You are on page 1of 8

Close Window

Assessment System

1. Assessment Selection 2. Assessment Settings 3. Take Assessment

Take Assessment - ROUTE Chapter 7 - CCNP ROUTE (Version 6.0)

Time Remaining:

1

Refer to the exhibit. A network administrator has configured a GRE tunnel between R1 and R2 as shown. After
completing the tunnel configurations, the administrator notices that the tunnel interfaces on both routers are
down. All other interfaces are up and the pings through the ISP to the serial interface of each router are
successful. What is the cause of the problem?
Tunnel source configurations are incorrect.
Tunnel destination configurations are incorrect.

GRE IP encapsulation has not been configured.2 40 ip route 0.6.0.0 172.0 0.0 0.0 0.0.0.0.) Tunnel Profile (TCP port 604) Authentication Header (protocol 51) Generic Routing Encapsulation (protocol 47) Encapsulating Security Protocol (protocol 50) Internet Security Association and Key Management Protocol (TCP port 500) Internet Security Association and Key Management Protocol (UDP port 500) 3 Refer to the exhibit. Based on the partial configuration that is shown. which static route would be the primary default path? ip route 0.20.0 0. The MTU size has not been increased to 1492.0.0. 2 Which three protocols are involved in the establishment of an IPsec VPN tunnel? (Choose three.2 60 ip route 0.0. Packets that do not meet the criteria as specified in the crypto map are dropped.6.68.0.0. .0.0 192.20. The crypto map is applied to the outbound interface that the router is peering with.1 70 4 Which is a clientless VPN solution for mobile workers? GRE IPsec SSH SSL 5 Which two statements are correct about IPsec crypto maps? (Choose two.1 50 ip route 0.0.0.16.0 212. A crypto map is used to negotiate and exchange authentication and encryption parameters with its peer.0 202.68.0.0.0.0.16.) The crypto map defines the IPsec tunnel endpoint or peer.

0/8 exists. A network administrator is configuring NAT on router Remote.1.0/8 is received via RIP. IPsec forwards unicast and multicast traffic.0.0.2. If a route to 10. The crypto map is applied to the inbound interface that receives the packets before being transmitted over the VPN tunnel.0.0/8 exists.0.2.2 as the next hop because it has a higher preference. If no dynamic route to 10.0.0.0. both static routes will appear in the R1 routing table.0/8 is received via RIP. R1 will use 2. but not broadcast traffic. IPsec does not support encryption for traffic over a GRE tunnel.0. 8 Refer to the exhibit.0.1. both static routes will appear in the routing table. IPsec tunneling does not support the encapsulation of RFC 1918 addresses. Which two statements are true about the exhibited static routes? (Choose two.0.) If a route to 10. 6 What is a limitation of IPsec by design? IPsec only forwards unicast traffic. The static route to 10.0/8 via 1.2.2.1 will be preferred to the route via 2.2. If no dynamic route to 10. 7 Refer to the exhibit. The configuration should . R1 will prefer the dynamic route over both configured static routes.

16.129 0.7.16.16.255 Remote(config)# access-list 101 permit ip 172.16.16.16.0.0.16.16.7. Translation is allowed by a deny access list statement or route map. Traffic should bypass translation with a deny access list statement or route-map.0.0.202.7.0 0.16.255 any Remote(config)# access-list 101 deny 172.3 Remote(config)# access-list 101 permit ip 172.16.255 209.255 172.255 any Remote(config)# access-list 101 permit ip 172.7.7. all sharing the upstream and downstream bandwidth.16.16.16.7.7.0 0.7.16.16. Which of these challenges has the goal of obtaining centralized control of network security and management? bandwidth and network requirements consolidated data centers deployment plan management costs mobility 11 Which three statements would help an end user develop a better understanding of DSL technology? (Choose three. Transfer rates vary by the length of the local loop.0/21 to access Internet sites as well as resources on the HQ LAN network 172.0/21 through the VPN tunnel. although they use different technologies to achieve upload and download.0.0.0.0.0 0.16.16.16. allow users on network 172.0 0.255 any Remote(config)# access-list 101 permit ip 172.0 0.0.16.0.0.0.255 Remote(config)# access-list 101 deny 172.16.0 0.255 any Remote(config)# access-list 101 deny 172.0. All varieties of DSL provide the same bandwidth.255 9 How is NAT tuned to handle traffic that is sent through a VPN tunnel between a mobile worker and internal corporate resources? Translation is allowed by a permit access list statement or route map.0 0.0 0.0.255 any Remote(config)# access-list 101 deny 172.0 0.0.0.7.7.0 0.16. DSL is available in any location that has a telephone.7.) ADSL typically has a higher download bandwidth than available upload bandwidth. DSL speeds can exceed the speeds available with a typical T1 line.255 any Remote(config)# access-list 101 permit ip 172.0 0.255 172.7.16.0 0.0. DSL data subscribers are connected to a network segment. 12 What are three characteristics of broadband access? (Choose three.0 0.16.255 172.165.16.7.16.0. How should the administrator configure access list 101 to accomplish this task? Remote(config)# access-list 101 deny 172.0.16. 10 Branch office network design faces several challenges. Traffic should bypass translation with a permit access list statement or route-map.) always on built-in security .

202.1 host 209.32. enhanced voice and video services guaranteed quality of service (QoS) high-speed access wide area of coverage 13 Which three items can be specified by ISAKMP policy parameters? (Choose three.129 .165. which two crypto map access lists will complete this task? (Choose two.248.202. Assuming all other IPsec configurations are correct.100.2 R1(config-ext-nacl)# permit gre host 209.129 host 64.) R1(config-ext-nacl)# permit gre host 172.1 R1(config-ext-nacl)# permit gre host 64.) the hashing method to be used the encryption method to be used the encapsulation method to be used the authentication method to be used the ACL that is used to identify interesting traffic the amount of time the crypto interface should be active before being renegotiated 14 Refer to the exhibit.1 host 172.16.32.16.100.248. A network administrator is tuning IPsec to encapsulate the GRE tunnel between R1 and R2.165.

1 R2(config-ext-nacl)# permit gre host 64.165.32. Inc.202.129 15 Which statement is true about the deployment of Context-Based Access Control (CBAC) and Zone-Based Firewall (ZBF)? They cannot be deployed on the same router.16.202.129 host 64.32.1 host 209.248.100.248. They can be deployed on the same interface but not in the same direction. They can be deployed on the same router but not on the same interface. . Privacy Statement and Trademarks. R2(config-ext-nacl)# permit gre host 172.1 R2(config-ext-nacl)# permit gre host 209.100.165. Showing 1 of 2 <Prev 1 Next> Page: Close Window All contents copyright 1992-2010 Cisco Systems.2 host 172.16. They can be deployed on the same interface but cannot filter the same protocol.

Assessment Selection 2. Close Window Assessment System 1.ROUTE Chapter 7 . Allocate another downstream channel. 17 Which is a Cisco IOS firewall solution that relies on access control lists? Cisco Easy VPN server Cisco Security Manager Zone-Based Firewall (ZBF) Context-Based Access Control (CBAC) 18 In the routing design for a branch office. Assessment Settings 3.) Allocate less bandwidth to affected customers.CCNP ROUTE (Version 6. which area will have an affect on convergence.0) Time Remaining: 16 Which two solutions can a hybrid fiber cable service provider apply when there is constant congestion on the line? (Choose two. Run fiber to each home. Take Assessment Take Assessment . Run fiber deeper into the neighborhood. load balancing. and scalability? connectivity technologies mobility requirements resiliency routing protocols service mix security and compliance 19 Which IPsec service verifies that the data was not altered during transmission? authorization . Allocate another upstream channel.

) 22 50 51 500 4500 Showing 2 of 2 <Prev 2 Next> Page: Close Window All contents copyright 1992-2010 Cisco Systems. confidentiality encapsulation encryption integrity 20 Which two UDP ports must be permitted inbound through the Internet-facing interface on a firewall to establish an IPsec tunnel and NAT-T? (Choose two. Inc. Privacy Statement and Trademarks. .