test questions wrong but right? security

HarryhclHarryhcl Member Posts: 9 ■□□□□□□□□□
If a test question in a simulation product is wrong, is that because the real exam is wrong?

Example a question about IPSec AH and NAT referes to the AH and NAT taking place on the endpoint. In an endpoint situation NAT is done before encryption so AH will still be ok. but the test answer says no becuase NAT breaks AH.

Why does the question refer to an end point router if the NAT before encryption is not a factor?

Confused of Walsall
"If it looks good and its not working... Reload it"


  • jimjamukjimjamuk Member Posts: 18 ■□□□□□□□□□
    Did notice a load of questions like these which you could argue that they have wrong. You are right with your suggestion that endpoint would NAT before IPSEC took place so it would work - but I think that they drum into your head that NAT + AH = broken so much that they think that if the two words appear in the same paragraph then the only outcome is the broken answer. I think what they have done here is the use of the word endpoint is confusing, which is that it could suggest transport mode (i.e the real endpoint) or tunnel mode (endpoints on the routable Inernet). They have taken the transport mode endpoint in this case but it is not clear at all icon_confused.gif

    In the real exam though I only had one question that I thought was flawed given the selection of answers and none of these other questions appeared and that was a simple ACL question where none of the answers were correct! Comments added and a guess was made at the closest correct answer

    Got an 86 in the end so happy with that

  • HarryhclHarryhcl Member Posts: 9 ■□□□□□□□□□
    Congrats on the 86.

    I just realised if I fail the whole thing changes to version 2 from April 01

    "If it looks good and its not working... Reload it"
  • jimjamukjimjamuk Member Posts: 18 ■□□□□□□□□□
    Hey harryhcl,

    check out your other thread - I think mikej412 has suggested that the v1 exam is available til mid April

    happy days!



    Which blueprint -- V1 or V2? It sounds like you may be looking at the V2 version.

    From the Cisco CCIE News and Announcements page

    20 March 2007 - CCIE Security Written v1.0 Extension

    The CCIE Security written exam v1.0 will continue to be offered at all worldwide testing centers until April 24th, 2007. Candidates planning to take the Security written exam after April 24th, 2007, should be familiar with the topics on the CCIE Security written exam v2.0 blueprint.
  • HarryhclHarryhcl Member Posts: 9 ■□□□□□□□□□
    Cheers Jimjam
    "If it looks good and its not working... Reload it"
Sign In or Register to comment.