|
|
发表于 2019-4-26 09:57:06
|
显示全部楼层
# m) O: ^" F# d6 ]
, b% y% g1 ~+ r# p/ h D# I4 X本帖最后由 小乔 于 2019-4-25 15:26 编辑: _* z# K. w4 b* [
* l) U9 t% K; ~7 H. t5 u# q9 c" `- n2 u9 L9 W/ }4 M# d8 X. @/ q1 P6 B
考生记忆内容,仅供参考
7 \5 h! n- _0 q* o; t
' W4 q8 x$ x e" t* `+ ZQuestion 1
- U6 _- [* X/ R; d2 s q4 nWhich of the following features allows a router to install a floating route in its routing table when the GRE tunnel goes down intermittently?
/ b, v0 b4 q5 n2 U, ]A. tracking objects- b3 y& ?; l/ A8 H
/ P) L! ]- p: Y8 I7 L( cB. IP SLA1 g2 ] K# \) ]5 I& b, H- H+ T, Q
& y6 J, o$ l% n1 P5 H2 yC. ?7 b0 N$ q* Y& Y8 M" [ M7 \
4 t+ |* v* Y7 ~0 K/ ?) M9 k3 mD. GRE keepalive
+ B- b9 @) h& o* ^* `Answer: D9 C c8 \, B7 U' P- z
Question 2
5 T. o% T, _' I2 E. h: s( X* lRefer to the exhibit.
3 L) b3 j9 S; L" Jaccess-list 101 permit tcp 89 any
, S- R+ T5 W. @+ oaccess-list 101 permit tcp any 10.1.1.1 0.0.0.0 eq 179$ i$ o5 V! F V) l5 O, J: B8 n6 C6 h" e: n" o+ L
access-list 101 permit tcp any eq 179 any8 D8 g" k& L) w. J# P$ e, Y
# u8 e4 w5 q. Zaccess-list 101 permit gre any any
0 j4 `: K' O. Q" taccess-list 101 permit tcp nse any2 y9 q( U: e" h3 [3 @4 {: V4 p
& Z$ T. c3 e) d& Q% g1 [: g% Gaccess-list 101 deny ospf any any2 |. J3 p* A7 M9 T8 F+ _9 L7 F: T
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 226 ] j( g0 k. F, h1 z( s
$ K9 R; U U: R) U) m( haccess-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq telnet0 W) e( O; k ^& r
access-list 101 permit tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 80% c# B9 j* j" |$ G( l0 P3 B, S
access-list 101 deny tcp 10.1.1.1 172.16.1.0 0.0.0.255 eq 2- z+ Q- w$ { ~# y W7 ?8 f
Which two routing protocols are permitted by the ACL above? (Choose two)
: A, X4 p/ h" c K" o8 X5 cA. BGP1 z- I; F+ B, r4 ]9 L, ^! W$ j8 _) F+ y+ b4 e
B. OSPF% S6 C* V: q1 [# L# A8 g- L# p% W6 h' O9 T' g0 E
C. EIGRP+ }; k9 `" N8 {" V2 @
D. GRE; M# m }" i q: E9 I) d( q
/ e# j# h& s9 M, J' M0 GE. NSE (something like that)
. m2 n0 z% j! ~7 `( N$ RAnswer: A D9 o$ h+ ]& ]; j% H. N' [
Explanation' |* H2 J! H4 {9 u9 R
BGP operates on TCP port 179 and the ACL statements “access-list 101 permit tcp any 10.1.1.1 eq 179” and “access-list 101 permit tcp any eq 179 any” allows BGP to go through.
6 d5 E8 d5 n' ]9 z1 r4 p: g9 wOSPF is denied with the “access-list 101 deny ospf any any” statement -> Answer B is not correct.. C( G: x/ t: ]; ~( G1 `" X1 B5 R
EIGRP runs directly over IP using IP protocol number 88 – it does not use TCP or UDP. In the above ACL statements there is no line for EIGRP so it will be dropped by implicit “deny all” statement at the end of the ACL -> Answer C is not correct.
7 u* w$ {* f5 J$ F' \5 \) r+ J) iGRE is allowed with the “access-list 101 permit gre any any” statement -> Answer D is correct.
% |- o- G3 B% W& aNote: There was a report saying that the correct answers were “OSPF” (the config was different and it was allowed in first statement) and “BGP” so please grasp the concept to solve this question properly.9 T: t5 a+ _* l0 a$ c/ I- F7 j6 m' j
Question 3
/ ~2 @! n* N; X% b JRefer to the exhibit.
! c* o$ I4 R, p5 ~R13 d2 }7 q, f7 \9 Q
N) c }; n2 K: q, y& Jint Gigabitethernet 0/0- F0 S' K9 }# c* C' X
ip address 10.10.20.2 255.255.55.0 R2; _ A! ?, P+ \/ ^/ U- S: q; u: |2 ^2 G, |" v% }
int Gigabitethernet 0/2
: f" Q- l4 ]; [$ Hip address 10.10.30.2 255.255.55.0% Y: k: D7 @2 i3 t2 u# t3 Y
' n/ |6 ~( l! k- {+ kR1#show ?6 R- [5 W2 B- C. l7 t1 B' y$ t" y/ t; n9 y$ z* y
interface Packets
# X7 q; l6 D3 ~ jSSH 06 I: y3 a1 p, F/ ~" B5 U: w: @
hsrp 10
% U, o2 S9 L4 B+ xR2#show ?2 T- g% m- b7 z" w% B: v1 G, c w* ?
interface Packets
% V9 X7 Y4 I$ gSSH 101 ^: o& r! d( n' |( w5 f
4 v/ l! P! |, _% g0 N# P3 Thsrp 200 \& O9 ~/ s$ ^! s
* c2 ^2 M" s) Ixxxx 309 L$ ^: k. K8 N2 t. Y$ J
R2#ssh -l admin 10.10.20.2
4 ^5 O2 I7 r/ x, i0 h%failure1 \; M- d& M7 d! F' _! q
A company is implementing Management Plane Protection (MPP) on its network. Which of the following commands allows R2 successfully connect to Router 1 via SSH?
# A6 \1 g& }. h% IA. ssh -p 22 -l admin 10.10.30.22 o. O& P7 x& n- p- l! B6 G6 @8 w8 `! z- C, n5 h
B. ssh -v 2 -l admin 10.10.30.2, U: V. B, x0 f8 S6 q+ c6 D: k1 ]# }8 n
C. ssh -p 22 -l admin 10.10.20.25 q, v0 K; }7 N- q7 Y/ {$ n; {8 V
D. ssh -v 2 -l admin 10.10.20.2
; `# K4 U! f5 S' t2 m% [Answer: B
" ^. ]& [: N1 I# rExplanation& [# Y% J* R7 F; t9 e- F$ z' m
SSH has the following options:
/ Q) F& D+ X* B9 f* LR1#ssh ?
1 B& o6 u) H d a-c Select encryption algorithm
2 B6 U5 E% c5 P7 M& j! U-l Log in using this user name% L1 `, ]" |9 |3 L. v2 n8 `% Y
-m Select HMAC algorithm2 [* f5 A# ^* [7 _4 z+ w2 F2 v
- E! V7 J, a; ?6 X1 }: j-o Specify options7 q5 ~, u8 ~1 C8 g
2 [3 z0 I& O; h7 Y) X4 V-p Connect to this port }6 m( ~' a1 i; G! W7 S% Y3 j( v9 U# x( v5 }
-v Specify SSH Protocol Version/ [; {. N' m9 B' q+ L3 k' m9 T' t; [# x# H' ~7 j
-vrf Specify vrf name, A7 Y' ]8 M Z: X* p: x- h9 c& t H; W
WORD IP address or hostname of a remote system6 {8 c0 [) L' J7 b5 L1 `: H: C* f# ^
; [# m' I& b$ {4 W+ ~$ \6 rIn this question it seems R1 does not allow SSH so we have to SSH to R2 (10.10.30.2).
1 L0 x* u1 l& G. lQuestion 4
1 w" O1 S/ l6 ^3 X) O7 v# I5 PSection 19 h9 n9 p8 h. u/ a, D
5 Q! K3 _' C, @" I( AIt shows some output (cant remember)- `( ^% @# `2 x( C2 [9 R5 I( \' u- G5 i% J3 v" }- x$ U
Section 2* B9 U" |/ q; I# }9 D9 v+ F" c8 E W1 v% l) c
Debugging is9 Z8 ^; Y' r$ y( W6 K/ E$ o2 B2 \9 H% v' z% U! m
Condition 1 – username6 a1 h' G& N5 k+ d1 F( U
1 k2 u) k" t! Y3 x: g% VCondition 2 – int g0/2+ V s" d) b4 L6 G
' x, [" q6 l( K4 c/ ~2 iSection 3
1 z. E1 {7 R6 I: Z2 C) vIt shows some output …
/ I; J5 L/ P' {9 [" t% r! pWhich of the following commands results in the Section 2 of the output above?
1 J$ [$ T, I1 \ xA., G' u) m( i1 T5 c c& A3 ]9 {
! Q$ p g a w# SR#debug condition username
$ E: N6 ^! J) _0 A( @R#debug condition interface g0/2' Y5 J( p, X- S; J6 R: O0 m/ }
B.& ]/ U0 C7 ]2 _4 o% b! k/ Q
R# debug condition interface g0/2
0 r( k) f1 d! ]2 m: H* I0 pR#debug condition username9 v* d1 P, J+ M" G9 H
C.
* g$ _8 B1 Q1 b: TR(conf)# debug condition username7 e% X: j. \9 |; J, S& Z6 _; p L- U" J" K; {+ o
R(conf)#debug condition interface g0/2
0 \9 F) k# H0 N4 D3 r; Y6 f* Y3 t, DD.2 f" ]* C5 j# I6 A: X7 f* `
$ x+ I# ^5 U1 C8 d" W fR(conf)#debug condition interface g0/29 O- Y: ?3 T) c" }9 p4 \8 p4 c5 C; v8 N! D3 d+ [6 P1 p
R(conf)# debug condition username
, @/ r* }% P6 G( R' Y' v2 [Answer: A
( r* a1 Z, i; ~6 r* L# ]2 c% `Explanation
% d# _8 n, A+ T6 i* h& uThe “debug condition” command must be issued in Privileged mode (not global configuration mode)4 x$ r- w$ J6 c$ t1 y! g' \9 Z0 k
Question 5
: W9 d. a/ g$ c/ w. bTwo hosts (PC A & PC B) in the same subnet (IP addresses 10.10.20.10 & 10.10.20.30, both /24) connected to Layer 2 switches each (using ports g0/5). The layer 2 switches connect to other switches which connects to a Multilayer (L3) switch.
/ J5 o; R6 `% G1 y: O |What is the reason PC A cannot reach PC B?
7 ?3 [/ |' A" D5 \* p1 U" xA. IP routing is not enabled in the L3 switch
' v8 t* Z2 A0 i/ u+ G7 ^. Z5 f' GB. Interfaces g0/5 of the switches are in different VLANs& A b6 ^: ^ X) d, M8 p$ k* x5 N P# t% c) g& L
C. PC A and PC B are in different subnets
) Z, c* \' \/ b, J( c* \" yD. ?; X, W: G& N9 V- ]2 M
Answer: B
! |# {/ }# D) U0 H) K3 OExplanation2 t- c+ [1 h2 E
Suppose all the related ports are in up/up state then there are only two reasons that PCA & PCB cannot communicate:1 W$ w4 ~8 i Q) s2 N/ r
+ These two PCs are in different VLANs
( ]8 l, k) p5 S+ The ports on L3 switch that are connected to two Layer 2 switches are routing ports (with “no switchport” command)* V' `1 v. P! A7 t
Question 6- G( L8 L" }/ h4 R0 v2 Q( ?
Refer to the exhibit+ Z" K1 L; H0 _) b5 g& W
R1#show access-list' S4 {2 }1 n" s) U1 O p8 W
IP access-list extended Super_User( e# r, Y/ R# F$ e* U) ?1 w' ]: }/ ]8 O9 m* h
1 permit ip host xxxx host xxxxx5 _7 Y& P$ I4 _ W2 x
% u6 W: D2 O1 X M! l+ X8 P5 ^2 permit ip host xxxx host xxxxx! U c! k( p, o
3 permit ip host xxxx host xxxxx# a6 y8 v. O# m o
; U3 l3 C# [8 R' Z6 A: A, E4 permit ip host xxxx host xxxxx2 |2 _; B1 Q; E& J; e+ ]
5 permit ip host xxxx host xxxxx: O! z* {% d" m( |
6 permit ip host xxxx host xxxxx( X* `: s" p: t, u4 o& H# E6 T8 r. ?; p5 _5 }2 G
7 permit ip host xxxx host xxxxx5 Q% j" [/ g) W: i2 H8 |* D. r7 ]! ^) u( b8 S1 l+ U8 G# [9 h
8 permit ip host xxxx host xxxxx
- ~# `* O% M, q6 |& M! ]+ Y9 permit ip host xxxx host xxxx
, H9 M5 [. i. A# _' j( k/ b+ YWhich of the following commands inserts five additional lines to the ACL Entry Sequence between lines 3 and 4 without changing the existing configuration?# }! y0 z3 E# A' Z6 B
A. R(conf)# ip access-list resequence Super_User 1 6
. C0 w+ L2 w M8 Y; R: `2 [B. R(conf)# ip access-list resequence Super_User 1 57 |& w' m% v) s7 S3 d s; E k) T. o
C. R(conf-nacl)# ip access-list resequence Super_User 1 6" E w8 S9 N; ^' Y# o
D. R(conf-nacl)# ip access-list resequence Super_User 1 5 |
|
简体中文
英语
日语
韩语
法语
西班牙语
越南语
泰语
阿拉伯语
俄语
葡萄牙语
德语
意大利语
希腊语
荷兰语
波兰语
保加利亚语
爱沙尼亚语
丹麦语
芬兰语
捷克语
罗马尼亚语
斯洛文尼亚语
瑞典语
匈牙利语
繁体中文
文言文
[复制链接]
