思科CCNA5.0Final答案汇总

CCNA课程测试一、单项选择题：1、介质100BaseT的最大传输距离是：( )A: 10m B:100m C:1000m D:500m2、路由器下，由一般用户模式进入特权用户模式的命令是：（）A：enable B:config C: interface D:router3、哪个命令可以成功测试网络：( )A： Router> ping 192.5.5.0B： Router# ping 192.5.5.30C： Router> ping 192.5.5.256D： Router# ping 192.5.5.2554、介质工作在OSI的哪一层（）A：物理层 B：数据链路层 C：网络层 D：传输层5、100baseT的速率是( )Mbit/sA: 1 B:10 C:100 D:10006、在启用IGRP协议时，所需要的参数是：( )A:网络掩码 B:子网号C:自治系统号 D:跳数7、基本IP访问权限表的表号范围是：( )A: 1—100 B:1-99 C:100-199 D:800-8998、查看路由表的命令是：( )A:show interface B:show run C:show ip route D:show table9、工作在OSI第三层的设备是：( )A:网卡B:路由器 C: 交换机 D:集线器10、OSI第二层数据封装完成后的名称是：( )A:比特 B: 包C:帧 D:段11、为了禁止网络210.93.105.0 ftp到网络223.8.151.0，允许其他信息传输，则能实现该功能的选项是：( )A：access-list 1 deny 210.93.105.0.0.0.0.0.0B： access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.00.0.0.255 eq ftpC：access-list 100 permit ip any anyD：access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftpaccess-list 100 permit ip any any12、路由器下“特权用户模式”的标识符是：( )A: > B:! C:# D: (config-if)#13、把指定端口添加到VLAN的命令是：( )A: vlan B: vlan-membership C: vtp D:switchport14、交换机工作在OSI七层模型的哪一层( )A:物理层B:数据链路层C:网络层 D:传输层15、在OSI七层模型中，介质工作在哪一层( )A:传输层 B:会话层C:物理层 D:应用层16、交换机转发数据到目的地依靠( )A:路由表B:MAC地址表 C:访问权限表 D:静态列表17、为了使配置私有IP的设备能够访问互联网，应采用的技术是( )？A:NAT B:VLAN C:ACCESS-LIST D:DDR18、VLAN主干协议VTP的默认工作模式是( )A:服务器模式 B:客户端模式 C:透明模式 D:以上三者都不是19、路由器的配置文件startup-config存放在( )里A:RAM B:ROM C:FLASH D:NVRAM20、配置路由器特权用户“加密密码”的命令是：( )A:password B:enable password C:enable secretD:passwd21、某网络中，拟设计10子网，每个子网中放有14台设备，用IP 地址段为199.41.10.X ，请问符合此种规划的子网掩码是( ) A: 255.255.255.0 B:255.255.240.0C: 255.255.255.240 D:255.248.0.022、在路由表中到达同一网络的路由有：静态路由、RIP路由、IGRP 路由，OSPF路由，则路由器会选用哪条路由传输数据：( )A:静态路由 B: RIP路由 C:IGRP路由 D:OSPF路由23、扩展IP访问权限表的表号范围是：( )A: 1—100 B:1-99 C:100-199 D:800-89924、把访问权限表应用到路由器端口的命令是：( )A: permit access-list 101 out B: ip access-group 101 out C: apply access-list 101 out D: access-class 101 out 25、混合型协议既具有“距离矢量路由协议”的特性，又具有“链路状态路由协议”的特性，下列协议中属于混合型协议的是：( ) A： RIP B： OSPF C： EIGRP D： IGRP26、在路由器上，命令show access-list的功能是（）：A:显示访问控制列表内容 B:显示路由表内容C:显示端口配置信息 D:显示活动配置文件27、RIP路由协议认为“网络不可到达”的跳数是：( )A: 8 B:16 C:24 D:10028、查看E0端口配置信息的命令是：( )A:show access-list B:show ip routeC:show version D:show interface e029、配置路由器时，封装PPP协议的命令是：( )A:encap ppp B:ppp C: group ppp D: int ppp30、路由器上“水平分割”的功能是：( )A:分离端口B：阻止路由环路 C：简化配置 D：方便故障处理31、OSI七层模型中，“包”是哪一层数据封装的名称（）A：物理层 B：数据链路层C：网络层 D：传输层32、OSI七层模型中，“段”是哪一层数据封装的名称（）A：物理层 B：数据链路层 C：网络层 D：传输层33、备份路由器IOS的命令是：( )A: copy flash tftpB: copy running-config tftpC: copy IOS tftpD: copy startup-config tftp34、PPP工作在OSI的哪一层（）A：物理层B：数据链路层 C：网络层 D：传输层35、FTP工作在OSI哪一层（）A：会话层 B：表示层 C：传输层D：应用层36、TELNET工作在OSI哪一层（）A：会话层 B：表示层 C：传输层D：应用层37、SMTP工作在OSI哪一层（）A：会话层 B：表示层 C：传输层D：应用层38、IP地址为：192.168.50.70，掩码为：255.255.255.248，则该IP地址所在子网的子网号为（）A：192.168.50.32 B：192.168.80.64C：192.168.50.96 D：192.168.50.7139、IP地址为：192.168.50.70，掩码为：255.255.255.248，则该IP地址所在子网的广播地址为（）A：192.168.50.32 B：192.168.80.64C：192.168.50.96 D：192.168.50.7140、IP地址为：192.168.50.70，掩码为：255.255.255.248，则该IP地址所在子网的子网有效IP为（）A：192.168.50.33---192.168.50.39B：192.168.50.41---192.168.50.50C：192.168.50.65---192.168.50.70D：192.168.50.66---192.168.50.7541、IP地址为：192.168.50.70，掩码为：255.255.255.248，则该IP和掩码结合，共划分了多少个子网（不包括全0子网和全1子网）（）A： 8 B：30 C：6 D：1442、IP地址为：192.168.50.70，掩码为：255.255.255.248，则该IP和掩码结合划分子网时，每个子网的容量为（）A：8 B：4 C：12 D：643、网络172.12.0.0需要划分子网，要求每个子网中有效IP数为458个，为了保证子网数最大，则掩码应为（）A：255.255.255.0 B：255.255.254.0 C：255.255.0.0D：255.255.248.044、哪一个命令可以设置路由器特权用户的“明文密码”（）A：enable password B:password C:enable secretD: secret45、RIP协议的管理距离是（）A：100 B：110 C：120 D：15046、下列路由协议中，属于链路状态路由协议的是（）A：RIP B：EIGRP C：IGRP D：OSPF47、默认情况下，RIP定期发送路由更新的时间是（）A：15S B：30S C：60S D：90S48、如果网络中的路由器都是cisco路由器，则优先选择哪一个路由协议（）A：RIP B：EIGRP C：IGRP D：OSPF49、下列对RIP的配置中，合法的命令是（）A： router rip 100network 10.12.0.0B： router rip 100network 10.0.0.0C： router ripnetwork 10.12.0.0D： router rip 100network 10.0.0.050、为了查看路由器的E0端口上，是否挂接了访问权限表，应该使用的命令是（）A：show access-list B:show interface e0C: show ip interface e0 D:show e051、关于帧中继的说法，正确的是（）A：速率最大为1Mbit/s B: 不提供差错校验功能C：可以偷占带宽 D：数据传输质量高于DDN52、关于PPP和HDLC的说法中，错误的是（）A：PPP是通用协议，HDLC是CISCO私有协议B：PPP有验证功能，HDLC无验证功能C：PPP效率低，HDLC效率高D：在配置ISDN时，广域网协议不能封装成PPP，但可以封装成HDLC 53、对交换机的描述，正确的是（）A：单广播域，单冲突域的设备B：单广播域，多冲突域的设备C：多广播域，单冲突域的设备D：多广播域，多冲突域的设备54、对路由器的描述，正确的是（）A：单广播域，单冲突域的设备B：单广播域，多冲突域的设备C：多广播域，单冲突域的设备D：多广播域，多冲突域的设备55、交换机上VLAN的功能描述中，正确的是（）A：可以减少广播域的个数B：可以减少广播对网络性能的影响C: 可以减少冲突域的个数D: 可以减小冲突域的容量56、两个VLAN之间要想通信，应该使用的设备是（）A：集线器 B：二层交换机C：路由器 D：PC机57、要把交换机的配置文件保存到tftp服务器，应使用的命令为（）A：copy ios tftp B:copy running-config tftpC: copy flash tftp D:copy config tftp58、命令“ping 127.0.0.1”的功能是（）A：测试网卡是否正常 B：测试网关是否正常C：测试TCP/IP协议是否正常 D：测试介质是否正常59、路由器上的命令“show version”的功能是（）A：显示版本信息 B：显示端口配置信息 C：显示路由表D：显示路由协议信息60、路由器上激活端口的命令是（）A：shutdown B:no shutdown C: up D:no up61、某台PC，能ping通路由器，但不能telnet到路由器，可能的原因是（D ）A：PC的IP地址设置错误 B：路由器端口IP设置错误C：路由器端口处于关闭状态D：telnet密码未设置62、OSI七层模型中，网络层的数据封装名称为（）A：比特 B：帧C：包 D：段63、OSI七层模型中，物理层的数据封装名称为（）A：比特 B：帧 C：包 D：段64、OSI七层模型中，数据链路层的数据封装名称为（）A：比特B：帧 C：包 D：段65、OSI七层模型中，传输层的数据封装名称为（）A：比特 B：帧 C：包D：段66、帧中继环境下，为了区分虚电路，应该使用的地址是（）A：IP地址 B：MAC地址 C：DLCI D：IPX地址67、路由器“路由模式”的提示符号是（）A: # B: (config)# C:(config-if)# D:(config-router)# 68、EIGRP的管理距离（）A：90 B：100 C：110 D：12069、RIP协议负载均衡的路径数量为（）A：无限制 B：最多4条 C：最多5条D：最多6条70、下面有关交换机的描述中，正确的是（）A：所有交换机都支持VLAN功能B：交换机端口数量最多为48口C：交换机独占带宽D：交换机端口的最大速率为100Mbit/s71、为了阻止交换机环路，交换机上所采用的技术为（）A：水平分割 B：生成树协议 C：触发更新 D：地址学习72、帧中继环境中，CIR的含义是（）A：提高线路速率B：保证线路速率 C：降低线路速率D：配置线路速率73、路由器上端口fa0/0,其最大传输速率是（）Mbit/sA：128 B: 10 C:100 D: 100074、帧中继环境中，在物理端口上，建立子接口的命令是（）A：create B:interface C:encapsulation D:ip address 75、路由器上，命令“show int s0”的显示结果为：Serial0 is up , line protocol is down出现该结果的可能原因是（）A：端口处于关闭状态 B：物理端口被烧毁C：两端设备协议不一致 D：路由表中无路由76、如果把路由器的某个端口的IP配置为：192.168.10.64，掩码配置为：255.255.255.248，则该端口（）A：能和其他设备正常通信B：会变成“administratively down”状态C：端口被烧毁D：出现错误提示，配置命令执行失败77、网关的功能（）A：过滤数据包B：不同网段通信 C：校验数据帧D：把数据封装成“段”78、能够分配给设备的IP，应该是（）A：网络有效IP B：网络号 C：网络广播地址 D：任意IP 79、路由器“全局模式”的提示符为（）A: > B: # C: (config)# D: (config-router)#80、路由器当前的模式为“端口模式”，要退回到“特权模式”，应该使用的快捷键为（）A：ctrl+b B: ctrl+z C:ctrl+c D:ctrl+p81、下列命令中，无法正确执行的是（）A：Router(config)#show runB: Router#ping 127.0.0.1C: Router(config)#hostname ciscoD: Router#reload82、路由器上，设置端口速率的命令是（）A：clock rate B:bandwidth C:set D:encap83、路由器上，清空路由表的命令是（）A：clear ip B:delete ip route C:delete routeD: clear ip route *84、路由表中，某条路由的“路由代码为D”，则表明该路由为（）A：直连路由 B：静态路由 C：IGRP路由 D：EIGRP路由85、两台路由器直连到一起，应该使用的线缆为（）A：交叉线缆 B：直通线缆 C：反转线缆 D：任意线缆86、通过路由器的“配置端口console”对路由器进行配置，应该使用的线缆为（）A：交叉线缆 B：直通线缆C：反转线缆 D：任意线缆87、下面对Cisco2621路由器和Cisco2501路由器描述中，错误的是（）A：Cisco2621路由器的可扩展性优于Cisco2501路由器B：Cisco2621是模块化路由器C：Cisco2501上提供一个100Mbit/s的快速以太网端口D：Cisco2501是固定端口的路由器88、为了连接“帧中继”线路，网络中的路由器需要提供的端口类型为（）A：FastEthernet B:Serial C:BRI D:Ethernet89、路由器“特权模式”的提示符是：（）A：> B：# C：(config)# D: (config-if)#90、下列关于路由器和交换机的描述中，错误的是（）A：路由器可以用来连接internetB：二层交换机可以用来实现“异地网络”互连C：路由器可以用来做路径选择D：交换机可以转发广播二、多项选择题：正确答案的个数在每题的题后括号中有说明91、在路由器上，可以使用的命令有：( ) [选3个]A：ping B：show interfaces C：show ip route D：ipconfig E：wincfg92、在配置帧中继子接口时，在物理接口上应该配置的内容是：( )[选3个]A：配置IP地址B：封装帧中继协议C：指定子接口类型D：设定子接口 E：配置密码93、请选出交换机处理帧的三种模式：( )[选3个]A：直通模式 B：存储转发模式 C：侦测模式 D：分段模式E：阻塞模式94、对于IP为199.41.27.0，子网掩码为255.255.255.240，则该IP地址和子网掩码相作用会得到一系列IP，从下列选项中选出属于“有效IP”的选项：( ) [选3个]A：199.141.27.33 B：199.141.27.112 C：199.141.27.119D：199.141.27.126 E：199.141.27.175 F：199.141.27.208 95、属于私有IP段的是( )[选3个]A：10.0.0.0-10.255.255.255B：172.16.0.0-172.31.255.255 C：202.110.100.0-202.110.100.255D：192.168.0.0-192.168.255.255E：126.0.0.0-126.255.255.25596、下列哪一设备工作时，要用到OSI的七个层（一层到七层）（）[选3个]A：PC B：网管机 C：WEB服务器 D：交换机 E：路由器97、网络中经常使用DDN服务，请选出DDN的优点（）[选3个] A：传输质量高 B：接入方式灵活 C：偷占带宽D：使用虚电路E：专用线路98、网络中经常使用“帧中继”服务，请选出帧中继的优点（）[选3个]A：偷占带宽B：提供拥塞管理机制C：可以使用任意广域网协议D：灵活的接入方式99、默认情况下，IGRP衡量路径好坏时，考虑的因素为（）[选2个]A：带宽 B：可靠性 C：最大传输单元D：延时100、交换机的三大功能为（）[选3个]A：地址学习 B：转发过滤 C：消除回路 D：发送数据包。

思科CCNA新版第3学期final-期末考试答案1出于维护目的，已将路由器从网络中移除。

并已将新的 Cisco IOS 软件映 像成功下载到服务器并复制到路由器的闪存中。

应该在进行什么操作后再 将路由器放回网络中运行？备份新的映像。

将运行配置复制到 NVRAM 。

从闪存中删除之前版本的 Cisco IOS 软件。

重新启动路由器并检验新的映像是否成功启动。

答案 说明最高分值correctness of response Option 422请参见图示。

管理员尝试在路由器上配置 IPv6 的 EIGRP ，但收到如图所示 的错误消息。

配置 IPv6 的 EIGRP 之前，管理员必须发出什么命令？no shutdowneigrp router-id 100.100.100.100ipv6 unicast-routingipv6 eigrp 100ipv6 cef答案 说明 最高分值correctness of response Option 323IPv6 EIGRP 路由器使用哪个地址作为 hello 消息的来源？32 位路由器ID接口上配置的 IPv6 全局单播地址所有 EIGRP 路由器组播地址接口 IPv6 本地链路地址答案 说明 最高分值correctness of response Option 424下列关于 EIGRP 确认数据包的说法，哪两项是正确的？（请选择两项。

）发送该数据包是为了响应 hello 数据包。

该数据包用于发现接口上连接的邻居。

该数据包作为单播发送。

该数据包需要确认。

该数据包不可靠。

答案 说明 最高分值correctness of response Option 3 and Option 5 are correct.25何时发送 EIGRP 更新数据包？仅在必要时当获取的路由过期时每 5 秒通过组播发送每 30 秒通过广播发送答案 说明 最高分值correctness of response Option 126请参见图示。

1. what could be possible causes for the "Serial0/0 is down"interface status? 这可能是为“Serial0 / 0的可能原因是向下”接口的状态？TWOA.a layer 1 problem exists.1层存在问题D.an incorrect cable is being used。

2.before installing a new,upgraded version of the ios,what should be checked on the router,and which command should be used to gather this information?在安装一个新的，升级的IOS版本，应该怎样检查路由器上，并命令应该被用来收集这些资料？B.the amount of avaiable flash and ram 缴费的闪存和RAM的数量D.show version 显示版本3.refer to the exhibit. which two statements are true about inter VLAN routing in the topology that is shown in the exhibit?（choose two）指展览。

这两个语句是对国际米兰的是在展会上展出的拓扑路由的VLAN是否属实？D. the FastEthernet 0/0 inerface on router1 must be configured with subinterfaces.关于路由器1的在FastEthernet 0/0 inerface 必须配置子接口F.the FastEthernet 0/0 interface on router1 and switch2 trunk ports must be configured using the same encapsulation type. 对在FastEthernet 0/0 接口上路由器1和交换器2中继端口必须配置使用相同的封装类型。

公司与AA2SSH存在不正确的访问控制列表条目。

访问列表中的必须在会防止以明文传输登录信息如果身份验证失败，则会断开PPP 会话连接会发起双向握手容易遭受回送攻击4命令show frame-relay map的输出如下：Serial 0 (up): ip 192.168.151.4 dlci 122, dynamic, broadcast, status defined, active 下列哪三种说法正确描述了所示内容的意义？（选择三项。

）192.168.151.4代表远程路由器的IP 地址192.168.151.4代表本地串行接口的IP 地址DLCI 122代表远程串行接口DLCI 122代表用于连接远程地址的本地编号broadcast表示动态路由协议（例如RIP v1）可通过此PVC 发送数据包active表明ARP 进程正在工作5路由器的SDM 主页会显示哪三点信息？（选择三项。

）ARP 缓存闪存的总容量和可用容量路由表已配置的LAN 接口的数量是否配置了DHCP 服务器该LAN 中路由器的数量6从非军事区分界点本地环路网云确保在确认确保路由器上有通向下列哪三种说法正确描述了CSU/DSU调制解调器用于端接本地数字环路。

CSU/DSU调制解调器用于端接本地模拟环路。

路由器通常被视为路由器通常被视为10在链路质量测试完毕后，路由器在协商第LCPNCP它会被丢弃。

它会被放到队列中，直到主机它会被转换，源端口号保持为它会被分配其端口范围内的第一个可用端口号。

交换虚电路的相关信息将DLCI 映射到网络地址提供流量控制提供错误通知提供拥塞通知发送keepalive 数据包以检验PVC 的工作情况14请参见图示。

下列说法中哪三项正确？（选择三项。

）启用了NAT 过载。

启用了动态NAT。

地址转换会失败。

接口配置不正确。

地址为192.168.1.255 的主机将被转换。

进入0/0/2 接口的流量先被转换，然后才流出串行接口0/0/0。

思科网络第二学期Final考试及答案思科网络第二学期Final考试及答案1.请参见图示。

对于发往 192.168.2.0的数据包，R2会采取什么操作？它会丢弃数据包。

2.请参见图示。

R1会使用哪一总结地址来向 R2通告其网络？192.168.0.0/223.请参见图示。

尽管R2已配置正确，但主机A还是无法访问Internet。

可以在R1上配置哪两条可让主机A访问Internet的静态路由？（选择两项。

ip route 0.0.0.0 0.0.0.0 Fa0/1ip route 0.0.0.0 0.0.0.0 10.1.1.24.请参见图示。

网络管理员已按图示配置了R1，并且所有接口都运作正常。

但从R1 ping 172.16.1.1时失败。

造成此问题的原因可能是什么？默认路由配置有误。

5.请参见图示。

所有接口都已编址，并且运行正常。

网络管理员在主机A上运行了tracert命令。

得到这种输出的原因可能是什么？（选择两项。

）R2的路由表中缺少 192.168.1.0/24的条目。

R1的路由表中缺少 192.168.2.0/24的条目。

6.请参见图示。

从主机 A到主机 B的 ping成功，但从主机 A ping 在Internet上正常运行的主机却失败了。

此问题的原因是什么？未在这两台路由器上配置路由协议。

7.网络管理员使用 RIP路由协议在一个自治系统内实施路由。

下列哪两项是该协议的特征？（选择两项。

使用贝尔曼-福特算法确定最佳路径。

定期将完整的路由表发送给所有连接的设备。

8.请参见图示。

两台路由器无法建立相邻关系。

此问题的原因可能是什么？这两台路由器上的 hello间隔和 dead间隔不同9.在两台路由器能够使用 OSPF形成邻居邻接关系之前必须完成哪两项任务？（选择两项。

）路由器必须在网络类型方面达成一致。

路由器必须使用相同的 dead时间间隔。

10.下列关于链路状态路由协议的陈述，哪两项是正确的？（选择两项。

管理员无法接收电子邮件。

在排查故障时，管理员能够从远程网络成功ping 通本地邮件服务器IP 地址，且可使用nsloo 件服务器名称成功解析为IP 地址。

问题最可能发生在OSI 的哪一层？物理层数据链路层网络层应用层2在哪种情况下，应在帧中继PVC 配置中使用关键字multipoint？当使用全局DLCI 时当使用物理接口时当需要支持组播时当参与连接的路由器处于在同一子网中时3请参见图示。

分支 A 配有一台使用IETF 封装的非Cisco 路由器，分支 B 配有一台Cisco 路由器。

输入图中所示的命令后无法建立PVC。

R2 LMI 的类型是Cisco，R1 LMI 的类型是ANSI。

两处都成功建立了LMI。

为什么无法建立PVC？PVC 与R1 之间的链路必须是点对点链路。

PVC 两端的LMI 类型必须匹配。

Cisco 路由器和非Cisco 路由器之间无法建立帧中继PVC。

命令frame-relay map ip 10.10.10.1 201中缺少参数IETF。

4请参见图示。

EIGRP 已配置为网络路由协议。

网络192.168.1.0/24 中的用户应有对与192.168.3.0/24 连接的web 服务器权限，但不允许telnet 至路由器R3。

在检验配置时，网络管理员发现网络192.168.1.0/24 中的用户可成功telnet 至路由修复此问题？将ACL 101 中语句10 和20 交换顺序。

将ACL 101 应用于R3 VTY 线路0 4 的入站方向。

将ACL 101 应用于R3 VTY 线路0 4 的出站方向。

将ACL 101 应用于R3 接口Serial0/0/1 的出站方向。

将ACL 101 语句10 更改为：permit ip 192.168.1.0 0.0.0.255 any5请参见图示。

所有设备的配置如图所示。

PC1 无法ping 通默认网关。

此问题的原因是什么？默认网关位于错误的子网中。

CCNA思科考试答案（全）第 1 章考试1一家拥有10 名员工的小型公司使用单个LAN 在计算机之间共享信息。

哪种类型连接适合此公司？由当地电话服务提供商提供的拨号连接能够使公司方便且安全地连接员工的虚拟专用网络通过当地服务提供商建立的私有专用线路通过当地服务提供商提供的宽带服务（如DSL）答案：4解析：对于这种小型办公室，比较适合通过被称为数字用户线路(DSL) 的常见宽带服务实现Internet 连接，这种服务由当地的电话服务提供商提供。

由于员工人数很少，带宽的问题并不突出。

如果公司较大，在远程站点有分支机构，则专用线路会更加适合。

如果公司员工需要通过Internet 与公司联系，则采用虚拟专用网。

2哪种网络情况需要使用WAN？员工工作站需要获取动态分配的IP 地址。

员工在出差时需要通过VPN 连接到公司电子邮件服务器。

分支机构的员工需要与同一园区网络上的另一座建筑物内的公司总部共享文件。

员工需要访问托管在其建筑物内DMZ 中的公司Web 服务器上的网页。

答案：2解析：当出差的员工需要通过WAN 连接到公司电子邮件服务器时，VPN 将通过WAN 连接在员工笔记本电脑与公司网络之间创建一个安全隧道。

通过DHCP 获取动态IP 地址是LAN 通信的功能。

在企业园区的不同建筑物之间共享文件可通过LAN 基础设施来实现。

DMZ 是企业LAN 基础设施内一个受保护的网络。

3以下哪项描述了WAN 的特征？WAN 和LAN 在同一地理范围内运行，但有串行链路。

WAN 网络归运营商所有。

所有串行链路均被视为WAN 连接。

WAN 可提供到园区主干网的终端用户网络连接。

答案：2解析：WAN 可用于将企业LAN 互连到远程分支机构站点LAN 和远程工作人员站点。

WAN 归运营商所有。

虽然WAN 连接一般通过串行接口实现，但并不是所有串行链路均连接至WAN。

LAN（而非WAN）可在组织中提供终端用户网络连接。

4电路交换WAN 技术的两个常见类型是什么？（请选择两项。

参加考试- DsmbISP Final Exam - CCNA Discovery: Working at a Small-to-Medium Business or ISP (版本4.1)剩余时间: 02:59:59正在显示第1 页，共4 页下一页>页: 1跳转<上一页1在图中所示的其中一台路由器上执行show ip route命令，显示下列输出：C 192.168.4.0/24 is directly connected, Serial0/0R 192.168.5.0/24 [120/1] via 192.168.4.2, 00:00:19, Serial0/0R 192.168.1.0/24 [120/2] via 192.168.3.1, 00:00:20, Serial0/1R 192.168.2.0/24 [120/2] via 192.168.3.1, 00:00:20, Serial0/1C 192.168.3.0/24 is directly connected, Serial0/1此命令是从哪一台路由器执行的？ABCD当NVRAM 中没有配置文件时，路由器将进入哪种模式？2ROMMON设置全局配置特权执行3最常用的外部路由协议是什么？BGPRIPOSPFEIGRP端口过滤和访问列表通过什么方式来增强网络安全？4防止特定类型的通信到达特定网络主机。

遭受各类拒绝服务攻击时提醒网络管理员。

防止病毒、蠕虫和特洛伊木马感染主机计算机和服务器。

可对机密数据通信进行加密和身份认证。

5显示配置文件时，哪两个命令可以确保允许访问特权执行模式的口令不以纯文本显示？（选择Router(config)# enable secret ciscoRouter(config)# enable ciscoRouter(config)# encryption-password allRouter(config)# enable login encryptedRouter(config)# enable password encryptionRouter(config)# service password-encryption192.168.17.111/28 属于哪一类地址？6主机地址网络地址广播地址组播地址7请参见图示。

1请参见图示。

网络支持技术人员需要为新路由器的一个FastEthernet 接口设置IP 地址。

但接口拒绝该地址，其原因是什么该IP 地址已在使用中。

技术人员使用的是网络地址。

技术人员为/26 使用了错误的子网掩码。

技术人员必须在该接口上启用VLSM。

2一个销售代表准备从酒店使用Internet 向公司总部发送敏感信息。

旅行前，IT 工作人员进行了必要工作以允许其安全访问该销售代表实施了什么解决方VPN帧中继带有CHAP 身份验证的PPP带有PAP 身份验证的PPP3下列哪两种说法正确描述了IEEE STP 的功能？（选择两项。

）它会立即将不处于丢弃状态的所有端口转换为转发状态。

它提供了一种在交换网络中禁用冗余链路的机制。

它有三种端口状态：丢弃、学习和转发。

它可确保交换网络中没有环路。

它可在不到 1 秒的时间内使交换网络收敛。

4请参见图示。

网络管理员必须为ISP 手动总结POP 路由器上的所有IP 地址。

下列哪项是正确的总结地址？192.168.0.0/2192.168.0.0/23192.168.0.0/24192.168.0.0/255请参见图示。

所有路由器都配置为使用带有默认设置的OSPF 协议。

如果同时启动所有路由器，哪台路由器将被选为BDRR1R2R3R46有关单区域OSPF 网络的说法中，哪两项正确？（选择两项。

）DR 和BDR 会减少在广播网络中发送的更新数量。

BDR 负责将更改发布到所有其它的OSPF 路由器。

路由器使用hello 数据包建立和维护邻居邻接关系。

所有OSPF 路由器都会接收组播地址224.0.0.6 上的更新。

区域 1 必须始终存在。

7请参见图示。

网络管理员按图示配置R1。

但是，网络 A 的一些主机无法访问Internet。

下列哪两个措施可解决此问题？（在正确的接口上配置ip nat inside和ip nat outside命令。

在NAT 地址池中增加IP 地址数量。

ccna考试题及答案1. 以下哪项是网络层的功能？A. 路由选择B. 错误检测C. 流量控制D. 封装数据包答案：A2. 在OSI模型中，哪一层负责在网络中传输数据？A. 应用层B. 传输层C. 会话层D. 网络层答案：D3. 以下哪个协议是用于在IP网络中发现网络设备的？A. ARPB. RARPC. ICMPD. OSPF答案：A4. 在TCP/IP模型中，哪一层与OSI模型的传输层相对应？A. 应用层B. 互联网层C. 网络接口层D. 传输层答案：D5. 以下哪个地址是一个有效的IPv4地址？A. 192.168.1.256B. 192.168.1.1C. 10.0.0.0D. 172.16.300.1答案：B6. 在配置路由器时，以下哪个命令用于进入全局配置模式？A. enableB. configure terminalC. privileged execD. user exec答案：B7. 以下哪个命令用于在Cisco设备上显示当前配置？A. show running-configB. show startup-configC. show configD. show current-config答案：A8. 在Cisco设备上，以下哪个命令用于保存当前的配置到启动配置文件？A. copy running-config startup-configB. copy startup-config running-configC. save running-configD. save startup-config答案：A9. 以下哪个命令用于在Cisco设备上查看所有接口的状态？A. show interfacesB. show ip interface briefC. show interface statusD. show running-config interface答案：B10. 在Cisco设备上，以下哪个命令用于关闭接口？A. shutdownB. no shutdownC. disableD. no enable答案：A11. 以下哪个命令用于在Cisco设备上启用接口？A. shutdownB. no shutdownC. disableD. no enable答案：B12. 在配置静态路由时，以下哪个命令用于指定下一跳地址？B. ip static-routeC. route ipD. static-route ip答案：A13. 以下哪个命令用于在Cisco设备上清除ARP表？A. clear arp-cacheB. clear arpC. clear arp tableD. clear ip arp答案：D14. 在配置动态路由协议时，以下哪个命令用于在接口上启用RIP？A. ip rip enableB. ip rip receiveD. network rip答案：C15. 以下哪个命令用于在Cisco设备上查看RIP路由表？A. show ip ripB. show ip route ripC. show ripD. show ip protocols答案：B16. 在配置EIGRP时，以下哪个命令用于指定自动汇总？A. metric weightsB. auto-summaryC. network auto-summaryD. no auto-summary答案：B17. 以下哪个命令用于在Cisco设备上查看EIGRP邻居？A. show ip eigrp neighborsB. show eigrp neighborsC. show ip eigrpD. show eigrp interfaces答案：A18. 在配置OSPF时，以下哪个命令用于指定路由器ID？A. router-idB. router ospfC. networkD. area答案：A19. 以下哪个命令用于在Cisco设备上查看OSPF路由表？A. show ip ospfB. show ip ospf databaseC. show ospfD. show ip route ospf答案：D20. 在配置VLAN时，以下哪个命令用于创建一个新的VLAN？A. vlan databaseB. configure terminalC. vlan [vlan-id]D. new-vlan答案：C21. 以下哪个命令用于将接口分配给VLAN？A. switchport mode accessB. switchport mode trunkC. switchport access vlan [vlan-id]D. switchport trunk vlan [vlan-id]答案：C22. 在配置交换机时，以下哪个命令用于将接口设置为Trunk 模式？A. switchport mode accessB. switchport mode trunkC. switchport access vlan [vlan-id]D. switchport trunk vlan [vlan-id]答案：B23. 以下哪个命令用于在Cisco设备上查看VLAN配置？A. show vlanB. show vlan briefC. show vlan detailD. show vlan all答案：B24. 在配置VTP时，以下哪个命令用于将交换机设置为VTP服务器模式？A. vtp mode serverB. vtp mode clientC. vtp mode transparentD. vtp mode off答案：A25. 以下哪个命令用于在Cisco设备上查看VTP状态？A. show vtp statusB. show vtp statisticsC. show vtp passwordD. show vtp configuration答案：A26. 在配置STP时，以下哪个命令用于设置根桥？A. spanning-tree root primaryB. spanning-tree root secondaryC. spanning-tree root primary [priority]D. spanning-tree root secondary [priority]答案：C27. 以下哪个命令用于在Cisco设备上查看STP状态？A. show spanning-treeB. show spanning-tree detailC. show spanning-tree summaryD. show spanning-tree interface答案：A28. 在配置VLAN Trunking Protocol (VTP) 时，以下哪个命令用于设置VTP域名？A. vtp domain [domain-name]B. vtp password [password]C. vtp mode [mode]D. vtp version [version]答案：A29. 以下哪个命令用于在Cisco设备上查看当前的VTP版本？A. show vtp statusB. show vtp statisticsC. show vtp passwordD. show vtp configuration答案：A30. 在配置端口安全时，以下哪个命令用于限制接口上可以学习到的最大MAC地址数量？A. switchport port-security maximum [mac-count]B. port-security maximum [mac-count]C. switchport port-security violation restrictD. port-security violation shutdown答案：A这些题目和答案仅供学习和参考之用，实际的CCNA考试内容和形式可能会有所不同。

As network administrator, what is the subnet mask that allows 510 hosts given the IP address 17255.255.0.0255.255.248.0255.255.252.0255.255.254.0255.255.255.0255.255.255.1282Refer to the exhibit. What is the correct destination socket number for a web page request fro to the web server?00-08-a3-b6-ce-46198.133.219.25:80h ttp://C 198.133.219.0/24 is directly connected, FastEthernet0/0Refer to the exhibit. Which two statements describe the information that is represented in the he (Choose two.)T his is a server response.The UDP protocol is being used.T he destination port indicates a Telnet session.The return segment will contain a source port of 23.The next session originated from the client of this session will use the source port number 134In a Cisco IOS device, where is the startup-configuration file stored?FlashNVRAMR AMROM5Refer to the exhibit. The network containing router B is experiencing problems. A network ashas isolated the issue in this network to router B. What action can be preformed to correct th issue?issue the clock rate command on interface Serial 0/0/0issue the description command on interface Serial 0/0/1issue the ip address command on interface FastEthernet 0/0i ssue the no shutdown command on interface FastEthernet 0/1Refer to the exhibit. Which set of devices contains only intermediary devices?A, B, D, GA, B, E, FC, D, G, IG, H, I, J7Refer to the exhibit. The command that is shown was issued on a PC. What does the IP add 192.168.33.2 represent?I P address of the hostdefault gateway of the hostI P address of the homepage for the hostprimary domain name server for the hostIP address of the website resolver1.mooki.local8Which OSI layers offers reliable, connection-oriented data communication services?applicationpresentations essiontransportn etwork9Which OSI layer manages data segments?application layerp resentation layersession layert ransport layer10Which three statements are true about network layer addressing? (Choose three.) It uniquely identifies each host.I t assists in forwarding packets across internetworks.It uses a logical 32-bit IPv4 address.I t is not a configurable address.It is a physical address.It identifies the host from the first part of the address.Which device should be used for routing a packet to a remote network?a ccess switchDHCP serverh ubrouter12Which information is used by the router to determine the path between the source and destination hosts?t he host portion of the IP addresst he network portion of the IP addressh ost default gateway addresst he MAC address13Refer to the exhibit. Each media link is labeled. What type of cable should be used to connect the different devices?Connection 1 - rollover cable Connection 2 - straight-through cableConnection 3 - crossover cableConnection 1 - straight-through cable Connection 2 - crossovercable Connection 3 - rollover cableConnection 1 - crossover cable Connection 2 - rollover cableConnection 3 - straight-through cableConnection 1 - crossover cable Connection 2 - straight-throughcable Connection 3 - rollover cableConnection 1 - straight-through cable Connection 2 -straight-through cable Connection 3 - straight-through cable14Refer to the exhibit. A user wants to view the current configuration. The output ofthe ipconfig/all command is displayed in the exhibit. What three facts can be determined from output? (Choose three.)The IP address is obtained from the DHCP server.This PC cannot communicate with other networks.The network can have 14 hosts.The prefix of the computer address is /25.The IP address is routable on the Internet.The assigned address is a private address.15Refer to the exhibit. The network administrator wants to remotely access the CLI of the router using modem 1. Which port of the router should be connected to modem 2 to enable this accconsoleE thernetauxiliaryserialRefer to the exhibit. Which logical topology describes the exhibited network?starringp oint-to-pointmulti-access17Refer to the exhibit. The PC, the routing table of which is displayed, is configured correctly. T network device or interface does the IP address 192.168.1.254 belong?P Cswitchr outer interface fa0/0router interface fa0/118Refer to the exhibit. To create the initial configuration, a network technician connected host A router using the connection that is shown. Which statement is true about this connection?It terminates at the Ethernet port of the router.It provides out-of-band console access.It terminates at the serial interface of the router.I t requires a Telnet client on host A to access the router.19Refer to the exhibit. Which two facts can be determined about the topology? (Choose two.)F our collision domains are present.One logical network is represented.T wo broadcast domains are present.Three networks are needed.Three logical address ranges are required.20Refer to the exhibit. The NAT functionality of the router is enabled to provide Internet access However, the PC is still unable to access the Internet. Which IP address should be changed 209.165.201.1 to enable the PC to access the Internet?192.168.1.191192.168.1.101192.168.1.1192.168.1.254Refer to the exhibit. A network technician wants to connect host A to the console of a Cisco swit initialize the configuration. What type of cable is required for this connection?straight-through cablec rossover cablerollover cables erial cable22Which three addresses belong to the category of private IP addresses? (Choose three.)10.0.0.1127.0.0.1150.0.0.1172.16.0.1192.168.0.1200.100.50.123An organization has decided to use IP addresses in the range 172.20.128.0 to 172.20.143.255. Which combination of network ID and subnet mask identifies all IPaddresses in this range?Network ID: 172.20.128.0 Subnet mask: 255.255.255.0N etwork ID: 172.20.128.0 Subnet mask: 255.255.0.0Network ID: 172.20.128.0 Subnet mask: 255.255.224.0Network ID: 172.20.128.0 Subnet mask: 255.255.240.0N etwork ID: 172.20.128.0 Subnet mask: 255.255.255.24024A network administrator wants to restrict access to the router privileged EXEC mode.Which password should the administrator use?e nableauxc onsoleV TY25While configuring a router, a network technician wants to name the router. Which prompt sho technician see when entering the hostname command?Router>Router#R outer(config)#Router(config-line)#Which three IPv4 addresses represent subnet broadcast addresses? (Choose three.)192.168.4.63 /26192.168.4.129 /26192.168.4.191 /26192.168.4.51 /27192.168.4.95 /27192.168.4.221 /2727During the encapsulation process, what identifiers are added at the transport layer?source and destination IP addressess ource and destination MAC addressessource and destination port numberss ource and destination channel identifiers28Refer to the exhibit. Which service is needed in order for the hosts to access the Internet?NATR IPFTPDHCP29Refer to the exhibit. A student has wired each end of a CAT 5e cable as shown. What is the (Choose two.)T he cable is unusable and must be rewired.The cable is suitable for use as a rollover cable.T he cable is suitable for use as a Fast Ethernet crossover.The cable is suitable for use as a Gigabit Ethernet straight-through.The cable is suitable for use between two 100 Mbps Auto-MDIX capable switches.30Refer to the exhibit. A web browser running on host PC1 sends a request for a web page to server with an IP address 192.168.1.254/24. What sequence of steps will follow in order to e the session before data can be exchanged?The session will be initiated using UDP. No additional acknowledgment will be required to the session.The session will be initiated using TCP. No additional acknowledgment will be required to the session.The session will be initiated using UDP. The returned web page will serve as an acknow for session establishment.The session will be initiated using TCP. A three-way handshake must be successfully co before the session is established.The tracert 10.1.3.2 command was issued on computer A. Computer A can ping other addresse local subnet. Computer A sent the first ICMP packet toward computer B with a TTL value of 1. A analyzer that was running on computer B showed that the packet never reached its destination. the packet not reach the destination?T here is a TCP/IP problem on computer A.There is a routing loop between R1 and R2.R1 does not have a route for the destination network.T he TTL for the packet was decreased to zero by R1.32Refer to the exhibit. Host A sends a frame to host C with a destination MAC address CC. Th address for host C is not in the MAC table of switch SW1. How will SW1 handle the frame?S witch SW1 will drop the frame.Switch SW1 will forward the frame to host C.Switch SW1 will flood the frame out all ports.S witch SW1 will flood the frame out all ports except port Fa0/1.33What information is used at each hop to determine where the packet will be forwarded next?the IP packet headert he incoming interfacethe transport layer PDUt he source MAC address34A user sees the command prompt: Router(config-if)# . What task can be performed at this mReload the device.P erform basic tests.Configure individual interfaces.C onfigure individual terminal lines.35Which exhibit shows the interface that is configured by the command, router(config)# interfa 0/0/1?Which combination of connectors will be used to make a straight-through cable when building a T568A standard?对37Which topology divides the collision domain and provides full media bandwidth to the hosts i network?对38Refer to the exhibit. A technician has been asked to test connectivity from PC1 to a remote n Which action will indicate if there is remote connectivity?对39A network administrator is configuring several switches for a network. The switches have sim configurations and only minor differences. The administrator wants to save all commands tha issued on the first switch to a text file for editing. Which transfer option should be selected in HyperTerminal?对40Refer to the exhibit. Which option shows the correct topology given the configuration of Rout 对If an administrator wished to return a router to the default state, what additional step must be tak issuing the command erase start-up config?R eload the device.Issue the command copy running-config start-up config.Perform a show running-config to verify that the file was removed.E nter the interface commands to allow the device to connect to the network.42Which statement is true about router hostnames?A hostname should be unique on each router.A router hostname cannot contain capital letters.A router hostname is configured in privileged executive mode.A router hostname must be created before any other configurations can be added to the43What purpose does a hostname serve on a router?uniquely identifies a router on the internetu sed by routing protocols to identify peer routersprovides device identification to users logging on remotelydetermines the hosts that are allowed to connect to the device44Refer to the exhibit. Which diagram depicts the path through the network that is represented output of the tracert command?对45Which fiber connector supports full-duplex Ethernet?对Refer to the exhibit. Host1 is in the process of setting up a TCP session with Host2. Host1 has s message to begin session establishment. What happens next?Host1 sends a segment with the ACK flag = 0, SYN flag = 0 to Host2.H ost1 sends a segment with the ACK flag = 1, SYN flag = 0 to Host2.Host1 sends a segment with the ACK flag = 1, SYN flag = 1 to Host2.Host2 sends a segment with the ACK flag = 0, SYN flag = 1 to Host1.H ost2 sends a segment with the ACK flag = 1, SYN flag = 0 to Host1.Host2 sends a segment with the ACK flag = 1, SYN flag = 1 to Host1.47Refer to the exhibit. Which logical topology best describes the exhibited network?s tarringpoint-to-pointb usmesh48Which command can be issued on a PC to determine which TCP/IP ports are in use?tracertnetstatnslookupipconfig /all49Refer to the exhibit. A network technician creates equal-sized subnets of network 192.168.2.the subnet mask 255.255.255.224. If the technician wishes to calculate the number of host a in each subnet by using the formula that is shown in the exhibit, what value will be used for n1234550A user types the enable command. What task can be performed at the privileged EXEC mode?C onfigure the device.Configure individual interfaces.Configure individual terminal lines.Issue show and debug commands.。

单臂路由器 VLAN 间路由有哪三项特征（选择三项。

）需要使用 VTP需要使用子接口减少广播域的数量使用过多 VLAN 时会影响性能需要在路由器和至少一台交换机之间采用接入链路比用于 VLAN 间路由的其它方法更加经济规定至少要在路由器和交换机之间使用两个交换机端口2如果将允许使用中继链路的 VLAN 范围设置为默认值，表示允许哪些 VLAN仅管理 VLAN除扩展范围 VLAN 之外的所有 VLAN除 VLAN 1 和 VLAN 1002-1005 之外的所有 VLAN所有的 VLAN3请参见图示。

哪一个口令可让管理员进入特权执行模式cisco1cisco2cisco3cisco4请参见图示。

假设所有交换机的网桥优先级值都设置为默认值，那么哪台交换机将当选为生成树拓扑的根桥Cat-ACat-BCat-CCat-D5请参见图示。

最近安装了 SW1 用于取代集线器。

主机 1 和主机 4 同时传送数据。

网络设备会如何处理此事件（选择两项。

）当冲突发生时，会调用回退算法。

由于主机 1 和主机 4 都连接到交换机，因此不会发生冲突。

交换机将根据交换机 MAC 地址表中的信息将数据转发到相应的端口。

主机 2 和主机 3 会获分配更短的回退值，从而获得访问介质的优先权。

为了防止再发生冲突，交换机会在设定时间内阻塞与主机 2、主机 3 和主机 4 连接的端口。

6请参见图示。

网络管理员需要删除 east-hosts VLAN 并将属于该 VLAN 的交换机端口用到一个现有 VLAN 中。

如果要从 S1-Central 完删除 VLAN 2，同时保证交换机及其所有接口工作正常，应该使用哪两组命令（选择两项。

）S1-Central> enableS1-Central# reloadS1-Central> enableS1-Central# erase flash:S1-Central> enableS1-Central# delete flash:S1-Central> enableS1-Central# configure terminalS1-Central(config)# no vlan 2S1-Central> enableS1-Central# configure terminalS1-Central(config-if)# interface fastethernet 0/1S1-Central(config-if)# switchport access vlan 37请参见图示。

Take Assessment - CCNAS Final Exam - CCNA Security: Implementing Network Security (Version 1.0)Time Remaining:02:38:471Which statement describes the operation of the IKE protocol?It uses IPsec to establish the key exchange process.It uses sophisticated hashing algorithms to transmit keys directly across a network.It calculates shared keys based on the exchange of a series of data packets.It uses TCP port 50 to exchange IKE information between the security gateways.2Which statement describes a factor to be considered when configuring a zone-based policy firewall?An interface can belong to multiple zones.The router always filters the traffic between interfaces in the same zone.The CBAC ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.A zone must be configured with the zone security global command before it can be used in the zone-member security command.3What are two disadvantages of using network IPS? (Choose two.)Network IPS has a difficult time reconstructing fragmented traffic to determine if an attack was successful.Network IPS is incapable of examining encrypted traffic.Network IPS is operating system-dependent and must be customized for each platform.Network IPS is unable to provide a clear indication of the extent to which the network is being attacked.Network IPS sensors are difficult to deploy when new networks are added.4Which three security services are provided by digital signatures? (Choose three.)authenticates the sourceauthenticates the destinationguarantees data has not changed in transitprovides nonrepudiation of transactionsprovides nonrepudiation using HMAC functionsprovides confidentiality of digitally signed data5Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone mem (Choose three.)An interface can be assigned to multiple security zones.Interfaces can be assigned to a zone before the zone is created.Pass, inspect, and drop options can only be applied between two zones.If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.Traffic is implicitly prevented from flowing by default among interfaces that are members of the same zone.To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone a zone.6Which type of SDM rule is created to govern the traffic that can enter and leave the network based on protocol and port number?NAC ruleNAT ruleIPsec ruleaccess rule7Which three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.)superuser viewroot viewsuperviewCLI viewadmin viewconfig view8Which two statements match a type of attack with an appropriate example? (Choose two.)To conduct an access attack, an attacker uses L0phtCrack to obtain a Windows server password.To conduct an access attack, an attacker uses Wireshark to capture interesting network traffic.To conduct a reconnaissance attack, an attacker initiates a ping of death attack to a targeted server.To conduct a DoS attack, an attacker uses handler systems and zombies to obtain a Windows server password.To conduct a DoS attack, an attacker initiates a smurf attack by sending a large number of ICMP requests to directed broadcast addTo conduct a reconnaissance attack, an attacker creates a TCP SYN flood causing the server to spawn many half-open connections unresponsive.9Which statement describes configuring ACLs to control Telnet traffic destined to the router itself?The ACL must be applied to each vty line individually.The ACL is applied to the Telnet port with the ip access-group command.Apply the ACL to the vty lines without the in or out option required when applying ACLs to interfaces.The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.10Refer to the exhibit. When configuring SSH on a router using SDM from the Configure menu, which two steps are required? (Choose twoChoose Additional Tasks > Router Access > SSH to generate the RSA keys.Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol.Choose Additional Tasks > Router Properties > Netflow to generate the RSA keys.Choose Additional Tasks > Router Properties > Logging to specify SSH as the input and output protocol.Choose Additional Tasks > Router Access > AAA to generate the RSA keys.Choose Additional Tasks > Router Access > Management Access to specify SSH as the input and output protocol.11Refer to the exhibit. Based on the output from the show secure bootset command on router R1, which three conclusions can be drawn IOS Resilience? (Choose three.)A copy of the Cisco IOS image file has been made.A copy of the router configuration file has been made.The Cisco IOS image file is hidden and cannot be copied, modified, or deleted.The Cisco IOS image filename will be listed when the show flash command is issued on R1.The copy tftp flash command was issued on R1.The secure boot-config command was issued on R1.12Which three OSI layers can be filtered by a stateful firewall? (Choose three.)Layer 2Layer 3Layer 4Layer 5Layer 6Layer 713What is an important difference between network-based and host-based intrusion prevention?Host-based IPS is more scalable than network-based IPS.Host-based IPS can work in promiscuous mode or inline mode.Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.Network-based IPS provides better protection against OS kernel-level attacks on hosts and servers.Network-based IPS can provide protection to hosts without the need of installing specialized software on each one.14What will be disabled as a result of the no service password-recovery command?aaa new-model global configuration commandchanges to the configuration registerpassword encryption serviceability to access ROMmon15Which function does an IPS perform?It passively monitors the traffic on a network.It works in inline mode for processing all ingress and egress traffic.It compares the captured traffic stream with known malicious signatures in an offline manner.It can only send an alarm to the management console when malicious traffic is detected.16Refer to the exhibit. An administrator has entered the commands that are shown on router R1. At what trap level is the logging function s235617What are access attacks?attacks that prevent users from accessing network servicesattacks that modify or corrupt traffic as that traffic travels across the networkattacks that exploit vulnerabilities to gain access to sensitive informationattacks that involve the unauthorized discovery and mapping of systems, services, and vulnerabilities18Which mitigation technique can help prevent MAC table overflow attacks?root guardBPDU guardstorm controlswitchport security19Which three major subpolicies should comprise a comprehensive security policy that meets the security needs of a typical enterprise? (Cend-user policiesdepartmental policiesgoverning policieshuman resource policiesorganizational policiestechnical policies20Which three statements describe SSL-based VPNs? (Choose three.)Asymmetric algorithms are used for authentication and key exchange.It is impossible to configure SSL and IPsec VPNs concurrently on the same router.Special-purpose client software is required on the client machine.Symmetric algorithms are used for bulk encryption.The authentication process uses hashing technologies.The application programming interface is used to extensively modify the SSL client software.The primary restriction of SSL VPNs is that they are currently supported only in hardware.21Refer to the exhibit. Which Cisco IOS security feature is implemented on router R2?CBAC firewallreflexive ACL firewallzone-based policy firewallAAA access control firewall22When port security is enabled on a Cisco Catalyst switch, what is the default action when the maximum number of allowed MAC addresseThe violation mode for the port is set to restrict.The MAC address table is cleared, and the new MAC address is entered into the table.The port remains enabled, but the bandwidth is throttled until the old MAC addresses are aged out.The port is shut down.23Which two protocols allow SDM to gather IPS alerts from a Cisco ISR router? (Choose two.)FTPHTTPSSDEESSHSyslogTFTP24Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)There is no access control to specific interfaces on a router.The root user must be assigned to each privilege level defined.Commands set on a higher privilege level are not available for lower privileged users.Views are required to define the CLI commands that each user can access.Creating a user account that needs access to most but not all commands can be a tedious process.It is required that all 16 privilege levels be defined, whether they are used or not.25Which device supports the use of SPAN to enable monitoring of malicious activity?Cisco NACCisco IronPortCisco Security AgentCisco Catalyst switch26Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)Multiple ACLs per protocol and per direction can be applied to an interface.If an ACL contains no permit statements, all traffic is denied by default.The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.Standard ACLs are placed closest to the source, whereas Extended ACLs are placed closest to the destination.If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.27Refer to the exhibit. Which AAA command logs the activity of a PPP session?aaa accounting connection start-stop group radiusaaa accounting connection start-stop group tacacs+aaa accounting exec start-stop group radiusaaa accounting exec start-stop group tacacs+aaa accounting network start-stop group radiusaaa accounting network start-stop group tacacs+28What login enhancement configuration command helps prevent successive login DoS attacks?exec-timeoutlogin block-forprivilege exec levelservice password-encryption29Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?access-list 101 permit tcp any eq 4300access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq wwwaccess-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq wwwaccess-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 430030Refer to the exhibit. A network technician has entered the commands that are shown on router R1. However, the authentication with the N What is a possible cause?The NTP key value does not meet the MD5 requirements.Authentication has not been enabled on R1.The NTP key numbers have to match on R1.The NTP server has to be specified on R1.31Refer to the exhibit. Which type of VPN is implemented?remote-access GRE VPNremote-access IPsec VPNremote-access SSL VPNsite-to-site GRE VPNsite-to-site IPsec VPNsite-to-site SSL VPN32Refer to the exhibit. Which three things occur if a user attempts to log in four times within 10 seconds using an incorrect password? (ChoSubsequent virtual login attempts from the user are blocked for 60 seconds.During the quiet mode, an administrator can virtually log in from any host on network 172.16.1.0/24.Subsequent console login attempts are blocked for 60 seconds.A message is generated indicating the username and source IP address of the user.During the quiet mode, an administrator can log in from host 172.16.1.2.No user can log in virtually from any host for 60 seconds.33 A network technician is configuring SNMPv3 and has set a security level of auth. What is the effect of this setting?authenticates a packet using the SHA algorithm onlyauthenticates a packet by a string match of the username or community stringauthenticates a packet by using either the HMAC with MD5 method or the SHA methodauthenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and encrypts the packet using either the DES, 3D algorithms34What is a result of securing the Cisco IOS image using the Cisco IOS Resilient Configuration feature?The Cisco IOS image file is not visible in the output of the show flash command.The Cisco IOS image is encrypted and then automatically backed up to a TFTP server.The Cisco IOS image is encrypted and then automatically backed up to the NVRAM.When the router boots up, the Cisco IOS image is loaded from a secured FTP location.35Refer to the exhibit. What information can be obtained from the AAA configuration statements?The authentication method list used for Telnet is named ACCESS.The authentication method list used by the console port is named ACCESS.The local database is checked first when authenticating console and Telnet access to the router.If the TACACS+ AAA server is not available, no users can establish a Telnet session with the router.If the TACACS+ AAA server is not available, console access to the router can be authenticated using the local database.36Which three additional precautions should be taken when remote access is required in addition to local access of networking devices? (CA legal notice should not be displayed when access is obtained.All activity to the specified ports that are required for access should be unrestricted.All configuration activities should require the use of SSH or HTTPS.All administrative traffic should be dedicated to the management network.The number of failed login attempts should not be limited, but the time between attempts should.Packet filtering should be required so that only identified administration hosts and protocols can gain access.37What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?All vty ports are automatically configured for SSH to provide secure management.The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys modulus commThe keys must be zeroized to reset secure shell before configuring other parameters.The generated keys can be used by SSH.38The use of which two options are required for IPsec operation? (Choose two.)AH protocols for encryption and authenticationDiffie-Hellman to establish a shared-secret keyIKE to negotiate the SAPKI for pre-shared-key authenticationSHA for encryption39Which two guidelines relate to in-band network management? (Choose two.)Apply in-band management only to devices that must be managed on the production network.Implement separate network segments for the production network and the management network.Attach all network devices to the same management network.Use IPSec, SSH, or SSL.Deploy a terminal server with console connections to each network device.40Which two statements are characteristics of the IPsec protocol? (Choose two)IPsec is a framework of open standards.IPsec is implemented at Layer 4 of the OSI model.IPsec ensures data integrity by using a hash algorithm.IPsec uses digital certificates to guarantee confidentiality.IPsec is bound to specific encryption algorithms, such as 3DES and AES.41Which element of the Cisco Threat Control and Containment solution defends against attempts to attack servers by exploiting application system vulnerabilities?threat control for emailthreat control for endpointsthreat control for infrastructurethreat control for systems42Refer to the exhibit. Based on the IPS configuration that is provided, which statement is true?The signatures in all categories will be retired and not be used by the IPS.The signatures in all categories will be compiled into memory and used by the IPS.Only the signatures in the ios_ips basic category will be compiled into memory and used by the IPS.The signatures in the ios_ips basic category will be retired and the remaining signatures will be compiled into memory and used by43Which two Cisco IPS management and monitoring tools are examples of GUI-based, centrally managed IPS solutions? (Choose two.)Cisco Adaptive Security Device ManagerCisco IPS Device ManagerCisco Router and Security Device ManagerCisco Security ManagerCisco Security Monitoring, Analysis, and Response System44What are three common examples of AAA implementation on Cisco routers? (Choose three.)authenticating administrator access to the router console port, auxiliary port, and vty portsauthenticating remote users who are accessing the corporate LAN through IPsec VPN connectionsimplementing public key infrastructure to authenticate and authorize IPsec VPN peers using digital certificatesimplementing command authorization with TACACS+securing the router by locking down all unused servicestracking Cisco Netflow accounting statistics45Which action best describes a MAC address spoofing attack?altering the MAC address of an attacking host to match that of a legitimate hostbombarding a switch with fake source MAC addressesforcing the election of a rogue root bridgeflooding the LAN with excessive traffic46Refer to the exhibit. An administrator is configuring ZPF using the SDM Basic Firewall Configuration wizard. Which command is generate administrator selects the Finish button?zone security Out-zone on interface Fa0/0zone security Out-zone on interface S0/0/0zone-member security Out-zone on interface Fa0/0zone-member security Out-zone on interface S0/0/047An organization requires that individual users be authorized to issue specific Cisco IOS commands. Which AAA protocol supports this reTACACS+ because it separates authentication and authorization, allowing for more customization.RADIUS because it supports multiple protocols, including ARA and NetBEUI.TACACS+ because it supports extensive accounting on a per-user or per-group basis.RADIUS because it implements authentication and authorization as one process.48Which three principles are enabled by a Cisco Self-Defending Network? (Choose three.)adaptabilitycollaborationinsulationintegrationmitigationscalability49Refer to the exhibit. Which interface configuration completes the CBAC configuration on router R1?R1(config)# interface fa0/0R1(config-if)# ip inspect INSIDE inR1(config-if)# ip access-group OUTBOUND inR1(config)# interface fa0/1R1(config-if)# ip inspect INSIDE inR1(config-if)# ip access-group OUTBOUND inR1(config)# interface fa0/1R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE outR1(config)# interface fa0/0R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE inR1(config)# interface fa0/1R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE in50Which three statements should be considered when applying ACLs to a Cisco router? (Choose three.)Place generic ACL entries at the top of the ACL.Place more specific ACL entries at the top of the ACL.Router-generated packets pass through ACLs on the router without filtering.ACLs always search for the most specific entry before taking any filtering action.A maximum of three IP access lists can be assigned to an interface per direction (in or out).An access list applied to any interface without a configured ACL allows all traffic to pass.51What precaution should be considered when the no service password-recovery command has been issued on an IOS device?The passwords in the configuration files are in clear text.IOS recovery requires a new system flash with the IOS image.When the password is lost, access to the device will be terminated.The device must use simple password authentication and cannot have user authentication.52Which three statements describe the IPsec protocol framework? (Choose three.)AH uses IP protocol 51.AH provides encryption and integrity.AH provides integrity and authentication.ESP uses UDP protocol 50.ESP requires both authentication and encryption.ESP provides encryption, authentication, and integrity.53Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution correctIssue the logging on command in global configuration.Issue the ip ips notify sdee command in global configuration.Issue the ip audit notify log command in global configuration.Issue the clear ip ips sdee events command to clear the SDEE buffer.54Which command would an administrator use to clear generated crypto keys?Router(config)# crypto key decryptRouter(config-line)# transport input ssh clearRouter(config)# crypto key rsaRouter(config)# crypto key zeroize rsa55Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds 2,000,000 packets per second.Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per sec56What functionality is provided by Cisco SPAN in a switched network?It mitigates MAC address overflow attacks.It prevents traffic on a LAN from being disrupted by a broadcast storm.It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.It protects the switched network from receiving BPDUs on ports that should not be receiving them.It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.57Which three commands are required to configure SSH on a Cisco router? (Choose three.)ip domain-name name in global configuration modetransport input ssh on a vty lineno ip domain-lookup in global configuration modepassword password on a vty lineservice password-encryption in global configuration modecrypto key generate rsa in global configuration mode58Refer to the exhibit. Based on the SDM screen shown, which two conclusions can be drawn about the IKE policy being configured? (ChoIt will use digital certificates for authentication.It will use a predefined key for authentication.It will use a very strong encryption algorithm.It will be the default policy with the highest priority.It is being created using the SDM VPN Quick Setup Wizard.59Which statement describes the SDM Security Audit wizard?After the wizard identifies the vulnerabilities, the SDM One-Step Lockdown feature must be used to make all security-related configuAfter the wizard identifies the vulnerabilities, it automatically makes all security-related configuration changes.The wizard autosenses the inside trusted and outside untrusted interfaces to determine possible security problems that might exist.The wizard is based on the Cisco IOS AutoSecure feature.The wizard is enabled using the Intrusion Prevention task.60What is a feature of the TACACS+ protocol?It combines authentication and authorization as one process.It encrypts the entire body of the packet for more secure communications.It utilizes UDP to provide more efficient packet transfer.It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.。

准确率100%1配置帧中继连接时，在下列哪种情况下应使用frame-relay map命令？当远程路由器的品牌不是Cisco 时当本地路由器配置有子接口时当使用全局有效的而非本地有效的DLCI 时当本地路由器与远程路由器使用不同的LMI 协议时2请参见图示。

使用图示中命令后输出的结果显示OSI 模型的哪一层出现故障？传输层网络层数据链路层物理层3请参见图示。

网络中的所有路由器上均已配置RIPv2。

路由器R1 和R3 没有收到RIP 路由更新。

根据提供的配置，应在项功能方可解决此问题？代理ARPCDP 更新SNMP 服务RIP 身份验证4管理员正在使用RIPng 和双协议栈技术为一路由器配置IPv6 和IPv4，他在输入IPv4 路由时收到一条错误消息。

可能是错误消息？IPv4 与RIPng 不兼容RIPng 与双协议栈技术不兼容。

路由器接口的地址配置错误。

在同一接口同时配置IPv4 和IPv6 时，所有IPv4 地址均被禁用，以支持新的技术。

5请参见图示。

网络管理员正尝试将路由器配置为使用SDM，但这名网络管理员无法访问路由器的SDM 接口。

此问题的原VTY 线路配置错误。

HTTP 超时策略配置错误。

身份验证方法配置错误。

用户名和口令配置错误。

6配置帧中继连接时，逆向ARP 有什么作用？为远程节点分配DLCI使对等节点的请求无法识别本地第 3 层地址协商本地和远程帧中继节点之间的LMI 封装创建从DLCI 到远程节点第3 层地址的映射7网络管理员可采取什么措施找回丢失的路由器口令？使用copy tftp:flash:命令。

启动路由器进入bootROM 模式，并输入b命令，手动加载IOS自另一台路由器telnet，并发出show running-config命令查看口令启动路由器进入ROM Monitor 模式，然后配置路由器，使其在初始化的时候忽略启动配置8下列哪两项是可用于PPP 配置的LCP 选项？（选择两项。

最新CCNA认证试题及答案「中文版」1、对于这样一个地址,192.168.19.255/20,下列说法正确的是: ( )(A) 这是一个广播地址(B) 这是一个网络地址(C) 这是一个私有地址(D) 地址在192.168.19.0网段上(E) 地址在192.168.16.0网段上(F) 这是一个公有地址答案：CE注：IP地址中关键是看她的主机位，将子网掩码划为二进制，1对应上面的地址是网络位，0对应的地址是主机位192.168.19.255/20划为二进制为：11000000.10101000.00010011.1111111111111111.11111111.11110000.00000000主机位变成全0表示这个IP的网络地址主机槐涑扇?表示这个IP的广播地址RFC1918文件规定了保留作为局域网使用的私有地址：10.0.0.0 - 10.255.255.255 (10/8 prefix)172.16.0.0 - 172.31.255.255 (172.16/12 prefix)192.168.0.0 - 192.168.255.255 (192.168/16 prefix)2、目前，我国应用最为广泛的LAN标准是基于()的以太网标准.(A) IEEE 802.1(B) IEEE 802.2(C) IEEE 802.3(D) IEEE 802.5答案：C参考知识点：现有标准：IEEE 802.1 局域网协议高层IEEE 802.2 逻辑链路控制IEEE 802.3 以太网IEEE 802.4 令牌总线IEEE 802.5 令牌环IEEE 802.8 FDDIIEEE 802.11 无线局域网记住IEEE802.1-------IEEE802.5的定义以太网是一种计算机局域网组网技术。

IEEE制定的IEEE 802.3标准给出了以太网的技术标准。

它规定了包括物理层的连线、电信号和介质访问层协议的内容。

路由器获知到的第一条路径仅使用路由器获知到的前两条路径路由器获知到的最后一条路径全部四条路径对于为防备路由环路而经过毒性反转实现的水平切割方法，哪两项表达正确？（选择两项。

）全部Cisco IOS都会默认启用此方法。

会将一个表示无量大胸怀的值分派给路由以将其毒化。

将毒化路由更新发回该更新的发送接口。

指示路由器将可能会影响路由的改正保持一段特定的时间。

限制数据包在被抛弃以前能够在网络中传输的跳数。

在两台路由器能够使用OSPF形成街坊毗邻关系以前一定达成哪两项任务？（选择两项。

）路由器一定选举出指定路由器。

路由器一定在网络种类方面达成一致。

路由器一定使用同样的dead时间间隔。

路由器一定互换链路状态恳求。

路由器一定互换数据库描绘数据包。

以下路由器组件和操作的配对中，哪两项是正确的？（选择两项。

）DRAM -加载bootstrapRAM -储存操作系统闪存- 启动时履行诊疗NVRAM -储存配置文件ROM -存贮备份配置文件POST -运转硬件模块诊疗以下对于无类路由协议的陈说，哪两项是正确的？（选择两项。

）无类路由协议可用于不连续子网。

无类路由协议可在路由更新中转发超网路由。

无类路由协议没法在路由表中实行有类路由。

无类路由协议仅使用跳数胸怀。

无类路由协议的路由更新中不包含子网掩码。

请拜见图示。

在图示的此中一台设施上运转了show cdp neighbors命令。

依据此信息，可推测出哪两项结论？（选择两项。

）在路由器上运转了该命令。

ABCD是一台非CISCO设施。

两台设施间存在第 3 层连通性。

ABCD支持路由功能。

ABCD连结到相邻设施的Fa0/0接口。

R3 。

图中显示了全部三台路由器的路由。

从该输出能够获得什么结论？请拜见图示。

网络连结有三台路由器：R1 、 R2 和R1和R3经过S0/0/0接口相连。

R1 S0/0/0接口的IP 地点为10.1.1.2 。

R2 S0/0/1接口的IP 地点为10.3.3.2 。

思科第三册final 试题及答案1请参见图示。

下列哪三种说法描述了 Host1 和 Host2 无法通信的原因？（选择三项。

）交换机端口处于不同的 VLAN 中。

交换机的 IP 地址在错误的子网中。

主机被配置在不同的逻辑网络中。

需要路由器在 Host1 与 Host2 之间转发流量。

每个 VLAN 中的 VLAN 端口必须连续分配。

主机的默认网关地址必须处于同一个逻辑网络中。

2请参见图示。

主机 PC_A 和主机 PC_B 同时发送流量，来自这两台发送站的帧发生了冲突。

最突信号的是哪台设备？集线器 HB1交换机 SW1路由器 R1交换机 SW2路由器 R2交换机 SW43请参见图示。

在生成树协议中，“学习”表示什么意思？交换机正在发送并接收数据帧。

交换机并未接收 BPDU，但正在发送并接收数据。

交换机正在通过转发收到的 BPDU 参与选举过程。

交换机正在接收 BPDU 并填充 MAC 地址表，但并未发送数据。

4请参见图示。

RTB 被配置为进行传统的 VLAN 间路由。

RTB 可以 ping 通计算机 A 但无法 pin 机 B。

此故障的原因可能是什么？Fa0/11 端口处于错误的 VLAN 中。

RTB 上没有有效的路由协议。

计算机 B 的 IP 地址在错误的逻辑网络中。

路由器的 Fa0/1 接口上配置了错误的中继封装类型。

5请参见图示。

网络管理员已将网络划分为两个 VLAN，R1 和 S1 的配置如图所示。

但是，PC1 无法问题很可能出在哪里？R1 上未配置路由协议。

S1 的 Fa0/1 端口不是中继端口。

S1 上未设置默认网关地址。

S1 和 R1 之间只配置了一条物理链路用于 VLAN 间路由。

6单臂路由器 VLAN 间路由有哪三项特征？（选择三项。

）需要使用 VTP需要使用子接口减少广播域的数量使用过多 VLAN 时会影响性能需要在路由器和至少一台交换机之间采用接入链路比用于 VLAN 间路由的其它方法更加经济规定至少要在路由器和交换机之间使用两个交换机端口7请参见图示。