《2023年思科认证考试题库.doc》由会员分享,可在线阅读,更多相关《2023年思科认证考试题库.doc(88页珍藏版)》请在得力文库 - 分享文档赚钱的网站上搜索。
1、CCNA640-802 V13题库试题分析题库讲解:吴老师(艾迪飞CCIE实验室首发网站:1. What are two reasons that a network administrator would use access lists? (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traffic that
2、 originates from the router E. to replace passwords as a line of defense against security incursions Answer: AC解释一下:在VTY线路下应用ACL,可以控制从VTY线路进来的telnet的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WAN is classified as what type of physical network? A. point-to-point B. broadcast multi-access C. nonbroad
3、cast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C解释一下:在默认的情况下,帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。3 Refer to the exhibit. How many broadcast domains exist in the exhibited topology?A. one B. two C. three D. four E. five F. six Answer: C解释一下:广播域的问题,在默认的情况下,每个互换机是不
4、能隔离广播域的,所以在同一个区域的所有互换机都在同一个广播域中,但是为了减少广播的危害,将广播限制在一个更小的范围,有了VLAN的概念,VLAN表达的是一个虚拟的局域网,而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表达一个单独的广播域,这样一个VLAN中的广播的流量是不能传到其他的区域的,所以在上题中就有3个广播域了。4. A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experien
5、cing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF 6. The com
6、mand frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command? A. This command should be executed from the global configuration mode. B. The IP address 10.121.16.8 is the local router port used to forward data. C. 102 i
7、s the remote DLCI that will receive the information. D. This command is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer: E解释一下:关于命令 frame-relay map ip 10.121.16.8 102 broadcast ,这个命令用于手工静态添加一条映射,到达10.121
8、.16.8的流量封装一个DLCI号为102,并且这条PVC是支持广播的流量的,比如RIP的更新包。由于在默认的情况下,帧中继的网络为非广播的,而RIP在其上是无法发包的。8Which of the following are associated with the application layer of the OSI model? (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: BC解释一下:在OSI 7层模型中位于应用层的应用有telnet 和 ftp 这两种应用。9. For security reasons, t
9、he network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists? A. IP B. ICMP C. TCP D. UDP Answer: B解释一下:PING命令 运用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以假如要阻止PING的流量到网络,就只要过滤掉ICMP的应用就可以了。
10、10Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the
11、 configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem? A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address 192.168.3.1 255.25
12、5.255.0 B. Router(config)# router rip Router(config-router)# network 192.168.1.0 Router(config-router)# network 192.168.2.0 Router(config-router)# network 192.168.3.0 C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(config)# in
13、terface fastethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport trunk encapsulation isl Answer: A解释一下:这是一个多VLAN间通讯的问题,虽然都同在一台互换机上,但是由于处在不同的VLAN中,而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了,在互换机和路由器之间封装TRUNK,这样可以允许互换机间的二层的通讯,但是由于两个VLAN是划分到不同的网段中的,因此需要借助路由器的路由功能来实现三
14、层的可达,可以将VLAN中的主机的网关指定为路由器与该VLAN相连的子接口的地址,这样VLAN中的数据包就都会发往网关,而由网关来进行进一步的转发。在这个题中,题目给出了路由器的的子接口的网段,而又给出了VLAN 2与路由器相连的接口的IP地址,所以剩下的一个网段就是给VLAN 3的了 ,所以要在路由器上将与一个子接口划分到VLAN 3,并给其分派另一个网段中的IP地址。这样就可以了。11What are two recommended ways of protecting network device configuration files from outside network secu
15、rity threats? (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access from the outside to the network devices. C. Always use Telnet to access the device command line because its data is automatically encrypted. D. Use SSH or another encrypted and
16、authenticated transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption. Answer: BD解释一下:要保证外部的安全的站点才可以访问我的网络,这就涉及到了安全的问题了,我们 可以使用防火墙来限制外网中来的设备;也可以通过SSH或加密和认证来控制。12Refer to the exhibit. The access list has been configured on the S0/0 interface of rou
17、ter RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any A. source ip address: 192.168.15.5; destination port: 21 B. source ip address:, 192.168.15.37
18、 destination port: 21 C. source ip address:, 192.168.15.41 destination port: 21 D. source ip address:, 192.168.15.36 destination port: 23 E. source ip address: 192.168.15.46; destination port: 23 F. source ip address:, 192.168.15.49 destination port: 23 Answer: DE解释一下:这个访问列表定义了两个语句:access-list 101 d
19、eny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any 在访问列表中匹配的顺序是从上到下,假如匹配了某一句,就退出访问列表,假如没有就一直往下匹配,在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中,他定义的第一句是拒绝到从192.168.15.32- 192.168.15.47发出的任何的telnet 的流量,然后第二句定义的就是允许所有的IP流量。并且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。13 Refer to the exhib
20、it. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table? A. Switch1 will add 192.168.23.4 to the switching table. B. Switch1 will add 192.168.23.12 to the switc
21、hing table. C. Switch1 will add 000A.8A47.E612 to the switching table. D. Switch1 will add 000B.DB95.2EE9 to the switching table. Answer: C解释一下:互换机重新启动了,这个时候互换机的MAC地址表是空的,当主机A发送数据给主机C而通过互换机时,互换机根据他的工作的原理他要进行原MAC地址学习,而由于对于这个目的MAC地址无记录,而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中,互换机是记录下主机A的MAC地址000A.8A47.E61
22、2到他的MAC地址表中。14. he user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do? A. send a unicast ARP packet to the DSL modem/router B. send unicast ICMP packets to the DSL modem/router C. send Layer 3 broadcast pac
23、kets to which the DSL modem/router responds D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router Answer: B解释一下:在下面的表中我们可以看到ARP表中有关于192.168.1.254的ARP条目,所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient summarization tha
24、t R1 can use to advertise its networks to R2?A. 172.1.0.0/22 B. 172.1.0.0/21 C. 172.1.4.0/22 D. 172.1.4.0/24 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 E. 172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 Answer: C解释一下:这还是一个关于汇总的问题。规定R1将所有的网段用汇总的条目发送给R2,由于这些条目的网络位是相同的都为172.1,所以在这需要汇总的只是
25、第3个八位,将4,4,5,6,7 这些写成二进制的形式,然后找出相同的位数,则有相同位数的字节就是他们的掩码的位数,而最小的有相同位的最小的数字就是他们的基数位,所以R1通告出去 汇总的条目为172.2.4.0/22。16. Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How will the de
26、fault route configured on R1 affect the operation of R2? A. Any packet destined for a network that is not directly connected to router R1 will be dropped. B. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately. C. Any packet destined for a networ
27、k that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1. D. The networks directly connected to router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks. E. Any packet destined for a network
28、 that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur. Answer: E解释一下:在R1上产生了一个OSPF的缺省路由,出接口指定为S0/0,这条缺省路由以5类LSA的形式通告给了R2,于是R2上也有了一条标记为O*E2 0.0.0.0/0 出接口为 Serial0/0的路由。所以R2收到任何路由表中没有的目的网段时,就将指定给R1,而R1根据
29、缺省路由的出接口又将数据包发往R2,这样就形成了一个路由的环路。17. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port? A. This is a 10 Mb/s switch port. B. This is a 100 Mb/s switch port. C. This is an E
30、thernet port operating at half duplex. D. This is an Ethernet port operating at full duplex. E. This is a port on a network interface card in a PC. Answer: C解释一下:一个接口有冲突检测和载波侦听,并且是使用双绞线的网络,那么对于这个接口我们可以推测出他是以太接口,并且是工作在半双工的模式下。20. Refer to the topology and router configuration shown in the graphic. A
31、host on the LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?A. 10.10.0.1 B. 10.10.0.2 C. 199.99.9.33 D. 199.99.9.57 E. 200.2.2.17 F. 200.2.2.18 Answer: D解释一下:这是个NAT
32、地址转换的题目,在这f0/0接口连接下的为私有的地址,这些地址是不能同外网进行通讯的,这时就借助NAT,将内网的私有地址转换为可以在公网上通讯的地址,我们看到NAT POOL 中定义的转换后的公有地址为199.99.9.40到199.99.9.62,则表达这段地址是我转换后的内网全局地址,所以HOST想要穿过INTERNET访问FTP服务器,则需要转换为公有地址199.99.9.40到199.99.9.62之内的地址,在上面的答案中只有地址199.99.9.57满足条件,所以答案就是D了。21. A company is installing IP phones. The phones and
33、 office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and co
34、mputers, and what technology should be implemented on this device? (Choose two.) A. hub B. router C. switch D. STP E. subinterfaces F. VLAN Answer: CF解释一下:公司的语音设备和办公的设备都连在相同的设备上,还要保证语音的数据流在不同与公司的办公的数据流量,最佳的网络设备当然是互换机了,然后运用VLAN的技术就完全可以满足所有的规定了。22. Refer to the exhibit. Which statement describes DLCI
35、17? A. DLCI 17 describes the ISDN circuit between R2 and R3. B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1. C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3. D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider. Answer: C解释一下:DLCI是在Fra
36、me-relay中的描述二层信息的地址,他的地位等同于以太网中的MAC地址。我们以R2上的DLCI 17来看,DLCI 17描述的是:从这个接口出去的目的地为R3的接口的这条PVC的二层的地址为17。23. Which routing protocol by default uses bandwidth and delay as metrics? A. RIP B. BGP C. OSPF D. EIGRP Answer: D解释一下:在我们的路由协议中使用复合度量的协议只有IGP和EIGPR,而他们在默认的情况下是使用带宽和延时来计算度量的。25. In the implementation
37、 of VLSM techniques on a network using a single Class C IP address, which subnet mask is the most efficient for point-to-point serial links? A. 255.255.255.0 B. 255.255.255.240 C. 255.255.255.248 D. 255.255.255.252 E. 255.255.255.254 Answer: D解释一下:在点到点的链路上由于只需要分派两个地址给两端就可以了,所以加上网络地址和广播地址,这个网段也就只需要有4
38、个地址了,所以网络位需要匹配30位,掩码就为255.255.255.25226. Refer to the exhibit. The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.) A. 192.168.194.160 B. 192.168.183.41 C. 192.168.159.2 D. 192
39、.168.183.255 E. 192.168.179.4 F. 192.168.184.45 Answer: BE解释一下:这个题其实就是考察的汇总的问题,他说的意思是R2发送了一个汇总的路由192.168.176.0/21给R1,哪两个包文的目的地R1仍将转发给R2。这还是汇总的问题的一个反向的考察,根据21位的掩码位数可以推断在第3个八位字节的前5位是相同的,不同的是后面的3位,而将176写成二进制的形式为1011 0000,所以可以看出来明细的路由可以是176-183,所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。27. Refer to the exhibit. Swi
40、tch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data? A. Switch-1 will drop the data because it does not have an entry for that MAC address. B. Switch-1 will flood the data out all of its ports except the port from which the data originated. C
41、. Switch-1 will send an ARP request out all its ports except the port from which the data originated. D. Switch-1 will forward the data to its default gateway. Answer: B解释一下:一方面Switch 1需要发送一个数据到MAC地址为00b0.d056.efa4的主机,了解到目的地后,就查看他的MAC 地址表,然后发现在MAC地址表中没有这个MAC地址的条目存在。互换机在收到未知的单播,组播和广播时,都采用的是泛洪的方式,往除收到
42、数据的这个接口外的所有接口都发送。所以在这儿,Switch 1也采用的上泛洪的方式。28. wo routers named Atlanta and Brevard are connected by their serial interfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct configuration. Given the partial configurations shown in
43、the exhibit, what is the problem on the Brevard router that is causing the lack of connectivity? A. A loopback is not set. B. The IP address is incorrect. C. The subnet mask is incorrect. D. The serial line encapsulations are incompatible. E. The maximum transmission unit (MTU) size is too large. F.
44、 The bandwidth setting is incompatible with the connected interface. Answer: B解释一下:很明显的错误啊,两台路由器的串行接口的地址配置错误,不是在相同的网段,从而导致了不能通讯。29. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.) A. amount of RAM B. bridge priority C. IOS version D. IP address E. MAC addres
45、s F. speed of the links Answer: BE解释一下:生成树的选举的问题,根桥的选举是通过比较的,而由桥优先级和地址组成的所以在选根桥的时候需要比较的是桥优先级和address。30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers? A. Switch1 B. Switch2 C. Switch3 D. Switch4 Answer: C解释一下:这是
46、个关于生成树选举的问题,我们一方面需要找到根桥,而根桥的选举是通过比较桥ID的,并且是越小越优先,桥ID的组成为桥优先级和MAC地址。所以我们通过上图可以找到根桥为switch 1。然后在非根桥上选出根端口,通过比较到根桥的花费来选举的,花费最小的就是根端口。由于上图中没有表达出链路的带宽,所以无法比较他们的花费。下一步我们来选举指派端口。每条链路都需要有一个DP,先是比较花费,假如花费相同则比较BID(桥优先级),仍是越小越优先,根据上图的表识,我们可以找到每条链路上的DP,而连Printers的链路上的DP就为Switch 3,由于他有更小的MAC地址。32. Refer to the e
47、xhibit. Why would the network administrator configure RA in this manner?A. to give students access to the Internet B. to prevent students from accessing the command prompt of RA C. to prevent administrators from accessing the console of RA D. to give administrators access to the Internet E. to preve
48、nt students from accessing the Internet F. to prevent students from accessing the Admin network Answer: B解释一下:在这儿,将应用到线路下,并且是的方向,表达凡是被我的允许的才干telnet到我在上配置的是permit 10.1.1.0 0.0.0.255根据隐式的deny any 允许dmin的网段中的用户可以telnet到他,所以tudent的网段中的用户是被拒绝的33. In order to allow the establishment of a Telnet session with a router, which
黑公网安备:91230400333293403D