CCNA640-802题库解析
CCNA640-802题库解析–访问控制列表(ACL)
?本文主要结合例题描述ACLs的作用和类型,基于网络过滤要求配置和应用ACLs。
?What are two reasons that a network administrator would use access lists? (Choose two.)
?A:to control vty access into a router
?B:to control broadcast traffic through a router
?C:to filter traffic as it passes through a router
?D:to filter traffic that originates from the router
?E:to replace passwords as a line of defense against security incursions
?Correct Answers: A, C
?在路由器上设置访问控制列表的目的是:控制用户的访问和过滤通过路由器的流量.
?What is the effect of the following access list condition?
?access-list 101 permit ip 10.25.30.0 0.0.0.255 any
?A: permit all packets matching the first three octets of the source address to all destinations
?B: permit all packets matching the last octet of the destination address and accept all source addresses
?C: permit all packets from the third subnet of the network address to all destinations
?D: permit all packets matching the host bits in the source address to all destinations
?E: permit all packets to destinations matching the first three octets in the destination address
?Correct Answers: A
?这是一个扩展的访问控制列表,他可以基于源和目的进行匹配,10.25.30.0 0.0.0.255匹配的是源地址凡是在这个范围的都被匹配了,而目的用的是any,表示任何。意思是从10.25.30.0/24的地址范围内的任何IP都可以访问任何的网段。
?What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)
?A:protocol
?B:VLAN number
?C:TCP or UDP port numbers
?D:source switch port number
?E:source IP address and destination IP address
?F:source MAC address and destination MAC address
?Correct Answers: A, C, E
? 1.标准访问控制列表,针对源地址对流量进行过滤
? 2.扩展访问控制列表,针对源或者目标地址、协议、TCP或者UDP端口号对流量进行过滤?Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server.
What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.)
?
?A:access lists
?B:encrypted router passwords
?C:STP
?D:VLANs
?E:VTP
?F:wireless LANs
?Correct Answers: A, D
?首先根据不同的部门划分3个VLAN,office1 shipping production.由于CEO Mgr1 mgr2属于不同的VLAN,因此需要配置访问列表access lists控制其它主机对Payroll Server 的访问.
?An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?
?
?A: access-list 10 permit 172.29.16.0 0.0.0.255
?B: access-list 10 permit 172.29.16.0 0.0.1.255
?C: access-list 10 permit 172.29.16.0 0.0.3.255
?D: access-list 10 permit 172.29.16.0 0.0.15.255
?E: access-list 10 permit 172.29.0.0 0.0.255.255
?Correct Answers: C
?用一个单独的语句来匹配上面写出的四条ACL,也就一一个汇总的问题,将172.29.16.0/24,172.29.17.0/24, 172.29.18.0/24, 172.29.19.0/24进行汇总,将他们的第3个八字节以二进制展开,相同的位作为他们的汇总的条目,然后计算他们的掩码位数为多少,所以这四个条目汇总到一个条目为172.29.16.0/22,掩码用通配符来写应该是0.0.3.255。
?Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)
?access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
?access-list 101 permit ip any any
?
?A:source ip address: 192.168.15.5; destination port: 21
?B:source ip address:, 192.168.15.37 destination port: 21
?C:source ip address:, 192.168.15.41 destination port: 21
?D:source ip address:, 192.168.15.36 destination port: 23
?E:source ip address: 192.168.15.46; destination port: 23
?F:source ip address:, 192.168.15.49 destination port: 23
?Correct Answers: D, E
?通过访问控制列表的配置信息,可以推算出被拒绝的网络范围是: 192.168.15.32
0.0.0.15
?即:192.168.15.32/28 —192.168.15.32~192.168.15.47 只要是位于该网段内的主机对外发出的telnet请求都将被拒绝,telnet的端口号为23.
?Refer to the exhibit. Why would the network administrator configure RA in this
manner
?A: to give students access to the Internet
?B: to prevent students from accessing the command prompt of RA
?C: to prevent administrators from accessing the console of RA
?D: to give administrators access to the Internet
?E: to prevent students from accessing the Internet
?F: to prevent students from accessing the Admin network
?Correct Answers: B
?在这儿,将ACL应用到VTY线路下,而且是IN的方向,表示凡是被我的ACL允许的才能telnet到我.在RA上配置的是permit 10.1.1.0 0.0.0.255根据隐式的deny any允许Admin的网段中的用户可以telnet到他,所以Student的网段中的用户是被拒绝的.
?An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router?
?
?A: permit ip any any
?deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
?B: permit ip any any
?deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
?C: deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
?permit ip any any
?D: deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
?permit ip any any
?Correct Answers: D
?因为HTTP服务是通过TCP建立连接,所以拒绝掉accounting部门子网所有通过80接口的TCP请求,并且拒绝掉HR服务器对accounting部门的TCP连接请求.
CCNA640-802题库解析–EIGRP协议
分类:CCNA, Cisco | 点击量240次| 给我留言
?本文主要结合例题讲解EIGRP协议的定义,配置和检错。
?Which routing protocol by default uses bandwidth and delay as metrics?
?A: RIP
?B: BGP
?C: OSPF
?D: EIGRP
?Correct Answers: D
?RIP使用跳数做为度量值;BGP使用复杂的路径属性来做为度量值;OSPF使用带宽做为度量值;在我们的路由协议中使用复合度量的协议只有IGP和EIGPR,他们在默认的情况下是使用带宽和延时来计算度量的。
?
?Which tables of EIGRP route information are held in RAM and maintained through the use of hello and update packets? (Choose two.)
?A:neighbor table
?B:SPF table
?C:RTP table
?D:topology table
?E:query table
?F:DUAL table
?Correct Answers: A, D
?在EIGRP路由中,只有邻居表与拓扑表能存储在RAM中,并且通过使用hello包与报文更新进行互连.
?What can be determined from the router output shown in the graphic?
?
?A: 200.1.1.64 is a default route.
?B: The output shows that there are three default routes.
?C: The output came from router R2.
?D: The output came from a router that has four physical interfaces.
?E: EIGRP is in use in this network.
?Correct Answers: E
?简单点就是,因为在路由标记上有一个D,表示这条路由是从EIGRP学到的,所以肯定是有EIGRP运行在网络中的。接下来我们来仔细看每一条的输出:从
200.1.1.192/26 是直连lo0口的,可以推断出这个信息是R1上的信息。D
200.1.1.0/24 is a summary ,NUllo:表示这是一条汇总的EIGRP的路由。S*
0.0.0.0/0 is directly connected, serial1:表示这是一条缺省的路由,出接口为
serial。这样应该就很明白了。
?Which statements are true about EIGRP successor routes? (Choose two.)
?A:A successor route is used by EIGRP to forward traffic to a destination.
?B:Successor routes are saved in the topology table to be used if the primary route fails.
?C:Successor routes are flagged as “active” in the routing table.
?D:A successor route may be backed up by a feasible successor route.
?E:Successor routes are stored in the neighbor table following the discovery process.
?Correct Answers: A, D
?EIGRP的successor路径是他选出的最优的路径,路由器将选择这条路径到达目的地。
而feasible successor 则是successor的备份的路径,如果successor路径出了问题,就立即将feasible successor路径转为successor路径转发数据。EIGRP学习到的路由是由邻居发送的,一条正确的路由可能被失效的路由器所终止,而无法正确被其它路由器学习到。
?Refer to the exhibit. How will router A choose a path to the 10.1.2.0/24 network when different routing protocols are configured? (Choose three.)
?
?A:If RIPv2 is the routing protocol, only the path AD will be installed in the routing table by default.
?B:If RIPv2 is the routing protocol, the equal cost paths ABD and ACD will be installed in the routing table by default.
?C:If EIGRP is the routing protocol, only the path AD will be installed in the routing table by default.
?D:If EIGRP is the routing protocol, the equal cost paths ABD and ACD will be installed in the routing table by default.
?E:If EIGRP and OSPF are both running on the network, the EIGRP paths will be installed in the routing table.
?F:If EIGRP and OSPF are both running on the network, the OSPF paths will be installed in the routing table.
?Correct Answers: A, D, E
?RIP是通过跳数来选择路径的,虽然abd,acd的带宽比ad高很多,但是ad的跳数只有2跳所以只有AD将被放在路由表表里面
?EIGRP是通过成本来选择路径而带宽包括在里面,所以它会选择abd和acd走并且负载均衡
?因为EIGRP的度量值比OSPF的要低所以路由器会优先选择度量值低的路由协议通告来的条目,所以通过EIGRP学习到的条目会被放在路由表中,而通过OSPF学习来的条目不会放入路由表.
?Refer to the exhibit. Why does RouterA show multiple unequal cost paths to network 192.168.81.0/24?
?
?A: A variance was configured for EIGRP autonomous system 109.
?B: The EIGRP topology table displays all routes to a destination.
?C: The EIGRP topology table shows only backup routes to a destination.
?D: Multiple floating static routes were configured to network 192.168.81.0 via interface Serial0.
?Correct Answers: B
?EIGRP不能显示所有的路由信息,它会根据成本不停的调整刷新.
?IP addresses and routing for the network are configured as shown in the exhibit.
The network administrator issues the show ip eigrp neighbors command from Router1 and receives the output shown below the topology. Which statement is true?
?
?A: It is normal for Router1 to show one active neighbor at a time to prevent routing loops.
?B: Routing is not completely configured on Router3.
?C: The IP addresses are not configured properly on the Router1 and Router3 interfaces.
?D: The no auto-summary command configured on the routers prevents Router1 and Router2 from forming a neighbor relationship.
?Correct Answers: B
在R3上只公告了192.168.2.0和10.0.0.0的网段,也只激活了接口S1和10.0.4.0的接口,而接口s0没有激活,因此R3与R1之间是无法建立邻居的。虽然R1会向R3的S0口发EIGRP的Hello包,但是R3是无法回复的。所以在R1上看到的EIGRP的邻居只有192.168.1.2。
CCNA640-802题库解析–OSPF中的选举
分类:CCNA, Cisco | 点击量141次| 给我留言
?本文主要讲解OSPF协议中的DR/BDR,RID选举过程。
?On which types of network will OSPF elect a backup designated router?
?A: point-to-point and multiaccess
?B: point-to-multipoint and multiaccess
?C: point-to-point and point-to-multipoint
?D: nonbroadcast and broadcast multipoint
?E: nonbroadcast and broadcast multiaccess
?Correct Answers: E
?DR,BDR的选举是在一个共享介质下才需要进行的,我们的广播和非广播都是需要选举DR和BDR的。
?
?Refer to the exhibit. Router1 was just successfully rebooted. Identify the current OSPF router ID for Router1.
?
?A: 190.172.32.10
?B: 208.149.23.162
?C: 208.149.23.194
?D: 220.173.149.10
?Correct Answers: C
?Router1刚刚完成重启,此时OSPF进程开始决定Router1的Router-ID.Router-ID的选举规则如下:
? 1.在所有激活的接口中选择
? 2.比较loopback接口的IP数值大小
? 3.如果没有loopback接口,那么就比较所有物理接口的IP数值大小.
? A network administrator is configuring the routers in the graphic for OSPF. The OSPF process has been started and the networks have been configured for Area
0 as shown in the diagram. The network administrator has several options for
configuring RouterB to ensure that it will be preferred as the designated router (DR) for the 172.16.1.0 /24 LAN segment. What configuration tasks could be used to establish this preference? (Choose three.)
?
?A:Configure the priority value of the Fa0/0 interface of RouterB to a higher value than any other interface on the Ethernet network.
?B:Change the router id of Router B by assigning the IP address 172.16.1.130/24 to the Fa0/0 interface of RouterB.
?C:Configure a loopback interface on RouterB with an IP address higher than any IP address on the other routers.
?D:Change the priority value of the Fa0/0 interface of RouterB to zero.
?E:Change the priority values of the Fa0/0 interfaces of RouterA and RouterC to zero.
?F:No further configuration is necessary.
?Correct Answers: A, C, E
?OSPF中的共享介质下是需要选举DR和BDR的,而这个选举的过程是通过比较优先级和RID来实现的。优先级越高的越优先选举成为DR,优先级为0的接口是不参加DR的选举的,如果优先级相同就比较他们的RID,RID越大的越优先。RID的选举过程是:手工指定的最为优先,如果没有手工指定RID,则比较路由器上活动接口的IP 地址,如果有回环口就选用回环口IP地址最大的地址作为RID,如果没有回环口,就选用物理接口地址中最大的IP地址为RID这个题中需要确保Router B成为网络
172.16.1.0/24的DR,根据上面的解释可以看出,让他成为DR的方式有:改Router B的f0/0的优先级为最大的;改172.16.1.0/24网段上的其他接口的优先级为0;设置Router B的RID最大。
?Refer to the exhibit. Router1 was just successfully rebooted. Identify the current OSPF router ID for Router1.
?
? A. 190.172.32.10 B. 208.149.23.162 C. 208.149.23.194 D. 220.173.149.10 Answer: C
?这是个关于OSPF的RID的选举的问题。在OSPF中,RID的选举过程是这样的:如果通过命令router-id 来指定一个RID,那么就采用手工指定的这个RID;如果没有
手工指定,则在可以使用的接口中来选举,他是优先采用回环口的,如果只有一个回环口,就采用这个回环口的IP作为RID,如果有多个回环口,就采用这多个回环口中IP 地址最大的作为RID;如果没有回环口,就采用物理接口中IP地址最大的接口IP作为RID。在上面的图中可以看到有两个回环口,而Loopback1的IP更大,所以
208.149.23.194就做为RID了。
CCNA640-802题库解析–OSPF协议
分类:CCNA, Cisco | 点击量176次| 给我留言
?本文主要结合例题讲解OSPF协议的概念,定义以及配置,检错。
?The OSPF Hello protocol performs which of the following tasks? (Choose two.)?A:It provides dynamic neighbor discovery.
?B:It detects unreachable neighbors in 90 second intervals.
?C:It maintains neighbor relationships.
?D:It negotiates correctness parameters between neighboring interfaces.
?E:It uses timers to elect the router with the fastest links as the designated router.
?F:It broadcasts hello packets throughout the internetwork to discover all routers that are running OSPF.
?Correct Answers: A, C
?HELLO协议在OSPF网络中的功能:
? 1.邻居动态发现(neighbor discovery)
? 2.邻居关系维持(neighbor keepalive)
? A routing protocol is required that supports:
?1) routing update authentication
?2) an addressing scheme that conserves IP addresses
?3) multiple vendors
?4) a network with over 50 routers
?Which routing protocol fulfills these requirements?
?A: RIPv1
?B: RIPv2
?C: EIGRP
?D: OSPF
?Correct Answers: D
?首先RIPv1是不支持认证的,因此答案A我们可以排除。是支持多厂商的,因此是一个开放的标准的协议,可以排除EIGPR,因为这是个CISCO私有的协议。网络的大小可以超过50台路由器,那RIPv2就不满足了,因为RIP最大支持16跳。那么答案就是OSPF了。
?On point-to-point networks, OSPF hello packets are addressed to which address??A: 127.0.0.1
?B: 172.16.0.1
?C: 192.168.0.5
?D: 223.0.0.1
?E: 224.0.0.5
?F: 254.255.255.255
?Correct Answers: E
?在OSPF中Hello包发向的是224.0.0.5和224.0.0.6这两个地址的。大家在做OSPF 实验的时候,用debug命令是可以看到这两个个地址的。
?Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two.)
?A:It is locally significant.
?B:It is globally significant.
?C:It is needed to identify a unique instance of an OSPF database.
?D:It is an optional parameter required only if multiple OSPF processes are running on the router.
?E:All routers in the same OSPF area must have the same process ID if they are to exchange routing information.
?Correct Answers: A, C
?OSPF的进程号只在本地有效。在一台路由器上需要为每个进程维护各自的OSPF数据库。
?Refer to the exhibit. Why are two OSPF designated routers identified on Core_Router?
?
?A: Core_Router is connected to more than one multiaccess network.
?B: The router at 208.149.23.130 is a secondary DR in case the primary fails.?C: Two router IDs have the same OSPF priority and are therefore tied for DR election.
?D: The DR election is still underway and there are two contenders for the role.?Correct Answers: A
?我们看上图显示Core_Router有多个邻居,进行了DR/BDR选举,它连接的是多路访问网络。
? A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot establish an adjacency relationship on their common Ethernet link. The graphic shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the cause of this problem?
?
?A: The OSPF area is not configured properly.
?B: The priority on R1 should be set higher.
?C: The cost on R1 should be set higher.
?D: The hello and dead timers are not configured properly.
?E: A backup designated router needs to be added to the network.
?F: The OSPF process ID numbers must match.
?Correct Answers: D
?OSPF邻居建立过程中有几个参数是需要严格匹配的:Hello time和dead time,Area id, MTU,特殊区域标识符。然后比较图中的R1和R2的内容可以看到他们的Hello time 和dead time是不同的,因此他们的邻居关系是无法建立的。
?Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly
configured on router R2. How will the default route configured on R1 affect the operation of R2?
?
?A: Any packet destined for a network that is not directly connected to router R1 will be dropped.
?B: Any packet destined for a network that is not directly connected to router R2 will be dropped immediately.
?C: Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1.
?D: The networks directly connected to router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks.
?E: Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur.
?Correct Answers: E
?在R1上产生了一个OSPF的缺省路由,出接口指定为S0/0,这条缺省路由以5类LSA 的形式通告给了R2,于是R2上也有了一条标记为O*E2 0.0.0.0/0 出接口为
Serial0/0的路由。所以R2收到任何路由表中没有的目的网段时,就将指定给R1,而R1根据缺省路由的出接口又将数据包发往R2,这样就形成了一个路由的环路。
?Refer to the exhibit. A network associate has configured OSPF with the command:?City(config-router)# network 192.168.12.64 0.0.0.63 area 0
?After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement?
(Choose three.)
?
?A:FastEthernet0 /0
?B:FastEthernet0 /1
?C:Serial0/0
?D:Serial0/1.102
?E:Serial0/1.103
?F:Serial0/1.104
?Correct Answers: B, C, D
?根据City(config-router)# network 192.168.12.64 0.0.0.63 area 0,可以得知:?Ospf进程只advertisement了 192.168.12.64-192.168.12.127的接口地址,f0/1、s0/0、s0/1.102的IP地址都在此范围内。
CCNA640-802题库解析–RIPv1和RIPv2的区别
分类:CCNA, Cisco | 点击量223次| 给我留言
?本文主要是结合例题讲解RIPv1和RIPv2的区别。
?Which three statements are correct about RIP version 2? (Choose three.)
?A:It has the same maximum hop count as version 1.
?B:It uses broadcasts for its routing updates.
?C:It is a classless routing protocol.
?D:It has a lower default administrative distance than RIP version 1.
?E:It supports authentication.
?F:It does not send the subnet mask in updates.
?Correct Answers: A, C, E
?关于RIPv2,首先要了解他是一个无类的路由协议,在发送路由更新的时候是携带掩码的。
?他的metric的计算方式和RIPv1的相同,仍然是根据跳数的,但是他的跳数范围扩大了,RIPv1的为16跳,而RIPv2的为255跳。
?RIPv1是以广播的形式发送更新的,在RIPv2中采用的是组播,地址为224.0.0.9。
?RIPv2是支持认证的,而在RIPv1中是没有这个功能的。
?RIPv2是可以关闭自动汇总的,而在RIPv1中是不能关闭的。
?Which three statements describe the differences between RIP version 1 and RIP version 2? (Choose three.)
?A:RIP version 1 broadcasts updates whereas RIP version 2 uses multicasts.
?B:RIP version 1 multicasts updates while RIP version 2 uses broadcasts.
?C:Both RIP version 1 and RIP version 2 are classless routing protocols.
?D:RIP Version 2 is a classless routing protocol whereas RIP version 1 is a classful routing protocol.
?E:Both RIP version 1 and version 2 support authentication.
?F:RIP version 2 sends the subnet mask in updates and RIP version 1 does not.
?Correct Answers: A, D, F
?RIPV1发送广播路由更新,RIPV2采用组播路由更新
?RIPV2是无类路由选择协议,RIPV1是有类路由选择协议
?RIPV2发送带子网掩码的路由更新条目,RIPV1在发送更新时不带子网掩码
?Refer to the exhibit. What is the most likely reason for the disparity between the actual network numbers at the branches and the routes in the routing table on Gateway_Router?
?
?A: Gateway_Router is configured to receive only RIPv1 updates.
?B: Gateway_Router is configured to only receive RIPv2 updates.
?C: Branch_Router2 is configured to send both RIPv1 and RIPv2 updates.
?D: Branch_Router1 is configured to only send RIPv1 updates.
?Correct Answers: D
?我们看路由表信息,一条汇总路由208.149.23.0/24,因为RIPv1有类的,更新包中不含掩码,不支持VLSM 。
CCNA640-802题库解析–Rip协议
分类:CCNA, Cisco | 点击量160次| 给我留言
?本文主要结合例题讲解RIP协议的定义,配置,检查和排错。
?Refer to the exhibit. The network shown in the exhibit is running the RIPv2 routing protocol. The network has converged, and the routers in this network are functioning properly. The FastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this network respond to this change? (Choose two.)
?
?
?A:All routers will reference their topology database to determine if any backup routes to the 192.168.1.0 network are known.
?B:Routers R2 and R3 mark the route as inaccessible and will not accept any further routing updates from R1 until their hold-down timers expire.
?C:Because of the split-horizon rule, router R2 will be prevented from sending erroneous information to R1 about connectivity to the 192.168.1.0 network.
?D:When router R2 learns from R1 that the link to the 192.168.1.0 network has been lost, R2 will respond by sending a route back to R1 with an infinite metric to the 192.168.1.0 network.
?E:R1 will send LSAs to R2 and R3 informing them of this change, and then all routers will send periodic updates at an increased rate until the network again converges.
?Correct Answers: C, D
?这涉及到RIP关于环路避免的几种机制了。在这里R1的直连的链路发生了变化,立即触发更新(触发更新),发送flash update出去,将这个条目置为possible down,设置最大跳数(路由毒性),R2收到这个flash update后,也回复一个flash update 包(毒性逆转),同时将这个条目也置为possible down,设置最大跳数。