ENSA 3 Flashcards
Refer to the exhibit. Which address or addresses represent the inside global address?
192.168.0.100
10.1.1.2
any address in the 10.1.1.0 network
209.165.20.25
209.165.20.25
Which two IPsec protocols are used to provide data integrity?
MD5
DH
AES
SHA
RSA
MD5
SHA
Explanation: The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm used for key exchange. RSA is an algorithm used for authentication.
If an outside host does not have the Cisco AnyConnect client preinstalled, how would the host gain access to the client image?
The Cisco AnyConnect client is installed by default on most major operating systems.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
The host initiates a clientless connection to a TFTP server to download the client.
The host initiates a clientless connection to an FTP server to download the client.
Explanation: If an outside host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection via a compliant web browser, and then download and install the AnyConnect client on the remote host.
The host initiates a clientless VPN connection using a compliant web browser to download the client.
Explanation: If an outside host does not have the Cisco AnyConnect client preinstalled, the remote user must initiate a clientless SSL VPN connection via a compliant web browser, and then download and install the AnyConnect client on the remote host.
A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)
leased line
cable
digital subscriber line
Ethernet WAN
municipal Wi-Fi
Leased Line
Ethernet Wan
Explanation: An organization can connect to a WAN through basic two options:
Private WAN infrastructure – such as dedicated point-to-point leased lines, PSTN, ISDN, Ethernet WAN, ATM, or Frame Relay
Public WAN infrastructure – such as digital subscriber line (DSL), cable, satellite access, municipal Wi-Fi, WiMAX, or wireless cellular including 3G/4G
Which type of QoS marking is applied to Ethernet frames?
IP precedence
DSCP
ToS
CoS
CoS
Explanation: The class of service (CoS) marking allows a Layer 2 Ethernet frame to be marked with eight levels of priority (values 0–7). This marking can be used by QoS-enabled network devices to provide preferential traffic treatment.
Refer to the exhibit. Routers R1 and R2 are connected via a serial link. One router is configured as the NTP master, and the other is an NTP client. Which two pieces of information can be obtained from the partial output of the show ntp associations detail command on R2? (Choose two.)
Both routers are configured to use NTPv2.
Router R1 is the master, and R2 is the client
The IP address of R2 is 192 168.1.2.
Router R2 is the master, and R1 is the client
The IP address of R1 is 192.168.1.2
Router R1 is the master, and R2 is the client
The IP address of R1 is 192.168.1.2
Explanation: With the show NTP associations command, the IP address of the NTP master is given.
Refer to the exhibit. The network administrator that has the IP address of 10.0.70.23/25 needs to have access to the corporate FTP server (10.0.54.5/28). The FTP server is also a web server that is accessible to all internal employees on networks within the 10.x.x.x address. No other traffic should be allowed to this server. Which extended ACL would be used to filter this traffic, and how would this ACL be applied? (Choose two.)
R1(config)# interface s0/0/0
R1(config-if)# ip access-group 105 out
R2(config)# interface gi0/0
R2(config-if)# ip access-group 105 in
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
access-list 105 permit ip host 10.0.70.23 host 10.0.54.5
access-list 105 permit tcp any host 10.0.54.5 eq www
access-list 105 permit ip any any#
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
access-list 105 permit tcp host 10.0.54.5 any eq www
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20
access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www
access-list 105 deny ip any host 10.0.54.5
access-list 105 permit ip any any
R1(config)# interface gi0/0
R1(config-if)# ip access-group 105 out
Explanation: The first two lines of the ACL allow host 10.0.70.23 FTP access to the server that has the IP address of 10.0.54.5. The next line of the ACL allows HTTP access to the server from any host that has an IP address that starts with the number 10. The fourth line of the ACL denies any other type of traffic to the server from any source IP address. The last line of the ACL permits anything else in case there are other servers or devices added to the 10.0.54.0/28 network. Because traffic is being filtered from all other locations and for the 10.0.70.23 host device, the best place to put this ACL is closest to the server
Refer to the exhibit. If the network administrator created a standard ACL that allows only devices that connect to the R2 G0/0 network access to the devices on the R1 G0/1 interface, how should the ACL be applied?
inbound on the R2 G0/0 interface
outbound on the R1 G0/1 interface
inbound on the R1 G0/1 interface
outbound on the R2 S0/0/1 interface
outbound on the R1 G0/1 interface
Explanation: Because standard access lists only filter on the source IP address, they are commonly placed closest to the destination network. In this example, the source packets will be coming from the R2 G0/0 network. The destination is the R1 G0/1 network. The proper ACL placement is outbound on the R1 G0/1 interface.
Which is a characteristic of a Type 2 hypervisor?
does not require management console software
has direct access to server hardware resources
best suited for enterprise environments
installs directly on hardware
does not require management console software
Explanation: Type 2 hypervisors are hosted on an underlaying operating system and are best suited for consumer applications and those experimenting with virtualization. Unlike Type 1 hypervisors, Type 2 hypervisors do not require a management console and do not have direct access to hardware.
What are the two types of VPN connections? (Choose two.)
PPPoE
Frame Relay
site-to-site
remote access
leased line
site-to-site
remote access
Explanation: PPPoE, leased lines, and Frame Relay are types of WAN technology, not types of VPN connections.
. Refer to the exhibit. What three conclusions can be drawn from the displayed output? (Choose three.)
The DR can be reached through the GigabitEthernet 0/0 interface.
There have been 9 seconds since the last hello packet sent.
This interface is using the default priority.
The router ID values were not the criteria used to select the DR and the BDR.
The router ID on the DR router is 3.3.3.3
The BDR has three neighbors.
The DR can be reached through the GigabitEthernet 0/0 interface.
There have been 9 seconds since the last hello packet sent.
The router ID values were not the criteria used to select the DR and the BDR.
Refer to the exhibit. A network administrator is configuring an ACL to limit the connection to R1 vty lines to only the IT group workstations in the network 192.168.22.0/28. The administrator verifies the successful Telnet connections from a workstation with IP 192.168.22.5 to R1 before the ACL is applied. However, after the ACL is applied to the interface Fa0/0, Telnet connections are denied. What is the cause of the connection failure?
The enable secret password is not configured on R1.
The IT group network is included in the deny statement.
The permit ACE specifies a wrong port number.
The permit ACE should specify protocol ip instead of tcp.
The login command has not been entered for vty lines.
The IT group network is included in the deny statement.
Explanation: The source IP range in the deny ACE is 192.168.20.0 0.0.3.255, which covers IP addresses from 192.168.20.0 to 192.168.23.255. The IT group network 192.168.22.0/28 is included in the 192.168.20/22 network. Therefore, the connection is denied. To fix it, the order of the deny and permit ACE should be switched.
What functionality does mGRE provide to the DMVPN technology?
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
It provides secure transport of private information over public networks, such as the Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
Explanation: DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.
It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.
Explanation: DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.
What is used to pre-populate the adjacency table on Cisco devices that use CEF to process packets?
the FIB
the routing table
the ARP table
the DSP
The Arp Table
Explanation: CEF uses the FIB and adjacency table to make fast forwarding decisions without control plane processing. The adjacency table is pre-populated by the ARP table and the FIB is pre-populated by the routing table.
What command would be used as part of configuring NAT or PAT to display information about NAT configuration parameters and the number of addresses in the pool?
show running-config
show ip nat statistics
show ip cache
show version
show ip nat statistics
