C. UDP 500 ISAKMP, IP Protocol 51 for ESP, IP Protocol 500 for AH
D. UDP 500 ISAKMP, TCP 51 for ESP, TCP 50 for AH
E. UDP 500 ISAKMP, TCP 50 for ESP, TCP 51 for AH Answer: B
QUESTION 132 MPPE (Microsoft Point to Point Encryption) is valid with which of the following forms of authentication?
A. MS-CHAP or EAP
B. CHAP (RFC 1994)
C. PAP
D. SPAP (Shiva PAP)
E. A and B Answer: A
QUESTION 133 You are the network administrator at Cisco Highway. Your newly appointed Cisco Highway trainee wants to know what the first step in establishing PPP communications over a link is. What will your reply be?
A. The switch sends NCP frames to negotiate parameters such as data compression and address assignment.
B. The originating node sends configuration request packets to negotiate the LCP layer.
C. One or more Layer 3 protocols are configured.
D. The originating node sends Layer 3 data packets to inform the receiving node's Layer 3 process.
E. The receiving node performs PPP authentication on the node dialog in. Answer: B
QUESTION 134 On what is proper firewall implementation always dependent?
A. The selection of the most expensive equipment.
B. The use of IPSec, IKE and PKI.
C. Identifying network assets to discard.
D. Increasing the number of passwords each user must maintain.
E. Pervasive security Answer: B
QUESTION 135 What sets the FECN bit in Frame Relay?
A. The Frame Relay network, to inform the DTE receiving the frame that congestion was experienced in the path form source to destination.
B. The Frame Relay network, in frames traveling in the opposite direction from those frames that encountered congestion.
C. The receiving DTE, to inform the Frame Relay network that it is overloaded and that the switch should throttle back.
D. The sending DTE, to inform the Frame Relay network that it is overloaded and that the switch should throttle back.
E. Any device that uses an extended DLCI address. Answer: A
QUESTION 136 What are the available AAA protocols with the IOS Firewall Feature Set? (Choose all that apply.)
A. PAP
B. Kerberos
C. XTACACS
D. TACACS+ Answer: B, D
QUESTION 137 Exhibit: The network administrator wants only Telnet traffic to travel over the link between Routers Cisco HighwayC and Cisco HighwayE, while all other traffic travels over the link between Routers Cisco HighwayD and Cisco HighwayF. Is this
possible?
A. No, this strategy is impossible because routers can only route based on a destination address.
B. The Telnet port traffic can travel the specified link using policy routing. However, there will be no control over the traffic coming from the Telnet port, since access-list can only be configured to look at the destination port number.
C. Yes, it can be configured to work using extended access-list applied to the Links between Routers Cisco HighwayC, and Cisco HighwayE, Cisco HighwayD, and Cisco HighwayF.
D. Yes, it can be configured to work by making use of policy routing. The match statements must use extended access-list which will match the traffic sourced from and destined to the telnet ports. Also, policy routing could be applied to the Ethernet ports on Routers Cisco HighwayB, Cisco HighwayD, and Cisco HighwayF, if routing is configured properly.
E. Yes, this can be enabled by making use of EIGRP with route tags. Answer: D
QUESTION 138 Which of the following is a primary difference between UNIX implementation of trace route and tracert.exe version found on Windows NT?
A. Unix trace routes use ICMP echo requests with varying TTLs, while NT sends UDP probes on a pseudo random port with varying TTLs and watches for returning ICMP messages.
B. It is a similar implementation strategy regardless of the operation system.
C. Unix trace routes send UDP probes on a pseudo random port with varying Time to Live (TTL) settings and watch for returning ICMP messages, whereas NT makes use of ICMP echo requests with varying TTLs.
D. NT makes use of UDP probes on port 33000 and Unix makes use of UDP probes on port 335000.
E. None of the above. Answer: C
QUESTION 139 What can be used to solve a problem situation where a user's PC is unable to ping a server located on a different LAN connected to the same router?
A. Ensure routing is enabled.
B. A default gateway from the router to the server must be defined.
C. Check to see if both the PC and the server have properly defined default gateways.
D. Both the server and the PC must have defined static ARP entries. Answer: C
QUESTION 140 The Cisco Highway network administrator was requested to make a script with the following criteria:
- -
- Must be owned by the root and executable by a group of users other than the root.
-
Must not give other users root privileges other than execution of the script.
-
Must not allow the users to modify the script. Which of the following would be the best way to accomplish this task?
A.
Having the root use 'chmod 4755 ' to make it readable and executable by non-root users or the use 'chmod u-s '.
B.
By having the users logged in under their own ID's, typing 'su' and inputting the root password after they have been given the root password, then executing the script.
C.
Changing permissions to read-write and changing ownership of the script to the group.
D.
By having root use 'chmod u-s '. Answer: B
