The company must subscribe to an external WAN service provider.
The company has direct control over its WAN links but not over its LAN.
Each LAN has a specified demarcation point to clearly separate access layer and distribution layer equipment.
The LAN may use a number of different network access layer standards whereas the WAN will use only one standard.
When its employees become distributed across many branch locations
When the network will span multiple buildings
When the number of employees exceeds the capacity of the LAN
When the enterprise decides to secure its corporate LAN
Data link layer
Leased line connection
Site-to-site VPN over the Internet
Remote access VPN over the Internet
Improper cable type
PPP can use synchronous and asynchronous circuits.
PPP can only be used between two Cisco devices.
PPP carries packets from several network layer protocols in LCPs.
PPP uses LCPs to establish, configure, and test the data-link connection.
PPP uses LCPs to agree on format options such as authentication, compression, and error detection.
The PPP link will be closed down if the link quality drops below 70 percent.
The NCP will send a message to the sending device if the link usage reaches 70 percent.
The LCP establishment phase will not start until the bandwidth reaches 70 percent or more.
The PPP link will not be established if more than 30 percent of options cannot be accepted.
Establishes identities with a two-way handshake
Uses a three-way authentication periodically during the session to reconfirm identities
Control by the remote host of the frequency and timing of login events
Transmits login information in encrypted format
Uses an unpredictable variable challenge value to prevent playback attacks
Makes authorized network administrator intervention a requirement to establish each session
Application Network Profile
Application Policy Infrastructure Controller
Cisco Nexus Switches
Cisco Information Server
Virtual Security Gateway
The VPN connection is not statically defined.
VPN client software is installed on each host.
Internal hosts send normal, unencapsulated packets.
Individual hosts can enable and disable the VPN connection.
Creates nonsecure tunnels between remote sites*
Transports multiple Layer 3 protocols
Creates additional packet overhead
Uses RSA signatures to authenticate peeers
Provides encryption to keep VPN traffic confidential
Supports hosts as GRE tunnel endpoints by installing Cisco VPN client software
R1(config-if)# tunnel source 126.96.36.199
R1(config-if)# tunnel source 172.16.2.1
R1(config-if)# tunnel destination 188.8.131.52
R1(config-if)# tunnel destination 172.16.2.2
R1(config-if)# tunnel source 184.108.40.206
R1(config-if)# tunnel destination 220.127.116.11
Group identification numbers
Access-list 105 permit ip host 10.0.70.23 host 10.0.54.5 access-list 105 permit tcp any host 10.0.54.5 eq www access-list 105 permit ip any any
Access-list 105 permit tcp host 10.0.54.5 any eq www access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21
Access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 20 access-list 105 permit tcp host 10.0.70.23 host 10.0.54.5 eq 21 access-list 105 permit tcp 10.0.0.0 0.255.255.255 host 10.0.54.5 eq www access-list 105 deny ip any host 10.0.54.5 access-list 105 permit ip any any
R2(config)# interface gi0/0 R2(config-if)# ip access-group 105 in
R1(config)# interface gi0/0 R1(config-if)# ip access-group 105 out
R1(config)# interface s0/0/0 R1(config-if)# ip access-group 105 out
Manually add the new deny statement with a sequence number of 5.
Manually add the new deny statement with a sequence number of 15.
Create a second access list denying the host and apply it to the same interface.
Add a deny any any statement to access-list 1.
The ACL is missing the deny ip any any ACE.
Because there are no matches for line 10, the ACL is not working.
The ACL is only monitoring traffic destined for 10.23.77.101 from three specific hosts.
The router has not had any Telnet packets from 10.35.80.22 that are destined for 10.23.77.101.
Permit tcp any host 2001:DB8:10:10::100 eq 25
Permit tcp host 2001:DB8:10:10::100 any eq 25
Permit tcp any host 2001:DB8:10:10::100 eq 23
Permit tcp host 2001:DB8:10:10::100 any eq 23
Oracle VM VirtualBox
Microsoft Hyper-V 2012
By disabling DTP negotiations on nontrunking ports
By implementing DHCP snooping on trusted ports
By implementing port security
By the application of the ip verify source command to untrusted ports
Configure an ACL and apply it to the VTY lines.
Configure all switch ports to be members of VLAN 1.
Disable automatic trunking negotiation.
Enable PortFast on all switch ports.
The SNMP agent is not configured for read-only access.
The community of snmpenable2 is incorrectly configured on the SNMP agent.
The ACL is not permitting access by the SNMP manager.
The incorrect community string is configured on the SNMP manager.
Digital signal processor
Playout delay buffer
Weighted random early detection
Classification and marking
A trust boundary identifies the location where traffic cannot be remarked.
A trust boundary identifies which devices trust the marking on packets that enter a network.
A trust boundary only allows traffic to enter if it has previously been marked.
A trust boundary only allows traffic from trusted endpoints to enter the network.
Application enhancement platform
Conduct a performance test and compare with the baseline that was established previously.
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
Interview departmental administrative assistants to determine if web pages are loading more quickly.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
Implement corrective action.
Isolate the problem.
Update the user and document the problem.
A less-structured approach based on an educated guess
An approach comparing working and nonworking components to spot significant differences
A structured approach starting with the physical layer and moving up through the layers of the OSI model until the cause of the problem is identified
An approach that starts with the end-user applications and moves down through the layers of the OSI model until the cause of the problem has been identified
Show ip route
Show ip protocols
Show ip sla statistics
R1 will send system messages of levels 0 (emergencies) to level 4 (warnings) to a server.
R1 will not send critical system messages to the server until the command debug all is entered.
R1 will reset all the warnings to clear the log.
R1 will output the system messages to the local RAM.
The syslog server has the IPv4 address 192.168.10.10.
The router has an incorrect gateway.
Host A has an overlapping network address.
Host A has an incorrect default gateway configured.
Host A has an incorrect subnet mask.
NAT is required for the host A network.