CCNA3 v7 - ENSA - Modules 6 - 8: WAN Concepts Exam Answers (2023)

Table of Contents
See exhibition. What needs to be done to complete the static NAT configuration on R1? See exhibition. A network administrator configured R2 for PAT. Why is the configuration wrong? See exhibition. From the point of view of R1, the NAT router, which address is the internal global address? See exhibition. Given the commands shown, how many hosts on R1's internal LAN can have simultaneous NAT translations on R1? Map the steps to the actions required when an internal host with IP address 192.168.10.10 tries to send a packet to an external server with IP address 209.165.200.254 through a router R1 running dynamic NAT is running. (Not all options are used.) What is a disadvantage when both sides of a communication use PAT? See exhibition. A network administrator has just configured address translation and is checking the configuration. What three things can the admin check? (Choose three.) See exhibition. NAT is configured on RT1 and RT2. The PC sends a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server? See exhibition. Based on the output shown, what type of NAT has been implemented? In NAT terms, what address type refers to the globally routable IPv4 address of a target host on the Internet? See exhibition. What kind of NAT address is behind the NAT router 209.165.201.1 from the user's point of view? See exhibition. Static NAT is configured to allow PC 1 to access the web server on the internal network. What two addresses are needed instead of A and B to complete the static NAT configuration? (Choose two.) What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command? See exhibition. What source address does router R1 use for packets forwarded to the Internet? What two addresses are specified in a static NAT configuration? See exhibition. The NAT configuration applied to the router is as follows: From the configuration and the output shown, what can be determined about the NAT status within the organization? See exhibition. Based on the edition shown in the exhibition, which two statements are correct? (Choose two.) Which situation describes data transmissions over a WAN connection? A company is considering upgrading the campus WAN connection. Which two WAN options are examples of private WAN architecture? (Choose two.) Match each component of a WAN link to its description. (Not all options are used.) What two technologies are categorized as private WAN infrastructures? (Choose two.) Which network scenario requires the use of a WAN? Map the scenario to the WAN solution. (Not all options are used.) What circumstance would lead to a company deciding to implement a corporate WAN? What is the role of the Hashed Message Authentication Code (HMAC) algorithm in building an IPsec VPN? What algorithm is used with IPsec to ensure data confidentiality? What two hashing algorithms are used with IPsec AH to guarantee authenticity? (Choose two.) What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect traffic of interest? (Choose two.) Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers of a variety of protocols? What two endpoints can be on the other side of an ASA site-to-site VPN? (Choose two.) Which VPN solution allows using a web browser to establish a secure VPN tunnel with remote access to the ASA? Which IPsec security feature ensures that data received over a VPN has not been altered in transit? What two technologies offer enterprise-managed VPN solutions? (Choose two.) What two types of VPNs are examples of corporate-managed VPNs for remote access? (Choose two.) What is a Site-to-Site VPN requirement? What is the function of the Diffie-Hellman algorithm in the IPsec framework? What does NAT overload use to track multiple internal hosts using an internal global address? See exhibition. The PC sends a packet to the server on the remote network. Router R1 is performing a NAT overload. From the PC's point of view, map the NAT address type to the correct IP address. (Not all options are used.) See exhibition. R1 is configured for static NAT. What IP address do internet hosts use to reach PC1? See exhibition. A network administrator looks at the output of the show ip nat translations command. Which statement correctly describes the NAT translation that takes place on router RT2?​ Which two WAN infrastructure services are examples of private links? (Choose two.) Which two statements about the relationship between LANs and WANs are correct? (Choose two.) Which statement describes an important property of a site-to-site VPN? How is "tunneling" accomplished in a VPN? Which statement describes a VPN? Open the PT activity. Complete the tasks in the activity guide, and then answer the question. What problem is causing PC-A to be unable to communicate with the Internet? What kind of address is 10.131.48.7? What kind of address is 10.19.6.7? What kind of address is 192.168.7.98? What kind of address is 64.100.190.189? What kind of address is 198.133.219.148? What kind of address is 128.107.240.239? What kind of address is 64.101.198.197? What kind of address is 10.100.34.34? What kind of address is 10.100.126.126? What kind of address is 192.168.7.126? What type of VPN includes passenger, carrier, and transport logs? What kind of VPN supports multiple locations by applying configurations to virtual interfaces instead of physical interfaces? What type of VPN connects with the Transport Layer Security (TLS) feature? What type of VPN connects with the Transport Layer Security (TLS) feature? Which VPN type has both Layer 2 and Layer 3 implementations? Which VPN type has both Layer 2 and Layer 3 implementations? What type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN? Which VPN Type Uses Public Key Infrastructure and Digital Certificates? What type of VPN encapsulates an insecure tunnel protocol from IPsec? What type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding? Videos

  • See exhibition. What needs to be done to complete the static NAT configuration on R1?

    • R1 should be configured using the ip nat command within source static 209.165.200.1 192.168.11.11.
    • R1 should be configured with ip nat command in source static 209.165.200.200 192.168.11.11.
    • The S0/0/0 interface should be configured with the ip nat outside command.
    • The Fa0/0 interface should be configured with the no ip nat inside command.
      Answers Explanation & Notes:

      For NAT translations to work properly, both an internal and an external NAT translation interface must be configured on the router.

  • See exhibition. A network administrator configured R2 for PAT. Why is the configuration wrong?

    • The static NAT entry is missing.
    • NAT-POOL2 is bound to the wrong ACL.
    • The ACL does not define the list of addresses to be translated.
    • The overload keyword should not have been applied.
      Answers Explanation & Notes:

      In the exhibition, NAT-POOL 2 is bound to ACL 100, but should be bound to configured ACL 1. This causes PAT to fail. 100, but it should be bound to the configured ACL 1. This causes PAT to fail.

  • See exhibition. From the point of view of R1, the NAT router, which address is the internal global address?

    • 192.168.0.1
    • 192.168.0.10
    • 209.165.200.225
    • 209.165.200.254
      Answers Explanation & Notes:

      In NAT terminology, there are four types of addresses.
      Inside the local address
      Internal Global Address
      Outside the local address
      Outside the global address
      The internal global address of PC1 is the address that the ISP sees as the source address of packets, in this example the IP address on R1's serial port, 209.165.200.224.

  • See exhibition. Given the commands shown, how many hosts on R1's internal LAN can have simultaneous NAT translations on R1?

    • 1
    • 10
    • 244
    • 255
      Answers Explanation & Notes:

      The NAT configuration on R1 is static NAT, which translates a single internal IP address, 192.168.0.10, to a single public IP address, 209.165.200.255. If more hosts need to be translated, a NAT pool should be configured with internal global addresses or overloading.

  • Map the steps to the actions required when an internal host with IP address 192.168.10.10 tries to send a packet to an external server with IP address 209.165.200.254 through a router R1 running dynamic NAT is running. (Not all options are used.)

    Answers Explanation & Notes:

    The IP address translation from 209.65.200.254 to 192.168.10.10 takes place when the response comes back from the server.

  • What is a disadvantage when both sides of a communication use PAT?

    • Host IPv4 addressing is complicated.
    • IPv4 end-to-end traceability is lost.
    • The flexibility of connections to the Internet is reduced.
    • The security of the communication is negatively affected.
      Answers Explanation & Notes:

      When using NAT, especially PAT, the end-to-end traceability is lost. This is because the host IP address is translated in the packets during a communication as it exits and enters the network. Using NAT/PAT improves both the flexibility of connections to the Internet and security. Host IPv4 addressing is provided by DHCP and has nothing to do with NAT/PAT.

  • See exhibition. A network administrator has just configured address translation and is checking the configuration. What three things can the admin check? (Choose three.)

    • Address translation works.
    • Three addresses from the NAT pool are used by hosts.
    • The name of the NAT pool is refCount.
    • A default access list number 1 was used as part of the configuration process.
    • Two types of NAT are enabled.
    • A port of the router does not participate in address translation.
      Answers Explanation & Notes:

      The show ip nat statistics , show ip nat translations , and debug ip nat commands are useful for determining if NAT is working and also useful for troubleshooting NAT-related issues. NAT works, as shown by the number of hits and misses. Since there are four errors, a problem could be obvious. The default access list number 1 is used and the translation pool is called NAT, as can be seen from the last line of the output. Both static NAT and NAT overload are used, as can be seen in the Total Translations row.

  • See exhibition. NAT is configured on RT1 and RT2. The PC sends a request to the web server. What IPv4 address is the source IP address in the packet between RT2 and the web server?

    • 192.0.2.2
    • 172.16.1.10
    • 203.0.113.10
    • 172.16.1.254
    • 192.168.1.5
    • 209.165.200.245
      Answers Explanation & Notes:

      Since the packet is between RT2 and the web server, the source IP address is the PC's internal global address, 209.165.200.245.

  • See exhibition. Based on the output shown, what type of NAT has been implemented?

    • dynamic NAT with a pool of two public IP addresses
    • PAT via an external interface
    • Static NAT with one entry
    • static NAT with a NAT pool
      Answers Explanation & Notes:

      The output shows that there are two internal global addresses that are the same but have different port numbers. Port numbers are only displayed if PAT is used. The same output would indicate PAT using an address pool. PAT with an address pool is ideal if more than 4,000 simultaneous translations are required in the company.

      (Video) CCNA 3 v7 Modules 6 – 8: WAN Concepts Exam Answers

  • In NAT terms, what address type refers to the globally routable IPv4 address of a target host on the Internet?

    • inside global
    • outside local
    • outside global
    • within premises
      Answers Explanation & Notes:

      From a NAT device's perspective, internal global addresses are used by external users to reach internal hosts. Internal local addresses are the addresses assigned to internal hosts. External global addresses are the addresses of destinations on the external network. External local addresses are the actual private addresses of target hosts behind other NAT devices.

  • See exhibition. What kind of NAT address is behind the NAT router 209.165.201.1 from the user's point of view?

    • outside global
    • outside local
    • within premises
    • inside global
      Answers Explanation & Notes:

      From the users' perspective behind NAT, internal global addresses are used by external users to reach internal hosts. Internal local addresses are the addresses assigned to internal hosts. External global addresses are the addresses of destinations on the external network. External local addresses are the actual private addresses of target hosts behind other NAT devices.

  • See exhibition. Static NAT is configured to allow PC 1 to access the web server on the internal network. What two addresses are needed instead of A and B to complete the static NAT configuration? (Choose two.)

    • A = 209.165.201.2
    • A = 10.1.0.13
    • B = 209.165.201.1
    • B = 209.165.201.7
    • B = 10.0.254.5
      Answers Explanation & Notes:

      Static NAT is a one-to-one mapping between an internal local address and an internal global address. Using static NAT allows external devices to initiate connections to internal devices using the internal global addresses. The NAT devices translate the inner global address to the inner local address of the target host.

      See Also
      CCNA 3 v7.0 Modules 6 - 8 Exam Answers | Spanish

  • What is the purpose of the overload keyword in the ip nat inside source list 1 pool NAT_POOL overload command?

    • It allows many inside hosts to share one or a few inside global addresses.
    • It allows internal hosts to use a pool of internal global addresses.
    • It allows external hosts to initiate sessions with internal hosts.
    • It allows a list of internal hosts to communicate with a specified set of external hosts.
      Answers Explanation & Notes:

      Dynamic NAT uses a pool of internal global addresses that are assigned to outgoing sessions. If the pool contains more internal hosts than public addresses, an administrator can enable port address translation by adding the keyword overloaded. With port address translation, many internal hosts can share a single internal global address because the NAT device tracks each session by Layer 4 port number.

  • See exhibition. What source address does router R1 use for packets forwarded to the Internet?

    • 198.51.100.3
    • 209.165.202.141
    • 10.6.15.2
    • 209.165.200.225
      Answers Explanation & Notes:

      The source address for packets forwarded by the router to the internet is the internal global address 209.165.200.225. This is the address to which the internal addresses from the 10.6.15.0 network are translated by NAT.

  • What two addresses are specified in a static NAT configuration?

    • the interior local and the interior global
    • the interior global and the exterior local
    • the inside local and the outside global
    • the exterior global and the exterior local
      Answers Explanation & Notes:

      The static NAT configuration specifies a single internal local address and a single global internal address.

  • See exhibition. The NAT configuration applied to the router is as follows:

    ERtr(config)# access list 1 permission 10.0.0.0 0.255.255.255 ERtr(config)# ip nat pool corp 209.165.201.6 209.165.201.30 netmask 255.255.255.224 ERtr(config)# ip nat inside source list 1 pool corp overload ERtr (config )# ip nat inside source static 10.10.10.55 209.165.201.4 ERtr(config)# interface gigabitethernet 0/0 ERtr(config-if)# ip nat inside ERtr(config-if)# interface serial 0/0/0 ERtr (config -if) # ip nat outside

    From the configuration and the output shown, what can be determined about the NAT status within the organization?

    • NAT works.
    • Static NAT works, but dynamic NAT doesn't.
    • Dynamic NAT works, but static NAT doesn't.
    • Not enough information is provided to determine if both static and dynamic NAT will work.
      Answers Explanation & Notes:

      Not enough information is provided because the router may not yet be connected to the network, the interfaces may not yet have IP addresses assigned, or the command may have been issued in the middle of the night. The output matches the given configuration, so no typos were made when entering the NAT commands.

  • See exhibition. Based on the edition shown in the exhibition, which two statements are correct? (Choose two.)

    • The output is the result of the show ip nat translations command.
    • The host at address 209.165.200.235 responds to requests using a source address of 192.168.10.10.
    • The host with the address 209.165.200.235 responds to requests with the source address 209.165.200.235.
    • Traffic destined for a public web server is sourced from IP 192.168.1.10.
    • The output is the result of the show ip nat statistics command.
      Answers Explanation & Notes:

      The output shown in the exhibition is the result of the show ip nat translations command. Static NAT entries are always present in the NAT table, while dynamic entries will eventually time out.

  • Which situation describes data transmissions over a WAN connection?

    • An employee prints a file to a networked printer located in another building.
    • A manager sends an email to all employees in the department with offices located in multiple buildings.
    • An employee shares a database file with a colleague at a branch office across town.
    • A network administrator in the office remotely accesses a web server located in the data center on the edge of campus.
      Answers Explanation & Notes:

      When two offices in a city communicate with each other, it is very likely that the data transmission will be over some kind of WAN connection. Data communication within a campus typically takes place via LAN connections.

      (Video) CCNA3 Exam | WAN Concepts Exam | Modules 6-8 Exam and Answers

  • A company is considering upgrading the campus WAN connection. Which two WAN options are examples of private WAN architecture? (Choose two.)

    • Cable
    • dedicated line
    • Ethernet-WAN
    • communal WiFi
    • digital subscriber line
      Answers Explanation & Notes:

      An organization can connect to a WAN through two basic options:

      Private WAN infrastructure – such as B. dedicated point-to-point leased lines, PSTN, ISDN, Ethernet WAN, ATM or Frame Relay
      Public WAN infrastructure – such as Digital Subscriber Line (DSL), cable, satellite access, municipal Wi-Fi, WiMAX, or wireless cellular network including 3G/4G

  • Match each component of a WAN link to its description. (Not all options are used.)

  • What two technologies are categorized as private WAN infrastructures? (Choose two.)

    • Cable
    • DSL
    • Frame-Relay
    • MetroE
    • VPN
      Answers Explanation & Notes:

      Private WAN technologies include leased line, dial-up, ISDN, Frame Relay, ATM, Ethernet WAN (an example is MetroE), MPLS, and VSAT.

  • Which network scenario requires the use of a WAN?

    • Employee workstations must be dynamically assigned IP addresses.
    • Employees must connect to the company email server via a VPN when traveling.
    • Employees at the branch office need to share files with the head office, which is in a separate building on the same campus network.
    • Employees need to access websites hosted on the company's web servers in the DMZ within their building.
      Answers Explanation & Notes:

      When traveling employees need to connect to a corporate email server over a WAN connection, the VPN creates a secure tunnel between an employee's laptop and the corporate network over the WAN connection. Obtaining dynamic IP addresses via DHCP is a function of LAN communications. Sharing files between different buildings on a corporate campus is done over the LAN infrastructure. A DMZ is a protected network within the corporate LAN infrastructure.

  • Map the scenario to the WAN solution. (Not all options are used.)

  • What circumstance would lead to a company deciding to implement a corporate WAN?

    • if the employees are spread over many branches
    • when the network spans multiple buildings
    • when the number of employees exceeds the capacity of the LAN
    • when the company decides to secure its corporate LAN
      Answers Explanation & Notes:

      WANs cover a larger geographic area than LANs, so employees spread across many locations would require the implementation of WAN technologies to connect those locations. Customers access enterprise web services over a public WAN implemented by a service provider rather than by the enterprise itself. As the workforce grows, so does the LAN. A WAN is not required unless employees are in remote locations. LAN security is unrelated to the decision to implement a WAN.

  • What is the role of the Hashed Message Authentication Code (HMAC) algorithm in building an IPsec VPN?

    • guarantees message integrity
    • authenticates the IPsec peers
    • protects IPsec keys during session negotiation
    • creates a secure channel for key negotiation
      Answers Explanation & Notes:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. The Hashed Message Authentication Code (HMAC) is a data integrity algorithm that uses a hash value to guarantee the integrity of a message.

  • What algorithm is used with IPsec to ensure data confidentiality?

    • MD5
    • Diffie-Hellman
    • RSA
    • AES
    • SCHA
      Answers Explanation & Notes:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure data is not intercepted and altered (data integrity) are MD5 and SHA. AES is an encryption protocol and provides data confidentiality. DH (Diffie-Hellman) is an algorithm used for key exchange. RSA is an algorithm used for authentication.

  • What two hashing algorithms are used with IPsec AH to guarantee authenticity? (Choose two.)

    • MD5
    • SCHA
    • AES
    • DH
    • RSA
      Answers Explanation & Notes:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two popular algorithms used to ensure data is not intercepted and altered (data integrity and authenticity) are MD5 and SHA.

  • What two algorithms can be part of an IPsec policy to provide encryption and hashing to protect traffic of interest? (Choose two.)

    • AES
    • SCHA
    • DH
    • RSA
    • PSK
      Answers Explanation & Notes:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. Two algorithms that can be used within an IPsec policy to protect traffic of interest are AES, an encryption protocol, and SHA, a hashing algorithm.

      (Video) CCNA3 Exam | WAN Concepts Exam | Modules 6-8 Exam and Answers

  • Which protocol creates a virtual point-to-point connection to tunnel unencrypted traffic between Cisco routers of a variety of protocols?

    • OSPF
    • IPsec
    • IKE
    • GR
      Answers Explanation & Notes:

      Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that encapsulates multiprotocol traffic between remote Cisco routers. GRE does not encrypt data. OSPF is an open source routing protocol. IPsec is a set of protocols that allow the exchange of information that can be encrypted and verified. Internet Key Exchange (IKE) is a key management standard used with IPsec.

  • What two endpoints can be on the other side of an ASA site-to-site VPN? (Choose two.)

    • DSL switch
    • Router
    • another ACE
    • multi-layer switch
    • Frame Relay switch
      Answers Explanation & Notes:

      In a site-to-site VPN, end hosts send and receive normal unencrypted TCP/IP traffic through a VPN end device, typically referred to as a VPN gateway. A VPN gateway device can be a router or a firewall. A Cisco Adaptive Security Appliance (ASA) is a standalone firewall appliance that combines firewall, VPN concentrator, and intrusion prevention functionality into one software image.

  • Which VPN solution allows using a web browser to establish a secure VPN tunnel with remote access to the ASA?

    • Clientloses SSL
    • Clientbasiertes SSL
    • Site-to-site with a pre-shared key
    • Site-to-site using an ACL
      Answers Explanation & Notes:

      If a web browser is used to securely access the corporate network, the browser must use a secure version of HTTP to provide SSL encryption. No VPN client needs to be installed on the remote host, so a clientless SSL connection is used.

  • Which IPsec security feature ensures that data received over a VPN has not been altered in transit?

    • confidentiality
    • integrity
    • authentication
    • secure key exchange
      Answers Explanation & Notes:

      Integrity is a feature of IPsec and ensures that data arrives at its destination unaltered through the use of a hash algorithm. Confidentiality is a feature of IPsec and uses encryption to protect data transmissions with a key. Authentication is a feature of IPsec and provides specific access to users and devices with valid authentication factors. Secure key exchange is a feature of IPsec and allows two peers to maintain the confidentiality of their private keys while sharing their public key.

  • What two technologies offer enterprise-managed VPN solutions? (Choose two.)

    • Frame-Relay
    • Site-to-Site-VPN
    • Layer-2-MPLS-VPN
    • Layer-3-MPLS-VPN
    • Remote Access VPN
      Answers Explanation & Notes:

      VPNs can be managed and deployed in two ways:
      Corporate VPNs - Corporate-managed VPNs are a popular solution for securing corporate traffic over the Internet. Site-to-site and remote access VPNs are examples of company-managed VPNs.
      Service Provider VPNs – Service Provider Managed VPNs are created and managed through the provider network. Layer 2 and Layer 3 MPLS are examples of service provider managed VPNs. Other legacy WAN solutions include Frame Relay and ATM VPNs.

  • What two types of VPNs are examples of corporate-managed VPNs for remote access? (Choose two.)

    • IPsec-VPN
    • Clientloses SSL-VPN
    • GRE over IPsec VPN
    • Client-based IPsec VPN
    • IPsec Virtual Tunnel Interface VPN
      Answers Explanation & Notes:

      Company-managed VPNs can be deployed in two configurations:
      Remote Access VPN – This VPN is created dynamically when required to establish a secure connection between a client and a VPN server. Remote access VPNs include client-based IPsec VPNs and clientless SSL VPNs.
      Site-to-site VPN - This VPN is created when connecting devices are pre-configured with information to establish a secure tunnel. VPN traffic is only encrypted between the connected devices and internal hosts are unaware that a VPN is being used. Site-to-site VPNs include IPsec, GRE over IPsec, Cisco Dynamic Multipoint (DMVPN), and IPsec Virtual Tunnel Interface (VTI) VPNs.

  • What is a Site-to-Site VPN requirement?

    • It requires a client/server architecture.
    • It requires placing a VPN server at the edge of the corporate network.
    • It requires hosts to use VPN client software to encapsulate traffic.
    • It requires a VPN gateway at each end of the tunnel to encrypt and decrypt traffic.
      Answers Explanation & Notes:

      Site-to-site VPNs are static and are used to connect entire networks. Hosts are unaware of the VPN and send TCP/IP traffic to VPN gateways. The VPN gateway is responsible for encapsulating the traffic and forwarding it through the VPN tunnel to a peer gateway at the other end, which decapsulates the traffic.

  • What is the function of the Diffie-Hellman algorithm in the IPsec framework?

    • allows peers to exchange shared keys
    • provides strong data encryption
    • guarantees message integrity
    • provides authentication
      Answers Explanation & Notes:

      The IPsec framework uses various protocols and algorithms to provide data confidentiality, data integrity, authentication, and secure key exchange. DH (Diffie-Hellman) is an algorithm used for key exchange. DH is a public key exchange method that allows two IPsec peers to establish a shared secret key over an insecure channel.

  • What does NAT overload use to track multiple internal hosts using an internal global address?

    • The MAC address
    • port numbers
    • IP addresses
    • Autonomous System number
      Answers Explanation & Notes:

      NAT congestion, also known as port address translation (PAT), uses port numbers to distinguish between multiple internal hosts.

      (Video) CCNA3 v7.02 – ENSA – Modules 6 – 8: WAN Concepts Exam Answers Full 100% 2023

  • See exhibition. The PC sends a packet to the server on the remote network. Router R1 is performing a NAT overload. From the PC's point of view, map the NAT address type to the correct IP address. (Not all options are used.)

    Answers Explanation & Notes:

    The internal local address in this case is the private IP address of the source or the PC. The inside global address is the source's translated address or the address as seen by the outside device. Since the PC uses the outside address of the R1 router, the inside global address is 192.0.2.1. External addressing is simply the address of the server, or 203.0.113.5.

  • See exhibition. R1 is configured for static NAT. What IP address do internet hosts use to reach PC1?

    • 192.168.0.10
    • 192.168.0.1
    • 209.165.200.225
    • 209.165.201.1
      Answers Explanation & Notes:

      With static NAT, a single internal local address, in this case 192.168.0.10, is mapped to a single global internal address, in this case 209.165.200.225. Internet hosts send packets to PC1 and use the internal global address 209.165.200.225 as the destination address.

  • See exhibition. A network administrator looks at the output of the show ip nat translations command. Which statement correctly describes the NAT translation that takes place on router RT2?​

    • Traffic from a source IPv4 address of 192.0.2.88 is translated by router RT2 to reach a destination IPv4 address of 192.168.254.253.
    • Traffic from a source IPv4 address of 192.168.254.253 is translated to 192.0.2.88 using static NAT.
    • Traffic from a source IPv4 address of 192.168.2.20 is translated by router RT2 to reach a destination IPv4 address of 192.0.2.254.
    • Traffic from a public IPv4 source address that causes traffic on the Internet can reach private internal IPv4 addresses.
      Answers Explanation & Notes:

      Because no external local or external global address is referenced, traffic from a source IPv4 address of 192.168.254.253 is translated to 192.0.2.88 using static NAT. In the show ip nat translations command output, the internal local IP address 192.168.2.20 is translated to an external IP address 192.0.2.254 to allow the traffic to traverse the public network. A public IPv4 device can connect to the private IPv4 device 192.168.254.253 by targeting the destination IPv4 address 192.0.2.88.

  • Which two WAN infrastructure services are examples of private links? (Choose two.)

    • T1/E1
    • wireless
    • DSL
    • Cable
    • Frame-Relay
      Answers Explanation & Notes:

      Private WANs can use T1/E1, T3/E3, PSTN, ISDN, Metro Ethernet, MPLS, Frame Relay, ATM, or VSAT technology.

  • Which two statements about the relationship between LANs and WANs are correct? (Choose two.)

    • Both LANs and WANs connect end devices.
    • WANs connect LANs with slower bandwidth than LANs connect their internal end devices
    • LANs connect multiple WANs together.
    • WANs must be publicly owned, but LANs can be owned by either public or private entities.
    • WANs are typically operated through multiple ISPs, but LANs are typically operated by single organizations or individuals.
      Answers Explanation & Notes:

      Although LANs and WANs can use the same network media and intermediate devices, they serve very different domains and purposes. The administrative and geographic scope of a WAN is wider than that of a LAN. Bandwidth speeds are slower with WANs due to their increased complexity. The Internet is a network of networks that can function under either public or private management.

  • Which statement describes an important property of a site-to-site VPN?

    • It must be set up statically.
    • It is ideally suited for use by mobile workers.
    • It requires the use of a VPN client on the host PC.
    • It is commonly implemented over dial-up and cable modem networks.
    • After the initial connection is made, it can dynamically change the connection information.
      Answers Explanation & Notes:

      A site-to-site VPN is created between the network devices of two separate networks. The VPN is static and persists. The internal hosts of the two networks are not aware of the VPN.

  • How is "tunneling" accomplished in a VPN?

    • New headers from one or more VPN protocols encapsulate the original packets.
    • All packets between two hosts are mapped to a single physical medium to ensure packets remain private.
    • Packets are disguised to look like other types of traffic, so potential attackers ignore them.
    • A dedicated connection is established between the source and target device for the duration of the connection.
      Answers Explanation & Notes:

      Packets in a VPN are encapsulated with the headers from one or more VPN protocols before being sent over a third-party network. This is called "tunneling". These outer headers can be used to forward the packets, authenticate the source, and prevent unauthorized users from reading the contents of the packets.

  • Which statement describes a VPN?

    • VPNs use dedicated physical connections to transfer data between remote users.
    • VPNs use logical connections to create public networks across the Internet.
    • VPNs use open source virtualization software to create the tunnel through the internet.
    • VPNs use virtual circuits to create a private network over a public network.
      Answers Explanation & Notes:

      A VPN is a private network created over a public network. Instead of using dedicated physical connections, a VPN uses virtual connections routed through a public network between two network devices.

  • Open the PT activity. Complete the tasks in the activity guide, and then answer the question.

    What problem is causing PC-A to be unable to communicate with the Internet?

    • The static route should not point to the interface, but to the external address.
    • This router should be configured to use static NAT instead of PAT.
    • The ip nat inside source command points to the wrong interface.
    • The access list used in the NAT process points to the wrong subnet.
    • The NAT interfaces are not correctly assigned.
      Answers Explanation & Notes:

      The show ip nat statistics output shows that the inside interface is FastEthernet0/0, but no interface has been set as the outside interface. This can be fixed by adding the ip nat outside command to the Serial0/0/0 interface.

      (Video) CCNA3 Module 7: WAN Concepts - Enterprise Networking Security and Automation (ENSA)

  • What kind of address is 10.131.48.7?

    • Private
    • public

  • What kind of address is 10.19.6.7?

    • Private
    • public

  • What kind of address is 192.168.7.98?

    • Private
    • public

  • What kind of address is 64.100.190.189?

    • public
    • Private

  • What kind of address is 198.133.219.148?

    • public
    • Private

  • What kind of address is 128.107.240.239?

    • public
    • Private

  • What kind of address is 64.101.198.197?

    • public
    • Private

  • What kind of address is 10.100.34.34?

    • Private
    • public

  • What kind of address is 10.100.126.126?

    • Private
    • public

  • What kind of address is 192.168.7.126?

    • Private
    • public

  • What type of VPN includes passenger, carrier, and transport logs?

    • GRE over IPsec
    • Virtual IPsec tunnel interface
    • MPLS-VPN
    • dynamic multipoint VPN

  • What kind of VPN supports multiple locations by applying configurations to virtual interfaces instead of physical interfaces?

    • Virtual IPsec tunnel interface
    • dynamic multipoint VPN
    • MPLS-VPN
    • GRE over IPsec

  • What type of VPN connects with the Transport Layer Security (TLS) feature?

    • SSL-VPN
    • GRE over IPsec
    • dynamic multipoint VPN
    • Virtual IPsec tunnel interface

  • What type of VPN connects with the Transport Layer Security (TLS) feature?

    • SSL-VPN
    • MPLS-VPN
    • Virtual IPsec tunnel interface
    • dynamic multipoint VPN

  • Which VPN type has both Layer 2 and Layer 3 implementations?

    • MPLS-VPN
    • Virtual IPsec tunnel interface
    • dynamic multipoint VPN
    • GRE over IPsec

  • Which VPN type has both Layer 2 and Layer 3 implementations?

    • MPLS-VPN
    • SSL-VPN
    • GRE over IPsec
    • dynamic multipoint VPN

  • What type of VPN allows multicast and broadcast traffic over a secure site-to-site VPN?

    • GRE over IPsec
    • SSL-VPN
    • dynamic multipoint VPN
    • Virtual IPsec tunnel interface

  • Which VPN Type Uses Public Key Infrastructure and Digital Certificates?

    • SSL-VPN
    • GRE over IPsec
    • dynamic multipoint VPN
    • Virtual IPsec tunnel interface

  • What type of VPN encapsulates an insecure tunnel protocol from IPsec?

    • GRE over IPsec
    • dynamic multipoint VPN
    • Virtual IPsec tunnel interface
    • SSL

  • What type of VPN routes packets through virtual tunnel interfaces for encryption and forwarding?

    • Virtual IPsec tunnel interface
    • MPLS-VPN
    • dynamic multipoint VPN
    • GRE over IPsec

    • Videos

    1. CCNA3 Exam | OSPF Concepts and Configuration Exam | Module 1-2 Exam and Answers
    (Eng Mohamed Saraya)
    2. Enterprise Networking, Security, and Automation ( Version 7) - WAN Concepts Exam
    (RZ Suhag)
    3. Cisco CCNA v7.0 ENSA modules 6-7-8 NAT WAN IPSec 2021SP
    (TCC-SC-Cisco)
    4. CCNA3- ENSA FINAL EXAM | Enterprise Networking, Security, & Automation - ENSA Final Exam
    (Benard Otom)
    5. CCNA3-ENSAv7 - Lecture Module 07 - WAN Concepts
    (Arthur Salmon)
    6. CCNA3 Exam | Emerging Network Technologies Exam |Modules 13-14 | Network Virtualization & Automation
    (Eng Mohamed Saraya)
    Top Articles
    Latest Posts
    Article information

    Author: Greg Kuvalis

    Last Updated: 04/06/2023

    Views: 6459

    Rating: 4.4 / 5 (55 voted)

    Reviews: 86% of readers found this page helpful

    Author information

    Name: Greg Kuvalis

    Birthday: 1996-12-20

    Address: 53157 Trantow Inlet, Townemouth, FL 92564-0267

    Phone: +68218650356656

    Job: IT Representative

    Hobby: Knitting, Amateur radio, Skiing, Running, Mountain biking, Slacklining, Electronics

    Introduction: My name is Greg Kuvalis, I am a witty, spotless, beautiful, charming, delightful, thankful, beautiful person who loves writing and wants to share my knowledge and understanding with you.