The Ultimate Resource for the CCNA 200-301 Exam (Click Here)
CCNA3 V7 ENSA Modules 6 8 Exam Answers
CCNA3 V7 ENSA Modules 6 8 Exam Answers

CCNA3 v7 ENSA | Modules 6 – 8 Exam Answers

CCNA3 v7 Modules 6 - 8 Exam Answers
5

Summary

Check answers here: CCNA3 v7 ENSA Modules 6 – 8: WAN Concepts Exam Answers. CCNA 200-301 Passed 100% !!

This exam will cover material from Modules 6 – 8 WAN Concepts of the CCNA 3 Enterprise Networking, Security, and Automation v7.0 (ENSA) curriculum. This exam will be scored using the Weighted Model where each MCSA (Multiple-Choice Single-Answer) is worth two points and each MCMA (Multiple-Choice Multiple-Answer) is worth one point for each correct option. Other tasks types such as fill-in-the-blank, drag and drop (matching) and Packet Tracer items may be included in this exam. For Packet Tracer tasks, you must have the latest version of Packet Tracer installed on your machine.

This exam will cover material from Modules 6 – 8 of the CCNA3 Enterprise Networking, Security, and Automation v7.0 (ENSA) curriculum.

This exam will be scored using the Weighted Model where each MCSA (Multiple-Choice Single-Answer) is worth two points and each MCMA (Multiple-Choice Multiple-Answer) is worth one point for each correct option. If more options are selected than required, the student will receive a score of zero.

CCNA3 v7 WAN Concepts Exam Answers

Which two statements about the relationship between LANs and WANs are true? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Although LANs and WANs can employ the same network media and intermediary devices, they serve very different areas and purposes. The administrative and geographical scope of a WAN is larger than that of a LAN. Bandwidth speeds are slower on WANs because of their increased complexity. The Internet is a network of networks, which can function under either public or private management.

A company is considering updating the campus WAN connection. Which two WAN options are examples of the private WAN architecture? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Which IPsec security function provides assurance that the data received via a VPN has not been modified in transit?

Correct! Wrong!

Integrity is a function of IPsec and ensures data arrives unchanged at the destination through the use of a hash algorithm. Confidentiality is a function of IPsec and utilizes encryption to protect data transfers with a key. Authentication is a function of IPsec and provides specific access to users and devices with valid authentication factors. Secure key exchange is a function of IPsec and allows two peers to maintain their private key confidentiality while sharing their public key.

What algorithm is used with IPsec to provide data confidentiality?

Correct! Wrong!

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms that are used to ensure that data is not intercepted and modified (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm that is used for key exchange. RSA is an algorithm that is used for authentication.

What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect interesting traffic? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two algorithms that can be used within an IPsec policy to protect interesting traffic are AES, which is an encryption protocol, and SHA, which is a hashing algorithm.

What are two tasks to perform when configuring static NAT? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Which situation describes data transmissions over a WAN connection?

Correct! Wrong!

When two offices across a city are communicating , it is most likely that the data transmissions are over some type of WAN connection. Data communications within a campus are typically over LAN connections.

Which type of VPN connects using the Transport Layer Security (TLS) feature?

Correct! Wrong!

Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?​

Correct! Wrong!

Because no outside local or outside global address is referenced, the traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by using static NAT. In the output from the command show ip nat translations, the inside local IP address of 192.168.2.20 is being translated into an outside IP address of 192.0.2.254 so that the traffic can cross the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.

What type of address is 10.19.6.7?

Correct! Wrong!

Which two technologies provide enterprise-managed VPN solutions? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

VPNs can be managed and deployed as either of two types:

Enterprise VPNs: Enterprise-managed VPNs are a common solution for securing enterprise traffic across the internet. Site-to-site and remote access VPNs are examples of enterprise managed VPNs.
Service Provider VPNs: Service provider managed VPNs are created and managed over the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame Relay and ATM VPNs.

What is a disadvantage of NAT?

Correct! Wrong!

Which is a requirement of a site-to-site VPN?

Correct! Wrong!

Site-to-site VPNs are static and are used to connect entire networks. Hosts have no knowledge of the VPN and send TCP/IP traffic to VPN gateways. The VPN gateway is responsible for encapsulating the traffic and forwarding it through the VPN tunnel to a peer gateway at the other end which decapsulates the traffic.

What is the function of the Diffie-Hellman algorithm within the IPsec framework?

Correct! Wrong!

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.

Which VPN solution allows the use of a web browser to establish a secure, remote-access VPN tunnel to the ASA?

Correct! Wrong!

When a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. A VPN client is not required to be installed on the remote host, so a clientless SSL connection is used.

Which statement describes a VPN?

Correct! Wrong!

A VPN is a private network that is created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.

How is “tunneling” accomplished in a VPN?

Correct! Wrong!

Packets in a VPN are encapsulated with the headers from one or more VPN protocols before being sent across the third party network. This is referred to as “tunneling”. These outer headers can be used to route the packets, authenticate the source, and prevent unauthorized users from reading the contents of the packets.

Which statement describes an important characteristic of a site-to-site VPN?

Correct! Wrong!

A site-to-site VPN is created between the network devices of two separate networks. The VPN is static and stays established. The internal hosts of the two networks have no knowledge of the VPN.

Open the PT Activity. Perform the tasks in the activity instructions and then answer the question.
What problem is causing PC-A to be unable to communicate with the Internet?

Correct! Wrong!

The output of show ip nat statistics shows that the inside interface is FastEthernet0/0 but that no interface has been designated as the outside interface. This can be fixed by adding the command ip nat outside to interface Serial0/0/0.

Which circumstance would result in an enterprise deciding to implement a corporate WAN?

Correct! Wrong!

WANs cover a greater geographic area than LANs do, so having employees distributed across many locations would require the implementation of WAN technologies to connect those locations. Customers will access corporate web services via a public WAN that is implemented by a service provider, not by the enterprise itself. When employee numbers grow, the LAN has to expand as well. A WAN is not required unless the employees are in remote locations. LAN security is not related to the decision to implement a WAN.

Refer to the exhibit. Static NAT is being configured to allow PC 1 access to the web server on the internal network. What two addresses are needed in place of A and B to complete the static NAT configuration? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Static NAT is a one-to-one mapping between an inside local address and an inside global address. By using static NAT, external devices can initiate connections to internal devices by using the inside global addresses. The NAT devices will translate the inside global address to the inside local address of the target host.

Refer to the exhibit. Which source address is being used by router R1 for packets being forwarded to the Internet?

Correct! Wrong!

The source address for packets forwarded by the router to the Internet will be the inside global address of 209.165.200.225. This is the address that the internal addresses from the 10.6.15.0 network will be translated to by NAT.

What is the function of the Hashed Message Authentication Code (HMAC) algorithm in setting up an IPsec VPN?

Correct! Wrong!

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The Hashed Message Authentication Code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.

Refer to the exhibit. What has to be done in order to complete the static NAT configuration on R1?

Correct! Wrong!

In order for NAT translations to work properly, both an inside and outside interface must be configured for NAT translation on the router.

Refer to the exhibit. From the perspective of users behind the NAT router, what type of NAT address is 209.165.201.1?

Correct! Wrong!

From the perspective of users behind NAT, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.

What are two hashing algorithms used with IPsec AH to guarantee authenticity? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure that data is not intercepted and modified (data integrity and authenticity) are MD5 and SHA.

What type of address is 10.100.126.126?

Correct! Wrong!

A network administrator wants to examine the active NAT translations on a border router. Which command would perform the task?

Correct! Wrong!

Refer to the exhibit. The NAT configuration applied to the router is as follows:

ERtr(config)# access-list 1 permit 10.0.0.0 0.255.255.255
ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224
ERtr(config)# ip nat inside source list 1 pool corp overload
ERtr(config)# ip nat inside source static 10.10.10.55 209.165.201.4
ERtr(config)# interface gigabitethernet 0/0
ERtr(config-if)# ip nat inside
ERtr(config-if)# interface serial 0/0/0
ERtr(config-if)# ip nat outside

Based on the configuration and the output shown, what can be determined about the NAT status within the organization?

Correct! Wrong!

There is not enough information given because the router might not be attached to the network yet, the interfaces might not have IP addresses assigned yet, or the command could have been issued in the middle of the night. The output does match the given configuration, so no typographical errors were made when the NAT commands were entered.

Which two statements accurately describe an advantage or a disadvantage when deploying NAT for IPv4 in a network? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Which two WAN infrastructure services are examples of private connections? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Private WANs can use T1/E1, T3/E3, PSTN, ISDN, Metro Ethernet, MPLS, Frame Relay, ATM, or VSAT technology.

What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command?

Correct! Wrong!

Dynamic NAT uses a pool of inside global addresses that are assigned to outgoing sessions. If there are more internal hosts than public addresses in the pool, then an administrator can enable port address translation with the addition of the overload keyword. With port address translation, many internal hosts can share a single inside global address because the NAT device will track the individual sessions by Layer 4 port number.

Which two technologies are categorized as private WAN infrastructures? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Private WAN technologies include leased lines, dialup, ISDN, Frame Relay, ATM, Ethernet WAN (an example is MetroE), MPLS, and VSAT.

Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers from a variety of protocols?

Correct! Wrong!

Refer to the exhibit. A network administrator is viewing the output from the command show ip nat translations. Which statement correctly describes the NAT translation that is occurring on router RT2?​

Correct! Wrong!

Because no outside local or outside global address is referenced, the traffic from a source IPv4 address of 192.168.254.253 is being translated to 192.0.2.88 by using static NAT. In the output from the command show ip nat translations, the inside local IP address of 192.168.2.20 is being translated into an outside IP address of 192.0.2.254 so that the traffic can cross the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address of 192.0.2.88.

What two addresses are specified in a static NAT configuration?

Correct! Wrong!

Refer to the exhibit. Based on the output that is shown, what type of NAT has been implemented?

Correct! Wrong!

The output shows that there are two inside global addresses that are the same but that have different port numbers. The only time port numbers are displayed is when PAT is being used. The same output would be indicative of PAT that uses an address pool. PAT with an address pool is appropriate when more than 4,000 simultaneous translations are needed by the company.

Refer to the exhibit. Which two statements are correct based on the output as shown in the exhibit? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

The output displayed in the exhibit is the result of the show ip nat translations command. Static NAT entries are always present in the NAT table, while dynamic entries will eventually time out.

Refer to the exhibit. NAT is configured on RT1 and RT2. The PC is sending a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?

Correct! Wrong!

Because the packet is between RT2 and the web server, the source IP address is the inside global address of PC, 209.165.200.245.

Which two types of VPNs are examples of enterprise-managed remote access VPNs? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Enterprise managed VPNs can be deployed in two configurations:

Remote Access VPN: This VPN is created dynamically when required to establish a secure connection between a client and a VPN server. Remote access VPNs include client-based IPsec VPNs and clientless SSL VPNs.
Site-to-site VPN: This VPN is created when interconnecting devices are preconfigured with information to establish a secure tunnel. VPN traffic is encrypted only between the interconnecting devices, and internal hosts have no knowledge that a VPN is used. Site-to-site VPNs include IPsec, GRE over IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.

Which two end points can be on the other side of an ASA site-to-site VPN configured using ASDM? (Choose two.)

Please select 2 correct answers

Correct! Wrong!

Refer to the exhibit. A network administrator has just configured address translation and is verifying the configuration. What three things can the administrator verify? (Choose three.)

Please select 3 correct answers

Correct! Wrong!

The show ip nat statistics, show ip nat translations, and debug ip nat commands are useful in determining if NAT is working and and also useful in troubleshooting problems that are associated with NAT. NAT is working, as shown by the hits and misses count. Because there are four misses, a problem might be evident. The standard access list numbered 1 is being used and the translation pool is named NAT as evidenced by the last line of the output. Both static NAT and NAT overload are used as seen in the Total translations line.

Which type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

Correct! Wrong!

What does NAT overloading use to track multiple internal hosts that use one inside global address?

Correct! Wrong!

NAT overloading, also known as Port Address Translation (PAT), uses port numbers to differentiate between multiple internal hosts.

In NAT terms, what address type refers to the globally routable IPv4 address of a destination host on the Internet?

Correct! Wrong!

From the perspective of a NAT device, inside global addresses are used by external users to reach internal hosts. Inside local addresses are the addresses assigned to internal hosts. Outside global addresses are the addresses of destinations on the external network. Outside local addresses are the actual private addresses of destination hosts behind other NAT devices.

Refer to the exhibit. From the perspective of R1, the NAT router, which address is the inside global address?

Correct! Wrong!

There are four types of addresses in NAT terminology.
Inside local address
Inside global address
Outside local address
Outside global address
The inside global address of PC1 is the address that the ISP sees as the source address of packets, which in this example is the IP address on the serial interface of R1, 209.165.200.224.

Refer to the exhibit. R1 is configured for static NAT. What IP address will Internet hosts use to reach PC1?

Correct! Wrong!

In static NAT a single inside local address, in this case 192.168.0.10, will be mapped to a single inside global address, in this case 209.165.200.225. Internet hosts will send packets to PC1 and use as a destination address the inside global address 209.165.200.225.

Which network scenario will require the use of a WAN?

Correct! Wrong!

When traveling employees need to connect to a corporate email server through a WAN connection, the VPN will create a secure tunnel between an employee laptop and the corporate network over the WAN connection. Obtaining dynamic IP addresses through DHCP is a function of LAN communication. Sharing files among separate buildings on a corporate campus is accomplished through the LAN infrastructure. A DMZ is a protected network inside the corporate LAN infrastructure.

What type of address is 64.100.190.189?

Correct! Wrong!

What is a disadvantage when both sides of a communication use PAT?

Correct! Wrong!

Refer to the exhibit. Given the commands as shown, how many hosts on the internal LAN off R1 can have simultaneous NAT translations on R1?

Correct! Wrong!

The NAT configuration on R1 is static NAT which translates a single inside IP address, 192.168.0.10 into a single public IP address, 209.165.200.255. If more hosts need translation, then a NAT pool of inside global address or overloading should be configured.

ENSA | Modules 6 – 8
Final Score

Congratulations, you have completed the CCNA3 v7 – ENSA – Modules 6 – 8! Tell us your rating!

Share your Results: