Fravo.com Certification Made Easy MCSE, CCNA, CCNP, OCP, CIW, JAVA, Sun Solaris, Checkpoint World No1 Cert Guides info@Fravo.com Building Cisco Remote Access Networks (BCRAN) Exam 642-821 Edition 3.0 © Copyrights 1998-2005 Fravo Technologies. All Rights Reserved. 642-821 http://www.fravo.com 1 Congratulations!! You have purchased a Fravo Technologies. Study Guide. This study guide is a complete collection of questions and answers that have been developed by our professional & certified team. You must study the contents of this guide properly in order to prepare for the actual certification test. The average time that we would suggest you for studying this study guide is approximately 15 to 20 hours and you will surely pass your exam. We guarantee it! GOOD LUCK! DISCLAIMER This study guide and/or material is not sponsored by, endorsed by or affiliated with Microsoft, Cisco, Oracle, Citrix, CIW, CheckPoint, Novell, Sun/Solaris, CWNA, LPI, ISC, etc. All trademarks are properties of their respective owners. Guarantee If you use this study guide correctly and still fail the exam, send a scanned copy of your official score notice at: info@fravo.com We will gladly refund the cost of this study guide or give you an exchange of study guide of your choice of the same or lesser value. This material is protected by copyright law and international treaties. Unauthorized reproduction or distribution of this material, or any portion thereof, may result in severe civil and criminal penalties, and will be prosecuted to the maximum extent possible under law. © Copyrights 1998-2005 Fravo Technologies. All Rights Reserved. http://www.fravo.com 642-821 http://www.fravo.com 2 Q1. When is ISDN BRI a viable option as a remote access solution? A. A mobile user that needs access to the central site while traveling. B. A branch office needs to connect to a mobile user. C. A remote site with sporadic traffic needs to connect to central site. D. A branch office requires at least 300kbps bandwidth to the central site. Answer: C Explanation: Basic Rate Interface (BRI) is an Integrated Systems Digital Network (ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel. The B channels are used to transfer data, voice, and video. The D channel controls the B channels. ISDN uses the D channel to carry signal information. ISDN can also use the D channel in a BRI to carry X.25 packets. The D channel has a capacity of 16 kbps, and the X.25 over D channel can utilize up to 9.6 kbps. When this feature is configured, a separate X.25-over-D-channel logical interface is created. You can set its parameters without disrupting the original ISDN interface configuration. The original BRI interface will continue to represent the D, B1, and B2 channels. Because some end-user equipment uses static terminal endpoint identifiers (TEIs) to access this feature, static TEIs are supported. The dialer understands the X.25-over- D-channel calls and initiates them on a new interface. X.25 traffic over the D channel can be used as a primary interface where low- volume, sporadic interactive traffic is the normal mode of operation. Supported traffic includes IPX, AppleTalk, transparent bridging, XNS, DECnet, and IP. This feature is not available on the ISDN Primary Rate Interface (PRI). Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1826/products_configuration_g uide_chapter09186a00800d9b8a.html Q2. Which statement is true regarding the ADSL (G.Lite G.922.2) standard? A. Signals cannot be carried on the same wire as POTS signals. B. It offers equal bandwidth for upstream and downstream data traffic. C. It was developed specifically for the consumer market segment requiring higher download speeds. D. It has limited operating range of less than 4,500 feet. Answer: C Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream. Downstream rates range from 1.5 to 9 Mbps, whereas upstream bandwidth ranges from 16 to 640 kbps. ADSL transmissions work at distances up to 18,000 feet (5,488 meters) over a single copper twisted pair. Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html 642-821 http://www.fravo.com 3 Q3. Which command will allow a router to attempt to discover the modem to which it is attached? A. modem autoconfigure discovery B. modem discovery autoconfigure C. modem autoconfigure type discovery D. modem discovery type autoconfigure Answer: A Explanation: If no modem is specified for a particular line and you have provided the modem autoconfigure discovery command, the access server attempts to autodiscover the type of modem to which it is attached. The access server determines the type of modem by sending AT commands to the modem and evaluating the response. Reference: Building Cisco Remote Access Networks (Ciscopress) page 83 Q4. Which user requirement is best served by an access server? A. Mobile sales force requiring dial-in access. B. Mobile sales force requiring dedicated connection. C. Corporate staff requiring access to web-bases applications. D. Corporate staff requiring access to applications on corporate systems. Answer: A Explanation: A router act access server, which is a concentration point for dial-in and dial-out calls. Mobile users, for example, can call into an access server at a Central site to access their messages. Reference: Building Cisco Remote Access Networks (Ciscopress) page 21 Q5. Which feature will cache routes learned by dynamic routing protocols, enabling their use over DDR connections? A. Route redistribution B. Dynamic static routes C. Snapshot routing D. DDR route maps E. Passive interfaces Answer: A Explanation: On the corporate side, it is very important that you be able to distribute those addresses across the network, as desired. To redistribute those routes, you 642-821 http://www.fravo.com 4 need to configure the routes to be redistributed to a dynamic routing protocol at the core side. Reference: Building Cisco Remote Access Networks (Ciscopress) page 190 Q6. The network administrator enables Frame Relay traffic shaping and configures a CIR of 64kbps. Using 125ms time interval, what will be the value of the committed burst (Bc) A. 32000 bits B. 24000 bits C. 16000 bits D. 8000 bits Answer: D Explanation: The calculation is TC = Bc/CIR 125ms (tc) = 8000bits (Bc)/64kbps (CIR) Reference: Building Cisco Remote Access Networks (Ciscopress) page 352 Q7. Drag the queuing method from the list on the right to the appropriate description on the right. (Note: not all options will be used.) Answer: 642-821 http://www.fravo.com 5 Explanation: Custom queuing – reserves a certain percentage of bandwidth for each specified class of traffic. Weighted fair queuing – prioritizes interactive traffics over file transfers to ensure satisfactory response time for common user applications. Basic queuing – No such thing Priority queuing – ensures the timely delivery of a specific protocol or type of traffic because that traffic is transmitted before all others. Reference: Building Cisco Remote Access Networks (Ciscopress) page 399 Q9. Which of the following are examples of DTE devices? (Choose three.) A. Mainframe computer B. CSU/DSU C. Router D. Terminal E. Modem Answer: A, C, D Explanation: Data terminal equipment (DTE) are end devices such as PCs, workstations, routers, and mainframe computers. Reference: Building Cisco Remote Access Networks (Ciscopress) page 57 Q10. Based on the configuration shown, what is the CIR of interface Serial0/0 300? 642-821 http://www.fravo.com 6 interface Serial0/0 no ip address encapsulation frame-relay no fair-queue frame-relay traffic-shaping bandwidth 1536 ! interface Serial0/0.100 point-to-point ip address 10.1.1.1 255.255.255.0 frame-relay interface-dlci 100 frame-relay class cisco ! interface Serial0/0.200 point-to-point ip address 10.1.2.1 255.255.255.0 frame-relay interface-dlci 200 frame-relay class cisco ! interface Serial0/0.300 point-to-point ip address 10.1.3.1 255.255.255.0 frame-relay interface-dlci 300 ! ! map-class frame-relay cisco frame-relay cir 128000 frame-relay adaptive-shaping becn A. 56 kbps B. 64 kbps C. 128 kbps D. 896 kbps E. 1536 kbps Answer: C Explanation: frame-relay cir To specify the incoming or outgoing committed information rate (CIR)for a Frame Relay virtual circuit, use the frame-relay cir map-class configuration command. To reset the CIR to the default, use the no form of this command. frame-relay cir {in | out} bps no frame-relay cir {in | out} bps Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1824/products_command_refe rence_chapter09186a0080087bcd.html#xtocid106829 Q11. Which three are responsible of IKE in the IPSec protocol? (Choose three.) A. Negotiating protocol parameters B. Packet encryption 642-821 http://www.fravo.com 7 C. Exchanging public keys D. Integrity checking user hashes E. Authenticating both sides of a connection F. Implementing tunnel mode Answer: A, C, E Explanation: IKE is a protocol used by IPSec for completion of Phase 1. IKE negotiates and assigns SAs for each IPSec peer, which provide a secure channel for the negotiation of the IPSec SAs in Phase 2. IKE provides the following benefits: • Eliminates the need to manually specify all the IPSec security parameters at both peers • Lets you specify a lifetime for the IKE SAs • Allows encryption keys to change during IPSec sessions • Allows IPSec to provide anti-replay services • Enables CA support for a manageable, scalable IPSec implementation • Allows dynamic authentication of peers Reference: http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_g uide_chapter09186a008017278c.html#39982 Q12. What are four PPP options that are negotiated using LCP? (Choose four.) A. Callback B. Multilink C. Accounting D. Compression E. Authorization F. Authentication G. Rate adaptation Answer: A, B, D, F Explanation: PPP Link Control Protocol Options: • Authentication • Callback • Compression • Multilink PPP Reference: Building Cisco Remote Access Networks (Ciscopress) page 111 Q13. Under which circumstance would use of Kerberos authentication system be required, instead of TACACS+ or RADIUS? A. Authentication, authorization and accounting need to use the a single database. B. Multiple level of authorization need to be applied to various router commands. C. DES encrypted authentication is required. D. The usage of various router functions needs to be accounted for by user name. 642-821 http://www.fravo.com 8 Answer: C Explanation: Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users. In Kerberos, this trusted server is called the key distribution center (KDC). The KDC issues tickets to validate users and services. A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service. These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued. If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not sent on the network in clear text. When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds. Kerberos also guards against intruders who might pick up the encrypted tickets from the network. Reference: http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080 094ea4.shtml Q14. Frame Relay describes the interconnection process between which two types of equipment? A. DTE and DTE B. DCE and DCE C. CPE and DTE D. CPE and DCE Answer: D Explanation: Frame relay defines the interconnection process between your customer premises equipment (CPE- also known as data terminal equipment [DTE]) such as a router, and the service provider’s local access-switching equipment (known as data communications equipment [DCE]). Reference: Building Cisco Remote Access Networks (Ciscopress) page 340 Q15. Given the following debug output, which two statements are true? (Choose two.) 1d16h: %LINK-3-UPDPDOWN: Interface Serial3/0, changed state to up *Mar 2 16:52:15.297: Se3/0 PPP: Treating connection as a dedicated line *Mar 2 16:52:15.441: Se3/0 PPP: Phase is AUTHENTICATING, by this end *Mar 2 16:52:15.445: Se3/0 CHAP: O CHALLENGE id 7 len 29 from “NAS1” A. The user is authenticating with the privileged mode password “NAS1”. 642-821 http://www.fravo.com 9 B. This is a connection attempt to an async port. C. The connection is established on serial interface 3/0. D. The client is attempting to setup a Serial Line Internet Protocol connection. E. The user is authenticating using CHAP. Answer: C, E Explanation: When using Chap authentication, the access server sends a challenge message to the remote node after the ppp link is established. The remote node responds with a value calculated by using a one-way hash function. The access server (NAS1) checks the reponse against its own calculation of the expected hash value. Reference: Building Cisco Remote Access Networks (Ciscopress) page 115 Q16. Which of the following terminals can be connected to an ISDN line? (Choose two.) A. TO2 B. TE1 C. TE2/TA D. NU1 Answer: B, C Explanation: Terminal equipment 1(TE1) - Designates a device that is compatible with the ISDN network. A TE1 connects to a Network Termination of either Type 1 or Type 2, such as a digital telephone, a router with ISDN interface, or digital facsimile equipment. Terminal equipment 2(TE2) - Designates a device that is not compatible with the ISDN and requires a terminal adapter, such as terminals with X.21, EIA/TIA-232, or X.25 interfaces or a router without a ISDN interface (AGS= and so on). Terminal adapter – converts standard electrical signals into the form used by ISDN, so that non-ISDN devices can connect to the ISDN network. Reference: Building Cisco Remote Access Networks (Ciscopress) page 171 Q17. Serial0 on a router is configured with the command encapsulation frame-relay. What can cause the output from the show interface command to indicate: Serial0 is up, line protocol is down? A. No carrier signal B. IP subnet mismatch C. LAPF state, down D. LMI type mismatch E. No IP address configured Answer: D [...]... that will initiate a connection Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 - 194 Q19 Drag and drop the ISDN in the options column to the related term in the target column 10 http://www fravo. com 642-821 Answer: Explanation: U interface cloud – defines the two-wire interface between the NT and the ISDN 11 http://www fravo. com 642-821 TE1 network – designates a device that is... 48 directly connect to modems 2/0 through 2/23, which are installed in the second slot Reference: Building Cisco Remote Access Networks (Ciscopress) page 70 http://www .cisco. com/en/US/products/sw/iosswrel/ps1831/products_configuration_g uide_chapter09186a00800ca657.html 12 http://www fravo. com 642-821 Q22 A small remote site requires a low cost, T1 speed connection to make secure file transfers to a... Explanation: The default encapsulation, which is Cisco, is applied to all the VCs available on that serial interface If most destinations use the Cisco encapsulation, 14 http://www fravo. com 642-821 but one destination requires the IETF, you would specify, under the interface, the general encapsulation to be used by most destinations Because the default encapsulation is Cisco, you would specify the exception... http://www .cisco. com/en/US/tech/tk713/tk237/technologies_tech_note09186a0080 14f8a7.shtml#topic2 Q44 What is the default encapsulation type set on Cisco router serial interfaces? A B C D Frame Relay HDLC PPP LAPB Answer: B 23 http://www fravo. com 642-821 Explanation: HDLC is the default encapsulation type on point-to-point, dedicated links It is used typically when communicating between two Cisco devices... follows: • • Asynchronous serial Integrated Service Digital Network (ISDN), Basic Rate Interface (BRI), and ISDN Primary rate Interface (PRI) Reference: Building Cisco Remote Access Networks (Ciscopress) page 20 21 16 http://www fravo. com 642-821 Q30 Which two are characteristics of Frame Relay? (Choose two.) A B C D Medium cost High reliability Circuit-switched Branch site connectivity Answer: B,... remote system, and broadcast indicates that broadcast should be forwarded to this address The dial-string is the number to dial to reach the destination 17 http://www fravo. com 642-821 Reference: Building Cisco Remote Access Networks (Ciscopress) page 187 Q32 When a modem powers up, how does the connected computer know that the DCE is ready to use? A B C D The The The The modem modem modem modem sets... events command also displays information that is useful for monitoring and troubleshooting Multilink PPP Reference: Building Cisco Remote Access Networks (Ciscopress) page 209, 210 Incorrect Answers: B: Not a valid command C: Troubleshoots ISDN layer 2 19 http://www fravo. com 642-821 Q36 By which two methods can callers be authenticated using PPP? (Choose two.) A B C D Message digest key Authentication... deny access and no authentication is performed Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 Q38 Which of the following are used to verify and troubleshoot a PPP session? (Choose two.) A show interfaces B show PPP C debug PPP negotiation D debug PPP session Answer: A, C Explanation: 20 http://www fravo. com 642-821 • • Use the show interfaces command to display status and counter... SAPI TEI group assignments are 0-63 for non automatic assignments; 64-126 for automatic TEI assignment; and 127 for group assignment, or broadcast Reference: Building Cisco Remote Access Networks (Ciscopress) page 177 21 http://www fravo. com 642-821 Q41 When the following configuration is present on the router, how many addresses will be available for dynamic nat translation? ip nat pool test 192.168.1.33... equipment (DTE) unless it sees the correct LMI (use Cisco' s default to "cisco" LMI) Check to make sure the Cisco router is transmitting data You will most likely need to check the line integrity using loop tests at various locations beginning with the local CSU and working your way out until you get to the provider's Frame Relay switch Reference: http://www .cisco. com/en/US/tech/tk713/tk237/technologies_tech_note09186a0080 . burst (Bc) A. 32 00 0 bits B. 2 400 0 bits C. 1 600 0 bits D. 800 0 bits Answer: D Explanation: The calculation is TC = Bc/CIR 125ms (tc) = 800 0bits (Bc)/64kbps. 10. 1.2.1 255.255.255 .0 frame-relay interface-dlci 200 frame-relay class cisco ! interface Serial0 /0 . 30 0 point-to-point ip address 10. 1 .3. 1 255.255.255.0