Exam Description
Cisco 642-081 Interconnecting Cisco Networking Devices Part 2 (ICND2) is the exam associated with the Cisco Certified Network Associate certification. Candidates can prepare for this exam by taking the Interconnecting Cisco Networking Devices Part 2 (ICND2) v1.0 course. This exam tests a candidate’s knowledge and skills required to successfully install, operate, and troubleshoot a small to medium size enterprise branch network. The exam covers topics on VLSM and IPv6 addressing; extending switched networks with VLANs; configuring, verifying and troubleshooting VLANs; the VTP, RSTP, OSPF and EIGRP protocols; determining IP routes; managing IP traffic with access lists; NAT and DHCP; establishing point-to- point connections; and establishing Frame Relay connections.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Interconnecting Cisco Networking Devices Part 2 exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Topic 1 – Configure, verify and troubleshoot a switch with VLANs and interswitch communications. (63 Questions) Describe enhanced switching technologies (including: VTP, RSTP, VLAN, PVSTP, 802.1q) Describe how VLANs create logically separate networks and the need for routing between them Configure, verify, and troubleshoot VLANs Configure, verify, and troubleshoot trunking on Cisco switches Configure, verify, and troubleshoot interVLAN routing Configure, verify, and troubleshoot VTP Configure, verify, and troubleshoot RSTP operation Interpret the output of various show and debug commands to verify the operational status of a Cisco switched network Implement basic switch security (including: port security, unassigned ports, trunk access, etc.)
Topic 2 – Implement IP addressing and Services(18 Questions) Calculate and apply a VLSM IP addressing design to a network Determine the appropriate classless addressing scheme using VLSM and summarization to satisfy addressing requirements in a LAN/WAN environment Describe the technological requirements for running IPv6 (including: protocols, dual stack, tunneling, etc) Describe IPv6 addresses Identify and correct common problems associated with IP addressing and host configurations
Topic 3 – Configure and troubleshoot basic operation and routing on Cisco devices. (69 Questions) Compare and contrast methods of routing and routing protocols Configure, verify and troubleshoot OSPF Configure, verify and troubleshoot EIGRP Verify configuration and connectivity using ping, traceroute, and telnet or SSH Troubleshoot routing implementation issues Verify router hardware and software operation using SHOW DEBUG commands Implement basic router security
Topic 4 – Implement, verify, and troubleshoot NAT and ACLs in a medium-size Enterprise branch office network. (20 Questions) Describe the purpose and types of access control lists Configure and apply access control lists based on network filtering requirements Configure and apply an access control list to limit telnet and SSH access to the router Verify and monitor ACL’s in a network environment Troubleshoot ACL implementation issues Explain the basic operation of NAT Configure Network Address Translation for given network requirements using CLI Troubleshoot NAT implementation issues
Topic 5 – Implement and verify WAN links. (24 Questions) Configure and verify Frame Relay on Cisco routers Troubleshoot WAN implementation issues Describe VPN technology (including: importance, benefits, role, impact, components) Configure and vary PPP connection between Cisco routers
Exam A
QUESTION 1
Due to limitations affecting voice quality, which of the broadband speeds shown is preferred in order to achieve highest voice quality on a converged data and voice teleworker connection?
A. DSL with 128k uplink /128k downlink
B. cable with 256k uplink /256k downlink
C. DSL with 128k uplink /768k downlink
D. cable with 256k uplink /1.4M downlink
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Exhibit:
Which of the following statements is a reason the DHCP server is enabled on the Teleworker home router?
A. allows for workstations to have network values hard-coded
B. IP network settings cannot be assigned if the VPN tunnel is down
C. provides IP network settings to be dynamically assigned
D. requires HTTP access to initiate assignment
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which integrated security feature is not provided by the Cisco Business Ready Teleworker solution?
A. Stateful Inspection Firewall
B. Intrusion Detection System
C. Spam Filtering
D. 802.1-based Authentication
E. Proxy Authentication
F. URL Filtering
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 4
Why would the network manager elect to implement a configuration that includes GRE tunnels for a teleworker deployment? Choose two.
A. GRE can use transport mode and save up to twenty bytes per packet.
B. The corporate network includes many discontinuous blocks of IP networks and requires split tunneling.
C. The corporation’s primary application is based on IP multicast.
D. Without GRE, there is no means to detect a head-end failure.
E. GRE would enable path MTU discovery.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Exhibit:
Assume Router Certkiller 1 is configured for split tunneling. If the Internet Service provider was asked by the customer to provide a guarantee of at least 60 percent of the WAN link between Router Certkiller 1 and Router Certkiller 3 for encrypted traffic, what would be the best means of identifying this traffic to their QoS Service Policy?
A. permit esp any permit udp any eq 500 any eq 500
B. permit udp any eq isakmp any eq isakmp
C. permit ip 10.81.7.0 0.0.0.7 any
D. tcp any any eq 22
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
What is the best way to ensure that IKE/ISAKMP packets are not dropped when QoS is enabled on the uplink interface of the Teleworker router?
A. QoS and IPSec should never be used together.
B. IKE/ISAKMP packets are DiffSERV codepoint CS6, so the traffic is never dropped.
C. Source IKE/ISAKMP packets off the loop-back address.
D. Classify IKE/ISAKMP packets so they are appropriately prioritized.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Exhibit:
Given this deployment model and the Enterprise applications, the Teleworker Router provides which functions? Choose two.
A. Broadband access termination
B. IPSec tunnel termination
C. H.323 Signaling termination
D. Traffic Shaping
E. Compressed RTP(cRTP)for bandwidth optimization
Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Easy VPN operates in two modes. Although Client Mode has advantages, there are environments where it should not be used. Choose two.
A. Teleworker devices must be accessed from the central site (server, printers).
B. IP addressing is simplified.
C. The Teleworker LAN is a transit networking for routing.
D. An Enterprise application does not function with Network Address Translation.
E. The Teleworker router is an MPLS PE node.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Exhibit:
Certkiller .com indicates their teleworkers plan to use IP phones in their home offices. The IT department has surveyed the planned teleworkers, resulting in the user groupings shown in the exhibit. To provide the highest voice quality, the best recommendations to this customer are __________. Choose two.
A. Deploy all three groups with a QoS service policy, choosing the parameters for Traffic Shaping based on the average uplink speed across the three groups.
B. Teleworkers in Groups A and B should inquire with their DSL providers for subscriptions with higher uplink bandwidths.
C. Teleworkers in Group C should change their subscriptions to DSL for deployment consistency.
D. Teleworkers in Group A should upgrade their subscription to obtain static IP addresses
E. Teleworkers in Group A should inquire with their DSL providers for subscriptions with higher downlink bandwidths.
Correct Answer: BE Section: (none) Explanation
Explanation/Reference:
QUESTION 10
When should you enable Network Address Translation Transparency (NAT-T) on the Teleworker?
A. when a router between the Teleworker router and the head-end VPN router is doing NAT/pNAT and does not support IPSec pass-through
B. when the Teleworker router itself is doing NAT/pNAT
C. always
D. never
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 11
Choose the true statement regarding QoS pre-classify.
A. QoS pre-classify permits making QoS decisions based on elements from the unencrypted IP packet.
B. QoS pre-classify is required when encrypting voice.
C. QoS pre-classify is an advantage to Service Providers transporting encrypted packets.
D. QoS pre-classify is not designed for IPSec/GRE configurations.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 12
The LAN-side of the Teleworker router is assigned private IP address space (RFC1918), and the VPN topology is IPSec-only (no GRE protocol). When is it required to configure NAT/pNAT on the Teleworker router?
A. when all access to the Internet is through the IPSec tunnel
B. when there is direct Internet access via split-tunneling
C. when there is no Internet access configured through the Teleworker router
D. whenever you have IOS-Firewall (CBAC) configured
Correct Answer: B Section: (none) Explanation
Explanation/Reference: QUESTION 13
Exhibit:
Asymmetric broadband service with significantly greater downstream bandwidth is recommended for Teleworker deployment. Which reason is the most accurate?
A. Most ISPs do not provide QoS for residential broadband. Asymmetric bandwidth reduces the chance of downstream congestion when traffic from Internet sites competes for bandwidth with IP voice traffic.
B. Additional downstream bandwidth compensates for insufficient upstream bandwidth. The aggregate bandwidth provides the same result.
C. The additional bandwidth is needed to access more than one site. Most HTTP traffic is downstream.
D. The additional downstream bandwidth allows the Enterprise VPN device to send the IP voice packets much faster, allowing them to reach the Teleworker network with less latency.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Select a key benefit of DSL.
A. TCP packet sizes can be optimized by the router so there is no IPSec or AAL5 padding.
B. The local loop is a dedicated connection for a single subscriber to the DSLAM.
C. Access to the WAN media uses a poll/response mechanism so no two subscribers transmit at the same time.
D. There are no distance requirements from the Central Office (CO).
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Exhibit: Given the CPE deployment model, the Enterprise applications shown, and the functions being provided as designated, the appropriate product choice is ____________.
A. Cisco PIX 501 Firewall
B. Cisco 831 router
C. Cisco 837 router
D. Cisco VPN3002 Hardware Client
E. Cisco ubr925 cable modem
F. Cisco SW VPN Client
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Exhibit:
Assume Router Certkiller 1 is configured for split tunneling. For Host Certkiller B to download a file from Server Certkiller A, what would best describe the path the packets would traverse from the server to the host?
A. Server Certkiller A to Router Certkiller 2, unencrypted to Router Certkiller 1 to Client Certkiller B.
B. Server Certkiller A to Router Certkiller 2, encrypted to Router Certkiller 1 to Client Certkiller B.
C. The packets are encrypted between Server Certkiller A and Router Certkiller 1.
D. Unencrypted from Server Certkiller A through Router Certkiller 1 to Client Certkiller B.
E. Client Certkiller B could not download a file from Server Certkiller A.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Your Service Provider does not support Link Fragmentation and Interleave, but upstream serialization delay on your broadband link is affecting voice quality. Which two mitigation strategies are viable? Choose two.
A. Upgrade your residential broadband service to at least 768kbps uplink.
B. Switch your home router to use PPP encapsulation.
C. Use the ip tcp adjust-mss interface command.
D. Employ QoS techniques to drop large data packets.
E. Use traffic shaping to interrupt large data packets.
Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Authentication for user data traffic is important, but so is authentication for IP voice traffic. The Cisco 830
802.1 feature provides an easier method for allowing IP voice traffic through the VPN, because it ____________. Choose two.
A. requires access lists to identify the voice traffic
B. can allow traffic from a device without 802.1X authentication, by MAC address
C. can allow traffic from Cisco IP phones by listening to their CDP advertisements
D. allows all packets marked with a ToS of 5 to bypass authentication
E. allows all IP voice packets to bypass authentication via stateful inspection
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Exhibit:
A Teleworker router is deployed behind a broadband Cable service. If the Teleworker router has the configuration shown, what will be the DNS server selected for DHCP clients on the LAN-side interface?
A. DHCP clients will automatically default to the DNS root servers for all DNS requests in the IP stacks locally.
B. DHCP clients will use the IP set in the option 150 command.
C. DHCP clients will use the DNS entry assigned by the ISP.
D. DHCP clients will have no DNS server set in the IP stack.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Exhibit: The Linksys router in the diagram is performing pNAT (port network address translation). What hash algorithm should you choose and why?
A. Use hash MD5 to ensure that IKE works through NAT.
B. Use ah-sha-hmac, as it does not check the integrity of the IP header. The IP header will change due to NAT.
C. Use 3DES, as it will encrypt the IPSec header IP addresses and bypass addressing issues.
D. Use esp-sha-hmac, as it does not check the integrity of the IP header. The IP header will change due to NAT.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 21
An important limitation of the Cisco Business Ready Teleworker solution is __________.
A. IP phone extensions for teleworkers must be chosen carefully so not to duplicate campus phone extensions.
B. More security exposure exists due to lack of support for Intrusion Detection System and URL filtering for teleworker originated traffic.
C. Compressed RTP and IPSec are not compatible and result in no bandwidth savings.
D. Broadband modems must support Quality of Service for adequate voice quality.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 22
What method in a Cisco IOS router can confirm that packets marked for a particular QoS marking are being matched?
A. Issue a show policy-map interface command.
B. Assuming Netflow is enabled, issue a show ip cache verbose flow command.
C. Issue a show crypto ipsec session command.
D. Issue a debug qos set command and a terminal monitor command.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 23
Exhibit: Given the CPE deployment model, the Enterprise applications shown, and the functions being provided as designated, the appropriate product choice is __________.
A. Cisco PIX 501 Firewall
B. Cisco 831 router
C. Cisco 837 router
D. Cisco VPN3002 Hardware Client
E. Cisco SW VPN Client
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 24
When implementing 802.1X on Teleworker routers and using separate DHCP address pools for
Teleworker and Home-user devices, traffic between devices can be restricted.
How can you best accomplish this?
A. Access Lists between the inside interface and loopback interface
B. Context Based Access Control
C. Dynamic Host Configuration Protocol
D. Network Address translation
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 25
For best packet switching performance with crypto, what is the recommend packet switching path in a Cisco Teleworker Router?
A. Process Switching
B. Silicon Switching
C. Cisco Express Forwarding (CEF) Switching
D. Autonomous Switching
Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 26
What is the minimum recommended uplink/downlink speed to support a single encrypted IP voice Teleworker call?
A. 256kbps / 1024kbps
B. 256kbps / 1544kbps
C. 160kbps / 768kbps
D. 384kbps / 384kbps
E. 128kbps / 512kbps
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 27
Exhibit:
Available public Internet sites are sometimes used for estimating performance. Which statement regarding their use for estimating VPN performance is correct?
A. Throughput results are valid as a value from the Teleworker’s home to the corporate site, regardless of the location of the public test server.
B. Throughput results may not be valid due to the public server’s location on the Internet and fluctuations based on the use of the public server.
C. Throughput values are not affected by the choice of split tunneling or Internet access through the VPN.
D. Throughput results are unrelated to the Teleworker PC configuration or current PC use.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 28
Exhibit:
An enterprise’s security policy disallows the use of wireless on a Teleworker PC. Choose the most appropriate 830 security feature to use to enforce the security policy.
A. 802.1X authentication
B. authentication proxy
C. Context Based Access Control
D. Lock and Key authentication
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 29
Exhibit:
With an IPSec tunnel established between remote Router A and head-end router B, how can the Service Provider Edge Router identify Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?
A. UDP ports 16384 through 32727
B. ESP packets less than 113 byes
C. DiffServ codepoint EF Expedited Forwarding
D. RTP ports 6970 through 6999
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 30
What are the DSL-specific factors that require additional bandwidth when supporting Voice-over-IP over an IPSec VPN? Choose three.
A. A voice packet is sent via multiple fixed-length cells; a portion of the last cell is padding, requiring more bandwidth.
B. ADSL typically uses PPPoE encapsulation, which adds additional overhead to each voice packet.
C. A voice packet is sent via multiple fixed-length cells; each cell has about 10% Layer-2 header overhead.
D. IPSec requires additional overhead for the header and hash.
E. ADSL carrier band requires additional bits to be carried over the wire to the DSL Access Concentrator.
Correct Answer: ABC Section: (none) Explanation
Explanation/Reference: QUESTION 31
Exhibit:
With an IPSec tunnel established between remote Router A and head-end router B, with Compressed Real-Time Protocol (cRTP) configured on the serial interface of Router A, what impact will the cRTP configuration have on the Voice over IP packets flowing through the IPSec tunnel from a Cisco 7960 IP phone?
A. Twenty bytes of header will be replaced with five bytes.
B. If the IPSec transform set includes Authentication Header, the receiving IPSec peer will discard the packets.
C. The IPSec packets will be dropped by Router A’s compression logic.
D. The voice packets will not be compressed.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
We help you do exactly that with our high quality Cisco 642-081 Certification using the above training materials.Regardless of whichever computer you have, you just need to download one of the many Cisco 642-081 PDF readers that are available for free.