Questions

Question 1

1. Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.)

Answer 1

NAT provides a solution to slow down the IPv4 address depletion.
NAT introduces problems for some applications that require end-to-end connectivity.

Question 2

2. A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task?

Answer 2

Router# show ip nat translations

Question 3

3. What are two tasks to perform when configuring static NAT? (Choose two.)

Answer 3

Create a mapping between the inside local and outside local addresses.
Identify the participating interfaces as inside or outside interfaces.

Question 4

4. What is a disadvantage of NAT?

Answer 4

There is no end-to-end addressing.

Question 5

Refer to the exhibit. From the perspective of R1, the NAT router, which address is the inside global address?

Answer 5

209.165.200.225

Question 6

Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1?

Answer 6

1

Question 7

7. Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)

Answer 7

A standard access list numbered 1 was used as part of the configuration process.
Address translation is working.
Two types of NAT are enabled.

Question 8

8. Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?

Answer 8

209.165.200.245

Question 9

9. Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?

Answer 9

PAT using an external interface

Question 10

10. Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

Answer 10

inside global

Question 11

11. Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the web server on the internal network. What two addresses are needed in place of A and B to complete the static NAT configuration? (Choose two.)

Answer 11

A = 10.1.0.13
B = 209.165.201.1

Question 12

12. What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command?

Answer 12

It allows many inside hosts to share one or a few inside global addresses.

Question 13

13. Refer to the exhibit. Which source address is being used by router R1 for packets being forwarded to the Internet?

Answer 13

209.165.200.225

Question 14

. Refer to the exhibit. The NAT configuration applied to the router is as follows:
ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255
ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224
ERtr(config)# ip nat inside source list 1 pool corp overload
ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4
ERtr(config)# interface gigabitethernet 0/0
ERtr(config-if)# ip nat inside
ERtr(config-if)# interface serial 0/0/0
ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can be determined about the NAT status within the organization?

Answer 14

Not enough information is given to determine if both static and dynamic NAT are working.

Question 15

15. Which situation describes data transmissions over a WAN connection?

Answer 15

An employee shares a database file with a co-worker who is located in a branch office on the other side of the city

Question 16

16. Which two technologies are categorized as private WAN infrastructures? (Choose two.)

Answer 16

FRAME RELAY

METROE

Question 17

17. Which network scenario will require the use of a WAN?

Answer 17

Employees need to connect to the corporate email server through a VPN while traveling.

Question 18

18. What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

Answer 18

SHA EN MD5

Question 19

19. What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

Answer 19

SHA EN AES

Question 20

20. Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

Answer 20

CLIENTLESS SSL

Question 21

21. Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

Answer 21

INTEGRETY

Question 22

22. Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

Answer 22

clientless SSL VPN

client-based IPsec VPN

Question 23

23. Which is a requirement of a site-to-site VPN?

Answer 23

It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

Question 24

24. What is the function of the Diffie-Hellman algorithm within the IPsec framework?

Answer 24

allows peers to exchange shared keys

Question 25

25. What does NAT overloading use to track multiple internal hosts that use one inside global address?

Answer 25

port numbers

Question 26

27. Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1?

Answer 26

209.165.200.225

Question 27

28. Which type of VPN uses the public key infrastructure and digital certificates?​

Answer 27

SSL VPN

Question 28

29. Which two WAN infrastructure services are examples of private connections? (Choose two.)

Answer 28

Frame Relay | T1/E1

Question 29

30. Which two statements about the relationship between LANs and WANs are true? (Choose two.)

Answer 29

WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals. WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices.​

Question 30

31. Which statement describes an important characteristic of a site-to-site VPN?

Answer 30

It must be statically set up.

Question 31

32. How is “tunneling” accomplished in a VPN?

Answer 31

New headers from one or more VPN protocols encapsulate the original packets.

Question 32

33. Which statement describes a VPN?

Answer 32

VPNs use virtual connections to create a private network through a public network.

Question 33

34. Open the PT Activity. Perform the tasks in the activity instructions and then answer the question. What problem is causing PC-A to be unable to communicate with the Internet?

Answer 33

The NAT interfaces are not correctly assigned.

Question 34

35. What type of address is 64.100.190.189?

Answer 34

64 & 128 & 198 = PUBLIC | 10 & 192 = PRIVATE

Question 35

Match the scenario to the WAN solution. (Not all options are used.)

Answer 35

``` TELEWORKER = CABLE MULTISITE = METROE COMPANY HIGHER DOWNLOAD = DSL COMPANY HEADQUARTERS = FRAME RELAY COMPANY BANDWITH = METROE ```

Question 36

Refer to the exhibit. The PC is sending a packet to the Server on the remote network. Router R1 is performing NAT overload. From the perspective of the PC, match the NAT address type with the correct IP address. (Not all options are used.)

Answer 36

LINKSONDER = INSIDE LOCAL AAN ROUTER LINKS = INSIDE GLOBAL SERVER = OUTIDE GLOBAL

Question 37

39. Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?

Answer 37

Interface S0/0/0 should be configured with the command ip nat outside.

Question 38

40. In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet?

Answer 38

outside global

Question 39

41. Refer to the exhibit. Which two statements are correct based on the output as shown in the exhibit? (Choose two.)

Answer 39

The output is the result of the show ip nat translations command. The host with the address 209.165.200.235 will respond to requests by using a source address of 192.168.10.10.

Question 40

42. Which circumstance would result in an enterprise deciding to implement a corporate WAN?

Answer 40

when its employees become distributed across many branch locations

Question 41

43. What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

Answer 41

guarantees message integrity

Question 42

What algorithm is used with IPsec to provide data confidentiality?

Answer 42

AES

Question 43

45. Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

Answer 43

remote access VPN | site to site

Question 44

47. Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?​

Answer 44

The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

Question 45

49. Which type of VPN connects using the Transport Layer Security (TLS) feature?

Answer 45

SSL VPN

Question 46

50. Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

Answer 46

ISR | ANOTHER RSA

Question 46

50. Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

Answer 46

ISR | ANOTHER RSA

Question 47

51. Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

Answer 47

GRE

Question 48

52. What is a disadvantage when both sides of a communication use PAT?

Answer 48

End-to-end IPv4 traceability is lost.

Question 49

53. What two addresses are specified in a static NAT configuration?

Answer 49

the inside local and the inside global

Question 50

54. A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

Answer 50

leased line | Ethernet WAN

Question 51

56. Which type of VPN has both Layer 2 and Layer 3 implementations?

Answer 51

MPLS VPN

Question 52

57. Refer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect?

Answer 52

NAT-POOL2 is bound to the wrong ACL

Question 53

58. Match each component of a WAN connection to its description. (Not all options are used.)

Answer 53

CUSTOMER PREMISES = DEVICES AND INSIDE WIRING DEMARCATION POINT = A POINT DATA TERMINAL = CUSTOMER DEVICES DATA COMMUNICATION = DEVICES THAT PUT

Question 54

59. Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

Answer 54

GRE over IPsec

Question 55

60. Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to and external server at the IP address 209.165.200.254 across a router R1 that running dynamic NAT. (Not all options are used.)

Answer 55

1) THE HOST 2) R1 CHECKS 3) IF 4) SELECTS 5) REPLACES

Question 56

61. Which type of VPN involves passenger, carrier, and transport protocols?

Answer 56

GRE over IPSEC

Question 57

63. Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations . Which statement correctly describes the NAT translation that is occurring on router RT2?​

Answer 57

The traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by means of static NAT.

Question 58

65. Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces?

Answer 58

IPsec virtual tunnel interface

Question 59

66. Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec?

Answer 59

GRE over IPsec

Question 60

73. Which two end points can be on the other side of an ASA site-to-site VPN? (Choose two.)

Answer 60

router | another ASA