新版CCNA_640-802_V13题库分析[强烈推荐]。将陆续整理近期部分老师对新版CCNA 802题库TESTINSIDE 640-802 V13的试题分析,关注新版考试的同学可以关注一下,有更新就推出来,可以加为收藏,最后更新为20071210。最后感谢网上热心的朋友和网络小菜鸟的56CTO.com站点提供信息来源和资源共享,祝大家在新版CCNA考试中顺利通过。

誉天IT技术论坛: http://bbs.yutianedu.com

誉天IT技术营博客 http://blog.yutianedu.com

誉天IT下载站 : http://soft.yutianedu.com

新版CCNA 802 v13题库分析:http://www.yutianedu.com/52network/dispbbs.asp?boardid=122&ID=12548

Testinside 640-802 VCEPDF题库:http://www.yutianedu.com/52network/dispbbs.asp?boardID=122&ID=12671

兜兜的CCNA 640-802例题分析系列

http://www.yutianedu.com/52network/dispbbs.asp?boardID=122&ID=12704

TestInside 640-802 V13+修订

思科CCNACCXP题库全集(0711月更新)

1. What are two reasons that a network administrator would use access lists? (Choose two.)
A. to control vty access into a router
B. to control broadcast traffic through a router
C. to filter traffic as it passes through a router
D. to filter traffic that originates from the router
E. to replace passwords as a line of defense against security incursions
Answer: AC 在VTY线路下应用ACL,可以控制从VTY线路进来的telnet的流量。也可以过滤穿越一台路由器的流量。
2. A default Frame Relay WAN is classified as what type of physical network?
A. point-to-point
B. broadcast multi-access
C. nonbroadcast multi-access
D. nonbroadcast multipoint
E. broadcast point-to-multipoint
Answer: C 在默认的情况下,帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。
3. Refer to the exhibit. How many broadcast domains exist in the exhibited topology?


A. one B. two C. three D. four E. five F. s i x
Answer: C 广播域的问题,在默认的情况下,每个交换机是不能隔离广播域的,所以在同一个区域的所有交换机都在同一个广播域中,但是为了减少广播的危害,将广播限制在一个更小的范围,有了VLAN的概念,VLAN表示的是一个虚拟的局域网,而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表示一个单独的广播域,这样一个VLAN中的广播的流量是不能传到其他的区域的,所以在上题中就有3个广播域了。
4. A single 802.11g access point has been configured and installed in the center of a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.)
A. mismatched TKIP encryption
B. null SSID
C. cordless phones 无线电话
D. mismatched SSID
E. metal file cabinets 金属走档
F. antenna type or direction 天线方向
Answer: CEF
5. Refer to the exhibit. What two facts can be determined from the WLAN diagram? (two.)


A. The area of overlap of the two cells represents a basic service set (BSS).
B. The network diagram represents an extended service set (ESS). 可扩展的服务节点
C. Access points in each cell must be configured to use channel 1.
D. The area of overlap must be less than 10% of the area to ensure connectivity.
E. The two APs should be configured to operate on different channels. 相交的地方可以设置成不同的频率
Answer: BE
6. The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?
A. This command should be executed from the global configuration mode.
B. The IP address 10.121.16.8 is the local router port used to forward data.
C. 102 is the remote DLCI that will receive the information.
D. This command is required for all Frame Relay configurations.
E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.
Answer: E 关于命令 frame-relay map ip 10.121.16.8 102 broadcast ,这个命令用于手工静态添加一条映射,到达10.121.16.8的流量封装一个DLCI号为102,而且这条PVC是支持广播的流量的,比如RIP的更新包。因为在默认的情况下,帧中继的网络为非广播的,而RIP在其上是无法发包的。
7. Which type of attack is characterized by a flood of packets that are requesting a TCP connection to a server?
A. denial of service
B. brute force
C. reconnaissance
D. Trojan horse
Answer: A
8. Which of the following are associated with the application layer of the OSI model? (two.)
A. ping B. Telnet C. FTP D. TCP E. IP
Answer: BC 在OSI 7层模型中位于应用层的应用有telnet 和 ftp 这两种应用。
9. For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?
A. IP
B. ICMP
C. TCP
D. UDP
Answer: B PING命令 利用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以如果要阻止PING的流量到网络,就只要过滤掉ICMP的应用就可以了。
10. Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem?


A. Router(config)# interface fastethernet 0/1.3
Router(config-if)# encapsulation dot1q 3
Router(config-if)# ip address 192.168.3.1 255.255.255.0
B. Router(config)# router rip
Router(config-router)# network 192.168.1.0
Router(config-router)# network 192.168.2.0
Router(config-router)# network 192.168.3.0
C. Switch1# vlan database
Switch1(vlan)# vtp v2-mode
Switch1(vlan)# vtp domain cisco
Switch1(vlan)# vtp server
D. Switch1(config)# interface fastethernet 0/1
Switch1(config-if)# switchport mode trunk
Switch1(config-if)# switchport trunk encapsulation isl
Answer: A 这是一个多VLAN间通讯的问题,虽然都同在一台交换机上,但是由于处在不同的VLAN中,而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了,在交换机和路由器之间封装TRUNK,这样可以允许交换机间的二层的通讯,但是由于两个VLAN是划分到不同的网段中的,因此需要借助路由器的路由功能来实现三层的可达,可以将VLAN中的主机的网关指定为路由器与该VLAN相连的子接口的地址,这样VLAN中的数据包就都会发往网关,而由网关来进行进一步的转发。在这个题中,题目给出了路由器的的子接口的网段,而又给出了VLAN 2与路由器相连的接口的IP地址,所以剩下的一个网段就是给VLAN 3的了 ,所以要在路由器上将与一个子接口划分到VLAN 3,并给其分配另一个网段中的IP地址。这样就可以了
11. What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)
A. Allow unrestricted access to the console or VTY ports.
B. Use a firewall to restrict access from the outside to the network devices.
C. Always use Telnet to access the device command line because its data is automatically encrypted.
D. Use SSH or another encrypted and authenticated transport to access device configurations.
E. Prevent the loss of passwords by disabling password encryption.
Answer: BD 要确保外部的安全的站点才可以访问我的网络,这就涉及到了安全的问题了,我们 可以使用防火墙来限制外网中来的设备;也可以通过SSH或加密和认证来控制。
12. Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.

access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet
access-list 101 permit ip any any
A. source ip address: 192.168.15.5; destination port: 21
B. source ip address:, 192.168.15.37 destination port: 21
C. source ip address:, 192.168.15.41 destination port: 21
D. source ip address:, 192.168.15.36 destination port: 23
E. source ip address: 192.168.15.46; destination port: 23
F. source ip address:, 192.168.15.49 destination port: 23
Answer: DE 这个访问列表定义了两个语句: access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet access-list 101 permit ip any any在访问列表中匹配的顺序是从上到下,如果匹配了某一句,就退出访问列表,如果没有就一直往下匹配,在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中,他定义的第一句是拒绝到从192.168.15.32- 192.168.15.47发出的任何的telnet 的流量,然后第二句定义的就是允许所有的IP流量。而且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。
13. Refer to the exhibit. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table?

A. Switch1 will add 192.168.23.4 to the switching table.
B. Switch1 will add 192.168.23.12 to the switching table.
C. Switch1 will add 000A.8A47.E612 to the switching table.
D. Switch1 will add 000B.DB95.2EE9 to the switching table.
Answer: C 交换机重新启动了,这个时候交换机的MAC地址表是空的,当主机A发送数据给主机C而经过交换机时,交换机根据他的工作的原理他要进行原MAC地址学习,而因为对于这个目的MAC地址无记录,而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中,交换机是记录下主机A的MAC地址000A.8A47.E612到他的MAC地址表中。
14. The user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do?


A. send a unicast ARP packet to the DSL modem/router
B. send unicast ICMP packets to the DSL modem/router
C. send Layer 3 broadcast packets to which the DSL modem/router responds
D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router
Answer: B 在下面的表中我们可以看到ARP表中有关于192.168.1.254的ARP条目,所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。
15. What are two security appliances that can be installed in a network? (Choose two.)
A. ATM B. IDS C. IOS D. IOX E. IPS F. SDM
Answer: BE
16. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?

A. 172.1.0.0/22
B. 172.1.0.0/21
C. 172.1.4.0/22
D. 172.1.4.0/24
172.1.5.0/24
172.1.6.0/24
172.1.7.0/24
E. 172.1.4.0/25
172.1.4.128/25
172.1.5.0/24
172.1.6.0/24
172.1.7.0/24
Answer: C 这还是一个关于汇总的问题。要求R1将所有的网段用汇总的条目发送给R2,因为这些条目的网络位是相同的都为172.1,所以在这需要汇总的只是第3个八位,将4,4,5,6,7 这些写成二进制的形式,然后找出相同的位数,则有相同位数的字节就是他们的掩码的位数,而最小的有相同位的最小的数字就是他们的基数位,所以R1通告出去 汇总的条目为172.2.4.0/22。
17. Which spread spectrum technology does the 802.11b standard define for operation?
A. IR B. DSSS C. FHSS D. DSSS and FHSS E. IR, FHSS, and DSSS
Answer: B
18. Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How will the default route configured on R1 affect the operation of R2?

A. Any packet destined for a network that is not directly connected to router R1 will be dropped.
B. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately.
C. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1.
D. The networks directly connected to router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks.
E. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur.
Answer: E在R1上产生了一个OSPF的缺省路由,出接口指定为S0/0,这条缺省路由以5类LSA的形式通告给了R2,于是R2上也有了一条标记为O*E2 0.0.0.0/0 出接口为 Serial0/0的路由。所以R2收到任何路由表中没有的目的网段时,就将指定给R1,而R1根据缺省路由的出接口又将数据包发往R2,这样就形成了一个路由的环路。
19. A network interface port has collision detection and carrier sensing enabled on a shared twisted pair network. From this statement, what is known about the network interface port?
A. This is a 10 Mb/s switch port.
B. This is a 100 Mb/s switch port.
C. This is an Ethernet port operating at half duplex.
D. This is an Ethernet port operating at full duplex.
E. This is a port on a network interface card in a PC.
Answer: C一个接口有冲突检测和载波侦听,而且是使用双绞线的网络,那么对于这个接口我们可以推测出他是以太接口,而且是工作在半双工的模式下。
20. Refer to the topology and router configuration shown in the graphic. A host on the LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?

A. 10.10.0.1 B. 10.10.0.2 C. 199.99.9.33 D. 199.99.9.57 E. 200.2.2.17
F. 200.2.2.18
Answer: D这是个NAT地址转换的题目,在这f0/0接口连接下的为私有的地址,这些地址是不能同外网进行通讯的,这时就借助NAT,将内网的私有地址转换为可以在公网上通讯的地址,我们看到NAT POOL 中定义的转换后的公有地址为199.99.9.40到199.99.9.62,则表示这段地址是我转换后的内网全局地址,所以HOST想要穿过INTERNET访问FTP服务器,则需要转换为公有地址199.99.9.40到199.99.9.62之内的地址,在上面的答案中只有地址199.99.9.57满足条件,所以答案就是D了。
21. A company is installing IP phones. The phones and office computers connect to the same device. To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device? (Choose two.)
A. hub B. router C. switch D. STP E. subinterfaces F. VLAN
Answer: CF公司的语音设备和办公的设备都连在相同的设备上,还要确保语音的数据流在不同与公司的办公的数据流量,最好的网络设备当然是交换机了,然后利用VLAN的技术就完全可以满足所有的要求了。
22. Refer to the exhibit. Which statement describes DLCI 17?


A. DLCI 17 describes the ISDN circuit between R2 and R3.
B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.
C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.
D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider.
Answer: C DLCI是在Frame-relay中的描述二层信息的地址,他的地位等同于以太网中的MAC地址。我们以R2上的DLCI 17来看,DLCI 17描述的是:从这个接口出去的目的地为R3的接口的这条PVC的二层的地址为17。
23. Which routing protocol by default uses bandwidth and delay as metrics?
A. RIP B. BGP C. OSPF D. EIGRP
Answer: D在我们的路由协议中使用复合度量的协议只有IGP和EIGPR,而他们在默认的情况下是使用带宽和延时来计算度量的。
24. Refer to the output from the show running-config command in the exhibit. What should the administrator do to allow the workstations connected to the FastEthernet 0/0 interface to obtain an IP address?


A. Apply access-group 14 to interface FastEthernet 0/0.
B. Add access-list 14 permit any any to the access list configuration.
C. Configure the IP address of the FastEtherent 0/0 interface to 10.90.201.1.
D. Add an interface description to the FastEthernet 0/0 interface configuration.
Answer: C
25. In the implementation of VLSM techniques on a network using a single Class C IP address, which subnet
mask is the most efficient for point-to-point serial links?
A. 255.255.255.0
B. 255.255.255.240
C. 255.255.255.248
D. 255.255.255.252
E. 255.255.255.254
Answer: D在点到点的链路上因为只需要分配两个地址给两端就可以了,所以加上网络地址和广播地址,这个网段也就只需要有4个地址了,所以网络位需要匹配30位,掩码就为255.255.255.252.
26. Refer to the exhibit. The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.)


A. 192.168.194.160 B. 192.168.183.41 C. 192.168.159.2
D. 192.168.183.255 E. 192.168.179.4 F. 192.168.184.45
Answer: BE这个题其实就是考察的汇总的问题,他说的意思是R2发送了一个汇总的路由192.168.176.0/21给R1,哪两个包文的目的地R1仍将转发给R2。这还是汇总的问题的一个反向的考察,根据21位的掩码位数可以推断在第3个八位字节的前5位是相同的,不同的是后面的3位,而将176写成二进制的形式为1011 0000,所以可以看出来明细的路由可以是176-183,所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。
27. Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data?


A. Switch-1 will drop the data because it does not have an entry for that MAC address.
B. Switch-1 will flood the data out all of its ports except the port from which the data originated.
C. Switch-1 will send an ARP request out all its ports except the port from which the data originated.
D. Switch-1 will forward the data to its default gateway.
Answer: B首先Switch 1需要发送一个数据到MAC地址为00b0.d056.efa4的主机,了解到目的地后,就查看他的MAC 地址表,然后发现在MAC地址表中没有这个MAC地址的条目存在。交换机在收到未知的单播,组播和广播时,都采用的是泛洪的方式,往除收到数据的这个接口外的所有接口都发送。所以在这儿,Switch 1也采取的上泛洪的方式。
28. Two routers named Atlanta and Brevard are connected by their serial interfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct configuration. Given the partial configurations shown in the exhibit, what is the problem on the Brevard router that is causing the lack of connectivity?


A. A loopback is not set. B. The IP address is incorrect. C. The subnet mask is incorrect.
D. The serial line encapsulations are incompatible.
E. The maximum transmission unit (MTU) size is too large.
F. The bandwidth setting is incompatible with the connected interface.
Answer: B很明显的错误啊,两台路由器的串行接口的地址配置错误,不是在相同的网段,从而导致了不能通讯。
29. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)
A. amount of RAM B. bridge priority C. IOS version D. IP address E. MAC address
F. speed of the links
Answer: BE生成树的选举的问题,根桥的选举是通过比较BID的,而BID由桥优先级和MAC地址组成的.所以在选根桥的时候需要比较的是桥优先级和MAC address。
30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?


A. Switch1 B. Switch2 C. Switch3 D. Switch4 Answer: C这是个关于生成树选举的问题,我们首先需要找到根桥,而根桥的选举是通过比较桥ID的,而且是越小越优先,桥ID的组成为桥优先级和MAC地址。所以我们通过上图可以找到根桥为switch 1。然后在非根桥上选出根端口,通过比较到根桥的花费来选举的,花费最小的就是根端口。因为上图中没有表示出链路的带宽,所以无法比较他们的花费。下一步我们来选举指派端口。每条链路都需要有一个DP,先是比较花费,如果花费相同则比较BID(桥优先级),仍是越小越优先,根据上图的表识,我们可以找到每条链路上的DP,而连Printers的链路上的DP就为Switch 3,因为他有更小的MAC地址。
31. While troubleshooting a network connectivity problem, a technician observes steady link lights on both the workstation NIC and the switch port to which the workstation is connected. However, when the ping command is issued from the workstation, the output message "Request timed out." is displayed. At which layer of the OSI model does the problem most likely exist?
A. the session layer B. the protocol layer C. the data link layer D. the access layer
E. the network layer F. the application layer
Answer: E
32. Refer to the exhibit. Why would the network administrator configure RA in this manner?


A. to give students access to the Internet
B. to prevent students from accessing the command prompt of RA
C. to prevent administrators from accessing the console of RA
D. to give administrators access to the Internet
E. to prevent students from accessing the Internet
F. to prevent students from accessing the Admin network
Answer: B在这儿,将ACL应用到VTY线路下,而且是IN的方向,表示凡是被我的ACL允许的才能telnet到我.在RA上配置的是permit 10.1.1.0 0.0.0.255根据隐式的deny any允许Admin的网段中的用户可以telnet到他,所以Student的网段中的用户是被拒绝的.
33. In order to allow the establishment of a Telnet session with a router, which set of commands must be configured?
A. router(config)# line console 0
router(config-line)# enable password cisco
B. router(config)# line console 0
router(config-line)# enable secret cisco
router(config-line)# login
C. router(config)# line console 0
router(config-line)# password cisco
router(config-line)# login
D. router(config)# line vty 0
router(config-line)# enable password cisco
E. router(config)# line vty 0
router(config-line)# enable secret cisco
router(config-line)# login
F. router(config)# line vty 0
router(config-line)# password cisco
router(config-line)# login
Answer: F telnet是一个应用层的应用,他使用的是vty线路,而且在默认的情况下,是需要访问的线路下设有密码的。而在VTY线路下设置密码的命令为 passwork string ,而VTY线路下的另一个命令login则是默认的,可写也可不写。如果想Telnet时在VTY线路下不设置密码也可以访问这个线路,可以在该VTY线路下输入命令 no login。
34. Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)


A. The Manchester serial address is 10.1.1.1. B. The Manchester serial address is 10.1.1.2.
C. The London router is a Cisco 2610. D. The Manchester router is a Cisco 2610.
E. The CDP information was received on port Serial0/0 of the Manchester router.
F. The CDP information was sent by port Serial0/0 of the London router.
Answer: ACE CDP是CISCO私有的一个二层的协议,但是他却可以发现三层的IP信息的.通过CDP可以发现的邻居的信息有:设备的名称,IP地址,端口,能力,平台,对端的holddown time.在上图的show cdp entry *命令的显示可以看到的信息有:设备名称:London;IP地址:10.1.1.2;平台:cisco 2610;能力:Router;端口:s0/1;holdtime:125S.Manchesteter收到这个CDP信息的接口为S0/0.综合一下,这个题目的答案就出来了.
35. A network administrator has configured two switches, named London and Madrid, to use VTP. However, the switches are not sharing VTP messages. Given the command output shown in the graphic, why are these switches not sharing VTP messages?


A. The VTP version is not correctly configured. B. The VTP operating mode is not correctly configured.
C. The VTP domain name is not correctly configured. D. VTP pruning mode is disabled.
E. VTP V2 mode is disabled. F. VTP traps generation is disabled.
Answer: C 交换机间不能共享VTP的信息,我们就需要检查VTP的状态,首先需要检查的是VTP的域名,只有同一个域中的才可能相互学习,再来检查VTP的模式,必须有一个server模式才能有VTP学习的过程的,默认的情况下VTP的模式为Server的。然后我们检查图题目给出的信息,可以看到两台交换机的VTP domain是不一致的,所以这个就是问题的所在了。
36. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two.)


A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.
C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.
D. Router C will send a Destination Unreachable message type.
E. Router C will send a Router Selection message type.
F. Router C will send a Source Quench message type.
Answer: AD连Host 2的接口E0/0 down了,那么最直接的反映就发生在路由器C上,C的路由表中的这个条目就消失了,因此当Host 1 想要跟Host 2建立连接的时候,Router C就发送一个目的网段不可达的消息;如果是使用ping命令,那么Router C就使用ICMP 的包文告诉Host 1,Host 2是不可打的。
37. Refer to the exhibit. Assuming that the router is configured with the default settings, what type of router interface is this?


A. Ethernet B. FastEthernet C. Gigabit Ethernet D. asynchronous serial
E. synchronous serial
Answer: B这个题是需要根据图中提供的信息来判断接口的类型。可以看到接口的MAC地址,表示这个接口肯定不是串行接口,所以可以排除D和E的选项。看带宽BW 100000 Kbit,表示的是100M的带宽,所以这是个Fast Ethernet接口。
38. On point-to-point networks, OSPF hello packets are addressed to which address?
A. 127.0.0.1 B. 172.16.0.1 C. 192.168.0.5 D. 223.0.0.1 E. 224.0.0.5
F. 254.255.255.255
Answer: E在OSPF中Hello包发向的是224.0.0.5和224.0.0.6这两个地址的。大家在做OSPF实验的时候,用debug命令是可以看到这两个个地址的。
39. While troubleshooting a connectivity problem, a network administrator notices that a port status LED on a Cisco Catalyst series switch is alternating green and amber. Which condition could this indicate?
A. The port is experiencing errors. B. The port is administratively disabled.
C. The port is blocked by spanning tree.
D. The port has an active link with normal traffic activity.
Answer: A CISCO交换机的端口状态指示灯是闪烁的绿色和浅×××,表示端口有操作的问题——也许是过量的错误或连接的问题。
40. Refer to the exhibit. The network shown in the exhibit is running the RIPv2 routing protocol. The network has converged, and the routers in this network are functioning properly. The FastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this network respond to this change? (Choose two.)


A. All routers will reference their topology database to determine if any backup routes to the 192.168.1.0 network are known.
B. Routers R2 and R3 mark the route as inaccessible and will not accept any further routing updates from R1 until their hold-down timers expire.
C. Because of the split-horizon rule, router R2 will be prevented from sending erroneous information to R1 about connectivity to the 192.168.1.0 network.
D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been lost, R2 will respond by sending a route back to R1 with an infinite metric to the 192.168.1.0 network.
E. R1 will send LSAs to R2 and R3 informing them of this change, and then all routers will send periodic updates at an increased rate until the network again converges.
Answer: CD这涉及到RIP关于环路避免的几种机制了。在这里R1的直连的链路发生了变化,立即触发更新(触发更新),发送flash update出去,将这个条目置为possible down,设置最大跳数(路由毒性),R2收到这个flash update后,也回复一个flash update包(毒性逆转),同时将这个条目也置为possible down,设置最大跳数。
41. What is the maximum data rate specified for IEEE 802.11b WLANs?
A. 10 Mbps B. 11 Mbps C. 54 Mbps D. 100 Mbps
Answer: B
42. Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two.)
A. It is locally significant. B. It is globally significant.
C. It is needed to identify a unique instance of an OSPF database.
D. It is an optional parameter required only if multiple OSPF processes are running on the router.
E. All routers in the same OSPF area must have the same process ID if they are to exchange routing information.
Answer: AC OSPF的进程号只在本地有效。在一台路由器上需要为每个进程维护各自的OSPF数据库。
43. Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server. What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.)


A. access lists B. encrypted router passwords C. STP D. VLANs E. VTP
F. wireless LANs
Answer: AD需要控制只允许哪些组可以访问服务器,组中的哪些用户可以访问,使用的技术当然有ACL和VLAN了。
44. Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)
A. It establishes a static route to the 172.16.3.0 network.
B. It establishes a static route to the 192.168.2.0 network.
C. It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.
D. It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.
E. It uses the default administrative distance.
F. It is a route that would be used last if other routes to the same destination exist.
Answer: AE命令ip route 172.16.3.0 255.255.255.0 192.168.2.4是静态指定一条路由:通过接口192.168.2.4可以到达网段172.16.3.0/24。在这条命令后没有指定管理距离,就表示使用默认的管理距离,为1.
45. The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)


A. Configure the gateway on Host A as 10.1.1.1.
B. Configure the gateway on Host B as 10.1.2.254.
C. Configure the IP address of Host A as 10.1.2.2.
D. Configure the IP address of Host B as 10.1.2.2.
E. Configure the masks on both hosts to be 255.255.255.224.
F. Configure the masks on both hosts to be 255.255.255.240.
Answer: BD主机A到他的指定网关的这条链路是没有问题的,因为HOST A,接口VLAN1和路由器的f0/0.1网段是相同的,且都是处于VLAN 1的。而HOST B的VLAN2到交换机是没有相同的VLAN 接口和他通讯的,所以HOST B发出的数据到交换机上就被丢弃了。所以需要在交换机上指定一个处于VLAN 2的接口,并将SVI地址配置为和路由器POP的f0/0.2相同网段的地址。因为路由器的接口的地址分配的是网段10.1.2.0/24,所以我们的HOST B的地址应该也分派一个10.1.2.0/24的地址,并且网关也指定为路由器POP的f0/0.2的地址。
46. Which three statements are correct about RIP version 2? (Choose three.)
A. It has the same maximum hop count as version 1.
B. It uses broadcasts for its routing updates.
C. It is a classless routing protocol.
D. It has a lower default administrative distance than RIP version 1.
E. It supports authentication.
F. It does not send the subnet mask in updates.
Answer: ACE关于RIPv2,首先要了解他是一个无类的路由协议,在发送路由更新的时候是携带掩码的。他的metric的计算方式和RIPv1的相同,仍然是根据跳数的,但是他的跳数范围扩大了,RIPv1的为16跳,而RIPv2的为255跳。RIPv1是以广播的形式发送更新的,在RIPv2中采用的是广播,地址为224.0.0.9。RIPv2是支持认证的,而在RIPv1中是没有这个功能的。RIPv2是可以关闭自动汇总的,而在RIPv1中是不能关闭的。
47. What should be part of a comprehensive network security plan?
A. Allow users to develop their own approach to network security.
B. Physically secure network equipment from potential access by unauthorized individuals.
C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten.
D. Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported.
E. Minimize network overhead by deactivating automatic antivirus client updates.
Answer: B
48. How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?
A. Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the sub-interface.
B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.
C. Configure many sub-interfaces on the same subnet.
D. Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces.
Answer: A
49. Refer to the exhibit. Router1 was just successfully rebooted. Identify the current OSPF router ID for Router1.


A. 190.172.32.10 B. 208.149.23.162 C. 208.149.23.194 D. 220.173.149.10
Answer: C这是个关于OSPF的RID的选举的问题。在OSPF中,RID的选举过程是这样的:如果通过命令router-id 来指定一个RID,那么就采用手工指定的这个RID;如果没有手工指定,则在可以使用的接口中来选举,他是优先采用回环口的,如果只有一个回环口,就采用这个回环口的IP作为RID,如果有多个回环口,就采用这多个回环口中IP地址最大的作为RID;如果没有回环口,就采用物理接口中IP地址最大的接口IP作为RID。在上面的图中可以看到有两个回环口,而Loopback1的IP更大,所以208.149.23.194就做为RID了。
50. Which two statements best describe the wireless security standard that is defined by WPA? (Choose two.)
A. It specifies use of a static encryption key that must be changed frequently to enhance security.
B. It requires use of an open authentication method.
C. It specifies the use of dynamic encryption keys that change each time a client establishes a connection.
D. It requires that all access points and wireless devices use the same encryption key.
E. It includes authentication by PSK.
Answer: CE
51. What can a network administrator utilize by using PPP Layer 2 encapsulation? (Choose three.)
A. VLAN support B. compression C. authentication D. sliding windows
E. multilink support F. quality of service
Answer: BCE PPP协议是能支持认证的,包括PAP和CHAP;PPP还支持压缩功能和差错校验,还可实现多链路捆绑。而他们的这些功能都是HDLC所没有的。
52. Refer to the exhibit. What is the meaning of the term dynamic as displayed in the output of the show frame-relay map command shown?


A. The Serial0/0 interface is passing traffic.
B. The DLCI 100 was dynamically allocated by the router.
C. The Serial0/0 interface acquired the IP address of 172.16.3.1 from a DHCP server.
D. The DLCI 100 will be dynamically changed as required to adapt to changes in the Frame Relay cloud.
E. The mapping between DLCI 100 and the end station IP address 172.16.3.1 was learned through Inverse ARP.
Answer: E这是个关于MAP的知识。在图中可以看到这个MAP是dynamic的,因此是通过inverse ARP学习到的。而ip 172.16.3.1 dlci 100表示的是DLCI 100映射的地址为172.16.3.1。就像是以太网中的MAC和IP的映射一样,通过DLCI100可以找到IP 172.16.3.1。
53. What is the function of the Cisco IOS command ip nat inside source static 10.1.1.5 172.35.16.5?
A. It creates a global address pool for all outside NAT transactions.
B. It establishes a dynamic address pool for an inside static address.
C. It creates dynamic source translations for all inside local PAT transactions.
D. It creates a one-to-one mapping between an inside local address and an inside global address.
E. It maps one inside source address to a range of outside global addresses.
Answer: D ip nat inside source static 10.1.1.5 172.35.16.5 这条命令是静态创建一个一对一的地址转换。他把内部本地地址10.1.1.5转换为全局地址172.35.16.5。
54. Refer to the exhibit. What is the effect of the configuration that is shown?


A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that fails to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Answer: D
55. Refer to the exhibit. When PC1 sends an ARP request for the MAC address of PC2, network performance slows dramatically, and the switches detect an unusually high number of broadcast frames. What is the most likely cause of this?

A. The portfast feature is not enabled on all switch ports.
B. The PCs are in two different VLANs.
C. Spanning Tree Protocol is not running on the switches.
D. PC2 is down and is not able to respond to the request.
E. The VTP versions running on the two switches do not match.
Answer: C PC1发出一个ARP request的数据报,并且是以广播的形式发送出去的。当ARP报文传到switch 2,交换机对广播的流量是以泛洪的形式处理的,报文就从除了连接PC1的接口外的所有接口都发出去了。Switch1收到广播后也泛洪,因此一个广播环路就产生了,所以在感觉网络性能很差,因为广播的流量占有了很大的带宽。而我们阻断二层环路是通过生成树来实现的,在图中有环路存在因此就说明没有运行生成树了。
56. An administrator issues the command ping 127.0.0.1 from the command line prompt on a PC. If a reply is received, what does this confirm?
A. The PC has connectivity with a local host.
B. The PC has connectivity with a Layer 3 device.
C. The PC has a default gateway correctly configured.
D. The PC has connectivity up to Layer 5 of the OSI model.
E. The PC has the TCP/IP protocol stack correctly installed.
Answer: E地址127.0.0.0是一个私有的保留地址段,他是一个回环的地址,一般用于测试,测试TCP/IP协议栈是否起来了。在一台PC上能ping 通127.0.0.1说明这个PC的TCP/IP协议栈是正确安装的。
57. Host 1 has just started up and requests a web page from web server 2. Which two statements describe steps in the process Host 1 uses to send the request to web server 2 (choose two)?


A. Host 1 addresses the frames to the MAC address of router R1
B. Host 1 looks in its ARP cache for the MAC address of router R1
C. Host 1 addresses the frames to the MAC address of web server 2
D. Host 1 sends the packets to router R1 to be forwarded to web server 2
E. Host 1 sends a broadcast ARP request to obtain the MAC address of webserver2.
Answer: CE
58. Refer to the exhibit. Which two statements about the configuration of the switch interface are correct? (Choose two)

A. The switchport belongs only to VLAN 2
B. The switchport belongs only to VLAN 2
C. Interface fa0/0 will be in both VLAN 1 (by default) and VLAN 2
D. The exhibit shows interface fa0/0 to be dynamically mapped to VLAN 2
E. A network host can be connected to this interface.
Answer: AE
59. Refer to the exhibit. The network administrator requires easy configuration options and minimal routing protocol traffic. What two options provide adequate routing table information for traffic that passes between the two routers and satisfy the requests of the network administrator? (Choose two.)


A. a dynamic routing protocol on InternetRouter to advertise all routes to CentralRouter.
B. a dynamic routing protocol on InternetRouter to advertise summarized routes to CentralRouter.
C. a static route on InternetRouter to direct traffic that is destined for 172.16.0.0/16 to CentralRouter.
D. a dynamic routing protocol on CentralRouter to advertise all routes to InternetRouter.
E. a dynamic routing protocol on CentralRouter to advertise summarized routes to InternetRouter.
F. a static, default route on CentralRouter that directs traffic to InternetRouter.
Answer: CF因为在这个图中,internetRouter要访问内网 172.16.0.0/16只能通过路由器CentralRouter.所以只需要在InternetRouter上配置一条通过CentralRouter到达172.16.0.0/16的网段就可以了。同样内网要访问外部,也只能通过路由器InternetRouter才能到达,所以也可以在CentralRouter上配置一条缺省路由到外部。
60. What are some of the advantages of using a router to segment the network? (Choose two.)
A. Filtering can occur based on Layer 3 information.
B. Broadcasts are eliminated.
C. Routers generally cost less than switches.
D. Broadcasts are not forwarded across the router.
E. Adding a router to the network decreases latency.
Answer: AD这里问的是用路由器来分割一个网络的好处是什么。路由器是工作在三层的设备,因此我们可以基于三层的信息来实现过滤;而且大家知道路由器是可以过滤广播的。这些应该就都是他分割一个网络的好处了。要注意路由器只是能阻断广播,让他不能从一个域中传播到另一个域中,他是没办法消除广播的。
61. Refer to the exhibit. What is the meaning of the output MTU 1500 bytes?


A. The maximum number of bytes that can traverse this interface per second is 1500.
B. The minimum segment size that can traverse this interface is 1500 bytes.
C. The maximum segment size that can traverse this interface is 1500 bytes.
D. The minimum packet size that can traverse this interface is 1500 bytes.
E. The maximum packet size that can traverse this interface is 1500 bytes.
F. The maximum frame size that can traverse this interface is 1500 bytes.
Answer: E MTU是最小传输单元的意思,表示在这个接口上传输的最大字节为1500,如果超过这个值,包就需要被分片。
62. There are no boot system commands in a router configuration in NVRAM. What is the fallback sequence that the router will use to find an IOS during reload?
A. TFTP server, Flash, NVRAM B. ROM, NVRAM, TFTP server
C. NVRAM, TFTP server, ROM D. Flash, TFTP server, ROM
E. Flash, NVRAM, ROM
Answer: D这个问的是路由器寻找IOS的过程。1.路由器在POST后,先查看寄存器的值,这个值是一组4个十六进制的数字,而其中的最后的一位影响启动的过程。2.在NVRAM的配置文件中查看boot system命令,这个命令告诉引导程序在哪里寻找IOS。在这个题中说没有boot system的命令保存在NVRAM中。所以这步跳过。3.如果在NVRAM的配置文件中没有找到boot system命令,引导程序使用flash中所找到的第一个有效的IOS镜像。4.如果flash中没有有效的IOS镜像,引导程序将生成一个TFTP本地广播以定位TFTP服务器。5.如果没有找到TFTP服务器,引导程序将加载ROM中的迷你IOS(RXBOOT 模式)6.如果ROM中有迷你IOS,那么迷你IOS在随后加载并且进入RXBOOT模式;否则路由器不是重新试图寻找IOS镜像,就是加载ROMMON并且进入ROM Monitor模式。这样看,答案就很明显了。
63. Host 1 receives a file from remote server 1. Which MAC address appears as the source address in the header of the frames received by Host 1?


A. The MAC address of the NIC in Host 1 .
B. The MAC address of the NIC in server 1.
C. The MAC address of the Fa0/0 interface of router R1
D. The MAC address of the s0/0/0 interface of the router R2
Answer: C
64. In which circumstance are multiple copies of the same unicast frame likely to be transmitted in a switched LAN?
A. during high traffic periods
B. after broken links are re-established
C. when upper-layer protocols require high reliability
D. in an improperly implemented redundant topology
E. when a dual ring topology is in use
Answer: D在一个LAN中有若干的单播帧的拷贝。在一般来说我们的每个单播帧都是只有一个目的地,从而从一个相关接口发送出去就可。如果有若干个单播帧的拷贝就表示我的交换机上同这个目的地址绑定的接口有多个,而这些都应该是不必要的。因为我到一个目的地从一条路走就可以了,如果出现了多条路,那么就应该是做冗余的,可是不正确的配置可能导致我的LAN中产生环路,从而形成在LAN中有同一个帧的多个拷贝。
65. Which of the following describe private IP addresses? (Choose two.)
A. addresses chosen by a company to communicate with the Internet
B. addresses that cannot be routed through the public Internet
C. addresses that can be routed through the public Internet
D. a scheme to conserve public addresses
E. addresses licensed to enterprises or ISPs by an Internet registry organization
Answer: BD私有IP地址是不能在公网上传递的。他只能在一个单独的区域中使用,如果一个使用私有地址的设备需要同外网通讯,可以通过NAT将这个私有地址转换为公有地址,这样也可以达到隐藏地址的目的。外网知道的只能是你通过NAT转换后的公有地址,而无法知道你的正在使用的那个私有地址的。
66. Refer to the exhibit. A network administrator is adding two new hosts to SwitchA. Which three values could be used for the configuration of these hosts? (Choose three.)


A. host 1 IP address: 192.168.1.79 B. host 1 IP address: 192.168.1.64
C. host 1 default gateway: 192.168.1.78 D. host 2 IP address: 192.168.1.128
E. host 2 default gateway: 192.168.1.129 F. host 2 IP address: 192.168.1.190
Answer: ACF我们可以看路由器上的子接口的配置:接口fa0/0.10封装了trunk 并被划分到vlan 10中,接口fa0/0.20封装了trunk并被划分到vlan 20中了。接下来我们来看交换机上的接口的vlan分配:和host A相连的接口f0/6划分到了vlan 10,而和host B相连的接口f0/9划分到了vlan 20。因为只有相同vlan中数据才可以通讯,所以我们应该将host A的地址和f0/0.10的配置一样的网段,而将host B的地址和f0/0.20配置一样的网段。并且因为主机是没有路由的功能的,我们需要给他们指定网关,而他们的网关地址应该是相应VLAN中的路由器的子接口的地址。所以,host A的地址为192.168.1.65----192.168.1.95(除了192.168.1.78)的地址,并且默认的网关的地址为192.168.1.78。Host B的地址为192.168.1.1----192.168.1.190(除了192.168.1.130)的地址,并且默认的网关地址为192.168..1.130。
67. Which of the following statements are true regarding bridges and switches? (Choose 3.)
A. Switches are primarily software based while bridges are hardware based.
B. Both bridges and switches forward Layer 2 broadcasts.
C. Bridges are frequently faster than switches.
D. Switches have a higher number of ports than most bridges.
E. Bridges define broadcast domains while switches define collision domains.
F. Both bridges and switches make forwarding decisions based on Layer 2 addresses.
Answer: BDF这问到的是关于网桥和交换机的异同。首先要知道网桥和交换机都是工作在二层的因此都是基于MAC地址进行转发的。因此就工作基层来说,我们可以说交换机是多端口的网桥,因为交换机的端口比网桥多。
68. Which of the following describes the roles of devices in a WAN? (Choose three.)
A. A CSU/DSU terminates a digital local loop.
B. A modem terminates a digital local loop.
C. A CSU/DSU terminates an analog local loop.
D. A modem terminates an analog local loop.
E. A router is commonly considered a DTE device.
F. A router is commonly considered a DCE device.
Answer: ADE
69. A router receives information about network 192.168.10.0/24 from multiple sources. What will the router consider the most reliable information about the path to that network?
A. a directly connected interface with an address of 192.168.10.254/24
B. a static route to network 192.168.10.0/24
C. a RIP update for network 192.168.10.0/24
D. an OSPF update for network 192.168.0.0/16
E. a default route with a next hop address of 192.168.10.1
F. a static route to network 192.168.10.0/24 with a local serial interface configured as the next hop
Answer: A当到达同一个目的地有多种路径选择的时候,先在各自路径通过比较metric来选出各种路径的最优的,然后通过比较AD值 来选出各种路径中的最优的来。例如,到网段192.168.10.0/24,我收到了EIGRP的传过来的,也收到OSPF传过来的,这时我们先通过metric值,选出successor来,然后再通过比较EIGRP和OSPF的AD来选出最优的路径。在AD值中直连的AD值为0,metric 0。当然是这个路由是最可靠最优的了。
70. Which three Layer 2 encapsulation types would be used on a WAN rather than a LAN? (Choose three.)
A. HDLC B. Ethernet C. Token Ring D. PPP E. FDDI F. F r ame R e l ay
Answer: ADF连接到WAN,有三种连接方式:专线连接,电路交换和包交换。专线使用同步串行线,他的二层的封装协议常用的有:HDLC,PPP;电路交换使用同步串行线,他使用的二层的封装协议有:HDLC,PPP包交换使用的是虚电路(VC),而VC又分为PVC(永久虚电路)和SVC(交换虚电路),他使用的二层的封装协议有:X.25, Frame-relay,ATM。
71. What can be determined from the router output shown in the graphic?


A. 200.1.1.64 is a default route. B. The output shows that there are three default routes.
C. The output came from router R2. D. The output came from a router that has four physical interfaces.
E. EIGRP is in use in this network.
Answer: E简单点就是,因为在路由标记上有一个D,表示这条路由是从EIGRP学到的,所以肯定是有EIGRP运行在网络中的。接下来我们来仔细看每一条的输出:从200.1.1.192/26 是直连lo0口的,可以推断出这个信息是R1上的信息。D 200.1.1.0/24 is a summary ,NUllo:表示这是一条汇总的EIGRP 的路由。S* 0.0.0.0/0 is directly connected, serial1:表示这是一条缺省的路由,出接口为serial。这样应该就很明白了。
72. Which additional configuration step is necessary in order to connect to an access point that has SSID broadcasting disabled?
A. Set the SSID value in the client software to public.
B. Configure open authentication on the AP and the client.
C. Set the SSID value on the client to the SSID configured on the AP.
D. Configure MAC address filtering to permit the client to connect to the AP.
Answer: C
73. Why will a switch never learn a broadcast address?
A. Broadcasts only use network layer addressing.
B. A broadcast frame is never forwarded by a switch.
C. A broadcast address will never be the source address of a frame.
D. Broadcast addresses use an incorrect format for the switching table.
E. Broadcast frames are never sent to switches.
Answer: C首先我们了解了交换机是通过源MAC地址学习的,他将收到的帧的源MAC地址和这个收到的这个接口进行绑定,形成一个条目放入MAC地址表中。而我们的广播地址是永远不可能成为源MAC地址的,所以交换机当然不能学习广播的MAC地址了。
74. Refer to the graphic. Host A has established a connection with the HTTP server attached to interface E0 of the xyz router. Which of the following statements describe the information contained in protocol data units sent from host A to this server? (Choose three.)


A. The destination port number in a segment header will have a value of 80.
B. The destination port number in a segment header will have a unique value greater than or equal to 1023.
C. The destination address of a frame will be the MAC address of the HTTP server interface.
D. The destination address of a frame will be the MAC address of the E0 interface of the abc router.
E. The destination IP address of a packet will be the IP address of the E0 interface of the abc router.
F. The destination IP address of a packet will be the IP address of the network interface of the HTTP server.
Answer: ADF host A想要连接http的server,首先我们知道HTTP的端口号为知名的端口80,IP地址当然是http server连接到Router XYZ的e0口的IP地址了。由于路由器上默认情况下代理ARP是开启的,所以一有ARP查询MAC地址的,路由器一看这个路由我知道该怎么到达,他就会用自己的MAC地址作为ARP的应答发送回去,所以Host A发送的数据包的目的MAC地址为Router XYZ的E0口的MAC地址。
75. What are two reasons a network administrator would use CDP? (Choose two.)
A. to verify the type of cable interconnecting two devices
B. to determine the status of network services on a remote device
C. to obtain VLAN information from directly connected switches
D. to verify Layer 2 connectivity between two devices when Layer 3 fails
E. to obtain the IP address of a connected device in order to telnet to the device
F. to determine the status of the routing protocols between directly connected routers
Answer: DE CDP是一个二层的协议,因此可以检测二层的连通性,而且还可以检测到三层的IP地址。因此如果我们的链路出现了故障,我们可以通过CDP来检测是否是二层出现了故障。同时也可以查看到邻居设备的IP地址,来实现telnet的应用。
76. What is the purpose of the command shown below? vtp password Fl0r1da
A. It is used to validate the sources of VTP advertisements sent between switches.
B. It is used to access the VTP server to make changes to the VTP configuration.
C. It allows two VTP servers to exist in the same domain, each configured with different passwords.
D. It is the password required when promoting a switch from VTP client mode to VTP server mode.
E. It is used to prevent a switch newly added to the network from sending incorrect VLAN information to the other switches in the domain.
Answer: A VTP的密码是为了保证在同一个domain里的交换机的安全,在同一个domain里交换机只有密码相同了才可以相互传递VLAN的信息。
77. R1 forwards a packet from Host 1 to remote Server 1. Which statement describes the use of a MAC as the frame carrying this packet leaves the s0/0/0 interface of R1?


A. The frame does not have MAC addresses.
B. The source MAC address in the frame is the MAC address of the NIC of Host 1.
C. The source MAC address in the frame is the MAC address of the s0/0/0 interface of R1.
D. The destination MAC address in the frame is the MAC address of the NIC of server 1.
E. The destination MAC address in the frame is the MAC address of the s0/0/0 interface of R2
Answer: A
78. A network administrator needs to force a high-performance switch that is located in the MDF to become the root bridge for a redundant path switched network. What can be done to ensure that this switch assumes the role as root bridge?
A. Establish a direct link from the switch to all other switches in the network.
B. Assign the switch a higher MAC address than the other switches in the network have.
C. Configure the switch so that it has a lower priority than other switches in the network.
D. Configure the switch for full-duplex operation and configure the other switches for half-duplex operation.
E. Connect the switch directly to the MDF router, which will force the switch to assume the role of root bridge.
Answer: C根桥的选举是通过比较Bridge-ID来实现的,而Bridge-id由桥优先级和MAC地址组成,越小越优先。因此想让哪台交换机成为根桥,修改他的优先级就行了。
79. Refer to the exhibit. Given the output of the Floor3 switch, what statement describes the operation of this switch?


A. VTP is disabled on this switch. B. The switch can create, change, and delete VLANs.
C. The switch learns VLAN information but does not save it to NVRAM.
D. The switch can create VLANs locally but will not forward this information to other switches.
E. The switch learns VLAN information and updates the local VLAN data base in NVRAM.
Answer: C从上面的图上我们可以看到的有关VTP的信息有:VTP功能已经开启了,域名为XYZ,模式为client,这些是我们目前最有用的信息。因为是client的模式,因此此交换机是不能创建和删除VLAN的,他只能从同一个域中的server端学习VLAN的信息,而且学习到的VLAN信息是是不能保存到NVRAM中去的,每次交换机重启时都必须重新学习的。
80. What is the effect of the following access list condition?
access-list 101 permit ip 10.25.30.0 0.0.0.255 any
A. permit all packets matching the first three octets of the source address to all destinations
B. permit all packets matching the last octet of the destination address and accept all source addresses
C. permit all packets from the third subnet of the network address to all destinations
D. permit all packets matching the host bits in the source address to all destinations
E. permit all packets to destinations matching the first three octets in the destination address
Answer: A这是一个扩展的访问控制列表,他可以基于源和目的进行匹配,10.25.30.0 0.0.0.255匹配的是源地址凡是在这个范围的都被匹配了,而目的用的是any,表示任何。意思是从10.25.30.0/24的地址范围内的任何IP都可以访问任何的网段。
81. Refer to the exhibit. Hosts on the same VLAN can communicate with each other but are unable to communicate with hosts on different VLANs. What is needed to allow communication between VLANs?


A. a switch with a trunk link that is configured between the switches
B. a router with an IP address on the physical interface that is connected to the switch
C. a switch with an access link that is configured between the switches
D. a router with subinterfaces configured on the physical interface that is connected to the switch
Answer: D同一交换机上的不同VLAN间的通讯,必须借助与三层的接口,我们可以在交换机上接一个路由器,利用路由器的子接口和交换机之间做trunk,这样来实现连通性。
82. Why would a network administrator configure port security on a switch?
A. to prevent unauthorized Telnet access to a switch port
B. to limit the number of Layer 2 broadcasts on a particular switch port
C. to prevent unauthorized hosts from accessing the LAN
D. to protect the IP and MAC address of the switch and associated ports
E. to block unauthorized access to the switch management interfaces over common TCP ports
Answer: C在交换机上配置端口安全是为了防止未授权的用户访问VLAN。
83. The show interfaces serial 0/0 command resulted in the output shown in the graphic. What are possible causes for this interface status? (Choose three.)


A. The interface is shut down.
B. No keepalive messages are received.
C. The clockrate is not set.
D. No loopback address is set.
E. No cable is attached to the interface.
F. There is a mismatch in the encapsulation type.
Answer: BCF串行接口的状态为一个up一个down,出现的可能的情况有:没有收到keeplive的报文,或是接口的时钟频率没有设置,或是接口封装不匹配,这些都有可能导致接口的链路层为down的。
84. Host 1 sends an ICMP echo request to remote sever1. Which destination address does Host 1 place in the Layer2 header of the frame containing the ping packet?


A. The IP address of sever 1.
B. The MAC address of NIC in sever 1.
C. The IP address of F0/0 interface of router R1.
D. The MAC address of the Fa0/0 interface of router R1.
E. The IP address of the s0/0/0 interface of router R2
F. The MAC address of the s0/0/0 interface of router R2
Answer: D
85. A network administrator is troubleshooting the OSPF configuration of routers R1 and R2. The routers cannot establish an adjacency relationship on their common Ethernet link. The graphic shows the output of the show ip ospf interface e0 command for routers R1 and R2. Based on the information in the graphic, what is the cause of this problem?


A. The OSPF area is not configured properly. B. The priority on R1 should be set higher.
C. The cost on R1 should be set higher. D. The hello and dead timers are not configured properly.
E. A backup designated router needs to be added to the network.
F. The OSPF process ID numbers must match.
Answer: D OSPF邻居建立过程中有几个参数是需要严格匹配的:Hello time和dead time,Area id, MTU,特殊区域标识符。然后比较图中的R1和R2的内容可以看到他们的Hello time 和dead time是不同的,因此他们的邻居关系是无法建立的。
86. On which types of network will OSPF elect a backup designated router?
A. point-to-point and multiaccess
B. point-to-multipoint and multiaccess
C. point-to-point and point-to-multipoint
D. nonbroadcast and broadcast multipoint
E. nonbroadcast and broadcast multiaccess
Answer: E DR,BDR的选举是在一个共享介质下才需要进行的,我们的广播和非广播都是需要选举DR和BDR的。
87. This graphic shows the results of an attempt to open a Telnet connection to router ACCESS1 from router Remote27. Which of the following command sequences will correct this problem?


A. ACCESS1(config)# line console 0
ACCESS1(config-line)# password cisco
B. Remote27(config)# line console 0
Remote27(config-line)# login
Remote27(config-line)# password cisco
C. ACCESS1(config)# line vty 0 4
ACCESS1(config-line)# login
ACCESS1(config-line)# password cisco
D. Remote27(config)# line vty 0 4
Remote27(config-line)# login
Remote27(config-line)# password cisco
E. ACCESS1(config)# enable password cisco
F. Remote27(config)# enable password cisco
Answer: C Telnet默认情况下是要求VTP线路下有设置密码的,因为在VTP线路下默认有login的设置,他表示的是开启认证,因此如果在VTP线路下没有设置密码,他就不允许你使用这条VTP线路进行访问。所以我们需要在 VTP线路下设置一个密码,使用命令password就可以了。
88. Refer to the exhibit. Subnet 10.1.3.0/24 is unknown to router RTB. Which router command will prevent router RTB from dropping a packet destined for the 10.1.3.0/24 network if a default route is configured?

A. ip classless B. ip default-network C. network 10.1.1.0
D. network 10.1.1.0 0.0.0.255 area 0
Answer: A缺省路由也配置了,为了安全起见,我们还是把无类路由打开。
89. Host 1 sends a request for a file to remote sever1. Which destination address does Host 1 place f the packet containing the request?


A. The Mac address of the NIC in Sever1 B. The IP address of Server 1.
C. The MAC address of the s0/0/0 interface of router R2
D. The IP address of the s0/0/0 interface of router R1
E. The IP address of the Fa0/0 interface of router R1
Answer: B
90. Which statement accurately describes a benefit provided by VTP?
A. VTP allows routing between VLANs.
B. VTP allows a single port to carry information to more than one VLAN.
C. VTP allows physically redundant links while preventing switching loops.
D. VTP allows switches to share VLAN configuration information.
Answer: D VTP允许交换机间同步VLAN的信息,共享VLAN 的配置信息。
91. Refer to the exhibit. What kind of cable should be used to make each connection that is identified by the numbers shown?


A. 1 - Ethernet crossover cable
2 - Ethernet straight-through cable
3 - fiber optic cable
4 - rollover cable
B. 1 - Ethernet straight-through cable
2 - Ethernet straight-through cable
3 - serial cable
4 - rollover cable
C. 1 - Ethernet rollover cable
2 - Ethernet crossover cable
3 - serial cable
4 - null modem cable
D. 1 - Ethernet straight-through cable
2 - Ethernet crossover cable
3 - serial cable
4 - rollover cable
E. 1 - Ethernet straight-through cable
2 - Ethernet crossover cable
3 - serial cable
4 - Ethernet straight-through cable
Answer: B相同设备相连使用反序线,而不同设备相连使用直连线,路由器之间相连使用串行线,反序线用于做配置时使用
92. Refer to the exhibit. A network administrator attempts to ping Host2 from Host1 and receives the results that are shown. What is a possible problem?


A. The link between Host1 and Switch1 is down. B. TCP/IP is not functioning on Host1
C. The link between Router1 and Router2 is down. D. The default gateway on Host1 is incorrect.
E. Interface Fa0/0 on Router1 is shutdown. F. The link between Switch1 and Router1 is down.
Answer: C主机1收到Router 1回复的目的网段不可达的ICMP包,说明包发到Route 1的f0/1口就被丢弃了,所以说明网络的问题出在Router 1的s0/0口上。
93. What does the "Inside Global" address represent in the configuration of NAT?
A. the summarized address for all of the internal subnetted addresses
B. the MAC address of the router used by inside hosts to connect to the Internet
C. a globally unique, private IP address assigned to a host on the inside network
D. a registered address that represents an inside host to an outside network
Answer: D Inside Global是内部全局地址,是一个注册的可以和外部通讯的地址。
94. During startup, the router displays the following error message: boot: cannot open "flash:" What will the router do next?
A. Because of damaged flash memory, the router will fail the POST.
B. It will attempt to locate the IOS from a TFTP server. If this fails, it will initiate the setup dialog.
C. It will attempt to locate the IOS from a TFTP server. If this fails, it will load a limited IOS from ROM.
D. It will attempt to locate the configuration file from a TFTP server. If this fails, it will initiate the setup dialog.
E. It will attempt to locate the configuration file from a TFTP server. If this fails, it will load a limited configuration from ROM.
Answer: C这个问的是路由器寻找IOS的过程。1.路由器在POST后,先查看寄存器的值,这个值是一组4个十六进制的数字,而其中的最后的一位影响启动的过程。2.在NVRAM的配置文件中查看boot system命令,这个命令告诉引导程序在哪里寻找IOS。在这个题中说没有boot system的命令保存在NVRAM中。所以这步跳过。3.如果在NVRAM的配置文件中没有找到boot system命令,引导程序使用flash中所找到的第一个有效的IOS镜像。4.如果flash中没有有效的IOS镜像,引导程序将生成一个TFTP本地广播以定位TFTP服务器。5.如果没有找到TFTP服务器,引导程序将加载ROM中的迷你IOS(RXBOOT 模式)6.如果ROM中有迷你IOS,那么迷你IOS在随后加载并且进入RXBOOT模式;否则路由器不是重新试图寻找IOS镜像,就是加载ROMMON并且进入ROM Monitor模式。
95. Refer to the exhibit. S0/0 on R1 is configured as a multipoint interface to communicate with R2 and R3 in this hub-and-spoke Frame Relay topology. While testing this configuration, a technician notes that pings are successful from hosts on the 172.16.1.0/24 network to hosts on both the 172.16.2.0/25 and 172.16.2.128/25 networks. However, pings between hosts on the 172.16.2.0/25 and 172.16.2.128/25 networks are not successful. What could explain this connectivity problem?


A. The ip subnet-zero command has been issued on the R1 router.
B. The RIP v2 dynamic routing protocol cannot be used across a Frame Relay network.
C. Split horizon is preventing R2 from learning about the R3 networks and R3 from learning about the R2 networks.
D. The 172.16.2.0/25 and 172.16.2.128/25 networks are ov erlapping networks that can be seen by R1, but not between R2 and R3.
E. The 172.16.3.0/29 network used on the Frame Relay links is creating a discontiguous network between the R2 and R3 router subnetworks.
Answer: C在帧中继的环境中默认的情况下,水平分割是关闭的。但是在子接口下,水平分割是打开的,因此从一个接口收到的路由是不会再从这个接口发出去的,因此R1的S0/0收到R3发过来的f0/0的路由,是不会再将这个条目从S0/0发出去的,因此R2将无法收到这个路由,同理R3也无法收到R2的f0/0的路由
96. Refer to the exhibit. Hosts in network 192.168.2.0 are unable to reach hosts in network 192.168.3.0. Based on the output from RouterA, what are two possible reasons for the failure? (Choose two.)

A. The cable that is connected to S0/0 on RouterA is faulty.
B. Interface S0/0 on RouterB is administratively down.
C. Interface S0/0 on RouterA is configured with an incorrect subnet mask.
D. The IP address that is configured on S0/0 of RouterB is not in the correct subnet.
E. Interface S0/0 on RouterA is not receiving a clock signal from the CSU/DSU.
F. The encapsulation that is configured on S0/0 of RouterB does not match the encapsulation that is configured on S0/0 of RouterA.
Answer: EF串行接口的状态为一个up一个down,出现的可能的情况有:没有收到keeplive的报文,或是接口的时钟频率没有设置,或是接口封装不匹配,这些都有可能导致接口的链路层为down的。
97. When upgrading the IOS image, the network administrator receives the exhibited error message. What could be the cause of this error?


A. The new IOS image is too large for the router flash memory.
B. The TFTP server is unreachable from the router.
C. The new IOS image is not correct for this router platform.
D. The IOS image on the TFTP server is corrupt.
E. There is not enough disk space on the TFTP server for the IOS image.
Answer: B下面的错误显示为error opening tftp……(timed out)表示连接tftp服务器失败。所以这个灌装IOS失败的原因是路由器无法连接到tftp服务器上。
98. You and a co-worker have established wireless communication directly between your wireless laptops. What type of wireless topology has been created?
A. BSS B. ESS C. IBSS D. SSID
Answer: C
99. The Frame Relay network in the diagram is not functioning properly. What is the cause of the problem?


A. The Gallant router has the wrong LMI type configured.
B. Inverse ARP is providing the wrong PVC information to the Gallant router.
C. The S3 interface of the Steele router has been configured with the frame-relay encapsulation ietf command.
D. The frame-relay map statement in the Attalla router for the PVC to Steele is not correct.
E. The IP address on the serial interface of the Attalla router is configured incorrectly.
Answer: D这个图中的PVC建立有问题的,先看Gallan的map映射:只有到Steele:172.31.31.126的映射;再来看Steele的映射:也只有到自己的映射,所以Gallan到Steele的连通性就有问题了,Gallan可以将包发送到Steele,但是Steele回包的时候无法完成封装,连通性失败了。而且他们两个
100. Which of the following statements describe the network shown in the graphic? (Choose two.)


A. There are two broadcast domains in the network.
B. There are four broadcast domains in the network.
C. There are six broadcast domains in the network.
D. There are four collision domains in the network.
E. There are five collision domains in the network.
F. There are seven collision domains in the network.
Answer: AF这是个广播域和冲突域的问题。首先我们需要知道HUB整体是一个广播域和冲突域,而交换机整体是一个广播域,每个接口都是一个冲突域。知道了这些,这个问题的答案就很明显了,有两个广播域和七个冲突域。都没有到Attalla的映射,所以也无法和Attalla建立连通性。
101. Which of the following are true regarding the command output shown in the display? (Choose two.)


A. There are at least two routers participating in the RIP process.
B. A ping to 192.168.168.2 will be successful.
C. A ping to 10.0.15.2 will be successful.
D. RtrA has three interfaces participating in the RIP process.
Answer: AC因为RIP的metric是基于跳数的,在debug ip rip中RtrA发出的路由192.168.1.0的metric为2,所以在RIP进程下至少有两台路由器;而10.0.0.0 metric 1表示这个路由是自己直连的,所以A ping 10.0.15.2是能成功的。
102. What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)
A. protocol B. VLAN number C. TCP or UDP port numbers
D. source switch port number E. source IP address and destination IP address
F. source MAC address and destination MAC address
Answer: ACE ACL是基于三层的过滤,因此他可以基于ip,port number来过滤流量,扩展的访问控制列表是可以基于源和目的的同时的过滤。
103. Refer to the exhibit. Which two statements are true about interVLAN routing in the topology that is shown in the exhibit? (Choose two.)


A. Host E and host F use the same IP gateway address.
B. Router1 and Switch2 should be connected via a crossover cable.
C. Router1 will not play a role in communications between host A and host D.
D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.
E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.
F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type.
Answer: DF为了实现相同相同交换机间的不同VLAN之间的通讯应该用的三层的设备,借助trunk来实现。因此要将Router 1和switch2相连的接口配置为trunk,trunk的模式还应该是相同的,不同的trunk的封装,是无法实现连通性的。
104. What is the effect of using the service password-encryption command?
A. Only the enable password will be encrypted.
B. Only the enable secret password will be encrypted.
C. Only passwords configured after the command has been entered will be encrypted.
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E password encryption 是为了给密码加密。
105. Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)


A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.
B. Router1 is acting as a TFTP server for other routers.
C. Router1 cannot locate a valid IOS image in flash memory.
D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.
E. Cisco routers will first attempt to load an image from TFTP for management purposes.
Answer: AC System image file is ?°tftp://172.16.1.129/Hampton/nitro/c7200-j-mz?±这句话表明系统的镜像来自从 tftp。引导程序首先使用flash中所找到的第一个有效的IOS镜像,如果flash中没有有效的IOS镜像,引导程序将生成一个TFTP本地广播以定位TFTP服务器,如果没有找到TFTP服务器,引导程序将加载ROM中的迷你IOS(RXBOOT 模式),如果ROM中有迷你IOS,那么迷你IOS在随后加载并且进入RXBOOT模式;否则路由器不是重新试图寻找IOS镜像,就是加载ROMMON并且进入ROM Monitor模式。因此说明Router 1在flash中没有找到有效的IOS镜像。从而加载了tftp中的镜像。
106. At which OSI layer is a logical path created between two host systems?
A. session B. transport C. network D. data link E. physical
Answer: C我们所说的IP地址就是一个逻辑的地址,他是在OSI七层模型中的第三层network层创建的。是用于通讯的逻辑的地址。
107. What functions do routers perform in a network? (Choose two.)
A. packet switching B. access layer security C. path selection
D. VLAN membership assignment E. bridging between LAN segments
F. microsegmentation of broadcast domains
Answer: AC路由器在一个网络中的作用是选择路径进行转发。
108. Refer to the exhibit. The show vtp status command is executed at a switch that is generating the exhibited output. Which statement is true for this switch?


A. The switch forwards its VLAN database to other switches in the ICND VTP domain.
B. The configuration revision number increments each time the VLAN database is updated.
C. The switch forwards VTP updates that are sent by other switches in the ICND domain.
D. The VLAN database is updated when VTP information is received from other switches.
Answer: C VTP是为了动态学习和同步VLAN信息的,但是他的同步和学习都是以域为单位的,只有同一个域中的VLAN信息才可以同步和学习。而VTP的模式有三种:server , client , transparent。其中transparent模式为通明桥的模式,在这种模式下的VLAN的信息是不能被其他设备学习到的,而切这种模式下的设备也不学习其他设备的VLAN信息,他只是转发VLAN的信息,但是不学习。
109. A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS
image. What function does the router perform next?
A. It checks the configuration register.
B. It attempts to boot from a TFTP server.
C. It loads the first image file in flash memory.
D. It inspects the configuration file in NVRAM for boot instructions.
Answer: A
110. Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.)


A. All ports will be in a state of discarding, learning, or forwarding.
B. Thirty VLANs have been configured on this switch.
C. The bridge priority is lower than the default value for spanning tree.
D. All interfaces that are shown are on shared media.
E. All designated ports are in a forwarding state.
F. This switch must be the root bridge for all VLANs on this switch.
Answer: ACE
111. What is the function of the command switchport trunk native vlan 999 on a Cisco Catalyst switch?
A. It creates a VLAN 999 interface.
B. It designates VLAN 999 for untagged traffic.
C. It blocks VLAN 999 traffic from passing on the trunk.
D. It designates VLAN 999 as the default for all unknown tagged traffic.
Answer: B native vlan是不打标签的VLAN,这指定native vlan 为999,表明 VLAN 999为不用打标签的VLAN
112. Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?


A. 30 seconds B. 60 seconds C. 90 seconds D. 180 seconds E. 240 seconds
Answer: B
113. When a new trunk is configured on a 2950 switch, which VLANs by default are allowed over the trunk link?
A. no VLANs B. all VLANs C. only VLANs 1 - 64
D. only the VLANs that are specified when creating the trunk
Answer: B Trunk上默认是可以转发所有VLAN的数据的。
114. Which three statements describe the differences between RIP version 1 and RIP version 2? (Choose three.)
A. RIP version 1 broadcasts updates whereas RIP version 2 uses multicasts.
B. RIP version 1 multicasts updates while RIP version 2 uses broadcasts.
C. Both RIP version 1 and RIP version 2 are classless routing protocols.
D. RIP Version 2 is a classless routing protocol whereas RIP version 1 is a classful routing protocol.
E. Both RIP version 1 and version 2 support authentication.
F. RIP version 2 sends the subnet mask in updates and RIP version 1 does not.
Answer: ADF
115. An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?


A. access-list 10 permit 172.29.16.0 0.0.0.255 B. access-list 10 permit 172.29.16.0 0.0.1.255
C. access-list 10 permit 172.29.16.0 0.0.3.255 D. access-list 10 permit 172.29.16.0 0.0.15.255
E. access-list 10 permit 172.29.0.0 0.0.255.255
Answer: C用一个单独的语句来匹配上面写出的四条ACL,也就一一个汇总的问题,将172.29.16.0/24,172.29.17.0/24, 172.29.18.0/24, 172.29.19.0/24进行汇总,将他们的第3个八字节以二进制展开,相同的位作为他们的汇总的条目,然后计算他们的掩码位数为多少,所以这四个条目汇总到一个条目为172.29.16.0/22,掩码用通配符来写应该是0.0.3.255。
116. Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)


A. Network A - 172.16.3.48/26 B. Network A - 172.16.3.128/25
C. Network A - 172.16.3.192/26 D. Link A - 172.16.3.0/30
E. Link A - 172.16.3.40/30 F. Link A - 172.16.3.112/30
Answer: BD这是个IP地址规划的考题。Network A中有120台主机,因此Network A中至少需要122个IP地址,根据公式2n >=122,可以解出n=7,因此网络位为32-7=25,容纳的IP地址为128。因此 Network A的网段就可以为172.16.3.0/25或172.16.3.128/25。通过其他的设备分配的地址可以看到172.16.3.0/25的地址已经有一部分分配出去了,因此Network A分配的地址空间只能是172.16.3.128/25.Link A只需要有两个可用的IP地址,因此网段中需要有4个地址根据公式2n >=4,可以解出n=2,因此网络位为32-2=30。而从其他路由器上的地址分配我们可以看到地址172.16.3.4-172.16.3.15, 172.16.3.32-172.16.3.127 这些IP地址都已经分配出去了,因此结合答案我们可以看到Link A的地址空间只能为172.16.3.0/30。
117. At which layers of the OSI model do WANs operate? (Choose two.)
A. application layer B. session layer C. transport layer D. network layer
E. datalink layer F. physical layer
Answer: EF WAN是工作在一层和二层的,比如现在常用的Frame-relay,ATM等这些都是工作在OSI的二层的。
118. Refer to the exhibit. A network associate has configured the internetwork that is shown in the exhibit, but has failed to configure routing properly. Which configuration will allow the hosts on the Branch LAN to access resources on the HQ LAN with the least impact on router processing and WAN bandwidth?


A. HQ(config)# ip route 192.168.1.0 255.255.255.0 192.168.2.5
Branch(config)# ip route 172.16.25.0 255.255.255.0 192.168.2.6
B. HQ(config)# router rip
HQ(config-router)# network 192.168.2.0
HQ(config-router)# network 172.16.0.0
Branch(config)# router rip
Branch (config-router)# network 192.168.1.0
Branch (config-router)# network 192.168.2.0
C. HQ(config)# router eigrp 56
HQ(config-router)# network 192.168.2.4
HQ(config-router)# network 172.16.25.0
Branch(config)# router eigrp 56
Branch (config-router)# network 192.168.1.0
Branch (config-router)# network 192.168.2.4
D. HQ(config)# router ospf 1
HQ(config-router)# network 192.168.2.4 0.0.0.3 area 0
HQ(config-router)# network 172.16.25.0 0.0.0.255 area 0
Branch(config)# router ospf 1
Branch (config-router)# network 192.168.1.0 0.0.0.255 area 0
Branch (config-router)# network 192.168.2.4 0.0.0.3 area 0
Answer: A动态路由协议都是需要有他的更新包来传递路由的,而这些都是会占用带宽的,为了减小流量的冲突我们可以采用静态路由,他是会占用任何带宽的。
119. Refer to the exhibit. What is the purpose of the configuration that is shown?


A. to translate addresses of hosts on the fa0/0 and fa0/1 networks to a single public IP address for Internet access
B. to translate the internal address of each host on fa0/0 and fa0/1 to a unique external IP address for Internet acces
C. to provide security on fa0/0 and fa0/1 through the application of an access list
D. to allow IP hosts on the Internet to initiate TCP/IP connections to hosts on fa0/0 and fa0/1
Answer: A
120. A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1?
A. Configure port Fa0/1 to accept connections only from the static IP address of the server.
B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.
C. Configure the MAC address of the server as a static entry associated with port Fa0/1.
D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.
E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.
F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1.
Answer: CE交换机的f0/1端口上仅仅允许转发server的流量,因此我们可以配置将server的mac地址和交换机的端口进行绑定。然后用在端口f0/1上配置端口安全以过滤其他除server外的流量。
121. The OSPF Hello protocol performs which of the following tasks? (Choose two.)
A. It provides dynamic neighbor discovery.
B. It detects unreachable neighbors in 90 second intervals.
C. It maintains neighbor relationships.
D. It negotiates correctness parameters between neighboring interfaces.
E. It uses timers to elect the router with the fastest links as the designated router.
F. It broadcasts hello packets throughout the internetwork to discover all routers that are running OSPF.
Answer: AC OSPF的Hello包的作用是发现并维持邻居关系。
122. Which two passwords must be supplied in order to connect by Telnet to a properly secured Cisco switch and make changes to the device configuration? (Choose two.)
A. console password B. vty password C. aux password D. tty password
E. enable secret password F. username password
Answer: BE
123. Refer to the exhibit. What IP address should be assigned to Workstation A?


A. 192.168.1.143/28 B. 192.168.1.144/28 C. 192.168.1.145/28
D. 192.168.1.159/28 E. 192.168.1.160/28
Answer: C因为交换机连接的设备是在同一个网段中的,因此Workstation A分配的IP地址应该是和路由器的Fa0/0的地址是在同一个网段的。Fa0/0的地址为192.168.1.158/28,他包括的地址范围为192.168.1.144-192.168.1.159,而192.168.1.144为网络地址,192.168.1.159为这个网段的广播地址,所以可以使用的地址就是192.168.1.145-192.168.1.158.所以可以看出答案中可以分配给Workstation A的地址为192.168.1.145。
124. Refer to the exhibit. Which address and mask combination represents a summary of the routes learned by EIGRP?


A. 192.168.25.0 255.255.255.240 B. 192.168.25.0 255.255.255.252
C. 192.168.25.16 255.255.255.240 D. 192.168.25.16 255.255.255.252
E. 192.168.25.28 255.255.255.240 F. 192.168.25.28 255.255.255.252
Answer: C 192.168.25.20/30,192.168.25.16/30,192.168.25.24/30,192.168.25.28/30进行汇总:还是将他们换算成二进制的形式,然后找相同的位数,就可以得到192.168.25.16/28,即192.168.25.16 255.255.255.240。
125. An inbound access list has been configured on a serial interface to deny packet entry for TCP and UDP ports 21, 23 and 25. What types of packets will be permitted by this ACL? (Choose three.)
A. FTP B. Telnet C. SMTP D. DNS E. HTTP F. POP3
Answer: DEF有些常用的公用端口号是我们需要记住的:FTP(20,21),Telnet (23),SMTP-Email(25),DNS(53),TFTP(69),WWW(80),POP邮件(110)。在这,我们过滤了端口号为21,23和25的端口号的流量,因此就是过滤了FTP,Telnet和SMTP的流量,剩下的就是可以允许的。
126. Users on the 172.17.22.0 network cannot reach the server located on the 172.31.5.0 network. The network administrator connected to router Coffee via the console port, issued the show ip route command, and was able to ping the server. Based on the output of the show ip route command and the topology shown in the graphic, what is the cause of the failure?


A. The network has not fully converged. B. IP routing is not enabled.
C. A static route is configured incorrectly.
D. The FastEthernet interface on Coffee is disabled.
E. The neighbor relationship table is not correctly updated.
F. The routing table on Coffee has not updated .
Answer: C 172.17.22.0中的用户是无法访问172.31.5.0中的server的,因为路由器Coffee上没有到达这个网段的路由。虽然说路由器Coffee上有一条缺省的静态路由,但是这个缺省路由的出接口却是路由器Coffee上没有的地址。因此无法访问的原因就是这个缺省路由的配置出现了问题。
127. Why does the data communication industry use the layered OSI reference model? (Choose two.)
A. It divides the network communication process into smaller and simpler components, thus aiding component development, design, and troubleshooting.
B. It enables equipment from different vendors to use the same electronic components, thus saving research and development funds.
C. It supports the evolution of multiple competing standards, and thus provides business opportunities for equipment manufacturers.
D. It encourages industry standardization by defining what functions occur at each layer of the model.
E. It provides a means by which changes in functionality in one layer require changes in other layers.
Answer: AD switchport port-security maximum 1这个命令是配置这个端口为安全模式且只允许有学习一个mac地址。Switchport port-security violation shutdown:这句命令的意思是如果借口违反了安全策略就shutdown该接口。
128. Refer to the exhibit. RIPv2 is in use on the network with no standard policy in place for summarization. A packet arrives at CentralRouter with a destination IP address of 208.149.23.91. Given the output that is shown, how will CentralRouter process that packet?

A. It will forward the packet to 190.171.23.10. B. It will forward the packet to 190.171.23.12.
C. It will forward the packet to 192.168.33.1. D. It will hold the packet for 22 seconds.
E. It will hold the packet for 21 seconds. F. It will discard the packet because there is no matching route.
Answer: B
129. The network security policy requires that only one host be permitted to attach dynamically to each switch interface. If that policy is violated, the interface should shut down. Which two commands must the network administrator configure on the 2950 Catalyst switch to meet this policy? (Choose two.)
A. Switch1(config-if)# switchport port-security maximum 1
B. Switch1(config)# mac-address-table secure
C. Switch1(config)# access-list 10 permit ip host
D. Switch1(config-if)# switchport port-security violation shutdown
E. Switch1(config-if)# ip access-group 10
Answer: AD switchport port-security maximum 1这个命令是配置这个端口为安全模式且只允许有学习一个mac地址。Switchport port-security violation shutdown:这句命令的意思是如果借口违反了安全策略就shutdown该接口。
130. Refer to the exhibit. A network associate has configured OSPF with the command: City(config-router)# network 192.168.12.64 0.0.0.63 area 0 After completing the configuration, the associate discovers that not all the interfaces are participating in OSPF. Which three of the interfaces shown in the exhibit will participate in OSPF according to this configuration statement? (Choose three.)


A. FastEthernet0 /0 B. FastEthernet0 /1 C. Serial0/0 D. Serial0/1.102
E. Serial0/1.103 F. Serial0/1.104
Answer: BCD 192.168.12.64 0.0.0.63匹配的地址范围是 192.168.12.64-192.168.12.127 ,所以被激活的接口有FastEthernet0 /1, Serial0/0, Serial0/1.102.
131. Refer to the exhibit. Explain how the routes in the table are being affected by the status change on interface Ethernet0.

A. The router is requesting updates for these networks from routers that are connected to interface Ethernet1.
B. The router is poisoning the routes and broadcasting the new path costs via interface Ethernet1.
C. The router is receiving updates about unreachable networks from routers that are connected to interface Ethernet1.
D. The router is poisoning the routes and multicasting the new path costs via interface Ethernet1.
Answer: D
132. Which statement is correct about the internetwork shown in the diagram?


A. Switch 2 is the root bridge.
B. Spanning Tree is not running.
C. Host D and Server 1 are in the same network.
D. No collisions can occur in traffic between Host B and Host C.
E. If Fa0/0 is down on Router 1, Host A cannot access Server 1.
F. If Fa0/1 is down on Switch 3, Host C cannot access Server 2.
Answer: E这个涉及到多个交换机的多个VLAN间的通讯。而在交换机之间有一个环路,因此生成树阻断了其中的一个接口,根据生成树的原理,block的端口是在非根桥上的,因此switch2不会是根桥。而host D和server一看就不是在相同的VLAN之间,因此是不在相同的网络中的。我们说整个hub是一个大的冲突域和广播域,此host B和host C 之间是有冲突存在的。Host A和server在不同的VLAN之间,他们之间通讯是要借助于Router 1的接口Fa0/0的子接口来实现的,因此如果Router 1的接口Fa0/0 down了,那么Host A和server 1之间就无法通讯了。同理host C与server 2之间的通讯也是借助于Router 1的Fa0/0来实现的,如果switch 3的Fa0/1 down了,那么生成树的就会重新选举,以前block的接口就会起来转发数据,host C就通过switch 2将他的数据发送出去,他与server 2之间的连通性还是不能失去的。
133. Which statements are true about EIGRP successor routes? (Choose two.)
A. A successor route is used by EIGRP to forward traffic to a destination.
B. Successor routes are saved in the topology table to be used if the primary route fails.
C. Successor routes are flagged as "active" in the routing table.
D. A successor route may be backed up by a feasible successor route.
E. Successor routes are stored in the neighbor table following the discovery process.
Answer: AD EIGRP的successor路径是他选出的最优的路径,路由器将选择这条路径到达目的地。而feasible successor 则是successor的备份的路径,如果successor路径出了问题,就立即将feasible successor路径转为successor路径转发数据。
134. Which of the following is true regarding the use of switches and hubs for network connectivity?
A. Switches take less time to process frames than hubs take.
B. Switches do not forward broadcasts.
C. Hubs can filter frames.
D. Using hubs can increase the amount of bandwidth available to hosts.
E. Switches increase the number of collision domains in the network.
Answer: E
135. Why has the network shown in the exhibit failed to converge?


A. The no auto-summary command needs to be applied to the routers.
B. The network numbers have not been properly configured on the routers.
C. The subnet masks for the network numbers have not been properly configured.
D. The autonomous system number has not been properly configured.
E. The bandwidth values have not been properly configured on the serial interfaces.
Answer: A
136. DNS servers provide what service?
A. Given an IP address, they determine the name of the host that is sought.
B. They convert domain names into IP addresses.
C. They run a spell check on host names to ensure accurate routing.
D. They map individual hosts to their specific IP addresses.
Answer: B
137. What are two characteristics of Telnet? (Choose two.)
A. It sends data in clear text format.
B. It is no longer supported on Cisco network devices.
C. It is more secure than SSH.
D. It requires an enterprise license in order to be implemented.
E. It requires that the destination device be configured to support Telnet connections.
Answer: AE
138. What TCP/IP stack configuration features can DHCP provide, in addition to assigning an IP address? (Choose three.)
A. default gateway B. DNS servers C. FTP server D. helper address
E. subnet mask F. TFTP server
Answer: ABE
139. Which of the following are key characteristics of PPP? (Choose three.)
A. can be used over analog circuits
B. maps Layer 2 to Layer 3 address
C. encapsulates several routed protocols
D. supports IP only
E. provides error correction
Answer: ACE
140. Refer to the exhibit. The network administrator has discovered that the VLAN configuration of SwitchC is ot synchronized with the rest of the switched network. Why is SwitchC not receiving VTP updates?


A. SwitchB is not relaying VTP advertisements to SwitchC.
B. SwitchC has fewer existing VLANs than does SwitchA.
C. SwitchA supports a greater number of VLANs than does SwitchC.
D. SwitchC has a revision number higher than that being advertised.
E. SwitchC should be operating in VTP server mode to receive VTP updates.
F. SwitchB should be operating in VTP server or client mode to relay VTP updates.
Answer: D
141. The network administrator of the Oregon router adds the following command to the router configuration: ip route 192.168.12.0 255.255.255.0 172.16.12.1. What are the results of adding this command? (Choose two.)


A. The command establishes a static route.
B. The command invokes a dynamic routing protocol for 192.168.12.0.
C. Traffic for network 192.168.12.0 is forwarded to 172.16.12.1.
D. Traffic for all networks is forwarded to 172.16.12.1.
E. This route is automatically propagated throughout the entire network.
F. Traffic for network 172.16.12.0 is forwarded to the 192.168.12.0 network.
Answer: AC
142. What will an Ethernet switch do if it receives a unicast frame with a destination MAC that is listed in the switch table?
A. The switch will not forward unicast frames.
B. The switch will forward the frame to a specific port.
C. The switch will return a copy of the frame out the source port.
D. The switch will remove the destination MAC from the switch table.
E. The switch will forward the frame to all ports except the port on which it was received.
Answer: B
143. A Cisco router that was providing Frame Relay connectivity at a remote site was replaced with a different vendor's frame relay router. Connectivity is now down between the central and remote site. What is the most likely cause of the problem?
A. mismatched LMI types
B. incorrect DLCI
C. mismatched encapsulation types
D. incorrect IP address mapping
Answer: C
144. The Ethernet networks connected to router R1 in the graphic have been summarized for router R2 as 192.1.144.0/20. Which of the following packet destination addresses will R2 forward to R1, according to this summary? (Choose two.)


A. 192.1.159.2 B. 192.1.160.11 C. 192.1.138.41 D. 192.1.151.254
E. 192.1.143.145 F. 192.1.1.144
Answer: AD
145. Which two practices help secure the configuration utilities on wireless access points from unauthorized access? (Choose two.)
A. assigning a private IP address to the AP B. changing the default SSID value
C. configuring a new administrator password D. changing the mixed mode setting to single mode E. configuring traffic filtering
Answer: BC
146. A network administrator would like to implement NAT in the network shown in the graphic to allow inside hosts to use a private addressing scheme. Where should NAT be configured?


A. Corporate router B. Engineering router C. Sales router D. all routers
E. all routers and switches
Answer: A
147. If an ethernet port on a router was assigned an IP address of 172.16.112.1/20, what is the maximum number of hosts allowed on this subnet?
A. 1024 B. 2046 C. 4094 D. 4096 E. 8190
Answer: C
148. Which tables of EIGRP route information are held in RAM and maintained through the use of hello and update packets? (Choose two.)
A. neighbor table B. SPF table C. RTP table D. topology table E. query table
F. DUAL table
Answer: AD
149. Refer to the exhibit. What can be determined about routes that are learned from the router at IP address 190.171.23.12?


A. HQ_Router last received an update from 190.171.23.12 at 3:30 am.
B. If HQ_Router does not receive an update from 190.171.23.12 in 30 seconds, all routes from that source will be removed from the routing table.
C. If HQ_Router does not receive an update from 190.171.23.12 in 30 seconds, all routes from that source will be flagged with a hold-down timer.
D. 190.171.23.12 is expected to send an update to HQ_Router for network 190.172.0.0 in 3 minutes and 30 seconds.
Answer: B
150. Refer to the exhibit. A network associate needs to configure the switches and router in the graphic so that the hosts in VLAN3 and VLAN4 can communicate with the enterprise server in VLAN2. Which two Ethernet segments would need to be configured as trunk links? (Choose two.)


A. A B. B C. C D. D E. E F. F Answer: CF
151. Refer to the exhibit. Why are two OSPF designated routers identified on Core_Router?

A. Core_Router is connected to more than one multiaccess network.
B. The router at 208.149.23.130 is a secondary DR in case the primary fails.
C. Two router IDs have the same OSPF priority and are therefore tied for DR election.
D. The DR election is still underway and there are two contenders for the role.
Answer: A
152. A router learns about a remote network from EIGRP, OSPF, and a static route. Assuming all routing protocols are using their default administrative distance, which route will the router use to forward data to the remote network?
A. The router will use the static route. B. The router will use the OSPF route.
C. The router will use the EIGRP route. D. The router will load balance and use all three routes.
Answer: A
153. Refer to the exhibit. A new subnet with 12 hosts has been added to the network. Which subnet address should this network use to provide enough useable addresses while wasting the fewest addresses?


A. 192.168.10.80/28 B. 192.168.10.80/29 C. 192.168.10.96/28 D. 192.168.10.96/29
Answer: C
154. What is one reason that WPA encryption is preferred over WEP?
A. A WPA key is longer and requires more special characters than the WEP key.
B. The access point and the client are manually configured with different WPA key values.
C. WPA key values remain the same until the client configuration is changed.
D. The values of WPA keys can change dynamically while the system is used.
Answer: D
155. An access list has been designed to prevent HTTP traffic from the Accounting Department from reaching the HR server attached to the Holyoke router. Which of the following access lists will accomplish this task when grouped with the e0 interface on the Chicopee router?


A. permit ip any any
deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
B. permit ip any any
deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
C. deny tcp 172.17.17.252 0.0.0.0 172.16.16.0 0.0.0.255 eq 80
permit ip any any
D. deny tcp 172.16.16.0 0.0.0.255 172.17.17.252 0.0.0.0 eq 80
permit ip any any
Answer: D
156. Refer to the exhibit. The network administrator must complete the connection between the RTA of the XYZ Company and the service provider. To accomplish this task, which two devices could be installed at the customer site to provide a connection through the local loop to the central office of the provider? (Choose two.)

A. WAN switch B. PVC C. ATM switch D. multiplexer E. CSU/DSU F. modem
Answer: EF
157. When a router is connected to a Frame Relay WAN link using a serial DTE interface, how is the interface clock rate determined?
A. It is supplied by the CSU/DSU. B. It is supplied by the far end router.
C. It is determined by the clock rate command. D. It is supplied by the Layer 1 bit stream timing.
Answer: A
158. When a new trunk link is configured on an IOS based switch, which VLANs are allowed over the link?
A. By default, all defined VLANs are allowed on the trunk.
B. Each single VLAN, or VLAN range, must be specified with the switchport mode command.
C. Each single VLAN, or VLAN range, must be specified with the vtp domain command.
D. Each single VLAN, or VLAN range, must be specified with the vlan database command.
Answer: A
159. Acknowledgements, sequencing, and flow control are characteristics of which OSI layer?
A. Layer 2 B. Layer 3 C. Layer 4 D. Layer 5 E. Layer 6 F. L a y e r 7
Answer: C
160. Which of the following are types of flow control? (Choose three.)
A. buffering B. cut-through C. windowing D. congestion avoidance E. load balancing
Answer: ACD
161. Which protocol provides a method of sharing VLAN configuration information between switches?
A. VTP B. STP C. ISL D. 802.1Q E. VLSM
Answer: A
162. Refer to the exhibit. How will router A choose a path to the 10.1.2.0/24 network when different routing protocols are configured? (Choose three.)


A. If RIPv2 is the routing protocol, only the path AD will be installed in the routing table by default.
B. If RIPv2 is the routing protocol, the equal cost paths ABD and ACD will be installed in the routing table by default.
C. If EIGRP is the routing protocol, only the path AD will be installed in the routing table by default.
D. If EIGRP is the routing protocol, the equal cost paths ABD and ACD will be installed in the routing table by default.
E. If EIGRP and OSPF are both running on the network, the EIGRP paths will be installed in the routing table.
F. If EIGRP and OSPF are both running on the network, the OSPF paths will be installed in the routing table.
Answer: ADE
163. Which two devices can interfere with the operation of a wireless network because they operate on similar frequencies? (Choose two.)
A. copier B. microwave oven C. toaster D. cordless phone E. IP phone F. AM radio
Answer: BD
164. Refer to the exhibit. Why does RouterA show multiple unequal cost paths to network 192.168.81.0/24?


A. A variance was configured for EIGRP autonomous system 109.
B. The EIGRP topology table displays all routes to a destination.
C. The EIGRP topology table shows only backup routes to a destination.
D. Multiple floating static routes were configured to network 192.168.81.0 via interface Serial0.
Answer: B
165. Which statement is true about full-duplex Ethernet in comparison to half-duplex Ethernet?
A. Full-duplex Ethernet consists of a shared cable segment. Half-duplex Ethernet provides a point-to-point link.
B. Full-duplex Ethernet uses a loopback circuit to detect collisions. Half-duplex Ethernet uses a jam signal.
C. Full-duplex Ethernet can provide higher throughput than can half-duplex Ethernet of the same bandwidth.
D. Full-duplex Ethernet uses two wires to send and receive. Half-duplex Ethernet uses one wire to send and receive.
Answer: C
166. Which are valid modes for a switch port used as a VLAN trunk? (Choose three.)
A. transparent B. auto C. on D. desirable E. blocking F. forwarding
Answer: BCD将链路配置为trunk模式可以通过几种协商模式来完成:auto , desirable , on ;也可以通过静态指定trunk来强制一条链路为trunk。
167. Refer to the exhibit. A problem with network connectivity has been observed. It is suspected that the cable connected to switch port Fa0/9 on Switch1 is disconnected. What would be an effect of this cable being disconnected?


A. Host B would not be able to access the server in VLAN9 until the cable is reconnected.
B. Communication between VLAN3 and the other VLANs would be disabled.
C. The transfer of files from Host B to the server in VLAN9 would be significantly slower.
D. For less than a minute, Host B would not be able to access the server in VLAN9. Then normal network function would resume.
Answer: D在交换机间是有一个环路存在的,所以运行的生成树就会block一个端口,从而阻断环路的产生,所以端口f0/9就被block了,所以就没有了连通性。而生成树的选举过程在正常的情况下是需要至少50秒的。所以在生成树选举的过程中HOST B是不能访问到处于VLAN 9中的SERVER的。
168. Refer to the graphic. How many collision domains are shown?


A. one B. two C. three D. four E. six F. fourteen
Answer: B
169. Refer to the exhibit. The network administrator is in a campus building distant from Building B. WANRouter is hosting a newly installed WAN link on interface S0/0. The new link is not functioning and the administrator needs to determine if the correct cable has been attached to the S0/0 interface. How can the administrator accurately verify the correct cable type on S0/0 in the most efficient manner?

A. Telnet to WANRouter and execute the command show interfaces S0/0
B. Telnet to WANRouter and execute the command show processes S0/0
C. Telnet to WANRouter and execute the command show running-configuration
D. Telnet to WANRouter and execute the command show controller S0/0
E. Physically examine the cable between WANRouter S0/0 and the DCE.
F. Establish a console session on WANRouter and execute the command show interfaces S0/0
Answer: D要检验端口s0/0的线缆类型,首先要登陆到路由器上去,我们可以通过telnet的技术登上去,查看接口所接的线缆的类型使用的命令为show controller s0/0,可以看到接口的状态为DTE,或是DCE。
170. Which encryption type does WPA2 use?
A. AES-CCMP B. PPK via IV C. PSK D. TKIP/MIC
Answer: A
171. Refer to the exhibit. A technician is troubleshooting a host connectivity problem. The host is unable to ping a server connected to Switch_A. Based on the results of the testing, what could be the problem?


A. A remote physical layer problem exists. B. The host NIC is not functioning.
C. TCP/IP has not been correctly installed on the host. D. A local physical layer problem exists.
Answer: D主机ping 自己能够ping通自己,但是包无法发送出去,表明自己的物理层有问题存在。而因为能够ping通自己,表明TCP/IP的协议栈运行是良好的。
172. A routing protocol is required that supports:
1) routing update authentication
2) an addressing scheme that conserves IP addresses
3) multiple vendors
4) a network with over 50 routers
Which routing protocol fulfills these requirements?
A. RIPv1 B. RIPv2 C. EIGRP D. OSPF
Answer: D首先RIPv1是不支持认证的,因此答案A我们可以排除。是支持多厂商的,因此是一个开放的标准的协议,可以排除EIGPR,因为这是个CISCO私有的协议。网络的大小可以超过50台路由器,那RIPv2就不满足了,因为RIP最大支持16跳。那么答案就是OSPF了。
173. Refer to the exhibit. What is the correct addressing for a frame and packet received by Host B from Host A?


A. Destination MAC: 0011.43da.2c98
Source MAC: 0070.0e8f.088a
Destination IP: 192.168.60.5
Source IP: 192.168.24.5
B. Destination MAC: 0011.43da.2c98
Source MAC: 00b0.d0ef.5f6a
Destination IP: 192.168.60.5
Source IP: 192.168.24.5
C. Destination MAC: 0011.43da.2c98
Source MAC: 0070.0e8f.088a
Destination IP: 192.168.60.5
Source IP: 192.168.60.1
D. Destination MAC: 0011.43da.2c98
Source MAC: 0070.0e97.af4e
Destination IP: 192.168.60.5
Source IP: 192.168.60.2
Answer: A我们来看一下包发送的过程:Host A发送的:source ip: 192.168.24.5, destination ip: 192.168.60.5 Source mac:00b0.doef.5f6a , destination mac: 0007.0e56.ab2eSwitch1收到后经过查找mac table,不做任何修改发往 Router 1Router 1 发送的:source ip 192.168.24.5 destination ip : 192.168.60.5 Source mac : 0007.0e8f.088a , destination mac:0011.43da.2c98
174. Refer to the exhibit. The network administrator has verified that a functioning cable connects Switch1 and Switch2. From the output that is shown, what two pieces of information can the administrator validly conclude? (Choose two.)


A. Using a source MAC address of 0009.11f3.8848, Switch2 is sending frames to Switch1.
B. Interface fa0/1 on Switch1 is in a shutdown state.
C. The status of fa0/2 should be checked on Switch2.
D. There is likely to be an IP address issue on Switch1 fa0/1.
E. The interface is functional at OSI Layer 1.
Answer: CE 接口显示的notconnect, 当然需要检查对端的接口的状态了 ,一般来说交换机的接口显示为一up一 down,是物理链路出现了问题。因为他只有物理层是up的,所以我们只能说他工作在OSI的第一层。
175. Which wireless LAN design ensures that a mobile wireless client will not lose connectivity when moving from one access point to another?
A. using adapters and access points manufactured by the same company
B. overlapping the wireless cell coverage by at least 10%
C. configuring all access points to use the same channel
D. utilizing MAC address filtering to allow the client MAC address to authenticate with the surrounding APs
Answer: B
176. Refer to the exhibit. Two buildings on the San Jose campus of a small company must be connected to use Ethernet with a bandwidth of at least 100 Mbps. The company is concerned about possible problems from voltage potential differences between the two buildings. Which media type should be used for the connection?


A. UTP cable B. STP cable C. coaxial cable D. fiber optic cable
Answer: D电压不同,而且两个公司的距离不是很远,当然可以考虑光纤了。
177. A network administrator is configuring the routers in the graphic for OSPF. The OSPF process has been started and the networks have been configured for Area 0 as shown in the diagram. The network administrator has several options for configuring RouterB to ensure that it will be preferred as the designated router (DR) for the 172.16.1.0 /24 LAN segment. What configuration tasks could be used to establish this preference? (Choose three.)


A. Configure the priority value of the Fa0/0 interface of RouterB to a higher value than any other interface on the Ethernet network.
B. Change the router id of Router B by assigning the IP address 172.16.1.130/24 to the Fa0/0 interface of RouterB.
C. Configure a loopback interface on RouterB with an IP address higher than any IP address on the other routers.
D. Change the priority value of the Fa0/0 interface of RouterB to zero.
E. Change the priority values of the Fa0/0 interfaces of RouterA and RouterC to zero.
F. No further configuration is necessary.
Answer: ACE OSPF中的共享介质下是需要选举DR和BDR的,而这个选举的过程是通过比较优先级和RID来实现的。优先级越高的越优先选举成为DR,优先级为0的接口是不参加DR的选举的,如果优先级相同就比较他们的RID,RID越大的越优先。RID的选举过程是:手工指定的最为优先,如果没有手工指定RID,则比较路由器上活动接口的IP地址,如果有回环口就选用回环口IP地址最大的地址作为RID,如果没有回环口,就选用物理接口地址中最大的IP地址为RID这个题中需要确保Router B成为网络172.16.1.0/24的DR,根据上面的解释可以看出,让他成为DR的方式有:改Router B的f0/0的优先级为最大的;改172.16.1.0/24网段上的其他接口的优先级为0;设置Router B的RID最大。
178 Refer to the output of the two show commands in the exhibit. If an administrator tries to ping host 10.1.8.5 from host 10.1.6.100, how will the ICMP packets be processed by Router A?


A. The packets will be discarded. B. The packets will be routed out the S0/0 interface.
C. The packets will be routed out the S0/1 interface.
D. The packets will be routed out the Fa0/0 interface.
Answer: C可以看到10.1.8.5的 网段不在路由表中,但是在Router A的路由表中有一条RIP的缺省路由,因此可以收到的ICMP的报文是从s0/1来的。
179. Refer to the exhibit. The Branch router displays knowledge of a route to network 172.16.0.0/16. The actual network number at headquarters is 172.16.1.0/24. Why does the network number appear as it does in the routing table?

A. The Branch router has a static route configured for the 172.16.0.0/16 network.
B. The routing protocol on the HQ router is using automatic route summarization.
C. The Branch router is configured to summarize to classful boundaries.
D. The routing protocol on the Branch router has been misconfigured.
E. The routing protocol that is forwarding this route only sends classful updates.
Answer: B
180. IP addresses and routing for the network are configured as shown in the exhibit. The network administrator issues the show ip eigrp neighbors command from Router1 and receives the output shown below the topology. Which statement is true?

A. It is normal for Router1 to show one active neighbor at a time to prevent routing loops.
B. Routing is not completely configured on Router3.
C. The IP addresses are not configured properly on the Router1 and Router3 interfaces.
D. The no auto-summary command configured on the routers prevents Router1 and Router2 from forming a neighbor relationship.
Answer: B在R3上只公告了192.168.2.0和10.0.0.0的网段,也只激活了接口S1和10.0.4.0的接口,而接口s0没有激活,因此R3与R1之间是无法建立邻居的。虽然R1会向R3的S0口发EIGRP的Hello包,但是R3是无法回复的。所以在R1上看到的EIGRP的邻居只有192.168.1.2。
181. Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?


A. The router cannot verify that the Cisco IOS image currently in flash is valid.
B. Flash memory on Cisco routers can contain only a single IOS image.
C. Erasing current flash content is requested during the copy dialog.
D. In order for the router to use the new image as the default, it must be the only IOS image in flash.
Answer: C
182. Refer to the exhibit. Which two statements are true based the output of the show frame-relay lmi command issued on the Branch router? (Choose two.)


A. LMI messages are being sent on DLCI 0.
B. LMI messages are being sent on DLCI 1023.
C. Interface Serial0/0 is not configured to encapsulate Frame Relay.
D. The Frame Relay switch is not responding to LMI requests from the router.
E. The LMI exchange between the router and Frame Relay switch is functioning properly.
F. The router is providing a clock signal on Serial0/0 on the circuit to the Frame Relay switch.
Answer: AD
183. Hotspot

Answer:

184. LAB

Answer:
Router>en
Router#config terminal
Router(config)#hostname Weaver
Router(config)#ip nat pool name test 198.18.184.105 198.18.184.110 netmask 255.255.255.248
Router(config)#ip nat inside source list 1 pool test
Router(config)#access-list 1 permit 192.168.100.16 0.0.0.15
Router(config)#int s0/0
Router(config-if)#ip nat outside
Router(config-if)#exit
Router(config-if)#int fa0/0
Router(config-if)#ip nat inside
185. Refer to the exhibit. The partial frame shown in the exhibit displays select header information as it arrives at the destination host. Which graphic represents the correct header information in the responding frame returned to the remote host?

Answer: D
186. A dental firm is redesigning the network that connects its three locations. The administrator gave the networking team 192.168.164.0 to use for addressing the entire netwok. After subnetting the address, the team is ready to assign the addresses. The administrator plans to configure ip subnet-zero and use RIP v2 as the routing protocol. As a member of the networking team, you must address the network and at the same time conserver unused addresses for future growth. With those goals in mind, drag the host addresses on the left to the correct router interface. Once of the routers is partially configured. Move your mouse over a router to view its configuration. Not all of the host addresses on the left are necessary.


Answer:


187. In order to complete a basic switch configuration, drag each switch IOS command on the left to its purpose on the right.

Answer:

188. Refer to the exhibit. After HostA pings HostB, which entry will be in the ARP cache of HostA to support this transmission?

Answer: D
189. Which two topologies are using the correct type of twisted-pair cables? (Choose two.)

Answer: D E
190. Drop

Answer:


191. A host with the address of 192.168.125.34 /27 needs to be denied access to all hosts outside its own subnet. To accomplish this, complete the command in brackets, [access-list 100 deny protocol address mask any ], by dragging the appropriate options on the left to their correct placeholders on the right.

Answer:


192. This topology contains 3 routers and 1 switch. Complete the topology.
Drag the appropriate device icons to the locations labeled Device.
Drag the appropriate connections to the locations labeled Connections.
Drag the appropriate IP addresses to the locations labeled IP address. (Hint : Use the given host addresses and the Main router information given) To remove a device or connection , drag it away from the topology. Use information gathered from the Main router to complete the configuration of any additional routers. No passwords are required to access the Main router. The config terminal command has been disabled for the HQ router. This router does not require configuration. Configrue each additional router with the following you should input:
Main>enable
Main#show run
in "terminal" on the right side
to check the address information configured on main-router.
you can see the following information after you input the above command:
Show run 1:
interface FastEthernet0/0
ip address 192.168.152.190 255.255.255.240
interface Serial0/0
ip address 192.168.152.174 255.255.255.240
clockrate 64000
Show run 2:
interface FastEthernet0/0
ip address 192.168.152.190 255.255.255.240
interface Serial0/0
ip address 192.168.152.174 255.255.255.240
clockrate 64000
ip classless
ip http server
line con 0
line aux 0
line vty 0 4
login
! end
Main#

Answer:

193、IP addresses and routing for the network are configured as shown in the exhibit.
The network administrator issues the show ip eigrp neighbors command from Router1 and receives the output shown below the topology. Which statement is true?
A. It is normal for Router1 to show one active neighbor at a time to prevent routing loops.
B. Routing is not completely configured on Router3.
C. The IP addresses are not configured properly on the Router1 and Router3 interfaces.
D. The no auto-summary command configured on the routers prevents Router1 and Router2 from
forming a neighbor relationship.
Answer: B

194、Refer to the topology.

The diagram represents a small network with a single connection to the Internet. Using the information shown, answer the following questions.
If the router R1 has a packet with a destination address 192.168.1.255, what describes the operation of the network?
A. R1 will forward the packet out all interfaces.
B. R1 will drop this packet because this it is not a valid IP address.
C. As R1 forwards the frame containing this packet, Sw-A will add 192.168.1.255 to its MAC table.
D. R1 will encapsulate the packet in a frame with a destination MAC address of FF-FF-FF-FF-FFFF.
E. As R1 forwards the frame containing this packet, Sw-A will forward it to the device assigned
the IP address of 192.168.1.255.
Answer: A
195、Users on the 192.168.1.0/24 network must access files located on the Server 1. What route could be configured on router R1 for file requests to reach the server?
A. ip route 0.0.0.0 0.0.0.0 s0/0/0
B. ip route 0.0.0.0 0.0.0.0 209.165.200.226
C. ip route 209.165.200.0 255.255.255.0 192.168.1.250
D. ip route 192.168.1.0 255.255.255.0 209.165.100.250 aswer: C
196、When a packet is sent from Host 1 to Server 1, in how many different frames will the packet be
encapsulated as it is sent across the internetwork?
A. 0 B. 1 C. 2 D. 3 E. 4 Answer: D
196、What must be configured on the network in order for users on the Internet to view web pages
located on Web Server 2?
A. On router R2, configure a default static route to the 192.168.1.0 network.
B. On router R2, configure DNS to resolve the URL assigned to Web Server 2 to the
192.168.1.10 address.
C. On router R1, configure NAT to translate an address on the 209.165.100.0/24 network to
192.168.1.10.
D. On router R1, configure DHCP to assign a registered IP address on the 209.165.100.0/24
network to Web Server 2.
Answer: A
197、The router address 192.168.1.250 is the default gateway for both the Web Server 2 and Host 1.
What is the correct subnet mask for this network?
A. 255.255.255.0 B. 255.255.255.192 C. 255.255.255.250 D. 255.255.255.252
Answer: D
198.Which statement is true about full-duplex Ethernet in comparison to half-duplex Ethernet?

A. Full-duplex Ethernet consists of a shared cable segment. Half-duplex Ethernet provides a point-to-point link.

B. Full-duplex Ethernet uses a loopback circuit to detect collisions. Half-duplex Ethernet uses a jam signal.

C. Full-duplex Ethernet can provide higher throughput than can half-duplex Ethernet of the same bandwidth.

D. Full-duplex Ethernet uses two wires to send and receive. Half-duplex Ethernet uses one wire to send and receive.

Answer: C

解释一下:全双工和半双工的区别:全双工的是既能收也能发,而半双工是在收的时候是不能发数据的。所以他能更有效得利用带宽。所以对于相同的带宽,全双工的比半双工的能提供更高的吞吐量。