CCNP&CCIE Security SCOR思科认证网络工程师题库6.docx
-
资源ID:6745733
资源大小:203.21KB
全文页数:58页
- 资源格式: DOCX
下载积分:5金币
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
CCNP&CCIE Security SCOR思科认证网络工程师题库6.docx
CCNP/CCIESecuritySCOR题库6QUESTION1DRAGDROPDraganddroptheOSsfromtheleftontothecorrectdescriptionsontheright.SelectandPlace:CorrectAnswerSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION2PElP2P3PE4Refertotheexhibit.P3andPE4areattheedgeoftheserviceprovidercoreandserveasABRrouters.Aggregationareasareoneithersideofthecore.Whichstatementaboutthearchitectureistrue?A. TosupportseamlessMPLS1theBGProutereflectorfeaturemustbedisabled.B. IfeachareaisrunningitsownIGP1BGPmustprovideanend-to-endMPLSLSP.C. IfeachareaisrunningitsownIGP1theABRroutersmustredistributetheIGProutingtableintoBGP.D. TosupportseamlessMPLS1TDPmustbeusedasthelabelprotocol.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:Reference:12/configuration_guide/mpls/b_1612_mpls_9600_cg/configuring_seamless_mpls.htmlQUESTION3WhichcomponentissimilartoanEVPNinstance?A. routerdistinguisherB. MPLSlabelC. IGProuterIDD. VRFCorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION4WhydoCiscoMPLSTEtunnelsrequirealink-stateroutingprotocol?A. Thelink-statedatabaseprovidessegmentationbyarea,whichimprovesthepath-selectionprocess.B. Thelink-statedatabaseprovidesadatarepositoryfromwhichthetunnelendpointscandynamicallyselectasourceID.C. 1.ink-stateroutingprotocolsuseSPFcalculationsthatthetunnelendpointsleveragetoimplementthetunnel.D. Thetunnelendpointsusethelink-statedatabasetoevaluatetheentiretopologyanddeterminethebestpath.CorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:QUESTION5R1R3AS65512AS65514Refertotheexhibit.BGPsecisimplementedonRl1R2,R3,andR4.BGPpeeringisestablishedbetweenneighboringautonomoussystems.Whichstatementaboutimplementationistrue?A. BGPupdatesfromtheiBGPpeersareappendedwithacommunityoflocal-as.B. BGPupdatesfromtheallBGPpeersareappendedwithacommunityofno-export.C. BGPupdatesfromtheeBGPpeersareappendedwithanadditionalASpathvaluethatisstaticallysetbythedomainadministrator.D. BGPupdatesfromtheeBGPpeersareappendedwithaBGPsecattributesequencethatincludesapublickeyhashanddigitalsignature.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION6YouareconfiguringMPLStraffic-engineeringtunnelsinthecore.Whichtwowaysexistforthetunnelpathacrossthecore?(Choosetwo.)A. ThedynamicpathoptionissupportedonlywithIS-IS.B. Tunnelscanbeconfiguredwithdynamicpathorexplicitlydefinedpath.C. Azerobandwidthtunnelisnotavalidoption.D. hebandwidthstatementcreatesauhard,'reservationonthelink.E. TunnellinksinheritIGPmetricsbydefaultunlessoverridden.CorrectAnswerBESection:ArchitectureExplanationExpIanationZReference:QUESTION7WhichconfigurationmodedoyouusetoapplythemplsIdpgraceful-restartcommandinIOSXESoftware?A. MPLSLDPneighborB. interfaceC. MPLSD. globalCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION8Afteryouanalyzeyournetworkenvironment,youdecidetoimplementafullseparationmodelforInternetaccessandMPLSL3VPNservices.Forwhichreasondoyoumakethisdecision?A. ItenablesEGPandIGPtooperateindependently.B. Itenablesyoutochoosewhethertoseparateorcentralizeeachindividualservice.C. Itiseasiertomanageasysteminwhichservicesaremixed.D. Itrequiresonlyoneedgerouter.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION9WhichstatementabouttheCiscoMPLSTEforwardingadjacencyfeatureistrue?A. ItenablestheMPLScoretouse日GRPastheroutingprotocol.B. ItenablestheCiscoMPLSTEtunneltobeadvertisedintotherunningIGP.C. Itenablesthetailendroutertoadvertiseroutestotheheadendrouteroverthetunnel.D. Itenablestheheadendandtailendrouterstoestablishabidirectionaltunnel.CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:https:WWW.cisco.Comcenustddocsios-XmI/ios/mptepathsetup/configuration/xe-16/mptepathsetupxe16book/mplstrafficengineering-forwarding-adjacency.pdfWhileimplementingTTLsecurity,youissuethePE(config-router-af)#neighbor2.2.2.2ttl-securityhops2command.Afteryouissuethiscommand,whichBGPpacketsdoesthePEaccept?A. to2.2.2.2,withaTTLof2ormoreB. from2.2.2.2,withaTTLoflessthan2C. to2.2.2.2twithaTTLoflessthan253D. from2.2.2.2,withaTTLof253ormoreCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/ios/12_2sx/feature/guide/fsxebtsh.html#wpl059215QUESTION11ipflow-exportdestination192.168.1.2ipflow-exportversion9interfacegigabitethernet1ipflowingressRefertotheexhibits.Whichinformationisprovidedfortracebackanalysiswhenthisconfigurationisapplied?A. sourceinterfaceB. packetsizedistributionC. IPsubflowcacheD. BGPversionCorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Refertotheexhibit.RlisconnectedtotwoserviceprovidersandisunderaDDoSattack.WhichstatementaboutthisdesignistrueifURPFinstrictmodeisconfiguredonbothinterfaces?A. RldropsalltrafficthatigresseseitherinterfacethathasaFIBentrythatexitsadifferentinterface.B. Rldropsdestinationaddressesthatareroutedtoanullinterfaceontherouter.C. RlpermitsasymmetricroutingaslongastheAS-PATHattributeentrymatchestheconnectedAS.D. Rlacceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION13ipcefinterfacegigabitethernet1ipverifyunicastsourcereachable-viaanyRefertotheexhibit.Router1wasexperiencingaDDoSattackthatwastracedtointerfacegigabitethernetl.Whichstatementaboutthisconfigurationistrue?A. Router1acceptsalltrafficthatingressesandegressesinterfacegigabitethernetl.B. Router1dropsalltrafficthatingressesinterfacegigabitethernetlthathasaFIBentrythatexitsadifferentinterface.C. Router1acceptssourceaddressesthathaveamatchintheFIBthatindicatesitisreachablethrougharealinterface.D. Router1acceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION14Router1:iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setlocalpreference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:Interfacegigabitethernet1ipverifyunicastreverse-pathRefertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router2istherouterreceivingtheDDoSattack.B. Router1mustbeconfiguredwithuRPFfortheRTBHimplementationtobeeffective.C. Router1isthetriggerrouterinaRTBHimplementation.D. Router2mustconfigurearoutetonull0fornetwork192.168.1.0/24fortheRTBHimplementationtobecomplete.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION15WhichconfigurationmodifiesLocalPacketTransportServiceshardwarepolicies?A.configureIptspoliceexceptioninvalidrate400protocolcdprate50protocolarprate5000B.configureIptspifibpolicehardwareflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibpolicehardwarelocation0/2flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefaultrate100c.configureIptspuntpolicelocation00CPU0exceptioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200D.configureIptspuntpolicelocation00CPU0exceptioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200CorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Reference:l/addr_serv/command/reference/b_ipaddr_cr41crs/b_ipaddr_cr41crs_chapter_0111.html#wpl754734006QUESTION16WhichadditionalfeaturedoesMPLSDiffServtunneIingsupport?A. matchingEXPandDSCPvaluesB. PHBlayermanagementC. usingGREtunnelstohidemarkingsD. interactionbetweenMPLSandIGPCorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION17YouarecreatingnewCiscoMPLSTEtunnels.WhichtypeofRSVPmessagedoestheheadendroutersendtoreservebandwidthonthepathtothetailendrouter?A. pathB. tearC. errorD. reservationCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION18WhichstatementdescribestheadvantageofaMulti-Layercontrolplane?A. ItprovidesmultivendorconfigurationcapabilitiesforLayer3toLayer1.B. Itautomaticallyprovisions,monitors,andmanagestrafficacrossLayer0toLayer3.C. ItsupportsdynamicwavelengthrestorationinLayer0.D. Itminimizeshumanerrorconfiguringconvergednetworks.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION19DRAGDROPDraganddropthetechnologiesfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZReference:QUESTION20AnengineerissettingupoverlappingVPNstoallowVRFABCandXYZtocommunicatewithVRFCENTRALbutwantstomakesurethatVRFABCandXYZcannotcommunicate.Whichconfigurationaccomplishestheseobjectives?A.vrfABCaddress-familyipv4unicasti11ortroute-target65000:111165000:4444Iexportroute-target65000:111165000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:4444Iexportroute-target65000:222265000:3333!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexportroute-target65000:4444B.vrfABCaddress-familyipv4unicastimportroute-target65000:1111!exportroute-target65000:1111IvrfXYZaddress-familyipv4unicastimportroute-target65000:2222!exportroute-target65000:222265000:1111!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:333365000:111165000:2222!exportroute-target65000:333365000:111165000:2222C.vrfABCaddress-familyipv4unicastimportroute-target65000:111165000:4444fexportroute-target65000:111165000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3333!exportroute-target65000:222265000:4444IvrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexportroute-target65000:4444D.vrfABCaddress-familyipv4unicastimportroute-target65000:111165000:3333Iexportroute-target65000:111165000:3333IvrfXYZaddress-famiIyipv4unicastimportroute-target65000:222265000:3333!exportroute-target65000:222265000:3333IvrfCENTRALaddress-famiIyipv4unicastimportroute-target65000:3333Iexportroute-target65000:3333CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:QUESTION21Router1:iproute192.0.2.0255.255.255.0null0iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setipnext-hop192.0.2.1setlocal-preference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:iproute192.0.2.0255.255.255.0null0Refertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router1andRouter2advertisetherouteto192.0.2.0toallBGPpeers.B. Alltrafficto192.168.1.0/24isdropped.C. Alltrafficisdropped.D. Router1dropsalltrafficwithalocal-preferencesetto150.CorrectAnswerASection:ArchitectureExplanationQUESTION22WhichMPLSdesignattributecanyouusetoprovideInternetaccesstoamajorcustomerthroughaseparatededicatedVPN?A. TheInternetgatewayrouterisconnectedasaPEroutertotheMPLSbackbone.B. TheCEroutersupportsVRF-LiteandthefullBGProutingtable.C. TheInternetgatewayinsertsthefullInternetBGProutingtableintotheInternetaccessVPN.D. ThecustomerthatneedstheInternetaccessserviceisassignedtothesameRTsastheInternetgateway.CorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:QUESTION23WhichconfigurationenablesBGPFIowSpecclientfunctionandinstallationofpoliciesonalllocalinterfaces?A. flowspecaddress-familyipv4local-installinterface-allB. flowspecaddress-familyipv4installinterface-alllocalC. flowspecaddress-familyipv4installinterface-allD. flowspecaddress-familyipv4local-installall-interfaceCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION24CE1#interfaceFastEthernet/0/0/1description*HUBCEnonrouteripaddress10.0.12.1255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0CE2#interfaceSerial009description*SPOKECErouter*encapsulationpppipaddress10.0.12.12255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0Refertotheexhibit.AnetworkengineerisconfiguringcustomeredgerouterstofinalizeaL2VPNoverMPLSdeployment.AssumethattheAToML2VPNservicethatconnectsthetwoCEsisconfiguredcorrectlyontheserviceprovidernetwork.Whichactioncausesthesolutiontofail?A. OSPFdoesnotworkwithL2VPNservices.B. Theroutingprotocolnetworktypesarenotcompatible.C. Aloopbackwitha/32IPaddresshasnotbeenused.D. Thexconectstatementhasnotbeendefined.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:QUESTION25AnengineerworkingfortelecommunicationcompanyneedstosecuretheLANnetworkusingaprefixlist.Whichbestpracticeshouldtheengineerfollowwhenheimplementsaprefixlist?A. Anengineermustidentifytheprefixlistwithanumberonly.B. Thefinalentryinaprefixlistmustbe/32.C. Anengineermustincludeonlytheprefixesforwhichheneedstologactivity.D. Anengineermustusenonsequentialsequencenumbersintheprefixlistsothathecaninsertadditionalentrieslater.CorrectAnswerDSection:ArchitectureExplanationQUESTION26interfacegigabitethernet10xconnect192.168.0.112encapsulationmplspw-classciscoRefertotheexhibit.Whicheffectofthisconfigurationistrue?A. ItenablesMPLSontheinterface.B. Itcreatesapseudowireclassnamedcisco.C. ItenablesAToMoninterfacegigabitethernetl/O.D. ItenablestaggingforVLAN12ontheinterface.CorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION27PE-A#showipbgpvpnv4vrfCustomer-Aneighbors10.10.10.2routesBGPtableversionis13148019,localrouterIDis10.10.10.10Statuscod
