Latest 642-902 Pass4sure Free Tests 321-330

Ensurepass

 

QUESTION 321

What two features are benefits of using GRE tunnels with IPsec over using IPsec tunnel alone for building site-to-site VPNs? (Choose two.)

 

A.       allows dynamic routing securely over the tunnel

B.       IKE keepalives are unidirectional and sent every ten seconds

C.       reduces IPsec headers overhead since tunnel mode is used

D.      supports non-IP traffic over the tunnel

E.       uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration

 

Correct Answer: AD

 

 

QUESTION 322

Which statement is true about an IPsec/GRE tunnel?

 

A.       The GRE tunnel source and destination addresses are specified within the IPsec transform set.

B.       An IPsec/GRE tunnel must use IPsec tunnel mode.

C.       GRE encapsulation occurs before the IPsec encryption process.

D.       Crypto map ACL is not needed to match which traffic will be protected.

 

Correct Answer: C

 

 

QUESTION 323

Which of the following is a GRE Tunnel characteristic?

 

A.       GRE impose more CPU overhead than IPSec on VPN gateways.

B.       GRE tunnels can run through IPsec tunnels.

C.       GRE Tunnel doesn’t have support for IPv6.

D.      GRE consists of two sub-protocols: Encapsulated Security Payload (ESP) and Authentication Header (AH).

 

Correct Answer: B

 

 

QUESTION 324

What are the four main steps in configuring a GRE tunnel over IPsec on Cisco routers? (Choose Four)

 

A.       Configure a physical interface or create a loopback interface to use as the tunnel endpoint.

B.       Create the GRE tunnel interfaces.

C.       Add the tunnel interfaces to the routing process so that it exchanages routing updates across that interface.

D.      Add the tunnel subnet to the routing process so that it exchanages routing updates across that interface.

E.       Add all subnets to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.

F.        Add GRE traffic to the crypto access-list, so that IPsec encrypts the GRE tunnel traffic.

 

Correct Answer: ABDF

 

 

QUESTION 325

A network administrator uses GRE over IPSec to connect two branches together via VPN tunnel. Which one of the following is the reason for using GRE over IPSec?

 

A.       GRE over IPSec provides better QoS mechanism and is faster than other WAN technologies.

B.       GRE over IPSec decreases the overhead of the header.

C.       GRE supports use of routing protocol, while IPSec supports encryption.

D.      GRE supports encryption, while IPSec supports use of routing protocol.

 

Correct Answer: C

 

 

QUESTION 326

A network administrator is troubleshooting an EIGRP connection between RouterA, IP address 10.1.2.1, and RouterB, IP address 10.1.2.2. Given the debug output on RouterA, which two statements are true?

clip_image001

A.       RouterA received a hello packet with mismatched autonomous system numbers.

B.       RouterA received a hello packet with mismatched hello timers.

C.       RouterA received a hello packet with mismatched authentication parameters.

D.      RouterA received a hello packet with mismatched metric-calculation mechanisms.

E.       RouterA will form an adjacency with RouterB.

F.        RouterA will not form an adjacency with RouterB.

 

Correct Answer: DF

 

 

QUESTION 327

Refer to the exhibit.

clip_image002

 

Network administrators have set up a hub and spoke topology with redundant connections using EIGRP. However, they are concerned that a network outage between Router R1 and Router R2 will cause traffic from the 10.1.1.x network to the 10.1.2.x network to traverse the remote office links and overwhelm them. What command should be used to configure the spoke routers as EIGRP stub routers that will not advertise connected networks, static routes, or summary addresses?

 

A.       eigrp stub

B.       eigrp stub receive-only

C.       eigrp stub connected static

D.      no eigrp stub connected static

E.       No additional command is needed beyond a default EIGRP configuration.

 

Correct Answer: B

 

 

QUESTION 328

Which configuration command is used to enable EIGRP unequal-cost path load balancing?

 

A.       maximum-paths

B.       distance

C.       metric

D.      variance

E.       default-metric

 

Correct Answer: D

 

 

QUESTION 329

Refer to the exhibit. Which one statement is true?

clip_image003

 

A.       Traffic from the 172.16.0.0/16 network will be blocked by the ACL.

B.       The 10.0.0.0/8 network will not be advertised by Router B because the network statement for the 10.0.0.0/8 network is missing from Router B.

C.       The 10.0.0.0/8 network will not be in the routing table on Router B.

D.      Users on the 10.0.0.0/8 network can successfully ping users on the 192.168.5.0/24 network, but users on the 192.168.5.0/24 cannot successfully ping users on the 10.0.0.0/8 network.

E.       Router B will not advertise the 10.0.0.0/8 network because it is blocked by the ACL.

 

Correct Answer: E

 

 

QUESTION 330

If the primary path goes down, what will EIGRP use to reach a destination?

 

A.       administrative distance

B.       advertised successor

C.       successor

D.      feasible successor

 

Correct Answer: D

 

Download Latest 2013 642-902 Real Free Tests , help you to pass exam 100%.