[learn-ccna.com]

1. Only one workstation on a particular network cannot reach the Internet. What is the first troubleshooting step if the divide-and-conquer method is being used?
* Check the workstation TCP/IP configuration.

2. Which ipconfig command requests IP configuration from a DHCP server?

* ipconfig /renew

3. What should a network administrator do first after receiving a call from a user who cannot access the company web server?
* Ask the user what URL has been typed and what error message displays.

4. What command is used to determine the location of delay for a packet traversing the Internet?
* tracert

5. What command is used to determine if a DNS server is providing name resolution?
* nslookup

6. A customer called the cable company to report that the Internet connection is unstable. After trying several configuration changes, the technician decided to send the customer a new cable modem to try. What troubleshooting technique does this represent?
* substitution

7. Which troubleshooting method begins by examining cable connections and wiring issues?
* bottom-up

8. Refer to the graphic. What configuration is incorrect in the network shown?
* The wired connection is the wrong type of cable.

9. A technician suspects that a Linksys integrated router is the source of a network problem. While troubleshooting, the technician notices a blinking green activity LED on some of the ports. What does this indicate?
* The ports are operational and are receiving traffic.

10. Identify two physical-layer network problems. (Choose two.)
* hardware failure
* loose cable connections

11. A PC is plugged into a switch and is unable to connect to the network. The UTP cable is suspected. What could be the problem?
* A crossover cable is being used.

12. Which three settings must match on the client and access point for a wireless connection to occur? (Choose three.)
* encryption key
* SSID
* authentication

13. A technician is troubleshooting a security breach on a new wireless access point. Which three configuration settings make it easy for hackers to gain access? (Choose three.)
* broadcasting the SSID
* using the default internal IP address
* using open authentication

14. Refer to the graphic. The wireless host cannot access the Internet, but the wired host can. What is the problem?
* The host WEP key is incorrect.

15. Which two troubleshooting techniques are suitable for both home networks and large corporate networks? (Choose two.)
* documenting the troubleshooting process
* keeping a record of system upgrades and software versions

16. Network baselines should be performed in which two situations? (Choose two.)
* after the network is installed and running optimally
* after major changes are implemented on the network

17. Refer to the graphic. What configuration is incorrect in the network shown?
* The host IP address is incorrect.

18. When acting as a DHCP server, what three types of information can an ISR provide to a client? (Choose three.)
* default gateway
* dynamic IP address
* DNS server address

19. A technician is unsuccessful in establishing a console session between a PC and a Linksys integrated router. Both devices have power, and a cable is connected between them. Which two troubleshooting steps could help to diagnose this problem? (Choose two.)
* Ensure the correct cable is used.
* Ensure the link status LED on the integrated router is lit.

20. How does remote-access software help in the troubleshooting process?
* Diagnostics can be run without a technician being present at the site.

21. Typically, help desk personnel assist end users in which two tasks? (Choose two.)
* identifying when the problem occurred
* implementing the solution to the problem

22. What two items could be checked to verify connectivity between the router and the ISP? (Choose two.)
* router status page
* connectivity status as indicated by LEDs

23. Which two items should be added to the documentation following a troubleshooting event? (Choose two.)
* final resolution
* results of successful and unsuccessful troubleshooting steps

1. Refer to the exhibit. IPv6 address 2006:1::1/64 eui-64 has been configured on the router FastEthernet0/0 interface. Which statement accurately describes the EUI-64 identifier configuration?

The configuration will derive the interface portion of the IPv6 address from the MAC address of the interface.

2. Refer to the exhibit. Which address or addresses represent the inside global address?

209.165.20.25

3. Your organization is issued the IPv6 prefix of 2001:0000:130F::/48 by your service provider. With this prefix, how many bits are available for your organization to create subnetworks?

16

4. What are two benefits of NAT? (Choose two.)

It saves public IP addresses.
It adds a degree of privacy and security to a network.

5. What is true regarding the differences between NAT and PAT?

PAT uses unique source port numbers to distinguish between translations.

6. A network administrator wants to connect two IPv6 islands. The easiest way is through a public network that uses only IPv4 equipment. What simple solution solves the problem?

Use tunneling to encapsulate the IPv6 traffic in the IPv4 protocol.

7. Refer to the exhibit. Which two addresses could be assigned to traffic leaving S0 as a result of the statement ip nat pool Tampa 179.9.8.96 179.9.8.111 netmask 255.255.255.240? (Choose two.)

179.9.8.98
179.9.8.101

8. Refer to the exhibit. The FTP server has an RFC 1918 private address. Users on the Internet need to connect to the FTP server on the Fa0/0 LAN of R1. Which three configurations must be completed on R1? (Choose three.)

open port 20
open port 21
NAT with port forwarding

9. After activating IPv6 routing on a Cisco router and programming IPv6 addresses on multiple interfaces, what is the remaining step to activate RIPng?

Enter the interface programming mode for each IPv6 interface and enable IPng RIP.

10. Refer to the exhibit. How many IPv6 broadcast domains exist in this topology?

0

11. Refer to the exhibit. Traffic exiting R1 is failing translation. What part of the configuration is most likely incorrect?

access-list statement

12. Refer to the exhibit. According to the output, how many addresses have been successfully assigned by this DHCP server?

8

13. Refer to the exhibit. What is the purpose of the command marked with an arrow shown in the partial configuration output of a Cisco broadband router?

defines which addresses can be translated

14. A technician has been told by a supervisor to always clear any dynamic translations before attempting to troubleshoot a failed NAT connection. Why has the supervisor issued these instructions?

Because entries can be cached for long periods of time, the supervisor wants to prevent decisions being made based on old data.

15. Refer to the exhibit. Which two statements about the configuration are true? (Choose two.)

Traffic from the 10.1.1.0 network will be translated.
Permitted traffic gets translated to a single inside global IP address.

16. Refer to the exhibit. R1 is performing NAT for the 10.1.1.0/24 network, and R2 is performing NAT for the 192.168.1.2/24 network. What would be valid destination IP address for HostA to put in its IP header when communicating with the web server?

172.30.20.2

17. What type of NAT should a network administrator use to ensure that a web server on the inside network is always available to the outside network?

static NAT

18. How many bits of an IPv6 address are used to identify the interface ID?

64

19. Refer to the exhibit. A technician used SDM to enter the NAT configuration for a Cisco router. Which statement correctly describes the result of the configuration?

A user on the outside network sees a request addressed from 192.168.1.3 using port 80.

20. Refer to the exhibit. A network technician determines DHCP clients are not working properly. The clients are receiving IP configuration information from a DHCP server configured on the router but cannot access the Internet. From the output in the graphic, what is the most likely problem?

The pool does not have a default router defined for the clients.

21. Refer to the exhibit. On the basis of the configuration shown, how should the pool of the excluded addresses be assigned to key hosts on the network, such as router interfaces, printers, and servers?

The addresses are statically assigned by the network administrator.

1. Which two Layer 1 requirements are outlined in the Data-over-Cable Service Interface Specification (DOCSIS)? (Choose two.)

channel widths
modulation techniques

2. Which is an example of symmetric-key encryption?

pre-shared key

3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)

allocate an additional channel
subdivide the network to reduce users on each segment

4. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?

Data is being transmitted from the subscriber to the headend.

5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?

The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.

6. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)

encryption
encapsulation

7. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
AES
DES
RSA

8. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
AH
ESP

9. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?

DSL

10. What are the three main functions of a secure VPN? (Choose three.)

authentication
data confidentiality
data integrity

11. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker’s site?

a WiMAX receiver

12. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
digital certificates
smart cards

13. Which two statements about DSL are true? (Choose two.)

local loop can be up to 3.5 miles (5.5km)
user connections are aggregated at a DSLAM located at the CO

14. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)

covers areas as large as 7,500 square kilometers
connects directly to the Internet through high-bandwidth connections

15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?

All locations can support VPN connectivity.

16. Which statement describes cable?

Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.

17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)

IPsec
PPTP

18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?

a remote-access VPN

19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)

The two parties must establish a secret key used by encryption and hash algorithms.
The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
The devices must be authenticated before the communication path is considered secure.

1. Which two Layer 1 requirements are outlined in the Data-over-Cable Service Interface Specification (DOCSIS)? (Choose two.)

channel widths
modulation techniques

2. Which is an example of symmetric-key encryption?

pre-shared key

3. Which two statements are valid solutions for a cable ISP to reduce congestion for users? (Choose two.)

allocate an additional channel
subdivide the network to reduce users on each segment

4. While monitoring traffic on a cable network, a technician notes that data is being transmitted at 38 MHz. Which statement describes the situation observed by the technician?

Data is being transmitted from the subscriber to the headend.

5. After conducting research to learn about common remote connection options for teleworkers, a network administrator has decided to implement remote access over broadband to establish VPN connections over the public Internet. What is the result of this solution?

The connection has increased security and reliable connectivity. Users need a remote VPN router or VPN client software.

6. Data confidentiality through a VPN is achieved through which two methods? (Choose two.)

encryption
encapsulation

7. Data confidentiality through a VPN can be enhanced through the use of which three encryption protocols? (Choose three.)
AES
DES
RSA

8. What two protocols provide data authentication and integrity for IPsec? (Choose two.)
AH
ESP

9. A technician has been asked to configure a broadband connection for a teleworker. The technician has been instructed that all uploads and downloads for the connection must use existing phone lines. Which broadband technology should be used?

DSL

10. What are the three main functions of a secure VPN? (Choose three.)

authentication
data confidentiality
data integrity

11. A company is using WiMAX to provide access for teleworkers. What home equipment must the company provide at the teleworker’s site?

a WiMAX receiver

12. Which two methods could an administrator use to authenticate users on a remote access VPN? (Choose two.)
digital certificates
smart cards

13. Which two statements about DSL are true? (Choose two.)

local loop can be up to 3.5 miles (5.5km)
user connections are aggregated at a DSLAM located at the CO

14. Which two features can be associated with the Worldwide Interoperability for Microwave Access (WiMAX) telecommunication technology? (Choose two.)

covers areas as large as 7,500 square kilometers
connects directly to the Internet through high-bandwidth connections

15. Refer to the exhibit. All users have a legitimate purpose and the necessary persissions to access the Corporate network. Based on the topology shown, which locations are able to establish VPN connectivity with the Corporate network?

All locations can support VPN connectivity.

16. Which statement describes cable?

Delivering services over a cable network requires downstream frequencies in the 50 to 860 MHz range, and upstream frequencies in the 5 to 42 MHz range.

17. Which two protocols can be used to encapsulate traffic that is traversing a VPN tunnel? (Choose two.)

IPsec
PPTP

18. Refer to the exhibit. A teleworker is connected over the Internet to the HQ Office. What type of secure connection can be established between the teleworker and the HQ Office?

a remote-access VPN

19. Refer to the exhibit. A VPN tunnel has been established between the HQ Office and the Branch Office over the public Internet. Which three mechanisms are required by the devices on each end of the VPN tunnel to protect the data from being intercepted and modified? (Choose three.)

The two parties must establish a secret key used by encryption and hash algorithms.
The two parties must agree on the encryption algorithm to be used over the VPN tunnel.
The devices must be authenticated before the communication path is considered secure.

1. Refer to the exhibit. What will be the effect of the configuration that is shown?
Users attempting to access hosts in the 192.168.30.0/24 network will be required to telnet to R3.

2. Which three parameters can ACLs use to filter traffic? (Choose three.)

protocol suite
source address
destination address

3. Refer to the exhibit. How does this access list process a packet with the source address 10.1.1.1 and a destination of 192.168.10.13?

It is dropped because it does not match any of the items in the ACL.

4 .Which two statements are correct about extended ACLs? (Choose two)

Extended ACLs evaluate the source and destination addresses.
Port numbers can be used to add greater definition to an ACL.

5. Where should a standard access control list be placed?

close to the destination

6. Which three statements describe ACL processing of packets? (Choose three.)

An implicit deny any rejects any packet that does not match any ACL statement.
A packet can either be rejected or forwarded as directed by the statement that is matched.
Each statement is checked only until a match is detected or until the end of the ACL statement list.

7. Refer to the exhibit. How will Router1 treat traffic matching the time-range requirement of EVERYOTHERDAY?

Telnet traffic entering fa0/0 from 10.1.1.254/24 destined to the 172.16.1.0/24 network is permitted.

8. Which two statements are true regarding the following extended ACL? (Choose two.)
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 20
access-list 101 deny tcp 172.16.3.0 0.0.0.255 any eq 21
access-list 101 permit ip any any

FTP traffic originating from network 172.16.3.0/24 is denied.
Web traffic originating from 172.16.3.0 is permitted.

9. Which two statements are true regarding the significance of the access control list wildcard mask 0.0.0.7? (Choose two.)

The first 29 bits of a given IP address will be ignored.
The last 3 bits of a given IP address will be checked.

10. Refer to the exhibit. When creating an extended ACL to deny traffic from the 192.168.30.0 network destined for the Web server 209.165.201.30, where is the best location for applying the ACL?

R3 Fa0/0 inbound

11. How do Cisco standard ACLs filter traffic?

by source IP address

12. Which three items must be configured before a dynamic ACL can become active on a router? (Choose three.)

extended ACL
authentication
Telnet connectivity

13. A network administrator needs to allow traffic through the firewall router for sessions that originate from within the company network, but the administrator must block traffic for sessions that originate outside the network of the company. What type of ACL is most appropriate?

reflexive

14. Which statement about standard ACLs is true?

They should be placed as close to the destination as possible.

15. Which benefit does an extended ACL offer over a standard ACL?

In addition to the source address, an extended ACL can also filter on destination address, destination port, and source port.

16. The following commands were entered on a router:

Router(config)# access-list 2 deny 172.16.5.24
Router(config)# access-list 2 permit any

The ACL is correctly applied to an interface. What can be concluded about this set of commands?

All nodes on the 172.16.0.0 network will be denied access to other networks.

17. Refer to the exhibit. The administrator wishes to block web traffic from 192.168.1.50 from reaching the default port of the web service on 192.168.3.30. To do this, the access control list name is applied inbound on the router R1 LAN interface. After testing the list, the administrator has noted that the web traffic remains successful. Why is web traffic reaching the destination?

The range of source addresses specified in line 10 does not include host 192.168.1.50.

18. Which feature will require the use of a named ACL rather than a numbered ACL?

the ability to edit the ACL and add additional statements in the middle of the list without removing and re-creating the list

19. By default, how is IP traffic filtered in a Cisco router?

permitted in and out of all interfaces

20. Refer to the exhibit. The network administrator applied an ACL outbound on S0/0/0 on router R1. Immediately after the administrator did so, the users on network 172.22.30.0/24 started complaining that they have intermittent access to the resources available on the server on the 10.10.0.0/16 network. On the basis of the configuration that is provided, what is the possible reason for the problem?

The ACL permits the IP packets for users on network 172.22.30.0/24 only during a specific time range.

21. Interface s0/0/0 already has an IP ACL applied inbound. What happens when the network administrator attempts to apply a second inbound IP ACL?

The second ACL is applied to the interface, replacing the first.

22. A technician is creating an ACL and needs a way to indicate only the subnet 172.16.16.0/21. Which combination of network address and wildcard mask will accomplish the desired task?

172.16.16.0 0.0.7.255

23. Refer to the exhibit. Which statement is true about ACL 110 if ACL 110 is applied in the inbound direction on S0/0/0 of R1?

It will permit any TCP traffic that originated from network 172.22.10.0/24 to return inbound on the S0/0/0 interface.

24. Refer to the exhibit. ACL 120 is configured inbound on the serial0/0/0 interface on router R1, but the hosts on network 172.11.10.0/24 are able to telnet to network 10.10.0.0/16. On the basis of the provided configuration, what should be done to remedy the problem?
Apply the ACL outbound on the serial0/0/0 interface on router R1.

25. Which two statements are true regarding named ACLs? (Choose two.)

Names can be used to help identify the function of the ACL.
Certain complex ACLs, such as reflexive ACLs, must be defined with named ACLs.

learn-ccna.com

1. Which mechanism is used to create a floating static route?
• administrative distance
• cost
• hop count
• passive interface

2. IPSec operates at which layer of the OSI model?
• application
• network
• datalink
• transport

3. Which is true regarding Frame Relay LMI?
• There are three LMI types standardized by ANSI, ITU-T, and Cisco.
• Routers at each end of a Frame Relay virtual circuit must always use the same LMI type.
• The LMI type must be manually configured.
• The only function of LMI is to verify the connection between the router and the Frame Relay switch.

4. Which statement identifies the IP address design for subinterfaces that are configured for a Frame Relay network?
• Multipoint configurations require the IP address of each subinterface on each router to be in its own subnet.
• Multipoint configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations require IP addresses for each subinterface on each router to be a part of the same subnet.
• Point-to-point configurations do not require IP addresses on each subinterface on each router.
• Multipoint configurations do not require IP addresses on each subinterface on each router.

5. Which three algorithms can be used to encrypt user data in an IPSec VPN framework? (Choose three.)
• 3DES
• AES
• Diffie-Hellman
• DES
• ESP
• SHA

6. Which flag is set by a Frame Relay switch to inform the receiving station that congestion was experienced?
• BECN
• DE
• FECN
• FCS

7. Refer to the exhibit. The complete configuration of a Frame Relay interface on the Chicago router is shown. How does the Chicago router know which DLCI is mapped to the IP address of the remote router?
• DE
• CIR
• FECN
• Inverse ARP

8. What statement correctly defines the purpose of the split horizon rule?
• marks the route unreachable in a routing update that is sent to other routers
• prevents routers from advertising a network through the interface from which the update came
• prevents routers from accepting higher cost routes to networks previously marked as inaccessible before the timer expires
• limits the number of hops a packet can traverse through the network before it should be discarded

9. Which PVC status suggests that the router recognizes the DLCI configured on its interface as being present on the Frame Relay switch, but the PVC associated with the DLCI is not capable of end-to-end communication?
• active
• deleted
• inactive
• idle

10. Refer to the exhibit. Which router command is used to associate a Layer 2 address with the corresponding Layer 3 address?
• Miller(config-if)#frame-relay map ip 172.16.150.1 110
• Miller(config-if)#frame-relay map ip 172.16.150.1 112
• Miller(config-if)#frame-relay map ip 172.16.150.2 110
• Miller(config-if)#frame-relay map ip 172.16.150.2 112

11. A network administrator issued the command show frame-relay pvc. The response from the router shows the status of a PVC as deleted. What is the reason for this status?
• The DLCI is using the wrong LMI type.
• The DLCI is usable but has little activity.
• The DLCI is programmed in the switch but the circuit is not usable.
• The DLCI configured on the CPE device does not match the DLCI.

12. What is one benefit of using a network simulation software package?
• The network design can be tested before it is actually implemented.
• Simulation software packages are quickly updated to support new network technologies and devices.
• Simulated devices have the same features as actual devices, allowing for detection of all potential problems.
• Software packages can simulate all possible network traffic conditions, giving an accurate prediction of network performance.

13. What are two components a network designer considers when planning a VPN? (Choose two.)
• encryption algorithm for privacy and security
• encapsulation protocol to use when creating the VPN tunnel
• switching technology to optimize VPN WAN throughput
• tunneling technology for guarding against data corruption
• routing protocol on the gateway for optimum performance

14. When identifying VPN requirements for endpoint users, what care must be taken to protect the network when remote users log in from unsecured public locations?
• Ensure that the user has VPN client software that allows access to all internal resources.
• Ensure that the VPN user traffic does not slow down internally sourced traffic on the network.
• Ensure that there are no obstacles to hamper the users from accessing all internal resources.
• Ensure that remote users can only access network resources that are appropriate to their job function.

15. Which two components are key elements when implementing a VPN? (Choose two.)
• concentration
• encryption
• prioritization
• compression
• encapsulation

16. What tool can help ease the configuration of VPN servers on routers?
• Cisco SDM
• PIX Firewall
• Cisco VPN Concentrator
• Cisco Adaptive Security Appliances

17. What is used to identify the path to the next frame-relay switch in a Frame Relay network?
• CIR
• DLCI
• FECN
• BECN

18. Which two statements are true regarding VPN security? (Choose two.)
• Users may only establish a VPN connection from secure locations and never from public areas.
• Users that connect to a network through a VPN do not have to log in to resources on the network.
• Users that connect to a network through a VPN are are considered trusted users on the network.
• Users may establish a VPN connection from unsecure locations such as airports and hotel lobbies.
• Users that connect to a network through a VPN should have access to all the resources on the network.

19. Refer to the exhibit. What is placed in the address field of a frame that will travel from the Orlando office to the DC office?
• MAC address of the Orlando router
• MAC address of the DC router
• 192.168.1.25
• 192.168.1.26
• DLCI 100
• DLCI 200

20. Two directly connected routers are able to ping each other through the Serial 0/0/0 interfaces. A network administrator changes the encapsulation on one router to PPP, and the other is left at the default value. What statement would appear in the output of the show interfaces command issued on one of the routers?
• Serial 0/0/0 is up, line protocol is up
• Serial 0/0/0 is down, line protocol is down
• Serial 0/0/0 is up, line protocol is down
• Serial 0/0/0 is down, line protocol is up
• Serial 0/0/0 is administratively down, line protocol is down

21. Refer to the exhibit. What statement is true about the configuration shown for R2?
• R2 is configured as the Frame Relay switch.
• R2 is configured as the main site in a multipoint Frame Relay WAN prototype.
• R2 is configured as the main site in a point-to-point Frame Relay WAN prototype.
• R2 is configured as a remote site in a multipoint Frame Relay WAN prototype.
• R2 is configured as a remote site in a point-to-point Frame Relay WAN prototype.

22. A company uses serial interfaces on its border router to connect to branch offices through WAN connections. The security policy dictates that the encapsulation should use PPP with authentication protocol CHAP. Which statement is true about the configuration requirement of CHAP?
• Both the username and password are case sensitive.
• Neither the username nor the password is case sensitive.
• The username is case sensitive but the password is not case sensitive.
• The password is case sensitive but the username is not case sensitive.

23. Which two statements about split tunnels are true? (Choose two.)
• Local LAN printing will use the VPN tunnel.
• The traffic load on the VPN server is increased.
• Traffic to the corporate network will be encrypted.
• There is a reduced security risk to the corporate network.
• All traffic travels across the VPN tunnel from client to server.
• Traffic to public web sites and general Internet navigation is not encrypted.

24. An IP address has been assigned to the S0/0/0 interface of a new Cisco router. The administrator wishes to quickly test basic connectivity with the serial interface of an adjoining Cisco router via the use of the default WAN protocol. Which WAN protocol will be used for this test?
• PPP
• Frame Relay
• DSL
• HDLC
• ATM

25. Which two statements about split tunnels are true? (Choose two.)
• Local LAN printing will use the VPN tunnel.
• The traffic load on the VPN server is increased.
• Traffic to the corporate network will be encrypted.
• There is a reduced security risk to the corporate network.
• All traffic travels across the VPN tunnel from client to server.
• Traffic to public web sites and general Internet navigation is not encrypted.

learn-ccna.com