思科CCNA第一学期期末考试答案Final

合集下载

CCNA第一学期各章习题及答案

CCNA第一学期各章习题及答案

诶了我累了目录第二章网络通信P2-8第三章应用层功能及协议P9-14第四章OSI传输层P15-20第五章OSI网络层P21-27第六章网络编址-IPv4 P28-34第七章数据链路层P35-40第八章OSI物理层P41-45第九章以太网P46-51第十章网络规划和布线P52-61第十一章配置和测试网络P62-70第一学期末考试P71-91文档末尾返回目录第二章网络通信001 TCP/IP 网络接入层有何作用?路径确定和数据包交换数据表示、编码和控制可靠性、流量控制和错误检测详细规定构成物理链路的组件及其接入方法将数据段划分为数据包002下列哪些陈述正确指出了中间设备在网络中的作用?(选择三项)确定数据传输路径发起数据通信重新定时和重新传输数据信号发送数据流管理数据流数据流最后的终止点003下列哪三项陈述是对局域网 (LAN) 最准确的描述?(选择三项)LAN 通常位于一个地域内。

此类网络由由一个组织管理。

LAN 中的不同网段之间一般通过租用连接的方式连接。

此类网络的安全和访问控制由服务提供商控制。

LAN 为同一个组织内的用户提供网络服务和应用程序访问。

此类网络的每个终端通常都连接到电信服务提供商 (TSP)。

004 什么是 PDU?传输期间的帧损坏在目的设备上重组的数据因通信丢失而重新传输的数据包特定层的封装005 OSI 模型哪两层的功能与 TCP/IP 模型的网络接入层相同?(选择两项)网络层传输层物理层数据链路层会话层006请参见图示。

所示网络属于哪一类型?WANMANLANWLAN007 以下哪种特征正确代表了网络中的终端设备?管理数据流发送数据流重新定时和重新传输数据信号确定数据传输路径008 第 4 层端口指定的主要作用是什么?标识本地介质中的设备标识源设备和目的设备之间的跳数向中间设备标识通过该网络的最佳路径标识正在通信的源终端设备和目的终端设备标识终端设备内正在通信的进程或服务009 请参见图示。

思科CCNA5.0Final答案汇总

思科CCNA5.0Final答案汇总

1PDU 封装的正确顺序是什么?答案说明最高分值correctness of response 2 points for Option 10 points for any other option22管理员在发出 ping 命令之后在交换机上使用 Ctrl-Shift-6 键组合。

使用这些按键有什么用途?重新启动ping 进程中断 ping 进程退出到不同的配置模式允许用户完成命令要中断一个 IOS 进程(例如 ping 或 traceroute ),用户可以输入 Ctrl-Shift-6 键组合。

Tab 用于完成命令参数或变量的其余部分。

要退出配置模式并进入特权模式,可以使用 Ctrl-Z 按键。

CTRL-R 将会重新显示当前键入的行,这样便于用户按 Enter 并重新发出 ping 命令。

答案说明最高分值correctness of response 2 points for Option 2 0 points for any other option23 建立融合网络有何用途?为所有终端设备提供高速连接确保平等对待所有类型的数据包实现数据网络基础架构设备的容错能力和高可用性降低部署和维护通信基础设施的成本随着技术的发展,各个公司现在可以将不同的网络整合到一个平台之上,称为融合网络。

在融合网络中,语音、视频和数据通过同一网络传输,从而使人们不必再创建和维护各个单独的网络。

这也降低了提供和维护通信网络基础设施相关的成本。

答案说明最高分值correctness of response 2 points for Option 40 points for any other option24请参见图示。

哪个区域最有可能是图中所示的公司网络的外联网?区域A区域B区域C区域D外联网是外部实体访问其他公司的数据的平台。

其形式可能是产品供应商所使用的库存服务器,也可能是外部实体用来访问当天客户数量的当前信息的Web 服务器。

最新版本CCNA考试第一章期末考试答案b

最新版本CCNA考试第一章期末考试答案b

最新版本CCNA考试第一章期末考试答案本文提供了最新版本的CCNA考试第一章期末考试答案,以供考生参考。

第一部分:单项选择题1. 以下哪种设备可用于实现广域网?A. 路由器B. 交换机C. 防火墙D. 网桥正解:A2. 哪一个网络层协议是用于将MAC地址转换为IP地址?A. ARP协议B. TCP协议C. UDP协议D. ICMP协议正解:A3. 网络安全中,以下哪项是确保数据在传输过程中不被窃取或修改的安全措施?A. 机密性B. 完整性C. 可用性D. 可验证性正解:B4. 在OSI模型中,下列哪层负责对收到的数据进行重新组装和排序?A. 传输层C. 数据链路层D. 物理层正解:A5. 哪种类型的地址可以用于从源到目的地的识别和路由?A. 物理地址B. MAC地址C. IP地址D. 逻辑地址正解:C第二部分:多项选择题1. 选择下列关于TCP传输协议的正确说法。

(可多选)A. TCP使用可靠性较低的UDP协议B. TCP的流控制指令有多种方式C. TCP在传输层实现D. TCP提供无连接服务正解:B、C2. 在主机间进行通信时,哪个MAC地址首先被使用?A. 源主机的MAC地址B. 目的主机的MAC地址C. 网关的MAC地址D. 路由器的MAC地址正解:C3. 下列哪个网络拓扑结构最好的容错性?A. 星形拓扑C. 总线型拓扑D. 带环形拓扑正解:A4. 以下哪个选项是网络安全的最佳实践?A. 使用复杂的密码并定期更改B. 允许所有用户访问系统C. 共享所有文件和文件夹D. 手动分配IP地址正解:A5. 哪种网络协议可以在发送方和接收方之间创建安全的数据连接?A. SSLB. HTTPC. FTPD. SMTP正解:A第三部分:简答题1. 请简要解释网络拓扑结构。

网络拓扑结构指的是计算机网络中设备的布局方式。

常见的网络拓扑包括星型、环状、总线型和带环型等。

其中,星型拓扑结构最为常见,它由多台计算机通过中心节点相连而组成。

CCNA E am CCNA第一学期期末考试

CCNA E am CCNA第一学期期末考试

CCNA1ENetworkFinalExam -CCNAExploration: 网络基础知识(版本 4.0)下列有关网络层编址的陈述中哪三项是正确的?(选择三项。

)网络层编址使用分层式结构。

使用长度为48 位的地址。

以太网交换机可以使用它来作出转发决定。

它不支持广播。

其使用的编址方法可以识别地址的网络部分。

网络层编址可以区分每台主机。

请参见图示。

在PC 上发出所示的命令。

IP 地址代表什么?主机的IP 地址主机的默认网关主机的主页IP 地址主机的首选域名服务器网站的IP 地址。

哪三个地址属于公有IP 地址?(选择三项。

)数据链路层有哪两项功能?(选择两项)分割和记录数据。

在源主机和目的主机上运行的程序之间进行数据交换。

控制数据如何传递到介质中。

生成信号以表示每个帧中的比特。

使用帧头和帧尾封装每个数据包,以便在本地介质中进行传输。

请参见图示。

主机A 要访问Internet。

哪项第2 层地址和第3 层地址的组合可以让主机A 实现此访问?目的MAC:,默认网关:目的MAC:,默认网关:目的MAC:,默认网关:目的MAC:,默认网关:下列哪三项是CSMA/CD 的特征?(选择三项。

)设备会侦听介质,并且仅当无法检测到介质上存在其它信号时才会传输数据。

介质上的所有设备均可侦听所有通信。

设备根据配置的优先级来进行通信。

发生冲突后,引起冲突的设备会优先尝试传输数据。

发生冲突时,所有设备会在一段时间内停止传输数据,该段时间的长度随机决定。

CSMA/CD 使用令牌系统来避免冲突。

下列哪三个IPv4 地址代表子网的有效网络地址?(选择三项。

)请参见图示。

用记号来表示每条介质链路。

用来连接不同设备的正确电缆类型是什么?连接1 - 直通电缆,连接2 - 直通电缆,连接3 - 交叉电缆连接1 - 直通电缆,连接2 - 交叉电缆,连接3 - 全反电缆连接1 - 交叉电缆,连接2 - 全反电缆,连接3 - 直通电缆连接1 - 交叉电缆,连接2 - 直通电缆,连接3 - 交叉电缆连接1 - 直通电缆,连接2 - 全反电缆,连接3 - 交叉电缆请参见图示。

思科第一学期期末试题目及答案

思科第一学期期末试题目及答案

1请参见图示。

主机 A 用户向主机 B 用户发送了一封电子邮件。

主机 A 发送了哪种类型的信息?广播组播同播单播2为了将PC 加入到网络环境中,应通过软件配置哪两个组件?(选择两项。

)MAC 地址IP 地址内核外壳(shell)子网掩码3哪两项是MAC 地址的特征?(选择两项。

)指示网络中主机的物理位置。

由DHCP 服务器动态分配。

以十六进制格式显示。

是物理地址。

是一种基于电缆的地址。

4哪种连接需要使用直通电缆?PC 端口至PC 端口PC 端口至路由器接口交换机端口至路由器端口交换机端口至交换机端口5路由器在收到包含广播MAC 地址的帧时会执行什么操作?它不会将该帧转发给另一个网络。

它会以其IP 地址作为回复将该帧转发回发送主机。

它会将帧从除该帧所在接口的其它所有接口转发出去。

它会将该帧转发回接收接口,以确保局域网中的所有主机都能收到。

6DNS 服务器的功能是什么?将IP 地址映射为MAC 地址。

将计算机或域名转换为相应的IP 地址。

管理客户端所在的域。

接收从客户端发来的HTTP 请求。

7哪两种网络故障与物理层相关?(选择两项。

)电缆和接头损坏编址不正确子网掩码不正确组件过热默认网关不正确8哪一层是主机进入网络的第一个进入点?核心层接入层网络层分布层9下列哪些是私有IP 地址的地址范围?(选择三项。

)10.0.0.0 到10.255.255.255200.100.50.0 到200.100.25.255150.150.0.0 到150.150.255.255172.16.0.0 到172.31.255.255192.168.0.0 到192.168.255.255127.16.0.0 到127.31.255.25510请参见图示。

一家组织的安全策略允许员工在家里连接办公室内部网。

这是一种什么安全策略?合理使用事件处理网络维护远程访问11请参见图示。

将Linksys 集成路由器上的安全模式设置为WEP 有什么作用?WEP 安全模式能够使接入点向客户端告知它的存在。

思科第一学期期末考试最新答案

思科第一学期期末考试最新答案

要将数据包发送到远程网络,应使用哪种设备?访问交换机DHCP 服务器集线器路由器OSI 哪一层使用面向连接的协议来确保数据的可靠传输?应用层表示层会话层传输层请参见图示。

根据显示的IP 配置回答,主机 A 和主机 B 无法在本地网络外通信的原因是什么?对主机 A 分配了网络地址。

对主机 B 分配了组播地址。

主机 A 和主机 B 属于不同的网络。

对网关地址分配了广播地址。

请参见图示。

包含路由器 B 的网络遇到问题。

助理网络工程师已确定此网络的问题出在路由行什么操作可以纠正该网络问题?在接口Serial 0/0/0 上发出clock rate命令在接口Serial 0/0/1 上发出description命令在接口FastEthernet 0/0 上发出ip address命令在接口FastEthernet 0/1 上发出no shutdown命令请参见图示。

对于从主机 A 向Web 服务器发出的网页请求,正确的目的套接字数字是什么00-08-a3-b6-ce-46198.133.219.25:80C 172.18.0.0/24 is directly connected, FastEthernet0/0在Cisco IOS 设备中,启动配置文件存储于何处?闪存NVRAMRAMROM在配置路由器时,网络技术人员想要命名路由器。

输入hostname命令后,技术人员会看到下列示?Router>Router#Router(config)#Router(config-line)#下列哪三个IPv4 地址代表子网的广播?(选择三项)(主机为1)172.16.4.63 /26172.16.4.129 /26172.16.4.191 /26172.16.4.51 /27172.16.4.95 /27172.16.4.221 /27网络管理员想要限制访问路由器的特权执行模式。

管理员应该使用哪一种口令?使能aux控制台VTY请参见图示。

思科期末考试题库和答案

思科期末考试题库和答案

思科期末考试题库和答案一、单选题1. 在思科网络技术中,OSI模型的第4层是什么?A. 传输层B. 会话层C. 表示层D. 应用层答案:A2. 以下哪个协议是用于在网络层进行路由选择的?A. TCPB. IPC. UDPD. FTP答案:B3. 动态主机配置协议(DHCP)工作在OSI模型的哪一层?A. 应用层B. 传输层C. 网络层D. 数据链路层答案:D4. 以下哪个命令用于在思科设备上查看当前配置?A. show running-configB. show startup-configC. show interface statusD. show ip route答案:A5. 在思科设备上,哪个命令用于保存当前的配置到启动配置中?A. copy running-config startup-configB. copy startup-config running-configC. saveD. write答案:A二、多选题6. 以下哪些是思科交换机上常用的端口类型?A. FastEthernetB. GigabitEthernetC. TenGigabitEthernetD. Serial答案:A, B, C, D7. 在思科设备上,以下哪些命令用于管理VLAN?A. vlan databaseB. enableC. configure terminalD. exit答案:A, C8. 以下哪些是思科路由器上常用的接口类型?A. FastEthernetB. GigabitEthernetC. SerialD. ATM答案:A, B, C, D9. 以下哪些是思科设备上用于查看网络状态的命令?A. show ip interface briefB. show running-configC. show interface statusD. ping答案:A, C, D10. 在思科设备上,以下哪些命令用于配置静态路由?A. ip routeB. ip routingC. routeD. configure terminal答案:A, D三、判断题11. 思科的IOS(Internetworking Operating System)是运行在所有思科设备上的软件。

思科CCNA考试答案(全)

思科CCNA考试答案(全)

CCNA思科考试答案(全)第 1 章考试1一家拥有10 名员工的小型公司使用单个LAN 在计算机之间共享信息。

哪种类型连接适合此公司?由当地电话服务提供商提供的拨号连接能够使公司方便且安全地连接员工的虚拟专用网络通过当地服务提供商建立的私有专用线路通过当地服务提供商提供的宽带服务(如DSL)答案:4解析:对于这种小型办公室,比较适合通过被称为数字用户线路(DSL) 的常见宽带服务实现Internet 连接,这种服务由当地的电话服务提供商提供。

由于员工人数很少,带宽的问题并不突出。

如果公司较大,在远程站点有分支机构,则专用线路会更加适合。

如果公司员工需要通过Internet 与公司联系,则采用虚拟专用网。

2哪种网络情况需要使用WAN?员工工作站需要获取动态分配的IP 地址。

员工在出差时需要通过VPN 连接到公司电子邮件服务器。

分支机构的员工需要与同一园区网络上的另一座建筑物内的公司总部共享文件。

员工需要访问托管在其建筑物内DMZ 中的公司Web 服务器上的网页。

答案:2解析:当出差的员工需要通过WAN 连接到公司电子邮件服务器时,VPN 将通过WAN 连接在员工笔记本电脑与公司网络之间创建一个安全隧道。

通过DHCP 获取动态IP 地址是LAN 通信的功能。

在企业园区的不同建筑物之间共享文件可通过LAN 基础设施来实现。

DMZ 是企业LAN 基础设施内一个受保护的网络。

3以下哪项描述了WAN 的特征?WAN 和LAN 在同一地理范围内运行,但有串行链路。

WAN 网络归运营商所有。

所有串行链路均被视为WAN 连接。

WAN 可提供到园区主干网的终端用户网络连接。

答案:2解析:WAN 可用于将企业LAN 互连到远程分支机构站点LAN 和远程工作人员站点。

WAN 归运营商所有。

虽然WAN 连接一般通过串行接口实现,但并不是所有串行链路均连接至WAN。

LAN(而非WAN)可在组织中提供终端用户网络连接。

4电路交换WAN 技术的两个常见类型是什么?(请选择两项。

CCNA第一学期Finalexam考试英文版答案

CCNA第一学期Finalexam考试英文版答案

CCNA第一学期Finalexam考试英文版答案(R&S.)C 1A medium-sized business is researching available options for connecting to the Internet.Thecompany is looking for a high speed option with dedicated, symmetric access.Whichconnection type should the company choose?DSLdialupsatelliteleased linecable modem2What is the purpose of having a converged network?to provide high speed connectivity to all end devicesto make sure that all types of data packets will be treated equallyto achieve fault tolerance and high availability of data network infrastructure devicesto reduce the cost of deploying and maintaining thecommunication infrastructure3What characteristic of a network enables it to quickly grow to support new users andapplications without impacting the performance of the service being delivered to existing users?reliabilityscalabilityquality of serviceaccessibility4Which connection provides a secure CLI session with encryption to a Cisco switch?a console connectionan AUX connectiona Telnet connectionan SSH connection5A network technician is attempting to configure an interface by entering the followingcommand:SanJose(config)#ip address192.168.2.1255.255.255.0.The command isrejected by the device.What is the reason for this? The command is being entered from the wrong mode of operation.The command syntax is wrong.The subnet mask information is incorrect.The interface is shutdown and must be enabled before the switch will accept the IP address.6After several configuration changes are made to a router, the copy running-configurationstartup-configuration command is issued.Where will the changes be stored?flashROMNVRAMRAMthe configuration registera TFTP server7Refer to the exhibit.From global configuration mode,an administrator is attempting to create a message-of-the-day banner by using thecommand banner motd V Authorized access only!Violators will be prosecuted!V When users log in using Telnet,the banner does not appear correctly.What is the problem? The banner message is too long.The delimiting character appears in the banner message.The symbol“!”signals the end of a banner message.Message-of-the-day banners will only appear when a user logs in through the console port.8What are three characteristics of an SVI?(Choose three.) It is designed as a security protocol to protect switch ports.It is not associated with any physical interface on a switch.It is a special interface that allows connectivity by different types of media.It is required to allow connectivity by any device at any location.It provides a means to remotely manage a switch.It is associated with VLAN1by default.9A technician configures a switch with these commands: SwitchA(config)#interface vlan1SwitchA(config-if)#ip address192.168.1.1255.255.255.0 SwitchA(config-if)#no shutdownWhat is the technician configuring?Telnet accessSVIpassword encryptionphysical switchport access10In computer communication,what is the purpose of message encoding?to convert information to the appropriate form for transmissionto interpret informationto break large messages into smaller framesto negotiate correct timing for successful communication11What protocol is responsible for controlling the size of segments and the rate at whichsegments are exchanged between a web client and a web server?TCPIPHTTPEthernet12What are two benefits of using a layered network model? (Choose two.)It assists in protocol design.It speeds up packet delivery.It prevents designers from creating their own model.It prevents technology in one layer from affecting other layers.It ensures a device at one layer can function at the next higher layer.13What is the process of dividing a data stream into smaller pieces before transmission?segmentationencapsulationencodingflow control14When IPv4addressing is manually configured on a web server,which property of the IPv4configuration identifies the network and host portion for an IPv4address?DNS server addresssubnet maskdefault gatewayDHCP server address15A network administrator is troubleshootingconnectivity issues on a ing a tester,the administrator notices that the signals generated by the server NIC are distorted and not usable.In which layer of the OSI model is the error categorized?presentation layernetwork layerphysical layerdata link layer16A network engineer is measuring the transfer of bits across the company backbone for amission critical database application.The engineer notices that the network throughputappears lower than the bandwidth expected.Which three factors could influence thedifferences in throughput?(Choose three.)the amount of traffic that is currently crossing the networkthe sophistication of the encapsulation method applied to the datathe type of traffic that is crossing the networkthe latency that is created by the number of network devices that the data is crossingthe bandwidth of the WAN connection to the Internetthe reliability of the gigabit Ethernet infrastructure of the backbone17Which type of UTP cable is used to connect a PC to a switch port?consolerollovercrossoverstraight-through18What is a characteristic of the LLC sublayer?It provides the logical addressing required that identifies the device.It provides delimitation of data according to the physical signaling requirements of the medium.It places information in the frame allowing multiple Layer 3protocols to use the same network interface and media.It defines software processes that provide services to the physical layer.19What are the three primary functions provided by Layer 2data encapsulation?(Choosethree.)error correction through a collision detection methodsession control using port numbersdata link layer addressingplacement and removal of frames from the mediadetection of errors through CRC calculationsdelimiting groups of bits into framesconversion of bits into data signals20What will a host on an Ethernet network do if it receives a frame with a destination MACaddress that does not match its own MAC address?It will discard the frame.It will forward the frame to the next host.It will remove the frame from the media.It will strip off the data-link frame to check the destination IP address.21What are two actions performed by a Cisco switch? (Choose two.)building a routing table that is based on the first IP address in the frame headerusing the source MAC addresses of frames to build and maintain a MAC address tableforwarding frames with unknown destination IP addresses to the default gatewayutilizing the MAC address table to forward frames via the destination MAC addressexamining the destination MAC address to add new entries to the MAC address table22What are two examples of the cut-through switching method?(Choose two.)store-and-forward switchingfast-forward switchingCRC switchingfragment-free switchingQOS switching23Refer to the exhibit.If host A sends an IP packet to host B,what will the destination address be in the frame when it leaves host A?DD:DD:DD:DD:DD:DD172.168.10.99CC:CC:CC:CC:CC:CC172.168.10.65BB:BB:BB:BB:BB:BBAA:AA:AA:AA:AA:AA24What are two services provided by the OSI network layer?(Choose two.)performing error detectionrouting packets toward the destinationencapsulating PDUs from the transport layerplacement of frames on the mediacollision detection25What information is added during encapsulation at OSI Layer3?source and destination MACsource and destination application protocolsource and destination port numbersource and destination IP address26What are two functions of NVRAM?(Choose two.)to store the routing tableto retain contents when power is removedto store the startup configuration fileto contain the running configuration fileto store the ARP table27Refer to the exhibit.The network administrator for a small advertising company has chosen to use the192.168.5.96/27 network for internal LAN addressing.As shown in the exhibit,a static IP address is assigned to the company web server.However,the web server cannot access the Internet.The administrator verifies that local workstations with IP addresses that are assigned by a DHCP server can access the Internet,and the web server is able to ping local workstations.Which component is incorrectly configured?subnet maskDNS addresshost IP addressdefault gateway address28Why does a Layer3device perform the ANDing process on a destination IP address andsubnet mask?to identify the broadcast address of the destination networkto identify the host address of the destination hostto identify faulty framesto identify the network address of the destination network29What are the three ranges of IP addresses that are reserved for internal private use?(Choosethree.)10.0.0.0/864.100.0.0/14127.16.0.0/12172.16.0.0/12192.31.7.0/24192.168.0.0/1630Which three addresses are valid public addresses? (Choose three.)198.133.219.17192.168.1.24510.15.250.5128.107.12.117192.15.301.24064.104.78.22731What type of IPv6address is FE80::1?loopbacklink-localmulticastglobal unicast32Refer to the exhibit.On the basis of the output,which two statements about network connectivity are correct? (Choose two.)There is connectivity between this device and the device at192.168.100.1.The connectivity between these two hosts allows for videoconferencing calls.There are4hops between this device and the device at 192.168.100.1.The average transmission time between the two hosts is2 milliseconds.This host does not have a default gateway configured.33Which subnet would include the address192.168.1.96as a usable host address?192.168.1.64/26192.168.1.32/27192.168.1.32/28192.168.1.64/2934How many hosts are addressable on a network that has a mask of255.255.255.248?268141625435Which statement is true about variable-length subnet masking?Each subnet is the same size.The size of each subnet may be different,depending on requirements.Subnets may only be subnetted one additional time.Bits are returned,rather than borrowed,to create additional subnets.36Refer to the exhibit.Consider the IP address of 192.168.10.0/24that has been assigned to a high school building.The largest network in this building has100 devices.If192.168.10.0is the network number for the largest network,what would be the network number for thenext largest network,which has40devices?192.168.10.0192.168.10.128192.168.10.192192.168.10.224192.168.10.24037In what two situations would UDP be the preferred transport protocol over TCP?(Choosetwo.)when applications need to guarantee that a packet arrives intact,in sequence,and unduplicatedwhen a faster delivery mechanism is neededwhen delivery overhead is not an issuewhen applications do not need to guarantee delivery of the datawhen destination port numbers are dynamic38What important information is added to the TCP/IPtransport layer header to ensurecommunication and connectivity with a remote network device?timing and synchronizationdestination and source port numbersdestination and source physical addressesdestination and source logical network addresses39What is the TCP mechanism used in congestion avoidance? three-way handshakesocket pairtwo-way handshakesliding window40Which three statements characterize UDP?(Choose three.)UDP provides basic connectionless transport layer functions.UDP provides connection-oriented,fast transport of data at Layer 3.UDP relies on application layer protocols for error detection.UDP is a low overhead protocol that does not provide sequencing or flow control mechanisms.UDP relies on IP for error detection and recovery.UDP provides sophisticated flow control mechanisms.41Which two tasks are functions of the presentation layer? (Choose two.)compressionaddressingencryptionsession controlauthentication42Which two protocols operate at the highest layer of the TCP/IP protocol stack?(Choose two.)DNSEthernetIPPOPTCPUDP43Which two roles can a computer assume in a peer-to-peer network where a file is beingshared between two computers?(Choose two.)clientmasterserverslavetransient44What is the function of the HTTP GET message?to request an HTML page from a web serverto send error information from a web server to a web clientto upload content to a web server from a web clientto retrieve client email from an email server using TCP port11045A wireless host needs to request an IP address.What protocol would be used to process therequest?FTPHTTPDHCPICMPSNMP46When planning for network growth,where in the network should packet captures take place toassess network traffic?on as many different network segments as possibleonly at the edge of the networkbetween hosts and the default gatewayonly on the busiest network segment47When applied to a router,which command would help mitigate brute-force password attacksagainst the router?exec-timeout30service password-encryptionbanner motd$Max failed logins=5$login block-for60attempts5within6048Refer to the exhibit.An administrator is testing connectivity to a remote device with the IP address10.1.1.1.What does the output of this command indicate?Connectivity to the remote device was successful.A router along the path did not have a route to the destination.A ping packet is being blocked by a security device along the path.The connection timed out while waiting for a reply fromthe remote device.。

思科第一学期期末考试最新答案CCNA1

思科第一学期期末考试最新答案CCNA1

思科第一学期期末考试最新答案CCNA1要将数据包发送到远程网络,应使用哪种设备?访问交换机DHCP 服务器集线器路由器OSI 哪一层使用面向连接的协议来确保数据的可靠传输?应用层表示层会话层传输层请参见图示。

根据显示的IP 配置回答,主机 A 和主机 B 无法在本地网络外通信的原因是什么?对主机 A 分配了网络地址。

对主机 B 分配了组播地址。

主机 A 和主机 B 属于不同的网络。

对网关地址分配了广播地址。

请参见图示。

包含路由器 B 的网络遇到问题。

助理网络工程师已确定此网络的问题出在路由行什么操作可以纠正该网络问题?在接口Serial 0/0/0 上发出clock rate 命令在接口Serial 0/0/1 上发出description 命令在接口FastEthernet 0/0 上发出ip address 命令在接口FastEthernet 0/1 上发出no shutdown 命令VTY请参见图示。

主机 A 上需要安装什么才能支持网络技术人员创建Router1 的初始配置?FTP 客户端Telnet 客户端终端仿真程序Web 浏览器请参见图示。

哪种逻辑拓扑是对图示网络的准确描述?星型环型点对点多路访问请参见图示。

哪种逻辑拓扑是对图示网络的准确描述?星型环型点对点多路访问第 3 层头部包含的哪一项信息可帮助数据传输?端口号设备物理地址目的主机逻辑地址虚拟连接标识符管理员对设备做出了更改,但更改没有达到预期效果。

管理员可以采取什么措施来恢复NVRAM 中保存的配置?发出erase flash 命令。

发出reload 命令并对随后的提示回答no。

发出erase start-up config 命令。

发出copy running-config start-up config 命令。

哪些类型的介质不受EMI 和RFI 影响?(选择两项)10 Base-T10 Base-210 Base-5100 Base-FX100 Base TX1000 Base LX请参见图示。

CCNA第一学期各章习题和参考答案.doc

CCNA第一学期各章习题和参考答案.doc

CCNA第一学期各章习题和参考答案第二章网络通信1、TCP/IP网络接入层有何作用?A路径确定和数据包交换B数据表示、编码和控制C可靠性、流量控制和错误检测E将数据段划分为数据包2、下列哪些陈述正确指出了中间设备在网络中的作用?(选择三项)B发起数据通信D发送数据流F数据流最后的终止点3、下列哪三项陈述是对局域网(LAN) 最准确的描述?(选择三项)C LAN 中的不同网段之间一般通过租用连接的方式连接。

D此类网络的安全和访问控制由服务提供商控制。

F此类网络的每个终端通常都连接到电信服务提供商(TSP)。

004 什么是PDU?A传输期间的帧损坏B在目的设备上重组的数据C因通信丢失而重新传输的数据包005 OSI 模型哪两层的功能与TCP/IP 模型的网络接入层相同?(选择两项)018哪个应用层协议通常用于支持客户端与服务器之间的文件传输?A HTMLB HTTP D Telnet019哪个应用层协议中规定了Microsoft 网络中用于文件共享的服务?A DHCPB DNS D SMTP E Telnet020服务器上的应用层通常如何处理多客户端服务请求?A终止与服务的所有连接B拒绝与单一守护程序的多个连接C暂停当前连接,建立新连接第四章OSI传输层001下列哪两项是用户数据报协议(UDP) 的功能?(选择两项)A流量控制 D 面向连接E 序列和确认002请参见图示。

此Wireshark 捕获输出的第7 行中执行的是哪一项TCP 操作?A会话创建B 数据段重传C 数据传输D 会话断开003数据段的TCP 报头中为什么包含端口号?A指示转发数据段时应使用的正确路由器接口B 标识接收或转发数据段时应使用的交换机端口C确定封装数据时应使用的第3 层协议让接收主机转发数据到适当的应用程序E让接收主机以正确的顺序组装数据包004OSI 模型哪一层负责规范信息从源设备到目的设备准确可靠地流动?A应用层 B 表示层 C 会话层传输层 E 网络层005请参见图示。

思科第1学期期末Final-3答案

思科第1学期期末Final-3答案

1PDU 封装的正确顺序是什么?答案 说明最高分值correctness of response 2 points for Option 10 points for any other option 2此试题参考以下领域的内容:Introduction to Networks•3.3.1 数据封装2建立融合网络有何用途?为所有终端设备提供高速连接确保平等对待所有类型的数据包实现数据网络基础架构设备的容错能力和高可用性降低部署和维护通信基础设施的成本随着技术的发展,各个公司现在可以将不同的网络整合到一个平台之上,称为融合网络。

在融合网络中,语音、视频和数据通过同一网络传输,从而使人们不必再创建和维护各个单独的网络。

这也降低了提供和维护通信网络基础设施相关的成本。

答案 说明 最高分值答案 说明 最高分值correctness of response 2 points for Option 40 points for any other option 2此试题参考以下领域的内容: Introduction to Networks•1.3.1 融合网络3请参见图示。

哪个能是图中所示的公司网络的外联网?区域 A区域 B区域 C区域 D外联网是外部实体访问其他公司的数据的平台。

其形式可能是产品供应商所使用的库存服务器,也可能是外部实体用来访问当天客户数量的当前信息的 Web 服务器。

Internet 用云和区域 A 表示。

内部网通常仅供内部人员使用。

区域 B 和 D 均是内部网的示例。

答案 说明 最高分值 correctness of response 2 points for Option 30 points for any other option 2此试题参考以下领域的内容: Introduction to Networks•1.2.3 Internet4主机正在访问远程网络上的 Web服务器。

中间网络设备在此对话中起到哪三个作用?(请选重新生成数据信号充当客户端或服务器提供传输消息的通道应用安全设置来控制数据流出现错误时通知其他设备用作消息的源或目标中间设备负责管理数据传输,包括跟踪数据路径,出现故障时寻找备用路径并通知其他设备,以及应用安全和优先级策略。

思科网院考试题库和答案

思科网院考试题库和答案

思科网院考试题库和答案一、单选题1. 思科网院课程中,CCNA(Cisco Certified Network Associate)认证主要涉及哪些技术领域?A. 网络基础B. 网络安全C. 无线网络D. 云服务答案:A2. 在思科网院的课程中,OSI模型的第3层是什么?A. 应用层B. 传输层C. 数据链路层D. 网络层答案:D3. 以下哪个协议是用于在IP网络中路由数据包的?A. TCPB. UDPC. IPD. ICMP答案:C4. 思科网院课程中,哪个设备用于连接不同网络或子网?A. 路由器B. 交换机C. 集线器D. 网桥答案:A5. 在思科网院课程中,VLAN(虚拟局域网)的主要作用是什么?A. 提高网络速度B. 提高网络安全性C. 增加网络带宽D. 减少网络延迟答案:B二、多选题6. 思科网院课程中,以下哪些因素会影响网络的性能?A. 带宽B. 延迟C. 丢包率D. 网络拓扑结构答案:A, B, C, D7. 在思科网院课程中,以下哪些设备属于网络核心层设备?A. 路由器B. 交换机C. 集线器D. 网桥答案:A, B8. 思科网院课程中,以下哪些协议属于传输层协议?A. TCPB. UDPC. IPD. ICMP答案:A, B9. 在思科网院课程中,以下哪些因素可以提高网络的安全性?A. 使用防火墙B. 定期更新软件C. 限制不必要的服务D. 使用VPN答案:A, B, C, D10. 思科网院课程中,以下哪些技术可以用于网络故障排除?A. PINGB. TRACEROUTEC. SHOW COMMANDSD. PACKET TRACER答案:A, B, C, D三、判断题11. 思科网院课程中,IP地址192.168.1.1是一个公网IP地址。

(对/错)答案:错12. 在思科网院课程中,交换机可以减少网络中的冲突域。

(对/错)答案:对13. 思科网院课程中,路由器的主要功能是在不同网络之间转发数据包。

CCNAS SECURITY FINAL 100% 思科安全课程final答案

CCNAS SECURITY FINAL 100% 思科安全课程final答案

Take Assessment - CCNAS Final Exam - CCNA Security: Implementing Network Security (Version 1.0)Time Remaining:02:38:471Which statement describes the operation of the IKE protocol?It uses IPsec to establish the key exchange process.It uses sophisticated hashing algorithms to transmit keys directly across a network.It calculates shared keys based on the exchange of a series of data packets.It uses TCP port 50 to exchange IKE information between the security gateways.2Which statement describes a factor to be considered when configuring a zone-based policy firewall?An interface can belong to multiple zones.The router always filters the traffic between interfaces in the same zone.The CBAC ip inspect command can coexist with ZPF as long as it is used on interfaces that are in the same security zones.A zone must be configured with the zone security global command before it can be used in the zone-member security command.3What are two disadvantages of using network IPS? (Choose two.)Network IPS has a difficult time reconstructing fragmented traffic to determine if an attack was successful.Network IPS is incapable of examining encrypted traffic.Network IPS is operating system-dependent and must be customized for each platform.Network IPS is unable to provide a clear indication of the extent to which the network is being attacked.Network IPS sensors are difficult to deploy when new networks are added.4Which three security services are provided by digital signatures? (Choose three.)authenticates the sourceauthenticates the destinationguarantees data has not changed in transitprovides nonrepudiation of transactionsprovides nonrepudiation using HMAC functionsprovides confidentiality of digitally signed data5Which three statements describe zone-based policy firewall rules that govern interface behavior and the traffic moving between zone mem (Choose three.)An interface can be assigned to multiple security zones.Interfaces can be assigned to a zone before the zone is created.Pass, inspect, and drop options can only be applied between two zones.If traffic is to flow between all interfaces in a router, each interface must be a member of a zone.Traffic is implicitly prevented from flowing by default among interfaces that are members of the same zone.To permit traffic to and from a zone member interface, a policy allowing or inspecting traffic must be configured between that zone a zone.6Which type of SDM rule is created to govern the traffic that can enter and leave the network based on protocol and port number?NAC ruleNAT ruleIPsec ruleaccess rule7Which three types of views are available when configuring the Role-Based CLI Access feature? (Choose three.)superuser viewroot viewsuperviewCLI viewadmin viewconfig view8Which two statements match a type of attack with an appropriate example? (Choose two.)To conduct an access attack, an attacker uses L0phtCrack to obtain a Windows server password.To conduct an access attack, an attacker uses Wireshark to capture interesting network traffic.To conduct a reconnaissance attack, an attacker initiates a ping of death attack to a targeted server.To conduct a DoS attack, an attacker uses handler systems and zombies to obtain a Windows server password.To conduct a DoS attack, an attacker initiates a smurf attack by sending a large number of ICMP requests to directed broadcast addTo conduct a reconnaissance attack, an attacker creates a TCP SYN flood causing the server to spawn many half-open connections unresponsive.9Which statement describes configuring ACLs to control Telnet traffic destined to the router itself?The ACL must be applied to each vty line individually.The ACL is applied to the Telnet port with the ip access-group command.Apply the ACL to the vty lines without the in or out option required when applying ACLs to interfaces.The ACL should be applied to all vty lines in the in direction to prevent an unwanted user from connecting to an unsecured port.10Refer to the exhibit. When configuring SSH on a router using SDM from the Configure menu, which two steps are required? (Choose twoChoose Additional Tasks > Router Access > SSH to generate the RSA keys.Choose Additional Tasks > Router Access > VTY to specify SSH as the input and output protocol.Choose Additional Tasks > Router Properties > Netflow to generate the RSA keys.Choose Additional Tasks > Router Properties > Logging to specify SSH as the input and output protocol.Choose Additional Tasks > Router Access > AAA to generate the RSA keys.Choose Additional Tasks > Router Access > Management Access to specify SSH as the input and output protocol.11Refer to the exhibit. Based on the output from the show secure bootset command on router R1, which three conclusions can be drawn IOS Resilience? (Choose three.)A copy of the Cisco IOS image file has been made.A copy of the router configuration file has been made.The Cisco IOS image file is hidden and cannot be copied, modified, or deleted.The Cisco IOS image filename will be listed when the show flash command is issued on R1.The copy tftp flash command was issued on R1.The secure boot-config command was issued on R1.12Which three OSI layers can be filtered by a stateful firewall? (Choose three.)Layer 2Layer 3Layer 4Layer 5Layer 6Layer 713What is an important difference between network-based and host-based intrusion prevention?Host-based IPS is more scalable than network-based IPS.Host-based IPS can work in promiscuous mode or inline mode.Network-based IPS is better suited for inspection of SSL and TLS encrypted data flows.Network-based IPS provides better protection against OS kernel-level attacks on hosts and servers.Network-based IPS can provide protection to hosts without the need of installing specialized software on each one.14What will be disabled as a result of the no service password-recovery command?aaa new-model global configuration commandchanges to the configuration registerpassword encryption serviceability to access ROMmon15Which function does an IPS perform?It passively monitors the traffic on a network.It works in inline mode for processing all ingress and egress traffic.It compares the captured traffic stream with known malicious signatures in an offline manner.It can only send an alarm to the management console when malicious traffic is detected.16Refer to the exhibit. An administrator has entered the commands that are shown on router R1. At what trap level is the logging function s235617What are access attacks?attacks that prevent users from accessing network servicesattacks that modify or corrupt traffic as that traffic travels across the networkattacks that exploit vulnerabilities to gain access to sensitive informationattacks that involve the unauthorized discovery and mapping of systems, services, and vulnerabilities18Which mitigation technique can help prevent MAC table overflow attacks?root guardBPDU guardstorm controlswitchport security19Which three major subpolicies should comprise a comprehensive security policy that meets the security needs of a typical enterprise? (Cend-user policiesdepartmental policiesgoverning policieshuman resource policiesorganizational policiestechnical policies20Which three statements describe SSL-based VPNs? (Choose three.)Asymmetric algorithms are used for authentication and key exchange.It is impossible to configure SSL and IPsec VPNs concurrently on the same router.Special-purpose client software is required on the client machine.Symmetric algorithms are used for bulk encryption.The authentication process uses hashing technologies.The application programming interface is used to extensively modify the SSL client software.The primary restriction of SSL VPNs is that they are currently supported only in hardware.21Refer to the exhibit. Which Cisco IOS security feature is implemented on router R2?CBAC firewallreflexive ACL firewallzone-based policy firewallAAA access control firewall22When port security is enabled on a Cisco Catalyst switch, what is the default action when the maximum number of allowed MAC addresseThe violation mode for the port is set to restrict.The MAC address table is cleared, and the new MAC address is entered into the table.The port remains enabled, but the bandwidth is throttled until the old MAC addresses are aged out.The port is shut down.23Which two protocols allow SDM to gather IPS alerts from a Cisco ISR router? (Choose two.)FTPHTTPSSDEESSHSyslogTFTP24Which three statements describe limitations in using privilege levels for assigning command authorization? (Choose three.)There is no access control to specific interfaces on a router.The root user must be assigned to each privilege level defined.Commands set on a higher privilege level are not available for lower privileged users.Views are required to define the CLI commands that each user can access.Creating a user account that needs access to most but not all commands can be a tedious process.It is required that all 16 privilege levels be defined, whether they are used or not.25Which device supports the use of SPAN to enable monitoring of malicious activity?Cisco NACCisco IronPortCisco Security AgentCisco Catalyst switch26Which two statements describe appropriate general guidelines for configuring and applying ACLs? (Choose two.)Multiple ACLs per protocol and per direction can be applied to an interface.If an ACL contains no permit statements, all traffic is denied by default.The most specific ACL statements should be entered first because of the top-down sequential nature of ACLs.Standard ACLs are placed closest to the source, whereas Extended ACLs are placed closest to the destination.If a single ACL is to be applied to multiple interfaces, it must be configured with a unique number for each interface.27Refer to the exhibit. Which AAA command logs the activity of a PPP session?aaa accounting connection start-stop group radiusaaa accounting connection start-stop group tacacs+aaa accounting exec start-stop group radiusaaa accounting exec start-stop group tacacs+aaa accounting network start-stop group radiusaaa accounting network start-stop group tacacs+28What login enhancement configuration command helps prevent successive login DoS attacks?exec-timeoutlogin block-forprivilege exec levelservice password-encryption29Which access list statement permits HTTP traffic that is sourced from host 10.1.129.100 port 4300 and destined to host 192.168.30.10?access-list 101 permit tcp any eq 4300access-list 101 permit tcp 192.168.30.10 0.0.0.0 eq 80 10.1.0.0 0.0.255.255access-list 101 permit tcp 10.1.129.0 0.0.0.255 eq www 192.168.30.10 0.0.0.0 eq wwwaccess-list 101 permit tcp 10.1.128.0 0.0.1.255 eq 4300 192.168.30.0 0.0.0.15 eq wwwaccess-list 101 permit tcp host 192.168.30.10 eq 80 10.1.0.0 0.0.255.255 eq 430030Refer to the exhibit. A network technician has entered the commands that are shown on router R1. However, the authentication with the N What is a possible cause?The NTP key value does not meet the MD5 requirements.Authentication has not been enabled on R1.The NTP key numbers have to match on R1.The NTP server has to be specified on R1.31Refer to the exhibit. Which type of VPN is implemented?remote-access GRE VPNremote-access IPsec VPNremote-access SSL VPNsite-to-site GRE VPNsite-to-site IPsec VPNsite-to-site SSL VPN32Refer to the exhibit. Which three things occur if a user attempts to log in four times within 10 seconds using an incorrect password? (ChoSubsequent virtual login attempts from the user are blocked for 60 seconds.During the quiet mode, an administrator can virtually log in from any host on network 172.16.1.0/24.Subsequent console login attempts are blocked for 60 seconds.A message is generated indicating the username and source IP address of the user.During the quiet mode, an administrator can log in from host 172.16.1.2.No user can log in virtually from any host for 60 seconds.33 A network technician is configuring SNMPv3 and has set a security level of auth. What is the effect of this setting?authenticates a packet using the SHA algorithm onlyauthenticates a packet by a string match of the username or community stringauthenticates a packet by using either the HMAC with MD5 method or the SHA methodauthenticates a packet by using either the HMAC MD5 or HMAC SHA algorithms and encrypts the packet using either the DES, 3D algorithms34What is a result of securing the Cisco IOS image using the Cisco IOS Resilient Configuration feature?The Cisco IOS image file is not visible in the output of the show flash command.The Cisco IOS image is encrypted and then automatically backed up to a TFTP server.The Cisco IOS image is encrypted and then automatically backed up to the NVRAM.When the router boots up, the Cisco IOS image is loaded from a secured FTP location.35Refer to the exhibit. What information can be obtained from the AAA configuration statements?The authentication method list used for Telnet is named ACCESS.The authentication method list used by the console port is named ACCESS.The local database is checked first when authenticating console and Telnet access to the router.If the TACACS+ AAA server is not available, no users can establish a Telnet session with the router.If the TACACS+ AAA server is not available, console access to the router can be authenticated using the local database.36Which three additional precautions should be taken when remote access is required in addition to local access of networking devices? (CA legal notice should not be displayed when access is obtained.All activity to the specified ports that are required for access should be unrestricted.All configuration activities should require the use of SSH or HTTPS.All administrative traffic should be dedicated to the management network.The number of failed login attempts should not be limited, but the time between attempts should.Packet filtering should be required so that only identified administration hosts and protocols can gain access.37What occurs after RSA keys are generated on a Cisco router to prepare for secure device management?All vty ports are automatically configured for SSH to provide secure management.The general-purpose key size must be specified for authentication with the crypto key generate rsa general-keys modulus commThe keys must be zeroized to reset secure shell before configuring other parameters.The generated keys can be used by SSH.38The use of which two options are required for IPsec operation? (Choose two.)AH protocols for encryption and authenticationDiffie-Hellman to establish a shared-secret keyIKE to negotiate the SAPKI for pre-shared-key authenticationSHA for encryption39Which two guidelines relate to in-band network management? (Choose two.)Apply in-band management only to devices that must be managed on the production network.Implement separate network segments for the production network and the management network.Attach all network devices to the same management network.Use IPSec, SSH, or SSL.Deploy a terminal server with console connections to each network device.40Which two statements are characteristics of the IPsec protocol? (Choose two)IPsec is a framework of open standards.IPsec is implemented at Layer 4 of the OSI model.IPsec ensures data integrity by using a hash algorithm.IPsec uses digital certificates to guarantee confidentiality.IPsec is bound to specific encryption algorithms, such as 3DES and AES.41Which element of the Cisco Threat Control and Containment solution defends against attempts to attack servers by exploiting application system vulnerabilities?threat control for emailthreat control for endpointsthreat control for infrastructurethreat control for systems42Refer to the exhibit. Based on the IPS configuration that is provided, which statement is true?The signatures in all categories will be retired and not be used by the IPS.The signatures in all categories will be compiled into memory and used by the IPS.Only the signatures in the ios_ips basic category will be compiled into memory and used by the IPS.The signatures in the ios_ips basic category will be retired and the remaining signatures will be compiled into memory and used by43Which two Cisco IPS management and monitoring tools are examples of GUI-based, centrally managed IPS solutions? (Choose two.)Cisco Adaptive Security Device ManagerCisco IPS Device ManagerCisco Router and Security Device ManagerCisco Security ManagerCisco Security Monitoring, Analysis, and Response System44What are three common examples of AAA implementation on Cisco routers? (Choose three.)authenticating administrator access to the router console port, auxiliary port, and vty portsauthenticating remote users who are accessing the corporate LAN through IPsec VPN connectionsimplementing public key infrastructure to authenticate and authorize IPsec VPN peers using digital certificatesimplementing command authorization with TACACS+securing the router by locking down all unused servicestracking Cisco Netflow accounting statistics45Which action best describes a MAC address spoofing attack?altering the MAC address of an attacking host to match that of a legitimate hostbombarding a switch with fake source MAC addressesforcing the election of a rogue root bridgeflooding the LAN with excessive traffic46Refer to the exhibit. An administrator is configuring ZPF using the SDM Basic Firewall Configuration wizard. Which command is generate administrator selects the Finish button?zone security Out-zone on interface Fa0/0zone security Out-zone on interface S0/0/0zone-member security Out-zone on interface Fa0/0zone-member security Out-zone on interface S0/0/047An organization requires that individual users be authorized to issue specific Cisco IOS commands. Which AAA protocol supports this reTACACS+ because it separates authentication and authorization, allowing for more customization.RADIUS because it supports multiple protocols, including ARA and NetBEUI.TACACS+ because it supports extensive accounting on a per-user or per-group basis.RADIUS because it implements authentication and authorization as one process.48Which three principles are enabled by a Cisco Self-Defending Network? (Choose three.)adaptabilitycollaborationinsulationintegrationmitigationscalability49Refer to the exhibit. Which interface configuration completes the CBAC configuration on router R1?R1(config)# interface fa0/0R1(config-if)# ip inspect INSIDE inR1(config-if)# ip access-group OUTBOUND inR1(config)# interface fa0/1R1(config-if)# ip inspect INSIDE inR1(config-if)# ip access-group OUTBOUND inR1(config)# interface fa0/1R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE outR1(config)# interface fa0/0R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE inR1(config)# interface fa0/1R1(config-if)# ip inspect OUTBOUND inR1(config-if)# ip access-group INSIDE in50Which three statements should be considered when applying ACLs to a Cisco router? (Choose three.)Place generic ACL entries at the top of the ACL.Place more specific ACL entries at the top of the ACL.Router-generated packets pass through ACLs on the router without filtering.ACLs always search for the most specific entry before taking any filtering action.A maximum of three IP access lists can be assigned to an interface per direction (in or out).An access list applied to any interface without a configured ACL allows all traffic to pass.51What precaution should be considered when the no service password-recovery command has been issued on an IOS device?The passwords in the configuration files are in clear text.IOS recovery requires a new system flash with the IOS image.When the password is lost, access to the device will be terminated.The device must use simple password authentication and cannot have user authentication.52Which three statements describe the IPsec protocol framework? (Choose three.)AH uses IP protocol 51.AH provides encryption and integrity.AH provides integrity and authentication.ESP uses UDP protocol 50.ESP requires both authentication and encryption.ESP provides encryption, authentication, and integrity.53Refer to the exhibit. An administrator has configured router R1 as indicated. However, SDEE messages fail to log. Which solution correctIssue the logging on command in global configuration.Issue the ip ips notify sdee command in global configuration.Issue the ip audit notify log command in global configuration.Issue the clear ip ips sdee events command to clear the SDEE buffer.54Which command would an administrator use to clear generated crypto keys?Router(config)# crypto key decryptRouter(config-line)# transport input ssh clearRouter(config)# crypto key rsaRouter(config)# crypto key zeroize rsa55Refer to the exhibit. Which two statements are correct regarding the configuration on switch S1? (Choose two.)Port Fa0/5 storm control for broadcasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.Port Fa0/6 storm control for multicasts and broadcasts will be activated if traffic exceeds 2,000,000 packets per second.Port Fa0/6 storm control for multicasts will be activated if traffic exceeds 2,000,000 packets per second.Port Fa0/5 storm control for multicasts will be activated if traffic exceeds 80.1 percent of the total bandwidth.Port Fa0/5 storm control for broadcasts and multicasts will be activated if traffic exceeds 80.1 percent of 2,000,000 packets per sec56What functionality is provided by Cisco SPAN in a switched network?It mitigates MAC address overflow attacks.It prevents traffic on a LAN from being disrupted by a broadcast storm.It mirrors traffic that passes through a switch port or VLAN to another port for traffic analysis.It protects the switched network from receiving BPDUs on ports that should not be receiving them.It inspects voice protocols to ensure that SIP, SCCP, H.323, and MGCP requests conform to voice standards.It copies traffic that passes through a switch interface and sends the data directly to a syslog or SNMP server for analysis.57Which three commands are required to configure SSH on a Cisco router? (Choose three.)ip domain-name name in global configuration modetransport input ssh on a vty lineno ip domain-lookup in global configuration modepassword password on a vty lineservice password-encryption in global configuration modecrypto key generate rsa in global configuration mode58Refer to the exhibit. Based on the SDM screen shown, which two conclusions can be drawn about the IKE policy being configured? (ChoIt will use digital certificates for authentication.It will use a predefined key for authentication.It will use a very strong encryption algorithm.It will be the default policy with the highest priority.It is being created using the SDM VPN Quick Setup Wizard.59Which statement describes the SDM Security Audit wizard?After the wizard identifies the vulnerabilities, the SDM One-Step Lockdown feature must be used to make all security-related configuAfter the wizard identifies the vulnerabilities, it automatically makes all security-related configuration changes.The wizard autosenses the inside trusted and outside untrusted interfaces to determine possible security problems that might exist.The wizard is based on the Cisco IOS AutoSecure feature.The wizard is enabled using the Intrusion Prevention task.60What is a feature of the TACACS+ protocol?It combines authentication and authorization as one process.It encrypts the entire body of the packet for more secure communications.It utilizes UDP to provide more efficient packet transfer.It hides passwords during transmission using PAP and sends the rest of the packet in plaintext.。

思科 期末考试答案之欧阳育创编

思科 期末考试答案之欧阳育创编

时间:2021.02.04创作:欧阳育关闭窗口考试系统考试浏览器 - ENetwork Final Exam - CCNA Exploration: Network Fundamentals (版本 4.0)下面是考试的考试试题以及与题目关联的评分规则。

思科网络技术学院的内容是受到版权保护的,禁止一切未经授权的张贴,分发或共享本考试的内容.1下列哪一个 OSI 层负责管理数据段?应用层表示层会话层传输层请参见图示。

图中所示为客户端之间发送电子邮件的过程。

以下哪一列表正确地标识了图中各编号阶段使用的组件或协议?1.MUA2.MDA3.MTA4.SMTP5.MTA6.POP7.MDA8.MUA1.MUA2.POP3.MDA4.SMTP5.MTA6.MDA7.SMTP8.MUA1.MUA2.POP3.SMTP4.MDA5.MTA6.SMTP7.POP8.MUA1.MUA2.SMTP3.MTA4.SMTP5.MTA6.MDA7.POP8.MUA服务端口号主机逻辑地址设备物理地址虚拟连接标识符应用层表示层会话层传输层网络层IPUDP以太网无连接确认面向连接的上层协议或服务设备会侦听介质,并且仅当无法检测到介质上存在其它信号时才会传输数据。

介质上的所有设备均可侦听所有通信。

设备根据配置的优先级来进行通信。

发生冲突后,引起冲突的设备会优先尝试传输数据。

发生冲突时,所有设备会在一段时间内停止传输数据,该段时间的长度随机决定。

CSMA/CD 使用令牌系统来避免冲突。

源 IP 地址和目的 IP 地址源 MAC 地址和目的 MAC 地址源端口号和目的端口号源通道标识符和目的通道标识符分割和记录数据。

在源主机和目的主机上运行的程序之间进行数据交换。

控制数据如何传递到介质中。

生成信号以表示每个帧中的比特。

使用帧头和帧尾封装每个数据包,以便在本地介质中进行传输。

0 points if more options areselected than required.请参见图示。

CCNA期末考试题及答案试卷A(仅供参考)

CCNA期末考试题及答案试卷A(仅供参考)

1.下列有关网络层编址的陈述中哪三项是正确的?(选择三项。

)网络层编址使用分层式结构。

使用长度为48 位的地址。

以太网交换机可以使用它来作出转发决定。

它不支持广播。

其使用的编址方法可以识别地址的网络部分。

网络层编址可以区分每台主机。

2请参见图示。

网络中的所有设备均使用默认配置。

此拓扑中存在多少个广播域?3579113请参见图示。

主机B 已断电。

交换机的MAC 表将发生什么变化?MAC 表不会受影响。

交换机会在Fa0/19 上删除MAC 地址。

交换机会保留MAC 地址,直到主机B 再次通电。

交换机将通过为端口Fa0/19 分配地址FFF.FFFF.FFFF 来重建MAC表。

4.请参见图示。

为了使此网络中的主机接入Internet,路由器RT_A 需要提供哪种功能?地址转换DHCP 服务ftpWeb 服务器5.哪三个地址属于私有IP 地址?(选择三项。

)10.0.0.1127.0.0.1150.0.0.1172.16.0.1192.168.0.1200.100.50.16请参见图示。

电缆1 和电缆2 分别按照特定的物理层要求接线。

表中按编号列出了每个网段以及该网段中用来连接网络组件的电缆。

哪三个网段安装的电缆是正确的?(选择三项。

)网段1网段2网段3网段4网段5网段67.OSI 模型的哪两项功能在第2 层实现?(选择两项)物理编址编码路由布线介质访问控制8.请参见图示。

网络管理员想通过Modem1 从PC1 远程访问路由器的CLI。

要实现此访问,应将路由器的哪一个端口连接到Modem2?控制台端口以太网端口辅助端口串行端口9请参见图示。

某学生对5e 类电缆两端的接线方法如图所示。

结果是什么?(选择两项)电缆无法使用,必须重新接线。

该电缆适合作为全反电缆使用。

该电缆适合作为快速以太网交叉电缆使用。

该电缆适合作为千兆以太网直通电缆使用。

该电缆适合在支持Auto-MDIX 的两台100 Mbps 交换机之间使用。

思科 期末考试答案之欧阳文创编

思科 期末考试答案之欧阳文创编

时间:2021.03.12创作:欧阳文关闭窗口考试系统考试浏览器 - ENetwork Final Exam - CCNA Exploration: Network Fundamentals (版本 4.0)下面是考试的考试试题以及与题目关联的评分规则。

思科网络技术学院的内容是受到版权保护的,禁止一切未经授权的张贴,分发或共享本考试的内容.1下列哪一个 OSI 层负责管理数据段?应用层表示层会话层传输层请参见图示。

图中所示为客户端之间发送电子邮件的过程。

以下哪一列表正确地标识了图中各编号阶段使用的组件或协议1.MUA2.MDA3.MTA4.SMTP5.MTA6.POP7.MDA8.MUA1.MUA2.POP3.MDA4.SMTP5.MTA6.MDA7.SMTP8.MUA1.MUA2.POP3.SMTP4.MDA5.MTA6.SMTP7.POP8.MUA1.MUA2.SMTP3.MTA4.SMTP5.MTA6.MDA7.POP8.MUA第 4 层报头包含帮助数据传输的哪一类信息?服务端口号主机逻辑地址设备物理地址虚拟连接标识符哪个 OSI 层提供面向连接的可靠数据通信服务?应用层表示层会话层传输层网络层当 OSIIPUDP以太网无连接确认面向连接的上层协议或服务设备会侦听介质,并且仅当无法检测到介质上存在其它信号时才会传输数据。

介质上的所有设备均可侦听所有通信。

设备根据配置的优先级来进行通信。

发生冲突后,引起冲突的设备会优先尝试传输数据。

发生冲突时,所有设备会在一段时间内停止传输数据,该段时间的长度随机决定。

CSMA/CD 使用令牌系统来避免冲突。

源 IP 地址和目的 IP 地址源 MAC 地址和目的 MAC 地址源端口号和目的端口号源通道标识符和目的通道标识符数据链路层有哪两项功能?(选择两项)分割和记录数据。

在源主机和目的主机上运行的程序之间进行数据交换。

控制数据如何传递到介质中。

生成信号以表示每个帧中的比特。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

精品1 下列哪个端口号范围为服务器上运行的应用程序常用的服务而保留?0 到2550 到10231024 到4915149152 到 655352 以下哪组网络 ID 和子网掩码正确标识了从 172.16.128.0 到 172.16.159.255 的所有 IP 地址?172.16.128.0 255.255.255.224172.16.128.0 255.255.0.0172.16.128.0 255.255.192.0172.16.128.0 255.255.224.0172.16.128.0 255.255.255.1923 以下哪个 OSI 协议层提供面向连接的可靠数据通信服务?应用层精品演示文稿会话传输层network4何时必须使用clock rate命令配置路由器串行接口?当该接口充当DTE 设备时当该接口计时器已经清除时当连接的DTE 设备关闭时当该接口充当DCE 设备时5下列哪些是私有IP 地址的地址范围?(选择三项。

)10.0.0.0 到10.255.255.255200.100.50.0 到200.100.25.255精品150.150.0.0 到150.150.255.255精品精品172.16.0.0 到172.31.255.255192.168.0.0 到192.168.255.255127.16.0.0 到 127.31.255.2556请参见图示。

每条介质链路都已标记。

应该使用哪种类型的电缆连接不同设备?连接 1 - 全反电缆连接 2 - 直通电缆连接 3 - 交叉电缆连接 1 - 交叉电缆连接 2 - 全反电缆连接 3 - 交叉电缆连接 1 - 直通电缆连接 2 - 交叉电缆连接 3 - 交叉电缆连接 1 - 直通电缆连接 2 - 交叉电缆连接 3 - 直通电缆精品连接1 - 交叉电缆连接 2 - 直通电缆连接 3 - 交叉电缆7请参见图示。

IP 地址192.168.33.2 代表什么?主机的默认网关。

主机的 IP 地址。

主机的首选域名服务器。

网站 resolver1.mooki.local 的 IP 地址。

主机的主页 IP 地址。

8精品请参见图示。

对图示拓扑可以得出哪两项结论?(选择两项)存在一个广播域。

需要两个逻辑地址范围。

显示了三个广播域。

需要四个网络。

存在五个冲突域。

9哪些类型的介质不受EMI 和RFI 影响?(选择两项)10 Base-T10 Base-2精品10 Base-5100 Base-FX100 Base TX1000 Base LX10请参见图示。

下列关于图中所示IP 配置的陈述,哪三项是正确的?(选择三项)精品分配给该计算机的地址代表私有地址。

精品该计算机无法在本地网络外通信。

此计算机的网络可支持126 台主机。

该计算机地址的前缀是/27。

分配给该计算机的IP 地址可在Internet 上路由。

分配给该计算机的IP 地址是广播地址。

11由于发生安全规规事件,必须更改路由器口令。

从以下配置项可获知什么信息?(选择两项。

)Router(config)#line vty 0 3Router(config-line)# password c13c0Router(config-line)#login这些配置项对远程访问指定了三条Telnet 线路。

这些配置项对远程访问指定了四条Telnet 线路。

这些配置项将控制台口令和Telnet 口令设置为"c13c0"。

因为Telnet 配置不完整,所以Telnet 访问将遭到拒绝。

精品允许使用"c13c0" 作为口令访问Telnet。

精品精品12 作为网络管理员,假设 IP 地址为 172.30.0.0,能够支持 510 台主机的子网掩码是什么?255.255.0.0255.255.248.0255.255.252.0255.255.254.0255.255.255.0255.255.255.12813 哪种口令在创建时自动加密?vtyaux控制台电缆使能加密口令使能口令精品14第4 层报头包含帮助数据传输的哪一类信息?服务端口号主机逻辑地址设备物理地址虚拟连接标识符15请参见图示。

图中所示为客户端之间发送电子邮件的过程。

从下列选项中选择正确标识图中各编号阶段使用的组件或协议的列表。

精品1.MUA2.MDA3.MTA4.SMTP5.MTA6.POP7.MDA8.MUA精品精品1.MUA2.POP3.MDA4.SMTP5.MTA6.MDA7.SMTP8.MUA1.MUA2.POP3.SMTP4.MDA5.MTA6.SMTP7.POP8.MUA1.MDA2.SMTP3.MTA4.SMTP5.MTA6.MUA7.POP8.MDA1.MUA2.SMTP3.MTA4.SMTP5.MTA6.MDA7.POP8.MUA16请参见图示。

哪种逻辑拓扑是对图示网络最准确的描述?星型环点对点多路访问网状17您所在的网际网络发生了路由问题。

要鉴别此错误,应该检查以下哪种类型的设备?接入点主机集线器路由器交换机18在Cisco IOS 设备中,启动配置文件存储于何处?闪存精品NVRAM精品RAMROM19请参见图示。

为了使此网络中的主机接入Internet,路由器RT_A 需要提供哪种功能?地址转换DHCP 服务精品ftp精品Web 服务器20下列哪些有关网络层编址的陈述是正确的?(选择三项)使用平面结构防止广播分层唯一标识每台主机长48 位包括网络部分21精品精品请参见图示。

假设所有设备均使用默认配置。

支持显示的拓扑需要多少个子网?13457精品精品22请参见图示。

电缆 1 和电缆 2的两端分别按照特定的物理层要求接线。

表中按编号列出了每个网段以及网络技术人员在该网段不同网络组件之间已经安装的电缆。

根据给定的数据回答,哪些网段的电缆安装正确?(选择三项)网段1网段 2网段 3网段 4网段523请参见图示。

主机 A 尝试与主机 B 建立TCP/IP 会话。

尝试期间,捕获了源MAC 地址为0050.7320.D632 而目的MAC 地址为0030.8517.44C4 的帧。

捕获的帧中封装了源IP 地址为192.168.7.5而目的IP 地址为192.168.219.24 的数据包。

此数据包是在网络中哪一点捕获的?离开主机 A离开ATL精品精品离开Dallas离开 NYC24请参见图示。

下列哪两项陈述描述了报头中代表的信息?(选择两项)这是服务器响应。

使用的是 UDP 协议。

目的端口表示 Telnet 会话。

返回数据段将包含源端口 23。

此会话的客户端发起的下一次会话将使用源端口号 13358。

25下列哪种提示符代表适合copy running-config startup-config命令使用的模式?精品Switch-6J>Switch-6J#Switch-6J(config)#Switch-6J(config-if)#Switch-6J(config-line)#26请参见图示。

根据显示的IP 配置回答,主机 A 和主机 B 无法在本地网络外通信的原因是什么?精品对主机 A 分配了网络地址。

对主机 B 分配了组播地址。

主机 A 和主机 B 属于不同的网络。

对网关地址分配了广播地址。

27精品请参见图示。

下列哪组设备仅包含中间设备?精品精品A 、B 、D 、GA 、B 、E 、F C、D 、G 、IG 、H 、I 、J28请参见图示。

主机 A 正在向主机 B 传输数据。

主机 A 将使用什么地址作为此通信中的目的 IP 地址和目的 MAC 地址?目的 MAC :BBBB:BBBB:BBBB 目的 IP : 172.22.0.62目的MAC:DDDD:DDDD:DDDD 目的IP:172.22.0.75目的MAC:EEEE:EEEE:EEEE 目的IP:172.22.0.62目的MAC:BBBB:BBBB:BBBB 目的IP:172.22.0.75目的MAC:EEEE:EEEE:EEEE 目的IP:172.22.0.75目的MAC:DDDD:DDDD:DDDD 目的IP:172.22.0.9429下列哪三项陈述说明了传输层协议的特征?(选择三项)应用层协议使用TCP 端口号和UDP 端口号。

TCP 使用端口号提供可靠的IP 数据包传输。

UDP 使用窗口和确认获得可靠的数据传输。

TCP 使用窗口和定序提供可靠的数据传输。

TCP 是面向连接的协议。

UDP 是无连接协议。

30精品精品请参见图示。

当计算机 A 向计算机 D 发送帧时,哪些计算机会接收该帧?仅计算机D仅计算机 A 和计算机D仅计算机B、计算机 C 和计算机 D精品所有计算机31请参见图示。

包含路由器 B的网络遇到问题。

助理网络工程师已确定此网络的问题出在路由器B。

执行什么操作可以纠正该网络问题?在接口FastEthernet 0/0上发出ip address命令在接口FastEthernet 0/1上发出no shutdown命令在接口Serial 0/0/0 上发出clock rate命令在接口Serial 0/0/1 上发出description命令32当OSI 模型下层执行无连接协议时,通常使用什么来确认数据接收并请求重传丢失的数据?精品无连接确认精品精品面向连接的上层协议网络层 IP 协议 传输层UDP 协议33请参见图示。

网络管理员从 PC1 远程访问 RouterB 的 CLI 。

下列有关用于建立此连接的应用层协议的陈述中,哪两项是正确的?(选择两项)数据经过加密。

该连接类型称为 VTY 会话。

服务器进程在 PC1 上运行。

GET 请求发送到RouterB。

服务、协议和客户端的应用名称相同。

34请参见图示。

对于从主机 A 向Web 服务器发出的网页请求,正确的目的套接字数字是什么?00-08-a3-b6-ce-46198.133.219.25:80精品精品C 172.18.0.0/24 is directly connected, FastEthernet0/035查看图示与当前配置。

秘书办公室的主机 A 由于故障被更换。

尽管更换的计算机可以成功ping 通 127.0.0.1,但却无法访问公司网络。

问题的原因可能是什么?IP 地址输入有误网络电缆没有插好子网掩码输入有误网卡故障36IP 依靠OSI 哪一层的协议来确定数据包是否已丢失并请求重传?应用层表示层会话层传输层37一位技术人员必须通过要求提供口令来确保交换机特权执行模式的安全。

哪种类型的口令能满足此类登录的需要并可视为最安全的口令?控制台电缆使能使能加密口令VTY精品38精品请参见图示。

一台路由器(其路由表如图所示)收到发往192.168.1.4 的数据包。

相关文档
最新文档