Remote Site Connectivity

Question 1

What is a valid design consideration for a hybrid VPN?

Answer 1

You might need to decrease the MTU size for frames on an interface

Question 2

In a Layer 3 MPLS VPN, with what does a CE router form a relationship?

Answer 2

A PE in the MPLS network

Question 3

You want to interconnect two remote sites with a VPN tunnel. The tunnel needs to support IP unicast, multicast, and broadcast traffic. Additionally, you need to encrypt traffic being sent over the tunnel. What VPN solution could meed the design requirements?

Answer 3

Use a GRE tunnel inside of an IPSEC tunnel

Question 4

Identify technologies required for a DMVPN network

Answer 4

NHRP, IPSEC, mGRE

Question 5

What are characteristics of multipoint GRE?

Answer 5

mGRE supports a wide variety of protocols, and a single mGRE interface can service multiple tunnels

Question 6

Describe the operation of NHRP

Answer 6

The spoke routers are configured with the IP address of the hub router, the spoke routers then update the hub router with their IP address and query hub router for the physical interface IP address of other spoke routers (using the tunnel IP address for correlation).

Question 7

Which IPSEC feature primarily performs encryption?

Answer 7

Confidentiality

Question 8

The design requires that routers at remote sites appear as adjacent to one another, and they are interconnected over an MPLS network.

Answer 8

Use a Layer 2 MPLS VPN.

Question 9

The design requires customer edge (CE) routers at each enterprise site to communicate over an MPLS network and to form neighborships with provider edge (PE) routers to which they connect.

Answer 9

Use a Layer 3 MPLS VPN.

Question 10

The design requires that multicast, broadcast, and unicast IP traffic between sites be secured within a VPN.

Answer 10

Encapsulate the multicast, broadcast, and unicast IP traffic inside of a GRE tunnel, and then encapsulate the GRE packets inside of an IPsec tunnel.

Question 11

The design requires that spokes in a hub-and-spoke VPN topology be able to dynamically form GRE tunnels between themselves.

Answer 11

Use Dynamic Multipoint VPN (DMVPN).

Question 12

The design requires that a single GRE tunnel interface support multiple GRE tunnels.

Answer 12

Use multipoint GRE (mGRE).

Question 13

The design requires that spoke routers in a hub- and-spoke VPN design be able to query the hub to determine the IP address of a physical interface corresponding to the far side of a tunnel.

Answer 13

Use NHRP.

Question 14

The design requires that you provide confidentiality, data integrity, authentication, and antireplay protection for unicast traffic flowing over a VPN.

Answer 14

Use IPsec.

Question 15

The plan requires that an MPLS VPN technology be used to interconnect remote sites. What broad categories of MPLS VPNs could you choose from? (Choose two.)

Answer 15

Layer 2 MPLS VPNs, Layer 3 MPLS VPNs

Question 16

The plan mandates the use of a Layer 3 MPLS VPN. What routing protocol will the service provider probably use to propagate route information from a customer edge (CE) router at one site to a CE router at another site?

Answer 16

Multiprotocol BGP (MP-BGP)

Question 17

The plan calls for the use of a GRE tunnel. What protocols can you send over a GRE tunnel?

Answer 17

A GRE tunnel supports any Layer 3 protocol (including IP unicast, broadcast, and multicast traffic).

Question 18

The plan calls for the use of a Dynamic Multipoint VPN (DMVPN). What VPN technologies are required to support a DMVPN? (Choose three.)

Answer 18

Multipoint GRE (mGRE), Next Hop Resolution Protocol (NHRP), IPsec

Question 19

The plan requires a hub router in a hub-and-spoke topology to have four GRE tunnels out to remote sites. If you use mGRE, how many tunnel interfaces need to be configured on the hub router to support the four GRE tunnels?

Answer 19

One

Question 20

The plan calls for the use of NHRP in a hub-and- spoke VPN topology. What router, or routers, in the topology will hold the NHRP database?

Answer 20

The hub router

Question 21

The plan requires the use of IPsec. What are IPsec’s modes of operation? (Choose two.)

Answer 21

Transport Mode, Tunnel Mode

Question 22

Create a GRE virtual tunnel interface (in global configuration mode).

Answer 22

interface tunnel {id}

Question 23

Assign an IP address to a GRE tunnel (in interface configuration mode).

Answer 23

ip address {ip_address subnet_mask}

Question 24

Specify the source of a GRE tunnel (in interface configuration mode).

Answer 24

tunnel source {interface_id | ip_address}

Question 25

Specify the destination of a GRE tunnel (in interface configuration mode).

Answer 25

tunnel destination {ip_address}

Question 26

Verify the interface status and encapsulation of a GRE tunnel.

Answer 26

show interface tunnel {id}

Question 27

Verify that a router sees the far side of a GRE tunnel as a single hop away, even though multiple routers might need to be transited to reach the far side of the tunnel.

Answer 27

trace route {ip_address_of_far_side_of_

tunnel}