WAN Topologies Flashcards
What are the three basic topology options for a WAN?
Hub and Spoke or Star
Full-Mesh
Partial Mesh
What is the benefit of using a star topology?
What is the drawback?
Network simplicity
No redundancy
What is the purpose of creating a dual-carrier WAN design?
Increase redundancy and path diversity
Provides a pre-established communications path from the customer premises through the provider network to a remote destination
Dedicated communications link
Establishes a dedicated virtual connection for voice or data between a sender and a receiver. Two examples of this are PTSN (Public switched telephone network) and ISDN (Integrated services digital network).
Circuit-switched communications link
Data is transmitted in labeled frames, cells, or packets and include Frame Relay, ATM (Asynchronous Transfer Mode) and X.25.
Packet-switched communications links
These links go through broadband services such as DSL, cable modem, and broadband wireless. They are combine with VPN technologies to provide privacy.
Internet WAN connection links
Gives enterprises a way to create end-to-end circuits across any type of transport medium using any available WAN technology
MPLS (Multiprotocol Label Switching)
What type of MPLS VPN is appropriate for customers that manage their own routing information?
Layer 2 MPLS VPN
What type of MPLS VPN is appropriate for customers that prefer to outsource their routing to a service provider?
Layer 3 MPLS VPN
These devices are responsible for encapsulating and encrypting traffic
VPN device
What are the two available options for VPN encryption?
IP Sec SSL
What are the two types of VPN?
Site to site
Remote access
A framework of open security standards that does not support broadcast or IP multicast.
IP Sec
What addition to IP Sec can enable routing and multicast?
GRE
What Cisco proprietary site-to-site VPN option allows a simple hub and spoke configuration and zero touch configuration for new hosts?
DMVPN (Dynamic Multipoint Virtual Private Network)
What mode of IPsec configuration simplifies a VPN configuration?
VTI (Virtual Tunnel Interface)
What are the two types of VTI?
static and dynamic
Allows IP Sec to be immediately triggered to create point-to-point GRE tunnels without any IP Sec peering configuration.
DMVPN
Connects the CPE to the nearest exchange of the service provider.
Local loop
Takes digital data from the communications technology that’s used on a LAN and converts it into a frame thats appropriate for a WAN and vise versa
CSU/DSU
Router that resides in the middle or backbone of a WAN rather than its periphery
Core router
Device that interprets digital and analog signals enabling data to be transmitted over voice-grade telephone lines
Modem
Used where a fiber-optic link terminates in order to convert optical signals into electrical signals and vice versa
Optical fiber converters
Device that is used to connect DTE to a digital circuit, such as a T1 carrier line. A device is considered DTE if it is either a source or destination for digital data. Examples of DTE include PCs, servers, and routers.
CSU/DSU
What are two types of Layer 2 MPLS VPN technologies?
VPLS
VPWS
What protocol provides confidentiality, data integrity, authentication, and antireplay protection
IPsec
What service ensures that transmitted has not been changed or altered in any way?
data integrity
What are the main components of MPLS?
Control plane Data Plane
A protocol that is typically used when configuring a virtual private network (VPN)
L2TP (Layer 2 Tunneling Protocol)
VPN technology that leverages the strengths of IP Sec, GRE, and Next-Hop Resolution Protocol (NHRP) to simplify the implementation of highly scalable, secure networks.
DMVPN
Which of the following topology terms most closely describe the topology created by a Metro Ethernet Tree (E-Tree) service? (Choose two answers.)
Partial Mesh
Full Mesh
Hub and Spoke
Point-to-point
Partial Mesh
Hub and spoke
A Metro Ethernet E-Tree service uses a rooted point-to-multipoint Ethernet Virtual Connection (EVC), which means that one site connected to the service (the root) can communicate directly with each of the remote (leaf) sites. However, the leaf sites cannot send frames directly to each other; they can only send frames to the root site.
Which component of VPN technology ensures that data is unaltered between the sender and recipient?
A. encryption
B. authentication
C. key exchange
D. data integrity
D. data integrity
Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN?
A. Cisco IOS IPsec/SSL VPN Client
B. Cisco Adaptive Security Appliance
C. Cisco VPN Client
D. ISDN terminal adapter
B. Cisco Adaptive Security Appliance
Which two data integrity algorithms are commonly used in VPN solutions? (Choose two.)
A. DH1
B. DH2
C. HMAC-MD5
D. HMAC-SHA-1
E. RSA
C. HMAC-MD5
D. HMAC-SHA-1
What are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links? (Choose three.)
A. reduced cost
B. better throughput
C. broadband incompatibility
D. increased security
E. scalability
F. reduced latency
A. reduced cost
D. increased security
E. scalability
Which protocol is an open standard protocol framework that is commonly used in VPNs, to provide secure end-to-end communications?
A. RSA
B. L2TP
C. IPsec
D. PPTP
C. IPsec
What is the advantage of using a multipoint interface instead of point-to-point subinterfaces when configuring a Frame Relay hub in a hub-and-spoke topology?
A. It avoids split-horizon issues with distance vector routing protocols.
B. IP addresses can be conserved if VLSM is not being used for subnetting.
C. A multipoint interface offers greater security compared to point-to-point subinterface configurations.
D. The multiple IP network addresses required for a multipoint interface provide greater addressing flexibility over point-to-point configurations.
B. IP addresses can be conserved if VLSM is not being used for subnetting.
What two encryption algorithms are used in IPSec VPNs?
A. DH
B. PSK
C. IKE
D. AES
E. 3DES
D. AES
E. 3DES
Which three statements describe the building blocks that make up the IPSec protocol framework? (Choose three)
A. IPSec uses encryption algorithms and keys to provide secure transfer of data
B. IPSec uses Diffie-Hellman algorithms to encrypt data that is transfered through the VPN
C. IPSec uses 3DES algorithms to provide the highest level of security for data that is transfered through a VPN.
D. IPSec uses secret key cryptography to encrypt messages that are sent through a VPN
E. IPSec uses Diffie-Hellman as a hash algorithm to ensure integrity of data that is transmitted through a VPN
F. IPSec uses ESP to provide confidential transfer of data by encrypting IP packets.
A. IPSec uses encryption algorithms and keys to provide secure transfer of data
D. IPSec uses secret key cryptography to encrypt messages that are sent through a VPN
F. IPSec uses ESP to provide confidential transfer of data by encrypting IP packets.
What is an IPsec protocol that provides data confidentiality and authentication for IP packets?
ESP
