CCNP题库讲解.doc

题库讲解CCNP 642-892 V3.95题库分析11In the use of 802.1X access control, which three protocols are allowed through the switch port before authentication takes place? (Choose three.) A. STP B. CDP C. EAP MD5 D. TACACS+ E. EAP-over-LAN F. protocols not filtered by an ACL Answer: ABE解释一下：IEEE 802.1X认证成功之前，客户连接的端口在LAN上只允许传递可扩展的认证协议（EAPOL），CDP,和生成树的STP。只有认证成功后才可以传递正常的流量。2Which protocol specified by RFC 2281 provides network redundancy for IP networks, ensuring that user traffic immediately and transparently recovers from first-hop failures in network edge devices or access circuits? A. STP B. IRDP C. ICMP D. HSRP Answer: D解释一下：RFC 2281中定义的是HSRP。3What will be the effect of applying the VLAN access map configuration on a switch? Router(config)# vlan access-map thor 10 Router(config-access-map)# match ip address net_10 Router(config-access-map)#action forward Router(config-access-map)#exit Router(config)# vlan filter thor vlan-list 12-16 A. All VLAN 12 through 16 IP traffic matching net_10 is forwarded and all other IP packets are dropped. B. IP traffic matching vlan-list 12-16 is forwarded and all other IP packets are dropped. C. IP traffic matching net_10 is dropped and all other IP packets are forwarded to VLANs 12 through 16. D. All VLAN 12 through 16 IP traffic is forwarded, other VLAN IP traffic matching net_10 is dropped. Answer: A解释一下：这是关于VLAN access map 的使用，这是针对vlan-list中的VLAN中的流量进行的过滤，只有在vlan access-map中定义的forward的流量才可以在vlan-list中规定的VLAN中通过。而vlan access-map中也有隐式deny any的语句。所以这个题中VLAN12到16中的IP流量只有匹配了net_10的流量才允许通过，其余的IP流量都被丢弃。4Refer to the exhibit. The web servers WS_1 and WS_2 need to be accessed by external and internal users. For security reasons, the servers should not communicate with each other, although they are located on the same subnet. The servers do need, however, to communicate with a database server located in the inside network. What configuration will isolate the servers from each other?4.jpg (19.38 KB)2007-12-23 15:59A. The switch ports 3/1 and 3/2 will be defined as secondary VLAN isolated ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports. B. The switch ports 3/1 and 3/2 will be defined as secondary VLAN community ports. The ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports. C. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN promiscuous ports. D. The switch ports 3/1 and 3/2 and the ports connecting to the two firewalls will be defined as primary VLAN community ports. Answer: A解释一下：想要WS-1和WS-2之间互不通讯，但是他们在相同的网段中。这样就可以把他们划分到不同的VLAN中了，但是他们都是需要能和database和 Internet通讯的，因此 Fa3/34和Fa3/35是需要在做成混杂的端口的，至少是要能允许这两个VLAN中的数据通过的。5To enable BGP tunneling over an IPv4 backbone, the IPv4 address 192.168.30.1 is converted into a valid IPv6 address. Which three IPv6 addresses are acceptable formats for the IPv4 address? (Choose three.) A. :C0A8:1E01 B. C0A8:1E01: C. :192.168.30.1 D. 192.168.30.1: E. 0:0:0:0:0:0:192.168.30.1 F. 192.168.30.1:0:0:0:0:0:0Answer: ACE解释一下：IPv4和IPv6地址的转换，要把192.168.30.1转换为有效的IPv6的地址。192.168.30.1转换为十六进制的为C0A8.1E01。（这个是怎么转换的就不用我多说了吧），主机位还是在网络位后面的，所以应该写成:C0A8:1E01 。IPv6地址是128位的，将一个IPv4地址转换为有效的主机地址时，我们可以将这个IPv4的地址直接插到主机位上，即： 0:0:0:0:0:0:192.168.30.1，简写成:192.168.30.1题库讲解CCNP 642-892 V3.95题库分析21Refer to the exhibit. What does the command channel-group 1 mode desirable do?1.jpg (9.32 KB)2007-12-25 13:56A. enables LACP unconditionally B. enables PAgP only if a PAgP device is detected C. enables PAgP unconditionally D. enables Etherchannel only E. enables LACP only if a LACP device is detected Answer: C解释一下：接口fastethernet 0/13加入到了组1，模式为desirable。从模式可以看出这里使用的协议为PAgP。而disirable是主动的模式，在这种模式下交换机会主动请求远端交换机协商以太信道。2Refer to the exhibit. Port security has been configured on the switch port Fa0/5. What would happen if another device is connected to the port after the maximum number of devices has been reached, even if one or more of the original MAC addresses are inactive?2.jpg (27.35 KB)2007-12-25 13:56A. The port will permit the new MAC address because one or more of the original MAC addresses are inactive. B. The port will permit the new MAC address because one or more of the original MAC addresses will age out. C. Although one or more of the original MAC addresses are inactive, the port will not permit the new MAC address. D. Because the new MAC address is not configured on the port, the port will not permit the new MAC address. Answer: C解释一下：因为端口上的MAC地址已经达到了安全数量的限制，所以虽然最初允许的MAC中有一个到两个是无效的了，但是因为这些条目是不超时的，所以虽然无效了，但是还是会存放下去，这样端口还是不能允许新的MAC地址流量通过的。 以下内容需要回复才能看到3Refer to the exhibit. EIGRP is configured with the default configuration on all routers. Autosummarization is enabled on routers R2 and R3, but it is disabled on router R1. Which two EIGRP routes will be seen in the routing table of router R3? (Choose two.)3.jpg (27.26 KB)2007-12-25 13:56A. 10.0.0.0/8 B. 10.10.0.0/16 C. 10.10.10.0/24 D. 172.16.0.0/16 E. 172.16.0.0/24 F. 172.16.10.0/24 Answer: CD解释一下：EIGRP也是一个AD型的路由协议，他在边界路由器上也是会自动汇总的，因为他们发送的是路由的条目。在这儿，R2和R3上是没有关闭自动汇总的，而R2也是一台边界路由器，所以R2向R3发送172.16.10.0/24的路由时，会汇总为172.16.0.0/16 发送过去。但是R1上关闭了自动汇总了，所以R1发出去的时候是会发10.10.10.0/24的路由的，所以R3收到的路由信息就有：10.10.10.0/24和172.16.0.0/16。4Refer to the exhibit. OSPF has been configured on all routers in the network. However, router R1 does not receive a default route to router R2 as intended. Which configuration change would ensure that R1 would receive a default route from R2?4.jpg (38.13 KB)2007-12-25 13:56A. Add the area 1 stub command on routers R1. B. Add the always keyword to the default-information originate configuration command on router R2. C. Remove the default information originate configuration command from router R2 and place it on router R1. D. Add the ip route 5.0.0.0 255.255.255.0 0.0.0.0 command to router R2. Answer: B解释一下：default-information originate是产生OSPF的缺省路由的命令，但是要这个命令生效的前提是R2上有一条缺省路由。所以我们可以在R2上加配置一个缺省路由Ip route 0.0.0.0 0.0.0.0 s0/1，这样的话R1就可以收到一个出接口为R2的OSPF的缺省路由了。在default-information origitnate命令后，我们可以加一个always的参数，这个参数表示不管你的路由器上是不是有缺省路由，我都产生一条OSPF的缺省路由。所以加上这个参数后就确保了R1肯定能收到一条R2产生的OSPF的缺省路由了。5What is the IPv6 address FF02:2 used for? A. all hosts in a local segment B. all routers in a local segment C. all hosts in a particular multicast group D. all routers in an autonomous system Answer: B解释一下：FF02:2是一个IPv6的多播地址，表示的是所有路由器。题库讲解CCNP 642-892 V3.95题库分析31What two pieces of information will the show vlan id 5 command display? (Choose two.) A. VLAN information on port 0/5 B. ports in VLAN 5 C. MTU and type D. utilization E. filters Answer: BC解释一下：1.jpg (9.93 KB)2007-12-26 14:15很清楚了吧，通过这个命令可以看到哪些信息。2Refer to the exhibit. Which statement is true about the display of the command show pagp 1 neighbor command?2.jpg (17.63 KB)2007-12-26 14:15A. STP packets are sent out the Gi0/1 interface only. B. STP packets are sent out both the Gi0/1 and Gi0/2 interfaces. C. CDP packets are sent out the Gi0/1 interface only. D. CDP packets are sent out the Gi0/2 interface only. Answer: B解释一下：等绑定链路到一个以太信道后，PAgP把这个组当作一个接口加入到生成树中。因此这两个接口都发送STP packets.。 以下内容需要回复才能看到3Refer to the exhibit. On the basis of the partial configuration provided in the exhibit, what additional configuration is required to allow the router to properly participate in a PIM sparse-dense mode scenario?3.jpg (9.97 KB)2007-12-26 14:15A. The RP configuration needs to be added for the router to participate in dense mode network areas. B. The RP configuration needs to be added for the router to participate in sparse mode network areas. C. The PIM dense-mode state, refresh interval needs to be configured. D. IGMP needs to be enabled on the router. Answer: B解释一下：sparse-dense是密集稀疏模式，在这种模式下，先运行sparse模式，如果sparse模式运行失败，再来运行dense模式。Dense模式下组播的流量是以泛洪的形式传递开的的，而sparse模式下组播的流量是需要RP来转发的。在这没有RP的指定或选举的过程，所以为了让sparse模式能正常工作，需要再配置一个RP。4Refer to the exhibit. What is the effect of the distribute-list command in the R1 configuration?4.jpg (24.06 KB)2007-12-26 14:15A. R1 will filter only the 172.24.1.0/24 route from the R2 RIP updates. B. R1 will permit only the 10.0.0.0/24 route in the R2 RIP updates. C. R1 will filter the 10.1.0.0/24 and the 172.24.1.0/24 routes from the R2 RIP updates. D. R1 will not filter any routes because there is no exact prefix match. Answer: C解释一下：在R1上配置了一个分发列表：distribute-list 10 in serial0 这句命令的意思是：从serial0进来的路由，我只允许由访问控制列表10匹配的条目进来。在这，访问列表10定义的是permit 10.0.0.0 0.0.255.255 ，所以R2发过来的更新中有两个条目10.1.0.0/24和172.24.1.0/24是不被访问列表匹配的，因此这两个条目是在R1上是被过滤掉的。题库讲解CCNP 642-892 V3.95题库分析41Examine the router output above. Which two items are correct? (Choose two.)1.jpg (34.45 KB)2007-12-27 13:57A. Router A will assume the active state if its priority is the highest. B. If Ethernet 0/2 goes down, the standby router will take over. C. When Ethernet 0/3 of RouterA comes back up, the priority will become 105. D. The local IP address of Router A is 10.1.0.6. E. The local IP address of Router A is 10.1.0.20. Answer: AC解释一下：RouterA上的preemption enabled，表示他的强制抢夺被开启了，如果RouterA拥有了最高的优先级，那么他就会成为Goup 1中的active router。在下面的显示我们可以看到这台路由器的优先级初始配置是120的，但是现在有两个接口down了，很显然他开启了接口跟踪，所以接口Ethernet0/2的down使优先级减少了15，而接口Ethernet0/3的down又使优先级减少了10，所以现在他的优先级显示的为95。如果接口up了，那么优先级也会做相应的增加，所以如果Ethernet0/3 up 了，那么RouterA的优先级将增加10而变成105。2Refer to the exhibit. What will RTB do with a packet sourced from within AS 64200 with a destination address of 192.168.25.1?2.jpg (34.55 KB)2007-12-27 13:57A. It will be dropped because network 192.168.25.0 is not in the RTA routing table. B. It will be dropped because network 192.168.25.0 is not in the RTB routing table. C. It will be forwarded to the null 0 interface of RTB and dropped. D. It will be forwarded to the RTB 192.168.25.0 network. Answer: D解释一下： RTB上有192.168.25.0/24的路由，也有 192.168.24.0/22的路由，根据最长掩码匹配的原则，RTB会将收到的从64200发过来的目的地为192.168.25.1的数据包发往192.168.25.0/24的网络中去。以下内容需要回复才能看到3Refer to the exhibit. What statement is true based upon the configuration of router R1 and router R2?31.jpg (23.61 KB)2007-12-27 13:5732.jpg (20.2 KB)2007-12-27 13:57A. Router R1 will become the active virtual gateway. B. Router R2 will become the active virtual gateway. C. The hello and hold timers are incompatible with multi-homed BGP. D. The hello and hold timers are incompatible with OSPF type 5 LSAs. E. Router R1 will become the master for Virtual Router 1, and router R2 will become the backup for Virtual Router 2. F. Router R2 will become the master for Virtual Router 1, and router R1 will become the backup for Virtual Router 2. Answer: A解释一下：GLBP中活动虚拟网关的选举也是通过比较优先级和IP地址的，越高越优先，因此R1将成为AVG。4Which router redundancy protocol cannot be configured for interface tracking? A. HSRP B. GLBP C. VRRP D. SLB E. RPRF. RPR+ Answer: C解释一下：路由器的负载协议有HSRP，GLBP，VRRP。而前两种都是可以trace接口的，所以不能trace接口的只有VRRP。SLB是服务器的负载均衡。RPR是弹性分组环。5Which three statements are true about IP multicast configuration? (Choose three.) A. PIM sparse mode interfaces are always added to the multicast routing table in a router. B. PIM dense mode interfaces are always added to the multicast routing table in a router. C. PIM sparse-dense mode acts as PIM dense mode if an RP is not known. D. PIM sparse-dense mode and PIM dense mode require an RP on the network. E. PIM sparse mode and PIM sparse-dense mode require an RP on the network. F. PIM sparse mode and PIM dense mode require an RP on the network. Answer: BCE解释一下：Dense mode 是一泛洪的形式发送来发送组播信息的，因此配置了dense模式的接口都添加到了路由器的多播路由表中了。Sparse mode是依靠RP来转发多播信息的，因此，在sparse模式中RP是必需的。Sparse-dense mode是稀疏密集模式，在这种模式下，默认是以稀疏模式工作的，但是如果稀疏模式的RP出现问题了，表示稀疏模式不能正常工作了，这时才启用密集模式。题库讲解CCNP 642-892 V3.95分析51Refer to the exhibit. EIGRP is enabled on all routers on the network. What additional configuration is required for the routers connected over the Frame Relay multipoint interfaces to compensate for a low-speed NBMA connection?1.jpg (16.93 KB)2007-12-30 10:13A. Configure the EIGRP hello interval on all Frame Relay interfaces to 5 seconds. B. Configure the EIGRP hello interval on all Frame Relay interfaces to 60 seconds. C. Configure the EIGRP hold time on all Frame Relay interfaces to 15 seconds. D. Configure the EIGRP hold time on all Frame Relay interfaces to 180 seconds. E. Configure the bandwidth on all EIGRP Frame Relay interfaces to the committed information rate (CIR). F. Configure the bandwidth on all EIGRP Frame Relay interfaces to the lowest CIR multiplied by the number of PVCs for the multipoint connection. Answer: F解释一下：在NBMA网络上，如何配置命令bandwidth取决于VC的设计，如果串行线采用多点的模式，有很多VC，EIGRP将在这些VC之间平均分配开销，而无需使用子接口。命令bandwidth应反映连接到帧中继网络云的接入链路的速度。如果串行接口连接的诸如帧中继等NBMA环境，情况很简单。路由器的串行接口上可能有5条VC，每条VC的速度为56kbit/s。因此接入链路的速度至少为280（5*56）kbit/s。配置的带宽的总和不能超过接口的接入速度。 以下内容需要回复才能看到2Which command enables OSPF for IPv6? A. router ospf process-id B. ipv6 ospf process-id C. ipv6 router ospf process-id D. router ospf ipv6 process-id Answer: B解释一下：ipv6 ospf process-id是激活一个OSPFv3的进程。3Refer to the exhibit. All routers have Protocol Independent Multicast (PIM) enabled interfaces. On the basis of the configuration provided on routers R1 and R2, which router will take on the function of rendezvous point (RP) for the multicast network?3.jpg (37.99 KB)2007-12-30 10:13A. router R1 B. router R2 C. both routers R1 and R2 D. none of the routers since they are not configured with static RP Answer: B解释一下：R1和R2都通告自己的loopback0为RP，所以还需要有一个RP的选举，因为优先级都没有改变，都是默认值，所以IP地址大的就为RP了。所以R2将成为RP。4Which two statements are true about external BGP neighbor relationships? (Choose two.) A. Static routes or an interior gateway protocol is required between EBGP neighbors. B. EBGP neighbors must be in different autonomous systems. C. EBGP neighbors use TCP port 179 to exchange BGP routing tables. D. Loopback addresses should be used between EBGP neighbors. E. The BGP split-horizon rule specifies that routes learned via IBGP are never propagated to other EBGP peers. F. When an EBGP neighbor receives an update from another EBGP neighbor, it should not forward the update to other EBGP neighbors. Answer: BC解释一下：EBGP是表示BGP的外部邻居关系，是不同自治系统之间建立的邻居关系。BGP使用的是TCP 179号端口的。题库讲解CCNP 642-892 V3.95分析61Which two statements are true about HSRP, VRRP, and GLBP? (Choose two.) A. GLBP allows for router load balancing of traffic from a network segment without the different host IP configurations required to achieve the same results with HSRP. B. GLBP allows for router load balancing of traffic from a network segment by utilizing the creation of multiple standby groups. C. GLBP and VRRP allow for MD5 authentication, whereas HSRP does not. D. Unlike HSRP and VRRP, GLBP allows automatic selection and simultaneous use of multiple available gateways. E. HSRP allows for multiple upstream active links being simultaneously used, whereas GLBP does not. Answer: AD解释一下：HSRP是热备用路由协议，VRRP是虚拟路由器冗余协议，而GLBP是网关负载均衡协议。其中HSRP和GLBP都是Cisco私有的协议。而HSRP和VRRP类似，让一组路由器能够提够冗余网关地址。组中的优先级最高的为活动的网关，提供网关的虚拟地址，而组中的其他路由器都处于备用状态。但GLBP为了提供虚拟路由器，也将多台交换机（路由器）分配到一个GLBP中，组中的所有路由器都能够参与负载均衡，转发部分数据流，而不是只让活动路由器代表虚拟路由器地址转发数据流。 以下内容需要回复才能看到2Which three IP multicast related statements are true? (Choose three.) A. Multicast addresses 224.0.1.0 through 238.255.255.255 are called globally scoped addresses. They are used to multicast data between organizations and across the Internet. B. The multicast address 224.0.0.1 is a globally scoped address that has been reserved for the Network Time Protocol (NTP) by the IANA. C. Multicast addresses 239.0.0.0 through 239.255.255.255 are called limited scope addresses. They are constrained to a local group or organization. D. Multicast addresses 224.0.0.5 and 224.0.0.6 are limited scoped addresses that have been reserved for OSPF. E. Multicast addresses 224.0.0.0 through 224.0.0.255 are used for network protocols on local LAN segments. Because they are always transmitted with a Time to Live (TTL) of 1, they are never forwarded by a router. Answer: ACE解释一下：关于组播地址空间的用途划分：l完整的组播地址空间（224.0.0.0-239.255.255.255）: 该IP地址范围都可用于组播。l链路本地地址（224.0.0.0-224.0.0.255）:只能提供本地网段中的网络协议使用，路由器不转发这些分组。l管理范围地址（239.0.0.0-239.255.255.255）:用于私有组播域，类似于RFC 1918规定的私有IP地址范围。这些地址不能在域之间路由，所以可以重用。l全局范围地址（224.0.1.0-238.255.255.255）:可供任何实体使用；这些地址可在组织间或Internet上路由，因此它们必须是唯一的且全局有效（这个范围既不是本地的也不是私有的；它是组播范围的剩余部分）3Which three route filtering statements are true? (Choose three.) A. After the router rip and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any RIP updates, but will receive routing updates on that interface. B. After the router eigrp 10 and passive-interface s0/0 commands have been issued, the s0/0 interface will not send any EIGRP updates, but will receive routing updates on that interface. C. After the router ospf 10 and passive-interface s0/0 commands have been issued , the s0/0 interface will not send any OSPF updates, but will receive routing updates on that interface. D. When you use the passive-interface command with RIPv2, multicasts are sent out the specified interface. E. When you use the passive-interface command with EIGRP, hello messages are not sent out the specified interface. F. When you use the passive-interface command with OSPF, hello messages are not sent out the specified interface. Answer: AEF解释一下：passive-interface表示在路由进程下，该接口只接受数据，但是不发送任何关于路由协议的报文。而EIGRP和OSPF是需要依靠Hello报文来维持他们的邻居关系的，所以如果passive了一个接口，那么这个接口就连Hello消息都不发了，那么与该接口相连的邻居关系就down了