CCNA题库

Exam AQUESTION 1A network engineer must create a diagram of a multivendor network.which command must be configured on the Cisco devices so that the topology of the network can be mapped?A.Device(config)#lldp runB.Device(config)#cdp runC.Device(config)# cdp enableD.Device(config)# flow-sampler-map topologyCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 2Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks?A.CPU ACLB.TACACSC.Flex ACLD.RADIUSCorrect Answer: ASection: (none)ExplanationExplanation/Reference:Reference:https:///c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.htmlQUESTION 3When a site-to-site VPN is used, which protocol is responsible for the transport of user data?A.IKEv2B.IKEv1C.IPsecD.MD5Correct Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 4How do TCP and UDP differ in the way that they establish a connection between two endpoints？A.TCP use the three-way handshake,and UDP dose no guarantee message deliveryB.TCP use synchronization packets,and UDP uses acknowledgement packetsC.UDP provides reliable message transfer,and TCP is a connectionless protocol.D.UDP use SYN,SYN ACK,and FIN bits in the frame header while TCP uses SYN,SYN ACK,and ACK bis.Correct Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 5What are two reasons that cause late collisions to increment on an Ethernet interface?(choose two)A.when the sending device waits 15 seconds before sending the frame againB.when the cable length limits are exceededC.when one side of the connection is configured for half-duplexD.when Carner Sense Multiple Access/Collision Detection is usedE.when a collision occurs after the 32nd byte of a frame has been transmittedCorrect Answer: BDSection: (none)ExplanationExplanation/Reference:QUESTION 6A Cisco IP phone receive untagged data traffic from an attached PC. Which action is taken by the phone?A.It allows the traffic to pass through unchangedB.It drops the trafficC.It tags the traffic with the default VLAND.It tags the traffic with the native VLANCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 7Refer to the exhibit. The show ip ospf interface command has been executed on R1 How is OSPF configured?A.The interface is not participating in OSPFB.A point-to-point network type is configuredC.The default Hello and Dead timers are in useD.There are six OSPF neighbors on this interfaceCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 8What benefit does controller-based networking provide versus traditional networking?A.provides an added layer of security to protect from DDoS attacksbines control and data plane functionality on a single device to minimize latencyC.moves from a two-tier to a three-tier network architecture to provide maximum redundancyD.allows configuration and monitoring of the network from one centralized pointCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 9When a floating static route is configured, which action ensures that the backup route is used when the primary route fails?A.The floating static route must have a higher administrative distance than the primary route so it is used as a backupB.The administrative distance must be higher on the primary route so that the backup route becomes secondary.C.The floating static route must have a lower administrative distance than the primary route so it is used as a backupD.The default-information originate command must be configured for the route to be installed into the routing tableCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 10Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol?A.onB.autoC.activeD.desirableCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 11What are two descriptions of three-tier network topologies? (Choose two.)A.The distribution layer runs Layer 2 and Layer 3 technologies.B.The network core is designed to maintain continuous connectivity when devices fail.C.The core layer maintains wired connections for each host.D.The core and distribution layers perform the same functionsE.The access layer manages routing between devices in different domains.Correct Answer: ABSection: (none)ExplanationExplanation/Reference:QUESTION 12Refer to the exhibit.which statement explains the configuration error message that is received?A.it belongs to a private IP address rangeB.the router dose not support /28 maskC.it is a network IP addressD.it is a broadcast IP addressCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 13what is the expected outcome when an EUI-64 address is generated?A.The seventh bit of original MAC address of the interface is invertedB.The interface ID is configured as a random 64-bit valueC.The characters FE80 are inserted at the beginning of the MAC address of the interfaceD.The MAC address of the interface is used as the interface ID without modificationCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 14Which function does an SNMP agent perform?A.It manages routing between Layer 3 devices in a network,B.It coordinates user authentication between a network device and a TACACS+ or RADIUS server.C.It sends information about MIB variables in response to requests from the NMS.D.It requests information from remote network nodes about catastrophic system events.Correct Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 15Refer to the exhibit.The default-information originate command is configured under the R1 OSPF configuration.After testing,workstation on VLAN 20 at Site B cannot reach a DNS server on the Internet.wihch action corrects the configuration issue?A.Add the default-information originate command on R2B.Add the always keyword to the default-information originate command on R1C.Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1D.Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.2 command on R2Correct Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 16What are two benefits of network automation? (Choose two)A.reduced operational costsB.reduced hardware footprintC.faster changes with more reliable resultsD.fewer network failuresE.increased network securityCorrect Answer: ACSection: (none)ExplanationExplanation/Reference:QUESTION 17Which two command sequences must you configure on a switch to establish a Layer 3 EtherChannel with an open-standard protocol?(choose two) A.interface GigabitEthernet0/0/1Channel-group 10 mode activeB.interface GigabitEthernet0/0/1Channel-group 10 mode autoC.interface GigabitEthernet0/0/1Channel-group 10 mode onD.interface port-channel 10no switchportip address 172.16.0.1 255.255.255.0E.interface port-channel 10switchportSwitchport mode trunkCorrect Answer: ADSection: (none)ExplanationExplanation/Reference:QUESTION 18Which command prevents passwords from being stored in the configuration as plaintext on a router or switch?A.enable secretB.service password-encryptionername Cisco password encryptD.enable passwordCorrect Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 19R1 has learned route 10.10.10.0/24 via numerous routing protocols,which route is installed?A.route with the lowest costB.route with the shortest prefix lengthC.route with the next hop that has the highest IPD.route with the lowest administrative distanceCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 20which network allows devices to communicate without the need to access the internet?A.172.9.0.0/16B.172.28.0.0/16C.192.0.0.0/18D.209.165.201.0/24Correct Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 21Which attribute does a router use to select the best path when two or more different routes to the same destination exist from two different routing protocols?A.dual algorithmB.metricC.administrative distanceD.hop countCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 22which command must be entered when a device is configured as an NTP server?A.ntp masterB.ntp severC.ntp authenticateD.ntp peerCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 23When OSPF learns multiple paths to a network, how does it select a route?A.It multiple the active K value by 256 to calculate the route with the lowest metric.B.For each existing interface, it adds the metric from the source router to the destination to calculate the route with the lowestbandwidth.C.It divides a reference bandwidth of 100 Mbps by the actual bandwidth of the existing interface to calculate the router with the lowestcost.D.It count the umber of hops between the source router and the destination to determine the router with the lowest metricCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 24What is a characteristic of spine-and-leaf architecture?A.It provides variable latency.B.Each link between leaf switches allows for higher bandwidth.C.Each device is separated by the same number of hops.D.It provides greater predictability on STP blocked ports.Correct Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 25Which two outcomes are predictable behaviors for HSRP? (Choose two)A.The two routers share a virtual IP address that is used as the default gateway for devices on the LAN.B.The two routers negotiate one router as the active router and the other as the standby routerC.Each router has a different IP address both routers act as the default gateway on the LAN, and traffic is load balanced betweenthem.D.The two routers synchronize configurations to provide consistent packet forwardingE.The two routed share the same IP address, and default gateway traffic is load-balanced between themCorrect Answer: ABSection: (none)ExplanationExplanation/Reference:QUESTION 26Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface?A.explicitly assign a link-local addressB.disable the EUI-64 bit processC.enable SLAAC on an interfaceD.configure a stateful DHCPv6 server on the networkCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 27Refer to the exhibit. What is the effect of this configuration?A.The switch port interface trust state becomes untrustedB.The switch port remains administratively down until the interface is connected to another switchC.Dynamic ARP inspection is disabled because the ARP ACL is missingD.The switch port remains down until it is configured to trust or untrust incoming packetsCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 28In which way does a spine-and-leaf architecture allow for scalability in a network when additional access ports are required?A. A spine switch and a leaf switch can be added with redundant connections between themB. A spine switch can be added with at least 40 GB uplinksC. A leaf switch can be added with connections to every spine switchD. A leaf switch can be added with a single connection to a core spine switchCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 29Refer to the exhibit.Router R1 is running three different routing protocols.Which route characteristic is used by the router to forward the packet that receives fordestination IP 172.16.32.1?A.metricB.longest prefixC.costD.administrative distanceCorrect Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 30Which configuration is needed to generate an RSA key for SSH on a router?A.Configure the version of SSHB.Configure VTY access.C.Create a user with a passwordD.Assign a DNS domain nameCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 31Which API is used in controller-based architectures to interact with edge devices?A.overlayB.northboundC.underlayD.southboundCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 32Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1.which configuration accomplishes this task?A.R1# config tR1(config)# ip routingR1(config)# ip route default-route 192.168.1.1B.R1# config tR1(config)# ip routingR1(config)# ip route 0.0.0.0 0.0.0.0 192.168.1.1C.R1# config tR1(config)# ip routingR1(config)# ip route 192.168.1.1 0.0.0.0 0.0.0.0D.R1# config tR1(config)# ip routingR1(config)# ip default-gateway 192.168.1.1Correct Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 33What is a benefit of using a Cisco Wireless LAN Controller?A.Central AP management requires more complex configurationsB.Unique SSIDs cannot use the same authentication methodC.It supports autonomous and lightweight APsD.It eliminates the need to configure each access point individuallyCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 34An engineer must configure a /30 subnet between two routers.which usable IP address and subnet mask combination meets this criteria?A.interface e0/0description to HQ-A370:98968ip address 10.2.1.3 255.255.255.252B.interface e0/0description to HQ-A370:98968ip address 192.168.1.1 255.255.255.248C.interface e0/0description to HQ-A370:98968ip address 172.16.1.4 255.255.255.248D.interface e0/0description to HQ-A370:98968ip address 209.165.201.2 255.255.255.252Correct Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 35Which unified access point mode continues to serve wireless clients after losing connectivity to the Cisco Wireless LAN Controller?A.snifferB.meshC.flexconnectD.localCorrect Answer: CSection: (none)ExplanationExplanation/Reference:https:///c/en/us/td/docs/wireless/controller/8-5/configguide/b_cg85/flexconnect.htmlQUESTION 36Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured?A.passiveB.mode onC.autoD.activeCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 37which WPA3 enhancement protects against hackers viewing traffic on the Wi-Fi network?IP encryptionB.SAE encryptionC.AES encryptionD.scrambled encryption keyCorrect Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 38Refer to the exhibit. An engineer is bringing up a new circuit to the MPLS provider on the Gi0/1 interface of Router1.The new circuit uses eBGP and teams the route to VLAN25 from the BGP path. What is the expected behavior for the traffic flow for route10.10.13.0/25?A.Traffic to 10.10.13.0.25 is load balanced out of multiple interfacesB.Route 10.10.13.0/25 is updated in the routing table as being learned from interface Gi0/1.C.Traffic to 10.10.13.0/25 is a symmetricalD.Route 10.10.13.0/25 learned via the Gi0/0 interface remains in the routing tableCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 39Refer to the exhibit.How does router R1 handle traffic to 192.168.10.16?A.It selects the EIGRP route because it has the lowest administrative distanceB.It selects the RIP route because it has the longest prefix inclusive of the destination addressC.It selects the OSFP route because it has the lowest costD.It selects the IS-IS route because it has the shortest prefix inclusive of the destination addressCorrect Answer: BSection: (none)ExplanationExplanation/Reference:QUESTION 40Which two actions influence the EIGRP route selection process? (Choose two)A.The router calculates the reported distance by multiplying the delay on the exiting Interface by 256.B.The router calculates the best backup path to the destination route and assigns it as the feasible successor.C.The router calculates the feasible distance of all paths to the destination routeD.The advertised distance is calculated by a downstream neighbor to inform the local router of the bandwidth on the linkE.The router must use the advertised distance as the metric for any given routeCorrect Answer: BCSection: (none)ExplanationExplanation/Reference:QUESTION 41Refer to the exhibit.which two commands were used to create port channel 10?(choose two)A.int range g0/0-1Channel-group 10 mode activeB.Bint range g0/0-1Channel-group 10 mode desirableC.int range g0/0-1Channel-group 10 mode passiveD.int range g0/0-1Channel-group 10 mode autoE.int range g0/0-1Channel-group 10 mode onCorrect Answer: ACSection: (none)ExplanationExplanation/Reference:QUESTION 42What is a difference between RADIUS and TACACS+?A.TACACS+ encrypts only password information and RADIUS encrypts the entire payloadB.RADIUS logs all commands that are entered by the administrator, but TACACS+ logs only start, stop, and interim commandsC.RADIUS is most appropriate for dial authentication, but TACACS+ can be used for multiple types of authenticationD.TACACS+ separates authentication and authorization, and RADIUS merges themCorrect Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 43Refer to the exhibit. A network engineer must block access for all computers on VLAN 20 to the web server via HTTP. All other computers must be able to access the web server.Which configuration when applied to switch A accomplishes this task?A.B.C.D.Correct Answer: DSection: (none)ExplanationExplanation/Reference:QUESTION 44Refer to the exhibit. How does the router manage traffic to 192.168.12.16?A.It selects RIP route because it has the longest prefix inclusive of the destination addressB.It chooses the EIGRP route because it has the lowest administrative distanceC.It load-balances traffic between all three routesD.It chooses the OSPF route because it has the longest prefix inclusive of the destination address Correct Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 45What is an advantage of Cisco DNA Center versus traditional campus device management?A.It supports numerous extensibility options including cross-domain adapters and third-party SDKs.B.It supports high availability for management functions when operating in cluster mode.C.It enables easy autodiscovery of network elements m a brownfield deployment.D.It is designed primarily to provide network assuranceCorrect Answer: ASection: (none)ExplanationExplanation/Reference:QUESTION 46While examining excessive traffic on the network,it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two)A.The packets fail to match any permit statementB.A matching permit statement is too high in the access testC.A matching deny statement is too high in the access listD.A matching permit statement is too broadly definedE.The ACL is emptyCorrect Answer: BDSection: (none)ExplanationExplanation/Reference:QUESTION 47Which design element is a best practice when deploying an 802.11b wireless infrastructure?A.disabling TPC so that access points can negotiate signal levels with their attached wireless devices.B.setting the maximum data rate to 54 Mbps on the Cisco Wireless LAN ControllerC.allocating non overlapping channels to access points that are in close physical proximity to one anotherD.configuring access points to provide clients with a maximum of 5 MbpsCorrect Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 48How do traditional campus device management and Cisco DNA Center device management differ in regards to deployment?A.Cisco DNA Center device management can be implemented at a lower cost than most traditional campus device management optionsB.Traditional campus device management schemes can typically deploy patches and updates more quickly than Cisco DNA Center device management.C.Cisco DNA Center device management can deploy a network more quickly than traditional campus device managementD.Traditional campus device management allows a network to scale more quickly than with Cisco DNA Center device management.Correct Answer: CSection: (none)ExplanationExplanation/Reference:QUESTION 49Which two actions are performed by the Weighted Random Early Detection mechanism?(Choose two)A.It drops lower-priority packets before it drops higher-priority packetsB.It can identify different flows with a high level of granularityC.It guarantees the delivery of high-priority packetsD.It can mitigate congestion by preventing the queue from filling upE.IT supports protocol discoveryCorrect Answer: ADSection: (none)ExplanationExplanation/Reference:加权随机先期检测（WRED：Weighted Random Early Detection）是将随机先期检测与优先级排队结合起来，这种结合为高优先级分组提供了优先通信处理能力。

CCNA中英对照题库(0-10.pdfCCNA （200-120）题库中英对照整理于：2015 年 3 月 31 日版本：1.2 声明：本题库来源互联网（鸿鹄论坛）本题库为英文考试原版左右选择题中文考试为随机抽取英文题的中译版此题库非中文考试题库，而是英文题库手动翻译此题库为手工个人翻译，存在错误和不妥难免，不代表任何官方机构和组织本题库旨在更好的理解英文原本题库，也可以用于中文考试参考用。

如发现任何错误或不当之处，可以自行修改，但请更新版本以免混乱，也可致上传者。

QUESTION 001 Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.) 参照下图，这个图示显示了Ｒ１接受到如图所示数据帧的时候会怎么做？ A. Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965. Ｒ１会剥离源ＭＡＣ地址，以 0000：0C36.6965 代替。

B. Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1. Ｒ１会剥离源 IP 地址，1/ 10以 192.168.40.1 代替。

C. Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320. Ｒ１会剥离源ＭＡＣ地址，以 0000：0C36.6965 代替。

D. Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1. Ｒ１会剥离目的 IP 地址，以 192.168.40.1 代替。

一、选择题1. 计算机网络是分布在不同地理位置的多个独立的_____的集合。

( D )A. 局域网系统B. 多协议路由器C. 操作系统D. 自治计算机2．在同一个信道上的同一时刻，能够进行双向数据传送的通信方式是___ __ 。

( C )A.单工B.半双工C.全双工D.上述三种均不是3．下面哪一个是合法的URL？ ( B )A.http:B.ftp:///abc.rarC.file:///C:/Downloads/abc.rarD.abc.html 4．简单网络管理协议SMTP处于网络体系结构的 . ( )A.互连层B.传输层C.应用层D. 逻辑连路控制层5. 在常用的传输介质中，带宽最宽、信号衰减最小、抗干扰能力最强的一类传输介质是_________。

( )A.双绞线B.光缆C.同轴电缆D.无线信道6. 能从数据信号波形中提取同步信号的典型编码是_____ ( )A.循环冗余码B.定比码C.曼彻斯特码D.不归零码7. 判断以下哪个Ethernet物理地址是正确的？( )A.00-60-08-A6B.202.196.1.1C.001D.00-60-08-22-D5-9A8. 以下哪项不是网络操作系统提供的服务？( )A.文件服务B.打印服务C.通信服务D.办公自动化服务9. 传输层的作用是向源主机与目的主机进程之间提供_____数据传输。

( )A.点对点B.点对多点C.端到端D.多端口之间10.网际互联中,在物理层中实现透明二进制比特复制,以补偿信号衰减的中继设备是___ ( )A.中继器B.桥接器C.路由器D.协议转换器11. 一种用载波信号相位移动来表示数字数据的调制方法称为键控法。

( )A.相移(或移相)B.幅移(或移幅)C.频移(或移频)D.混合12. 数据报方式的主要特点不包括_______。

( )A.同一报文的不同分组可以由不同的传输路径通过通信子网B.在每次数据传输前必须在发送方与接受方间建立一条逻辑连接C.同一报文的不同分到达目的节点时可能出现乱序、丢失现象D.每个分组在传输过程中都必须戴有目的地址与源地址13. 内部网关协议RIP是一种广泛使用的基于________的协议。

CCNA试题1.What is the correct order for the OSI model? BP=Presentation, S=Session, D=Datalink, Ph=Physical, T=Transport, A= Application, N=NetworkA. P S A PH D N TB. A P S T N D PHC. PH D N T A S PD. P S A T N D PHIt is crucial you not only memorize this and know what each layer does.2. What is encapsulation? CA. Putting the header on an incoming frameB. Putting a header on an incoming segmentC. Putting a header on an outgoing frameD. Putting a header on an outgoing bitThis also includes trailers and can be put on segments, packets, and frames.3. Which layer is most concerned with user applications? AA. ApplicationB. PresentationC. NetworkD. Physical4. Which of the following is de-encapsulation?AA. Stripping the header from a frameB. Putting a header on a segmentC. Putting a header on a frameD. Stripping a frame from a linkThis also includes trailers as in question 2.5. What layer converts data into segments? CA. ApplicationB. PresentationC. TransportD. Physical6. What layer converts data into Packets? AA. NetworkB. ApplicationC. PhysicalD. Data Link7. What layer converts data into Frames? CA. ApplicationB. PhysicalC. Data LinkD. Transport8. What layer converts data into bits? DA. ApplicationB. SessionC. Data LinkD. PhysicalAll of the layers need to convert data into something that they can pass down to the next level, with the exception of the Application layer which hands data to the Presentation layer.The Presentation layer encrypts, and compresses before sending it to the Session layer for it s first conversion.9. Which layer is most concerned with getting datafrom the beginning to the final destination? DA. ApplicationB. PresentationC. SessionD. TransportThe transport layer is most concerned with reliable transportation from one end to the other.10. Which of the following is not a part of the Session layer? BA. Establishing a sessionB. Ensuring error free segmentsC. Ending a sessionD. Keeping the sender and receiver from sending a message at the same time That is the job of the Transport layer.11. Which of the following is not a job for the presentation layer? Choose 2 CDA. Data representationB. CompressionC. Dialog managementD. TransmissionE. EncryptionC is handled by the session layer, andD is handled by the Transport layer12. What does Peer to Peer communication involve? DA. Each layer communication with the layer below itB. Each layer communication with layer above itC. Each layer communicating with adjacent layer in another systemD. Each layer communication with it s corresponding layer in another systemAnswer D.Answer C sounds correct also, but adjacent and corresponding are two different things. The session layer can only communicate with the session layer in another system for example.13. Why does the industry use a layered model?Choose all correct ABCDA. When you enhance one layer it doesn t affect the other layersB. Design and development can be made in a modular fashionC. Network operations can be simplifiedD. Troubleshooting can be simplified.14. Which two of the following are not from the physical layer? ADA. SDLCB. V.35C. HSSID. ISDNE. RS-232Answer A D.SDLC and ISDN are W AN protocols that function at the data link layer15. Which two answers are functions of the OSI model"s network layer? BCA. Sequencing of framesB. Path determinationC. Packet switchingD. Packet sequencingAnswer B C. Sequencing is done at the data link layer. D is fictional.16. What is an example of a MAC address? DA. Az32:6362:2434B. Sj:2817:8288C. GGG:354:665D. A625:cbdf:6525The address is a 48 bit address which requires 12 Hex digits.A hex digit can t be past the letter F. Hex stands for 16. 1-9 and A-F make up numbers that are valid.17. Which of the following is not part of the data link layer? EA. Transports data across the physical linkB. Performs physical addressingC. Performs flow controlD. Determines network topologyE. Terminates a sessionThis is part of the session layer18. Which of the following are data link protocols? ADEA. HDLCB. FTPC. SQLD. ISDNE. Token RingFTP is an application and SQL is a session layer protocol.19. Of the following address AA77:3827:EF54, which of the following is the vendor portion? AA. AA7738B. 27EF54C. AA77D. EF54The vendor code is how you can tell who made the card. The last 6 digits are the physical address.20. Which of the following are examples of layer 3 addressing? ABA. 165.33.4.34B. AA77:3827:EF54C. HHHH:hg:7654D. 76The first is a TCPIP address and the second is an IPX address21. What is considered Layer 3 addressing? BA. Data Link LayerB. Network LayerC. Application LayerD. None of thesePhysical is Layer 1, then data link, and then Network. This is the same layer that routers are on. A22. What layer are Bridges on?A. Data LinkB. PhysicalC. ApplicationD. TransportBridges segment networks but are not able to determine addresses like the network layer does.23. Repeaters are on what layer? CA. TransportB. SessionC. PhysicalD. ApplicationAll repeaters can do is boost a signal. An active hub is a good example of a repeater. A switching hub is a good example of layer 3 addressing, since switches go by network addresses and IPX addresses rather than just boost signals. Bridges can only read mac addresses, and not the full IPX or TCPIP addresses.24. Which of the following are considered routing protocols? ADA. OSPFB. IPC. IPXD. EIGRPE. Token RingAnswers B and C are routed protocols, whereas A and D are the protocols that do the routing. This is easily confused. You can remember it by thinking that the routing protocols that haul the routed protocols are like a tug ship pulling a barge. The barge is full of data.25. Which two of the following are considered connection oriented communication? ADA. Setup and maintenance procedures are performed to ensure message delieveryB. A physical circuit exists between two communicating devicesC. It is a best effort type of communicationD. A virtual connection exists between the twoB is not a necessity, andC is not accurate. TCP is connection oriented and UDP is not26. Which of the following are not WAN protocols? Choose 2 CDA. Frame RelayB. A TMC. EthernetD. FDDIE. ISDNEthernet and FDDI are LAN protocols.27. Which of the following will allow you to view NVRAM s contents? AEA. show configurationB. show protocolsC. show versionD. show running-configE. show startup-configAnswer A E. These show the backup configuration stored in NVRAM. The other anwsers allow youto view RAM.28. Which of the following contains the OS image? AA. FlashB. NVRAMC. RAMD. InterfacesROM will be used if Flash is unavailable. NVRAM is the backup configuration, and RAM is the active configuration29. Which of the following indicates the router is in privilege mode? AA. Router#B. Router>C. Router-D. Router* Answer B shows the router in user mode.30. What does "show cdp neighbors" not show? Neighbors___C______A. device idC. ios versionD. port type and number31. Which of the following will show you the clock? DA. cl?B. Cl ?C. Clock?D. Clock ?By typing this the router will finish the command and show the clock.32. CDP operates at which layer? DA. TransportB. NetworkC. Data linkD. PhysicalCDP allows a network device to exchange frames with other directly connected networked devices.33. Which command does not show two devices are not routing packets between them successfully? ACDA. pingB. show interfaceC. traceD. telnetAnswer A C D. With these commands you can tell whether or not you have communication. Show interface just verifies there is a connection34. What keystrokes shows the possible commands in privilege mode? ABA. helpB. hC. ctrl+hD. ?Answers A and B will give a brief description when typed, and C is not valid.35. Which two items contain versions of the router s configuration file? BCA. flashB. nvramC. ramD. romA and D contain the OS.36. Which of the following commands will allow you to review the contents of RAM?A. show configuration BCDC. show versionD. show running-configE. show startup-configA and E allow you to see NVRAM.37. Which of the following will allow you to add, modify, or delete commands in the startup configuration file? DA. show startup-configB. show running-configC. configure terminalD. configure memoryAnswer C allows you to change items in the running configuration file38. Which command would be used to restore a configuration file to RAM? ____A____TFTP running-configA. router#copyB. router>copyC. router*copyD. router^copyYou must be in privilege mode when executing this, which is why you see the # sign.39. Which of the following commands will display the running configuration file to a terminal? AA. show running-configB. show router-configC. router#show flashD. router>show versionIt can only be shown in privilege mode.40. If you need to copy the currently executing configuration file into NVRAM,which command would you use? CA. router#copy startup-config running-configB. router#copy startup-config TFTPC. router#copy running-config startup-configD. router>copy startup-config running-configAnswers ABC show that the router is in privilege mode which is necessary to complete this action, but only C shows the correct syntax.。

完整版CCNA测试题库及答案描述载波侦听多路由访问/冲突检测（CSMA/CD）的工作原理。

CSMA/CD是一种帮助设备均衡共享带宽的协议，可避免两台设备同时在网络介质上传输数据。

虽然他不能消除冲突，但有助于极大的减少冲突，进而避免重传，从而提高所的设备的数据传输效率。

区分半双工和全双工通信。

并指出两种方法的需求。

与半双工以太网使用一对导线不同，全双工以太网使用两队导线，全双工使用不同的导线来消除冲突，从而允许同时发送和接收数据，而半双工可接收或发送数据，但不能同时接收和发送数据，且仍会出现冲突。

要使用全双工，电缆两端的设备都必须支持全双工，并配置成一全双模式运行。

描述MAC地址的组成部分以及各部分包含的信息。

MAC（硬件）地址时一种使用十六进制表示的地址，长48位（6B）。

其中前24位（3B）称为OUI（Organizationally Unique Idebtifier,组织唯一表示符），有IEEE分配给NIC制造商；余下的部分呢唯一地标识了NIC识别十进制数对应的二进制值和十六进制值。

用这三种格式之一表示的任何数字都可以转换为其他两种格式，能够执行这种转换对理解IP地址和子网划分至关重要。

识别以太网帧中与数据链路层相关的字段。

在以太网中，与数据链路层相关的字段包括前导码，帧其实位置分隔符，目标MAC地址，源MAC地址，长度或者类型以及帧校验序列。

识别以太网布线相关的IEEE标准。

这些标准描述了各种电缆类型的功能和物理特征，包括（但不限于）10Base2、10Base5和10BaseT。

区分以太网电缆类型及其用途。

以太网电缆分3种：直通电缆，用于将PC或路由器的以太网接口连接到集线器或交换机；交叉电缆。

用于将集线器连接到集线器，集线器连接到交换机，交换机连接到交换机以及PC连接到PC；反转电缆，用于PC和路由器或交换机之间建立控制台连接。

描述数据封装过程及其在分组创建中的作用。

数据封装指的是在OSI模型各层给数据添加信息的过程，也成为分组创建。

1. IP地址是以下哪一层的内容（C）A. 传输层B.网络层C. 数据链路层D.应用层2.下列设备不属于中间设备的是（C ）A. 交换机B. 三层交换机C. Web服务器D.路由器3. 198.198.100.1是属于哪一类地址？（C ）A.A类地址B.C类地址C.B类地址D.公有地址4.通过路由器的FastEthernet 端口直接连接两台路由器。

应使用哪种电缆？( B )A.直通电缆B.交叉电缆C.全反电缆D.串行电缆5.OSI参考模型的网络层对应的是TCP/IP模型的哪一层（B ）A. 应用层B. 传输层C. 网络接入层D.Internet层6. 以下不属于广播地址的是（C ）A.192.168.66.255/24B.10.0.255.255/16C.172.16.1.127/25D.172.16.1.128/257.路由器的启动配置文件时存放在哪个存储器中（B ）A. NVRAMB.ROMC.flashD.RAM8.从用户模式进入特权模式的路由器配置命令是什么？( D )A.hostnameB.configure terminalC.exitD.enable9. 交叉线用于以下哪两个设备间的直连（B ）A.二层交换机与路由器B. 集线器与集线器C.集线器与主机D. PC与二层交换机10.静态路由的默认管理距离是多少？( B )A.90B.120C.110D.011. 以下属于私有地址的是（D ）A.127.0.0.1/24B.202.103.224.68/24C.66.66.66.66/24D.172.16.2.2/2412.以下对Ip route 192.168.100.0 255.255.255.0 172.16.1.100描述正确的是（C ）A.172.16.1.100 是目的网络地址B.目的网络是一个B类网络地址C.192.168.100.0是目的网络地址D.此命令语法错误.13.以下属于B类的地址是（C ）A.10.10.10.10B.192.168.0.100C.172.16.1.2D.224.0.0.114.cisco设备的操作系统是（C ）A.windowsB.linuxC.IOSD.UNIX15. 保存路由器配置文件的命令是( D )A. copy running-config flashB.copy startup-config running-configC. copy running-configD.copy running-config startup-config16. cisco设备的IOS操作系统镜像文件保存在( C )中A.flashB.RAMC.ROMD.NVRAM17.如图所示，该命令配置的是( C )（17题图）A.配置VTY口令B.配置enable口令C.配置控制台口令D.配置AUX拨号口令18. 如下图所示，R1直连的网段是( B )，对于目的IP为192.168.2.2的数据包路由器将把该数据包往接口( B )转发。

ccna考试题库最新版CCNA（Cisco Certified Network Associate）认证是全球范围内最受欢迎的网络工程师认证之一，具备CCNA认证可以证明一个人在建立、规划、运行、安装和配置中等规模的局域网和广域网方面的专业知识。

为了帮助广大考生顺利通过CCNA考试，不断更新的CCNA考试题库至关重要。

以下是最新版本的CCNA考试题库，希望对考生们有所帮助。

第一部分：网络基础知识1. 什么是OSI七层模型？简要介绍每一层的功能。

2. TCP和UDP之间有哪些区别？请分别举例说明。

3. 什么是IP地址？IP地址的类型有哪些？请列举并简要介绍各自的特点。

4. 什么是子网掩码？为什么在网络中使用子网掩码？5. 简述常见的网络设备有哪些，以及各自的功能与作用。

第二部分：路由和交换技术1. 路由器和交换机之间有何区别？请进行比较并指出各自的优势和劣势。

2. 什么是VLAN？VLAN的作用及在网络中的应用场景是什么？3. OSPF和EIGRP是两种常见的路由协议，请比较它们的特点并举例说明。

4. 请解释静态路由和动态路由的概念以及在网络中的应用。

5. 交换机在网络中扮演什么角色？交换机的MAC地址表是如何工作的？第三部分：网络安全和管理1. 网络安全的重要性是什么？请列举几种常见的网络安全威胁并介绍应对策略。

2. 什么是ACL（访问控制列表）？ACL的作用是什么？请给出一个ACL的配置示例。

3. VPN是什么？VPN的工作原理及在企业网络中的应用。

4. SNMP是网络管理中常用的协议，它的作用是什么？请解释SNMP中的几个重要概念。

5. 如何保护无线网络的安全？请列举几种方法。

第四部分：WAN技术1. 什么是WAN？WAN的主要特点是什么？2. PPP协议和HDLC协议分别是什么？请比较它们的异同。

3. 什么是Frame Relay？Frame Relay的工作原理及在WAN中的应用。

4. 请解释T1和E1的概念，以及它们在传输速率和应用方面的差异。

CCNA安全题库CCNA安全1．最早的⽹络安全⼯具是（） CA．ACS B. IPS C. IDS D. IPSec2. 下列哪些属于安全组织（）ACDA. SANSB. CiscoC. CERTD. ISC3. 常见的⽹络攻击⽅法有（）BCDA. 病毒攻击B. 侦查攻击C. 接⼊攻击D. 拒绝服务攻击4. 拒绝服务攻击的主要原因（）BDA. 中间⼈泄露信息B. 主机或应⽤程序处理⾮预期状况失败C. 缓冲区溢出D. ⽹络、主机或应⽤程序不能处理量⾮常⼤的数据5. 能够帮助获得强密码策略的具体⽅法（）ACDA. 登陆尝试失败⼀定次数后禁⽤账号B. 设置密码有效期C. 不使⽤明⽂密码D. 使⽤强密码6. 提⾼密码的安全性，应进⾏如下配置（）ABCA. 设置最短密码长度B. 关闭⽆⽤连接C. 加密配置⽂件中的所有密码D. 设置密码有效期7. 为了获得更好的虚拟登录连接的安全性，应配置以下哪些参数（）ABDA. 两次成功登录之间的延迟B. 如果检测到DoS攻击，应关闭登录C. 加密所有密码D. 为登录建⽴系统⽇志8. 以下那些是安全审计⼯具（）BCDA. 思科⼀步锁闭B. 安全审计向导C. 思科⾃动安全D. ⼀键关闭9. Cisco环境中的⽹络和管理性AAA安全有以下⼏个功能组件（）ACDA. 认证B. 控制中⼼C. 授权D. 记账和审计10. AAA认证管理性接⼊的⽤户或远程⽹络接⼊的⽤户，采⽤（）模式请求AAA服务ACA. 包模式B. 交换模式C. 字符模式D. 密⽂模式11. Cisco提供（）⽅法来实现AAA服务BCA. 基于AAA授权B. 本地AAA认证C. 基于服务器的AAA认证D. AAA记账12. 下列哪些是TACACS+的关键因素（）ABCDA. 不兼容TACACS和XTACACSB. 认证和授权分离C. 加密所有通信D. 使⽤TCP端⼝4913. 下列哪些是Radius的关键因素（）ABCDA. 使⽤RADIUS代理服务器提供可扩展性B. 只加密密码C. 将RADIUS认证和授权结合成⼀个过程D. ⽀持远程访问技术、802.1X和SIP14. Cisco安全ACS具有以下哪些优点（）ABCDA. 使⽤策略控制来结合认证、⽤户接⼊和管理员接⼊对接⼊安全性进⾏扩展B. 提供更⼤的灵活性和机动性、增强的安全性以及⽤户⽣产⼒增益C. 对所有⽤户采⽤统⼀的安全策略D. 减少在扩展⽤户和管理员对⽹络的接⼊时所需的管理性和运营负担15. 标准ACL的编号范围为（）ACA. 1~99B. 100~199C. 1300~1999D. 2000~269916. 扩扎ACL的编号范围为（）BDA. 1~99B. 100~199C. 1300~1999D. 2000~269917. 实施ACL时应注意的问题（）ACDA. 默认拒绝所有流量B. 不需要配置到具体端⼝C. 过滤⽅向D. 语句的次序18. 相对标准和静态扩展ACL，动态ACL有哪些优势（）ABCDA. 每个⽤户的挑战验证机制B. 简化路由器对ACL的处理C. 降低⽹络⿊客对⽹络的攻击机会D. 在不损害其他安全配置的前提下，可以动态的让⽤户穿越防⽕墙19. 使⽤ACL可以减少哪些攻击（）BCDA. 拒绝服务器攻击B. IP地址欺骗C. DOS TCP SYN攻击D. DOS smurf攻击20. 使⽤ACL可以过滤哪些流量（）ABA. ICMP消息B. TracerouteC. DOS TCP SYND. DOS smurf21. ⽹络中使⽤防⽕墙有哪些好处（）ACDA. 防⽌敏感⽤户和应⽤暴露于不受信任的⽤户前B. ⽹络性能提升C. 净化协议流量，防⽌暴露协议漏洞D. 正确的配置防⽕墙后，使得安全策略的实现更简单、可扩展、更健壮22. 下列哪些是防⽕墙的局限性（）ABCDA. 配置不当，防⽕墙会引起严重问题B. 很多应⽤不能安全通过防⽕墙C. ⽤户可能会积极寻找绕过防⽕期接收被阻信息的⽅法，使⽹络遭受潜在攻击的危险D. 未授权的流量可能经隧道或隐藏在合法的流量中通过防⽕墙23. 防⽕墙有哪些类型（）BDA. 边际防⽕墙B. 状态防⽕墙C. 软件防⽕墙D. 应⽤⽹关防⽕墙24. 基于上下⽂的访问控制（CBAC）提供哪些功能（）ABCA. 流量过滤B. 流量检测C. ⼊侵检测D. 主动防御25. 基于上下⽂的访问控制（CBAC）有那些局限性（）BCDA. 导致⽹络性能下降B. 接⼝间的流量控制策略复杂C. 策略不能绑定到主机组或⼦⽹，通过⼀个接⼝的所有流量经过同样的检查D. 处理过于依赖ACL26. IDS和IPS传感器可以是以下设备中的那些（）ACDA. 配置了Cisco IOS IPS软件的路由器B. 专门的Cisco⽹络防⽕墙C. 专门设计⽤来提供专有IDS或IPS服务的设备D. 安装在相应的安全设备、交换机或路由器上的⽹络模块27. IDS和IPS技术使⽤（）部署⽅式CDA. 基于防⽕墙的IPS部署B. 基于软件的IPS部署C. 基于⽹络的IPS部署D. 基于主机的IPS部署28. Cisco安全代理（CSA）包括（）部分BCA. 策略中⼼B. 管理中⼼C. 安全代理D. 配置系统29. 下列哪些属于IPS解决⽅案（）ACDA. Cisco IPS⾼级集成模块和⽹路增强模块B. Cisco安全代理C. Cisco IPS 4200系列传感器D. Cisco可适应的安全产品30. 哪些因素影响了传感器的选择和部署（）ABCDA. ⽹络数据流的数量B. ⽹络拓扑C. 安全预算D.管理IPS的可⽤安全⼈员31. IPS特征⽂件的属性有（）ACDA. 类型B. 服务C. 触发D. ⾏动32. Cisco IDS和IPS传感器可以使⽤（）特征触发类型ABCA. 基于样本的检测B. 基于异样的检测C. 基于策略的检测D. 基于沙盘的检测33.IPS的特征⾏动有（）BCDA. 重置UDPB. 产⽣⼀个警报C. 丢去或阻⽌这个⾏为D. 允许该⾏为34. 本地管理IPS的解决⽅案有（）ACA. Cisco路由器和安全设备管理器B.Cisco安全代理C. CiscoIPS设备管理器D.Cisco安全管理器35. 集中管理IPS的解决⽅案有（）ACDA. Cisco IDS事件阅览器（IEV）B. Cisco安全代理C. Cisco安全管理器D. Cisco安全监测、分析和响应系统36. 下列哪些属于第⼆层安全配置（）ABCDA. 启⽤端⼝安全B. 跟桥保护C. ⼴播风暴控制D. Cisco安全端⼝分析器37. Cisco部署终端安全的策略基于（）成分ABCA. Cisco⽹络准⼊控制B. 终端保护C. ⽹络感染遏制D. CSA38. 防护终端的操作系统隐患有（）技术ABCDA. 最⼩特权观念B. 进程之间的隔离C. 标准检测器D. ⼩的、可验证的代码块39. Cisco终端安全解决⽅案的⾸要组件有（）ABDA. IronPortB. Cisco NACC. SAND. CSA40. Cisco NAC产品的主要分类（）BDA. NAC设备服务器B. NAC框架C. NAC设备代理D. Cisco NAC设备41. Cisco NAC设备可以提供哪些功能（）ABDA. 识别⽤户和设备，以及他们在⽹络中的⾓⾊B. 评估这个机器是否符合安全策略C. 提供⽹络准⼊的客户端软件D. 强制执⾏的安全策略通过对不合格主机的阻塞、隔离以及修补来实现42. CSA是通过（）部署保护的ABCDA. ⽂件系统拦截器B. ⽹络拦截器C. 配置拦截器D.执⾏空间拦截器43. 第⼆次体系架构的攻击有哪些（）ABCDA. MAC地址欺骗B. STP操作C. MAC地址表溢出D. LAN风暴44. 集成架构的⽆线安全⽅法解决⽅案有（）ABCDA. 预先的威胁和⼊侵检测能⼒能检测⽆线攻击并进⾏防御B. 全⾯保护机密数据和通信安全C. 单⼀⽤户标识和策略简化了⽤户管理和⾮授权访问的保护D. 和有线安全系统的合作确保了⽆线安全功能和防护的全⾯性45. Cisco IP电话解决⽅案的部署模式有（）ABCDA. 单站部署B. 集中与远程分⽀呼叫处理C. 分布式呼叫处理部署D. 通过IP WAN 的组群46. 在⽆线⽹络中，⽹络管理员需要考虑（）安全问题CDA. ⽆线⽹络使⽤WEP或WPA/TKIP是⾮常安全的，不容易受到⿊客攻击B. ⽆线⽹络使⽤WPA2/AES应该有⾄少6个字符的密码短语C. 如果IPSec VPN是可⽤的，那么在任何公共⽆线LAN中部署它D. 如果⽆线接⼊不是必须的，禁⽤⽆线设备或⽆线NIC47. 下列哪些是针对V oIP的⽹络威胁（）ABCDA. 对于语⾳资源的⾮授权访问B. 危害⽹络资源C. 偷听D. DoS攻击48. 在企业基础架构中的SAN，是为了满⾜（）业务的需求BCDA. 提⾼企业信息处理的能⼒B. 降低资本和运⾏的费⽤C. 提⾼灵活性，以⽀持不断变化的业务优先级、应⽤增长和收⼊增长D. 改善远距离复制、备份和恢复，以满⾜法规要求和⾏业最佳做法49. （）是主要的SAN传输技术ACDA. 光纤通道B. FDDIC. iSCSID. FCIP50. 保护通信安全包括（）主要任务ABDB. 完整性C. 确认机制D. 机密性51. 下列哪些是散列函数（）ADA. MD5B. RSAC. HMACD. SHA-152. 密钥管理需要考虑（）的基本特性ABCDA. ⽣成B. 验证C. 存储D.撤销和销毁53. 下列算法中哪些是对称密钥算法（）ABCDA. DESB. 3DESC. AESD. SEAL54. 选择加密算法时应该考虑的标准为（）ABCDA. 算法是受到密码界社团信任的B. 算法能够充分抵抗强⼒攻击C. 算法⽀持可变的和长的密钥长度以及扩展性D. 算法有没有出⼝和进⼝限制55. 3DES使⽤的是（） BA. 加密—加密—解密B. 加密—解密—加密C. 解密—加密—解密D. 加密—加密—加密56. AES被选中替代DES的原因有（）A. AES的密钥长度使得其密钥⽐DES强度⼤B. AES⽐3DES运⾏快C. AES⽐DES和3DES效率⾼D. 适合⾼吞吐量、⾼延迟的环境57. 下列哪些算法是⾮对称密钥算法（）ABCDB. 安全套阶层C. SSHD. PGP57. 数字签名在以下哪些场合使⽤（）ABCDA. 提供数据源的唯⼀证据B. 证明PKI证书的真实性和完整性C. 使⽤⼀个被信任的时间源来提供⼀个安全的时间戳D. 通过使⽤⼀个⽤户的私钥和它产⽣的签名对该⽤户进⾏认证58. 使⽤数字签名可以提供哪些服务（）ABDA. 使⽤数字签名的数据的真实性B. 使⽤数字签名的数据的完整性C. 使⽤数字签名的数据的可靠性D. 交易的不可否认性59. PKI由哪些主要组件（）ABCDA. PKI⽤户B. ⽤于密钥管理的CAC. 存储和协议D. ⽀持法律框架60. 在交叉性认证CA拓扑中，（）任务是分配给RA处理的ABDA. 当⽤户注册PKI时对⽤户进⾏认证B. 注册后分发证书C. 撤销失效的证书D. 为不能⽣成⾃⼰的密钥⽤户⽣成密钥61. VPN具有哪些优点（）ABCDA. 节省开⽀B. 安全性C. 可扩展性D. 兼容宽带技术62. VPN的⽹络类型有（）ADA. 站点到站点B. 站点到端点C. 端点到端点D. 远程访问63. IPSec 框架包括了（）ABCDA. IPSec协议B. 加密算法C. 完整性D. 如何建⽴共享密钥64. IPSec通过IPSec框架提供（）基本安全功能ABCDA. 机密性B. 完整性C. 认证D. 安全密钥交换65. 配置对等体认证有（）⽅法ACA. 预共享密钥B. 数字签名C. RSA签名D. SSL66. ESP和AH有（）应⽤到IP报⽂BCA. 穿透模式B. 隧道模式C. 传输模式D. 代理模式67. Cisco⾃防御⽹络采⽤（）原则来实现它的策略BCDA. 安全性B. 完整性C. 合作性D. 适应性68. Cisco⾃防御⽹络策略提供（）安全服务ABDA. 威胁控制和遏⽌B. 安全通信C. 安全策略D. 运营控制和策略管理69. Cisco⾃防御⽹络，有以下哪些⼯具提供安全服务（）ABCDA. Cisco安全管理器B. Cisco IOS软件C. Cisco安全代理D. MARS简单题1.描述MAC地址表溢出攻击是如何实现的2.描述MAC地址欺骗攻击是如何实现的3.描述CSA的架构，已经他们的⼯作⽅式4.将下列明⽂通过简单的替代密码换算出密⽂，其中密钥为5 Rteaodncoepakdpofjepwiqdprt5.将下列明⽂通过置换密码换算出密⽂明⽂为attackbeginsatfour密钥为rtmpot6.请描述⼀下IPSec的框架，以及期中包含的内容7. 描述并且⽤图形表⽰AM和ESP的两种传输模式8. 分析以下IPSec的L2L模式下，数据包的封装变化9. 分析以下IPSec的远程拨号模式下，数据包的封装变化10. ⽤图形描述下IKE的交换过程（主模式）。

ccna考试试题库CCNA（Cisco Certified Network Associate）考试是思科认证网络专家的初级认证，主要测试考生在网络基础、路由、交换、无线和安全等方面的知识。

以下是一些模拟CCNA考试的试题和答案：1. 什么是子网掩码，它有什么作用？答案：子网掩码是一种IP地址的附加信息，用于指定IP地址中网络部分和主机部分的界限。

它的作用是允许路由器区分IP地址中的网络地址和主机地址，从而实现不同网络之间的路由。

2. 描述静态路由和动态路由的区别。

答案：- 静态路由：由网络管理员手动配置的路由信息，不随网络结构的变化而自动调整。

- 动态路由：由路由器根据网络拓扑的变化自动生成和更新的路由信息。

3. 什么是VLAN，它有什么好处？答案： VLAN（虚拟局域网）是一种在交换机上划分不同网络的技术，即使物理上连接在同一交换机上，也可以属于不同的VLAN。

VLAN的好处包括提高安全性、减少广播域、提高网络管理的灵活性等。

4. 简述TCP和UDP的区别。

答案：- TCP（传输控制协议）：提供可靠的、面向连接的传输服务，有流量控制和拥塞控制机制。

- UDP（用户数据报协议）：提供不可靠的、无连接的传输服务，适用于对实时性要求高的应用。

5. 什么是DHCP，它的作用是什么？答案： DHCP（动态主机配置协议）是一种网络管理协议，用于自动分配IP地址和其他网络配置信息给网络中的设备。

它的作用是简化网络配置，避免IP地址冲突。

6. 什么是NAT，它在网络中扮演什么角色？答案： NAT（网络地址转换）是一种技术，允许多个设备共享一个公共IP地址与互联网通信。

它在网络中扮演的角色是节省IP地址资源，隐藏内部网络结构。

7. 什么是STP（生成树协议）？答案： STP（生成树协议）是一种网络协议，用于在局域网中防止网络环路的产生。

通过创建一个无环的逻辑拓扑，STP确保网络的稳定性和可靠性。

8. 描述OSPF（开放最短路径优先）协议的工作原理。