' [3 ^* z$ }4 y) {1 P1 f3 m3 U6 [% ?* Y3 ~- T
考生回忆的新题,题目不完整 ,仅供参考
/ f. A6 B% y3 G5 G$ H: S1. SECTION EVN
% p6 n+ Q! u! n& ~2 y! v; e1.1 Question: Question about Easy Virtual Network. Choose 3
7 |3 f! |; M( K0 L0 P& PA) Simplify Layer 3 network Virtualization
0 [2 R; X( c+ {- JB) Improve support for shared services
W7 t; I6 f8 r9 H3 Q1 WC) Enhance management and troubleshooting% L4 l+ v6 V4 m% o+ a7 Q' U) Z
D) and other options9 v* Q3 r( n. l9 o. m6 X; N
=======================================================================
8 g3 j4 O& M9 J# Q2. SECTION VPN / GRE t% j6 P$ z. p9 Q! b( N* L; f, F3 ]
2.1 Question: MVPN: before testing IPsec what would you test?
5 U7 T& a7 o" A* b4 v& CA) NHRP
; }0 Q; p4 r; _B) mGRE tunnels0 H' b- S3 r2 X4 Z" u0 {6 u
Answer: The correct answer should be mGRE tunnels I guess unless you3 C o7 v) }" h; q; t# N
mean enabling the NHRP protocol? 2.2 Question: One from GRE with IPSec. Two routers cannot communicate9 r- K8 w6 Q j1 p0 V$ `5 ~! z/ a% ^: @
via tunnel, what would you troubleshoot 1st?.
% V+ g$ Q( E! d9 zA) Tunnel connectivity.# {/ E3 G4 T2 S9 C0 C
B) Irrelevant. ~' c) \9 E( x6 W7 Y4 s
C) Irrelevant2 P: V& E8 d( N! o* ^$ T
D) The NHRP.: K; v; _7 w5 p' u4 c" U% _* \
Answer: A 2.3. Question: A gre question with a diagram. Identify the possible0 F% h! O& Q: m5 B* Q
problems according to reported ACLs… 2.4. Question: GRE (one of the questions with IPSE C) 2.5. Question: GRE. The picture showed EIGRP, in the text it was
5 k7 t3 B/ ]) I1 J jOSPF (surely a bug). 3 routers one after another, GRE tunnel! e: V6 g; o8 E0 {1 T
between the edge ones. The question was, why GRE is not working.
3 t9 G* z' F- r1 g @But I don’t remember the answers. 2.6. Question: DMVPN: before testing IPsec what would you test?% i& M! p: x7 w" B
A) NHRP* b1 k6 x* m" |* `
B) GRE tunnel
7 |$ {+ B: Z& g5 M- |C) and other options3 n9 N' Q! N. {5 ]
Answer: NHRP 2.7. Question: GRE Tunnel can’t form over WAN between to sites, why?7 W, p6 Y' B* F W# T
A) Firewall/Router ACL blocks TCP Port 57: S6 H! H2 [; @3 ~
B) Firewall/Router ACL blocks IP Protocol 57
9 ^& ~, s' v0 y; L8 i' nC) Firewall/Router ACL blocks UDP Port 47" x% j/ Y- A9 C5 ^9 ?) \
D) Firewall/Router ACL blocks IP Protocol 47
4 f& P9 O6 [( m3 `+ PAnswer: D) IP protocol 47 is the correct one. IP Protocol Number 47
+ W, _: m5 {6 H" }is used for GRE (protocol number is different than tcp/udp ports) 2.8. Question: Refer to the exhibit. A new TAC engineer came to you2 ^- H: n5 S) V+ a1 \
for advice. A GRE over IPsec tunnel was configured, but the
2 r# |) v- [2 p& A/ Ptunnel is not coming up. What did the TAC engineer configure& I! K# ~$ [6 N. d+ y
incorrectly?' B: I1 ~* i& l1 e7 o, _
A) The crypto map is not configured correctly.* d. ]7 s5 r1 U" V- L6 \7 d9 {* J3 m$ p
B) The crypto ACL is not configured correctly. H) I3 a; `# v! b2 z
C) The crypto map is not applied to the correct interface./ e3 H! b/ g- D. C6 G. j0 \
D) The OSPF network is not configured correctly.
M" U$ Q: n0 ?6 ^! uAnswer: B* i+ \8 _* T* Y I$ O
The access-list must also support GRE traffic with the
( v8 j1 p: [& y“access-list 102 permit gre host 192.168.1.1 host 192.168.2.1″) ?1 T* ?% w* X ~" F/ ~: T" ~% Q' k0 i$ j
command -> B is correct.: O8 W. |- R9 F K# T
Below is the correct configuration for GRE over IPsec on router
) D: }* t. h( sB1 along with descriptions. Configure_GRE_tunnel_over_IPsec.jpg 2.9. Question Refer to the exhibit. A new TAC engineer came to you y' Q6 K' y) q! D
for advice. A GRE over IPsec tunnel was configured, but the! ]/ f; S' ~/ d# H z, j. C
tunnel is not coming up. What did the TAC engineer configure1 Y ?+ y, d7 j# f
incorrectly?
x3 z) F0 ]$ DA) The crypto isakmp configuration is not correct.
9 I; e5 }& D* g3 `3 c9 y# R0 _6 pB) The crypto map configuration is not correct.8 [& I+ z4 J, Y9 e1 F% m! ]! m7 C
C) The interface tunnel configuration is not correct.- J9 N' H7 [6 J! ^
D) The network configuration is not correct; network 172.16.1.07 W. v7 |+ {5 @! |
is missing 2.10. Question: DMVPN: before testing IPsec what would you test?1 O: M9 o7 Q2 j& D' W$ U
A) NHRP
4 R$ y! J( s% ^, \+ W- IB) mGRE tunnels " ]; G1 h z& T4 D; n( D; J/ p
[hide] 2 P3 f' \) ~/ K0 ]3 k
2.11. Question: Two routers cannot communicate via tunnel, what1 Z" M& d+ ?8 v) l1 D( ?6 O2 R
would you troubleshoot 1st?.1 D5 w( W( K+ y; ~# o6 A
A) Tunnel connectivity.
2 H9 X; \- J: \B) Irrelevant& b9 W H2 L) I
C) Irrelevant _3 N# [6 r. S' b+ o
D) The NHRP.
4 f8 o5 f& a0 A3 X=======================================================================
, ~! W0 h5 R8 y3 h0 V3. SECTION VRF- VRF lite
( j5 V8 ^" n. P" w. c: z0 e3.1. Question: 2 routers are connected and use the VRF, later on the k w+ O$ Y1 b, `
new Lo address is added to one router but is not able to see the
; ~# P- a2 }# c3 F' j0 Xrest of interfaces, what should the fix the issue (or something
) g8 Q( I6 t, P5 H$ H& vlike that) (2 answers)0 s1 O N9 A) _- W ]
A) add static route to vrf/ {5 c8 d+ M6 [' h* i
B) add Lo into the VRF0 i' a1 K2 [" Q! g u; T
C) add dynamic routing
& b0 @8 S9 t+ QD) and other options
# o4 n/ k- o' k: I6 D% Q- Q4 a=======================================================================
8 ]: L% R+ l2 x! ]9 \1 W4. SECTION SNMP
: u w1 F2 E- k" w8 b- a! b4.1. Question: If a user using AuthNoPriv who the data will be Authorised
c9 i j+ a# Y* u& W( w& [A) User will be authorized and Encryption
o# d" l9 x3 `) z% L! x: R5 U# _% HB) User will be authorized and Encryption
- t( z; t, n4 Q$ z! EC) User will not be authorized and Data will not be Encryption! o0 ]' t3 i- G+ [! z X0 c- ?% z
D) User will be authorized and data will not be Encrypted/ w* o8 \% i- ^3 x
Answer:
5 C) i% ?# U9 ~noAuthNoPriv – username used for authentication
6 d/ w6 E, [- o" j4 IAuthNoPriv – authentication provided by hash values (HMAC with md5/sha1)) b( K. \" N' x) b) t
AuthPriv – authentication provided by hash values, encryption provided by
* f1 H2 M& p3 V" s$ m3 t" aDES/3DES/AES
& }& N& `8 I) d7 B6 t T/ whttps://www.webnms.com/simulator/help/sim_network/netsim_conf_snmpv3.html#security_levels
% V/ ], v# k* E0 u; [=======================================================================
/ x3 z- ^3 ]0 M- W4 {/ H+ Y5. SECTION BGP 5.1. Question: BGP ASN 64xxx. Which answer is correct?
/ r" [4 A4 R! v6 c) K* GA) Private AS 2-byte
! v: b0 `. n+ }4 nB) Private AS 4-byte
/ ~: E) r; K. V& h: cC) Public AS 2-byte; \' W1 q# N( V. X4 ?5 `; l
D) Private AS 4-byte0 M% k3 v6 k' j1 `1 e# u! j1 Z
Answer: 64549 is private, I can’t remember the exact ASN.& q2 W0 D o5 n: s' D
But private as number’s are 64,512 to 65,534. It’s a 2-Byte address.
: |0 S) q; v N$ L7 N5 i X9 h" v# N=======================================================================0 y6 ] C& A1 C. V: w) ~" Q
6. SECTION NTP 6.1. Question: NTP: in command “ntp master 10〃what is 10: F4 k5 c0 B- m& J- N
A) Stratum$ B4 \8 H- m, i' {, m* Z& G
B) and other options–0 E2 Y o6 N- I( {6 d6 F
Answer: stratum1 b4 o7 B; U4 W: N9 Q$ _
I chose it’s a stratum, not amount of NTP clients not seconds# a0 \4 y8 x, ~2 ~) `
ntp master [stratum]
, F2 b9 g( j! `0 lno ntp [master]
; Y8 J# g) z0 r8 {8 K=======================================================================; a7 ?: Y. T8 J# T
7. SECTION IP SLA /NETFLOW: B& n# s; N6 y7 K# Z
7.1. Question: IP SL A) There was a screenshot with config and
8 q8 f: s& @! g- g4 S% ha question like what is true. ip sla 99
: G7 _2 D9 A) m% Q6 k0 N' u+ j5 Budp-jitter 172.29.139.134 dest-port 5000 num-packets 20
/ H1 U2 X$ Z A$ F1 V; g+ jip sla schedule 99 life 300 start-time after 00:05:00
6 h4 M# @: x }0 L; c& FA) Start time after 5 hours ??? N% j) v/ B9 o& r3 C' s- J, y' \* X
B) Send 20 packets with des-port 5000
6 s3 d; j; h( y9 _2 m% pC) Start time 12:05:00 AM I answered wrong: that judging by the command “ip sla… after 00:05:00〃
% K& Q9 Z) y" D1 XSLA will start at 5 a.m. But “after” means “in 5 hours’, as I now know.+ m. W: @. ]/ P+ T9 n
And again, I don’t remember other variants of answers.
1 ~$ S; ?3 s& H4 V1 q. z5 wAnswer:, x) Q4 b5 b! h* ]& N
In the following example, operation 99 is configured as a UDP jitter9 V8 @6 w4 s4 j8 z" B2 l2 ^
operation in an IPv4 network and scheduled to start running in 5 hours./ c) [6 ^2 u6 G! a; k
The example shows the ip sla command being used in an IPv4 network. 7.2. Question: Netflow 7.3. Question: Another was about sl A) during testing a state, if you get
7 j" j3 r. j1 y9 Z6 M6 _OK and over the threshold msgs, 7.4. Question: what IP sla is monitoring or something like that (3 answers)! _+ A8 u7 y! S2 I$ O, n
A) jitter8 ]# D/ V9 b4 H9 h# Q. m' S
B) delay
4 U: {9 r. R: JC) packet loss) w+ F) j/ j5 k& R
D) and other options then state is ok/not ok, or if you get only OK msg then state is OK2 W8 J* q) _5 H! Q8 e& D
like Example:
& q$ C/ y& O: E: F! ]If you configure Timeout > Threshold, you can see the RTT and if the+ Z7 n2 G' X' \# R! r. a* R
RTT exceed Threshold, it is a failure. If you configure Threshold > Timeout,
/ {: T' h! {+ F" |' Iif the RTT exceed timeout but less than Threshold, it won’t show the RTT
( k! ?; ?( r ^ C$ C' b( S5 vbut it is still a failure. So failure is RTT exceed either Timeout or Threshold. ip sla monitor 1
! h" [7 z5 r& `; m& wtype echo protocol ipIcmpEcho 115.0.0.12 r4 m* C7 ~. \! V9 a$ n* |( Z
timeout 500' C e9 D, V r1 y" g4 y- B
threshold 20" H$ C5 S' K& o9 Z+ j5 v
frequency 10
0 i$ F' o6 E3 P5 _" y" v) P4 |6 DRack1R6#show ip sla monitor statistics
9 S4 E: l; F* I) C/ j0 ^; \Round trip time (RTT) Index 1
; B8 t8 \9 |0 F) }; wLatest RTT: 36 ms, T2 a% @6 n8 i. H: h8 f: G
Latest operation start time: *04:12:47.001 UTC Mon Mar 4 2002
: [: C% ?+ N# D6 J0 T7 {4 f; OLatest operation return code: Over threshold6 G, e: s. ?" p- S( m
Number of successes: 0
5 v# U) K( m( f2 g# dNumber of failures: 6+ g+ j$ @/ Z, P8 z' m
Operation time to live: Forever 7.5. Question: Question on ip sla track, different conditions that include
/ [1 s" A1 R3 k5 p, a8 \Return Code and Over threshold 7.6. Question: Difference between Tracking Reachability and State Reachability:
: p2 n7 @6 ?0 }- c+ rTrack-Object is UP if IP SLA Code is OK or Over-Threshold of IP SLA+ r! _8 ?) ?: A
Track-Object is DOWN if IP SLA code is DOWN or over Timeout
8 J$ m% x9 h: n. b6 vState:3 b2 ^5 j' H& s @
Track-Object is UP if IP SLA Code is OK, so IP SLA test is NOT over
: d) y1 |7 j+ {8 U% o0 e, Q/ Hthreshold or timeout)0 Z) o4 j+ M. V
Track-Object is DOWN in any other case' A( }- S; }2 K8 q9 ~& o
======================================================================= 9. SECTION QOS 9.1. Question: QoS related question: voice and video on the same
" V" u8 n1 C0 }' Z9 i- Lqueue with an interface with 768kbps…different options but sorry) M. h9 q9 A' Z
I do not remember all of them
' _- @4 W+ m1 \3 m/ X- `============================================================%3 | 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2015-7-17 13:45:55
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2015-7-17 14:03:50
还好刚看完差点就去准备考试了
我中招了~在想要換科考還是要等考古題! 飛掉250~
