Feedback
Home
You may like this!
76.
A colleague mentions using a client VPN. Which of the following protocols or technologies would you expect your colleague to have used?
  • A.
    SSL
  • B.
    IPsec
  • C.
    GRE
  • D.
    DMVPN
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
The term client VPN typically refers to a VPN for which one endpoint is a user device, such as a phone, tablet, or PC. In those cases, SSL is the more likely protocol to use. SSL is included in browsers, and is commonly used to connect securely to websites. GRE along with IPsec is more likely to be used to create a site-to-site VPN connection. Similarly, Dynamic Multipoint VPN (DMVPN) could also use IPsec, but in a multipoint topology, and not specifically for client devices.
Report
Name Email  
77.
An engineer configures a point-to-point GRE tunnel between two Cisco routers, called A and B. The routers use public IP addresses assigned by ISPs, and private addresses from network 10.0.0.0. Which of the following answers accurately describes where the addresses could be referenced in the GRE configuration?
  • A.
    Router A's private address on an ip address command on Router A’s tunnel interface
  • B.
    Router A's private address on a tunnel destination command on Router B
  • C.
    Router B's public address on a tunnel source command on Router A
  • D.
    Router B's public address on an ip address command on Router B’s tunnel interface
  • Answer & Explanation
  • Report
Answer : [A]
Explanation :
GRE tunnels that use private IP addresses on the tunnel and then use the Internet between the two routers need to configure references to both the private and public IP addresses. First, each router’s tunnel interface has an ip address command that refers to the local router’s private IP address. Additionally, each router configures a tunnel destination and tunnel source that refer to the public IP address of the other router (tunnel destination) and the local router (tunnel source).
Two answers refer to Router A’s private address. Per the first paragraph of this explanation, that address would be configured on a tunnel interface with an ip address command, on Router A, making one of those two answers correct. Private addresses would not be configured as the tunnel source or destination, making the other answer that mentions Router A’s private address incorrect.
Two answers refer to Router B’s public address. Per the first paragraph of this explanation, that address would only be configured as a tunnel source or tunnel destination, and not with the ip address command. That fact makes one of the answers incorrect.
Next, Router B’s public IP address would be listed as the tunnel source on Router B, and the tunnel destination on Router A. The final (incorrect) answer suggests that Router B’s public address would be configured as the tunnel source, but on Router A, which would be an incorrect setting.
Report
Name Email  
78.
An enterprise uses a site-to-site GRE tunnel that runs over the Internet between two routers (R1 and R2). R1 uses tunnel interface 22. The tunnel has a source of 1.1.1.1 and a destination of 2.2.2.2. All the answers list facts that could be true, but which of the following must be true when Router R1’s tunnel 22 is in an up/up state?
  • A.
    2.2.2.2 is pingable from Router R1.
  • B.
    1.1.1.1 is pingable from Router R2.
  • C.
    R1 has a working (up/up) interface with address 1.1.1.1.
  • D.
    R2 has a working (up/up) interface with address 2.2.2.2.
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
To justify the correct answer: R1’s source address for the tunnel must be an address on R1, on an interface in an up/up state, or the tunnel will fail to an up/down state.
For the two answers that mention ping, GRE tunnels do local checks to determine the interface status, but they do not check connectivity with pings. So, a tunnel interface can reach an up/up state even though a ping to the destination of the tunnel would currently fail. (The router must have a route for forwarding packets to the destination; just no guarantee that the packet would arrive.) In this case, R1 would have a route that matches destination 2.2.2.2, R2 would have a route that matches 1.1.1.1, and the tunnel interface could be up/up even though a ping would currently fail for other reasons. Finally, for the tunnel to work correctly, and forward traffic, R2 would need a working interface with address 2.2.2.2. However, R1’s tunnel interface state is independent from whether R2’s interfaces are currently up or down.
Report
Name Email  
79.
An enterprise has 1000 small retail locations and a central site. The enterprise uses Internet access links to each retail store and DMVPN to securely create a VPN back to the central site. Which of the following answers is true about the operation and configuration of DMVPN?
  • A.
    The hub router needs at least 1000 tunnel interfaces.
  • B.
    The hub router needs less than 10 tunnel interfaces.
  • C.
    All packets between retail stores must route through the central hub site.
  • D.
    Packets cannot be forwarded from one retail store to another.
  • Answer & Explanation
  • Report
Answer : [B]
Explanation :
DMVPN uses multipoint GRE tunnels, which means the hub router requires only a single tunnel interface. DMVPN allows designs for which the packets going from one spoke site to another route through the hub site, but it also allows for spoke-to-spoke traffic. In any case, packet forwarding between all the sites is allowed.
Report
Name Email  
80.
An enterprise uses Cisco IOS routers and DSL connections to local ISPs for their retail locations. The ISPs require the use of PPPoE. The routers at each retail site use dynamically learned public IP addresses as learned from the ISPs. Each router uses its F0/0 interface to connect to an external DSL modem, which then connects to a phone line. Which of the following is the most likely choice for configuring the router to use the IP address as assigned by the ISP?
  • A.
    Interface F0/0 has an ip address dhcp interface subcommand.
  • B.
    Some dialer interface has an ip address dhcp interface subcommand.
  • C.
    Some dialer interface has an ip address negotiated interface subcommand.
  • D.
    Interface F0/0 has an ip address negotiated interface subcommand.
  • Answer & Explanation
  • Report
Answer : [C]
Explanation :
With PPPoE, the physical interface disables Layer 3 processing with the no ip address command. A dialer interface is used as the Layer 3 interface. For address assignment, the ISP typically uses PPP’s IP Control Protocol (IPCP) to assign the address to the customer router; to enable that function on the customer router, use the ip address negotiated command. Note that the ip address dhcp command is a valid command if using DHCP to assign the IP address to the router.
Report
Name Email  
 
  © 2024 infibee.com. All Rights Reserved.   Copyright | Privacy Policy | Sitemap  
Contact us on : info@infibee.com  
 
 
Share   Facebook   Twitter   Google +   Digg