【正文】 deny all at the end of the ACL.D. Traffic will be accepted, because the source address is not covered by the ACL.Answer: CSection: Chapter 7: SecurityExplanation/Reference:ACL匹配規(guī)則：自上而下匹配，一旦匹配則終止，沒有匹配到的丟棄。題目給的172是目的地址，表中ACL中172是源地址QUESTION 59Refer to the exhibit. Which statement describes the effect that the Router1 configuration has on devices inthe subnet when they try to connect to SVRA using Telnet or SSH?A. Devices will not be able to use Telnet or SSH.B. Devices will be able to use SSH, but not Telnet.C. Devices will be able to use Telnet, but not SSH.D. Devices will be able to use Telnet and SSH.Answer: BSection: Chapter 7: SecurityExplanation/Reference:題目考查的是ACL用法，首先我們看圖示F0/0 是in方向，eq應(yīng)該放在目的主機(jī)的后面，源主機(jī)是隨機(jī)端口發(fā)出訪問f0/1也設(shè)置為out方向，只能控制返回的數(shù)據(jù)，這里eq應(yīng)該放在源主機(jī)也就是SVRA的后面所以list 100中10生效，20 無效。list 101中 10生效，20無效。最后默認(rèn)都拒絕，所以只允許ssh。QUESTION 60What are three advantages of VLANs? (Choose three.)A. VLANs establish broadcast domains in switched networks.B. VLANs utilize packet filtering to enhance network security.C. VLANs provide a method of conserving IP addresses in large networks.D. VLANs provide a lowlatency internetworking alternative to routed networks.E. VLANs allow access to network services based on department, not physical location.F. VLANs can greatly simplify adding, moving, or changing hosts on the network.Answer: AEFSection: Chapter 10: VLANExplanation/Reference:A：VLAN在交換網(wǎng)絡(luò)中建立廣播域，正確B：利用VLAN的數(shù)據(jù)包過濾，增強(qiáng)網(wǎng)絡(luò)的安全性。錯誤，沒有這個特性。C：提供了在大型網(wǎng)絡(luò)中的保護(hù)IP地址的方法。錯誤。D：提供低延遲互聯(lián)網(wǎng)絡(luò)替代路由網(wǎng)絡(luò)。錯誤E：vlan允許基于邏輯劃分的網(wǎng)絡(luò)訪問，不是物理位置。正確。F：VLAN可以大大簡化添加，移動或更改網(wǎng)絡(luò)上的主機(jī)。正確。QUESTION 61An administrator would like to configure a switch over a virtual terminal connection from locations outsideof the local LAN. Which of the following are required in order for the switch to be configured from a remotelocation? (Choose two.)A. The switch must be configured with an IP address, subnet mask, and default gateway.B. The switch must be connected to a router over a VLAN trunk.C. The switch must be reachable through a port connected to its management VLAN.D. The switch console port must be connected to the Ethernet LAN.E. The switch management VLAN must be created and have a membership of at least one switch port.F. The switch must be fully configured as an SNMP agent.Answer: ACSection: Chapter 9: SwitchingExplanation/Reference:要想遠(yuǎn)程管理VLAN，交換機(jī)配置IP，路由可達(dá)。QUESTION 62Which of the following host addresses are members of networks that can be routed across the publicInternet? (Choose three.)A. B. C. D. E. F. Answer: CEFSection: Chapter 3: IP Addressing and VLSMExplanation/Reference:考查公有IP地址的范圍。除了上面的外都是公有IP。QUESTION 63Given a subnet mask of , which of the following addresses can be assigned to networkhosts? (Choose three.)A. B. C. D. E. F. Answer: BCDSection: Chapter 3: IP Addressing and VLSMExplanation/Reference:QUESTION 64Which of the following are benefits of VLANs? (Choose three.)A. They increase the size of collision domains.B. They allow logical grouping of users by function.C. They can enhance network security.D. They increase the size of broadcast domains while decreasing the number of collision domains.E. They increase the number of broadcast domains while decreasing the size of the broadcast domains.F. They simplify switch administration.Answer: BCESection: Chapter 10: VLANExplanation/Reference:考查VLAN的特點A：增加沖突域的大小，錯誤B：允許邏輯劃分網(wǎng)段，正確C：增強(qiáng)網(wǎng)絡(luò)安全，正確。不同vlan不能直接通信。D：當(dāng)減少沖突域時增加廣播域的大小。錯誤E：減少廣播域的大小時增加了廣播域個數(shù)。正確。F:簡化交換機(jī)管理。答非所問。QUESTION 65Which router IOS mands can be used to troubleshoot LAN connectivity problems? (Choose three.)A. pingB. tracertC. ipconfigD. show ip routeE. winipcfgF. show interfacesAnswer: ADFSection: Chapter 6: IP RoutingExplanation/Reference:A：測試連通性D：查看是否有路由F：查看接口是否可用QUESTION 66Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support thistransmission?A.B.C.D.E.F.Answer: DSection: Chapter 2: TCP/IPExplanation/Reference:此題考查的是pc的arp表，不要和包的目的地址、源地址弄混了。在以太網(wǎng)尋址的時候，依靠的事MAC地址，每一個網(wǎng)段都需要尋找到自己的下一條（gateway）以自己的MAC作為source gateway的mac作為destination封裝Frame，然后將Frame轉(zhuǎn)發(fā)出去 ，但是數(shù)據(jù)包是不會進(jìn)行變化的，也就是packet的頭部信息不會發(fā)生改變。所以IP包頭的source和des地址是不會變更的QUESTION 67Which two topologies are using the correct type of twistedpair cables? (Choose two.)A.B.C.D.E.Answer: DESection: Chapter 1: IntroductionExplanation/Reference:線纜問題，使用雙絞線的設(shè)備。相同設(shè)備用crossover不同設(shè)備用cutthought線纜。console使用的事rollor線纜QUESTION 68Which of the following are true regarding bridges and switches? (Choose two.)A. Bridges are faster than switches because they have fewer ports.B. A switch is a multiport bridge.C. Bridges and switches learn MAC addresses by examining the source MAC address of each framereceived.D. A bridge will forward a broadcast but a switch will not.E. Bridges and switches increase the size of a collision domain.Answer: BCSection: Chapter 9: SwitchingExplanation/Reference:考查網(wǎng)橋和交換機(jī)的區(qū)別A：網(wǎng)橋比交換機(jī)更快速，因為他們有更少的端口。錯誤B：交換機(jī)是一個多端口網(wǎng)橋。正確C：通過檢查數(shù)據(jù)包的source mac學(xué)習(xí)mac地址，正確D：網(wǎng)橋轉(zhuǎn)發(fā)廣播包，但交換機(jī)不轉(zhuǎn)發(fā)。錯誤E：網(wǎng)橋和交換機(jī)增加沖突域的大小，錯誤。QUESTION 69What are some of the advantages of using a router to segment the network? (Choose two.)A. Filtering can occur based on Layer 3 information.B. Broadcasts are eliminated.C. Routers generally cost less than switches.D. Broadcasts are not forwarded across the router.E. Adding a router to the network decreases latency.Answer: ADSection: Chapter 1: IntroductionExplanation/Reference:A：可以基于層三的信息過濾數(shù)據(jù)。B：廣播被淘汰。錯誤C：路由器的價格一般比交換機(jī)少。錯誤D：廣播不會穿越路由器，正確。E:增加路由器后減少延遲。錯誤。QUESTION 70Which of the following statements are true regarding bridges and switches? (Choose 3.)A. Switches are primarily software based while bridges are hardware based.B. Both bridges and switches forward Layer 2 broadcasts.C. Bridges are frequently faster than switc