周军CCIE#11669：为华尔思CCIE学员点赞,奔跑在IE路上的孩子们，我们不孤单

小郭先森

666

小郭先森

666

whuang2003

先看下

yasser_y

Question 01 –
Witch access list entry checks for an ACK within a packet header?
A access-list 49 permit ip any any eq 21 tcp-ack
B access-list 49 permit tcp any any eq 21 tcp-ack( Y+ F! x. L& l" |. |- d
C access-list 149 permit tcp any any eq 21 established
D access-list 49 permit tcp any any eq 21 established
Answer: C) v! |& u& ?# D6 ~4 d) S; T
=================================================================================/ Q1 ]+ J9 P/ S
Question 02:
Which option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?3 n& b4 N% ]; r
A performing packet captures5 k. ?8 n) L, O/ k" `/ P4 F9 S
B disabling asr-group commands on interfaces that are likely to receive asymetric traffic: O7 f& I. y  R
C replacing them with redundant routers and allowing load balancing; C& }+ M$ F. Y
D disabling stateful TCP checks/ u) e# q6 p% J/ C( Z8 @) a$ i
Answer: D& Q0 M" }+ d% A
=================================================================================
Question 03:
A network engineer executes the show ip cache flow command. Witch two types of information are displayed in the report that is generated? Choose two:
A top talkers) A; A) q( t: Y) T  A! v3 R
B flow export statistics$ f1 m6 S; l# S) S9 l
C flow sample for specific protocols0 h& N: E, h6 k! b" p7 c
D MLS flow traffic
E IP packet distribution+ f% i: r3 d% Z2 ?1 S) O: |" S! X
Answer: C & E
=================================================================================
Question 04:2 _4 w6 b. w7 d; C" H) L8 z1 `
Which DHCP option provides a TFTP server that Cisco phones can use to download a configuration?% ?! m4 `, @8 ?3 c0 }' A& a6 n  @3 t
A DHCP Option 66
B DHCP Option 68/ N5 _9 D; ]9 I
C DHCP Option 82
D DHCP Option 57
As: A& A0 T9 ?5 l6 F% x3 A# `" v
=================================================================================0 J, s( g$ p5 U- n/ O1 g' t3 K
Question 05 K# _9 G( U+ s2 E
Drag and Drop
Authentication (two sentences) >>>
– supports a local database for device access/ D. X4 X5 g  u4 @
– supports encryption/ z! k1 M# C% e/ h9 b
Accounting (two sentences) >>>
-not supported with local AAA
-verifies network usage
Authorization (two sentences) >>>
– specifies a user’s specific access privileges
– enforces time periods during which a user can access the device8 D& E, n: r* {+ a' _0 d
=================================================================================
Question 06:
-drag and drop
CHAP (two sentences) >>>2 G$ {4 r5 J+ N+ W
– Generates a unique string for each transaction
– supports mid-session re-authentication! ~1 f. p. x, q3 d9 S
PAP (two sentences) >>>
– provides minimal security
– requires a username and password only
=================================================================================  `% G) {5 h0 @
Question 07:
there is a choice on flow…..a customer what …..i dontremind well! E! M5 r8 R8 D
A.PMTUD; p9 L) ]- _( H
B.MTU; `$ _. H( c. \1 F. [
C IP MTU7 X0 f& h1 m9 T3 ^* p3 K; m
=================================================================================
Question 08
Radius >>>
uses udp port 1812 (for authentication / authorization). It encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted.: n4 |6 E, x8 y1 t2 f( N
It combines authorization and accounting functions.3 C+ o8 Y; {$ b! g; O  r4 \
Tacacs+ >>>/ F0 f5 L4 R# U
users tcp port 49 and encrypts the entire packet.& ?- b3 _7 l3 \( K( N
It separates authorization and accounting functions.. @4 n" o/ r1 `& [! {
=================================================================================) n: L3 V, f$ D7 B
Question 09:
you have to “link” this 4 sentences:4 t% W! }2 L. Q) C$ k) k' a  ~$ K5 A
Ans:. O) T; U* L# z' }
network-specific stateful NAT64 prefix: IPV6 prefix assigned by an orginzation' m2 H( r. U  s# S
NAT64 : supports application layer gateway
NPTv6 : translates 2001:1::/64 to 2001:2::/64, ~3 x) j0 n1 f" z7 v, X
well-known stateful NAT64 prefix: supports IPV6 prefix 64:ff9b::/96# w! S% f* ?! w$ h0 A) M9 p) V
=================================================================================
Question 10:- E0 T) v8 C9 K# C5 I* T  X
Command in uRPF loose mode
a. ip verify unicast source reachable-via any# V/ F3 y$ G  Y( Z; l
Ans: A
=================================================================================5 l( H' o9 U3 D1 o
Question:11
Two GRE scenarios for preventing
A) TCP MSS& q4 U: q3 q8 [6 h! Y+ D* b
B) DF Bit
Ans: A & B
=================================================================================: C8 d9 p/ w! R9 O9 _
Question 12:+ t7 ~) ~6 J" I4 n  x+ _) F9 n7 t
Which feature enables security in vty lines.”
a. exec-time out
b. logging: F; F5 l: X- e
c. username and password# B, f, G: Z- N7 m. \% P% l+ A, }
d. transport out3 j4 |( G. D5 f$ d% r
Answer C
=================================================================================
Question 13:. X1 [: N; S( x2 D# i4 `8 e' \9 p' K% G
Which feature enables security in vty lines.”
a. exec-time out( n4 F0 [4 G0 x
b. logging5 s8 ~- x. A, z# R. o2 ^
c. username and password
d. transport out" i0 o, ?$ F! v
Answer: C/ M8 I  r) J' X$ O$ W) m
=================================================================================
Question 14:
Given ((diagram with R1 SLA config)) with configuration written on Picture as
“R(Config)#ip sla 1' W  o0 F3 l0 X% d) {8 W
R1(Config-ip-sla)#icmp-echo 172.20.20.2 source-interface f1/03 [; l3 W. ?+ v+ Z6 l& b
R1(Config-ip-sla)#frequency 10  B% f# s# x9 k) n# Y* P
R1(Config-ip-sla)#threshold 100
R1(Config)#ip sla schedule 1 start-time now life forever
R1(Config)#track 10 ip sla ???-/ V% z6 G' C5 w' k7 t: F
R1(Config)#ip route 0.0.0.0.0 0.0.0.0 172.20.20.2
what make default route not removed when SLA state down or failed9 n2 J" C+ J8 d0 n, f
a. the destination must be 172.30.30.2 for icmp-echo- L( c1 B- }% y* V! L
b.the threshold value is wrong
c.
d. missing of track feature on default static route command2 E0 U1 }( i+ I/ }- M9 ?
Answer : D* B- c( |+ Q1 g/ V  s" n+ V3 [! w

本帖隐藏的内容

=================================================================================
Question 15:. O* W! z; T% R' ?0 A/ _6 v+ ~$ P  |
Which access list used to filter upper layer protocol?
a. extended acl3 v, ]; p  Y+ ]2 \) Q8 {$ {
Answer: A% \* y6 A0 C9 |- E$ R
=================================================================================1 m+ \5 G& w7 c5 g; ?  y
Question 16:
ALWAYS block the outbound web traffic on Saturdays and Sunday between 1:00 to 23:59
a. periodic Saturday Sunday 01:00 to 23:59 and IN
b. periodic Saturday Sunday 01:00 to 23:59 and OUT& Q; L/ U! J$ w: S; Z3 K
c. periodic Saturday Sunday 01:00 to 11:59 and IN) u: d7 w% Q9 n
d. Absolute Saturday Sunday 01:00 to 11:59 and IN7 r. ]# R7 Q4 K0 b6 Q1 I7 l6 m
Answer: B
=================================================================================
Question 17:& n% b; K! v# L1 n; A3 l* S$ V
What command is needed to get the ip address assigned from the PPPOE server?
a. Interface dialer/ D( m, U1 T! u8 P$ U% a! ~
b. pppoe enable
c. ip address negotiated6 S9 x7 ]  j  ^, k
d. ip address auto negotiated1 C( m( U2 ?! s+ @+ g
Answer: C
=================================================================================
Question 18:; A7 |  A! C$ M% o1 m2 \
Refer to the following configuration command.& Y6 Q8 ~  E1 A3 Z5 x9 V
router(config)# ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80 Which statement about the command is true?) l" [7 Y$ ?; r; b( T" i
A. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:80 is translated to 172.16.10.8:8080.) g* \& P' ^0 H6 R5 d. F
B. Any packet that is received in the inside interface with a source IP port address of 172.16.10.8:8080 is translated to 172.16.10.8:80.1 g0 f- \! X& G, h2 d
C. The router accepts only a TCP connection from port 8080 and port 80 on IP address 172.16.10.8./ F9 c& x% S/ }$ a) J6 p# u
D. Any packet that is received in the inside interface with a source IP address of 172.16.10.8 is redirected to port 8080 or port 80.$ i4 [5 r  w' I1 l3 V9 I: L7 y# l9 M
( Answer : B )
=================================================================================
Questions 19 :, s- D& e8 b6 n+ f# Z
Two GRE sccenarios for preventing(Choose two), ]% Q9 E/ [/ ]4 E* e" }8 |: ]
A. TCP MSS
B. DF Bit
Answer: A,B
=================================================================================% @3 c: [2 f& y1 t. Q+ W4 X7 H
Questions 20 :
A network engineer enables OSPF on a Frame Relay WAN connection to various remote stes, but no OSPF adjacencies come up Which two actions are possible solutions for this issue? (Choose Two)9 T6 }8 h" k% l. u" D
A Change the network type to point-to-murpont under WAN interface
B. Enable virtual Inks: t* e% l; k8 p0 i4 n- E1 @$ I
C Change the network type to nonbroadcast mutpoint access
D Configure the neighbor command under OSPF process for each remote ste
E Ensure that the OSPF process number matches among all remote stes! p9 r! o0 j5 N& \7 E9 j. N
Answer: A, D- }" m! D+ L. V* H& i* f
=================================================================================( l2 Z' S1 M; _( [+ p- A/ z* q9 w
Question 21 :# X" [6 `; Z/ v& z3 R/ K
What’s uRPF checking first when the packet enters the interface? or when unicast reverse patch forwarding is configured on interinterface.
A- it check the ingress access list7 G) w% ]! G/ E' O9 j$ U
B- it check the egress access list7 d1 i# N' V8 t$ h% K6 L1 `
C- Route available in FIB ot it verifies a reverse patch via the fib to the source* @& V; ^( t- u" C( r
D- it verify that the source has a3 U; b  j0 `  {1 L# k( ?, a, q$ z
Answer : A

Simet_Zheng

路过看看

13597224625

学习下。。。

红魔玉儿

红魔玉儿

ym520

赞一个6666

ym520

赞一个6666

ayakaforever

感谢楼主分享！

古华

共享

古华

共享谢谢

ciscostudy

]['P;OLUJYHGTRFEDS

hooxp

啊啊啊啊