[FINAL] Networking 3 Module 6-8

Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.)

• NAT improves packet handling.

• NAT adds authentication capability to IPv4.

• NAT will impact negatively on switch performance.

• NAT causes routing tables to include more information.

• NAT provides a solution to slow down the IPv4 address depletion.

• NAT introduces problems for some applications that require end-to-end connectivity.

• NAT provides a solution to slow down the IPv4 address depletion.

• NAT introduces problems for some applications that require end-to-end connectivity.

A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task?

• Router# show ip nat translations

• Router# show ip nat statistics

• Router# clear ip nat translations

• Router# debug ip nat translations

• Router# show ip nat translations

What are two tasks to perform when configuring static NAT? (Choose two.)

• Configure a NAT pool.

• Create a mapping between the inside local and outside local addresses.

• Identify the participating interfaces as inside or outside interfaces.

• Define the inside global address on the server

• Define the outside global address.

• Create a mapping between the inside local and outside local addresses.

• Identify the participating interfaces as inside or outside interfaces.

What is a disadvantage of NAT?

• There is no end-to-end addressing.

• The router does not need to alter the checksum of the IPv4 packets.​

• The internal hosts have to use a single public IPv4 address for external communication.

• The costs of readdressing hosts can be significant for a publicly addressed network.​

• There is no end-to-end addressing.

What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command?

• It allows many inside hosts to share one or a few inside global addresses.

• It allows a list of internal hosts to communicate with a specific group of external hosts.

• It allows external hosts to initiate sessions with internal hosts.

• It allows a pool of inside global addresses to be used by internal hosts.

• It allows many inside hosts to share one or a few inside global addresses.

Which situation describes data transmissions over a WAN connection?

• A network administrator in the office remotely accesses a web server that is located in the data center at the edge of the campus.

• A manager sends an email to all employees in the department with offices that are located in several buildings.

• An employee prints a file through a networked printer that is located in another building.

• An employee shares a database file with a co-worker who is located in a branch office on the other side of the city.

• An employee shares a database file with a co-worker who is located in a branch office on the other side of the city.

Which two technologies are categorized as private WAN infrastructures? (Choose two.)

• Frame Relay

• VPN

• MetroE

• DSL

• cable

• Frame Relay

• MetroE

Which network scenario will require the use of a WAN?

• Employees need to connect to the corporate email server through a VPN while traveling.

• Employees need to access web pages that are hosted on the corporate web servers in the DMZ within their building.

• Employee workstations need to obtain dynamically assigned IP addresses.

• Employees in the branch office need to share files with the headquarters office that is located in a separate building on the same campus network.

• Employees need to connect to the corporate email server through a VPN while traveling.

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

• SHA

• RSA

• DH

• MD5

• AES

• SHA

• MD5

What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

• SHA

• RSA

• AES

• DH

• PSK

• SHA

• AES

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

• client-based SSL

• site-to-site using an ACL

• clientless SSL

• site-to-site using a preshared key

• clientless SSL

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

• integrity

• authentication

• confidentiality

• secure key exchange

• integrity

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

• clientless SSL VPN

• client-based IPsec VPN

• IPsec VPN

• IPsec Virtual Tunnel Interface VPN

• GRE over IPsec VPN

• clientless SSL VPN

• client-based IPsec VPN

Which is a requirement of a site-to-site VPN?

• It requires hosts to use VPN client software to encapsulate traffic.

• It requires the placement of a VPN server at the edge of the company network.

• It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

• It requires a client/server architecture.

• It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.

What is the function of the Diffie-Hellman algorithm within the IPsec framework?

• guarantees message integrity

• allows peers to exchange shared keys

• provides authentication

• provides strong data encryption

• allows peers to exchange shared keys

What does NAT overloading use to track multiple internal hosts that use one inside global address?

• port numbers

• IP addresses

• autonomous system numbers

• MAC addresses

• port numbers

Which type of VPN uses the public key infrastructure and digital certificates?​

• SSL VPN

• GRE over IPsec

• IPsec virtual tunnel interface

• dynamic multipoint VPN

• SSL VPN

Which two WAN infrastructure services are examples of private connections? (Choose two.)

• cable

• DSL

• Frame Relay

• T1/E1

• wireless

• Frame Relay

• T1/E1

Which two statements about the relationship between LANs and WANs are true? (Choose two.)

• Both LANs and WANs connect end devices.

• WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals.

• WANs must be publicly-owned, but LANs can be owned by either public or private entities.

• WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices.​

• LANs connect multiple WANs together.

• WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals.

• WANs connect LANs at slower speed bandwidth than LANs connect their internal end devices.​

Which statement describes an important characteristic of a site-to-site VPN?

• It must be statically set up.

• It is ideally suited for use by mobile workers.

• It requires using a VPN client on the host PC.

• After the initial connection is established, it can dynamically change connection information.

• It is commonly implemented over dialup and cable modem networks.

• It must be statically set up.

How is “tunneling” accomplished in a VPN?

• New headers from one or more VPN protocols encapsulate the original packets.

• All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.

• Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.

• A dedicated circuit is established between the source and destination devices for the duration of the connection.

• New headers from one or more VPN protocols encapsulate the original packets.

Which statement describes a VPN?

• VPNs use open source virtualization software to create the tunnel through the Internet.

• VPNs use logical connections to create public networks through the Internet.

• VPNs use dedicated physical connections to transfer data between remote users.

• VPNs use virtual connections to create a private network through a public network.

• VPNs use virtual connections to create a private network through a public network.

What type of address is 64.100.190.189?

• public

• private

• public

Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

• MPLS VPN

• IPsec virtual tunnel interface

• dynamic multipoint VPN

• GRE over IPsec

• IPsec virtual tunnel interface

Match the scenario to the WAN solution. (Not all options are used.)

In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet?

• outside global

• inside global

• outside local

• inside local

• outside global

Which circumstance would result in an enterprise deciding to implement a corporate WAN?

• when the enterprise decides to secure its corporate LAN

• when its employees become distributed across many branch locations

• when the number of employees exceeds the capacity of the LAN

• when the network will span multiple buildings

• when its employees become distributed across many branch locations

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

• protects IPsec keys during session negotiation

• authenticates the IPsec peers

• creates a secure channel for key negotiation

• guarantees message integrity

• guarantees message integrity

What algorithm is used with IPsec to provide data confidentiality?

• Diffie-Hellman

• SHA

• MD5

• RSA

• AES

• AES

Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

• remote access VPN

• Frame Relay

• Layer 2 MPLS VPN

• site-to-site VPN

• Layer 3 MPLS VPN

• remote access VPN

• site-to-site VPN

What type of address is 10.100.126.126?

• private

• public

• private

Which type of VPN connects using the Transport Layer Security (TLS) feature?

• SSL VPN

• MPLS VPN

• IPsec virtual tunnel interface

• dynamic multipoint VPN

• SSL VPN

Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

• DSL switch

• ISR router

• another ASA

• multilayer switch

• Frame Relay switch

• ISR router

• another ASA

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

• IKE

• IPsec

• OSPF

• GRE

• GRE

What is a disadvantage when both sides of a communication use PAT?

• End-to-end IPv4 traceability is lost.

• The flexibility of connections to the Internet is reduced.

• The security of the communication is negatively impacted.

• Host IPv4 addressing is complicated.

• End-to-end IPv4 traceability is lost.

What two addresses are specified in a static NAT configuration?

• the outside global and the outside local

• the inside local and the outside global

• the inside global and the outside local

• the inside local and the inside global

• the inside local and the inside global

A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

• municipal Wi-Fi

• digital subscriber line

• leased line

• Ethernet WAN

• cable

• leased line

• Ethernet WAN

What type of address is 128.107.240.239?

• Public

• Private

• Public

Which type of VPN has both Layer 2 and Layer 3 implementations?

• IPsec virtual tunnel interface

• dynamic multipoint VPN

• GRE over IPsec

• MPLS VPN

• MPLS VPN

Match each component of a WAN connection to its description. (Not all options are used.)

Which type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

• dynamic multipoint VPN

• SSL VPN

• IPsec virtual tunnel interface

• GRE over IPsec

• GRE over IPsec

Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to and external server at the IP address 209.165.200.254 across a router R1 that running dynamic NAT. (Not all options are used.)

Which type of VPN involves passenger, carrier, and transport protocols?

• GRE over IPsec

• dynamic multipoint VPN

• MPLS VPN

• IPsec virtual tunnel interface

• GRE over IPsec

Match the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to an external server at the IP address 209.165.200.254 across a router R1 that is running dynamic NAT. (Not all options are used.)

What type of address is 10.131.48.7?

• Private

• Public

• Private

Which type of VPN supports multiple sites by applying configurations to virtual interfaces instead of physical interfaces?

• dynamic multipoint VPN

• IPsec virtual tunnel interface

• MPLS VPN

• GRE over IPsec

• IPsec virtual tunnel interface

Which type of VPN involves a nonsecure tunneling protocol being encapsulated by IPsec?

• dynamic multipoint VPN

• SSL VPN

• IPsec virtual tunnel interface

• GRE over IPsec

• GRE over IPsec

What type of address is 10.19.6.7?

• private

• public

• private

What type of address is 64.101.198.197?

• public

• private

• public

What type of address is 64.101.198.107

• public

• private

• public

What type of address is 10.100.34.34?

• private

• public

• private

What type of address is 192.168.7.126?

• Private.

• Public

• Private.

What type of address is 198.133.219.148?

• Private.

• Public

• Public

Which two end points can be on the other side of an ASA site-to-site VPN? (Choose two.)

• DSL switch

• router

• another ASA

• multilayer switch

• Frame Relay switch

• router

• another ASA

What type of address is 192.168.7.98?

• public

• private

• private