-
CCNA640-802 V13
题库试题分析
题库讲解
:吴老师(艾迪飞
CCIE<
/p>
实验室
首发网站:
1.
What
are
two
reasons
that
a
network
administrator
would
use
access
lists?
(Choose two.)
A. to control vty access
into a router
B. to control
broadcast traffic through a router
C. to filter traffic as it passes
through a router
D. to
filter traffic that originates from the router
E. to replace passwords as
a line of defense against security incursions
Answer: AC
解释一下:在
VTY
线路下应用
< br>ACL
,可以控制从
VTY
线路
进来的
telnet
的流量。
也可以过滤穿越一台路由器的流量。
2.
A
default
Frame
Relay
WAN
is
classified
as
what
type
of
physical
network?
A. point-to-point
B. broadcast multi-access
C. nonbroadcast multi-
access
D. nonbroadcast
multipoint
E. broadcast
point-to-multipoint
Answer:
C
解释一下:在默认的情况下,帧中继为非广播多路访问链路
。但是也可以通过子接
口来修改他的网络的类型。
3
.
Refer to the
exhibit. How many broadcast domains exist in the
exhibited
topology?
A. one
B. two
C. three
D. four
E. five
F. six
Answer:
C
解释一下:广播域的问题,在默认的情况下,每个交换机是
不能隔离广播域的,所
以在同一个区域的所有交换机都在同一个广播域中,但是为了减少
广播的危害,将
广播限制在一个更小的范围,有了
VLAN
的概念,
VLAN
表示的是一个虚拟的局域
网,
而他的作用就是隔离广播。所以被
VLAN
隔离了的每个区域都表示一个单独的广播
域,这样一个
VLAN
中的广播的流量是不能传到其他的区域的,所以在上题中就有
< br>3
个广播域了。
4. A
single 802.11g access point has been configured
and installed in the
center
of
a
square
office.
A
few
wireless
users
are
experiencing
slow
performance and drops
while most users are operating at peak efficiency.
What are three likely causes of this
problem? (Choose three.)
A. mismatched
TKIP encryption
B. null SSID
C. cordless phones
D.
mismatched SSID
E. metal file cabinets
F. antenna type or direction
Answer: CEF
A. This command
should be executed from the global configuration
mode.
C. 102 is the remote
DLCI that will receive the information.
D. This command is required
for all Frame Relay configurations.
E.
The
broadcast
option
allows
packets,
such
as
RIP
updates,
to
be
forwarded
across the PVC.
Answer: E
解释一下:关于
命令这个命令用于手工静态添加一条映射,到达的流量封装一个
DLCI
号为
102
,而且这条
PVC
是支持广播的流量的,比如
RIP
的更
新包。因为在默认
的情况下,帧中继的网络为非广播的,而
RI
P
在其上是无法发包的。
8
.
Which of the
following are associated with the application
layer of the
OSI model? (Choose two.)
A. ping
B. Telnet
C. FTP
D. TCP
E. IP
Answer:
BC
解释一下:在
OSI
7
层模型中位于应用层的应用有
telnet
和
ftp
这两种应用。
9. For
security reasons, the network administrator needs
to prevent pings
into the corporate
networks from hosts outside the internetwork.
Which
protocol should be blocked with
access control lists?
A. IP
B. ICMP
C. TCP
D. UDP
Answer: B
解释一下:
PING
命令
利用
ICMP
协议的
< br>echo,
和
echo-replay
两个报文来检测链路是
否连通的。
所以如果要阻止
PING
的流量到网络,
就只要过滤掉
ICMP
的应用就可以了。
10
.
Refer to the
exhibit. The network administrator has created a
new VLAN
on Switch1 and added host C
and host D. The administrator has properly
configured switch interfaces
FastEthernet0/13 through FastEthernet0/24 to
be
members
of
the
new
VLAN.
However,
after
the
network
administrator
completed
the
configuration,
host
A
could
communicate
with
host
B,
but
host
A could not communicate
with host C or host D. Which commands are required
to resolve this problem?
A. Router(config)# interface
fastethernet 0/
Router(config-if)# encapsulation dot1q 3
B. Router(config)# router
rip
C. Switch1# vlan
database
Switch1(vlan)#
vtp v2-mode
Switch1(vlan)# vtp domain cisco
Switch1(vlan)# vtp server
D. Switch1(config)# interface
fastethernet 0/1
Switch1(config-if)# switchport mode trunk
Switch1(config-if)#
switchport trunk encapsulation isl
Answer: A
解释一下:这是
一个多
VLAN
间通讯的问题,虽然都同在一台交换机上,但是
由于处
在不同的
VLAN
中,而导致了
不同
VLAN
中的主机是不能通讯的。这时我们就需要借助
与
trunk
和三层的路由功能了,在交换
机和路由器之间封装
TRUNK
,这样可以允许交
换机间的二层的通讯,但是由于两个
VLAN
是划分
到不同的网段中的,因此需要借助
路由器的路由功能来实现三层的可达,可以将
VLAN
中的主机的网关指定为路由器与
该
VLAN
相连的子接口的地址,这样
VLA
N
中的数据包就都会发往网关,而由网关来进
行进一步的转发。
在这个题中,题目给出了路由器的的子接口的网段,而又给出
了
VLAN 2
与路由器相
连的接口的
IP
地址,所以剩下的一个网段就是给
VLAN 3
的了
,所以要在路由器
上
将与一个子接口划分到
VLAN
3
,
并给其分配另一个网段中的
IP
地址。
这样就可以了。
11
.
What
are
two
recommended
ways
of
protecting
network
device
configuration
files from
outside network security threats? (Choose two.)
A. Allow unrestricted
access to the console or VTY ports.
B.
Use
a
firewall
to
restrict
access
from
the
outside
to
the
network
devices.
C.
Always use Telnet to access the device command
line because its data is
automatically
encrypted.
D.
Use
SSH
or
another
encrypted
and
authenticated
transport
to
access
device
configurations.
E. Prevent the loss of passwords by
disabling password encryption.
Answer: BD
解释一下:要
确保外部的安全的站点才可以访问我的网络,这就涉及到了安全的问
题了,我们
可以使用防火墙来限制外网中来的设备;也可以通过
< br>SSH
或加密和认证
来控制。
12
.
Refer to the
exhibit. The access list has been configured on
the S0/0
interface of router RTB in the
outbound direction. Which two packets, if
routed to the interface, will be
denied? (Choose two.)
0.0.0.15 any eq telnet
access-list 101 permit ip any any
Answer: DE
解释一下:这个访问列表定义了两个语句:
0.0.0.15 any eq telnet
access-list 101 permit ip any any
在访问列表中匹配的顺序是从上到下,如果匹配了某一句,就
退出访问列表,如果
没有就一直往下匹配,在访问列表中有一句隐含的拒绝所有。所以不
管怎么样都有
一句是能被匹配的。
在上题中,
< br>他定义的第一句是拒绝到从发出的任何的
telnet
的
流量,然后第二句定义的就是允许所有的
IP
流量。而且要明确
telnet
的流量使用的
是端口
23,
所以这个题的答案就很明确了。<
/p>
13
.
Refer to the
exhibit. Switch1 has just been restarted and has
passed
the
POST
routine.
Host
A
sends
its
initial
frame
to
Host
C.
What
is
the
first
thing
the switch will do as regards populating the
switching table?
C. Switch1 will add
000A.8A to the switching table.
Answer: C
解释一下:交换
机重新启动了,这个时候交换机的
MAC
地址表是空的,当主机
A
发送
数据给主机
C
而经过交换机时,交换机根据他的工作的原理他要进行原
MAC
地址学
习,而因为对于这个目的
MAC
地址无记录,而将这个流量从除收到的这个接口外的
所有
接口泛洪出去。所以在最开始的一步中,交换机是记录下主机
A
的
MAC
地址到他
的
< br>MAC
地址表中。
Based
on the Host1 ARP table that is shown in the
exhibit, what will Host1
do?
A. send a unicast ARP packet to the DSL
modem/router
B. send
unicast ICMP packets to the DSL modem/router
C. send Layer 3 broadcast
packets to which the DSL modem/router responds
D. send a Layer 2 broadcast
that is received by Host2, the switch, and the
DSL modem/router
Answer: B
解释一下:在下
面的表中我们可以看到
ARP
表中有关于的
ARP
条目,所以在这主机都
只需要发送单播的
ICMP
包到
DSL
modem/router
即可。
15. Refer to the exhibit. What is the
most efficient summarization that R1
can use to advertise its networks to
R2?
Answer: C
解释一下:这还是一个关于汇总的问题。要求
R1
将所有的网段用汇总的条目发送给
R2
,因为这些条目的网
络位是相同的都为,所以在这需要汇总的只是第
3
个八位,
将
4
,
4
,
5
,
6
,
7
这些写成二进制的形式,然后找出相同的位数
,则有相同位数的
字节就是他们的掩码的位数,而最小的有相同位的最小的数字就是他们
的基数位,
所以
R1
通告出去
汇总的条目为。
16.
Refer
to
the
exhibit.
Assume
that
all
router
interfaces
are
operational
and correctly configured. In addition,
assume that OSPF has been correctly
configured
on
router
R2.
How
will
the
default
route
configured
on
R1
affect
the
operation of R2?
A.
Any
packet
destined
for
a
network
that
is
not
directly
connected
to
router
R1 will be dropped.
B.
Any
packet
destined
for
a
network
that
is
not
directly
connected
to
router
R2 will
be dropped immediately.
C.
Any
packet
destined
for
a
network
that
is
not
directly
connected
to
router
R2 will be dropped
immediately because of the lack of a gateway on
R1.
E. Any packet destined
for a network that is not referenced in the
routing
table of router R2 will be
directed to R1. R1 will then send that packet
back to R2 and a routing loop will
occur.
Answer: E
解释一下:在
R1
上产生了一个
OSPF
的缺省路由,出接口指定为
S0/0
,这条缺省路由
以
5
< br>类
LSA
的形式通告给了
R2<
/p>
,于是
R2
上也有了一条标记为
O*E2 0.0.0.0/0
出接口
为
Serial0/0
的路由。
所以
R2
收
到任何路由表中没有的目的网段时,
就将指定给
R1
,
而
R1
根据缺省路由的
出接口又将数据包发往
R2
,这样就形成了一个路由的环路。<
/p>
17. A network interface port
has collision detection and carrier sensing
enabled
on
a
shared
twisted
pair
network.
From
this
statement,
what
is
known
about
the network interface port?
A. This is a 10 Mb/s switch port.
B. This is a 100 Mb/s
switch port.
C. This is an
Ethernet port operating at half duplex.
D. This is an Ethernet port
operating at full duplex.
E. This is a port on a network
interface card in a PC.
Answer: C
解释一下:一个
接口有冲突检测和载波侦听,而且是使用双绞线的网络,那么对于
这个接口我们可以推测
出他是以太接口,而且是工作在半双工的模式下。
20.
Refer to the topology and router configuration
shown in the graphic.
A host on the LAN
is accessing an FTP server across the Internet.
Which of
the following addresses could
appear as a source address for the packets
forwarded by the router to the
destination server?
A.
10.10.0.1
B.
10.10.0.2
Answer:
D
解释一下:这是个
NAT
地址转换的题目,在这
f0/0
接口连接下的为
私有的地址,这
些地址是不能同外网进行通讯的,这时就借助
N
AT
,将内网的私有地址转换为可以
在公网上通讯的地址,我们
看到
NAT POOL
中定义的转换后的公有地址为到,则表
示这段地址是我转换后的内网全局地址,所以
HOST
想要穿过
INTERNET
访问
FTP
服务
器,则需要转换为公有地址到之内的地址,
在上面的答案中只有地址满足条件,所
以答案就是
D
了。
21. A company is
installing IP phones. The phones and office
computers
connect
to
the
same
device.
To
ensure
maximum
throughput
for
the
phone
data,
the company needs to make sure that the
phone traffic is on a different
network
from that of the office computer data traffic.
What is the best
network device to
which to directly connect the phones and
computers, and
what technology should
be implemented on this device? (Choose two.)
A. hub
B. router
C.
switch
D. STP
E. subinterfaces
F. VLAN
Answer:
CF
解释一下:公司的语音设备和办公的设备都连在相同的设
备上,还要确保语音的数
据流在不同与公司的办公的数据流量,最好的网络设备当然是交
换机了,然后利用
VLAN
的技术就完全可以满足所有的要求了
。
22. Refer to the exhibit.
Which statement describes DLCI 17?
A. DLCI 17 describes the ISDN circuit
between R2 and R3.
B. DLCI
17 describes a PVC on R2. It cannot be used on R3
or R1.
C. DLCI 17 is the
Layer 2 address used by R2 to describe a PVC to
R3.
D. DLCI 17 describes
the dial-up circuit from R2 and R3 to the service
provider.
Answer: C
解释一下:
DLCI
是在
Frame-relay
中的描述二层信息的地址,他的地位等同于以太
网中的
MAC
地址。我们以
R2
上
的
DLCI 17
来看,
DLCI 1
7
描述的是:从这个接口出去
的目的地为
R3
的接口的这条
PVC
的二层的地
址为
17
。
23. Which routing protocol by default
uses bandwidth and delay as metrics?
A. RIP
B. BGP
C. OSPF
D. EIGRP
Answer:
D
解释一下:在我们的路由协议中使用复合度量的协议只有<
/p>
IGP
和
EIGPR
,而他们在默
认的情况下是使用带宽和延时来计算度量的。
25. In the implementation of VLSM
techniques on a network using a single
Class
C
IP
address,
which
subnet
mask
is
the
most
efficient
for
point-to-point serial links?
Answer: D
解释一下:在点到点的链路上因为只需要分配两个地址给两端就可以了,所以加上
网络地址和广播地址,这个网段也就只需要有
4
个地址了,
所以网络位需要匹配
30
位
,
掩码就为.
26. (Choose
two.)
Answer: BE
解释一下:这个题其实就是考察的汇总的问题,他说的意思是
R
2
发送了一个汇总的
路由给
R1
,哪两个包文的目的地
R1
仍将转发给
R2
。这还是汇总的问题的一个反向的
考察,
根据
21
位的掩码位数可以推断在第
3
个八位字节的前
5
位是相同的,不同的
是
后面的
3
位,而将
< br>176
写成二进制的形式为
1011 0000
,所以可以看出来明细的路由
可以是
176-1
83
,所以在上面的答案中可以很容易看到答案
B
和
E
是我们的明细路由。
27. What will Switch-1 do with this
data?
A. Switch-1 will drop
the data because it does not have an entry for
that
MAC address.
B. Switch-1 will flood the data out all
of its ports except the port from
which
the data originated.
C.
Switch-1 will send an ARP request out all its
ports except the port from
which the
data originated.
D.
Switch-1 will forward the data to its default
gateway.
Answer:
B
解释一下:首先
Switch 1
需要发送一个数据到
MAC
地址为的主
机,了解到目的地后,
就查看他的
MAC
地址表,然后发现在
MAC
地址表中没有这个
MAC
地址的条目存在。交
换机在收到未知的单播,
组播和广播时,都采用的是泛洪的方式,往除收到数据的
这个接口外的所有接口都发送。
所以在这儿,
Switch
1
也采取的上泛洪的方式。
28.
wo routers named Atlanta and Brevard are connected
by their serial
interfaces
as
shown
in
the
exhibit,
but
there
is
no
data
connectivity
between
them. The Atlanta
router is known to have a correct configuration.
Given
the
partial
configurations
shown
in
the
exhibit,
what
is
the
problem
on the
Brevard router that is causing the lack
of connectivity?
A.
A
loopback is not set.
B. The IP address is
incorrect.
C. The subnet
mask is incorrect.
D. The
serial line encapsulations are incompatible.
E. The maximum transmission
unit (MTU) size is too large.
F. The bandwidth setting is
incompatible with the connected interface.
Answer: B
解释一下:很明显的错误啊,两台路由器的串行接口的地址配置错误,不是在相同
的网段,从而导致了不能通讯。
29.
Which
two
values
are
used
by
Spanning
Tree
Protocol
to
elect
a
root
bridge?
(Choose two.)
A.
amount of RAM
B. bridge
priority
C. IOS version
D. IP address
E. MAC address
F. speed of the links
Answer: BE
解释一下:生
成树的选举的问题,根桥的选举是通过比较BID的,而BID由桥
优先级和MAC地址
组成的.所以在选根桥的时候需要比较的是桥优先级和MAC
address
。
30.
Refer
to
the
exhibit.
Which
switch
provides
the
spanning-tree
designated
port role for the network segment that services
the printers?
A.
Switch1
B. Switch2
C. Switch3
D. Switch4
Answer: C
解释一下:这是
个关于生成树选举的问题,我们首先需要找到根桥,而根桥的选举
是通过比较桥
ID
的
,
而且是越小越
优先,桥
ID
的组成为桥优先级和
MA
C
地址。所以我
们通过上图可以找到根桥为
switch 1
。
然后在非根
桥上选出根端口,通过比较到根桥的花费来选举的,花费最小的就是根
端口。因为上图中
没有表示出链路的带宽,所以无法比较他们的花费。
下一步我
们来选举指派端口。每条链路都需要有一个
DP
,先是比较花费
,如果花费
相同则比较
BID
(桥优先
级)
,仍是越小越优先,根据上图的表识,我们可以找到每
条链
路上的
DP
,而连
Printers<
/p>
的链路上的
DP
就为
Switch 3
,因为他有更小的
MAC
地
址。
32. Refer
to the exhibit. Why would the network
administrator configure RA
in this
manner?
A. to give students
access to the Internet
B.
to prevent students from accessing the command
prompt of RA
C. to prevent
administrators from accessing the console of RA
D. to give administrators
access to the Internet
E.
to prevent students from accessing the Internet
F. to prevent students from
accessing the Admin network
Answer: B
解释一下:在这
儿,将ACL应用到VTY线路下,而且是IN的方向,表示凡是
被我的ACL允许的才
能
telnet
到我.在RA上配置的是
permit
10.1.1
根据隐式
的
deny
any
允许A
dmin
的网段中的用户可以
telnet
到他,所以S<
/p>
tudent
的网段中的用户是被拒
绝的
.
33. In order to allow the
establishment of a Telnet session with a router,
which set of commands must be
configured?
A.
router(config)# line console 0
router(config-line)# enable password
cisco
B. router(config)#
line console 0
router(config-line)# enable secret
cisco
router(config-line)#
login
C. router(config)#
line console 0
router(config-line)# password cisco
router(config-line)# login
D. router(config)# line vty
0
router(config-line)#
enable password cisco
E.
router(config)# line vty 0
router(config-line)# enable secret
cisco
router(config-line)#
login
F. router(config)#
line vty 0
router(config-
line)# password cisco
router(config-line)# login
Answer: F
解释一下:
telnet
是一个应用层的应用,他使用的是
vty
线路,而且在默认的情况
下,是需要访问的线路下设
有密码的。而在
VTY
线路下设置密码的命令为
passwork
string
,
而
VTY
线路下的另一个命
令
login
则是默认的,
可写也可不
写。
如果想
Telnet
时在
VTY
线路下不设置密码也可以访问这个线路,可以在该
VTY
线路下输入命令
no
login
。
34.
A. The
Manchester serial address is 10.1.1.1.
B. The Manchester serial address is
10.1.1.2.
C. The London
router is a Cisco 2610.
D.
The Manchester router is a Cisco 2610.
E. The CDP information was received on
port Serial0/0 of the Manchester
router.
F. The
CDP information was sent by port Serial0/0 of the
London router.
Answer:
ACE
解释一下:CDP是CISCO私有的一个二层的协议
,但是他却可以发现三层的
IP信息的.
通过CDP可以发现的
邻居的信息有:
设备的名称,
IP地址,
端口,
能力,平台,对端的
holddown
time
.在上图的
show cdp entry *
命令的显示可以
看到的信息有:设备名称:L
ondon
;IP地址:
10.1.1.2
;平台:
cisco 2610
;
能力:
Router
;端口:
s0/<
/p>
1;
holdtime
:125S.M<
/p>
anchesteter
收到这个CD
P
信息的接口为
S0/0
.
综合一下,这个题目的答案就出来了.
35. A network administrator has
configured two switches, named London and
Madrid,
to
use
VTP.
However,
the
switches
are
not
sharing
VTP
messages.
Given
the
command
output
shown
in
the
graphic,
why
are
these
switches
not
sharing
VTP
messages?
A.
The
VTP version is not correctly
configured.
B. The VTP
operating mode is not correctly configured.
C. The VTP domain name is
not correctly configured.
D. VTP pruning mode is disabled.
E. VTP V2 mode is disabled.
F. VTP traps generation is
disabled.
Answer:
C
解释一下:交换机间不能共享
VT
P
的信息,我们就需要检查
VTP
的状
态,首先需要检
查的是
VTP
的域名,
只有同一个域中的才可能相互学习,再来检查
VTP
的模式,必
须
有一个
server
模式才能有
VTP
学习的过程的,默认的情况下
VTP
的模式为
Server
的。
然后我们检查图题目给出的信息,可以看到两台交换机的
VTP doma
in
是不一致的,
所以这个就是问题的所在了。
36. Host 1 is trying to
communicate with Host 2. The e0 interface on
Router
C is down. Which of the
following are true? (Choose two.)
A. Router C will use ICMP to inform
Host 1 that Host 2 cannot be reached.
B. Router C will use ICMP to inform
Router B that Host 2 cannot be reached.
C.
Router C
will
use
ICMP
to
inform
Host
1,
Router
A,
and Router
B
that
Host
2 cannot be reached.
D. Router C will send a
Destination Unreachable message type.
E. Router C will send a Router
Selection message type.
F.
Router C will send a Source Quench message type.
Answer: AD
解释一下:连
Host
2
的接口
E0/0 down
了,那么
最直接的反映就发生在路由器
C
上,
C
的路由表中的这个条目就消失了,因此当
Host 1
想要跟
Host
2
建立连接的时候,
Router C
就发送一个目的网段不可达的消息;如果是使用
ping
命令,
那么
Router C
就使用
ICMP
的包文告诉
Host
1
,
Host
2
是不可打的。
37.
Refer to the
exhibit. Assuming that the router is configured
with the
default settings, what type of
router interface is this?
A. Ethernet
B.
FastEthernet
C. Gigabit
Ethernet
D. asynchronous
serial
E. synchronous
serial
Answer: B
解释一下:这个题是需要根据图中提供的信息来判断接口的类型。可以看到接口的
MAC
地址,表示这个接口肯定不是串行接口,所以可以排除
D
和
E
的选项。看带宽
BW
100000 Kbit,
表示
的是
100M
的带宽,所以这是个
Fa
st Ethernet
接口。
38. On point-to-point networks, OSPF
hello packets are addressed to which
address?
Answer:
E
解释一下:在
OSPF
中
Hello
包发向的是和这两个地址的。大家在
做
OSPF
实验的时候,
用
debug
命令是可以看到这两个个地址的。
troubleshooting a connectivity
problem, a network administrator notices
that
a
port
status
LED
on
a
Cisco
Catalyst
series
switch
is
alternating
green
and amber. Which condition could this
indicate?
A. The port is
experiencing errors.
B. The
port is administratively disabled.
C. The port is blocked by spanning
tree.
D. The port has an
active link with normal traffic activity.
Answer: A
解释一下:
CISCO
交换机的端口状态指示灯是闪烁的绿色和浅黄色,表示端
口有操
作的问题——也许是过量的错误或连接的问题。
40. Refer to the exhibit. The network
shown in the exhibit is running the
RIPv2 routing protocol. The network has
converged, and the routers in this
network are functioning properly. The
FastEthernet0/0 interface on R1 goes
down. In which two ways will the
routers in this network respond to this
change? (Choose two.)
B. Routers R2 and R3 mark the route as
inaccessible and will not accept any
further routing updates from R1 until
their hold-down timers expire.
E. R1 will send LSAs to R2 and R3
informing them of this change, and then
all
routers
will
send
periodic
updates
at
an
increased
rate
until
the
network
again converges.
Answer: CD
解释一下:这
涉及到
RIP
关于环路避免的几种机制了。在这里
R1
的直连的链路发生
了变化,立即触发更新(触发
更新)
,发送
flash
update
出去,将这个条目置为
possible dow
n
,设置最大跳数(路由毒性)
,
R2
收到这个
flash update
后
,也回复
一个
flash update
包(毒性逆转)
,同时将这个条目也置为
possible
down
,设置最
大跳数。
42. Which of the following describe the
process identifier that is used to
run
OSPF on a router? (Choose two.)
A. It is locally significant.
B. It is globally
significant.
C. It is
needed to identify a unique instance of an OSPF
database.
D.
It
is an
optional
parameter
required
only
if
multiple
OSPF
processes
are
running on the router.
E. All routers in the same
OSPF area must have the same process ID if they
are to exchange routing information.
Answer: AC
解释一下:
OSPF
的进程号只在本地有效。在一
台路由器上需要为每个进程维护各自
的
OSPF
数据库。
43. Refer to the
exhibit. The FMJ manufacturing company is
concerned about
unauthorized access to
the Payroll Server. The Accounting1, CEO, Mgr1,
and
Mgr2 workstations should be the
only computers with access to the Payroll
Server.
What
two
technologies
should
be
implemented
to
help
prevent
unauthorized access to the server?
(Choose two.)
A.
access lists
B.
encrypted router passwords
C. STP
D. VLANs
E. VTP
F. wireless LANs
Answer: AD
解释一下:需
要控制只允许哪些组可以访问服务器,组中的哪些用户可以访问,使
用的技术当然有
ACL
和
VLAN
了。
44.
E. It uses the default administrative
distance.
F.
It
is
a
route
that
would
be
used
last
if
other
routes
to
the
same
destination exist.
Answer: AE
解释一下:命
令是静态指定一条路由:通过接口可以到达网段。在这条命令后没有
指定管理距离,就表
示使用默认的管理距离,为
1.
45.
The
network
shown
in
the
diagram
is
experiencing
connectivity
problems.
Which of the following will correct the
problems? (Choose two.)
A.
Configure the gateway on Host A as
10.1.1.1.
B. Configure the
gateway on Host B as 10.1.2.254.
C. Configure the IP address of Host A
as 10.1.2.2.
D. Configure
the IP address of Host B as 10.1.2.2.
Answer: BD
解释一下:<
/p>
主机
A
到他的指定网关的这条链路是没有
问题的,
因为
HOST
A
,
接口
VLAN1
和路由
器的
f0/
网段是相同的,且都是处于
VLAN 1
的。而
HOST B
的<
/p>
VLAN2
到交换机是
没有相同的
VLAN
接口和他通讯的,所以
HOST
B
发出的数据到交换机上就被丢弃了。
所以需要在交换机上指定
一个处于
VLAN 2
的接口,并将
S
VI
地址配置为和路由器
POP
的
f0/
相同网段的地址。因为路由器的接口的地址分配的是网段
10.1.2.0/24
,所以
我们的
HOST B
的地址应该也分派一个的地址,并且网关也指定为路由
器
POP
的
f0/
的
地址。
46.
Which
three
statements
are
correct
about
RIP
version
2?
(Choose
three.)
A. It has the same maximum hop count as
version 1.
B. It uses
broadcasts for its routing updates.
C. It is a classless routing protocol.
D. It has a lower default
administrative distance than RIP version 1.
E. It supports
authentication.
F. It does
not send the subnet mask in updates.
Answer: ACE
解释一下:
关于
RIPv2
,首先要了解他是一个无类的路由协议,在发送
路由更新的
时候是携带掩码的。
他的
metric
的计算方式和
RIPv1
的相同,仍然是根据跳数的,但是他的跳数范围扩
大了,
RIPv1
的为
16
跳,而
RIPv2
的为
255
跳。
RIPv1
是以
广播的形式发送更新的,在
RIPv2
中采用的是广播,地址为
。
RIPv2
是支持认证的,而在<
/p>
RIPv1
中是没有这个功能的。
RIPv2
是可以关闭自动汇总的,而在
R
IPv1
中是不能关闭的。
49.
Refer to the exhibit. Router1 was just
successfully rebooted. Identify
the
current OSPF router ID for Router1.
Answer: C
解释一下:这是个关于
< br>OSPF
的
RID
的选举的问题
。在
OSPF
中,
RID
的选举过程是这样
的:如果通过命令
router-
id
来指定一个
RID
,那么就采用
手工指定的这个
RID
;如
果没有手工
指定,则在可以使用的接口中来选举,他是优先采用回环口的,如果只
有一个回环口,就
采用这个回环口的
IP
作为
RID
,如果有多个回环口,就采用这多
个回环口中
IP
地址最大的作为
RID
;如果没
有回环口,就采用物理接口中
IP
地址最
大的接口
IP
作为
RID
。
在上面的图中可以看到有两个回环口,
而
Loopback1
的
IP
< br>更大,
所以就做为
RID
了。<
/p>
51.
What
can
a
network
administrator
utilize
by
using
PPP
Layer
2
encapsulation? (Choose three.)
A. VLAN support
B. compression
C. authentication
D. sliding windows
E. multilink support
F. quality of service
Answer: BCE
解释一下:
PPP
协议是能支持认证的,包括
PA
P
和
CHAP
;
PPP
还支持压缩功能和差错
校验,还可实现多链路捆绑。而
他们的这些功能都是
HDLC
所没有的。
52.
Refer
to
the
exhibit.
What
is
the
meaning
of
the
term
dynamic
as
displayed
in the output of
the show frame-relay map command shown?
A.
The
Serial0/0
interface is passing traffic.
B. The DLCI 100 was dynamically
allocated by the router.
D.
The DLCI
100
will
be
dynamically
changed as
required
to
adapt
to
changes
in the Frame Relay
cloud.
Answer: E
解释一下:这是个关于
MAP
的知识。
在图中可以看到这个
MAP
是
dyna
mic
的,因此是
通过
inverse
ARP
学习到的。而表示的是
DLCI 100
映射的地址为。就像是以太网中
的
MAC
和
IP
的映射一样,通过
D
LCI100
可以找到。
53.
What
is
the
function
of
the
Cisco
IOS
command
ip
nat
inside
source
static
10.1.1
A. It
creates a global address pool for all outside NAT
transactions.
B. It
establishes a dynamic address pool for an inside
static address.
C.
It
creates
dynamic
source
translations
for
all
inside
local
PAT
transactions.
D. It creates a one-to-one
mapping between an inside local address and an
inside global address.
E.
It
maps
one
inside
source
address
to
a
range
of
outside
global
addresses.
Answer: D
解释一下:
ip nat inside source
static 10.1.1
这条命令是静态创建一个一对一
的
地址转换。他把内部本地地址转换为全局地址。
55.
Refer to the exhibit. When PC1 sends an ARP
request for the MAC address
of PC2,
network performance slows dramatically, and the
switches detect an
unusually high
number of broadcast frames. What is the most
likely cause
of this?
A. The portfast feature is not enabled
on all switch ports.
B. The
PCs are in two different VLANs.
C. Spanning Tree Protocol is not
running on the switches.
D.
PC2 is down and is not able to respond to the
request.
E. The VTP
versions running on the two switches do not match.
Answer: C
解释一下:
PC1
发出一个
ARP request
的数据报,并且是以广播的形式发送出去的。
< br>当
ARP
报文传到
switch
2
,交换机对广播的流量是以泛洪的形式处理的,报文就从
除了
连接
PC1
的接口外的所有接口都发出去了。
< br>Switch1
收到广播后也泛洪,因此一
个广播环路就
产生了,所以在感觉网络性能很差,因为广播的流量占有了很大的带
宽。而我们阻断二层
环路是通过生成树来实现的,在图中有环路存在因此就说明没
有运行生成树了。
56.
A.
The PC has connectivity with a local host.
B. The PC has connectivity
with a Layer 3 device.
C.
The PC has a default gateway correctly configured.
D. The PC has connectivity
up to Layer 5 of the OSI model.
E. The PC has the TCP/IP protocol stack
correctly installed.
Answer: E
解释一下:地址
是一个私有的保留地址段,他是一个回环的地址,一般用于测试,
测试
< br>TCP/IP
协议栈是否起来了。在一台
PC
上能
ping
通说明这个
PC
的
TCP/IP
协议栈
是正确安装的。
59.
Refer
to
the
exhibit.
The
network
administrator
requires
easy
configuration
options
and
minimal
routing
protocol
traffic.
What
two
options
provide adequate
routing table information for traffic that passes
between
the two routers and satisfy the
requests of the network administrator?
(Choose two.)
A.
a
dynamic
routing
protocol
on
InternetRouter
to
advertise
all
routes
to
CentralRouter.
B. a dynamic routing protocol on
InternetRouter to advertise summarized
routes to CentralRouter.
D. a dynamic routing protocol on
CentralRouter to advertise all routes to
InternetRouter.
E. a dynamic routing protocol on
CentralRouter to advertise summarized
routes to InternetRouter.
F.
a
static,
default
route
on
CentralRouter
that
directs
traffic
to
InternetRouter.
Answer: CF
解
释
一
下
:
因
为
在
这
< br>个
图
中
,internetRo
uter
要
访
问
内
网
只
能
通
过
路
由
器
CentralRouter.
所以只需要在
InternetRouter
上配置一条通过
Centra
lRouter
到达
的网段就可以了。同样内网要访问外部,也
只能通过路由器
InternetRouter
才能到
达,所以也可以在
CentralRouter
上配置一条缺省路由到外部。
are
some
of
the
advantages
of
using
a
router
to
segment
the
network?
(Choose
two.)
A.
Filtering can occur based on Layer 3 information.
B. Broadcasts are
eliminated.
C. Routers
generally cost less than switches.
D. Broadcasts are not forwarded across
the router.
E. Adding a
router to the network decreases latency.
Answer: AD
解释一下:
这里问的是用路由器来分
割一个网络的好处是什么。路由器是工作在三层的设备,
因此我们可以基于三层的信息来
实现过滤;而且大家知道路由器是可以过滤广播
的。这些应该就都是他分割一个网络的好
处了。要注意路由器只是能阻断广播,让
他不能从一个域中传播到另一个域中,他是没办
法消除广播的。
61. Refer to the
exhibit. What is the meaning of the output MTU
1500 bytes?
A.
The
maximum
number
of
bytes
that
can
traverse
this
interface
per
second
is
1500.
B.
The
minimum
segment
size
that
can
traverse
this
interface
is
1500
bytes.
C.
The
maximum
segment
size
that
can
traverse
this
interface
is
1500
bytes.
D. The
minimum packet size that can traverse this
interface is 1500 bytes.
E.
The maximum packet size that can traverse this
interface is 1500 bytes.
F.
The maximum frame size that can traverse this
interface is 1500 bytes.
Answer: E
解释一下:
MTU
是最小传输单元的意思,表示在这个接口上传输的最大字节为
1500
,
如果超过这个值,包就需要
被分片。
62. There are no boot
system commands in a router configuration in
NVRAM.
What
is
the
fallback
sequence
that
the
router
will
use
to
find
an
IOS
during
reload?
A. TFTP
server, Flash, NVRAM
B.
ROM, NVRAM, TFTP server
C.
NVRAM, TFTP server, ROM
D.
Flash, TFTP server, ROM
E.
Flash, NVRAM, ROM
Answer:
D
解释一下:这个问的是路由器寻找
IOS
的过程。
1
< br>.路由器在
POST
后,先查看寄存器的值,这个值是一
组
4
个十六进制的数字,而其
中的最后
的一位影响启动的过程。
2
.在
NVRAM
的配置文件中查看
boot s
ystem
命令,这个命令告诉引导程序在哪里寻
找
IOS
。在这个题中说没有
boot syste
m
的命令保存在
NVRAM
中。所以这
步跳过。
3
.如果在
NVRAM
的配置文件中没有找到
boot syst
em
命令,引导程序使用
flash
中
所
找到的第一个有效的
IOS
镜像。<
/p>
4
.
如果
flash
中没有有效的
IOS
镜像,
引导程序将生成一个
TFTP
本地广播以定位
TFTP
服务器。
< br>
5
.如果没有找到
TFTP<
/p>
服务器,引导程序将加载
ROM
中的迷你
IOS
(
RXBOOT
模式)
6
.
如果
ROM
中有迷你
IOS
,那么迷你
IOS
在随后加载并且进入
RXBOOT
模式;否则路由
器不是重新试图寻找
IOS
镜像,就是加载
ROMMON<
/p>
并且进入
ROM
Monitor
模式。
这样看,答案就很明显了。
which circumstance are multiple copies of the same
unicast frame likely
to be transmitted
in a switched LAN?
A.
during high traffic periods
B. after broken links are re-
established
C. when upper-
layer protocols require high reliability
D. in an improperly
implemented redundant topology
E. when a dual ring topology is in use
Answer: D
解释一下:在一个
LAN
中有若干的单播帧的拷贝。
在一般来说我们的每个单播帧都
是只有一个目的地,从而从一个相关接口发送出去就可。
如果有若干个单播帧的拷
贝就表示我的交换机上同这个目的地址绑定的接口有多个,而这
些都应该是不必要
的。因为我到一个目的地从一条路走就可以了,如果出现了多条路,那
么就应该是
做冗余的,可是不正确的配置可能导致我的
LAN<
/p>
中产生环路,从而形成在
LAN
中有同<
/p>
一个帧的多个拷贝。
of the
following describe private IP addresses? (Choose
two.)
A. addresses chosen
by a company to communicate with the Internet
B. addresses that cannot be
routed through the public Internet
C. addresses that can be routed through
the public Internet
D. a
scheme to conserve public addresses
E.
addresses
licensed
to
enterprises
or
ISPs
by
an
Internet
registry
organization
Answer: BD
解释一下:私
有
IP
地址是不能在公网上传递的。他只能在一个单独的区域中
使用,
如果一个使用私有地址的设备需要同外网通讯,可以通过
NAT
将这个私有地址转换
为公有地址,这样也可以达到隐藏地
址的目的。外网知道的只能是你通过
NAT
转换
后的公有地址,而无法知道你的正在使用的那个私有地址的。
to
the
exhibit.
A
network
administrator
is
adding
two
new
hosts
to
SwitchA.
Which three values could be used for
the configuration of these hosts?
(Choose three.)
Answer: ACF
解释一下:
我们可以看路由器上的子接口的配置:接口
fa0/
封装了
trunk
并被划分
到
vlan 10
中,接口
fa0/
封装了
trunk
并被划分到
vlan 20
中了。接下来我们来看交
换机上的接口的
vlan
分配:和
host
A
相连
的接口
f0/6
划分到了
vlan
10
,而和
host
B
相连的接口
f0/9
划分到
了
vlan 20
。因为只有相同
vl
an
中数据才可以通讯,所以我
们应该将
host A
的地址和
f0/
的配置
一样的网段,而将
host B
的地址和
f0/
配置一样
的网段。并且因为主机是没有路由的功能的,
我们需要给他们指定网关,而他们的
网关地址应该是相应
VLA
N
中的路由器的子接口的地址。
所以,
host
A
的地址为(除了)的地址,并且默认的网关的地址为。
Host B
的地址为除了的地址,并且默认的网关地址为
..
。
of
the
following
statements
are
true
regarding
bridges
and
switches?
(Choose 3.)
A. Switches are primarily
software based while bridges are hardware based.
B. Both bridges and
switches forward Layer 2 broadcasts.
C. Bridges are frequently faster than
switches.
D. Switches have
a higher number of ports than most bridges.
E.
Bridges
define
broadcast
domains
while
switches
define
collision
domains.
F. Both bridges and
switches make forwarding decisions based on Layer
2
addresses.
Answer: BDF
解释一下:
这问到的是关于网桥和交换机的异同。首先要知道网桥和交换机都是工
作在二层的因此都
是基于
MAC
地址进行转发的。因此就工作基层来说,我们可以
说
交换机是多端口的网桥,因为交换机的端口比网桥多。
69.
Answer:
A
解释一下:当到达同一个目的地有多种路径选择的时候,先
在各自路径通过比较
metric
来选出各种路径的最优的,然
后通过比较
AD
值
< br>来选出各种路径中的最优的
来。例如,到网段我收到了
E
IGRP
的传过来的,也收到
OSPF
传过来的,这时我们先
通过
metric
值,选出
successor
来,然后再通过比较
EIGRP
和
OSPF
的
AD
来选出最优的
路径。在
AD
值中直连的
AD
值为
0
,
metric
0
。当然是这个路由是最可靠最优的了。
three
Layer
2
encapsulation
types
would
be
used
on
a
WAN
rather
than
a
LAN?
(Choose three.)
A. HDLC
B. Ethernet
C.
Token Ring
D. PPP
E. FDDI
F. Frame Relay
Answer: ADF
解释一下:
连接到
WAN
,有三种连接方式:专线连接,电路交换和包交换
。
专线使用同步串行线,他的二层的封装协议常用的有:
HDLC
,
PPP
;
电路交换使用同步串行线,他使用的二层的封装协议有:<
/p>
HDLC
,
PPP
包交换使用的是虚电路(
VC
)<
/p>
,而
VC
又分为
PVC
(永久虚电路)和
SVC
(交换
虚电路)
,
他使用的二层的封装协议有:
,
Frame-relay
,
AT
M
。
can be
determined from the router output shown in the
graphic?
B. The output shows
that there are three default routes.
C. The output came from router R2.
D. The output came from a
router that has four physical interfaces.
E. EIGRP is in use in this
network.
Answer:
E
解释一下:简单点就是,因为在路由标记上有一个
D
,表示这条路由是从
EIGRP
学到
的,所以肯定是有
EIGRP
< br>运行在网络中的。
接下来我们来仔细看每一条的输出
:
从是直连
lo0
口的,可以推断出这个
信息是
R1
上的信息。
:表示这是一条汇总的
EIGRP
的路由。
S* 0.0.0.0/0
is directly connected, serial1
:表示这是一条缺省
的路由,出
接口为
serial
。
这样应该就很明白了。
will a switch never learn a broadcast
address?
A. Broadcasts only
use network layer addressing.
B. A broadcast frame is never forwarded
by a switch.
C. A broadcast
address will never be the source address of a
frame.
D. Broadcast
addresses use an incorrect format for the
switching table.
E.
Broadcast frames are never sent to switches.
Answer: C
解释一下:首先我们了解了交换机是通过源
MAC
地
址学习的,他将收到的帧的源
MAC
地址和这个收到的这个接口
进行绑定,形成一个条目放入
MAC
地址表中。而我们的
广播地址是永远不可能成为源
MAC
地址的,
所以交换机当然不能学习广播的
MAC
地址
了。
74.
Refer to
the
graphic.
Host
A has established a
connection
with the HTTP
server attached to interface E0 of the
xyz router. Which of the following
statements describe the information
contained in protocol data units sent
from host A to this server? (Choose
three.)
A. The destination
port number in a segment header will have a value
of 80.
B. The destination
port
number
in
a
segment header
will
have
a
unique
value
greater than or equal
to 1023.
C. The destination
address of a frame will be the MAC address of the
HTTP
server interface.
D. The destination address of a frame
will be the MAC address of the E0
interface of the abc router.
E. The destination IP
address of a packet will be the IP address of the
E0
interface of the abc router.
F.
The
destination
IP
address
of
a
packet
will
be
the
IP
address
of
the
network
interface of the HTTP server.
Answer: ADF
解释一下:
host A
想要连接
http
的
server,
首先我们知道
HTTP
的端口号为知名的端
口
80
,
IP
地址当然是
http
server
连接到
Router XYZ
的
e0
口的
IP
< br>地址了。由于路由
器上默认情况下代理
ARP
是开启的,所以一有
ARP
查询
< br>MAC
地址的,路由器一看这个
路由我知道该怎么到达,
他就会用自己的
MAC
地址作为
ARP
的应答发送回去,所以
Host A
发
送的数据包的目的
MAC
地址为
Rou
ter XYZ
的
E0
口的
MAC
地址。
are
two reasons a network administrator would use CDP?
(Choose two.)
A. to verify
the type of cable interconnecting two devices
B. to determine the status
of network services on a remote device
C. to obtain VLAN information from
directly connected switches
D. to verify Layer 2 connectivity
between two devices when Layer 3 fails
E. to obtain the IP address of a
connected device in order to telnet to the
device
F.
to
determine
the
status
of
the
routing
protocols
between
directly
connected routers
Answer: DE
解释一下:<
/p>
CDP
是一个二层的协议,因此可以检测二层的连通性,而且还可
以检测
到三层的
IP
地址。因此如果我
们的链路出现了故障,我们可以通过
CDP
来检测是否
是二层出现了故障。同时也可以查看到邻居设备的
IP
< br>地址,来实现
telnet
的应用。
is the purpose of the command shown
below?
vtp password Fl0r1da
A. It is used to validate
the sources of VTP advertisements sent between
-
-
-
-
-
-
-
-
-
上一篇:开业大吉贺词四字成语
下一篇:标准化军营工程设施