最新-ccnp的试题全中文

思科认证CCNP经典试题第一部分填空题1、在Cisco体系的IGP协议中，RIP的A-D管理距离是，EIGRP 的域内A-D管理距离是，EIGRP的域外A-D管理距离是OSPF的A-D管理距离是。

BGP 从EBGP学习到的路由学到路由的A-D管理距离是; BGP从IBGP学习到的路由学到路由的A-D管理距离是。

2、BGP的默认MED值为；其中MED越越优选被用于选路；BGP从邻居哪里学到的权重为；BGP自己本路由产生的路由（始发路由）产生权重是；BGP 的默认本地优先级为：。

3、BGP的邻居分为和。

4、OSPF在那个区域（有区域0，区域1，区域2）广播多路访问（比如以太网，没有出现外部网络），在区域0可以看到类LSA。

如果想看到2类LSA，必须在网络类型；在NSSA区域可以看到类LSA，在纯粹的NASS区域内是否有5类LSA？（回答是或者否）。

5、HSRP包括哪六种状态？6、OSPF在MA网络链路类型的HELLO报文作用？（3种）7、IPV6的本地链路地址是；本地站点地址是。

（没有/10的写法）8、在选择STP的角色（身份）有哪些？，默认STP的收敛时间为。

配置了portfast后，收敛时间会小于。

9、OSPF发送hello包的组播地址是，EIGRP组播地址是；HSRP 发送hello包组播地址是；VRRP发送hello 包的组播地址是。

10、目前以太通道最多可以使用条物理线缆逻辑捆绑成一个以太通道接口？形成以太通道方式有。

11、BGP在EBGP中使用属性避免AS间的环路（确保无环），该属性属于BGP的必遵属性，其中还有哪两个是BGP公认必遵属性为和。

第二部分选择1、在对基于CEF的多层交换（MLS）进行排错的时候，例如解决无法到达特定的IP目标等问题，首先需要先查看哪两张表去验证错误？（）A、IP路由表和路由表B、IP路由和CEF邻接关系表C、TCAM中的IP CEF FIB和邻接关系表D、IP路由表和ARP表2、EIGRP位一个混合距离矢量协议，在METRIC值中使用K1-K5五个K值，默认情况下，使用K值分别是（）A、K1，K2 B K3,K4 C、K1，K5 D、K1，K33、OSPF中router-id能标识一台设备的身份，下面说法正确的是（）A、先选举手工配置，然后选择设备loopback地址大的，在选运行了宣告进OSPF最大的物理接口最大的地址。

A. Switch P2S1 is in server mode.B. Switch P1S1 is in transparent mode.C. The MD5 digests do not match.D. The passwords do not match.E. The VTP domains are different.F. VTP trap generation is disabled on both switches.Answer: B,D,EExplanation:Determine the VTP mode of operation of the switch and include the mode when setting the VTP domain name information on the switch. If you leave the switch in server mode, be sure to verify that the configuration revision number is set to 0 before adding the switch to the VTP domain. It is generally recommended that you have several servers in the domain, with all other switches set to client mode for purposes of controlling VTP information.It is also highly recommended that you use secure mode in your VTP domain. Assigning a password to the domain will accomplish this. This will prevent unauthorized switches fromparticipating in the VTP domain. From the privileged mode or VLAN configuration mode, use the vtp password password command.h t t p://www.ed if y.co m .cn /QUESTION NO: 75Refer to the exhibit. Based upon the output of show vlan on switch CAT2, what can we conclude about interfaces Fa0/13 and Fa0/14?A. that interfaces Fa0/13 and Fa0/14 are in VLAN 1B. that interfaces Fa0/13 and Fa0/14 are downC. that interfaces Fa0/13 and Fa0/14 are trunk interfacesD. that interfaces Fa0/13 and Fa0/14have a domain mismatch with another switchE. that interfaces Fa0/13 and Fa0/14have a duplex mismatch with another switchAnswer: CExplanation:trunk - This setting places the port in permanent trunking mode. The corresponding switch port at the other end of the trunk should be similarly configured because negotiation is not allowed. You should also manually configure the encapsulation mode.show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't shows the port on trunk mode.QUESTION NO: 76Refer to the exhibit. On the basis of the output generated by the show commands, which two statements are true? (Choose two.)h t t p://www.ed if y.co m .cn /A. Because it is configured as a trunk interface, interface gigabitethernet 0/1 does not appear in the show vlan output.B. VLAN 1 will not be encapsulated with an 802.1q header.C. There are no native VLANs configured on the trunk.D. VLAN 2 will not be encapsulated with an 802.1q header.E. All interfaces on the switch have been configured as access ports.F. Because it has not been assigned to any VLAN, interface gigabitethernet 0/1 does not appear in the show vlan output.Answer: A,BExplanation:h t t p://www.ed if y.co m .cn /The IEEE 802.1Q protocol can also carry VLAN associations over trunk links. However, this frame identification method is standardized, allowing VLAN trunks to exist and operate between equipment from multiple vendors.In particular, the IEEE 802.1Q standard defines an architecture for VLAN use, services provided with VLANs, and protocols and algorithms used to provide VLAN services.Like Cisco ISL, IEEE 802.1Q can be used for VLAN identification with Ethernet trunks. Instead of encapsulating each frame with a VLAN ID header and trailer, 802.1Q embeds its tagging information within the Layer 2 frame. This method is referred to as single-tagging or internal tagging .802.1Q also introduces the concept of a native VLAN on a trunk. Frames belonging to this VLAN are not encapsulated with any tagging information. In the event that an end station is connected to an 802.1Q trunk link, the end station can receive and understand only the native VLAN frames.This provides a simple way to offer full trunk encapsulation to the devices that can understand it,while giving normal access stations some inherent connectivity over the trunk.show vlan: This commands shows the vlan, ports belonging to VLAN means that port on access mode. It doesn't show the port on trunk mode.QUESTION NO: 77Refer to the exhibit and the show interfaces fastethernet0/1 switchport outputs. Users in VLAN 5on switch SW_A complain that they do not have connectivity to the users in VLAN 5 on switch SW_B. What should be done to fix the problem?A. Configure the same number of VLANs on both switches.h t t p://www.ed if y.co m .cn /B. Create switch virtual interfaces (SVI) on both switches to route the traffic.C. Define VLAN 5 in the allowed list for the trunk port on SW_A.D. Disable pruning for all VLANs in both switches.E. Define VLAN 5 in the allowed list for the trunk port on SW_BAnswer: CExplanation:switchport trunk allowed vlan , defines which VLANs can be trunked over thelink . By default, a switch transports all active VLANs (1 to 4094) over a trunk link. There might be times when the trunk link should not carry all VLANs. For example, broadcasts are forwarded to every switch port on a VLAN-including the trunk link because it, too, is a member of the VLAN.If the VLAN does not extend past the far end of the trunk link, propagating broadcasts across the trunk makes no sense.Section 8: Document results of VLAN implementation and verification (0 Questions)QUESTION NO: 78Refer to the exhibit. An attacker is connected to interface Fa0/11 on switch A-SW2 and attempts to establish a DHCP server for a man-in-middle attack. Which recommendation, if followed, would mitigate this type of attack?A. All switch ports in the Building Access block should be configured as DHCP untrusted ports.B. All switch ports in the Building Access block should be configured as DHCP trusted ports.h t t p://www.ed if y.co m .cn /C. All switch ports connecting to servers in the Server Farm block should be configured as DHCP untrusted ports.D. All switch ports connecting to hosts in the Building Access block should be configured as DHCP trusted ports.E. All switch ports in the Server Farm block should be configured as DHCP untrusted ports.F. All switch ports connecting to hosts in the Building Access block should be configured as DHCP untrusted ports.Answer: FExplanation:One of the ways that an attacker can gain access to network traffic is to spoof responses that would be sent by a valid DHCP server. The DHCP spoofing device replies to client DHCPrequests. The legitimate server may reply also, but if the spoofing device is on the same segment as the client, its reply to the client may arrive first.The intruder's DHCP reply offers an IP address and supporting information that designates the intruder as the default gateway or Domain Name System (DNS) server. In the case of a gateway,the clients will then forward packets to the attacking device, which will in turn send them to the desired destination. This is referred to as a "man-in-the-middle" attack, and it may go entirely undetected as the intruder intercepts the data flow through the network.Untrusted ports are those that are not explicitly configured as trusted. A DHCP binding table is built for untrusted ports. Each entry contains the client MAC address, IP address, lease time,binding type, VLAN number, and port ID recorded as clients make DHCP requests. The table is then used to filter subsequent DHCP traffic. From a DHCP snooping perspective, untrusted access ports should not send any DHCP server responses, such as DHCPOFFER, DHCPACK,DHCPNAK .QUESTION NO: 79You are responsible for increasing the security within the Company LAN. Of the following choices listed below, which is true regarding layer 2 security and mitigation techniques?A. Enable root guard to mitigate ARP address spoofing attacks.B. Configure DHCP spoofing to mitigate ARP address spoofing attacks.C. Configure PVLANs to mitigate MAC address flooding attacks.D. Enable root guard to mitigate DHCP spoofing attacks.E. Configure dynamic APR inspection (DAI) to mitigate IP address spoofing on DHCP untrusted ports.F. Configure port security to mitigate MAC address floodingG. None of the other alternatives applyAnswer: Fh t t p://www.ed if y.co m .cn /Explanation:Use the port security commands to mitigate MAC-spoofing attacks. The port security command provides the capability to specify the MAC address of the system connected to a particular port.The command also provides the ability to specify an action to take if a port-security violationoccurs. However, as with the CAM table-overflow attack mitigation, specifying a MAC address on every port is an unmanageable solution. Hold-down timers in the interface configuration menu can be used to mitigate ARP spoofing attacks by setting the length of time an entry will stay in the ARP cache.Reference: /networksecurity/NetworkSecurity.htmlSection 2: Create an implementation plan for the Security solution (3 Questions)QUESTION NO: 80You work as a network technician at . Your boss, Mrs. Tess King, is interested in switch spoofing. She asks you how an attacker would collect information with VLAN hoping through switch spoofing. You should tell her that the attacking station...A. es VTP to collect VLAN information that is sent out and then tags itself with the domain information in order to capture the data.B. ...will generate frames with two 802.1Q headers to cause the switch to forward the frames to a VLAN that would be inaccessible to the attacker through legitimate means.C. es DTP to negotiate trunking with a switch port and captures all traffic that is allowed on the trunk.D. ...tags itself with all usable VLANs to capture data that is passed through the switch, regardless of the VLAN to which the data belongs.E. None of the other alternatives applyAnswer: CExplanation:DTP should be disabled for all user ports on a switch. If the port is left with DTP auto-configured (default on many switches), an attacker can connect and arbitrarily cause the port to start trunking and therefore pass all VLAN information.Reference:/en/US/solutions/ns340/ns517/ns224/ns376/net_design_guidance0900aecd800ebd1e.pdfQUESTION NO: 81h t t p://www.ed if y.co m .cn /The Company security administrator is concerned with layer 2 network attacks. Which two statements about these attacks are true? (Select two)A. ARP spoofing attacks are attempts to redirect traffic to an attacking host by encapsulating a false 802.1Q header on a frame and causing traffic to be delivered to the wrong VLAN.B. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP message with a forged identity to a transmitting host.C. MAC address flooding is an attempt to force a switch to send all information out every port by overloading the MAC address table.D. ARP spoofing attacks are attempts to redirect traffic to an attacking host by sending an ARP packet that contains the forged address of the next hop router.E. MAC address flooding is an attempt to redirect traffic to a single port by associating that port with all MAC addresses in the VLAN.Answer: B,CExplanation:Content Addressable Memory ( CAM ) Table Overflow (MAC address Flooding)Content Addressable Memory (CAM) tables are limited in size. If enough entries are entered into the CAM table before other entries are expired, the CAM table fills up to the point that no new entries can be accepted. Typically, a network intruder floods the switch with a large number of invalid source Media Access Control (MAC) addresses until the CAM table fills up. When thatoccurs, the switch floods all ports with incoming traffic because it cannot find the port number for a particular MAC address in the CAM table. The switch, in essence, acts like a hub. If the intruder does not maintain the flood of invalid-source MAC addresses, the switch eventually times out older MAC address entries from the CAM table and begins to act like a switch again. CAM tableoverflow only floods traffic within the local VLAN so the intruder only sees traffic within the local VLAN to which he or she is connected.The CAM table overflow attack can be mitigated by configuring port security on the switch. This option provides for either the specification of the MAC addresses on a particular switch port or the specification of the number of MAC addresses that can be learned by a switch port. When an invalid MAC address is detected on the port, the switch can either block the offending MAC address or shut down the port. The specification of MAC addresses on switch ports is far too unmanageable a solution for a production environment. A limit of the number of MAC addresses on a switch port is manageable. A more administratively scalable solution is the implementation of dynamic port security at the switch. In order to implement dynamic port security, specify a maximum number of MAC addresses that will be learned.Address Resolution Protocol (ARP) SpoofingARP is used to map IP addressing to MAC addresses in a local area network segment where hosts of the same subnet reside. Normally, a host sends out a broadcast ARP request to find the MAC address of another host with a particular IP address, and an ARP response comes from the host whose address matches the request. The requesting host then caches this ARP response.Within the ARP protocol, another provision is made for hosts to perform unsolicited ARP replies.h t t p://www.ed if y.co m .cn /The unsolicited ARP replies are called Gratuitous ARP (GARP). GARP can be exploited maliciously by an attacker to spoof the identity of an IP address on a LAN segment. This istypically used to spoof the identity between two hosts or all traffic to and from a default gateway in a "man-in-the-middle" attack.When an ARP reply is crafted, a network attacker can make his or her system appear to be the destination host sought by the sender. The ARP reply causes the sender to store the MACaddress of the network attacker's system in the ARP cache. This MAC address is also stored by the switch in its CAM table. In this way, the network attacker has inserted the MAC address of his or her system into both the switch CAM table and the ARP cache of the sender. This allows the network attacker to intercept frames destined for the host that he or she is spoofing.Reference:/en/US/products/hw/switches/ps5023/products_configuration_example09186a00807c4101.shtmlQUESTION NO: 82The Company security administrator wants to prevent DHCP spoofing. Which statement is true about DHCP spoofing operation?A. DHCP spoofing and SPAN cannot be used on the same port of a switch.B. To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packet.C. To prevent a DHCP spoofing, the switch must have DHCP server services disabled and a static entry pointing towards the DHCP server.D. DHCP spoofing can be prevented by placing all unused ports in an unused VLAN.E. None of the other alternatives apply.Answer: BExplanation:About DHCP Spoofing:Suppose that an attacker could bring up a rogue DHCP server on a machine in the same subnet as that same client PC. Now when the client broadcasts its DHCP request, the rogue server could send a carefully crafted DHCP reply with its own IP address substituted as the default gateway.When the client receives the reply, it begins using the spoofed gateway address. Packets destined for addresses outside the local subnet then go to the attacker's machine first. The attacker can forward the packets to the correct destination, but in the meantime, it can examine every packet that it intercepts. In effect, this becomes a type of man-in-the-middle attack; the attacker is wedged into the path and the client doesn't realize it.About ARP:h t t p://www.ed if y.co m .cn /Hosts normally use the Address Resolution Protocol (ARP) to resolve an unknown MAC address when the IP address is known. If a MAC address is needed so that a packet can be forwarded at Layer 2, a host broadcasts an ARP request that contains the IP address of the target in question.If any other host is using that IP address, it responds with an ARP reply containing its MAC address.To prevent a DHCP spoofing, the DHCP server must create a static ARP entry that cannot be updated by a dynamic ARP packetSection 3: Create a verification plan for the Security solution (4 Questions)QUESTION NO: 83Refer to the exhibit. What will happen to traffic within VLAN 14 with a source address of 172.16.10.5?A. The traffic will be forwarded to the router processor for further processing.B. The traffic will be dropped.C. The traffic will be forwarded to the TCAM for further processing.D. The traffic will be forwarded without further processing.Answer: BExplanation:VLAN maps, also known as VLAN ACLs or VACLs, can filter all traffic traversing a switch. VLAN maps can be configured on the switch to filter all packets that are routed into or out of a VLAN, or are bridged within a VLAN. VLAN maps are used strictly for security packet filtering. Unlike routerh t t p://www.ed if y.co m .cn /ACLs, VLAN maps are not defined by direction (input or output).To create a VLAN map and apply it to one or more VLANs, perform these steps: Create the standard or extended IP ACLs or named MAC extended ACLs to be applied to the VLAN. This access-list will select the traffic that will be either forwarded or dropped by the access-map. Only traffic matching the 'permit' condition in an access-list will be passed to the access-map for further processing. Enter the vlan access-map access-map-name [ sequence ] global configuration command to create a VLAN ACL map entry. Each access-map can have multiple entries. The order of these entries is determined by the sequence . If no sequence number is entered, access-map entries are added with sequence numbers in increments of 10. In access map configuration mode, optionally enter an action forward or action drop . The default is to forward traffic. Also enter the match command to specify an IP packet or a non-IP packet (with only a known MAC address),and to match the packet against one or more ACLs (standard or extended). Use the vlan filter access-map-name vlan-list vlan-list global configuration command to apply a VLAN map to one or more VLANs. A single access-map can be used on multiple VLANs.QUESTION NO: 84Company is implementing 802.1X in order to increase network security. In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Select three)A. EAP-over-LANB. EAP MD5C. STPD. protocols not filtered by an ACLE. CDPF. TACACS+Answer: A,C,EExplanation:The IEEE 802.1x standard defines a port-based access control and authentication protocol that restricts unauthorized workstations from connecting to a LAN through publicly accessible switch ports. The authentication server authenticates each workstation that is connected to a switch port before making available any services offered by the switch or the LAN. Until the workstation is authenticated, 802.1x access control allows only Extensible Authentication Protocol over LAN (EAPOL) traffic through the port to which the workstation is connected. After authentication succeeds, normal traffic can pass through the port.The Authentication server performs the actual authentication of the client. The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services. Because the switch acts as the proxy, theh t t p://www.ed if y.co m .cn /authentication service is transparent to the client. In this release, the Remote Authentication Dial-In User Service (RADIUS) security system with Extensible Authentication Protocol (EAP)extensions is the only supported authentication server; it is available in Cisco Secure Access Control Server version 3.0. RADIUS operates in a client/server model in which secureauthentication information is exchanged between the RADIUS server and one or more RADIUS clients.Spanning-Tree Protocol (STP) is a Layer 2 protocol that utilizes a special-purpose algorithm to discover physical loops in a network and effect a logical loop-free topology. STP creates a loop-free tree structure consisting of leaves and branches that span the entire Layer 2 network. The actual mechanics of how bridges communicate and how the STP algorithm works will be discussed at length in the following topics. Note that the terms bridge and switch are used interchangeably when discussing STP. In addition, unless otherwise indicated, connections between switches are assumed to be trunks.CDP is a Cisco proprietary protocol that operates at the Data Link layer. One unique feature about operating at Layer 2 is that CDP functions regardless of what Physical layer media you are using (UTP, fiber, and so on) and what Network layer routed protocols you are running (IP, IPX,AppleTalk, and so on). CDP is enabled on all Cisco devices by default, and is multicast every 60seconds out of all functioning interfaces, enabling neighbor Cisco devices to collect information about each other. Although this is a multicast message, Cisco switches do not flood that out to all their neighbors as they do a normal multicast or broadcast.For STP, CDP and EAP-over-LAN are allowed before Authentication.QUESTION NO: 85Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other,although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?h t t p://www.ed if y.co m .cn /A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.B. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports.D. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports.Answer: DExplanation:Service providers often have devices from multiple clients, in addition to their own servers, on a single Demilitarized Zone (DMZ) segment or VLAN. As security issues proliferate, it becomes necessary to provide traffic isolation between devices, even though they may exist on the same Layer 3 segment and VLAN. Catalyst 6500/4500 switches implement PVLANs to keep some switch ports shared and some switch ports isolated, although all ports exist on the same VLAN.The 2950 and 3550 support "protected ports," which are functionality similar to PVLANs on a per-switch basis.A port in a PVLAN can be one of three types:Isolated: An isolated port has complete Layer 2 separation from other ports within the same PVLAN, except for the promiscuous port. PVLANs block all traffic to isolated ports, except the traffic from promiscuous ports. Traffic received from an isolated port is forwarded to only promiscuous ports.Promiscuous: A promiscuous port can communicate with all ports within the PVLAN, including the community and isolated ports. The default gateway for the segment would likely be hosted on a promiscuous port, given that all devices in the PVLAN will need to communicate with that port. Community: Community ports communicate among themselves and with their promiscuous ports.These interfaces are isolated at Layer 2 from all other interfaces in other communities, or in isolated ports within their PVLAN.QUESTION NO: 86VLAN maps have been configured on switch R1. Which of the following actions are taken in a VLAN map that does not contain a match clause?A. Implicit deny feature at end of list.B. Implicit deny feature at start of list.C. Implicit forward feature at end of listD. Implicit forward feature at start of list.Answer: Ah t t p://www.ed if y.co m .cn /Explanation:Each VLAN access map can consist of one or more map sequences, each sequence with a match clause and an action clause. The match clause specifies IP, IPX, or MAC ACLs for traffic filtering and the action clause specifies the action to be taken when a match occurs. When a flow matches a permit ACL entry the associated action is taken and the flow is not checked against theremaining sequences. When a flow matches a deny ACL entry, it will be checked against the next ACL in the same sequence or the next sequence. If a flow does not match any ACL entry and at least one ACL is configured for that packet type, the packet is denied.Reference:/en/US/products/hw/switches/ps700/products_configuration_guide_chapter09186a008007f4d4.htmlSection 4: Configure port security features (6 Questions)QUESTION NO: 87A Company switch was configured as shown below:switchport mode access switchport port-securityswitchport port-security maximum 2switchport port-security mac-address 0002.0002.0002switchport port-security violation shutdownGiven the configuration output shown above, what happens when a host with the MAC address of 0003.0003.0003 is directly connected to the switch port?A. The host will be allowed to connect.B. The port will shut down.C. The host can only connect through a hub/switch where 0002.0002.0002 is already connected.D. The host will be refused access.E. None of the other alternatives applyAnswer: AExplanation:Steps of Implementing Port Security:h t t p://www.ed if y.co m .cn /In Exhibit two MAC addresses are allowed so that host will be allowed to connect.QUESTION NO: 88Refer to the exhibit. Which interface or interfaces on switch SW_A can have the port security feature enabled?A. Ports 0/1 and 0/2B. The trunk port 0/22 and the EtherChannel portsh t t p://www.ed if y.co m .cn /C. Ports 0/1, 0/2 and 0/3D. Ports 0/1, 0/2, 0/3, the trunk port 0/22 and the EtherChannel portsE. Port 0/1F. Ports 0/1, 0/2, 0/3 and the trunk port 0/22Answer: CExplanation:Port security is a feature supported on Cisco Catalyst switches that restricts a switch port to a specific set or number of MAC addresses. Those addresses can be learned dynamically or configured statically. The port will then provide access to frames from only those addresses. If,however, the number of addresses is limited to four but no specific MAC addresses areconfigured, the port will allow any four MAC addresses to be learned dynamically, and port access will be limited to those four dynamically learned addresses. A port security feature called "sticky learning," available on some switch platforms, combines the features of dynamically learned and statically configured addresses. When this feature is configured on an interface, the interface converts dynamically learned addresses to "sticky secure" addresses. This adds them to the running configuration as if they were configured using the switchport port-security mac-address command.QUESTION NO: 89Refer to the exhibit. Based on the running configuration that is shown for interface FastEthernet0/2, what two conclusions can be deduced? (Choose two.)A. Connecting a host with MAC address 0000.0000.4147 will move interface FastEthernet0/2 into error disabled state.B. The host with address 0000.0000.4141 is removed from the secure address list after 5 seconds of inactivity.h t t p://www.ed if y.co m .cn /。

网络系统构建技术总复习一、不定项选择题1、在Windows 2003/2008 的TCP/IP 网络中，IP 地址有两种设定方法，它们分别是（B、D）。

A. 通过DHCP 和DNS 设定B. 通过DHCP 及人工指定C. 通过子网掩码和缺省网关给定D. 通过网络自动生成2、如果所在的局域网中存在DHCP 服务器，那么在Windows 平台下安装TCP/IP网络时，就可以（B ）。

A. 去掉IP 地址的设置B. 从DHCP 服务器中自动获得一个IP 地址C. 设置一个有效的固定IP 地址D. 任意设置一个IP 地址3、如果用户所安装的TCP/IP 网络与其他网络或与Internet 相连，则必须（D ）。

A. 设定DHCPB. 设置WINSC. 给定任意一个IP 地址D. 指定缺省网关4．在Windows 2003/2008 的TCP/IP 网络中，要求各个连网计算机的IP 地址在本域范围内（ B ）。

A. 使用同一个IP 地址B. 惟一C. 任意设定D. 不惟一5、在设置静态ip地址时，（A、C、D ）参数有时是可以不设置的。

（选择三项）A. 网关B. 子网掩码C. 首选域名服务器D. 备用域名服务器6、在邮件地址mackenzre@中，（B）表示域名。

（选择一项）A. MackenzreB. C. mackenzre@7、一台服务器准备作为网络的文件服务器，管理员正在对该服务器的硬盘进行规划。

如果用户希望读写速度最快，他应将硬盘规划为（C ），如果用户希望对系统分区进行容错，他应将硬盘规划为（D ），如果用户希望对数据进行容错，并保证较高的磁盘利用率，他应将硬盘规划为（ E ）。

A. 简单卷B. 跨区卷C. 带区卷D. 镜像卷E. RAID－5卷8、使用域控制器来集中管理域账户，你安装域控制器必须具备以下条件（A、B ）。

（选择二项）A. 操作系统版本是Windows server 2003或者Windows Server 2008B. 本地磁盘至少有一个NTFS分区C. 本地磁盘必须全部是NTFS分区D. 有相应的DNS服务器支持9、一位系统管理员在安装Windows Server 2003/2008的过程中，在安装向导的网络设置页面中选择了“典型设置”，那么当服务器安装完成后将其连接到公司的网络，它的IP地址会（ B ）。

唐钢集团CCNP课程培训测试题姓名：成绩：一、选择题：（单选，共20题，每题4分）1．如下图所示，拓扑表中，数字3011840 和3128695 代表什么？-------------------------（）A．应用于该路由器EIGRP 路由的路由度量B．路由信息来源的可信度C．到目的网络的跳数和带宽的复合度量D．由EIGRP 邻居通告的网络总度量2．请参见图示。

该公司在编号为10 的自治系统中使用EIGRP。

路由器A 和路由器B 所连接网络上的主机能够相互ping 通。

但是，192.168.3.0 网络上的用户无法访问192.168.1.32 网络上的用户。

此问题最可能的原因是什么？---------------------------------------------------（）A启用了无类IP，从而导致数据包被丢弃。

B路由器C 上未使用network 192.168.1.32 命令。

C没有将路由器配置在相同的EIGRP 路由域中。

D网络自动总结导致各子网的路由被丢弃。

3．请参见图示。

网络192.168.0.0/28 断开。

Router2 会立即向Router1 和Router3 发送什么类型的数据包？---------------------------------------------------------------------------------------------------（）A查询网络192.168.0.0/28 的查询数据包B到224.0.0.9 的确认数据包C发送到255.255.255.255 的更新数据包D包含R2 新路由表的数据包发送到192.168.1.1 和192.168.2.1 的单播更新数据包4．请参见图示。

所有接口都已配置为如图所示的带宽。

假设所有路由器都是使用默认的EIGRP 配置作为路由协议，那么从172.16.1.0/16 网络发往192.168.200.0/24 网络的数据包会采用哪一条路径？--------------------------------------------------------------------------------------------------------------------（）A. A-B-EB. A-C-EC. A-D-ED.数据包会在A、B、E 和A、C、E 路径之间实施负载均衡。

FCAPSFault Management ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ FConfiguration Management ‐‐‐‐‐‐‐ CAccounting Management ‐‐‐‐‐‐‐‐‐‐ AQuestion 2FCAPS–model defined by the International Organization for Standardization (ISO).ITIL–framework for it profTNM–network management model is the Telecommunications Standardization Sector’s (ITU-T) Cisco lifecycle–model is often referred to as the PPDIOO modelQuestion 3EEM .IP SLA‐‐‐‐‐‐‐‐‐‐‐‐‐‐ CLISDM .CNA‐‐‐‐‐‐‐‐‐‐‐‐‐‐ GUIFTP ,TFTP,SCP‐‐‐‐‐‐‐‐‐‐‐‐‐‐ BackupCLI（command-line interface，命令行界面）GUI（Graphical User Interface，图形用户界面）SDM（Security Device Manager）是Cisco公司提供的全新图形化路由器管理工具；EEM（Embeded Event Manager）是Cisco IOS的嵌入式事件管理器；1)FCAPS (network maintenance model defined by the ISO)F – FaultC – ConfigA – Accounting2) What happens when running the command: logging console warnings.1-2- warning, notification, error, debugging…3- just warning logging4- warning, critical, alert, emergenciesAnswer:warning, critical, alert, emergencies(Notice this line doesn’t have the word “error”)3) what will be alternative for:ip ftp username xxxxxxip ftp password yyyyyyAnswer:ip http client username xxxxxxip http client password yyyyyy4) Network Maintenance: Choose from the list 2 network maintaining types.Answer:Structured and Interrupt Driven5) access-list 199 permit tcp host 10.1.1.1 host 172.16.1.1access-list 199 permit tcp host 172.16.1.1 host 10.1.1.1debug ip packet 199What would be the output shown on the console?Only communication between host 10.1.1.1 and host 172.16.1.16) what will happen if u configure two router as NTP server (something like that )Answer:The router will choose the best reliable server and will synchronise with it.7) The interface is up and protocol is up. When do u get these messages.%LINEPROTO‐5‐UPDOWN: Line protocol on Interface FastEthernet0/14, changed state to up %LINKDOWN‐3‐SERIAL:Answer:Emergency 0 Alerts 1 Critical 2 Errors 3 Warning4Notification 5 Informational 6 Debugging 78)Serial line is up,protocol is also up?But cdp neighbor not working?Answer:Data link layer.T1:ospf authentication1.Client is unable to ping R1’s serial interface from the client.Problem was disable authentification on R1, check where authentication is not given under router ospf of R1. (use ipv4 Layer 3)conf R1 was:interface Serial0/0.12 point-to-pointip address 10.1.1.1 255.255.255.252ip nat insideip ospf message-digest-key 1 md5 TSHOOTrouter ospf 1log-adjacency-changesnetwork 10.1.1.0 0.0.0.3 area 12default-information originate alwaysconf R2 was:interface Serial0/0.12 point-to-pointip address 10.1.1.2 255.255.255.252ip ospf authentication message-digestip ospf message-digest-key 1 md5 TSHOOTAnswer: on R1 need comand in router modearea 12 authentication message-digestAns1) R1Ans2) ipv4 OSPFAns3) ip ospf authentication message-digest command must be given on s0/0/0T2:HSRP TRACKHSRP: DSW1 does not become active.conf on dw1:track 1 ip route 10.1.21.128 255.255.0.0 metric thresholdthreshold metric up 1 down 2track 10 ip route 10.2.21.128 255.255.255.0 metric thresholdthreshold metric up 63 down 64interface Vlan10ip address 10.2.1.1 255.255.255.0standby 10 ip 10.2.1.254standby 10 priority 200standby 10 preemptstandby 10 track 1 decrement 60Answer: (use IPv4 Layer 3 Topology)On dsw 1 interface vlan 10 mode run:no standby 10 track 1 decrement 60standby 10 track 10 decrement 60(ip for track command not exact for real exam)Ans1) DSW1Ans2) HSRPAns3) delete the command with track 1 and enter the command with track 10.T3:BGP NeighborProblem: R1 is not able to ping 209.65.200.226.configuration on R1:router bgp 65001no synchronizationbgp log-neighbor-changesnetwork 209.65.200.224 mask 255.255.255.252neighbor 209.56.200.226 remote-as 65002no auto-summarycheck bgp neighborship. **** show ip bgp sum****The neighbor’s address in the neighbor command is wrong under router BGP. (use ipv4 Layer 3) Answer: need change on router mode on R1 neighbor 209.65.200.226Ans1) R1Ans2) BGPAns3) delete the wrong neighbor statement and enter the correct neighbor address in the neighbor command (change 209.56.200.226 to 209.65.200.226)T4:NAT ACLClient is not able to ping the web server, but the routers can ping the server. NA T problem. (use ipv4 Layer 3)problem on R1 Nat aclAnswer:add to acl 1 permit ip 10.2.1.0 0.0.0.255Ans1) R1Ans2) IP NA TAns3) under NA T access list, enter the command permit 10.2.0.0 0.0.255.255T5:R1 ACLClient is not able to ping the server. Except for R1, no one else can ping the server. (use ipv4 Layer 3)Problem:on R1 acl blocking ipacl something like this:deny 10.2.1.0deny 10.1.4.0deny 10.1.1.0Answer: add permit 209.65.200.224 0.0.0.3command to R1′s ACLAns1) R1Ans2) IPv4 Layer3 SecurityAns3) Add permit 209.65.200.224 0.0.0.3 to R1′s ACLT6: VLAN filterClient 1 is not able to ping the server. Unable to ping DSW1(Use L2 Diagram).Vlan Access map is applied on DSW1 blocking the ip address of client 10.2.1.3Ans1) DSW1Ans2) Vlan access mapAns3)No vlan filter 10T7:Port SecurityClient 1 is not able to ping the serverSituation: Unable to ping DSW1(User layer 2).On ASW1 portsecurity mac 0000.0000.0001, interface in err-disable stateAnswer:on asw1 delele portsecurity & do on interfaces shutdown, no shutdownAns1)ASW1Ans2)Port securityAns3)On fa1/0/1 and fa1/0/2 do disable port security and do shut, no shut.T8:SWItchport vlan 10Client 1 is not able to ping the serverSituation: Unable to ping DSW1 & in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)On ASW1, on interfaces fa0/1, fa0/2 switchport access vlan 1Answer: on ASW1 change switchport access vlan 1 to switchport access vlan 10Ans1)ASW1Ans2)Access vlanAns3)give command: interface range fa1/0/1-/2 switchport access vlan 10T9:Switchport trunk.cant ping to web server 209.65.200.241Situation: Unable to ping DSW1 & in port channel configuratioin of ASW1 vlan 10 is not allowed. (Use L2 Diagram)question was about EtherChanelclient can’t obtain ip address(169.x.x.x)on ASW1 trunks allow vlan 20,200Answ: on port channel 13, 23 disables all vlans and give switchport trunk allowed vlan 10,200 Ans1)ASW1Ans2)Switch to switch connectivityAns3)int range portchannel13,portchannel23switchport trunk allowed vlan noneswitchport trunl allowed vlan 10,200T10:Eigrp asClient 1 is not able to ping the serverSituation: Unable to ping R4 fast ethernet port from dsw1.Check ip eigrp neighbors from DSW1 you will not see R4 as neighbor.(use ipv4 Layer 3)On DSW1 & DWS2 the EIGRP AS number is 10 (router eigrp 10) but on R4 it is 1 (router eigrp 1)Answ: change router AS on R4 from 1 to 10Ans1) R4Ans2) IP4 EIGRPAns3) Change eigrp AS number from 1 to 10T11:eitrp to ospfClient 1 is not able to ping the serverSituation: Unable to ping serial interface of R4 from the clients.On R4 in router eigrp:redistribute ospf 1 route-map EIGRP_to_OSPFBUT route-map was named:route-map EIGRP->OSPFAnswer:change in router eigrp router-map nameAns1) R4Ans2) route redistributionAns3) change the name of the route-map under the router EIGRP or router OSPF process from ‘to’to ‘->’.T12:IPV6 ospfIPV6 loopback of R2 cannot be pinged from DSW1’s loopback.Situation: ipv6 ospf was not enabled on R2’s serial interface connecting to R3. (use ipv6 Layer 3) Answer:interface configuration mode:ipv6 ospf 6 area 12Ans1) R2Ans2) IPV6 ospfAns3) on the serial interface of R2, enter the command ipv6 ospf 6 area 0 (make sure to check the IPV6 topology before choose Answer 3 because the options look similar)Device Error DescriptionASW11. Access port not in VLAN 102. Port Channel not allowing VLAN 103. Port SecurityDSW1 1. HSRP track 102. VLAN filterR1 1. Wrong IP of BGP neighbor2. NAT – Access list3. Redistribute access-listR2 1. IPv6: enable OSPF2. OSPF AuthenticationR4 1. EIGRP – wrong AS2. Redistribute (“to” & -> )1、access vlan的vlan 给错了2、port-security导致端口被errdisable3、V ACL4、EIGRP的AS号配置错误5、OSPF的authentication有问题，6、OSPF到EIGRP的redistribut的route-map名字写过了7、NA T的inside pool没有包含client的网段8、BGP的neighbor ip写错了，209.65.200.226写成了209.56.200.2269、到ISP的出接口的ACL少了一条permit10、其中一台接入交换机的Trunk allowed的VLAN少了VLAN 1011、HSRP的track语句指定有问题12、IPV6,R2的其中一个接口没有enable IPV6 OSPF。

唐钢集团CCNP课程培训测试题姓名：成绩：一、选择题：（单选，共20题，每题4分）1．如下图所示，拓扑表中，数字3011840 和3128695 代表什么？-------------------------（）A．应用于该路由器EIGRP 路由的路由度量B．路由信息来源的可信度C．到目的网络的跳数和带宽的复合度量D．由EIGRP 邻居通告的网络总度量2．请参见图示。

该公司在编号为10 的自治系统中使用EIGRP。

路由器A 和路由器B 所连接网络上的主机能够相互ping 通。

但是，192.168.3.0 网络上的用户无法访问192.168.1.32 网络上的用户。

此问题最可能的原因是什么？---------------------------------------------------（）A启用了无类IP，从而导致数据包被丢弃。

B路由器C 上未使用network 192.168.1.32 命令。

C没有将路由器配置在相同的EIGRP 路由域中。

D网络自动总结导致各子网的路由被丢弃。

3．请参见图示。

网络192.168.0.0/28 断开。

Router2 会立即向Router1 和Router3 发送什么类型的数据包？---------------------------------------------------------------------------------------------------（）A查询网络192.168.0.0/28 的查询数据包B到224.0.0.9 的确认数据包C发送到255.255.255.255 的更新数据包D包含R2 新路由表的数据包发送到192.168.1.1 和192.168.2.1 的单播更新数据包4．请参见图示。

所有接口都已配置为如图所示的带宽。

假设所有路由器都是使用默认的EIGRP 配置作为路由协议，那么从172.16.1.0/16 网络发往192.168.200.0/24 网络的数据包会采用哪一条路径？--------------------------------------------------------------------------------------------------------------------（）A. A-B-EB. A-C-EC. A-D-ED.数据包会在A、B、E 和A、C、E 路径之间实施负载均衡。

CCNP最新模拟考试题6.You are troubleshooting BGP on your routers. You must check of a particular router is a route reflector or not. Which IOS command should you useA. show bgp neighborB. show running-configC. show route-reflectorD. show route-reflector-client7.You must redistribute BGP routes into an IGP protocol, for example OSPF or EIGRP.What should you take into nsiderationA. IGPs are limited to 250 routesB. A full BGP routing table may contain 100,000+ routesC. Because of possible routing loops, Cisco router configuration does not allow BGP routes to be restributed into an IGP.D. Because BGP routes are not advertised unless they are known by the IGP, Cisco automatically redistributes routes into GPs.8.Your r9.You are configuring your OSPF router network. You separate a large area into multiple smaller areas. What is phrase used for this actionA. interior areasB. OSPF subareaC. link-state protocolD. hierarchical routing10.You are troubleshooting one OSPF router. In particular you want to identify which networks are routed by a given OSPF process. What IOS command should you useA. show ospfB. show ip routeC. show ip protocolsD. show ip ospf database-BCMSN11.Which of the following items should be an integral part of a network topology diagram (Choose all that apply.)A. Individual end user systems.B. Location of configuration files.C. Illustrations of each network device.D. Representations of logical and physical connections.E. Speed and duplex of individual switch ports.12.There are three destinations to which the Cisco router logging process can distribute error messages. What are these three destinations (Choose all that apply.)A. Message directoryB. External syslog serverC. Logging bufferD. Terminal linesE. History fileF. Configuration file13.Which command would you utilise if you want to determine if a problem resides in the first four layers of the OSI networking modelA. arp CaB. show ip interfaceC. telnetD. ping14.Which of the following captures the speed of switching and scalability of routingA. Layer 3 switchingB. Fast switchingC. Layer 2 routingD. Process routing15.Which of the following features of VLAN maps do not contain a match clauseA. Implicit deny feature at end of list.B. Implicit deny feature at start of list.C. Implicit forward feature at end of listD. Implicit forward feature at start of list.- BCRAN16.You are troubleshooting an ISDN PRI connection a Cisco 3600 router. You are interested in the active Layer 3 sessions. In particular, you are interested in the call-type and B channel used.What command should you use at the CLI to display the required informationA. debug dialerB. show isdn statusC. show dialer-groupD. show dialer interface17.As the senior network technician you must decide which Cisco security server is sufficient for your company. The requirement is that it should provide AAA capabilities.What would your recommendation beA. A CiscoSecure AIXB. A CiscoSecure PIXC. A CiscoSecure ACSD. A CiscoSecure Policy Manager18.A company wants to connect its US office via ISDN to its European Headquarters. The US office orders a T1 connectionto accommodate the voice and data requirements. Which type of line should be ordered for the European OfficeA. E1B. T1C. DS0D. OC-1E. STM-019.You want to enable auditing of all privileged mode access CLI commands on your Cisco 2501 router.What should you useA. ip audit enableB. aaa accounting enable 15C. aaa accounting command 15D. aaa accounting enable priv20.You are required to configure CHAP authentication on an interface. What should you use at the CLIA. chap authenticationB. authentication chapC. ppp chap authenticationD. ppp authentication chap- CIT21.What command will you use to enable the forwarding packets that has no default route to the best possible supernet routeA. ip split-horizonB. ip redirectsC. ip proxy-arpD. ip classless22.What is the command that will display system messages indicating the existence of duplicate IP addresses on network devicesA.show loggingB. show IP protocolC. show interfacesD. show IP routing23.What is the proper schedule that should be used in the maintenance of Network Topology Diagrams and Network Configuration TablesA. At the end of the year.B. Before making any changes.C. At the end of the day.D. At the time changes are applied.E. At the end of the month.24.The show ppp multilink command provides the following information:A. Bundle nameB. Bundle flapping recordC. Bundle idle time outD. Bundle disconnect reason25.Which of the following statements regarding EIGRP are true (Choose all that apply.)A. EIGRP routers maintain en EIGRP Neighbor Table and an EIGRP Topology table.B. EIGRP triggered updates are flooded to every EIGRP router within the EIGRP AS.C. An EIGRP route will be in the active state if it lost the successor and no feasible successor is available.D. On Ethernet (Broadcast) networks, EIGRP routers only establish adjacencies with the DR and BDR.。

CCNP最新模拟考试题6.You are troubleshooting BGP on your routers. You must check of a particular router is a route reflector or not. Which IOS command should you useA. show bgp neighborB. show running-configC. show route-reflectorD. show route-reflector-client7.You must redistribute BGP routes into an IGP protocol, for example OSPF or EIGRP.What should you take into nsiderationA. IGPs are limited to 250 routesB. A full BGP routing table may contain 100,000+ routesC. Because of possible routing loops, Cisco router configuration does not allow BGP routes to be restributed into an IGP.D. Because BGP routes are not advertised unless they are known by the IGP, Cisco automatically redistributes routes into GPs.8.Your r9.You are configuring your OSPF router network. You separate a large area into multiple smaller areas. What is phrase used for this actionA. interior areasB. OSPF subareaC. link-state protocolD. hierarchical routing10.You are troubleshooting one OSPF router. In particular you want to identify which networks are routed by a given OSPF process. What IOS command should you useA. show ospfB. show ip routeC. show ip protocolsD. show ip ospf database-BCMSN11.Which of the following items should be an integral part of a network topology diagram (Choose all that apply.)A. Individual end user systems.B. Location of configuration files.C. Illustrations of each network device.D. Representations of logical and physical connections.E. Speed and duplex of individual switch ports.12.There are three destinations to which the Cisco router logging process can distribute error messages. What are these three destinations (Choose all that apply.)A. Message directoryB. External syslog serverC. Logging bufferD. Terminal linesE. History fileF. Configuration file13.Which command would you utilise if you want to determine if a problem resides in the first four layers of the OSI networking modelA. arp CaB. show ip interfaceC. telnetD. ping14.Which of the following captures the speed of switching and scalability of routingA. Layer 3 switchingB. Fast switchingC. Layer 2 routingD. Process routing15.Which of the following features of VLAN maps do not contain a match clauseA. Implicit deny feature at end of list.B. Implicit deny feature at start of list.C. Implicit forward feature at end of listD. Implicit forward feature at start of list.- BCRAN16.You are troubleshooting an ISDN PRI connection a Cisco 3600 router. You are interested in the active Layer 3 sessions. In particular, you are interested in the call-type and B channel used.What command should you use at the CLI to display the required informationA. debug dialerB. show isdn statusC. show dialer-groupD. show dialer interface17.As the senior network technician you must decide which Cisco security server is sufficient for your company. The requirement is that it should provide AAA capabilities.What would your recommendation beA. A CiscoSecure AIXB. A CiscoSecure PIXC. A CiscoSecure ACSD. A CiscoSecure Policy Manager18.A company wants to connect its US office via ISDN to its European Headquarters. The US office orders a T1 connectionto accommodate the voice and data requirements. Which type of line should be ordered for the European OfficeA. E1B. T1C. DS0D. OC-1E. STM-019.You want to enable auditing of all privileged mode access CLI commands on your Cisco 2501 router.What should you useA. ip audit enableB. aaa accounting enable 15C. aaa accounting command 15D. aaa accounting enable priv20.You are required to configure CHAP authentication on an interface. What should you use at the CLIA. chap authenticationB. authentication chapC. ppp chap authenticationD. ppp authentication chap- CIT21.What command will you use to enable the forwarding packets that has no default route to the best possible supernet routeA. ip split-horizonB. ip redirectsC. ip proxy-arpD. ip classless22.What is the command that will display system messages indicating the existence of duplicate IP addresses on network devicesA.show loggingB. show IP protocolC. show interfacesD. show IP routing23.What is the proper schedule that should be used in the maintenance of Network Topology Diagrams and Network Configuration TablesA. At the end of the year.B. Before making any changes.C. At the end of the day.D. At the time changes are applied.E. At the end of the month.24.The show ppp multilink command provides the following information:A. Bundle nameB. Bundle flapping recordC. Bundle idle time outD. Bundle disconnect reason25.Which of the following statements regarding EIGRP are true (Choose all that apply.)A. EIGRP routers maintain en EIGRP Neighbor Table and an EIGRP Topology table.B. EIGRP triggered updates are flooded to every EIGRP router within the EIGRP AS.C. An EIGRP route will be in the active state if it lost the successor and no feasible successor is available.D. On Ethernet (Broadcast) networks, EIGRP routers only establish adjacencies with the DR and BDR.。

CCNP2测试考题姓名：梁国慈一、单选1 关于动态路由协议的描述，下列哪些是正确的（B ）A. RIPng 的原理与RIP 一样，但改进了RIP 收敛速度慢的缺点B. OSPFv3 协议的报文格式与OSPF 报文一样，但做了改进以能够支持IPv6C. MBGP 是IPv6 网络中唯一的EGP 路由协议D. 因为IS-IS 原本就支持多协议，所以不用做任何改动就可以支持IPv62 通常从PC 发起ADSL 拨号上网使用哪一种封装格式（D ）A. IPoAB. IPoEoAC. PPPoAD. PPPoEoA3 以下不属于网络汇聚层功能的有（D ）A. 路由聚合B. 访问列表C. 用户业务接入D. QoS4 OSPF 协议中的一个普通区域通过ASBR 注入192.168.0.0/24~192.168.3.0/24共4 条路由，在ABR 中配置聚合为一条聚合路由192.168.0.0/22，此时ABR 会向其他区域发布哪几条路由（ A）A. 一条聚合路由B. 四条明细路由C. 一条聚合路由和四条明细路由D. 一条都不发布5 相对于IPv4，IPv6 地址有了很大的扩展，达到了（A ）A. 128 位B. 164 位C. 64 位D. 256 位6 关于配置OSPF 协议中的stub 区域，下列说法错误的是（ D）A. 骨干区域不能配置成stub 区域，虚连接不能穿过stub 区域。

B. 区域内的所有路由器不是必须配置该属性C. stub 区域中不能存在ASBR。

D. 一个区域配置成stub 区域后，其他区域的type3 LSA 可以在该区域中传播。

7 以下关于BGP 路由聚合功能说法正确的是（C ）A. 只能通告聚合路由B. 不能聚合，只能通告明细路由C. 可以同时通告聚合路由和明细路由D. 聚合后一定会改变原有的AS-Path 属性二、多选8 VPN 网络设计的安全性原则包括（ACDE ）A. 隧道与加密B. 数据验证C. 用户识别与设备验证D. 入侵检测与网络接入控制E. 路由协议的验证9 网络分层模型由三部分组成（BCD ）A. 核心层B. 汇聚层C. 接入访问层D. 网络层10 以下属于网络采用分层模型的优点的是（ABC ）A. 易于网络的扩展B. 易于网络的故障诊断和排除C. 易于网络的管理D. 节省网络费用11 关于QoS 应用在层次模型哪一层的说法正确的是（BC ）A. 只在核心层实现QoS 策略B. 接入层可实现QoS 的报文分类策略C. QoS 功能需要多层配合D. QoS 只在汇聚层实现12 OSPF 协议使用的组播地址是（AB ）A. 224.0.0.5B. 224.0.0.6C. 224.0.0.9D. 224.0.0.1013 关于OSPF 协议中的路由聚合，论述错误的有（CD ）A. ABR 会自动聚合路由，无需手工配置B. 只能在ABR 上做聚合C. 一台路由器同时做ABR 和ASBR，它就不能聚合路由D. ASBR 上能聚合任意的外部路由14 关于IPSec 安全联盟（Security Association）的说法正确的是（ABCD ）A. IPSec 对数据流提供的安全服务通过安全联盟SA 来实现B. 一个安全联盟SA 就是两个IPSec 系统之间的一个单向逻辑连接C. 输入数据流和输出数据流由输入安全联盟与输出安全联盟分别处理D. 安全联盟可通过手工配置和自动协商两种方式建立15 BGP 的必遵属性有（ABCDEF ）A. Origin 属性B. AS-Path 属性C. Next-hop 属性D. MED 属性E. Local-preference 属性F. Community 属性三、对错16 其它因素相同的情况下，BGP 会优选MED 属性值较小的路由。

ccnp测试题及答案1. 在CCNP认证中，关于VLAN的以下哪个说法是正确的？A. VLAN是将交换机端口划分为多个广播域B. VLAN是将路由器端口划分为多个广播域C. VLAN是将无线接入点划分为多个广播域D. VLAN是将服务器划分为多个广播域答案：A2. 在Cisco网络设备中，哪个命令用于创建一个新的VLAN？A. `switchport mode access`B. `switchport mode trunk`C. `vlan database`D. `configure terminal`答案：C3. 以下哪个协议用于在不同VLAN之间路由？A. EIGRPB. OSPFC. RIPD. VTP答案：A4. 在Cisco设备上，如何将接口配置为Trunk模式？A. `switchport mode access`B. `switchport mode trunk`C. `interface vlan 1`D. `interface fastethernet 0/1`答案：B5. 以下哪个命令用于在Cisco设备上查看VLAN信息？A. `show vlan`B. `show interfaces`C. `show ip interface brief`D. `show running-config`答案：A6. 在CCNP考试中，关于EIGRP协议的以下哪个说法是错误的？A. EIGRP是一个距离矢量路由协议B. EIGRP使用DUAL算法计算最短路径C. EIGRP支持VLSM和CIDRD. EIGRP仅在Cisco设备上可用答案：D7. 在Cisco设备上，如何配置EIGRP的自动汇总？A. `router eigrp 100`B. `no auto-summary`C. `ip summary-address eigrp 100 0.0.0.0 0.0.0.0`D. `metric weights 0 1 1 1 0 0 0 1`答案：C8. 以下哪个命令用于在Cisco设备上查看EIGRP邻居？A. `show ip eigrp neighbors`B. `show ip ospf neighbors`C. `show ip rip neighbors`D. `show ip eigrp interface`答案：A9. 在CCNP考试中，关于OSPF协议的以下哪个说法是正确的？A. OSPF仅在Cisco设备上可用B. OSPF使用RIP算法计算最短路径C. OSPF支持VLSM和CIDRD. OSPF使用广播来发现邻居答案：C10. 在Cisco设备上，如何配置OSPF的Hello和Dead间隔？A. `ip ospf hello-interval 10`B. `ip ospf dead-interval 40`C. `timers 10 40`D. `ospf hello-interval 10 dead-interval 40`答案：C结束语：以上是CCNP测试题及答案，希望对您的学习和准备有所帮助。

CCNP认证⽔平测试题CCNP思科⽹络认证⼯程师培训班考核单位: 姓名：分数：⼀、填空题（每空1分，共8分）1、B GP属于协议？2、B GP将协议⽤作其传输层协议？BGP使⽤端⼝？3、B GP运⾏在同⼀个⾃治系统中的路由器之间时被称为，BGP运⾏在不同⾃治系统中的路由器之间时被称为。

4、在命令show ipbgp的输出中，>意味着。

5、B GP命令neighbor和network之间的不同是前者告诉BGP ，后者指出。

⼆、单选选择题（每题1.5分，共48分）1、下⾯哪项正确地描述了EIGRP拓扑表？( )A 、它是使⽤收到的Hello分组填充的B 、它包含获悉的前往⽬的地的所有路由C 、它只包含前往⽬的地的最佳路由2、默认情况下，EIGRP使⽤哪种⾝份验证⽅式？( )A 、简单密码B 、MD5C 、⽆D 、IPSec3、下列哪⼀项不是链路状态路由协议的特征？( )A 、能够对⽹络变化做出快速反应B 、每隔30分钟⼴播⼀次C 、⽹络发⽣变化时发送触发更新D 、以较长的间隔（如每隔30分钟）发送定期更新，这被称为链路状态刷新4、为确保⽹络中所有路由器做出⼀致的路由决策，每台路由器都存储除下列哪项外的所有内容？( )A 、直接相连的邻接路由器B 、⽹络中或区域中的所有路由器以及它连接的⽹络C 、前往每个⽬的地的最佳路径D 、使⽤的路由协议的版本5、下列哪项不是OSPF区域的特征？( b )A 、减少了路由表条⽬B 、必须采⽤扁平的⽹络设计C 、将拓扑变化的影响限制在区域内D 、详细的LSA扩散到区域边界为⽌6、2类OSPF分组是什么？( )A 、数据库描述（DBD），⽤于检查路由器之间的数据库是否同步B 、链路状态请求（LSR），⽤于向其他路由器请求特定的链路状态记录C 、链路状态更新（LSU），⽤于发送被请求的链路状态记录D 、链路状态确认（LSAck），⽤于确认其他类型的分组7、下列哪种有关Hello间隔和失效间隔的说法是正确的？( )A 、邻接路由器的这些定时器值可以不同，因为将使⽤最⼩的值B 、邻接路由器的这些定时器值可以不同，因为将使⽤最⼤的值C 、邻接路由器的这些定时器值可以不同，因为邻接路由器将协商这些值D 、邻接路由器的这些定时器值必须相同8、下列哪个IP地址⽤于将更新后的LSA条⽬发送给OSPF DR和BDR？( )A 、单播地址224.0.0.5B 、单播地址224.0.0.6C 、多播地址224.0.0.5D 、多播地址224.0.0.69、为确保数据库的准确性，OSPF每隔多长时间刷新每条LSA记录？( )A 、60分钟B 、30分钟C 、60秒钟D 、30秒钟10、为实现OSPF路由选择，不需要下⾯哪项信息？( )A 、给路由器接⼝配置的IP地址B 、要使⽤的OSPF进程号C 、路由器所属的区域11、下列哪项不是指定OSPF路由器ID（⼀个唯⼀的IP地址）的⽅式？( )A 、使⽤最⼤的物理接⼝IP地址B 、使⽤最⼩的物理接⼝IP地址C 、环回接⼝的IP地址D 、命令router-id12、下⾯哪项正确地描述了邻接关系？( )A 、位于同⼀个物理⽹络的路由器之间B 、位于不同OSPF区域中的路由器之间C 、路由器与另⼀个⽹络的DR和BDR之间D 、⾻⼲DR和中转BDR之间13、下⾯哪种有关OSPF DR/BDR选举的说法不正确？( )A 、优先级最⾼的路由器为DRB 、优先级次⾼的路由器为BDRC 、如果所有路由器的优先级皆为默认值，则RID最⼩的路由器为DRD 、优先级为0的路由器不能成为DR或BDR14、哪种提⽰符表⽰⽤户正处在Cisco IOS软件的VLAN数据库配置模式中？( )A 、Switch#B 、Switch(vlan)#C 、Switch(config)#D 、Switch(config-vlan)#15、哪种交换机端⼝能够忽略DTP的配置，⽽⽆条件地将交换机端⼝设置为Access模式？( )A 、接⼊（Access）B 、⾮协商（Nonegotiage）C 、动态⾃动（Dynamic auto）D 、动态企望（Dynamic desirable）16、 ISL封装帧的FCS中包含哪种信息？( )A 、CRC计算B 、报头计算C 、ASIC计算D 、协议⽆关17、 802.1Q使⽤的是内部标记机制，这个标记会被插在哪个字段之后？( )A 、类型（Type）B 、SAC 、数据（Data）D 、CRC18、哪条命令能够在Cisco IOS软件中正确地将端⼝配置为ISL封装？( )A 、Switch(config-if)#switchport mode trunk islB 、Switch(config-if)#switchport mode encapsulation islC 、Switch(config-if)#switchport trunk encapsulation islD 、Switch(config-if)#switchport mode trunk encapsulation isl19、哪条命令能够正确地将Native VLAN设置为VLAN 5？( )A 、switchport native vlan 5B 、switchport trunk native 5C 、switchport native trunk vlan 5D 、switchport trunk native vlan 520、 Catalyst交换机默认的VTP模式是什么？( )A 、客户端（Client）模式B 、Access模式C 、服务器（Server）模式D 、透明（Transparent）模式21、在完成VTP配置之后，哪条命令能够验证VTP的配置？( )A 、show vtp statusB 、show vtp countersC 、show vtp statisticsD 、show vtp status counters22、在下列哪种情况下，管理员在多层交换机上配置SVI必须使⽤命令ip routing？( )A 、当SVI正在为某个给定的VLAN提供通往交换机的IP连接时B 、当管理员需要将SVI配置为⼆层EhterChannel的⼀个成员接⼝时C 、在管理员没有使⽤EIGRP作为路由协议时D 、当SVI正在为分配给它的VLAN提供三层IP转发服务时E 、永远不需要配置这条命令，因为多层交换机默认就启⽤了IP路由选择功能23、如何将多层交换机上的端⼝配置为路由端⼝？( )A 、在这个端⼝上配置IP地址和⼦⽹掩码B 、使⽤命令switchport mode routed进⾏配置C 、在这个交换机端⼝上清除⼆层交换功能D 、使⽤命令no swichport mode进⾏配置24、在基于Cisco IOS软件的交换机上，下列哪条命令可⽤于将接⼝从三层接⼝变更为⼆层接⼝？( )A 、switchport mode accessB 、ip routingC 、switchportD 、switchport mode trunk25、在Catalyst交换机上，下列哪条Cisco IOS命令能够启⽤IP路由选择特性？( )A 、ip routingB 、interface vlan-idC 、ip address n.n.n.n maskD 、router ip_routing_protocol26、下列哪⼀项不是Catalyst交换机上推荐的管理安全性配置？( )A 、使⽤SSH，禁⽤Telnet服务B 、禁⽤不必要和未使⽤的服务，⽐如MOP或代理ARPC 、配置ACL来限制只有特定⽤户能够管理⽹络设备D 、禁⽤交换机的远程访问功能E、按照策略为特定类型的流量限制特定的带宽参数F 、在物理上防⽌⽤户从控制台（console）端⼝访问设备27、下列哪个命令使Catalyst交换机启⽤AAA安全配置？( )A 、ppp authentication chapB 、aaa new-modelC 、aaa authentication login default group RADIUSD 、username name password password28、下列哪⼀项不是802.1X所⽀持的端⼝授权状态？( )A 、Force-authorize（强制授权）B 、Force-unauthorized（强制未授权）C 、Auto（⾃动）D 、Desirable（需要）29、下列哪个特性阻⽌了MAC地址欺骗？( )A 、端⼝安全B 、DHCP侦听C 、IGMP侦听D 、MAC通告30、 48．下列哪类ACL可以应⽤到⼆层端⼝上？（选择所有可应⽤的选项）( )A 、路由器ACLB 、QACLC 、PACLD 、VACLE 、以上所有31、已默认计时器为例使⽤HSRP时，备⽤路由器需多长时间才民能检测到活跃路由器的失效情况( )A 、15秒B 、3秒C 、10秒D 、9秒E 、<1秒32、 VRRP主⽤路由器的默认公告计时器是多长时间？( a )A 、3秒B 、1秒C 、10秒D 、2秒E 、以上都不对三、多项选择题（每题2分，共12分）1、下⾯哪两种有关通告距离（AD）和可⾏距离（FD）的说法是正确的？( )A 、AD是邻居路由器前往特定⽹络的EIGRP度量值B 、AD是当前路由器前往特定⽹络的EIGRP度量值C 、FD是当前路由器前往特定⽹络的EIGRP度量值D 、FD 是邻居路由器前往特定⽹络的EIGRP度量值2、路由器A和B相连，它们的所有接⼝都运⾏EIGRP。

CCNA考试题库中英文翻译版及答案1[1]1. What are two reasons that a network administrator would use access lists? (Choose two.)1.出于哪两种理由，会使用访问列表?A. to control vty access into a routerA.控制通过VTY访问器B. to control broadcast traffic through a routerB.控制广播流量穿越路由器2.一个默认的帧中继WAN被分类为哪种物理网络类型?A. point-to-pointA.点到点B. broadcast multi-accessB.广播多路访问C. nonbroadcast multi-accessC.非广播多路访问D. nonbroadcast multipointD.非广播多点E. broadcast point-to-multipointE.广播点到多点Answer: C3. A single 802.11g access point has been configured and installed in the center of a squarA few wireless users are experiencing slow performance and drops while most users are oat peak efficiency. What are three likely causes of this problem? (Choose three.)3.一个802.11接入点被部署在一个方形办公室的中央，当大多数用户在大流量传输数一些用户发现无线网络变得缓慢和出现丢包A. mismatched TKIP encryptionB. null SSIDC. cordless phonesD. mismatched SSIDE. metal file cabinetsF. antenna type or directionAnswer: CEF4. Refer to the exhibit. How many broadcast domains exist in the exhibited topology?根据下图，图中的拓扑中存在多少个广播域?A. one A.1B. two B.2C. three C.3D. four D.4E. five E.5F. six F.6Answer: C5. Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.)5.根据下图，WLAN diagram决定了哪两个事实A. The area of overlap of the two cells represents a basic service set (BSS).A. 两个 cells的overlap的区域描述了一个basic service setB. The network diagram represents an extended service set (ESS).B. 网络描述了一个extended service setC. Access points in each cell must be configured to use channel 1.C. 再每个CELL中的AP必须被配置成使用channel 1D. The area of overlap must be less than 10% of the area to ensure connectivity.D. 为了确保连通性,重叠区域必须小于10%E. The two APs should be configured to operate on different channels.E. 两个访问点应该被配置成工作在不同的频道Answer: BE6. The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router.Which of the following statements is true concerning this command?6.器上输入命令frame-relay map ip 10.121.16.8 102 broadcast，以下选项正确的是?A. This command should be executed from the global configuration mode.A.该命令应该在全局配置模式下被执行B. The IP address 10.121.16.8 is the local router port used to forward data.B.IP地址10.121.16.8是本地路由器用来转发数据的接口C. 102 is the remote DLCI that will receive the information.C.102是远端的DLCI它将接受信息。

现在免费公布!全英文题d> CCNP认证试题1) When configuring dialer information. Which statement is correct?! Values of dialer-group and dialer-list must match! Values of dialer-group and dialer-list must be different! Values of dialer-group and dialer-list can match or differ! If you set a value for dialer-group you must not set a value for dialer-list2) Which of the following is a logical entity, and may be configured with one or more dial strings?! Dialer interface! Dialer map class! Dialer profile! Dialer pool3) Which of the following is used to define characteristics (such as line speed) about a specified dial string?! Dialer interface! Dialer map class! Dialer profile! Dialer pool4) Which of the following would you use to prioritized dial interfaces?! Dialer interface! Dialer map class! Dialer profile! Dialer pool5) What are the elements of a dialer profile?! Dialer interface! Dialer map class! Dialer pool6) True/False: One physical interface can belong to multiple dialer pools? ! True! False7) What process normally occurs when you use dynamic NAT! Your address is always translated to the same address! Your address is always translated to a different address! Your address is incremented round robin! Your address is dynamically chosen from a pool of available addresses8) Which command blocks routing broadcasts on a interface?! dialer-list! no routing! passive-interface! redistribute route9) What are two advantages of xDSL?! xDSL uses in place copper loops! xDSL uses inexpensive modems! higher rates over longer distances! basic telephone services available on the same line10) What command do you use to define a global address pool? ! ip local-pool! ip global pool! ip global-pool! ip address-pool11) Which are 3 default profiles in 700 series?! LAN! Internal! Global! User! Standard12) Which two compression methods are used on Cisco routers? ! lha! predictor! stacker! byte recursive13) What command do you use to define an local address pool? ! ip local pool! ip global pool! ip address-pool14) Type command to enable stacker compression! enable stac! enable compression high! compress stac! no compression predicator15) The info from "show sessions" can be displayed with! where! show all! show lat! show users16) What does command "logging host" do! Sends snmp traps to the specified host! sends logging info to a unix syslog server! sends logs to a workstation running the ciscoworks network management software17) Which command do you use to log messages to the internal buffer?! Logging save! logging buffered! logging nvram! logging ro18) Which two statements are true re: limiting VT access to router? (2)! Blocking outbound telnet on all physical interfaces prevents remote access! Since all VTY抯use telnet only one type of VTY ACL is necessary! You should always set identical restrictions on all virtual lines! Cisco routers support 4 simultaneous virtual sessions19) Which of the following two statements are true regarding 56kbps modems? ! Speeds are limited to 53kbps by fcc regulations! Digital data is not converted back to analog data! Isdn framing of analog signals creates lower overhead! Out of band signaling increases available bandwidth! The download speed is faster than the upload speed! 56kb modems are compatible with isdn but at a slower speed20) What is the function of the l2f protocol in virtual private networks?! User authentication! Network authentication! Tunneling link level protocols over higher protocols! Establishing multiple virtual paths to a remote destination21) VPDN enables service providers to?! Buy fewer routers! Increase bandwidth! Decrease broadcast traffic! Replace corporate dialup services22) What command is used to specify that any traffic causes an ISDN call?! Group dialer-ip all! Dialer-list 1 protocol ip permit! Dialer traffic ip23) What is the command to require a password to access the console terminal? ! Set pass console! Password line! Line 1 console! Enable password24) What are the three options for the dialer map command?! Name hostname! Chat-script! Ip address! Modem-script! System-script! Dial number25) What are the three components of a dialer profile? (3)! Destination profile! Dialer interface! Dialer map class! Interface map! Dialer pool26) Which command displays information about b1 and b2 channels?! Show int bri0 1 2! Show int isdn bri 2 1! Show int bri1 bri2! Show int bri127) Configure dial backup for the indicated interface (1)! Backup dial interface-name! Backup dial interface interface-name! Dial-backup interface-name! Dial-backup interface interface-name! Backup interface interface-name28) Which two statements are true regarding the command telnet 1.2.3.4 2003 ! Establishes a reverse telnet connection! The data is sent to rotary group 3! The data is sent to individual line 3! The data is sent to line 1! The data is sent to rotary group 3 which is a VPDN29) Which three functions does pat provide for cisco 700 series routers! Address translations! Ip address conservation! Remote host location on behalf of local clients! Firewall protection by hiding local clients! Downloads configuration to local clients30) Which command executes the menu named sales when the user jane logs in through any line! Username jane autocommand menu sales! Autocommand menu sales user jane! Autocommand menu jane user! Username auto select user jane31) Which two characteristics apply to the pri but do not apply to the bri! PRI uses a csu/dsu! Uses a t1 or e1 for isdn! The channel is 56k! The speed is 1.544 or 2.048mb32) Regarding terminal connections, which one describes a reverse connection?! Incoming asynchronous line! Outgoing asynchronous line! Support for a remote host printing on the local network! Support for a remote host dialing into a asynchronous interface33) What command should you use to verify the current configuration that an access server line is using? ______! ________________34) What are two options of the ISDN t1/e1 pri configuration command for framing?! Esf! crc4! Ppp! hdlc35) What two events can trigger a chat script to execute? (2)! Line reset! Dialer triggered by ddr! Interesting traffic! Routing information update! Pinging a TCP Port Address36) Why is ipx and spx spoofing important?! Spoofing enables to networks to be hidden from unauthorized users! Spoofing avoids constant updates that might keep expensive ddr lines in use ! Spoofing allows clients to find less expensive routes to resources! Spoofing causes spx to respond as if it where ipx to cut down overhead 37) How does xDSL achieve such a high data rate over the phone lines?! XDSL uses higher frequencies for data transmissions! Digital data is not converted back to analog at the service provider! Multiple Phone lines are used! Statistical multiplexing is used.38) Which command allows you to troubleshoot your VPDN operation?! Show nas! Debug vpdn! Show vpdn events! Debug vpdn event39) You are configuring dial backup for primary links. Which command do you use to indicate the backup interface in the case of a primary link failure.! Backup ip interface-name! Backup dial interface-name! Backup interface interface-name! Backup dial interface interface-name40) which function on a cisco access server draws ibm 3270 screens by turning ibm directives into dumb terminal commands! ttycap! keymap! keymap-type! emulation41) What is the operation of a dhcp servers! Dhcp manage ip addresses and assign ip configuration parameters at client request! Dhcp servers hide internal addresses from the outside world! Dhcp servers keep a database of network routers that can be used by other routing protocols ! Dhcp servers act on behalf of network clients to find routes to remote networks42) Assuming you have just configured an asynchronous interface below as a dial backupline, active the line when the load for the primary interface reaches 90% and deactivate when the combined load in both directions reaches 40%.Type the command:! ___________________43) Which examples are two options that modem auto-configuration is necessary.! Modem using called ID! Modem reinitilization after failure! Configuring a modem from a central location! Modem configuration without using modem configuration commands44) You are configuring a static route on a router. You would like to configure it so that if the interface associated with the route goes down the route will still remain in the routing table. Which ip routing parmeter causes this?! Keep! Permanent! Continuous! Backup45) What is a profile and how is it used with a cisco 700 series router! A configuration customized for a specific remote device! Access privileges associated with users! Access privileges to routing services! Access privileges associated remote system! Access privileges to the local network! Configuration files users can download to their router for quick setup46) Which three access servers are used in the access path integrated access solution ! Cisco 7200! As5200! Cisco 3600! Cisco 2511! Cisco 160047) What is the key advantage of chap over pap?! Chap never sends a visible password! Chap authentication takes fewer steps! Pap has a higher overhead! If authentication fails at any time pap drops the call48) Which signal indicates that the DTE is available to accept a call?! Dsr up! Rts up! Cts up! Dtr up49) Type the complete command to display a list of servers discovered through sap advertisements?! ____________50) In addition to viewing routing tables, what command can you use to determine a router is using the best path when forwarding a packet to a specific network?! ____________51) What is the purpose of a dialer rotary group?! Define interesting traffic! Define ddr connectionConfigure dial backup connections! Apply a single interface configuration to mulitple interfaces52) Which two services are available through Cisco NAT?Address resolution! Domain lookup! Tcp load distribution! Specific address filtration! Static address translation53) Which resource node services link layer protocol provided by cisco access servers is preferred because it has low overhead, available compression, multiple protocol support, good security options! PPP! ALL5! ARAP! SLIP54) Which are the two frame types for T1 lines?! Super frame! Extended superframe! Q39.1T! Dma55) How does NAT allow for more hosts than there are available ip addresses! Manipulating the ip authentication field! Never using the same address twice! Modifying tcp port numbers! Restricting the number of hosts allowed to communicate on the network simultaneously 56) What is true regarding default routes?! They are always specified by an individual host! They always have static routes! They are not available for isdn! They must be configured at the end of each link57) Ppp defines which two authentication protocols?! Pip pap! Pop pap! Pap chap! Pop arp58) What is the effect of the following configuration line? (1)Dialer load-threshold 128 either! Another line will be dialed when inbound utilization reaches 128kbps! Another line will be dialed when outbound utilization reaches 128kbps! Another line will be dialed when bidirectional utilization reaches 128kbps! Another line will be dialed when bidirectional utilization reaches 50%59) Which command sets up modem autodiscovery?! Modem auto-discovery! Modem autoconfigure discovery! Autoconfigure modem discovery60) what prevents tunneling of the link layer frames through a vpdn?! l2f! l2e! lte! ltf61) What characteristics describe remote node instead of remote control? (2) ! Provides access to all network resources! Host end run at lan speed! Does not require a dedicated host at the remote site! Provides good performance with legacy applications62) What command associates an access list with a dialer group! Dialer-list listnum! Dialer-group list Access-list! Dialer-list groupnum list listnum! dialer-list dialer-group list access-list! Dialer-group protocol protocol-list Access-list! access-list dialer-group groupnumber63) Which of the following are ISDN reference points! The user reference point! The routing reference point! The terminal reference point! The data reference point64) What is the command to initiate the vpdn at an isp? (2)! Vpdn enable! Vpdn outgoing! Enable vpdn incoming! Enable vpdn outgoing65) What command will enable a dialer rotary group! Dialer group! Dialer interface! Interface dialer! Dialer rotary-group66) Why would the access list specified as access-list 101 deny igrp any any save money when used with other access lists on a ddr interface?! Only routing packets will bring up the line! Routing packets will not bring up the line! All traffic but igrp will bring up the line! No traffic will bring up the line67) Where all the logging messages directed by default?! Console terminal! Auxilary terminal! Tty1 auxilary port! Console port68) Which of the following scenarios is an example of protocol translation?! Connect to the access server using telnet to another host use telnet! Connect to access server using telnet then use lat! Connect to an access server using Ppp and use chap to authenticate! Connect via tn3270 then telnet destination69) Which command allows the remote dial in client to enter its own ip address? ! Async static-address! Async dynamic address! Remote ip! address ip unnumbered70) What process normally occurs when you use static NAT! Your address is always translated to the same address! Your address is always translated to a different address! Your address is incremented round robin! Your address is dynamically chosen through a pool71) Clear dynamic NAT translation entries:! Clear ip nat translation! Clear ip nat translation*72) Create static route for all traffic to net 150.27.0.0 to go out BRI0 ! _________________73) Which command will configure ddr to multiple destinations?! Dialer map interface! Dialer-map! Ddr-map! Interface dialer map74) 3 functions PAT provides:! address translation! ip address conservation! remote host on behalf of local clients! firewall! download config75) Where is logging directed by default:! VTY1! Console! Syslog host! There is no default76) Which feature of the Cisco IOS can be used to consolidate connection costs?! DDR! PPP Callback! Shut off router! IPX/SPX spoofing77) Which command associates an access list with a dialer group?! Dialer-list group-number protocol protocol-name {permit|deny|list access-list-number} ! Dialer-list group-number protocol-name {permit|deny|list access-list-number}! Dialer-list group-number protocol-name access-list {permit|deny}78) Which command would you use to troubleshoot VPDN operation?! Show nas! Debug VPDN incoming! Show VPDN event! Debug vpdn event79) What is modem autoconfigure used for?! Initialization after failure! Configure remote modems! Auto discovery of modem type! Modem configuration with using commands80) Framing for T1抯! SF/ESF! PPP/HDLC! SLIP/PPP! PAP/CHAP81) What are 2 options for the ISDN T1/E1 PRI configuration command 揻raming?/P> ! Esf! Ppp! Hdlc! Crc482) Which of the following are ISDN reference points:! User reference! Routing reference! Terminal reference! Data reference83) Which two terminal services are provided by Cisco access servers?! telnet! slip! ISDN! LAT84) What is the command to activate the line when the primary interface reaches 90%,and deactivate when the line reaches 40%:! ________________85) True/False: A VPDN allows you to replace corporate dialup infrastructure?! True! False86) What does a DDR allow you to do?! Replace corporate dialup infrastructure! Create secure connections to a host! Establish a connection between routers when interesting traffic is present! Tunnel frames between two Cisco routers87) Which feature of the Cisco IOS can be used to lower connection costs for switched circuits which are kept up by keepalives between clients and servers?! DDR! PPP Callback! Shut off router! IPX/SPX spoofing88) Explain the statement: Dialer load-threshold 128 either! Another line will be brought up when the line reaches 128kbps in either direction! Another line will be brought up after 50%! Another line will be brought up when the buffer has 128 packets in either direction! Another line will be brought up when the the line has experienced 128 errors 89) Display info on B1 and B2:! Show int bri! Show int bri 1 2! Show int isdn b1 b290) How does NAT allow more hosts than there are available IP addresses?! Manipulating IP identification field! Modify TCP port! Restricting the number of hosts allowed to communicate simultaneously 91) Advantages of MPPP! Increased bandwidth! Multiple physical interfaces can be cascaded! Supports strong encryption types! Multiple routes for redundancy92) Enter the command that sets up modem auto-discovery! ________________93) Why 56k modems work! Uses ISDN signaling! No analog conversion at CO! Uses frame relay packet switching technology! New FCC regulations allow higher frequencies94) What command specifies all IP traffic triggers an ISDN call! ____________________95) What command executes menu named sales for Jane:! ____________________96) Concept: Why is ipx/spx spoofing important?! ______________________97) What command will enable dial-on-demand routing on any asychronous interface? ! Dialer in-band! Backup interface! Dialer dynamic routing! Dialer enable98) What command displays modem configuration during auto-configuration ?! Debug line! Debug autoconf! Debug line field! Debug confmodem99) 3 features supported by T1 interface in AS5200?! Channelized T1! PRI! Only single t1 line! A single card w/Dual T1抯! Up to 60 DS0 channels100) VPDN is a way for service providers to:! Replace dedicated corporate dialup service! Buy fewer routers! Increase bandwidth101) Features which are available in remote node technology which are not present in remote control?! All network resources are available! Host end runs lan speed! No dedicated host! Good performance with legacy apps102) Features which are available in remote control technology which are not present in remote node?! All network resources are available! Host end runs lan speed! No dedicated host! Good performance with legacy apps103) What does PPP use to establish and config. Data link connections:! PPP! NCP! CHAP! LCP104) Describe a reverse terminal connection:! Incoming asynchronous line! Outgoing asynchronous line105) Why is PPP callback used?! Bill consolidation, cost cutting.! Line selection and reliability! Ease of config! End user savings106) Overload is when NAT experiences:! more hosts than addresses! excessive CPU utilization! no more static translations! messages to fast for console107) Describe telnet 1.2.3.4 3003 (3)! The command establishes a reserve telnet connection! The data is sent to rotary dialer groups! The data is sent to line 1 which is connected to a modem! The data is sent to the rotary group 3 which is connected to a modem or host 108) Configure a terminal with no default protocol:! No transport protocol! Transport protocol none! Transport preferred none! Transport disable! Transport default null109) Give an example of Protocol translation! LAT to telnet! Telnet to Telnet! PAP to CHAP110) When Cisco access servers allows another terminal to emulate an IBM3270 terminal type what two types does the access server assume are attached (radio button):! tn 3270! wyse 300! vt100! vt200111) How does 56kb achieve such a high data rate! digital data not converted to analog! uses ISDN signaling over standard copper112) What permits tunneling of link layer frames with a VPDN:! LZF! LZE! L2E! L2F113) DHCP is used for:! Dynamically assigning a mac address to a computer! Dynamically assigning an ip address to a computer! Dynamically booting the computer from the network114) Which of the following characteristics are associated with BRI抯?! 16kb D channel! 64kb D channel! 2B+1D! 23B+1D115) Which of the following characteristics are associated with PRI抯?! 16kb D channel! 64kb D channel! 2B+1D! 23B+1D116) Which concern is increasing likely to become more important if an IPX network grows and wan links are added? (1)! The 16 hop limitation of IPX! The amount of network broadcast traffic becoming signficant! The limitations of IPX addressing! Non routable novell protocols117) What 3 commands will create a connection to a remote host from the router exec prompt?! telnet ip-address! pad hostname! connect hostname! open hostname118) You are configuring multilink PPP. Which command do you use to configure the dialer interface if using dialer profiles! Config ppp! Config multilink! Set multilink! Ppp multilink。

网络工程师岗位基础面试题【适用于CCNA/CCNP基础】1: 交换机是如何转发数据包的?交换机通过学习数据帧中的源MAC地址生成交换机的MAC地址表，交换机查看数据帧的目标MAC地址，根据MAC地址表转发数据，如果交换机在表中没有找到匹配项，则向除接受到这个数据帧的端口以外的所有端口广播这个数据帧。

2 简述STP的作用及工作原理.作用(1) 能够在逻辑上阻断环路，生成树形结构的拓扑;(2) 能够不断的检测网络的变化，当主要的线路出现故障断开的时候，STP还能通过计算激活阻起到断的端口，起到链路的备份作用。

工作原理: STP将一个环形网络生成无环拓朴的步骤：选择根网桥（Root Bridge）选择根端口（Root Ports）选择指定端口（Designated Ports）生成树机理每个STP实例中有一个根网桥每个非根网桥上都有一个根端口每个网段有一个指定端口非指定端口被阻塞STP是交换网络的重点,考察是否理解.3:简述传统的多层交换与基于CEF的多层交换的区别简单的说:传统的多层交换:一次路由,多次交换基于CEF的多层交换:无须路由,一直交换.4、DHCP的作用是什么,如何让一个vlan中的DHCP服务器为整个企业网络分配IP地址? 作用:动态主机配置协议,为客户端动态分配IP地址.配置DHCP中继,也就是帮助地址.(因为DHCP是基于广播的,vlan 或路由器隔离了广播)5:有一台交换机上的所有用户都获取不了IP地址,但手工配置后这台交换机上的同一vlan间的用户之间能够相互ping通,但ping不通外网,请说出排障思路.1:如果其它交换机上的终端设备能够获取IP地址,看帮助地址是否配置正确; 2:此交换机与上连交换机间是否封装为Trunk.3:单臂路由实现vlan间路由的话看子接口是否配置正确,三层交换机实现vlan间路由的话看是否给vlan配置ip地址及配置是否正确.4:再看此交换机跟上连交换机之间的级连线是否有问题; 排障思路.6:什么是静态路由？什么是动态路由？各自的特点是什么？静态路由是由管理员在路由器中手动配置的固定路由，路由明确地指定了包到达目的地必须经过的路径，除非网络管理员干预，否则静态路由不会发生变化。

CCNP级别网络工程师面试题1、解决路由环问题的方法有(ABD) A. 水平分割 B. 路由保持法 C. 路由器重启D. 定义路由权的最大值2、下面哪一项正确描述了路由协议(C) A. 允许数据包在主机间传送的一种协议 B. 定义数据包中域的格式和用法的一种方式C. 通过执行一个算法来完成路由选择的一种协议D. 指定MAC地址和IP地址捆绑的方式和时间的一种协议 3、以下哪些内容是路由信息中所不包含的(A) A. 源地址 B. 下一跳 C. 目标网络D. 路由权值4、以下说法那些是正确的(BD)A. 路由优先级与路由权值的计算是一致的B. 路由权的计算可能基于路径某单一特性计算，也可能基于路径多种属性C. 如果几个动态路由协议都找到了到达同一目标网络的最佳路由，这几条路由都会被加入路由表中D. 动态路由协议是按照路由的路由权值来判断路由的好坏，并且每一种路由协议的判断方法都是不一样的 5、IGP的作用范围是(C) A. 区域内 B. 局域网内 C. 自治系统内 D. 自然子网范围内6、距离矢量协议包括(AB) A. RIP B. BGP C. IS-IS D. OSPF7、关于矢量距离算法以下那些说法是错误的(A) A. 矢量距离算法不会产生路由环路问题 B. 矢量距离算法是靠传递路由信息来实现的C. 路由信息的矢量表示法是(目标网络，metric)D. 使用矢量距离算法的协议只从自己的邻居获得信息求职胜经/简历亮出你的精彩简历写作技巧，...面试前准备才是...8、如果一个内部网络对外的出口只有一个，那么最好配置(A) A. 缺省路由 B. 主机路由 C. 动态路由 9、BGP是在(D)之间传播路由的协议 A. 主机 B. 子网C. 区域(area)D. 自治系统(AS)10、在路由器中，如果去往同一目的地有多条路由，则决定最佳路由的因素有(AC) A. 路由的优先级 B. 路由的发布者 C. 路由的metirc值 D. 路由的生存时间 11、在RIP协议中，计算metric值的参数是(D) A. MTU B. 时延 C. 带宽D. 路由跳数12、路由协议存在路由自环问题（A） A. RIP B. BGP C. OSPF D. IS-IS13、下列关于链路状态算法的说法正确的是:(bc ) A. 链路状态是对路由的描述B. 链路状态是对网络拓扑结构的描述C. 链路状态算法本身不会产生自环路由D. OSPF 和RIP都使用链路状态算法14、在OSPF同一区域(区域A)内，下列说法正确的是(d ) A. 每台路由器生成的LSA都是相同的B. 每台路由器根据该最短路径树计算出的路由都是相同的C. 每台路由器根据该LSDB计算出的最短路径树都是相同的 D. 每台路由器的区域A的LSDB(链路状态数据库)都是相同的 15、在一个运行OSPF的自治系统之内:(ad ) A. 骨干区域自身也必须是连通的 B. 非骨干区域自身也必须是连通的C. 必须存在一个骨干区域 ( 区域号为0 )D. 非骨干区域与骨干区域必须直接相连或逻辑上相连16、下列关于OSPF协议的说法正确的是:(abd ) A. OSPF支持基于接口的报文验证B. OSPF支持到同一目的地址的多条等值路由C. OSPF是一个基于链路状态算法的边界网关路由协议D. OSPF发现的路由可以根据不同的类型而有不同的优先级 17、禁止 RIP 协议的路由聚合功能的命令是(c ) A. undo rip B. auto-summanyC. undo auto-summanyD. undo network 10.0.0.018、下列静态路由配置正确的是(d) A. ip route 129.1.0.0 16 serial 0 B. ip route 10.0.0.2 16 129.1.0.0 C. ip route 129.1.0.0 1610.0.0.2D. ip route 129.1.0.0 255.255.0.0 10.0.0.2 19、以下不属于动态路由协议的是(d) A. RIP B. ICMP C. IS-ISD. OSPf20、三种路由协议RIP 、OSPF 、BGP和静态路由各自得到了一条到达目标网络，在华为路由器默认情况下，最终选选定(b) 路由作为最优路由 A. RIP B. OSPF C. BGPD. 静态路由 21、IGP 包括如下哪些协议(acd) A. RIP B. BGP C. IS-IS D. OSPF22、路由环问题会引起(abd ) A. 慢收敛 B. 广播风暴 C. 路由器重起D. 路由不一致23、以下哪些路由表项要由网络管理员手动配置(a ) A. 静态路由B. 直接路由C. 动态路由D. 以上说法都不正确24、在运行Windows98的计算机中配置网关，类似于在路由器中配置(a) A. 直接路由 B. 默认路由 C. 动态路由 D. 间接路由25、关于RIP协议，下列说法正确的有:(ac ) A. RIP协议是一种IGP B. RIP协议是一种EGPC. RIP协议是一种距离矢量路由协议D. RIP协议是一种链路状态路由协议。

2023年CCNP考试真题答案解析CCNP（Cisco Certified Network Professional）认证是思科公司推出的中级级别网络工程师认证，旨在验证网络工程师具备设计、配置和管理复杂网络架构的能力。

2023年CCNP考试是考察网络工程师在网络规划、设计、实施和故障排除等方面的能力。

本文将对2023年CCNP考试真题进行解析，为考生提供答案参考与分析。

题目一：请简述SDN（Software-Defined Networking）的基本概念和架构，并说明其在网络领域中的优势和应用。

SDN是一种基于软件的网络架构，通过将网络控制从传统的网络设备中分离出来，实现网络控制和数据转发的解耦。

SDN的架构主要由三个组件构成：应用层、控制器层和数据平面。

在SDN架构中，应用层包括网络应用和管理应用等，通过控制器层与底层的网络设备进行通信。

控制器层是SDN的核心，负责网络中的路由、策略和动态配置等功能，它与应用层和数据平面进行交互。

数据平面是网络中的交换机和路由器等设备，负责数据的转发。

SDN的优势和应用体现在以下几个方面：1. 灵活性和可编程性：SDN架构使网络设备的控制逻辑与数据转发分开，提供了更高的灵活性和可编程性，可根据需求快速配置和自动化管理网络，提高网络的可调整性和可扩展性。

2. 网络集中管理：SDN的控制器层集中管理网络中的所有设备，实现了网络的集中控制和监控。

网络管理员可以通过中央控制器来管理网络流量、策略和安全等，提高了网络管理的效率。

3. 创新应用和服务：SDN架构为网络创新提供了更好的平台，可以支持各种应用和服务的开发，如虚拟网络、多租户网络和网络功能虚拟化等，加快了网络技术的发展和应用。

4. 故障隔离和快速恢复：SDN可以通过控制器层实现网络的动态配置和故障隔离，当某一设备出现故障时，可以快速重新规划路径并恢复网络的正常运行。

题目二：请描述OSPF（Open Shortest Path First）协议的工作原理，并解释其在网络中的应用场景。