QUESTION 161 The newly appointed Cisco Highway trainee technician wants to know how many inside sessions can be translated when using NAT overload on a Cisco IOS or PIX-based firewall. What will your reply be?
A. 1 to 65,535
B. 1024 to 65,535
C. 1024 to 32,768 D. 1 to 64,000
E. 1024 to 64,000 Answer: D
QUESTION 162 Which of the following represents the correct ways of releasing IBGP from the condition that all IBGP neighbors need to be fully meshed? (Choose all that apply.)
A. Configure route reflectors
B. Configure IBGP neighbors several hops away
C. Configure confederations
D. Configure local preference Answer: A, C
QUESTION 163 Exhibit:Symptoms:
- -
- Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
-
Console logging: level debugging, 0 messages logged
-
Monitor logging: level informational, 0 messages logged
-
Buffer logging: level informational, 0 messages logged
-
Trapp Logging: level informational, 0 messages lines logged Note: Router Cisco Highway1's CPU is normally about 25: busy switching packets: Scenario: Host A is unable to reach the FTP Server, but can reach Host B. The Cisco Highway network administrator has a suspicion that packets are traveling from network 10.1.5.0 to the FTP Server, but not returning. The administrator logs into the console port of Router Cisco Highway1. When Host A sends a ping to t he FTP Server, the administrator executes a "debug ip packet" command on the router. However during debugging, the administrator observes far too many outputs. Which additional commands should the administrator use to limit the debug outputting order to view ONLY host A's bi-directional ICMP ping packets? (Choose all that apply.)
A.
configure terminal access-list 101 permit icmp 10.1.5.10 0.0.0.0 172.17.12.24 0.0.0.0
access-list 101 permit icmp 172.17.12.24 0.0.0.0 10.1.5.10 0.0.0.0
B. no debug ip packet debug ip icmp 101
C. debug ip packet 101
D. configure terminal interface Ethernet 1 no ip route-cache
E. configure terminal access-list 101 permit ip 10.1.5.0 .0.0.0.255 172.17.12.0 0.0.0.255 access-list 101 permit ip 172.17.12.0 0.0.0.255 10.1.5.0 0.0.0.255 Answer: A, C
QUESTION 164 The newly appointed Cisco Highway trainee technician wants to know how a route running Certificate Enrollment Protocol (CEP) obtains a certificate. What will your reply be?
A. The router administrator should send an e-mail message to 'sysadmin@icsa.net'. This message should request a certificate and include the FQDN of the device.
B. If using Cisco IOS version 11.3 or 12.0, the router administrator should enter the following configuration: crypto ca identity enrollment ftp:// >
C. The router administrator has to copy the certificate from the peer router at the other end of the tunnel and then paste it onto the local router.
D. If using Cisco IOS version 11.3 or 12.0, the router administrator should enter the following configuration: crypto ca identify enrollment http:// > Answer: D
QUESTION 165 What is the primary benefit of RSA encrypted nonces over RSA signatures?
A. RSA encrypted nonces offer repudiation.
B. RSA encrypted nonces are not subjected to export control.
C. There is better scalability to multiple peers.
D. RSA encrypted nonces does not require a certificate authority. Answer: D
