思科第四期第四章答案

1从什么物理位置起，WAN 连接从由用户负责变为由服务提供商负责？非军事区(DMZ)分界点本地环路网云2一名技术人员正编辑ACL 115，并将其重新应用到路由器，在将ACL 重新应用到路由器时向其中添加access-list 115 permit tcp any 172.16.0.0 0.0.255.255 established命令会产生什么结果？会允许所有来自172.16.0.0/16 的流量。

会允许所有发往172.16.0.0/16 的TCP 流量。

会允许任何发送至172.16.0.0/16 的SYN 数据包。

会允许对网络172.16.0.0/16 所发出流量响应。

3请参见图示。

网络管理员对Router1 和Router2 上发出图示中的命令。

但其后在检查路由表时发现，两个路由器均不能获知相邻路由器的LAN 网络。

RIPng配置最可能发生什么问题？串行接口处于不同的子网上。

接口上未启用RIPng 进程。

Router1 和Router2 的RIPng 进程不匹配。

IPv6 RIP 配置中缺少RIPng network命令。

4参见图示。

网络管理员创建一个标准访问控制列表，以禁止从网络192.168.1.0/24 访问网络192.168.2.0/24 并允许所有网络访问Internet。

应该在哪个路由器接口和方向上应用该列表？Fa0/0 接口，入站Fa0/0 接口，出站Fa0/1 接口，入站Fa0/1 接口，出站5系统管理员必须为某个小型远程办公室中的十台主机提供Internet 连接。

ISP 已为该远程办公室分配了两个公有IP 地址。

系统管理员如何配置路由器才能让十位用户全部同时接入Internet？配置DHCP 和静态NAT。

为十名用户配置动态NAT。

为全部十名用户配置静态NAT。

配置带过载的动态NAT。

6请参见图示。

R1 针对内部网络10.1.1.0/24 执行NAT 过载。

主机A 向web 服务器发送了一个数据包。

思科练习题答案在本文中，我将为您提供思科练习题的答案。

这些答案旨在帮助您更好地理解和应用思科网络技术。

请一起来看看吧！第一题问题：什么是子网掩码？它的作用是什么？答案：子网掩码是一个32位长的二进制数字，用于确定一个IP地址中哪些位用于网络地址，以及哪些位用于主机地址。

它的作用是帮助划分IP地址，将一个大网络划分为多个小网络，以提高网络的安全性和效率。

第二题问题：请解释什么是VLAN？答案：VLAN（Virtual Local Area Network）是一种将网络设备按逻辑上的需求进行逻辑划分的技术。

通过VLAN，可以将不同的设备划分到不同的虚拟网络中，实现逻辑上的隔离和管理。

这样可以提高网络的可管理性和安全性。

第三题问题：请列举一些常见的网络设备。

答案：常见的网络设备包括路由器、交换机、网关、防火墙等。

路由器用于在不同网络之间进行数据转发和路由选择；交换机用于在局域网中转发数据包；网关用于连接不同类型的网络；防火墙用于保护网络免受恶意攻击。

第四题问题：请解释什么是IP地址？IP地址的分类有哪些？答案：IP地址（Internet Protocol Address）是互联网中用于标识设备的地址。

它由32位的二进制数字组成，通常表示为四个十进制数，每个数的取值范围为0-255。

IP地址的分类主要有A类、B类、C类、D类和E类。

其中，A类地址用于大型网络，B类地址用于中型网络，C类地址用于小型网络，D类地址用于多播，E类地址为保留地址。

第五题问题：请解释什么是动态主机配置协议（DHCP）？答案：动态主机配置协议（DHCP）是一种网络协议，用于自动分配IP地址给网络上的设备。

通过DHCP，设备可以在加入网络时自动获取一个可用的IP地址、子网掩码、网关等网络配置信息，从而实现网络的自动化配置和管理。

总结：通过本文，我们回答了几个与思科网络技术相关的练习题。

我们了解了子网掩码的作用，学习了VLAN的概念，认识到了常见的网络设备，了解了IP地址的分类以及动态主机配置协议（DHCP）的工作原理。

第四章考试答案1. 而消极的环境因素清理电脑内减少吗?•灰尘•EMI•生锈•防静电2. 哪个组件可以很容易地受到的直接喷射压缩空气清理电脑机箱内部的什么时候?•风扇•散热器•电力供应•CPU•电缆连接器3. 在生产地板,家具工厂笔记本电脑过程监测和报告。

生产楼环境是80华氏度(27摄氏度)左右。

湿度水平相当高70%左右。

空气循环风扇安装在天花板上。

木粉是普遍的。

这条件是最有可能影响在这种环境下使用的一台笔记本电脑吗?•温度•湿度•空气流•尘埃4. 蔬菜罐头工厂生产线使用笔记本电脑的监控。

生产环境有一个环境温度在华氏75度(摄氏24度)。

湿度水平约为30%。

噪音水平很高,由于灌装机械。

笔记本电脑是一个木制的盒子里,紧紧围绕着笔记本电脑三面。

哪个因素最可能影响在这种环境下使用的一台笔记本电脑吗?•房间的温度•湿度•噪音•笔记本电脑的容器5. 科学探险团队使用笔记本电脑。

科学家们正在研究的温度范围从-13华氏度(-25摄氏度)到80华氏度(27摄氏度)。

湿度水平约为40%。

噪音水平很低,但地形是粗糙和时速可以达到45英里(每小时72公里)。

在需要的时候,科学家们停止行走,使用笔记本电脑输入数据。

这条件是最有可能影响在这种环境下使用的一台笔记本电脑吗?•温度•湿度•粗糙的地形•风6. 创建一个预防性维护计划的一部分是什么?•记录每个维护任务的细节和频率•执行硬件升级•丢弃所有取代部分•执行一个法医审计的安全漏洞7. 电脑的技术员执行硬件维护在一个建筑工地。

什么任务应该技术员执行预防性维护计划的一部分?•把灰尘从摄入的粉丝。

•备份数据,格式化硬盘,重新安装数据。

•开发和安装法医跟踪软件。

•执行审计的所有软件安装。

8. 哪个任务应该是硬件维护程序的一部分吗?•审查安全更新。

•更新病毒定义文件。

•调整显示器的最佳分辨率。

•从硬盘中除尘。

•检查并确保任何松散的电缆。

9. 在测试的过程中几个可能的原因的理论问题,应该先测试吗?•最简单和最明显的•那些客户认为是最重要的•最复杂的,难以诊断•随机选择的选择10. 这两个项目可以用来帮助建立一个行动计划解决电脑问题?(选择两个。

管理员无法接收电子邮件。

在排查故障时，管理员能够从远程网络成功ping 通本地邮件服务器IP 地址，且可使用nsloo 件服务器名称成功解析为IP 地址。

问题最可能发生在OSI 的哪一层？物理层数据链路层网络层应用层2在哪种情况下，应在帧中继PVC 配置中使用关键字multipoint？当使用全局DLCI 时当使用物理接口时当需要支持组播时当参与连接的路由器处于在同一子网中时3请参见图示。

分支 A 配有一台使用IETF 封装的非Cisco 路由器，分支 B 配有一台Cisco 路由器。

输入图中所示的命令后无法建立PVC。

R2 LMI 的类型是Cisco，R1 LMI 的类型是ANSI。

两处都成功建立了LMI。

为什么无法建立PVC？PVC 与R1 之间的链路必须是点对点链路。

PVC 两端的LMI 类型必须匹配。

Cisco 路由器和非Cisco 路由器之间无法建立帧中继PVC。

命令frame-relay map ip 10.10.10.1 201中缺少参数IETF。

4请参见图示。

EIGRP 已配置为网络路由协议。

网络192.168.1.0/24 中的用户应有对与192.168.3.0/24 连接的web 服务器权限，但不允许telnet 至路由器R3。

在检验配置时，网络管理员发现网络192.168.1.0/24 中的用户可成功telnet 至路由修复此问题？将ACL 101 中语句10 和20 交换顺序。

将ACL 101 应用于R3 VTY 线路0 4 的入站方向。

将ACL 101 应用于R3 VTY 线路0 4 的出站方向。

将ACL 101 应用于R3 接口Serial0/0/1 的出站方向。

将ACL 101 语句10 更改为：permit ip 192.168.1.0 0.0.0.255 any5请参见图示。

所有设备的配置如图所示。

PC1 无法ping 通默认网关。

此问题的原因是什么？默认网关位于错误的子网中。

1.Refer to the exhibit. Which switching technology would allow each access layerswitch link to be aggregated to provide more bandwidth between each Layer 2switch and the Layer 3 switch?CCNA3 v6.0 Chapter 4 Exam 007o HSRPo PortFasto trunkingo EtherChannelExplanation:PortFast is used to reduce the amount of time that a port spends going through the spanning-tree algorithm, so that devices can start sending data sooner. Trunking can be implemented in conjunction with EtherChannel, but trunking alone does not aggregate switch links. HSRP is used to load-balance traffic across two different connections to Layer 3 devices for default gateway redundancy. HSRP does not aggregate links at either Layer 2 or Layer 3 as EtherChannel does.2.Which statement is true regarding the use of PAgP to create EtherChannels?o It requires full duplex.o It is Cisco proprietary.o It requires more physical links than LACP does.o It increases the number of ports that are participating in spanning tree.o It mandates that an even number of ports (2, 4, 6, etc.) be used foraggregation.Explanation:PAgP is used to automatically aggregate multiple ports into an EtherChannel bundle, but it only works between Cisco devices. LACP can be used for the same purpose between Cisco and non-Cisco devices. PAgP must have the same duplex mode at both ends and can use two ports or more. The number of ports depends on the switch platform or module. An EtherChannel aggregated link is seen as one port by the spanning-tree algorithm.3.Which two protocols are used to implement EtherChannel? (Choose two.)o Spanning Tree Protocolo Rapid Spanning Tree Protocolo Port Aggregation Protocolo Link Aggregation Control Protocolo Cisco Discovery ProtocolExplanation:Port Aggregation Protocol and Link Aggregation Control Protocol are used to implementEtherChannel. Spanning Tree and Rapid Spanning Tree Protocol are used to prevent switching loops.Cisco Discovery Protocol is Cisco-proprietary and is used to discovery information about adjacent Cisco devices such as model number and IP address.4.Which statement describes a characteristic of EtherChannel?o It can combine up to a maximum of 4 physical links.o It can bundle mixed types of 100 Mb/s and 1Gb/s Ethernet links.o It consists of multiple parallel links between a switch and a router.o It is made by combining multiple physical links that are seen as one linkbetween two switches.Explanation:An EtherChannel is formed by combining multiple (same type) Ethernet physical links so they are seen and configured as one logical link. It provides an aggregated link between two switches.Currently each EtherChannel can consist of up to eight compatibly configured Ethernet ports.5.Which statement describes an EtherChannel implementation?o EtherChannel operates only at Layer 2.o PAgP cannot be used in conjunction with EtherChannel.o A trunked port can be part of an EtherChannel bundle.o EtherChannel can support up to a maximum of ten separate links.Explanation:Up to 16 links can be grouped in an EtherChannel by using the the PAgP or LACP protocol.EtherChannel can be configured as a Layer 2 bundle or a Layer 3 bundle. Configuring a Layer 3 bundle is beyond the scope of this course. If a trunked port is a part of the EtherChannel bundle, all ports in the bundle need to be trunk ports and the native VLAN must be the same on all of these ports. A best practice is to apply the configuration to the port channel interface. The configuration is then automatically applied to the individual ports.6.An EtherChannel link using LACP was formed between two switches, S1 and S2.While verifying the configuration, which mode combination could be utilized onboth switches?o S1-on and S2-passiveo S1-passive and S2-passiveo S1-on and S2-activeo S1-passive and S2-activeExplanation:An EtherChannel link will be formed using LACP when both switches are in on mode or in active mode, or when one of them is in passive mode and the other is in active mode.7.What is an advantage of using LACP?o increases redundancy to Layer 3 deviceso decreases the chance of a spanning-tree loopo allows automatic formation of EtherChannel linkso provides a simulated environment for testing link aggregationo decreases the amount of configuration that is needed on a switch forEtherChannel8.What is a best practice to use before beginning an EtherChannel implementation?o Assign affected interfaces to VLAN 1.o Assign affected interfaces to the management VLAN.o Shut down each of the affected interfaces.o Enable each of the affected interfaces.o Assign affected interfaces to an unused VLAN.Explanation:Before configuring EtherChannel, the interfaces used should be shut down so that any incomplete configuration will not cause activity on the link.9.Which PAgP mode combination will establish an EtherChannel?o switch 1 set to on; switch 2 set to desirable.o switch 1 set to desirable; switch 2 set to desirable.o switch 1 set to auto; switch 2 set to auto.o switch 1 set to auto; switch 2 set to on.Explanation:Switch 1 and switch 2 will establish an EtherChannel if both sides are set to desirable as both sides will negotiate the link. A channel can also be established if both sides are set to on, or if one side is set to auto and the other to desirable. Setting one switch to on will prevent that switch fromnegotiating the formation of an EtherChannel bundle.10.Which three options must match in order to establish an EtherChannel betweentwo directly connected switches? (Choose three.)o port numbers that are used for the EtherChannelo VLAN memberships of the interfaces that are used for EtherChannelo domain names on the switcheso speed of the interfaces that are used for EtherChannelo duplex settings of the interfaces that are used for EtherChannelo port security settings on the interfaces that used for EtherChannelExplanation:Speed and duplex settings must match for all interfaces in an EtherChannel. All interfaces in the EtherChannel must be in the same VLAN if the ports are not configured as trunks. Any ports may be used to establish an EtherChannel. Domain names and port security settings are not relevant to EtherChannel.11.A network administrator is configuring an EtherChannel link between switchesSW1 and SW2 by using the command SW1(config-if-range)# channel-group 1mode passive. Which command must be used on SW2 to enable thisEtherChannel?o SW2(config-if-range)# channel-group 1 mode autoo SW2(config-if-range)# channel-group 1 mode activeo SW2(config-if-range)# channel-group 1 mode passiveo SW2(config-if-range)# channel-group 1 mode desirableExplanation:The possible combinations to establish an EtherChannel between SW1 and SW2 using LACP or PAgP are as follows:PAgPon onauto desirabledesirable desirableLACPon onactive activepassive activeThe EtherChannel mode chosen on each side of the EtherChannel must be compatible in order to enable it.12.Refer to the exhibit. An EtherChannel was configured between switches S1 andS2, but the interfaces do not form an EtherChannel. What is the problem?CCNA3 v6.0 Chapter 4 Exam 008o The interface port-channel number has to be different on each switch.o The switch ports were not configured with speed and duplex mode.o The switch ports have to be configured as access ports with each porthaving a VLAN assigned.o The EtherChannel was not configured with the same allowed range ofVLANs on each interface.Explanation:The guidelines for configuring an EtherChannel link are:5.Interfaces which form an EtherChannel can be physically discontiguous, and on different modules.6.Interfaces in an EtherChannel have to operate at the same speed and in the same duplex mode.7.Interfaces in the EtherChannel must be assigned to the same VLAN, or be configured as a trunk.8.Interfaces in the EtherChannel have to support the same allowed range of VLANs.13.Refer to the exhibit. A network administrator has decided that an EtherChannelbetween ports 0/1 and 0/2 on switches S1 and S2 would help performance. Aftermaking the configuration, the administrator notices no performance gain. Basedon the output that is shown, what two possible assumptions could a networkadministrator make? (Choose two.)CCNA3 v6.0 Chapter 4 Exam 006o The EtherChannel bundle is working.o The EtherChannel bundle is not working.o One of the ports on S2 was not configured correctly.o Switch S2 did not use a compatible EtherChannel mode.o LACP and PAgP were both used to form the EtherChannel.o Switch S2 must be configured so that the maximum number of portchannels is increased.Explanation:In order to form an EtherChannel, all ports should be within the same group.14.Refer to the exhibit. A network administrator issued the show etherchannelsummary command on the switch S1. What conclusion can be drawn?CCNA3 v6.0 Chapter 4 Exam 005o The EtherChannel is suspended.o The EtherChannel is not functional.o The port aggregation protocol PAgP is misconfigured.o FastEthernet ports Fa0/1, Fa0/2, and Fa0/3 do not join the EtherChannel.Explanation:The EtherChannel status shows as (SD), which means it is a Layer 2 EtherChannel with a status of D or down. Because the EtherChannel is down, the status of the interfaces in the channel group is stand-alone. PAgP is configured on S1, but there is no indication whether it is configured correctly on S1.The problem might also be the adjacent switch EtherChannel configuration.15.Refer to the exhibit. Based on the command output shown, what is the status ofthe EtherChannel?CCNA3 v6.0 Chapter 4 Exam 002o The EtherChannel is dynamic and is using ports Fa0/10 and Fa0/11 aspassive ports.o The EtherChannel is down as evidenced by the protocol field beingempty.o The EtherChannel is partially functional as indicated by the P flags forthe FastEthernet ports.o The EtherChannel is in use and functional as indicated by the SU and Pflags in the command output.Explanation:The command output shows the port channel as SU, which means Layer 2 and in use; and theFastEthernet 0/10 and 0/11 interfaces are bundled in port-channel as indicated by the P flag.Configuring the EtherChannel using the channel-group 1 mode on command will cause the Protocol field in the command output to be empty.16.What is a requirement to configure a trunking EtherChannel between twoswitches?o The participating interfaces must be physically contiguous on a switch.o The allowed range of VLANs must be the same on both switches.o The participating interfaces must be on the same module on a switch.o The participating interfaces must be assigned the same VLAN numberon both switches.Explanation:To enable a trunking EtherChannel successfully, the range of VLANs allowed on all the interfaces must match; otherwise, the EtherChannel cannot be formed. The interfaces involved in anEtherChannel do not have to be physically contiguous, or on the same module. Because theEtherChannel is a trunking one, participating interfaces are configured as trunk mode, not access mode.17.What is the purpose of HSRP?o It provides a continuous network connection when a router fails.o It prevents a rogue switch from becoming the STP root.o It enables an access port to immediately transition to the forwarding state.o It prevents malicious hosts from connecting to trunk ports.Explanation:HSRP is a first hop redundancy protocol and allows hosts to use multiple gateways through the use ofa single virtual router.18.Which nonproprietary protocol provides router redundancy for a group ofrouters which support IPv4 LANs?o HSRPo VRRPv2o GLBPo SLBExplanation:The only nonproprietary FHRP used for router redundancy listed in the options is VRRPv2. HSRP and GLBP are both Cisco proprietary FHRPs. IOS SLB is a Cisco-based solution used to loadbalance traffic across multiple servers.19.Refer to the exhibit. A network administrator configured routers R1 and R2 aspart of HSRP group 1. After the routers have been reloaded, a user on Host1complained of lack of connectivity to the Internet The network administratorissued the show standby brief command on both routers to verify the HSRPoperations. In addition, the administrator observed the ARP table on Host1.Which entry should be seen in the ARP table on Host1 in order to gainconnectivity to the Internet?CCNA3 v6.0 Chapter 4 Exam 004o the IP address and the MAC address of R1o the virtual IP address and the virtual MAC address for the HSRP group 1o the virtual IP address of the HSRP group 1 and the MAC address of R1o the virtual IP address of the HSRP group 1 and the MAC address of R2 Explanation:Hosts will send an ARP request to the default gateway which is the virtual IP address. ARP replies from the HSRP routers contain the virtual MAC address. The host ARP tables will contain a mapping of the virtual IP to the virtual MAC.20.Refer to the exhibit. What statement is true about the output of the showstandby command?CCNA3 v6.0 Chapter 4 Exam 003o The current priority of this router is 120.o The router is currently forwarding packets.o This router is tracking two properly operating interfaces.o This router is in the HSRP down state because its tracked interfaces aredown.Explanation:The output shows that the active router is local and indicates that this router is the active router and is currently forwarding packets.21.Refer to the exhibit. A network engineer is troubleshooting host connectivity ona LAN that uses a first hop redundancy protocol. Which IPv4 gateway addressshould be configured on the host?CCNA3 v6.0 Chapter 4 Exam 001o 192.168.2.0o 192.168.2.1o 192.168.2.2o 192.168.2.100Explanation:The host default gateway address should be the FHRP (in this case GLBP) virtual IP address.22.A network administrator would like to ensure that router R1 is always electedthe active router for an HSRP group. Which set of commands would ensure therequired results?o R1(config-if)# ip address 192.168.1.100 255.255.255.0R1(config-if)# standby 1 ip 192.168.1.1R1(config-if)# standby 1 priority 1R1(config-if)# no shutdowno R1(config-if)# ip address 192.168.1.250 255.255.255.0R1(config-if)# standby 1 ip 192.168.1.1R1(config-if)# no shutdowno R1(config-if)# ip address 192.168.1.100 255.255.255.0R1(config-if)# standby 1 ip 192.168.1.1R1(config-if)# standby 1 priority 255R1(config-if)# standby 1 preemptR1(config-if)# no shutdowno R1(config-if)# ip address 192.168.1.100 255.255.255.0R1(config-if)# standby 1 ip 192.168.1.1R1(config-if)# standby 1 priority 150R1(config-if)# no shutdownExplanation:In order to configure HSRP, the standby command is used. The IP address given withthe standby command is the virtual IP address used by hosts as a default gateway. A priority number of 255 is the highest that can be assigned and should be configured on the router that is to be theactive router.Fill in the blank.In FHRP operation, two or more routers are represented as asingle virtual router.1.Open the PT Activity. Perform the tasks in the activity instructions and thenanswer the question.What are two reasons why the ping messages that are issued from Laptop0towards Laptop1 are failing? (Choose two.)o The channel group mode is not set correctly on the switches.o The wrong cable types are connecting the two switches.o The interface VLAN 1 is shut down on both switches.o The channel group should be configured as a trunk on each switch.o The two interfaces on each of the switches belong to different VLANs.Explanation:Port-channel 1 needs to be configured as a trunk in order to carry data about two different VLANs.The channel group is set as auto and desirable. The SVI has not been configured on the switches, but this does not affect the creation of an EtherChannel. The use of straight-through cables betweenswitches is not an issue when using a Cisco Catalyst 2960 switch.======================================================================================1 New Updated May 20181. In FHRP terminology, what represents a set of routers thatpresent the illusion of a single router to hosts?•standby router•virtual router•forwarding router•default gateway。

1.请参见图示。

网络技术人员确定DHCP 客户端工作不正常。

客户端从作为DHCP 服务器的路由器上接收了IP 配置信息，但无法访问Internet。

根据图中所示的输出，问题最可能出在哪里？4 未启用HTTP 服务器服务。

未定义DCHP 的内部接口。

未将DHCP 地址池绑定到接口。

地址池中没有为客户端定义默认路由器。

DHCP 地址池中排除了所有主机地址。

2.请参见图示。

根据图中所示的配置，应该如何为网络中的关键主机（例如路由器接口、打印机和服务器）分配排除地址池？1地址由网络管理员静态分配。

DHCP 服务器动态分配地址。

地址必须先列在DHCP 地址池中，才能用于静态分配。

地址必须先列在DHCP 地址池中，才能用于动态分配。

3.请参见图示。

请参见图示。

根据图中所示的输出，此DHCP 服务器成功分配或更新了多少个地址？4167894.使用NAT 的两个好处是什么？（选择两项。

）12它可节省公有IP 地址。

它可增强网络的私密性和安全性。

它可增强路由性能。

它可降低路由问题故障排除的难度。

它可降低通过IPsec 实现隧道的复杂度。

5.有关NAT 与PAT 之间的差异，下列哪一项正确？4PAT 在访问列表语句的末尾使用"overload" 一词，共享单个注册地址。

静态NAT 可让一个非注册地址映射为多个注册地址。

动态NAT 可让主机在每次需要外部访问时接收相同的全局地址。

PAT 使用唯一的源端口号区分不同的转换。

6.网络管理员应该使用哪种NAT 来确保外部网络一直可访问内部网络中的web 服务器？2NAT 过载静态NAT静态NATPAT7.请参见图示。

哪个或哪些地址是内部全局地址？310.1.1.2192.168.0.100209.165.20.25网络10.1.1.0 中的任意地址8.请参见图示。

下列关于图中所示配置的说法中哪两项正确？（选择两项。

）13来自网络10.1.1.0 的流量将被转换。

1.逻辑网络图中一般含有哪两项信息？（选择两项。

）34电缆类型连接器类型接口标识符虚电路的DLCI操作系统版本2.广播流量过多一般表明哪一层出了问题？2物理层数据链路层网络层传输层3.下列哪项是物理层故障的例子？4封装不正确STP 配置不正确ARP 映射不正确时钟频率不正确4.当建立网络基线时必须考虑哪两项因素？（选择两项。

）15关于网络设计的信息网络中的IP 地址分配情况关于服务提供商设置的要求关于用于规范流量的访问控制列表的要求正常工作条件下的预期性能5.请参见图示。

在创建网络文档的过程中应该进行哪两个步骤？（选择两项。

）23记录仅在园区网络中发现的设备的相关信息。

记录在整个网络中（包括远程站点）发现的设备的相关信息。

将网络配置表中与拓扑图所示组件相关的任何设备信息记录下来。

仅将网络配置表中与拓扑图所示组件相关的第2 层和第3 层设备信息记录下来。

将网络配置表中与拓扑图所示组件相关的在网络使用高峰期收集的的设备信息记录下来。

6.下列关于逻辑网络模型的说法中哪两项正确？（选择两项。

）26TCP/IP 将OSI 模型的最低层划分为两个相互独立的层。

TCP/IP 模型的顶层综合了OSI 模型的上面三层的功能。

使用TCP/IP 模型进行故障排除所需的技术与使用OSI 模型时不同。

网络接入层负责在TCP/IP 网络中的设备之间交换数据包。

Internet 层负责在处于不同主机上的应用（例如FTP、HTTP 和SMTP）之间提供通信。

TCP/IP 网络接入层对应于OSI 物理层和数据链路层。

7.全公司的各个客户端报告数据中心内运行的所有企业应用程序性能均不良，而Internet 接入以及企业WAN 中运行的应用程序均工作正常。

网络管理员使用协议分析器观察到数据中心内应用程序服务器LAN 中持续存在随机无意义的流量广播(jabber)。

管理员应该如何开始故障排除过程？1 数据中心中的超时传输现象表明存在本地物理层问题。

第四章TACAS+4.1. 用户登录集中鉴权提问 使用集中的鉴权方式对用户登录设备进行控制回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+Router1(config)#aaa authentication enable default group tacacs+Router1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key COOKBOOKRouter1(config)#endRouter1#注释 部署集中化鉴权就不需要在每台设备上配置用户名密码了，改密码也变得简单了 4.2. 限制特定命令的执行权限提问 对设备可执行命令权限进行基于用户的授权回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authorization exec default group tacacs+Router1(config)#aaa authorization commands 15 default group tacacs+Router1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key neoshiRouter1(config)#endRouter1#注释 无4.3. TACACS+服务器无法访问提问 防止出现TACACS+服务器故障导致所有用户都不能登录回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+ enableRouter1(config)#aaa authentication enable default group tacacs+ enableRouter1(config)#aaa authorization commands 15 default group tacacs+ if-authenticatedRouter1(config)#tacacs-server host 172.25.1.1Router1(config)#tacacs-server key COOKBOOKRouter1(config)#endRouter1#注释 在认证服务器出现故障的情况下使用enable密码作为备份，同时建议使用if-authenticated参数在你配置授权的时候4.4. 在特定端口禁用TACACS+鉴权提问 为了方便禁止在控制口使用TACACS+鉴权回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa authentication login default group tacacs+ local Router1(config)#aaa authentication login NEOSHI lineRouter1(config)#line con 0Router1(config-line)#login authentication NEOSHIRouter1(config-line)#endRouter1#注释4.5. 记录用户行为提问 记录用户输入的配置命令和时间回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa accounting commands 1 default stop-only group tacacs+ Router1(config)#aaa accounting commands 15 default stop-only group tacacs+ Router1(config)#endRouter1#注释 下面是一条日志记录，很详尽吧Fri Jan 3 11:08:47 2006 toronto ijbrown tty66 172.25.1.1 stop task_id=512 start_time=1041610127 timezone=EST service=shell priv-lvl=15 cmd=configure terminal <cr>4.6. 记录系统事件提问 记录系统事件回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#aaa new-modelRouter1(config)#aaa accounting exec default start-stop group tacacs+Router1(config)#aaa accounting connection default start-stop group tacacs+Router1(config)#aaa accounting system default stop-only group tacacs+Router1(config)#endRouter1#注释 除了可以记录用户输入命令以外还提供了exec（用户开始和中止exec会话的时间记录），connection （用户发起外部连接的时间，地址，数据包 多少等信息记录比如telnet ssh等）和system（系统重启，禁用AAA等系统信息）等三种系统事件的记录4.7. 设置TACACS+消息的源地址提问 发送TACACS+消息时只使用特定的源地址回答Router1#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router1(config)#ip tacacs source-interface Loopback0Router1(config)#endRouter1#注释 所有本设备的记录都来自于同一地址方便对日志进行汇总和统计<!--[if !supportLists]-->4.8. <!--[endif]-->TACACS+服务器配置文件样本 注释 可以使用思科免费的TACACS+服务器也可以使用商业的服务器，配置方式略。