Q1. Which three statements about implementing a NAT application layer gateway in a network are true? (Choose three.)
A. It allows client applications to use dynamic ports to communicate with a server regardless of whether NAT is being used.
B. It maintains granular security over application-specific data.
C. It allows synchronization between multiple streams of data between two hosts.
D. Application layer gateway is used only in VoIP/SIP deployments.
E. Client applications require additional configuration to use an application layer gateway.
F. An application layer gateway inspects only the first 64 bytes of a packet before forwarding it through the network.
Answer: A,B,C
Explanation:
An application-level gateway (ALG), also known as an application-layer gateway, is an application that translates the IP address information inside the payload of an application packet. An ALG is used to interpret the application-layer protocol and perform firewall and Network Address Translation (NAT) actions. These actions can be one or more of the following depending on your configuration of the firewall and NAT:
. Allow client applications to use dynamic TCP or UDP ports to communicate with the server application.
. Recognize application-specific commands and offer granular security control over them.
. Synchronize multiple streams or sessions of data between two hosts that are exchanging data.
. Translate the network-layer address information that is available in the application payload
Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/xe-3s/asr1000/nat-xe-3s-asr1k-book/fw-msrpc-supp.html
Q2. A company has just opened two remote branch offices that need to be connected to the corporate network. Which interface configuration output can be applied to the corporate router to allow communication to the remote sites?
A. interface Tunnel0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel source Serial0/0
tunnel mode gre multipoint
B. interface fa0/0
bandwidth 1536
ip address 209.165.200.230 255.255.255.224
tunnel mode gre multipoint
C. interface Tunnel0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 209.165.201.1
tunnel-mode dynamic
D. interface fa 0/0
bandwidth 1536
ip address 209.165.200.231 255.255.255.224
tunnel source 192.168.161.2
tunnel destination 209.165.201.1
tunnel-mode dynamic
Answer: A
Q3. Which two statements are true about AAA? (Choose two.)
A. AAA can use RADIUS, TACACS+, or Windows AD to authenticate users.
B. If RADIUS is the only method configured in AAA, and the server becomes unreachable,
the user will be able to log in to the router using a local username and password.
C. If the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
D. AAA can be used to authenticate the enable password with a AAA server.
Answer: C,D
Explanation:
AAA can be used to authenticate user login and the enable passwords.
Example 1: Same Exec Authentication Methods for All Users
Once authenticated with:
aaa authentication login default group radius local
All users who want to log in to the access server have to be authorized using Radius (first method) or local database (second method).
We configure:
aaa authorization exec default group radius local
Note. On the AAA server, Service-Type=1 (login) must be selected.
Note. With this example, if the local keyword is not included and the AAA server does not respond, then authorization will never be possible and the connection will fail.
Reference: http://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html
Q4. Which three responses can a remote RADIUS server return to a client? (Choose three.)
A. Reject-Challenge
B. Access-Reject
C. Accept-Confirmed
D. Access-Accept
E. Access-Challenge
F. Reject-Access
Answer: B,D,E
Q5. Which authentication types does OSPF support?
A. null and clear text
B. MD5 only
C. MD5 and clear text
D. null, clear text, and MD5
E. clear text only
Answer: D
Q6. Which two metrics are measured with active probes when PfR voice traffic optimization is in use? (Choose two.)
A. MOS
B. cost
C. jitter
D. bandwidth
Answer: A,C
Q7. Refer to the exhibit.
Which log levels are enabled for the console?
A. informational only
B. informational and debugging
C. informational, debugging, notifications, warnings, errors, critical, alerts, and emergencies
D. informational, notifications, warnings, errors, critical, alerts, and emergencies
Answer: D
Q8. How does EIGRP derive the metric for manual summary routes?
A. It uses the best composite metric of any component route in the topology table.
B. It uses the worst composite metric of any component route in the topology table.
C. It uses the best metric vectors of all component routes in the topology table.
D. It uses the worst metric vectors of all component routes in the topology table.
Answer: A
Explanation:
For example if your router has a routing table like this:
D 192.168.8.0/24 [90/2632528] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.9.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.10.0/24 [90/2195456] via 192.168.0.1, 00:00:12, Serial0/0
D 192.168.11.0/24 [90/2323456] via 192.168.0.1, 00:00:12, Serial0/0
Now suppose you want to manually summarize all the routes above, you can use this command (on the router that advertised these routes to our router):
Router(config-if)#ip summary-address eigrp 1 192.168.8.0 255.255.248.0
After that the routing table of your router will look like this:
D 192.168.8.0/21 [90/2195456] via 192.168.0.1, 00:01:42, Serial0/0
And we can see the manual summary route takes the smallest metric of the specific routes.
Q9. Which type of EIGRP routes are summarized by the auto-summary command?
A. internal routes that are learned from a peer that is outside the range of local network statements
B. external routes that are learned from a peer that is inside the range of local network statements
C. locally created routes that are outside the range of local network statements
D. external routes that are learned from a peer that is outside the range of local network statements
Answer: B
Explanation:
Auto-Summarization of External Routes
EIGRP will not auto-summarize external routes unless there is a component of the same major network that is an internal route. To illustrate, let us look at Figure 15.
Router Three is injecting external routes to 192.1.2.0/26 and 192.1.2.64/26 into EIGRP using the redistribute connected command, as shown in the configurations below.
Router Three
interface Ethernet0
ip address 192.1.2.1 255.255.255.192
!
interface Ethernet1
ip address 192.1.2.65 255.255.255.192
!
interface Ethernet2
ip address 10.1.2.1 255.255.255.0
!router eigrp 2000
redistribute connected
network 10.0.0.0
default-metric 10000 1 255 1 1500
With this configuration on Router Three, the routing table on Router One shows:
one# show ip route
10.0.0.0/8 is subnetted, 2 subnets
D 10.1.2.0 [90/11023872] via 10.1.50.2, 00:02:03, Serial0
C 10.1.50.0 is directly connected, Serial0
192.1.2.0/26 is subnetted, 1 subnets
D EX 192.1.2.0 [170/11049472] via 10.1.50.2, 00:00:53, Serial0
D EX 192.1.2.64 [170/11049472] via 10.1.50.2, 00:00:53, Serial0
Although auto-summary normally causes Router Three to summarize the 192.1.2.0/26 and 192.1.2.64/26 routes into one major net destination (192.1.2.0/24), it does not do this because both routes are external. However, if you reconfigure the link between Routers Two and Three to 192.1.2.128/26, and add network statements for this network on Routers Two and Three, the 192.1.2.0/24 auto-summary is then generated on Router Two.
Router Three
interface Ethernet0
ip address 192.1.2.1 255.255.255.192
!
interface Ethernet1
ip address 192.1.2.65 255.255.255.192
!
interface Serial0
ip address 192.1.2.130 255.255.255.192
!
router eigrp 2000 network 192.1.2.0
Now Router Two generates the summary for 192.1.2.0/24:
two# show ip route
D 192.1.2.0/24 is a summary, 00:06:48, Null0
And Router One shows only the summary routE.
one# show ip route
10.0.0.0/8 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Serial0
D 192.1.2.0/24 [90/11023872] via 10.1.50.2, 00:00:36, Serial0
Reference: http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/16406-eigrp-toc.html
Q10. Which two statements about route summarization are true? (Choose two.)
A. RIP, IGRP, and EIGRP can automatically summarize routing information at network address boundaries.
B. EIGRP can automatically summarize external routes.
C. The area range command can aggregate addresses on the ASBR.
D. The summary-address command under the router process configures manual summarization on RIPv2 devices.
E. The ip classless command enables classful protocols to select a default route to an unknown subnet on a network with other known subnets.
Answer: A,E