Addresses that are to be translated
Addresses that are assigned to a NAT pool
Addresses that are allowed out of the router
Addresses that are accessible from the inside network
Traffic is only accepted from and forwarded to SDM-trusted Cisco routers.
Security testing is performed and the results are saved as a text file stored in NVRAM.
All traffic that enters the router is quarantined and checked for viruses before being forwarded.
The router is tested for any potential security problems and all recommended security-related configuration changes will be automatically applied.
Named ACLs are less efficient than numbered ACLs.
Standard ACLs should be applied inside the core layer.
Place standard ACLs as close to the destination as possible.
ACLs applied to outbound interfaces require fewer router resources.
Extended ACLs should be applied closest to the source that is specified by the ACL.
Ip nat inside source static 10.1.200.254 172.16.76.3
Ip nat inside source static 10.1.200.254 192.168.0.10
Ip nat inside source static 172.16.76.3 10.1.200.254
Ip nat inside source static 172.16.76.3 192.168.0.10
Ip nat inside source static 192.168.0.10 172.16.76.3
Ip nat inside source static 192.168.0.10 10.1.200.254
To determine the time it takes for the network to self recover from a failure
To determine which areas in the network are underutilized or overutilized
To determine the performance of the network during the normal hours of operation
To determine what thresholds should be set for the devices that need to be monitored
To determine the areas in the network which should not be included in the monitoring process
To determine the number of users whose access to network resources should be restricted
There is an implicit deny at the end of all access lists.
One access list per port, per protocol, per direction is permitted
Access list entries should filter in the order from general to specific.
The term “inbound” refers to traffic that enters the network from the router interface where the ACL is applied.
Standard ACLs should be applied closest to the source while extended ACLs should be applied closest to the destination
LCP sets up the PPP connection and its parameters. NCP terminates the PPP connection
LCP sets up the PPP connection and its parameters. NCP handles higher layer protocol configurations
LCP includes the link-establishment phase. NCP includes link-maintenance and link-termination phases.
LCP negotiates options for multiple network layer protocols. NCP agrees automatically on encapsulation formats.
The Frame Relay switch has failed.
The frame-relay map statement is incorrect
The S0/0/0 interface of router R1 is administratively down.
The S0/0/0 interface of router R2 has an incorrect IP address.
There is a Layer 2 loop.
The VTP domain names do not match.
Only one switch can be in server mode
S2 has a higher spanning-tree priority for VLAN 11 than S1 does.
10.10.10.1 is most likely assigned to the local LAN interface.
10.10.10.1 through 10.10.10.255 is available to be assigned to users.
All DHCP clients looking for an IP address will use 10.10.10.1 and 10.10.10.2.
All DHCP clients in the 10.10.10.0/24 network will use 10.10.10.2 as the default gateway.
IPv6 traffic-forwarding is enabled on the interface.
A link-local IPv6 address is automatically configured on the interface.
A global unicast IPv6 address is dynamically configured the interface.
Any IPv4 addresses that are assigned to the interface are replaced with an IPv6 address.
PAP uses a two-way handshake.
The password is unique and random.
PAP conducts periodic password challenges.
PAP uses MD5 hashing to keep the password secure.
Improper LMI type
PPP negotiation failure
Frame-relay interface-dlci 103 on Serial 0/0/0.1 frame-relay interface-dlci 203 on Serial 0/0/0.2
Frame-relay interface-dlci 301 on Serial 0/0/0.1 frame-relay interface-dlci 302 on Serial 0/0/0.2
Frame-relay map ip 192.168.1.1 103 broadcast on Serial 0/0/0.1 frame-relay map ip 192.168.2.2 203 broadcast on Serial 0/0/0.2
Frame-relay map ip 192.168.1.1 301 broadcast on Serial 0/0/0.1 frame-relay map ip 192.168.2.2 302 broadcast on Serial 0/0/0.2
A new WAN service supporting only IPv6
NAT overload to map inside IPv6 addresses to outside IPv4 address
A manually configured IPv6 tunnel between the edge routers R1 and R2
Static NAT to map inside IPv6 addresses of the servers to an outside IPv4 address and dynamic NAT for the rest of the inside IPv6 addresses
Source IP address
Source MAC address
Destination IP address
Destination MAC address
The clock rate must be 56000.
The usernames are misconfigured.
The IP addresses are on different subnets.
The clock rate is configured on the wrong end of the link.
The CHAP passwords must be different on the two routers.
The CHAP passwords must be different on the two routers.
It creates a basis for legal action if necessary.
It defines a process for managing security violations.
It defines acceptable and unacceptable use of network resources.
The remote access policy is a component of the security policy that governs acceptable use of e-mail systems.
It is kept private from users to prevent the possibility of circumventing security measures.
It provides step-by-step procedures to harden routers and other network devices
Conduct a performance test and compare with the baseline that was established previously.
Interview departmental secretaries and determine if they think load time for web pages has improved.
Determine performance on the intranet by monitoring load times of company web pages from remote sites.
Compare the hit counts on the company web server for the current week to the values that were recorded in previous weeks.
VPN link establishment and maintenance is provided by LCP.
DLCI addresses are used to identify each end of the VPN tunnel.
VPNs use virtual Layer 3 connections that are routed through the Internet.
Only IP packets can be encapsulated by a VPN for tunneling through the Internet.