1. A company designs its network so that the PCs in the internal network are assigned IP addresses from DHCP servers, and the packets that are sent to the Internet are translated through a NAT-enabled router. What type of NAT enables the router to populate the translation table from a pool of unique public addresses, as the PCs send packets through the router to the Internet?
- static NAT
- dynamic NAT
- PAT
- ARP
Explanation: ARP is the address resolution protocol and is used to obtain the MAC address of the destination device. Static NAT is a one-to-one mapping between the local and global addresses of a device. PAT, otherwise known as NAT overload, maps multiple private IP addresses to a singular public address or group of addresses. Dynamic NAT uses a pool of public IP addresses and assigns them to requesting devices on a first-come, first-served basis. In the case of dynamic NAT, each device would have a unique public IP address from the pool of public IP addresses as the source IP address in the packets that they send.
2. Which FHRP has routers with the roles of active virtual gateway and active virtual forwarder?
- GLBP
- HSRP
- VRRPv2
- VRRPv3
Explanation: GLBP has active virtual gateway and active virtual forwarder as router roles.
3. When dynamic NAT without overloading is being used, what happens if seven users attempt to access a public server on the Internet when only six addresses are available in the NAT pool?
- No users can access the server.
- The request to the server for the seventh user fails.
- All users can access the server.
- The first user gets disconnected when the seventh user makes the request.
Explanation: If all the addresses in the NAT pool have been used, a device must wait for an available address before it can access the outside network.
4. What is the default GLBP load-balancing mechanism?
- round robin
- weighted
- host-dependent
- fair weighted queue
Explanation: GLBP weighted and host-dependent load-balancing mechanisms are not default and must be specifically configured. Fair weighted queue is a QoS mechanism.
5. A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task?
- Router# show ip nat translations
- Router# show ip nat statistics
- Router# clear ip nat translations
- Router# debug ip nat translations
Explanation: The clear ip nat translations command clears all dynamic address translation entries from the NAT translation table. The debug ip nat command is used to verify the operation of NAT. The show ip nat statistics command displays information about the total number of active translations, NAT configuration parameters, the number of addresses in the pool, and the number that have been allocated. The show ip nat translations command displays the active NAT translations.
6. Which command is used to configure a Cisco router as an authoritative NTP server?
- ntp master 1
- ntp server 172.16.16.100
- ntp broadcast client
- clock set 11:00:00 DEC 20 2020
Explanation: Routers that will serve as NTP masters (servers) must be configured with the ntp master command. A client is configured with the ntp server command so that the client can locate the NTP master. The ntp broadcast client command allows NTP to use broadcast messages. The clock set command is used to set the time on a router or switch.
7. What is a feature of the NTP synchronization process?
- An NTP client can synchronize large time discrepancies to almost perfect accuracy within a few NTP server polling cycles.
- All NTP clients will synchronize to within a fraction of a second accuracy within two polling cycles with the NTP server.
- NTP synchronization requires an NTP client to regularly poll a minimum of two NTP servers.
- The rate at which an NTP client device maintains time does not deviate from device to device.
Explanation: Although an NTP client can synchronize a large time discrepancy to within a couple of seconds of accuracy with a few cycles of polling an NTP server, an accuracy of tens of milliseconds requires hours or days of polling. NTP synchronization requires an NTP client to regularly poll just one NTP server. The rate at which an NTP client device maintains time can deviate from device to device, with this deviation minimized by using NTP to poll an NTP server.
8. From the perspective of managing a network, what are three reasons why it is important that the time be synchronized between network devices? (Choose three.)
- managing passwords that change at specific time intervals
- exchanging encryption keys
- troubleshooting network devices
- enabling dynamic routing protocols to converge
- ensuring that FHRP operates as expected
- optimizing Cisco Express Forwarding
Explanation: It is important that the time be synchronized between network devices to manage passwords that change at specific time intervals, to exchange encryption keys, to check validity of certificates based on expiration date and time, to correlate security-based events across multiple devices, and to troubleshoot network devices effectively. Dynamic routing protocols, FHRP, and CEF do not require time synchronization between network devices.
9. Network resiliency is a key component of a network design. Which two mechanisms will provide redundancy and resiliency for Layer 2 and Layer 3 devices? (Choose two.)
- FHRP
- STP
- HDLC
- DTP
- VPN
Explanation: STP (Spanning Tree Protocol, including RSTP and RSTP+) and FHRP (First Hop Redundancy Protocols such as HSRP, VRRP, and GLBP) prevent switching loops, provide link-specific failover, and provide Layer 3 recovery. HDLC is a WAN technology; DTP is a Layer 2 trunk configuration protocol; and VPNs provide data communications security.
10. If VRRP is operating correctly across two routers and the preferred active router fails, which router takes over as the LAN gateway?
- backup router
- master router
- designated router
- backup designated router
- standby router
- active virtual router
Explanation: The current active VRRP router is the master router with the backup router configured to takeover if the master router fails. HSRP has a standby router and GLBP uses a virtual active router. Designated router and backup designated router are OSPF roles.
11. If an NTP client is configured to communicate with multiple NTP servers, which server is used to synchronize time?
- the NTP server with the lowest stratum
- the NTP server with the highest stratum
- the first NTP server configured on the client
- the NTP server selected by a round robin process
Explanation: The NTP client will use the NTP server with the lowest stratum to synchronize the time.
12. What is the purpose of HSRP?
- It provides a continuous network connection when a router fails.
- It prevents a rogue switch from becoming the STP root.
- It enables an access port to immediately transition to the forwarding state.
- It prevents malicious hosts from connecting to trunk ports.
Explanation: HSRP is a first hop redundancy protocol and allows hosts to use multiple gateways through the use of a single virtual router.
13. What type of NAT performs a many-to-one address mapping between local and global addresses and uses source ports to uniquely identify sessions?
- PAT
- dynamic NAT
- static NAT
- NAT-PT
Explanation: PAT is Port Address Translation and allows multiple addresses to be mapped to one, or to a few addresses, by tracking port numbers used in sessions between internal hosts and the Internet. PAT ensures that devices use a different TCP port number for each session with a server on the Internet.
“Do I Know This Already?” Quiz Answers:
1. NTP uses the concept of ________ to calculate the accuracy of the time source.
- administrative distance
- stratum
- atomic half-life
- deviation time
Explanation: NTP uses the stratum to measure the number of hops a device is from a time source to provide a sense of time accuracy.
2. True or false: An NTP client can be configured with multiple NTP servers and can synchronize its local clock with all the servers.
- True
- False
Explanation: An NTP client can be configured with multiple NTP servers but can synchronize its time with only one active NTP server. Only during failure does the NTP client use a different NTP server.
3. In a resilient network topology, first-hop redundancy protocols (FHRP) overcome the limitations of which of the following? (Choose two.)
- Static default routes
- Link-state routing protocols
- Vector-based routing protocols
- A computer with only one default gateway
Explanation: A first-hop redundancy protocol creates a virtual IP address for a default gateway, and this address can be used by computers or devices that only have a static default route.
4. Which of the following FHRPs are considered Cisco proprietary? (Choose two.)
- VRRP
- HSRP
- GLBP
- ODR
Explanation: HSPR and GLBP are Cisco proprietary FHRPs.
5. Which of the following commands defines the HSRP instance 1 VIP gateway instance 10.1.1.1?
- standby 1 ip 10.1.1.1
- hsrp 1 ip 10.1.1.1
- hsrp 1 vip 10.1.1.1
- hsrp 1 10.1.1.1
Explanation: The HSRP VIP gateway instance is defined with the command standby instance-id ip vip-address.
6. Which of the following FHRPs supports load balancing?
- ODR
- VRRP
- HSRP
- GLBP
Explanation: Gateway Load Balancing Protocol provides load-balancing support to multiple AVFs.
7. Which command displays the translation table on a router?
- show ip translations
- show ip xlate
- show xlate
- show ip nat translations
Explanation: The command show ip nat translations displays the active translation table on a NAT device.
8. A router connects multiple private networks in the 10.0.0.0/8 network range to the Internet. A user’s IP address of 10.1.1.1 is considered the __________ IP address.
- inside local
- inside global
- outside local
- outside global
Explanation: The router would be using a form of inside NAT, and the 10.1.1.1 IP address is the inside local IP address; the IP address that a server on the Internet would use for return traffic is the inside global address.
9. The IP translation table times out and clears dynamic TCP connection entries from the translation table after how long?
- 1 hour
- 4 hours
- 12 hours
- 24 hours
Explanation: The default NAT timeout is 24 hours.