1

What is a limitation of IPsec by design? IPsec only forwards unicast traffic. IPsec does not support encryption for traffic over a GRE tunnel. IPsec forwards unicast and multicast traffic, but not broadcast traffic. IPsec tunneling does not support the encapsulation of R ! "#"$ addresses.
2

Refer to the e%hibit. & networ' administrator has configured a GRE tunnel between R" and R( as shown. &fter completing the tunnel configurations, the administrator notices that the tunnel interfaces on both routers are down. &ll other interfaces are up and the pings through the I)P to the serial interface of each router are successful. What is the cause of the problem? *unnel source configurations are incorrect. *unnel destination configurations are incorrect. *he +*, si-e has not been increased to ".#(. GRE IP encapsulation has not been configured.

Which is a clientless /P0 solution for mobile wor'ers? IPsec GRE ))1 ))2
4

Refer to the e%hibit. & networ' administrator is tuning IPsec to encapsulate the GRE tunnel between R" and R(. &ssuming all other IPsec configurations are correct, which two crypto map access lists will complete this tas'? 3!hoose two.4 R"3config5e%t5nacl46 permit gre host 172.16.248.1 host 172.16.248.2 R"3config5e%t5nacl46 permit gre host 209.165.202.129 host 64.100.32.1 R"3config5e%t5nacl46 permit gre host 64.100.32.1 host 209.165.202.129 R(3config5e%t5nacl46 permit gre host 172.16.248.2 host 172.16.248.1 R(3config5e%t5nacl46 permit gre host 209.165.202.129 host 64.100.32.1 R(3config5e%t5nacl46 permit gre host 64.100.32.1 host 209.165.202.129

What are three characteristics of broadband access? 3!hoose three.4 always on built5in security enhanced voice and video services guaranteed 7uality of service 38o)4 high5speed access wide area of coverage
6

Refer to the e%hibit. 9ased on the partial configuration that is shown, which static route would be the primary default path? ip route 0.0.0.0 0.0.0.0 172.16.20.2 40 ip route 0.0.0.0 0.0.0.0 192.68.6.1 50 ip route 0.0.0.0 0.0.0.0 202.16.20.2 60 ip route 0.0.0.0 0.0.0.0 212.68.6.1 70

Which three items can be specified by I)&:+P policy parameters? 3!hoose three.4 the hashing method to be used the encryption method to be used

the encapsulation method to be used the authentication method to be used the &!2 that is used to identify interesting traffic the amount of time the crypto interface should be active before being renegotiated
8

Refer to the e%hibit. Which two statements are true about the e%hibited static routes? 3!hoose two.4 If a route to ";.;.;.;<$ is received via RIP, R" will prefer the dynamic route over both configured static routes. If no dynamic route to ";.;.;.;<$ e%ists, both static routes will appear in the R" routing table. If no dynamic route to ";.;.;.;<$ e%ists, R" will use (.(.(.( as the ne%t hop because it has a higher preference. If a route to ";.;.;.;<$ is received via RIP, both static routes will appear in the routing table. *he static route to ";.;.;.;<$ via "."."." will be preferred to the route via (.(.(.(.
9

9ranch office networ' design faces several challenges. Which of these challenges has the goal of obtaining centrali-ed control of networ' security and management? bandwidth and networ' re7uirements consolidated data centers deployment plan management costs mobility
10

In the routing design for a branch office, which area will have an affect on convergence, load balancing, and scalability? connectivity technologies mobility re7uirements resiliency

routing protocols service mi% security and compliance

11

Which IPsec service verifies that the data was not altered during transmission? authori-ation confidentiality encapsulation encryption integrity
12

Which statement is true about the deployment of !onte%t59ased &ccess !ontrol 3!9&!4 and =one59ased irewall 3=9 4? *hey cannot be deployed on the same router. *hey can be deployed on the same router but not on the same interface. *hey can be deployed on the same interface but not in the same direction. *hey can be deployed on the same interface but cannot filter the same protocol.
13

Which three protocols are involved in the establishment of an IPsec /P0 tunnel? 3!hoose three.4 *unnel Profile 3*!P port >;.4 &uthentication 1eader 3protocol ?"4 Generic Routing Encapsulation 3protocol .@4 Encapsulating )ecurity Protocol 3protocol ?;4 Internet )ecurity &ssociation and :ey +anagement Protocol 3*!P port ?;;4 Internet )ecurity &ssociation and :ey +anagement Protocol 3,AP port ?;;4
14

1ow is 0&* tuned to handle traffic that is sent through a /P0 tunnel between a mobile wor'er and internal corporate resources? *ranslation is allowed by a permit access list statement or route map. *ranslation is allowed by a deny access list statement or route map. *raffic should bypass translation with a permit access list statement or route5map. *raffic should bypass translation with a deny access list statement or route5map.

15

Which two statements are correct about IPsec crypto maps? 3!hoose two.4 *he crypto map defines the IPsec tunnel endpoint or peer. Pac'ets that do not meet the criteria as specified in the crypto map are dropped. *he crypto map is applied to the outbound interface that the router is peering with. & crypto map is used to negotiate and e%change authentication and encryption parameters with its peer. *he crypto map is applied to the inbound interface that receives the pac'ets before being transmitted over the /P0 tunnel.
16

Which is a !isco IB) firewall solution that relies on access control lists? !isco Easy /P0 server !isco )ecurity +anager =one59ased irewall 3=9 4 !onte%t59ased &ccess !ontrol 3!9&!4
17

Refer to the e%hibit. & networ' administrator is configuring 0&* on router Remote. *he configuration should allow users on networ' "@(.">.">.;<(" to access Internet sites as well as resources on the 18 2&0 networ' "@(.">.;.;<(" through the /P0 tunnel. 1ow should the administrator configure access list ";" to accomplish this tas'? Remote3config46 access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255

Remote3config46 access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 deny 172.16.16.0 0.0.7.255 172.16.0.0 0.0.7.255 Remote3config46 access-list 101 deny 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 deny 172.16.16.0 0.0.7.255 209.165.202.129 0.0.0.3 Remote3config46 access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 permit ip 172.16.16.0 0.0.7.255 any Remote3config46 access-list 101 deny 172.16.0.0 0.0.7.255 172.16.16.0 0.0.7.255
18

Which three statements would help an end user develop a better understanding of A)2 technology? 3!hoose three.4 &A)2 typically has a higher download bandwidth than available upload bandwidth. &ll varieties of A)2 provide the same bandwidth, although they use different technologies to achieve upload and download. A)2 data subscribers are connected to a networ' segment, all sharing the upstream and downstream bandwidth. A)2 is available in any location that has a telephone. A)2 speeds can e%ceed the speeds available with a typical *" line. *ransfer rates vary by the length of the local loop.
19

Which two ,AP ports must be permitted inbound through the Internet5facing interface on a firewall to establish an IPsec tunnel and 0&*5*? 3!hoose two.4 (( ?; ?" ?;; .?;;
20

Which two solutions can a hybrid fiber cable service provider apply when there is constant congestion on the line? 3!hoose two.4 &llocate less bandwidth to affected customers. &llocate another downstream channel. &llocate another upstream channel. Run fiber deeper into the neighborhood. Run fiber to each home.