Networking Test 4 Flashcards Preview

Networking Exam > Networking Test 4 > Flashcards

Flashcards in Networking Test 4 Deck (42):

NAT changes ______ _____ on outbound packets and _____ _____ on inbound packets

NAT changes SOURCE IP on outbound packets and DESTINATION IP on inbound packets


NAT translates what layer addresses between interfaces? L2, L3, or L4?

Layer 3


What is NAT most commonly used for?

Allowing many internal hosts on private IPs to share a single public IP to access the internet


What feature was NAT never designed for but it provides anyways?

Provides one layer of security


What are the types of NAT?

Static (one-to-one)Dynamic (many-to-many but not common)Overloading (one-to-many)


This type of NAT is designed to allow one-to-one mapping between local and global addresses

Static NAT


This type of NAT gives you the ability to map a range of unregistered IP addresses to a registered IP address out from a pool of registered IP addresses

Dynamic NAT


This is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports

Overloading NAT


What are the 4 names of NAT addresses?

Inside Local, Inside Global, Outside Local, Outside Global


What NAT address would have this application:Actual IP address assigned to an inside host Typically private (RFC 1918)

Inside Local


What application would an Inside Global NAT address have?

Outside view IP address of inside host After translation Typically address of router connected to ISP


Outside Local NAT addresses have an __________ view ip address of outside host



Outside Global NAT addresses have actual IP address assigned to __________ host



What's another name for Overloading NAT configuration?

PAT (Port Address Translation) or NAT Overload.


What are some disadvantages to using NAT?

Translation introduces switching path delaysNAT causes loss of end-to-end IP traceabilityCertain applications will not function with NAT enables


What are some advantages to using NAT?

NAT conserves legally registered addressesNAT increases flexibility when connecting to the internetNAT remedies address overlap occurrence


What does the asterisk (*) represent in the following output?NAT*: s=, d=> [1]

The packet was translated and fast-switched to the destination


Which of the following is considered to be the inside host's address after translation?Inside LocalOutside LocalInside GlobalOutside Global

Inside Global


Which of the following is considered to be the inside host's address before translation?Inside LocalOutside LocalInside GlobalOutside Global

Inside Local


Which command would you place on the interface of a private network?

ip nat inside


Which command would you place on an interface connected to the internet?

ip nat outside


What is the prefix-length cisco command used for?

When creating a pool of global addresses the prefix-length command can be used instead of the netmask command


What would be a good starting point for troubleshooting if your router is not translating?

Run the debug all command


What does the clear ip nat translations * command do?

Clears all the translations active on your router


Which command will allow you to see real-time translations on your router?show ip nat translationsshow ip nat statisticsdebug ip nat

debug ip nat


What does the show ip nat statistics command do?

The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (an attempt to create a mapping), and expired translations


What will this command give you?ip nat pool Todd net

This will create a dynamic pool named Todd that will provide you with 30 global addresses. The name has to be Uppercase, aka Todd. The range - 94 has 30 available hosts, so the mask has to match 30 hosts as well, which is why the subnet is


List 3 good reasons to run NAT

You need to connect to the internet and your hosts don't have globally unique IP addresses_________You change to a new ISP that requires you to renumber your network___________You require two intranets with duplicate addresses to merge


What are the two main protocols in IPSec (layer 3 protocol suite)?

Authentication Header (AH)and Encapsulating Security Payload (ESP)


Which IPSec protocol provides integrity, authentication, and anti-replay, but not confidentiality?

Authentication Header (AH)


Which IPSec protocol provides CIA+A (which makes it the most used), can work in Transport mode (host-to-host), and can work in tunnel mode (network-to-network)?

Encapsulating Security Payload (ESP)


Which protocol establishes Security Associations and defines the process for peer authentication?

Internet Security Association and Key Management Protocol (ISAKMP)


What is the security association?

A set of agreed upon parameters between peers to ensure communication security


What does IKE stand for?

Internet Key Exchange (this builds security between peers)


Which version of IKE is the most efficient and secure?IKEv1, IKEv2, IKE_SA, CHILD_SA?

IKEv2 is the


How many phases of IKE are there?

2 phases


IKE phase 1/IKE_SA established a secure channel between peers and managed the channel, key renewal, like a _____ ______

control plane


IKE phase 2/CHILD_SA established a second security channel, encrypts, decrypts, transports data, like a ___________ __________

data plane


IKE phase 1 negotiates connection parameters using :

Hash algorithm, encryption algorithm, diffie-hellman group, authentication method, connection lifetime


What does Diffie-Hellman group entail?

Diffie-Hellman exchange establishes a shared symmetric key


IKE phase 2 is a child connection established right after ____ _____

phase 1


Encryption for a remote-access VPN through a concentrator is usually handled by ___________ or by _________

Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL)