思科ITE第二章

Cisco Systems, Inc. 思科在全球设有 200 多家办事机构。

地址、电话号码和传真号码 均在思科网站上列出，网址为： /go/offices 。

思科 Small BusinessCisco FindIT Network Discovery Utility 版本 2.0快速入门指南文本部件编号： 78-21387-02本手册中的规定和信息如有变更，恕不另行通知。

我们相信本手册中的所有声明、信息和建议均准确可靠，但不提供任何明示或暗示的担保。

用户应承担使用产品的全部责任。

产品配套的软件许可证和有限担保在随产品一起提供的信息包中提供，且构成本文的一部分。

如果您找不到软件许可或有限担保，请与思科代表联系以索取副本。

思科执行的 TCP 报头压缩是对加州大学伯克利分校 (UCB) 开发的某一程序的修改，它是 UNIX 操作系统的 UCB 公用版的一部分。

保留所有权利。

Copyright © 1981，加利福尼亚州大学董事会。

无论本手册中是否有任何其他担保，这些供应商的所有文档文件和软件均按“原样”提供，可能包含缺陷。

思科及其上述供应商不承担任何明示或暗示的担保， 包括（但不限于）商品适销性、对特定用途的适用性、非侵权担保，或因任何交易、使用或贸易行为而产生的担保责任。

在任何情况下，对于任何间接、特殊、连带发生或偶发的损坏，包括（但不限于）因使用或无法使用本手册而导致的任何利润损失或数据损失/损坏，思科及其供应商概不负责，即使思科及其供应商已获知此类损坏的可能性也不例外。

思科和思科徽标是思科和/或其附属公司在美国和其他国家/地区的注册商标。

要查看思科的商标列表，请访问此 URL：/go/trademarks。

文中提及的第三方商标为其相应所有人的财产。

使用“合作伙伴”一词并不暗示思科和任何其他公司之间存在合作关系。

(1110R)本文档中使用的任何互联网协议 (IP) 地址和电话号码并不代表实际地址和电话号码。

1静态路由较之动态路由有哪两项优点？（请选择两项。

）•正确响应您的响应•o由于静态路由不通过网络进行通告，因此比较安全。

o静态路由随着网络不断发展而进行扩展。

o正确实施静态路由所需的网络知识很少。

o静态路由比动态路由使用的路由器资源少。

o静态路由更容易进行大型网络配置。

静态路由需要充分了解整个网络才能正确实施。

它非常容易出错，且不能针对大型网络扩展。

静态路由使用更少的路由器资源，因为更新路由不需要计算。

由于它不通过网络通告，静态路由也比较安全。

此试题参考以下领域的内容：Routing and Switching Essentials•2.1.1 静态路由2 请参见图示。

允许PC A 和PC B 在路由器CPU 和网络带宽使用率最低的情况下访问互联网的路由解决方案是什么？2请参见图示。

允许PC A 和PC B 在路由器CPU 和网络带宽使用率最低的情况下访问互联网的路由解决方案是什么？•正确响应您的响应•o配置一条从R1 到Edge 的静态路由和一条从Edge 到R1 的动态路由。

o配置一条从R1 到Edge 的静态默认路由、一条从Edge 到互联网的默认路由以及一条从Edge 到R1 的路由。

o配置一条从R1 到Edge 的动态路由和一条从Edge 到R1 的静态路由。

o配置R1 和Edge 间的动态路由协议，并通告所有路由。

必须创建两个路由：在R1 中创建默认路由来访问“边缘”，在“边缘”中创建静态路由以访问返回流量的R1。

PC A 和PC B 属于末端网络后，这就是最佳解决方案。

而且，静态路由使用的带宽少于动态路由。

此试题参考以下领域的内容：Routing and Switching Essentials•2.1.1 静态路由3 浮动静态路由的正确语法是什么？3浮动静态路由的正确语法是什么？•正确响应您的响应•o ip route 209.165.200.228 255.255.255.248 serial 0/0/0o ip route 209.165.200.228 255.255.255.248 10.0.0.1 120o ip route 0.0.0.0 0.0.0.0 serial 0/0/0o ip route 172.16.0.0 255.248.0.0 10.0.0.1将浮动静态路由用作备用路由，常常是从动态路由协议学习的路由。

思科ITE章考试原题及答案图文稿思科I T E章考试原题及答案集团文件版本号：（M928-T898-M248-WU2669-I2896-DQ586-M1988）清洁计算机内部可以减少以下哪种负面环境因素？灰尘在清洁计算机机箱内部时，直接喷射压缩空气容易损坏下列哪种组件？风扇在生产车间，一个家具工厂用笔记本电脑来实现进程监控和报告。

生产车间的环境温度大约为27 摄氏度（80 华氏度）。

湿度相当高，大约为70%。

风扇安装在通风口顶部。

这里的木屑灰尘非常多。

以下哪个条件最可能对在这一环境中使用的笔记本电脑产生不利影响？灰尘蔬菜罐头工厂使用笔记本电脑来监控生产线。

生产环境的环境温度大约是 24 摄氏度（75 华氏度）。

湿度约为 30%。

由于装罐设备的使用，因此噪音很高。

笔记本电脑放在一个木箱中，木箱三面距离笔记本电脑较近。

以下哪个因素最可能对在这一环境中使用的笔记本电脑产生不利影响？放置笔记本电脑的木箱科考队正在用笔记本电脑工作。

科学家们工作地点的温度范围为 -13 华氏度（-25 摄氏度）到 80 华氏度（27 摄氏度）。

湿度约为 40%。

噪声水平较低，但地形崎岖，风速可达每小时 45 英里（每小时 72 公里）。

在需要时，科学家们会停下脚步，用笔记本电脑输入数据。

下列哪一项条件最有可能对于在此环境下使用的笔记本电脑造成负面影响？温度以下哪一项是制定预防性维护计划的一部分？记录每项维护任务的详细信息和频率技术人员正在施工现场执行 PC 硬件维护。

作为预防性维护计划的一部分，技术人员应该执行什么任务？进气风扇除尘。

以下哪项任务应作为硬件维护例行程序的一部分？检查并固定任何松动的电缆。

在测试导致某个问题的若干可能原因时，应该首先测试哪类原因？最容易最明显的原因在解决计算机问题时可以使用下列哪两项物品来帮助制定行动计划（选择两项。

）计算机手册计算机维修历史记录日志为客户排除计算机故障之前应该备份哪两类数据（选择两项。

HardwareCisco 3800 Series Integrated Services Routers (ISR)Cisco 1800 Series Integrated Services Routers (ISR)Cisco Catalyst 3560 Series SwitchesCisco ASA 5500 Series Adaptive Security AppliancesCisco IPS Series 4200 Intrusion Prevention System sensorsCisco Secure Access Control Server for WindowsSoftwareCisco ISR Series running IOS Software Version 12.4T Advanced Enterprise Services feature set is used on all routersCisco Catalyst 3560 Series Switches running Cisco IOS Software Release 12.2(44)SE or aboveCisco ASA 5500 Series Adaptive Security Appliances OS Software Version 8.xCisco IPS Software Release 6.1.xCisco VPN Client Software for Windows, Release 5.xCisco Secure ACS for Windows Version 4.1V3 BlueprintI Implement secure networks using Cisco ASA FirewallsPerform basic firewall InitializationConfigure device managementConfigure address translation (nat, global, static)Configure ACLsConfigure IP routingConfigure object groupsConfigure VLANsConfigure filteringConfigure failoverConfigure Layer 2 Transparent FirewallConfigure security contexts (virtual firewall)Configure Modular Policy FrameworkConfigure Application-Aware InspectionConfigure high availability solutionsConfigure QoS policiesⅡImplement secure networks using Cisco IOS Firewalls Configure CBACConfigure Zone-Based FirewallConfigure AuditConfigure Auth ProxyConfigure PAMConfigure access controlConfigure performance tuningConfigure advanced IOS Firewall featuresⅢImplement secure networks using Cisco VPN solutions Configure IPsec LAN-to-LAN (IOS/ASA)Configure SSL VPN (IOS/ASA)Configure Dynamic Multipoint VPN (DMVPN) Configure Group Encrypted Transport (GET) VPNConfigure Easy VPN(IOS/ASA)Configure CA(PKI)Configure Remote Access VPNConfigure Cisco Unity ClientConfigure Clientless WebVPNConfigure AnyConnect VPNConfigure XAuth, Split-Tunnel, RRI, NAT-TConfigure High AvailabilityConfigure QoS for VPNConfigure GRE, mGREConfigure L2TPConfigure advanced Cisco VPN featuresIV Configure Cisco IPS to mitigate network threatsConfigure IPS 4200 Series Sensor ApplianceInitialize the Sensor ApplianceConfigure Sensor Appliance managementConfigure virtual Sensors on the Sensor ApplianceConfigure security policiesConfigure promiscuous and inline monitoring on the Sensor Appliance Configure and tune signatures on the Sensor ApplianceConfigure custom signatures on the Sensor ApplianceConfigure blocking on the Sensor ApplianceConfigure TCP resets on the Sensor ApplianceConfigure rate limiting on the Sensor ApplianceConfigure signature engines on the Sensor ApplianceUse IDM to configure the Sensor ApplianceConfigure event action on the Sensor ApplianceConfigure event monitoring on the Sensor ApplianceConfigure advanced features on the Sensor ApplianceConfigure and tune Cisco IOS IPSConfigure SPAN & RSPAN on Cisco switchesjfdk 来源：考试大思科认证考试V Implement Identity ManagementConfigure RADIUS and TACACS+ security protocolsConfigure LDAPConfigure Cisco Secure ACSConfigure certificate-based authenticationConfigure proxy authenticationConfigure 802. 1xConfigure advanced identity management featuresConfigure Cisco NAC FrameworkVI Implement Control Plane and Management Plane SecurityImplement routing plane security features (protocol authentication, route filtering)Configure Control Plane PolicingConfigure CP protection and management protectionConfigure broadcast control and switchport securityConfigure additional CPU protection mechanisms (options drop,logging interval)Disable unnecessary servicesControl device access (Telnet, HTTP, SSH, Privilege levels)Configure SNMP, Syslog, AAA, NTPConfigure service authentication (FTP, Telnet, HTTP, other)Configure RADIUS and TACACS+ security protocolsConfigure device management and securityVII Configure Advanced SecurityConfigure mitigation techniques to respond to network attacks Configure packet marking techniquesImplement security RFCs (RFC1918/3330,RFC2827/3704)Configure Black Hole and Sink Hole solutionsConfigure RTBH filtering (Remote Triggered Black Hole)Configure Traffic Filtering using Access-ListsConfigure IOS NATConfigure TCP InterceptConfigure uRPFConfigure CARConfigure NBARConfigure NetFlowConfigure Anti-Spoofing solutionsConfigure PolicingCapture and utilize packet capturesConfigure Transit Traffic Control and Congestion ManagementConfigure Cisco Catalyst ad vanced security featuresVⅢI Identify and Mitigate Network AttacksIdentify and protect against fragmentation attacksIdentify and protect against malicious IP option usageIdentify and protect against network reconnaissance attacksIdentify and protect against IP spoofing attacksIdentify and protect against MAC spoofing attacksIdentify and protect against ARP spoofing attacksIdentify and protect against Denial of Service (DoS) attacksIdentify and protect against Distributed Denial of Service(DDoS) attacksIdentify and protect against Man-in-the-Middle (MiM) attacksIdentify and protect against port redirection attacksIdentify and protect against DHCP attacksIdentify and protect against DNS attacksIdentify and protect against Smurf attacksIdentify and protect against SYN attacksIdentify and protect against MAC Flooding attacksIdentify and protect against VLAN hoping attacksIdentify and protect against various Layer2 and Layer3 attacks。

PublicFiber Optic Transceiver Breakout Cable Ordering Guide: Cisco NexusStep 1:Identify your breakout cable assemblyby performance level, fiber type andconnector end for your application*Scenario References: Tables 1 and 3 utilize breakout cassettes, Tables 2 and 4 utilize breakout harness cabling.connector end for your application*Scenario References: Tables 1 and 3 utilize breakout cassettes, Tables 2 and 4 utilize breakout harness cabling.QDD-4X100G-LR-Sconnector end for your applicationDescriptionThe QDD-8X100G-FR module supports 100G breakout link lengths of up to 2 km. The module has eight pairs of single-mode fiber with MPO-12 APC connectors. It is compliant to the IEEE 802.3cu for100GBASE- FR1. The 400 Gigabit Ethernet signal is carried over eight parallel lanes by one wavelength per lane. It can be used as 8x100G breakout to QSFP28 100G-DR (up to 500 m), 100G-FR (2 km), and 100GLR (2 km). It may also be used as two independent 400GBASE-DR4 transceivers in a single port. FEC is performed on the host platform.The QDD-400G-SR4.2-BD module supports link lengths of up to 150m over. The module has 4 pairs using two wavelengths for both Tx and Rx bidirectionally (850nm and 910nm). This is accomplished using pairs 1-4 and 9-12 of a MPO-12 connector, which can be broken out to Duplex LC.The QDD-400G-DR4-S module supports link lengths of up to 500m parallel singlemode fiber (SMF) with MPO-12 connector. It is compliant to IEEE 802.3bs protocol and 400GAUI-8/CEI-56G-VSR-PAM4 standards. The 400 GbE signal is carried over four parallel lanes by one wavelength per lane. Thistransceiver requires patch cords with Angled Physical Contact (APC) MPO connectors. It can be used as 4 x100G breakout to QSFP28-100G-FR-S. FEC is performed on the host platformThe QDD-4X100-FR-S module supports link lengths of up to 2km parallel singlemode fiber (SMF) with an MPO-12 connector. It is compliant to IEEE 802.3cu protocol. The 400GbE signal is carried over four parallel lanes by one wavelength per lane. This transceiver requires patch cords with Angled Physical Contact (APC) MPO connectors.The QDD-4X100G-LR-S module supports link lengths of up to 10km parallel singlemode fiber (SMF) with a n MPO-12 connector. It is compliant to the IEEE 802.3cu 100GBASE-LR1, and 400GAUI-8/CEI-56G VSRPAM4 standards. The 400GbE signal is carried over four parallel lanes by one wavelength per lane. It can be used as 4x100G breakout to QSFP28 100G-DR, 100G-FR, and 100G-LR. This transceiver requires patch cords with Angled Physical Contact (APC) MPO connectors. FEC is performed on the host platform.The QDD-2X100-SR4-S module supports link lengths of up to 100m on OM4 MMF with an MPO-24 connector. It is compliant to IEEE 802.3 100GBASE-SR4 requirements. The module provides backwards compatibility to two 100GBASE-SR4 transceivers, improving port efficiency to legacy 100G optical interfacesThe QDD-2X100-CWDM4-S module supports link length of up to 2km over SMF and uses a dual duplex CS connector. It is compliant to the 100G-CWDM4 MSA. The 100GbE signal is carried over four CWDM grid optical wavelengths at 25Gb/s each. FEC is performed on the host platform.QDD-8X100G-FRQDD-400G-SR4.2-BDQDD-2X100-SR4-SQDD-2X100-CWDM4-SQDD-4X100-FR-SQDD-400G-DR4-SDescriptionThe QDD-2X100-LR4-S module supports link lengths up to 10km over SMF and uses a dual duplexCS connector. It is compliant to IEEE 802.3 100GBASE-LR4 requirements. The module providesbackward compatibility to two 100GBASE-LR4 transceivers, improving port efficiency to legacy100G optical interfaces.The QSFP-100G-SL4 module supports link lengths up to 30m over OM4 MMF with MPO-12 connectors. Itprimarily enabled high-bandwidth optical links over 12-fiber parallel fiber terminated with MPO connectors.This transceiver supports 100GBase Ethernet rate. it is interoperable with QSFP-100G-SR4-S andSFP-25G-SL or SFP-25G-SR-S in breakout mode where in all cases the reach is limited to 30 m.The QSFP-100G-SR4-S module supports link lengths up to 100m over OM4 MMF with MPO-12connectors. It primarily enables high-bandwidth 100G optical links over 12-fiber parallel fiber terminatedwith MPO connectors. This transceiver supports 100GBase Ethernet rate.The QSFP-100G-PSM4-S module supports link lengths up to 500m over SMF with MPO-12 connectors.The 100GbE signal is carried over 12-fiber parallel fiber terminated with MPO connectors.The QSFP-4X10G-LR-S module supports link lengths up to 10km over SMF with MPO-12 connectors. Itenables high-bandwidth 40G optical links over 12-fiber parallel fiber terminated with MPO connectors. It isoptimized to guarantee interoperability in 4x10G mode over the full specification rang of 10GBASE-LR andthe SFP-10/25G-LR-S (in 10G mode). QSFP-4X10G-LR-S does not support FCoE.The QSFP-40G-SR4 module supports link lengths up to 150M on OM4 MMF. It primarily enables high-bandwidth 40G optical links over 12-fiber parallel fiber terminated with MPO connectors. It is interoperablewith any IEEE 40GBASE-SR4 and in 4x10G mode with 10GBASE-SR and SFP-10/25G-CSR (in 10G mode).It can also be used in a 4x10G breakout mode for interoperability with 10GBASE-SR and SFP-10/25GCSR-S (in 10G mode) interfaces up to 150m on OM4. The 4x10G connectivity is achieved using an external12-fiber parallel to 2-fiber duplex breakout cable, which connects the 40GBASE-SR4 module to four10GBASE-SR optical interfaces.The QSFP-40G-CSR4 module supports link lengths up to 400m on parallel OM4 MMF fiber using MPO-12 connectors. Each 10G lane of this module is compliant to the IEEE 10GBASE-SR specification. Thismodule can be used for native 40G optical links over 12-fiber parallel cables with MPO connectors or ina 4x10G breakout mode with parallel to duplex fiber breakout cables for connectivity to four 10GBASE-SR interfaces. Cisco QSFP-40G-CSR4 is optimized to guarantee interoperability over the completespecification range of 10GBASE-SR.connector end for your applicationQSFP-100G-PSM4-SQDD-2X100-LR4-SQSFP-100G-SR4-SQSFP-100G-SL4QSFP-40G-SR4QSFP-40G-CSR4QSFP-4X10G-LR-SDescription (non-breakout transceivers)The SFP-25G-SR-S module supports a link length of 70/100m on OM3/4 multimode fiber (MMF). This module requires RS-FEC on the host ports.The SFP-10/25G-CSR module supports a link length of up to 300/400m over OM3/4 at 10G, and up to 300/400m over OM3/4 at 25G*. It also supports link lengths of 82m over OM2 at 10G, and up to 70m over OM2 at 25G. This module requires RS-FEC on the host port for full reach operation at 25G. Using BASE-R FEC the module can support 70/100m over OM3/4 and with-out FEC it can support 30/50m over OM3/4 at 25G*. For 10G operation FEC is not required.The SFP-10/25G-LR-S module supports a link length of 10km on standard singlemode fiber (SMF) G.652 at both 10G and 25G. This module requires RS-FEC on the host ports for operation at 25G.The 10GBASE-SR module supports a link length of 26m on standard Fiber Distributed Data Interface (FDDI) grade multimode fiber (MMF). Using 2000 MHz*km MMF (OM3), up to 300m link lengths are possible. Using 4700 MHz*km MMF (OM4), up to 400m link lengths are possible.The 10GBASE-LR module supports a link length of 10km on standard G.652 singlemode fiber (SMF).Cisco Resources:Cisco Optics-to-Device Compatibility Matrix visit, https:// .Cisco Optics-Innovation for the 400G era and beyond, visit /go/optics .connector end for your application10GBASE-SRSFP-25G-SR-SSFP-10/25G-LR-SSFP-10/25G-CSR10GBASE-LRStep 2:Identify the enclosure system(s) that meet your application needs. Universal wired fiber cassettes provide optimal interoperability across fiber cabling systems.™™ Fiber Connector is • and polarity • ISO/IEC)• • ™ on increase test variability)• ™ Patch ™ Fiber Signature Core ™ Fiber Signature Core ™ OM4+ Fiber Optic OM5 solutions.• ignature Core ™ OM4+ Cabling• Signature Core ™ Fiber Media™ HD Flex ™ Fiber EnclosuresThe HD Flex ™ Fiber Cabling System is the highest density solution designed to set you free by removing the barriers of architecture, deployment, scalability and maintenance challenges.• Provides up to 144 fibers (72 duplex ports) per RU of density• Enclosures and panels are adaptable between 4, 6, and 12-port configurations• Split tray feature allows each half of the tray to be pulled out independentlyFor more information about the HD Flex ™ Fiber Cabling System, reference the system brochure or visit /hdflexOpticom ® Fiber EnclosuresOpticom ® Fiber Enclosures accept pre-terminated, splice-on, and field terminated fiber connectivity.• Slide-out, tilt-down drawer provides up to 96 LC fibers per RU• Integral bend radius control and cable management for fiber optic patch cordsFor more information about the Opticom ®Fiber Enclosures, reference the spec sheetQuickNet ™ Patch PanelsPanduit QuickNet ™ Patch Panels provide the flexibility to deployment both copper and fiber connectivity in the same RU.• High-density patch panels conserve valuable rack space with 96 fibers (48 duplex ports) per RU • Available in flat or angled patch panels to facilitate proper bend radius control and minimize the need for horizontal cable managersFor more information about the QuickNet ™ Fiber Cabling System, reference the QuickNet ™ Data Center Application GuideFor more information about universal wired fiber cassettes, see our video .Step 3:Select the components to build out your end-to-end fiber connectivity channel.Note: Tables 1 and 3 utilize breakout cassettes, Tables 2 and 4 utilize breakout harness cabling.FHMP-6-BCG FLEX1U06FLEX1U06FHC3ZO-08-10BFRZT^77Y001F*FQMAP66CG QAPP24BL FYZT^78Y001F*QAPP24BL FQ3ZO-08-10BOpticom OpticomFAPH0612CGMPO FCE1U FCE1U FC3XN-16-10NMBN^^^Interconnects, trunk cable and patch cords are available in P = OFNO (Plenum), R = ONFR (Riser), L = LSZH or B = Euroclass B2ca.^^Cassettes offers 2-MPO12 inputs to 8-LC Duplex outputs.™ – 12 to 4xLC Duplex Breakout Harness Cabling FHMP-6-BCG FLEX1U06FLEX1U06FHMP-6-BCGFRZT^77Y001F*FYZT^88Y001F*FAPH0612CGMPO FCE1U FCE1U FAPH0612CGMPO^Interconnects, trunk cables and harnesses are available in P = OFNO (Plenum), R = ONFR (Riser), L = LSZH or B = Euroclass B2ca.VISIT OUR PART CONFIGURATORS ATStep 3: (continued)Select the components to build out your end-to-end fiber connectivity channel.HD FlexFHMP-6-ABL FLEX1U06FLEX1U06FHC39N-08–10AQuickNet QuickNetFR9T^77A001F*FQMAP65BL QAPP24BL FY9T^78A001F*QAPP24BL FQ39N-08-10A F92E^LNLNSNM*Opticom OpticomFAPH0612BLMPO FCE1U FCE1U FC39N-16-10NMAN^^^Interconnects, trunk cable and patch cords are available in P = OFNO (Plenum), R = ONFR (Riser), L = LSZH or B = Euroclass B2ca.^^Cassettes offers 2-MPO12 inputs to 8-LC Duplex outputs. (CS Cassettes not pictured, please see for additional information)™ – 12 to 4xLC Duplex Breakout Harness Cabling(Male/Female)FHMP-6-ABL FLEX1U06FLEX1U06FHMP-6-ABLFR9T^77A001F*F9TY^78A001F*F98R^5NQSQNF*FAPH0612BLMPO FCE1U FCE1U FAPH0612BLMPO^Interconnects, trunk cables and harnesses are available in P = OFNO (Plenum), R = ONFR (Riser), L = LSZH or B = Euroclass B2ca.VISIT OUR PART CONFIGURATORS AT/partconfiguratorsPublic。

Types of Cables1.Connecting a DTE to a DCE2.Connecting two DTEs directly to eac h otherSpecification for DTE/DCE interface1.Mechanical/Physical (number of pins & connector type)2. Electrical (Define voltage level for 0 and 1 )3. Functional (Func performed by assigning meaning to S ignalLine)4. Procedural (Sequence of ev ents for transmitting data )Null Modem- Comm method to directly c onnect two DTEs using RS-232 serial cableNull Modem Connection- Transmit (Tx) and rec eive (Rx) lines are crosslinkedWAN Encapsulation Protocols1.HDLC2.PPP3.SLIP4.X.25 or LAPB5.Frame Relay6.ATMSerial Line Internet Protocol (SLIP)- A standard protoc ol f or point-to-point serial connections using TCP/IP.X.25/Link Access Procedure, Balanced (LAPB)- X.25 specifies LAPB, a data link lay er protocol- Predecessor to Frame Relay.Frame Relay- Eliminates some of the time-consuming processes (such as error correction and flow control) employed in X.25ATM- The cell relay in w hich dev ices send multiple servic e ty pes (v oice, v ideo, or data) in f ixed-leng th (53-byte) cells.Fixed-length Cells- Allow proc essing to occ ur in hardw are, thereby reducing transit delay s. - 53 bytesHigh-level Data Link Control (HDLC)-Default enc ap type on point-point c onn, when link uses 2 Cisc o devices - Bit-oriented sy nchronous data link layer protocol developed by the ISO - Current standard is ISO13239- Devfrom Synchro Data Link Control (SDLC) standard proposed in 1970s- Provides both c onnection-oriented and connectionless service- Defines a Lay er 2 framing structure that allows f or flow control and errorcontrol throug h the use of acknow ledgments- Uses a frame delimiter/flag to mark the beg inning &end of each frameHLDC Frame Types1.Flag2.Address3.Control4.Protoc ol5.Data6.FCSFlag- Field that initiates and terminates error check ing- The frame always starts and ends with an 8-bit f lag f ield- The bit pattern is 01111110Address- Field that contains the HDLC address of the secondary station- Can contain a specific address, a group address, or a broadcast addressControl- HDLC defines 3 types of frames, each w/a diffcontrol field format:rmation (I) frame - Carry upper layer inf o & some control info2.Supervisory (S) frame-Prov ide control information.3.Unnumbered (U) frame -Support ctrl purposes & arn’t sequencedProtocol- HDLC protocol specif ies the protoc ol type enc apsulated w/in the fram eData-Contains a Path Info Unit (PIU) Exchang e Identific ation (XID) infoFrame Check Sequenc e (FCS)- Precedes the ending f lag delimiter and is usually a cyclic redundancycheck (CRC) calc ulation remainderCisco HLDC (cHDLC)-Proprietary- Frames contain a field for identifying the network protocol beingencapsulated- Default enc ap method used by Cisco devices on sy nchronous serial lines- PPP Encapsulation is used to connec t to a non-Cisco devic e- Used as a point-to-point protoc ol on leased lines bet 2 Cisc o devicesencapsulation hdlc command-SYNTAX: encapsulation hdlc- Used cmd in priv ileg ed mode to re-enable HDLCshow interfaces serial command-show interfaces serial0/0/0-Display s information specific to serial interfaces- When HDLC is conf igured, "Enc apsulation HDLC" is shown- Verify proper configuration of HDLC or PPP encapsulationshow ip int brief command-Used in troubleshooting a serial interfac e-5 possible problem states can be identified1.Serial x is down, line protocol is dow n2.Serial x is up, line protoc ol is down3.Serial x is up, line protoc ol is up (looped)4.Serial x is up, line protoc ol is down (disabled)5.Serial x is administrativ ely down, line protocol is downTroubleshooting a Serial Interface (See Reference)Serial Line Internet Protocol (SLIP)- Standard protocol for point-point serial connusing a variation of TCP/IP- Predecessor of PPPPoint-to-Point Protocol (PPP)- Successor to SLIP providing router-router and host-network conn ov ersynchro and asynchro circ uits- Provides multiprotocol LAN-WAN connections handling TCP/IP, IPX, andAppleTalk simultaneously- Used over Twisted Pair,Fiber-Optic Lines, and Satellite Transm ission- Provide transport over ATM, Frame Relay,ISDN&Optical Link- Allows y ou to authenticate connections using either PAP/CHAP- Allows the simultaneous use of multiple netw ork layer protocols- Does not impose any restrictions regarding transmission rate other thanthose imposed by the partic ular DTE/DCE interface in use- Most of the w ork done by PPP is at the data link and network layers bythe LC P and NCPsLCP-Sets up the PPP c onnection and its parameters-Establishes, config ures, and tests the data-link connection-Establishes the point-to-point link-Negotiates and sets up c ontrol options on the WAN data link, w hich arehandled by the NC Ps-Provides automatic c onfig uration of the interfac es at each end,including:-Handling varying limits on packet size-Detecting common misconf iguration errors-Terminating the link-Determining w hen a link is functioning properly or when it is failingNCP-Handle hig her lay er protocol conf igurations, and the LC P terminates thePPP connection-Include functional f ields c ontaining standardized codes to indicate thenetwork lay er protoc ol that PPP enc apsulatesPPP Features Not Available in HDLC1.The link quality management feature monitors the quality of the link. Iftoo many errors are detected, PPP tak es the link down.2.PPP supports PAP and CHAP authenticationPPP Components1.HDLC protocol for encapsulating datag rams ov er point-to-point links.2.Extensible LC P to estab, conf igure, and test the data link connection.3.Family of Network Control Protocols (NC Ps) f or establishing andconfiguring different network lay er protoc olsPPP Configuration on Physical Layer1.Asynchronous serial2.Synchronous serial3.HSSI4.ISDNPhases of Establishing a PPP SessionPhase 1: Link establishment and configuration negotiation- LCP must 1st open the connection and neg otiate configuration optionsPhase 2: Link quality determination (optional)- LCP tests the link to determine w hether the link quality is sufficient tobring up netw ork layer protocols.Phase 3: Netw ork layer protocol conf iguration negotiation- After LC P has finished the link quality determ ination phase,theappropriate NCP can separately config ure the network layer protocols,and bring them up and take them down at any timeClasses of LCP Frames1.Link-establishment frames2.Link-maintenance frames3.Link-termination framesLink-EstablishmentFrames-Estab&Conf ig a link-Configure-Request, C onfig ure-Ack, Configure-Nak, and Config ure-Rej ectLink-Maintenance Frames- Manage and debug a link- Code-Reject, Protocol-Reject, Echo-Request, Ec ho-Reply, & Discard-ReqLink-Termination Frames-Terminate a link-Terminate-Request and Terminate-AckLCP Packet Contents1.Code- field identifying the ty pe of LCP packet2.Identifier- field so that requests and replies c an be matched3.Length - field indicating the size of the LCP packet4.Data - Packet ty pe-specif ic dataAAA/TACACS- Dedicatedserverusedtoauthenticateusers.。

1下列哪一个地址可以用来总结网络、、和2请参见图示。

目的地为网络的数据包会被如何转发Router1 会执行递归查找，数据包将从S0/0 接口发出。

Router1 会执行递归查找，数据包将从S0/1 接口发出。

没有与网络关联的匹配接口，因此数据包将被丢弃。

没有与网络关联的匹配接口，因此数据包将采用“最后选用网关”，从S0/2 接口发出。

3指向下一跳IP 的静态路由在路由表中会显示怎样的管理距离和度量管理距离为0，度量为0管理距离为0，度量为 1管理距离为1，度量为0管理距离为1，度量为 14两个独立子网上的主机之间无法通信。

网络管理员怀疑其中一个路由表中缺少路由。

可以使用哪三条命令来帮助排查第 3 层连通性问题（选择三项。

）pingshow arptracerouteshow ip routeshow interfaceshow cdp neighbor detail5请参见图示。

为使主机 A 能够连接到网络上的主机B，应在Router1 上配置哪种静态路由ip routeip routeip route S0/0/1ip route S0/0/06Router# show cdp neighbors命令会显示下列哪些内容（选择三项。

）负载平台可靠性保持时间本地接口7为什么在创建送出接口为以太网络的静态路由时输入下一跳IP 地址是明智之举添加下一跳地址将使路由器在转发数据包时不再需要在路由表中进行任何查找。

在多路访问网络中，如果没有下一跳地址，路由器将无法确定以太网帧的下一跳MAC 地址。

在静态路由中使用下一跳地址可以为路由提供较低的度量。

在多路访问网络中，在静态路由中使用下一跳地址可以使该路由成为候选默认路由。

8请参见图示。

要使WinterPark 和Altamonte 路由器能够传送来自每个LAN 的数据包并将所有其它流量转到Internet，应该使用哪一组命令来配置静态路由WinterPark(config)# ip route 0.0.0.0Altamonte(config)# ip routeAltamonte(config)# ip route s0/1WinterPark(config)# ip route 0.0.0.0Altamonte(config)# ip routeAltamonte(config)# ip route s0/1WinterPark(config)# ip routeWinterPark(config)# ip route 0.0.0.0Altamonte(config)# ip routeWinterPark(config)# ip routeAltamonte(config)# ip routeAltamonte(config)# ip route 0.0.0.0 s0/09当外发接口不可用时，路由表中的静态路由条目有何变化该路由将从路由表中删除。

1如图所示的网络在路由流量时存在问题，怀疑这可能是编址方案所造成。

该图中使用的编址方案存在什么问题？指定给Router1 的Ethernet0 接口的地址是该子网的广播地址。

在Router1 和Router2 之间的串行链路上配置的子网与指定给Router3 上Ethernet0 的子网有重叠。

Router1 的Serial0 接口与Router2 的Serial0 位于不同的子网。

指定给Router2 上Ethernet0 的子网与指定给Router3 上Ethernet0 的子网有重叠。

2请参见图示。

网络管理员要将一个带有50 台主机的新子网添加至R3。

要保证新子网可获得足够地址，同时尽量减少为其分配哪个子网地址？192.168.1.0/24192.168.1.48 /28192.168.1.32/27192.168.1.64/263出现路由环路的两个原因是什么？（选择两项）收敛速度缓慢静态路由配置错误路由通过两种路由协议获知在同一台路由器上同时使用静态路由和动态路由连接到Internet 的路由器上缺少默认路由4下列哪两项是路由器的功能？（选择两项。

）连接多个IP 网络。

通过使用第 2 层地址控制数据流。

确定发送数据包的最佳路径。

管理VLAN 数据库。

扩大广播域。

5哪三项是CDP 的特性？（选择三项。

）测试第 2 层连通性提供安全层工作在OSI 第2 层和第3 层默认在每个接口上启用用于调试第 4 层连通性问题提供关于已启用CDP 的直连设备的信息6下列有关路由器上的启动配置的说法，哪两项是正确的？（选择两项）路由器使用启动配置文件来启动POST。

如果找不到Cisco IOS，路由器会进入设置模式。

引导程序在NVRAM 中搜索启动配置。

如果找不到启动配置文件，路由器会进入ROMMON 模式。

如果默认位置没有启动配置文件，路由器会搜索TFTP 服务器。

7路由器启动时，如果没有boot system命令，则查找Cisco IOS 的默认顺序是什么？ROM、TFTP 服务器、闪存闪存、TFTP 服务器、ROM闪存、NVRAM、TFTP 服务器NVRAM、TFTP 服务器、闪存8请参见图示。

Business Challenges• Securely embrace IoT innovations• Ensure resiliency and availability for operational technology teams• Provide security and compliance for enterprise IT teams• Defend intellectual property and sensitive data• Comply with regulatory mandates pertaining to your company or industry• Leverage existing network security investmentsTechnical Challenges• Discover unknown devices onthe network that do not include management agents• Validate device identities• Classify devices and determine their owners• Assess and monitor devices to determine anomalous behavior• Prevent infected or non-compliant devices from spreading malware across the network Internet of Things (IoT)See and control IoT devices that are invisible to traditional security productsDuring your last security audit, were you unableto identify what’s on your network? Does OT(operational technology) share the same networkas your information technology? Would you like toknow if a printer or HVAC device starts behavinglike a PC?The ChallengeWithout a cutting-edge IoT security solution—one that begins with agentless visibility—IoT devices are invisible (and potentially unwanted) guests on your network. Video surveillance systems, projectors, smart copiers and printers, industrial controls and HVAC systems are common in most businesses today. These devices become more intelligent and valuable when networked, but when compromised, they can quickly become hackers’ favorite hardware.The “things” on this ever-expanding list of devices share one common trait—they include lightweight operating systems that don’t support software agents that traditional security tools require to discover and manage them.While industry analysts debate the pace of IoT’s phenomenal growth, enterpriseIT staff have a more immediate concern: identifying the agentless devices that already reside on their networks. This critical lack of visibility insight is concerning in light of these facts:• IDC analysts predict that by 2018, two-thirds of enterprises will experience IoT security breaches.1• Less than 10 percent of new devices connecting to corporate networks will be manageable by traditional methods by 2020.2• There will be 20.8 billion connected things in use worldwide by 2020.3 Therefore, it should be no surprise that on Gartner’s list of T op 10 IoT T echnologies for 2017 and 2018, security ranks number one.4Why OT air gaps = IT security chasmsNot long ago, operational technology (OT) such as manufacturing lines, environmental controls, and industrial control systems and sensors used incritical infrastructure were isolated by air-gapped networks. These command-and-control-type networks often ran legacy operating systems and proprietary network technologies that typically sacrificed device security in favor of system performance and availability. This approach, often called “security through obscurity,” no longer works.1 IDC’s global technology predictions for 20162 ForeScout analysis3 Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015, Gartner Research, November 20154 Top 10 IoT Technologies for 2017 and 2018, Gartner Research, February 201612The economic advantages of IP connectivity quickly obliterated security air gaps as operational networks connected to external-facing IT networks, resulting in major security challenges. T oday, vulnerable devices that were formerly on air-gapped networks now reside on many corporate networks, and since they lack management agents, security teams are unable to inventory them, let alone secure them. IoT innovation and corporate networks The vast majority of IoT devices today are used by businesses, not consumers. In fact, business/manufacturing, healthcare and retail account for nearly 79 percent of networked devices today.5 These devices are designed to capture and share information or automate functions—making them perfect candidates for IP-based network connectivity. Unfortunately, since they have minimal system resources and often include proprietary operating systems, they are not capable of accommodating management agents, leaving them invisible to traditional security management systems. Nonetheless, they are showing up on wired and wireless enterprise networks with little regard to how they will be secured or the risk they pose to the businesses and government agencies that have so aggressively embraced them. The ForeScout Solution The majority of new devices connecting to networks today are unmanaged IoT endpoints. ForeScout helps organizations ensure IoT device security in three distinct ways:See ForeScout CounterACT ® offers the unique ability to see devices the instant they connect to your network, without requiring software agents. We take this a step further by discovering and classifying devices and validating their identities. This key capability is essential for improving your endpoint compliance posture as well as defining your IoT security and enforcement policies. In addition, CounterACT continuously monitors IoT devices, ports and connections.Control Once you understand each IoT device on your network, its owner and purpose, CounterACT enables a broad range of network access controls. Y ou can restrict access to a non-compliant device, block Internet access, quarantine any device based upon anomalous behavior and/or notify its owner of a security concern. In addition, should you choose to isolate specific devices to a specific network segment or VLAN, CounterACT simplifies this process.Orchestrate Without CounterACT, third-party management solutions are blind to unmanaged and IoT endpoints. ForeScout extends CounterACT’s agentless visibility and control capabilities to leading network, security, mobility and IT management products via a rapidly growing number of ForeScout Extended Modules. This unique ability to orchestrate multivendor security allows you to:• Share context and control intelligence among systems to enforce unified network security policy • Reduce vulnerability windows by automating system-wide threat response• Gain higher return on investment from your existing security tools while saving time through workflow automation 5 Intel Guide to IoT Infographic Here’s a partial list of IoTapplications and benefits.Facilities ManagementHeating/cooling/lighting controls, fireprevention and building security.Reduce costs through optimizedresource utilization and preventivemaintenance.HealthcareRemote device monitoring, presencestatus and inventory management.Accelerate care, improve diagnosticaccuracy and lower medical/insurancecosts.Oil and GasConnected infrastructure fromexploration and refining to distribution.Reduce operating/distribution costs,optimize processes and enableproactive maintenance.ManufacturingSmart sensors, inventory managementand digital control systems.Respond faster to demand fluctuations,automate processes and optimizeefficiency.Public SectorDigital governance, smart cities andconnected infrastructure.Empower constituents, improve publicsafety, boost traffic flow and reducelighting costs.RetailConnected inventory, CRM/customerloyalty and inventory managementsystems.Optimize inventory availability, improvecustomer insight and personalizemarketing.Supply ChainReal-time inventory management,tracking, shipping and logistics.Enable proactive problem resolutionand boost operational efficiency.UtilitiesConnected meters and smart grids.Automate meter reading and improveusage/production efficiencies.3IoT Use Cases: Separating Facts from Fiction Given the extraordinary value and broad-based adoption of IoT, many security vendors are quick to proclaim IoT security capabilities. While claims are plentiful, real use cases are much harder to find. Here are just a couple of the real-world use cases we address today. Securing IoT devices on enterprise networks T oday’s enterprise networks include agentless IoT devices and unmanaged Bring/Choose Your Own Devices (BYOD/CYOD). Each of these devices is a potential network attack or reconnaissance point. Here’s one example of how ForeScout can detect, monitor and block a compromised IoT printer. This same scenario is equally relevant to any number of corporate-connected devices such as security cameras, HVAC/lighting controls or monitors and projectors. Figure 1: ForeScout’s agentless IoT security process provides visibility, control and orchestration with third-party solutions, including SIEMs. It begins with discovery and classification of over 1,000 devices—including IoT and OT devices—by function, operating system, vendor and model.12345IoT device connects tothe network.CounterACT detects andclassifies device as a printer. Compromised printer attemptsto access corporate file server.Third-party Security Information and EventManagement (SIEM) solution detects anomalous behavior.CounterACT blocks thecompromised printer from the network and quarantines it, allowing IT to safely remove the device from the network and perform forensic analysis.ForeScout T echnologies, Inc. 190 West T asman DriveSan Jose, CA 95134 USAToll-Free (US) 1-866-377-8771 Tel (Intl) +1-408-213-3191Support 1-708-237-6591Learn more at © 2017. ForeScout T echnologies, Inc. is a privately held Delaware corporation. ForeScout, the ForeScout logo, ActiveResponse, ControlFabric, CounterACT, CounterACT Edge and SecureConnector are trademarks or registered trademarks of ForeScout. Other names mentioned may be trademarks of their respective owners. Version 9_17。