CCNP&CCIE Security SCOR思科认证网络工程师题库5.docx

CCNP/CCIESecuritySCOR题库5QUESTION1DRAGDROPDraganddroptheOSsfromtheleftontothecorrectdescriptionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZReference:Reference:QUESTION2Refertotheexhibit.P3andPE4areattheedgeoftheserviceprovidercoreandserveasABRrouters.Aggregationareasareoneithersideofthecore.Whichstatementaboutthearchitectureistrue?A. TosupportseamlessMPLS1theBGProutereflectorfeaturemustbedisabled.B. IfeachareaisrunningitsownIGP1BGPmustprovideanend-to-endMPLSLSP.C. IfeachareaisrunningitsownIGP1theABRroutersmustredistributetheIGProutingtableintoBGP.D. TosupportseamlessMPLStTDPmustbeusedasthelabelprotocol.CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:12/configuration_guide/mpls/b_1612_mpls_9600_cg/configuring_seamless_mpls.htmlQUESTION3WhichcomponentissimilartoanEVPNinstance?A. routerdistiguisherB. MPLSlabelC. IGProuterIDD. VRFCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:QUESTION4WhydoCiscoMPLSTEtunnelsrequirealink-stateroutingprotocol?A. Thelink-statedatabaseprovidessegmentationbyarea,whichimprovesthepath-selectionprocess.B. Thelink-statedatabaseprovidesadatarepositoryfromwhichthetunnelendpointscandynamicallyselectasourceID.C. 1.ink-stateroutingprotocolsuseSPFcalculationsthatthetunnelendpointsleveragetoimplementthetunnel.D. Thetunnelendpointsusethelink-statedatabasetoevaluatetheentiretopologyanddeterminethebestpath.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION5Refertotheexhibit.BGPsecisimplementedonRl1R2,R3,andR4.BGPpeeringisestablishedbetweenneighboringautonomoussystems.Whichstatementaboutimplementationistrue?A. BGPupdatesfromtheiBGPpeersareappendedwithacommunityoflocal-as.B. BGPupdatesfromtheallBGPpeersareappendedwithacommunityofno-export.C. BGPupdatesfromtheeBGPpeersareappendedwithanadditionalASpathvaluethatisstaticallysetbythedomainadministrator.D. BGPupdatesfromtheeBGPpeersareappendedwithaBGPsecattributesequencethatincludesapublickeyhashanddigitalsignature.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION6YouareconfiguringMPLStraffic-engineeringtunnelsinthecore.Whichtwowaysexistforthetunnelpathacrossthecore?(Choosetwo.)A. ThedynamicpathoptionissupportedonlywithIS-IS.B. Tunnelscanbeconfiguredwithdynamicpathorexplicitlydefinedpath.C. Azerobandwidthtunnelisnotavalidoption.D. Thebandwidthstatementcreatesa,*hard,'reservationonthelink.E. TunnellinksinheritIGPmetricsbydefaultunlessoverridden.CorrectAnswer:BESection:ArchitectureExplanationExpIanationZReference:QUESTION7WhichconfigurationmodedoyouusetoapplythemplsIdpgraceful-restartcommandinIOSXESoftware?A. MPLSLDPneighborB. interfaceC. MPLSD. globalCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION8Afteryouanalyzeyournetworkenvironment,youdecidetoimplementafullseparationmodelforInternetaccessandMPLSL3VPNservices.Forwhichreasondoyoumakethisdecision?A. ItenablesEGPandIGPtooperateindependently.B. Itenablesyoutochoosewhethertoseparateorcentralizeeachindividualservice.C. Itiseasiertomanageasysteminwhichservicesaremixed.D. Itrequiresonlyoneedgerouter.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION9WhichstatementabouttheCiscoMPLSTEforwardingadjacencyfeatureistrue?A. ItenablestheMPLScoretouse日GRPastheroutingprotocol.B. ItenablestheCiscoMPLSTEtunneltobeadvertisedintotherunningIGP.C. Itenablesthetailendroutertoadvertiseroutestotheheadendrouteroverthetunnel.D. Itenablestheheadendandtailendrouterstoestablishabidirectionaltunnel.CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:xml/ios/mp_te_path_setup/configuration/xe-16/mp-te-path-setup-xe-16-book/mpls-traffic-engineering-forwarding-adjacency.pdfQUESTION10WhileimplementingTTLsecurity,youissuethePE(config-router-af)#neighbor2.2.2.2ttl-securityhops2command.Afteryouissuethiscommand,whichBGPpacketsdoesthePEaccept?A. to2.2.2.2,withaTTLof2ormoreB. from2.2.2.2,withaTTLoflessthan2C. to2.2.2.2,withaTTLoflessthan253D. from2.2.2.2,withaTTLof253ormoreCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/ios/12_2sx/feature/guide/fsxebtsh.html#wpl059215QUESTION11ipflow-exportdestination192.168.1.2ipflow-exportversion9interfacegigabitethernet1ipflowingressRefertotheexhibits.Whichinformationisprovidedfortracebackanalysiswhenthisconfigurationisapplied?A. sourceinterfaceB. packetsizedistributionC. IPsubflowcacheD. BGPversionCorrectAnSWe匚CSection:ArchitectureExplanationExpIanationZReference:Refertotheexhibit.RlisconnectedtotwoserviceprovidersandisunderaDDoSattack.WhichstatementaboutthisdesignistrueifURPFinstrictmodeisconfiguredonbothinterfaces?A. RldropsalltrafficthatingresseseitherinterfacethathasaFIBentrythatexitsadifferentinterface.B. Rldropsdestinationaddressesthatareroutedtoanullinterfaceontherouter.C. RlpermitsasymmetricroutingaslongastheAS-PATHattributeentrymatchestheconnectedAS.D. Rlacceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION13ipcefinterfacegigabitethernet1ipverifyunicastsourcereachable-viaanyRefertotheexhibit.Router1wasexperiencingaDDoSattackthatwastracedtointerfacegigabitetheretl.Whichstatementaboutthisconfigurationistrue?A. Router1acceptsalltrafficthatingressesandegressesinterfacegigabitetheretl.B. Router1dropsalltrafficthatingressesinterfacegigabitethernetlthathasaFIBentrythatexitsadifferentinterface.C. Router1acceptssourceaddressesthathaveamatchintheFIBthatindicatesitisreachablethrougharealinterface.D. Router1acceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Reference:os/security/configuration/guide/sec_nx-os-cfg/sec_urpf.htmlQUESTION14Router1:iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setlocalpreference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute<mapddosRouter2:Interfacegigabitethernet1ipverifyunicastreverse-pathRefertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router2istherouterreceivingtheDDoSattack.B. Router1mustbeconfiguredwithuRPFfortheRTBHimplementationtobeeffective.C. Router1isthetriggerrouterinaRTBHimplementation.D. Router2mustconfigurearoutetonull0fornetwork192.168.1.0/24fortheRTBHimplementationtobecomplete.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION15WhichconfigurationmodifiesLocalPacketTransportServiceshardwarepolicies?A.configureIptspoliceexceptioninvalidrate400protocolcdprate50protocolarprate5000B.configureIptspifibpolicehardwareflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibpolicehardwarelocation0/2flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefaultrate100C.configureIptspifibhardwarepoliceflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibhardwarepolicelocation02CPU0flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefaultrate100!D.configureIptspuntpolicelocation00CPU0exceptioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference:l/addr_serv/command/reference/b_ipaddr_cr41crs/b_ipaddr_cr41crs_chapter_0111.html#wpl754734006QUESTION16WhichadditionalfeaturedoesMPLSDiffServtunnelingsupport?A. matchingEXPandDSCPvaluesB. PHBlayermanagementC. usingGREtunnelstohidemarkingsD. interactionbetweenMPLSandIGPCorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:mtmp-te-diffserv-15-mt-bookmp-diffserv-tun-mode.htmlQUESTION17YouarecreatingnewCiscoMPLSTEtunnels.WhichtypeofRSVPmessagedoestheheadendroutersendtoreservebandwidthonthepathtothetailendrouter?A. pathB. tearC. errorD. reservationCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION18WhichstatementdescribestheadvantageofaMulti-Layercontrolplane?A. ItprovidesmultivendorconfigurationcapabilitiesforLayer3toLayer1.B. Itautomaticallyprovisions,monitors,andmanagestrafficacrossLayerOtoLayer3.C. ItsupportsdynamicwavelengthrestorationinLayerO.D. Itminimizeshumanerrorconfiguringconvergednetworks.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION19DRAGDROPDraganddropthetechnologiesfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZReference:QUESTION20AnengineerissettingupOVerl叩PingVPNstoallowVRFABCandXYZtocommunicatewithVRFCENTRALbutwantstomakesurethatVRFABCandXYZcannotcommunicate.Whichconfigurationaccomplishestheseobjectives?A.vrfABCad(±ress-familyipv4unicastimportr*oute-tarbge七65000:1111Iexportroute-target65000:1111!vrfXYZad-dxess-familyipv4unicastimportroute-target65000:22221exportroute-target65000:222265000:111165000:333365000:111165000:2222!vrfCENTRALaddress-familyipv4unicastimportrout,e-tarcjetexportrou七e-targe七65000:333365000:Illl65000:2222B.vrfABCaddress-familyipv4UniUaS七lnortroute-targe七65000:111165000:4444!exportroute-target65000:111165000:3333!vrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:4444!exportroute-target65000:222265000:3333!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexport.route-target65000:4444C.vrfABCaddress-familyipv4unicastiortroute-target65000:111165000:4444Iexportroute-target65000:111165000:3333!vrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3333!exportroute-target65000:222265000:4444!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333!exportroute-target65000:4444D.vrfABCaddress-familyipv4unicastimportroute-target65000:111165000:3333Iexportroute-target65000:111165000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3333Iexportroute-target65000:222265000:3333IvrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333!exportroute-target65000:3333CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:QUESTION21Router1:iproute192.0.2.0255.255.255.0null0iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setipnext-hop192.0.2.1setlocal-preference150setCcxnmunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:iproute192.0.2.0255.255.256.0null0Refertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router1andRouter2advertisetherouteto192.0.2.0toallBGPpeers.B. Alltrafficto192.168.1.0/24isdropped.C. Alltrafficisdropped.D. Router1dropsalltrafficwithalocal-preferencesetto150.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION22WhichMPLSdesignattributecanyouusetoprovideInternetaccesstoamajorcustomerthroughaseparatededicatedVPN?A. TheInternetgatewayrouterisconnectedasaPEroutertotheMPLSbackbone.B. TheCEroutersupportsVRF-LiteandthefullBGProutingtable.C. TheInternetgatewayinsertsthefullInternetBGProutingtableintotheInternetaccessVPN.D. ThecustomerthatneedstheInternetaccessserviceisassignedtothesameRTsastheInternetgateway.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION23QUESTION23WhichconfigurationenablesBGPFIowSpecclientfunctionandinstallationofpoliciesonalllocalinterfaces?A. flowspecaddress-familyipv4local-installinterface-allB. flowspecaddress-familyipv4installinterface-alllocalC. flowspecaddress-familyipv4installinterface-allD. flowspecaddress-familyipv4local-installall-interfaceCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION24CE1#interfaceFastEthernet/0/0/1description*HUBCEnonrouter*ipaddress10.0.12.1255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0CE2#interfaceSerial009description*SPOKECErouter*encapsulationpppipaddress10.0.12.12255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0Refertotheexhibit.AnetworkengineerisconfiguringcustomeredgerouterstofinalizeaL2VPNoverMPLSdeployment.AssumethattheAToML2VPNservicethatconnectsthetwoCEsisconfiguredcorrectlyontheserviceprovidernetwork.Whichactioncausesthesolutiontofail?A. OSPFdoesnotworkwithL2VPNservices.B. Theroutingprotocolnetworktypesarenotcompatible.C. Aloopbackwitha/32IPaddresshasnotbeenused.D. Thexconectstatementhasnotbeendefined.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:QUESTION25AnengineerworkingfortelecommunicationcompanyneedstosecuretheLANnetworkusingaprefixlist.Whichbestpracticeshouldtheengineerfollowwhenheimplementsaprefixlist?A. Anengineermustidentifytheprefixlistwithanumberonly.B. Thefinalentryinaprefixlistmustbe/32.C. Anengineermustincludeonlytheprefixesforwhichheneedstologactivity.D. Anengineermustusenonsequentialsequencenumbersintheprefixlistsothathecaninsertadditionalentrieslater.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION26interfacegigabitethernet10xconnect192.168.0.112encapsulationmplspw-classciscoRefertotheexhibit.Whicheffectofthisconfigurationistrue?A. ItenablesMPLSontheinterface.B. Itcreatesapseudowireclassnamedcisco.C. ItenablesAToMoninterfacegigabitethernetl/O.D. ItenablestaggingforVLAN12ontheinterface.CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference: