What two features are benefits of using GRE tunnels with IPsec over using IPsec tunnel alone for building site-to-site VPNs? (Choose two.)


A.       allows dynamic routing securely over the tunnel

B.       IKE keepalives are unidirectional and sent every ten seconds

C.       reduces IPsec headers overhead since tunnel mode is used

D.      supports non-IP traffic over the tunnel

E.       uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration


Correct Answer: AD




Which statement is true about an IPsec/GRE tunnel?


A.       The GRE tunnel source and destination addresses are specified within the IPsec transform set.

B.       An IPsec/GRE tunnel must use IPsec tunnel mode.

C.       GRE encapsulation occurs before the IPsec encryption process.

D.       Crypto map ACL is not needed to match which traffic will be protected.


Correct Answer: C




Which of the following is a GRE Tunnel characteristic?


A.       GRE impose more CPU overhead than IPSec on VPN gateways.

B.       GRE tunnels can run through IPsec tunnels.

C.       GRE Tunnel doesn’t have support for IPv6.

D.      GRE consists of two sub-protocols: Encapsulated Security Payload (ESP) and Authentication Header (AH).


Correct Answer: B




What are the four main steps in configuring a GRE tunnel over IPsec on Cisco routers? (Choose Four)


A.       Configure a physical interface or create a loopback interface to use as the tunnel endpoint.

B.       Create the GRE tunnel interfaces.

C.       Add the tunnel interfaces to the routing process so that it exchanages routing updates across that interface.

D.      Add the tunnel subnet to the routing process so that it exchanages routing updates across that interface.

E.       Add all subnets to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.

F.        Add GRE traffic to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.


Correct Answer: ABDF




A network administrator uses GRE over IPSec to connect two branches together via VPN tunnel. Which one of the following is the reason for using GRE over IPSec?


A.       GRE over IPSec provides better QoS mechanism and is faster than other WAN technologies.

B.       GRE over IPSec decreases the overhead of the header.

C.       GRE supports use of routing protocol, while IPSec supports encryption.

D.      GRE supports encryption, while IPSec supports use of routing protocol.


Correct Answer: C




A network administrator is troubleshooting an EIGRP connection between RouterA, IP address, and RouterB, IP address Given the debug output on RouterA, which two statements are true?




A.       RouterA received a hello packet with mismatched autonomous system numbers.

B.       RouterA received a hello packet with mismatched hello timers.

C.       RouterA received a hello packet with mismatched authentication parameters.

D.      RouterA received a hello packet with mismatched metric-calculation mechanisms.

E.       RouterA will form an adjacency with RouterB.

F.        RouterA will not form an adjacency with RouterB.


Correct Answer: DF




Refer to the exhibit. Network administrators have set up a hub and spoke topology with redundant connections using EIGRP. However, they are concerned that a network outage between Router R1 and Router R2 will cause traffic from the 10.1.1.x network to the 10.1.2.x network to traverse the remote office links and overwhelm them. What command should be used to configure the spoke routers as EIGRP stub routers that will not advertise connected networks, static routes, or summary addresses?




A.       eigrp stub

B.       eigrp stub receive-only

C.       eigrp stub connected static

D.      no eigrp stub connected static

E.       No additional command is needed beyond a default EIGRP configuration.


Correct Answer: B




Which configuration command is used to enable EIGRP unequal-cost path load balancing?


A.       maximum-paths

B.       distance

C.       metric

D.      variance

E.       default-metric


Correct Answer: D




Refer to the exhibit. Which one statement is true?




A.       Traffic from the network will be blocked by the ACL.

B.       The network will not be advertised by Router B because the network statement for the network is missing from Router B.

C.       The network will not be in the routing table on Router B.

D.      Users on the network can successfully ping users on the network, but users on the cannot successfully ping users on the network.

E.       Router B will not advertise the network because it is blocked by the ACL.


Correct Answer: E




If the primary path goes down, what will EIGRP use to reach a destination?


A.       administrative distance

B.       advertised successor

C.       successor

D.      feasible successor


Correct Answer: D


