Scribd Logo
Hochladen

Willkommen bei Scribd!

  • ROUTE Chapter 7 - CCNP ROUTE (Version 6.0)

    Hochgeladen von

    AS2205
    28K Ansichten8 Seiten
    100%

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    100%

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    28K Ansichten8 Seiten

    ROUTE Chapter 7 - CCNP ROUTE (Version 6.0)

    Hochgeladen von

    AS2205
    100%

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 8

    Close Window

    Assessment System

    1. Assessment Selection 2. Assessment Settings 3. Take Assessment

    Take Assessment - ROUTE Chapter 7 - CCNP ROUTE (Version 6.0)

    Time Remaining:

    Refer to the exhibit. A network administrator has configured a GRE tunnel between R1 and R2 as shown. After
    completing the tunnel configurations, the administrator notices that the tunnel interfaces on both routers are
    down. All other interfaces are up and the pings through the ISP to the serial interface of each router are
    successful. What is the cause of the problem?
    Tunnel source configurations are incorrect.
    Tunnel destination configurations are incorrect.
    The MTU size has not been increased to 1492.
    GRE IP encapsulation has not been configured.

    2 Which three protocols are involved in the establishment of an IPsec VPN tunnel? (Choose three.)
    Tunnel Profile (TCP port 604)
    Authentication Header (protocol 51)
    Generic Routing Encapsulation (protocol 47)
    Encapsulating Security Protocol (protocol 50)
    Internet Security Association and Key Management Protocol (TCP port 500)
    Internet Security Association and Key Management Protocol (UDP port 500)

    Refer to the exhibit. Based on the partial configuration that is shown, which static route would be the primary
    default path?
    ip route 0.0.0.0 0.0.0.0 172.16.20.2 40
    ip route 0.0.0.0 0.0.0.0 192.68.6.1 50
    ip route 0.0.0.0 0.0.0.0 202.16.20.2 60
    ip route 0.0.0.0 0.0.0.0 212.68.6.1 70

    4 Which is a clientless VPN solution for mobile workers?


    GRE
    IPsec
    SSH
    SSL

    5 Which two statements are correct about IPsec crypto maps? (Choose two.)
    The crypto map defines the IPsec tunnel endpoint or peer.
    Packets that do not meet the criteria as specified in the crypto map are dropped.
    The crypto map is applied to the outbound interface that the router is peering with.
    A crypto map is used to negotiate and exchange authentication and encryption parameters with its peer.
    The crypto map is applied to the inbound interface that receives the packets before being transmitted over
    the VPN tunnel.

    6 What is a limitation of IPsec by design?


    IPsec only forwards unicast traffic.
    IPsec does not support encryption for traffic over a GRE tunnel.
    IPsec forwards unicast and multicast traffic, but not broadcast traffic.
    IPsec tunneling does not support the encapsulation of RFC 1918 addresses.

    Refer to the exhibit. Which two statements are true about the exhibited static routes? (Choose two.)
    If a route to 10.0.0.0/8 is received via RIP, R1 will prefer the dynamic route over both configured static
    routes.
    If no dynamic route to 10.0.0.0/8 exists, both static routes will appear in the R1 routing table.
    If no dynamic route to 10.0.0.0/8 exists, R1 will use 2.2.2.2 as the next hop because it has a higher
    preference.
    If a route to 10.0.0.0/8 is received via RIP, both static routes will appear in the routing table.
    The static route to 10.0.0.0/8 via 1.1.1.1 will be preferred to the route via 2.2.2.2.

    Refer to the exhibit. A network administrator is configuring NAT on router Remote. The configuration should
    allow users on network 172.16.16.0/21 to access Internet sites as well as resources on the HQ LAN network
    172.16.0.0/21 through the VPN tunnel. How should the administrator configure access list 101 to accomplish
    this task?
    Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255
    Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255
    Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 209.165.202.129 0.0.0.3
    Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any
    Remote(config)# access-list 101 deny 172.16.0.0 0.0.7.255 172.16.16.0 0.0.7.255

    9 How is NAT tuned to handle traffic that is sent through a VPN tunnel between a mobile worker and internal
    corporate resources?
    Translation is allowed by a permit access list statement or route map.
    Translation is allowed by a deny access list statement or route map.
    Traffic should bypass translation with a permit access list statement or route-map.
    Traffic should bypass translation with a deny access list statement or route-map.

    10 Branch office network design faces several challenges. Which of these challenges has the goal of obtaining
    centralized control of network security and management?
    bandwidth and network requirements
    consolidated data centers
    deployment plan
    management costs
    mobility

    11 Which three statements would help an end user develop a better understanding of DSL technology? (Choose
    three.)
    ADSL typically has a higher download bandwidth than available upload bandwidth.
    All varieties of DSL provide the same bandwidth, although they use different technologies to achieve upload
    and download.
    DSL data subscribers are connected to a network segment, all sharing the upstream and downstream
    bandwidth.
    DSL is available in any location that has a telephone.
    DSL speeds can exceed the speeds available with a typical T1 line.
    Transfer rates vary by the length of the local loop.

    12 What are three characteristics of broadband access? (Choose three.)


    always on
    built-in security
    enhanced voice and video services
    guaranteed quality of service (QoS)
    high-speed access
    wide area of coverage

    13 Which three items can be specified by ISAKMP policy parameters? (Choose three.)
    the hashing method to be used
    the encryption method to be used
    the encapsulation method to be used
    the authentication method to be used
    the ACL that is used to identify interesting traffic
    the amount of time the crypto interface should be active before being renegotiated

    14

    Refer to the exhibit. A network administrator is tuning IPsec to encapsulate the GRE tunnel between R1 and R2.
    Assuming all other IPsec configurations are correct, which two crypto map access lists will complete this task?
    (Choose two.)
    R1(config-ext-nacl)# permit gre host 172.16.248.1 host 172.16.248.2
    R1(config-ext-nacl)# permit gre host 209.165.202.129 host 64.100.32.1
    R1(config-ext-nacl)# permit gre host 64.100.32.1 host 209.165.202.129
    R2(config-ext-nacl)# permit gre host 172.16.248.2 host 172.16.248.1
    R2(config-ext-nacl)# permit gre host 209.165.202.129 host 64.100.32.1
    R2(config-ext-nacl)# permit gre host 64.100.32.1 host 209.165.202.129

    15 Which statement is true about the deployment of Context-Based Access Control (CBAC) and Zone-Based
    Firewall (ZBF)?
    They cannot be deployed on the same router.
    They can be deployed on the same router but not on the same interface.
    They can be deployed on the same interface but not in the same direction.
    They can be deployed on the same interface but cannot filter the same protocol.

    Showing 1 of 2 <Prev 1 Next>


    Page:

    Close Window
    All contents copyright 1992-2010 Cisco Systems, Inc. Privacy Statement and Trademarks.
    Close Window

    Assessment System

    1. Assessment Selection 2. Assessment Settings 3. Take Assessment

    Take Assessment - ROUTE Chapter 7 - CCNP ROUTE (Version 6.0)

    Time Remaining:

    16 Which two solutions can a hybrid fiber cable service provider apply when there is constant congestion on the
    line? (Choose two.)
    Allocate less bandwidth to affected customers.
    Allocate another downstream channel.
    Allocate another upstream channel.
    Run fiber deeper into the neighborhood.
    Run fiber to each home.

    17 Which is a Cisco IOS firewall solution that relies on access control lists?
    Cisco Easy VPN server
    Cisco Security Manager
    Zone-Based Firewall (ZBF)
    Context-Based Access Control (CBAC)

    18 In the routing design for a branch office, which area will have an affect on convergence, load balancing, and
    scalability?
    connectivity technologies
    mobility requirements
    resiliency
    routing protocols
    service mix
    security and compliance

    19 Which IPsec service verifies that the data was not altered during transmission?
    authorization
    confidentiality
    encapsulation
    encryption
    integrity

    20 Which two UDP ports must be permitted inbound through the Internet-facing interface on a firewall to establish
    an IPsec tunnel and NAT-T? (Choose two.)
    22
    50
    51
    500
    4500

    Showing 2 of 2 <Prev 2 Next>


    Page:

    Close Window
    All contents copyright 1992-2010 Cisco Systems, Inc. Privacy Statement and Trademarks.

    Das könnte Ihnen auch gefallen