Cisco - Accessing the WAN Practice Final Exam 2

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Download the image from a TFTP server through a network connection. & Use the Xmodem protocol to download the image through a console connection.

A network technician accidentally deleted the IOS image from flash and rebooted the router. Which two option can be used to restore the IOS image? (Choose two.) Perform a system restore through SDM. Download the image from a TFTP server through a network connection. Download the image from a TFTP server through a console connection. Establish an FTP session through an SSH connection for the image download. Use the Xmodem protocol to download the image through a console connection.

172.30.20.1:3333

Refer to 21. R1 is performing NAT overload for the 10.1.1.0/24 inside network. Host A has sent a packet to Web Server. What is the destination IP address of the return packet from Web Server when received at R1? 10.1.1.2:80 10.1.1.2:1234 172.30.20.1:1234 172.30.20.1:3333

3rd box or C

Refer to 6. Which configuration on the vty lines provides the best security measure for network administrators to remotely access the core routers at headquarters?

Serial Cable Type

Which important piece of troubleshooting information can be discovered about a serial interface using the show controllers command? queuing strategy serial cable type interface IP address encapsulation method

Shut down the interface then re-enable it.

While troubleshooting a PPP link that uses PAP authentication, a network administrator notices an incorrectly configured password in the running configuration. The administrator corrects the error by entering the command ppp pap sent-username ROUTER_NAME password NEW_PASSWORD, but the link still does not come up. Assuming that the rest of the configuration is correct and that the link has no physical layer problems, what should the administrator do? Save the configuration to NVRAM. Shut down the interface then re-enable it. Generate traffic by pinging the remote router. Use CHAP to ensure compatibility with the remote router.

DNS server for the network & Network printer that is used by many different users

A DHCP server is configured with a block of excluded addresses. What two devices would be assigned static addresses from the excluded address range? (Choose two.) A protocol analyzer DNS server for the network Network printer that is used by many different users A laptop that will get a different address each time it boots up

partial mesh

A company has its headquarters office in Dallas and five branch offices located in New York, Chicago, Los Angeles, Seattle, and Atlanta. WAN links are used for communications among offices in six sites. In planning the WAN links, the network designer is given two requirements: (1) minimize cost and (2) provide a certain level of WAN link reliability with redundant links. Which topology should the network designer recommend? star full mesh hierarchical partial mesh

reduced jitter reduced latency

A company is looking for a WAN solution to connect its headquarters site to four remote sites. What are two advantages that dedicated leased lines provide compared to a shared Frame Relay solution? (Choose two.) reduced jitter reduced costs reduced latency the ability to burst above guaranteed bandwidth the ability to borrow unused bandwidth from the leased lines of other customers

WiMAX

A light manufacturing company wishes to replace its DSL service with a non-line-of-sight broadband wireless solution that offers comparable speeds. Which solution should the customer choose? Wi-Fi satellite WiMAX Metro Ethernet

Configure routing protocol authentication.

A network administrator determines that falsified routing information is propagating through the network. What action can be used to address this threat? Update the IOS images. Change console passwords. Employ end-user authentication. Configure routing protocol authentication.

Conduct a performance test and compare with the baseline that was established previously.

A network administrator has moved the company intranet web server from a switch port to a dedicated router interface. How can the administrator determine how this change has affected performance and availability on the company intranet? Conduct a performance test and compare with the baseline that was established previously. Determine performance on the intranet by monitoring load times of company web pages from remote sites. Interview departmental administrative assistants and determine if they think load time for web pages has improved. Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.

The IP addressing scheme of the network

A network administrator is analyzing the data from a network performance baseline. Which condition will not be indicated in the baseline data? The IP addressing scheme of the network The most heavily used parts of the network Congested areas of the network Error rates in different parts of the network

Extended ACLs should be applied closest to the source that is specified by the ACL.

A network administrator is instructing a technician on best practices for applying ACLs. Which suggestion should the administrator provide? Named ACLs are less efficient than numbered ACLs. Standard ACLs should be applied closest to the core layer. ACLs applied to outbound interfaces are the most efficient. Extended ACLs should be applied closest to the source that is specified by the ACL.

The service provider is closer to the location on the East side.

A network administrator is tasked with maintaining two remote locations in the same city. Both locations use the same service provider and have the same service plan for DSL service. When comparing download rates, it is noticed that the location on the East side of town has a faster download rate than the location on the West side of town. How can this be explained? The West side has a high volume of POTS traffic. The West side of town is downloading larger packets. The service provider is closer to the location on the East side. More clients share a connection to the DSLAM on the West side.

Configure authentication. & Define the asymmetrical keys.

A network technician wants to implement SSH as the means by which a router may be managed remotely. What are two procedures that the technician should use to successfully complete this task? (Choose two.) Configure the login banner. Configure authentication. Define the asymmetrical keys. Configure the console password. Enter the service password-encryption command.

It will be difficult to isolate the problem if two teams are implementing changes independently.

A recently patched application server is experiencing response time problems. The network on which the application server is located has been experiencing occasional outages that the network team believes may be related to recent routing changes. Network and application teams have been notified to work on their respective issues. Which statement applies to this situation? Only results from the software package should be tested as the network is designed to accommodate the proposed software platform. Scheduling will be easy if the network and software teams work independently. It will be difficult to isolate the problem if two teams are implementing changes independently. Results from changes will be easier to reconcile and document if each team works in isolation.

The router searches Inverse ARP tables for maps of DLCIs to IP addresses. & A table of static mappings can be searched.

A router in a Frame Relay network needs to forward a message received from a host. What two methods does the router use to identify the correct VC to forward the message? (Choose two.) The router forwards the frame to all ports in the network and learns the address from the reply frame. The destination host IP address is embedded in the DLCI. The router searches Inverse ARP tables for maps of DLCIs to IP addresses. A table of static mappings can be searched.The router broadcasts a request for the required IP address.

IPv4 is incompatible with RIPng

An administrator is configuring a dual stack router with IPv6 and IPv4 using RIPng. The administrator receives an error message when trying to enter the IPv4 routes into RIPng. What is the cause of the problem? When IPv4 and IPv6 are configured on the same interface, all IPv4 addresses are over-written in favor of the newer technology. Incorrect IPv4 addresses are entered on the router interfaces. RIPng is incompatible with dual-stack technology. IPv4 is incompatible with RIPng.

application layer

An administrator is unable to receive e-mail. While troubleshooting the problem, the administrator is able to ping the local mail server IP address successfully from a remote network and can successfully resolve the mail server name to an IP address via the use of the nslookup command. At what OSI layer is the problem most likely to be found? physical layer data link layer network layer application layer

Contents in NVRAM will be ignored.

An administrator issues the command [confreg 0x2142] at the rommon 1> prompt. What is the effect when this router is rebooted? Contents in RAM will be erased. Contents in RAM will be ignored. Contents in NVRAM will be erased. Contents in NVRAM will be ignored.

Contents in NVRAM will be ignored.

An administrator issues the command confreg 0×2142 at the rommon 1> prompt. What is the effect when this router is rebooted? Contents in RAM will be erased. Contents in RAM will be ignored. Contents in NVRAM will be erased. Contents in NVRAM will be ignored.

phishing

An administrator learns of an e-mail that has been received by a number of users in the company. This e-mail appears to come from the office of the administrator. The e-mail asks the users to confirm their account and password information. Which type of security threat does this e-mail represent? cracking phishing phreaking spamming

demarcation point

At what physical location does the responsibility for a WAN connection change from the user to the service provider? demilitarized zone (DMZ) demarcation point local loop cloud

The implementation of a tunneling protocol

In addition to standard security procedures, what additional feature of VPN technology supports privacy between end users? The implementation of a tunneling protocol The use of only baseband connections A requirement of active authentication via a RADIUS server The use of a call-back procedure to verify user credentials

Only control FECN and BECN bits are sent over the Frame Relay connection. No data traffic traverses the link.

Refer to 1. Which statement is true about the Frame Relay connection? The Frame Relay connection is in the process of negotiation. A congestion control mechanism is enabled on the Frame Relay connection. The "ACTIVE" status of the Frame Relay connection indicates that the network is experiencing congestion. Only control FECN and BECN bits are sent over the Frame Relay connection. No data traffic traverses the link.

ip nat inside source static 192.168.0.10 172.16.76.3

Refer to 10. Which configuration command would result in the output in the exhibit? ip nat inside source static 10.1.200.254 172.16.76.3 ip nat inside source static 10.1.200.254 192.168.0.10 ip nat inside source static 172.16.76.3 10.1.200.254 ip nat inside source static 172.16.76.3 192.168.0.10 ip nat inside source static 192.168.0.10 172.16.76.3 ip nat inside source static 192.168.0.10 10.1.200.254

The RIPng process is not enabled on interfaces.

Refer to 11. A network administrator has issued the commands that are shown on Router1 and Router2. A later review of the routing tables reveals that neither router is learning the LAN network of the neighbor router. What is most likely the problem with the RIPng configuration? The serial interfaces are in different subnets. The RIPng process is not enabled on interfaces. The RIPng network command is not configured. The RIPng processes do not match between Router1 and Router2.

The VTP domain names do not match.

Refer to 12. Results of the show vlan and show vtp status commands for switches S1 and S2 are displayed in the exhibit. VLAN 11 was created on S1. Why is VLAN 11 missing from S2? There is a Layer 2 loop. The VTP domain names do not match. Only one switch can be in server mode. S2 has a higher spanning-tree priority for VLAN 11 than S1 does.

Reverse the order of the TCP protocol statements in the ACL.

Refer to 13. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router Router1 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks? Apply the ACL in the inbound direction. Apply the ACL on the FastEthernet 0/0 interface. Reverse the order of the TCP protocol statements in the ACL. Modify the second entry in the list to permit tcp host 172.16.10.10 any eq telnet.

Check that R1 has a route to the network where the TFTP server resides.

Refer to 14. A network administrator is trying to backup the IOS software on R1 to the TFTP server. He receives the error message that is shown in the exhibit, and cannot ping the TFTP server from R1. What is an action that can help to isolate this problem? Use correct source file name in the command. Verify that the TFTP server software is running. Make sure that there is enough room on the TFTP server for the backup. Check that R1 has a route to the network where the TFTP server resides.

Port Fa0/2 on S2 is assigned to the wrong VLAN.

Refer to 15. All devices are configured as shown in the exhibit. PC1 is unable to ping the default gateway. What is the cause of the problem? The default gateway is in the wrong subnet. STP has blocked the port that PC1 is connected to. Port Fa0/2 on S2 is assigned to the wrong VLAN. S2 has the wrong IP address assigned to the VLAN30 interface.

frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1 frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2

Refer to 16. A network administrator is tasked with completing the Frame Relay topology that interconnects two remote sites. How should the point-to-point subinterfaces be configured on HQ to complete the topology? frame-relay interface-dlci 103 on Serial 0/0/0.1 frame-relay interface-dlci 203 on Serial 0/0/0.2 frame-relay interface-dlci 301 on Serial 0/0/0.1 frame-relay interface-dlci 302 on Serial 0/0/0.2 frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1 frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2 frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1 frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2

The TCP/IP information is supplied to any DHCP client on the network connected to the FastEthernet 0/0 interface of R1.

Refer to 17. How is the TCP/IP configuration information specified by the default-router and dns-server commands made available? The TCP/IP information is forwarded to a 10.0.1.3 to be supplied to DHCP clients. The TCP/IP information is used by DNS clients to forward all data to the default gateway on R1 of 10.0.1.3. The TCP/IP information is supplied to any DHCP client on the network connected to the FastEthernet 0/0 interface of R1. -The TCP/IP information is applied to each packet that enters R1 through the FastEthernet 0/0 interface that are hosts on the 10.0.1.0 /24 network except packets from addresses 10.0.1.2, 10.0.1.16, and 10.0.1.254.

Telnet to 172.16.20.0/24 is denied & Telnet to 172.16.10.0/24 is permitted

Refer to 18. Based on the output as shown, which two statements correctly define how the router will treat Telnet traffic that comes into interface FastEthernet 0/1? (Choose two). Telnet to 172.16.10.0/24 is denied. Telnet to 172.16.20.0/24 is denied. Telnet to 172.16.0.0/24 is permitted. Telnet to 172.16.10.0/24 is permitted. Telnet to 172.16.20.0/24 is permitted.

Reverse the order of the TCP protocol statements in the ACL.

Refer to 19. Partial results of the show access-lists and show ip interface FastEthernet 0/1 commands for router R3 are shown. There are no other ACLs in effect. Host A is unable to telnet to host B. Which action will correct the problem but still restrict other traffic between the two networks? Apply the ACL in the inbound direction. Apply the ACL on the FastEthernet 0/0 interface. Reverse the order of the TCP protocol statements in the ACL. Modify the second entry in the list to permit tcp host 192.168.10.10 any eq telnet .

a reflexive ACL

Refer to 2. Computers on the internal network need access to all servers in the external network. The only traffic that is permitted from the external network must be responses to requests that are initiated on the internal network. Which security measure would satisfy this requirement? a numbered extended ACL a named standard ACL a reflexive ACL a dynamic ACL

b) HQ(config-subif)#frame-relay interface-dlci 301 on Serial 0/0/0.1 & HQ(config-subif)# frame-relay interface-dlci 302 on Serial 0/0/0.2

Refer to 20. You are a network administrator who has been tasked with completing the Frame Relay topology that interconnects two remote sites. How should the point-to-point subinterfaces be configured on HQ to complete the topology? a) HQ(config-subif)#frame-relay interface-dlci 103 on Serial 0/0/0.1 HQ(config-subif)#frame-relay interface-dlci 203 on Serial 0/0/0.2 b) HQ(config-subif)#frame-relay interface-dlci 301 on Serial 0/0/0.1 HQ(config-subif)# frame-relay interface-dlci 302 on Serial 0/0/0.2 c) HQ(config-subif)#frame-relay map ip 172.16.1.1 103 broadcast on Serial 0/0/0.1 HQ(config-subif)#frame-relay map ip 172.16.2.2 203 broadcast on Serial 0/0/0.2 d) HQ(config-subif)#frame-relay map ip 172.16.1.1 301 broadcast on Serial 0/0/0.1 HQ(config-subif)#frame-relay map ip 172.16.2.2 302 broadcast on Serial 0/0/0.2

The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

Refer to 22. Branch A has a Cisco router and Branch B has a non-Cisco router that is using IETF encapsulation . After the commands that are shown are entered, R2 and R3 fail to establish the PVC. The R2 LMI is Cisco, and the R3 LMI is ANSI. The LMI is successfully established at both locations. Why is the PVC failing? The PVC to R3 must be point-to-point. LMI types cannot be different on each end of a PVC. A single port can only support one encapsulation type. The IETF parameter is missing from the frame-relay map ip 192.168.1.3 203 command.

The IP addressing is incorrect.

Refer to 23. Router1 and Router2 each support separate areas of a data center, and are connected via a crossover cable. Resources attached to Router1 are unable to connect to resources attached to Router2. What is the likely cause? The crossover cable is faulty. The IP addressing is incorrect. There is a Layer 2 problem with the router connection. The upper layers are experiencing an unspecified problem. One or both of the Ethernet interfaces are not working correctly.

The pool of addresses for the 172Network pool is incorrect.

Refer to 24. A host that is connected to Fa0/0 is unable to acquire an IP address dynamically from the DHCP server. The output of the debug ip dhcp server command shows "DHCPD: there is no address pool for 172.16.1.1". What is the problem? The default router for the 172Network pool is incorrect. The 172.16.1.1 address is already configured on Fa0/0. The pool of addresses for the 172Network pool is incorrect. The ip helper-address command should be implemented on the Fa0/0 interface.

Unplugged Cable

Refer to 25. Router1 is not able to communicate with its peer that is connected to this interface. Based on the output as shown, what is the most likely cause? interface reset unplugged cable improper LMI type PPP negotiation failure

The wrong encapsulation is being used.

Refer to 26. An administrator is trying to connect Router1, a Cisco router, to a non-Cisco router using a serial connection. Why is the connection failing? A loopback is not set. The interface has been shut down. The wrong encapsulation is being used. Queuing cannot be used when connecting to non-Cisco devices.

Routing protocol multicast updates can be forwarded across the Frame Relay PVC.

Refer to 27. What would be the result of entering the exhibited configuration on a Frame Relay router? The local interface DLCI will be set to 102. All traffic that is destined to 172.16.16.8 will be sent as broadcast. Only broadcast traffic will be received on the Frame Relay interface. Routing protocol multicast updates can be forwarded across the Frame Relay PVC.

B

Refer to 29. A network administrator has been asked to configure PPP with CHAP authentication over the serial link between routers R1 and R2. What additional configuration should be included on both routers to complete the task? a) R1(config)# username R1 password test R2(config)# username R2 password test b) R1(config)# username R2 password test R2(config)# username R1 password test c) R1(config)# username R1 password test2 R2(config)# username R2 password test1 d) R1(config)# username R2 password test1 R2(config)# username R1 password test2

The incorrect DLCI numbers are being configured on R2.

Refer to 3. A network administrator is attempting to configure a Frame Relay network. The administrator enters the commands as shown in the exhibit on R2, but the Frame Relay PVCs are inactive. What is the problem? The incorrect DLCI numbers are being configured on R2. The S0/0/0 interface on R2 needs to be point-to-point. The frame-relay map commands are missing the cisco keyword at the end. A single router interface cannot connect to more than one Frame Relay peer at a time.

The existing ACL is modified to include the new commands.

Refer to 30. An ACL numbered 101 already exists on this router. What happens if the network administrator issues the commands that are shown in the exhibit? The new ACL overwrites the existing ACL. The network administrator will receive an error message. The existing ACL is modified to include the new commands. A second ACL that is numbered 101 is created and contains only the new commands.

data-link layer

Refer to 31. Routers R1 and R2 are both configured for single area OSPF. Users who are connected to switch S1 are unable to access database applications that run on servers that are connected to S2. The network engineer is working remotely and only has the information that is shown in the exhibit to direct initial troubleshooting efforts. Based on the exhibit, which OSI layer is the most appropriate to start with for a divide-and-conquer approach? network layer application layer data-link layer physical layer

c) It matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet into the router.

Refer to 32. Which statement correctly describes how Router1 processes an FTP request entering interface s0/0/0, destined for an FTP server at IP address 192.168.1.5? a) It matches the incoming packet to the access-list 201 permit any any statement and allows the packet into the router. b) It reaches the end of ACL 101 without matching a condition and drops the packet because there is no access-list 101 permit any any statement. c) It matches the incoming packet to the access-list 101 permit ip any 192.168.1.0 0.0.0.255 statement, ignores the remaining statements in ACL 101, and allows the packet into the router. d) It matches the incoming packet to the access-list 201 deny icmp 192.168.1.0 0.0.0.255 any statement, continues comparing the packet to the remaining statements in ACL 201 to ensure that no subsequent statements allow FTP, and then drops the packet.

C

Refer to 34. A network administrator has been asked to configure PPP with PAP authentication over the serial link between routers R1 and R2. What additional configuration should be included on both routers to complete the task? (Possible answers on Quizlet Supplemental Sheet)

There are incorrect access control list entries.

Refer to 35. The SSH connections between the remote user and the server are failing. The correct configuration of NAT has been verified. What is the most likely cause of the problem? SSH is unable to pass through NAT. There are incorrect access control list entries. The access list has the incorrect port number for SSH. The ip helper command is required on S0/0/0 to allow inbound connections.

The FastEthernet interfaces on R1 are configured as passive.

Refer to 37. Routers R1 and R2 have been configured with EIGRP in the same autonomous system. Computers PC1 and PC2 are not able to ping each other. Further investigation has revealed that the route to 192.168.10.0 is missing from the routing table on R2. What is the cause of the problem? The networks are not correctly summarized. The FastEthernet interfaces on R1 are configured as passive. The network statements on R2 are incorrectly configured. EIGRP on R1 does not recognize the 192.168.10.0 network.

The authentication key strings do not match.

Refer to 38. An administrator has added the exhibited commands to routers A and B, but no routing updates are exchanged between the two routers. Based on the information that is given, what is the likely cause of the problem? Router A is advertising the wrong network. The authentication key strings do not match. The serial interfaces of routers A and B are not on the same network. The authentication key numbers do not match the EIGRP process number for both routers.

Reset the configuration revision number on EastSW to zero.

Refer to 4. WestSW is supposed to send VLAN information to EastSW, but that did not occur. What will force WestSW to send a VLAN update to EastSW? Change EastSW to be a VTP server. Reload both WestSW and EastSW at the same time. Erase the VLAN database on EastSW and reload the switch. Reset the configuration revision number on EastSW to zero. Reload EastSW

/22

Refer to 5. The corporate network that is shown has been assigned network 172.16.128.0/19 for use at branch office LANs. If VLSM is used, what mask should be used for addressing hosts at Branch4 with minimal waste from unused addresses? /19 /20 /21 /22 /23 /24

To prevent source IP address spoofing by hosts on the Fa0/0 LAN

Refer to 7. In the partial router configuration that is shown, what is the purpose of access list BLOCK_XYZ? To prevent source IP address spoofing by hosts on the Fa0/0 LAN To block access by Fa0/0 LAN hosts to all network services beyond the router To prevent users on the Fa0/0 LAN from opening Telnet sessions on the router To secure Fa0/0 hosts by allowing only locally sourced traffic into the Fa0/0 LAN

The VTP mode is misconfigured.

Refer to 8. A network administrator notices that three VLANs created on SW1 do not show in SW3. Based on output from the show vtp status and show running-config commands, what is the cause of the problem in the SW3 configuration? VTP version 2 is disabled. The VTP mode is misconfigured. The configure revision number for VTP does not match. Trunk mode is not configured on FastEthernet 0/1 and 0/2.*

They support multiple telecommunications interfaces of the highest speed and are able to forward IP packets at full speed on all of those interfaces.

Refer to 9. What statement is true about the core router devices? They use multiport internetworking devices to switch traffic such as Frame Relay, ATM, or X.25 over the WAN. They provide internetworking and WAN access interface ports that are used to connect to the service provider network. They provide termination for the digital signal and ensure connection integrity through error correction and line monitoring. They support multiple telecommunications interfaces of the highest speed and are able to forward IP packets at full speed on all of those interfaces.

show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down.

What are the symptoms when the s0/0/0 interface on a router is attached to an operational CSU/DSU that is generating a clock signal, but the far end router on the point-to-point link has not been activated? Show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial down, line protocol down. Show controllers indicates cable type DCE V.35. show interfaces s0/0/0 indicates serial up, line protocol down. Show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial up, line protocol down. Show controllers indicates cable type DTE V.35. show interfaces s0/0/0 indicates serial down, line protocol down.

Service providers deploy DSL in the local loop of the telephone network. & Filters and splitters allow POTS and DSL traffic to share the same medium.

What are two characteristics of DSL technology? (Choose two.) Uploads typically offer larger transfer rates than downloads. Service providers deploy DSL in the local loop of the telephone network. DSL download rates are reduced by large volumes of POTS voice traffic. Filters and splitters allow POTS and DSL traffic to share the same medium. DSL is a shared medium that allows many users to share bandwidth available from the DSLAM.

Disable the HTTP server service. & Use quotes, phrases, or poems to create passphrases.

What are two effective measures for securing routers? (Choose two.) Enable SNMP traps. Disable the HTTP server service. Use quotes, phrases, or poems to create passphrases. Configure remote administration through VTY lines for Telnet access. Protect all active router interfaces by configuring them as passive interfaces.

encapsulation encryption

What are two main components of data confidentiality? (Choose two.) checksum digital certificates encapsulation encryption hashing

Addresses that are not to be translated.

What does an access control list determine when used with NAT on a Cisco router? Addresses that are not to be translated. Addresses that are assigned to a NAT pool. Addresses that are allowed out of the router. Addresses that are accessible from the inside network.

Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

What effect would the Router1(config-ext-nacl)# permit tcp 172.16.4.0 0.0.0.255 any eq www command have when implemented inbound on the f0/0 interface? All TCP traffic is permitted, and all other traffic is denied. The command is rejected by the router because it is incomplete. All traffic from 172.16.4.0/24 is permitted anywhere on any port. Traffic originating from 172.16.4.0/24 is permitted to all TCP port 80 destinations.

Exploits vulnerabilities with the intent of propagating itself across a network

What is a major characteristic of a worm? Malicious software that copies itself into other executable programs Tricks users into running the infected software A set of computer instructions that lies dormant until triggered by a specific event Exploits vulnerabilities with the intent of propagating itself across a network

Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.

What is the result when the command permit tcp 10.25.132.0 0.0.0.255 any eq smtp is added to a named access control list and applied on the inbound interface of a router? TCP traffic with a destination to the 10.25.132.0/24 is permitted. Only Telnet traffic is permitted to the 10.24.132.0/24 network Traffic from 10.25.132.0/24 is permitted to anywhere on using any port. Traffic using port 25 from the 10.25.132.0/24 is permitted to all destinations.

Encapsulating an entire packet within another packet for transmission over a network

What is tunneling? Using digital certificates to ensure that data endpoints are authentic Creating a hash to ensure the integrity of data as it traverses a network Using alternate paths to avoid access control lists and bypass security measures Encapsulating an entire packet within another packet for transmission over a network

multiprotocol support

What major benefit does Cisco HDLC provide that ISO standard HDLC lacks? flow control error control multiprotocol support cyclic redundancy checks

static NAT

What translation method will allow a server to always keep the same public address? static NAT dynamic NAT static NAT with overload dynamic NAT with overload

The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5.

What will be the result of adding the command ip dhcp excluded-address 192.168.24.1 192.168.24.5 to the configuration of a local router that has been configured as a DHCP server? Traffic that is destined for 192.168.24.1 and 192.168.24.5 will be dropped by the router. Traffic will not be routed from clients with addresses between 192.168.24.1 and 192.168.24.5. The DHCP server will not issue the addresses ranging from 192.168.24.1 to 192.168.24.5. The router will ignore all traffic that comes from the DHCP servers with addresses 192.168.24.1 and 192.168.24.5.

access control list

When NAT is in use, what is used to determine the addresses that can be translated on a Cisco router? access control list routing protocol inbound interface ARP cache

when participating routers are in the same subnet

When would the multipoint keyword be used in Frame Relay PVCs configuration? when global DLCIs are in use when using physical interfaces when multicasts must be supported when participating routers are in the same subnet

FECN

Which Frame Relay flow control mechanism is used to signal routers that they should reduce the flow rate of frames? DE BE CIR FECN CBIR

access-list 10 deny 192.168.16.32 0.0.0.15

Which IP address and wildcard mask would be used in an ACL to block traffic from all hosts on the same subnet as host 192.168.16.43/28? access-list 10 deny 192.168.16.0 0.0.0.31 access-list 10 deny 192.168.16.16 0.0.0.31 access-list 10 deny 192.168.16.32 0.0.0.16 access-list 10 deny 192.168.16.32 0.0.0.15 access-list 10 deny 192.168.16.43 0.0.0.16

TDMA

Which Layer 2 access method separates traffic into time slots and is specified by DOCSIS for use with cable high speed Internet service? TDMA FDMA CDMA S-CDMA

FE80::1324:ABCD

Which address provides an example of an IPv6 link-local address? FE80::1324:ABCD 2001:2345:AB12:1935::FEFF 2001:1234:0000:9CA::0876/64 1234:ABCD:5678:EF00:9234:AA22:5527:FC35

confidentiality

Which characteristic of VPN technology prevents the contents of data communications from being read by unauthorized parties? QoS latency reliability confidentiality

PPP with CHAP

Which combination of Layer 2 protocol and authentication should be used to establish a link without sending authentication information in plain text between a Cisco and a non-Cisco router? PPP with PAP PPP with CHAP HDLC with PAP HDLC with CHAP

HDLC

Which data link layer encapsulation protocol is used by default for serial connections between two Cisco routers? ATM Frame Relay HDLC PPP SDLC

Configure routing protocol authentication.

Which method is most effective in protecting the routing information that is propagated between routers on the network? Disable IP source routing. Configure passive interfaces. Configure routing protocol authentication. Secure administrative lines with Secure Shell.

CIR

Which option correctly defines the capacity through the local loop guaranteed to a customer by the service provider? BE DE CIR CBIR

Extended ACLs should be applied closest to the source that is specified by the ACL.

Which option represents a best practice for applying ACLs? Named ACLs are less efficient than numbered ACLs. Standard ACLs should be applied inside the core layer. ACLs applied to outbound interfaces use fewer router resources. Extended ACLs should be applied closest to the source that is specified by the ACL.

IP

Which protocol is implicitly denied at the end of an IPv4 access list? IP TCP UDP HTTP

Each network protocol has a corresponding NCP.

Which statement is true about NCP? Link termination is the responsibility of NCP. Each network protocol has a corresponding NCP. NCP establishes the initial link between PPP devices. NCP tests the link to ensure that the link quality is sufficient.

PAP uses a two-way handshake.

Which statement is true about PAP in the authentication of a PPP session? PAP uses a two-way handshake. The password is unique and random. PAP conducts periodic password challenges. PAP uses MD5 hashing to keep the password secure.

A link-local IPv6 address is automatically configured on the interface.

Which statement is true about an interface that is configured with the IPv6 address command? IPv6 traffic-forwarding is enabled on the interface. A link-local IPv6 address is automatically configured on the interface. A global unicast IPv6 address is dynamically configured on the interface Any IPv4 addresses that are assigned to the interface are replaced with an IPv6 address.

IP address bits that must be checked are identified by a "0" in the wildcard mask.

Which statement is true about wildcard masks? Inverting the subnet mask will always create the wildcard mask. The wildcard mask performs the same function as a subnet mask. A network or subnet bit is identified by a "1" in the wildcard mask. IP address bits that must be checked are identified by a "0" in the wildcard mask.

CHAP Stacker Multilink

Which three items are LCP options that can be configured for PPP? (Choose three.) CHAP Stacker IPCP CDPCP Multilink

It creates a basis for legal action if necessary. It defines a process for managing security violations. It defines acceptable and unacceptable use of network resources.

Which three statements accurately describe attributes of a security policy? (Choose three.) It creates a basis for legal action if necessary. It should not be altered once it is implemented. It defines a process for managing security violations. It focuses primarily on threats from outside of the organization. It defines acceptable and unacceptable use of network resources. It provides step-by-step procedures to harden routers and other network devices.

They begin with the FE80::/10 prefix. & They are assigned to a host by a stateless autoconfiguration process.

Which two statements are true about IPv6 link local addresses? (Choose two.) They begin with the 2000::/3 prefix. They begin with the FE80::/10 prefix. They are assigned by IANA to an organization. They must be manually configured by the administrator. They are assigned to a host by a stateless autoconfiguration process.

reflexive

Which type of ACL will permit traffic inbound into a private network only if an outbound session has already been established between the source and destination? extended reflexive standard time-based

worm

Which type of network attack exploits vulnerabilities in the compromised system with the intent of propagating itself across a network? virus worm Trojan horse man-in-the-middle

WiMAX

Which wireless solution can provide mobile users with non line-of-sight broadband Internet access at speeds comparable to DSL or cable? Wi-Fi WiMAX satellite Metro Ethernet

Broadcast traffic and multicast traffic over the PVC must be controlled

While configuring a Frame Relay connection, when should a static Frame Relay map be used? The remote router is a non-Cisco router The local router is configured with subinterfaces Broadcast traffic and multicast traffic over the PVC must be controlled Globally significant rather than locally significant DLCIs are being used


Set pelajaran terkait

MY QUESTIONS + Adult Health HESI review questions

View Set

AP GOV UNIT 4 practice charts and graphs

View Set

Describe the five types of audit tests. Identify which of the five types are substantive tests, and which are used to reduce assessed control risk.

View Set

physical assessment final practice Qs

View Set

Intrapartum Complication (8 questions)

View Set