Testking_640-802_V13

Study the Exhibit carefully and sequence of configuration commands shown in the graphic. The network at TestKing1 has just been configured for NAT as shown. Initial tests indicate that the network is functioning properly.

However, several users report that they cannot access the Internet. What is the problem?

A.The NAT pool does not have enough IP addresses.

B.The access list is not permitting all of the LAN host addresses to be translated.

C.The NAT inside and NAT outside interfaces are reversed.

D.The link between the TestKing routers and the TestKing2 ISP

E.None of the above

Answer: B Explanation:

The source of the IP address hosts that should be translated is specified in access list 1, which only specifies 192.168.9.0 0.0.0.7. This will only translate host 192.168.9.1-192.168.9.7. The correct syntax should have been:

access-list 1 permit 192.168.9.0 0.0.0.255

QUESTION NO: 7

The TestKing network is shown below:

Leading the way in IT testing and certification tools, www.testking.com

- 631 -

The network administrator has configured NAT as shown in the graphic. Some clients can access the Internet while others cannot. What should the network administrator do to resolve this problem?

A.Configure an IP NAT pool.

B.Properly configure the ACL.

C.Apply the ACL to the S0 interface.

D.Configure another interface with the ip nat outside command.

E.None of the above.

Leading the way in IT testing and certification tools, www.testking.com

- 632 -

Answer: B Explanation:

In the exhibit the ACL is only configured for the 192.168.1.0/24 network. In order to make Internet access available to all clients of both networks the access list 1 needs to include both 192.168.1.0/24 and 192.168.2.0/0.

QUESTION NO: 8

The TestKing network is shown below:

The network at the Testking has just been configured for NAT as shown. Initial tests indicate that everything is functioning as intended. However, it is found that a number of hosts cannot access the Internet. What is the problem?

A.The access list is not correct.

B.There are not enough IP addresses available in the NAT address pool.

C.The wrong interface has been configured with the ip nat inside command.

D.The IP address of the Fa0/0 interface is not usable.

Leading the way in IT testing and certification tools, www.testking.com

- 633 -

E. The S0/1 interface of the ISP router is in the wrong subnet.

Answer: B Explanation:

According to the configuration shown above, the NAT pool only specifies 5 IP addresses (192.0.2.161-165) while there are 16 hosts on the network that need to be translated. This explains why everything functions well for the first hosts, but not for the rest. To fix this issue, more IP addresses need to be specified int the NAT pool named SOS, or alternatively the "overload" keyword could be used to specify many to one address translation, or PAT.

Several internal addresses can be NATed to only one or a few external addresses by using a feature called Port Address Translation (PAT) which is also referred to as "overload", a subset of NAT functionality.

PAT uses unique source port numbers on the Inside Global IP address to distinguish between translations. Because the port number is encoded in 16 bits, the total number could theoretically be as high as 65,536 per IP address. PAT will attempt to preserve the original source port, if this source port is already allocated PAT will attempt to find the first available port number starting from the beginning ofthe appropriate port group 0-5111, 512-1023 or 1024-65535. If there is still no port available from the appropriate group and more than one IP address is configured, PAT will move to the next IP address and try to allocate the original source port again. This continues until it runs out of available ports and IP addresses.

Alternatively, we could have configured port address translation, or NAT overload, to provide Internet access to the given number of hosts.

QUESTION NO: 9

The TestKing network is shown in the diagram below:

Leading the way in IT testing and certification tools, www.testking.com

- 634 -

The network administrator has configured NAT as shown in the exhibit. Some clients can access the Internet while others cannot.

What should the network administrator do to resolve this problem?

A.Configure an IP NAT pool.

B.Properly configure the ACL.

C.Apply the ACL to the S0 interface.

D.Configure another interface with the ip nat outside command.

E.Configure the ip nat inside and ip nat outside commands

Answer: B

Leading the way in IT testing and certification tools, www.testking.com

- 635 -

Explanation:

"Some clients can access the Internet while others cannot." this is a huge hint that tell us either:

1.ACL is blocking some people

2.You are not using overload when you should

3.That you are using 2 inside subnets like in this example & 1 of those does not have the IP NAT INSIDE statement against it.

In this example, the access list specified is only allowing users on the 192.168.1.0/24 subnet should be translated, so all of the users on E1 (192.168.2.X/24 subnet) will not get translated, and will therefore not be able to reach the Internet.

TOPIC 8, IMPLEMENT AND VERIFY WAN LINKS (57 questions)

Section 1: Describe different methods for connecting to a WAN (3 questions)

QUESTION NO: 1

Of the following choices below, only three could be used as WAN encapsulation methods, as opposed to LAN encapsulation. Which three are they? (Choose three)

A.FDDI

B.HDLC

C.Frame Relay

D.PPP

E.Token Ring

F.Ethernet

G.VTP

Answer: B, C, D

Leading the way in IT testing and certification tools, www.testking.com

- 636 -

QUESTION NO: 2

In the TestKing network shown below, an associate has the task of planning a Frame Relay implementation to replace the existing WAN infrastructure.

The addresses for the North, East, and South branch offices have been assigned as shown in the diagram. Which type of topology should be implemented in this network?

A.Extended star

B.Ring

C.Hub and spoke

D.Bus

E.Full mesh

Answer: C Explanation:

In a Fully meshed environment, every router has a PVC defined to every other router and in a Non-fully meshed environment (or Hub and Spoke) PVCs are only defined between routers that need to communicate. In this example, a /30 IP subnet mask is used at each remote location. This mask allows for only two hosts on the network, which will used for the local router's frame relay interface, and the hub router's interface. In this example, all site to site (spoke) traffic will need to traverse through the main (hub) location.

Leading the way in IT testing and certification tools, www.testking.com

- 637 -

QUESTION NO: 3

What can the TestKing network administrator utilize by using PPP (Point to Point Protocol) as the Layer 2 encapsulation? (Choose three)

A.Compression

B.QOS

C.Sliding windows

D.VLAN support

E.Authentication

F.Multilink support

Answer: A, E, F

Section 2: Configure and verify a basic WAN serial connection (11 questions)

QUESTION NO: 1

The TestKing WAN connection is shown below:

Based on this diagram, which two devices can be used to complete the connection between the WAN router at the customer site and the service provider? (Choose two.)

A.CSU/DSU

B.modem

C.WAN switch

D.ATM switch

E.Frame Relay switch

Leading the way in IT testing and certification tools, www.testking.com

- 638 -

F. ISDN TA

Answer: A, B

Explanation:

DTE is an abbreviation for Data Terminal Equipment, and refers to an end instrument that converts user information into signals for transmission, or reconverts the received signals into user information. A DTE device communicates with the Data Circuit-terminating Equipment (DCE), such as a modem or CSU/DSU.

A DTE is the functional unit of a data station that serves as a data source or a data sink and provides for the data communication control function to be performed in accordance with link protocol.

The data terminal equipment (DTE) may be a single piece of equipment or an interconnected subsystem of multiple pieces of equipment that perform all the required functions necessary to permit users to communicate. A user interacts with the DTE (e.g. through a Human-Machine Interface), or the DTE may be the user.

Usually, the DTE device is the terminal (or a computer emulating a terminal), and the DCE is a modem.

A CSU/DSU (Channel Service Unit/Data Service Unit) is a hardware device about the size of an external modem that converts a digital data frame from the communications technology used on a local area network (LAN) into a frame appropriate to a wide-area network (WAN) and vice versa. The DSU provides an interface to the data terminal equipment (DTE) using a standard (EIA/CCITT) interface. It also provides testing capabilities.

QUESTION NO: 2

You are configuring the serial interface of your Cisco router; which of the following are valid encapsulation types you can use? (Select all that apply)

A.Token Ring

B.Ethernet

C.HDLC

D.PPP

E.Frame Relay

F.CHAP

Answer: C, D, E

Explanation:

Leading the way in IT testing and certification tools, www.testking.com

- 639 -

HDLC, Frame Relay, and PPP are the most common encapsulation types set for serial interfaces in a Cisco router. HDLC is often used in point to point circuits with Cisco routers on each end. HDLC is Cisco proprietary and offers an alternative to PPP.

Incorrect Answers:

A, B. Token Ring and Ethernet aren't encapsulation types used on serial interfaces; they are types of LAN networks.

F. CHAP is the Challenge Authentication Protocol. It is used for authentication on PPP links.

QUESTION NO: 3

Two TestKing routers are connected as shown in the diagram below:

Which series of commands will configure router TK1 for LAN-to-LAN communication with router TK2? The enterprise network address is 192.1.1.0/24 and the routing protocol in use is RIP. (Choose three)

A. TK1(config)# interface ethernet 0

TK1(config-if)# ip address 192.1.1.129 255.255.255.192

TK1(config-if)# no shutdown

B. TK1(config)# interface ethernet 0

TK1(config-if)# ip address 192.1.1.97 255.255.255.192

TK1(config-if)# no shutdown

C. TK1(config)# interface serial 0

TK1(config-if)# ip address 192.1.1.4 255.255.255.252

TK1(config-if)# clock rate 56000

D. TK1(config)# interface serial 0

TK1(config-if)# ip address 192.1.1.6 255.255.255.252

TK1(config-if)# no shutdown

Leading the way in IT testing and certification tools, www.testking.com

- 640 -