642-821 (BCRAN)

TestKing's Building Cisco Remote Access Networks

Version 1.0

642 - 821

Important Note Please Read Carefully

Study Tips This product will provide you questions and answers along with detailed explanations carefully compiled and written by our experts. Try to understand the concepts behind the questions instead of cramming the questions. Go through the entire document at least twice so that you make sure that you are not missing anything. Further Material For this test TestKing plans to provide: * Interactive Test Engine Examinator. Check out an Examinator Demo at http://www.testking.com/index.cfm?pageid=724 Latest Version We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check your member zone at TestKing an update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1. Go to www.testking.com 2. Click on Member zone/Log in 3. The latest versions of all purchased products are downloadable from here. Just click the links. For most updates, it is enough just to print the new questions at the end of the new version, not the whole document. Feedback Feedback on specific questions should be send to feedback@testking.com. You should state: Exam number and version, question number, and login ID. Our experts will answer your mail promptly. Copyright Each pdf file contains a unique serial number associated with your particular name and contact information for security purposes. So if we find out that a particular pdf file is being distributed by you, TestKing reserves the right to take legal action against you according to the International Copyright Laws.

Leading the way in IT testing and certification tools, www.testking.com -2-

642 - 821 QUESTION NO: 1 A bank needs to connect a branch office to the corporate network on the other side of town. The branch office has twelve users that require constant access to the banks central accounting system throughout the day. Which two connection types may be most appropriate for this branch office? (Choose two) A. B. C. D. ISDN BRI Frame Relay Asynchronous Dedicated lease line

Answer: B D Explanation: The remote site must have a mix of equipment, but not as much as the Central site requires. Typical WAN solutions that a remote site uses to connect to the Central site as follows: Leased line Frame Relay X.25 ISDN Reference: Building Cisco Remote Access Networks (Ciscopress) page 30 Incorrect Answers A: Used for telecommuters C: Used for telecommuters

QUESTION NO: 2 You need to support a mobile sales group who needs access to email from a variety of locations. What best meets the needs of the sales group? A. B. C. D. Digital service Multi-mode service Asynchronous service High-Speed Serial (HSS) interface

Answer: C Explanation: An asynchronous dial-up solution using the existing telephony network and an analog modem is often the solution for telecommuters because it is easy and the telephone facilities are already installed.

Leading the way in IT testing and certification tools, www.testking.com -3-

642 - 821 Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 QUESTION NO: 3 What are the advantages of Frame Relay connection over dedicated leased lines? (Choose two) A. B. C. D. Better suited multiple branch locations. Lower cost. More control over the connection. Full guaranteed bandwidth.

Answer: B, C Explanation: Frame Relay provides virtual circuit connectivity for enterprise networks that require 56 kbps up to T1/E1 speeds. It costs less than leased lines because it uses statistical multiplexing of packets to gain efficiencies within the network, at the cost of a less-stringent bandwidth and latency guarantee. Frame Relay is being widely deployed in enterprise networks to connect regional and branch offices into the enterprise backbone. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091ca9.shtml QUESTION NO: 4 On an EIA/TIA-232 null modem cable with DB25 connectors, which two pins are cross connected? (Choose two) A. B. C. D. E. F. Pin 2 Pin 3 Pin 4 Pin 5 Pin 7 Pin 8

Answer: A, B Explanation: Null modems crisscross DB-25 pins 2, 3 and other corresponding pins so that the two DTE devices can communicate. Some devices can be configured to operate either like a DTE or a DCE. Configuring a device as a DCE usually means that it receives data on pin 2 and transmits data on pin 3. Reference: Building Cisco Remote Access Networks (Ciscopress) page 62

Leading the way in IT testing and certification tools, www.testking.com -4-

642 - 821

QUESTION NO: 5 Which WAN connections are typically employed at telecommuter sites? (Choose three) A. B. C. D. E. F. Asynchronous dial-up ISDN BRI Leased lines HDSL Cable modems ADSL

Answer: A B F Explanation: Typical WAN connections employed at telecommuter sites are as follows: Asynchronous dial-up ISDN BRI Frame Relay (leased line) Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 QUESTION NO: 6 Which statement describes the differences between IPSec and Cisco Encryption Technology (CET)? A. B. C. D. CET supports AH, ESP and Anti-Replay which are not available with IPSec. IPSec supports AH, ESP and Anti-Replay which are not available with CET. CET is the implementation of IPSec in the Cisco Secure Services package. IPSec is used to encrypt IP-only packets, whereas CET is used to encrypt only non-IP packets.

Answer: B Explanation: If you require only Cisco router-to-Cisco router encryption, then you could run CET, which is a more mature, higher-speed solution. If you require a standards-based solution that provides multivendor interoperability or remote client connections, then you should implement IPSec. Also, if you want to implement data authentication with or without privacy (encryption), then IPSec is the right choice. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800 d981b.html#77018

Leading the way in IT testing and certification tools, www.testking.com -5-

642 - 821 QUESTION NO: 7 When using a CATV cable service as an Internet connection medium, what is upstream traffic? A. B. C. D. Traffic getting at the users home traveling to the headend. Traffic between the headend and the supplier antenna. Broadcast traffic, including the cable TV signals. Traffic from outside the local cable segment serving the users home.

Answer: A Explanation: In the upstream direction (subscriber cable modems transmitting towards the head-end) the environment is many transmitters and one receiver. This introduces the need for precise scheduling of packet transmissions to achieve high utilization and precise power control so as to not overdrive the receiver or other amplifier electronics in the cable system. Since the upstream direction is like a single receiver with many antennas, the channels are much much more susceptible to inter-fering noise products [5, 6] . In the cable industry, we generally call this ingress noise. ..00000000000000 Reference: http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac202/about_cisco_ipj_archive_article09186a00800c83 7c.html QUESTION NO: 8 Which feature will cache routes learned by dynamic routing protocols, enabling their use over DDR connections? A. B. C. D. E. Route redistribution Dynamic static routes Snapshot routing DDR route maps Passive interfaces

Answer: A Explanation: On the corporate side, it is very important that you be able to distribute those addresses across the network, as desired. To redistribute those routes, you need to configure the routes to be redistributed to a dynamic routing protocol at the core side. Reference: Building Cisco Remote Access Networks (Ciscopress) page 190

Leading the way in IT testing and certification tools, www.testking.com -6-

642 - 821

QUESTION NO: 9 Which statement is true regarding the ADSL (G.Lite G.922.2) standard? A. B. C. D. Signals cannot be carried on the same wire as POTS signals. It offers equal bandwidth for upstream and downstream data traffic. It was developed specifically for the consumer market segment requiring higher download speeds. It has limited operating range of less than 4,500 feet.

Answer: C Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. Downstream rates range from 1.5 to 9 Mbps, whereas upstream bandwidth ranges from 16 to 640 kbps. ADSL transmissions work at distances up to 18,000 feet (5,488 meters) over a single copper twisted pair. Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html

QUESTION NO: 10 Which statement is true regarding uninteresting traffic being carried over a DDR link? A. Uninteresting traffic will keep DDR call established, even if no more interesting traffic is being routed over the link. B. Uninteresting traffic will be routed over an established DDR call, but at a lower priority than interesting traffic. C. Uninteresting traffic will not be routed over an established DDR call. D. Uninteresting traffic will be routed over an established DDR call, as long as there is enough interesting traffic to keep the call connected. Answer: C Explanation: Packets that are permitted entry according to the access list are identified as interesting or packets of interest. Packets that are not permitted entry or are denied entry by an access list are deemed uninteresting. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1820/products_configuration_guide_chapter09186a00800 87504.html

Leading the way in IT testing and certification tools, www.testking.com -7-

642 - 821

QUESTION NO: 11 What is the default action of authentication when AAA is enabled but authentication is not set? A. B. C. D. E. F. Allow a user to access all resources after login. Disallow a user from access to all resources after login. Record all access of resources and how long the user accessed each resources. Not to record any access of resources after login. Allow any user to login without checking the authentication data. Disallow any user from logging in with or without a valid username and password.

Answer: F Explanation: If authentication is not specifically set for a line, the default is to deny access and no authentication is performed. Reference: Building Cisco Remote Access Networks (Ciscopress) page 470

QUESTION NO: 12 Drag the queuing method from the list on the right to the appropriate description on the right. Note: not all options will be used.

Answer:

Leading the way in IT testing and certification tools, www.testking.com -8-

642 - 821

Explanation: Custom queuing reserves a certain percentage of bandwidth for each specified class of traffic. Weighted fair queuing prioritizes interactive traffics over file transfers to ensure satisfactory response time for common user applications. Basic queuing No such thing Priority queuing ensures the timely delivery of a specific protocol or type of traffic because that traffic is transmitted before all others. Reference: Building Cisco Remote Access Networks (Ciscopress) page 399

QUESTION NO: 13 Under which circumstance would use of Kerberos authentication system be required, instead of TACACS+ or RADIUS? A. B. C. D. Authentication, authorization and accounting need to use the a single database. Multiple level of authorization need to be applied to various router commands. DES encrypted authentication is required. The usage of various router functions needs to be accounted for by user name.

Answer: C Explanation: Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service. These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not

Leading the way in IT testing and certification tools, www.testking.com -9-

642 - 821 sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network. Reference: http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080094ea4.shtml

QUESTION NO: 14 Which of the following are examples of DTE devices? (Choose three) A. B. C. D. E. Mainframe computer CSU/DSU Router Terminal Modem

Answer: A C D Explanation: Data terminal equipment (DTE) are end devices such as PCs, workstations, routers, and mainframe computers. Reference: Building Cisco Remote Access Networks (Ciscopress) page 57

QUESTION NO: 15 When the following configuration is present on the router, how many addresses will be available for dynamic nat translation? ip nat pool test 192.168.1.33 192.168.1.42 netmask 255.255.255.224 ip nat inside source list 7 pool test A. B. C. D. 7 9 10 31

Answer: C Explanation The IP address that is configured for dynamic nat translation is 192.168.1.33 19 192.168.1.42 netmask 255.255.255.224 The start-ip is 192.168.1.33 The end-ip is 192.168.1.42

Leading the way in IT testing and certification tools, www.testking.com - 10 -

642 - 821 Start-ip starting IP address that defines the range of addresses in the address pool. End-ip Ending IP address that defines the range of addresses in the address pool. Reference: Building Cisco Remote Access Networks (Ciscopress) page 446

QUESTION NO: 16 What is the default encapsulation type set on Cisco router serial interfaces? A. B. C. D. Frame Relay HDLC PPP LAPB

Answer: B Explanation: HDLC is the default encapsulation type on point-to-point, dedicated links. It is used typically when communicating between two Cisco devices. It is a bit-oriented synchronous data link protocol. HDLC specifies a data-encapsulation method on synchronous data links using frame characters and checksums. Reference: Building Cisco Remote Access Networks (Ciscopress) page 23 QUESTION NO: 17 Which six AAA accounting types will a TACACS+/RADIUS server record? A. B. C. D. E. Network, interface, exec, protocol, system, and resource Resource, interface, connection, system, command, and network Command, system, exec, network, connection, and resource Connection, protocol, system, network, command, and resource Crypto, system, network, protocol, command, and resource

Answer: C Explanation: system - Enables accounting for all system-level events not associated with users, such as reloads network - Enables accounting for all network-related requests, including SLIP, PPP, PPP network control protocols, and ARAP connection - Enables accounting for outbound Telnet and rlogin exec - Enables accounting for EXEC processes (user shells) command - level Enables accounting for all commands at the specified privilege level

Leading the way in IT testing and certification tools, www.testking.com - 11 -

642 - 821

Reference: http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_chapter09186a00800eb6ce.ht ml

QUESTION NO: 18 Which two are characteristics of Frame Relay? (Choose two) A. B. C. D. Medium cost High reliability Circuit-switched Branch site connectivity

Answer: B, D Explanation: Frame Relay provides virtual circuit connectivity for enterprise networks that require 56 kbps up to T1/E1 speeds. It costs less than leased lines because it uses statistical multiplexing of packets to gain efficiencies within the network, at the cost of a less-stringent bandwidth and latency guarantee. Frame Relay is being widely deployed in enterprise networks to connect regional and branch offices into the enterprise backbone. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091ca9.shtml

QUESTION NO: 19 Which two WAN connections provide a single pre-established switched circuit reserved for the private use of the customer? (Choose two) A. B. C. D. E. Digital cable T1 leased line ISDN Asynchronous dial-in 56K dedicated line

Answer: C, D Explanation:

Leading the way in IT testing and certification tools, www.testking.com - 12 -

642 - 821 Circuit switching is a WAN-switching method, in which a dedicated physical circuit through a carrier network is established, maintained and terminated for each communication session. Initial signal at the setup stage determines the endpoints and the connection between the two endpoints. Typical circuit switched connections are as follows: Asynchronous serial Integrated Service Digital Network (ISDN), Basic Rate Interface (BRI), and ISDN Primary rate Interface (PRI) Reference: Building Cisco Remote Access Networks (Ciscopress) page 20 21

QUESTION NO: 20 Which three are responsible of IKE in the IPSec protocol? (Choose three) A. B. C. D. E. F. Negotiating protocol parameters Packet encryption Exchanging public keys Integrity checking user hashes Authenticating both sides of a connection Implementing tunnel mode

Answer: A, C, E Explanation: IKE is a protocol used by IPSec for completion of Phase 1. IKE negotiates and assigns SAs for each IPSec peer, which provide a secure channel for the negotiation of the IPSec SAs in Phase 2. IKE provides the following benefits: Eliminates the need to manually specify all the IPSec security parameters at both peers Lets you specify a lifetime for the IKE SAs Allows encryption keys to change during IPSec sessions Allows IPSec to provide anti-replay services Enables CA support for a manageable, scalable IPSec implementation Allows dynamic authentication of peers Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a00801 7278c.html#39982

QUESTION NO: 21

Leading the way in IT testing and certification tools, www.testking.com - 13 -

642 - 821 Frame Relay describes the interconnection process between which two types of equipment? A. B. C. D. DTE and DTE DCE and DCE CPE and DTE CPE and DCE

Answer: D Explanation: Frame relay defines the interconnection process between your customer premises equipment (CPE- also known as data terminal equipment [DTE]) such as a router, and the service providers local access-switching equipment (known as data communications equipment [DCE]). Reference: Building Cisco Remote Access Networks (Ciscopress) page 340

QUESTION NO: 22 Drag and drop the ISDN in the options column to the related term in the target column.

Answer:

Leading the way in IT testing and certification tools, www.testking.com - 14 -

642 - 821

Explanation: U interface TE1 R interface S/T interface TE2

defines the two-wire interface between the NT and the ISDN cloud. designates a device that is compatible with the ISDN network. defines the interface between the TA and an attached non-ISDN device (TE2). is a four-wire interface (TX and RX). designates a device that is not compatible with ISDN and requires a terminal adapter.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 171-173

QUESTION NO: 23 What is a benefit of choosing an Internet-based VPN over a point-to-point T1 connection? A. B. C. D. VPNs offer more local control of the quality of service. VPN users are not tied to a specific fixed location. VPNs can provide reserved bandwidth for the individual user. VPNs offer better queuing mechanisms than T1 connections.

Answer: B Explanation: VPNs enables todays increasingly mobile workforce to connect to their corporate intranets or extranets whenever, wherever, or however they require; improving productivity and flexibility while reducing access costs. Reference: Building Cisco Remote Access Networks (Ciscopress) page 561

QUESTION NO: 24

Leading the way in IT testing and certification tools, www.testking.com - 15 -

642 - 821 An Internet Service Provider is offering ADSL connections to its customers, providing 640 kbps upload and 4 Mbps download speeds. Which customers would benefit from this type of connection? (Choose two) A. B. C. D. Small home offices requiring 24 hour connection to the Internet for email and web communication. Web services companies providing dynamic web content serving, including video-on-demand. Central data processing facilities receiving simultaneous uploads of data from remote offices. Support organizations providing ftp services for software distribution and documentation.

Answer: A, C Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. The remote sites using ADSL would benefit this for the downloading of data from the Central data processing facility. Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html

QUESTION NO: 25 Which of the following terminals can be connected to an ISDN line? (Choose two) A. B. C. D. TO2 TE1 TE2/TA NU1

Answer: B, C Explanation: Terminal equipment 1(TE1) - Designates a device that is compatible with the ISDN network. A TE1 connects to a Network Termination of either Type 1 or Type 2, such as a digital telephone, a router with ISDN interface, or digital facsimile equipment. Terminal equipment 2(TE2) - Designates a device that is not compatible with the ISDN and requires a terminal adapter, such as terminals with X.21, EIA/TIA-232, or X.25 interfaces or a router without a ISDN interface (AGS= and so on). Terminal adapter converts standard electrical signals into the form used by ISDN, so that non-ISDN devices can connect to the ISDN network. Reference: Building Cisco Remote Access Networks (Ciscopress) page 171

Leading the way in IT testing and certification tools, www.testking.com - 16 -

642 - 821 QUESTION NO: 26 Which two statements about Frame Relay subinterface configurations are true? (Choose two) A. B. C. D. Any IP address must be removed from the subinterface. Subinterface is configured either multipoint or point-to-point. The physical interface and subinterface can each be configured with IP addresses. The configuration must be added to the D channel.

Answer: B Explanation: Reference: Building Cisco Remote Access Networks (Ciscopress) page 353 354 QUESTION NO: 27 When configuring an asynchronous line, what is the result of issuing the flowcontrol hardware command? A. B. C. D. It sets RAM aside to buffer incoming and outgoing data. It sets the line to use CTS/RTS flow control. It sets the modem to handle flow control instead of the router. It sets the modem to use MNP4 firmware.

Answer: B Explanation: flowcontrol hardware Uses RTS/CTS for flow control. Reference: Building Cisco Remote Access Networks (Ciscopress) page 77

QUESTION NO: 28 Which statements are true regarding the command telnet 10.10.30.4 2009? (Choose two) A. B. C. D. It is used to reverse Telnet connection. It is used to Telnet to port 2009 on a specific computer. A modem is connected to line 9. It specified a BRI connection to be used for Telnet.

Answer: B, C

Leading the way in IT testing and certification tools, www.testking.com - 17 -

642 - 821 Explanation: Answer B. Telnet protocol uses 2000 base TCP port for individual lines. Answer C. TTY lines 1 through 24 directly connect to modems 1/0 through 1/23, which are installed in the first chassis slot in this example. The TTY lines 25 through 48 directly connect to modems 2/0 through 2/23, which are installed in the second slot. Reference: Building Cisco Remote Access Networks (Ciscopress) page 70 http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800 ca657.html

QUESTION NO: 29 When using PPPoE to communicate over a DSL service connection, which process must be performed by the host to establish a PPPoE SESSION_ID? A. B. C. D. A Bootp process to request a configuration and session ID. A Discovery process to identify a PPPoE server and request a session ID. A DHCP request process to request and IP address and session ID. A RARP request process to request a MAC address and session ID.

Answer: B Explanation: When a host wishes to initiate a PPPoE session, it must first perform discovery to identify the Ethernet MAC address of the peer and establish a PPPOE SESSION_ID. Although PPP defines a peer-to-peer relationship, discovery is inherently a client/server relationship. In the discovery process, a host (the client) discovers an access concentrator (the server). Based on the network topology, there may be more than one access concentrator that the host can communicate with. The Discovery Stage allows the host to discover all access concentrators and then select one. When discovery is completed, both the host and the selected access concentrator have the information they will use to build their point-to-point connection over Ethernet. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008007fe7d.html

QUESTION NO: 30 Which physical factors can reduce the maximum speed available on a DSL connection? (Choose two) A. Lack of loading coils and the subscribers line. B. Distance from the CPE to the DSLAM. C. Gauge of wire used on the local loop.

Leading the way in IT testing and certification tools, www.testking.com - 18 -

642 - 821 D. Number of telephones attached to the local loop. E. Lack of bridge taps in the local loop. Answer: D, E Determine if the local loop is too long. The maximum length range is 15,000 to 25,000 feet (4572 to 7620 meters). Within that range, wire gauge, cross talk, and multiple bridge taps reduce the distance over which the modems can train. Reference: http://www.cisco.com/en/US/products/hw/switches/ps298/products_installation_guide_chapter09186a008007c8 fb.html

QUESTION NO: 31 A network administrator would like to use an existing ISDN line as a backup for a Frame Relay line connected on interface serial0. Which statement is correct based on the following configuration of the Cisco Router? interface serial0 ip address 192.168.10.1 255.255.255.0 backup interface bri0 backup delay 5 10

interface bri0 ip address 192.168.11.2 255.255.255.0 dialer idle-timeout 900 dialer-group 1

dialer-group 1 protocol ip permit A. ISDN BRI line will be in standby mode after 900 seconds once the serial interface activates again. B. ISDN BRI line will be in standby mode after 10 seconds once the serial interface activates again. C. ISDN BRI line will be in standby mode after 10 seconds but will be in standby mode after 900 seconds once the serial interface activates again. D. ISDN BRI line will be in standby mode after 10 seconds but will be in up/ip mode after 900 seconds once the serial interface activates again.

Leading the way in IT testing and certification tools, www.testking.com - 19 -

642 - 821

Answer: C Explanation: - backup delay 5 10 command: backup delay enable-delay disable-delay Specify delay between the physical interface going down and the backup being enabled, and between the physical interface coming back up and the backup being disabled. - dialer idle-timeout 900 This command specifies the time that the line can remain idle before it is disconnected. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800 8721f.html

QUESTION NO: 32 Which three of the following router IOS commands defines interesting traffic for only one host using dial on command routing (DDR) (Choose three) A. B. C. D. E. F. RTA(config)#dialer-list 1 protocol ip permit 10.1.1.1 RTA(config)#access-list 2 permit host 192.168.1.12 RTA(config-if)#dialer-group 1 RTA(config)#dialer-group 2 RTA(config)#dialer-list 1 protocol ip list 2 RTA(config-if)#dialer-list 2 protocol ip permit

Answer: A B E Explanation: Define what constitutes interesting traffic by using the dialer-list command. The access-list command specifies interesting traffic that initiates a DDR call. These commands are assigned on the global configuration line. The dialer-group command needs to be assigned to the interface responsible for initiating the call. Reference: Building Cisco Remote Access Networks (Ciscopress) page 188

QUESTION NO: 33 Which command will change the specified Frame Relay encapsulation for a specific PVC on an interface? A. no frame-relay encapsulation ietf

Leading the way in IT testing and certification tools, www.testking.com - 20 -

642 - 821 B. no frame-relay encapsulation cisco C. encapsulation frame-relay ietf D. frame-relay map ip 10.160.2.1 100 broadcast ietf Answer: D Explanation: The default encapsulation, which is Cisco, is applied to all the VCs available on that serial interface. If most destinations use the Cisco encapsulation, but one destination requires the IETF, you would specify, under the interface, the general encapsulation to be used by most destinations. Because the default encapsulation is Cisco, you would specify the exception using the frame-relay map command. Reference: Building Cisco Remote Access Networks (Ciscopress) page 347 QUESTION NO: 34 A system administrator issues a Router(config)#aaa new-model command from a telnet session. Making no other changes, the administrator saves the configuration to nvram and then exists the telnet session. No local username/password database exists on the router. What will happen when the administrator tries to immediately establish another telnet session? (Choose two) A. B. C. D. The session asks for a username that may not exist. The router requires a reboot so the administrator can login. The administrator must access the router though the console port to login. The administrator can log in without using a password.

Answer: A, C Explanation: On console, login will succeed without any authentication checks if default is not set. If authentication is not specifically set for a line, the default is to deny access and no authentication is performed. Reference: Building Cisco Remote Access Networks (Ciscopress) page 470

QUESTION NO: 35 Given the following configuration statement, which two statements are true? (Choose two) router(config)#aaa authentication login default group tacacs+ none A. No authentication is required to login.

Leading the way in IT testing and certification tools, www.testking.com - 21 -

642 - 821 B. TACACS+ is the first default authentication method. C. Uses the list of TACACS+ servers for authentication, if TACACS+ fails then no access is permitted. D. Uses the list of servers specified in group TACACS+, if none are available, then no access is permitted. E. Uses the list of TACACS+ servers for authentication, if TACACS+ fails then uses no authentication. F. Uses a subset of TACACS+ servers named group for authentication as defined by the aaa group servers tacacs+ command. Answer: B, E Explanation: To create a default list that is used if no list is assigned to a line, use the authentication login command with the default argument, followed by the methods you want to use in default situations. The additional methods of authentication are used only if the previous methods returns an error; not if it fails. Specify none as the final method in the command line to have authentication succeed. if all methods return an error. Additional methods: Enable Krb5 Line Local None Radius Tacacs+ Krb5-telnet Reference: Building Cisco Remote Access Networks (Ciscopress) page 470

QUESTION NO: 36 Exhibit:

From the figure, which command establishes how Cisco-1 will call Cisco-2? A. dialer map ip 10.120.1.1 name Cisco-1 4085552222

Leading the way in IT testing and certification tools, www.testking.com - 22 -

642 - 821 B. dialer map ip 10.120.1.2 name Cisco-1 4085551111 C. dialer map ip 10.120.1.2 name Cisco-2 4085552222 D. dialer map ip 10.120.1.2 name Cisco-2 4085551111 Answer: C Explanation: dialer map protocol net-hop address [name hostname] broadcast] dial-string This command configures a serial interface or ISDN interface to call one or multiple sites. The name refers to the name of the remote system, and broadcast indicates that broadcast should be forwarded to this address. The dial-string is the number to dial to reach the destination. Reference: Building Cisco Remote Access Networks (Ciscopress) page 187

QUESTION NO: 37 You are the network administrator at TestKing.com. A boarding supply store's manager within the company needs access from home to the store's internal network. You are asked to their router enabling it to accept asynchronous connections through a modem. It is your task to configure the serial port S0/1 for asynchronous communication and to enable a reverse telnet session to the attached modem. No other router or modem configuration is necessary at this time. Your task is complete when you are able to reverse telnet to the modem and issue an AT command to begin modem configuration. Task steps: Configure S0/1 to Asynchronous communication Set the line speed to 33.6K Set the flow control to hardware Set the stop bits to one Set the line password to "testking" Configure the line to allow for both incoming and outgoing calls Allow all protocols for incoming connections on the line. Configure the Loopback address to 192.168.0.1/32. Reverse telnet to the modem Issue an AT command, modem should respond with OK. To configure the router clock on a host icon that is connected to a router by a serial console cable.

Leading the way in IT testing and certification tools, www.testking.com - 23 -

642 - 821

Answer:

QUESTION NO: 38 Which commands are configured from the line configuration mode? (Choose three) A. B. C. D. E. encapsulation ppp async mode interactive modem inout speed 115200 flowcontrol hardware

Answer: C, D, E Explanation: modem inout - Uses the modem for both incoming and outgoing calls. speed 115200 Sets the maximum speed (in bits-per-second) between the modem and the access server. flowcontrol hardware Uses RTS/CTS for flow control.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 76 77

QUESTION NO: 39

Leading the way in IT testing and certification tools, www.testking.com - 24 -

642 - 821 Which command is used to enable asynchronous dialup on a serial interface? A. B. C. D. physical-mode async dialer-group layer async physical-layer async modem inout

Answer: C Explanation: Physical-layer async configures the serial interface as an async interface. Reference: Building Cisco Remote Access Networks (Ciscopress) page 93

QUESTION NO: 40 Which command will allow a router to attempt to discover the modem to which it is attached? A. B. C. D. modem autoconfigure discovery modem discovery autoconfigure modem autoconfigure type discovery modem discovery type autoconfigure

Answer: A Explanation: If no modem is specified for a particular line and you have provided the modem autoconfigure discovery command, the access server attempts to autodiscover the type of modem to which it is attached. The access server determines the type of modem by sending AT commands to the modem and evaluating the response. Reference: Building Cisco Remote Access Networks (Ciscopress) page 83 QUESTION NO: 41 The network administrator enables Frame Relay traffic shaping and configures a CIR of 64kbps. Using 125ms time interval, what will be the value of the committed burst (Bc) A. B. C. D. 32000 bits 24000 bits 16000 bits 8000 bits

Leading the way in IT testing and certification tools, www.testking.com - 25 -

642 - 821

Answer: D Explanation: The calculation is TC = Bc/CIR 125ms (tc) = 8000bits (Bc)/64kbps (CIR) Reference: Building Cisco Remote Access Networks (Ciscopress) page 352

QUESTION NO: 42 What happens when the command clear ip nat translation is entered on a router? A. B. C. D. Clears all existing NAT translation table entries and NAT is suspended. Clears dynamic NAT translation table entries and NAT resumes. Clears static NAT translation entries and NAT resumes. Clears all inactive NAT translation entries and NAT is suspended.

Answer: A Explanation: Clears dynamic NAT translations from the translation table Reference: Building Cisco Remote Access Networks (Ciscopress) page 453 QUESTION NO: 43 By which two methods can callers be authenticated using PPP? (Choose two) A. B. C. D. Message digest key Authentication key PAP CHAP

Answer: C, D Explanation: Authentication, using either PAP or CHAP, is used as a security measure with PPP and PPP callback. Authentication allows the dial-up target to identify that any given dial-up client is a valid client with a preassigned username and password. Reference: Building Cisco Remote Access Networks (Ciscopress) page 111

Leading the way in IT testing and certification tools, www.testking.com - 26 -

642 - 821

QUESTION NO: 44 What are the three possible states of a Frame Relay permanent virtual circuit (PVC)? A. B. C. D. E. F. Init Active Down Inactive Deleted Operational

Answer: B, D, E Explanation: There are three possible permanent virtual connection (PVC) states: Deleted indicates Active Inactive state Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008007fe83.html

QUESTION NO: 45 A small remote site requires a low cost, T1 speed connection to make secure file transfers to a central site located several hundred miles away. Which connection type will meet the requirements of this application? A. B. C. D. DSL Leased line ATM Frame Relay

Answer: D Explanation: Frame Relay Medium control, shared bandwidth, medium-cost enterprise backbones. It uses the services of many different Physical layer facilities at speeds that typically range from 56 Kbps up to 2 Mbps. Reference: Building Cisco Remote Access Networks (Ciscopress) page 27 + 340

Leading the way in IT testing and certification tools, www.testking.com - 27 -

642 - 821

QUESTION NO: 46 Which two commands would be useful to troubleshoot ISDN Layer 3? (Choose two) A. B. C. D. debug isdn q931 debug isdn network debug isdn q921 debug isdn event

Answer: A, D Explanation: You may use the debug isdn q931 EXEC command to display information about call setup and teardown of ISDN network connections (Layer 3) between the local router (user side) and the network. The debug isdn events command also displays information that is useful for monitoring and troubleshooting Multilink PPP.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 209, 210 Incorrect Answers B: Not a valid command C: Troubleshoots ISDN layer 2

QUESTION NO: 47 Which of the following are used to verify and troubleshoot a PPP session? (Choose two) A. B. C. D. show interfaces show PPP debug PPP negotiation debug PPP session

Answer: A, C Explanation: Use the show interfaces command to display status and counter information about an interface. The debug ppp negotiation command is a great tool for troubleshooting the PPP Link Control protocol activities such as authentication, compression, and multilink.

Leading the way in IT testing and certification tools, www.testking.com - 28 -

642 - 821 Reference: Building Cisco Remote Access Networks (Ciscopress) page 132

QUESTION NO: 48 Serial0 on a router is configured with the command encapsulation frame-relay. What can cause the output from the show interface command to indicate: Serial0 is up, line protocol is down? A. B. C. D. E. No carrier signal IP subnet mismatch LAPF state, down LMI type mismatch No IP address configured

Answer: D Explanation: "Serial0 is up, line protocol is down" This line in the output means that the router is getting a carrier signal from the CSU/DSU or modem. Check to make sure the Frame Relay provider has activated their port and that your Local Management Interface (LMI) settings match. Generally, the Frame Relay switch ignores the data terminal equipment (DTE) unless it sees the correct LMI (use Cisco's default to "cisco" LMI). Check to make sure the Cisco router is transmitting data. You will most likely need to check the line integrity using loop tests at various locations beginning with the local CSU and working your way out until you get to the provider's Frame Relay switch. Reference: http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#serialupdown

QUESTION NO: 49 What occurs when there is no longer a signal on the DTR? A. B. C. D. The CD tells the DTE that a DCE-to-DCE connection has been established. The DTE issues a RTS to the DCE enabling communication. The DCE terminates its connection with the remote modem. The DTE applies voltage on pin 20 to alert the DCE that it is connected and available to receive data.

Answer: C

Leading the way in IT testing and certification tools, www.testking.com - 29 -

642 - 821 Explanation: Either the DTE device or the DCE device may signal for the connection to be terminated. The signals that are used for this function are DTR from the DTE or the modem recognizing the loss of the CD signal. Reference: Building Cisco Remote Access Networks (Ciscopress) page 60 QUESTION NO: 50 Company TestKing has a hub and spoke Frame Relay network. No spoke router can ping any other spoke routers, yet all spoke routers can pin the hub router. What is a possible cause? A. B. C. D. Disabled split horizon Poison reverse issue Inverse ARP issue Spanning-tree loop

Answer: C Explanation: Connecting from Spoke to Spoke You cannot ping from one spoke to another spoke in a hub and spoke configuration using multipoint interfaces because there is no mapping for the other spokes' IP addresses. Only the hub's address is learned via the Inverse Address Resolution Protocol (IARP). If you configure a static map using the frame-relay map command for the IP address of a remote spoke to use the local data link connection identifier (DLCI), you can ping the addresses of other spokes. Reference: http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#topic2

QUESTION NO: 51 Which one of the following ranges is the Valid Dynamic TEI value assignment range for an ISDN BRI circuit? A. B. C. D. 1-24 25-62 64-126 128-256

Leading the way in IT testing and certification tools, www.testking.com - 30 -

642 - 821 Answer: C Explanation: The TEI is a dynamic assignment to that device. IN the U.S., when you boot up a router, you make some type of request to the switch for a TEI. The switch assigns you a TEI, and you will communicate over the switch using the signaling that uses a SAPI. TEI group assignments are 0-63 for non automatic assignments; 64-126 for automatic TEI assignment; and 127 for group assignment, or broadcast. Reference: Building Cisco Remote Access Networks (Ciscopress) page 177

QUESTION NO: 52 Which router IOS command would generate the following information line? kickin load 60% kickout load 40% A. B. C. D. E. show primary show backup show load show interface show dialer-profile

Answer: D Explanation: Use the show interfaces command to display status and counter information about an interface. Reference: Building Cisco Remote Access Networks (Ciscopress) page 330

QUESTION NO: 53 What are four PPP options that are negotiated using LCP? (Choose four) A. B. C. D. E. F. G. Callback Multilink Accounting Compression Authorization Authentication Rate adaptation

Leading the way in IT testing and certification tools, www.testking.com - 31 -

642 - 821

Answer: A, B, D, F Explanation: PPP Link Control Protocol Options: Authentication Callback Compression Multilink PPP Reference: Building Cisco Remote Access Networks (Ciscopress) page 111 QUESTION NO: 54 What are three symptoms of a congested serial line? (Choose three) A. B. C. D. E. The connection fails at a particular time of day. The connection has never worked. The connectivity is intermittent. The connection fails as load increases. The hardware in the serial link failed.

Answer: A, C, D

QUESTION NO: 55 Examine the configuration statements. What will happen when interesting traffic destined to the network 172.16.1.0 is seen by RTA? RTA(config)#ip route 172.16.1.0 255.255.255.0 bri0 RTA(config)#interface bri0 RTA(config-if)#dialer map ip 10.1.1.1 name RTB 5551111 RTA(config-if)#dialer map ip 10.1.1.2 name RTC 5552222 RTA(config-if)#dialer map ip 10.1.1.3 name RTD 5553333 A. B. C. D. The packets destined for the 172.16.1.0 network will be dropped. A DDR call will be placed to router RTB and the packets routed to 10.1.1.1. A DDR call will be placed first to router RTB, and if it is busy, then to RTC and RTD. The packets destined for the 172.16.1.0 network will be sent to the default route.

Answer: C

Leading the way in IT testing and certification tools, www.testking.com - 32 -

642 - 821 Explanation: dialer map protocol next-hop-address [name hostname] [broadcast] dialstring This command configures a serial interface or ISDN interface to call one or multiples sites. The name refers to the name of the remote system, and broadcast indicates that broadcasts should be forwarded to this address. This dial-string is the number to dial to reach the destination. Reference: Building Cisco Remote Access Networks (Ciscopress) page 187

QUESTION NO: 56 Examine the partial output of the show run command interface BRI0 description connected to ntt 81019998887654 ip address 10.12.15.5 255.255.255.0 encapsulation ppp dialer idle-timeout 30 dialer load-threshold 40 either dialer map ip 10.12.15.8 name RTB 81019998888901 dialer map ip 10.12.15.9 name RTC 81019998881234 dialer map ip 10.12.15.4 name RTD 81019998881122 dialer-group 1 ppp authentication pap ppp multilink Which statement is true about the type of dial-on demand routing being implemented using BRI0? A. By configuring legacy DDR on interface BRI0, calls made to all three sites will use the same communication parameters. B. By configuring BRI0 as a member of a dial-group 1, communications parameters assigned to the group will override those configured on the interface. C. Calls made using BRI0 will attempt to use the authentication configured for the dial rotary, and if unsuccessful, will use pap authentication. D. The dialer profile communication parameters will override those configured directly on interface BRI0. Answer: A QUESTION NO: 57 What are two results of issuing the frame-relay map ip 192.168.1.2 100 command? (Choose two) A. Inverse ARP is enabled.

Leading the way in IT testing and certification tools, www.testking.com - 33 -

642 - 821 B. C. D. E. F. Inverse ARP is disabled. Split horizon is enabled Split horizon is disabled. IP address 192.168.1.2 is dynamically mapped to DLCI 100. IP address 192.168.1.2 is statically mapped to DLCI 100.

Answer: B, F Explanation: If you use dynamic address mapping, Frame Relay Inverse ARP provides a given DLCI and requests next-hop protocol addresses for a specific connection. The router then updates its mapping table and uses the information in the table to route outgoing traffic. Dynamic address mapping is enabled by default for all protocols on a physical interface. If you use the static mapping, you must use the frame-relay map command to statically map destination network protocol addresses to a designated DLCI. Reference: Building Cisco Remote Access Networks (Ciscopress) page 346-347

QUESTION NO: 58 Given the following debug output, which two statements are true? (Choose two) 1d16h: *Mar 2 *Mar 2 *Mar 2 A. B. C. D. E. %LINK-3-UPDPDOWN: Interface Serial3/0, changed state to up 16:52:15.297: Se3/0 PPP: Treating connection as a dedicated line 16:52:15.441: Se3/0 PPP: Phase is AUTHENTICATING, by this end 16:52:15.445: Se3/0 CHAP: O CHALLENGE id 7 len 29 from NAS1

The user is authenticating with the privileged mode password NAS1. This is a connection attempt to an async port. The connection is established on serial interface 3/0. The client is attempting to setup a Serial Line Internet Protocol connection. The user is authenticating using CHAP.

Answer: C E Explanation: When using Chap authentication, the access server sends a challenge message to the remote node after the ppp link is established. The remote node responds with a value calculated by using a one-way hash function. The access server (NAS1) checks the reponse against its own calculation of the expected hash value. Reference: Building Cisco Remote Access Networks (Ciscopress) page 115

Leading the way in IT testing and certification tools, www.testking.com - 34 -

642 - 821

QUESTION NO: 59 Given the configuration: access-list 101 permit ip any any access-list 101 deny tcp any any eq ftp dialer-list 2 protocol ip list 101 Which two statements about the configuration are true with respect to FTP traffic and DDR? (Choose two) A. B. C. D. FTP traffic will be forwarded. FTP traffic will not be forwarded. FTP will cause the line to come up. Since FTP uses two sockets, both must be defined to prevent packet forwarding.

Answer: B C Explanation: Access-list 101 deny tcp any any eq ftp - will stop any ftp traffic to any host dialer-list 2 protocol ip list 101 command is used to configure dial-on-demand calls that will initiate a connection. Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 - 194

QUESTION NO: 60 A Frame Relay PVC is reported as in INACTIVE state on the router. What is the possible cause? A. B. C. D. PVC is not configured on local router. PVC is not configured on the Frame Relay switch. PVC is in DOWN state on the remote router. PVC is in DELETED state on the remote router.

Answer: C Explanation: Inactive state Indicates that the Local connection to the Frame Relay switch is working, but the remote routers connection to the Frame Relay switch is not working. Reference: Building Cisco Remote Access Networks (Ciscopress) page 345

Leading the way in IT testing and certification tools, www.testking.com - 35 -

642 - 821

QUESTION NO: 61

Refer to the output of the debug frame-relay packet command shown in the graphic. What is the possible problem? A. B. C. D. E. Frame Relay encapsulation mismatch. Frame Relay LMI type mismatch. Missing routing table entry. Missing inverse ARP entry. Missing MAC address

Answer: B QUESTION NO: 62 When a modem powers up, how does the connected computer know that the DCE is ready to use? A. B. C. D. The modem sets DTR pin 20. The modem sets DCE pin 5. The modem sets DSR pin 6. The modem sets DTE pin 4.

Answer: C Explanation: DSR Data Set Ready (pin 6). The DCE is ready for use. This pin is not used on modem connections. The DSR is active as soon as a modem is turned on. Reference: Building Cisco Remote Access Networks (Ciscopress) page 60

Leading the way in IT testing and certification tools, www.testking.com - 36 -

642 - 821 QUESTION NO: 63 Based on the configuration shown, what is the CIR of interface Serial0/0 300? interface Serial0/0 no ip address encapsulation frame-relay no fair-queue frame-relay traffic-shaping bandwidth 1536 ! interface Serial0/0.100 point-to-point ip address 10.1.1.1 255.255.255.0 frame-relay interface-dlci 100 frame-relay class cisco ! interface Serial0/0.200 point-to-point ip address 10.1.2.1 255.255.255.0 frame-relay interface-dlci 200 frame-relay class cisco ! interface Serial0/0.300 point-to-point ip address 10.1.3.1 255.255.255.0 frame-relay interface-dlci 300 ! ! map-class frame-relay cisco frame-relay cir 128000 frame-relay adaptive-shaping becn A. B. C. D. E. 56 kbps 64 kbps 128 kbps 896 kbps 1536 kbps

Answer: C Explanation: frame-relay cir To specify the incoming or outgoing committed information rate (CIR)for a Frame Relay virtual circuit, use the frame-relay cir map-class configuration command. To reset the CIR to the default, use the no form of this command.

Leading the way in IT testing and certification tools, www.testking.com - 37 -

642 - 821
frame-relay cir {in | out} bps no frame-relay cir {in | out} bps

Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_command_reference_chapter09186a00800 87bcd.html#xtocid106829 QUESTION NO: 64 When is ISDN BRI a viable option as a remote access solution? A. B. C. D. A mobile user that needs access to the central site while traveling. A branch office needs to connect to a mobile user. A remote site with sporadic traffic needs to connect to central site. A branch office requires at least 300kbps bandwidth to the central site.

Answer: C Explanation: Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels. ISDN uses the D channel to carry signal information. ISDN can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can utilize up to 9.6 kbps. When this feature is configured, a separate X.25-over-D-channel logical interface is created. You can set its parameters without disrupting the original ISDN interface configuration. The original BRI interface will continue to represent the D, B1, and B2 channels. Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over-D-channel calls and initiates them on a new interface. X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP. This feature is not available on the ISDN Primary Rate Interface (PRI). Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800 d9b8a.html

QUESTION NO: 65 Which user requirement is best served by an access server? A. Mobile sales force requiring dial-in access. Leading the way in IT testing and certification tools, www.testking.com - 38 -

642 - 821 B. Mobile sales force requiring dedicated connection. C. Corporate staff requiring access to web-bases applications. D. Corporate staff requiring access to applications on corporate systems. Answer: A Explanation: A router act access server, which is a concentration point for dial-in and dial-out calls. Mobile users, for example, can call into an access server at a Central site to access their messages. Reference: Building Cisco Remote Access Networks (Ciscopress) page 21 QUESTION NO: 66 Which of the following statements are correct regarding the Multilink PPP protocol? (Choose two) MLP can be applied to any link type utilizing PPP encapsulation. MLP can identify bundles only through the authenticated name. MLP is a negotiated option only during the LCP phase of PPP. For MLP to bind links, configuring AAA authentication is a required. Answer: B Explanation: Answer A. Multilink PPP Prerequisites The dialer interface, BRI interface, PRI interface, multilink interface, or virtual template must be configured, and PPP encapsulation must be enabled. Answer B. PPP authentication plays a part in Multilink PPP. The bundle decision is based on the authentication name of the remote router independently on each side of the link. Each router should use a unqiue hostname for authentication, with a shared password. Reference: Building Cisco Remote Access Networks (Ciscopress) page 200 http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bd7.html

Leading the way in IT testing and certification tools, www.testking.com - 39 -