本帖最后由 小乔 于 2019-4-25 15:26 编辑
" s4 Q$ }& h4 i) m! E( W6 s& @5 \4 ^& e( C/ }5 T
考生记忆内容,仅供参考
, e s4 u$ K, s7 K
9 v, A+ K! l, P5 cQuestion 1 Which of the following features allows a router to install a floating route in its routing table when the GRE tunnel goes down intermittently? A. tracking objects
- V& z" K3 ^" G& f% e4 i; S! @B. IP SLA
4 S+ X+ G1 O# N+ ?$ XC. ?
, q( @8 U% _7 H2 u* ID. GRE keepalive Answer: D Question 2 Refer to the exhibit. access-list 101 permit tcp 89 any
( J4 U1 U' \ \! _access-list 101 permit tcp any 10.1.1.1 0.0.0.0 eq 1796 r! a4 A# t& f% {, M8 s
access-list 101 permit tcp any eq 179 any2 W6 Z. M$ g1 d, ]; N
access-list 101 permit gre any any
* v4 s. u+ }* y/ Yaccess-list 101 permit tcp nse any
; m, L* I( Z- G; ~: y* baccess-list 101 deny ospf any any( K3 n* d+ v* `2 o# g
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 22
1 O% `3 \- N5 p8 caccess-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq telnet( Y' z% N' e# f/ z2 l
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 80
0 Q! ^8 ^: [5 s& kaccess-list 101 deny tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 2& ^9 E2 ]. j: J, t9 |( T1 Y
Which two routing protocols are permitted by the ACL above? (Choose two) A. BGP# J) z2 S+ [. e/ c' ?8 W
B. OSPF; ~: O7 U( h* w) O% b' s) V' S
C. EIGRP4 i' e' G- W. \! K' w7 m2 g/ c
D. GRE
" d' G2 p, t$ F1 WE. NSE (something like that) Answer: A D Explanation BGP operates on TCP port 179 and the ACL statements “access-list 101 permit tcp any 10.1.1.1 eq 179” and “access-list 101 permit tcp any eq 179 any” allows BGP to go through. OSPF is denied with the “access-list 101 deny ospf any any” statement -> Answer B is not correct. EIGRP runs directly over IP using IP protocol number 88 – it does not use TCP or UDP. In the above ACL statements there is no line for EIGRP so it will be dropped by implicit “deny all” statement at the end of the ACL -> Answer C is not correct. GRE is allowed with the “access-list 101 permit gre any any” statement -> Answer D is correct. Note: There was a report saying that the correct answers were “OSPF” (the config was different and it was allowed in first statement) and “BGP” so please grasp the concept to solve this question properly. Question 3 Refer to the exhibit. R1. N8 r1 g7 o% n% {6 v4 N% Y& B$ G
int Gigabitethernet 0/02 ]8 r# c* e) y- x% Z' E
ip address 10.10.20.2 255.255.55.0 R2
$ d G0 V& h' b- [% Q) p& G5 w# sint Gigabitethernet 0/2, s1 X' ?0 x# O' G0 p
ip address 10.10.30.2 255.255.55.0
$ l# L. c" n* H; I- tR1#show ?5 D+ b& R: H# i5 `. N' }, _
interface Packets* Q1 r3 A7 W3 o
SSH 0 }( j/ D) ^, Z0 G7 P( n. {
hsrp 10 R2#show ?$ `& E9 ?: b" U
interface Packets$ m6 b# S: E \; p
SSH 10
" O" J0 h2 s2 q% n( s: ihsrp 202 X" Q1 ?' ?: C9 }
xxxx 30 R2#ssh -l admin 10.10.20.2
9 s* K6 y* d# d& ^$ E%failure A company is implementing Management Plane Protection (MPP) on its network. Which of the following commands allows R2 successfully connect to Router 1 via SSH? A. ssh -p 22 -l admin 10.10.30.28 J. l) B% C* R4 q( g( u, O7 S
B. ssh -v 2 -l admin 10.10.30.2 l5 R& y5 l8 m* K+ U4 B( [7 N
C. ssh -p 22 -l admin 10.10.20.2
0 S9 U/ Y" L6 D! l: eD. ssh -v 2 -l admin 10.10.20.2 Answer: B Explanation SSH has the following options: R1#ssh ?
) i2 ]. @. R0 h1 P8 E# }, g-c Select encryption algorithm4 ~8 w' e9 i) D4 \9 H0 c
-l Log in using this user name
& {0 k8 y* @; P-m Select HMAC algorithm+ o1 _- n3 c2 |5 Y: F; D
-o Specify options
: o+ g; `% V" i) f-p Connect to this port- o6 @- a, B3 Y. t4 `
-v Specify SSH Protocol Version& G/ u" [0 O/ X- p9 U) p4 J
-vrf Specify vrf name$ l% ?1 p, \- {6 m& N# W5 W8 @7 m% e- B
WORD IP address or hostname of a remote system# b2 h3 C+ k. x+ h: X7 c
In this question it seems R1 does not allow SSH so we have to SSH to R2 (10.10.30.2). Question 4 Section 1
" S4 G% l& x: Z/ m5 _& ZIt shows some output (cant remember)
) s4 Y; ` a# ~4 S$ }- A" RSection 2; B. @& L% `/ v; G1 Y
Debugging is2 v+ d: \ @. t Z/ L. |# @
Condition 1 – username
# k' m) ~, D% @* {Condition 2 – int g0/2+ X( H# h% ?% E( `, Z
Section 3
! M# S" E5 o2 R& U- LIt shows some output … Which of the following commands results in the Section 2 of the output above? A.! w. h! G/ C4 k4 }
R#debug condition username
6 D7 T: e6 Z! DR#debug condition interface g0/2 B.
+ ^4 ?4 X! k, c6 I. bR# debug condition interface g0/23 I; t" h z* h% F' x9 T
R#debug condition username C.
0 [) r* s( o9 X4 KR(conf)# debug condition username; x& a$ `) b) B% G* V' C- S
R(conf)#debug condition interface g0/2 D. Z9 D- J8 h# ^; `
R(conf)#debug condition interface g0/2, r8 o B6 p! F7 H; o# ]
R(conf)# debug condition username Answer: A Explanation The “debug condition” command must be issued in Privileged mode (not global configuration mode) Question 5 Two hosts (PC A & PC B) in the same subnet (IP addresses 10.10.20.10 & 10.10.20.30, both /24) connected to Layer 2 switches each (using ports g0/5). The layer 2 switches connect to other switches which connects to a Multilayer (L3) switch. What is the reason PC A cannot reach PC B? A. IP routing is not enabled in the L3 switch0 ]( Z. H+ R& e
B. Interfaces g0/5 of the switches are in different VLANs
; }6 v2 F r5 o4 @# t- _C. PC A and PC B are in different subnets
5 u/ S" b. m4 sD. ? Answer: B Explanation Suppose all the related ports are in up/up state then there are only two reasons that PCA & PCB cannot communicate:! h0 A k" d; s
+ These two PCs are in different VLANs% @& ~ z U: t/ R$ [
+ The ports on L3 switch that are connected to two Layer 2 switches are routing ports (with “no switchport” command) Question 6 Refer to the exhibit R1#show access-list7 F. ?' Z8 G. P* h. j. }
IP access-list extended Super_User
( T( f$ r( o3 w; k/ y8 A+ A1 permit ip host xxxx host xxxxx( @+ a+ ~9 `2 y/ P1 X3 C
2 permit ip host xxxx host xxxxx
, ?& \' B' `0 |3 permit ip host xxxx host xxxxx
7 o$ M8 A/ c8 f" m0 V- p# k4 permit ip host xxxx host xxxxx
: |! D# k( Q4 L; t. y5 O5 permit ip host xxxx host xxxxx
7 |$ } } S# _- |6 permit ip host xxxx host xxxxx
* a- U6 x6 A: M" L% f" T2 X7 permit ip host xxxx host xxxxx
: _5 X4 s- W1 g& S" M8 permit ip host xxxx host xxxxx
% J6 [$ `5 T1 [- ]% ^9 permit ip host xxxx host xxxx
! K k7 t. `( X7 g; z0 TWhich of the following commands inserts five additional lines to the ACL Entry Sequence between lines 3 and 4 without changing the existing configuration? A. R(conf)# ip access-list resequence Super_User 1 6! \& `% r% ~; \7 p) w9 U
B. R(conf)# ip access-list resequence Super_User 1 5) v. x7 K) z% W. M( ?
C. R(conf-nacl)# ip access-list resequence Super_User 1 6
: s' U; i7 x5 VD. R(conf-nacl)# ip access-list resequence Super_User 1 5 Answer: A Explanation The command “ip access-list resequence access-list-name starting-sequence-number increment” (for example: “Router(config)# ip access-list resequence Super_User 1 6”) will resequence the “Super_User” ACL using the starting sequence number (1) and the increment of sequence numbers (6). After this command the “Super_User” ACL will be like this: R1#show access-list4 e& @' P, k: h6 D0 d/ f
IP access-list extended Super_User
# e/ x0 U/ o- e* x+ h: V4 q1 permit ip host xxxx host xxxxx- x, S" A+ F# ~" P' r& P
7 permit ip host xxxx host xxxxx
- h4 N- L0 ~- j. F) K13 permit ip host xxxx host xxxxx
% y% \3 K/ R1 ^6 m. |# S* S19 permit ip host xxxx host xxxxx, g) m0 j, l$ [
25 permit ip host xxxx host xxxxx
. i" a$ i) Z& l- w! X+ ^, v31 permit ip host xxxx host xxxxx
2 g8 K* p; p2 j* {6 K3 Y/ O) N" {37 permit ip host xxxx host xxxxx
* x( I0 G2 m6 o4 ^, A43 permit ip host xxxx host xxxxx6 u! p) d& a4 T
49 permit ip host xxxx host xxxx
0 y) B! ^: K. r-> We can insert five additional lines between two consecutive lines now. |