|
|
发表于 2019-4-26 09:57:06
|
显示全部楼层
" [; A7 N5 s) b; R. e7 H$ m$ k
1 \9 J r" ~- d( W& j% [本帖最后由 小乔 于 2019-4-25 15:26 编辑6 v- I9 V$ C' z' ]+ |
1 S( X3 W- U! H6 e; I9 l! y' C5 u# q9 c" `- n2 u9 L
2 a+ ~( U, t/ j, D3 E/ L8 b考生记忆内容,仅供参考
m q) E$ A7 Q& f2 M; [' i1 W- k4 Q! [5 S; E( ^) G1 E
Question 13 U3 c, E2 T; L1 D( Y0 R1 [
Which of the following features allows a router to install a floating route in its routing table when the GRE tunnel goes down intermittently?2 w1 V/ y' h5 ?! Q+ U3 q2 C
A. tracking objects- b3 y& ?; l/ A8 H
$ n7 i, l0 `' MB. IP SLA1 g2 ] K# \) ]5 I& b, H- H+ T, Q
+ g! Z R, m' X lC. ?7 b0 N$ q* Y& Y8 M" [ M7 \
* T3 g2 K Z( U' w' iD. GRE keepalive+ }% e* j/ h& D6 @- I7 ?
Answer: D
& \- ~& [9 s9 o3 r& N7 nQuestion 2' B5 [( _2 R1 A. C
Refer to the exhibit.
$ e# s( b0 Z7 Baccess-list 101 permit tcp 89 any
; W% H7 L. F: d, X1 {) ^access-list 101 permit tcp any 10.1.1.1 0.0.0.0 eq 179$ i$ o5 V! F V) l5 O, J* O, R+ p5 Y! Q% L! F" j
access-list 101 permit tcp any eq 179 any8 D8 g" k& L) w. J# P$ e, Y
3 B: x" `3 Q- U- h# Caccess-list 101 permit gre any any
+ I7 I# ~+ e' f) I) W" jaccess-list 101 permit tcp nse any2 y9 q( U: e" h3 [3 @4 {: V4 p2 \( H- d0 k- D! l
access-list 101 deny ospf any any4 \# d0 V! o8 G2 f% r
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 226 ] j( g0 k. F, h1 z( s
q8 _. V( S% M9 B6 f( oaccess-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq telnet% N+ i) y" m' H( ^# p! U. p
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 800 ~4 C5 @3 o4 z. w/ \
access-list 101 deny tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 2
" z2 Y; ^- d$ E/ [; ~Which two routing protocols are permitted by the ACL above? (Choose two)
7 p ?7 g$ i( j! m: q- qA. BGP1 z- I; F+ B, r4 ]
* h5 d+ y: ]! p# mB. OSPF% S6 C* V: q1 [# L
' B1 `1 O$ _5 [. B- {* i0 SC. EIGRP% s3 B6 t' U' D; r- U
D. GRE; M# m }" i q: E9 I) d( q5 x* M% f( ~% L& D
E. NSE (something like that)
c8 N/ x& @" \7 T( VAnswer: A D
6 P5 H1 o$ @7 ]) V9 `3 ^Explanation
; T+ C; M: M2 z7 L: p3 }- g$ N6 ABGP operates on TCP port 179 and the ACL statements “access-list 101 permit tcp any 10.1.1.1 eq 179” and “access-list 101 permit tcp any eq 179 any” allows BGP to go through.
4 y( G* e/ a# l" OOSPF is denied with the “access-list 101 deny ospf any any” statement -> Answer B is not correct.
; L; V$ U/ C. U+ Q" wEIGRP runs directly over IP using IP protocol number 88 – it does not use TCP or UDP. In the above ACL statements there is no line for EIGRP so it will be dropped by implicit “deny all” statement at the end of the ACL -> Answer C is not correct.
$ @; C3 U+ Z$ T( ?GRE is allowed with the “access-list 101 permit gre any any” statement -> Answer D is correct.
1 {9 K$ {9 k$ tNote: There was a report saying that the correct answers were “OSPF” (the config was different and it was allowed in first statement) and “BGP” so please grasp the concept to solve this question properly.% N: I6 b: P4 P* Y9 o+ Y
Question 3% k3 |. B& D4 Y
Refer to the exhibit.5 o9 `& y K% j, m" R7 L, R, N/ w
R13 d2 }7 q, f7 \9 Q
! P4 q2 D! x3 U# ^1 X8 `int Gigabitethernet 0/0
0 l4 o% [" ]5 X' w" {5 M Zip address 10.10.20.2 255.255.55.0 R2; _ A! ?, P+ \/ ^/ U
! S4 g x4 N* G. T6 D3 |int Gigabitethernet 0/2
9 w. T2 D7 j) k$ B% N: m. pip address 10.10.30.2 255.255.55.0% Y: k: D7 @2 i3 t2 u# t3 Y% `# N2 X3 q h, R/ E$ J) e
R1#show ?6 R- [5 W2 B- C. l7 t1 B
& b5 p. C6 W3 f1 binterface Packets% @, _' g) Y2 Z
SSH 05 a, ]" {$ u4 S
hsrp 10 n) s2 i, `" p0 u# N, a
R2#show ?
; u4 s. e" ?) c0 E$ winterface Packets! a# r/ d2 y6 \
SSH 101 ^: o& r! d( n' |( w5 f
9 g- y( d) a, ], T' b) C$ o# A9 Qhsrp 200 \& O9 ~/ s$ ^! s9 `) U( n, Y6 u
xxxx 30
f# ]* c2 p: v- E7 kR2#ssh -l admin 10.10.20.2' L b& r* }5 H5 q: z
%failure! M$ n! X; S+ j) I4 t
A company is implementing Management Plane Protection (MPP) on its network. Which of the following commands allows R2 successfully connect to Router 1 via SSH?
# q) V2 U0 a5 W% D. @3 JA. ssh -p 22 -l admin 10.10.30.22 o. O& P7 x& n- p- l! B6 G6 @ O/ s) ~! m1 C: U# }0 c# G5 @
B. ssh -v 2 -l admin 10.10.30.2
% e9 ]: w; c7 q" gC. ssh -p 22 -l admin 10.10.20.25 q, v0 K; }7 N- q) N @+ l I& e5 F; L
D. ssh -v 2 -l admin 10.10.20.2
' O4 ~2 G+ |4 `: t/ Q% u- L6 NAnswer: B0 Y' P) K. o( B- @& X1 |
Explanation7 c; q: F! E5 f9 C# `6 D
SSH has the following options:
5 |4 o2 l0 U i1 A/ BR1#ssh ?
0 f$ U' h! {% o4 e+ h4 L-c Select encryption algorithm' M' x$ A8 ^: A( w' U; n }
-l Log in using this user name
K1 r8 \% }8 h# d H: `$ l-m Select HMAC algorithm2 [* f5 A# ^* [7 _4 z+ w2 F2 v. O( T E: F: A% i) f- ~$ P
-o Specify options7 q5 ~, u8 ~1 C8 g4 K/ _# s: }: _ G
-p Connect to this port }6 m( ~' a1 i; G! W7 S% Y
P* u. I' ~+ t3 E/ Z-v Specify SSH Protocol Version/ [; {. N' m9 B' q+ L3 k
$ n g. H) L U; Z-vrf Specify vrf name, A7 Y' ]8 M Z: X* p4 v. L1 C- {5 q. P/ ~) j% c- v
WORD IP address or hostname of a remote system6 {8 c0 [) L' J7 b5 L1 `: H: C* f# ^
; o* z. q. {9 \8 p( b5 JIn this question it seems R1 does not allow SSH so we have to SSH to R2 (10.10.30.2).
7 B. B5 l# C* G/ ]Question 4% \# N9 Y8 j( n# j2 F# b$ v5 [
Section 19 h9 n9 p8 h. u/ a, D3 N+ Z: @( w, ^4 `* F6 `( n( r( a
It shows some output (cant remember)- `( ^% @# `2 x( C2 [9 R5 I" V7 @" T2 F; h5 C, h2 q/ G
Section 2* B9 U" |/ q; I# }9 D9 v+ F" c/ J/ g1 v$ n; @
Debugging is9 Z8 ^; Y' r$ y( W6 K/ E$ o1 v) O4 U5 u& Q" W) ]) {
Condition 1 – username6 a1 h' G& N5 k+ d1 F( U
7 \: h! v8 n' I* a: D# Q7 PCondition 2 – int g0/2+ V s" d) b4 L6 G5 Y( l3 G" E# f
Section 3
5 k: p/ }+ U& T/ L; sIt shows some output …2 Y2 R( K& s, J' U S; ^! h0 s# c
Which of the following commands results in the Section 2 of the output above?1 C' |4 O# Z# d
A., G' u) m( i1 T5 c c& A3 ]9 {8 k! k6 w; s2 }9 Q6 t; H
R#debug condition username& n: v4 x+ ? m
R#debug condition interface g0/2- U+ b0 |. {7 N" [% Y, }% O7 j
B.: R; \8 W: ~- y5 ^7 s8 d
R# debug condition interface g0/2
* ^$ b5 O/ D% K$ [2 H7 VR#debug condition username
/ V0 a+ i$ s+ p. R4 wC.6 ~" [! @/ A# Y% _% j, s9 N
R(conf)# debug condition username7 e% X: j. \9 |; J, S9 S% |. b1 Z: @! \
R(conf)#debug condition interface g0/2
- }7 \- B' g' C+ H& M' yD.2 f" ]* C5 j# I6 A: X7 f* `/ i1 s& ]& T0 Y6 Y/ Q& ~
R(conf)#debug condition interface g0/29 O- Y: ?3 T) c" }9 p4 \8 p4 c% u: K- |! R! ^* S
R(conf)# debug condition username6 I7 X% p) ^+ W7 ]: R5 F/ G7 j; C
Answer: A' G- } B" D' R D) y! f
Explanation) H/ F4 L. {# v) K
The “debug condition” command must be issued in Privileged mode (not global configuration mode)8 |& W/ d; T; i6 H/ l1 u8 D2 ^
Question 5
3 [# L1 s. \* W2 x: y, H' T6 UTwo hosts (PC A & PC B) in the same subnet (IP addresses 10.10.20.10 & 10.10.20.30, both /24) connected to Layer 2 switches each (using ports g0/5). The layer 2 switches connect to other switches which connects to a Multilayer (L3) switch.$ n5 v* F$ `/ m- j+ l% t
What is the reason PC A cannot reach PC B?7 K( R9 N h7 ~7 f
A. IP routing is not enabled in the L3 switch; K) C1 z1 ] A/ V6 h0 f) v! r) v9 t
B. Interfaces g0/5 of the switches are in different VLANs& A b6 ^: ^ X) d, M: ?, D2 {* X, b7 m* C3 U N" [1 M
C. PC A and PC B are in different subnets
- \3 g- r+ x3 k9 \. TD. ?
5 a5 n) ]7 ^4 W- ~. LAnswer: B
7 o. O: ` [+ u3 j) F8 C% c/ _Explanation L+ _% k ~9 x5 T; d
Suppose all the related ports are in up/up state then there are only two reasons that PCA & PCB cannot communicate:
: `7 U/ m2 p/ I/ @& Z+ These two PCs are in different VLANs* Y. H2 L- r+ T0 a- p
+ The ports on L3 switch that are connected to two Layer 2 switches are routing ports (with “no switchport” command)
5 P' `- E& r) c" s8 t- S1 bQuestion 6
- r+ _, Y5 ]5 M% GRefer to the exhibit
' v K% ?% }* b2 [8 KR1#show access-list% r" k; Z. W$ l7 ~( w5 n
IP access-list extended Super_User( e# r, Y/ R# F$ e* U, G) K2 r v( u) L3 O1 H) O
1 permit ip host xxxx host xxxxx5 _7 Y& P$ I4 _ W2 x
0 K3 N8 B2 V! x7 c2 permit ip host xxxx host xxxxx
! ]; S5 o4 Y/ f5 F2 j9 [6 l3 permit ip host xxxx host xxxxx# a6 y8 v. O# m o
1 H; _3 G5 `2 @6 r3 x9 P8 h# i, T$ k4 permit ip host xxxx host xxxxx& \$ y+ C- E u9 ^* {
5 permit ip host xxxx host xxxxx# Y% a+ ?3 l# y5 l6 N5 v' n( Y( ?3 ?
6 permit ip host xxxx host xxxxx( X* `: s" p: t, u4 o
8 u Q( x( x* M4 v7 permit ip host xxxx host xxxxx5 Q% j" [/ g) W: i2 H8 |* D* a& j1 ?7 y( B! Y2 D3 u" y
8 permit ip host xxxx host xxxxx
+ V% }" ~/ `3 Y! u! u+ q9 permit ip host xxxx host xxxx! S) T4 r& i' B2 T) T
Which of the following commands inserts five additional lines to the ACL Entry Sequence between lines 3 and 4 without changing the existing configuration?
$ `6 @2 d$ A! v a3 ~) K& _7 \4 g+ fA. R(conf)# ip access-list resequence Super_User 1 64 ]. A4 b3 D$ p3 ?$ G
B. R(conf)# ip access-list resequence Super_User 1 57 |& w' m% v) s7 S
% W4 L6 y2 ?) m6 kC. R(conf-nacl)# ip access-list resequence Super_User 1 6
) s# q. m: G" {4 R2 @& sD. R(conf-nacl)# ip access-list resequence Super_User 1 5 |
32#
2019-4-26 09:57:06
回复(0)
收起回复
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
