4 @, O2 e9 r- U, j/ m1 R. X7 \
. O9 V( d0 e2 U6 E' \+ h
考生回忆的新题,题目不完整 ,仅供参考
) h5 E' I# T6 n; {1. SECTION EVN- K( Z) {3 w5 O- N( H/ h$ Q6 A! n
1.1 Question: Question about Easy Virtual Network. Choose 34 K# c% d: r6 B R
A) Simplify Layer 3 network Virtualization
0 ]8 K$ p$ T: N" ]% FB) Improve support for shared services3 w- n U4 ]6 a1 ?6 z! N
C) Enhance management and troubleshooting. L! c8 F, Q5 |+ e- ?2 r# ~
D) and other options! H1 q) P0 {' b+ ]1 O
=======================================================================
4 Q y# k K, c" F2. SECTION VPN / GRE( Z/ A s) O0 d, N; S1 u$ ?
2.1 Question: MVPN: before testing IPsec what would you test?
# z" G: D6 |# N; z; NA) NHRP/ A7 [8 i6 N d
B) mGRE tunnels* ~3 R1 J4 W* k& {+ z& ~$ m
Answer: The correct answer should be mGRE tunnels I guess unless you
; W7 e' x3 Y9 J1 _- \4 f! J: Jmean enabling the NHRP protocol? 2.2 Question: One from GRE with IPSec. Two routers cannot communicate. y7 w- B( E+ z
via tunnel, what would you troubleshoot 1st?.8 \+ C1 L f+ z3 K
A) Tunnel connectivity.1 b. m2 [$ q" r0 I9 C) S
B) Irrelevant
4 |, w6 {% K6 S$ zC) Irrelevant9 R5 ~, c0 P: ^; n3 g. b
D) The NHRP.
/ W* W1 t$ l) H+ L* HAnswer: A 2.3. Question: A gre question with a diagram. Identify the possible$ [: u4 I6 r3 t: |# U D: C& K
problems according to reported ACLs… 2.4. Question: GRE (one of the questions with IPSE C) 2.5. Question: GRE. The picture showed EIGRP, in the text it was
' F9 K1 x1 H+ z3 nOSPF (surely a bug). 3 routers one after another, GRE tunnel
+ t% o2 H7 m }# B6 ~2 mbetween the edge ones. The question was, why GRE is not working.
. v9 }+ Q& G+ } q0 I$ }But I don’t remember the answers. 2.6. Question: DMVPN: before testing IPsec what would you test?7 ^' B `6 o8 U, l" v! D
A) NHRP8 a& N9 {8 Y& t: p
B) GRE tunnel
& r( V! Z# }' I! XC) and other options3 A4 c5 [+ B1 p7 z" H8 D. `
Answer: NHRP 2.7. Question: GRE Tunnel can’t form over WAN between to sites, why?2 Q+ } p; T- g( I8 _8 `
A) Firewall/Router ACL blocks TCP Port 57
/ Y6 x& J) ?0 q& N% ^( Y5 qB) Firewall/Router ACL blocks IP Protocol 57
, p- x9 T; q2 h3 J3 o5 @, @C) Firewall/Router ACL blocks UDP Port 47! o6 r* H1 y) g) ^8 k% T
D) Firewall/Router ACL blocks IP Protocol 471 u0 S( u! B1 U; J+ @4 n
Answer: D) IP protocol 47 is the correct one. IP Protocol Number 47
$ o! T2 r2 S ?9 V; h5 O4 b; ^1 M( Eis used for GRE (protocol number is different than tcp/udp ports) 2.8. Question: Refer to the exhibit. A new TAC engineer came to you; ^- o: @8 d& s1 g' z9 A
for advice. A GRE over IPsec tunnel was configured, but the2 A% P; p- m; |# A9 C; a& k! y
tunnel is not coming up. What did the TAC engineer configure
% ^" |5 v5 _) X# B2 G. aincorrectly?
+ N2 M/ w- E! S0 A9 PA) The crypto map is not configured correctly.4 v, q, D0 R2 P
B) The crypto ACL is not configured correctly.; i: J' m% Z1 ]: [! Z
C) The crypto map is not applied to the correct interface.
' q' P t5 G6 D0 L) B9 tD) The OSPF network is not configured correctly.' p* @) b1 B3 W# a! ~, }
Answer: B) i' R, i+ U7 e0 B" W
The access-list must also support GRE traffic with the
- p1 ]# H% L* w6 G“access-list 102 permit gre host 192.168.1.1 host 192.168.2.1″: v7 x2 l' o8 Q4 H' K
command -> B is correct.' {& J0 ~ P/ J
Below is the correct configuration for GRE over IPsec on router
. A5 x C' Z. J) C* L2 oB1 along with descriptions. Configure_GRE_tunnel_over_IPsec.jpg 2.9. Question Refer to the exhibit. A new TAC engineer came to you4 z# c. }5 K5 G) j$ j
for advice. A GRE over IPsec tunnel was configured, but the0 S8 C3 i7 D2 W# H8 q! j
tunnel is not coming up. What did the TAC engineer configure. e- K3 M/ n$ m G, ?
incorrectly?
: E! g" e: w2 Y) N0 o! u% o; E8 y/ dA) The crypto isakmp configuration is not correct.5 s) p/ Z x6 W# R% M1 D
B) The crypto map configuration is not correct. J# o0 l7 z7 {) q
C) The interface tunnel configuration is not correct.0 t4 } @1 r( b. H9 A
D) The network configuration is not correct; network 172.16.1.0. W. I- Y8 `4 F; c/ Q
is missing 2.10. Question: DMVPN: before testing IPsec what would you test?" p/ T" B+ ]) H' K2 Z
A) NHRP+ I6 D6 A9 Z/ W" w
B) mGRE tunnels ; Q: Z0 H% {' w; Z; D
[hide] , d) c+ ^7 P4 b
2.11. Question: Two routers cannot communicate via tunnel, what
& {1 z1 D, ^# \, |. m0 O& U7 {; bwould you troubleshoot 1st?.: m: c. p/ q) C: M; Q: w0 D
A) Tunnel connectivity.. _+ }+ x0 p. b( w' w. k" g4 ~2 j
B) Irrelevant
2 [1 x) s5 I% P/ [9 i# {C) Irrelevant8 Y- b. }9 Y7 W. ~( l; p
D) The NHRP.
- }9 B9 f& S! @% p=======================================================================9 u9 B& v) W. [5 T" @
3. SECTION VRF- VRF lite
3 `! s+ v- s$ p$ b3.1. Question: 2 routers are connected and use the VRF, later on the, U, [% e: m6 ^5 `' b4 h. }
new Lo address is added to one router but is not able to see the
; D0 c1 e9 @# ^; X. Krest of interfaces, what should the fix the issue (or something
: I: [) p9 h1 P. d; |) clike that) (2 answers): U/ Q7 E$ U8 X0 D5 `
A) add static route to vrf* v0 h7 w; D5 K; I
B) add Lo into the VRF! a0 S2 B4 d# E0 \. l
C) add dynamic routing$ N8 q# h$ y( L3 ] ~& j* X# |
D) and other options! f3 m! A' `( j8 N
=======================================================================: e4 e# K6 Q" T- ^1 b
4. SECTION SNMP
: X4 Z& k' J6 Y" V' E; O4.1. Question: If a user using AuthNoPriv who the data will be Authorised
! b7 P* U: J, f. i5 i5 gA) User will be authorized and Encryption4 ~8 r- u; j9 g3 V, l
B) User will be authorized and Encryption
+ F* b K& q% S9 ~1 H: J) _' vC) User will not be authorized and Data will not be Encryption
5 `- K- f1 d7 b n& R) ~% ~9 z1 FD) User will be authorized and data will not be Encrypted
+ G5 _ k' W, PAnswer:
S. G4 c9 U# n. r& O6 N6 ^% DnoAuthNoPriv – username used for authentication* {9 t: u5 a1 Q' Y" \: E
AuthNoPriv – authentication provided by hash values (HMAC with md5/sha1)
+ C7 a& |3 P+ e$ Z5 bAuthPriv – authentication provided by hash values, encryption provided by) A2 R& A# ~- ?
DES/3DES/AES5 B! B% D& `7 y7 V
https://www.webnms.com/simulator/help/sim_network/netsim_conf_snmpv3.html#security_levels
' W( N Z* g! p, ]/ k) K9 G=======================================================================, T8 S! v( F$ p8 ?- b. [
5. SECTION BGP 5.1. Question: BGP ASN 64xxx. Which answer is correct?0 T6 D( K& y; e
A) Private AS 2-byte& w3 D7 ^7 o8 P
B) Private AS 4-byte: F# w m3 a$ D+ n7 i6 v8 {, _: j! g
C) Public AS 2-byte
: T i3 x8 {6 B! z! p1 t% }D) Private AS 4-byte0 g; i0 y" a. Q
Answer: 64549 is private, I can’t remember the exact ASN.
( a! Q+ K# O4 w# p. BBut private as number’s are 64,512 to 65,534. It’s a 2-Byte address.
1 _9 D1 K S' N4 `7 y=======================================================================, Q+ l u, Z7 n7 y
6. SECTION NTP 6.1. Question: NTP: in command “ntp master 10〃what is 10
* ?% z. {: f, y2 W( @4 lA) Stratum/ {# Z' h# L7 g( T9 C
B) and other options–5 L$ g0 ?7 c y1 l$ J9 i: J' U
Answer: stratum
9 N, _& H* F, Y2 g4 TI chose it’s a stratum, not amount of NTP clients not seconds
( G: _+ a6 [: L. ontp master [stratum]
4 D1 l6 F p' @5 @% t! r4 W) {no ntp [master]1 `# Q c2 o8 z3 ~- X
=======================================================================- c/ R( E0 \7 C. B
7. SECTION IP SLA /NETFLOW) Q4 ^' ^9 i# ?
7.1. Question: IP SL A) There was a screenshot with config and6 l, I. S h, }$ w
a question like what is true. ip sla 99
p, O1 }( h' r T) p1 O8 Q* judp-jitter 172.29.139.134 dest-port 5000 num-packets 20* f, s5 T! Z# h4 m$ E
ip sla schedule 99 life 300 start-time after 00:05:00+ `- D$ |, B/ i4 n3 _6 Q
A) Start time after 5 hours ???& T8 w1 W2 |1 G$ P) [. H
B) Send 20 packets with des-port 5000
, b$ W$ w3 l6 H5 mC) Start time 12:05:00 AM I answered wrong: that judging by the command “ip sla… after 00:05:00〃
5 t' w: B7 Q/ N2 w) F6 kSLA will start at 5 a.m. But “after” means “in 5 hours’, as I now know.; ~/ l1 V2 e9 j* ^3 @# y
And again, I don’t remember other variants of answers.
5 |% D) G, o$ C$ o y! ?Answer:
- w0 G( v. V7 b9 ]9 t) OIn the following example, operation 99 is configured as a UDP jitter! ^! X H0 D# h# c
operation in an IPv4 network and scheduled to start running in 5 hours.7 G$ l( ^( z$ C ?. a, L1 u
The example shows the ip sla command being used in an IPv4 network. 7.2. Question: Netflow 7.3. Question: Another was about sl A) during testing a state, if you get
- r) x* H# F" Y5 S# H _# O gOK and over the threshold msgs, 7.4. Question: what IP sla is monitoring or something like that (3 answers)" [# B, [5 d, T
A) jitter
) K- `0 B9 C' P4 M) H+ {0 WB) delay
7 K7 H4 t% W# u% _C) packet loss
$ _! l8 U, [8 M+ a+ C+ xD) and other options then state is ok/not ok, or if you get only OK msg then state is OK
" R4 `1 _5 s+ P$ ~5 Y+ q5 i- Blike Example:
* H1 z5 W2 q! ?$ x) T3 E* \% ]8 F/ jIf you configure Timeout > Threshold, you can see the RTT and if the# F1 Y# j! W- @
RTT exceed Threshold, it is a failure. If you configure Threshold > Timeout,! L" D6 o3 z! [9 Q: o8 N H
if the RTT exceed timeout but less than Threshold, it won’t show the RTT# J/ H& H/ x t' O( E0 m, f
but it is still a failure. So failure is RTT exceed either Timeout or Threshold. ip sla monitor 1, O! `1 p" d, g. F8 \: x* @/ `
type echo protocol ipIcmpEcho 115.0.0.1
2 H2 v7 I6 N# d# U& \timeout 5003 ?' j( m. s5 d- T) P( v2 K/ Z j
threshold 204 W# F8 Y2 l1 I
frequency 10
/ ]$ `1 \6 p# N6 h7 L6 X( v! qRack1R6#show ip sla monitor statistics9 {0 u# [4 e, H" E0 W+ S* B5 n
Round trip time (RTT) Index 1
x; i5 p2 o+ R' J! E6 {# BLatest RTT: 36 ms& y6 T; V r6 p( }/ X: T
Latest operation start time: *04:12:47.001 UTC Mon Mar 4 2002! D$ p/ T# Y; c
Latest operation return code: Over threshold
$ u% R y, m. k! ] a! KNumber of successes: 0
y; p9 z) B$ ~9 B6 z$ ^. R! y' ]Number of failures: 6' @& s) c* t+ q0 C. Y( F
Operation time to live: Forever 7.5. Question: Question on ip sla track, different conditions that include
5 {6 Z: I6 K3 J8 ~! @+ r. q, H+ r7 pReturn Code and Over threshold 7.6. Question: Difference between Tracking Reachability and State Reachability:4 ^- }7 J. N2 V8 P$ U- m% ~, [! @, S
Track-Object is UP if IP SLA Code is OK or Over-Threshold of IP SLA
/ B( p. f0 f8 t% H& W' G- W* JTrack-Object is DOWN if IP SLA code is DOWN or over Timeout# h M- t4 ^; I& D4 m
State:
% s5 N1 X& I5 \8 U6 rTrack-Object is UP if IP SLA Code is OK, so IP SLA test is NOT over
/ X# s6 Q2 Q0 _, Q) g1 [5 tthreshold or timeout)
* h2 M7 r: c5 H8 H% q5 e+ `Track-Object is DOWN in any other case3 @# C; P0 S( o% `" u+ S
======================================================================= 9. SECTION QOS 9.1. Question: QoS related question: voice and video on the same
: n4 |' G# c% j9 ?) `queue with an interface with 768kbps…different options but sorry
) ]0 T# ?" p' |/ R% U8 `4 lI do not remember all of them* k3 L8 ]6 V! ?% s
============================================================%3 | 
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
发表于 2015-7-17 13:45:55
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2015-7-17 14:03:50
还好刚看完差点就去准备考试了
我中招了~在想要換科考還是要等考古題! 飛掉250~
