CCNA（ ）题库V104.4（ ）

Transcription

1 培训大讲堂官方 YY 频道 :3660 CCNA 题库考试代号 : 考试时间 : 英文 =140 分钟通过分数 : 825 题库版本 : V104.4 鸿鹄论坛招募 CCNA CCNP 答疑讲师答疑地点 : 鸿鹄官方 YY 频道 3660 鸿鹄大讲堂 : 培训大讲堂官方 YY 频道 :3660 CCNA 题库战报交流 1 QQ 群 : (500 人超级群 ) CCNA 题库战报交流区 : G 视频教程免费下载 :

2 CCNA( ) 题库 V104.4 Number: Passing Score: 825 Time Limit: 120 min File Version: CCNA( ) 题库 V104.4( ) CCNA 题库战报 500 人超级 QQ 群 CCNA 最新题库 / 最新战报发布区 : 下载官方正版题库 看最新考试战报, 请随时关注鸿鹄论坛 CCNA 考试报名 1900, 详情请联系鸿鹄全国区十七名客服 QQ [ 全国唯一 ] 报名思科 CCNA 考试, 送思科真实设备试验 html ======================================== 更新内容 : V104.1 修正 V104 中错误题目, 确定经典争议题目答案 ; V104.2 增加拖图题并可完美模拟考试,VCE 题库增加中文注释 ; V104.3 针对思科 CCNA 考试变题, 更新考试新增题目 93Q, 更新 V104.2 实验题 ; V104.4 增加全文中文注释, 汇总 V104.3 九次更新, 删除部分旧题目, 为目前最新官方正版题库 ; 增加每日新题, 修订部分错误 情人节版 增加 6 道选择题 增加 1 道拖图题 561 修改 题答案修改 472 题图片 =============================================

3

4 Sections 1. Chapter 1: Introduction 2. Chapter 2: TCP/IP 3. Chapter 3: IP Addressing and VLSM 4. Chapter 4: Introduction to Cisco IOS 5. Chapter 5: Managing Cisco IOS 6. Chapter 6: IP Routing 7. Chapter 7: Security 8. Chapter 8: NAT 9. Chapter 9: Switching 10. Chapter 10: VLAN 11. Chapter 11: Wireless 12. Chapter 12: Security Device Manager (SDM) 13. Chapter 13: IPv6 14. Chapter 14: Wide Area Network (WAN) 15. New New New New-4 19.Drag n Drop

5 Exam A QUESTION 1 When you are logged into a switch, which prompt indicates that you are in privileged mode? A. % C. > D. $ E. # Answer: E Section: Chapter 4: Introduction to Cisco IOS 特权模式就是 # 提示符 QUESTION 2 Which command shows system hardware and software version information? A. show configuration B. show environment C. show inventory D. show platform E. show version Answer: E Section: Chapter 4: Introduction to Cisco IOS 查看系统的软件和硬件信息使用的命令是 show version QUESTION 3 Cisco Catalyst switches CAT1 and CAT2 have a connection between them using ports FA0/13. An Q trunk is configured between the two switches. On CAT1, VLAN 10 is chosen as native, but on CAT2 the native VLAN is not specified.what will happen in this scenario? A Q giants frames could saturate the link. B. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send untagged frames. C. A native VLAN mismatch error message will appear. D. VLAN 10 on CAT1 and VLAN 1 on CAT2 will send tagged frames. Answer: C Section: Chapter 10: VLAN 如果两边 native 不匹配的话.switch 将报 native 不匹配的日志信息 QUESTION 4 Which command would correctly configure a serial port on a router with the last usable host address in the /29 subnet? A. Router(config-if)# ip address B. Router(config-if)# ip address C. Router(config-if)# ip address

6 D. Router(config-if)# ip address E. Router(config-if)# ip address F. Router(config-if)# ip address Answer: F Section: Chapter 4: Introduction to Cisco IOS /29 它的块大小为 8 掩码为 地址范围为 QUESTION 5 The network default gateway applying to a host by DHCP is /28. Which option is the valid IP address of this host? A B C D E Answer: C Section: Chapter 3: IP Addressing and VLSM 考点 : 考查 VLSM /28 所在网段的范围是 /28 A: 超出范围 B: 广播地址 C: 正确 D: 网络号 E: 超出范围 QUESTION 6 Which two addresses can be assigned to a host with a subnet mask of ? (Choose two.) A B C D E Answer: BD Section: Chapter 3: IP Addressing and VLSM 考点 : 考查 VLSM A: 网络号 B/D: 正确 C: 广播地址 E: 网络号 QUESTION 7 The network administrator has asked you to check the status of the workstation's IP stack by pinging the loopback address. Which address would you ping to perform this task? A

7 B C D Answer: B Section: Chapter 3: IP Addressing and VLSM 考点 : 使用 ping 来检测主机的 IP 栈 ping 实现 QUESTION 8 Workstation A has been assigned an IP address of /28. Workstation B has been assigned an IP address of /28. The two workstations are connected with a straight-through cable. Attempts to ping between the hosts are unsuccessful. What two things can be done to allow communications between the hosts? (Choose two.) A. Replace the straight-through cable with a crossover cable. B. Change the subnet mask of the hosts to /25. C. Change the subnet mask of the hosts to /26. D. Change the address of Workstation A to E. Change the address of Workstation B to Answer: AB Section: Chapter 3: IP Addressing and VLSM 考点 : 同构设备使用交叉线, 两端的 IP 需要在同一个子网 A: 使用交叉线替换现有的直通线 正确 B: 修改掩码为 25 位, 正确 C: 修改掩码为 26 为, 错误 不能使他们在同一个子网 D/E: 错误, 都不能使他们在同一个子网 QUESTION 9 Your ISP has given you the address /29 to assign to your router's interface. They have also given you the default gateway address of After you have configured the address, the router is unable to ping any remote devices. What is preventing the router from pinging remote devices? A. The default gateway is not an address on this subnet. B. The default gateway is the broadcast address for this subnet. C. The IP address is the broadcast address for this subnet. D. The IP address is an invalid class D multicast address. Answer: B Section: Chapter 3: IP Addressing and VLSM 考点 : 考查 VLSM /29 所在网段的范围是 : /29 A: 默认网关不属于这个子网, 错误 B: 默认网关是这个子网的广播地址, 正确 C: 这个地址是子网的广播地址, 错误 D: 这个地址是组播地址, 错误 QUESTION 10 Which command is used to copy the configuration from RAM into NVRAM?

8 A. copy running-config startup-config B. copy startup-config: running-config: C. copy running config startup config D. copy startup config running config E. write terminal Answer: A Section: Chapter 4: Introduction to Cisco IOS QUESTION 11 Which command is used to load a configuration from a TFTP server and merge the configuration into RAM? A. copy running-config: TFTP: B. copy TFTP: running-config C. copy TFTP: startup-config D. copy startup-config: TFTP: Answer: B Section: Chapter 4: Introduction to Cisco IOS QUESTION 12 A system administrator types the command to change the hostname of a router. Where on the Cisco IFS is that change stored? A. NVRAM B. RAM C. FLASH D. ROM E. PCMCIA Answer: B Section: Chapter 4: Introduction to Cisco IOS running-config 保存在 RAM 中 startup-config 保存在 NVRAM 中 QUESTION 13 Which command is used to configure a default route? A. ip route B. ip route C. ip route D. ip route Answer: D Section: Chapter 6: IP Routing

9 QUESTION 14 If IP routing is enabled, which two commands set the gateway of last resort to the default gateway? (Choose two.) A. ip default-gateway B. ip route C. ip default-network D. ip default-route E. ip route Answer: CE Section: Chapter 6: IP Routing 产生默认网关的两种方式 ip default-network ip route QUESTION 15 Which command would you configure globally on a Cisco router that would allow you to view directly connected Cisco devices? A. enable cdp B. cdp enable C. cdp run D. run cdp Answer: C Section: Chapter 5: Managing Cisco IOS QUESTION 16 Which command is used to see the path taken by packets across an IP network? A. show ip route B. show route C. traceroute D. trace ip route Answer: C Section: Chapter 2: TCP/IP 哪条命令用于查看数据包转发所经过的路径 A: 查看路由表 B: 没有这条命令 C: 正确 D: 没这条命令

10 QUESTION 17 Which command is used to debug a ping command? A. debug icmp B. debug ip icmp C. debug tcp D. debug packet Answer: B Section: Chapter 5: Managing Cisco IOS ping 调用了 icmp 协议, 而 icmp 数据包封装在 ip 包中 QUESTION 18 Which command displays CPU utilization? A. show protocols B. show process C. show system D. show version Answer: B Section: Chapter 5: Managing Cisco IOS 查看 CPU 利用率 QUESTION 19 When configuring a serial interface on a router, what is the default encapsulation? A. atm-dxi B. frame-relay C. hdlc D. lapb E. ppp Answer: C Section: Chapter 14: Wide Area Network (WAN) 缺省封装是 HDLC QUESTION 20 What must be set correctly when configuring a serial interface so that higher-level protocols calculate the best route? A. bandwidth B. delay C. load D. reliability Answer: A Section: Chapter 6: IP Routing

11 为了使高层路由协议计算最佳路由, 串口的什么东西必须被设置正确? 在接口下, 只有带宽是可以配置的 QUESTION 21 A company implements video conferencing over IP on their Ethernet LAN. The users notice that the network slows down, and the video either stutters or fails completely. What is the most likely reason for this? A. minimum cell rate (MCR) B. quality of service (QoS) C. modulation D. packet switching exchange (PSE) E. reliable transport protocol (RTP) Answer: B Section: Chapter 9: Switching 考点 : 当网络中使用视频会议后发现网络非常慢, 什么原因引起的? QoS: 用于定制策略对不同流量进行控制 QUESTION 22 Which layer in the OSI reference model is responsible for determining the availability of the receiving program and checking to see if enough resources exist for that communication? A. transport B. network C. presentation D. session E. application Answer: E Section: Chapter 1: Introduction 哪一层确定的接收程序的可用性? 应用层提供 QUESTION 23 Data transfer is slow between the source and destination. The quality of service requested by the transport layer in the OSI reference model is not being maintained. To fix this issue, at which layer should the troubleshooting process begin? A. presentation B. session C. transport D. network E. physical Answer: D Section: Chapter 1: Introduction 解决网络问题, 先确保网络层通信

12 QUESTION 24 Which protocols are found in the network layer of the OSI reference model and are responsible for path determination and traffic switching? A. LAN B. routing C. WAN D. network Answer: B Section: Chapter 1: Introduction OSI 网络层中什么提供了路径选择和流量转发? 由路由协议提供 通过手工或者动态学习路由条目实现 QUESTION 25 Which command reveals the last method used to powercycle a router? A. show reload B. show boot C. show running-config D. show version Answer: D Section: Chapter 5: Managing Cisco IOS 哪一个命令可以显示最近一次被用来重启路由器的方法? QUESTION 26 Which three options are valid WAN connectivity methods? (Choose three.) A. PPP B. WAP C. HDLC D. MPLS E. L2TPv3 F. ATM Answer: ACF Section: Chapter 14: Wide Area Network (WAN) 哪三种封装属于 WAN 链路的? A: 点到点协议, 正确 B: 无线加密技术, 错误 C: 思科缺省封装格式, 正确 D: 多协议标签转换, 错误 E: 隧道协议, 错误 F: 正确 QUESTION 27 Refer to the exhibit. Which WAN protocol is being used?

13 A. ATM B. HDLC C. Frame Relay D. PPP Answer: C Section: Chapter 14: Wide Area Network (WAN) 由图中的 LMI enq sent 可看到发送接受 LMI 信息 属于 FR 的数据包 QUESTION 28 What is the difference between a CSU/DSU and a modem? A. A CSU/DSU converts analog signals from a router to a leased line; a modem converts analog signals from a router to a leased line. B. A CSU/DSU converts analog signals from a router to a phone line; a modem converts digital signals from a router to a leased line. C. A CSU/DSU converts digital signals from a router to a phone line; a modem converts analog signals from a router to a phone line. D. A CSU/DSU converts digital signals from a router to a leased line; a modem converts digital signals from a router to a phone line. Answer: D Section: Chapter 14: Wide Area Network (WAN) CSU/DSU 一般是专线,MODEN 是将模拟信号与数字信号转换 QUESTION 29 A network administrator must configure 200 switch ports to accept traffic from only the currently attached host devices. What would be the most efficient way to configure MAC-level security on all these ports? A. Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command. B. Have end users their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command. C. Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them. D. Use show mac-address-table to determine the addresses that are associated with each port and then enter the commands on each switch for MAC address port-security.

14 Answer: C Section: Chapter 9: Switching 考点 : 有 200 台主机需要接入, 采用什么方式来增强网络安全性? A: 先验证 mac 安全性, 然后在交换机上绑定 错误, 工作量太大 B: 用户发送邮件认证再在交换机上配置, 错误, 不科学 C: 使用 port-security, 正确 D: 错误, 工作量太大 QUESTION 30 When troubleshooting a Frame Relay connection, what is the first step when performing a loopback test? A. Set the encapsulation of the interface to HDLC. B. Place the CSU/DSU in local-loop mode. C. Enable local-loop mode on the DCE Frame Relay router. D. Verify that the encapsulation is set to Frame Relay. Answer: A Section: Chapter 14: Wide Area Network (WAN) 在对 FR 进行排错的时候, 当做回环测试的时候, 第一步如何处理? A: 讲接口配置成 HDLC, 正确,FR 封装下无法正常 ping 自己端口 QUESTION 31 What occurs on a Frame Relay network when the CIR is exceeded? A. All TCP traffic is marked discard eligible. B. All UDP traffic is marked discard eligible and a BECN is sent. C. All TCP traffic is marked discard eligible and a BECN is sent. D. All traffic exceeding the CIR is marked discard eligible. Answer: D Section: Chapter 14: Wide Area Network (WAN) 在 FR 网络中, 当 CIR 超过时会发生什么情况? D: 所有超过的流量都丢弃 QUESTION 32 What are two characteristics of Frame Relay point-to-point subinterfaces? (Choose two.) A. They create split-horizon issues. B. They require a unique subnet within a routing domain. C. They emulate leased lines. D. They are ideal for full-mesh topologies. E. They require the use of NBMA options when using OSPF. Answer: BC Section: Chapter 14: Wide Area Network (WAN) 帧中继点到点子接口的特点? A: 水平分割, 错误 B: 每个子接口需要一个独立的网段, 正确

15 C: 类似专线, 正确 D: 全网互联是理想拓扑, 错误 通常是 hub-spoke E:NBMA 不支持 OSPF, 错误 QUESTION 33 Refer to the exhibit. Addresses within the range /24 are not being translated to the /16 range. Which command shows if /24 are allowed inside addresses? A. debug ip nat B. show access-list C. show ip nat translation D. show ip nat statistics Answer: B Section: Chapter 8: NAT 那条命令可以看到 /24 是否在允许转换范围 允许的范围是通过 ACL 定义的 A: 打开 NAT 转换的 debug 信息, 错误 B: 查看 acl 信息, 正确 C: 查看 NAT 转换表, 错误 D: 查看静态 NAT 错误 QUESTION 34 A wireless client cannot connect to an b/g BSS with a b/g wireless card. The client section of the access point does not list any active WLAN clients. What is a possible reason for this? A. The incorrect channel is configured on the client. B. The client's IP address is on the wrong subnet. C. The client has an incorrect pre-shared key. D. The SSID is configured incorrectly on the client. Answer: D Section: Chapter 11: Wireless 客户端无法连接到无限接入点, 查看不到可用的无线信号 这通常是 SSID 信号没有配置正确 A: 不正确的信道 错误 B: 客户端的 IP 地址配置错误 C: 客户端的共享 key 错误 D:SSID 配置不正确 QUESTION 35 Which two features did WPAv1 add to address the inherent weaknesses found in WEP? (Choose two.) A. a stronger encryption algorithm

16 B. key mixing using temporal keys C. shared key authentication D. a shorter initialization vector E. per frame sequence counters Answer: BE Section: Chapter 11: Wireless 考点 :WPA1 中增强哪两个在 WEP 中发现的弱点?WEP 存在的隐患主要是依赖共享密钥 A: 更强的加密算法 B: 混合使用的密钥 C: 共享密钥认证 D: 较短的初始化向量 E: 一个帧一个序列计数器 QUESTION 36 Which two wireless encryption methods are based on the RC4 encryption algorithm? (Choose two.) A. WEP B. CCKM C. AES D. TKIP E. CCMP Answer: AD Section: Chapter 11: Wireless 考点 : 哪两种无限加密技术依赖 RC4 A: 有线等效保密协议 B: 英特尔开发一种协议 C: 高级加密标准 D: 暂时密钥集成协议 E: 基于 AES 的加密方式 QUESTION 37 What are two characteristics of RIPv2? (Choose two.) A. classful routing protocol B. variable-length subnet masks C. broadcast addressing D. manual route summarization E. uses SPF algorithm to compute path Answer: BD Section: Chapter 6: IP Routing A: 有类路由协议, 错误 B: 可变长度子网掩码, 正确 C: 采用广播地址更新, 错误 D: 手动路由汇总, 正确 E: 使用 spf 算法计算路径, 错误 QUESTION 38

17 Which two Ethernet fiber-optic modes support distances of greater than 550 meters? A. 1000BASE-CX B. 100BASE-FX C. 1000BASE-LX D. 1000BASE-SX E. 1000BASE-ZX Answer: CE Section: Chapter 1: Introduction A: 最长距离 25 米 B: 最长距离 100 米 C: 最长距离 3000 米 D: 最长距离 550 米 E: 最长距离 70 千米 QUESTION 39 What two things will a router do when running a distance vector routing protocol? (Choose two.) A. Send periodic updates regardless of topology changes. B. Send entire routing table to all routers in the routing domain. C. Use the shortest-path algorithm to the determine best path. D. Update the routing table based on updates from their neighbors. E. Maintain the topology of the entire network in its database. Answer: AD Section: Chapter 6: IP Routing 考点 : 考查距离矢量路由协议特性 A: 周期性更新, 正确 B: 发送整个路由表到整个路由域, 错误, 只发送给邻居 C: 使用 SPF 算法, 错误 D: 依靠邻居发送更新来更新路由表, 正确 E: 在数据库中维护整个网络的拓扑 错误 QUESTION 40 Refer to the exhibit. According to the routing table, where will the router send a packet destined for ? A B

18 C D Answer: C Section: Chapter 6: IP Routing 路由查找原则 : 最长掩码匹配原则 QUESTION 41 Which command shows if an access list is assigned to an interface? A. show ip interface [interface] access-lists B. show ip access-lists interface [interface] C. show ip interface [interface] D. show ip access-lists [interface] Answer: C Section: Chapter 7: Security QUESTION 42 Refer to the exhibit. Which rule does the DHCP server use when there is an IP address conflict? A. The address is removed from the pool until the conflict is resolved. B. The address remains in the pool until the conflict is resolved. C. Only the IP detected by Gratuitous ARP is removed from the pool. D. Only the IP detected by Ping is removed from the pool. E. The IP will be shown, even after the conflict is resolved. Answer: A Section: Chapter 5: Managing Cisco IOS show ip dhcp conflict 命令可以查看哪些 ip 地址在使用上有冲突 有冲突的地址不再分配出去 A: 地址被删除直到冲突解决, 正确 B: 地址保留直到冲突解决, 错误 C/D: 答案片面 E: 当冲突解决后, 地址会被显示 错误 QUESTION 43 Refer to the exhibit. You are connected to the router as user Mike. Which command allows you to see output from the OSPF debug command?

19 A. terminal monitor B. show debugging C. show sessions D. show ip ospf interface Answer: A Section: Chapter 6: IP Routing A: 让 debug 信息在终端上显示出来 B: 没这条命令 C: 查看会话信息 D: 查看启用了 ospf 的接口的相关信息 QUESTION 44 Refer to the exhibit. If number 2 is selected from the setup script, what happens when the user runs setup from a privileged prompt? A. Setup is additive and any changes will be added to the config script. B. Setup effectively starts the configuration over as if the router was booted for the first time. C. Setup will not run if an enable secret password exists on the router. D. Setup will not run, because it is only viable when no configuration exists on the router. Answer: A Section: Chapter 4: Introduction to Cisco IOS [0] 不保存进入 IOS 命令配置模式 [1] 不保存返回设置模式 [2] 保存退出 A: 设置和改动被保存到配置脚本 B: 为有效地重新开始配置, 如果路由器是第一次启动的配置 C: 如果配置了密码, 设置不会运行 D: 设置不可用, 因为它只能在没有配置存在时才有效 QUESTION 45

20 Refer to the exhibit. Which (config-router) command will allow the network represented on the interface to be advertised by RIP? A. redistribute ethernet0 B. network ethernet0 C. redistribute D. network Answer: D Section: Chapter 6: IP Routing 考点 : 怎么才能让接口通告 RIP 路由 通告 network 网段实现 QUESTION 46 Refer to the exhibit. What information can be gathered from the output? A. One router is running RIPv1. B. RIP neighbor is C. The network contains a loop. D. Network is reachable. Answer: D Section: Chapter 6: IP Routing

21 由图中可以看出本地已经存在 这条路由 QUESTION 47 Refer to the exhibit. What type of connection would be supported by the cable diagram shown? A. PC to router B. PC to switch C. server to router D. router to router Answer: B Section: Chapter 1: Introduction 从图中可以看出这是一条直通线 同构设备使用交叉线, 异构设备使用直通线 B: 直通线 AC/D 同构设备使用交叉线 QUESTION 48 Refer to the exhibit. What type of connection would be supported by the cable diagram shown? A. PC to router B. PC to switch C. server to switch D. switch to router Answer: A Section: Chapter 1: Introduction QUESTION 49 Which two statements describe the Cisco implementation of VLANs? (Choose two.) A. VLAN 1 is the default Ethernet VLAN. B. CDP advertisements are only sent on VLAN C. By default, the management VLAN is VLAN D. By default, the switch IP address is in VLAN E. VLAN 1002 through 1005 are automatically created and cannot be deleted.

22 Answer: AE Section: (none) 考点 : 考查 vlan 知识点 A: 缺省都存在 vlan1, 端口都属于 vlan1, 正确 B:CDP 信息只发送到 vlan1002, 错误,vlan1002 是 fddi 网络的 vlan 号 C: 缺省情况交换机 IP 配置在 vlan1005, 错误,vlan1005trnet 网络的 vlan 号 缺省在 vlan1 里面 D:vlan 自动生成并不能被删除, 正确, 他们都是被保留的特殊 vlan QUESTION 50 Refer to the exhibit. What can be determined about the router from the console output? A. No configuration file was found in NVRAM. B. No configuration file was found in flash. C. No configuration file was found in the PCMCIA card. D. Configuration file is normal and will load in 15 seconds. Answer: A Section: Chapter 4: Introduction to Cisco IOS 启动时缺省读取保存在 NVRAM 里面的配置文件 提示进入对话模式, 说明没有保存配置文件 QUESTION 51 Refer to the exhibit. What can be determined from the output? A is local to the router. B is local to the router. C will age out in less than 1 minute. D has aged out and is marked for deletion. Answer: B Section: Chapter 4: Introduction to Cisco IOS

23 age 下面 - 代表是本地端口 QUESTION 52 Refer to the exhibit. Which command would allow the translations to be created on the router? A. ip nat pool mynats prefix-length 19 B. ip nat outside mynats prefix-length 19 C. ip nat pool mynats prefix-length 18 D. ip nat outside mynats prefix-length 18 Answer: A Section: Chapter 8: NAT 准确汇总掩码是 21, 答案中没有, 退而求其次选 19. mynats 为地址池的名字,prefix-length 表示掩码的长度 prefix-length 19 表示掩码为 QUESTION 53 Refer to the exhibit. An administrator pings the default gateway at and sees the output as shown. At which OSI layer is the problem? A. data link layer B. application layer C. access layer D. session layer E. network layer Answer: E Section: Chapter 2: TCP/IP

24 ping 调用 icmp,ping 不通是网络层的原因 QUESTION 54 Refer to the exhibit. Which value will be configured for Default Gateway of the Local Area Connection? A B C D Answer: B Section: Chapter 3: IP Addressing and VLSM 里面除了 外任意一个 QUESTION 55 Refer to the exhibit. The user at Workstation B reports that Server A cannot be reached. What is preventing Workstation B from reaching Server A?

25 A. The IP address for Server A is a broadcast address. B. The IP address for Workstation B is a subnet address. C. The gateway for Workstation B is not on the same subnet. D. The gateway for Server A is not on the same subnet. Answer: D Section: Chapter 6: IP Routing /27 所在网络范围为 : /27 很明显网关 不再范围内 QUESTION 56 Refer to the exhibit. What does the (*) represent in the output? A. Packet is destined for a local interface to the router. B. Packet was translated, but no response was received from the distant device. C. Packet was not translated, because no additional ports are available. D. Packet was translated and fast switched to the destination. Answer: D Section: Chapter 8: NAT 由图中提示信息可以看出, 源为 已经有个一个转换, 所以后续的数据包快速转发 QUESTION 57 Refer to the exhibit. What command sequence will enable PAT from the inside to outside network?

26 A. (config) ip nat pool isp-net netmask overload B. (config-if) ip nat outside overload C. (config) ip nat inside source list 1 interface ethernet1 overload D. (config-if) ip nat inside overload Answer: C Section: Chapter 8: NAT overload 是配置 PAT 的关键字 QUESTION 58 Refer to the exhibit. What will happen to HTTP traffic coming from the Internet that is destined for if the traffic is processed by this ACL? A. Traffic will be dropped per line 30 of the ACL. B. Traffic will be accepted per line 40 of the ACL. C. Traffic will be dropped, because of the implicit deny all at the end of the ACL. D. Traffic will be accepted, because the source address is not covered by the ACL. Answer: C Section: Chapter 7: Security ACL 匹配规则 : 自上而下匹配, 一旦匹配则终止, 没有匹配到的丢弃 题目给的 172 是目的地址, 表中 ACL 中 172 是源地址 QUESTION 59 Refer to the exhibit. Which statement describes the effect that the Router1 configuration has on devices in the subnet when they try to connect to SVR-A using Telnet or SSH?

27 A. Devices will not be able to use Telnet or SSH. B. Devices will be able to use SSH, but not Telnet. C. Devices will be able to use Telnet, but not SSH. D. Devices will be able to use Telnet and SSH. Answer: B Section: Chapter 7: Security 题目考查的是 ACL 用法, 首先我们看图示 F0/0 是 in 方向,eq 应该放在目的主机的后面, 源主机是随机端口发出访问 f0/1 也设置为 in 方向, 只能控制返回的数据, 这里 eq 应该放在源主机也就是 SVR-A 的后面所以 list 100 中 10 生效,20 无效 list 101 中 10 生效,20 无效 最后默认都拒绝, 所以只允许 ssh QUESTION 60 What are three advantages of VLANs? (Choose three.) A. VLANs establish broadcast domains in switched networks. B. VLANs utilize packet filtering to enhance network security. C. VLANs provide a method of conserving IP addresses in large networks. D. VLANs provide a low-latency internetworking alternative to routed networks. E. VLANs allow access to network services based on department, not physical location. F. VLANs can greatly simplify adding, moving, or changing hosts on the network. Answer: AEF Section: Chapter 10: VLAN A:VLAN 在交换网络中建立广播域, 正确 B: 利用 VLAN 的数据包过滤, 增强网络的安全性 错误, 没有这个特性

28 C: 提供了在大型网络中的保护 IP 地址的方法 错误 D: 提供低延迟互联网络替代路由网络 错误 E:vlan 允许基于逻辑划分的网络访问, 不是物理位置 正确 F:VLAN 可以大大简化添加, 移动或更改网络上的主机 正确 QUESTION 61 An administrator would like to configure a switch over a virtual terminal connection from locations outside of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? (Choose two.) A. The switch must be configured with an IP address, subnet mask, and default gateway. B. The switch must be connected to a router over a VLAN trunk. C. The switch must be reachable through a port connected to its management VLAN. D. The switch console port must be connected to the Ethernet LAN. E. The switch management VLAN must be created and have a membership of at least one switch port. F. The switch must be fully configured as an SNMP agent. Answer: AC Section: Chapter 9: Switching 要想远程管理 VLAN,1 交换机配置 IP,2 路由可达 QUESTION 62 Which of the following host addresses are members of networks that can be routed across the public Internet? (Choose three.) A B C D E F Answer: CEF Section: Chapter 3: IP Addressing and VLSM 考查公有 IP 地址的范围 / / / / / /24 除了上面的外都是公有 IP QUESTION 63 Given a subnet mask of , which of the following addresses can be assigned to network hosts? (Choose three.) A B C D E F

29 Answer: BCD Section: Chapter 3: IP Addressing and VLSM QUESTION 64 Which of the following are benefits of VLANs? (Choose three.) A. They increase the size of collision domains. B. They allow logical grouping of users by function. C. They can enhance network security. D. They increase the size of broadcast domains while decreasing the number of collision domains. E. They increase the number of broadcast domains while decreasing the size of the broadcast domains. F. They simplify switch administration. Answer: BCE Section: Chapter 10: VLAN 考查 VLAN 的特点 A: 增加冲突域的大小, 错误 B: 允许逻辑划分网段, 正确 C: 增强网络安全, 正确 不同 vlan 不能直接通信 D: 当减少冲突域时增加广播域的大小 错误 E: 减少广播域的大小时增加了广播域个数 正确 F: 简化交换机管理 答非所问 QUESTION 65 Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three.) A. ping B. tracert C. ipconfig D. show ip route E. winipcfg F. show interfaces Answer: ADF Section: Chapter 6: IP Routing A: 测试连通性 D: 查看是否有路由 F: 查看接口是否可用 QUESTION 66 Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?

30 A. B. C. D. E. F. Answer: D Section: Chapter 2: TCP/IP 此题考查的是 pc 的 arp 表, 不要和包的目的地址 源地址弄混了 在以太网寻址的时候, 依靠的事 MAC 地址, 每一个网段都需要寻找到自己的下一条 (gateway) 以自己的 MAC 作为 source gateway 的 mac 作为 destination 封装 Frame, 然后将 Frame 转发出去, 但是数据包是不会进行变化的, 也就是 packet 的头部信息不会发生改变 所以 IP 包头的 source 和 des 地址是不会变更的

31 QUESTION 67 Which two topologies are using the correct type of twisted-pair cables? (Choose two.) A. B. C. D. E. Answer: DE Section: Chapter 1: Introduction 线缆问题, 使用双绞线的设备 相同设备用 crossover 不同设备用 cut-thought 线缆 console 使用的事 rollor 线缆 QUESTION 68 Which of the following are true regarding bridges and switches? (Choose two.) A. Bridges are faster than switches because they have fewer ports. B. A switch is a multiport bridge. C. Bridges and switches learn MAC addresses by examining the source MAC address of each frame received. D. A bridge will forward a broadcast but a switch will not. E. Bridges and switches increase the size of a collision domain.

32 Answer: BC Section: Chapter 9: Switching 考查网桥和交换机的区别 A: 网桥比交换机更快速, 因为他们有更少的端口 错误 B: 交换机是一个多端口网桥 正确 C: 通过检查数据包的 source mac 学习 mac 地址, 正确 D: 网桥转发广播包, 但交换机不转发 错误 E: 网桥和交换机增加冲突域的大小, 错误 QUESTION 69 What are some of the advantages of using a router to segment the network? (Choose two.) A. Filtering can occur based on Layer 3 information. B. Broadcasts are eliminated. C. Routers generally cost less than switches. D. Broadcasts are not forwarded across the router. E. Adding a router to the network decreases latency. Answer: AD Section: Chapter 1: Introduction A: 可以基于层三的信息过滤数据 B: 广播被淘汰 错误 C: 路由器的价格一般比交换机少 错误 D: 广播不会穿越路由器, 正确 E: 增加路由器后减少延迟 错误 QUESTION 70 Which of the following statements are true regarding bridges and switches? (Choose 3.) A. Switches are primarily software based while bridges are hardware based. B. Both bridges and switches forward Layer 2 broadcasts. C. Bridges are frequently faster than switches. D. Switches have a higher number of ports than most bridges. E. Bridges define broadcast domains while switches define collision domains. F. Both bridges and switches make forwarding decisions based on Layer 2 addresses. Answer: BDF Section: Chapter 9: Switching A: 交换机基于软件, 网桥基于硬件, 错误 交换机是基于硬件, 网桥是基于软件 B: 都转发二层广播包, 正确 C: 网桥比交换机快速 错误 D: 交换机比网桥具有更多的端口, 正确 E: 网桥定义广播域, 交换机定义冲突域, 错误 F: 基于二层地址转发数据 正确 QUESTION 71 Which characteristics are representative of a link-state routing protocol? (Choose three.) A. provides common view of entire topology

33 B. exchanges routing tables with neighbors C. calculates shortest path D. utilizes event-triggered updates E. utilizes frequent periodic updates Answer: ACD Section: Chapter 6: IP Routing 链路状态路由协议有协议特点? A: 提供查看拓扑的命令, 正确 show ip ospf database B: 邻居之间交换路由信息, 错误 交换 LSA C: 计算最短路径, 正确 D: 利用触发更新, 正确 E: 利用周期更新, 错误 QUESTION 72 Which of the following statements describe the network shown in the graphic? (Choose two.) A. There are two broadcast domains in the network. B. There are four broadcast domains in the network. C. There are six broadcast domains in the network. D. There are four collision domains in the network. E. There are five collision domains in the network. F. There are seven collision domains in the network. Answer: AF Section: Chapter 1: Introduction 路由器一个端口一个广播域交换机一个端口一个冲突域集线器一个冲突域 左边是集线器, 右边是交换机 QUESTION 73 Use the output from the router shown in the graphic above to determine which of the following are correct. (Choose two.)

34 A. Router John uses a link-state routing protocol. B. Router John will receive routing updates on the Serial0/0 interface. C. Router John will receive routing updates on the Serial0/1 interface. D. Router John will send routing updates out the Serial0/0 interface. E. Router John will send routing updates out the FastEthernet0/0 interface. F. Router John will send routing updates out the Serial0/1 interface. Answer: BD Section: Chapter 6: IP Routing 由图中 的地方可知只有 s0/0 发送和接受路由信息 QUESTION 74 A national retail chain needs to design an IP addressing scheme to support a nationwide network. The company needs a minimum of 300 sub-networks and a maximum of 50 host addresses per subnet. Working with only one Class B address, which of the following subnet masks will support an appropriate addressing scheme? (Choose two.) A B C D E F

35 Answer: BE Section: Chapter 3: IP Addressing and VLSM 需要至少 300 个子网, 每个子网至少 50 台主机 使用一个 B 类地址来划分 A: 最多有 256 个子网, 错误 C: 只有 64 个子网 D: 每个子网只有 30 个可用 IP F: 只有 32 个子网 QUESTION 75 Given the address /28, which of the following are valid host addresses on this subnet? (Choose two.) A B C D E Answer: AC Section: Chapter 3: IP Addressing and VLSM /28 所属网段的范围是 : /28 QUESTION 76 An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three.) A. FTP B. Telnet C. SMTP D. DNS E. HTTP F. POP3 Answer: DEF Section: Chapter 2: TCP/IP acl 拒绝了 tcp/udp 这三个端口的流量, 哪些流量会被放行? A:FTP 21 端口 B:TELNET 23 端口 C:SMTP 25 端口 D:DNS 53 端口 E:HTTP 80 端口 F :POP3 110 端口 QUESTION 77 Which are valid modes for a switch port used as a VLAN trunk? (Choose three.) A. transparent B. auto C. on

36 D. desirable E. blocking F. forwarding Answer: BCD Section: Chapter 10: VLAN 有三种方式建立 trunk 链路 auto on desirable QUESTION 78 OSPF routing uses the concept of areas. What are the characteristics of OSPF areas? (Choose three.) A. Each OSPF area requires a loopback interface to be configured. B. Areas may be assigned any number from 0 to C. Area 0 is called the backbone area. D. Hierarchical OSPF networks do not require multiple areas. E. Multiple OSPF areas must connect to area 0. F. Single area OSPF networks must be configured in area 1. Answer: BCE Section: Chapter 6: IP Routing A: 每个区域需要换回口, 错误 B: 区域 ID 的可以设置为 , 正确 C: 区域 0 是骨干区域, 正确 D: 分层的 OSPF 网络不需要多区域, 错误 就是依赖多区域分层 E: 多区域情况必须存在区域 0, 正确 F: 单区域的区域号必须被配置为区域 1, 错误 QUESTION 79 What information does a router running a link-state protocol use to build and maintain its topological database? (Choose two.) A. hello packets B. SAP messages sent by other routers C. LSAs from other routers D. beacons received on point-to-point links E. routing tables received from other link-state routers F. TTL packets from designated routers Answer: AC Section: Chapter 6: IP Routing 链路状态路由协议如何维护拓扑数据库? A:hello 包用于维护邻居关系, 正确 B: 错误, 没有这个概念 C: 通过其他路由器的 LSA, 正确 D: 从点到点链路接收, 错误 答案片面 E: 从其他路由器接收路由表, 错误 相互间不直接发送路由表 F: 从 DR 接受 TTL 包, 错误, 答非所问

37 QUESTION 80 Which statements describe the routing protocol OSPF? (Choose three.) A. It supports VLSM. B. It is used to route between autonomous systems. C. It confines network instability to one area of the network. D. It increases routing overhead on the network. E. It allows extensive control of routing updates. F. It is simpler to configure than RIP v2. Answer: ACE Section: Chapter 6: IP Routing A: 支持 VLSM, 正确 B: 在 AS 之间使用, 错误 在 AS 内部使用 C: 限制了不稳定网络的范围, 正确 通过划分区域实现 D: 增加了网络的开销, 错误 E: 允许路由更新控制, 正确 F: 比 RIPv2 更容易配置, 错误, 答非所问 QUESTION 81 The switches shown in the diagram, Core and Core2, are both Catalyst 2950s. The addressing scheme for each company site is as follows: Router Ethernet port - 1st usable address Core - 2nd usable address Core2-3rd usable address For this network, which of the following commands must be configured on Core2 to allow it to be managed remotely from any subnet on the network? (Choose three.) A. Core2(config)# interface f0/0 Core2(config-if)# ip address B. Core2(config)# interface vlan 1 Core2(config-if)# ip address C. Core2(config)# line con 0 Core2(config-line)# password cisco D. Core2(config)# line vty 0 4 Core2(config-line)# password cisco E. Core2(config)# ip default-gateway F. Core2(config)# ip route Answer: BDE Section: Chapter 10: VLAN

38 实现远程管理, 需要给交换机配置管理 IP, 需要路由可达 B: 配置管理 IP 2 层交换机只能在 vlan 中配置 IP D: 配置 vty 密码 E: 配置缺省网关 QUESTION 82 An administrator is unsuccessful in adding VLAN 50 to a switch. While troubleshooting the problem, the administrator views the output of the show vtp status command, which is displayed in the graphic. What commands must be issued on this switch to add VLAN 50 to the database? (Choose two.) A. Switch(config-if)# switchport access vlan 50 B. Switch(vlan)# vtp server C. Switch(config)# config-revision 20 D. Switch(config)# vlan 50 name Tech E. Switch(vlan)# vlan 50 F. Switch(vlan)# switchport trunk vlan 50 Answer: BE Section: Chapter 10: VLAN 无法在交换机上添加 vlan50 的原因? 从图中画红线地方可以看出交换机处于 client 模式, 无法增加, 删除, 修改 vlan 题目说在 database 中增加, 所以选 BE QUESTION 83 Which of the following IP addresses fall into the CIDR block of /22? (Choose three.) A B C D E F Answer: BCE Section: Chapter 3: IP Addressing and VLSM /22 的范围是 / /22 QUESTION 84

39 Which of the following are types of flow control? (Choose three.) A. buffering B. cut-through C. windowing D. congestion avoidance E. load balancing Answer: ACD Section: Chapter 2: TCP/IP 流控制有哪些? A: 缓存 B: 直通 C: 窗口机制 D: 拥塞避免 E: 负载均衡 QUESTION 85 Which destination addresses will be used by Host A to send data to Host C? (Choose two.) A. the IP address of Switch 1 B. the MAC address of Switch 1 C. the IP address of Host C D. the MAC address of Host C E. the IP address of the router's E0 interface F. the MAC address of the router's E0 interface Answer: CF Section: Chapter 6: IP Routing 数据包在转发的过程中, 源目 IP 不变, 源目 MAC 会变化 目的地不在同一个网段, 数据先发送到网关 QUESTION 86 What can be determined from the line of show ip route output shown in the exhibit? (Choose two.)

40 A. The next routing update can be expected in 35 seconds. B. The IP address is configured on S0/1. C. The IP address is configured on S0/1. D. This route is using the default administrative distance. E. The network is two hops away from this router. Answer: DE Section: Chapter 6: IP Routing 考点 : 考查 RIP 的路由条目 通过 RIP 学习到一条到达 的路由, 下一跳是 , 出接口是 s/1 A: 错误 rip 更新周期为 30s, 正常计时器不会超过 30 B: 错误, 这个 ip 是对端接口 ip C: 错误 s0/1 的 ip 无法得知 D: 正确,rip 缺省的管理距离是 120 E: 正确 QUESTION 87 Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.) A. Network A /26 B. Network A /25 C. Network A /26 D. Link A /30 E. Link A /30 F. Link A /30 Answer: BD Section: Chapter 3: IP Addressing and VLSM 配置了 ip subnet-zero, 可以使用全 0 网段 A: 错误,120 台主机, 主机位至少为 7 位

41 B: 正确, 主机位 32-25=7 C: 错误, 主机位少于 7 位 D: 正确 因为使用了 ip subnet-zero E: 错误, 包含在 /27 网段中 F: 错误, 包换在 /27 网段中 QUESTION 88 Which two subnetworks would be included in the summarized address of /20? (Choose two.) A /30 B /30 C /18 D /22 E /22 F /18 Answer: DE Section: Chapter 3: IP Addressing and VLSM 考点 : 考查 VLSM 知识点 /20 网段所在的范围是 /20 D/E 都在这个范围内 QUESTION 89 The network administrator has discovered that the power supply has failed on a switch in the company LAN and that the switch has stopped functioning. It has been replaced with a Cisco Catalyst 2950 series switch. What must be done to ensure that this new switch becomes the root bridge on the network? A. Lower the bridge priority number. B. Change the MAC address of the switch. C. Increase the VTP revision number for the domain. D. Lower the root path cost on the switch ports. E. Assign the switch an IP address with the lowest value. Answer: A Section: Chapter 9: Switching 考点 :STP 的选举原则 RID= 优先级 +mac 地址小者优先 QUESTION 90 Refer to the exhibit. Assume that all of the router interfaces are operational and configured correctly. How will router R2 be affected by the configuration of R1 that is shown in the exhibit?

42 A. Router R2 will not form a neighbor relationship with R1. B. Router R2 will obtain a full routing table, including a default route, from R1. C. R2 will obtain OSPF updates from R1, but will not obtain a default route from R1. D. R2 will not have a route for the directly connected serial network, but all other directly connected networks will be present, as well as the two Ethernet networks connected to R1. Answer: B Section: Chapter 6: IP Routing 考查 OSPF 产生默认路由的条件虽然默认路由出口错误但是邻居仍然回收到正确答案选 :B QUESTION 91 Which three IP addresses can be assigned to hosts if the subnet mask is /27 and subnet zero is usable? (Choose three.) A B C D E F Answer: ACD Section: Chapter 3: IP Addressing and VLSM 掩码为 27, 所以一个子网可以有 32 个 IP, 可用的 30 个 A: /27, 正确 B: /27, 错误, 刚好是网络号 C: /27, 正确 D: /27, 正确 E: 刚好是网络号, 错误 F: 刚好是广播地址, 错误 QUESTION 92 Refer to the exhibit. A packet with a source IP address of and a destination IP address of arrives at the HokesB router. What action does the router take?

43 A. forwards the received packet out the Serial0/0 interface B. forwards a packet containing an EIGRP advertisement out the Serial0/1 interface C. forwards a packet containing an ICMP message out the FastEthernet0/0 interface D. forwards a packet containing an ARP request out the FastEthernet0/1 interface Answer: C Section: Chapter 6: IP Routing 路由器中没有去往目的地的路由, 返回一个 ICMP 报错报文去往源 IP 的路由下一跳是 f0/0, 所以选 C QUESTION 93 Refer to the exhibit. From RouterA, a network administrator is able to ping the serial interface of RouterB but unable to ping any of the subnets attached to RouterB. Based on the partial outputs in the exhibit, what could be the problem?

44 A. EIGRP does not support VLSM. B. The EIGRP network statements are incorrectly configured. C. The IP addressing on the serial interface of RouterA is incorrect. D. The routing protocol has summarized on the classful boundary. E. EIGRP has been configured with an invalid autonomous system number. Answer: D Section: Chapter 6: IP Routing QUESTION 94 What are three characteristics of the OSPF routing protocol? (Choose three.) A. It converges quickly. B. OSPF is a classful routing protocol. C. It uses cost to determine the best route. D. It uses the DUAL algorithm to determine the best route. E. OSPF routers send the complete routing table to all directly attached routers. F. OSPF routers discover neighbors before exchanging routing information. Answer: ACF Section: Chapter 6: IP Routing

45 考查 OSPF 特性 A: 收敛快, 正确 B: 有类路由, 错误 C: 使用 cost 值确定最优路由, 正确 D: 使用 dual 算法, 错误, 这个是 EIGRP 的算法 E: 发送全部路由信息, 错误, 增量更新 F: 在交换信息之前先建立邻接关系, 正确 QUESTION 95 Refer to the exhibit. SW1 and SW2 have default configurations. What will happen if host 1 sends a broadcast? A. Hosts 2, 3, and 4 will receive the broadcast. B. Hosts 1, 2, 3, and 4 will receive the broadcast. C. Host 2 and the Fa0/0 interface of R1 will receive the broadcast. D. Hosts 1, 2 and the Fa0/0 interface of R1 will receive the broadcast. E. Hosts 1, 2, 3, 4 and interface Fa0/0 of R1 will receive the broadcast. F. Hosts 2, 3, 4, and interfaces Fa0/0 and Fa0/1 of R1 will receive the broadcast. Answer: C Section: Chapter 6: IP Routing 考查路由器的功能 : 隔离广播域, 一个端口一个广播域 综上所述, 选 C QUESTION 96 A router has learned three possible routes that could be used to reach a destination network. One route is from EIGRP and has a composite metric of Another route is from OSPF with a metric of 782. The last is from RIPv2 and has a metric of 4. Which route or routes will the router install in the routing table? A. the OSPF route B. the EIGRP route C. the RIPv2 route D. all three routes E. the OSPF and RIPv2 routes Answer: B

46 Section: Chapter 6: IP Routing 考点 : 考查路由条目进入路由表的原则 : 最优路由才能进入 去往同一目的的多条路由, 先比较 AD 值,AD 值小者优先 ;AD 值一直则比较 metric 值 AD 值 : EIGRP 90 OSPF 110 RIP 120 QUESTION 97 For what two purposes does the Ethernet protocol use physical addresses? (Choose two.) A. to uniquely identify devices at Layer 2 B. to allow communication with devices on a different network C. to differentiate a Layer 2 frame from a Layer 3 packet D. to establish a priority system to determine which device gets to transmit first E. to allow communication between different devices on the same network F. to allow detection of a remote device when its physical address is unknown Answer: AE Section: Chapter 1: Introduction 考点 : 考查 mac 地址的作用 A: 在二层唯一确定一台设备, 正确 B: 是设备在不同的网络中通信, 错误, 不同网络通信需要通过 IP 地址确定 C: 区别二层和三层帧, 错误 D: 确定设备的优先级, 错误 没有这个功能 E: 是同一网络的不同设备可以通信, 正确 F: 当不知道远程设备的物理地址时可以查询, 错误 不能跨网段 QUESTION 98 As a frame leaves a Layer 3 device, the Layer 2 encapsulation information is changed from what it was when it entered the device. For what two reasons can this happen? (Choose two.) A. The data is moving from 10BASE-TX to 100BASE-TX. B. The WAN encapsulation type has changed. C. The data format has changed from analog to digital. D. The source and destination hosts are in the same subnet. E. The source and destination MAC addresses have changed. Answer: BE Section: Chapter 14: Wide Area Network (WAN) 考点 : 数据包转发过程 当数据包离开三层设备时, 二层封装哪些信息改变了 A: 从 10M 网络到 100M 网络, 错误 带宽改变不会改变数据包封装 B: 广域网封装改变, 正确 如从 HDCL 变成 PPP C: 数据格式从模拟型号变成数据信号, 错误, 物理层的信号方式变化不会影响二层数据格式 D: 错误 E: 原蜜 MAC 改变, 正确 QUESTION 99 Which two statements are true regarding EIGRP? (Choose two.)

47 A. Passive routes are in the process of being calculated by DUAL. B. EIGRP supports VLSM, route summarization, and routing update authentication. C. EIGRP exchanges full routing table information with neighboring routers with every update. D. If the feasible successor has a higher advertised distance than the successor route, it becomes the primary route. E. A query process is used to discover a replacement for a failed route if a feasible successor is not identified from the current routing information. Answer: BE Section: Chapter 6: IP Routing A: 被动路由在路由进程中由 dual 计算, 错误 B: 至此 VLSM, 路由汇总, 认证, 正确 C: 每次更新都发送全部的路由信息, 错误, 增量更新 D: 如果可行后继路由器有一个比后继路由器高的通告距离, 它会成为主路由条目, 错误 E: 如果不存在 FS, 使用查询进程去发现替代失效的路由信息, 正确 QUESTION 100 Refer to the exhibit. In the communication between host 1 and host 2 over the point-to-point WAN, which protocol or technology is represented by dashed line A? A. IP B. T1 C. PPP D. IEEE Answer: A Section: Chapter 14: Wide Area Network (WAN) A: 主机之间的通信依靠 IP 确定对方地址 B:T1, 广域网线路的一种 C:PPP, 二层封装的一种 D:ieee 以太网封装 QUESTION 101 Refer to the exhibit. The switch in the graphic has a default configuration and the MAC table is fully populated. In addition, this network is operating properly. The graphic represents selected header

48 information in a frame leaving host A. What can be concluded from this information? A. The MAC address of host A is FFFF.FFFF.FFFF. B. The router will forward the packet in this frame to the Internet. C. The switch will only forward this frame to the attached router interface. D. All devices in this LAN except host A will pass the packet to Layer 3. Answer: D Section: Chapter 9: Switching QUESTION 102 What is an appropriate use of a default route? A. to provide routing to a local web server B. to provide routing from an ISP to a stub network C. to provide routing that will override the configured dynamic routing protocol D. to provide routing to a destination that is not specified in the routing table and which is outside the local network Answer: D Section: Chapter 6: IP Routing 考点 : 考查缺省路由的特点 A: 提供路由到本地 web 服务器, 错误 B: 提供从 ISP 到末节网络的路由, 错误 C: 提供优先于动态路由协议的路由, 错误 根据最长匹配原则, 缺省路由最后才匹配 D: 正确 QUESTION 103 Refer to the exhibit. A junior network engineer has prepared the exhibited configuration file. What two statements are true of the planned configuration for interface fa0/1? (Choose two.)

49 A. The two FastEthernet interfaces will require NAT configured on two outside serial interfaces. B. Address translation on fa0/1 is not required for DMZ Devices to access the Internet. C. The fa0/1 IP address overlaps with the space used by s0/0. D. The fa0/1 IP address is invalid for the IP subnet on which it resides. E. Internet hosts may not initiate connections to DMZ Devices through the configuration that is shown. Answer: BE Section: Chapter 8: NAT DMZ 使用公网地址, 不需要做 NAT, 图中 ACL 第二条错将 DMZ 做了 NAT, 因此造成不能访问 QUESTION 104 Refer to the exhibit. Two routers have just been configured by a new technician. All interfaces are up. However, the routers are not sharing their routing tables. What is the problem? A. Split horizon is preventing Router2 from receiving routing information from Router1. B. Router1 is configured for RIP version 2, and Router2 is configured for RIP version 1.

50 C. Router1 has an ACL that is blocking RIP version 2. D. There is a physical connectivity problem between Router1 and Router2. E. Router1 is using authentication and Router2 is not. Answer: B Section: Chapter 6: IP Routing 考点 : 考查 RIP 版本知识点 两种版本不兼容 由提示信息可知 R2 发送 V1, 收到 V2 A: 水平分割保护 R2 从 R1 接收路由信息 错误 B:R2 配置为 V2,R2 配置为 V1, 正确 C:R1 使用了 acl 拒绝了 rip 的 V2 D:R1 和 R2 之间的物理链路有问题 错误 E:R1 使用了认证,R2 没有 错误 QUESTION 105 A medium-sized company has a Class C IP address. It has two Cisco routers and one non-cisco router. All three routers are using RIP version 1. The company network is using the block of /24. The company has decided it would be a good idea to split the network into three smaller subnets and create the option of conserving addresses with VLSM. What is the best course of action if the company wants to have 40 hosts in each of the three subnets? A. Convert all the routers to EIGRP and use /27, /27, and /27 as the new subnetworks. B. Maintain the use of RIP version 1 and use /27, /27, and /27 as the new subnetworks. C. Convert all the routers to EIGRP and use /26, /26, and /26 as the new subnetworks. D. Convert all the routers to RIP version 2 and use /26, /26, and /26 as the new subnetworks. E. Convert all the routers to OSPF and use /28, /28, and /28 as the new subnetworks. F. Convert all the routers to static routes and use /28, /28, and Answer: D Section: Chapter 6: IP Routing QUESTION 106 Refer to the exhibit. Why has this switch not been elected the root bridge for VLAN1?

51 A. It has more than one interface that is connected to the root network segment. B. It is running RSTP while the elected root bridge is running 802.1d spanning tree. C. It has a higher MAC address than the elected root bridge. D. It has a higher bridge ID than the elected root bridge. Answer: D Section: Chapter 9: Switching 考点 : 考查 STP 选举原则,RID 小者优先 由提示可知根桥的 RID 为 A: 有超过 1 个接口连接到根网段, 错误 B: 使用了 RSTP, 但是选举根桥时使用了 802.1d, 错误 C: 比根桥有更高的 MAC 地址, 错误 D: 比根桥有更高的 RID, 正确 QUESTION 107 Refer to the exhibit. At the end of an RSTP election process, which access layer switch port will assume the discarding role?

52 A. Switch3, port fa0/1 B. Switch3, port fa0/12 C. Switch4, port fa0/11 D. Switch4, port fa0/2 E. Switch3, port Gi0/1 F. Switch3, port Gi0/2 Answer: C Section: Chapter 9: Switching SW1 为跟桥,SW4 会选择一个端口作为根端口, 另一个堵塞 在两个端口 cost 相同的情况下, 选择端口号小的为跟端口, 端口号大的堵塞 QUESTION 108 Refer to the exhibit. How many paths can the EIGRP routing process use to forward packets from HQ_Router to a neighbor router?

53 A. two equal-cost paths B. two unequal-cost paths C. three equal-cost paths D. three unequal-cost paths E. four equal-cost paths F. four unequal-cost paths Answer: F Section: Chapter 6: IP Routing 考点 : 考查 EIGRP 负载均衡 根据提示,variance=3 maximum=4, 所以支持不等价负载均衡, 最多支持 4 条 A:2 条等价路径, 错误 B:2 条不等价路径, 错误 C: 三条等价路径, 错误 D: 三条不等价路径, 错误 E: 四条等价路径, 错误 F: 四条不等价路径, 正确 QUESTION 109 Select the action that results from executing these commands. Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security mac-address sticky A. A dynamically learned MAC address is saved in the startup-configuration file. B. A dynamically learned MAC address is saved in the running-configuration file. C. A dynamically learned MAC address is saved in the VLAN database. D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.

54 E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received. Answer: B Section: Chapter 9: Switching 考点 : 考查交换机端口安全 sticky 关键字使静态配置和动态学习的 mac 方式优势相结合 A: 把动态学习的 mac 保存到 startup-config 文件中, 错误 B: 把动态学习的 mac 保存到 running-config 文件中, 正确 C: 把动态学习的 mac 保存到 vlan 数据库中 错误 D: 如果接收到数据帧中包含静态配置的 MAC 地址, 它将被保存在 startup-config 文件, 错误 E: 如果接收到数据帧中包含静态配置的 MAC 地址, 它将被保存在 running-config 文件, 错误静态配置的直接保存在 running-config 里了 QUESTION 110 Refer to the exhibit. The following commands are executed on interface fa0/1 of 2950Switch. 2950Switch(config-if)# switchport port-security 2950Switch(config-if)# switchport port-security mac-address sticky 2950Switch(config-if)# switchport port-security maximum 1 The Ethernet frame that is shown arrives on interface fa0/1. What two functions will occur when this frame is received by 2950Switch? (Choose two.) A. The MAC address table will now have an additional entry of fa0/1 FFFF.FFFF.FFFF. B. Only host A will be allowed to transmit frames on fa0/1. C. This frame will be discarded when it is received by 2950Switch. D. All frames arriving on 2950Switch with a destination of aa.aaaa will be forwarded out fa0/1. E. Hosts B and C may forward frames out fa0/1 but frames arriving from other switches will not be forwarded out fa0/1.

55 F. Only frames from source bb.bbbb, the first learned MAC address of 2950Switch, will be forwarded out fa0/1. Answer: BD Section: Chapter 9: Switching 考点 : 考查交换机端口安全 maximum 1 说明只允许一个 mac 通过 A: 添加 ffff.ffff.ffff 到 mac 地址表, 错误 这是个 arp 报文, 把数据包源 mac 添加到 mac 表 B: 仅允许主机 A 通过 f0/1, 正确 C: 当 2950switch 收到帧后丢弃, 错误 应该是除 f0/1 外所有端口洪泛 D: 当 2950switch 收到目的为 aa.aaaa 的数据帧会从 f0/1 转发, 正确 E: 主机 B 和 C 的数据帧会从 f0/1 转发, 但从其他交换接收到的不会, 错误 F: 仅有源 mac 为 bb.bbbb,2950switch 第一个学习到的 mac 地址才有从 f0/1 转发 错误 QUESTION 111 Refer to the exhibit. Some 2950 series switches are connected to the conference area of the corporate headquarters network. The switches provide two to three jacks per conference room to host laptop connections for employees who visit the headquarters office. When large groups of employees come from other locations, the network administrator often finds that hubs have been connected to wall jacks in the conference area although the ports on the access layer switches were not intended to support multiple workstations. What action could the network administrator take to prevent access by multiple laptops through a single switch port and still leave the switch functional for its intended use? A. Configure static entries in the switch MAC address table to include the range of addresses used by visiting employees. B. Configure an ACL to allow only a single MAC address to connect to the switch at one time. C. Use the mac-address-table 1 global configuration command to limit each port to one source MAC address. D. Implement Port Security on all interfaces and use the port-security maximum 1 command to limit port access to a single MAC address.

56 E. Implement Port Security on all interfaces and use the port-security mac-address sticky command to limit access to a single MAC address. F. Implement Port Security at global configuration mode and use the port-security maximum 1 command to allow each switch only one attached hub. Answer: D Section: Chapter 9: Switching 考点 : 考查交换机端口安全 题目想实现限制一个端口只接入一台设备 A: 配置静态 mac 地址表 错误 无法达到限制效果 B: 配置 ACL 允许同一个时刻仅一个 mac 地址连接到交换机 错误 C: 在全局配置模式使用 mac-address-table 命令限制每个端口一个源 mac 地址 错误, 无法实现 D: 在所有端口使用 port security 和 maximum 1 限制一个端口允许一个 mac 地址, 正确 E: 部署 port security 和 port-security mac-address sticky 命令, 错误, 无法实现 F: 在所有端口使用 port security 和 maximum 1 限制一个端口允许一个 hub, 错误, 一个 hub 下面可以接多台 PC QUESTION 112 Running both IPv4 and IPv6 on a router simultaneously is known as what? A. 4to6 routing B. 6to4 routing C. binary routing D. dual-stack routing E. NextGen routing Answer: D Section: Chapter 13: IPv6 考点 : 考查 IPv4 和 IPv6 共存 同时使用 IPv4 和 IPv6 时称为双栈路由 QUESTION 113 What are three IPv6 transition mechanisms? (Choose three.) A. 6to4 tunneling B. VPN tunneling C. GRE tunneling D. ISATAP tunneling E. PPP tunneling F. Teredo tunneling Answer: ADF Section: Chapter 13: IPv6 考点 : 考查 IPv4-->IPv6 的过度机制 主要有三种 : 6to4 隧道 : ISATAP tunneling: 站内自动隧道寻址机制 teredo tunneling:teredo 目前尚为 IEIF 草案, 将 IPv6 数据包包在 UDP/IPv4 数据包中传送 QUESTION 114 Identify the four valid IPv6 addresses. (Choose four.)

57 A. :: B. ::192:168:0:1 C. 2000:: D. 2001:3452:4952:2837:: E. 2002:c0a8:101::42 F. 2003:dead:beef:4dad:23:46:bb:101 Answer: ABEF Section: Chapter 13: IPv6 :: 不能放最后,A 是特殊情况, 记住 QUESTION 115 Which protocol should be used to establish a secure terminal connection to a remote network device? Select the best response. A. ARP B. SSH C. Telnet D. WEP E. SNMPv1 F. SNMPv2 Answer: B Section: Chapter 2: TCP/IP 考点 : 那种协议用于建立安全的远程访问 A:arp 用于 ip 和 mac 的映射 B:ssh, 安全套接字 C:telnet, 明文传输 D:wep, 无线加密技术 E/F:snmp, 简单网络管理协议 QUESTION 116 Refer to the exhibit. A network administrator wants Switch3 to be the root bridge. What could be done to ensure Switch3 will be the root? A. Configure the IP address on Switch3 to be higher than the IP addresses of Switch1 and Switch2.

58 B. Configure the priority value on Switch3 to be higher than the priority values of Switch 1 and Switch2. C. Configure the BID on Switch3 to be lower than the BIDs of Switch1 and Switch2. D. Configure the MAC address on Switch3 to be higher than the Switch1 and Switch2 MAC addresses. E. Configure a loopback interface on Switch3 with an IP address lower than any IP address on Switch1 and Switch2. Answer: C Section: Chapter 9: Switching 根桥的选举由 BID 决定,BID 小者优先 BID= 优先级 +mac 准成 QUESTION 117 What is the maximum data rate specified for IEEE b WLANs? A. 10 Mbps B. 11 Mbps C. 54 Mbps D. 100 Mbps Answer: B Section: Chapter 11: Wireless a:54Mbps b:11Mbps g:54 108Mbps n:300Mpbs QUESTION 118 How does using the service password encryption command on a router provide additional security? A. by encrypting all passwords passing through the router B. by encrypting passwords in the plain text configuration file C. by requiring entry of encrypted passwords for access to the device D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges E. by automatically suggesting encrypted passwords for use in configuring the router Answer: B Section: Chapter 4: Introduction to Cisco IOS 当使用这条命令后, 所有在路由器上配置是密码都被加密 A: 所有通过路由器的密码都被加密 错误 B: 正确 C: 当访问设备时提供加密的密码 错误 D: 通过配置一个加密的密钥为路由协议使用, 错误 E: 在用户配置路由器时自动建议加密密码 错误 QUESTION 119 Refer to the exhibit. When running OSPF, What would cause router A not to form an adjacency with router B?

59 A. The loopback addresses are on different subnets. B. The value of the dead timers on the router are different. C. Route summarization is enabled on both routers. D. The process indentifier on router A is different than the process identifier on router B. Answer: B Section: Chapter 6: IP Routing 考点 : 考查 OSPF 邻居建立的条件 区域 ID,hello 周期, 网段, 认证等 A:loopback 地址不同网段, 错误 B:hello 的死亡时间不一样, 正确 C: 开启了路由汇总, 错误 这个没关系 D: 两端的路由进程不一致 错误 QUESTION 120 Refer to the exhibit. What statement is true of the configuration for this network?

60 A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported. B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown. C. The number 1 referred to in the ip nat inside souce command recerences access-list number 1. D. ExternalRouter must be configured with static routers to network /24 Answer: C Section: Chapter 8: NAT A: 该配置显示了内部全局地址不足以分配给所有内部局部地址, 错误 使用了 overload 关键字, 为 PAT B: 不支持 NAT 转换, 错误 C:ip nat insid source 1 中 1 为 access list 1 D:extemalrouter 必须配置一条到 /24, 错误 QUESTION 121 Refer to the exhibit. The network is converged.after link-state advertisements are received from Router_A, what information will Router_E contain in its routing table for the subnets and ? A [110/13] via , 00:00:00:07, FastEthernet0/ [110/13] via , 00:00:00:16, FastEthernet0/0 B [110/1] via , 00:00:00:07, Serial1/ [110/3] via , 00:00:00:16, FastEthernet0/0 C [110/13] via , 00:00:00:07, Serial1/ [110/13] via , 00:00:00:16, Serial1/ [110/13] via , 00:00:00:16, FastEthernet0/0 D [110/13] via , 00:00:00:07, Serial1/ [110/13] via , 00:00:00:16, Serial1/0 Answer: A Section: Chapter 6: IP Routing

61 考点 : 考查 OSPF cost 值计算 cost=10 的 8 次方除以带宽 在 routera 上 metric 12, 到 routere 经过 100M 网络 A: 正确 B: 错误,metric 值不对 C: 错误, 下一跳接口不对 D: 错误,metric 值不对 QUESTION 122 Refer to the exhibit. The company uses EIGRP as the routing protocol. What path will packets take from a host on /26 network to a host on the LAN attached to router R1? A. The path of the packets will be R3 to R2 to R1. B. The path of the packets will be R3 to R1 to R2. C. The path of the packets will be both R3 to R2 to R1 and R3 to R1. D. The path of the packets will be R3 to R1 Answer: D Section: Chapter 6: IP Routing 考点 : 考查 EIGRP 的路径选择 从 R3 内网到 R1 的路径选择 链路的带宽一样, 很明显是直接从 R3 到 R1 QUESTION 123 Refer to the exhibit. Switch port FastEthernet 0/24 on AlSwitch1 will be used to create an IEEE 802.1Qcomplaint trunk to another switch. Based on the output shown, What is the reason the trunk does not form, even thought the proper cabling has been attached?

62 A. VLANs have not been created yet. B. An IP address must be configured for the port. C. The port is currently configured for access mode. D. The correct encapsulation type has not been configured. E. The no shutdown command has not been entered for the port. Answer: C Section: Chapter 10: VLAN 由图中画红线的地方可知道接口配置为 access 模式 A:vlan 没有创建, 错误 B: 一个 IP 地址被配置在端口, 错误 C: 端口当前处于 access 模式, 正确 D: 没有配置正确的封装模式, 错误 E: 接口没有 no shutdown, 错误 QUESTION 124 Refer to the exhibit. What switch proves the spanning-tree designated port role for the network segment that services the printers?

63 A. Switch1 B. Switch2 C. Switch3 D. Switch4 Answer: C Section: Chapter 9: Switching 题目求哪一个交换机为打印机提供指定端口? 由图可知 S1 是根桥 指定端口是基于网段间选举的 S3--S4 之间 S3 的 BID 比 S4 小, 所以 S3-S4 之间的指定端口在 S3 上 QUESTION 125 An administrator issues the command ping from the command line prompt on a PC. If a reply is received, what does this confirm? A. The PC has connectivity with a local host. B. The PC has connectivity with a Layer 3 device. C. The PC has a default gateway correctly configured D. The PC has connectivity up to Layer 5 of the OSI model E. The PC has the TCP/IP protocol stack correctly installed. Answer: E Section: Chapter 2: TCP/IP ping 用于测试本机的 TCP/IP 协议栈是否安装完好 QUESTION 126 Refer to the exhibit. Host in network are unable to reach hosts in network Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)

64 A. The cable that is connected to S0/0 on RouterA is faulty. B. Interface S0/0 on RouterB is administratively down. C. Interface S0/0 on RouterA is configured with an incorrect subnet mask. D. The IP address that is configured on S0/0 of RouterB, is not in the correct subnet. E. Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU. F. The encapsulation that is configured on S0/0 of RotuerB does not match the encapsulation that is configured on S0/0 of RouterA. Answer: EF Section: Chapter 4: Introduction to Cisco IOS 由图示可知 RA 和 RB 之间端口的协议处于 down 状态 一般是时钟或者封装等问题 A: 线路故障, 错误 因为物理层是 up 的 B: 管理性 down, 错误 C: 子网配置不正确, 错误 这个不影响端口状态 D:RB 接口 ip 配置错误, 错误 E:RA 没有接受到时钟信息, 正确 F: 封装不匹配, 正确 QUESTION 127 What is the default routing update period for RIPv2? A. 15 seconds B. 30 seconds C. 180 seconds D. 240 seconds Answer: B Section: Chapter 6: IP Routing QUESTION 128 A network administrator is designing a new corporate internetwork. The corporation is concerned about downtime due to link failure and also about link costs. Which topology will provide some redundancy to increase reliablity for all sites but will cost less than a fully redundant topology?

65 A. B. C. D. Answer: B Section: Chapter 14: Wide Area Network (WAN) 考点 : 在考虑冗余和费用的情况下, 那种拓扑的最合适? A:R2 R3 之间的链路故障会影响网络 B: 正确 C: 相对 B 来说费用增加了 D:R2 失效影响较大 QUESTION 129 Which type of attack is characterized by flood of packet that requesing a TCP connection to a server? A. denial of service B. brute force C. reconnaissance D. Trojan horse Answer: A Section: Chapter 7: Security 考点 : 考查攻击方式与 TCP 的关系 A: 拒绝式服务攻击, 正确 利用 TCP 三次握手的漏洞 B: 暴力攻击, 错误 和 TCP 没联系 C: 侦察, 错误, 和 TCP 没联系 D: 特洛伊木马, 错误, 和 TCP 没联系 QUESTION 130 Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)

66 A. Router1 has specific boot system command that instruct it to load IOS from TFTP server. B. Router1 is acting as a TFTP server for other routers. C. Router1 cannot locate a valid IOS image in flash memory. D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server. E. Cisco routers will first attempt to load a image from TFTP for management purposes. Answer: AE Section: Chapter 5: Managing Cisco IOS QUESTION 131 What is the purpose using the traceroute command? A. to map all the devices on a network. B. to display the current TCP/IP configuration values. C. to see how a device MAC address is mapped to its IP address. D. to see the path a packet will take when traveling to a specified destination. E. to display the MTU values for each router in a specified network path from source to a destination. Answer: D Section: Chapter 2: TCP/IP traceroute 的主要功能就是跟踪数据包的下一跳 QUESTION 132 Refer to the exhibit. Given the output from the show ip eigrp topology command, which router is the feasible successor?

67 A. B. C. D. Answer: B Section: Chapter 6: IP Routing eigrp 的可行条件为 : 路由的 AD< successor 的 FD QUESTION 133 The output of the show frame-relay pvc command shows "PVC STATUS=INACTIVE". What does this

68 mean? A. The PVC is configured correctly and is operating normally, but no data packets have been detected for more than five minutes. B. The PVC is configured correctly, is operating normally, and is no longer actively seeking the address the remote route. C. The PVC is configured correctly, is operating normally, and is waiting for interesting to trigger a call to the remote router. D. The PVC is configured correctly on the local switch, but there is a problem on the remote end of the PVC. E. The PVC is not configured on the switch. Answer: D Section: Chapter 14: Wide Area Network (WAN) 标识为 inactive 的话. 证明 pvc 没有起来. 有可能两端配置不一致. 或者远端根本就没有配置 QUESTION 134 Refer to the exhibit. Which command will created a default route on RouterB to reach all networks beyond RouterA? A. ip route B. ip route C. ip route s0/0/0 D. ip route s0/0/0 E. ip route Answer: A Section: Chapter 6: IP Routing QUESTION 135 Which of the following IP addresses can be assigned to the host devices? (Choose two.) A /27 B /23 C D

69 E /28 F /13 Answer: BF Section: Chapter 3: IP Addressing and VLSM QUESTION 136 What is valid reason for a switch to deny port access to new devices when port security is enabled? A. The denied MAC addresses have already been learned or confgured on another secure interface in the same VLAN. B. The denied MAC address are statically configured on the port. C. The minimum MAC threshold has been reached. D. The absolute aging times for the denied MAC addresses have expired. Answer: B Section: Chapter 9: Switching QUESTION 137 Which statement is correct about the internetwork shown in the diagram? A. Switch2 is the root bridge. B. Spanning Tree is not running. C. HostD and Server1 are in the same subnet. D. No collision can occur in traffic between Host B and Host C. E. If Fa0/0 is down on Router1, HostA cannot access Server1. F. If Fa0/1 is down on Switch3, HostC cannot access Server 2. Answer: E Section: Chapter 10: VLAN QUESTION 138

70 Which statement is correct regarding the operation of DHCP? A. A DHCP client uses a ping to detect address conflicts. B. A DHCP server uses a gratuitous ARP to detect DHCP clients. C. A DHCP client uses a gratuitous ARP to detect a DHCP server. D. If an address conflict is detected, the address is removed from the pool and an administrator must resolve the conflict. E. If an address conflict is detected, the address removed from the pool for an amount of time configurable by the administrator. F. If an address conflict is detected, the address is removed from the pool and will not be reused until server is rebooted. Answer: D Section: Chapter 2: TCP/IP 根据多份满分战报, 此题答案应该选 :D QUESTION 139 Refer to the diagram. What is the largest configuration file that can be stored on this router? A. 191K bytes B K bytes C K bytes D K bytes Answer: A Section: Chapter 4: Introduction to Cisco IOS config 文件时保存在 nvram 中的

71 QUESTION 140 A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port? A. This is a 10Mb/s switch port. B. This is a 100Mbs switch port. C. This is an Ethernet port operating at half duplex. D. This is an Ethernet port operating at full duplex. E. This is a port on a network interface card in a PC. Answer: C Section: Chapter 1: Introduction 考点 : 考查冲突域的概念 在半双工网络中才存在冲突域 综上所述选 C QUESTION 141 A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the confguration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task? A. service password-encryption access-list 1 permit line vty 0 4 login password cisco access-class 1 B. enable password secret line vty 0 login password cisco C. service password-encryption line vty 1 login password cisco D. service password-encryption line vty 0 4 login password cisco Answer: C Section: Chapter 4: Introduction to Cisco IOS 首先密码加密的命令为 service password-encyption 题目要求只能有一个人连接懂啊路由器. 那么我们就开启一个 vty 线路. 然后设置 password 并且配置 login 就 OK 了 QUESTION 142 Refer to the exhibit. What is the meaning of the output MTU 1500 bytes?

72 A. The maximum number of bytes that can traverse this interface per second is B. The minimum segment size that can traverse this interface is 1500 bytes. C. The minimum segment size that can traverse this interface is 1500 bytes. D. The minimum packet size that can traverse this interface is 1500 bytes. E. The maximum packet size that can traverse this interface is 1500 bytes. F. The maximum frame size that can traverse this interface is 1500 bytes. Answer: E Section: Chapter 4: Introduction to Cisco IOS MTU 就是二层头部最大能传输多少东西, 而二层封装的正好是三层的数据. 也就是 packet. QUESTION 143 Refer to the exhibit. A network administrator configures a new router and enters the copy startup-config running-config on the router. The network administrator powers down the router and sets it up at a remote location. When the router starts, it enter the system configuration dialog as shown. What is the caust of the problem? A. The network administrator faled to save the configuration. B. The configuration register is set to 0x2100. C. The boot system flash command is missing from the configuration. D. The configuraiton register is set to 0x2102. E. The router is configured with the boot system startup command. Answer: A Section: Chapter 4: Introduction to Cisco IOS 管理员并没有使用 copy run start 命令. 所以配置没有被保存. 在设备重启后自然就没有配置被调用了 QUESTION 144 Refer to the exhibit. An organization connect two locations, supporting two VLANs, through two switches as shown. Inter-VLANs communicated is not required. The network is working properly and there is fully connectivity. The organization needs to add additional VLANs, so it has been decided to implement VTP.

73 Both switches are configured as VTP servers in the same VTP domain. VLANs added to Switch1 are not learned by Switch2. Based on this information and partial configuration is the exhibit, what is the problem? A. Switch2 should be configured as a VTP client. B. VTP is Cisco proprietory and requires a different trunking encapsulation C. A router is required to route VTP advertisements between the swtiches. D. STP has blocked on of the links between the switches, limiting connectivity. E. The links between the switches are access links. Answer: E Section: Chapter 10: VLAN VTP 信息是通过 trunk 进行传输的. 所以在交换机之间我们需要配置 trunk 接口 QUESTION 145 The administrator is unable to establish connectivity between two Cisco routers. Upon reviewing the command output of both routers, what is the most likely caust of the problem?

74 A. Authentication needs to be changed to PAP for both routers. B. Serial IP addresses of routers are not on the same subnet. C. Username/password is incorrectly configured. D. Router names are incorrectly configured. Answer: C Section: Chapter 14: Wide Area Network (WAN) QUESTION 146 Refer to the exhibit. The network manager is evaluating the efficiency of the current network design. RIPv2 is enabled on all Layer 3 devices in the network. What network devices participate in passing traffic from the PC at to File Server at in the older that they will forward traffic from source to destination? A. Switch1, Switch2 B. Switch1, Switch2, Switch2, Switch2 C. Switch1, Router1, Switch1, Switch2 D. Switch1, Router1, Router2, Switch2 Answer: D Section: Chapter 10: VLAN QUESTION 147 Acknowldgement, Sequencing, and Flow control are characteristics of which OSI layer? A. Layer 2 B. Layer 3 C. Layer 4 D. Layer 5

75 E. Layer 6 F. Layer 7 Answer: C Section: Chapter 1: Introduction QUESTION 148 Refer to the exhibit. Router A has interfaces with addresses and Router B, which connected to router A over a serial link, has interfaces with and Which sequence of commands will configured RIPv2 on router B? A. B(config)# router rip B(config-router)# version 2 B(config-router)# network B(config-router)# network B(config-router)# end B. B(config)# router rip B(config-router)# network B(config-router)# network B(config-router)# end C. B(config)# router rip B(config-router)# version 2 B(config-router)# network B(config-router)# network B(config-router)# end D. B(config)# router rip version 2 B(config-router)# network B(config-router)# network B(config-router)# end Answer: A Section: Chapter 6: IP Routing QUESTION 149 Refer to the exhibit. S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in the hub-and-spoke Frame Relay topology. While testing this configuration, a technician notes that pings are successfully from hosts on the /24 network to hosts on both the /25 and /25 networks. However, pings between hosts on the /25 and /25 network are not successful. What could explain this connectivity problem?

76 A. The ip subnet-zero command has been issued on the R1 router. B. The RIPv2 dynamic routing protocol cannot be used across a Frame Relay network. C. Split horizon is preventing R2 from learning about the R3 networks and R3 from learning about R2 networks. D. The /25 and /25 networks are overlapping networks that can be seen by R1, but not between R2 and R3. E. The /29 network used on the Frame Relay links is creating a discontiguous network between the R2 and R3 router subnetworks. Answer: C Section: Chapter 14: Wide Area Network (WAN) 中心节点在 ping 两边没有问题. 因为 rip 中心节点可以收到来自两边的路由. 但是因为水平分割的问题, 中心节点不会讲路由更新再从这个接口发送出去. 解决此问题最好的办法就是中心节点设置子接口对每一个分支机构, 这样从一个子接口收到的路由更新可以从另外一个字节口发送出去. 保证了网络的连通性 QUESTION 150 A network administrator is verifying the configuration of a newly installed host by establishing an FTP connection to a remote server. What is the highest layer of the protocol stack that the nework administrator is using for this operation? A. application B. presentation C. session D. transport E. internet F. data link Answer: A Section: Chapter 1: Introduction QUESTION 151 Refer to the topology and router output shown in the exhibit. A technician is troubleshooting host connectivity issues on the switches. The hosts in VLANs 10 and 15 on Sw11 are unable to communicate with hosts in the same VLANs on Sw12. Hosts in the Admin VLAN are able to communicate. The port-to- VLAN assignments are identical on the two switches. What could be the problem?

77 A. The Fa0/1 port is not operational on one of the switches. B. The Link connecting the switches has not been configured as a trunk. C. At lease one port needs to be configured in VLAN 1 for VLANs 10 and 15 to be able to communicate. D. Port FastEthernet 0/1 needs to be configured as an access link on both switches. E. A router is required for hosts on Sw11 in VLANs 10 and 15 to communicate with hosts in the same VLAN on Sw12. Answer: B Section: Chapter 10: VLAN fa0/1. 此接口在一个 vlan 下面. 所以接口并不是 trunk QUESTION 152 You have finished physically installing an access point on the ceiling at your office. At a minimum, which paramenter must be configured on the access point in order to allow a wireless client to operate on it? A. AES B. PSK C. SSID D. TKIP E. WEP Answer: C Section: Chapter 11: Wireless QUESTION 153 Refer to the exhibit. A network administrator needs to add a new VLAN, named VLAN3, to the network

78 shown. Unfortunately, there is not another FastEthernet interface on R1 to connect to the new VLAN3. Which approach is the most cost effective solution for this problem? A. Purchase a new FastEthernet module and install it on R1 B. Replace R1 with a new router that has at least three FastEthernet interfaces. C. Configure a second switch to support VLAN3 with a VLAN trunk between SW1 and the new switch. D. Configure a single VLAN trunk between R1 and SW1 and configure subinterface on R1 interface for each VLAN. E. Connect another router to a serial interface of R1. Use a FastEthernet interface on the new router for VLAN3. Answer: D Section: Chapter 10: VLAN 考查单臂路由的基本配置, 在配置单臂路由的时候. 我们要针对每一个需要路由的 vlan 建立一个子接口. 并且配上 IP 地址. 此 ip 即为 host 的网关 QUESTION 154 Refer to the exhibit. When running EIGRP, What is required for RouterA to exchange routing updates with RouterC? A. As numbers must be changed to match on all the routers. B. Loopback interface must be configured so a DR is elected.

79 C. The no auto-summary command is needed on Router A and Router C. D. Router B needs to have two network statements, one for each connected network. Answer: A Section: Chapter 6: IP Routing eigrp 的 AS 号码必须一致. 负责将不能够形成邻居关系所以也就不能够进行路由 update QUESTION 155 Refer to the exhibit. The two exhibit devices are the only Cisco devices on the network. The serial network between the two devices has a mask of Given the output that is shown, what three statements are true of these devices? (Choose three.) A. The Manchester serial address is B. The Manchester serial address is C. The London router is a Cisco D. The Manchester router is a Cisco E. The CDP information was received on port Serial0/0 of the Manchester router. F. The CDP information was sent by port Serial0/0 of the London Router. Answer: ACE Section: Chapter 5: Managing Cisco IOS 对端 IP, 因为掩码为 所以自己可用 IP 则为 interface: 前面是自己的端口, 后面是邻居的端口 QUESTION 156 How is an EUI-64 format interface ID created from a 48-bit MAC address? A. by appending 0xFF to the MAC address. B. by prefixing the MAC address with 0xFFEE. C. by prefixing the MAC address with 0xFF and appending 0xFF to it. D. by inserting 0xFFFE between the upper three bytes and the lower three bytes of the MAC address E. by prefixing the MAC address with 0xF and inserting 0xF after each of its first three bytes.

80 Answer: D Section: Chapter 13: IPv6 QUESTION 157 Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table? A. 30 seconds B. 60 seconds C. 90 seconds D. 180 seconds E. 240 seconds Answer: B Section: Chapter 6: IP Routing RIP 如果路由失效,holdtime 之内都会表示 passible down, 经过 60S 后刷新时间才会从路由表删除 QUESTION 158 Refer to the exhibit. A network associate has configured the internetwork that is shown in the exhibit, but has failed to configure routing properly. Which configuration will allow the hosts on the Branch LAN to access resources on the HQ LAN with the least impact on router processing and WAN bandwidth? A. HQ(config)# ip route Branch(config)# ip route

81 B. HQ(config)# router rip HQ(config-router)# network HQ(config-router)# network Branch(config)# router rip Branch(config-router)# network Branch(config-router)# network C. HQ(config)# router eigrp 56 HQ(config-router)# network HQ(config-router)# network Branch(config)# router eigrp 56 Branch(config-router)# network Branch(config-router)# network D. HQ(config)# router ospf 1 HQ(config-router)# network area 0 HQ(config-router)# network area 0 Branch(config)# router ospf 1 Branch(config-router)# network area 0 Answer: A Section: Chapter 6: IP Routing QUESTION 159 Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled? A. Set the SSID value in the client software to public. B. Configure open authentication on the AP and the client. C. Set the SSID value on the client to the SSID configured on the AP. D. Configured MAC address filtering to permit the client to connect to the AP. Answer: C Section: Chapter 11: Wireless QUESTION 160 What is one reason that WPA encryption is preferred over WEP? A. A WPA key is longer and requires more special characters than the WEP key. B. The access point and the client are manually configured with different WPA key values. C. WPA key values remain the same until the client configuration is changed. D. The values of WPA keys can change dynamically while the system is used. Answer: D Section: Chapter 11: Wireless QUESTION 161 A network administrator is troubleshooing an EIGRP problem on a router and needs to confirm the IP addresses of the devices with which the router has established adjacency. The retransmit interval and the queue counts for the adjacent routers also need to be checked. What command will display the required

82 information? A. Router# show ip eigrp adjacency B. Router# show ip eigrp topology C. Router# show ip eigrp interfaces D. Router# show ip eigrp neighbors Answer: D Section: Chapter 6: IP Routing 问的是, 需要确认哪些建立了邻接关系. 并且确认邻接的参数, 我们使用 show ip eigrp neighbors 就能查看得到了 QUESTION 162 All WAN links inside the ABC University network use PPP with CHAP for authentication security. Which command will display the CHAP authentication process as it occur between two routers in the network? A. show chap authentication B. show interface serial0 C. debug ppp authentication D. debug chap authentication E. show ppp authentication chap Answer: C Section: Chapter 14: Wide Area Network (WAN) 查看 ppp 认证的命令可以使用 debug 查看到 ppp 认证的过程. QUESTION 163 Refer to the exhibit. A network technician is asked to design a small network with redundancy. The exhibit represents this design, with all hosts configured in the same VLAN. What conclusions can be made about this design? A. The design will function as intended B. Spanning-tree will need to be used. C. The router will not accept the addressing scheme. D. The connection between switches should be a trunk. E. The router interfaces must be encapsulated with the 802.1Q protocol.

83 Answer: C Section: Chapter 10: VLAN 路由器的接口上不会出现同一网段的两个 IP 地址, 这样的 IP 地址是配置不上去的针对这么一个网络设计. 路由器将不会提供备份的功能. 因为在下面主机所致的网关只有一个., 要么 1.1 要么 1.2 如果链路出现问题将不能够进行切换 QUESTION 164 Refer to the exhibit. How should the FastEthernet0/1 port on the 2950 model switches that are shown in the exhibit be configured to allow connectivity between all devices? A. The ports only need to be connected by a crossover cable. B. SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode trunk C. SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode access SwitchX(config-if)# switchport access vlan 1 D. SwitchX(config)# interface FastEthernet 0/1 SwitchX(config-if)# switchport mode trunk SwitchX(config-if)# switchport trunk vlan 1 SwitchX(config-if)# switchport trunk vlan 10 SwitchX(config-if)# switchport trunk vlan 20 Answer: B Section: Chapter 10: VLAN fa0/0,fa0/1-- 此两接口都必须配置成 trunk, 才能达到 vlan 间通信而且 sw1 和 sw2 间的链路必须 trunk 才能带到相同 vlan 的通信 QUESTION 165 IP address and routing for the network are configured as shown in the exhibit. The network administrator issues the show ip eigrp neighbors command from Router1 and receives the output shown below the topology. Which statement is true?

84 A. It is normal for Router1 to show one active neighbor at a time to prevent routing loops. B. Routing is not completely configured on Router3. C. The IP addresses are not configured properly on the Router1 and Router3 interfaces. D. The no auto-summary command configured on the routers prevents Router1 and Router2 from forming a neighbor relationship. Answer: B Section: Chapter 6: IP Routing R1 没有 R3 的邻居,R3 并没有宣告 这个网段. 所以 R1 是没有 R3 的邻居 QUESTION 166 Refer to the exhibit. After SwitchB was added to the network, VLAN connectivity problems started to occur. What caused this problem? A. Both switches are in sever mode in the same domain B. The revision number of SwitchB was higher than the revision number of SwitchA C. SwitchA was not rebooted prior to adding SwitchB to the network. D. V2-mode is not enabled. E. VTP pruning is not activated, so the new paths in the network have not been recalculated.

85 Answer: B Section: Chapter 10: VLAN QUESTION 167 Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.) A. All ports will be in a state of discarding, learning, or forwarding. B. Thiry VLANs have been configured on this switch. C. The bridge priority is lower than the default value for spanning tree. D. All interfaces that are shown are on shared media. E. All designated ports are in a forwarding state. F. The switch must be the root bridge for all VLANs on this switch. Answer: ACE Section: Chapter 9: Switching rstp 的所有接口在收敛完成之前都将经历 discarding->learning->forwarding 的状态, 并且 rstp 的默认优先级应该为 32768, 所有的 DP 都将转发数据 QUESTION 168 Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the result that are shown. What is a possible problem?

86 A. The link between Host1 and Switch1 is down. B. TCP/IP is not functioning on Host1. C. The link between Router1 and Router2 is down. D. The default gateway on Host1 is incorrect. E. Interface Fa0/0 on Router1 is shudown. F. The link between Switch1 and Router1 is down. Answer: C Section: Chapter 6: IP Routing 回应的不可达报文, 所以我们可以知道报文在到达 之后就没有传递下去. 也就是 之后的链路就已经失效. QUESTION 169 Refer to the exhibit. The Bigtime router is unable to authenticate to the Littletime router. What is the cause of the problem? A. The usernames are incorrectly configured on the two routers. B. The passwords do not match on the two routers. C. CHAP authentication cannot be used on a serial interface. D. The routers cannot be connected from interface S0/0 to interface S0/0. E. With CHAP authentication, one router must authenticate to another router. The routers cannot be configured to authenticate to each other. Answer: B Section: Chapter 14: Wide Area Network (WAN)

87 ppp 在进行认证配置的时候. 用户名要是对端的用户名. 但是 password 要是两边共享的 password! QUESTION 170 S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in the hub-and-spoke Frame Relay topology shown in the exhibit. Originally, static routes were configured between these routers to successfully route traffic between the attached networks. What will need to be done in order to use RIPv2 in place of the static routes? A. Configure the no ip subnet-zero command on R1, R2, and R3. B. Dynamic routing protocols such as RIPv2 cannot be used across Frame Relay networks. C. Configure the S0/0 interface on R1 as two subinterfaces and configure point-to-point links to R2 and R3. D. Change the /25 and /25 subnetworks so that at least two bits are borrowed from the last octet. E. Change the network address configuration to eliminate the discontiguous /25 and /25 subnetwork. Answer: C Section: Chapter 14: Wide Area Network (WAN) 中心节点在 ping 两边没有问题. 因为 rip 中心节点可以收到来自两边的路由. 但是因为水平分割的问题, 中心节点不会讲路由更新再从这个接口发送出去. 解决此问题最好的办法就是中心节点设置子接口对每一个分支机构, 这样从一个子接口收到的路由更新可以从另外一个字节口发送出去. 保证了网络的连通性 QUESTION 171 Refer to the exhibit. A router interface is being configured for Frame Relay. However, as the exhibit shows, the router will not accept the command to configure the LMI type. What is the problem?

88 A. The interface does not support Frame Relay connections. B. The interface does not have an IP address assigned to it yet. C. The interface requires that the no shutdown command be configured first. D. the interface requires that the encapsulation frame-relay command be configured first. Answer: D Section: Chapter 14: Wide Area Network (WAN) 串口的默认封装为 hdlc, 要先改变封装类型然后在改变封装的 type, 所以我闷在配置 FR 的时候先要进行 FR 的封装然后才改变 FR 的 type QUESTION 172 Refer to the exhibit. Two buildings on the San Jose campus of a small company must be connected to use Ethernet with a bandwidth of at least 100 Mbps. The company is concerned about possible problems from voltage potential difference between the two buildings. Which media type should be used for the connection? A. UTP cable B. STP cable C. Coaxial cable D. Fiber optic cable Answer: D Section: Chapter 1: Introduction QUESTION 173 Users have been complaining that their Frame Relay connection to the corporate site is very slow. The network administrator suspects that the link is overloaded. Based on the partial output of the Router# show frame relay pvc command shown in the graphic, which output value indicates to the local router that traffic sent to the corporate site is experiencing congestion?

89 A. DLCI = 100 B. last time PVC status changed 00:25:40 C. in BECN packets 192 D. in FECN packets 147 E. in DE packets 0 Answer: C Section: Chapter 14: Wide Area Network (WAN) BECN 为后向拥塞指示,FECN 为前向拥塞指示 QUESTION 174 Refer to the exhibit. A router boots to the prompt shown in the exhibit. What does this signify, and how should the network administrator respond? A. This prompt signifies that the configuration file was not found in NVRAM. The network administrator should follow the prompts to enter a basic configuration. B. The prompt signifies that the configuration file was not found in flash memory. The network administrator should use TFTP to transfer a configuration file to the router. C. The prompt signifies that the IOS image in flash memory is invalid or corrupted. The network administrator should use TFTP to transfer an IOS image to the router. D. The prompt signifies that the router could not authenticate the user. The network administrator should modify the IOS image and reboot the router. Answer: C Section: Chapter 5: Managing Cisco IOS 当路由器进入了 rommon 模式之下. 我们首先要做的就是给其灌入 IOS 使用 TFTP QUESTION 175

90 Refer to the exhibit. Give this output for SwitchC, what should the network administrator's next action be? A. Check the trunk encapsulation mode for SwitchC's fa0/1 port. B. Check the duplex mode for SwitchC's fa0/1 port. C. Check the duplex mode for SwitchA's fa0/2 port. D. Check the trunk encapsulation mode for SwitchA's fa0/2 port. Answer: C Section: Chapter 9: Switching 出现错误报文, 可能是因为双工不匹配或者链路不稳定等因素造成的 QUESTION 176 Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed?

91 A. As FastEthernet0/12 will be the last to come up, it will not be blocked by STP. B. Remote access management of this switch will not be possible without configuration change. C. More VLANs will need to be created for this switch. D. The switch will need a different IOS code in order to support VLANs and STP. Answer: B Section: Chapter 10: VLAN vlan 1 关闭的是 int vlan 1 这个虚拟端口, 关闭的并不是 vlan 1, 这个 vlan 也是无法关闭的 QUESTION 177 Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed? A. Only the default VLANs are configured on SwitchA. B. SwitchA does not have a VTP domain name configured. C. VTP pruning needs to be enabled on SwitchA. D. SwitchC needs to have the VTP domain name configured. E. SwitchB is in transparent mode. Answer: B Section: Chapter 10: VLAN vtp 同步需要在一个 domain 之内的交换局同步. 并且 password 需要一直 sever 配置 domain name,client 没有配置 domain name, 也可以正常使用 QUESTION 178 Refer to the exhibit. The network administrator has discorvered that the VLAN configuration of SwitchC is not synchronized with the rest of the switched network. Why is SwitchC not receiving VTP updates?

92 Exhibit: A. SwitchB is not relaying VTP advertisements to SwitchC. B. SwitchC has fewer existing VLANs than does SwitchA. C. SwitchA supports a greater number of VLANs than does SwitchC. D. SwitchC has revision number higher than that being advertised

93 E. SwitchC should be operating in VTP server mode to recevie VTP updates. F. SwitchB should be operating in VTP server or client mode to relay VTP updates. Answer: D Section: Chapter 10: VLAN vtp 在通告或者同步 vlan 信息的时候是高的去通告其他所有的都同步高的, 并不是同步 server 的 QUESTION 179 How many subnets can be gained by subnetting /23 into a /27 mask, and how many usable host addresses will there be per subnet? A. 8 subnets, 31 hosts B. 8 subnets, 32 hosts C. 16 subnets, 30 hosts D. 16 subnets, 32 hosts E. A Class B address can't be subnetted into the fourth octet. Answer: C Section: Chapter 3: IP Addressing and VLSM 为的掩码. 那么将接用 4 位主机位所以可以划分成 16 个子网.27 为掩码的可用地址为 2 的 5 次方 -2=30 个可用主机地址 QUESTION 180 A TCP/IP Transfer is diagrammed in the exhibit. A window size of three has been negotiated for this transfer. Which message will be returned from the receiver to the sender as part of this TCP/IP transfer? A. Send ACK 1-3 B. Send ACK 3 C. Send ACK 4 D. Send ACK 4-6 E. Send ACK 6 F. Send ACK 7

94 Answer: C Section: Chapter 2: TCP/IP 考点 : 考查 TCP 的确认机制 在接收到第 n 个数据包后, 发送给对方的数据序列号为 n+1, 一次性确认前面 n 个数据包 综上所述, 发送 ack=4 的数据包 QUESTION 181 Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP server? A. The router cannot verify that the Cisco IOS image currently in flash is valid B. Flash memory on Cisco routers can contain only a single IOS image. C. Erasing current flash content is requested during the copy dialog. D. In order for the router to use the new image as the default, it must be the only IOS image in flash. Answer: C Section: Chapter 5: Managing Cisco IOS QUESTION 182 Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown? A. The Serial0/0 interface is passing traffic. B. The DLCI 100 was dynamically allocated by the router. C. The Serial0/0 interface acquired by the IP address of from a DHCP server.

95 D. The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud. E. The mapping between DLCI 100 and the end station IP address was learned through inverse ARP. Answer: E Section: Chapter 14: Wide Area Network (WAN) dynamic 意思是映射是通过翻转 ARP 获取, 而不是手动设置 QUESTION 183 What can be done to secure the virtual terminal interfaces on a router? (Choose two.) A. Administratively shut down the interface. B. Physically secure the interface. C. Create an access list and apply it to the virtual terminal interfaces with the access-group command. D. Configure a virtual terminal password and login process. E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command. Answer: DE Section: Chapter 7: Security 保障 vty 线路的安全, 第一可以配置密码. 第二可以使用 ACL 来控制访问的 IP 地址. 但是 ACL 在 vty 线路下调用的命令是 access-class, 这个大家需要注意 QUESTION 184 Refer to the exhibit. In this VLSM addressing scheme, what summary address would be sent from router A? A /16 B /20 C /24 D /16 E /17 F /16 Answer: A

96 Section: Chapter 6: IP Routing QUESTION 185 Refer to the exhibit. The show vtp status command is executed at a switch that is generating the exhibit output. Which statement is true for this switch? A. The switch forwards its VLAN database to other switches in the ICND VTP domain. B. The configuration revision number increments each time the VLAN database is updated. C. The switch forwards VTP updates that are sent by other switches in the ICND domain. D. The VLAN database is updated when VTP information is received from other switches. Answer: C Section: Chapter 10: VLAN 透明模式下 revision number 不增加, 不接受更新但能转发更新 QUESTION 186 Refer to the exhibit. Given the output for this command, if the router ID has not been manually set, what router ID will OSPF use for this RouterD? A B C D Answer: C Section: Chapter 6: IP Routing

97 正确答案为 :C 选取最大 LOOPBACK 口地址 QUESTION 187 Refer to the exhibit. What could be possible causes for the "Serial0/0 is down" interface status? (Choose two.) A. A Layer 1 problem exists. B. The bandwidth is set too low. C. A protocol mismatch exists. D. An incorrect cable is being used. E. There is an incorrect IP address on the Serial 0/0 interface. Answer: AD Section: Chapter 4: Introduction to Cisco IOS 接口双 down, 证明物理层就有问题, 所以这一题主要排查的问题首先是物理层 QUESTION 188 Before installing a new, upgraded version of the IOS, what should be checked on the router, and which command should be used to gather this information? (Choose two.) A. the amount of available ROM B. the amount of available flash and RAM memory C. the version of the bootstrap software present on the router D. show version E. show processes F. show running-config Answer: BD Section: Chapter 4: Introduction to Cisco IOS 在升级 IOS 的时候, 我们主要注意以下几点 : 1.flash 空间是否充足 2. 查看设备的版本对是否支持 IOS QUESTION 189 Refer to the exhibit. Which two statements are true about intervlan routing in the topology that is shown in the exhibit? (Choose two.)

98 A. Host E and host F use the same IP gateway address. B. Router1 and Switch2 should be connected via a crossover cable. C. Router1 will not play a role in communications between host A and host D. D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces. E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit. F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type. Answer: DF Section: Chapter 10: VLAN 在单臂路由的时候, 首先路由器的接口要配置子接口针对每一个 vlan 一个逻辑接口, 其次交换机的接口要配置 trunk, 并且封装要和路由器接口的封装一致 QUESTION 190 Refer to the exhibit. Which two statements are true about the loopback address that is configured on RouterB? (Choose two.) A. It ensures that data will be forwarded by RouterB. B. It provides stability for the OSPF process on RouterB.

99 C. It specifies that the router ID for RouterB should be D. It decreases the metric for routes that are advertised from RouterB. E. It indicates that RouterB should be elected the DR for the LAN. Answer: BC Section: Chapter 6: IP Routing loopback 口作为在 ospf 当中, 第一个 ospf 优先选择 loopback 作为 RID,loopback 作为 RID 可以保障 ospf 的稳定性, 因为 loopback 接口只有当路由器不可用的时候才会 down QUESTION 191 A network administrator is explaining VTP configuration to a new technician. What should the network administrator tell the new technician about VTP configuration? (Choose three.) A. A switch in the VTP client mode cannot update its local VLAN database. B. A trunk link must be configured between the switches to forward VTP updates. C. A switch in the VTP server mode can update a switch in the VTP transparent mode. D. A switch in the VTP transparent mode will forward updates that it receives to other switches. E. A switch in the VTP server mode only updates switches in the VTP client mode that have a higher VTP revision number. F. A switch in the VTP server mode will update switches in the VTP client mode regardless of the configured VTP domain membership. Answer: ABD Section: Chapter 10: VLAN VTP 的三个角色, 以及 VTP 的特性, 第一 Client 不能够增删改 vlan 信息, 也就是不能 update 自己本地的 vlan database, 第二在配置 vtp 的两台交换机中间必须是 trunk 口用来传递 vtp 的通告以及 vtp 的根新第三在 transparent 模式的交换机讲转发它所收到的 vtp 更新以及 vtp 通告信息 QUESTION 192 Which two locations can be configured as a source for the IOS image in the boot system command? (Choose two.) A. RAM B. NVRAM C. flash memory D. HTTP server E. TFTP server F. Telnet server Answer: CE Section: Chapter 5: Managing Cisco IOS 此题是一个概念性的题目, 设备在读取 IOS 的时候有两种方式 一种是本地 flash 中的 一种是存储在 TFTPserver 中的 flash 叶就是网络读取 QUESTION 193 What are two reasons a network administrator would use CDP? (Choose two.) A. to verify the type of cable interconnecting two devices B. to determine the status of network services on a remote device

100 C. to obtain VLAN information from directly connected switches D. to verify Layer 2 connectivity between two devices when Layer 3 fails E. to obtain the IP address of a connected device in order to telnet to the device F. to determine the status of the routing protocols between directly connected routers Answer: DE Section: Chapter 5: Managing Cisco IOS CDP 是一个二层协议, 可以用来确认二层的连通性, 以及查看远端 3 层的 IP 地址 QUESTION 194 Refer to the exhibit. Both switches are using a default configuration. Which two destination addresses will host 4 use to send data to host 1? (Choose two.) A. the IP address of host 1 B. the IP address of host 4 C. the MAC address of host 1 D. the MAC address of host 4 E. the MAC address of the Fa0/0 interface of the R1 router F. the MAC address of the Fa0/1 interface of the R1 router Answer: AF Section: Chapter 2: TCP/IP E 太网在进行寻址的时候, 通过 ARP 请求道网关的 MAC 地址, 将其封装到 Frame 的 dest 地址,Packet 的 source ip 和 dest ip 封装的事自己的 IP 作为 source 需要访问的终点的 IP 作为 dest IP QUESTION 195 Refer to the exhibit. The router has been configured with these commands: hostname Gateway interface FastEthernet 0/0 ip address no shutdown interface FastEthernet 0/1 ip address no shutdown

101 interface Serial 0/0 ip address no shutdown ip route What are the two results of this configuration? (Choose two.) A. The default route should have a next hop address of B. Hosts on the LAN that is connected to FastEthernet 0/1 are using public IP addressing. C. The address of the subnet segment with the WWW server will support seven more servers. D. The addressing scheme allows users on the Internet to access the WWW server. E. Hosts on the LAN that is connected to FastEthernet 0/1 will not be able to access the Internet without address translation. Answer: DE Section: Chapter 8: NAT 内网的私有网段要想访问外部, 必须使用 NAT 地址转换 公网是不为私有网段路由的 QUESTION 196 A company is installing IP phones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device? (Choose two.) A. hub B. router C. switch D. STP E. subinterfaces F. VLAN Answer: CF Section: Chapter 10: VLAN

102 本题考查的事 voice 的基本性质, 在 vocie 的时候我们需要一个 switch 并且配置 voice vlan QUESTION 197 What are two benefits of using VTP in a switching environment? (Choose two.) A. It allows switches to read frame tags. B. It allows ports to be assigned to VLANs automatically. C. It maintains VLAN consistency across a switched network. D. It allows frames from multiple VLANs to use a single interface. E. It allows VLAN information to be automatically propagated throughout the switching environment. Answer: CE Section: Chapter 10: VLAN VTP 可以让交换网络中位置 vlan 的一致性, 也就是版本号的同步 QUESTION 198 Which two statements are true about the command ip route ? (Choose two.) A. It establishes a static route to the network. B. It establishes a static route to the network. C. It configures the router to send any traffic for an unknown destination to the network. D. It configures the router to send any traffic for an unknown destination out the interface with the address E. It uses the default administrative distance. F. It is a route that would be used last if other routes to the same destination exist. Answer: AE Section: Chapter 6: IP Routing 这条命令是静态的为 建立一个路由, 并且没有指定它的 AD, 使用的事默认 AD QUESTION 199 What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.) A. decreasing the number of collision domains B. filtering frames based on MAC addresses C. allowing simultaneous frame transmissions D. increasing the size of broadcast domains E. increasing the maximum length of UTP cabling between devices Answer: BC Section: Chapter 1: Introduction SW 和 HUB 的区别在于,SW 可以对 frame 给予 mac 地址的过滤, 而 HUB 只是傻瓜的转发, 没有 MAC 地址学习的功能,SW 是一个全双工的设备 而 hub 工作在半双工当中所以 hub 不支持同时传输 Frame, 它使用的是 CSMA/CD 机制 QUESTION 200

103 Refer to the exhibit. A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two.) A. A B. B C. C D. D E. E F. F Answer: CF Section: Chapter 10: VLAN 本题考查的事 vlan 间路由的问题 要让不同的 vlan 进行通信 那么 SW 与 SW 之间的链路,SW 与 router 之间的链路都需要配置成为 trunk, 用来传递不同 vlan 的数据 QUESTION 201 Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.) A. amount of RAM B. bridge priority C. IOS version D. IP address E. MAC address F. speed of the links Answer: BE Section: Chapter 9: Switching STP 在选举 RB 的时候依靠的事桥 ID, 桥 ID 包含两个部分组成一个是桥优先级另一部分就是桥 mac QUESTION 202 Refer to the exhibit. Assume that the routing protocol referenced in each choice below is configured with its default settings and the given routing protocol is running on all the routers. Which two conditional statements accurately state the path that will be chosen between networks and for the routing protocol mentioned? (Choose two.)

104 A. If OSPF is the routing protocol, the path will be from R1 to R3 to R4 to R5. B. If OSPF is the routing protocol, the path will be from R1 to R2 to R5. C. If OSPF is the routing protocol, the path will be from R1 to R5. D. If RIPv2 is the routing protocol, the path will be from R1 to R3 to R4 to R5. E. If RIPv2 is the routing protocol, the path will be from R1 to R5. Answer: AE Section: Chapter 6: IP Routing 路由协议选路的问题 上图表明了链路带宽, 如果是使用 RIP 协议的话 那么它选路和链路带宽没有关系 使用的是 hop, 所以选择 hop 最小的, 而 ospf 在进行选路过程中看的事带宽, 使用 10 的 8 次方处以带宽计算出来的度量最小的 QUESTION 203 Refer to the exhibit. A network administrator is adding two new hosts to SwitchA. Which three values could be used for the configuration of these hosts? (Choose three.) A. host A IP address: B. host A IP address: C. host A default gateway: D. host B IP address: E. host B default gateway:

105 F. host B IP address: Answer: ACF Section: Chapter 10: VLAN 单臂路由的问题 单臂路由子接口的 IP 就是主机的 default-gateway QUESTION 204 A network administrator changes the configuration register to 0x2142 and reboots the router. What are two results of making this change? (Choose two.) A. The IOS image will be ignored. B. The router will prompt to enter initial configuration mode. C. The router will boot to ROM. D. Any configuration entries in NVRAM will be ignored. E. The configuration in flash memory will be booted. Answer: BD Section: Chapter 5: Managing Cisco IOS 0x2142 寄存器值, 是在启动的时候不调用 nvram 中的 start-config, 会按照初始状态进行启动 QUESTION 205 Refer to the exhibit. The networks connected to router R2 have been summarized as a /21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.) A B C D E F Answer: BE Section: Chapter 6: IP Routing 子网问题, /21 的范围是 :

106 QUESTION 206 Which three statements are typical characteristics of VLAN arrangements? (Choose three.) A. A new switch has no VLANs configured. B. Connectivity between VLANs requires a Layer 3 device. C. VLANs typically decrease the number of collision domains. D. Each VLAN uses a separate address space. E. A switch maintains a separate bridging table for each VLAN. F. VLANs cannot span multiple switches. Answer: BDE Section: Chapter 10: VLAN vlan 的特征 : vlan 之间默认是不能够通信的, 需哟啊通信则需要第三层设备进行路由一个 vlan 就是一个逻辑子网 sw 为每一个 vlan 维护一个单独的桥接表, 这个其实比较难以理解, 但是我们知道一个 vlan 就是一个逻辑子网, 那么不同的 vlan 对于交换机而言当然是不同的表项了 QUESTION 207 QoS policies are applied on the switches of a LAN. Which type of command will show the effects of the policy in real time? A. show command B. debug command C. configuration command D. rommon command Answer: B Section: Chapter 9: Switching 问什么命令能够实时的查看 policies 的结果 实时查看我们只能开启 debug 来看是否有匹配到 Qos 的 policies QUESTION 208 Which command will show the MAC addresses of stations connected to switch ports? A. show mac-address B. show arp C. show table D. show switchport Answer: B Section: Chapter 4: Introduction to Cisco IOS 查看 station 连接 switch 的端口 我们只需要查看 arp 的解析就 OK 了 也就是 show arp, 因为 stations 有流量需要访问 就会向 switch 发送 arp 的请求,show mac address-table 也是可以看得到的 但是 A 的命令是错误的 QUESTION 209 What is the name of the VTP mode of operation that enables a switch to forward only VTP advertisements while still permitting the editing of local VLAN information?

107 A. server B. client C. tunnel D. transparent Answer: D Section: Chapter 10: VLAN 哪一种 vtp 的 mode 转发 vtp 通告并且维护自己本地的 vlan 信息, 这种情况就是透明模式的特点 QUESTION 210 Which port state is introduced by Rapid-PVST? A. learning B. listening C. discarding D. forwarding Answer: C Section: Chapter 9: Switching Rpvst 新增了一种端口角色 ----discarding QUESTION 211 What speeds must be disabled in a mixed b/g WLAN to allow only g clients to connect? A. 6, 9, 12, 18 B. 1, 2, 5.5, 6 C. 5.5, 6, 9, 11 D. 1, 2, 5.5, 11 Answer: D Section: Chapter 11: Wireless 1,2,5.5,11 是 b 的传输速率 QUESTION 212 Refer to the exhibit. Which VLSM mask will allow for the appropriate number of host addresses for Network A? A. /25 B. /26

108 C. /27 D. /28 Answer: A Section: Chapter 3: IP Addressing and VLSM 66 个主机的话 那么我们 2 的 X 次方 -2 要大于等于 66, 很容易算出掩码为 /25 QUESTION 213 Refer to the exhibit. Which subnet mask will place all hosts on Network B in the same subnet with the least amount of wasted addresses? A B C D Answer: B Section: Chapter 3: IP Addressing and VLSM 310 个主机, 那么 2 的 X 次方 -2>=310 QUESTION 214 Refer to the exhibit. Which mask is correct to use for the WAN link between the routers that will provide connectivity while wasting the least amount of addresses? A. /23 B. /24 C. /25 D. /30 Answer: D Section: Chapter 3: IP Addressing and VLSM 中间的 point-to-point 链路最节省地址的掩码就是 /30

109 QUESTION 215 Refer to the exhibit. What is the most appropriate summarization for these routes? A /21 B /22 C /23 D /24 Answer: B Section: Chapter 6: IP Routing 做汇总. 显然我们要在第三个位组做汇总, 通过二进制换算我们可以知道 0-3 最多只需要 2bit 就能表示 0-3 所有的数字. 所以 24-2 得到掩码 /22 QUESTION 216 Which two tasks does the Dynamic Host Configuration Protocol perform? (Choose two.) A. Set the IP gateway to be used by the network. B. Perform host discovery used DHCPDISCOVER message. C. Configure IP address parameters from DHCP server to a host. D. Provide an easy management of layer 3 devices. E. Monitor IP performance using the DHCP server. F. Assign and renew IP address from the default pool. Answer: CF Section: Chapter 2: TCP/IP 考查的是 DHCP 提供的服务.DHCP 主要的服务时向主机提供 ip 地址, 并且如果你要添加或者更新 ip 地址. 需要在 dhcp pool 中添加就 OK 了 QUESTION 217 Which two benefits are provided by using a hierarchical addressing network addressing scheme? (Choose two.) A. reduces routing table entries B. auto-negotiation of media rates C. efficient utilization of MAC addresses D. dedicated communications between devices E. ease of management and troubleshooting Answer: AE Section: Chapter 1: Introduction

110 提供分层的网络地址规划, 第一个我们容易实时路由汇总从而减少路由条目, 第二给我们在管理方面还错误排查方面提供了便利 QUESTION 218 Which two benefits are provided by creating VLANs? (Choose two.) A. added security B. dedicated bandwidth C. provides segmentation D. allows switches to route traffic between subinterfaces E. contains collisions Answer: AC Section: Chapter 10: VLAN vlan 的主要特点第一个提供网络安全因为默认 vlan 间是不能够通信的, 第二个提供了网络分段. 因为一个 vlan 就是一个逻辑子网 QUESTION 219 Which two link protocols are used to carry multiple VLANs over a single link? (Choose two.) A. VTP B q C. IGP D. ISL E u Answer: BD Section: Chapter 10: VLAN trunk 的封装就两个, 一个位 ieee 公有的 802.1q 一个位 cisco 私有的 isl 封装类型 QUESTION 220 Which two protocols are used by bridges and/or switches to prevent loops in a layer 2 network? (Choose two.) A d B. VTP C q D. STP E. SAP Answer: AD Section: Chapter 9: Switching 阻止二层的环路就是生成树协议. 这里 802.1d 以及 stp 都是阻止二层环路的有效手段 QUESTION 221 On the network /27, what is the last IP address that can be assigned to a host? A

111 B C D Answer: A Section: Chapter 3: IP Addressing and VLSM /27 的块大小为 32 有效地址范围为 QUESTION 222 The ip subnet zero command is not configured on a router. What would be the IP address of Ethernet0/0 using the first available address from the sixth subnet of the network /29? A B C D Answer: C Section: Chapter 3: IP Addressing and VLSM /29 的块大小为 8 那么第六个 subnet 则为 6*8=48 第一个可用地址则为 QUESTION 223 For the network /23, which option is a valid IP address that can be assigned to a host? A B C D Answer: B Section: Chapter 3: IP Addressing and VLSM /23 的块大小为 512 可用地址范围为 QUESTION 224 How many addresses for hosts will the network /22 provide? A. 510 B C D Answer: B Section: Chapter 3: IP Addressing and VLSM /22 的块大小为 2 的 10 次方 =1024 可用地址则为 =1022 QUESTION 225

112 Where does routing occur within the DoD TCP/IP reference model? A. application B. internet C. network D. transport Answer: B Section: Chapter 2: TCP/IP 路由在 tcp/ip 协议栈的 internet 层注意是 DOD 模型不是 OSI 模型 QUESTION 226 Which VTP mode is capable of creating only local VLANs and does not synchronize with other switches in the VTP domain? A. client B. dynamic C. server D. static E. transparent Answer: E Section: Chapter 10: VLAN vtp transparent 的功能为, 不同步 vlan 信息, 转发 vtp 通告可以在本地增删改 vlan 信息, 维护本地的数据库 QUESTION 227 Which switch would STP choose to become the root bridge in the selection process? A : B : C : D : Answer: A Section: Chapter 9: Switching stp 选举跟桥首先比较优先级大小. 然后比较 mac 地址大小 QUESTION 228 A switch is configured with all ports assigned to vlan 2 with full duplex FastEthernet to segment existing departmental traffic. What is the effect of adding switch ports to a new VLAN on the switch? A. More collision domains will be created. B. IP address utilization will be more efficient. C. More bandwidth will be required than was needed previously. D. An additional broadcast domain will be created. Answer: D Section: Chapter 10: VLAN

113 vlan 的特性是对广播域的分割. 增加广播域的数量, 减少广播域的大小因为一个 vlan 就是一个广播域 QUESTION 229 Which two statements about the use of VLANs to segment a network are true? (Choose two.) A. VLANs increase the size of collision domains. B. VLANs allow logical grouping of users by function. C. VLANs simplify switch administration. D. VLANs enhance network security. Answer: BD Section: Chapter 10: VLAN vlan 是一个逻辑分组, A vlan = 一个逻辑子网 = 一个广播域并且 vlan 间默认是不通信的, 从而间接保证了网络的安全 QUESTION 230 On corporate network, hosts on the same VLAN can communicate with each other, but they are unable to communicate with hosts on different VLANs. What is needed to allow communication between the VLANs? A. a router with subinterfaces configured on the physical interface that is connected to the switch B. a router with an IP address on the physical interface connected to the switch C. a switch with an access link that is configured between the switches D. a switch with a trunk link that is configured between the switches Answer: A Section: Chapter 10: VLAN 考查单臂路由的基本配置, 在配置单臂路由的时候. 我们要针对每一个需要路由的 vlan 建立一个子接口. 并且配上 IP 地址. 此 ip 即为 host 的网关 QUESTION 231 When a DHCP server is configured, which two IP addresses should never be assignable to hosts? (Choose two.) A. network or subnetwork IP address B. broadcast address on the network C. IP address leased to the LAN D. IP address used by the interfaces E. manually assigned address to the clients F. designated IP address to the DHCP server Answer: AB Section: Chapter 3: IP Addressing and VLSM 不能够被主机使用的 ip 也就是两个. 一个网络号或者子网号, 还一个就是广播地址 QUESTION 232 Which statement describes the process of dynamically assigning IP addresses by the DHCP server?

114 A. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement. B. Addresses are permanently assigned so that the hosts uses the same address at all times. C. Addresses are assigned for a fixed period of time, at the end of the period, a new request for an address must be made. D. Addresses are leased to hosts, which periodically contact the DHCP server to renew the lease. Answer: D Section: Chapter 2: TCP/IP DHCP 的主要作用就是向主机提供地址租约, 并且租约如果快到期了. 主机需要向 DHCPserver 重新续租 QUESTION 233 Which network protocol does DNS use? A. FTP B. TFTP C. TCP D. UDP E. SCP Answer: D Section: Chapter 2: TCP/IP 此题答案并不严格, 严格讲 DNS 有两个端口号一个为 TCP 一个为 UDP 并且端口号都为 53 DNS 解析用 UDP 效率高但不能保证完整性 DNS 服务器之间同步使用 TCP 保证数据正确 QUESTION 234 When two hosts are trying to communicate across a network, how does the host originating the communication determine the hardware address of the host that it wants to "talk" to? A. RARP request B. Show Network Address request C. Proxy ARP request D. ARP request E. Show Hardware Address request Answer: D Section: Chapter 2: TCP/IP host 在建立通信, 需要通过 arp 请求来请求道目标 IP 的 mac 地址. QUESTION 235 Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two.)

115 A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached. B. Router C will use ICMP to inform Router B that Host 2 cannot be reached. C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached. D. Router C will send a Destination Unreachable message type. E. Router C will send a Router Selection message type. F. Router C will send a Source Quench message type. Answer: AD Section: Chapter 6: IP Routing 因为 RC 的 e0 口 down, 所以主机 1 的数据包到达 RC 后,RC 向主机返回一个 icmp 的目的地不可达信息 QUESTION 236 To configure the VLAN trunking protocol to communicate VLAN information between two switches, what two requirements must be met? (Choose two.) A. Each end of the trunk line must be set to IEEE 802.1E encapsulation. B. The VTP management domain name of both switches must be set the same. C. All ports on both the switches must be set as access ports. D. One of the two switches must be configured as a VTP server. E. A rollover cable is required to connect the two switches together. F. A router must be used to forward VTP traffic between VLANs. Answer: BD Section: Chapter 10: VLAN 两个交换机之间使用 VTP 的前提? A: 必须使用 802.1e 封装, 错误 B:VTP 域名必须一致, 正确 C: 所有端口必须设置为 access 口, 错误 D: 其中一个必须设置为 sever 模式 正确 E: 使用反转先连接, 错误 F: 必须使用一个路由中转数据, 错误 QUESTION 237 Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two.) A. It is locally significant. B. It is globally significant. C. It is needed to identify a unique instance of an OSPF database.

116 D. It is an optional parameter required only if multiple OSPF processes are running on the router. E. All routers in the same OSPF area must have the same process ID if they are to exchange routing information. Answer: AC Section: Chapter 6: IP Routing 配置 OSPF 的时候,ospf 后面的进程号的意义 :rouer ospf # A: 本地有意义, 正确 B: 全局有意义, 错误 C: 用于确定一个 ospf 数据库实例, 正确 本地路由器上一个进程号一个数据库 D: 这是一个可选参数, 错误 E: 区域中的所有路由必须使用相同的进程号, 错误 QUESTION 238 What functions do routers perform in a network? (Choose two.) A. packet switching B. access layer security C. path selection D. VLAN membership assignment E. bridging between LAN segments F. microsegmentation of broadcast domains Answer: AC Section: Chapter 4: Introduction to Cisco IOS 路由器的作用 A: 转发数据, 正确 B: 接入层安全, 错误 通常由交换机实现 C: 路径选择, 正确 D:VLAN 成员分配, 错误 E: 桥接不同网段, 错误 不够准确 F: 缩小广播域的分割, 错误 QUESTION 239 Which series of commands will configure router R1 for LAN-to-LAN communication with router R2? The enterprise network address is /24 and the routing protocol in use is RIP. (Choose three.) A. R1(config)# interface ethernet 0 R1(config-if)# ip address R1(config-if)# no shutdown B. R1(config)# interface ethernet 0 R1(config-if)# ip address R1(config-if)# no shutdown

117 C. R1(config)# interface serial 0 R1(config-if)# ip address R1(config-if)# clock rate D. R1(config)# interface serial 0 R1(config-if)# ip address R1(config-if)# no shutdown E. R1(config)# router rip R1(config-router)# network R1(config-router)# network F. R1(config)# router rip R1(config-router)# version 2 R1(config-router)# network Answer: ADF Section: Chapter 6: IP Routing QUESTION 240 A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two.) A. Configure port Fa0/1 to accept connections only from the static IP address of the server. B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors. C. Configure the MAC address of the server as a static entry associated with port Fa0/1. D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address. E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server. F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1. Answer: CE Section: Chapter 9: Switching 服务器接到 f0/1 口, 有什么方法使仅服务器才能接入? B: 静态配置 ARP E:port security QUESTION 241 The internetwork infrastructure of company XYZ consists of a single OSPF area as shown in the graphic. There is concern that a lack of router resources is impeding internetwork performance. As part of examining the router resources, the OSPF DRs need to be known. All the router OSPF priorities are at the default and the router IDs are shown with each router. Which routers are likely to have been elected as DR? (Choose two.)

118 A. Corp-1 B. Corp-2 C. Corp-3 D. Corp-4 E. Branch-1 F. Branch-2 Answer: DF Section: Chapter 6: IP Routing DR 的选举 1 一个多路访问网段中选举 2 优先级大的当选 ; 优先级相同,RID 大的当选 如图中两个椭圆的多路网络中选举 QUESTION 242 At which layers of the OSI model do WANs operate? (Choose two.) A. application layer B. session layer C. transport layer D. network layer E. datalink layer F. physical layer Answer: EF Section: Chapter 14: Wide Area Network (WAN) QUESTION 243 Which routing protocols can be used within the enterprise network shown in the diagram? (Choose three.)

119 A. RIP v1 B. RIP v2 C. IGRP D. OSPF E. BGP F. EIGRP Answer: BDF Section: Chapter 6: IP Routing 由图中可知, 使用 IGP 路由协议, 需支持无类路由 QUESTION 244 Refer to the graphic. R1 is unable to establish an OSPF neighbor relationship with R3. What are possible reasons for this problem? (Choose two.) A. All of the routers need to be configured for backbone Area 1. B. R1 and R2 are the DR and BDR, so OSPF will not establish neighbor adjacency with R3. C. A static route has been configured from R1 to R3 and prevents the neighbor adjacency from being established. D. The hello and dead interval timers are not set to the same values on R1 and R3. E. EIGRP is also configured on these routers with a lower administrative distance. F. R1 and R3 are configured in different areas. Answer: DF Section: Chapter 6: IP Routing 影响 OSPF 邻居形成的几个因素 : 区域 ID,hello 时间, 网段, 认证等

120 A: 所有的路由器需配置在区域 1, 错误 B:R1/R2 是 DR/BDR, 所以 OSPF 不会和 R3 建立邻居关系. C: 配置了静态路由保护了邻居的建立, 错误 D:hello 包周期不一致, 正确 E: 配置了 EIGRP 错误 F:R1 和 R3 配置了不同的区域 正确 QUESTION 245 Which statements are true about EIGRP successor routes? (Choose two.) A. A successor route is used by EIGRP to forward traffic to a destination. B. Successor routes are saved in the topology table to be used if the primary route fails. C. Successor routes are flagged as "active" in the routing table. D. A successor route may be backed up by a feasible successor route. E. Successor routes are stored in the neighbor table following the discovery process. Answer: AD Section: Chapter 6: IP Routing successor router 是最优路径的下一跳 A: 被用作转发流量, 正确 B: 保存在拓扑库中, 当主路由失败时被使用, 错误 C: 在路由表中显示为 active, 错误 在数据库中的显示 D:FS 做为一个备份路由 正确 E: 后继路由器存储在邻居表中, 错误 在拓扑库中 QUESTION 246 Refer to the diagram. All hosts have connectivity with one another. Which statements describe the addressing scheme that is in use in the network? (Choose three.) A. The subnet mask in use is B. The subnet mask in use is C. The IP address can be assigned to hosts in VLAN1 D. The IP address can be assigned to hosts in VLAN1 E. The LAN interface of the router is configured with one IP address. F. The LAN interface of the router is configured with multiple IP addresses. Answer: BCF Section: Chapter 10: VLAN

121 1 子网掩码要使两个 IP 处于不同网段 把一个 C 类划分成两个子网 2 在路由器上配置子接口, 用单臂路由实现通信 QUESTION 247 Refer to the diagram. Which three statements describe the router port configuration and the switch port configuration as shown in the topology? (Choose three.) A. The Router1 WAN port is configured as a trunking port. B. The Router1 port connected to Switch1 is configured using subinterfaces. C. The Router1 port connected to Switch1 is configured as 10 Mbps. D. The Switch1 port connected to Router1 is configured as a trunking port. E. The Switch1 port connected to Host B is configured as an access port. F. The Switch1 port connected to Hub1 is configured as full duplex. Answer: BDE Section: Chapter 10: VLAN 1 使用单臂路由 2 交换机互联路由器的接口需配置成 trunk 模式. 3 交换机连主机的接口配置成 access 模式 QUESTION 248 Which routing protocols will support the following IP addressing scheme? (Choose three.) Network /26 Network /27 Network /27 Network /30 Network /30 A. RIP version 1 B. RIP version 2 C. IGRP D. EIGRP E. OSPF

122 Answer: BDE Section: Chapter 6: IP Routing 必须使用支持无类路由的路由协议 RIPv1,IGRP 属于有类路由协议 QUESTION 249 Refer to the partial command output shown. Which two statements are correct regarding the router hardware? (Choose two.) A. Total RAM size is 32 KB. B. Total RAM size is KB (16 MB). C. Total RAM size is KB (64 MB). D. Flash size is 32 KB. E. Flash size is KB (16 MB). F. Flash size is KB (64 MB). Answer: CE Section: Chapter 4: Introduction to Cisco IOS QUESTION 250 The Ethernet networks connected to router R1 in the graphic have been summarized for router R2 as /20. Which of the following packet destination addresses will R2 forward to R1, according to this summary? (Choose two.)

123 A B C D E F Answer: AD Section: Chapter 6: IP Routing /20 所属网络的范围是 : / /20 QUESTION 251 The show interfaces serial 0/0 command resulted in the output shown in the graphic. What are possible causes for this interface status? (Choose three.) A. The interface is shut down. B. No keepalive messages are received. C. The clockrate is not set. D. No loopback address is set. E. No cable is attached to the interface. F. There is a mismatch in the encapsulation type. Answer: BCF Section: Chapter 4: Introduction to Cisco IOS 串口通过 keepalive 包保活端口 协议层 down 通常是时钟, 封装, 线缆使用不对造成 QUESTION 252 Which of the following describe private IP addresses? (Choose two.) A. addresses chosen by a company to communicate with the Internet B. addresses that cannot be routed through the public Internet C. addresses that can be routed through the public Internet D. a scheme to conserve public addresses E. addresses licensed to enterprises or ISPs by an Internet registry organization Answer: BD Section: Chapter 3: IP Addressing and VLSM

124 私有地址的特性 A: 可以和互联网通信, 错误 B: 不能和互联网通信, 正确 C: 能被互联网路由, 错误 D: 用于节省 IP 地址, 正确 通过 nat 实现 E: 需要经过授权使用, 错误 QUESTION 253 Refer to the exhibit. The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.) A. Configure the gateway on Host A as B. Configure the gateway on Host B as C. Configure the IP address of Host A as D. Configure the IP address of Host B as E. Configure the masks on both hosts to be F. Configure the masks on both hosts to be Answer: BD Section: Chapter 10: VLAN 考查 VLSM 网关和主机 IP 需在同一个子网 路由器子接口 IP 为这个 vlan 中主机的网关 QUESTION 254 A network associate is trying to understand the operation of the FLD Corporation by studying the network in the exhibit. The associate knows that the server in VLAN 4 provides the necessary resources to support the user hosts in the other VLANs. The associate needs to determine which interfaces are access ports. Which interfaces are access ports? (Choose three.)

125 A. Switch1 - Fa 0/2 B. Switch1 - Fa 0/9 C. Switch2 - Fa 0/3 D. Switch2 - Fa 0/4 E. Switch2 - Fa 0/8 F. Router - Fa 1/0 Answer: ACD Section: Chapter 10: VLAN 接主机的都需要设置为 access 口 QUESTION 255 Refer to the exhibit. Which destination addresses will Host A use to send data to Host B? (Choose two.) A. the IP address of Switch1 B. the IP address of Router1 Fa0/0 C. the IP address of HostB D. the MAC address of Switch1 E. the MAC address of Router1 Fa0/0

126 F. the MAC address of HostB Answer: CE Section: Chapter 6: IP Routing QUESTION 256 The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two.) A. Switch1(config-if)# switchport port-security maximum 1 B. Switch1(config)# mac-address-table secure C. Switch1(config)# access-list 10 permit ip host D. Switch1(config-if)# switchport port-security violation shutdown E. Switch1(config-if)# ip access-group 10 Answer: AD Section: Chapter 9: Switching QUESTION 257 Refer to the graphic. A static route to the /24 network is to be configured on the HFD router. Which commands will accomplish this? (Choose two.) A. HFD(config)# ip route fa0/0 B. HFD(config)# ip route C. HFD(config)# ip route fa0/0 D. HFD(config)# ip route E. HFD(config)# ip route F. HFD(config)# ip route Answer: CD Section: Chapter 6: IP Routing 考点 : 静态路由的配置方式下一跳可以写出口和邻居 IP

127 QUESTION 258 What should be done prior to backing up an IOS image to a TFTP server? (Choose three.) A. Make sure that the server can be reached across the network. B. Check that authentication for TFTP access to the server is set. C. Assure that the network server has adequate space for the IOS image. D. Verify file naming and path requirements. E. Make sure that the server can store binary files. F. Adjust the TCP window size to speed up the transfer. Answer: ACD Section: Chapter 5: Managing Cisco IOS 考点 : 考查升级 IOS 时的注意事项 1 确保网络连通性,2 确保设备有存放 IOS 的空间,3 确认文件的路径和名字综上所述,ACD QUESTION 259 What are the possible trunking modes for a switch port? (Choose three.) A. transparent B. auto C. on D. desirable E. client F. forwarding Answer: BCD Section: Chapter 9: Switching 考点 : 考查交换机在 trunk 模式下的模式 auto: 不会主动发 DTP 信息 on: 强制成为 trunk, 也主动发 DTP 信息 desirable:dtp 主动模式, 发 DTP 和对方协商 QUESTION 260 The network has been divided into eight equal subnets. Which of the following IP addresses can be assigned to hosts in the third subnet if the ip subnet-zero command is configured on the router? (Choose three.) A B C D E F Answer: ACD Section: Chapter 3: IP Addressing and VLSM 考点 : 子网划分 被划分为 8 个子网, 并且设备配置了 ip subnet-zero 这条命令, 那个 ip 属于第三个子网

128 划分为 8 个子网, 网络位向主机位借了三位 八个子网分别为 : / / / / / / / /19 第三个子网的范围为 / /19 QUESTION 261 Refer to the graphic. Host 1 cannot receive packets from Host 2. Assuming that RIP v1 is the routing protocol in use, what is wrong with the IP configuration information shown? (Choose two.) A. The fa0/1 interface of router R2 has been assigned a broadcast address. B. The fa0/1 network on router R2 overlaps with the LAN attached to R1. C. Host 2 has been assigned the incorrect subnet mask. D. Host 1 has been configured with the subnet mask. E. Host 2 on router R2 is on a different subnet than its gateway. Answer: BC Section: Chapter 6: IP Routing A:f0/1 被配置为广播地址, 错误 /22 的广播地址是 /22 B: /20 的范围是 : /0, 和 R2 f0/1 的网段重合, 正确 C: 正确 D: 明显和给出信息不同 E: 处于同一个网段, 错误 QUESTION 262 What are three valid reasons to assign ports to VLANs on a switch? (Choose three.) A. to make VTP easier to implement B. to isolate broadcast traffic C. to increase the size of the collision domain D. to allow more devices to connect to the network E. to logically group hosts according to function

129 F. to increase network security Answer: BEF Section: Chapter 10: VLAN 考点 : 考查 vlan 的特性, 选出三个把端口分配到 vlan 的原因 A: 使 VTP 更容易部署, 错误, 答非所问 B: 限制广播流量, 正确 C: 较少冲突域的范围, 错误, 没有这个作用 D: 允许更多的设备接入, 错误, 答非所问 E: 逻辑划分网段, 正确, 一个 vlan 一个网段 F: 增加网络安全, 正确 不同 vlan 不能直接通信 QUESTION 263 Refer to the topology shown in the exhibit. Which ports will be STP designated ports if all the links are operating at the same bandwidth? (Choose three.) A. Switch A - Fa0/0 B. Switch A - Fa0/1 C. Switch B - Fa0/0 D. Switch B - Fa0/1 E. Switch C - Fa0/0 F. Switch C - Fa0/1 Answer: BCD Section: Chapter 9: Switching B 的 mac 最小为根桥,B 的俩端口为指定端口. A 的 F0/0 和 C 的 F0/0 为根端口 A 的 mac 较小,A 的 F0/1 为指定端口,C 的 F0/1 堵塞 QUESTION 264 Which statements describe two of the benefits of VLAN Trunking Protocol? (Choose two.) A. VTP allows routing between VLANs. B. VTP allows a single switch port to carry information to more than one VLAN. C. VTP allows physically redundant links while preventing switching loops. D. VTP simplifies switch administration by allowing switches to automatically share VLAN configuration information. E. VTP helps to limit configuration errors by keeping VLAN naming consistent across the VTP domain.

130 F. VTP enhances security by preventing unauthorized hosts from connecting to the VTP domain. Answer: DE Section: Chapter 10: VLAN 考点 : 考查 VTP 的特性 A: 允许 vlan 间路由, 错误, 答非所问 B: 允许单一链路承载多个 vlan 信息, 错误, 答非所问 C: 允许物理冗余, 错误, 这个是 STP 的功能 D: 自动分享 vlan 配置信息, 正确 E: 减少 vtp 域中 vlan 名字错误配置, 正确, 仅需配置一个, 其他的自带学习, 减少配置量从而减少错误概率 F: 增强安全性, 未通过认证的主机不能加入 错误 没有这个功能 QUESTION 265 What are two results of entering the Switch(config)# vtp mode client command on a Catalyst switch? (Choose two.) A. The switch will ignore VTP summary advertisements. B. The switch will forward VTP summary advertisements. C. The switch will process VTP summary advertisements. D. The switch will originate VTP summary advertisements. E. The switch will create, modify and delete VLANs for the entire VTP domain. Answer: BC Section: Chapter 10: VLAN 考点 : 考查 vtp 的 client 模式特性, 不能增加, 删除, 修改 vlan, 只能从 sever 的报文中接收 A: 忽略 VTP 信息, 错误 B: 转发 vtp 信息, 正确 C: 处理 vtp 信息, 正确 D: 自己产生 vtp 通告, 错误 E: 创建, 修改, 删除 vlan, 错误 QUESTION 266 A network administrator issues the ping command and successfully tests connectivity to a host that has been newly connected to the network. Which protocols were used during the test? (Choose two.) A. ARP B. CDP C. DHCP D. DNS E. ICMP Answer: AE Section: Chapter 2: TCP/IP 考点 :ping 的数据包处理过程, 涉及两个协议 ARP, 用于获取目的 mac 地址 ;icmp,ping 调用的协议 QUESTION 267 Refer to the exhibit. Host A is to send data to Host B. How will Router1 handle the data frame received from Host A? (Choose three.)

131 A. Router1 will strip off the source MAC address and replace it with the MAC address on the forwarding FastEthernet interface. B. Router1 will strip off the source IP address and replace it with the IP address on the forwarding FastEthernet interface. C. Router1 will strip off the destination MAC address and replace it with the MAC address of Host B. D. Router1 will strip off the destination IP address and replace it with the IP address of Host B. E. Router1 will forward the data frame out interface FastEthernet0/1. F. Router1 will forward the data frame out interface FastEthernet0/2. Answer: ACF Section: Chapter 6: IP Routing 考点 : 考查以太网环境中数据包从源到目的过程源 / 目的 ip 和 mac 地址的变化 源目 IP 不变, 源目 mac 变 A:R1 使用转发接口的 mac 替换源 MAC, 正确 B: 替换源 IP, 错误, 源 IP 不变 C: 替换目的 IP 为下一跳入接口的 mac, 正确 D: 替换目的 IP, 错误 E: 从 f0/1 转发数据, 错误, 根据 arp 表应该是 f0/2 QUESTION 268 Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.)

132 A. Router1 will strip off the source MAC address and replace it with the MAC address c B. Router1 will strip off the source IP address and replace it with the IP address C. Router1 will strip off the destination MAC address and replace it with the MAC address c D. Router1 will strip off the destination IP address and replace it with the IP address of E. Router1 will forward the data packet out interface FastEthernet0/1. F. Router1 will forward the data packet out interface FastEthernet0/2. Answer: ACF Section: Chapter 6: IP Routing 考点 : 数据通信过程源目 IP/mac 地址的变化 A: 源 MAC 替换为 f0/2 口的 mac, 正确 B: 替换源 IP, 错误 C: 替换目的 mac 为下一跳入口的 MAC, 正确 D: 替换目的 IP, 错误 E: 从 f0/1 转发数据, 错误 F: 正确 QUESTION 269 Refer to the exhibit. Host A pings Host B. What source MAC address and source IP address are contained in the frame as the frame leaves R2 destined for host B?

133 A. abcd.abcd.a001 B. abcd.abcd.b002 C. abcd.abcd.c003 D E F Answer: BD Section: Chapter 6: IP Routing 考查知识点和题目 51 一样 QUESTION 270 Refer to the exhibit. A network associate has configured OSPF with the command: City(config-router)# network area 0 After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.) A. FastEthernet0 /0 B. FastEthernet0 /1 C. Serial0/0 D. Serial0/1.102 E. Serial0/1.103 F. Serial0/1.104 Answer: BCD Section: Chapter 6: IP Routing 考点, 考查 ospf network 命令中反掩码的特性 , 相当于通告了 /26 的网络, 这个网络的范围 : /26 综上所述,BCD QUESTION 271 A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choose three.)

134 A. Erase flash. B. Restart the switch. C. Delete the VLAN database. D. Erase the running configuration. E. Erase the startup configuration. F. Modify the configuration register. Answer: BCE Section: Chapter 9: Switching 考点 : 考查恢复交换机出厂配置 有两点,1 配置信息, 保存在 startup-config 中 ;2 vlan 数据库, 存放在 vlan.dat 中 A: 删除 flash, 错误, 这样把 IOS 都删除了 B: 重启交换机, 正确, 删除后重启 C: 删除 vlan 数据库, 正确 QUESTION 272 Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server. What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.) A. access lists B. encrypted router passwords C. STP D. VLANs E. VTP F. wireless LANs Answer: AD Section: Chapter 10: VLAN 考点 : 考查 ACL 和 VLAN 的作用 通过 vlan 隔离网段, 通过 acl 实现控制一部分 IP 访问 QUESTION 273 Refer to the exhibit. What commands must be configured on the 2950 switch and the router to allow communication between host 1 and host 2? (Choose two.)

135 A. Router(config)# interface fastethernet 0/0 Router(config-if)# ip address Router(config-if)# no shut down B. Router(config)# interface fastethernet 0/0 Router(config-if)# no shut down Router(config)# interface fastethernet 0/0.1 Router(config-subif)# encapsulation dot1q 10 Router(config-subif)# ip address Router(config-subif)# interface fastethernet 0/0.2 Router(config-subif)# encapsulation dot1q 20 Router(config-subif)# ip address C. Router(config)# router eigrp 100 Router(config-router)# network Router(config-router)# network D. Switch1(config)# vlan database Switch1(config-vlan)# vtp domain XYZ Switch1(config-vlan)# vtp server E. Switch1(config)# interface fastethernet 0/1 Switch1(config-if)# switchport mode trunk F. Switch1(config)# interface vlan 1 Switch1(config-if)# ip default-gateway Answer: BE Section: Chapter 10: VLAN 考点 : 考查单臂路由的配置 路由器上使用子接口, 一个子接口对应一个 vlan, 封装 vlan id 交换机与路由器的互联口使用 trunk QUESTION 274 Which three Layer 2 encapsulation types would be used on a WAN rather than a LAN? (Choose three.) A. HDLC B. Ethernet C. Token Ring D. PPP E. FDDI

136 F. Frame Relay Answer: ADF Section: Chapter 14: Wide Area Network (WAN) 考点 : 考查广域网链路的二层封装协议主要有 HDLC,PPP,FR QUESTION 275 Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be the most effective steps to troubleshoot this physical layer problem? (Choose three.) A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports. B. Ensure that cables A and B are straight-through cables. C. Ensure cable A is plugged into a trunk port. D. Ensure the switch has power. E. Reboot all of the devices. F. Reseat all cables. Answer: BDF Section: Chapter 9: Switching 考点 : 考查交换机端口颜色的定义 绿色正常, 橘黄色有故障 A: 确认以太网封装是否匹配, 错误 封装错误不会在端口 LED 显示 B: 确认线缆 A/B 是否为直通线, 正确 异构设备使用直通线 C: 确认线缆 A 是否插到 trunk 口, 错误 D: 确认是否通电, 正确 E: 重启设备, 错误 F: 重置所有电缆, 正确 QUESTION 276 Refer to the exhibit. Which three statements are true about how router JAX will choose a path to the /24 network when different routing protocols are configured? (Choose three.)

137 A. By default, if RIPv2 is the routing protocol, only the path JAX-ORL will be installed into the routing table. B. The equal cost paths JAX-CHI-ORL and JAX- NY-ORL will be installed in the routing table if RIPv2 is the routing protocol. C. When EIGRP is the routing protocol, only the path JAX-ORL will be installed in the routing table by default. D. When EIGRP is the routing protocol, the equal cost paths JAX-CHI-ORL, and JAX-NY-ORL will be installed in the routing table by default. E. With EIGRP and OSPF both running on the network with their default configurations, the EIGRP paths will be installed in the routing table. F. The OSPF paths will be installed in the routing table, if EIGRP and OSPF are both running on the network with their default configurations. Answer: ADE Section: Chapter 6: IP Routing 本题还是路由选路的问题, 首先我们要知道 T1 线路的速率为 1.544M T3 线路的速率为 45M RIP 仅看 hop 不关心链路状态 eigrp 和 ospf 等协议的度量都是跟路带宽来计算的 所以要考察带宽的大小 QUESTION 277 Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)

138 A. With a network wide mask of , each interface does not require an IP address. B. With a network wide mask of , each interface does require an IP address on a unique IP subnet. C. With a network wide mask of , must be a Layer 2 device for the PCs to communicate with each other. D. With a network wide mask of , must be a Layer 3 device for the PCs to communicate with each other. E. With a network wide mask of , each interface does not require an IP address. Answer: BDE Section: Chapter 6: IP Routing 本题是子网问题 如果掩码为 的话 那么这个设备的两个接口肯定要在不同的子网 因为 与 就属于不同的子网 其实这题, 主要考察的事掩码的问题 如果想中间的设备不需要三层设备作路由那么两边必须在同一个子网 需要在同一个子网 最小的掩码就是 QUESTION 278 Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two.) A. alternate B. backup C. designated D. disabled E. root Answer: CE Section: Chapter 9: Switching 不管是 802.1w 还是 802.1d 等 stp 协议 用来转发数据的接口都只有 dp 和 rp QUESTION 279 Refer to the exhibit. Given the output shown from this Cisco Catalyst 2950, what is the most likely reason that interface FastEthernet 0/10 is not the root port for VLAN 2? A. This switch has more than one interface connected to the root network segment in VLAN 2. B. This switch is running RSTP while the elected designated switch is running 802.1d Spanning Tree. C. This switch interface has a higher path cost to the root bridge than another in the topology. D. This switch has a lower bridge ID for VLAN 2 than the elected designated switch. Answer: C

139 Section: Chapter 9: Switching 在选举 rp 的时候 首先考虑的是到达跟桥 cost 最小的为 rp, 我个人认为在本交换机上对于 vlan2 也应该有一个 rp 从这图我们看到有两个 root 可以判断他有可能使用的事 pvst, 那么 pvst 对于每一个 vlan 每一个交换机应该有一个 rp, 只是我这个接口没有本 sw 上另外一个接口到达 rb 的 cost 小而已但这题的选项只有 C 更适合 QUESTION 280 Refer to the exhibit. The network administrator must establish a route by which London workstations can forward traffic to the Manchester workstations. What is the simplest way to accomplish this? A. Configure a dynamic routing protocol on London to advertise all routes to Manchester. B. Configure a dynamic routing protocol on London to advertise summarized routes to Manchester. C. Configure a dynamic routing protocol on Manchester to advertise a default route to the London router. D. Configure a static default route on London with a next hop of E. Configure a static route on London to direct all traffic destined for /22 to F. Configure Manchester to advertise a static default route to London. Answer: E Section: Chapter 6: IP Routing london 要访问 manchester 的主机, 那么我们只要知道那个一个静态路由讲数据包发出去就可以, 通过子网汇总 /22 可以代表 manchester 的 3 个网段 并且制定吓一跳为 QUESTION 281 Refer to the exhibit. This command is executed on 2960Switch: 2960Switch(config)# mac-address-table static aa.aaaa vlan 10 interface fa0/1

140 Which two of these statements correctly identify results of executing the command? (Choose two.) A. Port security is implemented on the fa0/1 interface. B. MAC address aa.aaaa does not need to be learned by this switch. C. Only MAC address aa.aaaa can source frames on the fa0/1 segment. D. Frames with a Layer 2 source address of aa.aaaa will be forwarded out fa0/1. E. MAC address aa.aaaa will be listed in the MAC address table for interface fa0/1 only. Answer: BE Section: Chapter 9: Switching 我们在一个接口静态制定了 mac 地址的话 那么这个接口指接搜这个 mac 地址的 frame, 并且 mac 地址会保存在 mac add table 表明是 static 制定的 QUESTION 282 Which of the following describes the roles of devices in a WAN? (Choose three.) A. A CSU/DSU terminates a digital local loop. B. A modem terminates a digital local loop. C. A CSU/DSU terminates an analog local loop. D. A modem terminates an analog local loop. E. A router is commonly considered a DTE device. F. A router is commonly considered a DCE device. Answer: ADE Section: Chapter 14: Wide Area Network (WAN) csu/dsu 是用来阻止数字环路的, 而猫是用来阻止模拟环路的 路由器是 DTE 设备 所以必须需要 DCE 设备来给其提供时钟同步 QUESTION 283 What are two characteristics of Telnet? (Choose two.) A. It sends data in clear text format. B. It is no longer supported on Cisco network devices. C. It is more secure than SSH. D. It requires an enterprise license in order to be implemented. E. It requires that the destination device be configured to support Telnet connections. Answer: AE Section: Chapter 2: TCP/IP

141 telnet 在数据传递的时候是明文的 不够安全 并且如果要对设备使用 telnet 我们要在 vty 线路下配置密码, 并且要允许 telnet 连接到设备 QUESTION 284 What are two security appliances that can be installed in a network? (Choose two.) A. ATM B. IDS C. IOS D. IOX E. IPS F. SDM Answer: BE Section: Chapter 7: Security B. 入侵检测系统 E. 入侵防御系统 QUESTION 285 A single g access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF Section: Chapter 11: Wireless 能够对 g 有干扰的, 应该都是工作在 2.4G 左右的设备 比如说微波炉, 无绳电话, 金属对于无线是有吸附作用的 可能会引起信号的衰竭 QUESTION 286 A host is attempting to send data to another host on a different network. What is the first action that the sending host will take? A. Drop the data. B. Send the data frames to the default gateway. C. Create an ARP request to get a MAC address for the receiving host. D. Send a TCP SYN and wait for the SYN ACK with the IP address of the receiving host. Answer: C Section: Chapter 2: TCP/IP 主机要发送数据的话 首先要请求到网关或者下一跳的 mac 地址进行二层的封装

142 QUESTION 287 Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.) A. The area of overlap of the two cells represents a basic service set (BSS). B. The network diagram represents an extended service set (ESS). C. Access points in each cell must be configured to use channel 1. D. The area of overlap must be less than 10% of the area to ensure connectivity. E. The two APs should be configured to operate on different channels. Answer: BE Section: Chapter 11: Wireless QUESTION 288 Which two devices can interfere with the operation of a wireless network because they operate on similar frequencies? (Choose two.) A. copier B. microwave oven C. toaster D. cordless phone E. IP phone F. AM radio Answer: BD Section: Chapter 11: Wireless 能够对 wireless g 有干扰的, 应该都是工作在 2.4G 左右的设备 比如说微波炉, 无绳电话, 金属对于无线是有吸附作用的 可能会引起信号的衰竭

143 QUESTION 289 Which two statements describe characteristics of IPv6 unicast addressing? (Choose two.) A. Global addresses start with 2000::/3. B. Link-local addresses start with FE00:/12. C. Link-local addresses start with FF00::/10. D. There is only one loopback address and it is ::1. E. If a global address is assigned to an interface, then that is the only allowable address for the interface. Answer: AD Section: Chapter 13: IPv6 ipv6 的常规问题,globaladdress 的其实段位 2000::/3 这个是定义好了的,D 选项说的是换回地址, 也就是 ipv4 的 这个类似的. 所以 D 正确 QUESTION 290 Refer to the exhibit. Which statement is true? A. The Fa0/11 role confirms that SwitchA is the root bridge for VLAN 20. B. VLAN 20 is running the Per VLAN Spanning Tree Protocol. C. The MAC address of the root bridge is d D. SwitchA is not the root bridge, because not all of the interface roles are designated. Answer: D Section: Chapter 9: Switching stp 对于 RB 所有的接口都是 dp QUESTION 291 Which two of these statements are true of IPv6 address representation? (Choose two.)

144 A. There are four types of IPv6 addresses: unicast, multicast, anycast, and broadcast. B. A single interface may be assigned multiple IPv6 addresses of any type. C. Every IPv6 interface contains at least one loopback address. D. The first 64 bits represent the dynamically created interface ID. E. Leading zeros in an IPv6 16 bit hexadecimal field are mandatory. Answer: BC Section: Chapter 13: IPv6 每个 Ipv6 接口至少包括一个环回口地址 : 由 mac 地址转换不用手动设置 QUESTION 292 What are three basic parameters to configure on a wireless access point? (Choose three.) A. SSID B. RTS/CTS C. AES-CCMP D. TKIP/MIC E. RF channel F. authentication method Answer: AEF Section: Chapter 11: Wireless wireless 三要素 ssid RF channel 以及认证需求 QUESTION 293 A system administrator installed a new switch using a script to configure it. IP connectivity was tested using pings to SwitchB. Later attempts to access NewSwitch using Telnet from SwitchA failed. Which statement is true? A. Executing password recovery is required. B. The virtual terminal lines are misconfigured. C. Use Telnet to connect to RouterA and then to NewSwitch to correct the error. D. Power cycle of NewSwitch will return it to a default configuration. Answer: B Section: Chapter 9: Switching B. 虚拟终端 (VTY) 配置不正确 QUESTION 294 Which two of these statements regarding RSTP are correct? (Choose two.) A. RSTP cannot operate with PVST+. B. RSTP defines new port roles. C. RSTP defines no new port states. D. RSTP is a proprietary implementation of IEEE 802.1D STP. E. RSTP is compatible with the original IEEE 802.1D STP.

145 Answer: BE Section: Chapter 9: Switching RSTP 定义了新的端口类型, 包括隔离端口, 备份端口等,rstp 如果与 stp 同时存在的话 那么将兼容成 stp QUESTION 295 Which three of these statements regarding 802.1Q trunking are correct? (Choose three.) A Q native VLAN frames are untagged by default. B Q trunking ports can also be secure ports. C Q trunks can use 10 Mb/s Ethernet interfaces. D Q trunks require full-duplex, point-to-point connectivity. E Q trunks should have native VLANs that are the same at both ends. Answer: ACE Section: Chapter 10: VLAN 802.1q native vlan 是不做标记的, 并且在 trunk 两边的 native 需要一致 QUESTION 296 Refer to the exhibit. Each of these four switches has been configured with a hostname, as well as being configured to run RSTP. No other configuration changes have been made. Which three of these show the correct RSTP port roles for the indicated switches and interfaces? (Choose three.) A. SwitchA, Fa0/2, designated B. SwitchA, Fa0/1, root C. SwitchB, Gi0/2, root D. SwitchB, Gi0/1, designated E. SwitchC, Fa0/2, root F. SwitchD, Gi0/2, root Answer: ABF

146 Section: Chapter 9: Switching stp 的问题, 我们可以通过 mac 地址确定跟桥为 switchc, 那么 C 上的端口都为 dp,a 的 f0/1,d 的 g0/2 为 rp, 那么 B 哪一个是 RP 呢 从 D 过来的 bpdu 的 cost 都为 23, 从 a 过来的为 19+19=38, 所以 B 的 rp 为 gi0/1, 那么阻塞端口应该在 A 和 B 之间的网段,A 的 f0/2 这个网段收到的 BPDUcost 最小为 19, 而 B 的 g0/2 收到的 BPDUcost 最小应该为 23, 所以 B 的 g0/2 应为 BLK.1G 链路的 cost 为 4,100M 链路 cost 为 M 链路 cost 为 19.1G 链路 cost 为 4. QUESTION 297 Refer to the exhibit. A junior network administrator was given the task of configuring port security on SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is detected, the port is to drop frames from this device. The administrator configured the interface and tested it with successful pings from PC_A to RouterA, and then observes the output from these two show commands. Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.) A. Port security needs to be globally enabled. B. Port security needs to be enabled on the interface. C. Port security needs to be configured to shut down the interface in the event of a violation. D. Port security needs to be configured to allow only one learned MAC address. E. Port security interface counters need to be cleared before using the show command. F. The port security configuration needs to be saved to NVRAM before it can become active. Answer: BD Section: Chapter 9: Switching 题目要求, 只允许 PCA 在 f0/1 口, 那么我们首先要设置 port-security, 并且 mac 最大为 1, 而且还要是用 sticky

147 来记录 pc-a 的 mac, 这样就可以达到 f0/1 只能为 pc-a 使用 QUESTION 298 Which of the following correctly describe steps in the OSI data encapsulation process? (Choose two.) A. The transport layer divides a data stream into segments and may add reliability and flow control information. B. The data link layer adds physical source and destination addresses and an FCS to the segment. C. Packets are created when the network layer encapsulates a frame with source and destination host addresses and protocol-related control information. D. Packets are created when the network layer adds Layer 3 addresses and control information to a segment. E. The presentation layer translates bits into voltages for transmission across the physical link. Answer: AD Section: Chapter 1: Introduction 传输层将数据分段, 并且加入 flow control 等信息 在网络层就将数据进行打包, 并加上 ip 包头, 链路层 将包进行成 Frame, 封装二层头部 QUESTION 299 For which type of connection should a straight-through cable be used? A. switch to switch B. switch to hub C. switch to router D. hub to hub E. router to PC Answer: C Section: Chapter 1: Introduction 直通线连接在不同的设备之上, 所以这里我们选择不同的设备之间的连接 QUESTION 300 Which set of commands is recommended to prevent the use of a hub in the access layer? A. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security maximum 1 B. switch(config-if)#switchport mode trunk switch(config-if)#switchport port-security mac-address 1 C. switch(config-if)#switchport mode access switch(config-if)#switchport port-security maximum 1 D. switch(config-if)#switchport mode access switch(config-if)#switchport port-security mac-address 1 Answer: C Section: Chapter 9: Switching 说怎么解决接入层接 hub 的问题, 防止介入 hub 可以使用 port-security 限制端口的 mac 地址数量就解决了 QUESTION 301

148 How many bits are contained in each field of an IPv6 address? A. 24 B. 4 C. 8 D. 16 Answer: D Section: Chapter 13: IPv6 QUESTION 302 By default, each port in a Cisco Catalyst switch is assigned to VLAN1. Which two recommendations are key to avoid unauthorized management access? (Choose two.) A. Create an additional ACL to block the access to VLAN 1. B. Move the management VLAN to something other than default. C. Move all ports to another VLAN and deactivate the default VLAN. D. Limit the access in the switch using port security configuration. E. Use static VLAN in trunks and access ports to restrict connections. F. Shutdown all unused ports in the Catalyst switch. Answer: BF Section: Chapter 10: VLAN 题目要求管理未经授权的访问, 这里我们可以将管理 vlan 设置成其他的, 并且把所有不使用的接口都关闭这是最简单也是比较有效的方法 QUESTION 303 Which Cisco Catalyst feature automatically disables the port in an operational PortFast upon receipt of a BPDU? A. BackboneFast B. UplinkFast C. Root Guard D. BPDU Guard E. BPDU Filter Answer: D Section: Chapter 9: Switching bpduguard 如果开启了 那么在 access 接口接受到了 bpdu 的话,switch 认为可能是一种攻击 会将接口进入 err-disable QUESTION 304 Which type of cable is used to connect the COM port of a host to the COM port of a router or switch? A. crossover B. straight-through C. rolled

149 D. shielded twisted-pair Answer: C Section: Chapter 4: Introduction to Cisco IOS com-com 使用的是 rolled 线缆 QUESTION 305 What is known as "one-to-nearest" addressing in IPv6? A. global unicast B. anycast C. multicast D. unspecified address Answer: B Section: Chapter 13: IPv6 QUESTION 306 Which option is a valid IPv6 address? A. 2001:0000:130F::099a::12a B. 2002:7654:A1AD:61:81AF:CCC1 C. FEC0:ABCD:WXYZ:0067::2A4 D. 2004:1:25A4:886F::1 Answer: D Section: Chapter 13: IPv6 A. 只能一个冒号 B. 应该 8 个字段 C.16 进制没有 WXYZ QUESTION 307 Which layer of the OSI reference model uses the hardware address of a device to ensure message delivery to the proper host on a LAN? A. physical B. data link C. network D. transport Answer: B Section: Chapter 1: Introduction 物理地址是在 datalink 上用来寻址的, 比如说以太网的 mac 地址 QUESTION 308 Which layer of the OSI reference model uses flow control, sequencing, and acknowledgements to ensure

150 that reliable networking occurs? A. data link B. network C. transport D. presentation E. physical Answer: C Section: Chapter 1: Introduction QUESTION 309 What is the principle reason to use a private IP address on an internal network? A. Subnet strategy for private companies. B. Manage and scale the growth of the internal network. C. Conserve public IP addresses so that we do not run out of them. D. Allow access reserved to the devices. Answer: C Section: Chapter 3: IP Addressing and VLSM 内部网络使用了私有地址, 如果不使用 nat 的话我们是没办法访问外部网络的 因为公共网络不会给私有地址路由 QUESTION 310 Which IP address can be assigned to an Internet interface? A B C D Answer: B Section: Chapter 3: IP Addressing and VLSM QUESTION 311 What will happen if a private IP address is assigned to a public interface connected to an ISP? A. Addresses in a private range will be not routed on the Internet backbone. B. Only the ISP router will have the capability to access the public network. C. The NAT process will be used to translate this address in a valid IP address. D. Several automated methods will be necessary on the private network. E. A conflict of IP addresses happens, because other public routers can use the same range. Answer: A Section: Chapter 3: IP Addressing and VLSM

151 内部网络使用了私有地址, 如果不使用 nat 的话我们是没办法访问外部网络的 因为公共网络不会给私有地址路由 QUESTION 312 When is it necessary to use a public IP address on a routing interface? A. Connect a router on a local network. B. Connect a router to another router. C. Allow distribution of routes between networks. D. Translate a private IP address. E. Connect a network to the Internet. Answer: E Section: Chapter 3: IP Addressing and VLSM 如果在网络中使用了公有地址 那么肯定是想将网络链入 internet QUESTION 313 What is the first 24 bits in a MAC address called? A. NIC B. BIA C. OUI D. VAI Answer: C Section: Chapter 1: Introduction mac 地址的前 24 为称为组织唯一标识 (OUI) 也就是固定分配的 QUESTION 314 In an Ethernet network, under what two scenarios can devices transmit? (Choose two.) A. when they receive a special token B. when there is a carrier C. when they detect no other devices are sending D. when the medium is idle E. when the server grants access Answer: CD Section: Chapter 1: Introduction 考查的 CSMA/CD 问题, 在 ethernet 中如果检测到没有其他的设备在发送信息, 网络是空闲状态, 那么自己才发送信息 QUESTION 315 Which term describes the process of encapsulating IPv6 packets inside IPv4 packets? A. tunneling B. hashing

152 C. routing D. NAT Answer: A Section: Chapter 13: IPv6 将 ipv6 的包封装成 ipv4 的包 那么这里显然使用的是 6-to-4tunnel 达到 ipv6 和 ipv4 的兼容问题 QUESTION 316 Which statement about RIPng is true? A. RIPng allows for routes with up to 30 hops. B. RIPng is enabled on each interface separately. C. RIPng uses broadcasts to exchange routes. D. There can be only one RIPng process per router. Answer: B Section: Chapter 13: IPv6 在配置 ripng 的时候 我们需要到街口下一个一个敲命令 ipv6 rip X QUESTION 317 Which statement about IPv6 is true? A. Addresses are not hierarchical and are assigned at random. B. Only one IPv6 address can exist on a given interface. C. There are 2.7 billion addresses available. D. Broadcasts have been eliminated and replaced with multicasts. Answer: D Section: Chapter 13: IPv6 ipv6 在地址规划的时候并没有 ipv4 的 broadcast, 但是新增了一个 anycast QUESTION 318 Which line from the output of the show ip interface command indicates a layer 1 problem? A. Serial0/1 is up, line protocol is down B. Serial0/1 is down, line protocol is down C. Serial0/1 is up, line protocol is up D. Serial0/1 is administratively down, line protocol is down Answer: B Section: Chapter 4: Introduction to Cisco IOS layer 1 如果出现了问题 那么接口肯定是一个双 down, 这里 B 是自然 down 而 D 是管理型关闭 这里大家要注意 QUESTION 319 A network admin wants to know every hop the packets take when he accesses cisco.com. Which command is the most appropriate to use?

153 A. path cisco.com B. debug cisco.com C. trace cisco.com D. traceroute cisco.com Answer: D Section: Chapter 2: TCP/IP 问怎么知道 cisco.com 的 packet 经过的路径 那么我们需要时用 traceroute 来查看到达 cisco.com 所经过的下一跳 QUESTION 320 When a host transmits data across a network to another host, which process does the data go through? A. standardization B. conversion C. encapsulation D. synchronization Answer: C Section: Chapter 1: Introduction 数据在通过一个网络到另一个网络的时候. 我们需要进行数据包的封装. 比如说封装 ip 头部. 二层头部等信息. 从而保障网络寻址 QUESTION 321 An administrator attempts a traceroute but receives a "Destination Unreadable" message. Which protocol is responsible for that message? A. RARP B. RUDP C. ICMP D. SNMP Answer: C Section: Chapter 2: TCP/IP 问这个 message 是什么提供的. 我们一看这个肯定是 icmp 的回包 QUESTION 322 Which two commands correctly verify whether port security has been configured on port FastEthernet 0/12 on a switch?(choose two) A. SW1#show swithport port-security interface FastEthernet 0/12 B. SW1# show swithport port-secure interface FastEthernet 0/12 C. SW1# show port-secure interface FastEthernet 0/12 D. SW1#show running-config E. SW1#show port-security interface FastEthernet 0/12 Answer: DE Section: New-1

154 QUESTION 323 Which component of VPN technology ensures that data can be read only by its intended recipient? A. data integrity B. encryption C. key exchange D. authentication Answer: D Section: New-1 哪个 VPN 组件可以确保数据只能让预定的人读取 QUESTION 324 Refer to the exhibit.what is the effect of the configuration that is shown? A. It tells the router or switch to try establish an SSH connection first and if that fail to use telnet. B. Itconfigures a cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports. C. It allows seven failed login attempts before the VTY lines are temporarily shutdown. D. It configures the virtual terminal lines with the password E. It configures SSH globally for all logins. Answer: B Section: New-1 此条命令允许 5 条 SSH 虚链路 QUESTION 325 Which of the following are true regarding the debug output shown in the graphic?(choose two)

155 A. This router was configured with the commands: RtrA(config)#router rip RtrA(config-router)#version 2 RtrA(config-router)#network RtrA(config-router)#network B. This router was configured with the commands: RtrA(config)#router rip RtrA(config-router)#network RtrA(config-router)#network C. Network will be displayed in the routing table. D. Network will be displayed in the routing table. E. This router was configured with the commands: RtrA(config)#router rip RtrA(config-router)#network RtrA(config-router)#network RtrA(config-router)#network F. split-horizon was disabled on this router. Answer: BC Section: New-1 从信息中可以看到协议为 RIPv1, in 16 hops, 将要从路由表中清除 QUESTION 326 The network administrator is asked to configure 113 point-to-point links.which IP addressing scheme best defines the address range and subnet mask that meet the requirement and waste the fewest subnet and host addresses? A /18 subnetted with mask B /25 subnetted with mask C /24 subnetted with mask D /23 subnetted with mask E /16 subnetted with mask Answer: D

156 Section: New 个 point-to-point 链路而不是 IP 每个链路需要 2 个有效的 IP 地址, 即 2 个主机位 113 个需要 7 位, 一共需要 9 位, 所以掩码为 23 QUESTION 327 VLAN 3 is not yet configured on your switch.what happens if you set the switchport access vlan 3 commmand interface configuration mode? A. The command is accepted and the respective VLAN is added to vlan dat. B. The command is rejected. C. The command is accepted and you must configure the VLAN manually. D. The port turns amber. Answer: A Section: New-1 在 PT 和真机环境下回自动创建 vlan 切莫用路由器的 IOS 做此实验 QUESTION 328 Which parameter can be tuned to affect the selection of a static route as a backup.when a dynamic protocol is also being used? A. link bandwidth B. hop count C. link cost D. administrative distance E. link delay Answer: D Section: New-1 选择路由先看管理距离, 小的优先 QUESTION 329 Refer to the exhibit. In the Frame Relay network, which ip address would be assigned to the interfaces with point-to-poin PVCs?

157 A. DLCI 16: /24 DLCI 17: /24 DLCI 99: /24 DLCI 28: /24 B. DLCI 16: /24 DLCI 17: /24 DLCI 99: /24 DLCI 28: /24 C. DLCI 16: /24 DLCI 17: /24 DLCI 99: /24 DLCI 28: /24 D. DLCI 16: /24 DLCI 17: /24 DLCI 99: /24 DLCI 28: /24 Answer: B Section: New-1 虚链路为点对点,R2 为子接口, 每条虚链路各自一个网段 QUESTION 330 Why will a switch never learn a broadcast address? A. Broadcast frames are never sent to swiches. B. Broadcast addresses use an incorrect format for the switching table. C. A broadcast address will never be the source address of a frame. D. Broadcasts only use network layer addressing. E. A broadcast frame is never forwarded by a switch. Answer: C Section: New-1

158 QUESTION 331 Wich command can you use to manually assign a static IPV6 address to a router interface? A. ipv6 address PREFIX_1::1/64 B. ipv6 autoconfig 2001:db8:2222:7272::72/64 C. ipv6 autoconfig D. ipv6 address 2001:db8:2222:7272::72/64 Answer: D Section: New-1 IPv6 在路由器上设置地址的命令 QUESTION 332 The EIGRP configuration in the Glencoe router uses a single network statement.from the output shown in the graph would advertise these networks in EIGRP? A. network area 478 B. network C. network D. network area 478 Answer: B Section: New-1 此处要求用一条命令宣告 QUESTION 333 Which IPsec security protocol should be used when confidentiality is required? A. AH B. MD5 C. PSK D. ESP

159 Answer: D Section: New-1 封装安全载荷协议 Encapsulating Security Payload(ESP) QUESTION 334 What is the function of the command switchport trunk native vlan 999 on a switch? A. It designates VLAN 999 for untagged traffic. B. It blocks VLAN 999 traffic from passing on the trunk. C. It creates a VLAN 999 interface. D. It designates VLAN 999 as the default for all unkown tagged traffic. Answer: A Section: New-1 设置 vlan999 为本征 vlan, 交换机默认本征 vlan 为 vlan1. 此题正确答案为 A. QUESTION 335 Which command can be used from a PC to verfy the connectivity between host that connect through path? A. tracert address B. ping address C. arp address D. traceroute address Answer: A Section: New-1 traceroute 是路由器的命令 QUESTION 336 In which solution is a router ACL used? A. protecting a server frome unauthorized acces B. controlling path selection,based on the route metric C. reducing router CPU utilization D. filterring packets that are passing through a router Answer: D Section: New-1 ACL 应用在路由器, 提供包过滤的功能 QUESTION 337 Which statement is true, as relates to classful or classless routing? A. RIPV1 and OSPF are classless routing protocols.

160 B. Classful routing protocols send the subnet mask in routing updates. C. Automatic summarization at classful boundaries can cause problems on disc D. EIGRP and OSPF are classful routing protocols and summarize routes by def Answer: C Section: New-1 自动汇总会将 IP 地址汇总为主类地址, 必须手动关闭 QUESTION 338 A router has two FastEthernet interfaces and needs to connect to four vlans in the local network.how can you accomplish this task,using the fewest physical interfaces and without decreasing network performance? A. Add two more FastEthernet interfaces. B. Add a second router to handle the vlan traffic. C. Use a hub to connect the four vlans with a FastEthernet interface on router. D. Implement a router-on-a-stick configuration. Answer: D Section: New-1 设置一个单臂路由 QUESTION 339 Refer to the exhibit.how many broadcast domains are configured on switch2? A. 5 B. 20 C. 4 D. 1 Answer: C Section: New-1 一个 vlan 就是一个广播域 QUESTION 340 What is the effect of using the service password-encryption command?

161 A. nly passwords configured after the command has been entered will be encrypted. B. Only the enable password will be encrypted. C. Only the enable secret password will be encrypted D. It will encrypt the secret password and remove the enable secret password from the configuration. E. It will encrypt all current and future passwords. Answer: E Section: New-1 E. 加密已经有的和未来的密码 QUESTION 341 Refer to the exhibit.a technician has installed SwithchB and needs to configure it for remote access from the management workstation connected SwitchA Which set of commands is required to accomplish this task? A. SwitchB(config)#interface FastEthernet 0/1 SwitchB(config)#ip address SwitchB(config)#no shutdown B. SwitchB(config)#ip default-gateway SwitchB(config)#interface vlan 1 SwitchB(config)#ip address SwitchB(config)#no shutdown C. SwitchB(config)#interface vlan 1 SwitchB(config)#ip address SwitchB(config)#ip default-gateway SwitchB(config)#no shutdown D. SwitchB(config)#ip default-network SwitchB(config)#interface vlan 1 SwitchB(config)#ip address SwitchB(config)#no shutdown Answer: B Section: New-1 想要远程管理交换机需要在交换机上的配置,B 正确 QUESTION 342

162 Refer to the exhibit.the speed of all serial links is E1 and the speed of the all Ethernet links is 100Mb/s.A static route will be established on the Manchester router to the direct traffic toward the internet over the most direct path available.what configuration on the Manchester router will establish a router toward the internet for traffic that originates from workstation on the Manchester LAN? A. ip route B. ip route C. ip route D. ip route E. ip route F. ip route Answer: F Section: New-1 设置静态路由 QUESTION 343 What Frame Relay mechanism is used to build the map illustrated in the accompanying graphic? A. inverse multiplexing B. LMI maping C. Inverse ARP D. ARP E. Proxy ARP

163 Answer: C Section: New-1 帧中继使用 Inverse ARP 将 IP 地址解析为 DLCI 号 QUESTION 344 Refer to the exhibit.a network engineer is troubleshooting an internet connectivity problem on the computer.what is causing the problem? A. wrong DNS server B. wrong default gateway C. incorrect IP address D. incorrect subnet mask Answer: C Section: New-1 QUESTION 345 How many broadcast domains are shown in the graphic assuming only the default vlan is configured on the switches?

164 A. one B. six C. twelve D. two Answer: A Section: New-1 QUESTION 346 How dose a DHCP server dynamically assign IP address to host? A. Addresses are allocated after a negotiation between the server and the host to determine the length of the agreement. B. Addresses are assigned for a fixed period of time.at the end of period,a newquest for an address must be made,and another address is then assigned. C. Addresses are leased to host.a host will usually keep the same address by periodically contacting the DHCP sever to renew the lease. D. Addresses are permanently assigned so that the host uses the same address at all times. Answer: C Section: New-1 QUESTION 347 Which type of EIGRP route entry describes a feasible successor? A. a primary route,stored in the routing table B. a backup route,stored in the routing table C. a backup route,stored in the topology table D. a primary route,stored in the topology table Answer: C

165 Section: New-1 可行后继作为替补存在拓扑表中 QUESTION 348 What is the purpose of the inverse ARP? A. to map a known DLCI to an IP address B. to map a known IP address to a MAC address C. to map known SPID to a MACaddress D. to map a known DLCI to a MAC address E. to map a known IP address to a SPID. F. to map a known MAC address to an IP address Answer: A Section: New-1 反向 ARP 的作用, 前面已经讲过 QUESTION 349 What is the default maximum number of equal-cost paths that can be placed into the routing of a cisco OSPF router? A. 16 B. 2 C. unlimited D. 4 Answer: D Section: New-1 OSPF 默认等价均衡链路为 4 条 QUESTION 350 Which IPV6 routing protocol uses multicast group FF02::9 to send updates? A. RIPng B. OSPFv3 C. static D. IS-IS for IPv6 Answer: A Section: New-1 RIPng 通过组播地址 FF02::9 更新 QUESTION 351 What are two benefits of using NAT?(choose two) A. NAT protects network security because private networks are not advertised.

166 B. NAT accelerates the routing process because no modifications are made on the packets. C. Dynamic NAT facilitates connections from the outside of the network. D. NAT facilitates end-to-end communication when IPsec is enable. E. NAT eliminates the need to re-address all host that require extemal access. F. NAT conserves addresses through host MAC-level multiplexing. Answer: AE Section: New-1 E.NAT 消除了当需要外部链接时每个主机都需要一个不同 IP 地址 QUESTION 352 Which three statements about RSTP are true?(choose three) A. RSTP significantly reduces topology reconverging time after a link failure. B. RSTP expends the STP port roles by adding the alternate and backup roles. C. RSTP port atates are blocking,discarding,learing,or forwarding. D. RSTP also uses the STP proprsal-agreement sequence. E. RSTP use the same timer-baseed process as STP on point-to-point links. F. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does. Answer: ABF Section: New-1 A 能够减少汇聚时间 B 比 STP 增加了端口角色 alternat 和 backup F 在点到点链路提供比 STP 更快的传输和转发 QUESTION 353 Refer to the exhibit.the serial0/0 interface of the Tampa router connects the Oriando router.which two statements are true about the connection between these two routers?(choose two)

167 A. The only device with which the Tampa router will negotiate a data link is the Orlando router. B. Routing updates exchanged between the Orlando and Tampa routers are authenticated. C. The link uses a three-way handshake for authentication. D. The link uses a two-way handshake for authentication. E. Data exchanges between the Oriando and Tampa routers are encrypted. Answer: AC Section: New-1 QUESTION 354 A switch is configured as a vtp sever with a domain name of CCNA.Which cisco ios privileged mode command,followed by a reload of the swith,will reset the VTP management domain name of the switch to a NULL value? A. #vtp domain unset B. #delete vlan.dat C. #no vtp domain D. #vtp domain null Answer: B Section: New-1 删除 VTP 数据需要删掉 vlan 数据库并重启 QUESTION 355

168 If an Ethernet port on a router was assigned an IP address of /20,what is the maximum number of hosts allowed on this subnet? A B C D E Answer: A Section: New-1 2 的 12 次方减 2 QUESTION 356 Which two statements about static NAT translations are true?(choose two) A. They are always present in the NAT table. B. They allow connection to be initiated from the outside. C. They can be configured with access lists, to allow two or more connections to be initiated from the outside. D. They require no inside or outside interface markings because addresses are statically defined. Answer: AB Section: New-1 静态 NAT A 出现在 NAT 表中 B 允许来自外部的链接 QUESTION 357 Which of these represents an IPv6 link-local address? A. FE08::280e:611:a:f14f:3d69 B. FE81::280f:512b:e14f:3d69 C. FE80::380e:611a:e14f:3d69 D. FEFE:0345:5f1b::e14d:3d69 Answer: C Section: New-1 IPv6 本地地址 FE80 开头后面为本地 mac 地址 QUESTION 358 What are three features of the IPV6 protocol?(choose three) A. complicated header B. plug-and-play C. no broadcasts D. checksums E. optional IPsec

169 F. autoconfiguration Answer: BCF Section: New-1 B 即插即用 C 没广播地址 F 自动设置 QUESTION 359 Assuming default setting,how can you erase the VTP database of VLANs on a CISCO IOS switch running in VTP server mode? A. Enable VTP pruning B. From privileged mode,erase the startup configuration file,then reload. C. From privileged mode,erase the vlan date file, then reload. D. Cycle the switch power. Answer: C Section: New-1 删除 VTP 数据需要删掉 vlan 数据库并重启 QUESTION 360 Refer to the exhibit.which address and mask combination a summary of the routes learned by EIGRP? A B C D E F Answer: E Section: New-1 路由汇总一定要汇总为最小的网段

170 QUESTION 361 Refer to the exhibit A frame on vlan 1on switch s1 is sent to switch s2 when the frame is received on vlan 2,what causes this behavior? A. trunk mode mismatches B. vlans that do not correspond to a unique IP subnet C. native vlan mismatches D. allowing only vlan 2 on the destination. Answer: C Section: New-1 两交换机本征 vlan 不一样, 不能正常通信 QUESTION 362 Refer to the exhibit.the network administrator normally establishes a telnet session with the switch from host A.However,host A is unavailable.the administrator s attempt to the switch from host B fails,but pings to the other two hosts are successful.what is the issue?

171 A. Host B and the switch need to be in the same subnet. B. The switch needs and appropriate default gateway assigned. C. The switch interface connected to the router is down. D. Host B need to be assigned an IP address in vlan 1. Answer: B Section: New-1 远程管理交换机需要在交换机上设置 default gateway 和 vlan IP QUESTION 363 What value is primarily used to determine which port becomes the root port on each nonroot switch in a spanning-tree topology? A. lowest port MAC address B. port priority number and MAC address. C. VTP revision number D. highest port priority number. E. path cost Answer: E Section: New-1 此处为选举跟端口 选举跟桥先看优先级 QUESTION 364 Refer to the exhibit.router 1 was just successfully rebooted.identify the current OSPF router ID for Router 1.

172 A B C D Answer: A Section: New-1 router id 如果没有手动设置, 先选环回口最大 ip 地址, 没有环回口选物理端口最大 IP 地址 QUESTION 365 Why do large OSPF networks use a hierarchical design?(choose three) A. to confine network instability to single areas of the network. B. to reduce the complexity of router configuration C. to speed up convergence D. to lower costs by replacing routers with distribution layer switches E. to decrease latency by increasing bandwidth F. to reduce routing overhead Answer: ACF Section: New-1 QUESTION 366 A network administrator receives an error message while tring to configure the Ethernet interface of a router with IP address /29.which statement explains the reason for this issue? A. The address is a broadcast address B. The Ehernet interface is faulty C. VLSM-capable routing protocols must be enable first on the router. D. This address is a network address. Answer: D Section: New-1 此地址为网络地址

173 QUESTION 367 Which two are advantages of static routing when compared to dynamic routing?(choose two) A. Security increases because only the network administrator may change the routing tables. B. Configuration complexity decreases as network size increases. C. Routing updates are automatically sent to neighbors. D. Route summarization iscompued automatically by the router. E. Routing traffic load is reduced when used in stub network links F. An efficient algorithm is used to build routing tables,using automatic updates. G. Routing tables adapt automatically to topology changes. Answer: AE Section: New-1 静态路由相比动态路由的好处 QUESTION 368 A company has a small network,consisting of a single switch and a single router.the switch has been configured with two vlans,and route-on-a-stick is being configured on the router for inter-vlan routing.a trunk is configured to connect the switch to the router.what is the minimum number of router subinterfaces that are required for all the vlans to communicate? A. one B. three C. two D. zero Answer: C Section: New-1 单臂路由一个 vlan 需要一个子接口 QUESTION 369 Which command can be a router to verify the layer 3 path to a host? A. traceroute address B. tracert address C. ssh address D. telnet address Answer: A Section: New-1 tracert 是 windows 的命令 QUESTION 370 Which dose the frame-relay interface-dlci command configure? A. remote DLCI on the main interface B. local DLCI on the main interface C. local DLCI on the subinterface

174 D. remote DLCI on the subinterface Answer: C Section: New-1 只有子接口使用此命令 QUESTION 371 What is the OSPF default frequency,in seconds,at which a cisco router sends hello packets on a multiaccess network? A. 10 B. 40 C. 30 D. 20 Answer: A Section: New-1 OSPF 发送 hello 包默认 10s QUESTION 372 Refer to the exhibt.host A has tested connectivity to a remote network.what is the default gateway for host A? A B C D Answer: A Section: New-2 与外网通信先送网关 QUESTION 373 Which commands is necessary to permit SSH or Telnet access to a cisco switch that is otherwise configured for these vty line protocols? A. transport type all

175 B. transport output all C. transport preferred all D. transport input all Answer: D Section: New-2 D.define all protocols to use when to connecting to terminal server QUESTION 374 Which command shows your active Telnet connections? A. show session B. show cdp neighbors C. show users D. show queue Answer: A Section: New-2 哪一个命令显示活动的 telnet 对话 QUESTION 375 Which two states are the port states when RSTP has converged?(choose two) A. blocking B. learning C. disabled D. forwarding E. listening Answer: CD Section: New-2 此题是一道错题, 在 RSTP 中只有三种端口状态,Discarding Leaning 和 Forwarding, 汇聚之后的状态只有 Discarding Forwarding 选项中只有 D 正确 考试要选 CD, 能得分 QUESTION 376 There are no boot system commands in a router configuration in NVRAM.What is the fallback sequence that router will use to find an ios during reload? A. Flash,TFTP server,rom B. Flash,NVRAM,ROM C. ROM,NVRAM,TFTP server D. NVRAM,TFTP server,rom E. TFTP server,flash,nvram Answer: A Section: New-2

176 默认路由器加载 IOS 顺序 QUESTION 377 Refer to the graphic.a host is connected to switch port Fa0/3 with a crossover cable.the host and switch have as shown.however,the port indicator on switch port Fa0/3 is not on,and the host can not communicate with to vlan 2 on the same switch.based on the information given.what is the problem? A. The switch has been assigned an incorrect subnet mask. B. Switch port FA0/3 is not configured as a trunk port C. Switch port FA0/3 has been blocked by STP D. The switch and the hosts must be in the same subnet E. The cable is the wrong type Answer: E Section: New-2 电脑与交换机错用了交叉线 QUESTION 378 Refer to the exhibit.which user-mode password has just been set? A. Telnet B. Auxiliary C. SSH D. Console Answer: A Section: New-2

177 QUESTION 379 DNS servers provide what service? A. they run a spell check on host names to ensure accurate routing B. they map individual hosts to their specific IP address C. they convert domain names into IP address D. Given an IP address,they determine the name of the host that is Answer: C Section: New-2 域名解析 QUESTION 380 Which command enables RSTP on a switch? A. spanning-tree mode rapid-pvst B. spanning-tree uplinkfast C. spanning-tree backbonefast D. spanning-tree mode mst Answer: A Section: New-2 启用 RSTP 的命令 QUESTION 381 Which two are features of IPv6?(choose two) A. multicast B. broadcast C. allcast D. podcast E. anycast Answer: AE Section: New-2 A 组播 E 任意播 ipv6 没有广播 QUESTION 382 Which statement about access lists that are applied to an interface is true? A. you can apply multiple access lists with the same protocol or in different direction. B. you can config one access list,per direction,per layer 3 protocol C. you can place as many access lists as you want on any interface D. you can apply only one access list on any interface Answer: B

178 Section: New-2 一个端口可以配置 In out 两个 ACL, 正确答案为 B QUESTION 383 Which item represents the standard IP ACL? A. access-list 50 deny B. access-list 110 permit ip any any C. access-list 2500 deny tcp any host eq 22 D. access-list 101 deny tcp any host Answer: A Section: New-2 标准 ACL 范围 1-99 QUESTION 384 What is one benefit of PVST+? A. PVST+reduces the CPU cycles for all the switches in the network B. PVST+automatically selects the root bridge location,to provide optimized bandwidth usage. C. PVST+allow the root switch location to be optimized per vlan. D. PVST+supports Layer 3 load balancing without loops. Answer: C Section: New-2 QUESTION 385 The command frame-relay map ip broadcast was entered on the router.which of the following statement is true concering this command? A. The broadcast option allows packets,such as RIP updates,to be forwarded access the PVC. B. The command shoud be executed from the goble configuration mode. C. 102 is he remote DLCI that will recive the information. D. The ip address is the local router port used to forward date. E. This command is required for all Frame Rely configurations Answer: A Section: New-2 QUESTION 386 Refer to the exhibit,how many interfaces on R1 should be configured as ip nat inside to grant external access to the entire network?

179 A. 1 B. 3 C. 4 D. 5 Answer: C Section: New-2 R1 下面的端口分为了两个子端口, 在两个子端口上设置 ip nat inside QUESTION 387 Which can be done to secure the virtual terminal interfaces on a router?(choose two) A. Administratively shut down the interfaces. B. Physically secure the interfaces. C. Configure a virtual terminal password and login process. D. Enter an access list and apply it to the terminal interfaces using the access-class command. E. Create an access list and apply it to the terminal interfaces using the access-group command. Answer: CD Section: New-2 QUESTION 388

180 Refer to the exhibit,a network administrator cannot establish a telnet session with the indicated router.what is the cause of this failure? A. A level 5 password is not set B. The vty password is missing C. The console password is missing D. An ACL is blocking Telnet access Answer: B Section: New-2 QUESTION 389 Which protocol is an open standard protocol framework that is commonly used in VPNs,to provid secure end-to-end communication? A. L2TP B. IPsec

181 C. PPTP D. RSA Answer: B Section: New-2 QUESTION 390 Your boss is learning a CCNA training course, refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two) access-list 101 deny tcp any eq telnet access-list 101 permit ip any any A. source ip address: ; destination port: 21 B. source ip address:, destination port: 21 C. source ip address:, destination port: 21 D. source ip address:, destination port: 23 E. source ip address: ; destination port: 23 F. source ip address:, destination port: 23 Answer: DE Section: New-2 QUESTION 391 Refer to the graphic. It has been decided that PC1 should be denied access to Server. Which of the following commands are required to prevent only PC1 from accessing Server1 while allowing all other traffic to flow normally? (Choose two)

182 A. Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 out B. Router(config)# interface fa0/0 Router(config-if)# ip access-group 101 in C. Router(config)# access-list 101 deny ip host host Router(config)# access-list 101 permit ip any any D. Router(config)# access-list 101 deny ip Router(config)# access-list 101 permit ip any any Answer: BC Section: New-2 QUESTION 392 An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect? A. access-list 10 permit B. access-list 10 permit C. access-list 10 permit D. access-list 10 permit E. access-list 10 permit Answer: C Section: New-2 QUESTION 393 A network administrator wants to add a line to an access list that will block only Telnet access by the hosts on subnet /28 to the server at What command should be issued to accomplish this task? A. access-list 101 deny tcp eq 23 access-list 101 permit ip any any B. access-list 101 deny tcp eq 23 access-list 101 permit ip any any C. access-list 1 deny tcp eq 21 access-list 1 permit ip any any D. access-list 1 deny tcp host eq 23 access-list 1 permit ip any any Answer: A Section: New-2

183 QUESTION 394 As a network administrator, you have been instructed to prevent all traffic originating on the LAN from entering the R2 router. Which the following command would implement the access list on the interface of the R2 router? A. access-list 101 in B. access-list 101 out C. ip access-group 101 in D. ip access-group 101 out Answer: C Section: New-2 QUESTION 395 The following access list below was applied outbound on the E0 interface connected to the /29 LAN: access-list 135 deny tcp eq 20 any access-list 135 deny tcp eq 21 any How will the above access lists affect traffic? A. FTP traffic from will be denied B. No traffic, except for FTP traffic will be allowed to exit E0 C. FTP traffic from to any host will be denied D. All traffic exiting E0 will be denied E. All FTP traffic to network /29 will be denied Answer: D Section: New-2 QUESTION 396 The access control list shown in the graphic has been applied to the Ethernet interface of router R1 using the ip access-group 101 in command. Which of the following Telnet sessions will be blocked by this ACL? (Choose two)

184 A. from host PC1 to host B. from host PC1 to host C. from host PC2 to host D. from host PC2 to host Answer: BD Section: New-2 QUESTION 397 The following configuration line was added to router R1 Access-list 101 permit ip any What is the effect of this access list configuration? A. permit all packets matching the first three octets of the source address to all destinations B. permit all packet matching the last octet of the destination address and accept all source addresses C. permit all packet matching the host bits in the source address to all destinations D. permit all packet from the third subnet of the network address to all destinations Answer: A Section: New-2 QUESTION 398 A default Frame Relay WAN is classified as what type of physical network? A. point-to-point B. broadcast multi-access C. nonbroadcast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C Section: New-2

185 QUESTION 399 Which of the following are key characteristics of PPP? (Choose three.) A. can be used over analog circuits B. maps Layer 2 to Layer 3 address C. encapsulates several routed protocols D. supports IP only E. provides error correction Answer: ACE Section: New-2 QUESTION 400 Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown? A. The Serial0/0 interface is passing traffic. B. The DLCI 100 was dynamically allocated by the router C. The Serial0/0 interface acquired the IP address of from a DHCP server D. The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud E. The mapping between DLCI 100 and the end station IP address was learned through Inverse ARP Answer: E Section: New-2 QUESTION 401 Which of the following describes the roles of devices in a WAN? (Choose three.) A. A CSU/DSU terminates a digital local loop B. A modem terminates a digital local loop C. A CSU/DSU terminates an analog local loop D. A modem terminates an analog local loop E. A router is commonly considered a DTE device F. A router is commonly considered a DCE device Answer: ADE Section: New-2

186 QUESTION 402 How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates? A. Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the subinterface B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic C. Configure many sub-interfaces on the same subnet D. Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces Answer: A Section: New-2 QUESTION 403 The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem? A. The Gallant router has the wrong LMI type configured B. Inverse ARP is providing the wrong PVC information to the Gallant router C. The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command D. The frame-relay map statement in the Attalla router for the PVC to Steele is not correct E. The IP address on the serial interface of the Attalla router is configured incorrectly Answer: D Section: New-2 QUESTION 404 As a CCNA candidate, you must have a firm understanding of the IPv6 address structure. Refer to IPv6 address, could you tell me how many bits are included in each filed?

187 A. 24 B. 4 C. 3 D. 16 Answer: D Section: New-2 QUESTION 405 Refer to the exhibit. How many broadcast domains exist in the exhibited topology? A. one B. two C. three D. four E. five F. six Answer: C Section: New-2 QUESTION 406 Refer to the exhibit.

188 The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem? A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address B. Router(config)# router rip Router(config-router)# network Router(config-router)# network Router(config-router)# network C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(config)# interface fastethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport trunk encapsulation isl Answer: A Section: New-2 QUESTION 407 On a network of one department, there are four PCs connected to a switch, as shown in the following figure:

189 After the Switch1 restarts. Host A ( the host on the left ) sends the first frame to Host C (the host on the right). What the first thing should the switch do? A. Switch1 will add to the switching table. B. Switch1 will add to the switching table. C. Switch1 will add 000A.8A47.E612 to the switching table. D. None of the above Answer: C Section: New-2 QUESTION 408 Refer to the exhibit. The network administrator is in a campus building distant from Building B. WANRouter is hosting a newly installed WAN link on interface S0/0. The new link is not functioning and the administrator needs to determine if the correct cable has been attached to the S0/0 interface. How can the administrator accurately verify the correct cable type on S0/0 in the most efficient manner? A. Telnet to WANRouter and execute the command show interfaces S0/0 B. Telnet to WANRouter and execute the command show processes S0/0 C. Telnet to WANRouter and execute the command show running-configuration D. Telnet to WANRouter and execute the command show controller S0/0 E. Physically examine the cable between WANRouter S0/0 and the DCE. F. Establish a console session on WANRouter and execute the command show interfaces S0/0

190 Answer: D Section: New-2 problem? QUESTION 409 While troubleshooting a connectivity issue from a PC you obtain the following information: Local PC IP address: /24 Default Gateway: Remote Sever: /24 You then conduct the following tests from the local PC: Ping Successful Ping Successful Ping Unsuccessful Ping Unsuccessful What is the underlying cause of this problem? A. A remote physical layer problem exists. B. The host NIC is not functioning. C. TCP/IP has not been correctly installed on the host. D. A local physical layer problem exists. Answer: D Section: New-2 QUESTION 410 A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot establish an adjacency relationship on their common Ethernet link. The graphic shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the cause of this

191 A. The OSPF area is not configured properly. B. The priority on R1 should be set higher. C. The cost on R1 should be set higher. D. The hello and dead timers are not configured properly. E. A backup designated router needs to be added to the network. F. The OSPF process ID numbers must match. Answer: D Section: New-2 QUESTION 411 This graphic shows the results of an attempt to open a Telnet connection to router ACCESS1 from router Remote27. Which of the following command sequences will correct this problem? A. ACCESS1(config)# line console 0 ACCESS1(config-line)# password cisco B. Remote27(config)# line console 0 Remote27(config-line)# login Remote27(config-line)# password cisco C. ACCESS1(config)# line vty 0 4 ACCESS1(config-line)# login ACCESS1(config-line)# password cisco

192 D. Remote27(config)# line vty 0 4 Remote27(config-line)# login Remote27(config-line)# password cisco E. ACCESS1(config)# enable password cisco F. Remote27(config)# enable password cisco Answer: C Section: New-2 QUESTION 412 When upgrading the IOS image, the network administrator receives the exhibited error message. What could be the cause of this error? A. The new IOS image is too large for the router flash memory. B. The TFTP server is unreachable from the router. C. The new IOS image is not correct for this router platform. D. The IOS image on the TFTP server is corrupt. E. There is not enough disk space on the TFTP server for the IOS image. Answer: B Section: New-2 QUESTION 413 Which statement is true? A. An IPv6 address is 64 b long and is represented as hexadecimal characters. B. An IPv6 address is 32 b long and is represented as decimal digits. C. An IPv6 address is 128 b long and is represented as decimal digits. D. An IPv6 address is 128 b long and is represented as hexadecimal characters. Answer: D Section: New-2 IPV6 地址长度为 128 比特, 十六进制 QUESTION 414 Which command sets and automatically encrypts the privileged enable mode password? A. enbale password c1sco B. secret enable c1sco

193 C. password enable c1sco D. enable secret c1sco Answer: D Section: New-2 A 和 D 是设置密码命令,D 是加密密码设置 QUESTION 415 In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN? A. after broken links are re-established B. in an improperly implemented redundant topology C. when upper-layer protocols require high reliability D. during high traffic periods E. when a dual ring topology is in use Answer: B Section: New-2 题目问在哪一个环境下交换机在 lan 出现多个相同的单播帧 A. 链路断后重启 B. 拓扑中有不合适的冗余, 正确 C 上层协议需要高可靠度 D 在高流量的阶段 E 在双环拓扑该题为最新修订, 之前答案选 E, 错误 QUESTION 416 Refer to the exhibit.which is the most efficient summarization that R1 can use to advertise its networks to R2? A /22 B /21 C /22 D / / / / /24

194 E / / / /24 Answer: A Section: New-2 做一个最精确的路由汇总, 将图中 IP 地址做汇总 QUESTION 417 Refer to the exhibit.based on the exhibited routing table,how will packets from a host within the /26 LAN be forwarded to ? A. The router will forward packets from R3 to R2 to R1 B. The router will forward packets from R3 to R1 C. The router will forward packets from R3 to R1 to R2 D. The router will forward packets from R3 to R2 to R1 AND from R3 to R1 Answer: D Section: New-2 从路由表中可以看到, 到目的地址有两条等价均衡的路径 QUESTION 418 Which layer 2 protocol encapsulation type supports synchronous and asynchronous circuis and has built-in security mechanisms? A. Frame Relay

195 B. HDLC C. x.25 D. PPP Answer: D Section: New-2 哪一个二层协议封装支持同步和异步电路并内嵌安全机制? 答案 :PPP QUESTION 419 Which command can be used to verify the DLCI destination address in a Frame Relay static configuration? A. show frame-relay end-to-end B. show frame-relay map C. show frame-relay lmi D. show frame-relay pvc Answer: B Section: New-2 QUESTION 420 Refer to the exhibit.the network administrator requires easy configuration options and minimal routing protocol traffic.which two options provide adequate routing table information for traffic that passes between the two routers and satisfy the requests of the network administrator?(choose two) A. a dynamic routing procotol on InternetRouter to advertise summarized routers to CentralRouter. B. a dynamic routing procotol on CentralRouter to advertise summarized routers to InternetRouter. C. a static route on InternetRouter to direct traffic that is destined for /16 to CentralRouter. D. a dynamic routing procotol on InternetRouter to advertise all routes to CentralRouer. E. a dynamic routing procotol on CentralRouer to advertise all routes to InternetRouter

196 F. a static,default route on CentralRouter that directs traffic to InternetRouter. Answer: CF Section: New-2 题目要求用简单设置和最小路由流量的路由, 所以采用静态路由或默认路由 QUESTION 421 Given an IP address with a subnet mask of , what is the correct network addres? A B C D Answer: A Section: New-2 求网段的网络地址, 即此网段的第一个 IP 地址 QUESTION 422 Refer to the exibit. Three cisco 2950 switches are set to their default priority settings.during the spanningtree process,which switch will be elected as the root bridge? A. Switch3 B. Switch4 C. Switch2 D. Switch1 Answer: D Section: New-3 默认优先级, 看 mac 地址, 最小的选为跟桥

197 QUESTION 423 Which three elements must be used when you configure a router interface for vlan trunking?(choose three) A. one IP network or subnetwork for each subinterface B. subinterface numbering that matches vlan tages C. subinterface encapsulation identifiers that match vlan tags D. a management domain for each subinterface E. one physical interface for each subinterface F. one subinterface per vlan Answer: ACF Section: New-3 考察单臂路由的设置 A 一个网络或子网对应一个子接口, 正确 B 子接口号必须和 vlan 号一样, 不正确 C 子接口封装标识符必须和 vlan 号一样, 正确 D 每一个子接口需要一个管理域, 不正确 E 每一个子接口需要一个物理端口, 不正确 F 一个子接口对应一个 vlan, 正确 QUESTION 424 A receiving host computes the checksum on a frame and determines that the frame is damaged.the frame is then discarded.at which OSI layer did this happen? A. session B. network C. physical D. data link E. transport Answer: D Section: New-3 帧的处理是在二层 QUESTION 425 A router receives information about network /24 from multiple sources.what will the router consider the most reliable information about the path to that network? A. an OSPF update for network /16 B. a static router to network /24 C. a static router to network /24 with a local serial interface configured as the next hop D. a RIP update for network /24 E. a directly connected interface with an address of /24 F. a default route with a next hop address of Answer: E Section: New-3 直连端口的路由管理距离最小为 0

198 QUESTION 426 Which two statements describe the advantages to the use of RIP over the use of OSPF?(choose two) A. RIP requires less time to converge B. RIP uses less bandwidth C. RIP is less complex to configure D. RIP demands fewer router resources E. RIP has a more accurate metric Answer: CD Section: New-3 RIP 相比 OSPF 的好处? A RIP 汇聚时间更短 错 BRIP 占用更少的带宽 错 距离矢量协议采用定时更新, 占带宽较大 CRIP 设置更简单, 正确 DRIP 占用更少的路由器资源, 正确 ERIP 有一个更精确的 metric, 错, 使用跳数作为 metric, 不精确 QUESTION 427 Which statement about vlan operation on cisco catalyst switches is true? A. when a packet is received from an 802.1Q trunk,the vlan id can be determined from the source MAC address table. B. unkown unicast frames are retransmitted only to the ports that belong to the same vlan C. ports between switches should be configured in access mode so that vlans can span across the ports D. broadcast and multicast frames are retransmitted to ports that are configured on different vlan. Answer: B Section: New-3 A 通过源 mac 地址确定 vlan, 不正确 B 未知单播帧只在本 vlan 传播, 正确 C 交换机之间应该设置为 trunk Dvlan 能分割广播域, 广播不能跨 vlan 传输 QUESTION 428 Which commands are required to properly configure a router to properly configure a router to run OSPF and to add network /24 to OSPF area 0?(choose two) A. Router(config)#router ospf 1 B. Router(config)#router ospf 0 C. Router(config)#router ospf area 0 D. Router(config-router)#network area 0 E. Router(config-router)#network F. Router(config-router)#network area 0 Answer: AD Section: New-3 OSPF 的配置进程号范围 , 宣告网段需要反掩码 + 区域

199 QUESTION 429 The enable secret command is used to secure access to which CLI mode? A. user EXEC mode B. global configuration mode C. privileged EXEC mode D. auxiliary setup mode Answer: C Section: New-3 注意此题不是问在什么模式下设置, 而是问为进入那种模式保障安全 QUESTION 430 Refer to the exhibit.explain how the routes in the table are being affected by the status change on interface Ethernet0. A. The router is poisoning the routes and multicasting the new path costs via interface Ethernet1. B. The router is receiving updates about unreachable networks from router that are connected to interface Ethernet1. C. The router is poisoning the routes and broadcasting the new path costs via interface Ethernet1. D. The router is requesting updates for these networks from routers that are connected to interface Etherne1. Answer: A Section: New-3 E0 端口 down, 部分路由收不到更新, 将此部分路由的 metric 设为 16, 通过 E1 端口发布 QUESTION 431 In which integration method is an IPV6 packet encapsulated within an IPV4 protocol? A. proxy. B. dual-stack C. tunneling

200 D. dot1q Answer: C Section: New-3 将 IPV6 包封装在 IPV4 协议内, 隧道技术 QUESTION 432 Which two commands can be used to verify a trunk link configurationt status on a given cisco switch? (choose two) A. show interfaces interface B. show interfaces interface trunk C. show interfaces interface switchport D. show ip interface brief E. show interfaces vlan Answer: BC Section: New-3 查看 trunk 命令,show interface trunk 和 show interface switchport, 只能选 BC QUESTION 433 Assuming the default switch configuration,which approach should you use to configure the extended vlan range(1006 through 4094) on a cisco catalyst 3750 series switch? A. Configure the switch to be in VTP client mode. B. Configure the switch to be in VTP domaint mode. C. Configure the switch to be in VTP transparent mode. D. Configure the switch to be in VTPv2. Answer: C Section: New-3 vlan 号 属于扩展 vlan, 只能在透明模式配置 QUESTION 434 You are working in a data center environment and are assigned the address range /23.You are asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts each.which IP address range meets these requirements? A /27 B /26 C /29 D /28 E /25 Answer: B Section: New-3

201 30 台主机还需要一个网关, 所以需要 31 个有效 IP 地址 QUESTION 435 Which three statements accurately describe layer 2 Ethernet switches?(choose three) A. Microsegmentation decreases the number of collisions on the network. B. if a switch receives a frame for an unkown destination,it uses ARP to resolve the address. C. Spanning Tree Protocol allows switches to automatically share vlan information. D. In a properly functioning network with redundant switched paths,each switched aegment will contain one root bridge with all its ports in the forwarding state.all other switches in that broadcast domain will have only one root port. E. Establishing vlans increases the number of broadcast domains. F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information. Answer: ADE Section: New-3 A 为分割减少冲突的数量, 这里是冲突并不是冲突域, 正确 B 收到未知目的帧会产生泛洪 C 这是 vtp 的特性, 不是 stp 的 D 在一个能够正常运行的网络冗余交换路径, 每一个交换网段将包括一个跟桥 所有端口都在转发状态, 其他本广播域的交换机有一个根端口 正确 E.VLAN 增加了广播域 正确 F vlan 使转发基于二层和三层 IP 题目要求对 2 层交换机的描述, 二层交换机不能基于 3 层 IP 转发 QUESTION 436 Refer to the exhibit.the Lakside Company has the internetwork in the exhibit.the administrator would like to reduce the size of routing table on the Central router.which partial routing table entry in the Central route represents a route summary that represents the vlans in Phoenix but no additional subnets? A /22 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1 B /28 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1

202 C /22 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1 D /30 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1 E /28 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1 F /30 is subnetted,1 subnets D [90/ ] via ,6w0d,serial0/1 Answer: A Section: New-3 对 PHOENIX 做路由汇总 QUESTION 437 Refer to the exhibit.which two devices can be used to complete the connection between the WAN router at the customer site and the service provider? A. modem B. Frame Relay switch C. CSU/DSU D. WAN switch E. ISDN TA F. ATM switch Answer: AC Section: New-3 问号处应该是 DCE 设备.A 和 C 是 DCE 设备, 一个是模拟的一个是数字的 QUESTION 438 Which PPP subprotocol negotiates authentication options? A. NCP B. LCP C. ISDN D. DLCI E. SLIP Answer: B Section: New-3 PPP 的哪一个子协议能够协商验证 :LCP

203 QUESTION 439 Which two data link layers are supported by cisco ios software for IPv6?(choose two) A. PPP B. FDDI C. Frame Relay PVC D. NBMA E. Frame Relay SVC Answer: BC Section: New-3 支持 IPV6 的二层协议有哪些以下数据链路层协议支持 IPv6: ATM permanent virtual circuit (PVC) and ATM LANE, Ethernet, Fast Ethernet, Gigabit Ethernet, FDDI, Frame Relay PVC, Cisco High-Level Data Link Control (HDLC), PPP over Packet over SONET (PoS), ISDN, serial interfaces, and dynamic packet transport (DPT). QUESTION 440 Which term describes a spanning-tree network that has all switch ports in either the blocking or forwarding state? A. redundant B. spanned C. provisioned D. converged Answer: D Section: New-3 收敛以后交换机端口只有堵塞和转发状态 QUESTION 441 Which two of these are characteristics of the 802.1Q protocol?(choose two) A. it is a layer 2 messaging protocol which maintains vlan configurations across network. B. it includes an 8-bit field which specifies the priority of a frame. C. it is used exclusively for tagging vlan frames and dose not address network reconvergence following switched network topology changes. D. it modifies the frame header,and thus requires that the FCS be recomputed. E. it is a trunking protocol capable of carring untagged frames. Answer: DE Section: New-3 A 描述的是 vtp 的特性 B 应该是 3bit Cexclusively 是唯一的意思 802.1Q 不是唯一的 D 修改帧的头部, 需要重新进行 FCS 校验, 正确 E 是一个 trunk 协议并支持不打标记的帧, 正确

204 QUESTION 442 Refer to the exhibit.which two statements are true of the interfaces on switch1?(choose two) A. A hub is connected directly to FastEthernet0/5 B. FastEthernet0/1 is configured as a trunk link. C. FastEthernet0/5 has statically assigned mac address D. Interface FastEthernet0/2 has been disable. E. Multiple devices are connected directly to FastEthernet0/1. F. FastEthernet0/1 is connected to a host with multiple network interface cards. Answer: AB Section: New-3 图中可以看出 F0/1,F0/2 为 trunk F0/5 端口有多个 mac 地址, 而且不是 trunk, 只能是接了一个 hub QUESTION 443 Which two statements apply to dynamic access lists?(choose two) A. they offer simpler management in large internetworks. B. you can control logging messages. C. they allow packets to be filtered based on upper-layer session information. D. you can set a time-based security policy. E. they provide a level of security against spoofing. F. they are used to authenticate individual users. Answer: AF Section: New-3 这里是动态 ACL, 而不是自反 ACL 动态 ACL 的有点 :

205 1 使用口令机制对每个用户进行身份认证 2 简化了大型网际网络的管理 3 在许多情况下, 可以减少 ACL 需要的路由器处理量 4 可以降低网络黑客入侵网络的机会 5 可以在不影响所配置的其他安全限制的情况下, 创建通过防火墙进行的用户动态访问 QUESTION 444 A network engineer wants to allow a temporary entry for a remote user with a specific usename and password so that the user can access the entire network over the internet.which ACL can be used? A. reflexive B. extended C. standard D. dynamic Answer: D Section: New-3 网络工程师想要允许一个临时站与一个特定的 usename 远程用户和密码, 这样用户可以访问整个网络.which ACL 可以使用? 动态 ACL QUESTION 445 Which parameter or parameters are used to calculate OSPF cost in cisco routers? A. Bandwidth,Delay,and MTU B. Bandwidth C. Bandwidth and MTU D. Bandwidth, MTU,Reliability,Delay,and Load Answer: B Section: New-3 OSPF 使用带宽计算 cost QUESTION 446 which command is used to enable CHAP authentication whit PAP as the fallback method on a serial interface? A. (config-if)#authentication ppp chap fallback ppp B. (config-if)#authentication ppp chap pap C. (config-if)#ppp authentication chap pap D. (config-if)#ppp authentication chap fallback ppp Answer: C Section: New-3 要求使用 chap 认证,pap 认证作为备用

206 QUESTION 447 assuming the default switch configuration which vlan range can be added modified and removed on a cisco switch? A. 2 through 1001 B. 1 through 1001 C. 1 through 1002 D. 2 through 1005 Answer: A Section: New-3 交换机上默认那些是可以修改和移动的 vlan QUESTION 448 which address range efficiently summarizes the routing table of the addresses for router main? A /18 B /16 C /20 D /21 Answer: C Section: New-3 将这 11 个 IP 地址做汇总 QUESTION 449 What is the most likely reason for the dispartly between the actual network numbers at the branches and the routes in the routing table on Gateway-Router?

207 A. Branch-Router2 is configured to send both RIPv1 and RIPv2 updates. B. Gateway-Router is configured to only receive RIPv2 updates. C. Gateway-router is configured to receive only RIPv1 updates. D. Branch-Router1 is configured to only send RIPv1 updates Answer: D Section: New-3 RIPV1 是有类路由, 路由表中可以看出 R1 的路由是主类的 QUESTION 450 A network administrator needs to configure port security on a switch.which two statements are true? (choose two) A. The network administrator can apply port security to dynamic access ports B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan. C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration. D. The network administrator can apply port security to EtherChannels. E. When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined. Answer: CE Section: New-3 A. 动态端口不能应用的端口安全 B.in the vioce vlan 不正确 C. 保存在 running configuratin 正确 D.EtherChannels 不能应用端口安全

208 E 自动学习 mac 地址可以学到所设置的最大数量, 正确 QUESTION 451 The network technician is planning to use the subent mask on the network.which three valid IP addresses can the technician use for the hosts?(choose three) A B C D E F Answer: CDE Section: New-3 块大小是 32, 所以最后一位是 32 的倍数或 32 倍数 -1 都不可以 QUESTION 452 Which command helps a network administrator to manage memory by displaying flash memory and NVRAM utilization? A. show secure B. show file systems C. show flash D. show version Answer: B Section: New-3 查看 flash 和 NVRAM 的里利用率 QUESTION 453 Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch over FastEthernet? A ad B w C Q D d Answer: C Section: New-3 动态中继协议 DTP, 是 VLAN 组中思科的私有协议, 主要用于协商两台设备间链路上的中继过程及中继封装 802.1Q 类型 QUESTION 454 Which command enhances the 802.1D convergence time on ports that are connected to hosts? A. spanning-tree backbonefast

209 B. spanning-tree uplinkfast C. spanning-tree portfast D. spanning-tree cost512 Answer: C Section: New-3 连接到主机的端口使用 spanning-tree portfast QUESTION 455 Which two statements are characteristics of a distance vector routing protocol?(choose two) A. RIP is an example of distance vector routing protocols. B. Updates are periodic and include the entire routing table. C. Routing updates are sent only after topology changes D. The protocol can be useful in hub-and-spoke and hierarchical networks. E. Convergence is usually faster than with link state protocols F. Each router has its own view of the topology Answer: AB Section: New-3 A RIP 是距离矢量路由协议 B 周期性更新整个路由表 C 这条是链路状态协议的特性 D 协议可以用在中心型分层网络, 不正确 E 会聚比链路状态要慢 F 只是和邻居更新, 不会维护整个拓扑 QUESTION 456 Which of the following protocols uses both TCP and UDP ports? A. SMTP B. Telnet C. FTP D. DNS Answer: D Section: New-3 主机使用域名解析用的是 UDP 域名解析服务器之间同步信息使用的是 TCP. QUESTION 457 Which two privileged mode cisco ios commands can be used to determine a cisco router chassis serial number?(choose two) A. show inventory B. show flash:filesys C. dir flash: include chassis D. show diag E. show controllers

210 Answer: AD Section: New-3 考察查看机器序列号的命令 QUESTION 458 Refer to the exhibit.a new subnet with 60 hosts has been added to the network.which subnet address should this network use to provide enough usable addresses while wasting the fewest addresses? A /27 B /26 C /27 D /26 Answer: B Section: New-3 要考虑到图中已经用掉的网段 QUESTION 459 Refer to the exhibit.why are two OSPF designated routers identified on Core-Router? A. Core-Router is connected more than one multi-access network B. The router at is a secondary DR in case the primary fails. C. Two router IDs have the same OSPF priority and are therefore tied for DR election D. The DR ecection is still underway and there are two contenders for the role. Answer: A Section: New-3 为什么一个路由器上会出现俩 DR? DR/BDR 是指端口并不是指路由器, 所以一个路由器接入多个 ospf 网络, 会出现此种情况 QUESTION 460 It has become necessary to configure an existing serial interface to accept a second Frame Relay virtual

211 circuit.which of the following processes are required to accomplish this task?(choose three) A. configure static frame relay map entries for each subinterface network. B. remove the ip address from the physical interface C. create the virtual interfaces with the interface command D. configure each subinterface with its own IP address E. disable split horizon to prevent routing loops between the subinterface networks F. encapsulate the physical interface with multipoint PPP Answer: BCD Section: New-3 现存有一条帧中继需要加第二条帧中继, 需要创建子接口, 使用点对多点 A 点对多点需要 frame-relay map E 取消水平分割不是为了防止路由环路 F 用多点 PPP 封装物理端口, 错 QUESTION 461 Refer to the graphic.computer 1 is consoles into switch A.Telnet connections and pings run from the command prompt on switch A fail.which of the following could cause this problem? A. switch A dose not have a cdp entry for switch B or router JAX B. switch A dose not have an IP address C. port 1 on switch A should be an access port rather than a trunk port D. switch A is not directly connected to router JAX E. switch A does not have a default gateway assigned Answer: E Section: New-3 图中 vlan1 没有配置 IP 地址, 这可能管理 vlan 不是 vlan1, 别的 vlan 没有显示出来 题目说 ping 和 telnet 都失败, 至少说明交换机已经配置了 IP 地址 原因就是没有配置默认网关了

212 QUESTION 462 Refer to the exhibit.what is the result of setting the no login command? A. The is a virtually limitless supply of IP addresses B. Telnet access requires a new password at first login C. Telnet access requires a password D. Telnet access is denied Answer: A Section: New-3 A 不限制 IP 地址接入 QUESTION 463 Which IPv6 address is valid? A. 2031:0:130F::9C0:876A:130B B. 2001:0DB8:0000:130F:0000:0000:08GC:140B C. 2001:0DB8:0:130H::87C:140B D. 2031::130F::9C0:876A:130B Answer: A Section: New-3 B 十六进制没有 G C 也没有 H D 只能有一个 :: QUESTION 464 Refer to the exhibit.which three variables(router,protocol port,and router ACL direction)apply to an extended ACL that will prevent student 01 from securely browsing the internet?

213 A. OUT B. Router 3 C. HTTTP D. IN E. Router 1 Answer: BCD Section: New-3 我们选择在 R3 上的 in 方向 如果在 R3 的 out 的方向会增加路由器不必要的负担 QUESTION 465 What are two characteristics of a switch that is configured as a VTP client?(choose two) A. if a switch that is configured to operate in client mode cannot access a VTP server,then the switch reverts to transparent mode. B. The local vlan configuration is updated only when an update that has a higher configuration revision number is received. C. Vtp advertisements are not forwarded to neighboring switches that are configured in vtp transparent mode. D. When switches in vtp client mode are rebooted,they send a vtp advertisement request to the vtp servers. E. Vtp client is the default vtp mode F. On switches that are configured to operate in client mode,vlans can be created,deleted,or renamed locally Answer: BD Section: New-3 考察 VTP 客户端的特点 A 如果交换机在客户端模式不能介入 VTP 服务器, 将会转到透明模式 错, 不会转到透明模式 B 只有当收到更高的修正版本号更新, 本地 vlan 设置才会更新 正确 C 透明模式下 VTP 广播不会转发给邻居路由器 错, 可以转发 D 客户模式下重启, 发送一个 vtp 请求 正确 E 默认模式应该是服务器模式 F 客户端模式不能修改创建 vlan

214 QUESTION 466 What two statistics appear in show frame-relay map output?(choose two) A. The number of FECN packets that are received by the router B. The number of BECN packets that are received by the router. C. The ip address of the local router D. The value of the local DLCI E. The status of the PVC that is configured on the router Answer: DE Section: New-3 QUESTION 467 Which command can you use to determine the cisco ios feature set on a cisco router? A. show version B. dir flash: include ios C. show environment D. show diag E. show inventory Answer: A Section: New-3 查看路由器 IOS 特性 QUESTION 468 What are three benefits of implementing vlans?(choose three) A. A more efficient use of bandwidth can be achieved allowing many physical groups to use the same network infrastructure B. Broadcast storms can be mitigated by decreasing the number of broadcast domains,thus increasing their size. C. A higher level of network security can be reached by separating sensitive data traffic from other network traffic. D. Port-based vlans increase switch-port use efficient,thanks to 802.1Q trunks E. A more efficient use of bandwidth can be achieved allowing many logical networks to use the same network infrastructure. F. Broadcast storms can be mitigated by increasing the number of broadcast domains,thus reducing their size. G. VLANs make it easier for IT staff to configure new logical groups,because the vlans all belong to the same broadcast domain. Answer: CEF Section: New-3 A 错, 不是通过物理上组合, 而是逻辑上的 B 错, 应该是增加广播域的数量 C 一个更高的层次网络安全可以实现, 以分离的敏感数据从其他网络 正确 D thanks to 802.1Q trunks 不正确

215 E 正确,logical 是逻辑的意思 F 正确 G 错误, 是 VTP 的作用不是 vlan 的 QUESTION 469 In the implementation of VLSM techniques on a network using a single Class C IP address,which subnet mask is the most efficient for point-to-point serial links? A B C D E Answer: C Section: New-3 点到点链路需要两个有效 IP 地址 QUESTION 470 A switch has been configured with two vlans and is connected to a router with a trunk for inter-vlan routing. OSPF has been configured on the router,as the routing protocol for the network.which statement about this network is true? A. For the two vlans to communicate,a network statement for the trunk interface needs to be added to the OSPF configuration. B. For the two vlans to communicate,a network statement for each subinterface needs to be added to the OSPF configuration. C. Direct inter-vlan communication does not require OSPF. D. OSPF cannot be used if router-on-a-stick is configured on the router. Answer: C Section: New-3 两个 vlan 之间通信使用的是直连路由, 不需要 OSPF QUESTION 471 Which command enables IPv6 forwarding on a cisco router? A. ipv6 host B. ipv6 unicast-routing C. ipv6 local D. ipv6 neighbor Answer: B Section: New-3 在路由器上激活 IPV6 的命令 QUESTION 472 Router A is unable to reach Router B.Both routers are running ios version 12.0.After reviewing the command output and graphic,what is the most likely cause of the problem?

216 A. incorrect bandwidth configuration B. incorrect LMI configuration C. incorrect map statement D. incorrect IP address Answer: C Section: New-4 QUESTION 473 A cisco router is booting and has just completed the POST process.it is now ready to find and load an IOSimage.what function does the router perform next? A. It checks the configuration register B. It attempts to boot from a TFTP server C. It loads the first image file in flash memory D. It inspects the configuration file in NVRAM for boot instructions Answer: A Section: New-4 下一步检查 configuration register 然后决定加载配置 QUESTION 474 Refer to the exhibit. Which statement describes DLCI 17? A. DLCI 17 describes the ISDN circuit between R2 and R3. B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1. C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3. D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.

217 Answer: C Section: New-4 DLCI 号是一个二层地址, 和 mac 类似 QUESTION 475 Which two subnetworks would be included in the summarized address of /20? (Choose two) A /30 B /30 C /18 D /22 E /22 F /18 Answer: DE Section: New QUESTION 476 Which spread spectrum technology does the b standard define for operation? A. IR B. DSSS C. FHSS D. DSSS and FHSS E. IR, FHSS, and DSSS Answer: B Section: New b 采用 DSSS 扩频技术 QUESTION 477 Refer to the exhibit.hosta cannot ping HostB.Assuming routing is properly configured,what could be the cause of this problem?

218 A. HostA is not on the same subnet as its default gateway B. The address of SwitchA is a subnet address C. The Fa0/0 interface on RouterA is on a subnet that cannot be used D. The serial interfaces of the routers are not on the same subnet E. The Fa0/0 interface on RouterB is using a broadcast address Answer: D Section: New-4 QUESTION 478 Which protocol provides a method of sharing VLAN configuration information between two Cisco switch? A. VTP B Q C. RSTP D. STP Answer: A Section: New-4 交换机共享 vlan 信息,VTP 协议 QUESTION 479 Which three approaches can be used while migrating from an IPV4 addressing scheme to an IPV6 scheme.(choose three) A. statically map IPV4 address to IPV6 addresses B. configuration IPv4 tunnels between IPV6 islands C. use DHCPv6 to map IPV4 addresses to IPV6 addresses D. use proxying and translation to translate IPV6 packets into IPV4 packets

219 E. configure IPV6 directly F. enable dual-stack routing Answer: ABF Section: New-4 答案是 ABF IPV6 向 IPV4 过渡书上有三种方法 : 隧道, 双栈,NAT-PT. A 是静态 NAT-PY B 是隧道 F 是双栈 QUESTION 480 DNS servers provide what service? A. They run a spell check on host names to ensure accurate routing B. They convert domain names into IP address C. Given an IP address,they determine the name of the host that is sought D. They map individual hosts to their specific IP addresses Answer: B Section: New-4 域名解析服务器将网址域名解析为 IP 地址 QUESTION 481 What is the alternative notation for the IPV6 address B514:82C3:0000:0000:0029:EC7A:0000:EC72? A. B514:82C3:0029::EC7A:0000:EC72 B. B514:82C3:0029:EC7A:EC72 C. B514:82C3::0029:EC7A:0:EC72 D. B514:82C3::0029:EC7A:EC72 Answer: C Section: New-4 考试时候 C 可能会出现 14:82C3::0029:EC7A:0:EC72 这种情况, 系统错误, 不用管它, 选 C QUESTION 482 which command allows you to verify the encapsulation type (CISCO OR IETF) for a frame relay link? A. show frame-relay map B. show frame-relay lmi C. show inter serial D. show frame-relay pvc Answer: C Section: New-4 帧中继封装有两种 cisco 和 ietf 默认是 cisco show inter serial 真机实验结果 : 封装 cisco----encapsulation frame-relay 封装 ietf encapsulation frame-relay ietf

220 QUESTION 483 the network administrator has been asked to give reasons for moving from ipv4 to ipv6. what are two valid reasons for adopting ipv6 over ipv4?(choose two) A. telnet access does not require a password B. nat C. no broadcast D. chanage of destination address in the ipv6 header E. chanage of source address in the ipv6 header F. autoconfiguration Answer: CF Section: New-4 要求给出 IPV4 向 IPv6 转换的理由, 也就是 v6 的优点 C 没有广播, F 自动设置 QUESTION 484 Which IPsec security protocol should be used when confidentiality is required? A. PSK B. AH C. MD5 D. ESP Answer: D Section: New-4 ESP 提供机密性 数据源认证 无连接的完整性 抗重播服务 ( 一种部分序列完整性的形式 ) 和有限信息流机密性 QUESTION 485 At which layer of the OSI model is RSTP used to prevent loops? A. data link B. network C. physical D. transport Answer: A Section: New-4 QUESTION 486 Which device might be installed at a branch office to enable and manage an IPsec site-to-site VPN? A. Cisco IOS IPsec/SSL VPN client B. Cisco VPN Clinet C. ISDN terminal adapter

221 D. Cisco Adaptive Security Appliance Answer: D Section: New-4 QUESTION 487 Which statement is true, as relates to classful or classless routing? A. Automatic summarization at classful boundries can cause problems on discontinuous subnets B. EIGRP and OSPF are classful routing protocols and summarize routes by default C. RIPv1 and OSPF are classless routing protocols D. Classful routing protocols send the subnet mask in routing updates Answer: A Section: New-4 A 自动汇总将路由汇总成主类地址, 在不连续网段会出错 正确 B 错都是无类路由协议 OSPF 没有自动汇总 C 错 RIPV1 是有类路由协议 D 错有类路由协议路由更新不需要子网掩码 QUESTION 488 Refer to the exhibit, Host A pings interface S0/0 on router 3, what is the TTL value for that ping? A. 253 B. 252

222 C. 255 D. 254 Answer: A Section: New-4 默认是 255, 每经过一个路由器减 1 QUESTION 489 Which address is the IPV6 all-rip-routers muticast group address that is used by RIPng as the destaion address? A. FF02::A B. FF05::101 C. FF02::9 D. FF02::6 Answer: C Section: New-4 IPV6 RIPng 的组播地址 FF02::9 QUESTION 490 What is the default administrative distance of OSPF? A. 120 B. 100 C. 90 D. 110 Answer: D Section: New-4 OSPF 默认管理距离 110 QUESTION 491 Which encapsulation type is a Frame Relay encapsulation type that is supported by Cisco routers? A. IETF B. HDLC C. Q9333-A Annex A D. ANSI Annex D Answer: A Section: New-4 A. Cisco 支援 Frame-Relay 封装格式 : Cisco & IETF B. HDLC -> Cisco 预设 point to point 封装 C & D -> 是 Frame-Relay lmi-type QUESTION 492

223 Which two statements about using the CHAP authentication mechanism in a PPP link are true?(choose two) A. CHAP uses a two-way handshake B. CHAP authentication periodically occurs after link establishment C. CHAP has no protection from playback attacks D. CHAP authentication is performed only upon link establishment E. CHAP uses a three-way handshake F. CHAP authentication passwords are sent in plaintext Answer: BE Section: New-4 PAP 是两次握手机制 ;CHAP 通过 3 次握手,CHAP 定期发出挑战, 以确保远程节点有有效的密码,CHAP 采用 MD5 加密算法, 而 PAP 采用明文 A.CHAP 认证采用的是两次握手机制 B.CHAP 的认证是链路建立之后周期性发生的 C.CHAP 认证没有重放攻击的保护 D. 执行 CHAP 认证只是在链路建立的时候 E.CHAP 认证采用的三次握手机制 F.CHAP 认证的密码是采用明文的方式传输的 QUESTION 493 Refer to the exhibit.what is the reason that the interface status is administratively down,line protocol down? A. There is a mismatch in encapsulation types B. The wrong type of cable is connected to the interface C. The interface has been configured with the shutdown command D. The interface is not receiving any keepalives E. The interface needs to be configured as a DTE device F. There is no encapsulation type configured Answer: C Section: New-4 注释 : 很明显是物理层的问题, 以前题库中出现过此题, 以前是双选, 现在变成单选了 仔细看一下 B 选项被舍弃了, 因为这是串口, 串口线只有一种两个端口,DTE 和 DCE, 两头接错属于时钟配置错误是 protocol down QUESTION 494 Which command encrypts all plaintext passwords? A. Router(config)#password-encryption B. Router(config)#service password-encryption C. Router#service password-encryption

224 D. Router# password-encryption Answer: B Section: New-4 QUESTION 495 Which Cisco IOS diagnostics command can disrupt the operation of a router under high-load conditions? A. show running-config B. show processes cpu C. debug all D. logging host ip address Answer: C Section: New-4 题目说的了路由器是在高负载的情况下运行的, 而 debug 命令是要占用大量的 CPU 的占用率很高的,debug 不要乱用, 数据流量很大的时候,debug 信息会把内存全部消耗, 造成设备死机 QUESTION 496 Which three statements about EIGRP are true?(choose three) A. EIGRP converges fast RIP because of DUAL and backup routes that are stored in the topology table. B. EIGRP uses a hello protocol to establish neighbor relationships C. EIGRP uses split horizon and reverse poisoning to avoid routing loops. D. EIGRP uses periodic updates to exchange routing information E. EIGRP allows routers of different manufacturers to interoperate F. EIGRP supports VLSM and authentication for routing updates. G. EIGRP use a broadcast address to send routing information. Answer: ABF Section: New-4 QUESTION 497 Refer to the exhibit.why dose the telnet connectin fail when a host attempts to connect a remote router? A. No password was set for tty lines

225 B. No password was set for aux lines C. No password was set for vty lines D. No password was set for cty lines Answer: C Section: New-4 QUESTION 498 Refer to the exhibit,the VLAN configuration of S1 is not being in this VTP enabled environment.the VTP and uplink port configurations for each switch are displayed.which two command sets,if issued,resolve this failure and allow VTP to operate as expected?(choose two) A. S2(config)#vtp mode transparent B. S1(config)#vtp mode client C. S2(config) #interface f0/24 S2(config-if) #switchport mode access S2(config-if) #end D. S2(config)#vtp mode client E. S1 (config)#interface f0/24 S1(config-if)#switchport mode trunk S1(config-if)#end Answer: BE

226 Section: New-4 如图所示,SW1 的 VLAN 配置在此 VTP 下没有被启用,VTP 和它的上行端口配置如图所示, 请问使用哪两个命令可以排除此故障, 达到 VTP 预期的效果?SW1 和 SW2 都处于同一个 VTP 模式下, 但 SW1 处于透明模式, 仅转发通告, 地整个域内的信息不能同步 ;SW1 是接入模式,SW2 是动态自动模式, 二者结合是接入模式, 所以应该将 SW1 配置为中继模式,VTP 域中的各个 VLAN 才能进行通信 A. S2(config)#vtp mode transparent // 将 s2 vtp 的模式设为透明模式 B. S1(config)#vtp mode client // 将 s1 vtp 的模式设为客服端模式 C. S2(config) #interface f0/24 // 进入 s2 的 0/24 好端口 S2(config-if) #switchport mode access // 将其设为可访问模式 S2(config-if) #end // 退出端口配置模式 D. S2(config)#vtp mode client // 将 s2 VTP 的模式设为客服端模式 E. S1(config)#interface f0/24 // 进入 S1 的 0/24 号端口 S1(config-if)#switchport mode trunk // 将其设为干到模式 S1(config-if)#end // 退出端口配置模式 QUESTION 499 Which name describes an IPV6 host-enable tunneling technique that uses IPV4 UDP,does not require dedicated gateway tunnels,and can pass through existing IPV4 NAT gateways? A. dual stack B. dynamic C. Teredo D. Manual 6to4 Answer: C Section: New-4 Teredo 是一项 IPv6/IPv4 转换技术, 能够实现在处于单个或者多个 IPv4 NAT 后的主机之间的 IPv6 自动隧道 来自 Teredo 主机的 IPv6 数据流能够通过 NAT, 因为它是以 IPv4 UDP 数据格式发送的 如果 NAT 支持 UDP 端口解析, 那么它就支持 Teredo QUESTION 500 Which pairing reflects a correct protocol-and-metric relationship? A. OSPF and mumber of hops and reliability B. EIGRP and link cost C. IS-IS and delay and reliability D. RIPv2 and number of hops Answer: D Section: New-4 A. OSPF and number of hops and reliability(ospf 与跳数和可靠性 ) 实际 ospf 是通过接口宽带计算出花费值来度量的 B. EIGRP and link cost(eigrp 与链路花费值 ) 实际 eigrp 是以带宽 延时 负载 可靠性及 MTU 来度量的 C. IS-IS and delay and reliability(is-is 与延迟和可靠性 ) 实际 is-is 是以默认 延迟 开销 差错来度量的, 主要用默认度量, 相当于 ospf 的 cost 值度量 D. RIPv2 and number of hops(ripv2 与跳数 )rivp2 是以跳数来度量的, 所以选 D RIP 使用跳数作为其度量值 ;EIGRP 使用带宽 延迟 可靠性 负载作为其度量值 ;OSPF 的度量称为开销, 开销 =10^8/ 带宽 (bit/s);is-is 使用开销作为其度量值, 和 OSPF 类似

227 QUESTION 501 How are VTP advertisements delivered to switches across the network? A. anycast frames B. multicast frames C. broadcast frames D. unicast frames Answer: B Section: New-4 vtp 是通过什么方式进行跨网段通告的? anycast frames( 任意广播帧 ),multicast frames( 组播帧 ),broadcast frames( 广播帧 ),unicast frames ( 单播帧 ) 通告将数据帧发送到一个多点广播地址 ( 组播地址 ), 以使所有相邻设备都能收到这些帧 QUESTION 502 What is the result of issuing the frame-relay map ip broadcast command? A. defines the source IP address that is used in all broadcast packets on DLCI 202 B. defines the DLCI that is used for all packets that are sent to the IP address C. defines the destination IP address that is used in all broadcast packets on DLCI 202 D. defines the DLCI on which packets from the IP address are received Answer: B Section: New-4 题目是说, 出现 frame-relay map ip broadcast 结果是什么? broadcast 支持广播没错吧! 命令也有说明映射关系!! 翻译选项 A 说 定义源 ip 地址 -- 显然不对 B 说 定义这对所有发送到 的 IP 地址的数据包使用的 DLCI 觉得是对的 而 C 应该是说 定义了目标 IP 地址, 它是在所有的广播数据包上使用的 DLCI 202 也说不通 D 说 --- 定义的数据包的 IP 地址从 收到的 DLCI 也不对 题目要求 frame-relay map ip broadcast 的作用, 而不是 broadcast 的作用, 所以选 C 是片面的 QUESTION 503 Refer to the exibit.an attempt to deny web access to a subnet blocks all traffic from the subnet.which interface command immedicately removes the effect of ACL 102?

228 A. no ip access-group 102 in B. no ip access-group 102 out C. no ip access-list 102 in D. no ip access-class 102 out E. no ip access-class 102 in Answer: B Section: New-4 在端口应用 ACL 是 ip access-group 命令 Ip access-class 是在 VTY 应用的命令 QUESTION 504 Which are three reasons that an organization with multiple branch offices and roaming users might implement a Cisco VPN solution instead of point-to-point WAN links?(choose three) A. reduced cost B. better throughput C. increased security D. scalability E. reduced latency F. broadband incompatibility Answer: ACD Section: New-4 答案 :A C D. VPN 英文全称是 Virtual Private Network, 翻译过来就是 虚拟专用网络 vpn 被定义为通过一个公用网络 ( 通常是因特网 ) 建立一个临时的 安全的连接, 是一条穿过混乱的公用网络的安全 稳定隧道 特点 :

229 1. 安全保障 2. 服务质量保证 (QoS) 3. 可扩充性和灵活性 4. 可管理性 A 节约成本 C 增强安全性 D 易扩展 B 提高吞吐量 --- 感觉应该是 P2P 的优点 E 减少潜在因素 F 带宽不是很有关系 QUESTION 505 Which two Cisco IOS commands,used in troubleshooting,can enable debug output to a remote location? (choose two) A. no logging console B. terminal monitor C. logging host ip-address D. snmp-server enable traps syslog E. show logging redirect flash:output.txt Answer: BC Section: New-4 A 是用来停止向控制台发送信息 B 是用来打开终端显示信息中心发送的调试 / 日志 / 告警信息功能 C 是将日志记录到服务器 D 是用来发送 snmp traps 信息 (snmp-server enable traps),syslog 是单独配置的 E 是用来查看日志重新定下文件 QUESTION 506 Which two data intergrity algorithms are commonly used in VPN solutions?(choose two) A. HMAC-MD5 B. RSA C. HMAC-SHA-1 D. DH1 E. DH2 Answer: AC Section: New-4 正确答案, 选 A 和 C, 解释如下 integrity 指完整性 Message Digest Algorithm MD5( 中文名为消息摘要算法第五版 ) 为计算机安全领域广泛使用的一种散列函数, 用以提供消息的完整性保护 效验文件完整性或者有没有被修改 安全哈希算法 (Secure Hash Algorithm)SHA SHA1 产生一个 160 位的消息摘要 当接收消息的时候, 这个消息摘要可以用来验证数据的完整性 B. RSA 签名提供对等体认证, 通过加密提供保密性 D.E DH1 DH2 都是用于安全链接共享密钥 QUESTION 507 A network administrator needs to configure a serial link between the main office and a remote location.the router at the remote office is a non-cisco router. How should the network administrator configure the serial interface of the main office router to make the connection?

230 A. Main(config)#interface serial 0/0 Main(config-if)#ip address Main(config-if)#no shut B. Main(config)#interface serial 0/0 Main(config-if)#ip address Main(config-if)#encapsulation ietf Main(config-if)#no shut C. Main(config)#interface serial 0/0 Main(config-if)#ip address Main(config-if)#encapsulation frame-relay Main(config-if)#authenication chap Main(config-if)#no shut D. Main(config)#interface serial 0/0 Main(config-if)#ip address Main(config-if)#encapsulation ppp Main(config-if)#no shut Answer: D Section: New-4 remote office 使用非思科路由器, 则 main office 是思科路由器 HDLC 是 Cisco 路由器在同步串行线路上的默认封装方式 每个厂商的 HDLC 都是专用的 PPP 用于异步串行 ( 拨号 ) 或同步串行 (isdn) 介质 PPP 的基本目标是在数据链路层点到点链路上传输第 3 层包 它不是一个专用协议, 这就意味着如果你的路由器并不都是 Cisco 的, 可以在串行接口上配置 PPP 封装 串行接口两端的路由器都配置 PPP 才能工作 帧中继有两种封装类型 ----Cisco 和 IETF. 除非手动输入 IETF, 否则默认封装是 Cisco 如果用帧中继连接一条 Cisco 设备和一条非 Cisco 设备, 要选择 IETF 封装类型 命令格式如下 Router(config)#int s0/0/0 Router(config-if)#encapsulation? frame-relay Frame Relay networks hdlc Serial HDLC synchronous ppp Point-to-Point protocol Router(config-if)#encapsulation frame-relay? ietf Use RFC1490/RFC2427 encapsulation <cr> 由此判断选项 B 和 C, 命令格式不正确 如果当一台思科路由器和一台非思科路由器通过串行连接在一起时, 必须配置 PPP 或另外一种封装方法, 像帧中继, 因为默认的 HDLC 不能工作 QUESTION 508 Refer to the exhibit.statements A,B,C,and D of ACL 10 have been entered in the shown order and app;ied to interface E0 inbound,to prevent all hosts(except those whose addresses are the first and last IP of subnet /28) from accessing the network.but as is,the ACL dose not restrict anyone from the network.how can the ACL statements be re-arranged so that the system works as intended?

231 A. CDBA B. DBAC C. ACDB D. BADC Answer: A Section: New-4 每个访问列表的最后一行隐含 deny 语句 因此要在访问列表末尾使用 permit any 命令 每个列表应当至少有一个允许语句, 否则将会拒绝所有流量 所以,BCD 错 QUESTION 509 On which options are standard access list based? A. source address and subnet mask B. destination address and wildcard mask C. source address and wildcard mask D. destination address and subnet mask Answer: C Section: New-4 Source addess 标准的访问列表只使用 IP 数据包的源 IP 地址作为测试条件 wildcard mask 实际上, 为了指定任意范围的主机, 只能在访问列表中使用通配符 QUESTION 510 Which cisco ios command can help to determine the timing of various debug events,relative to each other, when you are debugging a complicated router issue? A. service timestamps debug datetime msec B. show clock detail C. clock calendar-valid D. service timestamps log datetime msec Answer: A Section: New-4

232 service timestamps debug datetime msec 是调试 debug 的时间 service timestamps log datetime msec 是调试日志时间 show clock detail 修改时间的信息 clock calendar-valid 使时间同步 A debug 默认 Debug 不显示时间本命令是显示时间帧的方便使用 D LOG 加上日志时间 SHOW LOG QUESTION 511 Which three are characteristics of an IPV6 anycast address?(choose three) A. any-to-many communication model B. delivery of packets to the group interface that is closest to the sending device C. one-to-many communication model D. the same address for multiple devices in the group E. one-to-nearest communication model F. a unique IPV6 address for each device in the group Answer: BDE Section: New-4 A 多对多通信模型 B 数据包传送到该组接口, 转发到最近的节点 C 一对多通信模型 D 同组中多个接口共用一个地址 E 发送到任播地址的分组被转发到最近的端口 ( 节点 ) F 组中每个节点有一个唯一的 IV6 地址 ( 每台设备可以有一个以上的端口, 所以用节点来表示 ) 题目考查 IPV6 的任播 3 个特点 : 1. 数据包传送到该组接口, 转发到最近的节点 2. 同组中多个接口共用一个地址 3. 发送到任播地址的分组被转发到最近的端口 ( 节点 ) 考试可以这么记 : anycast = closet nearest same dress for multiple devices 近 近 一个地址多个设备 QUESTION 512 What is the purpose of the cisco Vlan Trunking protocol? A. to provide a mechanism to dynamically assign vlan membership to switch ports B. to allow traffic to be carried from multiple vlans over a single link between switches C. to allow native vlan information to be carried over a trunk link D. to provide a mechanism to manually assign vlan membership to switch ports E. to allow for managing the additions,deletions,and changes of vlans between switchs Answer: E Section: New-4 在交换机端口上开启 trunk 封装的目的是什么? A 创建动态 VLAN B 中继端口用途 C 访问端口用途 D 创建静态 VLAN E VTP 协议的基本目标就是跨网络管理已配置的 VLAN 并对 VLAN 进行添加 删除 和改名

233 VTP 目的在 VTP 域内同步 VLAN 信息, 这样就不必在每个交换上配置相同的 VLAN 信息. vtp 的作用 :VTP 从一个中心控制点开始, 维护整个企业网上 VLAN 的添加 添加和重命名工作, 确何配置的一致性 data? QUESTION 513 Three switches are connected to one anther via trunk ports.assuming the default switch configuration, which switch is elected as the root bridge for the spanning-tree instance of vlan 1? A. the switch with the lowest MAC address B. the switch with the higest MAC address C. the switch witch the higest IP address D. the switch with the lowest IP address Answer: A Section: New-4 在运行 STP 协议的网络中选择根桥需要利用桥 ID. 桥 ID 由桥优先级 ( 所有思科交换机上默认优先级为 32768) 和 MAC 地址组合来决定的 在网络中, 桥 ID 最小的网桥成为根桥 桥 ID= 桥优先级 + 桥 mac 越小越优先 QUESTION 514 When you are troubleshooting an ACL issue on a router,which command can help you to verify which interfaces are affected by the ACL? A. show ip access-list B. show access-list C. list ip interface D. show interface E. show ip interface Answer: E Section: New-4 A, show ip access-list 显示访问控制列表 B, Show access-lists 显示当前所有 ACL 的内容 C, 没有该命令 D, show interfaces [int] 查看的是某个 interface 的物理层和数据链路层的信息 它给出了硬件地址, 逻辑地址和封装方式的信息 E, show ip interface [int] 提供路由器 interface 的第三层配置信息 包括接口状态,IP 地址, 子网掩码, 基本的 IP 信息和访问列表 QUESTION 515 Refer to the exhibit.switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4.What will Switch-1 do with this

234 A. switch-1 will drop the data because it dose not have an entry for that MAC address B. switch-1 will flood the data out all of its port from which the data originated C. switch-1 will forward the data to its default gateway D. switch-1 will send an ARP request out all its ports except the port from which the data originated Answer: B Section: New-4 答案 :B 没有 mac 地址会泛红根据下图,Switch-1 需要往一台 MAC 地址为 00b0.d056.efa4 的主机发数据,Switch-1 会如何处理这些数据? A. Switch-1 will drop the data because it does not have an entry for that MAC address.(switch-1 会丢弃该数据, 因为它没有该 MAC 地址条目 ) B. Switch-1 will flood the data out all of its ports except the port from which the data originated.(switch-1 会泛洪该数据到所有的接口, 除了该数据的源接口 ) C. Switch-1 will send an ARP request out all its ports except the port from which the data originated. (Switch-1 会发送 ARP 请求到所有的接口, 除了该数据的源接口 ) D. Switch-1 will forward the data to its default gateway.(switch-1 会往默认网关发送该数据 ) QUESTION 516 Which command is used to display the collection of OSPF link states? A. show ip ospf lsa database B. show ip ospf link-state C. show ip ospf neighbors D. show ip ospf database Answer: D Section: New-4 题目要求显示 OSPF 链路状态的详细信息 show ip ospf database 显示详细的 LSA 信息 QUESTION 517 Refer to the exhibit.what two results would occur if the hub were to be replaced with a switch that is configured with one Ethernet VLAN?(choose two)

235 A. The number of collision domains would decrease. B. The number of collision domains would increase. C. The number of broadcast domains would remain the same. D. The number of collision domains would remain the same. E. The number of broadcast domains would increase. Answer: BC Section: New-4 hub 不可以隔离冲突域, 所有端口同一个冲突域中, 交换机可以隔离冲突域, 每个端口在不同冲突域中, 故换成交换机冲突域个数会增加, 大小会减小, 而 hub 交换机都不可隔离广播域所有端口都在同一个广播域中, 故广播域数量不变 A 冲突域数量减少 B 冲突域数量增加 C 广播域数量不变 D 冲突域数量不变 E 广播域数量增加 QUESTION 518 Two switches are connected through a trunk link.which two commands show that there is a native VLAN mismatch on that link?(choose two) A. show interfaces interface B. show vlan bri C. show interfaces interface switchport D. show interface interface trunk E. show interfaces vlan Answer: CD Section: New-4 SW1#show interfaces f0/24 switchport Name: Fa0/24 Switchport: Enabled Administrative Mode: trunk Operational Mode: trunk Administrative Trunking Encapsulation: dot1q Operational Trunking Encapsulation: dot1q

236 Negotiation of Trunking: On Access Mode VLAN: 1 (default) Trunking Native Mode VLAN: 1 (default) SW1#show interfaces trunk Port Mode Encapsulation Status Native vlan Fa0/24 on 802.1q trunking 1 QUESTION 519 On which options are standard access lists based? A. destination address and wildcard mask B. source address and wildcard mask C. destination address and subnet mask D. source address and subnet mask Answer: B Section: New-4 标准控制列表使用源地址和通配符 QUESTION 520 Which three statements about VTP features are true?(choose three) A. When properly configured,vtp minimizes VLAN misconfigurations and configuration inconsistencies B. Each broadcast domain on a switch can have its own unique VTP domain C. VTP works at Layer 3 of the OSI model and requires that a management VLAN IP address be configured. D. When properly configured,vtp maintains VLAN configuration consistency and accelerates trunk link negotiation. E. VTP pruning is used to increase available bandwidth in trunk links F. Client,server,and transparent are valid VTP modes G. To configure a switch to be part of two VTP domains,each domain must have its own passwords Answer: AEF Section: New-4 B:vtp 是 vlan 之间共享 vlan 信息的, 所以每一个广播域这里不对 C:VTP 不需要管理 IP G: 同一个域必须使用同一个密码 不对, 密码可以不一样 QUESTION 521 At which layer of the OSI model dose PPP perform? A. Layer 3 B. Layer 4 C. Layer 2 D. Layer 5 Answer: C Section: New-4

237 QUESTION 522 Which command displays the CHAP authentication process as it occurs between two routers? A. debug authentication B. debug chap ppp C. debug chap authentication D. debug ppp authentication Answer: D Section: New-4 显示网络中凉台路由器之间的 CHAP 认证过程, 使用命令 debug ppp authentication QUESTION 523 You have been asked to come up with a subnet mask that will allow all three web servers to be on the same network while providing the max number of subnets.which network address and subnet mask meet this requirement? A B C D E Answer: A Section: New-4 需要 3 个有效地址, 块大小最小为 8, 还要提供最大数量的子网, 所以用最块大小 8, 掩码 QUESTION 524

238 The network administrator cannot to switch 1 over a telnet session,although the hosts attached to switch 1 can ping the interface Fa0/0 of the router.given the information in the graphic and assuming that the router and switch2 are configured properly,which of the following commands should be issued on switch 1 to correct this problem? A. Switch1(config)# i nterface fa0 /1 Switch1(config-if)# ip address B. Switch1 (config)# interface fa0/1 Switch1 (config-if)# switchport mode trunk C. Switch 1 (config)# i nterface fa0 /1 Switch1 (config-if)# duplex full Switch1 (config-if)# speed 100 D. Switch1 (config-if)# default-gateway E. Switch1 (config)# line con 0 Switch1(config-line)# password cisco Switch1 (config-line)#login Answer: D Section: New-4

239 QUESTION 525 Three access ports have been installed and configured to a small office.what term defines the wireless topology? A. IBSS B. BSS C. ESS D. SSID Answer: C Section: New-4 注释 : 在 BSS 中, 移动客户端使用单个 AP 实现与其他设备或有线网络资源的连通 ESS( 扩展服务集 ) 是由分布式系统连接的两个或以上 BSS 的集合 QUESTION 526 Refer to the exhibit.the network shown in the exhibit is running the RIPv2 routing protocol.the network has converged,and the routers in this network are functioning properly.the FastEthernet0/0 interface on R1 goes down.in which two ways will the routers in this network respond to this change?(choose two) A. R1 will send LSAs to R2 and R3 informing them of this change, and then all routers will send periodic updates at an increased rate until the network again converges. B. Because of the split-horizon rule, router R2 will be prevented from sending erroneous information to R1 about connectivity to the network. C. When router R2 learns from R1 that the link to the network has been lost, R2 will respond by sending a route back to R1 with an infinite metric to the network. D. Routers R2 and R3 mark the route as inaccessible and will not accept any further routing updates from R1 until their hold-down timers expire. E. All routers will reference their topology database to determine if any backup routes to the network are known. Answer: BC Section: New-4 水平分割 (split horizon): 路由器从某个接口接收到的更新信息不允许再从这个接口发回去 QUESTION 527 A network administrator is configuring ACLs on a cisco router,to allow traffic from hosts on networks , , and only.which two ACL statements when combined are the best for accomplishing the task?(choose two) A. access-list 10 permit ip B. access-list 10 permit ip C. access-list 10 permit ip D. access-list 10 permit ip E. access-list 10 permit ip F. access-list 10 permit ip

240 Answer: DE Section: New-4 QUESTION 528 Refer to the graphic.host A is communicating with the seiver. What will be the source MAC address of the frames received by Host A from the server? A. the MAC address of the seiver network interface B. the MAC address of host A C. the MAC address of router interface e 1 D. the MAC address of router interface e0 Answer: D Section: New-4 host A 收到 server 的帧的源 mac 地址是 host A 的网关的 mac QUESTION 529 Refer to the exhibit.nat overload is enable on R1.Which statement is true when host A communicates with the web server?

241 A. Host A uses as the destination address and 3648 as the destination port when sending packets to the web server. B. The web server uses as the destination address and 80 as the destination port when sending packets to host A. C. The web server uses as destination address and 3648 as the destination port when sending packets to host A. D. Host A uses as the destination address and 80 as the source port when sending packets to the web server. Answer: C Section: New-4