思科认证考试题库

1、CCNA640-802 V1题库试题分析题库讲解：吴老师(艾迪飞CCIE实验室首发网站：1. What are two reasons that a network administrator would use access lists?(Choose two.)A. to control vty access into a routerB. to control broadcast traffic through a routerC. to filter traffic as it passes through a routerD. to filter traffic that origi

2、nates from the routerE. to replace passwords as a line of defense against security incursionsAnswer: AC解释一下：在VTY线路下应用ACL可以控制从VTY线路进来的telnet的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WANis classified as what type of physical network?A. point-to-pointB. broadcast multi-accessC. nonbroadcast multi-ac

3、cessD. nonbroadcast multipointE. broadcast point-to-multipointAnswer: C解释一下：在默认的情况下，帧中继为非广播多路访问链路。但是也可以通过子接 口来修改他的网络的类型。3Refer to the exhibit. How many broadcast domains exist in the exhibitedtopology?A. oneB. twoC. threeD. fourE. fiveF. sixAnswer: C解释一下：广播域的问题，在默认的情况下，每个交换机是不能隔离广播域的，所 以在同一个区域的所有交换机

4、都在同一个广播域中，但是为了减少广播的危害，将 广播限制在一个更小的范围，有了VLAN勺概念，VLAN表示的是一个虚拟的局域网，而他的作用就是隔离广播。所以被VLAN鬲离了的每个区域都表示一个单独的广播域，这样一个VLAN中的广播的流量是不能传到其他的区域的，所以在上题中就有3个广播域了。4. A single 802.11g access point has been configured and installed in thecenter of a square office. A few wireless users are experiencing slow performance

5、and drops while most users are operating at peak efficiency.What are three likely causes of this problem? (Choose three.)A. mismatched TKIP encryptionB. null SSIDC. cordless phonesD. mismatched SSIDE. metal file cabinetsF. antenna type or directionAnswer: CEFA. This command should be executed from t

6、he global configuration mode.C. 102 is the remote DLCI that will receive the information.D. This command is required for all Frame Relay configurations.E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.Answer: E解释一下：关于命令这个命令用于手工静态添加一条映射，到达的流量封装一个DLCI号为102,而且

7、这条PV(是支持广播的流量的，比如 RIP的更新包。因为在默认 的情况下，帧中继的网络为非广播的，而RIP在其上是无法发包的。8Which of the following are associated with the application layer of theOSI model? (Choose two.)A. pingB. TelnetC. FTPD. TCPE. IPAnswer: BC解释一下：在 OSI 7 层模型中位于应用层的应用有 telnet 和 ftp 这两种应用。9. For security reasons, the network administrator n

8、eeds to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?A. IPB. ICMPC. TCPD. UDPAnswer: B解释一下：PING命令 利用ICMF协议的echo,和echo-replay 两个报文来检测链路是 否连通的。所以如果要阻止PING勺流量到网络，就只要过滤掉ICMP的应用就可以了。10Refer to the exhibit. The ne

9、twork administrator has created a new VLANon Switch1 and added host C and host D. The administrator has properlyconfigured switch interfaces FastEthernet0/13 through FastEthernet0/24 tobe members of the new VLAN. However, after the network administrator completed the configuration, host A could comm

10、unicate with host B, but host A could not communicate with host C or host D. Which commands are requiredto resolve this problem?A. Router(config)# interface fastethernet 0/Router(config-if)# encapsulation dot1q 3B. Router(config)# router ripC. Switch1# vlan databaseSwitch1(vlan)# vtp v2-modeSwitch1(

11、vlan)# vtp domain ciscoSwitch1(vlan)# vtp serverD. Switch1(config)# interface fastethernet 0/1Switch1(config-if)# switchport mode trunkSwitch1(config-if)# switchport trunk encapsulation islAnswer: A解释一下：这是一个多 VLAF间通讯的问题，虽然都同在一台交换机上，但是由于处在不同的VLAF中，而导致了不同VLAF中的主机是不能通讯的。这时我们就需要借助 与trunk和三层的路由功能了，在交换机和路

12、由器之间封装TRUNK这样可以允许交换机间的二层的通讯，但是由于两个 VLAN是划分到不同的网段中的，因此需要借助 路由器的路由功能来实现三层的可达，可以将VLAF中的主机的网关指定为路由器与该VLAN目连的子接口的地址，这样 VLAF中的数据包就都会发往网关，而由网关来进 行进一步的转发。在这个题中，题目给出了路由器的的子接口的网段，而又给出了VLAN 2与路由器目连的接口的IP地址，所以剩下的一个网段就是给VLAN 3的了，所以要在路由器上将与一个子接口划分到 VLAN3,并给其分配另一个网段中的IP地址。这样就可以了 11What are two recommendedways of p

13、rotecting network device configuration files from outside network security threats? (Choose two.)A. Allow unrestricted access to the console or VTY ports.B. Use a firewall to restrict access from the outside to the network devices.C. Always use Telnet to access the device command line because its da

14、ta is automatically encrypted.D. Use SSHor another encrypted and authenticated transport to access device configurations.E. Prevent the loss of passwords by disabling password encryption.Answer: BD 解释一下：要确保外部的安全的站点才可以访问我的网络,这就涉及到了安全的问 题了，我们可以使用防火墙来限制外网中来的设备；也可以通过SSH或加密和认证来控制。12Refer to the exhibit.

15、The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)5 any eq telnetaccess-list 101 permit ip any anyAnswer: DE解释一下：这个访问列表定义了两个语句：5 any eq telnet access-list 101 pe

16、rmit ip any any在访问列表中匹配的顺序是从上到下，如果匹配了某一句，就退出访问列表，如果 没有就一直往下匹配，在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有 一句是能被匹配的。 在上题中， 他定义的第一句是拒绝到从发出的任何的 telnet 的 流量，然后第二句定义的就是允许所有的IP 流量。而且要明确 telnet 的流量使用的是端口23, 所以这个题的答案就很明确了。13 Refer to the exhibit. Switch1 has just been restarted and has passedthe POSTroutine. Host A sends it

17、s initial frame to Host C. What is the firstthing the switch will do as regards populating the switching table?C. Switch1 will add 000A.8A to the switching table.Answer: C解释一下：交换机重新启动了，这个时候交换机的MA地址表是空的，当主机A发送数据给主机C而经过交换机时，交换机根据他的工作的原理他要进行原MA地址学习，而因为对于这个目的 MA地址无记录，而将这个流量从除收到的这个接口外的 所有接口泛洪出去。所以在最幵始的一步

18、中，交换机是记录下主机A的MA地址到他的MA地址表中。Based on the Host1 ARP table that is shown in the exhibit, what will Host1do?A. send a unicast ARP packet to the DSL modem/routerB. send unicast ICMP packets to the DSL modem/routerC. send Layer 3 broadcast packets to which the DSL modem/router respondsD. send a Layer 2 br

19、oadcast that is received by Host2, the switch, and theDSL modem/routerAnswer: B解释一下：在下面的表中我们可以看到ARP表中有关于的AR条目，所以在这主机都只需要发送单播的ICM电到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient summarization that R1can use to advertise its networks to R2?Answer: C解释一下：这还是一个关于汇总的问题。要求R1将所有的网段

20、用汇总的条目发送给R2,因为这些条目的网络位是相同的都为，所以在这需要汇总的只是第3个八位，将4， 4， 5， 6， 7 这些写成二进制的形式，然后找出相同的位数，则有相同位数的 字节就是他们的掩码的位数，而最小的有相同位的最小的数字就是他们的基数位， 所以R1通告出去 汇总的条目为。16. Refer to the exhibit. Assumethat all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configu

21、red on router R2. Howwill the default route configured on R1 affect the operation of R2?A. Any packet destined for a network that is not directlyconnected to routerR1 will be dropped.B. Any packet destined for a network that is not directlyconnected to routerR2 will be dropped immediately.C. Any pac

22、ket destined for a network that is not directly connected to routerR2 will be dropped immediately because of the lack of a gateway on R1.E. Any packet destined for a network that is not referenced in the routingtable of router R2 will be directed to R1. R1 will then send that packetback to R2 and a

23、routing loop will occur.Answer: E解释一下：在R1上产生了一个OSP的缺省路由，出接口指定为 S0/0，这条缺省路由以5类LSA的形式通告给了 R2,于是R2上也有了一条标记为 0*E2 /0 出接口 为Serial0/0的路由。所以R2收到任何路由表中没有的目的网段时，就将指定给R1,而R1B据缺省路由的出接口又将数据包发往 R2,这样就形成了一个路由的环路。17. A network interface port has collision detection and carrier sensingenabled on a shared twi

24、sted pair network. From this statement, what is known about the network interface port?A. This is a 10 Mb/s switch port.B. This is a 100 Mb/s switch port.C. This is an Ethernet port operating at half duplex.D. This is an Ethernet port operating at full duplex.E. This is a port on a network interface

25、 card in a PC.Answer: C解释一下：一个接口有冲突检测和载波侦听，而且是使用双绞线的网络，那么对于这个接口我们可以推测出他是以太接口，而且是工作在半双工的模式下20. Refer to the topology and router configuration shown in the graphic.A host on the LAN is access ing an FTP server across the In ternet. Which of the follow ing addresses could appear as a source address for

26、 the packets forwarded by the router to the desti natio n server?SI: 200,12 1R30 卜他 10J0.0.1/241040.Q.0A.Interfac*-ip address 2CO 2Z18256 256 256262 ip nstoutsidflip ntt fS5&it*t19999 9_40 199 99.9S22S5 265255,221Ip ml Jnsid* source tiat 1 pool lastip10.1 O OJ 255.255ip insidespeed auloIp route OC.O

27、OOOOO-20G22J7Ii pnrM io.io.qo。肿丄秤B. An swer: D解释一下：这是个NAT地址转换的题目，在这f0/0接口连接下的为私有的地址，这 些地址是不能同外网进行通讯的，这时就借助NAT将内网的私有地址转换为可以在公网上通讯的地址，我们看到NAT POOL中定义的转换后的公有地址为到，则表示这段地址是我转换后的内网全局地址，所以HOS想要穿过INTERNE访问FTP服务器，则需要转换为公有地址到之内的地址，在上面的答案中只有地址满足条件，所 以答案就是D了。21. A compa ny is in stalli ng IP p

28、hon es. The phones and office computers connect to the same device. To ensure maximumthroughput for the phone data, the company needs to make sure that the phone traffic is on a differentnetwork from that of the office computer data traffic. What is the bestnetwork device to which to directly connec

29、t the phones and computers, and what technology should be implemented on this device? (Choose two.)A. hubB. routerC. switchD. STPE. subinterfacesF. VLANAnswer: CF解释一下：公司的语音设备和办公的设备都连在相同的设备上，还要确保语音的数 据流在不同与公司的办公的数据流量，最好的网络设备当然是交换机了，然后利用VLAN勺技术就完全可以满足所有的要求了。22. Refer to the exhibit. Which statement de

30、scribes DLCI 17?A. DLCI 17 describes the ISDN circuit between R2 and R3.B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.Answer: C解释一下：D

31、LCI是在Frame-relay中的描述二层信息的地址，他的地位等同于以太 网中的MA地址。我们以R2上的DLCI 17来看，DLCI 17描述的是：从这个接口出去 的目的地为R3的接口的这条PVC勺二层的地址为17。23. Which routing protocol by default uses bandwidth and delay as metrics?A. RIPB. BGPC. OSPFD. EIGRPAnswer: D解释一下：在我们的路由协议中使用复合度量的协议只有IGP和EIGPR而他们在默认的情况下是使用带宽和延时来计算度量的。25. In the implementat

32、ion of VLSM techniques on a network using a singleClass C IP address, which subnet mask is the most efficient for point-to-point serial links?Answer: D解释一下：在点到点的链路上因为只需要分配两个地址给两端就可以了，所以加上 网络地址和广播地址，这个网段也就只需要有4个地址了，所以网络位需要匹配30位 , 掩码就为26. (Choose two.)Answer: BE解释一下：这个题其实就是考察的汇总的问题，他说的意思是R2发送了一个汇总的路由给

33、R1，哪两个包文的目的地 R1仍将转发给R2这还是汇总的问题的一个反向的考察，根据 21 位的掩码位数可以推断在第 3个八位字节的前 5位是相同的，不同的是 后面的 3位，而将 176写成二进制的形式为 1011 0000 ，所以可以看出来明细的路由 可以是176-183，所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。27. What will Switch-1 do with this data?A. Switch-1 will drop the data because it does not have an entry for thatMAC address.B. Swit

34、ch-1 will flood the data out all of its ports except the port from which the data originated.C. Switch-1 will send an ARP request out all its ports except the port fromwhich the data originated.D. Switch-1 will forward the data to its default gateway.Answer: B解释一下：首先Switch 1需要发送一个数据到MA地址为的主机，了解到目的地后

35、， 就查看他的MAC地址表，然后发现在MA地址表中没有这个MA（地址的条目存在。交 换机在收到未知的单播，组播和广播时，都采用的是泛洪的方式，往除收到数据的 这个接口外的所有接口都发送。所以在这儿， Switch 1 也采取的上泛洪的方式。28. wo routers named Atlanta and Brevard are connected by their serialinterfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is know

36、n to have a correct configuration. Giventhe partialconfigurationsshown in the exhibit, what is the problem on theBrevard router that is caus ing the lack of conn ectivity?AthnidBrevardSt-ri.ilO is ii|i, li裤 ffniocol 讣 iiji (fwrw I1D645 /0lute ntet addies* is 132J6B.1D.1./4MTU 1500 h声es. BW 1M4 Kbit

37、billy 255*25tucapulrtrioi: IIDLl . loophiick tiM Kecprtlrvp wt (1(1 *pcjRrftvardw siiowimeffaces siStri :1 i l叩.Hiwf prnlocof K EipItflrdwrffA iv HD645TOliHerrteth 19246H.11.Z 2-1MTU 1500 叮怕昆 BW 560DO KbhP lelhtillliy 255-255Ei1Cii|)iil4lion HP1J , Io op hack nol sslK。C pftl iW Sfrt (1 0 僦广jA. Aloop

38、back is not set.B. The IP address is in correct.C. The sub net mask is in correct.D. The serial li ne en capsulatio ns are in compatible.E. The maximum transmission unit (MTU) size is too large.F. The ban dwidth sett ing is in compatible with the conn ected in terface.An swer: Bbridge?解释一下：很明显的错误啊，两

39、台路由器的串行接口的地址配置错误，不是在相同 的网段，从而导致了不能通讯。29. Which two values are used by Spanning Tree Protocol to elect a root (Choose two.)A. amou nt of RAMB. bridge priorityC. IOS versionD. IP addressE. MAC addressF. speed of the linksAnswer: BE解释一下：生成树的选举的问题，根桥的选举是通过比较BID的，而BID由桥 优先级和MAC地址组成的.所以在选根桥的时候需要比较的是桥优先级和M

40、AC address 。30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?A. Switch1B. Switch2C. Switch3D. Switch4Answer: C解释一下：这是个关于生成树选举的问题，我们首先需要找到根桥，而根桥的选举 是通过比较桥ID的,而且是越小越优先，桥ID的组成为桥优先级和 MA地址。所以我 们通过上图可以找到根桥为 switch 1 。

41、然后在非根桥上选出根端口，通过比较到根桥的花费来选举的，花费最小的就是根端口。因为上图中没有表示出链路的带宽，所以无法比较他们的花费下一步我们来选举指派端口。每条链路都需要有一个DP,先是比较花费，如果花费相同则比较BID (桥优先级)，仍是越小越优先，根据上图的表识，我们可以找到每条链路上的DP,而连Printers的链路上的DP就为Switch 3，因为他有更小的 MA地 址。32. Refer to the exhibit. Why would the network administrator configure RA in this manner?A. to give student

42、s access to the InternetB. to prevent students from accessing the command prompt of RAC. to prevent administrators from accessing the console of RAD. to give administrators access to the InternetE. to prevent students from accessing the InternetF. to prevent students from accessing the Admin network

43、Answer: B解释一下：在这儿，将ACL应用到VTY线路下，而且是IN的方向，表示凡是被我的ACL允许的才能telnet到我.在RA上配置的是 permit 10.1.1根据隐式的 deny any允许A dmin的网段中的用户可以tel net到他，所以S tude nt的网段中的用户是被拒 绝的.33. In order to allow the establishment of a Telnet session with a router, which set of commands must be configured?A. router(config)# line console

44、 0router(config-line)# enable password ciscoB. router(config)# line console 0 router(config-line)# enable secret cisco router(config-line)# loginC. router(config)# line console 0 router(config-line)# password cisco router(config-line)# loginD. router(config)# line vty 0 router(config-line)# enable p

45、assword ciscoE. router(config)# line vty 0 router(config-line)# enable secret cisco router(config-line)# loginF. router(config)# line vty 0 router(config-line)# password cisco router(config-line)# loginAnswer: F解释一下： telnet 是一个应用层的应用，他使用的是 vty 线路，而且在默认的情况 下，是需要访问的线路下设有密码的。而在VTY线路下设置密码的命令为passworkstr

46、ing ,而VTY线路下的另一个命令login则是默认的，可写也可不写。如果想Telnet时在VTY线路下不设置密码也可以访问这个线路，可以在该VTY线路下输入命令 nologin 34.A. The Manchester serial address is .B. The Manchester serial address is .C. The London router is a Cisco 2610.D. The Manchester router is a Cisco 2610.E. The CDP information was received on

47、 port Serial0/0 of the Manchester router.F. The CDP information was sent by port Serial0/0 of the London router.Answer: ACE解释一下：CDP是CISCO私有的一个二层的协议，但是他却可以发现三层的IP信息的.通过CDP可以发现的邻居的信息有：设备的名称，IP地址，端口，能力，平台，对端的 holddown time 在上图的 show cdp entry * 命令的显示可以 看到的信息有：设备名称：L on do n;IP地址： ;平台：cisco 2610

48、 ;能力：Router ;端口： s0/ 1; holdtime : 12 5S.M anchesteter 收到这个CDP信息的接口为S0/0 .综合一下，这个题目的答案就出来了.35. A network administrator has configured two switches, named London andMadrid, to use VTP. However, the switches are not sharing VTPmessages. Given the commandoutput shown in the graphic, why are these switc

49、hes not sharing VTP messages?stww vt|i flatusVTP Veralvnl2/TP Veravri:2donrOC& 1111*1 MlJ4VliM:t二 64HxkItdnm VLAhfparted locdllf:Hu mbe iVLANtNinbtr揃Ipt VIAMi:5VTP 5轴泗M獭皿i|VTP g和疏Mg弘 SVMVTP Uvnuhi Njim*r LoudcmP OtH事册H加毗;AlDtiMVTP PwiflS IMt；01科rll屛VTP Pwwhq:OHahlVTP V2 Nude:VTF W畑他VTP Tfp/rpVTP ver

50、s ion is not correctly con figured.TheB. The VTP operati ng mode is not correctly con figured.C. The VTP doma in n ame is not correctly con figured.D. VTP pruning mode is disabled.E. VTP V2 mode is disabled.F. VTP traps gen eratio n is disabled.An swer: C解释一下：交换机间不能共享 VTP的信息，我们就需要检查 VTP的状态，首先需要检 查的是

51、VTP的域名，只有同一个域中的才可能相互学习，再来检查VTP的模式，必须有一个server模式才能有VTP学习的过程的，默认的情况下 VTP的模式为Server的。 然后我们检查图题目给出的信息，可以看到两台交换机的VTP doma in是不一致的，所以这个就是问题的所在了。36. Host 1 is trying to com muni cate with Host 2. The e0 in terface on RouterC is down. Which of the following are true? (Choose two.)A. Router C will use ICMP t

52、o in form Host 1 that Host 2 cannot be reached.B. Router C will use ICMP to in form Router B that Host 2 cannot be reached.C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host2 cannot be reached.D. Router C will send a Destination Unreachable message type.E. Router C will sen

53、d a Router Selection message type.F. Router C will send a Source Quench message type.Answer: AD解释一下：连Host 2的接口 E0/0 down 了，那么最直接的反映就发生在路由器C上，C的路由表中的这个条目就消失了，因此当 Host 1想要跟Host 2建立连接的时候，Router C 就发送一个目的网段不可达的消息；如果是使用 ping 命令，那么 Router C就使用 ICMP 的包文告诉 Host 1 ， Host 2 是不可打的。37. Refer to the exhibit. Ass

54、uming that the router is configured with thedefault settings, what type of router interface is this?A. EthernetB. FastEthernetC. Gigabit EthernetD. asynchronous serialE. synchronous serialAnswer: B解释一下：这个题是需要根据图中提供的信息来判断接口的类型。可以看到接口的MA地址，表示这个接口肯定不是串行接口，所以可以排除D和E的选项。看带宽BW100000 Kbit,表示的是100MB带宽，所以这是个

55、 Fast Ethernet 接口。38. On point-to-point networks, OSPF hello packets are addressed to which address?Answer: E解释一下：在OSP中Hello包发向的是和这两个地址的。大家在做OSP实验的时候，用debug命令是可以看到这两个个地址的。troubleshooting a connectivity problem, a network administrator noticesthat a port status LEDon a Cisco Catalyst series switch is

56、 alternating green and amber. Which condition could this indicate?A. The port is experiencing errors.B. The port is administratively disabled.C. The port is blocked by spanning tree.D. The port has an active link with normal traffic activity.Answer: A解释一下：CISCC交换机的端口状态指示灯是闪烁的绿色和浅黄色，表示端口有操 作的问题也许是过量的

57、错误或连接的问题。40. Refer to the exhibit. The network shown in the exhibit is running the RIPv2 routing protocol. The network has converged, and the routers in this network are functioning properly. The FastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this network respond to this change? (Choose