642-821 (BCRAN®) TestKing's Building Cisco® Remote Access Networks Version 1.0 642 - 821 Important Note Please Read Carefully Study Tips This product will provide you questions and answers along with detailed explanations carefully compiled and written by our experts Try to understand the concepts behind the questions instead of cramming the questions Go through the entire document at least twice so that you make sure that you are not missing anything Further Material For this test TestKing plans to provide: * Interactive Test Engine Examinator Check out an Examinator Demo at http://www.testking.com/index.cfm?pageid=724 Latest Version We are constantly reviewing our products New material is added and old material is revised Free updates are available for 90 days after the purchase You should check your member zone at TestKing an update 3-4 days before the scheduled exam date Here is the procedure to get the latest version: Go to www.testking.com Click on Member zone/Log in The latest versions of all purchased products are downloadable from here Just click the links For most updates, it is enough just to print the new questions at the end of the new version, not the whole document Feedback Feedback on specific questions should be send to feedback@testking.com You should state: Exam number and version, question number, and login ID Our experts will answer your mail promptly Copyright Each pdf file contains a unique serial number associated with your particular name and contact information for security purposes So if we find out that a particular pdf file is being distributed by you, TestKing reserves the right to take legal action against you according to the International Copyright Laws Leading the way in IT testing and certification tools, www.testking.com -2- 642 - 821 QUESTION NO: A bank needs to connect a branch office to the corporate network on the other side of town The branch office has twelve users that require constant access to the bank’s central accounting system throughout the day Which two connection types may be most appropriate for this branch office? (Choose two) A B C D ISDN BRI Frame Relay Asynchronous Dedicated lease line Answer: B D Explanation: The remote site must have a mix of equipment, but not as much as the Central site requires Typical WAN solutions that a remote site uses to connect to the Central site as follows: • Leased line • Frame Relay • X.25 • ISDN Reference: Building Cisco Remote Access Networks (Ciscopress) page 30 Incorrect Answers A: Used for telecommuters C: Used for telecommuters QUESTION NO: You need to support a mobile sales group who needs access to email from a variety of locations What best meets the needs of the sales group? A B C D Digital service Multi-mode service Asynchronous service High-Speed Serial (HSS) interface Answer: C Explanation: An asynchronous dial-up solution using the existing telephony network and an analog modem is often the solution for telecommuters because it is easy and the telephone facilities are already installed Leading the way in IT testing and certification tools, www.testking.com -3- 642 - 821 Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 QUESTION NO: What are the advantages of Frame Relay connection over dedicated leased lines? (Choose two) A B C D Better suited multiple branch locations Lower cost More control over the connection Full guaranteed bandwidth Answer: B, C Explanation: Frame Relay provides virtual circuit connectivity for enterprise networks that require 56 kbps up to T1/E1 speeds It costs less than leased lines because it uses statistical multiplexing of packets to gain efficiencies within the network, at the cost of a less-stringent bandwidth and latency guarantee Frame Relay is being widely deployed in enterprise networks to connect regional and branch offices into the enterprise backbone Reference: http://www.cisco.com/en/US/products/hw/modules/ps2033/products_white_paper09186a0080091ca9.shtml QUESTION NO: On an EIA/TIA-232 null modem cable with DB25 connectors, which two pins are cross connected? (Choose two) A B C D E F Pin Pin Pin Pin Pin Pin Answer: A, B Explanation: Null modems crisscross DB-25 pins 2, and other corresponding pins so that the two DTE devices can communicate Some devices can be configured to operate either like a DTE or a DCE Configuring a device as a DCE usually means that it receives data on pin and transmits data on pin Reference: Building Cisco Remote Access Networks (Ciscopress) page 62 Leading the way in IT testing and certification tools, www.testking.com -4- 642 - 821 QUESTION NO: Which WAN connections are typically employed at telecommuter sites? (Choose three) A B C D E F Asynchronous dial-up ISDN BRI Leased lines HDSL Cable modems ADSL Answer: A B F Explanation: Typical WAN connections employed at telecommuter sites are as follows: • Asynchronous dial-up • ISDN BRI • Frame Relay (leased line) Reference: Building Cisco Remote Access Networks (Ciscopress) page 31 QUESTION NO: Which statement describes the differences between IPSec and Cisco Encryption Technology (CET)? A B C D CET supports AH, ESP and Anti-Replay which are not available with IPSec IPSec supports AH, ESP and Anti-Replay which are not available with CET CET is the implementation of IPSec in the Cisco Secure Services package IPSec is used to encrypt IP-only packets, whereas CET is used to encrypt only non-IP packets Answer: B Explanation: If you require only Cisco router-to-Cisco router encryption, then you could run CET, which is a more mature, higher-speed solution If you require a standards-based solution that provides multivendor interoperability or remote client connections, then you should implement IPSec Also, if you want to implement data authentication with or without privacy (encryption), then IPSec is the right choice Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800 d981b.html#77018 Leading the way in IT testing and certification tools, www.testking.com -5- 642 - 821 QUESTION NO: When using a CATV cable service as an Internet connection medium, what is “upstream traffic”? A B C D Traffic getting at the user’s home traveling to the headend Traffic between the headend and the supplier antenna Broadcast traffic, including the cable TV signals Traffic from outside the local cable segment serving the user’s home Answer: A Explanation: In the upstream direction (subscriber cable modems transmitting towards the head-end) the environment is many transmitters and one receiver This introduces the need for precise scheduling of packet transmissions to achieve high utilization and precise power control so as to not overdrive the receiver or other amplifier electronics in the cable system Since the upstream direction is like a single receiver with many antennas, the channels are much much more susceptible to inter-fering noise products [5, 6] In the cable industry, we generally call this ingress noise 00000000000000 Reference: http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac202/about_cisco_ipj_archive_article09186a00800c83 7c.html QUESTION NO: Which feature will cache routes learned by dynamic routing protocols, enabling their use over DDR connections? A B C D E Route redistribution Dynamic static routes Snapshot routing DDR route maps Passive interfaces Answer: A Explanation: On the corporate side, it is very important that you be able to distribute those addresses across the network, as desired To redistribute those routes, you need to configure the routes to be redistributed to a dynamic routing protocol at the core side Reference: Building Cisco Remote Access Networks (Ciscopress) page 190 Leading the way in IT testing and certification tools, www.testking.com -6- 642 - 821 QUESTION NO: Which statement is true regarding the ADSL (G.Lite G.922.2) standard? A B C D Signals cannot be carried on the same wire as POTS signals It offers equal bandwidth for upstream and downstream data traffic It was developed specifically for the consumer market segment requiring higher download speeds It has limited operating range of less than 4,500 feet Answer: C Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more bandwidth downstream (from the central office to the customer site) than upstream Downstream rates range from 1.5 to Mbps, whereas upstream bandwidth ranges from 16 to 640 kbps ADSL transmissions work at distances up to 18,000 feet (5,488 meters) over a single copper twisted pair Reference: http://www.cisco.com/en/US/tech/tk175/tk15/tech_protocol_family_home.html QUESTION NO: 10 Which statement is true regarding uninteresting traffic being carried over a DDR link? A Uninteresting traffic will keep DDR call established, even if no more interesting traffic is being routed over the link B Uninteresting traffic will be routed over an established DDR call, but at a lower priority than interesting traffic C Uninteresting traffic will not be routed over an established DDR call D Uninteresting traffic will be routed over an established DDR call, as long as there is enough interesting traffic to keep the call connected Answer: C Explanation: Packets that are permitted entry according to the access list are identified as interesting or packets of interest Packets that are not permitted entry or are denied entry by an access list are deemed uninteresting Reference: http://www.cisco.com/en/US/products/sw/iosswrel/ps1820/products_configuration_guide_chapter09186a00800 87504.html Leading the way in IT testing and certification tools, www.testking.com -7- 642 - 821 QUESTION NO: 11 What is the default action of authentication when AAA is enabled but authentication is not set? A B C D E F Allow a user to access all resources after login Disallow a user from access to all resources after login Record all access of resources and how long the user accessed each resources Not to record any access of resources after login Allow any user to login without checking the authentication data Disallow any user from logging in with or without a valid username and password Answer: F Explanation: If authentication is not specifically set for a line, the default is to deny access and no authentication is performed Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 QUESTION NO: 12 Drag the queuing method from the list on the right to the appropriate description on the right Note: not all options will be used Answer: Leading the way in IT testing and certification tools, www.testking.com -8- 642 - 821 Explanation: • Custom queuing – reserves a certain percentage of bandwidth for each specified class of traffic • Weighted fair queuing – prioritizes interactive traffics over file transfers to ensure satisfactory response time for common user applications • Basic queuing – No such thing • Priority queuing – ensures the timely delivery of a specific protocol or type of traffic because that traffic is transmitted before all others Reference: Building Cisco Remote Access Networks (Ciscopress) page 399 QUESTION NO: 13 Under which circumstance would use of Kerberos authentication system be required, instead of TACACS+ or RADIUS? A B C D Authentication, authorization and accounting need to use the a single database Multiple level of authorization need to be applied to various router commands DES encrypted authentication is required The usage of various router functions needs to be accounted for by user name Answer: C Explanation: Kerberos is a client-server based secret-key network authentication method that uses a trusted Kerberos server to verify secure access to both services and users In Kerberos, this trusted server is called the key distribution center (KDC) The KDC issues tickets to validate users and services A ticket is a temporary set of electronic credentials that verify the identity of a client for a particular service These tickets have a limited life span and can be used in place of the standard user password authentication mechanism if a service trusts the Kerberos server from which the ticket was issued If the standard user password method is used, Kerberos encrypts user passwords into the tickets, ensuring that passwords are not Leading the way in IT testing and certification tools, www.testking.com -9- 642 - 821 sent on the network in clear text When you use Kerberos, passwords are not stored on any machine, except for the Kerberos server, for more than a few seconds Kerberos also guards against intruders who might pick up the encrypted tickets from the network Reference: http://www.cisco.com/en/US/tech/tk583/tk642/technologies_tech_note09186a0080094ea4.shtml QUESTION NO: 14 Which of the following are examples of DTE devices? (Choose three) A B C D E Mainframe computer CSU/DSU Router Terminal Modem Answer: A C D Explanation: Data terminal equipment (DTE) are end devices such as PCs, workstations, routers, and mainframe computers Reference: Building Cisco Remote Access Networks (Ciscopress) page 57 QUESTION NO: 15 When the following configuration is present on the router, how many addresses will be available for dynamic nat translation? ip nat pool test 192.168.1.33 192.168.1.42 netmask 255.255.255.224 ip nat inside source list pool test A B C D 10 31 Answer: C Explanation The IP address that is configured for dynamic nat translation is 192.168.1.33 19 192.168.1.42 netmask 255.255.255.224 The start-ip is 192.168.1.33 The end-ip is 192.168.1.42 Leading the way in IT testing and certification tools, www.testking.com - 10 - ... to access all resources after login Disallow a user from access to all resources after login Record all access of resources and how long the user accessed each resources Not to record any access. .. not specifically set for a line, the default is to deny access and no authentication is performed Reference: Building Cisco Remote Access Networks (Ciscopress) page 470 QUESTION NO: 12 Drag the... router, and the service provider’s local access- switching equipment (known as data communications equipment [DCE]) Reference: Building Cisco Remote Access Networks (Ciscopress) page 340 QUESTION