思科认证考试真题及答案9节.docx

思科认证考试真题及答案9节思科认证考试真题及答案9节 第1节 下列哪项对OSI第1层协议主要功能的描述最准确（）A.成帧B.将比特从一台设备传递到另一台设备C.编址D.DLCI正确答案：B 下面哪一项正确描述了路由协议()A.允许数据包在主机间传送的一种协议B.定义数据包中的格式和用法的一种方式C.通过执行一个算法来完成路由选择的一种协议D.指定MAC地址和IP地址捆绑的方式和时间的一种协议正确答案：C 在配置0SPF时，网络管理员使用环回接口的原因是（）A.只有环回地址可以用作OSPF的路由器IDB.环回接口用于设置OSPF度量C.环回地址高于配置的路由器优先级值D.环回接口是逻辑接口，不会失效正确答案：D 在一个运行OSPF的自治系统之内:()A.骨干区域自身也必须是连通的B.非骨干区域自身也必须是连通的C.必须存在一个骨干区域(区域号为0)D.非骨干区域与骨干区域必须直接相连或逻辑上相连正确答案：ACD “ipaccess-group”命令在接口上缺省的应用方向是什么"（）。A.inB.具体取决于接口应用哪个访问控制列表C.outD.无缺省值正确答案：C R1上执行show ip interface brief命令的输出中显示接口S0/0/0状态码为“up”和“down”，那么以下哪种情况可能属实A.接口当前配置了shutdown命令B.R1的串行接口两端协议不同C.R1的串行接口没有安装串行电缆D.两台路由器的串行链路，只有一端配置了IP地址正确答案：B思科认证考试真题及答案9节 第2节 Why would the Ezonexam administrator change the value of the spanning-tree priority of a switch?A. in order to optimize the path that frames take from source to destinationB. to increase the priority so a designated port will become a root portC. to increase the BID, so the switch is more likely to become root bridgeD. in order to allow VLANs to be sent from one switch to another across a single linkE. to force a given switch to become an STP serverF. None of the above正确答案：AA 解析：Explanation:The Bridge Priority is used to measure the preference of a bridge in the spanning-tree Algorithm. The possible values range between 0 and 65,535. The default setting is 32,768. By adjusting the priority, the root bridge can be manually assigned to meet the needs of the network administrator. Which command on router EzonexamA will assign the last usable IP address from the 192.168.32.128/28 subnetwork to a router interface?A. EzonexamA(config-if) ip address 192.168.32.142 255.255.255.240B. EzonexamA(config-if) ip address 192.168.32.143 255.255.255.240C. EzonexamA(config-if) ip address 192.168.32.158 255.255.255.240D. EzonexamA(config-if) ip address 192.168.32.145 255.255.255.240E. EzonexamA(config-if) ip address 192.168.32.144 255.255.255.240F. EzonexamA(config-if) ip address 192.168.32.158 255.255.255.240G. None of the above正确答案：AA 解析：Explanation:The last usable IP address would be 128 + (16-2) = 142 because only the last 4 bits of the last octet are used for host addressing. 通过路由器的“配置端口console”对路由器进行配置，应该使用的线缆为（）A.交叉线缆B.直通线缆C.反转线缆D.任意线缆正确答案：C 禁止RIP协议的路由聚合功能的命令是()A.noripB.no-summanyC.noauto-summanyD.nonetwork 10.0.0.0正确答案：C 在路由器上，命令show access-list的功能是（）A.显示访问控制列表内容B.显示路由表内容C.显示端口配置信息D.显示活动配置文件正确答案：A 以下哪些答案列出了一个可用于标准编号IPACL的有效数字（）A.1987B.2187C.187D.87正确答案：AD思科认证考试真题及答案9节 第3节 哪一个命令可以设置路由器特权用户的“明文密码”（）A.enable passwordB.passwordC.enable secretD.secret正确答案：A要在连接到服务器的端口上禁用STP,可使用下面哪个命令?()A.disable spanning-treeB.spanning-tree offC.spanning-tree securityD.spanning-tree portfast答案：D You have a class C network, and you need to design it for 5 usable subnets with each subnet handling a minimum of 18 hosts each. Which of the following network masks should you use?A225.225.224.0.B225.225.240.0.C225.225.255.0.D255.255.255.224E225.225.255.240正确答案：D解析：Explanation:ThedefaultsubnetmaskforclassCnetworkis255.255.255.0.Ifonehastocreate5subnets,then3bitsarerequired.With3bitswecancreate8subnets.Theremaining5bitsareusedforHosts.Onecancreate30hostsusing5bitsinhostfield.Thismatcheswiththerequirement.IncorrectAnswers:A,B:ThisisanillegalsubnetmaskforaclassCnetwork,asthethirdoctetcannotbedividedwhenusingaclassCnetwork.C:ThisisthedefaultsubnetmaskforaclassCnetwork.Itprovidesforonenetwork,with254usablehostIPaddresses.E:Thissubnetmaskwillprovidefor14separatenetworkswith14hostseach.Thisdoesnotmeettherequirementofaminimumof18hosts. 路由器“全局模式”的提示符为（）A.>B.C.(config)D.(config-router)正确答案：C下面哪项是一种第2层协议,用于确保网络没有环路?()A.VTPB.STPC.RIPD.CDP答案：B Ezonexam has implemented the use of the Virtual Trunking Protocol (VTP). Which statement below accurately describes a benefit of doing this?AVTP will allow physically redundant links while preventing switching loopsBVTP will allow switches to share VLAN configuration informationCVTP will allow a single port to carry information to more than one VLANDVTP will allow for routing between VLANsENone of the above正确答案：B思科认证考试真题及答案9节 第4节配置LACP时,在要使用的接口上必须将哪三个参数配置得完全相同?()A.虚拟MAC地址B.端口速度C.双工模式D.PortFastE.VLAN信息答案：BCE While troubleshooting a network connectivity problem, a Ezonexam technician observes steady link lights on both the workstation NIC and the switch port to which the workstation is connected. However, when the ping command is issued from the workstation, the output message "Request timed out." is displayed. At which layer of the 7-layer OSI model does the problem most likely exist?A. The data link layerB. The application layerC. The protocol layerD. The access layerE. The session layerF. The network layerG. None of the above正确答案：FF The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch's Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)AConfigure port Fa0/1 to accept connections only from the static IP address of the serverBConfigure the MAC address of the server as a static entry associated with port Fa0/1CEmploy a proprietary connector type on Fa0/1 that is incomputable with other host connectorsDConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the serverEBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address正确答案：BD解析：Explanation:You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port.When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host. The port's behavior. depends on how you configure it to respond to a security violation. When a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation. 请参见图示。主机A无法访问Internet。此问题的原因是什么A.主机A的IP地址不正确B.主机A的默认网关不正确C.两台路由器的Fa0/1接口配置了不同的子网D.R1Fa0/0的子网掩码不正确正确答案：C 路由器上，设置端口速率的命令是（）A.clock rateB.bandwidthC.setD.encap正确答案：B Which of the following a true statements regarding the use of VLANs to segment a network? (Select three)A. They increase the size of collision domainsB. They allow logical grouping of users by function.C. They can enhance network security.D. They increase the size of the broadcast domain while decreasing the number of collision domains.E. They increase the number of broadcast domains while decreasing the size of the broadcast domains.F. They simplify switch administration.正确答案：BCEB,C,E 解析：Explanation:VLANs are used to segment a LAN into multiple, smaller LANs. This can be used to enhance security as local traffic from one VLAN will not be passed to users in other VLANS.Incorrect Answers:A. VLANs are used to decrease the size of a collision domain, not increase it.D. The opposite is true.F. The default operation of a switch is to allow all traffic and to enable all ports in VLAN1. The use of VLANs will increase the complexity of the switch environment, making for more difficult administration.思科认证考试真题及答案9节 第5节 请参见图示10.4.0.0网络发生故障哪种机制可防止R2接收有关10.4.0.0网络的错误更新信息()A.水平分割B.抑制计时器C.路由毒化D.触发更新正确答案：A 请参见图示图中的所有网络都带有/24前缀假设网络中的所有路由器均已获知所有路由，哪个地址最适合总结图中的网络()A.192.168.8.0/21B.192.168.8.0/24C.192.168.16.0/24D.192.168.16.0/21正确答案：D While troubleshooting a connectivity problem on the network, you issue the ping command from your PC command prompt, but the output shows "request times out."At which OSI layer is this problem associated with?AThe data link layerBThe application layerCThe access layerDThe session layerEThe network layer正确答案：E解析：Explanation:TCP/IP includes ICMP, a protocol designed to help manage and control the operation of a TCP/IP network. The ICMP protocol provides a wide variety of information about a network's health and operational status. Control message is the most descriptive part of a name. ICMP helps control and manage IP's work and therefore is considered part of TCP/IP's network layer.你使用命令copy runningconfig startupconfig保存路由器的配置,并重启路由器,但路由器启动后没有任何运行配置。请问可能出现了什么问题?()A.启动路由器时使用的命令不对B.NVRAM受损C.配置寄存器的设置不正确D.新升级到的IOS与路由器硬件不兼容E.保存的配置与硬件不兼容答案：C The Ezonexam network administrator wants to ensure that only a single web server can connect to pot Fa0/1 on a catalyst switch. The server is plugged into the switch's Fast Eth. 0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of this server is allowed by switch port Fa0/1? (Choose two)AConfigure port Fa0/1 to accept connections only from the static IP address of the serverBConfigure the MAC address of the server as a static entry associated with port Fa0/1CEmploy a proprietary connector type on Fa0/1 that is incomputable with other host connectorsDConfigure port security on Fa0/1 to reject traffic with a source MAC address other than that of the serverEBind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address正确答案：BD解析：Explanation:You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port.When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host. The port's behavior. depends on how you configure it to respond to a security violation. When a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation. IP扩展访问列表的数字标示范围是多少（）。A.0-99B.1-99C.100-199D.101-200正确答案：C思科认证考试真题及答案9节 第6节 VLAN主干协议VTP的默认工作模式是()A.服务器模式B.客户端模式C.透明模式D.以上三者都不是正确答案：A 下列哪种广域网连接方式是电路交换（）A.ISDNB.E1C.DDND.Frame-relay正确答案：A 下列有关标准ACL和扩展ACL的说法中哪两种正确（）A.扩展ACL仅过滤源地址，必须放置在靠近目的地址的位置B.通常放置标准ACL后，所有数据包会通过网络并在目的地被过滤C.过滤要求较复杂时（例如根据特定协议进行过滤）使用标准ACLD.扩展ACL根据多种条件进行过滤，其放置在靠近源地址的位置，以减少通过网络的流量。正确答案：BD CHAP验证属于双向认证。此题为判断题(对，错)。正确答案： The Ezonexam network Topology is displayed in the exhibit below:A switch has been configured for three different VLANs: VLAN 2, VLAN 3, and VLAN 4. For the purposes of communication between VLANs a router is to be added. Host from one VLAN should be able to reach the hosts in the other VLANs.Based on this requirement, what type of connection is acceptable between the router and switch?(Select all valid answers)A10 Mbps EthernetB56 kbps serialC100 Mbps EthernetD1,544 Mbps serialE1000 Mbps Ethernet正确答案：CE解析：Explanation:Forallhoststobeabletoreacheachother,inter-VLANroutingwillneedtobeconfigured.InordertoprovideInter-VLANroutingbetweentherouterandtheswitch,atrunkwillneedtobesetup.ThistrunkcanbeeitherISLor802.1Q.Onarouter,theinterfacethatistobeusedasthetrunkcanbe100MbpsEthernet,GigabitEthernet,or10GigabitEthernet.Therefore,onlychoicesCorEarecorrect. A network administrator wants to control which user hosts can access the network based on their MAC address. What will prevent workstations with unauthorized MAC addresses from connecting to the network through a switch?A. BPDUB. Port securityC. RSTPD. STPE. VTPF. Blocking mode正确答案：BB 解析：Explanation:Understanding How Port Security Works:You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses specified for that port. Alternatively, you can use port security to filter traffic destined to or received from a specific host based on the host MAC address.When a secure port receives a packet, the source MAC address of the packet is compared to the list of secure source addresses that were manually configured or autoconfigured (learned) on the port. If a MAC address of a device attached to the port differs from the list of secure addresses, the port either shuts down permanently (default mode), shuts down for the time you have specified, or drops incoming packets from the insecure host.The port's behavior. depends on how you configure it to respond to a security violation. If a security violation occurs, the Link LED for that port turns orange, and a link-down trap is sent to the Simple Network Management Protocol (SNMP) manager. An SNMP trap is not sent if you configure the port for restrictive violation mode. A trap is sent only if you configure the port to shut down during a security violation.思科认证考试真题及答案9节 第7节 You are working as a network technician at Ezonexam University, when you get a call from the Engineering Faculty. They're complaining that they're receiving obsolete information from the Business Faculty's network traffic broadcasts.What can you do to contain the Business Faculty's broadcast while still keeping it connected to the internet and the enterprise services of the University? (Select all valid answer choices)A. Use half and full-duplex Ethernet on the Engineering Department LANB. Establish