Get Full Version of the Exam
What does the quot;Inside Globalquot; address represent in the configuration of NAT?
the summarized address for all of the internal subnetted addresses
the MAC address of the router used by inside hosts to connect to the Internet
a globally unique, private IP address assigned to a host on the inside network
a registered address that represents an inside host to an outside network
Correct Answer: D
Cisco defines these terms as:
Inside local addressThe IP address assigned to a host on the inside network. This is the address configured as a parameter of the computer OS or received via dynamic address allocation protocols such as DHCP. The address is likely not a legitimate IP address assigned by the Network Information Center (NIC) or service provider.
Inside global addressA legitimate IP address assigned by the NIC or service provider that represents one or more inside local IP addresses to the outside world.
Outside local addressThe IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it is allocated from an address space routable on the inside.
Outside global addressThe IP address assigned to a host on the outside network by the host owner.
The address is allocated from a globally routable address or network space.
These definitions still leave a lot to be interpreted. For this example, this document redefines these terms by first defining local address and global address. Keep in mind that the terms inside and outside are NAT definitions. Interfaces on a NAT router are defined as inside or outside with the NAT configuration commands, ip nat inside destination and ip nat outside source . Networks to which these interfaces connect can then be thought of as inside networks or outside networks, respectively.
Local addressA local address is any address that appears on the inside portion of the network.
Global addressA global address is any address that appears on the outside portion of the network.
The ip helper-address command does what?
assigns an IP address to a host
resolves an IP address from a DNS server
relays a DHCP request across networks
resolves an IP address overlapping issue
Correct Answer: C
When the DHCP client sends the DHCP request packet, it doesn#39;t have an IP address. So it uses the all-zeroes address, 0.0.0.0, as the IP source address. And it doesn#39;t know how to reach the DHCP server, so it uses a general broadcast address, 255.255.255.255, for the destination.
So the router must replace the source address with its own IP address, for the interface that received the request. And it replaces the destination address with the address specified in the ip helper-address command. The client device#39;s MAC address is included in the payload of the original DHCP request packet, so the router doesn#39;t need to do anything to ensure that the server receives this information. The router then relays the DHCP request to the DHCP server.
When configuring NAT, the Internet interface is considered to be what?
Correct Answer: D
The first step to deploy NAT is to define NAT inside and outside interfaces. You may find it easiest to define your internal network as inside, and the external network as outside. However, the terms internal and external are subject to arbitration as well. This figure shows an example of this.
Reference: http://www.cisco.com/c/en/us/support/docs/ip/network-address-translation- nat/13772- 12.html#topic2
Drag the definition on the left to the correct term on the right. Not all definitions on the left will be used.
A network administrator cannot connect to a remote router by using SSH. Part of the show interfaces command is shown.
Serial0/1/0 is up, line protocol is down
At which OSI layer should the administrator begin troubleshooting?
Correct Answer: B
I think the indication here is quot;Serial 0 is up, line protocol is downquot;. What causes this indication? Correct me if I am wrong. When you have this indication, a cable unplugged is not a correct answer. If you check the output of your quot;show interface serial 0quot; command again, you should notice it as quot;Serial 0 is down, line protocol is down. Under the quot;show ip int briefquot; you should see status = down and protocol = down as opposed to up, down. Because you disconnected the cable, layer 1 will go down, which is indicated by the serial 0 down status. The line protocol status is for layer 2. So, a cable unplugged is not a correct answer to quot;Serial 0 is up, line protocol is downquot;. Up/down means that the physical layer is OK, but there is a problem with the data link link (line protocol).
Refer to the exhibit. A company wants to use NAT in the network shown. Which commands will apply the NAT configuration to the proper interfaces? (Choose two.)
R1(config)# interface serial0/1 R1(config-if)# ip nat inside
R1(config)# interface serial0/1 R1(config-if)# ip nat outside
R1(config)# interface fastethernet0/0 R1(config-if)# ip nat inside
R1(config)# interface fastethernet0/0 R1(config-if)# ip nat outside
R1(config)# interface serial0/1
R1(config-if)# ip nat outside source pool 18.104.22.168 255.255.255.252
R1(config)# interface fastethernet0/0
R1(config-if)# ip nat inside source 10.10.0.0 255.255.255.0
Correct Answer: BC
For NAT, you need to define which interfaces are inside and which are outside. The outside interface is the one that connects to the external network, and the one that will be used for translating addresses. The inside interface is for the internal network, and defines the network IP addresses that will get translated to the one specified in the outside network.
What happens when computers on a private network attempt to connect to the Internet through a Cisco router running PAT?
The router uses the same IP address but a different TCP source port number for each connection.
An IP address is assigned based on the priority of the computer requesting the connection.
The router selects an address from a pool of one-to-one address mappings held in the lookup table.
The router assigns a unique IP address from a pool of legally registered addresses for the duration of the connection.
Correct Answer: A
Static PAT translations allow a specific UDP or TCP port on a global address to be translated to a specific port on a local address. That is, both the address and the port numbers are translated.
Static PAT is the same as static NAT, except that it enables you to specify the protocol (TCP or
UDP) and port for the real and mapped addresses. Static PAT enables you to identify the same mapped address across many different static statements, provided that the port is different for each statement. You cannot use the same mapped address for multiple static NAT statements.
Port Address Translation makes the PC connect to the Internet but using different TCP source port.
Various protocols are listed on the left. On the right are applications for the use of those protocols. Drag the protocol on the left to an associated function for that protocol on the right. (Not all options are used.)
Which of the following statements are TRUE regarding Cisco access lists? (Choose two.)
In an inbound access list, packets are filtered as they enter an interface.
In an inbound access list, packets are filtered before they exit an interface.
Extended access lists are used to filter protocol-specific packets.
You must specify a deny statement at the end of each access list to filter unwanted traffic.
When a line is added to an existing access list, it is inserted at the beginning of the access list.
Correct Answer: AC
In an inbound access list, packets are filtered as they enter an interface. Extended access lists are used to filter protocol specific packets. Access lists can be used in a variety of situations when the router needs to be given guidelines for decision-making. These situations include: Filtering traffic as it passes through the router
To control access to the VTY lines (Telnet)
To identify quot;interestingquot; traffic to invoke Demand Dial Routing (DDR) calls To filter and control routing updates from one router to another
There are two types of access lists, standard and extended. Standard access lists are applied as close to the destination as possible (outbound), and can only base their filtering criteria on the source IP address. The number used while creating an access list specifies the type of access list created. The range used for standard access lists is 1 to 99 and 1300 to 1999. Extended access lists are applied as close to the source as possible (inbound), and can base their filtering criteria on the source or destination IP address, or on the specific protocol being used. The range used for extended access lists is 100 to 199 and 2000 to 2699.
Other features of access lists include:
Inbound access lists are processed before the packet is routed. Outbound access lists are processed after the packet has been routed to an exit interface. An quot;implicit denyquot; is at the bottom of every access list, which means that if a packet has not matched any preceding access list condition, it will be filtered (dropped). Access lists require at least one permit statement, or all packets will be filtered (dropped). One access list may be configured per direction for each Layer 3 protocol configured on an interface The option stating that in an inbound access list, packets are filtered before they exit an interface is incorrect.
Packets are filtered as they exit an interface when using an outbound access list. The option stating that a deny statement must be specified at the end of each access list in order to filter unwanted traffic is incorrect. There is an implicit deny at the bottom of every access list.
When a line is added to an existing access list, it is not inserted at the beginning of the access list. It is inserted at the end. This should be taken into consideration. For example, given the following access list, executing the command access-list 110 deny tcp 192.168.5.0 0.0.0.255 any eq www would have NO effect on the packets being filtered because it would be inserted at the end of the list, AFTER the line that allows all traffic.
access-list 110 permit ip host 192.168.5.1 any
access-list 110 deny icmp 192.168.5.0 0.0.0.255 any echo access-list 110 permit any any
How many addresses will be available for dynamic NAT translation when a router is configured with the following commands?
Router(config)#ip nat pool TAME 22.214.171.124 126.96.36.199 netmask 255.255.255.224 Router(config)#ip nat inside source list 9 pool TAME
Correct Answer: B
188.8.131.52 to 184.108.40.206 provides for 8 addresses.