Which two statements about provider-managed VPNs are true? (Choose two.)
Provider-managed VPNs are used when remote sites connect over internet.
Provider-managed Layer 2 MPLS VPNs do not isolate customers’ traffic.
Provider-managed VPNs use IPsec to isolate customers’ traffic.
Provider-managed Layer 3 MPLS VPNs make the provider’s network appear as a router for each connected customer.
Provider-managed Layer 2 MPLS VPNs make remote customer sites appear as directly connected.
Provider-managed Layer 3 MPLS VPNs make the provider’s network appear as a router for each connected customer.
Provider-managed Layer 2 MPLS VPNs make remote customer sites appear as directly connected.
Which wired broadband internet access technology option uses twisted-pair telephone lines for transport?
DOCSIS
LTE
FTTx
ADSL
ADSL
Which two options are site-to-site VPN options? (Choose two.)
Frame Relay
DSL
DMVPN
ATM
IPsec
DMVPN and IPsec
Which optical technology provides highest data rates?
SONET
FTTx
DWDM
SDH
DWDM
Which three options are classified as internet-based WAN connectivity options? (Choose three.)
MPLS
Metro Ethernet
xDSL
cable
T1/E1
cellular 4G
xDSL, cable, and cellular 4G
Which statement about site-to-site VPN deployment mode is true?
End devices that source messages are aware that VPN exists between them and the remote location.
In cryptographic VPN site-to-site deployment, the end device encrypts the content to be sent over the VPN.
Hub-and-spoke is the only VPN topology that can be implemented to interconnect more than two remote locations.
In a site-to-site VPN, a tunnel is built between VPN gateways present at each of the sites.
In a site-to-site VPN, a tunnel is built between VPN gateways present at each of the sites.
A NAT-enabled router is configured to perform inside PAT. The IPv4 packet arrives at the outside interface of the router, as a response to the client in the inside network. Provided that inside PAT is correctly configured, which fields in the received IPv4 packets must match to which NAT mapping element, for the packet to be forwarded to the inside host?
Destination IPv4 address and destination port number must match outside global address and port in the mapping table.
Source IPv4 address and source port number must match inside global address and port number in the mapping table.
Source IPv4 address and source port number must match inside local address and port number in the mapping table.
Destination IPv4 address and destination port number must match inside global address and port in the mapping table.
Destination IPv4 address and destination port number must match inside global address and port in the mapping table.
What is the purpose of entering the ip nat inside source static tcp 192.168.10.2 80 209.165.200.223 8080 command at the global configuration prompt?
It identifies the inside NAT interface on the router.
It prevents the router from establishing a connection with any device that does not have the specified address and port number.
It binds the inside local address and local port to the specified inside global address and global port.
It enables a one-to-one translation between different internal port numbers.
It binds the inside local address and local port to the specified inside global address and global port.
One of the drawbacks of NAT is that it might disrupt services that require the initiation of TCP connections from the outside network or disrupt stateless protocols, such as those using UDP. Why is NAT disruptive in these two cases?
Inbound (outside to inside connections) depend on the presence of NAT mapping to be forwarded to the receiving host inside the network. NAT mappings can time out and, therefore, prevent the device from translating the incoming packets, which end up discarded.
TCP connections require three-way handshake to be completed. NAT allows initial TCP segment, which has flags SYN and ACK set to pass only from the inside to the outside and not from the outside to the inside.
NAT does not translate packets for protocols that do not establish connections and do not maintain the state of the connections.
For applications that use UDP, NAT always translates both IPv4 address and port number. Since UDP applications can use whatever port number, it is impossible to make mappings for all; therefore, NAT translations will not happen and UDP segments get discarded.
Inbound (outside to inside connections) depend on the presence of NAT mapping to be forwarded to the receiving host inside the network. NAT mappings can time out and, therefore, prevent the device from translating the incoming packets, which end up discarded.
Which two statements correctly describe port forwarding? (Choose two.)
Port forwarding is defined as a static mapping.
Port forwarding enables devices in the private network to reach critical services in external networks.
Port forwarding enables local resource in private network to be available to external networks.
Port forwarding changes only port numbers and is a mechanism that forces applications to use arbitrarily chosen port numbers.
Port forwarding is dynamic translation mechanism that enables multiple hosts from external networks to access the same resource in the private network.
Port forwarding statically defines multiple ports and the number of ports determines how many connections can be established to the same resource in the private network.
Port forwarding is defined as a static mapping.
Port forwarding enables local resources in the private network to be available to external networks.
To configure NAT, one of the commands the administrator used was ip nat pool NAT-POOL 209.165.201.5 209.165.201.10 netmask 255.255.255.240. Assume that outside routers do not have a default route configured. Which two networks could be present in the routing tables of outside routers so that the two-way reachability exists between inside and outside hosts? (Choose two.)
route to 209.165.201.4/28 network
route to 209.165.201.0/28 network
route to 209.165.201.0/24 network
route to 172.16.1.0/24 network
route to 172.16.0.0/16 network
route to 209.165.201.1/32 network
route to 209.165.201.0/28 network and route to 172.16.0.0/16 network
Which QoS tools analyze the traffic and decide which category the packet belongs in?
link-specific tools
policing and shaping tools
congestion management and scheduling tools
classification and marking tools
classification and marking tools
How many bits constitute the DSCP field of the IP header?
3 bits
4 bits
6 bits
8 bits
6 bits
Which option is a Layer 2 QoS marking?
CoS
DSCP
EXP
QoS group
CoS
Which type of traffic is smooth and predictable?
voice
video
data
management
Voice
Imagine that you are the sole network engineer for your company. Suddenly, your users complain that the network is very slow. After further enquiry you found out that there are several users that consume a lot of bandwidth by using torrent/peer-to-peer applications. What are the two use cases that you could use QoS to solve this problem? (Choose two.)
The offending traffic can be throttled to minimal bandwidth.
The offending traffic can be given a higher priority.
All traffic could be treated as equal.
The offending traffic can be dropped.
The business important traffic can be given a lower priority.
The offending traffic can be throttled to minimal bandwidth and The offending traffic can be dropped
Services are provided to which entities in the DiffServ model?
frames
packets
applications
classes of traffic
classes of traffic
Which of the basic ISP connectivity types provides the highest redundancy?
single-homed
dual-homed
multihomed
dual-multihomed
multihomed
Which two statement about VPNs are true? (Choose two.)
VPNs do not necessarily implement cryptographic functions.
VPNs can only be established by the use of specialized hardware.
VPNs can be built using the technology used within the service provider WAN.
VPNs are secure because they are established over separate physical connections.
VPNs are only built over internet.
VPNs can be built using the technology used within the service provider WAN and VPNs do not necessarily implement cryptographic functions
Match each WAN device to its function.
converts digital signals for sending over analog circuits
used in LANs to provide ports that interface to WANs
part of the service provider network and used in “building” a WAN
provides a digital interface for DTE to connect to digital WAN circuits
Options: modem, router, core router and CSU?DSU
Converts digital signals for sending over analog circuits → modem
Used in LANs to provide ports that interface to WANs → router
Part of the service provider network and used in “building” a WAN → core router
Provides a digital interface for DTE to connect to digital WAN circuits → CSU/DSU
A network administrator configures the border router with the command ip nat inside source list 14 pool accounting. Which ACL is required to be configured in order for this command to function?
An access list named accounting that defines the starting and ending public IPv4 addresses.
An access list named accounting that defines the private addresses that are translated by NAT.
An access list that is numbered 14 that defines the starting and ending public IPv4 addresses.
An access list that is numbered 14 that defines the private addresses that are translated by NAT.
An access list that is numbered 14 that defines the private addresses that are translated by NAT.
Which three options are advantages of NAT? (Choose three.)
provides consistency for internal network addressing schemes
affects End-to-end functionality
disrupts End-to-end IPv4 traceability
makes tunneling more complicated
increases the flexibility of connections to the public network
conserves public addresses
disrupts TCP connections initiated from the outside
Provides consistency for internal network addressing schemes, Increases the flexibility of connections to the public network and Conserves public addresses
Where within an enterprise network should classification and marking and policing be performed?
core layer
in end hosts
access layer
distribution layer
access layer
