【多选题】
管理员想要更新AR2200路由器的VRP,则正确的方法有(多选)。___
A. 管理员把AR2200配置为TFTP服务器,通过TFTP来传输VRP软件
B. 管理员把AR2200配置为TFTP客户端,通过TFTP来传输VRP软件
C. 管理员把AR2200配置为FTP服务器,通过FTP来传输VRP软件
D. 管理员把AR2200配置为FTP客户端,通过FTP来传输VRP软件
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【多选题】
VRP操作平台存在哪些命令行视图? (多选)___
A. 接口视图
B. 用户视图
C. 协议视图
D. 系统视图
【多选题】
OSPF协议支持以下哪些网络类型? (多选)___
A. 广播类型
B. 点到点
C. 点到点类型
D. NBMA
【多选题】
OSPF协议邻居关系有哪几种稳定状态?(多选)___
A. Down
B. Full
C. 2-way
D. Attempt
【多选题】
下列哪些路由协议是动态路由协议? (多选) ___
A. OSPF
B. BGP
C.
D. irect
【多选题】
在OSPF协议中,下面对DR的描述中正确的是()。(多选)___
A. DR和BDR之间也要建立邻接关系
B. 若两台路由器的优先级值相等,则选择Router ID大的路由器作为DR
C. 若两台路由器的优先级值不同,则选择优先级值较小的路由器作为DR
D. 默认情况下,本广播网络中所有的路由器都将参与DR选举
【多选题】
如图所示,两台路由器配置了oSPF之后,管理员在RTA上配置了<silent-interfaces0/0/1>命令,则下面描述 正确的是()。(多选)___
A. RTA会继续接收并分析处理RTB发送的OSPF报文
B. 两台路由器的邻居关系将会down掉
C. RTA将不再发送OSPF报文
D. 两台路由器的邻居关系将不会受影响
【多选题】
目前,公司有一个网络管理员,公司网络中的AR2200通过Telnet直接输入密码后就可以实现远程管理。新 来了两个网络管理员后,公司希望给所有的管理员分配各自的用户名与密码,以及不同的权限等级。那么应 该如何操作呢?(多选)___
A. 在配置每个管理员的帐户时,需要配置不同的权限级别
B. Telnet配置的用户认证模式必须选择AAA模式
C. 在AAA视图下配置三个用户名和各自对应的密码
D. 每个管理员在运行Telnet命令时,使用设备的不同公网IP地址
【多选题】
路由条目10.0.0.24/29可能由如下哪几条子网路由汇聚而来? (多选)___
A. 10.0.0.24/30
B. 10.0.0.26/30
C. 10.0.0.28/30
D. 10.0.0.23/30
【多选题】
173查询设备OSPF协议的配置信息,可以使用下列哪些命令? (多选)___
A. dis ip routing-table
B. display current-configuration
C. display ospf peer
D. 在OSPF协议视图下: display this
【多选题】
某台设备输出信息如下,下列说法正确的有? (多选) ___
A. 接口的MAC地址为00e0-fc22-4fff
B. 接口的IP地址为10.0.12.2/24
C. 本接口的工作速率为1Gbps
D. 本接口的MTU值为1000
【多选题】
关于黑洞MAC地址表说法正确的是? (多选)___
A. 在系统复位、接口板热插拔或接口板复位后,保存的表项不会丢失
B. 由用户手工配置,并下发到各接口板,表项不可老化
C. 配置黑洞MAC地址后,源MAC地址或目的MAC地址是该MAC的报文将会被丢弃
D. 通过配置黑洞MAC地址表项,可以过滤掉非法用户
【多选题】
关于静态MAC地址表说法正确的是? (多选)___
A. 接口和MAC地址静态绑定后,其他接口收到源MAC是该MAC地址的报文将会被丢弃
B. 通过查看静态MAC地址表项,可以判断两台相连设备之间是否有数据转发
C. 一条静态MAC地址表项,只能绑定一个出接口
D. 在系统复位、接口板热插拔或接口板复位后,保存的表项不会丢失
【多选题】
OSPF协议在以下哪种网络类型中需要选举DR和BDR? (多选)___
A. 点到点类型
B. 广播类型
C. NBMA
D. 点到点
【多选题】
在一台路由器上配置OSPF时,必须手动进行的配置有()。 (多选)___
A. 开启OSPF进程
B. 创建OSPF区域
C. 配置Router ID
D. 指定每个区域中所包含的网络
【多选题】
下列关于单臂路由的说法正确的有? (多选)___
A. 每个VLAN一个物理连接
B. 交换机上,把连接到路由器的端口配置成Trunk类型的端口,并允许相关VLAN的帧通过
C. 在路由器上需要创建子接口
D. 交换机和路由器之间仅使用一条物理链路连接
【多选题】
下列关于链路聚合说法正确的有? (多选)___
A. Eth-Truk接口不能嵌套
B. 两台设备对接时需要保证两端设备上链路聚合的模式一致
C. GE接口和FE接口不能加入同一个Eth-Trunk接口
D. GE电接口和GE光接口不能加入同一个Eth-Trunk接口
【多选题】
SA(Security Association)安全联盟由以下哪些参数标识? (多选)___
A. 源IP地址
B. 安全参数索引SPI(Security Parameter Index)
C. 目的IP地址
D. 安全协议(AH或ESP)
【多选题】
以下关于IPv6无状态地址自动配置和DHCPv6说法正确的有? (多选)___
A. IPv6无状态地址自动配置使用RA和RS报文
B. DHCPv6比无状态自动配置可管理性更好
C.
D. HCPv6又可以分为DHCPv6有状态自动配置和DHCPv6无状态自动配置
【多选题】
路由器接口输出信息如下,下列说法正确的有? (多选)___
A. 本接口的全球单播地址为2001::12:1
B. 本接口的MTU值为1500
C. 本接口的链路本地地址为FE80::2EO:FCFF:FE6F:4F36
D. 本接口IPv6协议状态为UP
【多选题】
212某台路由器DHCP地址池配置信息如下,下列说法正确有? (多选)___
A. 该地址池有199个可用的IP地址
B. IP地址的租期为12h
C. 该地址池有55个可用的IP地址
D. DHCP客户端可能获取的IP地址为192.168.1.2
【多选题】
213某台路由器路由表输出信息如下,下列说法正确的是? (多选)___
A. 本路由器到达10.0.0.1的NextlHop为10.0.21.2
B. 本路由器到达10.0.0.1的NextHop为10.0.12.2
C. 本路由器到达10.0.2.2的NextHop为10.0.12.2
D. 本路由器到达10.0.2.2的NextHop为10.0.21.2
【多选题】
路由器1路由表输出信息如下,下列说法正确的是? (多选)___
A. 路由表中存在两种动态路由协议
B. 路由器Etherneto/0/0接口IP地址的掩码长度为24位
C. 路由器Etherneto/0/0接口的IP地址为10.0.12.1
D. 路由表中存在一种动态路由协议
【多选题】
关于免费ARP,下面说法正确的是()。 (多选)___
A. 免费ARP报文的格式与普通ARP应答报文的格式相同
B. 免费ARP可以帮助更新旧的IP地址信息
C. 通过发送免费ARP,可以确认IP地址是否有冲突
D. 免费ARP报文的格式与普通ARP请求报文的格式是相同的
【多选题】
在OSI参考模型的传输层中,可以使用下面哪些流量控制方式? (多选)___
A. 源抑制报文
B. 窗口机制
C. 确认技术
D. 缓存技术
【多选题】
如图所示,两台交换机上都禁用了STP协议,主机A发送了一个ARP Request,则下面描述正确的是()。(多选)___
A. 这两台交换机能够实现负载均衡
B. 这两台交换机的CPU占用率将会很高
C. 这个网络中将会出现重复帧
D. 这两台交换机的MAC地址表会频繁抖动
【多选题】
某台路由器输出信息如下,下列说法错误的是? (多选)___
A. 本路由器开启了区域认证
B. 本设备出现故障,配置的Router Id和实际生效的Router ID不一致
C. 本设备生效的Router Id为10.0.12.1
D. 本设备生效的Router Id为10.0.1.1
【多选题】
234在VRP操作系统中,如何进入OSPF区域0的视图? (多选)___
A. [Huawei-ospf-1]area 0
B. [Huawei]ospf area 0
C. [Huawei-ospf-1]area 0 enable
D. [Huawei-ospf-1]area 0.0.0.0
【多选题】
在华为设备中,OSPF选举Router ID的方法可以是下列哪种? (多选)___
A. 通过手工定义一个任意的合法Router ID
B. 如果未配置Loopback接口,则在其他接口的IP地址中选取最大的IP地址作为Router ID
C. 华为交换机可能使用最大的VLANIF的IP地址作为Router ID
D. 如果配置了Loopback接口,则从Loopback接口的IP地址中选择最大的IP地址作为Router ID
E. 使用默认的127.0.0.1
【多选题】
下列哪几项是配置静态路由的基本要素? (多选)___
A. 目的网段
B. 出接口的MAC地址
C. 下一跳的IP地址
D. 出接口
【多选题】
动态主机配置协议DHCP可以分配以下哪些网络参数? (多选)___
A. 操作系统
B. DNS地址
C. IP地址
D. 网关地址
【多选题】
如图所示,在KTA的Serial1/0/1接口使用命令“ip address unnumbered interface loopback 0”配置了地址借用,则下面描述正确的是()。 (多选)___
A. RTA的接口Serial 1/0/1的IP地址为10.1.1.1/24
B. RTA的接口Serial1/0/1的IP地址为10.1.1.1/32
C. RTA的路由表中存在一条10.1.1.0/24的路由条目
D. RTA的路由表中不存在一条10.1.1.0/24的路由条目
【多选题】
路由器建立路由表的方式有哪三种? (多选)___
A. 动态路由
B. 静态路由
C. 直连路由
D. 聚合路由
【多选题】
90下面哪些是路由协议?(多选)___
A. BGP
B. IPX
C. OSPF
D. IP
【多选题】
MPLS头部包括以下哪些字段? (多选) ___
A. Label
B. EXP
C. TTL
D. Tos
【多选题】
OSPFv3邻接关系无法建立,可能是由以下哪些原因引起? (多选)___
A. Router-ID冲突
B. HELLO报文发送周期不一致
C. 区域号码不一致
D. 接口IPv6地址前缀不一致
【多选题】
以下哪些MAC地址不能作为主机网卡的MAC地址? (多选)___
A. 00-02-03-04-05-06
B. 02-03-04-05-06-07
C. 01-02-03-04-05-06
D. 03-04-05-06-07-08
【多选题】
260关于检测IP网络连通性时使用的命令,下面说法错误的有()。 (多选)___
A. ping 127.0.0.1,此命令用来检测主机的网线是否插好
B. ipconfig/release命令可以用来检测主机到本地网关的连通性
C. ping 127.0.0.2,此命令用来检测主机的网线是否插好
D. ping命令可以用来检测主机到本地网关的连通性
【多选题】
如下图所示网络,所有交换机开启STP协议。关闭SWA的G0/0/2端口配置BPDU的发送功能,SWC的 G0/0/1重新收敛成为根端口,关于此过程,下列说法正确的有? (多选)___
A. SWB向SWA专发TCN BPDU
B. SWC向SWB发送TCN BPDU报文
C. SWB向SWC发送TCA置位的配置BPDU
D. SWA发送TC置位的配置BPDU
【多选题】
RSTP协议配置BPDU中的Flag字段使用了哪些STP协议未使用的标志位? (多选)___
A. Agreement
B. TCA
C. TC
D. Proposal
【多选题】
279当路由出现环路时,可能会产生下列哪些问题? (多选)___
A. 路由器的内存消耗增大
B. 数据包的字节数越来越大
C. 数据包无休止的传递
D. 路由器的CPU消耗增大
E. 数据包的目的IP地址不断被修改
推荐试题
【单选题】
Which command enables authentication at the oSPFv2 routing process level?___
A. ip ospf authentication message-digest
B. area 0 authentication message-digest
C. ip ospf message-digest-key 1 mds Cisco
D. area 0 authentication ipsec spi 500 md5 1234567890ABCDEF1234567890ABCDEF
【单选题】
Which type of firewall monitors a nd protects a specific system?___
A. firewall
B. application firewall
C. stateless firewall wvp
D. personal firewall
【单选题】
On an ASA, which maps are used to identify traffic?___
A. Route maps
B. Policy maps
C. Class maps
D. Service maps
【单选题】
Which type of social engineering attack targets top executives?___
A. whaling
B. vishin
C. spear phishing ng
D. baiting
【单选题】
What is the minimum Cisco lOS version that supports zone-based firewalls?___
A. 12.1T
B. 15.1
C. 15.0
D. 124
【单选题】
In which type of attack does an attacker overwrite an entry in the CAM table to divert traffic destined to a legitimate host?___
A. DHCP spoofing
B. ARP spoofing
C. CAM table overflow
D. MAC spoofing
【多选题】
Which two attack types can be prevented with the impleme ntation of a Cisco IPS solution?___
A. DDos
B. man-in-the-middle
C. worms
D. ARP spoofing
E. VLAN hopping
【多选题】
choose four___
A. DHCP snooping ——————————blocks DHCP messages
B. Dynamic ARP inspection——————verifies IP-to-MAC traffic on untrusted ports
C. IP sources guard ——————————provides layer 2 interface security with ports ACLs
D. Port security————————————mitigates MAC-address spoofing at the access interface
【多选题】
choose four___
A. Step1————————run the system setup wizard
B. Step2————————add an authentication realm
C. Step3————————configure identity management
D. Step4————————configure directory group
【多选题】
What are two advanced features of the Cisco AMp solution for endpoints ___
A. contemplation
B. foresight
C. sandboxing
D. reputation
E. reflection
【多选题】
Which two characteristics of RADIUS are true?___
A. It encrypts only the password between user and server.
B. It uses TCP ports 1812/1813
C. It uses UDP ports 1812/1813.
D. It uses UDP port 49
E. It uses TCP port 49
【多选题】
What are two challenges of using a network-based IPS? ___
A. It is unable to determine whether a detected attack was successful
B. It requires additional storage and proce ssor capacity on syslog servers
C. As the network expands, it requires you to add more sensors.
D. It is unable to detect attacks across the entire network
E. It must support multiple operating systems.
【多选题】
What are two default be haviors of the traffic on a zone-based firewall?___
A. Traffic within the self -zone uses an im plicit deny all.
B. All traffic between zones is implicitly blocked
C. Communication is allowed between interfadAss that are members of the same zone
D. Communication is blocked between interfaces that are members of the same zone
E. The CBAC rules that are configured on router interfaces apply to zone interfaces
【多选题】
Which two advantages does the on-premise model for MDM deployment have over the cloud-based model?___
A. The on-premise model is easier and faster to de ploy than the cloud-based model
B. The on-premise model is more scalable than the cloud-based model
C. The on-premise model is generally less expensive than the cloud-based model
D. The on-premise model generally has less latency than the cloud- based model.
E. The on-premise model provides more control of the MDM solution than the cloud
【多选题】
Which two actions can an end usts take to manage a lost or stolen device in Cisco ISE? ___
A. Activate Cisco ISE End point Protection Services to quarantine the device.
B. Add the mac address of the device to a list of blacklisted devices
C. Force the device to be locked with a PIN
D. Request revocation of the digital certificate of the device.
E. Reinstate a device that the user previously marked as lost or stolen
【多选题】
Which two problems can arise when a proxy firewall serves as the gateway between networks?___
A. It can prevent content caching
B. It can limit application support
C. It is unable to prevent direct connections to other networks
D. It can cause reduced throughput.
E. It is unable to provide antivirus protection
【多选题】
When using the Adaptive Security Device Manager(ASDM), which two methods are available to add a new root certificate?___
A. Use sCep
B. Install from SFTP server
C. Install from a file
D. Use Https
E. Use LDAP
【多选题】
Which two are considered basic security principles?___
A. Accountability
B. Redundancy
C. High Availabilit
D. Integrity
E. Confidentiality
【多选题】
Which two roles of the Cisco WSA are true?___
A. IPS
B. firewall
C. antispam
D. web proxy
E. URL filter
【单选题】
Which next-generation encryption algorithm supports four variants?___
A. SHA-2
B. SHA-1
C. MD5
D. HMAC
【单选题】
What aims to remove the abil ity to deny an action?___
A. Non-Repudiation
B. Accountability
C. Integrity
D. Deniability
【单选题】
Which statements about the native VLAN is true ?___
A. It is susceptible to VLAN hopping attacks.
B. It is the Cisco recommended VLAN for switch-management traffic
C. It is most secure when it is a ssigned to vLAn 1.
D. It is the cisco-recomme nded vlan for user traffic
【单选题】
There are two versions of IKE:IKEv1 and IKEv2. Both IKEv1 and IKEv2 protocols operate in phases IKEv1 operates in two phases. IKEv2 operates in how many phases?___
【单选题】
What does the dh group refer to?___
A. length of key for hashing C
B. length of key for encryption
C. tunnel lifetime key
D. length of key for key exchange
E. length of key for authentication
【单选题】
Which path do you follow to enable aaa through the SDM ?___
A. Configure Tasks > AAA
B. Configure > Addition Authentication > AAA
C. Configure > AAA
D. Configure > Additional Tasks > AAA
E. Configure Authentication > AAA
【单选题】
which technology cloud be used on top of an MPLS VPN to add confidentiality ?___
A. IPsec
B. 3DES
C. AES
D. SSL
【单选题】
Which term is most closely aligned with the basic purpose of a SIEM solution? ___
A. Non-Repudiation
B. Accountability
C. Causality
D. Repudiation
【单选题】
You have just deployed SNMPv3 in your environment, Your manager asks you to make sure that our SNMP agents can only talk to the SNMP Manager. What would you configure on your SNMI agents to satisfy this request?___
A. A SNMP View containing the SNMP managers
B. Routing Filter with the SNMP managers in it applied outbound
C. A standard ACL containing the SNMP managers applied to the SNMP configuration
D. A SNMP Group containing the SNMP managers
【单选题】
Which feature prevents loops by moving a nontrunking port into an errdisable state when a BPDU is received on that port?___
A. BPDU filte
B. DHCP snooping
C. BPDU guard
D. Port Fast
【单选题】
Which command enables port security to use sticky MAC addresses on a switch?___
A. switchport port-security violation restrict
B. switchport port-security mac-address sticky
C. switchport port-security violation protect
D. switchport port-security
【单选题】
When you edit an IPS subsignature, what is the effect on the parent signature and the family of subsignatures?___
A. The change applies to the parent signature and the entire family of subsignatures
B. The change applies to the parent signature and the subsignature that you edit
C. The change applies only to subsignatures that are numbered sequentially after the subsignature that you edit
D. Other signatures are unaffected, the change applies only to the subsignature that you dit
【单选题】
Which type of mechanism does Cisco FirePOWER de ploy to protect ag detected moving across other networks?___
A. antivirus scanning
B. policy-based
C. reputation-based
D. signature-based
【单选题】
What action must you take on the ise to blacklist a wired device?___
A. Locate the switch through which the device is connected and push an a cl restricting all access by the device
B. Issue a CoA request for the de vice's mac address to each access switch in the network
C. Revoke the device's certificate so it is unable to authenticate to the network
D. Add the device's MAc address to a list of black listed devices
【单选题】
Which type of firewall can perform deep packet inspection?___
A. packet-filtering firewall
B. stateless firewall
C. application firewall
D. personal firewall
【单选题】
What is the main purpose of Control Plane Policing?___
A. to prevent exhaustion of route-proce ssor resources
B. to organize the egress packet queues
C. to define traffic classes
D. to maintain the policy map
【单选题】
Which attack can be prevented by OSPF authentication?___
A. smurf attack
B. IP spoofing attack
C. denial of service attack
D. buffer overflow attack
【单选题】
What is the best definition of hairpinning?___
A. ingress traffic that traverses the outbound interface on a device
B. traffic that enters one interface on a device and that exits through another interface
C. traffic that enters and exits a device through the same interface
D. traffic that tunnels through a device interface
【单选题】
Which SNMPv3 security level provides authentication using HMAC with MD5, but does not use encryption?___
A. authPriv
B. authNo Priv
C. noAuthNoPriv
D. NoauthPriv
【单选题】
You have implemented a dynamic blacklist, using security intelligence to block illicit network activity. However, the blacklist contains several approved connections that users must access for usiness pur poses. Which action can you take to retain the blacklist while allowing users to access the approve d sites?___
A. Create a whitelist and manually add the approved addresses.
B. Disable the dynamic blacklist and deny the specif ic address on a whitelist while permitting the others
C. Edit the dynamic blacklist to remove the approved addresses
D. Disable the dynamic blacklist and create a static blacklist in its place
【单选题】
When connecting to an external resource,you must change a source IP address to use one IP address from a range of 207.165.201.1 to 207.165.1.30. Which option do you implement ?___
A. dynamic source NAT that uses an IP ad dress as a mapped source
B. static destination NAT that uses a subnet as a real de stination
C. dynamic source NAT that uses a range as a mapped source
D. static destination NAT that uses a subnet as a real source
