 成长值: 64865
|
题目不是很完整,答案仅供参考' ~$ _4 e3 H& m( P: m
& D( R9 F U. Q& V6 c6 _
# `# C" Y h- k! G$ KQuestion 01 –
" r8 K/ |( Q/ h# n9 b5 G$ W! ]Witch access list entry checks for an ACK within a packet header?
5 ?, _5 K+ s6 K3 K( P& {2 NA access-list 49 permit ip any any eq 21 tcp-ack
7 V* F9 q0 W0 X2 J8 d" ~) vB access-list 49 permit tcp any any eq 21 tcp-ack
6 j4 g2 T. @/ X8 AC access-list 149 permit tcp any any eq 21 established
7 g! O5 f& M, E) _1 [. PD access-list 49 permit tcp any any eq 21 established$ [1 n6 b; a* _: ~9 v
Answer: C
4 ~$ [5 k" X+ \: ^ _=================================================================================
: R n) ~% h( A fQuestion 02:
" ~/ ]/ R6 i* J* e2 y2 z& CWhich option is one way to mitigate symmetric routing on an active/active firewall setup for TCP-based connections?/ b4 t& c& A3 y b( P% R0 W2 Y
A performing packet captures( d+ x) ?9 s' v- d4 h* t- [! q7 W: _& d
B disabling asr-group commands on interfaces that are likely to receive asymetric traffic. U, t! }3 A/ F$ S
C replacing them with redundant routers and allowing load balancing
0 Q8 o6 O+ \: ]. ]9 aD disabling stateful TCP checks: W7 C! J7 _* i8 K
Answer: D
. h# r, f; J4 [: f; ~% s=================================================================================
- S: V3 \* L8 O( P9 dQuestion 03:
6 w/ \1 q1 A/ K- a& N* I" a. YA network engineer executes the show ip cache flow command. Witch two types of information are displayed in the report that is generated? Choose two:, |, R1 Y1 a/ V4 t
A top talkers
8 i$ r$ H. N, u) z8 TB flow export statistics
. b1 {2 h5 K# uC flow sample for specific protocols
7 V' F3 o9 F/ Y4 S! AD MLS flow traffic
; |; t) n' |0 mE IP packet distribution; \% O3 W( k1 C5 J6 U% a- A7 p
Answer: C & E
! T& y8 h6 T" D2 x2 s# _9 k=================================================================================
8 J* o0 Y+ V( sQuestion 04:
+ |8 N& C% h0 b& \0 U1 ^4 j/ o7 gWhich DHCP option provides a TFTP server that Cisco phones can use to download a configuration?
) h1 f' I: Z* \ J$ SA DHCP Option 66& D- O% B8 {1 i7 S+ v
B DHCP Option 68
& O; V. V& @' g L$ \ tC DHCP Option 82
& j4 W$ F: L) g$ u$ T9 J' K/ b# mD DHCP Option 579 |. |* ~0 X7 _ i) G7 q
As: A2 |- ]5 q9 {0 X" I6 X
=================================================================================4 X4 |# M/ F. ~; l
Question 05:
/ I) _/ G# k$ I% O: B: p1 ?+ a: TDrag and Drop
* B( N0 g. x$ ]Authentication (two sentences) >>>
" Q0 ~* Q f6 G: S; x1 O/ ^' D– supports a local database for device access$ u% O/ D! s: O! K
– supports encryption
+ V7 I+ n- ]! ^' V" @! ZAccounting (two sentences) >>>
) t7 ]# I5 t9 U7 C* I! \& O& E' v-not supported with local AAA5 _( c% o; `. e3 b" |% c7 \+ Z
-verifies network usage
7 B2 o" u* B+ V' S: w2 }Authorization (two sentences) >>>
/ L' e" `" P& I, W) p5 \: u– specifies a user’s specific access privileges: K9 Q; r2 `+ ?
– enforces time periods during which a user can access the device M3 E0 r7 Q, ~* e& F
=================================================================================) M% q9 m% Z6 k" R
Question 06:9 S$ z2 P9 Y& n; X2 @
-drag and drop+ J2 Q7 M# \8 v$ M. {1 C+ J
CHAP (two sentences) >>>) V) I/ `' \9 u0 @0 k
– Generates a unique string for each transaction3 O0 K) N! h$ a
– supports mid-session re-authentication R7 _" ^, b# a2 b
PAP (two sentences) >>>8 t) O4 z5 P( S' _" W
– provides minimal security& d8 U0 T! Q& ^& M8 `
– requires a username and password only. S% Y. P" J. B- j) A: Q7 {" i# a
=================================================================================
; t. _! S4 N, D6 V4 HQuestion 07:) c; x% Y: n9 [- r. P6 q/ g' s- D7 ^
there is a choice on flow…..a customer what …..i dontremind well
2 c) ?4 T" z! p& j+ \8 H5 @' s6 h) iA.PMTUD' r1 G, K4 t+ n
B.MTU
' U* j" D+ W5 LC IP MTU# ]1 h* t3 [0 u8 Y, `/ w
=================================================================================
# J& {+ Q- e4 o3 O; _1 NQuestion 08' w9 _4 [4 E; `$ ?6 |1 c" s. O
Radius >>>
& Y: _0 ]- Z* }: G& K4 ?2 yuses udp port 1812 (for authentication / authorization). It encrypts only the password in the access-request packet, from the client to the server. The remainder of the packet is unencrypted.
2 T4 ]/ Y7 o, q% p/ j" r3 n: R& cIt combines authorization and accounting functions.
2 N8 G- ~( w0 zTacacs+ >>>
( }+ M+ s% p: U! susers tcp port 49 and encrypts the entire packet./ s, p; m+ ]7 z* K( ] w- m
It separates authorization and accounting functions.9 R; s9 X' L( T$ C2 U
=================================================================================: t t; L6 d: B& w1 V3 k: O4 z, X
Question 09:
8 z5 ~' z1 L' P' jyou have to “link” this 4 sentences:
1 H/ R S7 d, _1 g) _Ans:! T. C' T" T7 z5 D
network-specific stateful NAT64 prefix: IPV6 prefix assigned by an orginzation
: n! q8 Y' Y' v, L3 ONAT64 : supports application layer gateway$ a P u' o6 x& B! S6 h2 T8 `
NPTv6 : translates 2001:1::/64 to 2001:2::/64
7 p4 p4 r4 `* U; Q9 p) Bwell-known stateful NAT64 prefix: supports IPV6 prefix 64:ff9b::/96
% f5 v' v, K% _ i, G=================================================================================$ d. L2 j/ ?. p$ h3 A
Question 10:. N' }" p& y6 W$ [
Command in uRPF loose mode6 `9 T B o% [6 ?( B' A* L e
a. ip verify unicast source reachable-via any: M5 ~' K8 v) z3 m9 Z2 h/ n9 s+ b
Ans: A: W6 Z- J! t3 @ T
=================================================================================& S- ^6 g+ N+ g9 e9 d; I7 @7 }0 E3 ]
Question:11! X5 T9 p$ j: f* S5 B9 g3 l4 _4 W7 i: ]) W
Two GRE scenarios for preventing
% \; u0 `( o% \% F1 d: rA) TCP MSS
" C2 `) z8 o6 f9 V# f4 y9 K: lB) DF Bit
% R5 F7 v4 C$ ^2 p8 \& s. T2 |5 fAns: A & B
, r- j N/ ]4 |' S' D3 O x* y" S# w=================================================================================
$ m+ h# q/ G& kQuestion 12:
, R4 e$ ?1 T d4 N/ s) DWhich feature enables security in vty lines.”+ m% J9 p/ a7 D6 ?. d
a. exec-time out2 B0 T0 p2 a! B W6 x) N
b. logging
5 U6 p: T5 C% sc. username and password: d$ I2 s+ J1 }$ E( I3 B; i0 C
d. transport out
' w8 q2 [0 s0 u) `Answer C
+ d/ v% ~ G8 j1 f5 ^! z/ @% w=================================================================================0 S/ h6 Q$ o5 [ W P) D
Question 13:, H# i0 O5 j2 ` k2 _- W
Which feature enables security in vty lines.”
- [. ?& o8 p+ p/ R* \3 N ta. exec-time out- o3 w# k4 C+ }6 H# u1 X
b. logging _, }8 ^6 n) }6 J w
c. username and password
- l) {( E, F2 A) r" j8 [1 ed. transport out% ~2 u1 z2 F, B5 H" E
Answer: C
0 n8 H" [8 j) j7 Y) \/ Q=================================================================================
0 @+ X5 _" d% NQuestion 14:/ X- k' S: ~% m& {% Q) H
Given ((diagram with R1 SLA config)) with configuration written on Picture as( T$ R! d, `0 N' E' d# [3 E+ ]" p
“R(Config)#ip sla 13 W$ Z8 _! d y6 W
R1(Config-ip-sla)#icmp-echo 172.20.20.2 source-interface f1/0
0 a0 [- P$ N* J+ E gR1(Config-ip-sla)#frequency 108 G$ I# w" \: z0 A+ z) E
R1(Config-ip-sla)#threshold 100
/ m( _& p* x- |& F3 Y) l% eR1(Config)#ip sla schedule 1 start-time now life forever" L) O; v3 ^- `2 x5 ^$ {6 _
R1(Config)#track 10 ip sla ???-
" ]' d" _) L4 Q4 Q# s5 KR1(Config)#ip route 0.0.0.0.0 0.0.0.0 172.20.20.2; K) t& r3 u9 y0 _0 n, R* e* f
what make default route not removed when SLA state down or failed
$ ]% v7 [7 L$ q/ f( ta. the destination must be 172.30.30.2 for icmp-echo8 ` L4 D/ ~0 W: H, B0 v
b.the threshold value is wrong
0 q2 \ n& B, E* D% z5 m6 cc.
9 M* y; c, P# s$ hd. missing of track feature on default static route command# |% m5 h1 S* B3 h3 a7 W
Answer : D4 @) @) a5 l. R9 s+ U+ Q5 D
7 H) `. Z; f* o/ ?3 Y8 u+ E
# j( ?( \1 A4 H0 s* M3 S" r! m
$ D+ `. A/ e7 M |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
发表于 2017-4-5 09:16:41
置顶卡
喧嚣卡
变色卡
千斤顶
发表于 2017-4-5 09:26:31
