Chapter 1

1
What are two structured engineering principles necessary for successful
implementation of a network design? (Choose two.)
modularity*
security
availability
quality of service
resiliency*
2
What is an important first consideration when starting to design a network?
size of the network*
access security
protocols to be used
type of applications
3
Which layer of the Cisco Collaboration Architecture contains unified communications
and conference software such as Cisco WebEx Meetings, WebEx Social, Cisco
Jabber, and TelePresence?
service provider edge
enterprise WAN
applications and devices*
services module
4
In which layer of the hierarchical enterprise LAN design model would PoE for VoIP
phones and access points be considered?
core
physical
data link

access*
distribution
5
Which network module is the fundamental component of a campus design?
access-distribution module*
services module
data center
enterprise edge
6
In a hierarchical network design, which layers may be combined into a collapsed
core for smaller networks?
core, distribution, and access
distribution and access
core and access
core and distribution*
7

Refer to the exhibit. Which type of ISP connectivity to the service provider edge is
being used by company A?

dual-homed
dual-multihomed
single-homed
multihomed*
8
What is one advantage to designing networks in building block fashion for large
companies?
mobility
redundancy
increased network access time
failure isolation*
9
A network engineer wants to redesign the wireless network and make use of wireless
network controllers that manage the many deployed wireless access points. In which
network design module of the campus network architecture would the centralized
wireless network controllers be found?
services*
access-distribution
enterprise edge
data center
10
Which two devices would commonly be found at the access layer of the hierarchical
enterprise LAN design model? (Choose two.)
Layer 3 device
firewall
access point*
Layer 2 switch*
modular switch
11
Which approach in networking allows for network changes, upgrades, or the
introduction of new services in a controlled and staged fashion?

modular*
network module
borderless
static
12

Refer to the exhibit. Which type of Cisco hierarchical LAN design model is used at
school site 1?
7 layer
two-tier collapsed core*
three-tier
3 layer
13
Which three network architectures have been introduced by Cisco to address the
emerging technology challenges created by the evolving business models? (Choose
three.)
Cisco Collaboration*
Cisco Data Center*
Cisco Borderless*

Cisco Enterprise Edge

Cisco Enterprise Campus
Cisco Enterprise Branch
14
Which Cisco technology allows diverse network devices to connect securely, reliably,
and seamlessly to enterprise network resources?
Cisco AnyConnect*
enterprise edge
building distribution
service provider edge
15
The network design for a college with users at five sites is being developed. Where in
the campus network architecture would servers used by all users be located?
services
enterprise edge
data center*
access-distribution
16
What is creating a new challenge for IT departments by changing the border of the
enterprise network?
tablets*
company-owned desktops
energy costs
access layer switching
17
Which network architecture functions through a combination of technologies that
include wired, wireless, security, and more?
Cisco Borderless*
Cisco Enterprise Campus
Cisco Enterprise Edge
Cisco Enterprise Branch

18
Which network architecture combines individual components to provide a
comprehensive solution allowing people to cooperate and contribute to the
production of something?
Cisco Enterprise Campus Architecture
Cisco Enterprise Branch Architecture
Cisco Borderless Network Architecture
Cisco Collaboration Architecture*
19
Fill in the blank.
Reducing the complexity of network design by dividing a network into smaller
areas is an example of a hierarchical network model.

20

Place the options in the following order:

not scored
core
access
distribution
21

Place the options in the following order:

[+] campus core
[+] building distribution
[+] data center
[#] VPN and remote access
[#] DMZ
[#] e-commerce
[+] Order does not matter within this group.
[#] Order does not matter within this group.
22. Fill in the blank. Use the abbreviation.
Under the Cisco Enterprise Edge module, the submodule that provides remote access
including authentication and IPS appliances is the VPN and remote access submodule.
23. What are two of the top trends that affect network architecture design? (Choose
two.)
Internet security
internal security attacks
speed of Internet connectivity
cloud computing*
BYOD*

24. Why would a company want network engineers to adhere to structured

engineering principles when designing networks?
The resiliency of a network depends on being able to modify portions of the network, add
services, or increase network capacity without adding new hardware devices.
The network is not expected to remain available under abnormal conditions such as
extreme traffic loads or denial-of-service events.
The network can be easily designed because of the separation of the various
functions that exist on a network into modules.*
A hierarchical network model is a useful high-level tool for designing a reliable network
infrastructure, although it increases the complexity of network design.
25. Refer to the exhibit. Which Cisco Enterprise Architecture module is shown?
enterprise campus*
26. What feature is more important at the core layer than at any other hierarchical
network design layer?
packet switching speed*
27. Which product corresponds to a layer of the Cisco Collaboration Architecture?
Network and Computer Infrastructure*

Chapter 2
1.
Which WAN technology is cell-based and well suited to carry voice and video traffic?
VSAT
ISDN
Frame Relay
ATM*
2
Which WAN connectivity method would be used in a remote location where there are
no service provider networks?
VPN
WiMAX
cable
VSAT*
3
Which network scenario will require the use of a WAN?
Employees need to access web pages that are hosted on the corporate web servers in the
DMZ within their building.
Employees need to connect to the corporate email server through a VPN while
traveling.*
Employee workstations need to obtain dynamically assigned IP addresses.
Employees in the branch office need to share files with the headquarters office that is
located in a separate building on the same campus network.
4
Which two technologies use the PSTN network to provide an Internet connection?
(Choose two.)
ATM
ISDN*
Frame Relay

MPLS
dialup*
5
Which geographic scope requirement would be considered a distributed WAN
scope?
regional
one-to-one
global
local
one-to-many
many-to-many*
6
What are two advantages of packet switching over circuit switching? (Choose two.)
A connection through the service provider network is established quickly before
communications start.
There are fewer delays in the data communications processes.
The communication costs are lower.
Multiple pairs of nodes can communicate over the same network channel.*
A dedicated secure circuit is established between each pair of communicating nodes.
7
Which connectivity method would be best for a corporate employee who works from
home two days a week, but needs secure access to internal corporate databases?
VPN*
WiMAX
DSL
cable

Place the options in the following order:

not scored
CPE
Local Loop
not scored
DTE
DCE
9
Which wireless technology provides Internet access through cellular networks?
satellite
municipal WiFi
LTE*
WiMAX
10
What is a requirement of a connectionless packet-switched network?
Full addressing information must be carried in each data packet.*
A virtual circuit is created for the duration of the packet delivery.
Each packet has to carry only an identifier.
The network predetermines the route for a packet.

11
A customer needs a WAN virtual connection that provides high-speed, dedicated
bandwidth between two sites. Which type of WAN connection would best fulfill this
need?
circuit-switched network
packet-switched network
MPLS
Ethernet WAN*
12
Which WAN technology establishes a dedicated constant point-to-point connection
between two sites?
ATM
Frame Relay
leased lines*
ISDN
13
A company needs to interconnect several branch offices across a metropolitan area.
The network engineer is seeking a solution that provides high-speed converged
traffic, including voice, video, and data on the same network infrastructure. The
company also wants easy integration to their existing LAN infrastructure in their
office locations. Which technology should be recommended?
Frame Relay
Ethernet WAN*
ISDN
VSAT
14
A home user lives within 10 miles (16 kilometers) of the Internet provider network.
Which type of technology provides high-speed broadband service with wireless
access for this home user?
WiMAX*
DSL

802.11
municipal Wi-Fi
15
Which two devices are needed when a digital leased line is used to provide a
connection between the customer and the service provider? (Choose two.)
dialup modem
access server
DSU*
CSU*
Layer 2 switch
16

Place the options in the following order:

uses traditional video network
uses traditional phone network
set up by a city to provide free Internet access
slow access (upload speed is about one-tenth download speed)
not scored
17
What is a feature of dense wavelength-division multiplexing (DWDM) technology?
It replaces SONET and SDH technologies.
It provides Layer 3 support for long distance data communications.
It provides a 10 Gb/s multiplexed signal over analog copper telephone lines.
It enables bidirectional communications over one strand of fiber.*

18
What is the recommended technology to use over a public WAN infrastructure when
a branch office is connected to the corporate site?
municipal Wi-Fi
VPN*
ATM
ISDN
19
A small company with 10 employees uses a single LAN to share information between
computers. Which type of connection to the Internet would be appropriate for this
company?
a broadband service, such as DSL, through their local service provider*
a dialup connection that is supplied by their local telephone service provider
Virtual Private Networks that would enable the company to connect easily and securely with
employees
private dedicated lines through their local service provider
20
What is a long distance fiber-optic media technology that supports both SONET and
SDH, and assigns incoming optical signals to specific wavelengths of light?
ATM
MPLS
ISDN
DWDM*
21
A new corporation needs a data network that must meet certain requirements. The
network must provide a low cost connection to sales people dispersed over a large
geographical area. Which two types of WAN infrastructure would meet the
requirements? (Choose two.)
private infrastructure
dedicated
public infrastructure*

Internet*
satellite

22
What are two common high-bandwidth fiber-optic media standards? (Choose two.)
ITU
ANSI
ATM
SDH*
SONET*
23. Which statement describes a characteristic of a WAN?
A WAN provides end-user network connectivity to the campus backbone.
A WAN operates within the same geographic scope of a LAN, but has serial links.
WAN networks are owned by service providers.*
All serial links are considered WAN connections
24. Which feature is used when connecting to the Internet using DSL?
CMTS
IEEE 802.16
LTE
DSLAM*
25. Which equipment is needed for an ISP to provide Internet connections through
cable service?
access server
CSU/DSU
DSLAM
CMTS*
26. Which solution can provide Internet access to remote locations where no regular
WAN services are available?
VSAT*
27. A corporation is looking for a solution to connect multiple, newly established
remote branch offices. Which consideration is important when selecting a private

WAN connection rather than a public WAN connection?

data security and confidentiality during transmission*
28. Which statement describes cable?
Delivering services over a cable network requires downstream frequencies in the 50
to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.*
29. What is an advantage of packet-switched technology over circuit-switched
technology?
Packet-switched networks can efficiently use multiple routes inside a service
provider network.*

Chapter 3
1.. Which address is used in the Address field of a PPP frame?
a single byte of binary 10101010
a single byte of binary 11111111*
the IP address of the serial interface
a single byte of binary 00000000
2. How does PPP interface with different network layer protocols?
by specifying the protocol during link establishment through LCP
by encoding the information field in the PPP frame
by using separate NCPs*
by negotiating with the network layer handler
3

Place the options in the following order:

Compression
Multilink
Maximum Receive Unit
not scored
Authentication Protocol

4. Which command can be used to view the cable type that is attached to a serial
interface?
Router(config)# show controllers*
Router(config)# show ip interface
Router(config)# show interfaces
Router(config)# show ip interface brief
5. In which situation would the use of PAP be preferable to the use of CHAP?
when plain text passwords are needed to simulate login at the remote host*
when router resources are limited
when multilink PPP is used
when a network administrator prefers it because of ease of configuration
6. Which protocol will terminate the PPP link after the exchange of data is complete?
IPCP
LCP*
IPXCP
NCP
7

Refer to the exhibit. Which statement describes the status of the PPP connection?
Both the link-establishment and network-layer phase completed successfully.*
Only the network-layer phase completed successfully.
Only the link-establishment phase completed successfully.
Neither the link-establishment phase nor the network-layer phase completed successfully.
8. Which is an advantage of using PPP on a serial link instead of HDLC?
option for session establishment
higher speed transmission
option for authentication*
fixed-size frames
9. Which three statements are true about PPP? (Choose three.)
PPP can use synchronous and asynchronous circuits.*
PPP carries packets from several network layer protocols in LCPs.
PPP can only be used between two Cisco devices.
PPP uses LCPs to agree on format options such as authentication, compression, and
error detection.*
PPP uses LCPs to establish, configure, and test the data link connection.*
10. When configuring Multilink PPP, where is the IP address for the multilink bundle
configured?
on a subinterface
on a physical serial interface
on a physical Ethernet interface
on a multilink interface*
11. Which field marks the beginning and end of an HDLC frame?
FCS
Flag*
Control
Data
12

Refer to the exhibit. Based on the debug command output that is shown, which
statement is true of the operation of PPP.
Both PAP and CHAP authentication were attempted.
A PPP session was successfully established.*
CHAP authentication failed because of an unknown hostname.
The debug output is from router R2.
13. During a PPP session establishment phase, which two messages are sent by the
requested party if the options are not acceptable? (Choose two.)
Configure-Reject*
Code-Reject
Discard-Request
Configure-Nak*
Protocol-Reject
14. A network administrator is evaluating authentication protocols for a PPP link.
Which three factors might lead to the selection of CHAP over PAP as the
authentication protocol? (Choose three.)

uses an unpredictable variable challenge value to prevent playback attacks*

uses a three-way authentication periodically during the session to reconfirm
identities*
transmits login information in encrypted format*
control by the remote host of the frequency and timing of login events
establishes identities with a two-way handshake
makes authorized network administrator intervention a requirement to establish each
session
15

Place the options in the following order:

Step 3
Step 2
Step 4
Step 1
not scored
Step 5
Step 6
16. What are three components of PPP? (Choose three.)
LCP*
multilink
NCP*
HDLC-like framing*

compression
authentication
17

Refer to the exhibit. A network administrator is configuring the PPP link between the
two routers. However, the PPP link cannot be established. Based on the partial
output of the show running-config command, what is the cause of the problem?
The passwords do not match.*
The usernames do not match.
The passwords should be longer than 8 characters.
The interface IP addresses are in different subnets.
18. Which PPP option can detect links that are in a looped-back condition?
Magic Number*
Callback
MRU
ACCM
19. Which three are types of LCP frames used with PPP? (Choose three.)

link-negotiation frames
link-acknowledgment frames
link-maintenance frames*
link-termination frames*
link-establishment frames*
link-control frames
20. At which layer of the OSI model does multiplexing take place?
Layer 3
Layer 4
Layer 2
Layer 1*
21

Place the options in the following order:

Phase 3
not scored
Phase 1
Phase 2
22. Which three physical layer interfaces support PPP? (Choose three.)
GigabitEthernet
asynchronous serial*
HSSI*
synchronous serial*
POTS
FastEthernet

23

Open the PT Activity. Perform the tasks in the activity instructions and then answer
the question.
Why is the serial link between router R1 and router R2 not operational?
The encapsulation in both routers does not match.
The passwords are different in both routers.
In each case the expected username is not the same as the remote router hostname.*
The authentication type is not the same in both routers.
24. Which serial 0/0/0 interface state will be shown if no serial cable is attached to the
router, but everything else has been correctly configured and turned on?
Serial 0/0/0 is up, line protocol is down
Serial 0/0/0 is administratively down, line protocol is down
Serial 0/0/0 is up (disabled)
Serial 0/0/0 is up, line protocol is up
Serial 0/0/0 is down, line protocol is down*
Serial 0/0/0 is up (looped)
25. What PPP information will be displayed if a network engineer issues the show
ppp multilinkcommand on Cisco router?

the IP addresses of the link interfaces

the serial interfaces participating in the multilink*
the queuing type on the link
the link LCP and NCP status
26. Refer to the exhibit. What type of Layer 2 encapsulation will be used for
connection D on the basis of this configuration on a newly installed router:
RtrA(config)# interface serial0/0/0
RtrA(config-if)# ip address 128.107.0.2 255.255.255.252
RtrA(config-if)# no shutdown
HDLC*
27. A network engineer is monitoring an essential, but poor quality, PPP WAN link
that periodically shuts down. An examination of the interface configurations shows
that the ppp quality 90 command has been issued. What action could the engineer
take to reduce the frequency with which the link shuts down?
Issue the command ppp quality 70*
28. A network engineer is troubleshooting the loss of MPEG video viewing quality as
MPEG video files cross a PPP WAN link. What could be causing this loss of quality?
Link Quality Monitoring was not configured correctly on each interface.
The compress command was used when PPP was configured on the interfaces.*
The clock rates configured on each serial interface do not match.
PAP authentication was misconfigured on the link interfaces.

Chapter 4
1.
What is a characteristic of Frame Relay that provides more flexibility than a dedicated
line?
Customers use dedicated circuits in increments of 64 kb/s.
Dedicated physical circuits are installed between each site.
The Frame Relay cloud allocates as much bandwidth as required to active PVCs to
maintain the connection.
One router WAN port can be used to connect to multiple destinations.
2
What are the two major criteria that constitute the cost of a Frame Relay circuit?
(Choose two.)
QoS
end-to-end connectivity
local loop
required bandwidth
circuit management fees
3
A router interface connects to a Frame Relay network over a preconfigured logical
circuit that does not have a direct electrical connection from end to end. Which type
of circuit is being used?
SVC
hub and spoke
full mesh
dedicated leased line
PVC
4
Which Frame Relay topology provides a connection from every site to every other
site and maintains a high amount of reliability?

hub and spoke

partial mesh
full mesh
star
5
Which technology allows a Layer 3 IPv4 address to be dynamically obtained from a
Layer 2 DLCI?
Neighbor Discovery
Address Resolution Protocol
Inverse Neighbor Discovery
Inverse Address Resolution Protocol
6
A network administrator has statically configured the LMI type on the interface of a
Cisco router that is running Cisco IOS Release 11.2. If the service provider modifies
its own LMI type in the future, what step must the network administrator take?
The network administrator must modify the keepalive time interval to maintain connectivity
with the LMI type of the service provider.
The network administrator does not have to do anything, because all LMI types are
compatible with one another.
The network administrator must statically set the LMI type to be compatible with the
service provider.
The network administrator simply has to verify connectivity with the provider, because the
router has an LMI autosensing feature that automatically detects the LMI type.
7
Which two functions are provided by the Local Management Interface (LMI) that is
used in Frame Relay networks? (Choose two.)
mapping of DLCIs to network addresses
error notification
congestion notification
simple flow control
exchange of information about the status of virtual circuits

8
Which parameter would be specified in a Frame Relay provider contract for a
particular company?
DE
QoS
Inverse ARP enabled/disabled
CIR
9
Which three notification mechanisms are used when congestion is present in a
Frame Relay network? (Choose three.)
DE
BECN
inverse ARP
CIR
FECN
DLCI
10
Why would a customer request a Frame Relay circuit with a CIR of zero?
to have a circuit used for network management traffic
to have a backup circuit for critical data transmissions
to have better QoS
to have a link with reduced costs
to have a circuit used for voice traffic
11
Which provider-negotiated parameter would allow a customer to send data above the
rate of the bandwidth specified by the CIR?
DE
FECN
Be
Bc

12
What is the purpose of applying the command frame-relay map ip 10.10.1.2 110
broadcast?
to support IPv6 traffic over the NBMA network by using DLCI 110
to allow Frame Relay frames to be broadcast over DLCI 110
to allow Frame Relay frames to be broadcast toward host 10.10.1.2
to allow Frame Relay frames to be broadcast on all Frame Relay interfaces
to configure a device with a static Frame Relay map that also allows the forwarding
of routing updates
13

Refer to the exhibit. Which two statements are correct? (Choose two.)
The IPv4 address of interface S0/1/0 on RA is 192.168.1.2.
The IPv4 address of interface S0/1/1 on RB is 192.168.1.2.
The DLCI that is attached to the VC on RA to RB is 62.
The DLCI that is attached to the VC on RB to RA is 62.
The Frame Relay map was set by using the command frame-relay map.
14

Refer to the exhibit. Which statement is true about Frame Relay traffic on R1?
Traffic that exits subinterface Serial 0/0/0.102 is marked with DLCI 201.
Traffic on Serial 0/0/0 is experiencing congestion between R1 and the Frame Switch.
Traffic that is mapped to DLCI 201 will exit subinterface Serial 0/0/0.201.
Frames that enter router R1 from a Frame Relay neighbor will have DLCI 201 in the frame
header.
15
Which three actions can be taken to solve Layer 3 routing protocol router reachability
issues when using Frame Relay? (Choose three.)
Use subinterfaces.
Disable Inverse ARP.
Use a full mesh topology.
Use the keyword cisco as the LMI type.
Disable split horizon.
Configure static DLCI mappings.
16
When would the multipoint keyword be used in Frame Relay PVCs configuration?
when multicasts must be supported
when using physical interfaces

when participating routers are in the same subnet

when global DLCIs are in use
17
A network engineer has issued the interface serial 0/0/1.102 point-to-point command
on a router that will be communicating with another router over a Frame Relay virtual
circuit that is identified by the DLCI 102. Which two commands would be appropriate
for the network engineer to issue next? (Choose two.)
no shutdown
no ip address
encapsulation frame relay
ip address 10.1.1.10 255.255.255.252
frame-relay interface-dlci 102
18
Which two Frame Relay router reachability issues are resolved by configuring logical
subinterfaces? (Choose two.)
LMI status inquiry messages sent to the network are not received.
Inverse ARP fails to associate all IP addresses to the correct DLCIs.
Frame Relay is unable to map a remote IP address to a DLCI.
Distance vector routing protocols are unable to forward routing updates back out the
incoming interface to other remote routers.
Link-state routing protocols are unable to complete neighbor discovery.
19

Refer to the exhibit. A network administrator has implemented the show interfaces
serial 0/1/0 command. What can be verified from the displayed output?
Router R1 connects to multiple sites through the serial 0/1/0 interface.
Router R1 is forwarding traffic on interface serial 0/1/0 using the local DLCI 1023.
Router R1 is not using the default LMI type.
Router R1 has been configured with Frame Relay via the ietf keyword.
20
The show frame-relay pvc command is best utilized to display the number for which
type of packets that are received by the router?
FECN and BECN messages
Inverse Neighbor Discovery messages
Inverse ARP messages
LMI status messages
21

Refer to the exhibit. A network administrator is configuring Frame Relay

subinterfaces on R1. A distance vector routing protocol has also been configured.
Data is routing successfully from R1 to networks that are connected to R2, R3, and
R4, but routing updates between R2 and R3 are failing. What is the possible cause of
this failure?
Split horizon is preventing successful routing table updates on the multipoint link.
Multipoint Frame Relay networks cannot be used with this IP addressing scheme.
Subinterfaces cannot be used on multipoint Frame Relay links.
Two DLCI identifiers cannot be configured on one subinterface.
22

Refer to the exhibit. A network administrator issues the show frame-relay

map command to troubleshoot the Frame Relay connection problem. Based on the
output, what is the possible cause of the problem?
The S0/0/1 interface of the R2 router is down.
The IP address on S0/0/1 of R3 is configured incorrectly.
Inverse ARP is providing false information to the R1 router.
The S0/0/1 interface of the R2 router has been configured with the encapsulation frame
relay ietfcommand.
The Frame Relay map statement on the R3 router for the PVC to R2 is configured with
an incorrect DLCI number.
23
Fill in the blank. Use an acronym.
The Frame Relay DLCI
identifies a connection from one endpoint to a remote
destination.
24

Fill in the blank.

The encapsulation frame-relay ietf
command enables Frame Relay
encapsulation and allows connection to a device from a different vendor.
25

Place the options in the following order:

[+] customers pay for an end-to-end connection
[+] customers do not share the line
[+] requires more equipment to purchase and maintain
[+] used in one-to-one network link only
[#] used in one-to-many networks
[#] uses virtual circuits
[#] customers share bandwidth
[+] Order does not matter within this group.
[#] Order does not matter within this group.
26. A network administrator uses the following command to configure a Frame Relay
connection on a router towards the service provider:
R1(config-if)# frame-relay map ip 209.165.200.225 102 broadcast
What is the purpose of using the broadcast keyword?

to support IP address to MAC address resolution for the interface in the service provider site
to support dynamic routing protocol updates across the link*
to enable VoIP packet transmission across the link
to enable dynamic IP address-to-DLCI mapping
27. What is an advantage of Frame Relay WAN technology compared with leased
lines?
It uses one interface to connect to several remote sites.*
It offers a guaranteed direct electrical circuit from end to end.
It provides permanent dedicated capacity to the customers.
It supports both voice and data traffic.
28. A network administrator of a large organization is designing a Frame Relay
network. The organization needs redundancy between some key sites but not all.
What WAN topology should the administrator choose to meet their needs?
partial mesh*
star
full mesh
extended star
29. Place the options in the following order:
the capacity of the local loop
not scored
the bandwidth available above the CIR up to the access rate of the link
a negotiated rate above the CIR that the customer can use to transmit for short
burst
the data transmission bandwidth guaranteed over the local loop by the service
provider

Chapter 5
1 Typically, which network device would be used to perform NAT for a corporate
environment?
DHCP server
host device
router
server
switch
2 What is the group of public IPv4 addresses used on a NAT-enabled router known
as?
outside local addresses
inside local addresses
inside global addresses
outside global addresses
3 When NAT is employed in a small office, which address type is typically used for
hosts on the local LAN?
private IP addresses
global public IP addresses
Internet-routable addresses
both private and public IP addresses
4 Which version of NAT allows many hosts inside a private network to
simultaneously use a single inside global address for connecting to the Internet?
PAT
static NAT
dynamic NAT
port forwarding
5 Which type of NAT maps a single inside local address to a single inside global
address?

dynamic
static
port address translation
overloading
6 Several key servers in an organization must be directly accessible from the
Internet. What addressing policy should be implemented for these servers?
Use dynamic NAT to provide addresses for the servers.
Place all of the servers in their own Class C private subnet.
Use DHCP to assign addresses from the pool of Class B addresses.
Assign static internal addresses and public external addresses to each of the servers
7 What is a disadvantage of NAT?
There is no end-to-end addressing.
The router does not need to alter the checksum of the IPv4 packets.
The internal hosts have to use a single public IPv4 address for external communication.
The costs of readdressing hosts can be significant for a publicly addressed network.
8

Refer to the exhibit. What has to be done in order to complete the static NAT
configuration on R1?
R1 should be configured with the command ip nat inside source static 209.165.200.1
192.168.11.11.
R1 should be configured with the command ip nat inside source static 209.165.200.200
192.168.11.11.
Interface S0/0/0 should be configured with the command ip nat outside.
Interface Fa0/0 should be configured with the command no ip nat inside.
9

Refer to the exhibit. R1 is configured for NAT as displayed. What is wrong with the
configuration?
Access-list 1 is misconfigured.
NAT-POOL2 is not bound to ACL 1.
Interface Fa0/0 should be identified as an outside NAT interface.
The NAT pool is incorrect.
10 Which statement accurately describes dynamic NAT?

It always maps a private IP address to a public IP address.

It provides an automated mapping of inside local to inside global IP addresses.
It provides a mapping of internal host names to IP addresses.
It dynamically provides IP addressing to internal hosts.
11 A network administrator configures the border router with the command
R1(config)# ip nat inside source list 4 pool corp. What is required to be configured in
order for this particular command to be functional?
a NAT pool named corp that defines the starting and ending public IP addresses
an access list named corp that defines the private addresses that are affected by NAT
an access list numbered 4 that defines the starting and ending public IP addresses
ip nat outside to be enabled on the interface that connects to the LAN affected by the NAT
a VLAN named corp to be enabled and active and routed by R1
12 When dynamic NAT without overloading is being used, what happens if seven
users attempt to access a public server on the Internet when only six addresses are
available in the NAT pool?
No users can access the server.
The request to the server for the seventh user fails.
All users can access the server.
The first user gets disconnected when the seventh user makes the request.
13 A network engineer has configured a router with the command ip nat inside
source list 4 pool corp overload. Why did the engineer use the overload option?
The company has more private IP addresses than available public IP addresses.
The company needs to have more public IP addresses available to be used on the Internet.
The company router must throttle or buffer traffic because the processing power of the
router is not enough to handle the normal load of external-bound Internet traffic.
The company has a small number of servers that should be accessible by clients from the
Internet.
14

Refer to the exhibit. What will be the effect of entering the command that is shown in
the exhibit on R2 as part of the dynamic NAT configuration?
It will define a pool of addresses for translation.
It will identify an inside NAT interface.
It will bind NAT-POOL1 with ACL 1.
It will define the source ACL for the external interface.
15 Which configuration would be appropriate for a small business that has the public
IP address of 209.165.200.225/30 assigned to the external interface on the router that
connects to the Internet?
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat inside source list 1 interface serial 0/0/0 overload
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload
access-list 1 permit 10.0.0.0 0.255.255.255
ip nat pool comp 192.0.2.1 192.0.2.8 netmask 255.255.255.240
ip nat inside source list 1 pool comp overload
ip nat inside source static 10.0.0.5 209.165.200.225
16 What are two required steps to configure PAT? (Choose two.)
Define a pool of global addresses to be used for overload translation.
Define a standard access list denying the addresses that should be translated.
Define the range of ports to be used.
Identify the inside interface.
Define a standard access list that allow the outside global addresses to be used.
17

Refer to the exhibit. What is the purpose of the command marked with an arrow
shown in the partial configuration output of a Cisco broadband router?
defines which addresses can be translated
defines which addresses are allowed into the router
defines which addresses are assigned to a NAT pool
defines which addresses are allowed out of the router
18 What is the purpose of port forwarding?
Port forwarding allows an external user to reach a service on a private IPv4 address
that is located inside a LAN.
Port forwarding allows users to reach servers on the Internet that are not using standard
port numbers.
Port forwarding allows an internal user to reach a service on a public IPv4 address that is
located outside a LAN.
Port forwarding allows for translating inside local IP addresses to outside local addresses.
19 What is a characteristic of unique local addresses?
They allow sites to be combined without creating any address conflicts.
They are designed to improve the security of IPv6 networks.
Their implementation depends on ISPs providing the service.
They are defined in RFC 3927.

20

Refer to the exhibit. Based on the output that is shown, what type of NAT has been
implemented?
dynamic NAT with a pool of two public IP addresses
PAT using an external interface
static NAT with one entry
static NAT with a NAT pool
21

Refer to the exhibit. The NAT configuration applied to the router is as follows:
ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255
ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224
ERtr(config)# ip nat inside source list 1 pool corp overload
ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4
ERtr(config)# interface gigabitethernet 0/0
ERtr(config-if)# ip nat inside
ERtr(config-if)# interface serial 0/0/0
ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can be determined about the
NAT status within the organization?
Dynamic NAT is working, but static NAT is not.
Static NAT is working, but dynamic NAT is not.
NAT is working.
Not enough information is given to determine if both static and dynamic NAT are
working. *
22

Open the PT Activity. Perform the tasks in the activity instructions and then answer
the question.
What problem is causing PC-A to be unable to communicate with the Internet?
The static route should not reference the interface, but the outside address instead.
This router should be configured to use static NAT instead of PAT.
The ip nat inside source command refers to the wrong interface.
The access list used in the NAT process is referencing the wrong subnet.
The NAT interfaces are not correctly assigned.
23

Place the options in the following order:

not scored
step 5
step 2
step 4
step 1
step 3
24
What are two of the required steps to configure PAT? (Choose two.)
Create a standard access list to define applications that should be translated.
Identify the inside interface.*
Define the range of source ports to be used.
Define the hello and interval timers to match the adjacent neighbor router.
Define a pool of global addresses to be used for overload translation.*
NEW QUESTIONS
25. How does NAT complicate the use of IPsec?
Network performance is degraded even more than with just NAT.
Header values are modified which causes issues with integrity checks.*
Troubleshooting is made impossible.
End-to-end IPv4 traceability is lost.

26. Which technology would be used on a router that is running both IPv4 and IPv6?
static NAT
dynamic NAT
dual stack*
NAT for IPv6
27. Which prefix is used for IPv6 ULAs?
2001:7F8::/29
FF02::1:FF00:0/104
2001:DB8:1:2::/64
FC00::/7 *
28. Fill in the blank. Do not use abbreviations.
NAT overload is also known as : __Port Address Translation__