思科认证考试题库

1、叮叮小文库CCNA640-802 V13题库试题分析题库讲解：吴老师（艾迪飞CCIE实验室首发网站：.c n1. What are two reas ons that a n etwork admi nistrator would use access lists? (Choose two.)A. to con trol vty access into a routerB. to con trol broadcast traffic through a routerC. to filter traffic as it passes through a routerD. to filter tr

2、affic that origi nates from the routerE. to replace passwords as a line of defe nse aga inst security in curs ionsAn swer: AC解释一下：在VTY线路下应用ACL，可以控制从VTY线路进来的tel net的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WAN is classified as what type of physical n etwork?A. poin t-to-po intB. broadcast multi-ac

3、cessC. non broadcast multi-accessD. non broadcast multipo intE. broadcast poin t-to-multipo intAn swer: C解释一下：在默认的情况下，帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。3. Refer to the exhibit. How many broadcast domains exist in the exhibited topology?fVLAN MVI AN4UVLAM trunkA. oneB. twoC. threeD. fourE. fiveF. si

4、xAn swer: C解释一下：广播域的问题，在默认的情况下，每个交换机是不能隔离广播域的，所以在同一个区域的所有交换机都在同一个广播域中，但是为了减少广播的危害，将广播限制在一个更小的范围，有了 VLAN的概念，VLAN表示的是一个虚拟的局域网，而他的作用就是隔离广 播。所以被VLAN隔离了的每个区域都表示一个单独的广播域，这样一个VLAN中的广播的流量是不能传到其他的区域的，所以在上题中就有3个广播域了。4. A sin gle 802.11g access point has bee n con figured and in stalled in the cen ter of a squ

5、are office. A few wireless users are experie ncing slow performa nee and drops while most users are operati ng at peak efficie ncy. What are three likely causes of this problem? (Choose three.)A. mismatched TKIP en crypti onB. n ull SSIDC. cordless phonesD. mismatched SSIDE. metal file cab in etsF.

6、antenna type or direct ionAn swer: CEF6. The comma nd frame-relay map ip 102 broadcast was en tered on the router. Which of the followi ng stateme nts is true concerning this comma nd?A. This comma nd should be executed from the global con figurati on mode.B. The IP address i

7、s the local router port used to forward data.C. 102 is the remote DLCI that will receive the information.D. This comma nd is required for all Frame Relay con figuratio ns.E. The broadcast opti on allows packets, such as RIP updates, to be forwarded across the PVC.An swer: E解释一下：关于命令frame-relay map i

8、p 102 broadcast ,这个命令用于手工静态添加一条映射，到达的流量封装一个DLCI号为102，而且这条PVC是支持广播的流 量的，比如RIP的更新包。因为在默认的情况下，帧中继的网络为非广播的，而RIP在其上是无法发包的。8. Which of the following are associated with the application layer of the OSI model? (Choose two.)A. pi ngB. Tel netC. FTPD. TCPE. IPAn swer: BC解释一下：在OSI 7层模型中

9、位于应用层的应用有telnet和ftp这两种应用。9. For security reasons, the network administrator needs to prevent pings into the corporate n etworks from hosts outside the in ternetwork. Which protocol should be blocked with access con trol lists?A. IPB. ICMPC. TCPD. UDPAn swer: B解释一下：PING命令 利用ICMP协议的echo，和echo-replay两个

10、报文来检测链路是否连通的。 所以如果要阻止PING的流量到网络，就只要过滤掉ICMP的应用就可以了。10. Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The adm ini strator has properly con figured switch in terfaces FastEther net0/13 through FastEthernet0/24 to be members of the new VLA

11、N. However, after the network adm ini strator completed the con figurati on, host A could com muni cate with host B, but host A could not com muni cate with host C or host D. Which comma nds are required to resolve this problem?25A. Router(c on fig)# in terface fastether net 0/1.3Router(c on fig-if)

12、# en capsulati on dot1q 3Router(config-if)# ip address B. Router(c on fig)# router ripRouter(co nfig-router)# network Router(co nfig-router)# network Router(co nfig-router)# network C. Switch1# vlan databaseSwitch1(vla n)# vtp v2-modeSwitch1(

13、vla n)# vtp domai n ciscoSwitch1(vla n)# vtp serverD. Switch1(co nfig)# in terface fastethernet 0/1Switch1(c on fig-if)# switchport mode trunkSwitch1(config-if)# switchport trunk encapsulation islAn swer: A解释一下：这是一个多 VLAN间通讯的问题，虽然都同在一台交换机上，但是由于处在不同 的VLAN中，而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能

14、了，在交换机和路由器之间封装TRUNK，这样可以允许交换机间的二层的通讯，但是由于两个VLAN是划分到不同的网段中的，因此需要借助路由器的路由功能来实现三层的可达，可以将 VLAN中的主机的网关指定为路由器与该VLAN相连的子接口的地址，这样VLAN中的数据包就都会发往网关，而由网关来进行进一步的转发。在这个题中，题目给出了路由器的的子接口的网段，而又给出了VLAN 2与路由器相连的接口的IP地址，所以剩下的一个网段就是给VLAN 3的了，所以要在路由器上将与一个子接口划分到VLAN 3，并给其分配另一个网段中的IP地址。这样就可以了。11. What are two recommended

15、ways of protecting network device configuration files from outside n etwork security threats? (Choose two.)A. Allow un restricted access to the con sole or VTY ports.B. Use a firewall to restrict access from the outside to the n etwork devices.C. Always use Telnet to access the device comma nd line

16、because its data is automatically en crypted.D. Use SSH or ano ther en crypted and authe nticated tran sport to access device con figurati ons.E. Prevent the loss of passwords by disabli ng password en crypti on.An swer: BD解释一下：要确保外部的安全的站点才可以访问我的网络，这就涉及到了安全的问题了，我们可以使用防火墙来限制外网中来的设备；也可以通过SSH或加密和认证来控制。

17、12. Refer to the exhibit. The access list has bee n con figured on the S0/0 in terface of router RTB in the outbo und directi on. Which two packets, if routed to the in terface, will be deni ed? (Choose two.) access-list 101 de ny tcp 2 5 any eq tel netaccess-list 101 permit ip an

18、y anyA. source ip address: ; desti nation port: 21B. source ip address:, 7 dest in ation port: 21C. source ip address:, 1 dest in ation port: 21D. source ip address:, 6 dest in ation port: 23E. source ip address: 6; dest in ation port: 23F.

19、 source ip address:, 9 dest in ation port: 23An swer: DE解释一下：这个访问列表定义了两个语句：access-list 101 de ny tcp 2 5 any eq tel netaccess-list 101 permit ip any any在访问列表中匹配的顺序是从上到下，如果匹配了某一句，就退出访问列表，如果没有就一直往下匹配，在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中，他定义的第一句是拒绝到从 2- 192

20、.168.15.47发出的任何的tel net的流 量，然后第二句定义的就是允许所有的 IP流量。而且要明确teln et的流量使用的是端口 23,所 以这个题的答案就很明确了。13. Refer to the exhibit. Switchl has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switchi n

21、g table?HostB/wo門Host AMAC*000A.8A47.E612IP-Fa02HostDHosl CMAC - 000BrB95.2EEIP-2A. Switch1 will add to the switching table.B. Switch1 will add 2 to the switching table.C. Switch1 will add 000A.8A47.E612 to the switching table.D. Switch1 will add 000B

22、.DB95.2EE9 to the switching table.An swer: C解释一下：交换机重新启动了， 这个时候交换机的MAC地址表是空的，当主机A发送数据给 主机C而经过交换机时，交换机根据他的工作的原理他要进行原MAC地址学习，而因为对于这个目的MAC地址无记录，而将这个流量从除收到的这个接口外的所有接口泛洪出去。所 以在最开始的一步中，交换机是记录下主机A的MAC地址000A.8A47.E612到他的MAC地址表中。14. he user of Host1 wants to ping the DSL modem/router at 54. Based

23、on the Host1 ARP table that is shown in the exhibit, what will Host1 do?A. send a uni cast ARP packet to the DSL modem/routerB. send uni cast ICMP packets to the DSL modem/routerC. send Layer 3 broadcast packets to which the DSL modem/router resp ondsD. send a Layer 2 broadcast that is received by H

24、ost2, the switch, and the DSL modem/routerAn swer: B解释一下：在下面的表中我们可以看到ARP表中有关于54的ARP条目，所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?A. /22B. /21C. /22D.

25、/24/24172.160/24/24E. /25172.14128/25/24/24/24An swer: C解释一下：这还是一个关于汇总的问题。要求R1将所有的网段用汇总的条目发送给R2,因为这些条目的网络位是相同的都为172.1，所以在这需要汇总的只是第3个八位，将4, 4, 5,6，7这些写成二进制的形式，然后找出相同的位数，则有相同位数的字节就是他们的掩码 的位数，而最小的有相同位的最小的数字就是他们的基数位，所以R1通告出去 汇总的条目为

26、/22。16. Refer to the exhibit. Assume that all router in terfaces are operatio nal and correctly con figured. In additi on, assume that OSPF has bee n correctly con figured on router R2. How will the default route con figured on R1 affect the operati on of R2?A. Any packet desti ned for a n etwork th

27、at is not directly conn ected to router R1 will be dropped.B. Any packet desti ned for a n etwork that is not directly conn ected to router R2 will be dropped immediately.C. Any packet desti ned for a n etwork that is not directly conn ected to router R2 will be dropped immediately because of the la

28、ck of a gateway on R1.D. The n etworks directly conn ected to router R2 will not be able to com muni cate with the , 28, and 4 sub networks.E. Any packet desti ned for a n etwork that is not referenced in the routi ng table of router R2 will be directed to R1. R1

29、will the n send that packet back to R2 and a routi ng loop will occur.An swer: E解释一下：在R1上产生了一个OSPF的缺省路由，出接口指定为S0/0,这条缺省路由以5类LSA 的形式通告给了 R2，于是R2上也有了一条标记为 O*E2 /0出接口为 SerialO/O的路由。所以R2收到任何路由表中没有的目的网段时，就将指定给R1，而R1根据缺省路由的出接口又将数据包发往R2，这样就形成了一个路由的环路。17. A n etwork in terface port has collisi on det

30、ect ion and carrier sensing en abled on a shared twisted pair n etwork. From this stateme nt, what is known about the n etwork in terface port?A. This is a 10 Mb/s switch port.B. This is a 100 Mb/s switch port.C. This is an Ether net port operat ing at half duplex.D. This is an Ether net port operat

31、i ng at full duplex.E. This is a port on a n etwork in terface card in a PC.An swer: C解释一下：一个接口有冲突检测和载波侦听，而且是使用双绞线的网络，那么对于这个接口我们可以推测出他是以太接口，而且是工作在半双工的模式下。10 10.0020. Refer to the topology and router configuration shown in the graphic. A host on the LAN is access ing an FTP server across the Intern e

32、t. Which of the follow ing addresses could appear as a source address for the packets forwarded by the router to the desti nati on server?Interfaca- SeriaKip address 200 2 2 IB f66 255 256262 ip natcutaidflSI; 200.12 18/30 laO. 10J 0,0.1/21 side1intarfsce F BsrEtnemetotpMd僧踽 WJO.OJ 255.255J55,0 ip n

33、*t irrndespted autoip 冷H pul199 99 WO 199 99 9 62 “EmK 2S5 26626.221ip nat invld* vouro M ll pool twtip fOutttDC.DOOOOO2002.2.171 0 00.0.255A. B. C. 3D. 7E. 7F. 8An swer: D解释一下：这是个 NAT地址转换的题目，在这fO/O接口连接下的为私有的地址，这些地址是 不能同外网进行通讯的，这时就借助NAT,将内网的私有地

34、址转换为可以在公网上通讯的地址，我们看到NAT POOL中定义的转换后的公有地址为0到2，则表示这段地址是我转换后的内网全局地址，所以HOST想要穿过INTERNET访问FTP服务器，则需要转换为公有地址0到2之内的地址，在上面的答案中只有地址 7满足条件，所以答案就是D 了。21. A company is installing IP phones. The phones and office computers connect to the same device. To en sure m

35、aximum throughput for the phone data, the compa ny n eeds to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best n etwork device to which to directly connect the pho nes and computers, and what tech no logy should be impleme nted

36、 on this device? (Choose two.)A. hubB. routerC. switchD. STPE. sub in terfacesF. VLANAn swer: CF解释一下：公司的语音设备和办公的设备都连在相同的设备上，还要确保语音的数据流在不同与公司的办公的数据流量，最好的网络设备当然是交换机了，然后利用VLAN的技术就完全可以满足所有的要求了。22. Refer to the exhibit. Which statement describes DLCI 17?A. DLCI 17 describes the ISDN circuit between R2 an

37、d R3.B. DLCI 17 describes a PVC on R2. It cann ot be used on R3 or R1.C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.An swer: C解释一下：DLCI是在Frame-relay中的描述二层信息的地址， 他的地位等同于以太网中的 MAC 地址。我们以R2上的DLCI 17来看

38、，DLCI 17描述的是：从这个接口出去的目的地为R3的接口的这条PVC的二层的地址为17。23. Which routing protocol by default uses bandwidth and delay as metrics?A. RIPB. BGPC. OSPFD. EIGRPAn swer: D解释一下：在我们的路由协议中使用复合度量的协议只有IGP和EIGPR，而他们在默认的情况下是使用带宽和延时来计算度量的。25. In the impleme ntati on of VLSM tech niq ues on a n etwork using a sin gle Clas

39、s C IP address, which sub net mask is the most efficie nt for poin t-to-po int serial li nks?A. B. 40C. 48D. 52E. 54An swer: D解释一下：在点到点的链路上因为只需要分配两个地址给两端就可以了，所以加上网络地址和广播地址，这个网段也就只需要有4个地址了，所以网络位需要匹配30位,掩码就为52 .26. Refer to

40、the exhibit. The networks connected to router R2 have been summarized as a/21 route and sent to R1. Which two packet dest in ation addresses will R1 forward to R2? (Choose two.)OtherNetworksA. 60B. 1C. D. 55E. F. 192.168.1

41、84.45An swer: BE解释一下：这个题其实就是考察的汇总的问题，他说的意思是R2发送了一个汇总的路由/21给R1，哪两个包文的目的地 R1仍将转发给R2。这还是汇总的问题的一个反 向的考察，根据21位的掩码位数可以推断在第 3个八位字节的前5位是相同的，不同的是后面 的3位，而将176写成二进制的形式为1011 0000,所以可以看出来明细的路由可以是176-183，所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。27. Refer to the exhibit. Switch-1 needs to send data to a host wit

42、h a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data?Sitch-1# show mac address-tableDynamic Addresses Count3Secure Addresses (User-defined) Count 0 s怕tic(Jser-defined) Cunt UresdressSystem Self Addresses Count Total MacNon-staticDetiriNDcin AddrE Address Type VLAN Destination Port

43、Fas-tEtherrietC/1FastEthemetC/3FastEthemeO2CI01D DdeO e?89_Dynamic3010 7bD0 1510DynarricDOW 7b00 1545CtynamicA. Switch-1 will drop the data because it does not have an entry for that MAC address.B. Switch-1 will flood the data out all of its ports except the port from which the data origi nated.C. S

44、witch-1 will send an ARP request out all its ports except the port from which the data originated.D. Switch-1 will forward the data to its default gateway.An swer: B解释一下：首先Switch 1需要发送一个数据到 MAC地址为00b0.d056.efa4的主机，了解到目的 地后，就查看他的MAC地址表，然后发现在 MAC地址表中没有这个 MAC地址的条目存在。 交换机在收到未知的单播，组播和广播时，都采用的是泛洪的方式，往除收到数

45、据的这个接 口外的所有接口都发送。所以在这儿，Switch 1也采取的上泛洪的方式。28. wo routers n amed Atla nta and Brevard are conn ected by their serial in terfaces as show n in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct configuration. Given the partial configurations show

46、n in the exhibit, what is the problem on the Brevard router that is caus ing the lack of conn ectivity?A. A loopback is not set.B. The IP address is in correct.C. The sub net mask is in correct.D. The serial line en capsulati ons are in compatible.E. The maximum tran smissi on un it (MTU) size is to

47、o large.F. The ban dwidth setti ng is in compatible with the conn ected in terface.An swer: B解释一下：很明显的错误啊，两台路由器的串行接口的地址配置错误，不是在相同的网段， 从而导致了不能通讯。29. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)A. amou nt of RAMB. bridge priorityC. IOS versionD. IP addressE

48、. MAC addressF. speed of the linksAn swer: BE解释一下：生成树的选举的问题，根桥的选举是通过比较BID的，而BID由桥优先级和MAC地址组成的.所以在选根桥的时候需要比较的是桥优先级和MACaddresso30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the n etwork segme nt that services the prin ters?A. SwitchlB. Switch2C. Switch3D. S

49、witch4An swer: C解释一下：这是个关于生成树选举的问题， 我们首先需要找到根桥， 而根桥的选举是通过比 较桥ID的，而且是越小越优先，桥ID的组成为桥优先级和 MAC地址。所以我们通过上图可以 找到根桥为switch 1。然后在非根桥上选出根端口，通过比较到根桥的花费来选举的，花费最小的就是根端口。因为上图中没有表示出链路的带宽，所以无法比较他们的花费。下一步我们来选举指派端口。每条链路都需要有一个DP,先是比较花费，如果花费相同则比较BID （桥优先级），仍是越小越优先，根据上图的表识，我们可以找到每条链路上的DP，而连Printers的链路上的DP就为Switch 3，因为他

50、有更小的 MAC地址。32. Refer to the exhibit. Why would the n etwork admi nistrator con figure RA in this manner?10*1251(MZ3 10JJJ 10 4.1210.L1JF?A(confiQ)* access list 2 pennit 55RA(gntie# line vty 0 4 RWcanTiGbilneff accessias 2 inA. to give stude nts access to the InternetB. to preve nt st

51、ude nts from access ing the comma nd prompt of RAC. to preve nt adm ini strators from access ing the con sole of RAD. to give adm ini strators access to the InternetE. to preve nt stude nts from access ing the InternetF. to preve nt stude nts from access ing the Adm in n etworkAn swer: B解释一下：在这儿，将AC

52、L应用到VTY线路下，而且是IN的方向，表示凡是被我的ACL允许的才能tel net到我.在RA上配置的是permit 55根据隐式的de ny any允许A dmin的网段中的用户可以tel net到他，所以S tude nt的网段中的用户是被拒绝的.33. In order to allow the establishme nt of a Telnet sessi on with a router, which set of comma nds must be con figured?A. router(c on fig)# line con sole 0r

53、outer(c on fig-li ne)# en able password ciscoB. router(c on fig)# line con sole 0router(c on fig-li ne)# en able secret ciscorouter(c on fig-li ne)# logi nC. router(c on fig)# line con sole 0router(c on fig-li ne)# password ciscorouter(c on fig-li ne)# logi nD. router(c on fig)# line vty 0router(c o

54、n fig-li ne)# en able password ciscoE. router(c on fig)# line vty 0router(c on fig-li ne)# en able secret ciscorouter(c on fig-li ne)# logi nF. router(c on fig)# line vty 0router(c on fig-li ne)# password ciscorouter(c on fig-li ne)# logi nAn swer: F解释一下：teln et是一个应用层的应用，他使用的是vty线路，而且在默认的情况下，是需要访问的线

55、路下设有密码的。而在VTY线路下设置密码的命令为passwork string ,而VTY线路下的另一个命令login则是默认的，可写也可不写。如果想 Telnet时在VTY线路下不设置密码 也可以访问这个线路，可以在该VTY线路下输入命令no login。34. Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The serial n etwork betwee n the two devices has a mask of 52.

56、Give n the output that is show n, what three stateme nts are true of these devices? (Choose three.)A. The Ma nchester serial address is .B. The Man chester serial address is .C. The Lon don router is a Cisco 2610.D. The Ma nchester router is a Cisco 2610.E. The CDP in formati on was

57、received on port SerialO/O of the Man chester router.F. The CDP information was sent by port Serial0/0 of the London router.An swer: ACE解释一下：CDP是CISCO私有的一个二层的协议，但是他却可以发现三层的IP信息的.通过CDP可以发现的邻居的信息有：设备的名称，IP地址，端口，能力，平台，对端的holddown time .在上图的show cdp entry *命令的显示可以看到的信息有：设备名称：L ondon ;IP 地址：;平台：cisco 2610;能力：Router;端口： s0/1; holdtime : 1 2 5S.M anc