ROUTE Chapter 7 CCNP 6.

0 2012 2013 100%

January 1, 2012 by Son Trinh Leave a Comment

Take Assessment ROUTE Chapter 7 CCNP ROUTE: Imp ement!n" C!s#$ IP R$%t!n" &'ers!$n 6.0( Ans)ers 2012 2013
1. Referto the exhibit. A networkadministratorhas configureda GREtunnelbetweenR1 and R2 as shown.After completingthe tunnelconfigurations,the administratornoticesthat the tunnelinterfaceson bothroutersare down.All otherinterfacesare up andthe pings throughthe ISP to the serial interfaceof eachrouterare successful.Whatis the causeof the problem? Tunnel source configurations are incorrect. Tunnel destination configurations are incorrect. The MTU size has not been increased to 1492. GRE IP encapsulation has not been configured. 2. Whichthreeprotocolsare involvedin the establishmentof an IPsecVPNtunnel? (Choosethree.) Tunnel Profile (TCP port 604) Authentication Header (protocol 51) Generic Routing Encapsulation (protocol 47) Encapsulating Security Protocol (protocol 50) Internet Security Association and Key Management Protocol (TCP port 500) Internet Security Association and Key Management Protocol (UDP port 500) 3. Referto the exhibit. Basedon the partial configurationthat is shown,whichstatic route wouldbe the primarydefaultpath? ip route 0.0.0.0 0.0.0.0 172.16.20.2 40 ip route 0.0.0.0 0.0.0.0 192.68.6.1 50 ip route 0.0.0.0 0.0.0.0 202.16.20.2 60 ip route 0.0.0.0 0.0.0.0 212.68.6.1 70

4. Whichis a clientlessVPNsolutionfor mobileworkers? GRE IPsec SSH SSL 5. Whichtwo statementsare correctaboutIPseccryptomaps?(Choosetwo.) The crypto map defines the IPsec tunnel endpoint or peer. Packets that do not meet the criteria as specified in the crypto map are dropped. The crypto map is applied to the outbound interface that the router is peering with. A crypto map is used to negotiate and exchange authentication and encryption parameters with its peer. The crypto map is applied to the inbound interface that receives the packets before being transmitted over the VPN tunnel. 6. Whatis a limitationof IPsecby design? IPsec only forwards unicast traffic. IPsec does not support encryption for traffic over a GRE tunnel. IPsec forwards unicast and multicast traffic, but not broadcast traffic. IPsec tunneling does not support the encapsulation of RFC 1918 addresses. 7. Referto the exhibit. Whichtwo statementsare true aboutthe exhibitedstatic routes? (Choosetwo.) If a route to 10.0.0.0/8 is received via RIP, R1 will prefer the dynamic route over both configured static routes. If no dynamic route to 10.0.0.0/8 exists, both static routes will appear in the R1 routing table. If no dynamic route to 10.0.0.0/8 exists, R1 will use 2.2.2.2 as the next hop because it has a higher preference. If a route to 10.0.0.0/8 is received via RIP, both static routes will appear in the routing table. The static route to 10.0.0.0/8 via 1.1.1.1 will be preferred to the route via 2.2.2.2. 8. Referto the exhibit. A networkadministratoris configuringNATon routerRemote.The configurationshouldallowuserson network172.16.16.0/21to accessInternetsitesas well as resourceson the HQ LANnetwork172.16.0.0/21throughthe VPNtunnel. Howshould the administratorconfigureaccesslist 101 to accomplishthis task? Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255 Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any

Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255 Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 any Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote(config)# access-list 101 deny 172.16.16.0 0.0.7.255 209.165.202.129 0.0.0.3 Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote(config)# access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote(config)# access-list 101 deny 172.16.0.0 0.0.7.255 172.16.16.0 0.0.7.255 9. Howis NATtunedto handletraffic that is sent througha VPNtunnelbetweena mobile workerand internalcorporateresources? Translation is allowed by a permit access list statement or route map. Translation is allowed by a deny access list statement or route map. Traffic should bypass translation with a permit access list statement or routemap. Traffic should bypass translation with a deny access list statement or routemap. 10. Branchofficenetworkdesignfacesseveralchallenges.Whichof thesechallengeshas the goal of obtainingcentralizedcontrolof networksecurityand management? bandwidth and network requirements consolidated data centers deployment plan management costs mobility 11. Whichthreestatementswouldhelp an end user developa betterunderstandingof DSL technology?(Choosethree.) ADSL typically has a higher download bandwidth than available upload bandwidth. All varieties of DSL provide the same bandwidth, although they use different technologies to achieve upload and download. DSL data subscribers are connected to a network segment, all sharing the upstream and downstream bandwidth. DSL is available in any location that has a telephone. DSL speeds can exceed the speeds available with a typical T1 line. Transfer rates vary by the length of the local loop.

12. Whatare threecharacteristicsof broadbandaccess?(Choosethree.) always on built-in security enhanced voice and video services guaranteed quality of service (QoS) high-speed access wide area of coverage 13. Whichthreeitemscan be specifiedby ISAKMPpolicyparameters?(Choosethree.) the hashing method to be used the encryption method to be used the encapsulation method to be used the authentication method to be used the ACL that is used to identify interesting traffic the amount of time the crypto interface should be active before being renegotiated 14. Referto the exhibit. A networkadministratoris tuningIPsecto encapsulatethe GRE tunnelbetweenR1 and R2. Assumingall otherIPsecconfigurationsare correct, whichtwo cryptomapaccesslists will completethis task?(Choosetwo.) R1(config-ext-nacl)# permit gre host 172.16.248.1 host 172.16.248.2 R1(config-ext-nacl)# permit gre host 209.165.202.129 host 64.100.32.1 R1(config-ext-nacl)# permit gre host 64.100.32.1 host 209.165.202.129 R2(config-ext-nacl)# permit gre host 172.16.248.2 host 172.16.248.1 R2(config-ext-nacl)# permit gre host 209.165.202.129 host 64.100.32.1 R2(config-ext-nacl)# permit gre host 64.100.32.1 host 209.165.202.129 15. Whichstatementis true aboutthe deploymentof ContextBasedAccessControl (CBAC)and ZoneBasedFirewall(ZBF)? They cannot be deployed on the same router. They can be deployed on the same router but not on the same interface. They can be deployed on the same interface but not in the same direction. They can be deployed on the same interface but cannot filter the same protocol. 16. Whichtwo solutionscan a hybridfiber cableserviceproviderapplywhenthereis constantcongestionon the line?(Choosetwo.) Allocate less bandwidth to affected customers. Allocate another downstream channel. Allocate another upstream channel. Run fiber deeper into the neighborhood. Run fiber to each home. 17. Whichis a CiscoIOS firewall solutionthat relieson accesscontrol lists? Cisco Easy VPN server

Cisco Security Manager Zone-Based Firewall (ZBF) Context-Based Access Control (CBAC) 18. In the routingdesignfor a branchoffice, whichareawill havean affect on convergence,loadbalancing,andscalability? connectivity technologies mobility requirements resiliency routing protocols service mix security and compliance 19. WhichIPsecserviceverifiesthat the data wasnot alteredduringtransmission? authorization confidentiality encapsulation encryption integrity 20. Whichtwo UDPportsmustbe permittedinboundthroughthe Internetfacinginterface on a firewall to establishan IPsectunneland NATT? (Choosetwo.) 22 50 51 500 4500