 成长值: 64925
|
题目不是很完整,答案仅供参考
+ T! g2 ^' f3 F5 d3 r+ }
- d& b1 L9 R% ?3 b# p
3 x9 y; \& d6 P0 V" ~9 [Question 01 –
0 P' d. `- z7 G2 d$ ?* P' D( ?9 p9 oWitch access list entry checks for an ACK within a packet header?! ?/ m3 ]( G f; w, V" c
A access-list 49 permit ip any any eq 21 tcp-ack
, V, p/ q- m! o. e* R1 N mB access-list 49 permit tcp any any eq 21 tcp-ack
) y1 E7 Q" a6 G& N3 S2 o& dC access-list 149 permit tcp any any eq 21 established
9 n, ~6 W2 [; [; V/ LD access-list 49 permit tcp any any eq 21 established
`# g" G% R8 rAnswer: C% C/ Q8 ^$ Z& ]% e6 P
=================================================================================
8 s2 |% h8 E( A: [7 KQuestion 02:' {* I* Q% w3 |4 E' G5 M: l7 }
Which option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?+ E$ l! W& f4 i- B
A performing packet captures
7 T" S* g. W% ^3 H% h/ GB disabling asr-group commands on interfaces that are likely to receive asymetric traffic
8 X3 o* t, u7 Y# a" ^. pC replacing them with redundant routers and allowing load balancing
9 l I- ]! k' {4 E: \6 D& t7 jD disabling stateful TCP checks
: s( P, @+ Y) H9 _6 `+ I0 pAnswer: D1 J a& W0 u" T4 J" Z7 [+ e# b- c
=================================================================================
4 c, R: x# E& a* z5 s P/ p9 BQuestion 03:1 X2 D+ M1 H8 G% `/ G$ {
A network engineer executes the show ip cache flow command. Witch two types of information are displayed in the report that is generated? Choose two:. ^" G% L/ U2 s) K+ S
A top talkers; E2 A* T D: X8 d2 E4 }5 h8 x4 P
B flow export statistics" {1 Y% M+ G4 `/ M2 {+ r! ?. i0 B* j- o
C flow sample for specific protocols
0 @: b, B0 |1 u+ |D MLS flow traffic: x3 ]! u+ r- {9 d- ~3 S
E IP packet distribution3 p& V l. a3 j3 z6 F
Answer: C & E
1 f/ p% Z; S+ ^=================================================================================2 L% Y" c( h' @5 f
Question 04:% y+ f; z$ H+ t) Z( S
Which DHCP option provides a TFTP server that Cisco phones can use to download a configuration?
1 |, h2 }3 @; ?A DHCP Option 66
! U m0 e4 [) f" r5 X) f' ?! YB DHCP Option 68
' }4 F! c* k" i! }4 EC DHCP Option 82
1 `- K$ f. @$ ?3 c0 `D DHCP Option 57& }+ i8 B0 @1 @) x; q% w/ G
As: A: T# S& z- t" T) M
=================================================================================( U" J) H2 q/ k
Question 05:0 v3 ^0 o# i7 O! z! _
Drag and Drop, a+ P I, K5 [3 W1 J* i' Q
Authentication (two sentences) >>>
2 a8 w% D# B" X3 Y/ K5 I– supports a local database for device access/ x- M& w" R9 \2 I
– supports encryption3 \3 L7 z! x4 U# u+ A* L
Accounting (two sentences) >>>
7 i, D! K, C5 m8 M) f0 P; Q-not supported with local AAA
0 K v7 D4 E& e-verifies network usage5 V! W. ~ g: V& g/ q
Authorization (two sentences) >>>2 t X2 S, b7 {9 F8 r ]) t
– specifies a user’s specific access privileges
+ d! c1 x' r& z, L L! \ Y* V& u) w6 P# K– enforces time periods during which a user can access the device6 f( i% r" |- f7 u( a
=================================================================================" H, h A/ M7 L* A' i. h
Question 06:
0 _8 G, z% \5 K" c: O7 U- t-drag and drop6 J; n* ~( [& U; O
CHAP (two sentences) >>>! a. Y. F u+ U" L
– Generates a unique string for each transaction3 H6 S0 d K8 G( h( K, h8 u
– supports mid-session re-authentication% p: M1 H+ T4 Z, @9 ]
PAP (two sentences) >>>9 [, }4 [' Q0 a/ \9 E
– provides minimal security$ J4 m1 e% c8 n; G/ {
– requires a username and password only: o( M1 j* o1 \8 n- s8 w% E
=================================================================================
2 h6 m- ^4 q$ t8 S9 e4 y" _Question 07:$ L) c1 e2 d. W
there is a choice on flow…..a customer what …..i dontremind well
# g# b q& U3 Q/ S. AA.PMTUD
6 _( _' ?( G; x( gB.MTU' l6 b# A* Y2 c4 @9 ]; j
C IP MTU
( G1 \5 u' T+ q+ g0 Y t* P6 h=================================================================================
/ K7 F0 F4 x% r6 AQuestion 08) x( ~, G; Q* J
Radius >>>
1 X9 k# P8 X! }$ Suses udp port 1812 (for authentication / authorization). It encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted.
+ X3 E& P/ ^; }- }4 cIt combines authorization and accounting functions.
7 Q5 @ V% ^/ r% h% g6 vTacacs+ >>>
9 O2 V( M5 w* p1 M2 z2 l( |+ W% yusers tcp port 49 and encrypts the entire packet.
" \5 _0 z9 k- ~It separates authorization and accounting functions.9 t1 s8 r" }7 X2 z1 m- M7 J
=================================================================================/ ], B6 Q2 ^, d- ]
Question 09:$ P4 o8 V$ U7 r" q
you have to “link” this 4 sentences:' m u# v' d. o$ K6 U. I) s
Ans:* _1 _4 ]8 D* d" M* C
network-specific stateful NAT64 prefix: IPV6 prefix assigned by an orginzation. R; I! A; z$ \9 P/ A
NAT64 : supports application layer gateway
4 z9 u u" P* F+ U9 rNPTv6 : translates 2001:1::/64 to 2001:2::/64) x8 @7 H0 i8 l& Q
well-known stateful NAT64 prefix: supports IPV6 prefix 64:ff9b::/96% d/ w. I) m3 `, a
=================================================================================
! Q! H; m. x$ j1 Q3 Z! q1 e; x4 P# oQuestion 10:4 Y j' s1 X. s
Command in uRPF loose mode
F$ b k1 ?. fa. ip verify unicast source reachable-via any
. i s& R4 ^( z M i% ^Ans: A1 R3 l: b* h& d# b
=================================================================================
9 f9 W( ^% y6 J/ k) {0 |; U( KQuestion:110 M9 ~6 L( }0 K7 a5 K8 H- q
Two GRE scenarios for preventing. Z8 a& l, O: W
A) TCP MSS) v- M% i D2 {& K- f2 ]) }( ?
B) DF Bit* y1 f5 R1 {' I& x( w/ E
Ans: A & B
) X% Y3 [; @& \ |/ B3 H! I=================================================================================$ Y5 x4 ^" v/ w
Question 12:
& I% z! U) U2 G6 J* t. M7 QWhich feature enables security in vty lines.”
+ o" q$ d3 p; K+ r& Ia. exec-time out
, C, J5 t5 V8 C- M8 V7 db. logging
6 |2 G( \ k0 P" t% cc. username and password
* b/ \3 t, c! A+ F5 qd. transport out
; K7 g, `0 }# JAnswer C: E, L: w6 ~# w
=================================================================================3 B/ e8 s( @, m( u. p
Question 13:
{- _$ A" |6 C* JWhich feature enables security in vty lines.”
" c1 Y# ^- y `! B4 h! \% W* B( va. exec-time out% ]% J$ m7 F1 b, n6 j. r2 ~, A2 {
b. logging
, D; a, i& N# l1 {6 kc. username and password
$ B( i# ^. j/ K5 F3 k* d2 Md. transport out
) Q7 n# ?5 z( P: Y' W. K; ZAnswer: C
+ r( J# r/ o P: x5 u=================================================================================
( w9 G8 C' U# g4 bQuestion 14:
- t% q$ M6 w8 t: P' t2 pGiven ((diagram with R1 SLA config)) with configuration written on Picture as" y. f1 p0 V. j! }( |0 z+ x
“R(Config)#ip sla 1' u, ~5 E- E; |9 e8 U* Q. ?' }
R1(Config-ip-sla)#icmp-echo 172.20.20.2 source-interface f1/0
7 O7 o5 @+ _& k2 j' ^R1(Config-ip-sla)#frequency 10
; J$ V, S o* N+ G" j _R1(Config-ip-sla)#threshold 1006 f$ H4 ]# L8 |1 `
R1(Config)#ip sla schedule 1 start-time now life forever4 A/ O' E/ C- n
R1(Config)#track 10 ip sla ???-3 p- A' k, B/ M* x9 H8 X, n+ l
R1(Config)#ip route 0.0.0.0.0 0.0.0.0 172.20.20.21 t0 p! \2 W" I( Z& j4 H- g* i$ z4 j
what make default route not removed when SLA state down or failed& f6 E( K% D. {
a. the destination must be 172.30.30.2 for icmp-echo
/ O* d! I1 g8 j! M4 s3 h/ z+ Ib.the threshold value is wrong
8 \ e1 z8 ^* ]* U+ ]& cc.
$ m; r+ t0 x% kd. missing of track feature on default static route command, G8 t r! y* D: T! j8 n8 p
Answer : D% x! Q5 N. H, X0 ^
: p9 V8 U- X& w% h
, ^9 \3 ?+ c( f% J5 h0 S# n* L, z) N( Z7 e* v
|
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
发表于 2017-4-5 09:16:41
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2017-4-5 09:26:31
