1、CCNA640-802 V13题库试题分析题库讲解:吴老师(艾迪飞CCIE 实验室首发网站:http:/1. What are two reasons that a network administrator would use access lists? (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traff
2、ic that originates from the router E. to replace passwords as a line of defense against security incursions Answer: AC解释一下:在VTY线路下应用 ACL,可以控制从VTY 线路进来的 telnet的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WAN is classified as what type of physical network? A. point-to-point B. broadcast multi-access C
3、. nonbroadcast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C解释一下:在默认的情况下,帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。3Refer to the exhibit. How many broadcast domains exist in the exhibited topology?A. one B. two C. three D. four E. five F. six Answer: C解释一下:广播域的问题,在默认的情况
4、下,每个交换机是不能隔离广播域的,所以在同一个区域的所有交换机都在同一个广播域中,但是为了减少广播的危害,将广播限制在一个更小的范围,有了VLAN的概念,VLAN表示的是一个虚拟的局域网,而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表示一个单独的广播域,这样一个VLAN 中的广播的流量是不能传到其他的区域的,所以在上题中就有3个广播域了。4. A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users ar
5、e experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF
6、6. The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command? A. This command should be executed from the global configuration mode. B. The IP address 10.121.16.8 is the local router port used to forward data
7、. C. 102 is the remote DLCI that will receive the information. D. This command is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer: E解释一下:关于命令 frame-relay map ip 10.121.16.8 102 broadcast ,这个命令用于手工静态添加一条映
8、射,到达10.121.16.8的流量封装一个DLCI号为102,而且这条PVC是支持广播的流量的,比如RIP的更新包。因为在默认的情况下,帧中继的网络为非广播的,而RIP在其上是无法发包的。8Which of the following are associated with the application layer of the OSI model? (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: BC解释一下:在OSI 7层模型中位于应用层的应用有telnet 和 ftp 这两种应用。9. For security
9、reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists? A. IP B. ICMP C. TCP D. UDP Answer: B解释一下:PING命令 利用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以如果要阻止PING的流量到网络,就只要过滤掉IC
10、MP的应用就可以了。10Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator com
11、pleted the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem?A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address 192.168.3
12、.1 255.255.255.0 B. Router(config)# router rip Router(config-router)# network 192.168.1.0 Router(config-router)# network 192.168.2.0 Router(config-router)# network 192.168.3.0 C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(co
13、nfig)# interface fastethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport trunk encapsulation isl Answer: A解释一下:这是一个多VLAN间通讯的问题,虽然都同在一台交换机上,但是由于处在不同的VLAN 中,而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了,在交换机和路由器之间封装TRUNK ,这样可以允许交换机间的二层的通讯,但是由于两个VLAN是划分到不同的网段中的,因此需要借助路
14、由器的路由功能来实现三层的可达,可以将VLAN中的主机的网关指定为路由器与该VLAN 相连的子接口的地址,这样VLAN中的数据包就都会发往网关,而由网关来进行进一步的转发。在这个题中,题目给出了路由器的的子接口的网段,而又给出了VLAN 2与路由器相连的接口的IP地址,所以剩下的一个网段就是给VLAN 3的了 ,所以要在路由器上将与一个子接口划分到VLAN 3,并给其分配另一个网段中的IP地址。这样就可以了。11What are two recommended ways of protecting network device configuration files from outside
15、network security threats? (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access from the outside to the network devices. C. Always use Telnet to access the device command line because its data is automatically encrypted. D. Use SSH or another en
16、crypted and authenticated transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption. Answer: BD解释一下:要确保外部的安全的站点才可以访问我的网络,这就涉及到了安全的问题了,我们 可以使用防火墙来限制外网中来的设备;也可以通过SSH或加密和认证来控制。12Refer to the exhibit. The access list has been configured on the S0/0 inte
17、rface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any A. source ip address: 192.168.15.5; destination port: 21 B. source ip address:, 1
18、92.168.15.37 destination port: 21 C. source ip address:, 192.168.15.41 destination port: 21 D. source ip address:, 192.168.15.36 destination port: 23 E. source ip address: 192.168.15.46; destination port: 23 F. source ip address:, 192.168.15.49 destination port: 23 Answer: DE解释一下:这个访问列表定义了两个语句:acces
19、s-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any 在访问列表中匹配的顺序是从上到下,如果匹配了某一句,就退出访问列表,如果没有就一直往下匹配,在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中,他定义的第一句是拒绝到从192.168.15.32- 192.168.15.47发出的任何的telnet 的流量,然后第二句定义的就是允许所有的 IP流量。而且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。13Refer
20、to the exhibit. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table? A. Switch1 will add 192.168.23.4 to the switching table. B. Switch1 will add 192.168.23.12
21、to the switching table. C. Switch1 will add 000A.8A47.E612 to the switching table. D. Switch1 will add 000B.DB95.2EE9 to the switching table. Answer: C解释一下:交换机重新启动了,这个时候交换机的MAC地址表是空的,当主机A发送数据给主机C而经过交换机时,交换机根据他的工作 的原理他要进行原MAC地址学习,而因为对于这个目的MAC地址无记录,而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中,交换机是记录下主机A 的MAC
22、地址000A.8A47.E612到他的MAC地址表中。14. he user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do?A. send a unicast ARP packet to the DSL modem/router B. send unicast ICMP packets to the DSL modem/router C. send Layer 3
23、 broadcast packets to which the DSL modem/router responds D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router Answer: B解释一下:在下面的表中我们可以看到ARP表中有关于192.168.1.254的ARP条目,所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient sum
24、marization that R1 can use to advertise its networks to R2?A. 172.1.0.0/22 B. 172.1.0.0/21 C. 172.1.4.0/22 D. 172.1.4.0/24 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 E. 172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 Answer: C解释一下:这还是一个关于汇总的问题。要求R1将所有的网段用汇总的条目发送给R2 ,因为这些条目的网络位是相同的都为17
25、2.1,所以在这需要汇总的只是第3个八位,将4,4,5,6,7 这些写成二进制的形式,然后找出相同的位数,则有相同位数的字节就是他们的掩码的位数,而最小的有相同位的最小的数字就是他们的基数位,所以R1通告出去 汇总的条目为172.2.4.0/22。16. Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2.
26、How will the default route configured on R1 affect the operation of R2?A. Any packet destined for a network that is not directly connected to router R1 will be dropped. B. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately. C. Any packet destine
27、d for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1. D. The networks directly connected to router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks. E. Any packet destined
28、 for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur. Answer: E解释一下:在R1上产生了一个 OSPF的缺省路由,出接口指定 为S0/0,这条缺省路由以5类LSA的形式通告给了R2,于是 R2上也有了一条标记为O*E2 0.0.0.0/0 出接口为 Serial0/0的路由。所以R2收到任何路由表中没有的目的
29、网段时,就将指定给R1 ,而R1根据缺省路由的出接口又将数据包发往R2,这样就形成了一个路由的环路。17. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port? A. This is a 10 Mb/s switch port. B. This is a 100 Mb/s switch por
30、t. C. This is an Ethernet port operating at half duplex. D. This is an Ethernet port operating at full duplex. E. This is a port on a network interface card in a PC. Answer: C解释一下:一个接口有冲突检测和载波侦听,而且是使用双绞线的网络,那么对于这个接口我们可以推测出他是以太接口,而且是工作在半双工的模式下。20. Refer to the topology and router configuration shown
31、in the graphic. A host on the LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?A. 10.10.0.1 B. 10.10.0.2 C. 199.99.9.33 D. 199.99.9.57 E. 200.2.2.17 F. 200.2.2.18 An
32、swer: D解释一下:这是个NAT地址转换的题目,在这 f0/0接口连接下的为私有的地址,这些地址是不能同外网进行通讯的,这时就借助NAT,将内网的私有地址转换为可以在公网上通讯的地址,我们看到NAT POOL 中定义的转换后的公有地址为199.99.9.40到199.99.9.62,则表示这段地址是我转换后的内网全局地址,所以HOST想要穿过INTERNET访问FTP 服务器,则需要转换为公有地址199.99.9.40到199.99.9.62之内的地址,在上面的答案中只有地址199.99.9.57满足条件,所以答案就是D 了。21. A company is installing IP p
33、hones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly conn
34、ect the phones and computers, and what technology should be implemented on this device? (Choose two.) A. hub B. router C. switch D. STP E. subinterfaces F. VLAN Answer: CF解释一下:公司的语音设备和办公的设备都连在相同的设备上,还要确保语音的数据流在不同与公司的办公的数据流量,最好的网络设备当然是交换机了,然后利用VLAN的技术就完全可以满足所有的要求了。22. Refer to the exhibit. Which stat
35、ement describes DLCI 17? A. DLCI 17 describes the ISDN circuit between R2 and R3. B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1. C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3. D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider. Answer: C解释一下:DLCI是在Frame-relay中的描述二层信息的地址,他的地位等同于以太网中的MAC地址。我们以R2 上的DLCI 17来看,DLCI 17描述的是:从这个接口出去的目的地为
