Welcome to download the newest Flydumps C4040-108 VCE dumps: http://www.flydumps.com/C4040-108.html
Important Info: These new valid Cisco 642-832 exam questions were updated in recent days by Flydumps,please visit our website to get the full version of new Cisco 642-832 exam dumps with free version of new VCE Player,you can pass the exam easily by training it!
QUESTION 5
Part of the output from a PassGuide router is shown in the exhibit: On the basis of the output shown on this PassGuide router, which two statements are true? (Select two)
A. The output was generated by the “show ip interface” command.
B. OSPF Version 2 has been enabled to support IPv6
C. This is the designated router (DR) on the FastEthernet 0/0 link.
D. Interface FastEthernet 0/0 was configured with the ipv6 ospf 1 area 1 command.
E. The router was configured with the commands: router ospf 1 network 172.16.6.0 0.0.0.255 area 1
F. The IP address of the backup designated router (BDR) is FE80:205:5FFF:FED3:5808
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
QUESTION 6
PassGuide1 configuration exhibit:
PassGuide2 configuration exhibit:
Study the exhibits shown above carefully. Switch PassGuide1 is not applying VLAN updates from switch PassGuide2. What are three reasons why this is not occurring? (Select three)
A. The VTP domains are different.
B. The passwords do not match.
C. Switch PassGuide2 is in server mode.
D. Switch PassGuide1 is in transparent mode.
E. VTP trap generation is disabled on both switches.
F. The MD5 digests do not match.
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Two PassGuide switches connect multiple VLANs as shown below:
PassGuide2 configuration exhibit:
fastethernet0/1 switchport outputs. Users in VLAN 5 on switch PassGuide1 complain that they do not have connectivity to the users in VLAN 5 on switch PassGuide2. What should be done to fix the problem?
A. Define VLAN 5 in the allowed list for the trunk port on PassGuide2
B. Configure the same number of VLANs on both switches.
C. Disable pruning for all VLANs in both switches.
D. Define VLAN 5 in the allowed list for the trunk port on PassGuide1.
E. Create switch virtual interfaces (SVI) on both switches to route the traffic.
F. None of the other alternatives apply.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 8
PassGuide1 configuration exhibit:
PassGuide3 configuration exhibit: Study the exhibits carefully. Based on the information shown above, which statement is true?
A. The port on switch PassGuide3 is forwarding and receiving BPDUs correctly.
B. The port on switch PassGuide1 is forwarding and sending BPDUs correctly.
C. The port on switch PassGuide1 is blocking and sending BPDUs correctly.
D. The port on switch PassGuide2 is blocking and sending BPDUs correctly.
E. The port on switch PassGuide2 is forwarding and receiving BPDUs correctly.
F. The port on switch PassGuide3 is forwarding, sending, and receiving BPDUs correctly.
G. None of the other alternatives apply.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
The PassGuide switched LAN is shown below:
Study the exhibit above carefully. Switch PassGuide5 is configured as the root switch for VLAN 10 but not for VLAN 20. If the STP configuration is correct, what will be true about Switch PassGuide5?
A. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in standby mode.
B. All ports will be in forwarding mode.
C. All ports in VLAN 10 will be in forwarding mode and all ports in VLAN 20 will be in blocking mode.
D. All ports in VLAN 10 will be in forwarding mode.
E. None of the other alternatives apply.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Refer to the following PassGuide network exhibits:
PassGuide2 configuration exhibit:
Refer to the network topology exhibit and the partial configuration exhibits of switch PassGuide1 and PassGuide2. STP is configured on all switches in the network. PassGuide2 receives this error message on the console port:
00:06:34:
%CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/5
(not half duplex), with PassGuide1 FastEthernet0/4 (half duplex) ,with TBA05071417(Cat6K-B)
0/4 (half duplex).
What would be the possible outcome of the problem shown in this message?
A.
The root port on switch PassGuide2 will fallback to full-duplex mode.
B.
Interface Fa 0/6 on switch PassGuide2 will transition to a forwarding state and create a bridging loop.
C.
The interfaces between switches PassGuide1 and PassGuide2 will transition to a blocking state.
D.
The root port on switch PassGuide1 will automatically transition to full-duplex mode.
E.
None of the other alternatives apply.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Study the exhibit carefully. Based on the output shown above, which statement is true?
A. Switch PassGuide6 has been configured with the “spanning-tree vlan 1 hello-time 2” global configuration command.
B. The root bridge has been configured with the “spanning-tree vlan 1 root secondary” global configuration command.
C. Switch PassGuide6 has been configured with the “spanning-tree vlan 1 priority 24577” global configuration command.
D. Switch PassGuide6 has been configured with the “spanning-tree vlan 1 root primary” global configuration command.
E. Switch PassGuide6 has been configured with the “spanning-tree vlan 1 root secondary” global configuration command.
F. None of the other alternatives apply.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 12
The PassGuide switched LAN is displayed below:
In this network, STP has been implemented. Switch PassGuide1 is the root switch for the default VLAN. To reduce the broadcast domain, the network administrator decides to split users on the network into VLAN 2 and VLAN 10. The administrator issues the command spanning-tree vlan 2 root primary on switch PassGuide1. What will happen as a result of this change?
A. Switch PassGuide1 will change its spanning tree priority to become root for VLAN 2 only.
B. All ports of the root switch PassGuide1 will remain in forwarding mode throughout the reconvergence of the spanning tree domain.
C. No other switch in the network will be able to become root as long as switch PassGuide1 is up and running.
D. Switch PassGuide1 will remain root for the default VLAN and will become root for VLAN 2.
E. None of the other alternatives apply
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Exhibit Assuming that VLAN 1 and VLAN 2 traffic is enabled on the above network, what effect will the following command have when entered on port 0/2 on switch PassGuideA? spanning-tree vlan 1 port-priority 16
A. VLAN 1 traffic will be blocked on Switch PassGuideB port 1/1.
B. VLAN 2 traffic will be blocked on Switch PassGuideB port 1/1.
C. VLAN 2 traffic will be blocked on Switch PassGuideA port 0/2.
D. VLAN 1 and 2 traffic will be blocked on Switch PassGuideA port 0/1.
E. VLAN 1 and 2 traffic will be blocked on Switch PassGuideA port 0/2.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
The PassGuide switched LAN is displayed in the diagram below: Based on the assumption that STP is enabled on all the switch devices, which of the following statements are true? (Choose two)
A. PassGuideS11 will be elected the root bridge.
B. PassGuideS12 will be elected the root bridge.
C. PassGuideA13 will be elected the root bridge.
D. P1/1 will be elected the nondesignated port.
E. P2/1 will be elected the nondesignated port.
F. F3/0 will be elected the nondesignated port.
Correct Answer: AF Section: (none) Explanation
Explanation/Reference:
QUESTION 15
The PassGuide network is displayed in the diagram below: You use the following information for switch PassGuideA: Port Mode Encapsulation Status Native VLAN fa0/1 desirable n-802.1q trunking 5 Port VLANs is allowed on trunk fa0/ 1 1-100, 102-1005 Port VLANs is owned and active in management domain fa0/1 1-6. 8-100, 102-115, 197-999, 1002-1005 Port VLANs in spanning tree forwarding state and not pruned fa0/1 1-6, 8-100, 102-105, 108-999, 1002-1005 PassGuide users in VLAN 107 complain that they are unable to gain access to the resources through the PassGuide1 router. What is the cause of this problem?
A. VLAN 107 is not configured on the trunk.
B. VLAN 107 does not exist on switch PassGuideA.
C. VTP is pruning VLAN 107.
D. Spanning tree is not enabled on VLAN 107.
E. None of the other alternatives apply
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 16
The following output was seen on a PassGuide switch:
Refer to the show interface Gi0/1 switchport command output shown in the exhibit. Based on the information shown above, which two statements are true about this interface? (Select two)
A. This interface is a member of a voice VLAN.
B. This interface is a dot1q trunk passing all configured VLANs.
C. This interface is configured for access mode.
D. This interface is a member of VLAN7.
E. This interface is a member of VLAN1.
Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 17
The “show vlan” command was issued on a PassGuide device as shown below: Study the exhibit carefully. Based upon the output on switch PassGuide1, what can we conclude about interfaces Fa0/13 and Fa0/14?
A. That interfaces Fa0/13 and Fa0/14 have a domain mismatch with another switch
B. That interfaces Fa0/13 and Fa0/14 have a duplex mismatch with another switch
C. That interfaces Fa0/13 and Fa0/14 are trunk interfaces
D. That interfaces Fa0/13 and Fa0/14 are down
E. That interfaces Fa0/13 and Fa0/14 are in VLAN 1
F. None of the other alternatives apply
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Exhibit: You work as a network engineer at PassGuide.com. You study the exhibit carefully. The user who is connected to interface FastEthernet 0/1 on switch PassGuide2 is on VLAN 10 and cannot access network resources. On the basis of the information in the exhibit, which command sequence would correct the problem?
A. PassGuide2(config)# vlan 10PassGuide2(config-vlan)# no shut
B. PassGuide2(config)# interface fastethernet 0/1 PassGuide2(config-if)# switchport mode access PassGuide2(config-if)# switchport access vlan 10
C. PassGuide2(config)# interface fastethernet 0/1 PassGuide2(config-if)# switchport mode access
D. PassGuide2(config)# vlan 10 PassGuide2(config-vlan)# state active
E. PassGuide2(config)# interface fastethernet 0/1 PassGuide2(config-if)# no shut
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 19
A PC host is connected to a switch in the PassGuide network shown below:
Configuration exhibit: Study the exhibits carefully. The “show port-security interface fa0/1” command was issued on switch PassGuide1. Given the output that was generated, which security statement is true?
A. When the number of secure IP addresses reaches 10, the interface will immediately shut down.
B. Interface FastEthernet 0/1 was configured with the switchport port-security aging command.
C. Interface FastEthernet 0/1 was configured with the switchport port-security violation restrict command.
D. When the number of secure MAC addresses reaches 10, the interface will immediately shut down and an SNMP trap notification will be sent.
E. Interface FastEthernet 0/1 was configured with the switchport port-security protect command.
F. None of the other alternatives apply.
Correct Answer: DE Section: (none) Explanation
Explanation/Reference:
QUESTION 20
The following show command was issued on switch PassGuide1:
Based on the output shown, what will happen when one additional user is connected to interface FastEthernet 5/1?
A. The interface will be placed into the error-disabled state immediately, and an SNMP trap notification will be sent.
B. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list.
C. All secure addresses will age out and be removed from the secure address list. This will cause the security violation counter to increment.
D. The first address learned on the port will be removed from the secure address list and be replaced with the new address.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 21
The following show command was issued on switch PassGuide1:
Based on the output shown, what will happen when one additional user is connected to interface FastEthernet 5/1?
A. The interface will be placed into the error-disabled state immediately, and an SNMP trap notification will be sent.
B. The packets with the new source addresses will be dropped until a sufficient number of secure MAC addresses are removed from the secure address list.
C. All secure addresses will age out and be removed from the secure address list. This will cause the security violation counter to increment.
D. The first address learned on the port will be removed from the secure address list and be replaced with the new address.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 22
Exhibit: You issue the “show ip dhcp snooping” command on PassGuide3 as shown in the exhibit. What type of attack is being defended against?
A. Snooping attack
B. Rogue device attack
C. STP attack
D. VLAN attack
E. Spoofing attack
F. MAC flooding attack
G. None of the other alternatives apply
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 23
The following “show” command was issued on PassGuide1:
Study the exhibit carefully. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?
A. The traffic will be dropped.
B. The traffic will be forwarded to the router processor for further processing.
C. The traffic will be forwarded without further processing.
D. The traffic will be forwarded to the TCAM for further processing.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 24
Exhibit:
You work as a network technician at PassGuide.com. Please study the exhibit carefully. In this PassGuide wireless network, the LAP (lightweight access point) attempts to register to a WLC (Wireless LAN Controller). What kind of message is transmitted?
A. The lightweight access point will send Layer 2 and Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages at the same time.
B. The lightweight access point will send Layer 3 Lightweight Access Point (LWAPP) mode discovery request messages only.
C. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages. If the attempt fails, the LAP will try Layer 3 LWAPP WLC discovery.
D. The lightweight access point will send Layer 2 Lightweight Access Point (LWAPP) mode discovery request messages only.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 25
Network topology exhibit:
In this WLAN segment, what are three requirements for configuring these PassGuide Aironet
access points (APs) that will allow for all wireless clients to work without service interruption
while roaming from access point to access point? (Select three)
All access points should be configured….
A. …with a unique IP subnet range.
B. … with identical SSIDs.
C. …within the same IP subnet.
D. …with the same guest mode SSID.
E. …only with the native VLAN.
F. …with the native VLAN.
Correct Answer: BCE Section: (none) Explanation
Explanation/Reference:
QUESTION 26
An IP phone connects a PassGuide user to a switch as shown below:
Based on the diagram shown above, which statement is true about the voice traffic coming to the switch access port that is connected to the IP phone?
A. A PC connected to a switch port via an IP phone is unaware of the presence of the phone.
B. The traffic on the voice VLAN must be tagged with 802.1p encapsulation in order to coexist on the same LAN segment with a PC.
C. To improve the quality of the voice traffic, no other devices should be attached to the IP phone.
D. The voice VLAN must be configured as a native VLAN on the switch.
E. A PC connected to a switch port via an IP phone must support a trunking encapsulation.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 27
An IP phone connects a PassGuide user to the network as shown below: Exhibit:
You work as a network engineer at PassGuide.com. You study the exhibit carefully. A workstation PC is connected to the Cisco IP phone access port. Based on the configuration in the exhibit above, how will the traffic be managed?
A. The IP phone access port will override the priority of the frames received from the PC.
B. The IP phone access port will trust the priority of the frames received from the PC.
C. The switch port Fa0/4 will override the priority of the frames received from the PC.
D. The switch port Fa0/4 will trust the priority for the frames received from the PC.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Network topology exhibit:
You work as a network administrator at PassGuide.com. You study the exhibit carefully. Which Catalyst switch interface command would be used on PassGuide3 to cause it to instruct the phone to override the incoming CoS from PC PassGuideA before forwarding the packet to the switch?
A. mls qos cos 2
B. switchport priority extend cos 2
C. mls qos cos override
D. switchport priority extend cos 11
E. switchport priority extend trust
F. None of the other alternatives apply.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Study the exhibits shown above carefully. Based on the information provided, why does the trust state of interface FastEthernet 0/3 show “not trusted”?
A. DSCP map needs to be configured for VOIP.
B. ToS has been misconfigured.
C. The command mls qos needs to be turned on in global configuration mode.
D. ToS has not been configured.
E. There is not a Cisco Phone attached to the interface.
F. None of the other alternatives apply.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 30
Study the PassGuide exhibits shown above. Host PassGuideA and Host PassGuideB are connected to the Catalyst 3550 switch and have been assigned to their respective VLANs. The rest of the 3550 configuration is the default configuration. Host PassGuideA is able to ping its default gateway, 10.10.10.1, but is unable to ping Host PassGuideB. Given the output displayed in the exhibit, which statement is true?
A. A separate router is required to support interVLAN routing.
B. VTP must be configured to support interVLAN routing.
C. The global configuration command “ip routing” must be configured on the PassGuideSwitch switch.
D. HSRP must be configured on PassGuideSwitch.
E. VLANs 10 and 15 must be created in the VLAN database mode.
F. Interface VLAN 10 must be configured on the PassGuideSwitch switch.
G. None of the other alternatives apply
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 31
Network topology exhibit:
Study the exhibits above carefully. VLAN2, VLAN3, and VLAN10 are configured on the switch PassGuideV. Host computers are on VLAN 2 (10.1.2.0), servers are on VLAN 3 (10.1.3.0), and the management VLAN is on VLAN10 (10.1.10.0). Hosts are able to ping each other but are unable to reach the servers. Based on the information above, which configuration solution could rectify the problem?
A. Assign an IP address of 10.1.3.1/24 to VLAN3.
B. Configure default gateways to IP address 10.1.2.1 on each host.
C. Enable IP routing on the switch PassGuideV.
D. Configure a default route that points toward network 200.1.1.0/24.
E. Configure default gateways to IP address 200.1.1.2 on each host.
F. Configure default gateways to IP address 10.1.10.1 on each host.
G. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 32
The PassGuide network is displayed in the following network topology exhibit: Router configuration exhibit:
Based on the network diagram and routing table output in the exhibit, which of these statements is true?
A. Although interVLAN routing is not enabled, both workstations will have connectivity to each other.
B. Although interVLAN routing is enabled, the workstations will not have connectivity to each other.
C. InterVLAN routing has been configured properly, and the workstations have connectivity to each other.
D. InterVLAN routing will not occur since no routing protocol has been configured.
E. None of the other alternatives apply.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 33
The PassGuide lab network is shown in the diagram below:
Configuration exhibit PassGuide1:
Configuration exhibit PassGuide2:
Study the exhibits carefully. Both host stations are part of the same subnet but are in different
VLANs.
On the basis of the information presented in the exhibit, which statement is true about an
attempt to ping from host to host?
A. The ping command will be successful without any further configuration changes.
B. A trunk port will need to be configured on the link between PassGuide1 and PassGuide2 for the ping command to be successful.
C. A Layer 3 device is needed for the ping command to be successful.
D. The two different hosts will need to be in the same VLAN in order for the ping command to be successful.
E. None of the other alternatives apply.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 34
You as a network engineer for PassGuide.com. You study the exhibit carefully. Based upon
the configuration, you need to understand why the policy routing match counts are not
increasing. Which would be the first logical step to take?
Exhibit:
A. Remove any two of the set clauses. (Multiple set clause entries will cause PBR to use the routing table.)
B. Check the routing table for 212.50.185.126.
C. Check the access list for log hits.
D. Confirm if there are other problematic route-map statements that precede divert.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Exhibit:
You work as a network administrator at PassGuide.com. You study the exhibit carefully. What is the function of this configuration?
A. mitigates the risk of rogue devices gaining unauthorized access to the network
B. sets the port state to authorized
C. sets the maximum number of retries to supplicant for EAP-request frames of types other than EAPRequest/ Identify
D. sets the port state to unauthorized
E. configures a guest VLAN on this interface
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 36
Exhibit: You issue the “show ip dhcp snooping” command on PassGuide3 as shown in the exhibit. What type of attack is being defended against?
A. Snooping attack
B. Rogue device attack
C. STP attack
D. VLAN attack
E. Spoofing attack
F. MAC flooding attack
G. None of the other alternatives apply
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 37
Exhibit #2:
Part of the topology of a new PassGuide office is shown in the exhibits. Based on the
information provided, pick the two correct statements. (Select two)
Note: the IP address of the DHCP server is 10.1.1.1.
A. DHCPDISCOVER packets will reach the DHCP server.
B. This configuration is applied to interface Fa0/1.
C. DHCPDISCOVER packets will not reach the DHCP server because ports 67 and 68 have not been explicitly allowed by the ip forward-protocol.
D. This configuration is applied to interface Fa0/0.
E. DHCPDICOVER packets will not reach the DHCP server because the DHCPDISCOVER packets are broadcasts.
F. PassGuide2 will not forward DHCPDISCOVER packets because is has not been configured to do so.
Correct Answer: AD Section: (none) Explanation
Explanation/Reference:
QUESTION 38
PG1# show run interface Loopback0 ip address 10.10.10.1 255.255.255.0 ! interface Ethernet0 ip address 172.29.1.1 255.255.255.0 media-type 10BaseT ! ! router eigrp 999 redistribute connected network 172.29.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless no ip http server PG2# show run interface Ethernet0 ip address 172.29.1.2 255.255.255.0 media-type 10BaseT ! interface Ethernet1 ip address 172.19.2.2 255.255.255.0 media-type 10BaseT ! router eigrp 999 network 172.19.0.0 network 172.29.0.0 ! ip classless no ip http server PG3# show run interface Ethernet1/0 ip address 172.19.2.3 255.255.255.0 ! router eigrp 999 network 172.19.0.0 auto-summary no eigrp log-neighbor-changes ! ip classless ip http server
A. It will show up in the routing table as D 10.0.0/8.
B. It will show up in the routing table as D EX 10.0.0.0/8.
C. It will show up in the routing table as D 10.0.0./24.
D. It will not show up in PG3 routing table because there is no network command on PG1.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 39
Given the above output shown above, which statement is true?
A. 192.168.1.0 is a redistributed route into EIGRP.
B. 192.168.1.0 is a summarized route.
C. 192.168.1.0 is a static route.
D. 192.168.1.0 is equal path load balancing with 172.16.1.0.
E. None of the other alternatives apply
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 40
A network administrator is troubleshooting an EIGRP connection between router PassGuide1 with IP address 10.1.2.1 and PassGuide2 with IP address 10.1.2.2. Given the debug output on PassGuide1 shown below, which two statements are true? (Select 2)
A. PassGuide1 received a hello packet with mismatched hello timers.
B. PassGuide1 will form an adjacency with PassGuide2.
C. PassGuide1 received a hello packet with mismatched metric-calculation mechanisms.
D. PassGuide1 received a hello packet with mismatched autonomous system numbers.
E. PassGuide1 received a hello packet with mismatched authentication parameters.
F. PassGuide1 will not form an adjacency with PassGuide2.
Correct Answer: CF Section: (none) Explanation
Explanation/Reference: Exam F
QUESTION 1 You are a network support specialist for NetworkTut, an IT training firm. They have just installed a new router (R1) into their network. The router was successfully installed and is passing traffic. However, your manager is concerned about security and has tasked you with implementing access security for the new router R1. The portion of NetworkTut’s security policy related to router access states: # The default user access authentication scheme requires that the user be authenticated using the router’s local database. # User console access should be authenticated using the default authentication scheme. # User aux port access should be authenticated using the default authentication scheme. # User vty access should be protected via a password that is validated using only the corporate Tacacs server. For this router installation: # The corporate Tacacs server has an IP address of 10.6.6.254 and uses a shared key of Trai ning. # The enable password for R1 is New1 You have successfully completed your task when you have verified that you can login into: # R1’s console using the local user’s ID of Net1 with a password of Sel # R2’s console using the username of Net2 with a password of Loc and establish a SSH session from R2 to R1 using the test Tacacs user’s ID of cisco with a password ofcisco123
A.
R1>enable password: New1 R1#configure terminal R1(config)#aaa new-model (enable the AAA security services) R1(config)#tacacs-server host 10.6.6.254 key Training (notice that the key is case sensitive) The default user access authentication scheme requires that the user be authenticated using the router’s local database R1(config)#aaa authentication login default local (verify login authentication using the local user database. The “aaa authentication login” specifies the authentication will take place at login. Because we used the list “default”, login authentication is automatically applied for all login connections, such as tty, vty, console and aux). Define the MY_VTY_LIST (or another name) group to use the corporate Tacacs server for the authentication R1(config)#aaa authentication login MY_VTY_LIST group tacacs+ Configure user console access using the default authentication scheme R1(config)#line console 0 R1(config-line)#login authentication default R1(config-line)#exit Configure user aux port access using the default authentication scheme R1(config)#line aux 0 R1(config-line)#login authentication default R1(config-line)#exit Configure vty access using TACACS server by applying MY_VTY_LIST to the vty lines R1(config)#line vty 0 15 R1(config-line)#login authentication MY_VTY_LIST R1(config-line)#end R1#copy running-config startup-config Logout R1 to test the console password of R1 R1#exit Press RETURN to get started. (Press Enter here) Username: Net1 Password: Sel R1> (Now you see you are in User Mode, that means you configured the console password correctly! If you wish to continue entering privileged EXEC mode again, use the password New1). Login to R1 using SSH from R2 R2>enable username: Net2 password: Loc R2#ssh 10.2.1.1 (10.2.1.1 is the IP address of R1 shown in the picture) You will be asked for the user ID(cisco) and password (cisco123).
B.
C.
D.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Question:252 ISCW – PPPoE Lab Sim NetworkTut is a small export company .This firm has an existing enterprise network that is made up exclusively of routers that are using EIGRP as the IGP. Its network is up and operating normally. As part of its network expansion, NetworkTut has decided to connect to the internet by a broadband cable ISP. Your task is to enable this connection by use of the information below.
Connection Encapsulation: PPP Connection Type: PPPoE client Connection Authentication: None Connection MTU: 1492 bytes Address: Dynamically assigned by the ISP Outbound Interface: E0/0 You will know that the connection has been successfully enabled when you can ping the simulated Internet address of 172.16.1.1 Note: Routing to the ISP: Manually configured default route
A. Enter the outbound e0/0 interface to enable PPPoE and bind the dialer profile 1 to this interface: R3(config)#interface e0/0 R3(config-if)#pppoe enable R3(config-if)#pppoe-client dial-pool-number 1 (interface E0/0 is bound to the logical dialer 1 interface) R3(config-if)#no shutdown R3(config-if)#exit Create and configure the dialer interface of the router R3 for PPPoE with a maximum transmission unit (MTU) size of 1492 bytes and a negotiated IP address (dynamically assigned) R3(config)#interface dialer 1 (define a dialer rotary group and enters interface configuration mode) R3(config-if)#ip address negotiated R3(config-if)#ip mtu 1492 R3(config-if)#encapsulation ppp R3(config-if)#dialer pool 1 R3(config-if)#exit The “ip address negotiated” command instructs the client to use an IP address provided by the PPPoE server (using DHCP).
The “dialer pool 1” command associates the dialer back to the “pppoe-client dial-pool-number 1” on the Ethernet interface. Notice that the pool numbers must match on the Ethernet interface and the dialer interface for the configuration to operate. Manually configured a default route on router R3 R3(config)#ip route 0.0.0.0 0.0.0.0 dialer 1 R3(config)#exit Try pinging the simulated Internet address R3#ping 172.16.1.1 The ping should work well and you will receive replies from the simulated Internet address. Save the configuration R3#copy running-config startup-config
B.
C.
D.
Correct Answer: A Section: (none) Explanation
Explanation/Reference: Exam G
QUESTION 1 drop and drag cisco ios command to interface dialer 0
Select and Place:
Correct Answer: Section: (none) Explanation
Explanation/Reference:
The dialer interface indicates how to handle traffic from the clients. For example, default routing information, the encapsulation protocol, the dialer pool to use. Notice that we have to use the “ip nat outside”, not “ip nat inside” because the dialer 0 interface is the logical interface connecting to the Internet.
QUESTION 2
Drag and drop the Cisco IOS commands that would be used to configure the physical interface portion of a PPPoE client configuration.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
This portion of the configuration enables the PPPoE functionality on the interface as well as assigning it to a dialer pool. This configuration element is required when using PPPoE over an Ethernet interface. Interface Ethernet 0/1 is bound to the logical dialer interface and an ATM permanent virtual circuit (PVC) is automatically provisioned across it.
QUESTION 3 Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
1) The VPN routers are contained in the IPv4 routing tables of the PE routers 2) RT are attributes attached to VPNv4 BGP routes to indicate their VPN memberships 3) RD are attributes attached to VPNv4 BGP routes to allow overlapping VPN address spaces
QUESTION 4
Drag the IPsec protocol description from the above to the correct protocol type on the below (Not all descriptions will be used)
Select and Place: Correct Answer:
Section: (none) Explanation
Explanation/Reference:
1) AH: Provides a framework for authenticating and securing data.
2) ESP: Provides a framework for encrypting, authenticating and securing data.
3) IKE: Provides a framework for the negotiation on security parameters and establishes
authenticated keys.
QUESTION 5
Drag and drop each management protocol on the above to the correct category on the below
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Secure: 1) SSH 2) SSL 3) IPSec 4) SNMPv3 Unsecure: 1) NTP 2) Telnet 3) Syslog 4) SNMPv2
QUESTION 6
Drag and drop each function on the above to the hybrid fiber-coaxial architecture component that it describes on the below.
Select and Place:
Correct Answer:
Section: (none) Explanation Explanation/Reference:
QUESTION 7
Drag the DSL local loop topic on the left to the correct descriptions on the right.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
1) wire gauge 2) signal attenuation 3) crosstalk 4) bridge tap 5) load coil
QUESTION 8
Drag the IOS commands from the left that would be used to implement a GRE tunnel using the 10.1.0/30 network on interface serial 0/0 to the correct target area on the right.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Global-level commands: 1) interface tunnel 0 Interface-level commands: 1) ip address 10.1.1.1 255.255.255.252 2) tunnel source serial 0/0 3) tunnel destination 10.1.1.2 4) tunnel mode gre ip
QUESTION 9
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Drag each element of the Cisco ICS Firewall Feature Set from the above and drop onto its description on the below.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference: QUESTION 11
The upper gives the MPLS functions, the bottom describes the planes. Drag the above items to the proper location at the below.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
Control Plane: Exchange routing updates between neighboring devices Exchanges labels between peer devices Compiles a list of all labels advertised and received Data Plane: Performs label swapping Performs packet forwarding Builds a mapping of destination networks to active labels
QUESTION 12
Drag each type of attack on the left to the description on the left.
Select and Place:
Correct Answer:
Section: (none) Explanation
Explanation/Reference:
1) Trojan horse: Programs that appear desirable but actually contain something harmful. 2) Virus: Malicious software attached to other programs and which execute a particular unwanted function on a user workstation. 3) Port redirection: Compromised system that is used as a jump-off point for attacks against other targets. 4) Worm: Executes arbitrary code and installs copies of itself in the memory of the Infected computer
Exam H QUESTION 1
Study the exhibit carefully.
Routers A and B are customer routers. Routers 1, 2, 3 and 4 are provider routers. The routers are operating with various IOS versions. Which frame mode MPLS configuration statement is true?
A. Before MPLS is enabled, the ip cef command is only requited on routers 1 and 4.
B. After MPLS is enabled, the ip cef command is only required on routers 1 and 4.
C. Before MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4.
D. After MPLS is enabled, the ip cef command is only required on the Ethernet 0 interfaces of routers 1 and 4.
E. Before MPLS is enabled, the ip cef command must be applied to all provider routers.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
CEF is the fundamental requirement of the MPLS architecture and must be enabled globally on all routers that want to use MPLS.
QUESTION 2
A new router was configured with the following commands:
The configuration above was found on an Internet Service Provider’s (ISP) Multiprotocol Label Switching (MPLS) network. What is its purpose?
A. To prevent customers from running TDP with the ISP routers
B. To prevent customers from running LDP with the ISP routers
C. To prevent other ISPs from running LDP with the ISP routers
D. To prevent man-in-the-middle attacks
E. To use CBAC to shut down Distributed Denial of Service attacks
F. To use IPS to protect against session-replay attacks
G. None of the above
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
The 711 port is used for Tag Distribution Protocol (TDP) and the administrator usually wants to block this type of traffic between the ISP and customer routers due to security reason. By doing this, the TDP neighbor session between the customer and ISP routers will not be formed.
QUESTION 3
IPSec VPN is a widely-acknowledged solution for enterprise network. Which three IPsec VPN statements are true? (Choose three)
A. IKE keepalives are unidirectional and sent every ten seconds
B. IPsec uses the Encapsulating Security Protocol (ESP) or the Authentication Header (AH) protocol for exchanging keys.
C. To establish IKE SA, main mode utilizes six packets while aggressive mode utilizes only three packets.
D. IKE uses the Diffie-Hellman algorithm to generate symmetrical keys to be used by IPsec peers.
Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 4
IPSec VPN is a widely-acknowledged solution for enterprise network. What are the four steps to setup an IPsec VPN?
A. Step 1: Interesting traffic initiates the IPsec process. Step 2: ESP authenticates IPsec peers and negotiates IKE SAs. Step 3: ESP negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
B. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 3: IKE authenticates IPsec peers and negotiates IKE SAs. Step 4: Data is securely transferred between IPsec peers.
C. Step 1: Interesting traffic initiates the IPsec process. Step 2: IKE authenticates IPsec peers and negotiates IKE SAs. Step 3: IKE negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
D. Step 1: Interesting traffic initiates the IPsec process. Step 2: AH authenticates IPsec peers and negotiates IKE SAs. Step 3: AH negotiates IPsec SA settings and sets up matching IPsec SAs in the peers. Step 4: Data is securely transferred between IPsec peers.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which statement correctly describes IPsec VPN backup technology?
A. The cypto isakmp keepalive command is used to configure the Stateful Switchover (SSO) protocol.
B. Reverse Route Injection (RRI) is configured on at the remote site to inject the central site networks
C. Each Hot Standby Routing Protocol (HSRP) standby group has two well-known MAC addresses and a virtual IP address.
D. The cypto isakmp keepalive command is used to configure stateless failover
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 6
A. A good security practice is to have the none parameter configured as the final method used to ensure that no other authentication method will be used.
B. If a TACACS+ server is not available, then a user connecting via the console port would not be able to gain access since no other authentication method has been defined.
C. If a TACACS+ server is not available, then the user Bob could be able to enter privileged mode as long as the proper enable password is entered.
D. The aaa new-model command forces the router to override every other authentication method previously configured for the router lines.
E. To increase security, group radius should be used instead of group tacacs+.
F. Two authentication options are prescribed by the displayed aaa authentication command
Correct Answer: DF Section: (none) Explanation
Explanation/Reference:
The aaa new-model command will override previously configured authentication method -> D is correct. Two authentication options are prescribed by the above command. They are tacacs+ and none
QUESTION 7
In computer security, AAA stands for authentication, authorization and accounting. Which option about the AAA authentication enable default group radius enable command is correct?
A. If the radius server returns an error, the enable password will be used.
B. If the radius server returns a ‘failed’ message, the enable password will be used.
C. The command login authentication group will associate the AM authentication to a specified interface.
D. If the group database is unavailable, the radius server will be used.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 8
As a network engineer, do you know for what purpose SDM uses Security Device Event Exchange (SDEE)?
A. to provide a keepalive mechanism
B. to pull event logs from the router
C. to extract relevant SNMP information
D. to perform application-level accounting
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 9
As a network technician, do you know what is a recommended practice for secure configuration management?
A. Disable post scan
B. Use SSH or SSL
C. Enable trust levels
D. Deny echo replies on all edge routers
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Network Topology Exhibit:
Configuration Exhibit: NET(config)# access-list 112 deny icmp any any echo log NET(config)# access-list 112 deny imp any any redirect log NET(config)# access-list 112 deny icmp any any mask-request log NET(config)# access-list 112 permit icmp any 10.1.1.0 0.0.0.255 NET(config)# interface Fa0/1 NET(config-if)# ip access-group 112 in You work as a network administrator at networkTut.com, study the exhibit carefully. The configuration has been applied to router NET to mitigate the threat of certain types of ICMPbased attacks while allowing some ICMP traffic to the corporate LAN to work. However, the configuration is incorrect. On the basis of the information in the exhibit, which configuration option would correctly configure router NET?
A. The first three statements of ACL 112 should have permitted the ICMP traffic and the last statement should deny the identified traffic.
B. The last statement of ACL 112 should have been “access-list 112 deny icmp any 10.2.1.0 0.0.0.255”.
C. The last statement of ACL 112 should have been “access-list 112 permit icmp any 10.2.1.0 0.0.0.255”.
D. ACL 112 should have been applied to interface Fa0/0 in an inbound direction.
E. The last statement of ACL 112 should have been “access-list 112 deny icmp any 10.1.1.0 0.0.0.255”.
F. ACL 112 should have been applied to interface Fa0/1 in an outbound direction
G. None of the above.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
The network 10.2.1.0 is the internal LAN network. If the last statement is “access-list 112 permit icmp any 10.1.1.0 0.0.0.255”, it will allow ICMP traffic sent from the Internet to work and thus makes the router vulnerable to ICMP-based attacks
QUESTION 11
Given the above configuration, which statement is true?
A. This device is configured as a PPPoE client
B. This device is configured as a PPPoA client
C. This device is configured as RFC 1483/2684 bridge
D. This device is configured an an aggregation router
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Notice that the command “encapsulation aaa15mux ppp dialer” is configured under interface ATM0/0. This configuration is used for PPPoA client.
QUESTION 12
Which two statements are true about the Cisco Classic (CBAC) IOS Firewall set? (Choose two)
A. It can be used to block bulk encryption attacks.
B. It can be used to protect against denial of service attacks
C. Traffic originating from the router is considered trusted, so it is not inspected.
D. Based upon the custom firewall rules, an ACL entry is statically created and added to the existing ACL permanently.
E. Temporary ACL entries that allow selected traffic to pass are created and persist for the duration of the communication session.
Correct Answer: BE Section: (none)
Explanation Explanation/Reference:
QUESTION 13
Study this exhibit carefully. What information can be derived from the SDM firewall configuration
A. Access-list 101 was configured for the trusted interface, and access-list 100 was configured for the untrusted interface
B. Access-list 100 was configured for the trusted interface, and access-list 101 was configured for the untrusted interface.
C. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the trusted interface.
D. Access-list 100 was configured for the inbound direction, and access-list 101 was configured for the outbound direction on the untrusted interface.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
The last line of access-list 100 is used to “permit” all the traffic so it is the inside (trusted) interface. The last line of access-list 101 is used to “deny” all traffic so it is the outside (untrusted) interface.
QUESTION 14
Which three statements accurately describe IOS Firewall configurations ? (Choose three)
A. The IP inspection rule can be applied in the inbound direction on the secured interface.
B. The IP inspection rule can be applied in the outbound direction on the unsecured interface.
C. The ACL applied in the inbound direction on the unsecured interface should be an extended ACL.
D. For temporary openings to be created dynamically by Cisco IOS Firewall, the access-list for the returning traffic must be a standard ACL.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: Exam I
QUESTION 1
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which statement is true?
A. Both FastEthernet 0/0 and Serial 0/0/0 are trusted interface.
B. Both FastEthernet 0/0 and Serial 0/0/0 are untrusted interfaces.
C. FastEthernet 0/0 is a trusted interface and Serial 0/0/0 is an untrusted interface
D. FastEthernet 0/0 is an untrusted interface and Serial 0/0/0 is a trusted interface.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
The trusted interface is the inside interface and the untrusted interface is the outside interface. Moreover, from the above picture we see that the “Originating traffic” starts from FastEthernet0/0 to Serial0/0/0. So Fa0/0 is the inside interface and S0/0/0 is the outside interface
QUESTION 2
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been tasked with documenting the active Firewall configurations on the Annapolis router using the Cisco Router and Security Device Manager (SDM) utility. Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the following questions:
Which two statements would specify a permissible incoming TCP packet on a trusted interface in this configuration? (Choose two)
A. The packet has a source address of 10.79.233.107
B. The packet has a source address of 172.16.81.108
C. The packet has a source address of 198.133.219.40
D. The destination address is not specified within the inspection rule SDM_LOW.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
The “incoming TCP packet on a trusted packet” refers to the packet originates from the inside (trusted) interface.
The configured access list denies packets in the 172.16.81.108/30 subnetwork so it will only drop packets that have a source address of 172.16.81.108 while allow other packets to go through (except 255.255.255.255 and 127.0.0.0/8)
QUESTION 3
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDM, click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDM, you can return to your questions by clicking on the Questions button to the left.
Off Shore Industries is a large worldwide sailing charter. The company has recently upgraded its Internet connectivity. As a recent addition to the network engineering team, you have been
tasked with documenting the active Firewall configurations on the Annapolis router using the
Cisco Router and Security Device Manager (SDM) utility.
Using the SDM output from Firewall and ACL Tasks under the Configure tab, answer the
following questions:
Which two options would be correct for a permissible incoming TCP packet on an untrusted interface in this configuration? (Choose two)
A. The packet has a source address of 172.16.29.12
B. The packet has a source address of 10.94.61.29
C. The session originated from a trusted interface
D. The application is not specified within the inspection rule SDM_LOW
E. The packet has a source address of 198.133.219.144
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
The “incoming TCP packet on an untrusted interface” refers to the traffic sent from the outside to the outer interface of the router.
(Notice: In the real exam, there may be more filter rules than the ones shown above)
The access list denies traffic from 172.16.29.12/30 and 10.0.0.0/8 networks so A and B are not
correct. D is obviously incorrect because the SDM_LOW did specify the filter rule.
The access list 101 only filter packets from “returning traffic” and it does not proceed traffic
originated from a trusted (inside) interface so C is correct.
E is correct because the IP address of 198.133.219.144 is not in the “deny” lists so it satisfies
the “permit any” line.
QUESTION 4
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.
Which IPSec rule is used for the Olympia branch and what does it define? (Choose two)
A. 102
B. 116
C. 127
D. IP traffic sourced from 10.10.10.0/24 destined to 10.5.15.0/24 will use the VPN
E. IP traffic sourced from 10.10.10.0/24 destined to 10.8.28.0/24 will use the VPN.
F. IP traffic sourced from 10.10.10.0/24 destined to 10.5.33.0/24 will use the VPN.
Correct Answer: BE Section: (none) Explanation
From the output above, we learn that the IPSec Rule is 116. Next click on “IPSec Rules” and select the Name/Number of 116 to view the rule applied to it. You will see a “permit” rule for traffic from 10.10.10.0/24 to 10.8.28.0/24 (notice that the picture shown the wildcard masks, which are inverse subnet masks)
QUESTION 5
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.
Which algorithm as defined by the transform set is used for providing data confidentiality when connected to Tyre?
A. ESP-3DES-SHA B. ESP-3DES-SHA1
C. ESP-3DES-SHA2
D. ESP-3DES
E. ESP-SHA-HMAC
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
In the site-to-site VPN branch we see something like this
so the answer should be ESP-3DES-SHA2 or ESP-3DES? To answer this question, we should review the concept: “Data confidentiality is the use of encryption to scramble data as it travels across an insecure media”. Data confidentiality therefore means encryption. “The transform set is a group of attributes that are exchanged together, which eliminates the need to coordinate and negotiate individual parameters”. In the picture above, we can see 3 parts of the transform-set ESP-3DES-SHA2: IPsec protocol: ESP IPsec encryption type: 3DES IPsec authentication: SHA2 The question wants to ask which algorithm is used for providing data confidentiality (encryption), therefore the answer should be D – ESP-3DES.
QUESTION 6
This item contains several questions that you must answer. You can view these questions by clicking on the Questions button to the left. Changing questions can be accomplished by clicking the numbers to the left of each question. In order to complete the questions, you will need to refer to the SDM and the topology, neither of which is currently visible. To gain access to either the topology or the SDK click on the button to left side of the screen that corresponds to the section you wish to access. When you have finished viewing the topology the SDK you can return to your questions by clicking on the Questions button to the left.
Which peer authentication method and which IPSEC mode is used to connect to the branch locations? (Choose two)
A. Digital Certificate
B. Pre-Shared Key
C. Transport Mode
D. Tunnel Mode
E. GRE/IPSEC Transport Mode
F. GRE/IPSEC Tunnel Mode
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 7
You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the “tunnel destination” must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the
other router.
Below are the questions of this lab-sim.
For the following statements, what is preventing a successful ping between the HQ router and the 192.168.1.10 interface on the Branch3 router?
A. The default route is missing from the Branch3 router.
B. The tunnel interface numbers for the tunnel between the HQ router and the Branch3 router do not match C. The tunnel source is incorrect on the Branch3 router. It should be serial 2/0.
D. The IP address on the tunnel interface for the Branch3 router has wrong IP mask. It should be 255.255.255.252
E. The network statement under router EIGRP on the Branch3 router is incorrect. It should be network 192.168.2.0.0.0.0.255.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
The Branch3 router is missing the default route to HQ router’s interface (Serial2/0) so the ping command will not work.
QUESTION 8
You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary
The picture below shows how to configure a GRE Tunnel between two routers, notice that the “tunnel destination” must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the
other router.
Below are the questions of this lab-sim.
What is preventing the HQ router and the Branch1 router from building up an EIGRP neighbor relationship?
A. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
B. The tunnel destination address is incorrect on the HQ router. It should be 10.2.1.1 to match the interface address of the Branch1 router.
C. The tunnel source is incorrect on the Branch1 router. It should be serial 2/0.
D. The default route is missing from the Branch1 router.
E. The tunnel interface numbers for the tunnel between the HQ router and Branch1 router do not match.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
Use the show running-config command on HQ and Branch1 routers and we will see the tunnel destination address was wrongly configured on HQ router.
QUESTION 9
You are working as a network technician, study the exhibit carefully. Your boss has informed you that there have been problems with the WAN that is using EIGRP routing protocol. You are required to troubleshoot these problems. Before going to the questions of this sim, we should have a quick review about GRE tunneling: GRE Quick Summary The picture below shows how to configure a GRE Tunnel between two routers, notice that the “tunnel destination” must be the IP address of the interface, not of the opposite tunnel.
Notice: The tunnel source on one router must be specified as the tunnel destination on the
other router.
Below are the questions of this lab-sim.
What is preventing the 192.168.1.150 network from appearing in the HQ router’s routing table?
A. The default route is missing from the Branch4 router.
B. The IP address on the E0/0 interface for the Branch4 router has the wrong IP mask. It should be 255.255.255.252.
C. The network statement under router EIGRP on the Branch4 router is incorrect. It should be network 192.168.1.0 0.0.0.255.
D. When running EIGRP over GRE tunnels, you must manually configure the neighbor address using the eigrp neighbor ipaddress command.
E. The IP address on the tunnel interface on P4S-Branch4 is incorrect. It should be
192.168.1.12 255.255.255.252.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
As you can guess, you will need to use the show running-config command on Branch4 router
From the show running-config output of Branch4, we learn that the EIGRP network was wrongly configured on this router. By configuring “network 192.168.1.14 0.0.0.0” the Branch4 will only advertise host 192.168.1.14 to HQ so HQ router will not know about the existence of
192.168.1.150 network.
Get yourself composed for Microsoft actual exam and upgrade your skills with Flydumps Cisco 642-832 practice test products. Once you have practiced through our assessment material, familiarity on Cisco 642-832 exam domains get a significant boost. Flydumps practice tests enable you to raise your performance level and assure the guaranteed success for Cisco 642-832 exam.
Flydumps C4040-108 dumps with PDF + Premium VCE + VCE Simulator: http://www.flydumps.com/C4040-108.html