Appendix  ■   Answers to Practice Test Questions  80

Appendix 

  Answers to Practice Test Questions

the router. Although you have the encrypted password, it cannot be reversed, since the 

configuration now contains a one-way hash of the password. A one-way hash is a form 

of symmetrical encryption of the password; only the same combination of letters and 

numbers will produce the same hash. The Cisco Technical Assistance Center (TAC) 

cannot reverse the password. The hash cannot be used as the password; only the password 

can be used, and it is then checked against the hash. There is also no command in the 

operating system such as 

decrypt-password 06074352EFF6 to decrypt the password.

 81.  The AAA server listens for requests on UDP port 1812 for authentication of credentials. 

UDP port 49 is not correct and is not associated with a popular protocol. UDP port 1821 

is not correct and is also not associated with a popular protocol. UDP port 1813 is used 

for AAA servers listening for accounting information.

protocol of their own. The ACL required for the tunnel creation is 

permit gre {source} 

{destination}, which would be for a named access list. The tunnel interface number 

is only locally significant to the router. The adjoining router will never know the tunnel 

interface number. Speed of the tunnel is not a consideration that can restrict tunnel 

creation. Generic Routing Encapsulation (GRE) is expressly used to reduce the number of 

hops between the source and destination. When employed, it allows the remote network to 

look like it is 1 hop away, so the number of hops between the source and destination is not 

a consideration that can restrict tunnel creation.

both, you can set up a Generic Routing Encapsulation (GRE) tunnel for the multicast and 

broadcast traffic, then encrypt only the data over IPsec. However, by itself IPsec does not 

support multicast or broadcast traffic. The Point-to-Point Protocol (PPP) does not support 

multicast packets. Multiprotocol Label Switching (MPLS) does not natively support 

multicast packets.

access-list 101 deny tcp 192.168.2.0 0.0.0.255 any eq 

23 will deny TCP traffic from 192.168.2.0/24 to any address with a destination of 23 

(Telnet). The command 

access-list 101 permit ip any any will permit all other 

traffic. The commands 

access-list 101 deny 192.168.2.0 0.0.0.255 eq 23 and 

access-list 101 permit ip any any are incorrect; the deny statement is incorrectly 

formatted. The commands 

access-list 101 block tcp 192.168.2.0 0.0.0.255 any 

eq 23 and access-list 101 permit ip any any are incorrect; the block argument is 

not a valid argument. The commands 

access-list 101 deny 192.168.2.0 0.0.0.255 

any eq 23 and access-list 101 permit any any are incorrect; the permit any any 

command does not specify a protocol and therefore is incorrect.

 85.  B.  Conventional access lists don’t give you the ability to edit a single entry. The entire 

ACL must be removed and re-added with the correct entry. An alternative to conventional 

access lists is named access lists. A named access list is referenced by line numbers, which 

allows for removal and addition of single entries. Unfortunately, the Cisco IOS does not 

provide an ACL editor for conventional access lists. You can remove the line number and 

add a new line number back when you use named access lists. However, this functionality 

is not available for conventional access lists. Conventional access lists can be completely 

negated with the 

no command, but you cannot negate a single entry.

Chapter 8: Practice Exam 2 

Download 8,04 Mb.

Do'stlaringiz bilan baham: