Appendix  ■   Answers to Practice Test Questions  63

Appendix 

  Answers to Practice Test Questions

because the 192.168.3.0 network is on the other side of the tunnel interface, which is one 

hop away. All of the other options are incorrect.

 64.  C.  The routes are wrong. They should be set to the destination of the opposite tunnel IP 

address and not the serial WAN address. The tunnel numbers do not need to match since 

they are locally significant to the configuration. The destination on Router A of the tunnel 

is correct because it points to the serial WAN address on Router B. The serial interfaces do 

not need to match because they are locally significant to the configuration on each router.

 65.  B.  The Next Hop Router Protocol (NHRP) is responsible for resolving and directing 

traffic for Dynamic Multipoint VPN (DMVPN) traffic. Hot Standby Router Protocol 

(HSRP) is a first hop redundancy protocol (FHRP) used to failover to another standby 

router in the event the active router is offline. Address Resolution Protocol (ARP) is an 

IP helper protocol to determine the destination MAC address according to a destination 

IP address. Generic Router Encapsulation (GRE) is a Cisco proprietary standard for 

encapsulating layer 3 protocols over an IP network, such as the Internet.

 66.  C.  The problem is a layer 2 problem because both routers are in an UP/DOWN state for 

the connecting serial interfaces. Router A has a protocol of HDLC configured and Router 

B has a protocol of PPP configured. The output of the 

show interface command for 

both serial 0/0 and serial 0/1 on both routers does not show that the interfaces have been 

administratively disabled. The output of the 

show interface command on both routers 

does not support the theory that a wiring problem exists. If there was an IP address 

mismatch, the line protocol would still be in an UP state.

 67.  B.  Dynamic Multipoint VPN (DMVPN) is an example of a hub-and-spoke or point-to-

multipoint topology. All of the satellite connections terminate back to the central location. 

A single VPN site-to-site connection would be an example of a point-to-point topology. A 

full-mesh topology is commonly found on the core layer of an enterprise network. A dual-

homed topology is commonly found on the WAN of enterprises that have two or more 

redundant connections to the Internet.

integrity, a packet is sealed with a hash that must be calculated to the same hash on the 

other side when it is received and decrypted. Authentication is a benefit to using a VPN 

in that both parties are authenticated before network transmission begins. Anti-replay 

is a byproduct of authentication and data integrity; packets cannot be replayed without 

authentication between both parties and a rehashing of the packets. Confidentiality is 

created with any VPN because of the end-to-end encryption.

 69.  C.  Cisco Firepower Threat Defense (FTD) devices are used to create VPN tunnels 

between sites. FTD devices run the Cisco FTD software, which allows for firewall, 

intrusion prevention, and VPNs, among other security-related functions. Catalyst switches 

and Cisco routers are not commonly used to create VPN tunnels between sites. Policy-

based routing is a way to selectively route packets depending upon specific criteria.

Chapter 5: Security Fundamentals (Domain 5) 

Download 8,04 Mb.

Do'stlaringiz bilan baham: