- Home
- Networking
- CCNP Routing 300-101
11.
You want to interconnect two remote sites with a VPN tunnel. The tunnel needs
to support IP unicast, multicast, and broadcast traffic. Additionally, you need to
encrypt traffic being sent over the tunnel. Which of the following VPN solutions
meets the design requirements?
- A.Use a GRE tunnel.
- B.Use an IPsec tunnel.
- C.Use a GRE tunnel inside of an IPsec tunnel.
- D.Use an IPsec tunnel inside of a GRE tunnel.
- Answer & Explanation
- Report
Answer : [C]
Explanation :
Explanation :
|
A GRE tunnel can encapsulate any Layer 3 protocol, including IP unicast, multicast,
and broadcast traffic. However, a GRE tunnel does not offer encryption. An IPsec tunnel does offer encryption, but it can only transmit unicast IP traffic. Therefore, to meet the design requirements in this question, you could encapsulate the IP unicast, multicast, and broadcast traffic inside of a GRE tunnel. Because a GRE packet is a unicast IP packet, you could encapsulate the GRE packets inside of an IPsec tunnel, thus providing the required encryption. |
12.
Identify technologies required for a DMVPN network. (Choose three.)
- A.NHRP
- B.IPsec
- C.MPLS
- D.mGRE
- Answer & Explanation
- Report
Answer : [A][B][D]
Explanation :
Explanation :
| A DMVPN network uses mGRE to dynamically form GRE tunnels between two sites needing a direct tunnel. NHRP is used by mGRE to discover the IP address of the device at the remote side of the tunnel. IPsec is used to secure the GRE packets. However, MPLS is not a requirement. |
13.
Which of the following are characteristics of multipoint GRE? (Choose two.)
- A.mGRE supports a wide variety of protocols.
- B.A single mGRE interface can service multiple tunnels
- C.An mGRE interface is created for each tunnel.
- D.mGRE only transports unicast IP packets.
- Answer & Explanation
- Report
Answer : [A],[B]
Explanation :
Explanation :
| Like traditional GRE, mGRE can transport a wide variety of protocols (for example, IP unicast, multicast, and broadcast traffic). Also, a single mGRE interface can service multiple tunnels. |
14.
Which of the following are true for NHRP? (Choose two.)
- A.The hub router is configured with the IP addresses of the spoke routers.
- B.The spoke routers are configured with the IP address of the hub router
- C.Spoke routers query the hub router asking what tunnel interface IP address corresponds to a known physical interface IP address.
- D.Spoke routers query the hub router asking what physical interface IP address corresponds to a known tunnel interface IP address.
- Answer & Explanation
- Report
Answer : [B][D]
Explanation :
Explanation :
| NHRP (Next Hop Resolution Protocol) spokes are configured with the IP address of an NHRP hub, but the hub is not configured with the IP addresses of the spokes. When the spokes come online, they inform the hub of both the physical IP address (assigned to a physical interface) and the logical IP address (assigned to a virtual tunnel interface) that are going to be used for their tunnels. With the hub’s database populated, a spoke can query the hub to find out the IP address of a physical interface that corresponds to a specific tunnel interface’s IP address. |
15.
Which IPsec feature primarily performs encryption?
- A.Integrity
- B.Confidentiality
- C.Antireplay
- D.Authentication
- Answer & Explanation
- Report
Answer : [B]
Explanation :
Explanation :
| Data confidentiality is provided by encrypting data. Data integrity ensures that data is not modified in transit. Data authentication allows parties involved in a conversation to verify that the other party is the party it claims to be. IPsec uses antireplay protection to ensure that packets being sent are not duplicate packets. |
|
|
||||||||||||||||||||||||||||
