思科认证考试题库

1、CCNA640-802 V13题库试题分析题库讲解：吴老师（艾迪飞CCIE实验室首发网站：1. What are two reasons that a network administrator would use access lists? (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traffic that

2、 originates from the router E. to replace passwords as a line of defense against security incursions Answer: AC解释一下：在VTY线路下应用ACL，可以控制从VTY线路进来的telnet的流量。也可以过滤穿越一台路由器的流量。2. A default Frame Relay WAN is classified as what type of physical network? A. point-to-point B. broadcast multi-access C. nonbroad

3、cast multi-access D. nonbroadcast multipoint E. broadcast point-to-multipoint Answer: C解释一下：在默认的情况下，帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。3 Refer to the exhibit. How many broadcast domains exist in the exhibited topology?A. one B. two C. three D. four E. five F. six Answer: C解释一下：广播域的问题，在默认的情况下，每个交换机是不

4、能隔离广播域的，所以在同一个区域的所有交换机都在同一个广播域中，但是为了减少广播的危害，将广播限制在一个更小的范围，有了VLAN的概念，VLAN表示的是一个虚拟的局域网，而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表示一个单独的广播域，这样一个VLAN中的广播的流量是不能传到其他的区域的，所以在上题中就有3个广播域了。4. A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experien

5、cing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF 6. The com

6、mand frame-relay map ip 102 broadcast was entered on the router. Which of the following statements is true concerning this command? A. This command should be executed from the global configuration mode. B. The IP address is the local router port used to forward data. C. 102 i

7、s the remote DLCI that will receive the information. D. This command is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer: E解释一下：关于命令 frame-relay map ip 102 broadcast ,这个命令用于手工静态添加一条映射，到达的流量封装一

8、个DLCI号为102，而且这条PVC是支持广播的流量的，比如RIP的更新包。因为在默认的情况下，帧中继的网络为非广播的，而RIP在其上是无法发包的。8Which of the following are associated with the application layer of the OSI model? (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: BC解释一下：在OSI 7层模型中位于应用层的应用有telnet 和 ftp 这两种应用。9. For security reasons, the network

9、administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists? A. IP B. ICMP C. TCP D. UDP Answer: B解释一下：PING命令 利用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以如果要阻止PING的流量到网络，就只要过滤掉ICMP的应用就可以了。10Refer to

10、the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the configurat

11、ion, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem? A. Router(config)# interface fastethernet 0/1.3 Router(config-if)# encapsulation dot1q 3 Router(config-if)# ip address B.

12、Router(config)# router rip Router(config-router)# network Router(config-router)# network Router(config-router)# network C. Switch1# vlan database Switch1(vlan)# vtp v2-mode Switch1(vlan)# vtp domain cisco Switch1(vlan)# vtp server D. Switch1(config)# interface fas

13、tethernet 0/1 Switch1(config-if)# switchport mode trunk Switch1(config-if)# switchport trunk encapsulation isl Answer: A解释一下：这是一个多VLAN间通讯的问题，虽然都同在一台交换机上，但是由于处在不同的VLAN中，而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了，在交换机和路由器之间封装TRUNK，这样可以允许交换机间的二层的通讯，但是由于两个VLAN是划分到不同的网段中的，因此需要借助路由器的路由功能来实现三层的可达，可以将VLA

14、N中的主机的网关指定为路由器与该VLAN相连的子接口的地址，这样VLAN中的数据包就都会发往网关，而由网关来进行进一步的转发。在这个题中，题目给出了路由器的的子接口的网段，而又给出了VLAN 2与路由器相连的接口的IP地址，所以剩下的一个网段就是给VLAN 3的了 ，所以要在路由器上将与一个子接口划分到VLAN 3，并给其分配另一个网段中的IP地址。这样就可以了。11What are two recommended ways of protecting network device configuration files from outside network security threat

15、s? (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access from the outside to the network devices. C. Always use Telnet to access the device command line because its data is automatically encrypted. D. Use SSH or another encrypted and authenticat

16、ed transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption. Answer: BD解释一下：要确保外部的安全的站点才可以访问我的网络，这就涉及到了安全的问题了，我们 可以使用防火墙来限制外网中来的设备；也可以通过SSH或加密和认证来控制。12Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in

17、the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)access-list 101 deny tcp 2 .15 any eq telnet access-list 101 permit ip any any A. source ip address: ; destination port: 21 B. source ip address:, 7 destination por

18、t: 21 C. source ip address:, 1 destination port: 21 D. source ip address:, 6 destination port: 23 E. source ip address: 6; destination port: 23 F. source ip address:, 9 destination port: 23 Answer: DE解释一下：这个访问列表定义了两个语句：access-list 101 deny tcp 192.168.

19、15.32 .15 any eq telnet access-list 101 permit ip any any 在访问列表中匹配的顺序是从上到下，如果匹配了某一句，就退出访问列表，如果没有就一直往下匹配，在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中，他定义的第一句是拒绝到从发出的任何的telnet 的流量，然后第二句定义的就是允许所有的IP流量。而且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。13 Refer to the exhibit. Switch1 has just been restarted and has passe

20、d the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table? A. Switch1 will add to the switching table. B. Switch1 will add 2 to the switching table. C. Switch1 will add 000A.8A47.E612 to

21、 the switching table. D. Switch1 will add 000B.DB95.2EE9 to the switching table. Answer: C解释一下：交换机重新启动了，这个时候交换机的MAC地址表是空的，当主机A发送数据给主机C而经过交换机时，交换机根据他的工作的原理他要进行原MAC地址学习，而因为对于这个目的MAC地址无记录，而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中，交换机是记录下主机A的MAC地址到他的MAC地址表中。14. he user of Host1 wants to ping the DSL modem/ro

22、uter at 54. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do? A. send a unicast ARP packet to the DSL modem/router B. send unicast ICMP packets to the DSL modem/router C. send Layer 3 broadcast packets to which the DSL modem/router responds D. send a Layer 2 b

23、roadcast that is received by Host2, the switch, and the DSL modem/router Answer: B解释一下：在下面的表中我们可以看到ARP表中有关于的ARP条目，所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。15. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?DAnswer: C解释一下：这还是一个关于汇总的问题。要求R

24、1将所有的网段用汇总的条目发送给R2，因为这些条目的网络位是相同的都为172.1，所以在这需要汇总的只是第3个八位，将4，4，5，6，7 这些写成二进制的形式，然后找出相同的位数，则有相同位数的字节就是他们的掩码的位数，而最小的有相同位的最小的数字就是他们的基数位，所以R1通告出去 汇总的条目为。16. Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly

25、configured on router R2. How will the default route configured on R1 affect the operation of R2? A. Any packet destined for a network that is not directly connected to router R1 will be dropped. B. Any packet destined for a network that is not directly connected to router R2 will be dropped immediat

26、ely. C. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1. D. The networks directly connected to router R2 will not be able to communicate with the , 28, and 4 subnetwor

27、ks. E. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur. Answer: E解释一下：在R1上产生了一个OSPF的缺省路由，出接口指定为S0/0，这条缺省路由以5类LSA的形式通告给了R2，于是R2上也有了一条标记为O*E2 .0/0 出接口为 Serial0/0的路由

28、。所以R2收到任何路由表中没有的目的网段时，就将指定给R1，而R1根据缺省路由的出接口又将数据包发往R2，这样就形成了一个路由的环路。17. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port? A. This is a 10 Mb/s switch port. B. This is a 10

29、0 Mb/s switch port. C. This is an Ethernet port operating at half duplex. D. This is an Ethernet port operating at full duplex. E. This is a port on a network interface card in a PC. Answer: C解释一下：一个接口有冲突检测和载波侦听，而且是使用双绞线的网络，那么对于这个接口我们可以推测出他是以太接口，而且是工作在半双工的模式下。20. Refer to the topology and router con

30、figuration shown in the graphic. A host on the LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?.1 B. .2 C. 3 D. 7 E. 7 F. 8 An

31、swer: D解释一下：这是个NAT地址转换的题目，在这f0/0接口连接下的为私有的地址，这些地址是不能同外网进行通讯的，这时就借助NAT，将内网的私有地址转换为可以在公网上通讯的地址，我们看到NAT POOL 中定义的转换后的公有地址为到，则表示这段地址是我转换后的内网全局地址，所以HOST想要穿过INTERNET访问FTP服务器，则需要转换为公有地址到之内的地址，在上面的答案中只有地址满足条件，所以答案就是D了。21. A company is installing IP phones. The phones and office computers connect to the same

32、 device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should b

33、e implemented on this device? (Choose two.) A. hub B. router C. switch D. STP E. subinterfaces F. VLAN Answer: CF解释一下：公司的语音设备和办公的设备都连在相同的设备上，还要确保语音的数据流在不同与公司的办公的数据流量，最好的网络设备当然是交换机了，然后利用VLAN的技术就完全可以满足所有的要求了。22. Refer to the exhibit. Which statement describes DLCI 17? A. DLCI 17 describes the ISDN cir

34、cuit between R2 and R3. B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1. C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3. D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider. Answer: C解释一下：DLCI是在Frame-relay中的描述二层信息的地址，他的地位等同于以太网中的MAC地址

35、。我们以R2上的DLCI 17来看，DLCI 17描述的是：从这个接口出去的目的地为R3的接口的这条PVC的二层的地址为17。23. Which routing protocol by default uses bandwidth and delay as metrics? A. RIP B. BGP C. OSPF D. EIGRP Answer: D解释一下：在我们的路由协议中使用复合度量的协议只有IGP和EIGPR，而他们在默认的情况下是使用带宽和延时来计算度量的。25. In the implementation of VLSM techniques on a network usin

36、g a single Class C IP address, which subnet mask is the most efficient for point-to-point serial links? A. B. 40 C. 48 D. 52 E. 54 Answer: D解释一下：在点到点的链路上因为只需要分配两个地址给两端就可以了，所以加上网络地址和广播地址，这个网段也就只需要有4个地址了，所以网络位需要匹配30位,掩码就为26. s will R1 f

37、orward to R2? (Choose two.) A. 60 B. 1 C. D. 55 E. F. 5 Answer: BE解释一下：这个题其实就是考察的汇总的问题，他说的意思是R2发送了一个汇总的路由给R1，哪两个包文的目的地R1仍将转发给R2。这还是汇总的问题的一个反向的考察，根据21位的掩码位数可以推断在第3个八位字节的前5位是相同的，不同的是后面的3位，而将176写成二进制的形式为1011 0000，所以可以看出来明细的

38、路由可以是176-183，所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。27. Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data? A. Switch-1 will drop the data because it does not have an entry for that MAC address. B. Switch-1 will flood the dat

39、a out all of its ports except the port from which the data originated. C. Switch-1 will send an ARP request out all its ports except the port from which the data originated. D. Switch-1 will forward the data to its default gateway. Answer: B解释一下：首先Switch 1需要发送一个数据到MAC地址为的主机，了解到目的地后，就查看他的MAC 地址表，然后发现

40、在MAC地址表中没有这个MAC地址的条目存在。交换机在收到未知的单播，组播和广播时，都采用的是泛洪的方式，往除收到数据的这个接口外的所有接口都发送。所以在这儿，Switch 1也采取的上泛洪的方式。28. wo routers named Atlanta and Brevard are connected by their serial interfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct

41、configuration. Given the partial configurations shown in the exhibit, what is the problem on the Brevard router that is causing the lack of connectivity? A. A loopback is not set. B. The IP address is incorrect. C. The subnet mask is incorrect. D. The serial line encapsulations are incompatible. E.

42、The maximum transmission unit (MTU) size is too large. F. The bandwidth setting is incompatible with the connected interface. Answer: B解释一下：很明显的错误啊，两台路由器的串行接口的地址配置错误，不是在相同的网段，从而导致了不能通讯。29. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.) A. amount of RAM B. b

43、ridge priority C. IOS version D. IP address E. MAC address F. speed of the links Answer: BE解释一下：生成树的选举的问题，根桥的选举是通过比较的，而由桥优先级和地址组成的所以在选根桥的时候需要比较的是桥优先级和address。30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers? A.

44、Switch1 B. Switch2 C. Switch3 D. Switch4 Answer: C解释一下：这是个关于生成树选举的问题，我们首先需要找到根桥，而根桥的选举是通过比较桥ID的,而且是越小越优先，桥ID的组成为桥优先级和MAC地址。所以我们通过上图可以找到根桥为switch 1。然后在非根桥上选出根端口，通过比较到根桥的花费来选举的，花费最小的就是根端口。因为上图中没有表示出链路的带宽，所以无法比较他们的花费。下一步我们来选举指派端口。每条链路都需要有一个DP，先是比较花费，如果花费相同则比较BID（桥优先级），仍是越小越优先，根据上图的表识，我们可以找到每条链路上的DP，而连P

45、rinters的链路上的DP就为Switch 3，因为他有更小的MAC地址。32. Refer to the exhibit. Why would the network administrator configure RA in this manner?A. to give students access to the Internet B. to prevent students from accessing the command prompt of RA C. to prevent administrators from accessing the console of RA D. t

46、o give administrators access to the Internet E. to prevent students from accessing the Internet F. to prevent students from accessing the Admin network Answer: B解释一下：在这儿，将应用到线路下，而且是的方向，表示凡是被我的允许的才能telnet到我在上配置的是permit 根据隐式的deny any 允许dmin的网段中的用户可以telnet到他，所以tudent的网段中的用户是被拒绝的33. In order to allow th

47、e establishment of a Telnet session with a router, which set of commands must be configured? A. router(config)# line console 0 router(config-line)# enable password cisco B. router(config)# line console 0 router(config-line)# enable secret cisco router(config-line)# loginC. router(config)# line conso

48、le 0 router(config-line)# password cisco router(config-line)# login D. router(config)# line vty 0 router(config-line)# enable password cisco E. router(config)# line vty 0 router(config-line)# enable secret cisco router(config-line)# login F. router(config)# line vty 0 router(config-line)# password c

49、isco router(config-line)# login Answer: F解释一下：telnet是一个应用层的应用，他使用的是vty线路，而且在默认的情况下，是需要访问的线路下设有密码的。而在VTY线路下设置密码的命令为 passwork string ,而VTY线路下的另一个命令login则是默认的，可写也可不写。如果想Telnet时在VTY线路下不设置密码也可以访问这个线路，可以在该VTY线路下输入命令 no login。34. Refer to the exhibit. The two exhibited devices are the only Cisco devices on

50、 the network. The serial network between the two devices has a mask of 52. Given the output that is shown, what three statements are true of these devices? (Choose three.) A. The Manchester serial address is .1. B. The Manchester serial address is .2. C. The London router is a Cisco 261

51、0. D. The Manchester router is a Cisco 2610. E. The CDP information was received on port Serial0/0 of the Manchester router. F. The CDP information was sent by port Serial0/0 of the London router. Answer: ACE解释一下：是私有的一个二层的协议，但是他却可以发现三层的信息的通过可以发现的邻居的信息有：设备的名称，地址，端口，能力，平台，对端的holddown time在上图的show cdp

52、entry *命令的显示可以看到的信息有：设备名称：ondon；地址：.2；平台：cisco 2610；能力：Router；端口：s0/；holdtime：anchesteter收到这个信息的接口为S0/0综合一下，这个题目的答案就出来了35. A network administrator has configured two switches, named London and Madrid, to use VTP. However, the switches are not sharing VTP messages. Given the command output shown in t

53、he graphic, why are these switches not sharing VTP messages? A. The VTP version is not correctly configured. B. The VTP operating mode is not correctly configured. C. The VTP domain name is not correctly configured. D. VTP pruning mode is disabled. E. VTP V2 mode is disabled. F. VTP traps generation

54、 is disabled. Answer: C解释一下：交换机间不能共享VTP的信息，我们就需要检查VTP的状态，首先需要检查的是VTP的域名，只有同一个域中的才可能相互学习，再来检查VTP的模式，必须有一个server模式才能有VTP学习的过程的，默认的情况下VTP的模式为Server的。然后我们检查图题目给出的信息，可以看到两台交换机的VTP domain是不一致的，所以这个就是问题的所在了。36. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the

55、following are true? (Choose two.) A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached. B. Router C will use ICMP to inform Router B that Host 2 cannot be reached. C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached. D. Router C will s

56、end a Destination Unreachable message type. E. Router C will send a Router Selection message type. F. Router C will send a Source Quench message type. Answer: AD解释一下：连Host 2的接口E0/0 down了，那么最直接的反映就发生在路由器C上，C的路由表中的这个条目就消失了，因此当Host 1 想要跟Host 2建立连接的时候，Router C就发送一个目的网段不可达的消息；如果是使用ping命令，那么Router C就使用ICM

57、P 的包文告诉Host 1，Host 2是不可打的。37. Refer to the exhibit. Assuming that the router is configured with the default settings, what type of router interface is this? A. Ethernet B. FastEthernet C. Gigabit Ethernet D. asynchronous serial E. synchronous serial Answer: B解释一下：这个题是需要根据图中提供的信息来判断接口的类型。可以看到接口的MAC地址，表示这个接口肯定不是串行接口，所以可以排除D和E的选项。看带宽BW 100000 Kbit,表示的是100M的带宽，所以这是个Fast Ethernet接口。38. On point-to-point networks, OSPF hello packets are addressed to which address? A. B. C. D. 22