Fravo.com Certification Made Easy

MCSE, CCNA, CCNP, OCP, CIW, JAVA, Sun Solaris, Checkpoint

World No1 Cert Guides info@Fravo.com

Building Cisco Remote Access Networks (BCRAN)

Exam 642-821

Edition 3.0 © Copyrights 1998-2005 Fravo Technologies. All Rights Reserved.

642-821

http://www.fravo.com 1

Congratulations!! You have purchased a Fravo Technologies. Study Guide. This study guide is a complete collection of questions and answers that have been developed by our professional & certified team. You must study the contents of this guide properly in order to prepare for the actual certification test. The average time that we would suggest you for studying this study guide is approximately 15 to 20 hours and you will surely pass your exam. We guarantee it! GOOD LUCK!

DISCLAIMER

This study guide and/or material is not sponsored by, endorsed by or affiliated with Microsoft, Cisco, Oracle, Citrix, CIW, CheckPoint, Novell, Sun/Solaris, CWNA, LPI, ISC, etc. All trademarks are properties of their respective owners.

Guarantee

If you use this study guide correctly and still fail the exam, send a scanned copy of your official score notice at: info@fravo.com We will gladly refund the cost of this study guide or give you an exchange of study guide of your choice of the same or lesser value.

This material is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this material, or any portion thereof, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under law. © Copyrights 1998-2005 Fravo Technologies. All Rights Reserved.

http://www.fravo.com

642-821

http://www.fravo.com 2

Q1. When is ISDN BRI a viable option as a remote access solution? A. A mobile user that needs access to the central site while traveling. B. A branch office needs to connect to a mobile user. C. A remote site with sporadic traffic needs to connect to central site. D. A branch office requires at least 300kbps bandwidth to the central site. Answer: C Explanation: Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels. ISDN uses the D channel to carry signal information. ISDN can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can utilize up to 9.6 kbps. When this feature is configured, a separate X.25-over-D-channel logical interface is created. You can set its parameters without disrupting the original ISDN interface configuration. The original BRI interface will continue to represent the D, B1, and B2 channels. Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over-D-channel calls and initiates them on a new interface. X.25 traffic over the D channel can be used as a primary interface where low-volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP. This feature is not available on the ISDN Primary Rate Interface (PRI). Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_guide_chapter09186a00800d9b8a.html Q2. Which statement is true regarding the ADSL (G.Lite G.922.2) standard? A. Signals cannot be carried on the same wire as POTS signals. B. It offers equal bandwidth for upstream and downstream data traffic. C. It was developed specifically for the consumer market segment requiring higher

download speeds. D. It has limited operating range of less than 4,500 feet. Answer: C Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. Downstream rates range from 1.5 to 9 Mbps, whereas upstream bandwidth ranges from 16 to 640 kbps. ADSL transmissions work at distances up to 18,000 feet (5,488 meters) over a single copper twisted pair. Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html

642-821

http://www.fravo.com 3

Q3. Which command will allow a router to attempt to discover the modem to which it is attached? A. modem autoconfigure discovery B. modem discovery autoconfigure C. modem autoconfigure type discovery D. modem discovery type autoconfigure Answer: A Explanation: If no modem is specified for a particular line and you have provided the modem autoconfigure discovery command, the access server attempts to autodiscover the type of modem to which it is attached. The access server determines the type of modem by sending AT commands to the modem and evaluating the response. Reference: Building Cisco Remote Access Networks (Ciscopress) page 83 Q4. Which user requirement is best served by an access server? A. Mobile sales force requiring dial-in access. B. Mobile sales force requiring dedicated connection. C. Corporate staff requiring access to web-bases applications. D. Corporate staff requiring access to applications on corporate systems. Answer: A Explanation: A router act access server, which is a concentration point for dial-in and dial-out calls. Mobile users, for example, can call into an access server at a Central site to access their messages. Reference: Building Cisco Remote Access Networks (Ciscopress) page 21 Q5. Which feature will cache routes learned by dynamic routing protocols, enabling their use over DDR connections? A. Route redistribution B. Dynamic static routes C. Snapshot routing D. DDR route maps E. Passive interfaces Answer: A Explanation: On the corporate side, it is very important that you be able to distribute those addresses across the network, as desired. To redistribute those routes, you

642-821

http://www.fravo.com 4

need to configure the routes to be redistributed to a dynamic routing protocol at the core side. Reference: Building Cisco Remote Access Networks (Ciscopress) page 190 Q6. The network administrator enables Frame Relay traffic shaping and configures a CIR of 64kbps. Using 125ms time interval, what will be the value of the committed burst (Bc) A. 32000 bits B. 24000 bits C. 16000 bits D. 8000 bits Answer: D Explanation: The calculation is TC = Bc/CIR 125ms (tc) = 8000bits (Bc)/64kbps (CIR) Reference: Building Cisco Remote Access Networks (Ciscopress) page 352 Q7. Drag the queuing method from the list on the right to the appropriate description on the right. (Note: not all options will be used.)

Answer:

642-821

http://www.fravo.com 5

Explanation: Custom queuing – reserves a certain percentage of bandwidth for each

specified class of traffic. Weighted fair queuing – prioritizes interactive traffics over file transfers to

ensure satisfactory response time for common user applications.

Basic queuing – No such thing Priority queuing – ensures the timely delivery of a specific protocol or

type of traffic because that traffic is transmitted before all others.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 399 Q9. Which of the following are examples of DTE devices? (Choose three.) A. Mainframe computer B. CSU/DSU C. Router D. Terminal E. Modem Answer: A, C, D Explanation: Data terminal equipment (DTE) are end devices such as PCs, workstations, routers, and mainframe computers. Reference: Building Cisco Remote Access Networks (Ciscopress) page 57 Q10. Based on the configuration shown, what is the CIR of interface Serial0/0 300?

642-821

http://www.fravo.com 6

interface Serial0/0 no ip address encapsulation frame-relay no fair-queue frame-relay traffic-shaping bandwidth 1536 ! interface Serial0/0.100 point-to-point ip address 10.1.1.1 255.255.255.0 frame-relay interface-dlci 100 frame-relay class cisco ! interface Serial0/0.200 point-to-point ip address 10.1.2.1 255.255.255.0 frame-relay interface-dlci 200 frame-relay class cisco ! interface Serial0/0.300 point-to-point ip address 10.1.3.1 255.255.255.0 frame-relay interface-dlci 300 ! ! map-class frame-relay cisco frame-relay cir 128000 frame-relay adaptive-shaping becn A. 56 kbps B. 64 kbps C. 128 kbps D. 896 kbps E. 1536 kbps Answer: C Explanation: frame-relay cir To specify the incoming or outgoing committed information rate (CIR)for a Frame Relay virtual circuit, use the frame-relay cir map-class configuration command. To reset the CIR to the default, use the no form of this command. frame-relay cir {in | out} bps no frame-relay cir {in | out} bps Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_command_reference_chapter09186a0080087bcd.html#xtocid106829 Q11. Which three are responsible of IKE in the IPSec protocol? (Choose three.) A. Negotiating protocol parameters B. Packet encryption

642-821

http://www.fravo.com 7

C. Exchanging public keys D. Integrity checking user hashes E. Authenticating both sides of a connection F. Implementing tunnel mode Answer: A, C, E Explanation: IKE is a protocol used by IPSec for completion of Phase 1. IKE negotiates and assigns SAs for each IPSec peer, which provide a secure channel for the negotiation of the IPSec SAs in Phase 2. IKE provides the following benefits:

• Eliminates the need to manually specify all the IPSec security parameters at both peers

• Lets you specify a lifetime for the IKE SAs • Allows encryption keys to change during IPSec sessions • Allows IPSec to provide anti-replay services • Enables CA support for a manageable, scalable IPSec implementation • Allows dynamic authentication of peers

Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278c.html#39982 Q12. What are four PPP options that are negotiated using LCP? (Choose four.) A. Callback B. Multilink C. Accounting D. Compression E. Authorization F. Authentication G. Rate adaptation Answer: A, B, D, F Explanation: PPP Link Control Protocol Options:

• Authentication • Callback • Compression • Multilink PPP

Reference: Building Cisco Remote Access Networks (Ciscopress) page 111 Q13. Under which circumstance would use of Kerberos authentication system be required, instead of TACACS+ or RADIUS? A. Authentication, authorization and accounting need to use the a single database. B. Multiple level of authorization need to be applied to various router commands. C. DES encrypted authentication is required. D. The usage of various router functions needs to be accounted for by user name.

642-821

http://www.fravo.com 8

Answer: C Explanation: Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service. These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network. Reference: http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080094ea4.shtml Q14. Frame Relay describes the interconnection process between which two types of equipment? A. DTE and DTE B. DCE and DCE C. CPE and DTE D. CPE and DCE Answer: D Explanation: Frame relay defines the interconnection process between your customer premises equipment (CPE- also known as data terminal equipment [DTE]) such as a router, and the service provider’s local access-switching equipment (known as data communications equipment [DCE]). Reference: Building Cisco Remote Access Networks (Ciscopress) page 340 Q15. Given the following debug output, which two statements are true? (Choose two.) 1d16h: %LINK-3-UPDPDOWN: Interface Serial3/0, changed state to up *Mar 2 16:52:15.297: Se3/0 PPP: Treating connection as a dedicated line *Mar 2 16:52:15.441: Se3/0 PPP: Phase is AUTHENTICATING, by this end *Mar 2 16:52:15.445: Se3/0 CHAP: O CHALLENGE id 7 len 29 from “NAS1” A. The user is authenticating with the privileged mode password “NAS1”.

642-821

http://www.fravo.com 9

B. This is a connection attempt to an async port. C. The connection is established on serial interface 3/0. D. The client is attempting to setup a Serial Line Internet Protocol connection. E. The user is authenticating using CHAP. Answer: C, E Explanation: When using Chap authentication, the access server sends a challenge message to the remote node after the ppp link is established. The remote node responds with a value calculated by using a one-way hash function. The access server (NAS1) checks the reponse against its own calculation of the expected hash value. Reference: Building Cisco Remote Access Networks (Ciscopress) page 115 Q16. Which of the following terminals can be connected to an ISDN line? (Choose two.) A. TO2 B. TE1 C. TE2/TA D. NU1 Answer: B, C Explanation: Terminal equipment 1(TE1) - Designates a device that is compatible with the ISDN network. A TE1 connects to a Network Termination of either Type 1 or Type 2, such as a digital telephone, a router with ISDN interface, or digital facsimile equipment. Terminal equipment 2(TE2) - Designates a device that is not compatible with the ISDN and requires a terminal adapter, such as terminals with X.21, EIA/TIA-232, or X.25 interfaces or a router without a ISDN interface (AGS= and so on). Terminal adapter – converts standard electrical signals into the form used by ISDN, so that non-ISDN devices can connect to the ISDN network. Reference: Building Cisco Remote Access Networks (Ciscopress) page 171 Q17. Serial0 on a router is configured with the command encapsulation frame-relay. What can cause the output from the show interface command to indicate: Serial0 is up, line protocol is down? A. No carrier signal B. IP subnet mismatch C. LAPF state, down D. LMI type mismatch E. No IP address configured Answer: D

642-821

http://www.fravo.com 10

Explanation:

"Serial0 is up, line protocol is down" This line in the output means that the router is getting a carrier signal from the CSU/DSU or modem. Check to make sure the Frame Relay provider has activated their port and that your Local Management Interface (LMI) settings match. Generally, the Frame Relay switch ignores the data terminal equipment (DTE) unless it sees the correct LMI (use Cisco's default to "cisco" LMI). Check to make sure the Cisco router is transmitting data. You will most likely need to check the line integrity using loop tests at various locations beginning with the local CSU and working your way out until you get to the provider's Frame Relay switch. Reference: http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#serialupdown Q18. Given the configuration: access-list 101 permit ip any any access-list 101 deny tcp any any eq ftp dialer-list 2 protocol ip list 101 Which two statements about the configuration are true with respect to FTP traffic and DDR? (Choose two.) A. FTP traffic will be forwarded. B. FTP traffic will not be forwarded. C. FTP will cause the line to come up. D. Since FTP uses two sockets, both must be defined to prevent packet forwarding. Answer: B, C Explanation: Access-list 101 deny tcp any any eq ftp - will stop any ftp traffic to any host dialer-list 2 protocol ip list 101 – command is used to configure dial-on-demand calls that will initiate a connection. Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 - 194 Q19. Drag and drop the ISDN in the options column to the related term in the target column.

642-821

http://www.fravo.com 11

Answer:

Explanation: U interface – defines the two-wire interface between the NT and the ISDN cloud.

642-821

http://www.fravo.com 12

TE1 – designates a device that is compatible with the ISDN network. R interface – defines the interface between the TA and an attached non-

ISDN device (TE2). S/T interface – is a four-wire interface (TX and RX). TE2 – designates a device that is not compatible with ISDN and

requires a terminal adapter. Reference: Building Cisco Remote Access Networks (Ciscopress) page 171-173 Q20. What occurs when there is no longer a signal on the DTR? A. The CD tells the DTE that a DCE-to-DCE connection has been established. B. The DTE issues a RTS to the DCE enabling communication. C. The DCE terminates its connection with the remote modem. D. The DTE applies voltage on pin 20 to alert the DCE that it is connected and

available to receive data. Answer: C Explanation: Either the DTE device or the DCE device may signal for the connection to be terminated. The signals that are used for this function are DTR from the DTE or the modem recognizing the loss of the CD signal. Reference: Building Cisco Remote Access Networks (Ciscopress) page 60 Q21. Which statements are true regarding the command telnet 10.10.30.4 2009? (Choose two.) A. It is used to reverse Telnet connection. B. It is used to Telnet to port 2009 on a specific computer. C. A modem is connected to line 9. D. It specified a BRI connection to be used for Telnet. Answer: B, C Explanation: B: Telnet protocol uses 2000 base TCP port for individual lines.

C: TTY lines 1 through 24 directly connect to modems 1/0 through 1/23, which are installed in the first chassis slot in this example. The TTY lines 25 through 48 directly connect to modems 2/0 through 2/23, which are installed in the second slot.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 70 http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca657.html

642-821

http://www.fravo.com 13

Q22. A small remote site requires a low cost, T1 speed connection to make secure file transfers to a central site located several hundred miles away. Which connection type will meet the requirements of this application? A. DSL B. Leased line C. ATM D. Frame Relay Answer: D Explanation: Frame Relay – Medium control, shared bandwidth, medium-cost enterprise backbones. It uses the services of many different Physical layer facilities at speeds that typically range from 56 Kbps up to 2 Mbps. Reference: Building Cisco Remote Access Networks (Ciscopress) page 27 + 340 Q23. Which three of the following router IOS commands defines “interesting” traffic for only one host using dial on command routing (DDR) (Choose three.) A. RTA(config)#dialer-list 1 protocol ip permit 10.1.1.1 B. RTA(config)#access-list 2 permit host 192.168.1.12 C. RTA(config-if)#dialer-group 1 D. RTA(config)#dialer-group 2 E. RTA(config)#dialer-list 1 protocol ip list 2 F. RTA(config-if)#dialer-list 2 protocol ip permit Answer: A, B, E Explanation: Define what constitutes interesting traffic by using the dialer-list command. The access-list command specifies interesting traffic that initiates a DDR call. These commands are assigned on the global configuration line. The dialer-group command needs to be assigned to the interface responsible for initiating the call. Reference: Building Cisco Remote Access Networks (Ciscopress) page 188 Q24. When using PPPoE to communicate over a DSL service connection, which process must be performed by the host to establish a PPPoE SESSION_ID? A. A Bootp process to request a configuration and session ID. B. A Discovery process to identify a PPPoE server and request a session ID. C. A DHCP request process to request and IP address and session ID. D. A RARP request process to request a MAC address and session ID. Answer: B

642-821

http://www.fravo.com 14

Explanation: When a host wishes to initiate a PPPoE session, it must first perform discovery to identify the Ethernet MAC address of the peer and establish a PPPOE SESSION_ID. Although PPP defines a peer-to-peer relationship, discovery is inherently a client/server relationship. In the discovery process, a host (the client) discovers an access concentrator (the server). Based on the network topology, there may be more than one access concentrator that the host can communicate with. The Discovery Stage allows the host to discover all access concentrators and then select one. When discovery is completed, both the host and the selected access concentrator have the information they will use to build their point-to-point connection over Ethernet. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008007fe7d.html Q25. What are the three possible states of a Frame Relay permanent virtual circuit (PVC)? A. Init B. Active C. Down D. Inactive E. Deleted F. Operational Answer: B, D, E Explanation: There are three possible permanent virtual connection (PVC) states:

• Deleted indicates • Active • Inactive state

Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1834/products_feature_guide09186a008007fe83.html Q26. Which command will change the specified Frame Relay encapsulation for a specific PVC on an interface? A. no frame-relay encapsulation ietf B. no frame-relay encapsulation cisco C. encapsulation frame-relay ietf D. frame-relay map ip 10.160.2.1 100 broadcast ietf Answer: D Explanation: The default encapsulation, which is Cisco, is applied to all the VCs available on that serial interface. If most destinations use the Cisco encapsulation,

642-821

http://www.fravo.com 15

but one destination requires the IETF, you would specify, under the interface, the general encapsulation to be used by most destinations. Because the default encapsulation is Cisco, you would specify the exception using the frame-relay map command. Reference: Building Cisco Remote Access Networks (Ciscopress) page 347 Q27. Which six AAA accounting types will a TACACS+/RADIUS server record? A. Network, interface, exec, protocol, system, and resource B. Resource, interface, connection, system, command, and network C. Command, system, exec, network, connection, and resource D. Connection, protocol, system, network, command, and resource E. Crypto, system, network, protocol, command, and resource Answer: C Explanation: system - Enables accounting for all system-level events not associated with users, such as reloads network - Enables accounting for all network-related requests, including SLIP, PPP, PPP network control protocols, and ARAP connection - Enables accounting for outbound Telnet and rlogin exec - Enables accounting for EXEC processes (user shells) command - level Enables accounting for all commands at the specified privilege level Reference: http://www.cisco.com/en/US/products/sw/secursw/ps4911/products_user_guide_chapter09186a00800eb6ce.html Q28. You are the network administrator at your company. A boarding supply store's manager within the company needs access from home to the store's internal network. You are asked to their router enabling it to accept asynchronous connections through a modem. It is your task to configure the serial port S0/1 for asynchronous communication and to enable a reverse telnet session to the attached modem. No other router or modem configuration is necessary at this time. Your task is complete when you are able to reverse telnet to the modem and issue an AT command to begin modem configuration. Task steps:

• Configure S0/1 to Asynchronous communication • Set the line speed to 33.6K • Set the flow control to hardware • Set the stop bits to one • Set the line password to "cisco" • Configure the line to allow for both incoming and outgoing calls • Allow all protocols for incoming connections on the line. • Configure the Loopback address to 192.168.0.1/32.

642-821

http://www.fravo.com 16

• Reverse telnet to the modem • Issue an AT command, modem should respond with OK.

To configure the router clock on a host icon that is connected to a router by a serial console cable.

Answer: Q29. Which two WAN connections provide a single pre-established switched circuit reserved for the private use of the customer? (Choose two.) A. Digital cable B. T1 leased line C. ISDN D. Asynchronous dial-in E. 56K dedicated line Answer: C, D Explanation: Circuit switching is a WAN-switching method, in which a dedicated physical circuit through a carrier network is established, maintained and terminated for each communication session. Initial signal at the setup stage determines the endpoints and the connection between the two endpoints. Typical circuit switched connections are as follows:

• Asynchronous serial • Integrated Service Digital Network (ISDN), Basic Rate Interface (BRI), and

ISDN Primary rate Interface (PRI) Reference: Building Cisco Remote Access Networks (Ciscopress) page 20 21

642-821

http://www.fravo.com 17

Q30. Which two are characteristics of Frame Relay? (Choose two.) A. Medium cost B. High reliability C. Circuit-switched D. Branch site connectivity Answer: B, D Explanation: Frame Relay provides virtual circuit connectivity for enterprise networks that require 56 kbps up to T1/E1 speeds. It costs less than leased lines because it uses statistical multiplexing of packets to gain efficiencies within the network, at the cost of a less-stringent bandwidth and latency guarantee. Frame Relay is being widely deployed in enterprise networks to connect regional and branch offices into the enterprise backbone. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091ca9.shtml Q31. Exhibit:

From the figure, which command establishes how Router1 will call Router2? A. dialer map ip 10.120.1.1 name Router1 4085552222 B. dialer map ip 10.120.1.2 name Router1 4085551111 C. dialer map ip 10.120.1.2 name Router1 4085552222 D. dialer map ip 10.120.1.2 name Router1 4085551111 Answer: C Explanation: dialer map protocol net-hop address [name hostname] [broadcast] dial-string This command configures a serial interface or ISDN interface to call one or multiple sites. The name refers to the name of the remote system, and broadcast indicates that broadcast should be forwarded to this address. The dial-string is the number to dial to reach the destination.

642-821

http://www.fravo.com 18

Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 Q32. When a modem powers up, how does the connected computer know that the DCE is ready to use? A. The modem sets DTR pin 20. B. The modem sets DCE pin 5. C. The modem sets DSR pin 6. D. The modem sets DTE pin 4. Answer: C Explanation: DSR – Data Set Ready (pin 6). The DCE is ready for use. This pin is not used on modem connections. The DSR is active as soon as a modem is turned on. Reference: Building Cisco Remote Access Networks (Ciscopress) page 60 Q33. What happens when the command clear ip nat translation is entered on a router? A. Clears all existing NAT translation table entries and NAT is suspended. B. Clears dynamic NAT translation table entries and NAT resumes. C. Clears static NAT translation entries and NAT resumes. D. Clears all inactive NAT translation entries and NAT is suspended. Answer: A Explanation: Clears dynamic NAT translations from the translation table. Reference: Building Cisco Remote Access Networks (Ciscopress) page 453 Q34. Given the following configuration statement, which two statements are true? (Choose two.) router(config)#aaa authentication login default group tacacs+ none A. No authentication is required to login. B. TACACS+ is the first default authentication method. C. Uses the list of TACACS+ servers for authentication, if TACACS+ fails then no

access is permitted. D. Uses the list of servers specified in group “TACACS+”, if none are available, then

no access is permitted. E. Uses the list of TACACS+ servers for authentication, if TACACS+ fails then uses

no authentication.

642-821

http://www.fravo.com 19

F. Uses a subset of TACACS+ servers named “group” for authentication as defined by the aaa group servers tacacs+ command.

Answer: B, E Explanation: To create a default list that is used if no list is assigned to a line, use the authentic ation login command with the default argument, followed by the methods you want to use in default situations. The additional methods of authentication are used only if the previous methods returns an error; not if it fails. Specify none as the final method in the command line to have authentication succeed. if all methods return an error. Additional methods:

• Enable • Krb5 • Line • Local • None • Radius • Tacacs+ • Krb5-telnet

Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 Q35. Which two commands would be useful to troubleshoot ISDN Layer 3? (Choose two.) A. debug isdn q931 B. debug isdn network C. debug isdn q921 D. debug isdn event Answer: A, D Explanation:

• You may use the debug isdn q931 EXEC command to display information about call setup and teardown of ISDN network connections (Layer 3) between the local router (user side) and the network.

• The debug isdn events command also displays information that is useful for monitoring and troubleshooting Multilink PPP.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 209, 210 Incorrect Answers: B: Not a valid command C: Troubleshoots ISDN layer 2

642-821

http://www.fravo.com 20

Q36. By which two methods can callers be authenticated using PPP? (Choose two.) A. Message digest key B. Authentication key C. PAP D. CHAP Answer: C, D Explanation: Authentication, using either PAP or CHAP, is used as a security measure with PPP and PPP callback. Authentication allows the dial-up target to identify that any given dial-up client is a valid client with a preassigned username and password. Reference: Building Cisco Remote Access Networks (Ciscopress) page 111 Q37. A system administrator issues a Router(config)#aaa new-model command from a telnet session. Making no other changes, the administrator saves the configuration to nvram and then exists the telnet session. No local username/password database exists on the router. What will happen when the administrator tries to immediately establish another telnet session? (Choose two.) A. The session asks for a username that may not exist. B. The router requires a reboot so the administrator can login. C. The administrator must access the router though the console port to login. D. The administrator can log in without using a password. Answer: A, C Explanation: On console, login will succeed without any authentication checks if default is not set. If authentication is not specifically set for a line, the default is to deny access and no authentication is performed. Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 Q38. Which of the following are used to verify and troubleshoot a PPP session? (Choose two.) A. show interfaces B. show PPP C. debug PPP negotiation D. debug PPP session Answer: A, C Explanation:

642-821

http://www.fravo.com 21

• Use the show interfaces command to display status and counter information about an interface.

• The debug ppp negotiation command is a great tool for troubleshooting the PPP Link Control protocol activities such as authentication, compression, and multilink.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 132 Q39. Which physical factors can reduce the maximum speed available on a DSL connection? (Choose two.) A. Lack of loading coils and the subscriber’s line. B. Distance from the CPE to the DSLAM. C. Gauge of wire used on the local loop. D. Number of telephones attached to the local loop. E. Lack of bridge taps in the local loop. Answer: D, E Explanation: Determine if the local loop is too long. The maximum length range is 15,000 to 25,000 feet (4572 to 7620 meters). Within that range, wire gauge, cross talk, and multiple bridge taps reduce the distance over which the modems can train. Reference: http://www.cisco.com/en/US/products/hw/switches/ps298/products_installation_guide_chapter09186a008007c8fb.html Q40. Which one of the following ranges is the Valid Dynamic TEI value assignment range for an ISDN BRI circuit? A. 1-24 B. 25-62 C. 64-126 D. 128-256 Answer: C Explanation: The TEI is a dynamic assignment to that device. IN the U.S., when you boot up a router, you make some type of request to the switch for a TEI. The switch assigns you a TEI, and you will communicate over the switch using the signaling that uses a SAPI. TEI group assignments are 0-63 for non automatic assignments; 64-126 for automatic TEI assignment; and 127 for group assignment, or broadcast. Reference: Building Cisco Remote Access Networks (Ciscopress) page 177

642-821

http://www.fravo.com 22

Q41. When the following configuration is present on the router, how many addresses will be available for dynamic nat translation? ip nat pool test 192.168.1.33 192.168.1.42 netmask 255.255.255.224 ip nat inside source list 7 pool test A. 7 B. 9 C. 10 D. 31 Answer: C Explanation: The IP address that is configured for dynamic nat translation is 192.168.1.33 19 192.168.1.42 netmask 255.255.255.224 The start -ip is 192.168.1.33 The end-ip is 192.168.1.42 Start-ip – starting IP address that defines the range of addresses in the address pool. End-ip – Ending IP address that defines the range of addresses in the address pool. Reference: Building Cisco Remote Access Networks (Ciscopress) page 446 Q42. A network administrator would like to use an existing ISDN line as a backup for a Frame Relay line connected on interface serial0. Which statement is correct based on the following configuration of the Cisco Router? interface serial0 ip address 192.168.10.1 255.255.255.0 backup interface bri0 backup delay 5 10 interface bri0 ip address 192.168.11.2 255.255.255.0 dialer idle-timeout 900 dialer-group 1 dialer-group 1 protocol ip permit A. ISDN BRI line will be in “standby” mode after 900 seconds once the serial

interface activates again. B. ISDN BRI line will be in “standby” mode after 10 seconds once the serial interface

activates again. C. ISDN BRI line will be in “standby” mode after 10 seconds but will be in “standby”

mode after 900 seconds once the serial interface activates again. D. ISDN BRI line will be in “standby” mode after 10 seconds but will be in “up/ip”

mode after 900 seconds once the serial interface activates again. Answer: C

642-821

http://www.fravo.com 23

Explanation: - backup delay 5 10 command: backup delay enable-delay disable-delay Specify delay between the physical interface going down and the backup being enabled, and between the physical interface coming back up and the backup being disabled. - dialer idle-timeout 900 This command specifies the time that the line can remain idle before it is disconnected. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a008008721f.html Q43. Your company has a hub and spoke Frame Relay network. No spoke router can ping any other spoke routers, yet all spoke routers can pin the hub router. What is a possible cause? A. Disabled split horizon B. Poison reverse issue C. Inverse ARP issue D. Spanning-tree loop Answer: C Explanation:

Connecting from Spoke to Spoke You cannot ping from one spoke to another spoke in a hub and spoke configuration using multipoint interfaces because there is no mapping for the other spokes' IP addresses. Only the hub's address is learned via the Inverse Address Resolution Protocol (IARP). If you configure a static map using the frame-relay map command for the IP address of a remote spoke to use the local data link connection identifier (DLCI), you can ping the addresses of other spokes. Reference: http://www.cisco.com/en/US/tech/tk713/tk237/technologies_tech_note09186a008014f8a7.shtml#topic2 Q44. What is the default encapsulation type set on Cisco router serial interfaces? A. Frame Relay B. HDLC C. PPP D. LAPB Answer: B

642-821

http://www.fravo.com 24

Explanation: HDLC is the default encapsulation type on point-to-point, dedicated links. It is used typically when communicating between two Cisco devices. It is a bit-oriented synchronous data link protocol. HDLC specifies a data-encapsulation method on synchronous data links using frame characters and checksums. Reference: Building Cisco Remote Access Networks (Ciscopress) page 23 Q45. What are three symptoms of a congested serial line? (Choose three.) A. The connection fails at a particular time of day. B. The connection has never worked. C. The connectivity is intermittent. D. The connection fails as load increases. E. The hardware in the serial link failed. Answer: A, C, D Q46. Which WAN connections are typically employed at telecommuter sites? (Choose three.) A. Asynchronous dial-up B. ISDN BRI C. Leased lines D. HDSL E. Cable modems F. ADSL Answer: A, B, F Explanation: Typical WAN connections employed at telecommuter sites are as follows:

• Asynchronous dial-up • ISDN BRI • Frame Relay (leased line)

Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 Q47. Examine the partial output of the show run command interface BRI0 description connected to ntt 81019998887654 ip address 10.12.15.5 255.255.255.0 encapsulation ppp dialer idle-timeout 30 dialer load-threshold 40 either dialer map ip 10.12.15.8 name RTB 81019998888901 dialer map ip 10.12.15.9 name RTC 81019998881234

642-821

http://www.fravo.com 25

dialer map ip 10.12.15.4 name RTD 81019998881122 dialer-group 1 ppp authentication pap ppp multilink Which statement is true about the type of dial-on demand routing being implemented using BRI0? A. By configuring legacy DDR on interface BRI0, calls made to all three sites will use

the same communication parameters. B. By configuring BRI0 as a member of a dial-group 1, communications parameters

assigned to the group will override those configured on the interface. C. Calls made using BRI0 will attempt to use the authentication configured for the

dial rotary, and if unsuccessful, will use pap authentication. D. The dialer profile communication parameters will override those configured

directly on interface BRI0. Answer: A Q48. Examine the configuration statements. What will happen when interesting traffic destined to the network 172.16.1.0 is seen by RTA?

RTA(config)#ip route 172.16.1.0 255.255.255.0 bri0 RTA(config)#interface bri0 RTA(config-if)#dialer map ip 10.1.1.1 name RTB 5551111 RTA(config-if)#dialer map ip 10.1.1.2 name RTC 5552222 RTA(config-if)#dialer map ip 10.1.1.3 name RTD 5553333 A. The packets destined for the 172.16.1.0 network will be dropped. B. A DDR call will be placed to router RTB and the packets routed to 10.1.1.1. C. A DDR call will be placed first to router RTB, and if it is busy, then to RTC and

RTD. D. The packets destined for the 172.16.1.0 network will be sent to the default route. Answer: C Explanation: dialer map protocol next -hop-address [name hostname] [broadcast] dialstring This command configures a serial interface or ISDN interface to call one or multiples sites. The name refers to the name of the remote system, and broadcast indicates that broadcasts should be forwarded to this address. This dial-string is the number to dial to reach the destination. Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 Q49. On an EIA/TIA-232 null modem cable with DB25 connectors, which two pins are cross connected? (Choose two.)

642-821

http://www.fravo.com 26

A. Pin 2 B. Pin 3 C. Pin 4 D. Pin 5 E. Pin 7 F. Pin 8 Answer: A, B Explanation: Null modems crisscross DB-25 pins 2, 3 and other corresponding pins so that the two DTE devices can communicate. Some devices can be configured to operate either like a DTE or a DCE. Configuring a device as a DCE usually means that it receives data on pin 2 and transmits data on pin 3. Reference: Building Cisco Remote Access Networks (Ciscopress) page 62 Q50. What are two results of issuing the frame-relay map ip 192.168.1.2 100 command? (Choose two.) A. Inverse ARP is enabled. B. Inverse ARP is disabled. C. Split horizon is enabled D. Split horizon is disabled. E. IP address 192.168.1.2 is dynamically mapped to DLCI 100. F. IP address 192.168.1.2 is statically mapped to DLCI 100. Answer: B, F Explanation: If you use dynamic address mapping, Frame Relay Inverse ARP provides a given DLCI and requests next -hop protocol addresses for a specific connection. The router then updates its mapping table and uses the information in the table to route outgoing traffic. Dynamic address mapping is enabled by default for all protocols on a physical interface. If you use the static mapping, you must use the frame-relay map command to statically map destination network protocol addresses to a designated DLCI. Reference: Building Cisco Remote Access Networks (Ciscopress) page 346-347 Q51. Which commands are configured from the line configuration mode? (Choose three.) A. encapsulation ppp B. async mode interactive C. modem inout D. speed 115200 E. flowcontrol hardware Answer: C, D, E

642-821

http://www.fravo.com 27

Explanation: modem inout - Uses the modem for both incoming and outgoing calls. speed 115200 – Sets the maximum speed (in bits-per-second) between the modem and the access server. flowcontrol hardware – Uses RTS/CTS for flow control. Reference: Building Cisco Remote Access Networks (Ciscopress) page 76 77 Q52. A Frame Relay PVC is reported as in INACTIVE state on the router. What is the possible cause? A. PVC is not configured on local router. B. PVC is not configured on the Frame Relay switch. C. PVC is in DOWN state on the remote router. D. PVC is in DELETED state on the remote router. Answer: C Explanation: Inactive state – Indicates that the Local connection to the Frame Relay switch is working, but the remote router’s connection to the Frame Relay switch is not working. Reference: Building Cisco Remote Access Networks (Ciscopress) page 345 Q53. Which statement is true regarding uninteresting traffic being carried over a DDR link? A. Uninteresting traffic will keep DDR call established, even if no more interesting

traffic is being routed over the link. B. Uninteresting traffic will be routed over an established DDR call, but at a lower

priority than interesting traffic. C. Uninteresting traffic will not be routed over an established DDR call. D. Uninteresting traffic will be routed over an established DDR call, as long as there

is enough interesting traffic to keep the call connected. Answer: C Explanation: Packets that are permitted entry according to the access list are identified as interesting or packets of interest. Packets that are not permitted entry or are denied entry by an access list are deemed uninteresting. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1820/products_configuration_guide_chapter09186a0080087504.html

642-821

http://www.fravo.com 28

Q54. Which command is used to enable asynchronous dialup on a serial interface? A. physical-mode async B. dialer-group layer async C. physical-layer async D. modem inout Answer: C Explanation: Physical-layer async – configures the serial interface as an async interface. Reference: Building Cisco Remote Access Networks (Ciscopress) page 93 Q55. What is the default action of authentication when AAA is enabled but authentication is not set? A. Allow a user to access all resources after login. B. Disallow a user from access to all resources after login. C. Record all access of resources and how long the user accessed each resources. D. Not to record any access of resources after login. E. Allow any user to login without checking the authentication data. F. Disallow any user from logging in with or without a valid username and password. Answer: F Explanation: If authentication is not specifically set for a line, the default is to deny access and no authentication is performed. Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 Q56. Exhibit:

642-821

http://www.fravo.com 29

Refer to the output of the debug frame-relay packet command shown in the graphic. What is the possible problem? A. Frame Relay encapsulation mismatch. B. Frame Relay LMI type mismatch. C. Missing routing table entry. D. Missing inverse ARP entry. E. Missing MAC address Answer: B Q57. Which two statements about Frame Relay subinterface configurations are true? (Choose two.) A. Any IP address must be removed from the subinterface. B. Subinterface is configured either multipoint or point-to-point. C. The physical interface and subinterface can each be configured with IP addresses. D. The configuration must be added to the D channel. Answer: B Reference: Building Cisco Remote Access Networks (Ciscopress) page 353 354 Q58. A bank needs to connect a branch office to the corporate network on the other side of town. The branch office has twelve users that require constant access to the bank’s central accounting system throughout the day. Which two connection types may be most appropriate for this branch office? (Choose two.) A. ISDN BRI B. Frame Relay C. Asynchronous

642-821

http://www.fravo.com 30

D. Dedicated lease line Answer: B, D Explanation: The remote site must have a mix of equipment, but not as much as the Central site requires. Typical WAN solutions that a remote site uses to connect to the Central site as follows:

• Leased line • Frame Relay • X.25 • ISDN

Reference: Building Cisco Remote Access Networks (Ciscopress) page 30 Incorrect Answers: A, C: Used for telecommuters Q59. Which statement describes the differences between IPSec and Cisco Encryption Technology (CET)? A. CET supports AH, ESP and Anti-Replay which are not available with IPSec. B. IPSec supports AH, ESP and Anti-Replay which are not available with CET. C. CET is the implementation of IPSec in the Cisco Secure Services package. D. IPSec is used to encrypt IP-only packets, whereas CET is used to encrypt only

non-IP packets. Answer: B Explanation: If you require only Cisco router-to-Cisco router encryption, then you could run CET, which is a more mature, higher-speed solution. If you require a standards-based solution that provides multivendor interoperability or remote client connections, then you should implement IPSec. Also, if you want to implement data authentication with or without privacy (encryption), then IPSec is the right choice. Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800d981b.html#77018 Q60. When configuring an asynchronous line, what is the result of issuing the flowcontrol hardware command? A. It sets RAM aside to buffer incoming and outgoing data. B. It sets the line to use CTS/RTS flow control. C. It sets the modem to handle flow control instead of the router. D. It sets the modem to use MNP4 firmware. Answer: B

642-821

http://www.fravo.com 31

Explanation: flowcontrol hardware – Uses RTS/CTS for flow control. Reference: Building Cisco Remote Access Networks (Ciscopress) page 77 Q61. Which of the following statements are correct regarding the Multilink PPP protocol? (Choose two.) A. MLP can be applied to any link type utilizing PPP encapsulation. B. MLP can identify bundles only through the authenticated name. C. MLP is a negotiated option only during the LCP phase of PPP. D. For MLP to bind links, configuring AAA authentication is a required. Answer: A, B Explanation: A: Multilink PPP Prerequisites

The dialer interface, BRI interface, PRI interface, multilink interface, or virtual template must be configured, and PPP encapsulation must be enabled.

B: PPP authentication plays a part in Multilink PPP. The bundle decision is based on the authentication name of the remote router independently on each side of the link. Each router should use a unqiue hostname for authentication, with a shared password.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 200 http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080110bd7.html Q62. When using a CATV cable service as an Internet connection medium, what is “upstream traffic”? A. Traffic getting at the user’s home traveling to the headend. B. Traffic between the headend and the supplier antenna. C. Broadcast traffic, including the cable TV signals. D. Traffic from outside the local cable segment serving the user’s home. Answer: A Explanation: In the upstream direction (subscriber cable modems transmitting towards the head-end) the environment is many transmitters and one receiver. This introduces the need for precise scheduling of packet transmissions to achieve high utilization and precise power control so as to not overdrive the receiver or other amplifier electronics in the cable system. Since the upstream direction is like a single receiver with many antennas, the channels are much much more susceptible to inter-fering noise products [5, 6] . In the cable industry, we generally call this ingress noise. ..00000000000000 Reference:

642-821

http://www.fravo.com 32

http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac202/about_cisco_ipj_archive_article09186a00800c837c.html Q63. What is a benefit of choosing an Internet-based VPN over a point-to-point T1 connection? A. VPNs offer more local control of the quality of service. B. VPN users are not tied to a specific fixed location. C. VPNs can provide reserved bandwidth for the individual user. D. VPNs offer better queuing mechanisms than T1 connections. Answer: B Explanation: VPNs enables today’s increasingly mobile workforce to connect to their corporate intranets or extranets whenever, wherever, or however they require; improving productivity and flexibility while reducing access costs. Reference: Building Cisco Remote Access Networks (Ciscopress) page 561 Q64. What are the advantages of Frame Relay connection over dedicated leased lines? (Choose two.) A. Better suited multiple branch locations. B. Lower cost. C. More control over the connection. D. Full guaranteed bandwidth. Answer: B, C Explanation: Frame Relay provides virtual circuit connectivity for enterprise networks that require 56 kbps up to T1/E1 speeds. It costs less than leased lines because it uses statistical multiplexing of packets to gain efficiencies within the network, at the cost of a less-stringent bandwidth and latency guarantee. Frame Relay is being widely deployed in enterprise networks to connect regional and branch offices into the enterprise backbone. Reference: http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091ca9.shtml Q65. An Internet Service Provider is offering ADSL connections to its customers, providing 640 kbps upload and 4 Mbps download speeds. Which customers would benefit from this type of connection? (Choose two.) A. Small home offices requiring 24 hour connection to the Internet for email and

web communication.

642-821

http://www.fravo.com 33

B. Web services companies providing dynamic web content serving, including video-on-demand.

C. Central data processing facilities receiving simultaneous uploads of data from remote offices.

D. Support organizations providing ftp services for software distribution and documentation.

Answer: A, C Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. The remote sites using ADSL would benefit this for the downloading of data from the Central data processing facility. Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html Q66. You need to support a mobile sales group who needs access to email from a variety of locations. What best meets the needs of the sales group? A. Digital service B. Multi-mode service C. Asynchronous service D. High-Speed Serial (HSS) interface Answer: C Explanation: An asynchronous dial-up solution using the existing telephony network and an analog modem is often the solution for telecommuters because it is easy and the telephone facilities are already installed. Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 Q67. Which router IOS command would generate the following information line? kickin load 60% kickout load 40% A. show primary B. show backup C. show load D. show interface E. show dialer-profile Answer: D Explanation: Use the show interfaces command to display status and counter information about an interface. Reference: Building Cisco Remote Access Networks (Ciscopress) page 330

642-821

http://www.fravo.com 34