【正文】 完美WORD格式 CCNA640802 V13題庫試題分析題庫講解：吳老師（艾迪飛CCIE實驗室首發(fā)網(wǎng)站：1. What are two reasons that a network administrator would use access lists? (Choose two.) A. to control vty access into a router B. to control broadcast traffic through a router C. to filter traffic as it passes through a router D. to filter traffic that originates from the router E. to replace passwords as a line of defense against security incursions Answer: AC解釋一下：在VTY線路下應(yīng)用ACL，可以控制從VTY線路進來的telnet的流量。也可以過濾穿越一臺路由器的流量。2. A default Frame Relay WAN is classified as what type of physical network? A. pointtopoint B. broadcast multiaccess C. nonbroadcast multiaccess D. nonbroadcast multipoint E. broadcast pointtomultipoint Answer: C解釋一下：在默認的情況下，幀中繼為非廣播多路訪問鏈路。但是也可以通過子接口來修改他的網(wǎng)絡(luò)的類型。3． Refer to the exhibit. How many broadcast domains exist in the exhibited topology?A. one B. two C. three D. four E. five F. six Answer: C解釋一下：廣播域的問題，在默認的情況下，每個交換機是不能隔離廣播域的，所以在同一個區(qū)域的所有交換機都在同一個廣播域中，但是為了減少廣播的危害，將廣播限制在一個更小的范圍，有了VLAN的概念，VLAN表示的是一個虛擬的局域網(wǎng)，而他的作用就是隔離廣播。所以被VLAN隔離了的每個區(qū)域都表示一個單獨的廣播域，這樣一個VLAN中的廣播的流量是不能傳到其他的區(qū)域的，所以在上題中就有3個廣播域了。4. A single access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.) A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF 6. The mand framerelay map ip 102 broadcast was entered on the router. Which of the following statements is true concerning this mand? A. This mand should be executed from the global configuration mode. B. The IP address is the local router port used to forward data. C. 102 is the remote DLCI that will receive the information. D. This mand is required for all Frame Relay configurations. E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC. Answer: E解釋一下：關(guān)于命令 framerelay map ip 102 broadcast ,這個命令用于手工靜態(tài)添加一條映射，而且這條PVC是支持廣播的流量的，比如RIP的更新包。因為在默認的情況下，幀中繼的網(wǎng)絡(luò)為非廣播的，而RIP在其上是無法發(fā)包的。8．Which of the following are associated with the application layer of the OSI model? (Choose two.) A. ping B. Telnet C. FTP D. TCP E. IP Answer: BC解釋一下：在OSI 7層模型中位于應(yīng)用層的應(yīng)用有telnet 和 ftp 這兩種應(yīng)用。9. For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists? A. IP B. ICMP C. TCP D. UDP Answer: B解釋一下：PING命令 利用ICMP協(xié)議的echo,和 echoreplay兩個報文來檢測鏈路是否連通的。所以如果要阻止PING的流量到網(wǎng)絡(luò)，就只要過濾掉ICMP的應(yīng)用就可以了。10．Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator pleted the configuration, host A could municate with host B, but host A could not municate with host C or host D. Which mands are required to resolve this problem? A. Router(config) interface fastethernet 0/ Router(configif) encapsulation dot1q 3 Router(configif) ip address B. Router(config) router rip Router(configrouter) network Router(configrouter) network Router(configrouter) network C. Switch1 vlan database Switch1(vlan) vtp v2mode Switch1(vlan) vtp domain cisco Switch1(vlan) vtp server D. Switch1(config) interface fastethernet 0/1 Switch1(configif) switchport mode trunk Switch1(configif) switchport trunk encapsulation isl Answer: A解釋一下：這是一個多VLAN間通訊的問題，雖然都同在一臺交換機上，但是由于處在不同的VLAN中，而導(dǎo)致了不同VLAN中的主機是不能通訊的。這時我們就需要借助與trunk和三層的路由功能了，在交換機和路由器之間封裝TRUNK，這樣可以允許交換機間的二層的通訊，但是由于兩個VLAN是劃分到不同的網(wǎng)段中的，因此需要借助路由器的路由功能來實現(xiàn)三層的可達，可以將VLAN中的主機的網(wǎng)關(guān)指定為路由器與該VLAN相連的子接口的地址，這樣VLAN中的數(shù)據(jù)包就都會發(fā)往網(wǎng)關(guān)，而由網(wǎng)關(guān)來進行進一步的轉(zhuǎn)發(fā)。在這個題中，題目給出了路由器的的子接口的網(wǎng)段，而又給出了VLAN 2與路由器相連的接口的IP地址，所以剩下的一個網(wǎng)段就是給VLAN 3的了 ，所以要在路由器上將與一個子接口劃分到VLAN 3，并給其分配另一個網(wǎng)段中的IP地址。這樣就可以了。11．What are two remended ways of protecting network device configuration files from outside network security threats? (Choose two.) A. Allow unrestricted access to the console or VTY ports. B. Use a firewall to restrict access from the outside to the network devices. C. Always use Telnet to access the device mand line because its data is automatically encrypted. D. Use SSH or another encrypted and authenticated transport to access device configurations. E. Prevent the loss of passwords by disabling password encryption. Answer: BD解釋一下：要確保外部的安全的站點才可以訪問我的網(wǎng)絡(luò)，這就涉及到了安全的問題了，我們 可以使用防火墻來限制外網(wǎng)中來的設(shè)備；也可以通過SSH或加密和認證來控制。12．Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)accesslist 101 deny tcp any eq telnet accesslist 101 permit ip any any A. source ip address: 。 destination port: 21 B. source ip address:, destination port: 21 C. source ip address:, destination port: 21 D. source ip address:, destination port: 23 E. source ip address: 。 destination port: 23 F. source ip address:, destination port: 23 Answer: DE解釋一下：這個訪問列表定義了兩個語句：accesslist 101 deny tcp any eq telnet accesslist 101 permit ip any any 在訪問列表中匹配的順序是從上到下，如果匹配了某一句，就退出訪問列表，如果沒有就一直往下匹配，在訪問列表中有一句隱含的拒絕所有。所以不管怎么樣都有一句是能被匹配的。在上題中， 的流量，然后第二句定義的就是允許所有的IP流量。而且要明確telnet的流量使用的是端口23,所以這個題的答案就很明確了。13． Refer to the exhibit. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table? A. Switch1 will add to the switching table. B. Switch1 will add to the switching table. C. Switch1 will add to the swi