- Which broadband wireless technology is based on the 802.11 standard?WiMAX
UMTS
municipal Wi-Fi*
CDMA
The IEEE 802.11 standard is also known as Wi-Fi. Municipal Wi-Fi is a variant of the 802.11 standard.
- What is the approximate distance limitation for providing a satisfactory ADSL service from the central office to a customer?3.39 miles or 5.46 kilometers*
2.11 miles or 3.39 kilometers
11.18 miles or 18 kilometers
6.21 miles or 10 kilometers
For customers to receive satisfactory ADSL service, the local loop, or distance from the central office, must be less than 5.46 kilometers.
- What is a component of an ADSL connection that is located at the customer site?CO
DSLAM
CPE*
SOHO
Customer premises equipment (CPE) is the equipment, such as a router or modem, that is located at the customer site and connects the internal network to the carrier network.
- What is the function of the DSLAM in a broadband DSL network?separates POTS traffic from ADSL traffic
separates voice from data signals
multiplexes individual customer DSL connections into a single upstream link*
communicates directly with customer cable modems to provide Internet services to customers
On a DSL network the DSLAM is used to multiplex connections from DSL subscribers into a single high-capacity link. The DSLAM is located at the central office of the provider.
- Which broadband technology would be best for a small office that requires fast upstream connections?fiber-to-the-home*
WiMax
DSL
cable
Fiber-to-the-home provides fast downstream and upstream connections. DSL, cable, and WiMax provide relatively slow upstream connections.
- What are two WAN connection enhancements that are achieved by implementing PPPoE? (Choose two.)An Ethernet link supports a number of data link protocols.
DSL CHAP features are included in PPPoE.
Encapsulating Ethernet frames within PPP frames is an efficient use of bandwidth.
CHAP enables customer authentication and accounting.*
PPP enables the ISP to assign an IP address to the customer WAN interface.*
Encapsulating a PPP frame within an Ethernet frames enables IP address assignment by ISPs that are using DSL technology, as well as the ability to use CHAP for authentication and accounting. Traditional DSL does not support CHAP authentication. A traditional Ethernet link supports only Ethernet-based data link protocols.
- When PPPoE is configured on a customer router, which two commands must have the same value for the configuration to work? (Choose two.)dialer pool 2*
interface dialer 2
ppp chap password 2
interface gigabitethernet 0/2
pppoe-client dial-pool-number 2*
ppp chap hostname 2
The dialer pool number configured on both the dialer and Ethernet interfaces must match. The interface numbers and the username and the password do not have to match
- Why is the MTU for a PPPoE DSL configuration reduced from 1500 bytes to 1492?to establish a secure tunnel with less overhead
to enable CHAP authentication
to accommodate the PPPoE headers*
to reduce congestion on the DSL link
The default maximum data field of an Ethernet frame is 1500 bytes. However, in PPPoE the Ethernet frame payload includes a PPP frame which has also has a header. This reduces the available data MTU to 1492 bytes.
- What are two characteristics of a PPPoE configuration on a Cisco customer router? (Choose two.)The customer router CHAP username and password are independent of what is configured on the ISP router.
An MTU size of 1492 bytes is configured on the Ethernet interface.
The Ethernet interface does not have an IP address.*
The PPP configuration is on the dialer interface.*
The dialer pool command is applied to the Ethernet interface to link it to the dialer interface.
PPP, CHAP, an IP address, the dialer pool number, and the MTU size are all configured on the dialer interface. The customer router CHAP username and password must match what is configured the ISP router. The pppoe-client command, not the dialer pool command, is applied to the Ethernet interface to link it to the dialer interface.
- Where is PPPoE configured on a Cisco router?on any physical interface
on the dialer interface*
on an Ethernet interface
on a serial interface
The PPPoE configuration is applied to the dialer interface, not to the Ethernet interface. The dialer interface is linked to the Ethernet interface with the dialer-pool and pppoe-client commands.
- How can the use of VPNs in the workplace contribute to lower operating costs?High-speed broadband technology can be replaced with leased lines.
VPNs can be used across broadband connections rather than dedicated WAN links.*
VPNs prevents connectivity to SOHO users.
VPNs require a subscription from a specific Internet service provider that specializes in secure connections.
VPN technology can be used with broadband connectivity or more expensive leased lines. VPNs provide connectivity between offices, users, and SOHO environments. VPNs do not require a specific ISP to be used.
- How is “tunneling” accomplished in a VPN?All packets between two hosts are assigned to a single physical medium to ensure that the packets are kept private.
A dedicated circuit is established between the source and destination devices for the duration of the connection.
Packets are disguised to look like other types of traffic so that they will be ignored by potential attackers.
New headers from one or more VPN protocols encapsulate the original packets.*
Packets in a VPN are encapsulated with the headers from one or more VPN protocols before being sent across the third party network. This is referred to as “tunneling”. These outer headers can be used to route the packets, authenticate the source, and prevent unauthorized users from reading the contents of the packets.
- Which two statements describe a remote access VPN? (Choose two.)It may require VPN client software on hosts.*
It requires hosts to send TCP/IP traffic through a VPN gateway.
It connects entire networks to each other.
It is used to connect individual hosts securely to a company network over the Internet.*
It requires static configuration of the VPN tunnel.
Remote access VPNs can be used to support the needs of telecommuters and mobile users by allowing them to connect securely to company networks over the Internet. To connect hosts to the VPN server on the corporate network, the remote access VPN tunnel is dynamically built by client software that runs on the hosts.
- Which is a requirement of a site-to-site VPN?It requires hosts to use VPN client software to encapsulate traffic.
It requires the placement of a VPN server at the edge of the company network.
It requires a client/server architecture.
It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.*
Site-to-site VPNs are static and are used to connect entire networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN gateways. The VPN gateway is responsible for encapsulating the traffic and forwarding it through the VPN tunnel to a peer gateway at the other end which decapsulates the traffic.
- What functionality does mGRE provide to the DMVPN technology?It allows the creation of dynamically allocated tunnels through a permanent tunnel source at the hub and dynamically allocated tunnel destinations at the spokes.*
It provides secure transport of private information over public networks, such as the Internet.
It is a Cisco software solution for building multiple VPNs in an easy, dynamic, and scalable manner.
It creates a distributed mapping database of public IP addresses for all VPN tunnel spokes.
DMVPN is built on three protocols, NHRP, IPsec, and mGRE. NHRP is the distributed address mapping protocol for VPN tunnels. IPsec encrypts communications on VPN tunnels. The mGRE protocol allows the dynamic creation of multiple spoke tunnels from one permanent VPN hub.
- Which two scenarios are examples of remote access VPNs? (Choose two.)A toy manufacturer has a permanent VPN connection to one of its parts suppliers.
All users at a large branch office can access company resources through a single VPN connection.
A small branch office with three employees has a Cisco ASA that is used to create a VPN connection to the HQ.
An employee who is working from home uses VPN client software on a laptop in order to connect to the company network.*
A mobile sales agent is connecting to the company network via the Internet connection at a hotel.*
Remote access VPNs connect individual users to another network via a VPN client that is installed on the user device. Site-to-site VPNs are “always on” connections that use VPN gateways to connect two sites together. Users at each site can access the network on the other site without having to use any special clients or configurations on their individual devices.
- The graphic shows two routers, R1 and R2, that connect to the Internet. There is a site attached to each router. Site A is attached to router R1 and site B is attached to router R2. A tunnel is shown spanning the Internet between the two routers.
Refer to the exhibit. What solution can provide a VPN between site A and site B to support encapsulation of any Layer 3 protocol between the internal networks at each site?
a remote access tunnel
a GRE tunnel*
an IPsec tunnel
Cisco SSL VPN
A Generic Routing Encapsulation (GRE) tunnel is a non-secure, site-to-site VPN tunneling solution that is capable of encapsulating any Layer 3 protocol between multiple sites across over an IP internetwork.
- Which three statements are characteristics of generic routing encapsulation (GRE)? (Choose three.)GRE does not have strong security mechanisms.*
The GRE header alone adds at least 24 bytes of overhead.
GRE is stateless.*
GRE encapsulation supports any OSI Layer 3 protocol.*
GRE is the most secure tunneling protocol.
GRE provides flow control by default.
GRE uses a protocol type field in the GRE header to support the encapsulation of any OSI Layer 3 protocol. GRE itself is stateless; it does not include any flow-control mechanisms by default. GRE does not have strong security mechanisms.
- Refer to the exhibit. Which IP address is configured on the physical interface of the CORP router?
10.1.1.1
209.165.202.133*
209.165.202.134
10.1.1.2
The tunnel source and tunnel destination addresses reference the IP addresses of the physical interfaces on the local and remote routers respectively.
- Refer to the exhibit. Which IP address would be configured on the tunnel interface of the destination router?
209.165.200.226
209.165.200.225
172.16.1.1
172.16.1.2*
The IP address that is assigned to the tunnel interface on the local router is 172.16.1.1 with a prefix mask of /30. The only other address, 172.16.1.2, would be the destination tunnel interface IP address. Although 209.165.200.226 is listed as a destination address in the output, this is the address of the physical interface at the destination, not the tunnel interface.
- Refer to the exhibit. A tunnel was implemented between routers R1 and R2. Which two conclusions can be drawn from the R1 command output? (Choose two.)
The data that is sent across this tunnel is not secure.*
This tunnel mode is not the default tunnel interface mode for Cisco IOS software.
This tunnel mode provides encryption.
A GRE tunnel is being used.*
This tunnel mode does not support IP multicast tunneling.
According to the R1 output, a GRE tunnel mode was specified as the tunnel interface mode. GRE is the default tunnel interface mode for Cisco IOS software. GRE does not provide encryption or any other security mechanisms. Therefore, data that is sent across a GRE tunnel is not secure. GRE supports IP multicast tunneling.
- What is used by BGP to determine the best path to a destination?cost
administrative distance
hop count
attributes*
BGP uses attributes, such as AS-path, to determine the best path to a destination.
- What command specifies a BGP neighbor that has an IP address of 5.5.5.5/24 and that is in AS 500?(config-router)# neighbor 5.5.5.5 remote-as 500*
(config-router)# network 5.0.0.0 0.0.0.255
(config-router)# router bgp 500
(config-router)# neighbor 500 remote-as 5.5.5.5
The neighbor command is used to specify an EBGP neighbor router and peer with it. The command requires that the AS number of the neighbor be included as part of the command.
- True or False?
Multiple BGP processes can run on a router.true
false*
Because a BGP router can only belong to a single autonomous system, it can only run a single BGP process.
- On the left is a cloud with the following words: ISP 1 AS 64001 Company A 192.168.10.0/24. A router labeled R1 at the edge of this cloud connects through a serial interface labeled 209.165.200.225 to another router labeled R2. The serial interface on R2 is labeled 209.165.200.226. R2 is inside a second cloud labeled ISP 2 AS 650002 Company B 192.168.20.0/24. Refer to the exhibit. Which two configurations will allow router R1 to establish a neighbor relationship with router R2? (Choose two.)
R1(config)# router bgp 65001
R1(config-router)# network 192.168.20.0
R2(config)# router bgp 65002
R2(config-router)# network 192.168.10.0
R2(config-router)# neighbor 209.165.200.226 remote-as 65002
R2(config)# router bgp 65002
R2(config-router)# network 192.168.20.0
R2(config-router)# neighbor 209.165.200.225 remote-as 65001*
R1(config)# router bgp 65002
R1(config-router)# network 192.168.20.0
R1(config-router)# neighbor 209.165.200.225 remote-as 65001
R1(config)# router bgp 65001
R1(config-router)# network 192.168.10.0
R1(config-router)# neighbor 209.165.200.226 remote-as 65002*
R2(config)# router bgp 65002
R2(config-router)# network 192.168.10.0
To configure EBGP, the router bgp command is followed by the AS number in which the router resides. Conversely, the neighbor command contains the AS number to which the remote router belongs.
- Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What is the code displayed on the web page?Welldone!
BGP is configured!
BGP is running!*
Configuration is correct!
The basic EBGP configuration includes the following tasks:
Step 1: Enable BGP routing.
Step 2: Configure the BGP neighbors or neighbor.
Step 3: Advertise the network or networks originating from the AS.
Place the options in the following order: 
