Fravo.com
Certification Made Easy
MCSE, CCNA, CCNP, OCP, CIW, JAVA, Sun Solaris, Checkpoint
World No1 Cert Guides

Building Cisco Remote Access
Networks (BCRAN)
Exam 642-821 Edition 3.0

© Copyrights 1998-2005 Fravo Technologies. All Rights Reserved.
642-821

study guide of your choice of the same or lesser value.

This material is protected by copyright law and international treaties.
Unauthorized reproduction or distribution of this material, or any portion thereof,
may result in severe civil and criminal penalties, and will be prosecuted to the
maximum extent possible under law. © Copyrights 1998-2005 Fravo Technologies. All Rights Reserved.
642-821
2

Q1. When is ISDN BRI a viable option as a remote access solution?

A. A mobile user that needs access to the central site while traveling.
B. A branch office needs to connect to a mobile user.
C. A remote site with sporadic traffic needs to connect to central site.
D. A branch office requires at least 300kbps bandwidth to the central site.

Answer: C

Explanation: Basic Rate Interface (BRI) is an Integrated Systems Digital Network
(ISDN) interface, and it consists of two B channels (B1 and B2) and one D channel.
The B channels are used to transfer data, voice, and video. The D channel controls

Explanation: Asymmetric Digital Subscriber Line (ADSL) is designed to deliver more
bandwidth downstream (from the central office to the customer site) than upstream.
Downstream rates range from 1.5 to 9 Mbps, whereas upstream bandwidth ranges
from 16 to 640 kbps. ADSL transmissions work at distances up to 18,000 feet (5,488
meters) over a single copper twisted pair.

Reference: 642-821
3 Q3. Which command will allow a router to attempt to discover the modem to which it
is attached?

A. modem autoconfigure discovery
B. modem discovery autoconfigure
C. modem autoconfigure type discovery
D. modem discovery type autoconfigure

Answer: A

Explanation: If no modem is specified for a particular line and you have provided the
modem autoconfigure discovery command, the access server attempts to
autodiscover the type of modem to which it is attached. The access server
determines the type of modem by sending AT commands to the modem and
evaluating the response.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 83


Explanation: On the corporate side, it is very important that you be able to distribute
those addresses across the network, as desired. To redistribute those routes, you
642-821
4
need to configure the routes to be redistributed to a dynamic routing protocol at the
core side.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 190
Q6. The network administrator enables Frame Relay traffic shaping and configures a
CIR of 64kbps. Using 125ms time interval, what will be the value of the committed
burst (Bc)

A. 32000 bits
B. 24000 bits
C. 16000 bits
D. 8000 bits

Answer: D

Explanation:
The calculation is TC = Bc/CIR
125ms (tc) = 8000bits (Bc)/64kbps (CIR)

Reference: Building Cisco Remote Access Networks (Ciscopress) page 352 Q9. Which of the following are examples of DTE devices? (Choose three.)

A. Mainframe computer
B. CSU/DSU
C. Router
D. Terminal
E. Modem

Answer: A, C, D

Explanation: Data terminal equipment (DTE) are end devices such as PCs,
workstations, routers, and mainframe computers.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 57
Q10. Based on the configuration shown, what is the CIR of interface Serial0/0 300?
642-821
6
interface Serial0/0
no ip address
encapsulation frame-relay
no fair-queue
frame-relay traffic-shaping
bandwidth 1536
!
interface Serial0/0.100 point-to-point

To reset the CIR to the default, use the no form of this command.

frame-relay cir {in | out} bps
no frame-relay cir {in | out} bps

Reference:
/>rence_chapter09186a0080087bcd.html#xtocid106829
Q11. Which three are responsible of IKE in the IPSec protocol? (Choose three.)

A. Negotiating protocol parameters
B. Packet encryption
642-821
7
C. Exchanging public keys
D. Integrity checking user hashes
E. Authenticating both sides of a connection
F. Implementing tunnel mode

Answer: A, C, E

Explanation: IKE is a protocol used by IPSec for completion of Phase 1. IKE
negotiates and assigns SAs for each IPSec peer, which provide a secure channel for
the negotiation of the IPSec SAs in Phase 2. IKE provides the following benefits:
• Eliminates the need to manually specify all the IPSec security parameters at
both peers
• Lets you specify a lifetime for the IKE SAs
• Allows encryption keys to change during IPSec sessions


Q13. Under which circumstance would use of Kerberos authentication system be
required, instead of TACACS+ or RADIUS?

A. Authentication, authorization and accounting need to use the a single database.
B. Multiple level of authorization need to be applied to various router commands.
C. DES encrypted authentication is required.
D. The usage of various router functions needs to be accounted for by user name.
642-821
8

Answer: C

Explanation: Kerberos is a client-server based secret-key network authentication
method that uses a trusted Kerberos server to verify secure access to both services
and users. In Kerberos, this trusted server is called the key distribution center
(KDC). The KDC issues tickets to validate users and services. A ticket is a temporary
set of electronic credentials that verify the identity of a client for a particular service.

These tickets have a limited life span and can be used in place of the standard user
password authentication mechanism if a service trusts the Kerberos server from
which the ticket was issued. If the standard user password method is used, Kerberos
encrypts user passwords into the tickets, ensuring that passwords are not sent on
the network in clear text. When you use Kerberos, passwords are not stored on any
machine, except for the Kerberos server, for more than a few seconds. Kerberos also
guards against intruders who might pick up the encrypted tickets from the network.

Reference:
/>094ea4.shtml



A. The user is authenticating with the privileged mode password “NAS1”.
642-821
9
B. This is a connection attempt to an async port.
C. The connection is established on serial interface 3/0.
D. The client is attempting to setup a Serial Line Internet Protocol connection.
E. The user is authenticating using CHAP.

Answer: C, E

Explanation: When using Chap authentication, the access server sends a challenge
message to the remote node after the ppp link is established. The remote node
responds with a value calculated by using a one-way hash function. The access
server (NAS1) checks the reponse against its own calculation of the expected hash
value.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 115
Q16. Which of the following terminals can be connected to an ISDN line? (Choose
two.)

A. TO2
B. TE1
C. TE2/TA
D. NU1

Answer: B, C

Explanation:
"Serial0 is up, line protocol is down"
This line in the output means that the router is getting a carrier signal from the
CSU/DSU or modem. Check to make sure the Frame Relay provider has activated
their port and that your Local Management Interface (LMI) settings match.
Generally, the Frame Relay switch ignores the data terminal equipment (DTE) unless
it sees the correct LMI (use Cisco's default to "cisco" LMI). Check to make sure the
Cisco router is transmitting data. You will most likely need to check the line integrity
using loop tests at various locations beginning with the local CSU and working your
way out until you get to the provider's Frame Relay switch.

Reference:
/>14f8a7.shtml#serialupdown
Q18. Given the configuration:
access-list 101 permit ip any any
access-list 101 deny tcp any any eq ftp
dialer-list 2 protocol ip list 101

Which two statements about the configuration are true with respect to FTP traffic and
DDR? (Choose two.)

A. FTP traffic will be forwarded.
B. FTP traffic will not be forwarded.
C. FTP will cause the line to come up.
D. Since FTP uses two sockets, both must be defined to prevent packet forwarding.

Answer: B, C

TE1 – designates a device that is compatible with the ISDN
network.
R interface – defines the interface between the TA and an attached non-
ISDN device (TE2).
S/T interface – is a four-wire interface (TX and RX).
TE2 – designates a device that is not compatible with ISDN and
requires a terminal adapter.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 171-173
Q20. What occurs when there is no longer a signal on the DTR?

A. The CD tells the DTE that a DCE-to-DCE connection has been established.
B. The DTE issues a RTS to the DCE enabling communication.
C. The DCE terminates its connection with the remote modem.
D. The DTE applies voltage on pin 20 to alert the DCE that it is connected and
available to receive data.

Answer: C

Explanation: Either the DTE device or the DCE device may signal for the connection
to be terminated. The signals that are used for this function are DTR from the DTE or
the modem recognizing the loss of the CD signal.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 60

C. ATM
D. Frame Relay

Answer: D

Explanation:
Frame Relay – Medium control, shared bandwidth, medium-cost enterprise
backbones. It uses the services of many different Physical layer facilities at speeds
that typically range from 56 Kbps up to 2 Mbps.

Reference: Building Cisco Remote Access Networks (Ciscopress) page 27 + 340
Q23. Which three of the following router IOS commands defines “interesting” traffic
for only one host using dial on command routing (DDR) (Choose three.)

A. RTA(config)#dialer-list 1 protocol ip permit 10.1.1.1
B. RTA(config)#access-list 2 permit host 192.168.1.12
C. RTA(config-if)#dialer-group 1
D. RTA(config)#dialer-group 2
E. RTA(config)#dialer-list 1 protocol ip list 2
F. RTA(config-if)#dialer-list 2 protocol ip permit

Answer: A, B, E

Explanation: Define what constitutes interesting traffic by using the dialer-list
command.
The access-list command specifies interesting traffic that initiates a DDR call.
These commands are assigned on the global configuration line.