Itrenzheng CCNP 642-892认证题库

IT认证考试网络基础真题考试题目一：网络基础知识（20分）1. 简述什么是IP地址，并说明其分为几类，并举例说明。

（6分）IP地址是指互联网协议地址，用于标识网络上的设备。

它分为IPv4和IPv6两个版本。

其中IPv4地址分为A类、B类、C类、D类和E类，每个类别都有特定的地址范围。

以IPv4为例，A类地址范围为1.0.0.0 - 126.0.0.0，其中一个常见的A类地址是10.0.0.0；B类地址范围为128.0.0.0 - 191.255.0.0，一个常见的B类地址是172.16.0.0；C类地址范围为192.0.0.0 - 223.255.255.0，一个常见的C类地址是192.168.0.0。

2. 什么是子网掩码？子网掩码的作用是什么？（4分）子网掩码用于确定IP地址中网络部分和主机部分的划分。

它的作用是通过与IP地址进行位运算，将IP地址划分为网络地址和主机地址。

3. 简述TCP/IP协议簇的主要协议以及它们的作用。

（10分）TCP/IP协议簇主要包括以下协议：- IP协议：负责数据包的传输，确定数据的源和目的地址。

- ICMP协议：用于发送错误消息和操作状态请求，以及网络异常的通知。

- ARP协议：用于将IP地址映射成物理地址，实现局域网内的设备通信。

- DHCP协议：用于自动分配IP地址给设备，简化网络管理。

- TCP协议：提供面向连接的可靠传输，保证数据传输的可靠性。

- UDP协议：提供无连接的传输，适用于对实时性要求较高的应用。

考试题目二：网络安全（20分）1. 什么是防火墙？防火墙的工作原理是什么？（6分）防火墙是一种网络安全设备，用于保护网络免受恶意攻击和未经授权的访问。

其工作原理是通过监控网络流量并根据预设的安全规则策略，过滤和阻止未经授权的访问和恶意流量。

2. 简述常见的网络攻击类型，并对其中一种进行详细说明。

（8分）- DDOS攻击: 分布式拒绝服务攻击，通过多个主机协同攻击目标服务器，使其过载而无法正常对外提供服务。

A. Switch P2S1 is in server mode.B. Switch P1S1 is in transparent mode.C. The MD5 digests do not match.D. The passwords do not match.E. The VTP domains are different.F. VTP trap generation is disabled on both switches.Answer: B,D,EExplanation:Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain name information on the switch. If you leave the switch in server mode, be sure to verify that the configuration revision number is set to 0 before adding the switch to the VTP domain. It is generally recommended that you have several servers in the domain, with all other switches set to client mode for purposes of controlling VTP information.It is also highly recommended that you use secure mode in your VTP domain. Assigning a password to the domain will accomplish this. This will prevent unauthorized switches fromparticipating in the VTP domain. From the privileged mode or VLAN configuration mode, use the vtp password password command.h t t p://www.ed if y.co m .cn /QUESTION NO: 75Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1B. that interfaces Fa0/13 and Fa0/14 are downC. that interfaces Fa0/13 and Fa0/14 are trunk interfacesD. that interfaces Fa0/13 and Fa0/14have a domain mismatch with another switchE. that interfaces Fa0/13 and Fa0/14have a duplex mismatch with another switchAnswer: CExplanation:trunk - This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. You should also manually configure the encapsulation mode.show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't shows the port on trunk mode.QUESTION NO: 76Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true? (Choose two.)h t t p://www.ed if y.co m .cn /A. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlan output.B. VLAN 1 will not be encapsulated with an 802.1q header.C. There are no native VLANs configured on the trunk.D. VLAN 2 will not be encapsulated with an 802.1q header.E. All interfaces on the switch have been configured as access ports.F. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show vlan output.Answer: A,BExplanation:h t t p://www.ed if y.co m .cn /The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging .802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1Q trunk link, the end station can receive and understand only the native VLAN frames.This provides a simple way to offer full trunk encapsulation to the devices that can understand it,while giving normal access stations some inherent connectivity over the trunk.show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't show the port on trunk mode.QUESTION NO: 77Refer to the exhibit and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5on switch SW_A complain that they do not have connectivity to the users in VLAN 5 on switch SW_B. What should be done to fix the problem?A. Configure the same number of VLANs on both switches.h t t p://www.ed if y.co m .cn /B. Create switch virtual interfaces (SVI) on both switches to route the traffic.C. Define VLAN 5 in the allowed list for the trunk port on SW_A.D. Disable pruning for all VLANs in both switches.E. Define VLAN 5 in the allowed list for the trunk port on SW_BAnswer: CExplanation:switchport trunk allowed vlan , defines which VLANs can be trunked over thelink . By default, a switch transports all active VLANs (1 to 4094) over a trunk link. There might be times when the trunk link should not carry all VLANs. For example, broadcasts are forwarded to every switch port on a VLAN-including the trunk link because it, too, is a member of the VLAN.If the VLAN does not extend past the far end of the trunk link, propagating broadcasts across the trunk makes no sense.Section 8: Document results of VLAN implementation and verification (0 Questions)QUESTION NO: 78Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?A. All switch ports in the Building Access block should be configured as DHCP untrusted ports.B. All switch ports in the Building Access block should be configured as DHCP trusted ports.h t t p://www.ed if y.co m .cn /C. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports.D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports.E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.F. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports.Answer: FExplanation:One of the ways that an attacker can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCPrequests. The legitimate server may reply also, but if the spoofing device is on the same segment as the client, its reply to the client may arrive first.The intruder's DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or Domain Name System (DNS) server. In the case of a gateway,the clients will then forward packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a "man-in-the-middle" attack, and it may go entirely undetected as the intruder intercepts the data flow through the network.Untrusted ports are those that are not explicitly configured as trusted. A DHCP binding table is built for untrusted ports. Each entry contains the client MAC address, IP address, lease time,binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses, such as DHCPOFFER, DHCPACK,DHCPNAK .QUESTION NO: 79You are responsible for increasing the security within the Company LAN. Of the following choices listed below, which is true regarding layer 2 security and mitigation techniques?A. Enable root guard to mitigate ARP address spoofing attacks.B. Configure DHCP spoofing to mitigate ARP address spoofing attacks.C. Configure PVLANs to mitigate MAC address flooding attacks.D. Enable root guard to mitigate DHCP spoofing attacks.E. Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.F. Configure port security to mitigate MAC address floodingG. None of the other alternatives applyAnswer: Fh t t p://www.ed if y.co m .cn /Explanation:Use the port security commands to mitigate MAC-spoofing attacks. The port security command provides the capability to specify the MAC address of the system connected to a particular port.The command also provides the ability to specify an action to take if a port-security violationoccurs. However, as with the CAM table-overflow attack mitigation, specifying a MAC address on every port is an unmanageable solution. Hold-down timers in the interface configuration menu can be used to mitigate ARP spoofing attacks by setting the length of time an entry will stay in the ARP cache.Reference: /networksecurity/NetworkSecurity.htmlSection 2: Create an implementation plan for the Security solution (3 Questions)QUESTION NO: 80You work as a network technician at . Your boss, Mrs. Tess King, is interested in switch spoofing. She asks you how an attacker would collect information with VLAN hoping through switch spoofing. You should tell her that the attacking station...A. es VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.B. ...will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.C. es DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.D. ...tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.E. None of the other alternatives applyAnswer: CExplanation:DTP should be disabled for all user ports on a switch. If the port is left with DTP auto-configured (default on many switches), an attacker can connect and arbitrarily cause the port to start trunking and therefore pass all VLAN information.Reference:/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd800ebd1e.pdfQUESTION NO: 81h t t p://www.ed if y.co m .cn /The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? (Select two)A. ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C. MAC address flooding is an attempt to force a switch to send all information out every port by overloading the MAC address table.D. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E. MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.Answer: B,CExplanation:Content Addressable Memory ( CAM ) Table Overflow (MAC address Flooding)Content Addressable Memory (CAM) tables are limited in size. If enough entries are entered into the CAM table before other entries are expired, the CAM table fills up to the point that no new entries can be accepted. Typically, a network intruder floods the switch with a large number of invalid source Media Access Control (MAC) addresses until the CAM table fills up. When thatoccurs, the switch floods all ports with incoming traffic because it cannot find the port number for a particular MAC address in the CAM table. The switch, in essence, acts like a hub. If the intruder does not maintain the flood of invalid-source MAC addresses, the switch eventually times out older MAC address entries from the CAM table and begins to act like a switch again. CAM tableoverflow only floods traffic within the local VLAN so the intruder only sees traffic within the local VLAN to which he or she is connected.The CAM table overflow attack can be mitigated by configuring port security on the switch. This option provides for either the specification of the MAC addresses on a particular switch port or the specification of the number of MAC addresses that can be learned by a switch port. When an invalid MAC address is detected on the port, the switch can either block the offending MAC address or shut down the port. The specification of MAC addresses on switch ports is far too unmanageable a solution for a production environment. A limit of the number of MAC addresses on a switch port is manageable. A more administratively scalable solution is the implementation of dynamic port security at the switch. In order to implement dynamic port security, specify a maximum number of MAC addresses that will be learned.Address Resolution Protocol (ARP) SpoofingARP is used to map IP addressing to MAC addresses in a local area network segment where hosts of the same subnet reside. Normally, a host sends out a broadcast ARP request to find the MAC address of another host with a particular IP address, and an ARP response comes from the host whose address matches the request. The requesting host then caches this ARP response.Within the ARP protocol, another provision is made for hosts to perform unsolicited ARP replies.h t t p://www.ed if y.co m .cn /The unsolicited ARP replies are called Gratuitous ARP (GARP). GARP can be exploited maliciously by an attacker to spoof the identity of an IP address on a LAN segment. This istypically used to spoof the identity between two hosts or all traffic to and from a default gateway in a "man-in-the-middle" attack.When an ARP reply is crafted, a network attacker can make his or her system appear to be the destination host sought by the sender. The ARP reply causes the sender to store the MACaddress of the network attacker's system in the ARP cache. This MAC address is also stored by the switch in its CAM table. In this way, the network attacker has inserted the MAC address of his or her system into both the switch CAM table and the ARP cache of the sender. This allows the network attacker to intercept frames destined for the host that he or she is spoofing.Reference:/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807c4101.shtmlQUESTION NO: 82The Company security administrator wants to prevent DHCP spoofing. Which statement is true about DHCP spoofing operation?A. DHCP spoofing and SPAN cannot be used on the same port of a switch.B. To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packet.C. To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry pointing towards the DHCP server.D. DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.E. None of the other alternatives apply.Answer: BExplanation:About DHCP Spoofing:Suppose that an attacker could bring up a rogue DHCP server on a machine in the same subnet as that same client PC. Now when the client broadcasts its DHCP request, the rogue server could send a carefully crafted DHCP reply with its own IP address substituted as the default gateway.When the client receives the reply, it begins using the spoofed gateway address. Packets destined for addresses outside the local subnet then go to the attacker's machine first. The attacker can forward the packets to the correct destination, but in the meantime, it can examine every packet that it intercepts. In effect, this becomes a type of man-in-the-middle attack; the attacker is wedged into the path and the client doesn't realize it.About ARP:h t t p://www.ed if y.co m .cn /Hosts normally use the Address Resolution Protocol (ARP) to resolve an unknown MAC address when the IP address is known. If a MAC address is needed so that a packet can be forwarded at Layer 2, a host broadcasts an ARP request that contains the IP address of the target in question.If any other host is using that IP address, it responds with an ARP reply containing its MAC address.To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packetSection 3: Create a verification plan for the Security solution (4 Questions)QUESTION NO: 83Refer to the exhibit. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?A. The traffic will be forwarded to the router processor for further processing.B. The traffic will be dropped.C. The traffic will be forwarded to the TCAM for further processing.D. The traffic will be forwarded without further processing.Answer: BExplanation:VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike routerh t t p://www.ed if y.co m .cn /ACLs, VLAN maps are not defined by direction (input or output).To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select the traffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the sequence . If no sequence number is entered, access-map entries are added with sequence numbers in increments of 10. In access map configuration mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address),and to match the packet against one or more ACLs (standard or extended). Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.QUESTION NO: 84Company is implementing 802.1X in order to increase network security. In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Select three)A. EAP-over-LANB. EAP MD5C. STPD. protocols not filtered by an ACLE. CDPF. TACACS+Answer: A,C,EExplanation:The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected. After authentication succeeds, normal traffic can pass through the port.The Authentication server performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, theh t t p://www.ed if y.co m .cn /authentication service is transparent to the client. In this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP)extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0. RADIUS operates in a client/server model in which secureauthentication information is exchanged between the RADIUS server and one or more RADIUS clients.Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop-free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.CDP is a Cisco proprietary protocol that operates at the Data Link layer. One unique feature about operating at Layer 2 is that CDP functions regardless of what Physical layer media you are using (UTP, fiber, and so on) and what Network layer routed protocols you are running (IP, IPX,AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and is multicast every 60seconds out of all functioning interfaces, enabling neighbor Cisco devices to collect information about each other. Although this is a multicast message, Cisco switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.For STP, CDP and EAP-over-LAN are allowed before Authentication.QUESTION NO: 85Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other,although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?h t t p://www.ed if y.co m .cn /A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.Answer: DExplanation:Service providers often have devices from multiple clients, in addition to their own servers, on a single Demilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to provide traffic isolation between devices, even though they may exist on the same Layer 3 segment and VLAN. Catalyst 6500/4500 switches implement PVLANs to keep some switch ports shared and some switch ports isolated, although all ports exist on the same VLAN.The 2950 and 3550 support "protected ports," which are functionality similar to PVLANs on a per-switch basis.A port in a PVLAN can be one of three types:Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN, except for the promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports. Traffic received from an isolated port is forwarded to only promiscuous ports.Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the community and isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, given that all devices in the PVLAN will need to communicate with that port. Community: Community ports communicate among themselves and with their promiscuous ports.These interfaces are isolated at Layer 2 from all other interfaces in other communities, or in isolated ports within their PVLAN.QUESTION NO: 86VLAN maps have been configured on switch R1. Which of the following actions are taken in a VLAN map that does not contain a match clause?A. Implicit deny feature at end of list.B. Implicit deny feature at start of list.C. Implicit forward feature at end of listD. Implicit forward feature at start of list.Answer: Ah t t p://www.ed if y.co m .cn /Explanation:Each VLAN access map can consist of one or more map sequences, each sequence with a match clause and an action clause. The match clause specifies IP, IPX, or MAC ACLs for traffic filtering and the action clause specifies the action to be taken when a match occurs. When a flow matches a permit ACL entry the associated action is taken and the flow is not checked against theremaining sequences. When a flow matches a deny ACL entry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.Reference:/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007f4d4.htmlSection 4: Configure port security features (6 Questions)QUESTION NO: 87A Company switch was configured as shown below:switchport mode access switchport port-securityswitchport port-security maximum 2switchport port-security mac-address 0002.0002.0002switchport port-security violation shutdownGiven the configuration output shown above, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port?A. The host will be allowed to connect.B. The port will shut down.C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.D. The host will be refused access.E. None of the other alternatives applyAnswer: AExplanation:Steps of Implementing Port Security:h t t p://www.ed if y.co m .cn /In Exhibit two MAC addresses are allowed so that host will be allowed to connect.QUESTION NO: 88Refer to the exhibit. Which interface or interfaces on switch SW_A can have the port security feature enabled?A. Ports 0/1 and 0/2B. The trunk port 0/22 and the EtherChannel portsh t t p://www.ed if y.co m .cn /C. Ports 0/1, 0/2 and 0/3D. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel portsE. Port 0/1F. Ports 0/1, 0/2, 0/3 and the trunk port 0/22Answer: CExplanation:Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will then provide access to frames from only those addresses. If,however, the number of addresses is limited to four but no specific MAC addresses areconfigured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses. A port security feature called "sticky learning," available on some switch platforms, combines the features of dynamically learned and statically configured addresses. When this feature is configured on an interface, the interface converts dynamically learned addresses to "sticky secure" addresses. This adds them to the running configuration as if they were configured using the switchport port-security mac-address command.QUESTION NO: 89Refer to the exhibit. Based on the running configuration that is shown for interface FastEthernet0/2, what two conclusions can be deduced? (Choose two.)A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into error disabled state.B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.h t t p://www.ed if y.co m .cn /。

The safer , easier way to help you pass any IT exams.Exam : 642-813Title :Version : DemoImplementing Cisco IP SwitchedNetworks(SWITCH)The safer , easier way to help you pass any IT exams.pany uses layer 3 switches in the Core of their network. Which method of Layer 3 switching uses a forwarding information base (FIB)?A. Topology-based switchingB. Demand-based switchingC. Route cachingD. Flow-based switchingE. None of the other alternatives applyAnswer: A2.You need to design the VLAN scheme for the Company network. Which two statements are true about best practices in VLAN design? (Select two)A. Routing should occur at the access layer ifvoice VLANs are utilized. Otherwise, routing should occur at the distribution layer.B. Routing should always be performed at the distribution layer.C. VLANs should be localized to a switch.D. VLANs should be localized to a single switch unlessvoice VLANs are being utilized.E. Routing should not be performed between VLANs located on separate switches.Answer: B,C3.Refer to the exhibit. On the basis of the information provided in the exhibit, which two sets of procedures are best practices for Layer 2 and 3 failover alignment? (Choose two.)A. Configure the D-SW1 switch as the active HSRP router and the STP root for all VLANs.Configure the D-SW2 switch as the standby HSRP router and backup STP root for all VLANs.B. Configure the D-SW1 switch as the standby HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the standby HSRP router and the STP root for VLANs 12 and 120.C. Configure the D-SW1 switch as the active HSRP router and the STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the STP root for VLANs 12 and 120.D. Configure the D-SW2 switch as the active HSRP router and the STP root for all VLANs. Configure the D-SW1 switch as the standby HSRP router and backup STP root for all VLANs.E. Configure the D-SW1 switch as the active HSRP router and the backup STP root for VLANs 11 and 110. Configure the D-SW2 switch as the active HSRP router and the backup STP root for VLANs 12 and 120.F. Configure the D-SW1 switch as the standby HSRP router and the backup STP root for VLANs 12a nd 120. Configure the D-SW2 switch as the standby HSRP router and the backup STP rootfor VLANs 11 and 110.Answer: C,F4.If you needed to transport traffic coming from multiple VLANs (connected between switches), and your CTO was insistent on using an open standard, which protocol would you use?A. 802.11BB. spanning-treeC. 802.1QD. ISLE. VTPF. Q.921Answer: C5.Under what circumstances should an administrator prefer local VLANs over end-to-end VLANs?A. Eighty percent of traffic on the network is destined for Internet sites.B. There are common sets of traffic filtering requirements for workgroups located in multiple buildings.C. Eighty percent of a workgroup's traffic is to the workgroup's own local server.D. Users are grouped into VLANs independent of physical location.E. None of the other alternatives applyAnswer: A6.What are some virtues of implementing end-to-end VLANs? (Choose two)A. End-to-end VLANs are easy to manage.B. Users are grouped into VLANs independent of a physical location.C. Each VLAN has a common set of security and resource requirements for all members.D. Resources are restricted to a single location.Answer: B,C7.Which of the following statements is true about the 80/20 rule (Select all that apply)?A. 20 percent of the traffic on a network segment should be localB. no more than 20 percent of the network traffic should be able to move across a backbone.C. no more than 80 percent of the network traffic should be able to move across a backbone.D. 80 percent of the traffic on a network segment should be localAnswer: B,D8.The Company LAN is becoming saturated with broadcasts and multicast traffic. What could you do to help a network with many multicasts and broadcasts?A. Creating smaller broadcast domains by implementing VLANs.B. Separate nodes into different hubs.C. Creating larger broadcast domains by implementing VLANs.D. Separate nodes into different switches.E. All of the above.Answer: A9.The Company LAN switches are being configured to support the use of Dynamic VLANs. Which of the following are true of dynamic VLAN membership? (Select all that apply)A. VLAN membership of a user always remains the same even when he/she is moved to another location.B. VLAN membership of a user always changes when he/she is moved to another location.C. Membership can be static or dynamic.D. Membership can be static only.E. None of the other alternatives apply.Answer: A,C10.The Company LAN switches are being configured to support the use of Dynamic VLANs. What should be considered when implementing a dynamic VLAN solution? (Select two)A. Each switch port is assigned to a specific VLAN.B. Dynamic VLANs require a VLAN Membership Policy Server.C. Devices are in the same VLAN regardless of which port they attach to.D. Dynamic VLAN assignments are made through the command line interface.Answer: B,C11.In the three-layer hierarchical network design model; what's associated with the access layer? (Select two)A. optimized transport structureB. high port densityC. boundary definitionD. data encryptionE. local VLANsF. route summariesAnswer: B,E12.You are assigning VLANs to the ports of switch R1. What VLAN number value is an assigned tothe default VLAN?A. VLAN 1003B. VLAN 1C. VLAN OND. VLAN AE. VLAN 0Answer: B13.The VLANs in switch R1 are being modified. Which of the following are updated in R1 every time a VLAN is modified? (Select all that apply)A. Configuration revision numberB. Configuration revision flag fieldC. Configuration revision reset switchD. Configuration revision databaseE. None of the other alternatives apply.Answer: A,D14.Given the above partial configuration, which two statements are true about VLAN traffic? (Choose two.)A. VLANs 1-5 will use fa0/10 as a backup only.B. VLANs 6-10 will use fa0/10 as a backup only.C. VLANs 1-5 will be blocked if fa0/10 goes down.D. VLANs 1-10 are configured to load share between fa0/10 and fa0/12.E. VLANs 6-10 have a port priority of 128 on fa0/10.Answer: B,D15.What is a characteristic of assigning a static VLAN membership?A. VMPS server lookup is requiredB. Easy to configureC. Easy of adds, moves, and changesD. Based on MAC address of the connected deviceAnswer: B16.Static VLANs are being used on the Company network. What is true about static VLANs?A. Devices use DHCP to request their VLAN.B. Attached devices are unaware of any VLANs.C. Devices are assigned to VLANs based on their MAC addresses.D. Devices are in the same VLAN regardless of which port they attach to.Answer: B17.Two Company switches are connected via a trunk using VTP. Which VTP information does a Catalyst switch advertise on its trunk ports when using VTP? (Select two)A. STP root statusB. VTP modeC. Negotiation statusD. Management domainE. Configuration revision numberAnswer: D,E18.You need to investigate a VTP problem between two Company switches. The lack of which two prevents VTP information from propagating between switches? (Select two)A. A root VTP serverB. A trunk portC. VTP priorityD. VLAN 1E. None of the other alternatives applyAnswer: B,D19.R1 and R2 are switches that communicate via VTP. What is the default VTP advertisement intervals in Catalyst switches that are in server or client mode?A. 30 secondsB. 5 minutesC. 1 minuteD. 10 secondsE. 5 secondsF. None of the other alternatives applyAnswer: B20.Refer to the exhibit. VTP has been enabled on the trunk links between all switches within theTEST domain. An administrator has recently enabled VTP pruning. Port 1 on Switch 1 and port 2 on Switch 4 are assigned to VLAN 2. A broadcast is sent from the host connected to Switch 1. Where will the broadcast propagate?A. Every switch in the network receives the broadcast and will forward it out all ports.B. Every switch in the network receives the broadcast, but only Switch 4 will forward it out port 2.C. Switches 1, 2, and 4 will receive the broadcast, but only Switch 4 will forward it out port 2.D. Only Switch 4 will receive the broadcast and will forward it out port 2.Answer: C21.You want to configure switch R1 to propagate VLAN information across the Company network using VTP. What must be configured on a Cisco switch in order to advertise VLAN information?A. VTP modeB. VTP passwordC. VTP revision numberD. VTP pruningE. VTP domain nameF. None of the other alternatives applyAnswer: E22.The Company switches have all been upgraded to use VTP version 2. What are two benefits provided in VTP Version 2 that are not available in VTP Version 1? (Select two)A. VTP version 2 supports Token Ring VLANsB. VTP version 2 allows VLAN consistency checksC. VTP version 2 allows active redundant links when used with spanning treeD. VTP version 2 reduces the amount of configuration necessaryE. VTP version 2 saves VLAN configuration memoryAnswer: A,B23.The Company network administrator needs to enable VTP pruning within the Company network. What action should a network administrator take to enable VTP pruning on an entire management domain?A. Enable VTP pruning on any switch in the management domainB. Enable VTP pruning on any client switch in the domainC. Enable VTP pruning on a VTP server in the management domainD. Enable VTP pruning on every switch in the domainE. None of the other alternatives applyAnswer: C24.VTP is configured on switch R1. Which of the following features were added in VTP version 2 that were not previously supported in VTP version 1? (Select two)A. Supports Token Ring VLANs.B. Allows VLAN consistency checks.C. Saves VLAN configuration memory.D. Reduces the amount of configuration necessary.E. Allows active redundant links when used with spanning tree.Answer: A,B25.The Company switches are configured to use VTP. What's true about the VLAN trunking protocol (VTP)? (Select two)A. VTP messages will not be forwarded over nontrunk links.B. VTP domain names need to be identical. However, case doesn't matter.C. A VTP enabled device which receives multiple advertisements will ignore advertisements with higher configuration revision numbers.D. A device in "transparent" VTP v.1 mode will not forward VTP messages.E. VTP pruning allows switches to prune VLANs that do not have any active ports associated with them.Answer: A,D26.Switch R1 and R2 both belong to the Company VTP domain. What's true about the switch operation in VTP domains? (Select all that apply)A. A switch can only reside in one management domainB. A switch is listening to VTP advertisements from their own domain onlyC. A switch is listening to VTP advertisements from multi domainsD. A switch can reside in one or more domainsE. VTP is no longer supported on Catalyst switchesAnswer: A,B27.VTP devices in a network track the VTP revision number. What is a VTP configuration revision number?A. A number for identifying changes to the network switch.B. A number for identifying changes to the network router.C. A number for identifying changes to the network topology.D. None of the other alternatives apply.Answer: C28.Switch R1 is configured to use the VLAN Trunking Protocol (VTP). What does R1 advertise in itsVTP domain?A. The VLAN ID of all known VLANs, the management domain name, and the total number oftrunk links on the switch.B. The VLAN ID of all known VLANs, a 1-bit canonical format (CF1 Indicator), and the switch configuration revision number.C. The management domain name, the switch configuration revision number, the known VLANs, and their specific parameters.D. A 2-byte TPID with a fixed value of 0x8100 for the management domain number, the switch configuration revision number, the known VLANs, and their specific parameters.E. None of the other alternatives apply.Answer: C29.VTP switches use advertisements to exchange information with each other. Which of the following advertisement types are associated with VTP? (Select all that apply)A. Domain advertisementsB. Advertisement requests from clientsC. Subset advertisementsD. Summary advertisementsAnswer: B,C,D30.Switch R1 is part of the Company VTP domain. What's true of VTP Pruning within this domain? (Select all that apply)A. It does not prune traffic from VLANs that are pruning-ineligibleB. VLAN 1 is always pruning-eligibleC. it will prune traffic from VLANs that are pruning-ineligibleD. VLAN 2 is always pruning-ineligibleE. None of the other alternatives apply.Answer: A。

最新CCNP题库考试内容CCNP全称是：Cisco Certified Network Professional——思科认证网络高级工程师。

NA有效期三年，想考NP的童鞋需要在三年内考完一门NP,每门最长间隔三年，最长九年内需要考完。

考一门NP，NA有效期延长三年，所以NA快过期的童鞋可以选择重认证或者考一门NP。

CCNP包括三门，642-902路由，642-813交换，642-832排错。

思科考试的考题是随机抽取的，CCNP考试的题型跟CCNA一样，满分是1000分，通过分数是790分，考题数目大概如下，希望对备考NP的童鞋们有所帮助:642-902路由考试：考50题左右，一般考52题，实验题考四道，拖图题考一到五道左右，剩下是选择题。

642-813交换考试：考50题左右，一般考52题，实验题考三道，拖图题考一到五道左右，剩下是选择题。

题库后面的无线和语音基本不用看，考不到，考到也是只考一两道。

642-832排错考试：考13TT,选择题、拖图题分别考一两道，总共一般不会超过五道。

选择题、拖图题就没什么好说的了，大家只要记住正确选项就好，拖图题要将所有关键词记住，考试时有可能顺序发生变化。

642-902路由考到的四道实验题：1.EIGRP OSPF Redistribution Sim2.Policy Based Routing Sim3.IPv6 OSPFVirtual Link Sim4.OSPF Sim642-813交换考到的三道实验题：AAAMLS and EIGRP simLACP with STP642-832排错 14TT考13TT Ticket 10 – EIGRPAS 不考，13道TT题，每一道都是3问，3问大概都是：第一问是那个设备出错了，第二问是出了什么错误，第三问就是如何修改错误。

TT题都是选择题，背背就可以了。

cisco认证介绍考试编号：640-802考试时间：90分钟考题数目：50∙60题及格分数：825考试题型：模拟题；少数连线题；多项选择题及单项选择题。

新版的认证内容包含：WAN的连接；网络安全实施；网络类型；网络介质；路由与交换原理；TCP/IP与。

Sl参考模型等旧版CCNA网络基础知识的内容，此外，还新增加了关于无线局域网的基础知识。

除此之外，新版CCNA还能够通过下列两个途径的任意一个来通过认证：一、通过64 0-822 ICND1 (CCENT )新课程与640-816 ICND2 课程二、直接通过640∙802综合认证课程新版CCNA 640-802考试要紧考点：1 .描述网络工作的原理♦清晰要紧网络设备的用途与功能♦能够根据网络规格需求选择组件♦用OSl与TCP/IP模型与有关的协议来解释数据是如何在网络中传输的♦描述常见的网络应用程序包含网页应用程序♦描述OSl与TCP模型下协议的用途与基本操作♦描述基于网络的应用程序(IP音频与IP视频)的效果♦解释网络拓扑图♦决定跨越网络的两个主机间的网络路径♦描述网络与互联通信的结构♦用分层模型的方法识别与改正位于1、2、3与七层的常见网络故障♦区分广域网与局域网的作用与特征2 .配置、检验与检修VLAN与处于交换通信环境的交换机♦选择适当的介质、线缆、端口与连接头来连接交换机跟主机或者者其他网络设备♦解释以太网技术与介质访问操纵方法♦解释网络分段与基础流量管理的概念♦解释基础交换的概念与思科交换机的作用♦完成并检验最初的交换配置任务包含远程访问操纵♦用基本的程序(包含：ping, traceroute, telnet.SSH, arp, ipconfig) -⅛ SHOW&DEBUG命令检验网络与交换机的工作状态♦识别、指定与解决常见交换网络的介质问题、配置问题、自动协商与交换硬件故障♦描述高级的交换技术(包含：VTP, RSTP, VLAN, PVSTP, 802.1q)♦描述VLANs如何创建逻辑隔离网络与它们之间需要路由的必要性♦配置、检验与检修VLANS♦配置、检验与检修思科交换机的trunking♦配置、检验与检修VLAN间路由♦配置、检验与检修VTP♦配置、检验与检修RSTP功能♦通过解释各类情况下SHOW与DEBUG命令的输出来确定思科交换网络的工作状态♦实施基本的交换机安全策略（包含：端口安全、聚合访问、除VLAN1之外的其他VLAN 的管理等等）3.在中等规模的公司分支办公室网络中实现满足网络需求的IP地址规划及IP服务♦描述使用私有IP与公有IP的作用与好处♦解释DHCP与DNS的作用与优点♦在路由器上配置、检验与排错DHCP与DNS操作（包含命令行方式与SDM方式）♦为局域网环境的主机实施静态与动态IP地址服务♦在支持VLSM （变长子网掩码）的网络中计算并应用IP地址规划♦使用VLSM与地址汇总决定合适的无类地址规划，以满足不一致局域网/广域网的地址规划要求♦描述在与IPv4网络共存情况下实施IPv6的技术要求（包含协议放式，双栈方式，隧道方式）♦描述IPv6地址♦鉴定并纠正普通的IP地址与主机配置问题4 .基本的路由器操作与思科设备路由的配置，检查与排错♦描述路由的基本改概念（包含IP数据包转发，路由查询）♦描述思科路由器的运作过程（包含路由器初起过程，POST加电自检，路由器的物理构成）♦选择适当的介质、线缆、端口与连接器将路由器连接到其他的网络设备与主机♦RIPV2的配置，检查与排错♦访问路由器并配置基本的参数（包含命令行方式与SDM方式）♦连接，配置并检查设备接口的工作状态♦检查设备的配置并使用ping, traceroute, telnet, SSH等命令检验网络连接性♦在给定的路由需求下实施并检验静态路由与默认路由的配置♦管理IoS配置文件（包含储存，修改，更新与恢复）♦管理思科IOS♦比较不一致的路由实现方法与路由协议♦OSPF配置，检查与排错♦ElGRP配置，检查与排错♦检查网络连接性（包含使用Ping, traceroute, telnet, SSH等命令）♦路由故障排错♦使用show与debug命令检查路由器的硬件及软件运作状态♦实施静态路由器安全5 .解释并选择适当的可管理无线局域网（WLAN）任务♦描述跟无线有关的标准（包含IEEE, WlFl联盟，ITU/FCC）♦识别与描述小型无限网络构成结构的用途（包含：SSID, BSS, ESS）♦确定无线网络设备的基本配置以保证它连接到正确的介入点♦比较不一致无线安全协议的特性及性能（包含：开放,WPA, WEP-1/2）♦认识在无线局域网实施过程中的常见问题（包含接口，配置错误）6 .识别网络安全威胁与描述减轻这些威胁的通常方法♦描述当前的网络安全威胁并解释实施全面的安全策略以降低安全威胁的必要性♦解释降低网络设备、主机与应用所遭受安全威胁的通常方法♦描述安全设备与应用软件的功能♦描述安全操作规程建议（包含网络设备的的初起安全配置）7.在中小型企业分支办公网络中实施、检验与检修NAT与ACLs♦描述ACLS的作用与类型♦配置与应用基于网络过滤要求的ALCS （包含命令行方式与SDM方式）♦配置与应用ALCS以限制对路由器的telnet与SSH访问（包含命令行方式与SD M方式）♦检查与监控网络环境中的ACLS♦ACL排错♦描述NAT基本运作原理♦配置基于给定网络需求的NAT （包含命令行方式与SDM方式）♦NAT排错8.实施与校验WAN连接♦描述连接到广域网的不一致方式♦配置并检查基本的广域网串行链接♦在思科路由器上配置并检查帧中继♦广域网实施故障排错♦描述VPN （虚拟专用网）技术（包含重要性，优点，影响，构成）♦在思科路由器间配置并检查PPP链接或者者通过640-822 ICND1 （CCENT 新课程）与640-816 ICND2六、CCNA认证的有效期CCNA证书的有效期为三年，如想持续有效，需要在过期前参加重认证（ReCertifiCa tion）的考试，假如你再三年年内考取了更高级别的CiSCo认证，则CCNA认证的有效期自动更新。

可编辑修改精选全文完整版中国联通IT专业能力认证初级云计算、中级云计算题库精选目录一、单选题 (1)二、多选题 (20)三、判断题 (31)一、单选题第1题，Linux中，变换工作目录的指令为：A、bcB、cdC、pwdD、ls【参考答案】B第2题，以下Linux的账户中，权限最大的是：A、guestB、linuxC、adminD、root【参考答案】D第3题，“把市场分析透彻，充分摸清市场需求，把握关键要素，合理配置资源，改进内部管理，提升工作效率，为市场经营提供强有力的支撑和服务”是为了符合下面哪一项的要求。

A、一切为了一线B、一切为了市场C、一切为了客户D、一切为了用户【参考答案】B第4题，以下组件中属于OpenStack的组件是：A、EC2B、NeutronC、HBaseD、Vmotion【参考答案】B第5题，要使用环境变量或其他shell变量，必须在变量面前加上一个（）符号，而不能直接使用变量名？A、$B、#C、！D、~【参考答案】A第6题，vSphere 6.0中不支持的数据存储类型是：A、Virtual SAN数据存储B、ISCSI数据存储C、VMFS数据存储D、NFS数据存储【参考答案】B第7题，某企业在讨论即将进行的虚拟化项目，会议上提到Vcenter，并讨论了是否需要虚拟化Vcenter，以方便主机管理。

下列选项中哪个是虚拟化Vcenter的优势？A、Vcenter可以轻松实现虚拟化，HA可在需要时用于重新启动虚拟机B、Vcenter域管理员密切相关，因而不能进行虚拟化C、Vcenter只能在使用本地存储时进行虚拟化D、Vcenter可以进行虚拟化，但必须在32位服务器上部署【参考答案】A第8题，采购系统和内部商城下工程项目订单时需要关联下列哪一项？A、PMS的项目编码和ERP核心的任务编码B、PMS系统中的子项目编码C、PMS项目编码D、ERP核心项目编码和任务编码【参考答案】D第9题，在vSphere 6.0 中单个群集最多可以支持多少个节点？单个主机最大内存是多少？A、32个; 4TBB、24个; 2TBC、64个; 12TBD、16个; 1TB【参考答案】C第10题，Vsphere可以解决的管理难题是：A、可以消除变更管理流程B、流程会自动更新C、遗留应用可以在新硬件上运行D、可以远程协助【参考答案】C第11题，计算机中对数据进行加工处理的部件，通常称为：A、控制器B、显示器C、运算器D、存储器【参考答案】C第12题，使用下面的哪条命令可以为指定的文件建立一个硬链接？A、links -sB、ln -sC、linksD、ln【参考答案】D第13题，2019～2021年度IT总体规划中设定的2019年的需求交付及时率目标是不低于：A、70%B、50%C、99%D、90%【参考答案】D第14题，以下哪项是对虚拟机的最佳描述？A、执行虚拟化软件测试程序的物理机B、一种旨在提供网络故障切换和故障恢复功能的计算机工具C、一种软件计算机，其中封装了物理硬件D、通过软件实施的计算机，可以像物理机一样执行程序【参考答案】D第15题，下列关于Vmware的说法，描述错误的是：A、不具有复原（Undo）功能。

The safer , easier way to help you pass any IT exams.Exam : 640-802Title :Version : DEMOCisco Certified Network Associate1. Refer to the exhibit. What could be possible causes for the "Serial0/0 is down" interface status? (Choose two.)A. A Layer 1 problem exists.B. The bandwidth is set too low.C. A protocol mismatch exists.D. An incorrect cable is being used.E. There is an incorrect IP address on the Serial 0/0 interface.Answer: AD2. Before installing a new, upgraded version of the IOS, what should be checked on the router, and which command should be used to gather this information? (Choose two.)A. the amount of available ROMB. the amount of available flash and RAM memoryC. the version of the bootstrap software present on the routerD. show versionE. show processesF. show running-configAnswer: BD3. Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?A.B.C.D.E.F.Answer: D4. Refer to the exhibit. Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)A. Host E and host F use the same IP gateway address.B. Router1 and Switch2 should be connected via a crossover cable.C. Router1 will not play a role in communications between host A and hostD.D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type.Answer: DF5. Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.)A. It ensures that data will be forwarded by RouterB.B. It provides stability for the OSPF process on RouterB.C. It specifies that the router ID for RouterB should be 10.0.0.1.D. It decreases the metric for routes that are advertised from RouterB.E. It indicates that RouterB should be elected the DR for the LAN.Answer: BC6. A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three.)A. A switch in the VTP client mode cannot update its local VLAN database.B. A trunk link must be configured between the switches to forward VTP updates.C. A switch in the VTP server mode can update a switch in the VTP transparent mode.D. A switch in the VTP transparent mode will forward updates that it receives to other switches.E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number.F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership.Answer: ABD7. Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two.)A. RAMB. NVRAMC. flash memoryD. HTTP serverE. TFTP serverF. Telnet serverAnswer: CE8. What are two reasons a network administrator would use CDP? (Choose two.)A. to verify the type of cable interconnecting two devicesB. to determine the status of network services on a remote deviceC. to obtain VLAN information from directly connected switchesD. to verify Layer 2 connectivity between two devices when Layer 3 failsE. to obtain the IP address of a connected device in order to telnet to the deviceF. to determine the status of the routing protocols between directly connected routersAnswer: DE9. Refer to the exhibit. Both switches are using a default configuration. Which two destination addresses will host 4 use to send data to host 1? (Choose two.)A. the IP address of host 1B. the IP address of host 4C. the MAC address of host 1D. the MAC address of host 4E. the MAC address of the Fa0/0 interface of the R1 routerF. the MAC address of the Fa0/1 interface of the R1 routerAnswer: AF10. Refer to the exhibit. The router has been configured with these commands:hostname Gatewayinterface FastEthernet 0/0ip address 198.133.219.14 255.255.255.248no shutdowninterface FastEthernet 0/1ip address 192.168.10.254 255.255.255.0no shutdowninterface Serial 0/0ip address 64.100.0.2 255.255.255.252no shutdownip route 0.0.0.0 0.0.0.0 64.100.0.1What are the two results of this configuration? (Choose two.)A. The default route should have a next hop address of 64.100.0.3.B. Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing.C. The address of the subnet segment with the WWW server will support seven more servers.D. The addressing scheme allows users on the Internet to access the WWW server.E. Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation.Answer: DE11. As a CCNA candidate, you need to know EIGRP very well. Which tables of EIGRP route informationare held in RAM and maintained through the use of hello and update packets? Please choose two appropriate tables and drag the items to the proper locations.Answer:Only the neighbor table and the topology table of EIGRP route information are held in RAM and maintained through the use of hello and update packets.12.What is the maximum data rate specified for IEEE 802.11b WLANs?A.10MbpsB.11MbpsC.54MbpsD.100MbpsAnswer:B13.How does using the service password-encryption command on a router provide additional security?A.by encrypting all passwords passing through the routerB.by encrypting passwords in the plain text configuration fileC.by requiring entry of encrypted passwords for access to the deviceD.by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchangesE.by automatically suggesting encrypted passwords for use in configuring the routerAnswer:B14.Refer to the exhibit. When running OSPF, What would cause router A not to form an adjacency with router B?A.The loopback addresses are on different subnets.B.The values of the dead timers on the routers are different.C.Route summarization is enabled on both routers.D.The process identifier on router A is different than the process identifier on router B.Answer:B15.Refer to the exhibit. What statement is true of the configuration for this network?A.The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.B.Because of the addressing on interface FastEthemet0/1, the Seria0/0 interface address will not support the NAT configuration as shown.C.The number 1 referred to in the ip nat inside source command references access-list number1.D.ExtemalRouter must be configured with static routers to networks 172.16.2.0/24.Answer:C16.Refer to the exhibit. The network is converged.After link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets 208.149.23.64 and 208.149.23.96?A. 208.149.23.64[110/13] via 190.173.23.10,00:00:07, FastEthemet0/0208.149.23.96[110/13] via 190.173.23.10,00:00:16, FastEthemet0/0B. 208.149.23.64[110/1] via 190.172.23.10,00:00:07, Serial1/0208.149.23.96[110/3] via 190.173.23.10,00:00:16, FastEthemet0/0C. 208.149.23.64[110/13] via 190.173.23.10,00:00:07, Serial1/0208.149.23.96[110/13] via 190.173.23.10,00:00:16, Serial1/0208.149.23.96[110/13] via 190.173.23.10,00:00:16, FastEthemet0/0D. 208.149.23.64[110/3] via 190.172.23.10,00:00:07, Serial1/0208.149.23.96[110/3] via 190.173.23.10,00:00:16, Serial1/0Answer:A17.Refer to exhibit. The company uses EIGRP as the routing protocol. What path will packets take from a host on 192.168.10.192/26 network to a host on the LAN attached to router R1?A.The path of the packets will be R3 to R2 to R1.B.The path of the packets will be R3 to R1 to R2.C.The path of the packets will be both R3 to R2 to R1 AND R3 to R1.D.The path of the packets will be R3 to R1.Answer:D18.Refer to the exhibit. Switch port FastEthemet 0/24 on ALSwitch1 will be used to create an IEEE 802.1Q-compliant trunk to another switch. Based on the output shown, What is the reason the truck does not form, even though the proper cabling has been attached?A.VLANs have not been created yet.B.An IP address must be configured for the port.C.The port is currently configured for access mode.D.The correct encapsulation type has not been configured.E.The no shutdown command has not been entered for the port.Answer:C19.Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?A.Switch1B.SWitch2C.Switch3D.Switch4 Answer:A。

CompTIA IT认证考试练习题参考答案题目一：1. 问题：什么是计算机网络？答案：计算机网络是指通过通信链路连接起来的多个计算机和其他网络设备，共享信息和资源的系统。

2. 问题：TCP/IP协议族中的四层网络模型分别是什么？答案：四层网络模型分别是应用层、传输层、网络层和网络接口层。

3. 问题：Ping命令的作用是什么？答案：Ping命令用于检查网络连接是否正常，通过向目标主机发送ICMP Echo请求并等待回复来判断通信是否可用。

4. 问题：什么是IP地址？答案：IP地址是指用于唯一标识设备在网络中的地址，由32位二进制数表示，分为网络部分和主机部分。

5. 问题：什么是子网掩码？答案：子网掩码用于划分IP地址中的网络部分和主机部分，与IP 地址进行逻辑运算，得到主机所在的网络地址。

题目二：1. 问题：什么是操作系统？答案：操作系统是计算机系统中的核心软件，负责管理和控制计算机的硬件和软件资源，提供用户与计算机的接口。

2. 问题：常见的操作系统有哪些？答案：常见的操作系统有Windows、Linux、macOS、iOS、Android等。

3. 问题：什么是进程？答案：进程是指正在运行的程序的实例，是操作系统进行资源分配和调度的基本单位。

4. 问题：什么是文件系统？答案：文件系统是操作系统用于管理存储设备上的文件和目录的一种机制，提供对文件的读写、管理和保护等功能。

5. 问题：什么是虚拟内存？答案：虚拟内存是操作系统将磁盘空间用作缓存的一部分，用于扩展实际内存的容量，提高系统的运行效率。

题目三：1. 问题：什么是数据库？答案：数据库是指按照一定的数据结构存储、管理和组织数据的仓库，可以高效地存储和检索大量数据。

2. 问题：什么是关系型数据库？答案：关系型数据库是指使用关系模型进行数据组织和管理的数据库，数据以表格的形式表示，具有结构化特点。

3. 问题：什么是SQL语言？答案：SQL（Structured Query Language）是一种用于管理关系型数据库的标准化查询语言，用于对数据库进行操作和查询。

[题库讲解]CCNP 642-892 V3.95题库分析1 1．In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Choose three.) A. STP B. CDP C. EAP MD5 D. TACACS+ E. EAP-over-LAN F. protocols not filtered by an ACL Answer: ABE 解释一下：IEEE 802.1X认证成功之前，客户连接的端口在LAN上只允许传递可扩展的认证协议（EAPOL），CDP,和生成树的STP。

只有认证成功后才可以传递正常的流量。

2．Which protocol specified by RFC 2281 provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits? A. STP B. IRDP C. ICMP D. HSRP Answer: D 解释一下：RFC 2281中定义的是HSRP。

3．What will be the effect of applying the VLAN access map configuration on a switch? Router(config)# vlan access-map thor 10 Router(config-access-map)# match ip address net_10 Router(config-access-map)#action forward Router(config-access-map)#exit Router(config)# vlan filter thor vlan-list 12-16 A. All VLAN 12 through 16 IP traffic matching net_10 is forwarded and all other IP packets are dropped. B. IP traffic matching vlan-list 12-16 is forwarded and all other IP packets are dropped. C. IP traffic matching net_10 is dropped and all other IP packets are forwarded to VLANs 12 through 16.D. All VLAN 12 through 16 IP traffic is forwarded, other VLAN IP traffic matching net_10 is dropped. Answer: A 解释一下：这是关于VLAN access map 的使用，这是针对vlan-list中的VLAN中的流量进行的过滤，只有在vlan access-map中定义的forward的流量才可以在vlan-list中规定的VLAN中通过。

唐钢集团CCNP课程培训测试题姓名：成绩：一、选择题：（单选，共20题，每题4分）1．如下图所示，拓扑表中，数字3011840 和3128695 代表什么？-------------------------（）A．应用于该路由器EIGRP 路由的路由度量B．路由信息来源的可信度C．到目的网络的跳数和带宽的复合度量D．由EIGRP 邻居通告的网络总度量2．请参见图示。

该公司在编号为10 的自治系统中使用EIGRP。

路由器A 和路由器B 所连接网络上的主机能够相互ping 通。

但是，192.168.3.0 网络上的用户无法访问192.168.1.32 网络上的用户。

此问题最可能的原因是什么？---------------------------------------------------（）A启用了无类IP，从而导致数据包被丢弃。

B路由器C 上未使用network 192.168.1.32 命令。

C没有将路由器配置在相同的EIGRP 路由域中。

D网络自动总结导致各子网的路由被丢弃。

3．请参见图示。

网络192.168.0.0/28 断开。

Router2 会立即向Router1 和Router3 发送什么类型的数据包？---------------------------------------------------------------------------------------------------（）A查询网络192.168.0.0/28 的查询数据包B到224.0.0.9 的确认数据包C发送到255.255.255.255 的更新数据包D包含R2 新路由表的数据包发送到192.168.1.1 和192.168.2.1 的单播更新数据包4．请参见图示。

所有接口都已配置为如图所示的带宽。

假设所有路由器都是使用默认的EIGRP 配置作为路由协议，那么从172.16.1.0/16 网络发往192.168.200.0/24 网络的数据包会采用哪一条路径？--------------------------------------------------------------------------------------------------------------------（）A. A-B-EB. A-C-EC. A-D-ED.数据包会在A、B、E 和A、C、E 路径之间实施负载均衡。