Answer: D 

Explanation: 

PAP authentication involves a two-way handshake where the username and password are

sent across the link in clear text; hence, PAP authentication does not provide any protection against

playback and line sniffing. CHAP authentication, on the other hand, periodically verifies the identity of the

remote node using a three-way handshake. After the PPP link is established, the host sends a "challenge"

message to the remote node. The remote node responds with a value calculated using a one-way hash

function. The host checks the response against its own calculation of the expected hash value. If the

values match, the authentication is acknowledged; otherwise, the connection is terminated. Reference:

http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10241- ppp-callinhostname.

html

Answer: A 

Explanation: 

Fast switching allows higher throughput by switching a packet using a cache created by the initial packet

sent to a particular destination. Destination addresses are stored in the high-speed cache to expedite forwarding. Routers offer better packet-transfer performance when fast switching is enabled. Fast switching is enabled by default on all interfaces that support fast switching.

To display the routing table cache used to fast switch IP traffic, use the "show ip cache" EXEC command.

Reference:

http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd5.ht

ml#wp1038133

Answer: A 

Explanation: 

Answer: A 

Explanation: 

Answer: A 

Explanation: 

The Unicast RPF feature helps to mitigate problems that are caused by the introduction of

malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a

verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks,

including Smurf and Tribal Flood Network (TFN), can take advantage of forged or rapidly changing source

IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers

(ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have

source addresses that are valid and consistent with the IP routing table. This action protects the network of

the ISP, its customer, and the rest of the Internet. Reference: http://www.cisco.com/en/US/docs/ios/12_2/

security/configuration/guide/scfrpf.html

Answer: A 

Explanation: 

Explanation: Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-

Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the

need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained

through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI

(Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted

between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which

can only appear in EUI-64 generated from the EUI-48 MAC address. Here is an example showing how the

Mac Address is used to generate EUI.

Next, the seventh bit from the left, or the universal/local (U/L) bit, needs to be inverted. This bit identifies

whether this interface identifier is universally or locally administered. If 0, the address is locally

administered and if 1, the address is globally unique. It is worth noticing that in the OUI portion, the globally

unique addresses assigned by the IEEE has always been set to 0 whereas the locally created addresses

has 1 configured. Therefore, when the bit is inverted, it maintains its original scope (global unique address

is still global unique and vice versa). The reason for inverting can be found in RFC4291 section 2.5.1.

Reference: https:// supportforums.cisco.com/document/100566/understanding-ipv6-eui-64-bit- address

Answer: C 

Explanation: 

Using the tunneling option, organizations build an overlay network that tunnels one protocol over the other

by encapsulating IPv6 packets within IPv4 packets and IPv4 packets within IPv6 packets. The advantage of this approach is that the new protocol can work without disturbing the old protocol, thus providing connectivity between users of the new protocol. Tunneling has two disadvantages, as discussed in RFC 6144: Users of the new architecture cannot use the services of the underlying infrastructure.

Tunneling does not enable users of the new protocol to communicate with users of the old protocol without

dual-stack hosts, which negates interoperability. 

Reference: http://www.cisco.com/c/en/us/products/

collateral/ios-nx-os-software/enterprise-ipv6- solution/white_paper_c11-676278.html

Answer: C 

Explanation: 

RFC 6296 describes a stateless IPv6-to-IPv6 Network Prefix Translation (NPTv6) function,

designed to provide address independence to the edge network. It is transport-agnostic with respect to

transports that do not checksum the IP header, such as SCTP, and to transports that use the TCP/UDP/

DCCP (Datagram Congestion Control Protocol) pseudo-header and checksum NPTv6 provides a simple

and compelling solution to meet the address-independence requirement in IPv6. The addressindependence

benefit stems directly from the translation function of the network prefix translator. To avoid

as many of the issues associated with NAPT44 as possible, NPTv6 is defined to include a two-way,

checksum-neutral, algorithmic translation function, and nothing else. Reference: http://tools.ietf.org/html/

rfc6296

Answer: A,C,D 

Explanation: 

Answer: C 

Explanation: