CCNA WAN Technologies Questions

58 questions · WAN Technologies · All types, answers revealed

1
MCQhard

An engineer is deploying a new SD-WAN solution using Cisco vManage. The WAN edge routers are connected to two different transport networks: MPLS and Internet. The engineer wants to ensure that voice traffic is always sent over the MPLS link when available, and only fails over to the Internet link if the MPLS link goes down. The engineer has configured a policy to set the preferred color for voice traffic to 'mpls'. However, during a test, voice traffic is still using the Internet link even though the MPLS link is up. What is the most likely cause?

A.The policy is not attached to the correct VPN or site list.
B.The voice traffic is using a different DSCP value than the one defined in the policy.
C.The MPLS link is not in the 'up' state in the vManage overlay.
D.The policy is configured as a local policy instead of a centralized policy.
AnswerA

Correct. In vManage, policies must be associated with specific VPNs or sites. If the policy is not attached to the VPN that carries voice traffic, it will not be applied.

Why this answer

In Cisco SD-WAN, policy is applied in a specific order: centralized data policy, centralized app-route policy, and then local policy. The preferred color is set in the centralized data policy, but if there is also a centralized app-route policy that does not consider the preferred color, or if the policy is not properly attached to the correct VPN or site, it may not take effect. Additionally, the policy must be applied to the correct direction (service-side vs. transport-side).

2
Multi-Selecthard

Which three statements about IPsec VPNs are true? (Choose three.)

Select 3 answers
A.IPsec transport mode encrypts the entire original IP packet, including the IP header.
B.IKEv2 is more resilient to network changes than IKEv1 because it supports Dead Peer Detection (DPD) as a built-in feature.
C.AES is a symmetric encryption algorithm commonly used in IPsec to provide data confidentiality.
D.IKE uses TCP port 500 for key exchange and negotiation of security associations.
E.ESP in tunnel mode can provide both encryption and authentication for the entire IP packet.
AnswersB, C, E

Correct because IKEv2 includes DPD as a standard mechanism to detect peer liveness, whereas IKEv1 requires separate configuration.

Why this answer

IPsec VPNs can operate in transport mode (protecting payload only) or tunnel mode (protecting entire IP packet). IKEv2 is more robust than IKEv1, supporting EAP authentication and built-in DPD. AES is a symmetric encryption algorithm used for data confidentiality.

SHA is used for integrity, not encryption. IKE uses UDP port 500, not TCP. ESP can provide both encryption and authentication, but authentication is optional in some implementations.

3
Multi-Selecthard

Which three statements about DMVPN Phase 3 are true? (Choose three.)

Select 3 answers
A.In DMVPN Phase 3, the hub router must always be in the data path for all traffic between spokes.
B.Spokes register their physical (non-NBMA) addresses with the NHRP server (hub) to enable dynamic tunnel establishment.
C.NHRP redirect messages are sent by the hub to inform a spoke that a better path exists directly to another spoke.
D.DMVPN Phase 3 uses point-to-point GRE tunnels for spoke-to-spoke connections.
E.DMVPN Phase 3 supports dynamic spoke-to-spoke tunnel establishment using NHRP and mGRE.
AnswersB, C, E

Correct because spokes send NHRP registration requests to the hub, including their real interface IP addresses, so the hub can resolve NBMA addresses.

Why this answer

DMVPN Phase 3 introduces per-destination NHRP redirects to allow spoke-to-spoke tunnels without requiring the hub to proxy all traffic. Spokes register their real (physical) IP addresses with the NHRP server (hub). The hub does not need to be part of the data path after the spoke-to-spoke tunnel is established.

Phase 3 uses NHRP redirect messages from the hub to inform spokes of better paths. The spoke-to-spoke tunnel is built dynamically using mGRE, not p2p GRE. Phase 3 supports both IPv4 and IPv6.

4
MCQeasy

An engineer is troubleshooting a site-to-site VPN that uses IPsec with IKEv1. The tunnel is established, but traffic is intermittently dropped. The engineer checks the 'show crypto ipsec sa' output and sees that the number of packets that failed anti-replay check is increasing. What is the most likely cause of this issue?

A.The IPsec SA is using a weak encryption algorithm.
B.The IPsec SA is using ESP in tunnel mode with authentication only.
C.The traffic is taking multiple paths, causing packets to arrive out of order.
D.The IPsec SA lifetime is too short, causing frequent rekeying.
AnswerC

Correct. Anti-replay checks rely on sequence numbers. If packets arrive out of order, the receiver may drop them if they fall outside the anti-replay window.

Why this answer

Anti-replay is a security feature in IPsec that uses sequence numbers to prevent replay attacks. If packets arrive out of order (e.g., due to different paths or latency), the anti-replay window may drop them. This is common when there are multiple paths or when the IPsec SA is used for traffic that is load-balanced across different links.

5
Drag & Dropmedium

Drag and drop the steps of PPPoE session establishment into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

PPPoE session establishment begins with the Discovery stage: the client sends a PADI to find a server, the server responds with a PADO, the client selects a server and sends a PADR, the server assigns a session ID via PADS. Finally, the PPP link is negotiated using LCP and authentication.

6
MCQmedium

A network engineer is troubleshooting a site-to-site IPsec VPN tunnel between two Cisco routers. The tunnel is established and IKEv2 Phase 1 is up, but no traffic passes. The engineer checks the crypto map and sees that the ACL is configured to permit traffic between the two LAN subnets. However, 'show crypto ipsec sa' shows that the number of packets encapsulated and decapsulated is zero. What is the most likely cause?

A.The crypto map is not applied to the correct interface.
B.The IPsec transform set uses ESP with SHA-1, but the remote router expects AES-GCM.
C.The ACL on the crypto map is missing the 'permit ip' statement for the return traffic.
D.The tunnel interface is down due to a routing issue.
AnswerB

Correct. A mismatch in the transform set (e.g., encryption or authentication algorithms) will prevent Phase 2 from establishing, even though Phase 1 (which uses a different proposal) may succeed.

Why this answer

When IKEv2 Phase 1 is up but Phase 2 (IPsec SA) is not established, the most common cause is a mismatch in the proxy identities (the interesting traffic ACL) or a mismatch in the IPsec transform set parameters. Since the ACL is configured correctly, the issue is likely a mismatch in the transform set or the IKEv2 proposal.

7
Drag & Dropmedium

Drag and drop the steps of DMVPN Phase 3 spoke-to-spoke shortcut creation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In DMVPN Phase 3, when a spoke needs to send traffic to another spoke, it first sends data through the hub, the hub forwards the packet with a redirect, the spoke then sends an NHRP resolution request to the hub, the hub replies with the destination spoke's NBMA address, and finally the source spoke builds a direct mGRE tunnel to the destination spoke. The correct order is: spoke sends data through hub, hub sends redirect with NHRP trigger, spoke sends NHRP resolution request to hub, hub replies with destination spoke NBMA address, source spoke builds direct mGRE tunnel to destination spoke.

8
MCQeasy

A network engineer is configuring a PPPoE client on a Cisco router for a DSL connection. The engineer configures the dialer interface with the correct PPPoE profile and authentication credentials. The PPPoE session establishes, but the router cannot ping the ISP's gateway IP address. The engineer checks the routing table and sees that a default route is present via the dialer interface. What is the most likely cause?

A.The dialer interface does not have an IP address negotiated via IPCP.
B.The physical interface is configured with 'no ip address'.
C.The default route is pointing to the wrong next-hop IP.
D.The ISP's gateway is not responding to ICMP.
AnswerA

Correct. In PPPoE, the ISP typically assigns an IP address via IPCP. If the dialer interface does not receive an IP address, the router cannot communicate with the gateway.

Why this answer

PPPoE sessions often require the use of PPPoE client configuration on the physical interface and the dialer interface. A common issue is that the physical interface (e.g., Ethernet) is not configured with the 'pppoe enable' command, or the dialer interface is not bound to the correct dialer pool. However, the session is established, so the PPPoE negotiation succeeded.

The inability to ping the gateway is often due to a missing or incorrect 'ip route' or a firewall issue, but the most common cause is that the ISP requires the use of PPP IPCP to negotiate the IP address, and the router may not have an IP address assigned.

9
MCQmedium

Which BGP attribute is used as the first tie-breaker when multiple paths are available and the weight is equal?

A.Local preference
B.AS path length
C.Origin code
D.MED
AnswerA

Correct. After weight, local preference is the next attribute compared; higher is preferred.

Why this answer

BGP uses a multi-step path selection process. After comparing weight (highest wins), the next attribute is local preference (highest wins).

10
MCQmedium

interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip ospf network non-broadcast ip ospf priority 1 ! router ospf 1 network 192.168.1.0 0.0.0.255 area 0 neighbor 192.168.1.2 What is the effect of this configuration?

A.OSPF will form an adjacency with 192.168.1.2 and elect a DR/BDR based on priority.
B.OSPF will form an adjacency with 192.168.1.2 without DR/BDR election.
C.OSPF will automatically discover neighbors via multicast and form adjacencies.
D.OSPF will use a 30-second hello interval and suppress DR/BDR election.
AnswerA

Correct. Non-broadcast network type requires manual neighbor configuration and uses DR/BDR election.

Why this answer

The OSPF network type is set to non-broadcast, which requires manual neighbor configuration. The 'neighbor' command is used to specify the neighbor IP. The priority is set to 1, which allows the router to participate in DR/BDR election.

This is typical for Frame Relay or other NBMA networks.

11
MCQmedium

A network engineer executes the following command on Router R2: R2# show mpls ldp neighbor Peer LDP Ident: 192.168.1.1:0; Local LDP Ident 192.168.1.2:0 TCP connection: 192.168.1.1.646 - 192.168.1.2.54321 State: Oper; Msgs sent/rcvd: 1234/1234; Downstream Up time: 2d04h LDP discovery sources: GigabitEthernet0/0, Src IP addr: 192.168.1.1 holdtime: 15000 ms, hello interval: 5000 ms Addresses bound to peer LDP Ident: 192.168.1.1 10.0.0.1 Based on this output, what is true about the LDP session?

A.The LDP session is down because the state is 'Oper'.
B.The LDP session is using UDP port 646 for the TCP connection.
C.The LDP session is operational and the holdtime is 15000 ms.
D.The LDP session is using the default hello interval of 5000 ms.
AnswerC

The state is 'Oper' and holdtime is explicitly shown as 15000 ms.

Why this answer

The output shows an LDP neighbor with state 'Oper' (operational) and a TCP connection using well-known port 646. The holdtime and hello interval are displayed.

12
MCQhard

A network engineer issues the following command on Router R6: R6# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.1.100 10.0.0.10 --- --- --- 192.168.1.101 10.0.0.11 --- --- udp 192.168.1.100:1234 10.0.0.10:1234 203.0.113.5:53 203.0.113.5:53 tcp 192.168.1.101:80 10.0.0.11:80 198.51.100.2:443 198.51.100.2:443 Based on this output, what is true about the NAT translations?

A.All translations are static NAT entries.
B.The translation for 10.0.0.10 to 192.168.1.100 is a dynamic NAT without PAT.
C.The router is performing only PAT (overload).
D.The outside global address is the same for all translations.
AnswerB

The first two entries have no protocol or port, indicating a simple one-to-one dynamic NAT. The later entries show PAT with ports.

Why this answer

The output shows dynamic NAT translations with inside local and inside global addresses. The presence of protocol-specific translations (udp, tcp) indicates PAT (NAT overload) is in use for some traffic.

13
MCQmedium

A network engineer runs the following command on Router R4: R4# show interfaces tunnel 0 Tunnel0 is up, line protocol is up Hardware is Tunnel Internet address is 10.0.0.4/30 MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation TUNNEL, loopback not set Keepalive not set Tunnel source 192.168.1.4, destination 192.168.2.4 Tunnel protocol/transport GRE/IP Key disabled, sequencing disabled Checksumming of packets disabled Last input never, output never, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/0 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort 0 packets output, 0 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 unknown protocol drops 0 output buffer failures, 0 output buffers swapped out Based on this output, what is true about this tunnel?

A.The tunnel is using IPsec encryption.
B.The tunnel is a GRE tunnel that is up and operational.
C.The tunnel is using MPLS over GRE.
D.The tunnel is down because there are no packets.
AnswerB

The interface is up/up and protocol is GRE/IP.

Why this answer

The tunnel is up/up, uses GRE/IP encapsulation, and has a source and destination IP. The lack of traffic is indicated by zero packets input/output.

14
MCQhard

An engineer is configuring a FlexVPN hub-and-spoke topology using IKEv2. The hub router is configured with a dynamic crypto map and a local pool for assigning IP addresses to spokes. The spokes are configured with a static crypto map and a tunnel interface with an IP address from the pool. The tunnel comes up, but the spoke cannot ping the hub's tunnel interface. The hub can ping the spoke's tunnel interface. What is the most likely cause?

A.The spoke is configured with a static IP address on the tunnel interface that is not in the hub's IP pool.
B.The hub is missing the 'tunnel protection ipsec' command on the tunnel interface.
C.The spoke's crypto map is not using the correct pre-shared key.
D.The hub's IKEv2 profile is not configured with 'authentication remote rsa-sig'.
AnswerA

Correct. In FlexVPN, the hub assigns IP addresses from a pool. If the spoke statically configures an IP address, the hub may not have a route back to that address, causing asymmetric routing or unreachability.

Why this answer

In FlexVPN, the hub assigns an IP address to the spoke from a pool. The spoke's tunnel interface should receive this IP address dynamically. If the spoke is configured with a static IP address that is not in the hub's pool, the hub will not route traffic back to the spoke correctly, or the spoke may have a mismatched subnet.

The hub can ping the spoke because the spoke's tunnel IP is reachable, but the spoke cannot ping the hub because the spoke's routing table may not have a route to the hub's tunnel IP, or the hub's reverse route injection is not working.

15
Drag & Dropmedium

Drag and drop the steps of DMVPN Phase 1 spoke-to-hub tunnel setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In DMVPN Phase 1, the spoke first establishes an mGRE tunnel to the hub using a multipoint interface. The hub then registers the spoke's NHRP mapping. After registration, the spoke can dynamically learn routes from the hub via the tunnel.

Finally, the spoke sends traffic through the hub, which routes it to the destination.

16
MCQmedium

A company is using a dual-homed MPLS L3VPN connection with two different ISPs. The CE router is running eBGP with both PE routers. The engineer wants to ensure that inbound traffic from the Internet to the company's web servers uses both links, but outbound traffic from the company should prefer ISP A. The company advertises the same /24 prefix to both ISPs. What BGP configuration should the engineer apply on the CE router?

A.Set a lower MED for routes advertised to ISP A and a higher MED for routes advertised to ISP B.
B.Use AS path prepending on routes advertised to ISP B and set a higher local preference for routes learned from ISP A.
C.Advertise a more specific prefix (e.g., /25) to ISP A and a less specific prefix (/24) to ISP B.
D.Configure the CE router to use BGP multipath with both ISPs.
AnswerB

Correct. AS path prepending makes the path to ISP B longer, discouraging inbound traffic from using it. Setting a higher local preference for routes from ISP A makes outbound traffic prefer ISP A.

Why this answer

To influence inbound traffic, the engineer can use AS path prepending to make one path less preferred. For outbound traffic, local preference can be used to prefer one ISP. Since the company wants outbound traffic to prefer ISP A, they should set a higher local preference for routes learned from ISP A.

For inbound traffic, they can prepend AS path to ISP B to make that path less attractive.

17
MCQeasy

What is the maximum hop count for EIGRP?

A.255
B.100
C.15
D.224
AnswerA

Correct. EIGRP has a maximum hop count of 255.

Why this answer

EIGRP uses a maximum hop count of 255 by default, though the default administrative distance is 90 for internal routes and 170 for external routes.

18
Drag & Dropmedium

Drag and drop the steps of DMVPN Phase 1 spoke-to-hub tunnel setup into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In DMVPN Phase 1, the spoke first establishes an mGRE tunnel to the hub using NHRP registration, then the hub learns the spoke's NBMA address, and finally the spoke can route traffic through the hub. The correct order is: configure mGRE tunnel interface on spoke, configure NHRP with hub as NHS, spoke registers its NBMA address via NHRP, hub adds spoke to its NHRP database, and spoke sends traffic through hub.

19
MCQhard

A network engineer is configuring a DMVPN Phase 3 deployment with EIGRP as the routing protocol. The hub router has multiple spoke routers behind a single physical interface. The engineer notices that spoke-to-spoke traffic is being forwarded through the hub instead of directly. The spoke routers have the correct NHRP and mGRE configuration. What is the most likely cause of this issue?

A.The hub router is configured with 'no ip next-hop-self eigrp' under the tunnel interface.
B.The hub router is configured with 'ip next-hop-self eigrp' under the tunnel interface.
C.The spoke routers have 'ip nhrp shortcut' configured but the hub does not have 'ip nhrp redirect'.
D.The spoke routers are using static NHRP mappings to the hub only, without dynamic NHRP registration.
AnswerB

Correct. With next-hop-self enabled, the hub advertises routes with its own IP as the next hop, preventing spokes from learning the remote spoke's tunnel IP and thus no direct tunnel is built.

Why this answer

In DMVPN Phase 3, spoke-to-spoke tunnels require NHRP redirect and routing protocol next-hop-self behavior to be disabled on the hub so that spokes learn the remote spoke's next-hop IP and install a direct NHRP shortcut. If the hub still sets next-hop-self in EIGRP updates, spokes will see the hub as the next hop and forward traffic through it.

20
MCQmedium

A network engineer runs the following command on Router R7: R7# show vrf brief Name Default RD Protocols Interfaces Mgmt-intf <not set> ipv4,ipv6 GigabitEthernet0/0 CUSTOMER-A 65001:100 ipv4 GigabitEthernet0/1.10 CUSTOMER-B 65001:200 ipv4 GigabitEthernet0/1.20 Based on this output, what can be concluded?

A.VRF CUSTOMER-A is using IPv6.
B.VRF Mgmt-intf has a route distinguisher set.
C.VRF CUSTOMER-B is associated with subinterface GigabitEthernet0/1.20.
D.All VRFs are using the same route distinguisher.
AnswerC

The output shows CUSTOMER-B with interface GigabitEthernet0/1.20.

Why this answer

The output shows VRFs with route distinguishers and associated interfaces. VRF CUSTOMER-A and CUSTOMER-B are configured with specific RDs and interfaces.

21
Matchingeasy

Drag and drop each leased line technology on the left to its matching speed on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

1.544 Mbps

2.048 Mbps

44.736 Mbps

155.52 Mbps

44.736 Mbps

Why these pairings

T1 runs at 1.544 Mbps, E1 at 2.048 Mbps, DS3 at 44.736 Mbps, and OC-3 at 155.52 Mbps. T3 is 44.736 Mbps (same as DS3).

22
MCQmedium

interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.0 ip nat outside ! interface GigabitEthernet0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside ! access-list 1 permit 192.168.1.0 0.0.0.255 ! ip nat inside source list 1 interface GigabitEthernet0/0 overload What is the effect of this configuration?

A.All traffic from 192.168.1.0/24 will be translated to the IP address of GigabitEthernet0/0 using PAT.
B.Only one host from 192.168.1.0/24 can access the internet at a time.
C.Traffic from the outside interface will be translated to 192.168.1.0/24.
D.The configuration will fail because the access list must be applied to an interface.
AnswerA

Correct. The 'overload' keyword enables PAT, translating multiple inside hosts to a single outside IP.

Why this answer

This is a standard NAT overload (PAT) configuration. The inside network 192.168.1.0/24 is translated to the IP address of the outside interface (GigabitEthernet0/0) using port address translation. All inside hosts share the outside interface IP address.

23
MCQmedium

interface Tunnel0 ip address 10.0.0.1 255.255.255.252 tunnel source GigabitEthernet0/0 tunnel destination 203.0.113.2 tunnel mode ipsec ipv4 ! crypto isakmp policy 10 authentication pre-share encryption aes 256 hash sha group 14 lifetime 86400 ! crypto isakmp key cisco123 address 203.0.113.2 ! crypto ipsec transform-set TSET esp-aes 256 esp-sha-hmac mode tunnel ! crypto map CMAP 10 ipsec-isakmp set peer 203.0.113.2 set transform-set TSET match address 100 ! interface GigabitEthernet0/0 crypto map CMAP ! access-list 100 permit ip 10.0.0.0 0.0.0.3 10.0.0.4 0.0.0.3 What is the effect of this configuration?

A.The configuration creates an IPsec VTI that encrypts traffic between the two tunnel endpoints.
B.The configuration will fail because the crypto map must be applied to the tunnel interface, not the physical interface.
C.The configuration will only encrypt traffic from 10.0.0.0/30 to 10.0.0.4/30, but not the reverse.
D.The configuration uses IKEv2 because of the transform-set and crypto map.
AnswerA

Correct. The tunnel mode ipsec ipv4 and crypto map create a secure tunnel, and the ACL matches the tunnel subnets.

Why this answer

The configuration sets up a site-to-site IPsec VPN using a tunnel interface with IPsec protection. The crypto map is applied to the physical interface, and the access list defines interesting traffic between the two /30 subnets (10.0.0.0/30 and 10.0.0.4/30). This is a valid configuration for a DMVPN or static VTI, but note that the tunnel mode is 'ipsec ipv4' which is used for IPsec VTI (Virtual Tunnel Interface) and requires a crypto map on the physical interface to protect the tunnel.

The access list correctly matches the tunnel networks.

24
Drag & Drophard

Drag and drop the steps of DMVPN phase 2 spoke-to-spoke tunnel establishment into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In DMVPN phase 2, each spoke first registers with the hub via mGRE and NHRP. When a spoke wants to reach another spoke, it sends an NHRP Resolution Request to the hub. The hub forwards the request to the destination spoke, which replies with its real (non-NBMA) address.

The source spoke then initiates a direct mGRE tunnel to the destination spoke, and finally the spokes exchange routing information over the direct tunnel.

25
MCQmedium

interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip ospf network broadcast ip ospf priority 0 ! router ospf 1 network 192.168.1.0 0.0.0.255 area 0 What is the effect of setting the OSPF priority to 0 on this interface?

A.The router will never become the DR or BDR on this segment.
B.The router will have a higher chance of becoming the DR.
C.The router will only form adjacencies with other routers that have priority 0.
D.The router will use a longer hello interval.
AnswerA

Correct. A priority of 0 means the router is ineligible for DR/BDR election.

Why this answer

Setting the OSPF priority to 0 on a broadcast network prevents the router from becoming the Designated Router (DR) or Backup Designated Router (BDR). It will never participate in the DR/BDR election and will only form full adjacencies with the DR and BDR.

26
Matchingmedium

Drag and drop each WAN technology on the left to its matching layer on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Layer 2.5

Layer 2

Layer 3 and above

Layer 3

Layer 3

Why these pairings

MPLS operates at Layer 2.5 (shim header between Layer 2 and Layer 3). Metro Ethernet is a Layer 2 technology. SD-WAN abstracts the underlay and operates at Layer 3 and above.

DMVPN is a Layer 3 VPN overlay.

27
Drag & Dropmedium

Drag and drop the steps of Metro Ethernet E-Line service provisioning into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

E-Line provisioning starts with defining the service attributes and customer endpoints. The provider then configures the UNI on each customer edge device. Next, the EVC is created across the provider network to connect the two UNIs.

Finally, the service is tested and activated for the customer.

28
Matchingeasy

Drag and drop each broadband type on the left to its matching technology on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses telephone copper pairs

Uses coaxial cable

Uses optical fiber

Uses cellular radio

Uses geostationary or LEO orbit

Why these pairings

DSL uses telephone lines, Cable uses coaxial, Fiber uses optical, 4G LTE uses cellular, Satellite uses RF to orbit.

29
Multi-Selectmedium

Which three statements about SD-WAN (Cisco Catalyst SD-WAN) are true? (Choose three.)

Select 3 answers
A.The vSmart controller is responsible for distributing control plane information such as OMP routes and policies to the WAN edge routers.
B.The vBond controller is primarily used for device authentication and orchestration of initial connections.
C.The vManage controller forwards all data traffic between branch sites.
D.WAN edge routers can connect to the SD-WAN fabric using multiple transport interfaces (e.g., MPLS, Internet, LTE).
E.OMP (Overlay Management Protocol) runs between vEdge routers and the vManage controller.
AnswersA, B, D

Correct because vSmart is the centralized control plane component that advertises routes and policies using OMP.

Why this answer

Cisco SD-WAN uses a centralized vSmart controller for policy and routing, vBond for orchestration and authentication, and vManage for management. vEdge routers establish secure DTLS/TLS tunnels to controllers and can use multiple transport interfaces. The control plane is separate from the data plane. vSmart does not forward data traffic.

30
MCQmedium

interface GigabitEthernet0/0 ip address 192.168.1.1 255.255.255.0 ip ospf network point-to-point ip ospf hello-interval 10 ! router ospf 1 network 192.168.1.0 0.0.0.255 area 0 What is the effect of this configuration?

A.OSPF will use a 10-second hello interval and suppress DR/BDR election.
B.OSPF will use a 30-second hello interval and elect a DR/BDR.
C.OSPF will use a 10-second hello interval but still elect a DR/BDR.
D.OSPF will use a 30-second hello interval and suppress DR/BDR election.
AnswerA

Correct. The point-to-point network type eliminates DR/BDR and uses a 10-second hello interval by default; the explicit command is redundant but confirms the behavior.

Why this answer

The configuration sets the OSPF network type to point-to-point and overrides the default hello interval (which for point-to-point is 10 seconds) to 10 seconds, which is actually the default for point-to-point. However, the key point is that the 'ip ospf network point-to-point' command changes the OSPF network type from broadcast to point-to-point, which disables DR/BDR election and uses a 10-second hello interval by default. The explicit hello-interval command is redundant but not harmful.

31
Matchingeasy

Drag and drop each leased line technology on the left to its matching speed on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

1.544 Mbps

2.048 Mbps

44.736 Mbps

155.52 Mbps

622.08 Mbps

Why these pairings

T1 = 1.544 Mbps, E1 = 2.048 Mbps, DS3 = 44.736 Mbps, OC-3 = 155.52 Mbps, OC-12 = 622.08 Mbps.

32
Matchingmedium

Drag and drop each WAN encapsulation on the left to its matching use case on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Cisco proprietary point-to-point serial encapsulation

Supports authentication and multilink on serial links

Encapsulation for DSL broadband connections

Legacy packet-switched WAN technology

Bundles multiple PPP links for increased bandwidth

Why these pairings

HDLC is Cisco proprietary and used for point-to-point serial links. PPP supports authentication and multilink. PPPoE is used for DSL broadband connections.

Frame Relay is a legacy packet-switched WAN technology. MLPPP bundles multiple PPP links.

33
Multi-Selecteasy

Which two statements about IPsec VPNs are true? (Choose two.)

Select 2 answers
A.IPsec tunnel mode encrypts the entire original IP packet and adds a new IP header.
B.IKEv2 is more secure and supports EAP authentication, unlike IKEv1.
C.IPsec always uses UDP port 500 for all its traffic.
D.AH provides encryption of the IP packet payload.
E.IPsec operates at Layer 2 of the OSI model.
AnswersA, B

Correct because in tunnel mode, the whole original packet is encapsulated and encrypted, with a new IP header for the tunnel endpoints.

Why this answer

IPsec can operate in transport mode (protecting payload only) or tunnel mode (protecting entire IP packet). IKEv2 is more secure and efficient than IKEv1. IPsec does not use UDP encapsulation by default; UDP encapsulation is used for NAT traversal.

AH provides authentication and integrity but not encryption. IPsec does not operate at Layer 2.

34
Drag & Dropmedium

Drag and drop the steps of FlexVPN IKEv2 spoke registration to hub into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

FlexVPN IKEv2 spoke registration starts with the spoke initiating an IKEv2 SA to the hub, followed by authentication using certificates or pre-shared keys, then the spoke sends a configuration payload request, the hub assigns an IP address and pushes policies, and finally the spoke installs the IPsec SA and routes traffic through the hub. The correct order is: initiate IKEv2 SA to hub, authenticate using certificates or PSK, send configuration payload request, hub assigns IP and pushes policies, spoke installs IPsec SA and routes traffic.

35
MCQmedium

A network engineer runs the following command on Router R9: R9# show ip pim neighbor PIM Neighbor Table Neighbor Address Interface Uptime Expires Mode 192.168.1.10 GigabitEthernet0/0 1w2d 00:01:30 Dense 192.168.1.11 GigabitEthernet0/0 2w0d 00:01:25 Sparse 192.168.1.12 GigabitEthernet0/1 3d04h 00:01:28 Sparse Based on this output, what can be concluded?

A.All PIM neighbors are operating in Sparse mode.
B.Router R9 has three PIM neighbors, one in Dense mode and two in Sparse mode.
C.The PIM neighbor 192.168.1.12 is on the same interface as the others.
D.All PIM neighbors are in the 'Expires' state.
AnswerB

The output lists three neighbors with modes: Dense, Sparse, Sparse.

Why this answer

The output shows PIM neighbors with different modes (Dense and Sparse). The mode indicates the PIM mode configured on the interface.

36
Drag & Dropmedium

Drag and drop the steps of IPsec IKEv2 tunnel establishment into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

IKEv2 establishment starts with IKE_SA_INIT to negotiate cryptographic parameters and exchange Diffie-Hellman keys. Next, IKE_AUTH authenticates the peers and establishes the first CHILD_SA. Then, additional CHILD_SAs can be created via CREATE_CHILD_SA.

Finally, the IPsec SA is used to encrypt data traffic.

37
MCQmedium

A network engineer runs the following command on Router R1: R1# show ip route 10.1.1.0 Routing entry for 10.1.1.0/24 Known via "bgp 65001", distance 200, metric 0 Tag 65002, type external Last update from 192.168.1.2 00:00:15 ago Routing Descriptor Blocks: * 192.168.1.2, from 192.168.1.2, 00:00:15 ago Route metric is 0, traffic share count is 1 AS Hops 1 Route tag 65002 MPLS label: 18 Based on this output, what can be concluded?

A.The route is learned via OSPF and tagged with an MPLS label.
B.The route is learned via BGP and has an MPLS label assigned, indicating MPLS forwarding.
C.The route is a directly connected interface with an MPLS label.
D.The route is a static route with an MPLS label.
AnswerB

The output clearly shows 'Known via bgp 65001' and 'MPLS label: 18', confirming BGP learned route with MPLS label.

Why this answer

The output shows a BGP route with an MPLS label, indicating that MPLS VPN or MPLS forwarding is in use. The presence of the MPLS label (18) in the routing table is the key clue.

38
Multi-Selectmedium

Which two statements about MPLS Layer 3 VPNs are true? (Choose two.)

Select 2 answers
A.PE routers use MP-BGP to exchange VPNv4 routes that include the route distinguisher and the VPN label.
B.P routers in the MPLS core must maintain a full routing table for each customer VRF.
C.CE routers must run MPLS and participate in the label distribution with the PE router.
D.Each VRF on a PE router maintains a separate routing table and forwarding table per customer.
E.The MPLS label stack in a Layer 3 VPN always contains exactly one label.
AnswersA, D

Correct because MP-BGP carries VPNv4 routes (with route distinguisher) and the VPN label in the NLRI, enabling MPLS Layer 3 VPN operation.

Why this answer

MPLS Layer 3 VPNs use MP-BGP to exchange VPNv4 routes between PE routers, and each VRF maintains a separate routing table per customer. The P routers do not need to know customer routes, and the CE router does not run MPLS. The label stack includes both an IGP label and a VPN label.

39
Matchinghard

Drag and drop each DMVPN phase on the left to its matching spoke-to-spoke capability on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

No direct spoke-to-spoke tunnels

Direct spoke-to-spoke tunnels with static NHRP mapping

Direct spoke-to-spoke tunnels with NHRP redirect and shortcut

Why these pairings

Phase 1 requires all traffic to go through the hub. Phase 2 allows direct spoke-to-spoke tunnels but uses static NHRP mappings. Phase 3 uses dynamic NHRP redirect and shortcut to enable spoke-to-spoke tunnels with traffic flow optimization.

40
MCQhard

A network engineer executes the following command on Router R5: R5# show ip ospf neighbor Neighbor ID Pri State Dead Time Address Interface 10.0.0.6 1 FULL/DR 00:00:35 192.168.1.6 GigabitEthernet0/0 10.0.0.7 1 FULL/BDR 00:00:32 192.168.1.7 GigabitEthernet0/0 10.0.0.8 1 2WAY/DROTHER 00:00:38 192.168.1.8 GigabitEthernet0/0 Based on this output, what can be concluded about the OSPF network?

A.The OSPF network type is point-to-point.
B.Router R5 is the DR on this segment.
C.The OSPF network type is broadcast.
D.All neighbors are in the FULL state.
AnswerC

The presence of DR, BDR, and DROTHER states is characteristic of a broadcast multiaccess network.

Why this answer

The output shows multiple OSPF neighbors on the same interface with different states: DR, BDR, and DROTHER. This indicates a broadcast multiaccess network (e.g., Ethernet) with OSPF DR/BDR election.

41
Multi-Selectmedium

Which two statements about MPLS Layer 3 VPNs are true? (Choose two.)

Select 2 answers
A.PE routers use MP-BGP to exchange customer VPN routes with other PE routers.
B.The MPLS label stack in an MPLS VPN packet contains only a single label that identifies the egress PE.
C.P routers must maintain a full routing table for all customer VPNs to forward traffic correctly.
D.The VPN label is assigned by the ingress PE and used by the egress PE to determine the outgoing interface.
E.The inner VPN label is used by the egress PE to forward the packet to the correct customer VRF.
AnswersA, E

Correct because MP-BGP is used to carry VPNv4 routes between PE routers, including the VPN label and route distinguisher.

Why this answer

In MPLS Layer 3 VPNs, the provider edge routers participate in customer routing via MP-BGP, and the MPLS label stack includes both an outer transport label and an inner VPN label. The VPN label is used to identify the correct VRF and egress PE, not the ingress PE. The provider core routers do not need to know customer routes; they only switch based on the outer label.

The VPN label is assigned by the egress PE, not the ingress PE.

42
MCQeasy

What is the default OSPF hello interval on an Ethernet broadcast network?

A.10 seconds
B.30 seconds
C.40 seconds
D.20 seconds
AnswerA

Correct. The default hello interval for broadcast networks is 10 seconds.

Why this answer

On Ethernet broadcast networks, OSPF uses a default hello interval of 10 seconds.

43
MCQmedium

A network engineer issues the following command on Router R3: R3# show ip bgp summary BGP router identifier 10.0.0.3, local AS number 65003 BGP table version is 12345, main routing table version 12345 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 192.168.1.1 4 65001 12345 12345 12345 0 0 1w2d 150 192.168.1.2 4 65002 12345 12345 12345 0 0 2w0d 200 Based on this output, what can be concluded?

A.Both BGP neighbors are in the 'Idle' state.
B.Router R3 has received a total of 350 prefixes from its BGP neighbors.
C.The BGP session with 192.168.1.1 is down.
D.Router R3 is in AS 65001.
AnswerB

150 + 200 = 350 prefixes received.

Why this answer

The BGP summary shows two neighbors, both in established state with prefixes received. The number of prefixes received (150 and 200) indicates the BGP table size.

44
Drag & Dropmedium

Drag and drop the steps of 4G/LTE WAN failover with IP SLA tracking into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

For 4G/LTE WAN failover using IP SLA, first an IP SLA probe is configured to monitor the primary WAN link, then the probe is associated with a tracking object, a backup static route with a higher metric is configured for the LTE interface, the primary route is removed when the tracking object goes down, and finally traffic is rerouted through the LTE interface. The correct order is: configure IP SLA probe to monitor primary WAN, associate probe with tracking object, configure backup static route with higher metric for LTE, remove primary route when tracking object goes down, reroute traffic through LTE interface.

45
MCQhard

A network engineer issues the following command on Router R8: R8# show policy-map interface gigabitethernet 0/1 GigabitEthernet0/1 Service-policy output: SHAPE-1M Class-map: class-default (match-any) 0 packets, 0 bytes 5 minute offered rate 0 bps, drop rate 0 bps Match: any queue limit 64 packets (queue depth 0) (congestion occurrences) shape (average) cir 1000000, bc 10000, be 10000 target shape rate 1000000 Based on this output, what is true about the traffic shaping policy?

A.The policy is policing traffic to 1 Mbps.
B.The policy is shaping traffic to an average rate of 1 Mbps.
C.The policy is dropping all traffic because the queue is full.
D.The policy is applied in the input direction.
AnswerB

The command 'shape (average) cir 1000000' indicates shaping to 1 Mbps.

Why this answer

The output shows a shaping policy applied in the output direction with a CIR of 1 Mbps. The class-default is used, meaning all traffic is shaped.

46
MCQmedium

An enterprise is replacing its legacy Frame Relay WAN with MPLS L3VPN. The new MPLS provider assigns a single VRF to the customer. The customer's CE routers are running BGP with the provider's PE routers. The engineer notices that the CE routers can ping the PE loopback addresses but cannot reach remote CE loopbacks. The BGP sessions are established and routes are received. What is the most likely cause?

A.The CE router is not configured with 'no bgp default ipv4-unicast'.
B.The PE router is not sending the customer routes to the remote CE because the next-hop is set to the local PE's loopback, which is reachable, but the remote PE is not advertising the routes due to route-target mismatch.
C.The CE router is not advertising its own loopback into BGP, so the remote CE does not have a route to it.
D.The PE router is not disabling BGP next-hop-self for the VRF, so the routes advertised to the CE have the remote CE's IP as the next-hop, which is not reachable from the local CE.
AnswerD

Correct. In MPLS L3VPN, the PE should set next-hop-self when advertising routes to the CE so that the CE uses the PE as the next hop. If not, the CE will try to reach the remote CE directly, which is not possible over the MPLS network.

Why this answer

In MPLS L3VPN, the PE router must advertise the customer routes with the correct next-hop (usually the PE's own address) and the MPLS labels must be properly distributed. However, the most common issue when CE can ping PE but not remote CE is that the PE is not advertising the customer routes back to the remote CE because of BGP next-hop processing or route-target filtering.

47
Drag & Dropmedium

Drag and drop the steps of DMVPN Phase 3 spoke-to-spoke shortcut creation into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

In DMVPN Phase 3, when a spoke needs to reach another spoke, it first sends traffic to the hub. The hub forwards the packet with an NHRP redirect. The source spoke then sends an NHRP resolution request to the hub to get the destination spoke's NBMA address.

The hub replies with the mapping, and the source spoke dynamically builds a direct mGRE tunnel to the destination spoke.

48
Matchingmedium

Drag and drop each WAN technology on the left to its matching OSI layer on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Layer 2.5

Layer 2

Layer 3

Layer 3

Layer 2

Why these pairings

MPLS operates at Layer 2.5 (between Layer 2 and Layer 3). Metro Ethernet is a Layer 2 technology. SD-WAN is a Layer 3 overlay technology.

DMVPN is a Layer 3 VPN technology.

49
Matchingmedium

Drag and drop each WAN encapsulation on the left to its matching use case on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Default serial encapsulation on Cisco routers

Supports PAP/CHAP authentication and multilink

Used for DSL broadband connections

Legacy Layer 2 VPN using DLCIs

Bonding multiple PPP links for higher bandwidth

Why these pairings

HDLC is default synchronous serial encapsulation. PPP supports authentication and multilink. PPPoE is used over DSL.

Frame Relay is legacy L2 VPN. MLPPP bonds multiple links.

50
Drag & Dropmedium

Drag and drop the steps of FlexVPN IKEv2 spoke registration to hub into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

FlexVPN uses IKEv2 for authentication and tunnel setup. The spoke initiates IKEv2 SA negotiation with the hub. After authentication, the hub assigns an IP address to the spoke via configuration payload.

The spoke then registers its identity with the hub using IKEv2 notify messages. Finally, the spoke installs the tunnel route and can communicate.

51
Matchinghard

Drag and drop each DMVPN phase on the left to its matching spoke-to-spoke capability on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

No spoke-to-spoke tunnels; all traffic via hub

Spoke-to-spoke tunnels established dynamically

Spoke-to-spoke with NHRP redirect and routing optimization

Requires static spoke IP addresses

Supports dynamic spoke IP addresses

Why these pairings

Phase 1 requires traffic to go through the hub (no spoke-to-spoke). Phase 2 allows spoke-to-spoke tunnels after initial hub contact. Phase 3 adds routing optimization with NHRP redirect.

52
MCQmedium

interface GigabitEthernet0/0 ip address 10.0.0.1 255.255.255.252 ip ospf network point-to-multipoint ip ospf hello-interval 30 ! router ospf 1 network 10.0.0.0 0.0.0.3 area 0 What is the effect of this configuration?

A.OSPF will use a 30-second hello interval and form adjacencies with all neighbors without DR/BDR election.
B.OSPF will use a 10-second hello interval and elect a DR/BDR.
C.OSPF will use a 30-second hello interval and elect a DR/BDR.
D.OSPF will use a 10-second hello interval and form adjacencies with all neighbors without DR/BDR.
AnswerA

Correct. Point-to-multipoint does not use DR/BDR and uses a 30-second hello interval by default.

Why this answer

The OSPF network type is set to point-to-multipoint, which is used for non-broadcast multi-access networks (like Frame Relay) but can also be used on Ethernet. The default hello interval for point-to-multipoint is 30 seconds, but here it is explicitly set to 30 seconds, which is the default. This network type does not elect DR/BDR and forms adjacencies with all neighbors.

53
Multi-Selectmedium

Which two statements about SD-WAN architecture are true? (Choose two.)

Select 2 answers
A.The vSmart controller is responsible for distributing routing and policy information to the WAN edge routers.
B.vEdge routers establish IPsec tunnels directly with each other for data plane traffic.
C.The vBond orchestrator is responsible for forwarding data traffic between branch sites.
D.vEdge routers establish OMP sessions with each other to exchange control plane information.
E.Control plane communication between vSmart and vEdge is secured using IPsec.
AnswersA, B

Correct because vSmart acts as the control plane, using OMP to distribute routes and policies to vEdge/cEdge routers.

Why this answer

In Cisco SD-WAN, the vSmart controller is responsible for centralized control and policy distribution, while the vBond orchestrator handles authentication and NAT traversal. The vManage is the management plane. vEdge routers establish OMP sessions with vSmart, not with each other. Control plane traffic between vSmart and vEdge is secured with DTLS or TLS, not IPsec.

The vBond is not involved in forwarding data traffic.

54
Drag & Dropmedium

Drag and drop the steps of 4G/LTE WAN failover with IP SLA tracking into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

First, configure the primary WAN interface and the LTE backup interface. Then, create an IP SLA probe to monitor the primary link. Track the SLA with a tracking object.

Set a static route with a higher metric for the LTE interface, tied to the track. When the primary fails, the track goes down, and the LTE route becomes active.

55
MCQmedium

A company is implementing a WAN optimization solution using Cisco WAAS. The engineer configures WAAS devices at the data center and remote branch. The WAAS devices are configured to use inline mode. However, the engineer notices that optimized traffic is not being intercepted. The WAAS devices are directly connected to the WAN router and the LAN switch. What is the most likely cause?

A.The WAAS device is not configured with the correct WAN and LAN interfaces.
B.The WAN router is not configured with WCCP or PBR to redirect traffic to the WAAS device.
C.The WAAS device is not licensed for optimization.
D.The WAAS device is using a different subnet than the LAN and WAN.
AnswerB

Correct. Without WCCP or PBR, the WAN router will forward traffic directly, bypassing the WAAS device.

Why this answer

In inline mode, WAAS devices must be physically placed in the traffic path. The WAAS device must be configured with the correct WAN and LAN interfaces, and the WAN router must be configured to redirect traffic to the WAAS device using WCCP or Policy Based Routing (PBR). If the WAN router is not configured to redirect traffic, the WAAS device will not see the traffic.

56
Drag & Dropmedium

Drag and drop the steps of Metro Ethernet E-Line service provisioning into the correct order, from first to last.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5

Why this order

Metro Ethernet E-Line provisioning begins with defining the service requirements, then the provider assigns VLAN IDs and configures the UNI ports, sets up the EVC between the two sites, applies QoS policies, and finally tests the circuit for connectivity. The correct order is: define service requirements and bandwidth, assign VLAN IDs and configure UNI ports, set up EVC between two sites, apply QoS policies, test circuit for connectivity.

57
Multi-Selecthard

Which three statements about DMVPN phase 2 are true? (Choose three.)

Select 3 answers
A.Spokes can dynamically establish direct tunnels with each other after learning the destination spoke's public address via NHRP.
B.The hub router must be configured with a static crypto map for each spoke.
C.Data traffic between spokes is forwarded through the hub by default.
D.Routing protocols such as EIGRP or OSPF can be run over the DMVPN tunnel interfaces.
E.NHRP redirect and shortcut features are used to enable spoke-to-spoke communication.
AnswersA, D, E

Correct because in phase 2, NHRP allows spokes to resolve the public IP of other spokes and build direct mGRE tunnels.

Why this answer

DMVPN phase 2 allows spoke-to-spoke tunnels after initial hub registration, uses NHRP to resolve spoke addresses, and supports spoke-to-spoke direct communication without hub forwarding of data traffic. The hub still participates in routing updates. Phase 2 does not support spoke-to-spoke without NHRP resolution, and the spoke does not need a static crypto map for each peer.

58
Matchingeasy

Drag and drop each broadband type on the left to its matching technology on the right.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Uses telephone line with ADSL or VDSL

Uses coaxial cable with DOCSIS

Uses optical fiber with GPON

Uses cellular radio with OFDMA

Uses geostationary satellite with high latency

Why these pairings

DSL uses telephone lines with frequencies above voice. Cable uses coaxial cable with DOCSIS. Fiber uses optical fiber with GPON or active Ethernet. 4G LTE uses cellular radio.

Satellite uses geostationary or LEO satellites.

Ready to test yourself?

Try a timed practice session using only WAN Technologies questions.