Chapter 15. Answer Key 1

The correct answer is B. The primary function of the channel service unit/data service unit (CSU/DSU) is to translate the signaling method on the Local Area Network (LAN) to a signal on the Wide Area Network (WAN) and vice versa. Furthermore, it is a component that provides loopback and diagnostic functionality. A CSU/DSU can be an external component attached to a router or can be an internal WAN interface card. The CSU/DSU does not identify interesting traffic or perform an encapsulation function; therefore, Answers A and C are incorrect. Answer D is incorrect; modulation and demodulation of digital to analog signals are performed by a modem.

The correct answers are A, C, and D. There are various data terminal equipment-to-data communications equipment (DTE-to-DCE) signaling standards, including RS-232 (also known as EIA/TIA-232), V.35, and High-Speed Serial Interface (HSSI). The type of signaling standard, interfaces, and cabling will vary depending on the type of DCE or DTE being used. Answer B is incorrect because V.90 is a modem modulation standard, not a DTE-to-DCE signaling standard.

The correct answer is A. The EIA/TIA-232 standard cable groups its pins according to function. Pin 4 handles the DTE-controlled Request To Send (RTS) signal, and Pin 5 handles the Clear To Send (CTS) signal, which tells the DTE that it can proceed with data transfer. These two functions are referred to as hardware flow control. Answers B and C are incorrect; the RTS and CTS signals are not involved in modem control or data transfer. Rate selection is not a valid functional group, making Answer D incorrect.

The correct answer is D. The v.90 modem modulation standard offers a 56Kbps transmission speed. Answers A, B, C, and E are incorrect because they do not provide a transfer rate of 56Kbps. V.22, v.32bis, v.34, and v.34bis modems provide modulation at up to 1200bps, 14.4Kbps, 28.8Kbps, and 33.6Kbps, respectively.

The correct answers are A and C. Two compression algorithms commonly used by modems are v.42bis and Microcom Networking Protocol 5 (MNP5) compression. Compression features are generally combined with error-correction mechanisms, of which Microcom Networking Protocol 4 (MNP4), v.42, and Link Access Procedure for Modems (LAPM) are examples; therefore, Answers B, D, and F are incorrect. The v.32bis protocol provides error correction and compression but applies to slow-speed modems of 14.4Kbps and less, making Answer E incorrect.

The correct answer is A. A modem connected to a line on an access server can be configured in one of two ways: automatically by the access server or manually by entering the appropriate commands directly through a modem connection. Answer B is incorrect; because the modem is attached to a line on the access server, you need to establish a reverse Telnet, rather than a forward Telnet, session to the modem to configure it. You cannot configure the modem directly through interface configuration mode, nor is the modem configured using a modem console port; therefore, Answers C and D are incorrect.

The correct answer is A. To use an asynchronous dial-up line for Dial-on-Demand Routing (DDR), you must issue the dialer in-band command in interface configuration mode. Answer B is incorrect; you use the physical-layer async command to specify that a slow-speed serial interface operate in asynchronous mode. Answer C is incorrect because you use the async mode dedicated command to place a line into dedicated asynchronous Serial Line Internet Protocol (SLIP) or Point-to-Point Protocol (PPP) mode. The statement in Answer D is incorrect; you can use asynchronous lines for DDR.

The correct answers are A, B, C, and D. You can configure all these ports and interface types to operate in asynchronous mode for use with a modem. TTY lines correspond to asynchronous ports (for example, serial interfaces) on the access server or router. VTY lines are virtual terminal lines that are dynamically assigned to a device's synchronous interfaces.

The correct answers are A, B, and D. One of the core configuration steps for DDR is the specification of a dialer list, which defines the traffic that will trigger a call on a DDR interface. The dialer-list command makes reference to a number, which represents the dialer group of interfaces that will be used to make the call. A dialer list does not specify the phone numbers of remote hosts, making Answer C incorrect.

The correct answers are B and D. A modem that uses automatic configuration will obtain its configuration information in one of two ways: through either modem autodiscovery or modem autoconfiguration. The modem autodiscovery feature involves a process where the router runs through all initialization strings in its modemcap database until it finds one that initializes the modem. The modem autoconfiguration feature involves the preconfiguration of a specific initialization string to use on a line; this option is often used when the modem type is known. Reverse Telnet is not an option because the modem is to be automatically configured; therefore, Answer A is incorrect. Answer C is incorrect because using the console port is not a viable configuration solution.

The correct answer is B. Although it is recommended that you configure line parameters, especially the line speed, before you initialize the modem, you can configure both line and modem parameters before or after initialization. The main reason to configure the line first, however, is to enable the transport input command, which you need to establish a reverse Telnet connection to the modem. Answers A, C, and D are all incorrect because you can configure line and modem parameters before or after modem initialization.

The correct answers are C and D. Cisco IOS supports four different types of queuing, including FIFO (first-in first-out) queuing, WFQ (weighted fair queuing), priority queuing (PQ), and custom queuing (CQ). You can configure only one type of queuing on a particular interface. By default, serial interfaces at E1 (2.048Mbps) speeds and lower use flow-based WFQ, making Answer A incorrect. The other types of queuing, which function by prioritizing traffic patterns, are most useful on WAN links that exhibit periods of congestion due to low data rates and bursty traffic. Answer B is incorrect because WAN links with a constant traffic flow do not require queuing.

The correct answer is A. You can configure the prioritization of traffic using WFQ, CQ, or PQ, but based on the outlined scenario, it would be most suitable to use WFQ. WFQ is designed to give low-traffic flows priority over high-traffic flows so that a packet or a small number of packets does not have to wait in the device's output buffer. PQ gives priority to queues rated high, normal, medium, and low in order from highest to lowest. It does not give preference to low-traffic flows; therefore, Answer C is incorrect. CQ assigns a percentage of the bandwidth to specific protocols and does not necessarily give low-traffic flows priority over large transfers; therefore, Answer B is incorrect. Both CQ and PQ can also be complicated to configure, particularly compared to WFQ. Answer D is incorrect because FIFO queuing does not prioritize traffic.

The correct answers are A, B, and C. Aside from serial interfaces of E1 bandwidth speeds (2.048Mbps) and lower, which use WFQ, the default queuing method on interfaces is FIFO. FIFO queuing transmits packets in the order in which they are received by the outgoing buffer without reordering, making Answer D incorrect. All other queuing methods (WFQ, CQ, and PQ) reorder the packets before transmitting them.

The correct answer is D. You enable WFQ on an interface basis using the fair-queue {congestive-discard-threshold} command. The congestive-discard threshold parameter represents the maximum number of packets belonging to a conversation that will be held in the queue before further packets will be discarded. This number can have a value from 1 to 512 and uses a default value of 64. Answers A, B, and C are all incorrect because they do not provide the proper command syntax.

The correct answers are A and D. PQ categorizes traffic into four types, each having a different priority. The four output queues are low, normal, medium, and high. Priority lists define what type of traffic is assigned to the different queues, which are then emptied in the order of high priority to low priority. This means that the lower-priority queues might not get serviced until higher-priority queues are emptied; therefore, Answer C is incorrect. Answer B is incorrect because packet prioritization using PQ is generally used on low-speed WAN links of T1 speeds (1.544Mbps) or less.

The correct answers are A, B, and D. The priority-list command has a number of variations and can define traffic to be queued based on an access list, protocol, and even an incoming interface. Answer C is incorrect because packet size is not one of the command options available.

The correct answers are A, B, and D. Security protocols are used by hosts, such as an access server, to communicate with a central security server, which is responsible for maintaining username and password, authorization, and accounting information for the network. You can configure Cisco IOS to use Remote Authentication Dial-In User Service (RADIUS), Terminal Access Controller Access Control System Plus (TACACS+), and Kerberos as security protocols. Answer C is incorrect because AAA is not a security protocol. AAA uses security protocols to provide a system for the authentication and authorization of users and the accounting of computer resources accessed by users.

The correct answer is C. On a device running Cisco IOS, you can configure authentication, authorization, and accounting (AAA) to support one of three security protocols: TACACS+, RADIUS, or Kerberos. Kerberos is an authentication protocol that uses secret-key technology and the Data Encryption Standard (DES) cryptographic algorithm to encrypt information exchanged during authentication. The use of a UNIX database or a client/server system is not a reason to use Kerberos over TACACS+ and RADIUS, making Answers B and D incorrect. TACACS+ generally provides centralized user validation using a UNIX database, whereas RADIUS provides a client/server system to ensure authorized access. Answer A is incorrect because the need for central user validation is not a requirement unique to Kerberos.

The correct answer is A. Kerberos is supported for use with an AAA configuration and provides a very secure authentication process because the passwords are not sent over the medium. However, Kerberos does not provide authorization or accounting capabilities. You must use RADIUS and TACACS+ to provide support for the authorization and accounting features of AAA. Answers B and C are incorrect options because they do provide the authorization and accounting components of AAA. Answer D is incorrect because only RADIUS and TACACS+ provide authorization and accounting.

The correct answers are B and D. TACACS+ is a Cisco-proprietary security protocol that supports the authentication, authorization, and accounting features of AAA and uses TCP for communication between clients and server. Answer A is incorrect because it is Kerberos that uses a secret-key authen-tication process. Answer C is incorrect because TACACS+ uses TCP for communication.

The correct answer is B. You globally enable AAA using the aaa new-model command. Answers A and D are incorrect because aaa client and aaa enable are not valid commands to enable AAA on the router. You use the aaa authentication command to configure the method of authentication used with AAA, making Answer C incorrect.

The correct answers are A, B, C, and D. You can configure all of these actions for AAA authentication, which is configured using the aaa authentication type command. Keywords available for the type of authentication include arap, enable, login, nasi, and ppp.

The correct answers are B and C. You use network address translation (NAT) to hide the true identity of internal network hosts and allow network clients using private addressing to access the Internet. NAT functions by altering the source address or destination address in the IP headers of packets. It replaces overlapping, private, or confidential IP addresses with addresses from a pool of public addresses. Answer D is incorrect because this mechanism conserves the number of public addresses that need to be assigned to a company while preserving the ability of internal clients to access the Internet. The implementation of features that process and modify packets generally does not decrease and might actually add to the packet forwarding delay, making Answer A incorrect.

The correct answer is B. NAT generally uses dynamic translation, where addresses are allocated from a pool of reusable public addresses. However, these mappings are only temporary and they are lost after a preconfigured period of time, after which they are available for a different mapping. In contrast, static translation configures specific internal to public address mappings in a lookup table. This method of translation, although it hides the identity of internal host addresses, does not conserve IP addresses. Answers A, C, and D are incorrect because they are not the proper terms used to describe the process of mapping inside local addresses to predetermined outside global addresses.

The correct answer is B. Port address translation (PAT) is a subset of NAT, which effectively allows several internal addresses to be mapped to a single outside public address. This many-to-one mapping is possible because the NAT router keeps track of traffic translations by maintaining the TCP and UDP port number mappings in a translation table. Answers A, C, and D are incorrect because these options do not properly describe the process of PAT.

The correct answer is B. When you configure NAT, one of the steps is to enable NAT on the interfaces that will be participating in address translation. Only packets that are received on an interface that have been enabled for NAT are translated. You enable the interface receiving NAT traffic from the internal network using the ip nat inside command. Similarly, you enable interfaces that will be interfacing with the external network (such as the Internet) using the ip nat outside command, making Answer D incorrect. Answer C is incorrect; you use the ip nat pool command to configure the pool of global addresses to be used by dynamic NAT. Answer A is incorrect; you use the ip nat inside source list command to perform either static or dynamic NAT translation of inside source addresses.

The correct answer is C. You can delete all NAT entries recorded in the device's translation table using the clear ip nat translation * command. You can also clear certain entries containing inside translations, outside translations, or both by using variations of the clear ip nat translation command. Answers A, B, and D are incorrect because they are not valid commands to clear NAT translation entries.

The correct answer is A. Frame Relay is a packet-switching technology that defines the interface between the customer and the service provider's equipment. Due to newer digital transmission facilities that have moved from copper to fiber optic links, Frame Relay has replaced the once popular X.25 protocol. Contrary to X.25, Frame Relay does not provide extensive error checking, which results in much lower overhead and provides transmission speeds ranging from 56Kbps to 2Mbps. Answers B, C, and D are all incorrect because they are valid characteristics of the Frame Relay technology.

The correct answer is D. Frame Relay devices are classified in two main categories: data communications equipment (DCE) and data terminal equipment (DTE). The devices at the customer's premises that connect to the Frame Relay service provider's equipment are DTEs. An example of a DTE is the customer's router. Answer B is incorrect because DCE refers to devices owned by the service provider, which are usually packet switches. DCEs are the devices that are located at the edge of the Frame Relay WAN cloud and that handle the actual transmission of data into the WAN network. Answer C is not correct because it is not one of the two main categories of Frame Relay devices. Answer A is incorrect; DLCI stands for data-link connection identifier, which is not a Frame Relay device type.

The correct answer is B. Once you configure a physical interface for Frame Relay encapsulation, you use the interface serial number.subinterface-number {multipoint | point-to-point} command to define logical subinterfaces. You can configure subinterfaces at either interface or global configuration mode and you can receive a number ranging from 1 to 4,294,967,295. Answers A, C, and D are incorrect because they do not provide the proper command syntax.

The correct answer is D. Frame Relay supports both permanent virtual circuits (PVCs) and switched virtual circuits (SVCs). As the name implies, PVCs are permanently established connections, which are used by customers who have frequent data traffic traveling across the Frame Relay network. Answers A, B, and C are incorrect options because they are valid PVC states. Possible PVC states include active, inactive, deleted, or static. You can verify PVC status with the show frame-relay pvc command. An active state indicates that the link between two sites is up. An inactive state appears if the data-link connection identifier (DLCI) configured is provider-assigned but is currently not being used by the router. A deleted state is the result of no DLCI having been configured or of an invalid DLCI number that has not been assigned by the service provider. A static PVC status indicates that no keepalive has been configured on the router interface.

The correct answers are A, C, and D. The three Local Management Interface (LMI) types are ansi, cisco, and q933a. LMI provides keepalive, status, and multicast mechanisms. It also provides the ability to use global addressing, giving DLCIs global instead of just local significance. This in effect identifies an interface to the whole Frame Relay network. Answer B is incorrect because it is not a proper LMI type.

The correct answers are B and C. Dial backup interfaces provide a secondary WAN connection should the primary link fail. You can also configure the primary link to activate the secondary backup link in response to a specified traffic load. If the traffic load exceeds the configured threshold value, the dial-up line is used for transfer of traffic. You use the backup load command to set when the backup interface should be enabled or disabled. Neither a specific queuing method nor interesting traffic on the primary link are factors that initiate a backup link, making Answers A and D incorrect.

The correct answer is B. Once a primary router interface has been detected to be down, the backup interface must be triggered. The device waits a specified amount of time before bringing up the backup interface. You configure this delay on the backup interface using the backup delay command. The time parameters specified with this command are in seconds. All other options are not valid IOS commands to configure the backup delay; therefore, Answers A, C, and D are incorrect.

The correct answer is B. You use the show interface dialer command to verify the backup interface configuration. If the line is properly configured and is not currently in use, the first line of the output indicates that the dialer interface is in standby mode and that the line protocol is down. The backup interface remains in a standby state until the primary interface or subinterface fails. Answers A, C, and D do not provide the correct line syntax shown in the show interface dialer command output.

The correct answer is C. The primary purpose of a backup interface is redundancy in case the primary link fails. Backup interfaces are not specifically implemented to provide increased bandwidth, but they can be configured to activate if the primary link reaches a defined load threshold, thereby providing a secondary link that provides additional bandwidth. Answers A, B, and D are incorrect because they do not represent the primary purpose of the backup interface.

The correct answers are A and B. Dial backup links commonly use modems or ISDN Basic Rate Interface (BRI). These technologies are suitable for backup connections because they can be configured to place a call when necessary and disconnected when they are no longer required. Answers C and D are incorrect because, unlike dedicated serial connections (such as Frame Relay or a T3 line), dial-up lines are only charged for the connection time used.

The correct answer is D. You associate primary interfaces with a backup interface using the backup interface command. This command specifies the dialer interface that will be initiated in the event that the primary connection is lost, which means that it depends on the failure of the primary interface. The problem with multipoint Frame Relay interfaces is that the failure of one of the PVCs might not be detected, resulting in a failure to initiate the backup connection. Answers A, B, and C are incorrect because failure of any of the other types of interfaces is properly detected by the dial backup configuration.

The correct answer is C. The dialer list uses the access control list (ACL) to define interesting traffic that initiates a DDR call. You must assign the dialer list to the interface that is responsible for making the call using the dialer-group command You use the dialer pool command to specify the dialer pool used by a dialer interface, making Answer A incorrect. You create the dialer list using the dialer-list command, making Answer B incorrect. Answer D is incorrect because you use the dialer map command to configure an interface with the parameters needed to place a call to a destination.

The correct answer is C. DDR is built around the premise that "interesting traffic" is defined and responsible for initiating a call to establish the WAN connection. You define traffic that is considered interesting using a dialer list, which can also be refined by referring to an access list. The second component is the dialer interface, which you must configure to make the call once traffic that needs to be transmitted is received. Answers A, B, and D are incorrect because they are not factors that trigger the establishment of a DDR connection.

The correct answer is A. A line that has been brought up by DDR uses an idle timer to keep track of how much time has passed since the interface has received and forwarded interesting traffic, causing the link to be idle. This parameter is set to 120 seconds by default, but can be modified using the dialer idle-timeout command. Answer C is incorrect; the dialer fast-idle command specifies how long a line that is needed for another call can remain idle before being disconnected to be used by the contending call. Answer B is incorrect; you use the dialer load-threshold command to set the interface load, which triggers the dialer to place another call to the destination. Answer D is incorrect because dialer idle-timer is not a valid Cisco IOS command to set the idle timeout.

The correct answer is D. A DDR call is only placed and a connection established when interesting traffic is received on the dialer interface. Once the connection is established and the idle timeout has not expired, both uninteresting and interesting traffic is transmitted across the link. Answer C is incorrect; only interesting traffic resets the idle-timeout timer, meaning that uninteresting traffic is still transmitted but the timer continues to count down to the configured value. Answers A and B are incorrect because uninteresting traffic is not dropped nor does it bring down the connection.

The correct answer is B. Snapshot routing is a mechanism specifically designed to address the exchange of routing updates across a DDR connection. Updates sent by distance-vector protocols, such as RIP, could keep a DDR link up for a costly amount of time. Snapshot routing allows DDR environments to continue to use dynamic routing entries in their tables by implementing an active period and quiet period. This way, routing updates can be exchanged and they initiate a DDR call during the active period. During the quiet period, no updates are sent and the routing table is placed in a frozen state, preventing the loss of dynamic routing updates. Answers A, C, and D are incorrect because these options do not help to conserve dynamic routing information while minimizing the use of the DDR link.

The correct answer is C. You configure the load threshold that triggers an additional link to be brought up when using bandwidth-on-demand with the dialer load-threshold command. However, the value used for the load parameter of this command is a link utilization percentage in the range of 1 to 255, where 255 signifies 100%. The dialer load-threshold command also provides the ability to specify whether the load calculation is based on inbound, outbound, or either direction of traffic flow. Answers A, B, and D are incorrect because they are all true statements regarding Multilink PPP (MLP).

The correct answer is C. The ISDN PRI D-channel actually operates at a rate of 64Kbps. ISDN BRI, which uses two 64Kbps B-channels and one 16Kbps D-channel, provides a maximum total speed of 192Kbps. ISDN PRI T1 (23 B-channels) and E1 (30 B-channels) provide a total speed of 1.544Mbps and 2.048Mbps. Answers A, B, and D are incorrect because they are all valid characteristics of ISDN service.

The correct answer is C. Call setup and connection teardown occurs on the D-channel at the network layer or Layer 3. The debug command that displays information messages dealing with Layer 3 is debug isdn q931. Answer B is incorrect; to view information on signaling taking place between the ISDN switch and the router at Layer 2, you can use the debug isdn q921 command. Answers A and D are incorrect; you use the debug dialer command to view debugging information about packets being received on the ISDN dialer interface, and you use the debug isdn events command to display information on ISDN events taking place on an ISDN interface.

The correct answer is C. The interface between an NT2 device and a TA (converter for non-ISDN device) or TE1 (ISDN device) is the S reference point. The interface between an NT1 and NT2 is called the T reference point, making Answer D incorrect. Answer B is incorrect because the R reference point describes the interface between a non-ISDN TE2 device and the TA. Answer A is incorrect because the U reference point refers to the interface between the local loop terminating NT1 and the ISDN local exchange (LE). The BRI S and T interfaces have the exact same characteristics, which is why the interface between a TE1 or TA and an NT1 device is often combined and referred to as the S/T interface.

The correct answer is B. The configuration of the ISDN switch type is very important because the type used by the router and service-provider switch must match. The switch type is configured at the global level, which automatically assigns that switch type to all ISDN interfaces. However, in certain scenarios an interface requires a configuration different from the globally assigned switch type. In these cases, you also use the isdn switch-type command at the interface level. The encapsulation ppp, isdn spid1, and dialer map commands are all configured at the interface level, making Answers A, C, and D incorrect.

The correct answer is A. The default encapsulation for ISDN and serial interfaces on a Cisco router is High-Level Data Link Control (HDLC). Answers B, C, and D are incorrect because they are not the default encapsulation protocols used on serial interfaces.

The correct answer is D. The static configuration that associates a remote host with a destination IP address and ISDN number is called a dialer map. You can replace this step and other legacy ISDN interface configuration steps by using dialer profiles. Dialer profiles separate physical and logical configurations of the ISDN interface, allowing the interface to dynamically use different characteristics, depending on the particular call. For example, dialer profiles can define different encapsulations or ACLs to be used for different incoming or outgoing calls. Answers A, B, and C are incorrect because they are not Cisco IOS features that can replace the use of static configurations of physical interfaces.

The correct answer is C. The Network Control Protocol (NCP) is responsible for the configuration of different network-layer protocols that are used on the link. Supported protocols include IP, Internetwork Packet Exchange (IPX), and AppleTalk. Answers A, B, and D are incorrect because it is the Link Control Protocol (LCP) that handles the establishment and configuration of data-link connections, including PPP options.

The correct answer is B. For dialer interfaces to function as callback clients or servers, they need to be configured with the ppp callback command. A callback client requests callback, and you configure it with the ppp callback request command. A callback server accepts callback requests, and you configure it with the ppp callback accept command. Answers A, C, and D are incorrect because they do not describe the effect of configuring the ppp callback accepts command.

The correct answer is A. You can use the debug ppp negotiation command to verify aspects of PPP operation, including packets exchanged during the negotiation of PPP options such as Challenge Handshake Authentication Protocol (CHAP) authentication. None of the other show and debug commands provided display information on the specific PPP negotiation events such as CHAP authentication; therefore, Answers B, C, and D are incorrect.

The correct answers are A, B, C, and D. All these features are provided by Multilink PPP (MLP). MLP is an option negotiated by the LCP during the establishment of a PPP connection. By bundling multiple links, MLP provides faster throughput and decreased latency when the traffic load becomes high or simply load-balances among the available connections to avoid congestion. Packets are split into fragments and transmitted over parallel links to the destination, where they are reassembled.

The correct answer is C. Depending on the line configuration, remote dial-in users have the option to start an EXEC session or a PPP session. Configuring the autoselect ppp command on dial-in lines allows a PPP session to start automatically. Answer A is incorrect; the modem dialin command configures a line to set an attached modem to accept incoming calls only. Answer D is incorrect because you use the ppp authentication chap dialins command to specify the method of authentication to use on a line. The ppp session-default command is not a valid Cisco IOS command; therefore, Answer B is incorrect.

The correct answers are B and D. Virtual private networks (VPNs) provide a number of useful functions and benefits of which confidentiality due to encryption, authentication capabilities, and data integrity are the most important for most companies. Answer C is incorrect; eliminating the need to maintain a complicated remote access infrastructure, you can create secure virtual tunnels to the corporate network from telecommuters, remote offices, and even customer sites. VPNs are not created to provide faster transmission of traffic; therefore, Answer A is incorrect.

The correct answers are A, B, and D. VPNs continue to be a popular choice for the low-cost deployment of secure networks using an intermediary public network. There are two main types of VPN solutions at this time: LAN-to-LAN connection mechanisms and remote-access scenarios. Encapsulation methods commonly used for remote-access VPNs using PPP include IP Security (IPSec), Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Tunneling Protocol (L2TP). Site-to-site configurations often use Generic Routing Encapsulation (GRE) for the tunnel encapsulation process; therefore, Answer C is incorrect. GRE encapsulates all traffic, providing tunneling for multiple protocols including routing protocols.

The correct answers are B and C. The GRE and L2TP protocols do not support data encryption or data integrity. If the VPN tunnel must provide one or both of these features, you can combine GRE and L2TP with IPSec, which provides encryption and authentication using Internet Key Exchange (IKE). Answers A and D are incorrect because these protocols do provide data encryption.

The correct answers are B and C. The use of IKE enhances the capabilities of an IPSec secure tunnel. IKE implements authenticated key exchange processes using security associations (SAs). Router peers at each end of the IPSec tunnel must first be authenticated and must have a set of SAs negotiated by IKE before interesting traffic is encrypted and transmitted across the tunnel to the peer router; therefore, Answer A is incorrect. Answer D is incorrect because an IPSec tunnel using IKE provides both authentication and encryption capabilities.

The correct answers are A, B, and C. Three major encapsulation methods can transfer IP over the Asynchronous Transfer Mode (ATM)-based DSL connection: RFC 1483 bridging, Point-to-Point Protocol over Ethernet (PPPoE), and Point-to-Point Protocol over ATM (PPPoA). The bridging approach is considered to be the easiest to implement; however, PPPoE and PPPoA provide more flexibility to service providers because they offer an authentication and connection feature all in one. VoIP is not an encapsulation method used to carry IP packets over the DSL/ATM connection; therefore, Answer D is incorrect.

The correct answers are B and C. Asymmetric Digital Subscriber Line (ADSL) uses a different frequency range from Plain Old Telephone Service (POTS) voice service and can therefore use the same wire as voice traffic. You do need to split the voice and data traffic, which you do using a POTS splitter at the central office (CO) and a POTS splitter or microfilter at the customer site. The POTS splitter at the CO separates the two types of traffic, sending POTS signals on to a voice switch and data traffic to the DSL Access Multiplexer (DSLAM). Answers A and D are incorrect because bridge taps and the DSLAM are not responsible for splitting the voice and data signals.

The correct answer is A. ADSL provides a downstream rate ranging from 1.5 to 9Mbps and an uplink capacity ranging from 16 to 640Kbps. However, as with other DSL technologies, the rate experienced by the customer might be lower, depending on various factors, including the distance from the CO. Answers B, C, and D are incorrect; HDSL and SDSL provide 1.544Mbps of bandwidth in both directions, and VDSL delivers high rates ranging from 13 to 52Mbps downstream and 1.5 to 2.3Mbps upstream.

The correct answer is B. High-data-rate DSL (HDSL) provides equal upstream and downstream rates of 1.544Mbps and uses two copper twisted pairs. Because it offers T1 speeds in both directions, this DSL technology is often used as a T1 or E1 replacement; therefore, Answer C is incorrect. Symmetric DSL (SDSL) also provides equal upstream and downstream speeds of 1.544Mbps but uses one copper twisted pair, making Answer A incorrect. Answer D is incorrect because both technologies provide equal upstream and downstream rates.

The correct answer is C. The most suitable technology to recommend for the telecommuter is an ISDN BRI connection. Answers A and D are incorrect; a permanent connection would be excessive, and a regular analog dial-up link would not provide a reasonable transfer rate for the large documents. The capacity provided by an ISDN PRI connection would also be excessive and would not be used for this telecommuter scenario; therefore, Answer B is incorrect.