2023年思科认证考试题库.doc
《2023年思科认证考试题库.doc》由会员分享,可在线阅读,更多相关《2023年思科认证考试题库.doc(88页珍藏版)》请在淘文阁 - 分享文档赚钱的网站上搜索。
1、CCNA640-802 V13题库试题分析题库讲解:吴老师(艾迪飞CCIE实验室首发网站:1. What are two reasons that a network administrator would use access lists? (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traffic that
2、 originates from the router E. to replace passwords as a line of defense against security incursions Answer: AC解释一下:在VTY线路下应用ACL,可以控制从VTY线路进来的telnet的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WAN is classified as what type of physical network? A. point-to-point B. broadcast multi-access C. nonbroad
3、cast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C解释一下:在默认的情况下,帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。3 Refer to the exhibit. How many broadcast domains exist in the exhibited topology?A. one B. two C. three D. four E. five F. six Answer: C解释一下:广播域的问题,在默认的情况下,每个互换机是不
4、能隔离广播域的,所以在同一个区域的所有互换机都在同一个广播域中,但是为了减少广播的危害,将广播限制在一个更小的范围,有了VLAN的概念,VLAN表达的是一个虚拟的局域网,而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表达一个单独的广播域,这样一个VLAN中的广播的流量是不能传到其他的区域的,所以在上题中就有3个广播域了。4. A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experien
5、cing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF 6. The com
6、mand frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command? A. This command should be executed from the global configuration mode. B. The IP address 10.121.16.8 is the local router port used to forward data. C. 102 i
7、s the remote DLCI that will receive the information. D. This command is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer: E解释一下:关于命令 frame-relay map ip 10.121.16.8 102 broadcast ,这个命令用于手工静态添加一条映射,到达10.121
8、.16.8的流量封装一个DLCI号为102,并且这条PVC是支持广播的流量的,比如RIP的更新包。由于在默认的情况下,帧中继的网络为非广播的,而RIP在其上是无法发包的。8Which of the following are associated with the application layer of the OSI model? (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: BC解释一下:在OSI 7层模型中位于应用层的应用有telnet 和 ftp 这两种应用。9. For security reasons, t
9、he network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists? A. IP B. ICMP C. TCP D. UDP Answer: B解释一下:PING命令 运用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以假如要阻止PING的流量到网络,就只要过滤掉ICMP的应用就可以了。
10、10Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the
11、 configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem? A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address 192.168.3.1 255.25
12、5.255.0 B. Router(config)# router rip Router(config-router)# network 192.168.1.0 Router(config-router)# network 192.168.2.0 Router(config-router)# network 192.168.3.0 C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(config)# in
13、terface fastethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport trunk encapsulation isl Answer: A解释一下:这是一个多VLAN间通讯的问题,虽然都同在一台互换机上,但是由于处在不同的VLAN中,而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了,在互换机和路由器之间封装TRUNK,这样可以允许互换机间的二层的通讯,但是由于两个VLAN是划分到不同的网段中的,因此需要借助路由器的路由功能来实现三
14、层的可达,可以将VLAN中的主机的网关指定为路由器与该VLAN相连的子接口的地址,这样VLAN中的数据包就都会发往网关,而由网关来进行进一步的转发。在这个题中,题目给出了路由器的的子接口的网段,而又给出了VLAN 2与路由器相连的接口的IP地址,所以剩下的一个网段就是给VLAN 3的了 ,所以要在路由器上将与一个子接口划分到VLAN 3,并给其分派另一个网段中的IP地址。这样就可以了。11What are two recommended ways of protecting network device configuration files from outside network secu
15、rity threats? (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access from the outside to the network devices. C. Always use Telnet to access the device command line because its data is automatically encrypted. D. Use SSH or another encrypted and
16、authenticated transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption. Answer: BD解释一下:要保证外部的安全的站点才可以访问我的网络,这就涉及到了安全的问题了,我们 可以使用防火墙来限制外网中来的设备;也可以通过SSH或加密和认证来控制。12Refer to the exhibit. The access list has been configured on the S0/0 interface of rou
17、ter RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any A. source ip address: 192.168.15.5; destination port: 21 B. source ip address:, 192.168.15.37
18、 destination port: 21 C. source ip address:, 192.168.15.41 destination port: 21 D. source ip address:, 192.168.15.36 destination port: 23 E. source ip address: 192.168.15.46; destination port: 23 F. source ip address:, 192.168.15.49 destination port: 23 Answer: DE解释一下:这个访问列表定义了两个语句:access-list 101 d
19、eny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any 在访问列表中匹配的顺序是从上到下,假如匹配了某一句,就退出访问列表,假如没有就一直往下匹配,在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中,他定义的第一句是拒绝到从192.168.15.32- 192.168.15.47发出的任何的telnet 的流量,然后第二句定义的就是允许所有的IP流量。并且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。13 Refer to the exhib
20、it. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table? A. Switch1 will add 192.168.23.4 to the switching table. B. Switch1 will add 192.168.23.12 to the switc
21、hing table. C. Switch1 will add 000A.8A47.E612 to the switching table. D. Switch1 will add 000B.DB95.2EE9 to the switching table. Answer: C解释一下:互换机重新启动了,这个时候互换机的MAC地址表是空的,当主机A发送数据给主机C而通过互换机时,互换机根据他的工作的原理他要进行原MAC地址学习,而由于对于这个目的MAC地址无记录,而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中,互换机是记录下主机A的MAC地址000A.8A47.E61
22、2到他的MAC地址表中。14. he user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do? A. send a unicast ARP packet to the DSL modem/router B. send unicast ICMP packets to the DSL modem/router C. send Layer 3 broadcast pac
23、kets to which the DSL modem/router responds D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router Answer: B解释一下:在下面的表中我们可以看到ARP表中有关于192.168.1.254的ARP条目,所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient summarization tha
24、t R1 can use to advertise its networks to R2?A. 172.1.0.0/22 B. 172.1.0.0/21 C. 172.1.4.0/22 D. 172.1.4.0/24 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 E. 172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 Answer: C解释一下:这还是一个关于汇总的问题。规定R1将所有的网段用汇总的条目发送给R2,由于这些条目的网络位是相同的都为172.1,所以在这需要汇总的只是
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- 2023 思科 认证 考试 题库
限制150内