What is used by BGP to determine the best path to a destination? Show cost attributes administrative distance hop count attributes What equipment at the cable service provider office connects the office to the subscriber locations? CMTS CMTS What is the protocol that provides ISPs the ability to send PPP frames over DSL networks? PPPoE PPPoE Each line in the diagram represents a single connection from a user AS to an ISP AS. In which multihomed configuration is it necessary, if not required, to use BGP to exchange routing information? A D Fill in the blank. VPN Fill in the blank. Use the acronym. CHAP What are the two types of VPN connections? (Choose two.) site-to-site, remote access What are two reasons a company would use a VPN? (Choose two.) to connect remote users to the network, to allow suppliers to access the network What TCP port is used by BGP to exchange messages between routers? 179 Refer to the exhibit. Which routing protocol would likely be used to distribute routes between these routers? RIP BGP Which two components are needed to provide a DSL connection to a SOHO? (Choose two.) transceiver transceiver, DSLAM Match the broadband characteristic to the broadband type. bandwidth
is shared by many users cable bandwidth is shared by many users - cable What is an advantage offered by GRE
tunnels? support for IP multicast tunneling When a PPPoE configuration is being verified, which command can be used to verify the MTU size and encapsulation type configured on a Cisco router? show interface dialer 1 What are the three methods of establishing a VPN connection offered by Cisco devices? (Choose three.) GRE GRE, IPsec, web-based SSL Open the PT Activity. Perform the tasks in the activity and then answer the question. Which message is displayed by Web Server1? Success! GRE UP! Fill in the blank. Use only an acronym. _______ creates a PPP tunnel through the DSL connection for the purpose of sending PPP frames. PPPoE Refer to the exhibit. A network administrator configures a named ACL on the router. Why is there no output displayed when the show command is issued? The ACL is not activated. The ACL name is case sensitive. Which two keywords can be used in an access control list to replace a
wildcard mask or address and wildcard mask pair? (Choose two.) host, any Which three implicit access control entries are automatically added to the end of an IPv6 ACL? (Choose three.) deny
ipv6 any any What range of IP addresses is represented by the network and wildcard mask 192.168.70.0 0.0.0.127? 192.168.70.0 to 192.168.70.127 Fill in the blanks. Use dotted decimal format. 0.0.0.31 A network administrator needs to configure a standard ACL so that only the workstation of the administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router. Which two configuration commands can achieve the task? (Choose two.) Router1(config)# access-list 10 permit host 192.168.15.23 Which statement describes a characteristic of standard IPv4 ACLs? They filter traffic based on source IP addresses only. Which statement describes a difference between the operation of inbound and outbound ACLs? - In contrast to outbound ALCs, inbound ACLs can be used to filter packets
with multiple criteria. Inbound ACLs are processed before the packets are routed while outbound ACLs are processed after the routing is completed. A network administrator configures an ACL with the command R1(config)# access-list 1 permit 172.16.0.0 0.0.15.255. Which two IP addresses will match this ACL statement? (Choose two.) 172.16.0.255 Match each statement with the example subnet and wildcard that it describes. (Not all options are used.) hosts in a subnet with the subnet mask 255.255.252.0 all IP address bits must match exactly the first valid host address in a subnet subnetwork address of a subnet with 14 valid host addresses addresses with a subnet mask of 255.255.255.248 ... An administrator has configured an access list on R1 to allow
SSH administrative access from host 172.16.1.100. Which command correctly applies the ACL? R1(config-line)# access-class 1 in Which IPv4 address range covers all IP addresses that match the ACL filter specified by 172.16.2.0 with wildcard mask
0.0.1.255? 172.16.2.0 to 172.16.3.255 Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.) This tunnel mode does not support IP multicast tunneling. This tunnel mode provides encryption. This tunnel mode is not the default tunnel interface mode for Cisco IOS software. The data that is sent across this tunnel is not secure. A GRE tunnel is being used. The data that is sent across this tunnel is not secure. What is the only type of ACL available for IPv6? named extended Which range represents all the IP addresses that are affected when network 10.120.160.0 with a wildcard mask of 0.0.7.255 is used in an ACE? 10.120.160.0 to 10.120.168.0 10.120.160.0 to 10.120.191.255 10.120.160.0 to 10.120.167.255 10.120.160.0 to 10.127.255.255 10.120.160.0 to 10.120.167.255
Which two statements describe the effect of the access control list wildcard mask 0.0.0.15? (Choose two.) The last five bits of a supplied IP address will be ignored. The first 28 bits of a supplied IP address will be matched. The first 28 bits of a supplied IP address will be ignored. The last four bits of a supplied IP address will be matched. The last four bits of a supplied IP address will be ignored. The first 32 bits of a supplied IP address will be matched. The first 28 bits of a supplied IP address will be matched. A network administrator is designing an ACL. The networks 192.168.1.0/25, 192.168.0.0/25, 192.168.0.128/25, 192.168.1.128/26, and 192.168.1.192/26 are affected by the ACL. Which wildcard mask, if any, is the most efficient to use when specifying all of these networks in a single ACL permit entry? 0.0.0.127 0.0.0.255 0.0.1.255 0.0.255.255 A single ACL command and wildcard mask should not be used to specify these particular networks or other traffic will be permitted or denied and present a security risk. 0.0.1.255 What two functions describe uses of an access control list? (Choose two.) ACLs provide a basic level of security for network access. ACLs assist the router in determining the best path to a destination. ACLs can permit or deny traffic based upon the MAC address originating on the router. ACLs can control which areas a host can access on a network. Standard ACLs can restrict access to specific applications and ports. ACLs can control which areas a host can access on a network. Which two statements are correct about extended ACLs? (Choose two) Multiple ACLs can be placed on the same interface as long as they are in the same direction. Port numbers can be used to add greater definition to an ACL. Extended ACLs evaluate the source and destination addresses. Extended ACLs end with an implicit permit statement. Extended ACLs use a number range from 1-99. Extended
ACLs evaluate the source and destination addresses.* Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure? The login command has not been entered for vty lines. The enable secret password is not configured on R1. The permit ACE should specify protocol ip instead of tcp. The IT group network is included in the deny statement. The permit ACE specifies a wrong port number. The IT group network is included in the deny statement.* Which set of access control entries would allow all users on the 192.168.10.0/24 network to access a web server that is located at 172.17.80.1, but would not allow them to use Telnet? access-list 103 permit 192.168.10.0 0.0.0.255 host 172.17.80.1 access-list 103 permit tcp 192.168.10.0 0.0.0.255 any eq 80 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 access-list 103 deny tcp host 192.168.10.0 any eq 23 access-list 103 permit tcp 192.168.10.0 0.0.0.255 host 172.17.80.1 eq 80 Refer to the exhibit. The IPv6 access list LIMITED_ACCESS is applied on the S0/0/0 interface of R1 in the inbound direction. Which IPv6 packets from the ISP will be dropped by the ACL on R1? ICMPv6 packets that are destined to PC1 packets that are destined to PC1 on port 80 HTTPS packets to PC1 neighbor advertisements that are received from the ISP router ICMPv6 packets that are destined to PC1* What two ACEs could be used to deny IP traffic from a single source host 10.1.1.1 to the 192.168.0.0/16 network? (Choose two.) access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 255.255.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 10.1.1.1 0.0.0.0 access-list 100 deny ip host 10.1.1.1 192.168.0.0 0.0.255.255 access-list 100 deny ip 192.168.0.0 0.0.255.255 host 10.1.1.1 access-list 100 deny ip 10.1.1.1 255.255.255.255 192.168.0.0 0.0.255.255 access-list 100 deny ip 10.1.1.1 0.0.0.0 192.168.0.0 0.0.255.255* In applying an ACL to a router interface, which traffic is designated as outbound? traffic that is going from the destination IP address into the router traffic that is leaving the router and going toward the destination host traffic for which the router can find no routing table entry traffic that is coming from the source IP address into the router traffic that is leaving the router and going toward the destination host* Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.) access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 R1(config)# interface s0/0/0 access-list 105 permit tcp host 10.0.54.5 any eq www R2(config)# interface gi0/0 access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 R1(config)# interface gi0/0 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 R1(config)# interface
gi0/0 Fill in the blanks. Use dotted decimal format. 0.0.0.255 Which command is used to activate an IPv6 ACL named ENG_ACL on an interface so that the router filters traffic prior to accessing the routing table? ipv6 traffic-filter ENG_ACL in ipv6 traffic-filter ENG_ACL out ipv6 access-class ENG_ACL out ipv6 access-class ENG_ACL in ipv6 traffic-filter ENG_ACL in* Refer to the exhibit. This ACL is applied on traffic outbound from the router on the interface that directly connects to the 10.0.70.5 server. A request for information from a secure web page is sent from host 10.0.55.23 and is destined for the 10.0.70.5 server. Which line of the access list will cause the router to take action (forward the packet onward or drop the packet)? the deny ip any any that is at the end of every ACL 2 4 5 1 3 3 Which three values or sets of values are included when creating an extended access control list entry? (Choose three.) access list number between 100 and 199 default gateway address and wildcard mask access list number between 1 and 99 destination subnet mask and wildcard mask destination address and wildcard mask source subnet mask and wildcard mask source address and wildcard mask source address and wildcard mask Which IPv6 ACL command entry will permit traffic from any host to an SMTP server on network 2001:DB8:10:10::/64? permit tcp host 2001:DB8:10:10::100 any eq 25 permit tcp any host 2001:DB8:10:10::100 eq 25 permit tcp host 2001:DB8:10:10::100 any eq 23 permit tcp any host 2001:DB8:10:10::100 eq 23 permit tcp any host 2001:DB8:10:10::100 eq 25 Which two ACE commands will block traffic that is destined for a web server which is listening to default ports? (Choose two.) access-list 110 deny tcp any any lt 80 access-list 110 deny tcp any any eq 21 access-list 110 deny tcp any any eq https access-list 110 deny tcp any any gt 75 access-list 110 deny tcp any any gt 443 access-list 110 deny tcp any any eq https* Refer to the exhibit. A network administrator wants to permit only host 192.168.1.1 /24 to be able to access the server 192.168.2.1 /24. Which three commands will achieve this using best ACL placement practices? (Choose three.) R2(config)# interface fastethernet 0/0 R2(config)# access-list 101 permit ip host 192.168.1.1 host 192.168.2.1 R2(config-if)# ip access-group 101 out R2(config)# interface fastethernet 0/1 R2(config-if)# ip access-group 101 in R2(config)# access-list 101 permit ip any any R2(config)# access-list 101 permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0 R2(config)# interface fastethernet 0/0* Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.) ICMP message type destination UDP port number destination MAC address computer type source TCP hello address destination UDP port number* Which feature is unique to IPv6 ACLs when compared to those of IPv4 ACLs? the use of wildcard masks the use of named ACL ACE an implicit permit of neighbor discovery packets an implicit deny any any ACE an implicit permit of neighbor discovery packets* Which is a requirement of a site-to-site VPN? It requires the placement of a VPN server at the edge of the company network. It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic. It requires hosts to use VPN client software to encapsulate traffic. It requires a client/server architecture. It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic. Refer to the exhibit. Which IP address is configured on the physical interface of the CORP router? 10.1.1.1 209.165.202.134 10.1.1.2 209.165.202.133 209.165.202.133 Refer to the exhibit. Which two configurations will allow router R1 to establish a neighbor relationship with router R2? (Choose two.) R1(config)#
router bgp 65002 R1(config)# router bgp 65001 R2(config)# router bgp 65002 R2(config)# router bgp 65002 R1(config)#
router bgp 65001 R2(config)# router bgp 65002 R2(config)# router bgp 65002 R1(config)# router bgp 65001 Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router? 209.165.200.225 172.16.1.2 209.165.200.226 172.16.1.1 172.16.1.2 Which three statements are characteristics of generic routing encapsulation (GRE)? (Choose three.) GRE does not have strong security mechanisms. GRE encapsulation supports any OSI Layer 3 protocol. GRE is stateless. The GRE header alone adds at least 24 bytes of overhead. GRE is the most secure tunneling protocol. GRE provides flow control by default. GRE does not have strong security mechanisms. GRE encapsulation supports any OSI Layer 3 protocol. GRE is stateless. What is a component of an ADSL connection that is located at the customer site? CO CPE SOHO DSLAM CPE What is the function of the DSLAM in a broadband DSL network? multiplexes individual customer DSL connections into a single upstream link separates voice from data signals communicates directly with customer cable modems to provide Internet services to customers separates POTS traffic from ADSL traffic multiplexes individual customer DSL connections into a single upstream link Which broadband technology would be best for a small office that requires fast upstream connections? DSL WiMax fiber-to-the-home cable fiber-to-the-home What are two characteristics of a PPPoE configuration on a Cisco customer router? (Choose two.) An MTU size of 1492 bytes is configured on the Ethernet interface. The PPP configuration is on the dialer interface. The customer router CHAP username and password are independent of what is configured on the ISP router. The Ethernet interface does not have an IP address. The dialer pool command is applied to the Ethernet interface to link it to the dialer interface. The Ethernet interface does not have an IP
address. What are two WAN connection enhancements that are achieved by implementing PPPoE? (Choose two.) Encapsulating Ethernet frames within PPP frames is an efficient use of bandwidth. PPP enables the ISP to assign an IP address to the customer WAN interface. DSL CHAP features are included in PPPoE. CHAP enables customer authentication and accounting. An Ethernet link supports a number of data link protocols. CHAP enables customer authentication and accounting. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What is the code displayed on the web page? Welldone! Configuration is correct! BGP is configured! BGP is running! BGP is running! Refer to the exhibit. What solution can provide a VPN between site A and site B to support encapsulation of any Layer 3 protocol between the internal networks at each site? Cisco SSL VPN a remote access tunnel an IPsec tunnel a GRE tunnel a GRE tunnel Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.) This tunnel mode does not support IP multicast tunneling. This tunnel mode provides encryption. This tunnel mode is not the default tunnel interface mode for Cisco IOS software. The data that is sent across this tunnel is not secure. The data that is sent across this tunnel is not
secure. Which broadband wireless technology is based on the 802.11 standard? CDMA WiMAX UMTS municipal Wi-Fi municipal Wi-Fi Which two scenarios are examples of remote access VPNs? (Choose two.) A toy manufacturer has a permanent VPN connection to one of its parts suppliers. A mobile sales agent is connecting to the company network via the Internet connection at a hotel. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network. All users at a large branch office can access company resources through a single VPN connection. A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ. A mobile sales agent is connecting to the company network via the Internet connection at a hotel. An employee who is working from home uses VPN client software on a laptop in order to connect to the company network. What command specifies a BGP neighbor that has an IP address of 5.5.5.5/24 and that is in AS 500? (config-router)# router bgp 500 (config-router)# network 5.0.0.0 0.0.0.255 (config-router)# neighbor 500 remote-as 5.5.5.5 (config-router)# neighbor 5.5.5.5 remote-as 500 (config-router)# neighbor 5.5.5.5 remote-as 500 Which two statements describe a remote access VPN? (Choose two.) It requires hosts to send TCP/IP traffic through a VPN gateway. It is used to connect individual hosts securely to a company network over the Internet. It requires static configuration of the VPN tunnel. It connects entire networks to each other. It may require VPN client software on hosts It may require VPN client software on hosts How can the use of VPNs in the workplace contribute to lower operating costs? VPNs prevents connectivity to SOHO users. VPNs require a subscription from a specific Internet service provider that specializes in secure connections. High-speed broadband technology can be replaced with leased lines. VPNs can be used across broadband connections rather than dedicated WAN links. VPNs can be used across broadband connections rather than dedicated WAN links. Where is PPPoE configured on a Cisco router? on the dialer interface on a serial interface on an Ethernet interface on any physical interface on the dialer interface What functionality does mGRE provide to the DMVPN technology? It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner. It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes. It provides secure transport of private information over public networks, such as the Internet. It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes. It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes. What is the approximate distance limitation for providing a satisfactory ADSL service from the central office to a customer? 6.21 miles or 10 kilometers 3.39 miles or 5.46 kilometers 2.11 miles or 3.39 kilometers 11.18 miles or 18 kilometers 3.39 miles or 5.46 kilometers Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes to 1492? to accommodate the PPPoE headers to reduce congestion on the DSL link to enable CHAP authentication to establish a secure tunnel with less overhead to accommodate the PPPoE headers When PPPoE is configured on a customer router, which two commands must have the same value for the configuration to work? (Choose two.) ppp chap hostname 2 interface dialer 2 pppoe-client dial-pool-number 2 ppp chap password 2 dialer pool 2 interface gigabitethernet 0/2 dialer
pool 2 How is "tunneling" accomplished in a VPN? A dedicated circuit is established between the source and destination devices for the duration of the connection. Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers. All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private. New headers from one or more VPN protocols encapsulate the original packets New headers from one or more VPN protocols encapsulate the original packets True or False? true false false How using VPNs can reduce connectivity costs?A VPN may be able to reduce long-distance phone charges. For example, instead of connecting via remote access servers and dial-up networks to access a company's intranet, you could connect to your local ISP access point.
What advantage does a VPN provide to enterprise business?A VPN makes an internet connection more secure and offers both privacy and anonymity online. Organizations, governments and businesses of all sizes use VPNs to secure remote connections to the internet for protection against data interception.
Why did the company provide employees with VPN access?With VPN, you can protect your employees' online privacy every time they access important websites and platforms for the office. This includes emails, productivity software, project management software, and more. It will camouflage their IP addresses and location data so that hackers can't collect their data.
What is VPN used for in office?VPNs can securely connect a user to a company's internal network or to the public Internet. Businesses typically use a VPN to give remote employees access to internal applications and data, or to create a single shared network between multiple office locations.
|