbor 5.5.5.5 remote-as 500
A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry?
0.0.1.255
Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE?
10.120.160.0 to 10.120.167.255
Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?
172.16.1.2
Refer to the exhibit. Which IP address is configured on the physical interface of the CORP router?
209.165.202.133
Which two scenarios are examples of remote access VPNs? (Choose two.)
A mobile sales agent is connecting to the company network via the Internet connection at a hotel. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.
Which two statements are correct about extended ACLs (Choose two)
Extended ACLs evaluate the source and destination addresses. Port numbers can be used to add greater definition to an ACL.
Which three statements are characteristics of generic routing encapsulation (GRE)? (Choose three.)
GRE encapsulation supports any OSI Layer 3 protocol. GRE is stateless. GRE does not have strong security mechanisms.
What functionality does mGRE provide to the DMVPN technology?
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
How is "tunneling" accomplished in a VPN?
New headers from one or more VPN protocols encapsulate the original packets
What are two WAN connection enhancements that are achieved by implementing PPPoE? (Choose two.)
PPP enables the ISP to assign an IP address to the customer WAN interface. CHAP enables customer authentication and accounting
Refer to the exhibit. Which two configurations will allow router R1 to establish a neighbor relationship with router R2? (Choose two.)
R1(config)# router bgp 65001 R1(config-router)# network 192.168.10.0 R1(config-router)# neighbor 209.165.200.226 remote-as 65002 R2(config)# router bgp 65002 R2(config-router)# network 192.168.20.0 R2(config-router)# neighbor 209.165.200.225 remote-as 65001
Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.)
R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config)# interface fastethernet 0/0 R2(config-if)# ip access-group 101 in
True or False? Multiple BGP processes can run on a router.
false
Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?
The IT group network is included in the deny statement
What are two characteristics of a PPPoE configuration on a Cisco customer router? (Choose two.)
The PPP configuration is on the dialer interface The Ethernet interface does not have an IP address
Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)
The data that is sent across this tunnel is not secure A GRE tunnel is being used
Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.)
The last four bits of a supplied IP address will be ignored The first 28 bits of a supplied IP address will be matched
Which broadband technology would be best for a small office that requires fast upstream connections?
fiber-to-the-home
Refer to the exhibit. What solution can provide a VPN between site A and site B to support encapsulation of any Layer 3 protocol between the internal networks at each site?
a GRE tunnel
When PPPoE is configured on a customer router, which two commands must have the same value for the configuration to work? (Choose two.)
dialer pool 2 ppoe-client dial-pool-number 2
Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table?
ipv6 traffic-filter ENG_ACL in
What is the function of the DSLAM in a broadband DSL network?
multiplexes individual customer DSL connections
Which broadband wireless technology is based on the 802.11 standard?
municipal Wi-Fi
Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes to 1492?
to accommodate the PPPoE headers