Module 6 - 8 Study Set
It allows many inside hosts to share one or a few inside global addresses.
What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command? It allows many inside hosts to share one or a few inside global addresses. It allows a list of internal hosts to communicate with a specific group of external hosts. It allows external hosts to initiate sessions with internal hosts. It allows a pool of inside global addresses to be used by internal hosts.
The NAT interfaces are not correctly assigned. The output of show ip nat statistics shows that the inside interface is FastEthernet0/0 but that no interface has been designated as the outside interface. This can be fixed by adding the command ip nat outside to interface Serial0/0/0.
What problem is causing PC-A to be unable to communicate with the Internet? The ip nat inside source command refers to the wrong interface. The NAT interfaces are not correctly assigned. The static route should not reference the interface, but the outside address instead. The access list used in the NAT process is referencing the wrong subnet. This router should be configured to use static NAT instead of PAT.
Clientless SSL
What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.) SHA RSA AES DH PSK
SHA AES
What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.) SHA RSA AES DH PSK
Public
What type of address is 64.100.190.189? public private
Integrity
Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit? integrity authentication confidentiality secure key exchange
when its employees become distributed across many branch locations
Which circumstance would result in an enterprise deciding to implement a corporate WAN? when the enterprise decides to secure its corporate LAN when its employees become distributed across many branch locations when the number of employees exceeds the capacity of the LAN when the network will span multiple buildings
It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.
Which is a requirement of a site-to-site VPN? It requires hosts to use VPN client software to encapsulate traffic. It requires the placement of a VPN server at the edge of the company network. It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic. It requires a client/server architecture.
Employees need to connect to the corporate email server through a VPN while traveling.
Which network scenario will require the use of a WAN? Employees need to connect to the corporate email server through a VPN while traveling. Employees need to access web pages that are hosted on the corporate web servers in the DMZ within their building. Employee workstations need to obtain dynamically assigned IP addresses. Employees in the branch office need to share files with the headquarters office that is located in a separate building on the same campus network.
An employee shares a database file with a co-worker who is located in a branch office on the other side of the city.
Which situation describes data transmissions over a WAN connection? A network administrator in the office remotely accesses a web server that is located in the data center at the edge of the campus. A manager sends an email to all employees in the department with offices that are located in several buildings. An employee prints a file through a networked printer that is located in another building. An employee shares a database file with a co-worker who is located in a branch office on the other side of the city.
209.165.200.225
Which source address is being used by router R1 for packets being forwarded to the Internet? 10.6.15.2 209.165.202.141 198.51.100.3 209.165.200.225
VPNs use virtual connections to create a private network through a public network.
Which statement describes a VPN? VPNs use open source virtualization software to create the tunnel through the Internet. VPNs use logical connections to create public networks through the Internet. VPNs use dedicated physical connections to transfer data between remote users. VPNs use virtual connections to create a private network through a public network.
It must be statically set up.
Which statement describes an important characteristic of a site-to-site VPN? It must be statically set up. It is ideally suited for use by mobile workers. It requires using a VPN client on the host PC. After the initial connection is established, it can dynamically change connection information. It is commonly implemented over dialup and cable modem networks.
Frame Relay T1/E1
Which two WAN infrastructure services are examples of private connections? (Choose two.) cable DSL Frame Relay T1/E1 wireless
WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals. WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices.
Which two statements about the relationship between LANs and WANs are true? (Choose two.) Both LANs and WANs connect end devices. WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals. WANs must be publicly-owned, but LANs can be owned by either public or private entities. WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices. LANs connect multiple WANs together.
NAT provides a solution to slow down the IPv4 address depletion. NAT introduces problems for some applications that require end-to-end connectivity.
Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.) NAT improves packet handling. NAT adds authentication capability to IPv4. NAT will impact negatively on switch performance. NAT causes routing tables to include more information. NAT provides a solution to slow down the IPv4 address depletion. NAT introduces problems for some applications that require end-to-end connectivity.
The output is the result of the show ip nat translations command. The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10.
Which two statements are correct based on the output as shown in the exhibit? (Choose two.) The output is the result of the show ip nat translations command. The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10. The output is the result of the show ip nat statistics command. Traffic with the destination address of a public web server will be sourced from the IP of 192.168.1.10. The host with the address 209.165.200.235 will respond to requests by using a source address of 209.165.200.235.
Frame Relay MetroE
Which two technologies are categorized as private WAN infrastructures? (Choose two.) Frame Relay VPN MetroE DSL cable
Remote access VPN Site to site VPN
Which two technologies provide enterprise-managed VPN solutions? (Choose two.) remote access VPN Frame Relay Layer 2 MPLS VPN site-to-site VPN Layer 3 MPLS VPN
clientless SSL VPN client-based IPsec VPN
Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.) clientless SSL VPN client-based IPsec VPN IPsec VPN IPsec Virtual Tunnel Interface VPN GRE over IPsec VPN
IPsec virtual tunnel interface
Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding? MPLS VPN IPsec virtual tunnel interface dynamic multipoint VPN GRE over IPsec
SSL VPN
Which type of VPN uses the public key infrastructure and digital certificates? SSL VPN GRE over IPsec IPsec virtual tunnel interface dynamic multipoint VPN
A standard access list numbered 1 was used as part of the configuration process. Address translation is working. Two types of NAT are enabled.
A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.) A standard access list numbered 1 was used as part of the configuration process. Three addresses from the NAT pool are being used by hosts. Address translation is working. One port on the router is not participating in the address translation. The name of the NAT pool is refCount. Two types of NAT are enabled.
Router# show ip nat translations
A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task? Router# show ip nat translations Router# show ip nat statistics Router# clear ip nat translations Router# debug ip nat translations
PAT using an external interface
Based on the output that is shown, what type of NAT has been implemented? dynamic NAT with a pool of two public IP addresses PAT using an external interface static NAT with a NAT pool static NAT with one entry
209.165.200.225
From the perspective of R1, the NAT router, which address is the inside global address?
1
Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1? 244 10 1 255
New headers from one or more PN protocols encapsulate the original packets
How is "tunneling" accomplished in a VPN? New headers from one or more VPN protocols encapsulate the original packets. All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private. Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers. A dedicated circuit is established between the source and destination devices for the duration of the connection.
outside global From the perspective of a NAT device, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.
In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet? outside global inside global outside local inside local
cable A teleworker would like to bundle the internet connection with other phone and TV services. DSL A company requires higher download speeds than upload speeds and wants to use exiting phone lines. Frame Relay A company has a Headquaters and four remote locations. The Headquaters site will require more bandwidth than the four remote sites. MetroE A multi site college wants to connect using Ethernet technology b/w the sites. T1 A company would like guaranteed bandwidth using a point to point link that requires minimal expertise to install and maintain.
Match the scenario to the WAN solution. Cable DSL Frame Relay MetroE T1 VSAT A company has a Headquaters and four remote locations. The Headquaters site will require more bandwidth than the four remote sites. A company requires higher download speeds than upload speeds and wants to use exiting phone lines. A company would like guaranteed bandwidth using a point to point link that requires minimal expertise to install and maintain. A teleworker would like to bundle the internet connection with other phone and TV services. A multi site college wants to connect using Ethernet technology b/w the sites.
209.165.200.245
NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server? 192.168.1.5 203.0.113.10 172.16.1.254 172.16.1.10 209.165.200.245 192.0.2.2
Not enough information is given to determine if both static and dynamic NAT are working.
The NAT configuration applied to the router is as follows: ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255 ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224 ERtr(config)# ip nat inside source list 1 pool corp overload ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4 ERtr(config)# interface gigabitethernet 0/0 ERtr(config-if)# ip nat inside ERtr(config-if)# interface serial 0/0/0 ERtr(config-if)# ip nat outside Based on the configuration and the output shown, what can be determined about the NAT status within the organization? Static NAT is working, but dynamic NAT is not. Dynamic NAT is working, but static NAT is not. Not enough information is given to determine if both static and dynamic NAT are working. NAT is working.
Inside global 192.0.2.1 Outside global 203.0.113.5 Inside local 10.130.5.76
The PC is sending a packet to the Server on the remote network. Router R1 is performing NAT overload. From the perspective of the PC, match the NAT address type with the correct IP address. (Not all options are used.) Inside global Outside global Inside local 203.0.113.5 203.0.113.14 192.0.2.2 192.0.2.1 10.130.5.1 10.130.5.76
AES
What algorithm is used with IPsec to provide data confidentiality? Diffie-Hellman SHA MD5 RSA AES
SHA MD5
What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.) SHA RSA DH MD5 AES
Create a mapping between the inside local and outside local addresses. Identify the participating interfaces as inside or outside interfaces.
What are two tasks to perform when configuring static NAT? (Choose two.) Configure a NAT pool. Create a mapping between the inside local and outside local addresses. Identify the participating interfaces as inside or outside interfaces. Define the inside global address on the server Define the outside global address.
port numbers
What does NAT overloading use to track multiple internal hosts that use one inside global address? port numbers IP addresses autonomous system numbers MAC addresses
What has to be done in order to complete the static NAT configuration on R1? Interface Fa0/0 should be configured with the command no ip nat inside. Interface S0/0/0 should be configured with the command ip nat outside. R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11. R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11.
What has to be done in order to complete the static NAT configuration on R1? Interface Fa0/0 should be configured with the command no ip nat inside. Interface S0/0/0 should be configured with the command ip nat outside. R1 should be configured with the command ip nat inside source static 209.165.200.200 192.168.11.11. R1 should be configured with the command ip nat inside source static 209.165.200.1 192.168.11.11.
There is not end to end addressing
What is a disadvantage of NAT? There is no end-to-end addressing. The router does not need to alter the checksum of the IPv4 packets. The internal hosts have to use a single public IPv4 address for external communication. The costs of readdressing hosts can be significant for a publicly addressed network.
Allows peers to exchange
What is the function of the Diffie-Hellman algorithm within the IPsec framework? guarantees message integrity allows peers to exchange shared keys provides authentication provides strong data encryption
Guarantees message integrity
What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN? protects IPsec keys during session negotiation authenticates the IPsec peers creates a secure channel for key negotiation guarantees message integrity
