CCNA考试试题.docx

1、CCNA考试试题QUESTION 1 What are two reasons that a network administrator would use access lists (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traffic that originates from the router E.

2、 to replace passwords as a line of defense against security incursions Answer: A, C 解答: 问题:网络管理员使用访问控制列表的两个原因 A是一种应用,就是控制别人telnet到你的电脑 D这个答案可能有些疑惑,它的意思是过滤掉源自于路由器的流量,但是事实上是,我们的访问控制列表不能过滤掉 路由器自己产生的流量,只能过滤穿越它的流量,正如C答案说的那样: QUESTION 2 A default Frame Relay WAN is classified as what type of physical netw

3、ork A. point-to-point B. broadcast multi-access C. nonbroadcast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C 解答: 问题:帧中继默认情况下被定义为哪种类型的物理网络 物理网络基本有三种类型: 1点到点 2MA 3NBMA 帧中继默认就是NBMA,也就是nonbroadcast multi-access前面几个字母的缩写 NBMA与MA的区别就是NBMA 没有广播能力(没有以太网那样的广播地址) QUESTION

4、 3 A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem (Choose three.) A. mismatched TKIP enc

5、ryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: C, E, F 解答: 问题:一个802.11g的ap在配置在办公室的中央.一些无限用户有性能下降和丢包现象,而大多数用户工作正常.引 发这个问题的三种最有可能的原因是 考点:无线一些基本常识 分析: A. 不匹配的TKIP加密 TKIP技术通过提供一种增强型WEP加密引擎,从而弥补了原有WEP易受攻击的弱点.TKIP提供了48位初 始化向量(原有WEP只提供

6、了24位初始化向量). 如果加密出了问题,那么就根本连接不上,而不会出现性能下降的问题. B. SSID(Service Set Identifier) 也可以写为ESSID,用来区分不同的网络,最多可以有32个字符,无线网卡设 置了不同的SSID就可以进入不同网络,SSID通常由AP广播出来,通过XP自带的扫描功能可以相看当前区域内的 SSID.出于安全考虑可以不广播SSID,此时用户就要手工设置SSID才能进入相应的网络.简单说,SSID就是一个 局域网的名称,只有设置为名称相同SSID的值的电脑才能互相通信. 如果是空的ssid,那么也会出现不能联网的情况,而不会出现什么性能问题 C.

7、无绳电话,这个有可能对一些无线网卡产生一定的干扰 D. 不选的理由与B一样 E. 金属文件柜,也能产生一定的屏蔽 F. 天线的类型和方向 QUESTION 4 Refer to the exhibit. How many broadcast domains exist in the exhibited topology A. one B. two C. three D. four E. five F. six Answer: C 解答: 问题:图中有几个广播域 一个用交换机搭建的网络,划分了三个vlan,而每一个vlan都是一个广播域,所以有三个广播域 QUESTION 5 Refer to

8、the exhibit. What two facts can be determined from the WLAN diagram (Choose two.) A. The area of overlap of the two cells represents a basic service set (BSS). B. The network diagram represents an extended service set (ESS). C. Access points in each cell must be configured to use channel 1. D. The a

9、rea of overlap must be less than 10% of the area to ensure connectivity. E. The two APs should be configured to operate on different channels. Answer: B, E 解答: 问题:从上面的无线局域网的图中,你可以得出哪两个事实 考点:无线局域网 分析: 一个ap提供的覆盖范围称为一个microcell ,微单元.或者是基本服务区域,basic service area 当有多个微单元连接lan ,就称为扩展服务级.往往可以通过增加ap来连接 如果一个

10、ap不能满足覆盖范围,可以增加ap,建议两个ap重叠区域为10-15% 以下是一个蜂窝网络构建图,重叠的ap之间的信道不能相同. QUESTION 6 The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command A. This command should be executed from the global configuration mode. B.

11、The IP address 10.121.16.8 is the local router port used to forward data. C. 102 is the remote DLCI that will receive the information. D. This command is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer:

12、E 解答: 问题:frame-relay map ip 10.121.16.8 102 broadcast,当你在路由器上输入了这个命令,那么以下哪些说法是正确的 A不对,这个命令应该在接口模式下输入 B不对,那个ip地址应该是远端路由器的ip地址 C不对102是本地的dlci号 D不对,因为你如果不关闭invers-arp的话,那么不需要手动的输入这条命令 QUESTION 7 Which type of attack is characterized by a flood of packets that are requesting a TCP connection to a server

13、 A. denial of service B. brute force C. reconnaissance D. Trojan horse Answer: A 解答: 问题:一种请求tcp连接到服务器的泛洪攻击是一种什么类型的攻击 答案: 请求tcp连接到服务器的攻击其是就是syn-flooding攻击,利用tcp三次握手的天生缺陷,向对方主机发送大量的syn位 置1的请求包,造成对方服务器正常服务的中断正常的服务 这是一种典型的dos攻击,就是拒绝服务攻击:denial of service QUESTION 8 Which of the following are associated

14、with the application layer of the OSI model (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: B, C 解答: 问题:以下那些协议在osi模型中的应用层 答案:telnet和ftp 其是ping也是一个应用程序,但是不太属于标准的osi7层中的应用层程序,因为它没有传统意义上的传输层,而是直 接使用icmp协议 QUESTION 9 Refer to the exhibit. The network administrator has created a new VLAN on S

15、witch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not co

16、mmunicate with host C or host D. Which commands are required to resolve this problem A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address 192.168.3.1 255.255.255.0 B. Router(config)# router rip Router(config-router)# network 192.168.1

17、.0 Router(config-router)# network 192.168.2.0 Router(config-router)# network 192.168.3.0 C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(config)# interface fastethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(con

18、fig-if)# switchport trunk encapsulation isl Answer: A 解答: 问题:网管在交换机1上面新增加了一个vlan,并且新增加了hostc和hostd,在正确划分vlan之后,发现A可以和B通 信,A不能和C后者D通信,哪个命令能解决这个问题 考点:单臂路由 分析: 单臂基本上需要两个主要的配置步骤. 1在路由器快速以太口上面增加子接口,并且封装相应的vlan id 2要把和路由器连接的哪个交换机的快速以太口配置称trunk 但是这个题目,因为已经有了两个子接口,所以我们在增加一个子接口就可以了.交换机的接口的trunk应该已经配 置过了. QUE

19、STION 10 For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists A. IP B. ICMP C. TCP D. UDP Answer: B 解答: 问题:网络管理员想要禁止ping,那么使用访问控制列表,禁止哪个协议 答案:我们要知道ping的工作原理,向

20、对方主机发送一个icmp 协议中的echo包,而对方主机如果存活,就向原主机返回一 个icmp协议的echo-reply包 QUESTION 11 What are two recommended ways of protecting network device configuration files from outside network security threats (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access

21、from the outside to the network devices. C. Always use Telnet to access the device command line because its data is automatically encrypted. D. Use SSH or another encrypted and authenticated transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption.

22、 Answer: B, D 解答: 问题:为了保护内部网络设备,推荐使用哪两种方式 答案: A不对,允许不受限制的访问对console口或者VTY端口 B正确,适用防火墙 C不对,telnet传递的是明文,不能对传输的数据进行加密 D正确,使用ssh,或者其它的加密认证手段 E不对,关闭密码加密 QUESTION 12 Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets,

23、 if routed to the interface, will be denied (Choose two.) access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any A. source ip address: 192.168.15.5; destination port: 21 B. source ip address:, 192.168.15.37 destination port: 21 C. source ip address:, 192.168.

24、15.41 destination port: 21 D. source ip address:, 192.168.15.36 destination port: 23 E. source ip address: 192.168.15.46; destination port: 23 F. source ip address:, 192.168.15.49 destination port: 23 Answer: D, E 解答: 问题:在RTB的s0/0出口方向上放置了一个访问控制列表,哪两种路由到这个接口的包将被丢弃 我们来看看这个访问控制列表: access-list 101 deny

25、tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any 根据访问控制列表的规则,地址范围从192.168.15.31-192.168.15.46之间(47是广播地址),并且目的端口是23的包将要被丢弃 QUESTION 13 What are two security appliances that can be installed in a network (Choose two.) A. ATM B. IDS C. IOS D. IOX E. IPS F. SDM Answer: B, E 解答:

26、 题目:哪两种安全硬盒子可以被安装在网络中 security appliances这个术语不好翻译,可以翻译成硬盒子,或者装置设备等,反正指安全的硬件产品,软件安全产品不 能算 ATM是交换设备 Ios是网络设备操作系统,是软件 Iox没有这个东西 SDM是安全设备管理器,是一种基于web的对网络设备的安全管理工具,是软件 所以符合要求的是IDS,IPS,他们两个的区别在于,前者为入侵检测系统,而ips是入侵阻止系统,不但能入侵检测,还 能对攻击进行阻止动作,是ids的升级产品,这两个都是硬件设备.(也有软件的产品) QUESTION 14 Refer to the exhibit. Swit

27、ch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table A. Switch1 will add 192.168.23.4 to the switching table. B. Switch1 will add 192.168.23.12 to the switching tabl

28、e. C. Switch1 will add 000A.8A47.E612 to the switching table. D. Switch1 will add 000B.DB95.2EE9 to the switching table. Answer: C 解答: 问题:交换机刚刚经过加电自检(这个时候mac地址表肯定是空的),这个时候主机A发送一个帧给主机C,交换机要产 生一个交换机表,那么交换机要做的第一件事情是什么呢 答案: 这个要理解交换机的工作原理: 交换机最终就要建立一个目的mac地址和端口的一个专发表 而这个专发表示根据第一个数据帧的源mac地址来建立的 所以当A发给C第一个

29、数据帧的时候,就将A的mac地址和端口做一个映射: QUESTION 15 The user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do A. send a unicast ARP packet to the DSL modem/router B. send unicast ICMP packets to the DSL modem/router C. send

30、 Layer 3 broadcast packets to which the DSL modem/router responds D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router Answer: B 解答: 问题:host1的用户想要ping以下网关(192.168.1.254),给了一个arp表,host1将做些什么 答案: 首先我么要知道ping的工作过程,如果不知道对方的mac地址,那么要发送arp的广播出去,解析对端的mac地址,那么从 图中,我们看出

31、已经有一个解析了,那么就下一步就是直接发送单播icmp包了,所以答案是B: QUESTION 16 What is the most efficient summarization that R1 can use to advertise its networks to R2 A. 172.1.0.0/22 B. 172.1.0.0/21 C. 172.1.4.0/22 D. 172.1.4.0/24 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 E. 172.1.4.0/25 172.1.4.128/25 172.1.5.0/24 172.1.6.0/24 172.1.7.0/24 Answer: C 解析: 问题:R1通告它的网络给R2,什么是最有效的汇总 答案:从图中观察得知,我们主要要做的东西在第三个octet(8位组) 128 64 32 16 8 4 2 1 0 0 0 0 0 1 0 0=4 0 0 0 0 0 1 0 1=5 0 0 0 0 0 1 1 0=6 0 0 0 0 0 1 1 1=7 我们找出它们的相同位(common bits),然