Check answers here:
Chapters 15 – 16: IP Services and VPNs Exam Answers
Quiz-summary
0 of 36 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
Information
CCNP ENCOR v8 Chapters 15 – 16: IP Services and VPNs Test Online
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 36 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Average score |
|
Your score |
|
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- Answered
- Review
-
Question 1 of 36
1. Question
1 pointsRefer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?Correct
Incorrect
Hint
The output shows that there are two inside global addresses that are the same but that have different port numbers. The only time port numbers are displayed is when PAT is being used. The same output would be indicative of PAT that uses an address pool. PAT with an address pool is appropriate when more than 4,000 simultaneous translations are needed by the company. -
Question 2 of 36
2. Question
1 pointsMatch the steps with the actions that are involved when an internal host with IP address 192.168.10.10 attempts to send a packet to an external server at the IP address 209.165.200.254 across a router R1 that is running dynamic NAT. (Not all options are used.)Correct
Incorrect
Hint
The translation of the IP addresses from 209.65.200.254 to 192.168.10.10 will take place when the reply comes back from the server. -
Question 3 of 36
3. Question
1 pointsRefer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?Correct
Incorrect
Hint
In order for NAT translations to work properly, both an inside and outside interface must be configured for NAT translation on the router. -
Question 4 of 36
4. Question
1 pointsRefer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1?Correct
Incorrect
Hint
The NAT configuration on R1 is static NAT which translates a single inside IP address, 192.168.0.10 into a single public IP address, 209.165.200.255. If more hosts need translation, then a NAT pool of inside global address or overloading should be configured. -
Question 5 of 36
5. Question
1 pointsWhat is a potential disadvantage when implementing HSRP as compared to GLBP?Correct
Incorrect
Hint
HSRP is a first-hop redundancy protocol that can utilize a group of routers, where a single router is acting as the default gateway and all other HSRP routers will maintain a backup status. GLBP supports load balancing, where multiple active routers can share the traffic load at a single time. Both HSRP and GLBP are Cisco proprietary. HSRP provides default gateway failover when pre-set conditions are met or when the active router fails, and HSRP can support IPv6 addressing. -
Question 6 of 36
6. Question
1 pointsWhat are three advantages of using private IP addresses and NAT? (Choose three.)Correct
Incorrect
Hint
Private IP addresses are designed to be exclusively used for internal networks and they cannot be used on the Internet. Thus they are not visible directly from the Internet and they can be used freely by network administrators for internal networks. In order for the internal hosts to access the Internet, NAT is used to translate between private and public IP addresses. NAT takes an internal private IP address and translates it to a global public IP address before the packet is forwarded. -
Question 7 of 36
7. Question
1 pointsA network engineer wants to synchronize the time of a router with an NTP server at the IPv4 address 209.165.200.225. The exit interface of the router is configured with an IPv4 address of 192.168.212.11. Which global configuration command should be used to configure the NTP server as the time source for this router?Correct
Incorrect
Hint
The global configuration command ntp server server ip-address will set the server at that address as the time source for the router. The ntp peer command which enables a router to both update the time of another similarly configured router, and also synchronize with that router if necessary, is not appropriate in this case. -
Question 8 of 36
8. Question
1 pointsWhich router command is required to configure VRRP to support IPv6?Correct
Incorrect
Hint
VRRPv3 supports IPv4 and IPv6 and is configured globally using the fhrp version vrrp v3 command before the vrrp instance-id address-family ipv6 interface configuration command is applied. standby 6 ipv6 autoconfig and standby 1 ipv6 FE80::1:1 are HSRP commands. -
Question 9 of 36
9. Question
1 pointsA networking engineer is configuring an NTP client to have access to multiple NTP servers but wants one server to have priority over the others. Which command will achieve this?Correct
Incorrect
Hint
The ntp server 2001:DB8:0:0:800:200C:417A version 4 command configures the NTP client to synchronize with the NTP server at the specified IPv6 address but does not give it priority over other available servers. The command ntp max-associations number sets the maximum number of NTP peer-and-client associations that the router will serve. The command ntp master 1 sets the router to be a stratum level 1 NTP server. -
Question 10 of 36
10. Question
1 pointsWhat is a feature or purpose of NTP peers?Correct
Incorrect
Hint
An NTP peer that is configured with an authoritative time source treats its peer as an equal and adjusts its clock to synchronize with that peer. -
Question 11 of 36
11. Question
1 pointsWhich two NTP details are displayed by issuing the show ntp associations command on a switch configured to use NTP? (Choose two.)Correct
Incorrect
Hint
NTP uptime, "Clock is synchronized" statement, and the reference time are displayed by the show ntp status command. -
Question 12 of 36
12. Question
1 pointsRefer to the exhibit. A network administrator has configured R2 for PAT. Why is the configuration incorrect?Correct
Incorrect
Hint
In the exhibit, NAT-POOL 2 is bound to ACL 100, but it should be bound to the configured ACL 1. This will cause PAT to fail. 100, but it should be bound to the configured ACL 1. This will cause PAT to fail. -
Question 13 of 36
13. Question
1 pointsRefer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?Correct
Incorrect
Hint
Because the packet is between RT2 and the web server, the source IP address is the inside global address of PC, 209.165.200.245. -
Question 14 of 36
14. Question
1 pointsA network administrator would like to ensure that router R1 is always elected the active router for an HSRP group. Which set of commands would ensure the required results?Correct
Incorrect
Hint
In order to configure HSRP, the standby command is used. The IP address given with the standby command is the virtual IP address used by hosts as a default gateway. A priority number of 255 is the highest that can be assigned and should be configured on the router that is to be the active router. -
Question 15 of 36
15. Question
1 pointsRefer to the exhibit. What two statements describe the NTP status of the router? (Choose two.)Correct
Incorrect
Hint
The show ntp status command displays information about how NTP is operating on the device. The output shows that the router clock is synchronized with the NTP server with the address of 192.168.1.1. NTP is hierarchical. The router is a stratum 3 device, therefore it's time source is a stratum 2 device. Authoritative time sources in the NTP system are located at stratum 0. -
Question 16 of 36
16. Question
1 pointsRefer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)Correct
Incorrect
Hint
The show ip nat statistics , show ip nat translations , and debug ip nat commands are useful in determining if NAT is working and and also useful in troubleshooting problems that are associated with NAT. NAT is working, as shown by the hits and misses count. Because there are four misses, a problem might be evident. The standard access list numbered 1 is being used and the translation pool is named NAT as evidenced by the last line of the output. Both static NAT and NAT overload are used as seen in the Total translations line. -
Question 17 of 36
17. Question
1 pointsRefer to the exhibit. What statement is true about the output of the show standby command?Correct
Incorrect
Hint
The output shows that the active router is local and indicates that this router is the active router and is currently forwarding packets. -
Question 18 of 36
18. Question
1 pointsMatch the step number to the sequence of stages that occur during the HSRP failover process. (Not all options are used.)Correct
Incorrect
Hint
Hot Standby Router Protocol (HSRP) is a Cisco-proprietary protocol that is designed to allow for transparent failover of a first-hop IPv4 device. -
Question 19 of 36
19. Question
1 pointsRefer to the exhibit. An organization has two remote sites which are connected by a GRE tunnel through an ISP cloud network. The organization has two routers (CPE1 and CPE2) at each of the remote sites which connect to the ISP routers, SP1 and SP2. Which two nodes are the GRE tunnel endpoints to connect the two remote sites? (Choose two.)Correct
Incorrect
Hint
The GRE tunnel is a private tunnel set up by the organization to connect the two remote sites across the ISP network. The organization would need to configure the two routers at the remote sites, CPE1 and CPE2, to the tunnel endpoints of the tunnel. -
Question 20 of 36
20. Question
1 pointsWhich protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?Correct
Incorrect
Hint
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that encapsulates multiprotocol traffic between remote Cisco routers. GRE does not encrypt data. OSPF is a open source routing protocol. IPsec is a suite of protocols that allow for the exchange of information that can be encrypted and verified. Internet Key Exchange (IKE) is a key management standard used with IPsec. -
Question 21 of 36
21. Question
1 pointsHow many bytes of overhead are added to each IP packet while it is transported through a GRE tunnel?Correct
Incorrect
Hint
A packet that is sent over a GRE tunnel is encapsulated with a GRE header and the tunneling IP header, which combined add an additional 24 bytes to the original packet. -
Question 22 of 36
22. Question
1 pointsRefer to the exhibit. Which IP address is configured on the physical interface of the CORP router?Correct
Incorrect
Hint
The tunnel source and tunnel destination addresses reference the IP addresses of the physical interfaces on the local and remote routers respectively. -
Question 23 of 36
23. Question
1 pointsWhat is an IPsec protocol that provides data confidentiality and authentication for IP packets?Correct
Incorrect
Hint
AH (Authentication Header) does not provide confidentiality for IP packets but rather provides data authentication and integrity.ESP ( Encapsulating Security Payload) does provide confidentiality and authentication by encrypting the IP packet. RSA is a cryptosystem used in IKE (Internet Key Exchange) . -
Question 24 of 36
24. Question
1 pointsWhat two encryption algorithms are used in IPsec VPNs? (Choose two.)Correct
Incorrect
Hint
Advanced Encryption Algorithm (AES) and Triple DES (3DES) are encryption algorithms used for IPsec. DIffie-Hellman (DH), Pre-shared Keys (PSK), and Internet Key Exchange (IKE) are all encryption key mechanisms. -
Question 25 of 36
25. Question
1 pointsWhich two identification methods are used by LISP instead of traditional IP addresses? (Choose two.)Correct
Incorrect
Hint
As part of the routing architecture, LISP separates IP addresses into endpoint identifiers (EIDs) and routing locators (RLOCs) so that endpoints can roam from site to site and only the RLOC changes. The EID stays the same. -
Question 26 of 36
26. Question
1 pointsWhich LISP header is used to provide a secure boundary between multiple organizations?Correct
Incorrect
Hint
The 24-bit Instance ID field is a value used to provide device- and path-level network virtualization to prevent IP address duplication within a LISP site or provide a secure boundary between multiple organizations. -
Question 27 of 36
27. Question
1 pointsHow is routing handled within a LISP site?Correct
Incorrect
Hint
With any one particular LISP site, the process of routing packets between devices at that site is handled by any interior routing protocol such as RIP, OSPF, or EIGRP. -
Question 28 of 36
28. Question
1 pointsWhat is the purpose of a VNI when a company is using VXLANs?Correct
Incorrect
Hint
A 24-bit VXLAN network identifier (VNI) allows up to 16 million VXLAN segments, also known as overlay networks, to coexist within the same infrastructure. -
Question 29 of 36
29. Question
1 pointsWhat is the purpose of VTEPs when using VXLANs?Correct
Incorrect
Hint
Virtual tunnel endpoints (VTEPs) originate or terminate VXLAN tunnels and map Layer 2 and Layer 3 packets to the VNI to be used in the overlay network. -
Question 30 of 36
30. Question
1 pointsWhat are three characteristics of the generic routing encapsulation (GRE) protocol? (Choose three.)Correct
Incorrect
Hint
GRE was developed by Cisco and encapsulates a wide variety of protocol packet types inside IP tunnels. GRE is stateless and does not include any flow control mechanisms by default. GRE is defined in an IETF standard. GRE does not include any strong security mechanisms to protect the traffic that crosses the site-to-site VPN. GRE supports routing protocols by using multicast traffic as a carrier protocol. GRE headers and the tunneling IP header create additional overhead for tunneled packets. GRE provides encapsulation for multiple protocol types inside an IP tunnel. -
Question 31 of 36
31. Question
1 pointsBy the use of sequence numbers, which function of the IPsec security services prevents spoofing by verifying that each packet is non-duplicated and unique?Correct
Incorrect
Hint
Anti-replay protection is the ability to detect and reject replayed packets. By comparing sequence numbers, it helps prevent spoofing by verifying that each packet is unique and not duplicated. Authentication verifies the identity of the source of the data that is sent. Confidentiality is the process of taking all the data that one computer is sending to another and encoding it into a form that only the other computer will be able to decode. Data integrity is achieved by IPsec because the receiver can verify that the data was transmitted through the Internet without being changed or altered in any way. -
Question 32 of 36
32. Question
1 pointsMatch the LISP term to the definition. (Not all options are used.)Correct
Incorrect
-
Question 33 of 36
33. Question
1 pointsWhat is the purpose of a proxy ETR used with LISP?Correct
Incorrect
Hint
A proxy egress tunnel router (PETR) is a router that connects to a non-LISP site such as to the Internet or a data center when a LISP site needs to communicate to a non-LISP site. -
Question 34 of 36
34. Question
1 pointsWhich algorithm is considered insecure for use in IPsec encryption?Correct
Incorrect
Hint
Both DES and 3DES are considered to be too insecure to be used in IPsec encryption. AES is the recommended encryption algorithm. SHA-1 is a hashing algorithm and RSA is used during the initial key exchange. -
Question 35 of 36
35. Question
1 pointsRefer to the exhibit. What algorithm is being used to provide public key exchange?Correct
Incorrect
Hint
The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method and allows two IPsec peers to establish a shared secret key over an insecure channel. -
Question 36 of 36
36. Question
1 pointsWhat is the first step in establishing an IPsec VPN?Correct
Incorrect
Hint
Before an IPsec tunnel can be configured, interesting traffic must be detected. Interesting traffic is defined by an access list permit statement. Once interesting traffic is detected, by matching the access list, IKE phase 1 negotiations can begin that will establish the tunnel.