Chapters 15 - 16: IP Services and VPNs
Which LISP header is used to provide a secure boundary between multiple organizations?
Instance ID
Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?
Interface S0/0/0 should be configured with the command ip nat outside .
Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to an external server at the IP address 209.165.200.254 across a router R1 that is running dynamic NAT. (Not all options are used.)
052413/Step1-request/2-check NAT/3-must be translated/4-from dyn address pool/5-translated inside global
Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1?
1
Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?
209.165.200.245
Refer to the exhibit. Which IP address is configured on the physical interface of the CORP router?
209.165.202.133
How many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?
24
Which algorithm is considered insecure for use in IPsec encryption?
3DES
What two encryption algorithms are used in IPsec VPNs? (Choose two.)
3DES/AES
Match the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)
40312/1-fwd route fails/2-stop seeing hello/3-standby>fwd router/4-IP and MAC
Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)
A standard access list numbered 1 was used as part of the configuration process./Two types of NAT are enabled./Address translation is working.
What are three characteristics of the generic routing encapsulation (GRE) protocol? (Choose three.)
By default, GRE does not include any flow control mechanisms./GRE tunnels support multicast traffic./GRE creates additional overhead for packets that are traveling through the VPN.
Refer to the exhibit. An organization has two remote sites which are connected by a GRE tunnel through an ISP cloud network. The organization has two routers (CPE1 and CPE2) at each of the remote sites which connect to the ISP routers, SP1 and SP2. Which two nodes are the GRE tunnel endpoints to connect the two remote sites? (Choose two.)
CPE1/CPE2
Refer to the exhibit. What algorithm is being used to provide public key exchange?
Diffie-Hellman
Match the LISP term to the definition. (Not all options are used.)
EID-network device/RLOC-egress tunnel/MS-mapping/MR-map request
What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
ESP
Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?
GRE
What is a potential disadvantage when implementing HSRP as compared to GLBP?
HSRP does not provide load balancing with multiple active routers.
Refer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect?
NAT-POOL2 is bound to the wrong ACL
What is a feature or purpose of NTP peers?
NTP peers query each other to synchronize their clocks.
Which two NTP details are displayed by issuing the show ntp associations command on a switch configured to use NTP? (Choose two.)
NTP server IP address reference clock IP address
Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?
PAT using an external interface
A network administrator would like to ensure that router R1 is always elected the active router for an HSRP group. Which set of commands would ensure the required results?
R1(config-if)# ip address 192.168.1.100 255.255.255.0R1(config-if)# standby 1 ip 192.168.1.1R1(config-if)# standby 1 priority 255R1(config-if)# standby 1 preemptR1(config-if)# no shutdown
Which two identification methods are used by LISP instead of traditional IP addresses? (Choose two.)
RLOCs/EIDs
Refer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)
The router is attached to a stratum 2 device./The IP address of the time source for the router is 192.168.1.1.
Refer to the exhibit. What statement is true about the output of the show standby command?
The router is currently forwarding packets.
By the use of sequence numbers, which function of the IPsec security services prevents spoofing by verifying that each packet is non-duplicated and unique?
anti-replay protection
What is the first step in establishing an IPsec VPN?
detection of interesting traffic
Which router command is required to configure VRRP to support IPv6?
fhrp version vrrp v3
What are three advantages of using private IP addresses and NAT? (Choose three.)
hides private LAN addressing from outside devices that are connected to the Internet/conserves registered public IP addresses/permits LAN expansion without additional public IP addresses
A networking engineer is configuring an NTP client to have access to multiple NTP servers but wants one server to have priority over the others. Which command will achieve this?
ntp server 203.0.113.1 prefer
A network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router?
ntp server 209.165.200.225
What is the purpose of VTEPs when using VXLANs?
originate or terminate tunnels
How is routing handled within a LISP site?
through the use of an interior routing protocol
What is the purpose of a proxy ETR used with LISP?
to communicate with a non-LISP site
What is the purpose of a VNI when a company is using VXLANs?
to uniquely identify overlay networks
