5 c$ _ E+ P- S% B: H: s. s: i
$ k8 W5 w; F% {$ L考生回忆的新题,题目不完整 ,仅供参考2 `2 a' s# \3 R1 Y4 J' R! }2 v
1. SECTION EVN
! U4 T: r( r+ A1.1 Question: Question about Easy Virtual Network. Choose 35 W! }6 |8 {9 z6 H5 T7 t9 d( X0 J+ K
A) Simplify Layer 3 network Virtualization
2 ] k9 |" Y4 B& Y( x/ N$ rB) Improve support for shared services
' J) A, v S; N2 l- d, N ^+ gC) Enhance management and troubleshooting
% I3 s2 A0 g; J2 r7 r/ N2 xD) and other options
! Z4 D" H# n. U+ ]" j) {7 x=======================================================================; G3 Y. D9 N& A! ?- n
2. SECTION VPN / GRE) L8 {7 h$ g+ T j% P6 p0 `2 i
2.1 Question: MVPN: before testing IPsec what would you test?
$ ?! C: t4 {) zA) NHRP+ u4 w, [( [' p* b! T5 ?! {" P+ u
B) mGRE tunnels
. _5 W! v: B! \: ~, Y0 }Answer: The correct answer should be mGRE tunnels I guess unless you m+ ?4 h- h" i- Y7 E& a/ H
mean enabling the NHRP protocol? 2.2 Question: One from GRE with IPSec. Two routers cannot communicate* b1 v/ g3 H, q0 {1 `, z
via tunnel, what would you troubleshoot 1st?.6 q4 [* M4 f8 p& @6 F1 Q, Q/ D1 f& s
A) Tunnel connectivity.
# e, t6 l2 Z9 P+ `) y7 W) Z5 @B) Irrelevant8 R$ O+ c+ U( V& O! \ X+ w
C) Irrelevant4 |1 c& `' I& i% p+ u# F, ^
D) The NHRP.4 N: K: |* e8 y
Answer: A 2.3. Question: A gre question with a diagram. Identify the possible
C9 S; Q" d: f* Vproblems according to reported ACLs… 2.4. Question: GRE (one of the questions with IPSE C) 2.5. Question: GRE. The picture showed EIGRP, in the text it was3 F4 i8 E1 c. x+ `- a$ Q" B
OSPF (surely a bug). 3 routers one after another, GRE tunnel% ]# X/ i/ X# j
between the edge ones. The question was, why GRE is not working.4 N5 f2 }% X |, {( s; E" G! ^ _
But I don’t remember the answers. 2.6. Question: DMVPN: before testing IPsec what would you test?- n c( m- X3 V
A) NHRP: u" q, f: R, L& D
B) GRE tunnel
/ q) I" A; n c$ H0 s* ^C) and other options9 b' V- k2 P1 V, L4 O, a5 n
Answer: NHRP 2.7. Question: GRE Tunnel can’t form over WAN between to sites, why?
+ }. f% B Z* A& t% \A) Firewall/Router ACL blocks TCP Port 57
( d# C) ~3 S& i( e2 dB) Firewall/Router ACL blocks IP Protocol 572 G! d0 Q7 r7 T5 Z
C) Firewall/Router ACL blocks UDP Port 470 t6 F( N; h$ [$ M* O% q) W! x; e
D) Firewall/Router ACL blocks IP Protocol 47; H! K( G( v0 u- V: {- y
Answer: D) IP protocol 47 is the correct one. IP Protocol Number 47, J. F0 b9 R* G5 U% }
is used for GRE (protocol number is different than tcp/udp ports) 2.8. Question: Refer to the exhibit. A new TAC engineer came to you
' @1 `( ^$ L0 T0 tfor advice. A GRE over IPsec tunnel was configured, but the
. W3 l: t) F9 |8 `: Mtunnel is not coming up. What did the TAC engineer configure) T3 w+ I8 L( v0 f! U: M5 l
incorrectly?
# t1 P8 v* y5 o0 z4 y. kA) The crypto map is not configured correctly.. r/ l/ C: y! X* x' U4 E
B) The crypto ACL is not configured correctly.
F7 Y. U7 F X$ `8 JC) The crypto map is not applied to the correct interface.8 q$ T/ r c/ l5 M$ j
D) The OSPF network is not configured correctly.6 t- i. p( M, o7 [: V" E8 p
Answer: B
$ S7 y9 B. \, w3 b# ^: G8 |+ y5 `The access-list must also support GRE traffic with the
( O" b! G! \ j+ p) n" c“access-list 102 permit gre host 192.168.1.1 host 192.168.2.1″# e( l9 k% l3 N; \
command -> B is correct.* k) ]3 z+ x2 T! c% m- X# L
Below is the correct configuration for GRE over IPsec on router
0 ?( H$ O% K+ L }B1 along with descriptions. Configure_GRE_tunnel_over_IPsec.jpg 2.9. Question Refer to the exhibit. A new TAC engineer came to you
2 z: V/ J: u1 O6 p( X( ifor advice. A GRE over IPsec tunnel was configured, but the
# u% S: q6 v8 d1 xtunnel is not coming up. What did the TAC engineer configure
0 G* ^% j* G; j- Z5 J/ l1 Iincorrectly?
, {+ W' e0 G; B$ x1 dA) The crypto isakmp configuration is not correct.3 s$ l1 D( \9 `+ F3 z7 T
B) The crypto map configuration is not correct.
' G0 o( e% B0 M- OC) The interface tunnel configuration is not correct. ~2 j8 T9 c" b$ ?- T8 O% R
D) The network configuration is not correct; network 172.16.1.0
8 ]; I. `7 i1 |7 ris missing 2.10. Question: DMVPN: before testing IPsec what would you test?
& t; \$ b: X+ A0 hA) NHRP
2 X, B7 E5 g4 ~8 i! iB) mGRE tunnels " |! M3 N! T* v- H) C0 V' y' S7 y
[hide] 1 I9 r- _( J# h. w. E! j# F
2.11. Question: Two routers cannot communicate via tunnel, what
- O7 {; d1 m& j, ]would you troubleshoot 1st?.* i1 w' L: x B# V
A) Tunnel connectivity.
; H9 d8 t7 w: LB) Irrelevant
2 G; K# s4 s8 q/ q4 V: `C) Irrelevant _; O$ G7 l& P4 t
D) The NHRP.6 c7 _8 r7 w4 D# H' W: X
=======================================================================
1 M! v, a, d: O, o: B3. SECTION VRF- VRF lite
0 `' V/ |( {( }6 a3.1. Question: 2 routers are connected and use the VRF, later on the
: e9 b8 H1 z, z; o j; qnew Lo address is added to one router but is not able to see the
' i" [: a* J3 d2 ~0 R+ Prest of interfaces, what should the fix the issue (or something, I: N! O" z7 h+ f
like that) (2 answers)! p* _4 f6 S" F# b
A) add static route to vrf
& _: b x* z7 D) V8 K* U7 t- GB) add Lo into the VRF) ^* g9 w2 g2 D2 O, J8 _. E
C) add dynamic routing2 u* q& q: D# A( k1 g
D) and other options/ |+ ]; h" o' W
=======================================================================$ f3 d5 u8 n: U" C
4. SECTION SNMP: V7 A6 c0 m# w7 |
4.1. Question: If a user using AuthNoPriv who the data will be Authorised8 B+ B! `* a8 C( ^3 C. \
A) User will be authorized and Encryption4 r O* h; q/ a* S
B) User will be authorized and Encryption
- Q c' M3 X' M DC) User will not be authorized and Data will not be Encryption
. o3 E, Z8 m H& _$ L2 ]6 P5 PD) User will be authorized and data will not be Encrypted
7 J+ K5 V, ~5 k- DAnswer:
$ L: o- E9 P) [noAuthNoPriv – username used for authentication, |! N: o% w: W( v" V
AuthNoPriv – authentication provided by hash values (HMAC with md5/sha1)* z! k2 U1 l; Z# w0 e( _
AuthPriv – authentication provided by hash values, encryption provided by$ Y3 I0 K- Q/ d
DES/3DES/AES
6 o$ G# I$ R* [9 shttps://www.webnms.com/simulator/help/sim_network/netsim_conf_snmpv3.html#security_levels
/ ~- M7 C3 U- ]& k" u=======================================================================
8 _* a x0 m' [0 h( Z- k2 G5. SECTION BGP 5.1. Question: BGP ASN 64xxx. Which answer is correct?
! H8 e' D3 \. U0 v( _* LA) Private AS 2-byte9 A6 l3 C) [9 e7 `0 x* r' b
B) Private AS 4-byte
! k) w# y2 {. Z% y/ rC) Public AS 2-byte9 z _/ z8 j+ |5 b( q* }
D) Private AS 4-byte6 z0 \ Q4 u" Q- K" { _' I7 h1 ^
Answer: 64549 is private, I can’t remember the exact ASN.
4 ~# z7 R# g6 |3 ~: R( @4 D7 aBut private as number’s are 64,512 to 65,534. It’s a 2-Byte address./ a0 X( G& s+ H7 Q" ]* _; ?
=======================================================================3 c+ B& H2 c6 b2 A3 w) V7 ]
6. SECTION NTP 6.1. Question: NTP: in command “ntp master 10〃what is 10( \7 ?( z# Z2 ?7 H- W2 ~- g! e6 C
A) Stratum$ M: ^; k& J: ?' P( p$ N( ]. [
B) and other options–
. m) L) X) a! t# C7 \Answer: stratum; K' W% i( j5 y; o
I chose it’s a stratum, not amount of NTP clients not seconds
]1 H% G$ I" s5 ~# o% W/ hntp master [stratum]
: P! b# m! N/ I9 Cno ntp [master]' l/ y8 [3 l7 P
=======================================================================6 G& k5 s3 B- B; E
7. SECTION IP SLA /NETFLOW; E, L6 Q U4 b$ I) N+ |
7.1. Question: IP SL A) There was a screenshot with config and0 u7 S7 W7 O6 }0 T
a question like what is true. ip sla 995 H" y+ G% }5 G5 E3 D6 a
udp-jitter 172.29.139.134 dest-port 5000 num-packets 20
& T& o* i4 _7 ^5 L0 xip sla schedule 99 life 300 start-time after 00:05:00+ g2 t; L$ y. G( ^0 T
A) Start time after 5 hours ???8 q+ n* ~( @5 E' T7 F& }# E
B) Send 20 packets with des-port 5000
" y) q/ }9 N$ I' lC) Start time 12:05:00 AM I answered wrong: that judging by the command “ip sla… after 00:05:00〃
6 q3 Z! L2 T) D ?' QSLA will start at 5 a.m. But “after” means “in 5 hours’, as I now know.
) M6 n. ~, K8 t* w5 _+ ^+ m3 eAnd again, I don’t remember other variants of answers.9 H; O3 K$ j+ @; g& g
Answer:
0 y2 C0 n8 g' T5 ^( tIn the following example, operation 99 is configured as a UDP jitter2 Z+ y" @7 Z. ?6 l
operation in an IPv4 network and scheduled to start running in 5 hours.
6 d1 l- o1 c! h' QThe example shows the ip sla command being used in an IPv4 network. 7.2. Question: Netflow 7.3. Question: Another was about sl A) during testing a state, if you get
. V% F4 t" D' o$ A2 ?3 _, }8 uOK and over the threshold msgs, 7.4. Question: what IP sla is monitoring or something like that (3 answers), O' p' k" v( p/ U, A
A) jitter" K6 W" ~1 T! F/ s/ y
B) delay
' U' A- y8 F/ l5 e; |3 d" `C) packet loss
& k$ R/ o- R+ m' }; b6 j* z) m1 T) CD) and other options then state is ok/not ok, or if you get only OK msg then state is OK
0 b: h. r+ K- k6 B! }3 [ x$ @like Example:
% N5 s# z' R" H/ m" `( wIf you configure Timeout > Threshold, you can see the RTT and if the
, \8 Z( e s0 f: m; eRTT exceed Threshold, it is a failure. If you configure Threshold > Timeout,
( v0 y* M% @3 S0 N7 }7 s. r7 ~if the RTT exceed timeout but less than Threshold, it won’t show the RTT
p" K2 O8 u9 }4 z/ U/ Ybut it is still a failure. So failure is RTT exceed either Timeout or Threshold. ip sla monitor 1& d5 J1 E( T* ]
type echo protocol ipIcmpEcho 115.0.0.1 [8 D/ F# Q1 E8 _! P+ _2 [
timeout 5004 I7 N) Z' P1 P1 h0 I4 e: G. }
threshold 20
6 }. e3 Q0 f' D; t Q( afrequency 10
( f0 u3 }$ |, q5 C2 v0 Q3 bRack1R6#show ip sla monitor statistics
9 g. v- k% c* c ?8 kRound trip time (RTT) Index 1
0 [# w p: o7 `6 u- e" {Latest RTT: 36 ms
" T+ g4 Y/ Q( A& g) W- M, mLatest operation start time: *04:12:47.001 UTC Mon Mar 4 2002
" P b6 T) u, r" n, r5 ?: \1 jLatest operation return code: Over threshold
1 W j$ [, C+ c) Q4 ]1 VNumber of successes: 00 p( q7 ]/ A0 r9 _3 }" B: Q
Number of failures: 6
& a3 }* J9 Z9 V% `Operation time to live: Forever 7.5. Question: Question on ip sla track, different conditions that include
; X. k6 A) q7 JReturn Code and Over threshold 7.6. Question: Difference between Tracking Reachability and State Reachability:
F5 f6 a$ _; V! g' u1 [/ ?Track-Object is UP if IP SLA Code is OK or Over-Threshold of IP SLA3 \$ ^- h4 U1 ?( Z8 \- }
Track-Object is DOWN if IP SLA code is DOWN or over Timeout
q/ k8 G0 a6 f( Z0 }State:, N' x8 g& z: W& v8 o
Track-Object is UP if IP SLA Code is OK, so IP SLA test is NOT over
0 a6 i' s4 Q3 t+ |3 F: Vthreshold or timeout)% P+ N* y) p9 r# G) m+ |" z) j
Track-Object is DOWN in any other case
5 D( g* B3 Z; u======================================================================= 9. SECTION QOS 9.1. Question: QoS related question: voice and video on the same& G+ c2 U b, D
queue with an interface with 768kbps…different options but sorry
: r& X" `$ Q# H7 b+ `I do not remember all of them' t7 J) M9 d3 N
============================================================%3 | 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2015-7-17 13:45:55
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2015-7-17 14:03:50
还好刚看完差点就去准备考试了
我中招了~在想要換科考還是要等考古題! 飛掉250~
