Networking Test 4 Flashcards Preview

Networking Exam > Networking Test 4 > Flashcards

Flashcards in Networking Test 4 Deck (42):
1

NAT changes ______ _____ on outbound packets and _____ _____ on inbound packets

NAT changes SOURCE IP on outbound packets and DESTINATION IP on inbound packets

2

NAT translates what layer addresses between interfaces? L2, L3, or L4?

Layer 3

3

What is NAT most commonly used for?

Allowing many internal hosts on private IPs to share a single public IP to access the internet

4

What feature was NAT never designed for but it provides anyways?

Provides one layer of security

5

What are the types of NAT?

Static (one-to-one)Dynamic (many-to-many but not common)Overloading (one-to-many)

6

This type of NAT is designed to allow one-to-one mapping between local and global addresses

Static NAT

7

This type of NAT gives you the ability to map a range of unregistered IP addresses to a registered IP address out from a pool of registered IP addresses

Dynamic NAT

8

This is a form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports

Overloading NAT

9

What are the 4 names of NAT addresses?

Inside Local, Inside Global, Outside Local, Outside Global

10

What NAT address would have this application:Actual IP address assigned to an inside host Typically private (RFC 1918)

Inside Local

11

What application would an Inside Global NAT address have?

Outside view IP address of inside host After translation Typically address of router connected to ISP

12

Outside Local NAT addresses have an __________ view ip address of outside host

inside

13

Outside Global NAT addresses have actual IP address assigned to __________ host

outside

14

What's another name for Overloading NAT configuration?

PAT (Port Address Translation) or NAT Overload.

15

What are some disadvantages to using NAT?

Translation introduces switching path delaysNAT causes loss of end-to-end IP traceabilityCertain applications will not function with NAT enables

16

What are some advantages to using NAT?

NAT conserves legally registered addressesNAT increases flexibility when connecting to the internetNAT remedies address overlap occurrence

17

What does the asterisk (*) represent in the following output?NAT*: s=172.1.2.2, d=192.168.2.1->10.1.1.1 [1]

The packet was translated and fast-switched to the destination

18

Which of the following is considered to be the inside host's address after translation?Inside LocalOutside LocalInside GlobalOutside Global

Inside Global

19

Which of the following is considered to be the inside host's address before translation?Inside LocalOutside LocalInside GlobalOutside Global

Inside Local

20

Which command would you place on the interface of a private network?

ip nat inside

21

Which command would you place on an interface connected to the internet?

ip nat outside

22

What is the prefix-length cisco command used for?

When creating a pool of global addresses the prefix-length command can be used instead of the netmask command

23

What would be a good starting point for troubleshooting if your router is not translating?

Run the debug all command

24

What does the clear ip nat translations * command do?

Clears all the translations active on your router

25

Which command will allow you to see real-time translations on your router?show ip nat translationsshow ip nat statisticsdebug ip nat

debug ip nat

26

What does the show ip nat statistics command do?

The show ip nat statistics command displays a summary of the NAT configuration as well as counts of active translation types, hits to an existing mapping, misses (an attempt to create a mapping), and expired translations

27

What will this command give you?ip nat pool Todd 171.16.10.65 171.16.10.94 net 255.255.255.224

This will create a dynamic pool named Todd that will provide you with 30 global addresses. The name has to be Uppercase, aka Todd. The range 171.16.10.65 - 94 has 30 available hosts, so the mask has to match 30 hosts as well, which is why the subnet is 255.255.255.224.

28

List 3 good reasons to run NAT

You need to connect to the internet and your hosts don't have globally unique IP addresses_________You change to a new ISP that requires you to renumber your network___________You require two intranets with duplicate addresses to merge

29

What are the two main protocols in IPSec (layer 3 protocol suite)?

Authentication Header (AH)and Encapsulating Security Payload (ESP)

30

Which IPSec protocol provides integrity, authentication, and anti-replay, but not confidentiality?

Authentication Header (AH)

31

Which IPSec protocol provides CIA+A (which makes it the most used), can work in Transport mode (host-to-host), and can work in tunnel mode (network-to-network)?

Encapsulating Security Payload (ESP)

32

Which protocol establishes Security Associations and defines the process for peer authentication?

Internet Security Association and Key Management Protocol (ISAKMP)

33

What is the security association?

A set of agreed upon parameters between peers to ensure communication security

34

What does IKE stand for?

Internet Key Exchange (this builds security between peers)

35

Which version of IKE is the most efficient and secure?IKEv1, IKEv2, IKE_SA, CHILD_SA?

IKEv2 is the bomb.com

36

How many phases of IKE are there?

2 phases

37

IKE phase 1/IKE_SA established a secure channel between peers and managed the channel, key renewal, like a _____ ______

control plane

38

IKE phase 2/CHILD_SA established a second security channel, encrypts, decrypts, transports data, like a ___________ __________

data plane

39

IKE phase 1 negotiates connection parameters using :

Hash algorithm, encryption algorithm, diffie-hellman group, authentication method, connection lifetime

40

What does Diffie-Hellman group entail?

Diffie-Hellman exchange establishes a shared symmetric key

41

IKE phase 2 is a child connection established right after ____ _____

phase 1

42

Encryption for a remote-access VPN through a concentrator is usually handled by ___________ or by _________

Internet Protocol Security (IPSec) or Secure Sockets Layer (SSL)