当前位置：文档库 › 最新CCNA题库,Word版

最新CCNA题库,Word版

1.What are two reasons that a network administrator would use access lists? (Choose two.)

A. to control vty access into a router

B. to control broadcast traffic through a router

C. to filter traffic as it passes through a router

D. to filter traffic that originates from the router

E. to replace passwords as a line of defense against security incursions Answer: AC

解释一下：在VTY线路下应用ACL，可以控制从VTY线路进来的telnet的流量。

也可以过滤穿越一台路由器的流量。

2.A default Frame Relay WAN is classified as what type of physical network?

A. point-to-point

B. broadcast multi-access

C. nonbroadcast multi-access

D. nonbroadcast multipoint

E. broadcast point-to-multipoint

Answer: C

解释一下：在默认的情况下，帧中继为非广播多路访问链路。但是也可以通过子接口来修改他的网络的类型。

3.Refer to the exhibit. How many broadcast domains exist in the exhibited topology?

A. one

B. two

C. three

D. four

E. five

F. six

Answer: C

解释一下：广播域的问题，在默认的情况下，每个交换机是不能隔离广播域的，所以在同一个区域的所有交换机都在同一个广播域中，但是为了减少广播的危害，将广播限制在一个更小的范围，有了VLAN的概念，VLAN表示的是一个虚拟的局域网，而他的作用就是隔离广播。所以被VLAN隔离了的每个区域都表示一个单独的广播域，这样一个VLAN中的广播的流量是不能传到其他的区域的，所以在上题中就有3个广播域了。

4.A single 802.11g access point has been configured and installed in the center of

a square office. A few wireless users are experiencing slow performance and drops while most users are operating at peak efficiency. What are three likely causes of this problem? (Choose three.)

A. mismatched TKIP encryption

B. null SSID

C. cordless phones

D. mismatched SSID

E. metal file cabinets

F. antenna type or direction

Answer: CEF

解释一下:cordless phones：无线电话。

metal file cabinets：金属文件柜。

antenna type or direction：天线类型及方向。

TKIP：Temporal Key Integrity Protocol（暂时密钥集成协议）负责处理无线安全问题的加密部分。如果加密出了问题，那么就根本连接不上，而不会出现性能下降的问题。

SSID（Service Set Identifier）也可以写为ESSID，用来区分不同的网络。如果是空的ssid，那么也会出现不能联网的情况

5.Refer to the exhibit. What two facts can be determined from the WLAN diagram? (Choose two.)

A. The area of overlap of the two cells represents a basic service set (BSS).

B. The network diagram represents an extended service set (ESS).

C. Access points in each cell must be configured to use channel 1.

D. The area of overlap must be less than 10% of the area to ensure connectivity.

E. The two APs should be configured to operate on different channels.

Answer: BE

解释一下：一个ap提供的覆盖范围称为一个microcell，微单元.或者是基本服务区域，basic service area，当有多个微单元连接到lan，就称为扩展服务级。往往可以通过增加ap来连接，如果一个ap不能满足覆盖范围，可以增加ap，建议两个ap重叠区域为10－15％。

6.The command frame-relay map ip 10.121.16.8 102 broadcast was entered on the router. Which of the following statements is true concerning this command?

A. This command should be executed from the global configuration mode.

B. The IP address 10.121.16.8 is the local router port used to forward data.

C. 102 is the remote DLCI that will receive the information.

D. This command is required for all Frame Relay configurations.

E. The broadcast option allows packets, such as RIP updates, to be forwarded across the PVC.

Answer: E

解释一下：关于命令 frame-relay map ip 10.121.16.8 102 broadcast ,这个命令用于手工静态添加一条映射，到达10.121.16.8的流量封装一个DLCI号为102，而且这条PVC是支持广播的流量的，比如RIP的更新包。因为在默认的情况下，帧中继的网络为非广播的，而RIP 在其上是无法发包的。

7.Which type of attack is characterized by a flood of packets that are requesting

a TCP connection to a server?

A. denial of service

B. brute force

C. reconnaissance

D. Trojan horse

Answer: A

解释一下:请求tcp连接到服务器的攻击其是就是syn-flooding攻击，利用tcp三次握手的天生缺陷，向对方主机发送大量的syn位置1的请求包，造成对方服务器正常服务的中断正常的服务这是一种典型的dos攻击，就是拒绝服务攻击：denial of service。

8.Which of the following are associated with the application layer of the OSI model?

(Choose two.)

A. ping

B. Telnet

C. FTP

D. TCP

E. IP

Answer: BC

解释一下：在OSI 7层模型中位于应用层的应用有telnet 、ftp 、http、smtp等等。

9. For security reasons, the network administrator needs to prevent pings into the corporate networks from hosts outside the internetwork. Which protocol should be blocked with access control lists?

A. IP

B. ICMP

C. TCP

D. UDP

Answer: B

解释一下：PING命令利用ICMP协议的echo,和 echo-replay两个报文来检测链路是否连通的。所以如果要阻止PING的流量到网络，就只要过滤掉ICMP的应用就可以了。

10.Refer to the exhibit. The network administrator has created a new VLAN on Switch1 and added host C and host D. The administrator has properly configured switch interfaces FastEthernet0/13 through FastEthernet0/24 to be members of the new VLAN. However, after the network administrator completed the configuration, host A could communicate with host B, but host A could not communicate with host C or host D. Which commands are required to resolve this problem?

A. Router(config)# interface fastethernet 0/1.3

Router(config-if)# encapsulation dot1q 3

Router(config-if)# ip address 192.168.3.1 255.255.255.0

B. Router(config)# router rip

Router(config-router)# network 192.168.1.0

Router(config-router)# network 192.168.2.0

Router(config-router)# network 192.168.3.0

C. Switch1# vlan database

Switch1(vlan)# vtp v2-mode

Switch1(vlan)# vtp domain cisco

Switch1(vlan)# vtp server

D. Switch1(config)# interface fastethernet 0/1

Switch1(config-if)# switchport mode trunk

Switch1(config-if)# switchport trunk encapsulation isl

Answer: A

解释一下：这是一个多VLAN间通讯的问题，虽然都同在一台交换机上，但是由于处在不同的VLAN中，而导致了不同VLAN中的主机是不能通讯的。这时我们就需要借助与trunk和三层的路由功能了，在交换机和路由器之间封装TRUNK，这样可以允许交换机间的二层的通讯，但是由于两个VLAN是划分到不同的网段中的，因此需要借助路由器的路由功能来实现三层的

可达，可以将VLAN中的主机的网关指定为路由器与该VLAN相连的子接口的地址，这样VLAN 中的数据包就都会发往网关，而由网关来进行进一步的转发。

在这个题中，题目给出了路由器的的子接口的网段，而又给出了VLAN 2与路由器相连的接口的IP地址，所以剩下的一个网段就是给VLAN 3的了，所以要在路由器上将与一个子接口划分到VLAN 3，并给其分配另一个网段中的IP地址。这样就可以了。

11.What are two recommended ways of protecting network device configuration files from outside network security threats? (Choose two.)

A. Allow unrestricted access to the console or VTY ports.

B. Use a firewall to restrict access from the outside to the network devices.

C. Always use Telnet to access the device command line because its data is automatically encrypted.

D. Use SSH or another encrypted and authenticated transport to access device configurations.

E. Prevent the loss of passwords by disabling password encryption.

Answer: BD

解释一下：要确保外部的安全的站点才可以访问我的网络，这就涉及到了安全的问题了，我们可以使用防火墙来限制外网中来的设备；也可以通过SSH或加密和认证来控制访问设备配置信息。

12.Refer to the exhibit. The access list has been configured on the S0/0 interface of router RTB in the outbound direction. Which two packets, if routed to the interface, will be denied? (Choose two.)

access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet

access-list 101 permit ip any any

A. source ip address: 192.168.15.5; destination port: 21

B. source ip address:, 192.168.15.37 destination port: 21

C. source ip address:, 192.168.15.41 destination port: 21

D. source ip address:, 192.168.15.36 destination port: 23

E. source ip address: 192.168.15.46; destination port: 23

F. source ip address:, 192.168.15.49 destination port: 23

Answer: DE

解释一下：这个访问列表定义了两个语句：

access-list 101 deny tcp 192.168.15.32 0.0.0.15 any eq telnet

access-list 101 permit ip any any

在访问列表中匹配的顺序是从上到下，如果匹配了某一句，就退出访问列表，如果没有就一直往下匹配，在访问列表中有一句隐含的拒绝所有。所以不管怎么样都有一句是能被匹配的。在上题中，他定义的第一句是拒绝到从192.168.15.32- 192.168.15.47发出的任何的telnet 的流量，然后第二句定义的就是允许所有的IP流量。而且要明确telnet的流量使用的是端口23,所以这个题的答案就很明确了。

13.Refer to the exhibit. Switch1 has just been restarted and has passed the POST routine. Host A sends its initial frame to Host C. What is the first thing the switch will do as regards populating the switching table?

A. Switch1 will add 192.168.23.4 to the switching table.

B. Switch1 will add 192.168.23.12 to the switching table.

C. Switch1 will add 000A.8A47.E612 to the switching table.

D. Switch1 will add 000B.DB95.2EE9 to the switching table.

Answer: C

解释一下：交换机重新启动了，这个时候交换机的MAC地址表是空的，当主机A发送数据给主机C而经过交换机时，交换机根据他的工作的原理他要进行原MAC地址学习，而因为对于这个目的MAC地址无记录，而将这个流量从除收到的这个接口外的所有接口泛洪出去。所以在最开始的一步中，交换机是记录下主机A的MAC地址000A.8A47.E612到他的MAC地址表中。

14.The user of Host1 wants to ping the DSL modem/router at 192.168.1.254. Based on the Host1 ARP table that is shown in the exhibit, what will Host1 do?

A. send a unicast ARP packet to the DSL modem/router

B. send unicast ICMP packets to the DSL modem/router

C. send Layer 3 broadcast packets to which the DSL modem/router responds

D. send a Layer 2 broadcast that is received by Host2, the switch, and the DSL modem/router

Answer: B

解释一下：在下面的表中我们可以看到ARP表中有关于192.168.1.254的ARP条目，所以在这主机都只需要发送单播的ICMP包到DSL modem/router即可。

15. What are two security appliances that can be installed in a network? (Choose two.)

A. ATM

B. IDS

C. IOS

D. IOX

E. IPS

F. SDM

Answer: BE

解释一下：IDS: Intrusion Detection Systems(入侵检测系统）。

IPS：Intrustion Prevention System(入侵防御系统）。

ATM是交换设备。

Ios是网络设备操作系统，是软件。

SDM是安全设备管理器，是一种基于web的对网络设备的安全管理工具，是软件。

16. Refer to the exhibit. What is the most efficient summarization that R1 can use to advertise its networks to R2?

A. 172.1.0.0/22

B. 172.1.0.0/21

C. 172.1.4.0/22

D. 172.1.4.0/24

172.1.5.0/24

172.1.6.0/24

172.1.7.0/24

E. 172.1.4.0/25

172.1.4.128/25

172.1.5.0/24

172.1.6.0/24

172.1.7.0/24

Answer: C

解释一下：这还是一个关于汇总的问题。要求R1将所有的网段用汇总的条目发送给R2，因为这些条目的网络位是相同的都为172.1，所以在这需要汇总的只是第3个八位，将4，4，5，6，7 这些写成二进制的形式，然后找出相同的位数，则有相同位数的字节就是他们的掩码的位数，而最小的有相同位的最小的数字就是他们的基数位，所以R1通告出去汇总的条目为172.2.4.0/22。

17. Which spread spectrum technology does the 802.11b standard define for operation?

A. IR

B. DSSS

C. FHSS

D. DSSS and FHSS

E. IR, FHSS, and DSSS

Answer: B

解释一下：IR：infrared（红外线）。

DSSS：Direct Sequence Spread Spectrom（顺序扩频技术）。

FHSS：Frequency-Hopping Spread Spectrum(跳频技术)。

18.Refer to the exhibit. Assume that all router interfaces are operational and correctly configured. In addition, assume that OSPF has been correctly configured on router R2. How will the default route configured on R1 affect the operation of R2?

A. Any packet destined for a network that is not directly connected to router R1 will be dropped.

B. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately.

C. Any packet destined for a network that is not directly connected to router R2 will be dropped immediately because of the lack of a gateway on R1.

D. The networks directly connected to router R2 will not be able to communicate with the 172.16.100.0, 172.16.100.128, and 172.16.100.64 subnetworks.

E. Any packet destined for a network that is not referenced in the routing table of router R2 will be directed to R1. R1 will then send that packet back to R2 and a routing loop will occur.

Answer: E

解释一下：在R1上产生了一个OSPF的缺省路由，出接口指定为S0/0，这条缺省路由以5类LSA的形式通告给了R2，于是R2上也有了一条标记为O*E2 0.0.0.0/0 出接口为 Serial0/0的路由。所以R2收到任何路由表中没有的目的网段时，就将指定给R1，而R1根据缺省路由的出接口又将数据包发往R2，这样就形成了一个路由的环路。

19.A network interface port has collision detection and carrier sensing enabled on

a shared twisted pair network. From this statement, what is known about the network interface port?

A. This is a 10 Mb/s switch port.

B. This is a 100 Mb/s switch port.

C. This is an Ethernet port operating at half duplex.

D. This is an Ethernet port operating at full duplex.

E. This is a port on a network interface card in a PC.

Answer: C

解释一下：一个接口有冲突检测和载波侦听，而且是使用共享介质的双绞线的网络，那么对于这个接口我们可以推测出他是以太接口，而且是工作在半双工的模式下。

20. Refer to the topology and router configuration shown in the graphic. A host on the LAN is accessing an FTP server across the Internet. Which of the following addresses could appear as a source address for the packets forwarded by the router to the destination server?

A. 10.10.0.1

B. 10.10.0.2

C. 199.99.9.33

D. 199.99.9.57

E. 200.2.2.17

F. 200.2.2.18

Answer: D

解释一下：这是个NAT地址转换的题目，在这f0/0接口连接下的为私有的地址，这些地址是不能同外网进行通讯的，这时就借助NAT，将内网的私有地址转换为可以在公网上通讯的地址，我们看到NAT POOL 中定义的转换后的公有地址为199.99.9.40到199.99.9.62，则表示这段地址是我转换后的内网全局地址，所以HOST想要穿过INTERNET访问FTP服务器，则需要转换为公有地址199.99.9.40到199.99.9.62之内的地址，在上面的答案中只有地址199.99.9.57满足条件，所以答案就是D了。

21.A company is installing IP phones. The phones and office computers connect to the same device.To ensure maximum throughput for the phone data, the company needs to make sure that the phone traffic is on a different network from that of the office computer data traffic. What is the best network device to which to directly connect the phones and computers, and what technology should be implemented on this device? (Choose two.)

A. hub

B. router

C. switch

D. STP

E. subinterfaces

F. VLAN

Answer: CF

解释一下：公司的语音设备和办公的设备都连在相同的设备上，还要确保语音的数据流在不同与公司的办公的数据流量，最好的网络设备当然是交换机了，然后利用VLAN的技术就完全可以满足所有的要求了。

22.Refer to the exhibit. Which statement describes DLCI 17?

A. DLCI 17 describes the ISDN circuit between R2 and R3.

B. DLCI 17 describes a PVC on R2. It cannot be used on R3 or R1.

C. DLCI 17 is the Layer 2 address used by R2 to describe a PVC to R3.

D. DLCI 17 describes the dial-up circuit from R2 and R3 to the service provider. Answer: C

解释一下：DLCI是在Frame-relay中的描述二层信息的地址，他的地位等同于以太网中的MAC 地址。我们以R2上的DLCI 17来看，DLCI 17描述的是：从这个接口出去的目的地为R3的接口的这条PVC的二层的地址为17。

23.Which routing protocol by default uses bandwidth and delay as metrics?

A. RIP

B. BGP

C. OSPF

D. EIGRP

Answer: D

解释一下：在我们的路由协议中使用复合度量的协议只有IGP和EIGPR，而他们在默认的情况下是使用带宽和延时来计算度量的。

24.Refer to the output from the show running-config command in the exhibit. What should the administrator do to allow the workstations connected to the FastEthernet 0/0 interface to obtain an IP address?

A. Apply access-group 14 to interface FastEthernet 0/0.

B. Add access-list 14 permit any any to the access list configuration.

C. Configure the IP address of the FastEtherent 0/0 interface to 10.90.201.1.

D. Add an interface description to the FastEthernet 0/0 interface configuration. Answer: C

解释一下：我们可以创建多个dhcp的池，分给不同接口的工作站的不同的ip地址。

Dhcp就是根据接口的地址范围自动分配合适的地址池的。这里地址池定义的是10.90.201.0，并且默认网关是10.90.201.1 所以必须把f0/0的接口配置成10.90.201.1，dhcp才可以正常

的工作。

25.In the implementation of VLSM techniques on a network using a single Class C IP address, which subnet mask is the most efficient for point-to-point serial links?

A. 255.255.255.0

B. 255.255.255.240

C. 255.255.255.248

D. 255.255.255.252

E. 255.255.255.254

Answer: D

解释一下：在点到点的链路上因为只需要分配两个地址给两端就可以了，所以加上网络地址和广播地址，这个网段也就只需要有4个地址了，所以网络位需要匹配30位,掩码就为255.255.255.252．

26.Refer to the exhibit. The networks connected to router R2 have been summarized as a 192.168.176.0/21 route and sent to R1. Which two packet destination addresses will R1 forward to R2? (Choose two.)

A. 192.168.194.160

B. 192.168.183.41

C. 192.168.159.2

D. 192.168.183.255

E. 192.168.179.4

F. 192.168.184.45

Answer: BE

解释一下：这个题其实就是考察的汇总的问题，他说的意思是R2发送了一个汇总的路由192.168.176.0/21给R1，哪两个包文的目的地R1仍将转发给R2。这还是汇总的问题的一个反向的考察，根据21位的掩码位数可以推断在第3个八位字节的前5位是相同的，不同的是后面的3位，而将176写成二进制的形式为1011 0000，所以可以看出来明细的路由可以是176-183，所以在上面的答案中可以很容易看到答案B和E是我们的明细路由。

27.Refer to the exhibit. Switch-1 needs to send data to a host with a MAC address of 00b0.d056.efa4. What will Switch-1 do with this data?

A. Switch-1 will drop the data because it does not have an entry for that MAC address.

B. Switch-1 will flood the data out all of its ports except the port from which the data originated.

C. Switch-1 will send an ARP request out all its ports except the port from which the data originated.

D. Switch-1 will forward the data to its default gateway.

Answer: B

解释一下：首先Switch 1需要发送一个数据到MAC地址为00b0.d056.efa4的主机，了解到目的地后，就查看他的MAC 地址表，然后发现在MAC地址表中没有这个MAC地址的条目存在。交换机在收到未知的单播，组播和广播时，都采用的是泛洪的方式，往除收到数据的这个接口外的所有接口都发送。所以在这儿，Switch 1也采取的上泛洪的方式。

28. wo routers named Atlanta and Brevard are connected by their serial interfaces as shown in the exhibit, but there is no data connectivity between them. The Atlanta router is known to have a correct configuration. Given the partial configurations shown in the exhibit, what is the problem on the Brevard router that is causing the lack of connectivity?

A. A loopback is not set.

B. The IP address is incorrect.

C. The subnet mask is incorrect.

D. The serial line encapsulations are incompatible.

E. The maximum transmission unit (MTU) size is too large.

F. The bandwidth setting is incompatible with the connected interface.

Answer: B

解释一下：很明显的错误啊，两台路由器的串行接口的地址配置错误，不是在相同的网段，从而导致了不能通讯。

29. Which two values are used by Spanning Tree Protocol to elect a root bridge? (Choose two.)

A. amount of RAM

B. bridge priority

C. IOS version

D. IP address

E. MAC address

F. speed of the links

Answer: BE

解释一下：生成树的选举的问题，根桥的选举是通过比较ＢＩＤ的，而ＢＩＤ由桥优先级和ＭＡＣ地址组成的．所以在选根桥的时候需要比较的是桥优先级和ＭＡＣaddress。

30. Refer to the exhibit. Which switch provides the spanning-tree designated port role for the network segment that services the printers?

A. Switch1

B. Switch2

C. Switch3

D. Switch4

Answer: C

解释一下：这是个关于生成树选举的问题，我们首先需要找到根桥，而根桥的选举是通过比较桥ID的,而且是越小越优先，桥ID的组成为桥优先级和MAC地址。所以我们通过上图可以找到根桥为switch 1。

然后在非根桥上选出根端口，通过比较到根桥的花费来选举的，花费最小的就是根端口。因为上图中没有表示出链路的带宽，所以无法比较他们的花费。

下一步我们来选举指派端口。每条链路都需要有一个DP，先是比较花费，如果花费相同则比较BID（桥优先级），仍是越小越优先，根据上图的表识，我们可以找到每条链路上的DP，而连Printers的链路上的DP就为Switch 3，因为他有更小的MAC地址。

31. While troubleshooting a network connectivity problem, a technician observes steady link lights on both the workstation NIC and the switch port to which the workstation is connected. However, when the ping command is issued from the workstation, the output message "Request timed out." is displayed. At which layer of the OSI model does the problem most likely exist?

A. the session layer

B. the protocol layer

C. the data link layer

D. the access layer

E. the network layer

F. the application layer

Answer: E

解释一下：故障排除从最底层开始，题中连接网卡和交换机的诊断灯亮着，说明物理层和数据链路层没有问题。Ping命令使用ICMP包，ICMP属于第三层协议。

32. Refer to the exhibit. Why would the network administrator configure RA in this manner?

A. to give students access to the Internet

B. to prevent students from accessing the command prompt of RA

C. to prevent administrators from accessing the console of RA

D. to give administrators access to the Internet

E. to prevent students from accessing the Internet

F. to prevent students from accessing the Admin network

Answer: B

解释一下：在这儿，将ＡＣＬ应用到ＶＴＹ线路下，而且是ＩＮ的方向，表示凡是被我的ＡＣＬ允许的才能telnet到我．在ＲＡ上配置的是permit 10.1.1.0 0.0.0.255根据隐式的deny any

允许Ａdmin的网段中的用户可以telnet到他，所以Ｓtudent的网段中的用户是被拒绝的．33.In order to allow the establishment of a Telnet session with a router, which set of commands must be configured?

A. router(config)# line console 0

router(config-line)# enable password cisco

B. router(config)# line console 0

router(config-line)# enable secret cisco

router(config-line)# login

C. router(config)# line console 0

router(config-line)# password cisco

router(config-line)# login

D. router(config)# line vty 0

router(config-line)# enable password cisco

E. router(config)# line vty 0

router(config-line)# enable secret cisco

router(config-line)# login

F. router(config)# line vty 0

router(config-line)# password cisco

router(config-line)# login

Answer: F

解释一下：telnet是一个应用层的应用，他使用的是vty线路，而且在默认的情况下，是需要访问的线路下设有密码的。而在VTY线路下设置密码的命令为 passwork string ,而VTY 线路下的另一个命令login则是默认的，可写也可不写。如果想Telnet时在VTY线路下不设置密码也可以访问这个线路，可以在该VTY线路下输入命令 no login。

34.Refer to the exhibit. The two exhibited devices are the only Cisco devices on the network. The serial network between the two devices has a mask of 255.255.255.252. Given the output that is shown, what three statements are true of these devices? (Choose three.)

A. The Manchester serial address is 10.1.1.1.

B. The Manchester serial address is 10.1.1.2.

C. The London router is a Cisco 2610.

D. The Manchester router is a Cisco 2610.

E. The CDP information was received on port Serial0/0 of the Manchester router.

F. The CDP information was sent by port Serial0/0 of the London router. Answer: ACE

解释一下：ＣＤＰ是ＣＩＳＣＯ私有的一个二层的协议，但是他却可以发现三层的ＩＰ信息

的．通过ＣＤＰ可以发现的邻居的信息有：设备的名称，ＩＰ地址，端口，能力，平台，对端的holddown time．在上图的show cdp entry *命令的显示可以看到的信息有：设备名称：Ｌondon；ＩＰ地址：10.1.1.2；平台：cisco 2610；能力：Router；端口：s0/１；holdtime：１２５Ｓ．Ｍanchesteter收到这个ＣＤＰ信息的接口为S0/0。

35. A network administrator has configured two switches, named London and Madrid, to use VTP. However, the switches are not sharing VTP messages. Given the command output shown in the graphic, why are these switches not sharing VTP messages?

A. The VTP version is not correctly configured.

B. The VTP operating mode is not correctly configured.

C. The VTP domain name is not correctly configured.

D. VTP pruning mode is disabled.

E. VTP V2 mode is disabled.

F. VTP traps generation is disabled.

Answer: C

解释一下：交换机间不能共享VTP的信息，我们就需要检查VTP的状态，首先需要检查的是VTP的域名，只有同一个域中的才可能相互学习，再来检查VTP的模式，必须有一个server 模式才能有VTP学习的过程的，默认的情况下VTP的模式为Server的。然后我们检查图题目给出的信息，可以看到两台交换机的VTP domain是不一致的，所以这个就是问题的所在了。

36. Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? (Choose two.)

A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.

B. Router C will use ICMP to inform Router B that Host 2 cannot be reached.

C. Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached.

D. Router C will send a Destination Unreachable message type.

E. Router C will send a Router Selection message type.

F. Router C will send a Source Quench message type.

Answer: AD

解释一下：连Host 2的接口E0/0 down了，那么最直接的反映就发生在路由器C上，C的路由表中的这个条目就消失了，因此当Host 1 想要跟Host 2建立连接的时候，Router C就发送一个目的网段不可达的消息；如果是使用ping命令，那么Router C就使用ICMP 的包文告诉Host 1，Host 2是不可打的。

37.Refer to the exhibit. Assuming that the router is configured with the default settings, what type of router interface is this?

A. Ethernet

B. FastEthernet

C. Gigabit Ethernet

D. asynchronous serial

E. synchronous serial

Answer: B

解释一下：这个题是需要根据图中提供的信息来判断接口的类型。可以看到接口的MAC地址，

表示这个接口肯定不是串行接口，所以可以排除D和E的选项。看带宽BW 100000 Kbit,表示的是100M的带宽，所以这是个Fast Ethernet接口。

38.On point-to-point networks, OSPF hello packets are addressed to which address?

A. 127.0.0.1

B. 172.16.0.1

C. 192.168.0.5

D. 223.0.0.1

E. 224.0.0.5

F. 254.255.255.255

Answer: E

解释一下：在OSPF中Hello包发向的是224.0.0.5和224.0.0.6这两个地址的。大家在做OSPF实验的时候，用debug命令是可以看到这两个个地址的。

39.While troubleshooting a connectivity problem, a network administrator notices that a port status LED on a Cisco Catalyst series switch is alternating green and amber. Which condition could this indicate?

A. The port is experiencing errors.

B. The port is administratively disabled.

C. The port is blocked by spanning tree.

D. The port has an active link with normal traffic activity.

Answer: A

解释一下：CISCO交换机的端口状态指示灯是闪烁的绿色和浅黄色，表示端口有操作的问题——也许是过量的错误或连接的问题。

40.Refer to the exhibit. The network shown in the exhibit is running the RIPv2 routing protocol. The network has converged, and the routers in this network are functioning properly. The FastEthernet0/0 interface on R1 goes down. In which two ways will the routers in this network respond to this change? (Choose two.)

A. All routers will reference their topology database to determine if any backup routes to the 192.168.1.0 network are known.

B. Routers R2 and R3 mark the route as inaccessible and will not accept any further routing updates from R1 until their hold-down timers expire.

C. Because of the split-horizon rule, router R2 will be prevented from sending erroneous information to R1 about connectivity to the 192.168.1.0 network.

D. When router R2 learns from R1 that the link to the 192.168.1.0 network has been lost, R2 will respond by sending a route back to R1 with an infinite metric to the 192.168.1.0 network.

E. R1 will send LSAs to R2 and R3 informing them of this change, and then all routers will send periodic updates at an increased rate until the network again converges. Answer: CD

解释一下：这涉及到RIP关于环路避免的几种机制了。在这里R1的直连的链路发生了变化，立即触发更新（触发更新），发送flash update出去，将这个条目置为possible down，设置最大跳数（路由毒性），R2收到这个flash update后，也回复一个flash update包（毒性逆转），同时将这个条目也置为possible down，设置最大跳数。

41. What is the maximum data rate specified for IEEE 802.11b WLANs?

A. 10 Mbps

B. 11 Mbps

C. 54 Mbps

D. 100 Mbps

Answer: B

解释一下：802.11b也称“Wi-Fi”，它的最大传输速率为11Mb/s。

42. Which of the following describe the process identifier that is used to run OSPF on a router? (Choose two.)

A. It is locally significant.

B. It is globally significant.

C. It is needed to identify a unique instance of an OSPF database.

D. It is an optional parameter required only if multiple OSPF processes are running on the router.

E. All routers in the same OSPF area must have the same process ID if they are to exchange routing information.

Answer: AC

解释一下：OSPF的进程号只在本地有效。在一台路由器上需要为每个进程维护各自的OSPF 数据库。

43.Refer to the exhibit. The FMJ manufacturing company is concerned about unauthorized access to the Payroll Server. The Accounting1, CEO, Mgr1, and Mgr2 workstations should be the only computers with access to the Payroll Server. What two technologies should be implemented to help prevent unauthorized access to the server? (Choose two.)

A. access lists

B. encrypted router passwords

C. STP

D. VLANs

E. VTP

F. wireless LANs

Answer: AD

解释一下：需要控制只允许哪些组可以访问服务器，组中的哪些用户可以访问，使用的技术当然有ACL和VLAN了。

44.Which two statements are true about the command ip route 172.16.3.0 255.255.255.0 192.168.2.4? (Choose two.)

A. It establishes a static route to the 172.16.3.0 network.

B. It establishes a static route to the 192.168.2.0 network.

C. It configures the router to send any traffic for an unknown destination to the 172.16.3.0 network.

D. It configures the router to send any traffic for an unknown destination out the interface with the address 192.168.2.4.

E. It uses the default administrative distance.

F. It is a route that would be used last if other routes to the same destination exist. Answer: AE

解释一下：命令ip route 172.16.3.0 255.255.255.0 192.168.2.4是静态指定一条路由：通过接口192.168.2.4可以到达网段172.16.3.0/24。在这条命令后没有指定管理距离，就表示使用默认的管理距离为1。

45.The network shown in the diagram is experiencing connectivity problems. Which of the following will correct the problems? (Choose two.)

A. Configure the gateway on Host A as 10.1.1.1.

B. Configure the gateway on Host B as 10.1.2.254.

C. Configure the IP address of Host A as 10.1.2.2.

D. Configure the IP address of Host B as 10.1.2.2.

E. Configure the masks on both hosts to be 255.255.255.224.

F. Configure the masks on both hosts to be 255.255.255.240.

Answer: BD

解释一下：主机A到他的指定网关的这条链路是没有问题的，因为HOST A，接口VLAN1和路由器的f0/0.1网段是相同的，且都是处于VLAN 1的。而HOST B的VLAN2到交换机是没有相同的VLAN 接口和他通讯的，所以HOST B发出的数据到交换机上就被丢弃了。所以需要在交换机上指定一个处于VLAN 2的接口，并将SVI地址配置为和路由器POP的f0/0.2相同网段的地址。因为路由器的接口的地址分配的是网段10.1.2.0/24，所以我们的HOST B的地址应该也分派一个10.1.2.0/24的地址，并且网关也指定为路由器POP的f0/0.2的地址。

46.Which three statements are correct about RIP version 2? (Choose three.)

A. It has the same maximum hop count as version 1.

B. It uses broadcasts for its routing updates.

C. It is a classless routing protocol.

D. It has a lower default administrative distance than RIP version 1.

E. It supports authentication.

F. It does not send the subnet mask in updates.

Answer: ACE

解释一下：关于RIPv2，首先要了解它是一个无类的路由协议，在发送路由更新的时候是携带掩码的，RIPv1为有类路由协议。RIPv1和RIPv2的AD都为120。

它的metric的计算方式和RIPv1的相同，仍然是根据跳数的，他们的最大跳数都为16。RIPv1是以广播的形式发送更新的，在RIPv2中采用的是组播，地址为224.0.0.9。

RIPv2是支持认证的，而在RIPv1中是没有这个功能的。

RIPv2是可以关闭自动汇总的，而在RIPv1中是不能关闭的。

47. What should be part of a comprehensive network security plan?

A. Allow users to develop their own approach to network security.

B. Physically secure network equipment from potential access by unauthorized individuals.

C. Encourage users to use personal information in their passwords to minimize the likelihood of passwords being forgotten.

D. Delay deployment of software patches and updates until their effect on end-user equipment is well known and widely reported.

E. Minimize network overhead by deactivating automatic antivirus client updates. Answer: B

解释一下：保证物理设备安全，防止未授权的用户访问。

48. How should a router that is being used in a Frame Relay network be configured to avoid split horizon issues from preventing routing updates?

A. Configure a separate sub-interface for each PVC with a unique DLCI and subnet assigned to the sub-interface.

B. Configure each Frame Relay circuit as a point-to-point line to support multicast and broadcast traffic.

C. Configure many sub-interfaces on the same subnet.

D. Configure a single sub-interface to establish multiple PVC connections to multiple remote router interfaces.

Answer: A

解释一下：若想将贞中继网络中的路由器配置为避免水平分割组织路由更新，可以为每个PVC 配置多个子接口，并且为每个子借口分配惟一的DCLI和子网地址。

49.Refer to the exhibit. Router1 was just successfully rebooted. Identify the current OSPF router ID for Router1.

A. 190.172.32.10

B. 208.149.23.162

C. 208.149.23.194

D. 220.173.149.10

Answer: C

解释一下：这是个关于OSPF的RID的选举的问题。在OSPF中，RID的选举过程是这样的：如果通过命令router-id 来指定一个RID，那么就采用手工指定的这个RID；如果没有手工指定，则在可以使用的接口中来选举，他是优先采用回环口的，如果只有一个回环口，就采用这个回环口的IP作为RID，如果有多个回环口，就采用这多个回环口中IP地址最大的作为RID；如果没有回环口，就采用物理接口中IP地址最大的接口IP作为RID。在上面的图中可以看到有两个回环口，而Loopback1的IP更大，所以208.149.23.194就做为RID了。50. Which two statements best describe the wireless security standard that is defined by WPA? (Choose two.)

A. It specifies use of a static encryption key that must be changed frequently to enhance security.

B. It requires use of an open authentication method.

C. It specifies the use of dynamic encryption keys that change each time a client establishes a connection.

D. It requires that all access points and wireless devices use the same encryption key.

E. It includes authentication by PSK.

Answer: CE

解释一下：网络安全应该统一规划，安全设备不应该允许一般人随便接触，密码不应该含有个人信息，软件应该经常更新和打补丁，因该使防病毒软件保持激活状态。

101.Which of the following are true regarding the command output shown in the display? (Choose two.)

A. There are at least two routers participating in the RIP process.

B. A ping to 192.168.168.2 will be successful.

C. A ping to 10.0.15.2 will be successful.

D. RtrA has three interfaces participating in the RIP process.

Answer: AC

解释一下：因为RIP的metric是基于跳数的，在debug ip rip中RtrA发出的路由192.168.1.0的metric为2,所以在RIP进程下至少有两台路由器；而10.0.0.0 metric 1表示这个路由是自己直连的，所以A ping 10.0.15.2是能成功的。

102.What three pieces of information can be used in an extended access list to filter traffic? (Choose three.)

A. protocol

B. VLAN number

C. TCP or UDP port numbers

D. source switch port number

E. source IP address and destination IP address

F. source MAC address and destination MAC address

Answer: ACE

解释一下：ACL是基于三层的过滤，因此他可以基于ip，port number来过滤流量，扩展的访问控制列表是可以基于源和目的的同时的过滤。

103.Refer to the exhibit. Which two statements are true about inter VLAN routing in the topology that is shown in the exhibit? (Choose two.)

A. Host E and host F use the same IP gateway address.

B. Router1 and Switch2 should be connected via a crossover cable.

C. Router1 will not play a role in communications between host A and host

D. The FastEthernet 0/0 interface on Router1 must be configured with subinterfaces.

E. Router1 needs more LAN interfaces to accommodate the VLANs that are shown in the exhibit.

F. The FastEthernet 0/0 interface on Router1 and Switch2 trunk ports must be configured using the same encapsulation type.

Answer: DF

解释一下：为了实现相同相同交换机间的不同VLAN之间的通讯应该用的三层的设备，借助trunk来实现。因此要将Router 1和switch2相连的接口配置为trunk，trunk的模式还应该是相同的，不同的trunk的封装，是无法实现连通性的。

104.What is the effect of using the service password-encryption command?

A. Only the enable password will be encrypted.

B. Only the enable secret password will be encrypted.

C. Only passwords configured after the command has been entered will be encrypted.

D. It will encrypt the secret password and remove the enable secret password from the configuration.

E. It will encrypt all current and future passwords.

Answer: E

解释一下：password encryption 是为了给密码加密。

105.Refer to the exhibit. For what two reasons has the router loaded its IOS image from the location that is shown? (Choose two.)

A. Router1 has specific boot system commands that instruct it to load IOS from a TFTP server.

B. Router1 is acting as a TFTP server for other routers.

C. Router1 cannot locate a valid IOS image in flash memory.

D. Router1 defaulted to ROMMON mode and loaded the IOS image from a TFTP server.

E. Ciscorouters will first attempt to load an image from TFTP for management purposes. Answer: AC

解释一下：System image file is ?°tftp://172.16.1.129/Hampton/nitro/c7200-j-mz?±这句话表明系统的镜像来自从 tftp。引导程序首先使用flash中所找到的第一个有效的IOS镜像，如果flash中没有有效的IOS镜像，引导程序将生成一个TFTP本地广播以定位TFTP 服务器，如果没有找到TFTP服务器，引导程序将加载ROM中的迷你IOS（RXBOOT 模式），如果ROM中有迷你IOS，那么迷你IOS在随后加载并且进入RXBOOT模式；否则路由器不是重新试图寻找IOS镜像，就是加载ROMMON并且进入ROM Monitor模式。

因此说明Router 1在flash中没有找到有效的IOS镜像。从而加载了tftp中的镜像。

106.At which OSI layer is a logical path created between two host systems?

A. session

B. transport

C. network

D. data link

E. physical

Answer: C

解释一下：我们所说的IP地址就是一个逻辑的地址，他是在OSI七层模型中的第三层network 层创建的。是用于通讯的逻辑的地址。

107.What functions do routers perform in a network? (Choose two.)

A. packet switching

B. access layer security

C. path selection

D. VLAN membership assignment

E. bridging between LAN segments

F. microsegmentation of broadcast domains

Answer: AC

解释一下：路由器在一个网络中的作用是选择路径进行转发。

108.Refer to the exhibit. The show vtp status command is executed at a switch that is generating the exhibited output. Which statement is true for this switch?

A. The switch forwards its VLAN database to other switches in the ICND VTP domain.

B. The configuration revision number increments each time the VLAN database is updated.

C. The switch forwards VTP updates that are sent by other switches in the ICND domain.

D. The VLAN database is updated when VTP information is received from other switches. Answer: C

解释一下：VTP是为了动态学习和同步VLAN信息的，但是他的同步和学习都是以域为单位的，只有同一个域中的VLAN信息才可以同步和学习。而VTP的模式有三种：server , client , transparent。其中transparent模式为通明桥的模式，在这种模式下的VLAN的信息是不能

被其他设备学习到的，而切这种模式下的设备也不学习其他设备的VLAN信息，他只是转发VLAN的信息，但是不学习。

109. A Cisco router is booting and has just completed the POST process. It is now ready to find and load an IOS image. What function does the router perform next?

A. It checks the configuration register.

B. It attempts to boot from a TFTP server.

C. It loads the first image file in flash memory.

D. It inspects the configuration file in NVRAM for boot instructions.

Answer: A

解释一下：见62题。

110. Refer to the exhibit. The output that is shown is generated at a switch. Which three of these statements are true? (Choose three.)

A. All ports will be in a state of discarding, learning, or forwarding.

B. Thirty VLANs have been configured on this switch.

C. The bridge priority is lower than the default value for spanning tree.

D. All interfaces that are shown are on shared media.

E. All designated ports are in a forwarding state.

F. This switch must be the root bridge for all VLANs on this switch.

Answer: ACE

解释一下：

111.What is the function of the command switchport trunk native vlan 999 on a CiscoCatalyst switch?

A. It creates a VLAN 999 interface.

B. It designates VLAN 999 for untagged traffic.

C. It blocks VLAN 999 traffic from passing on the trunk.

D. It designates VLAN 999 as the default for all unknown tagged traffic. Answer: B

解释一下：native vlan是不打标签的VLAN，这指定native vlan 为999，表明 VLAN 999为不用打标签的VLAN.

112. Refer to the exhibit. After a RIP route is marked invalid on Router_1, how much time will elapse before that route is removed from the routing table?

A. 30 seconds

B. 60 seconds

C. 90 seconds

D. 180 seconds

E. 240 seconds

Answer: B

解释一下：30秒发送一次更新，失效时间是180秒，但是还存在在路由表中，擦除的时间是240秒，240秒以后如果还没有接收到路由更新包，这条路由信息将被擦除。240-180=60。113.When a new trunk is configured on a 2950 switch, which VLANs by default are allowed over the trunk link?

A. no VLANs

B. all VLANs

C. only VLANs 1 - 64

D. only the VLANs that are specified when creating the trunk

Answer: B

解释一下：Trunk上默认是可以转发所有VLAN的数据的。

114.Which three statements describe the differences between RIP version 1 and RIP version 2? (Choose three.)

A. RIP version 1 broadcasts updates whereas RIP version 2 uses multicasts.

B. RIP version 1 multicasts updates while RIP version 2 uses broadcasts.

C. Both RIP version 1 and RIP version 2 are classless routing protocols.

D. RIP Version 2 is a classless routing protocol whereas RIP version 1 is a classful routing protocol.

E. Both RIP version 1 and version 2 support authentication.

F. RIP version 2 sends the subnet mask in updates and RIP version 1 does not. Answer: ADF

解释一下：关于RIPv2，首先要了解它是一个无类的路由协议，在发送路由更新的时候是携带掩码的，RIPv1为有类路由协议。RIPv1和RIPv2的AD都为120。

RIPv2是支持认证的，而在RIPv1中是没有这个功能的。

RIPv2是可以关闭自动汇总的，而在RIPv1中是不能关闭的。

115.An access list was written with the four statements shown in the graphic. Which single access list statement will combine all four of these statements into a single statement that will have exactly the same effect?

A. access-list10 permit 172.29.16.0 0.0.0.255

B. access-list 10 permit 172.29.16.0 0.0.1.255

C. access-list 10 permit 172.29.16.0 0.0.3.255

D. access-list 10 permit 172.29.16.0 0.0.15.255

E. access-list 10 permit 172.29.0.0 0.0.255.255

Answer: C

解释一下：用一个单独的语句来匹配上面写出的四条ACL，也就一一个汇总的问题，将172.29.16.0/24，172.29.17.0/24, 172.29.18.0/24, 172.29.19.0/24进行汇总，将他们的第3个八字节以二进制展开，相同的位作为他们的汇总的条目，然后计算他们的掩码位数为多少，所以这四个条目汇总到一个条目为172.29.16.0/22,掩码用通配符来写应该是0.0.3.255。

116.Refer to the exhibit. All of the routers in the network are configured with the ip subnet-zero command. Which network addresses should be used for Link A and Network A? (Choose two.)

A. Network A - 172.16.3.48/26

B. Network A - 172.16.3.128/25

C. Network A - 172.16.3.192/26

D. Link A - 172.16.3.0/30

CCNA中英对照题库(0-10.pdf概论

CCNA（200-120）题库中英对照整理于：2015年3月31日版本：1.2 声明： ●本题库来源互联网（鸿鹄论坛） ●本题库为英文考试原版左右选择题 ●中文考试为随机抽取英文题的中译版 ●此题库非中文考试题库，而是英文题库手动翻译 ●此题库为手工个人翻译，存在错误和不妥难免，不代表任何官方机构和组织 ●本题库旨在更好的理解英文原本题库，也可以用于中文考试参考用。 ●如发现任何错误或不当之处，可以自行修改，但请更新版本以免混乱，也可致上传者。

QUESTION001 Refer to the exhibit. What will Router1 do when it receives the data frame shown? (Choose three.) 参照下图，这个图示显示了Ｒ１接受到如图所示数据帧的时候会怎么做？ A.Router1 will strip off the source MAC address and replace it with the MAC address 0000.0c36.6965. Ｒ１会剥离源ＭＡＣ地址，以0000：0C36.6965代替。 B.Router1 will strip off the source IP address and replace it with the IP address 192.168.40.1. Ｒ１会剥离源IP地址，以192.168.40.1代替。 C.Router1 will strip off the destination MAC address and replace it with the MAC address 0000.0c07.4320. Ｒ１会剥离源ＭＡＣ地址，以0000：0C36.6965代替。 D.Router1 will strip off the destination IP address and replace it with the IP address of 192.168.40.1. Ｒ１会剥离目的IP地址，以192.168.40.1代替。 E.Router1 will forward the data packet out interface FastEthernet0/1. R1将会从F0/1转发这个数据包。 F. Router1 will forward the data packet out interface FastEthernet0/2. R1将会从F0/2转发这个数据包数据传输过程中，IP 地址不变，但是在不同的网段中，MAC 地址要根据设备的具体情况而发生改变。在不同网络中，依靠 IP 地址定位，在同一网络中，依靠 MAC 地址定位。 QUESTION002

CCNA期末考试试题

1、要求: (1)VTP域名为benet;密码为123;启用修剪; (2)配置2台3层交换机为VTP的server模式;配置2层交换机为VTP的client模式; (3)设置SW-3L-1是VLAN 2－6的生成树根网桥;设置SW-3L-2是VLAN 7－11的生成树根网桥;在2层交换机上配置速端口与上行速链路; (4)配置路由器接口的IP地址;配置路由器启动RIP路由协议;配置路由器上的默认路由，指向10.1.1.1/24; (5)在3层交换机上配置各VLAN的IP地址;配置两台3层交换机之间的 EthernetChannel; (6)配置3层交换机的路由接口;在3层交换机上配置RIP路由协议（1）（2）

○1SW1-3L 配置vtp域名benetpassword 123 Server模式 SW2-3L同样配置 ○2SW1-3L启用修剪SW2-3L同样配置 ○3SW3-2L配置vtp的client模式、SW4-2L、SW5-3L、SW6-3L相同配置（3）设置SW-3L-1是VLAN 2－6的生成树根网桥;设置SW-3L-2是VLAN 7－11的生成树根网桥;在2层交换机上配置速端口与上行速链路; ○1SW-3L-1是VLAN 2－6的生成树根网桥;; ○2设置SW-3L-2是VLAN 7－11的生成树根网桥

○3SW3-2L配置速端口与上行链路，SW4-2L、SW5-2L 、SW6-2L上同样配置（4）配置路由器接口的IP地址;配置路由器启动RIP路由协议;配置路由器上的默认路由，指向10.1.1.1/24 ○1路由器上配置ip地址 ○2路由器上配置默认路由和RIP

CCNA试题

CCNA强化一、单项选择题： 1、介质100BaseT的最大传输距离是：(b ) A: 10m B:100m C:1000m D:500m 2、路由器下，由一般用户模式进入特权用户模式的命令是：（c ）A：enable B:config C: interface D:router 3、哪个命令可以成功测试网络：( b ) A： Router> ping 192.5.5.0 B： Router# ping 192.5.5.30 C： Router> ping 192.5.5.256 D： Router# ping 192.5.5.255 4、介质工作在OSI的哪一层（ a ） A：物理层 B：数据链路层 C：网络层 D：传输层 5、100baseT的速率是( c )Mbit/s A: 1 B:10 C:100 D:1000 6、在启用EIGRP协议时，所需要的参数是：( c ) A:网络掩码 B:子网号 C:自治系统号 D:跳数 7、基本IP访问权限表的表号范围是：(b ) A: 1—100 B:1-99 C:100-199 D:800-899 8、查看路由表的命令是：( c ) A:show interface B:show run C:show ip route D:show table 9、工作在OSI第三层的设备是：( b )

A:网卡 B:路由器 C: 交换机 D:集线器 10、OSI第二层数据封装完成后的名称是：( c ) A:比特 B: 包 C:帧 D:段 11、为了禁止网络210.93.105.0 ftp到网络223.8.151.0，允许其他信息传输，则能实现该功能的选项是：( d ) A：access-list 1 deny 210.93.105.0.0.0.0.0.0 B： access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp C：access-list 100 permit ip any any D：access-list 100 deny tcp 210.93.105.0 0.0.0.255 223.8.151.0 0.0.0.255 eq ftp access-list 100 permit ip any any 12、路由器下“特权用户模式”的标识符是：( c ) A: > B:! C:# D: (config-if)# 13、把指定端口添加到VLAN的命令是：( d ) A: vlan B: vlan-membership C: vtp D:switchport 14、交换机工作在OSI七层模型的哪一层(b ) A:物理层 B:数据链路层 C:网络层 D:传输层 15、在OSI七层模型中，介质工作在哪一层( c ) A:传输层 B:会话层 C:物理层 D:应用层 16、交换机转发数据到目的地依靠( b )

ccna考试题库101-125

QUESTION 101 Refer to the exhibit. The switch in the graphic has a default configuration and the MAC table is fully populated. In addition, this network is operating properly. The graphic represents selected header information in a frame leaving host A. What can be concluded from this information A. The MAC address of host A is B. The router will forward the packet in this frame to the Internet. C. The switch will only forward this frame to the attached router interface. D. All devices in this LAN except host A will pass the packet to Layer 3. QUESTION 102 What is an appropriate use of a default route A. to provide routing to a local web server B. to provide routing from an ISP to a stub network C. to provide routing that will override the configured dynamic routing protocol D. to provide routing to a destination that is not specified in the routing table and which is outside the local network QUESTION 103 Refer to the exhibit. A junior network engineer has prepared the exhibited configuration file. What two statements are true of the planned configuration for interface fa0/1 (Choose two.)

CCNA测试题

CCNA测试题 1、Which of the following host addresses are members of networks that can be routed across the public Internet?(Choose three.) A. 10.172.13.65 B. 172.16.223.125 C. 172.64.12.29 D. 192.168.23.252 E. 198.234.12.95 F. 212.193.48.254 2、What is a global command? A. a command that is available in every release of IOS, regardless of the version or deployment status B. a command that can be entered in any configuration mode C. a command that is universal in application and supports all protocols D. a command that is implemented in all foreign and domestic IOS versions E. a command that is set once and affects the entire router 3、All WAN links inside the ABC University network use PPP with CHAP for authentication security. Which command will display the CHAP authentication process as it occurs between two routers in the network? A. show CHAP authentication B. show interface serial0 C. debug PPP authentication D. debug CHAP authentication E. show ppp authentication chap 4、The RIP network shown in the graphic has been fully operational for two days. Each routing table is complete.Which networks will be included in the next routing update from the Apples router to the Pears router? A. A,B,C,D,E,F B. A,C C. A,B,C D. B,D E. D,E,F

CCNA基础测试题及答案

CCNA试题 1.What is the correct order for the OSI model? B P=Presentation, S=Session, D=Datalink, Ph=Physical, T=Transport, A= Application, N=Network A. P S A PH D N T B. A P S T N D PH C. PH D N T A S P D. P S A T N D PH It is crucial you not only memorize this and know what each layer does. 2. What is encapsulation? C A. Putting the header on an incoming frame B. Putting a header on an incoming segment C. Putting a header on an outgoing frame D. Putting a header on an outgoing bit This also includes trailers and can be put on segments, packets, and frames. 3. Which layer is most concerned with user applications? A A. Application B. Presentation C. Network D. Physical 4. Which of the following is de-encapsulation?A A. Stripping the header from a frame B. Putting a header on a segment C. Putting a header on a frame D. Stripping a frame from a link This also includes trailers as in question 2. 5. What layer converts data into segments? C A. Application B. Presentation C. Transport D. Physical 6. What layer converts data into Packets? A A. Network B. Application C. Physical D. Data Link 7. What layer converts data into Frames? C A. Application B. Physical C. Data Link D. Transport 8. What layer converts data into bits? D

CCNA最新题库

270. EIGRP After adding RTR_2 router, no routing updates are being exchanged between RTR_1 and the new location. All other inter connectivity and internet access for the existing locations of the company are working properly. The task is to identify the fault(s) and correct the router configuration to provide full connectivity between the routers. Access to the router CLI can be gained by clicking on the appropriate host. All passwords on all routers are cisco . IP addresses are listed in the chart below.

Answer: RTR_A#show run ! ! interface FastEthernet0/0 ip address 192.168.60.97 255.255.255.240 ! interface FastEthernet0/1 ip address 192.168.60.113 255.255.255.240 ! interface Serial0/0 ip address 192.168.36.14 255.255.255.252 clockrate 64000 ! router eigrp 212 network 192.168.36.0 network 192.168.60.0 no auto-summary ! RTR_A#show ip route 192.168.36.0/30 is subnetted, 1 subnets C 192.168.36.12 is directly connected, Serial 0/0 192.168.60.0/24 is variably subnetted, 5 subnets, 2 masks C 192.168.60.96/28 is directly connected, FastEthernet0/0 C 192.168.60.112/28 is directly connected, FastEthernet0/1 D 192.168.60.128/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0 D 192.168.60.144/28 [ 90/21026560 ] via 192.168.36.13, 00:00:57, Serial 0/0

CCNA考试题库中英文翻译版及答案

CCNA考试题库中英文翻译版及答案1[1] 1. What are two reasons that a network administrator would use access lists? (Choose two.) 1.出于哪两种理由，网络管理员会使用访问列表? A. to control vty access into a router A.控制通过VTY访问路由器 B. to control broadcast traffic through a router B.控制广播流量穿越路由器 2.一个默认的帧中继WAN被分类为哪种物理网络类型? A. point-to-point A.点到点 B. broadcast multi-access B.广播多路访问 C. nonbroadcast multi-access C.非广播多路访问 D. nonbroadcast multipoint D.非广播多点 E. broadcast point-to-multipoint E.广播点到多点 Answer: C 3. A single 802.11g access point has been configured and installed in the center of a squar A few wireless users are experiencing slow performance and drops while most users are o

at peak efficiency. What are three likely causes of this problem? (Choose three.) 3.一个802.11接入点被部署在一个方形办公室的中央，当大多数用户在大流量传输数一些无线用户发现无线网络变得缓慢和出现丢包 A. mismatched TKIP encryption B. null SSID C. cordless phones D. mismatched SSID E. metal file cabinets F. antenna type or direction Answer: CEF 4. Refer to the exhibit. How many broadcast domains exist in the exhibited topology? 根据下图，图中的拓扑中存在多少个广播域? A. one A.1 B. two B.2 C. three C.3

CCNA四考试答案

第1章考试 1 一家拥有10 名员工的小型公司使用单个LAN 在计算机之间共享信息。哪种类型的In 连接适合此公司由当地电话服务提供商提供的拨号连接能够使公司方便且安全地连接员工的虚拟专用网络通过当地服务提供商建立的私有专用线路通过当地服务提供商提供的宽带服务（如DSL）答案：4 解析：对于这种小型办公室，比较适合通过被称为数字用户线路(DSL) 的常见宽带服务实现Internet 连接，这种服务由当地的电话服务提供商提供。由于员工人数很少，带宽的问题并不突出。如果公司较大，在远程站点有分支机构，则专用线路会更加适合。如果公司员工需要通过Internet 与公司联系，则采用虚拟专用网。 2 哪种网络情况需要使用WAN 员工工作站需要获取动态分配的IP 地址。员工在出差时需要通过VPN 连接到公司电子邮件服务器。分支机构的员工需要与同一园区网络上的另一座建筑物内的公司总部共享文件。员工需要访问托管在其建筑物内DMZ 中的公司Web 服务器上的网页。答案：2 解析：当出差的员工需要通过WAN 连接到公司电子邮件服务器时，VPN 将通过WAN 连接在员工笔记本电脑与公司网络之间创建一个安全隧道。通过DHCP 获取动态IP 地址是LAN 通信的功能。在企业园区的不同建筑物之间共享文件可通过LAN 基础设施来实现。DMZ 是企业LAN 基础设施内一个受保护的网络。 3 以下哪项描述了WAN 的特征 WAN 和LAN 在同一地理范围内运行，但有串行链路。 WAN 网络归运营商所有。所有串行链路均被视为WAN 连接。 WAN 可提供到园区主干网的终端用户网络连接。答案：2 解析：WAN 可用于将企业LAN 互连到远程分支机构站点LAN 和远程工作人员站点。WAN 归运营商所有。虽然WAN 连接一般通过串行接口实现，但并不是所有串行链路均连接至WAN。LAN（而非WAN）可在组织中提供终端用户网络连接。

网络工程师面试题——CCNA

什么是三层交换，说说和路由的区别在那里？三层交换机和路由器都可工作在网络的第三层，根据ip地址进行数据包的转发（或交换），原理上没有太大的区别，这两个名词趋向于统一，我们可以认为三层交换机就是一个多端口的路由器。但是传统的路由器有3个特点：基于CPU的单步时钟处理机制；能够处理复杂的路由算法和协议；主要用于广域网的低速数据链路在第三层交换机中，与路由器有关的第三层路由硬件模块也插接在高速背板/总线上，这种方式使得路由模块可以与需要路由的其他模块间高速的交换数据，从而突破了传统的外接路由器接口速率的限制(10Mbit/s---100Mbit/s)。对路由知识的掌握情况，对方提出了一个开放式的问题：简单说明一下你所了解的路由协议。路由可分为静态&动态路由。静态路由由管理员手动维护；动态路由由路由协议自动维护。路由选择算法的必要步骤：1、向其它路由器传递路由信息；2、接收其它路由器的路由信息； 3、根据收到的路由信息计算出到每个目的网络的最优路径，并由此生成路由选择表； 4、根据网络拓扑的变化及时的做出反应，调整路由生成新的路由选择表，同时把拓扑变化以路由信息的形式向其它路由器宣告。两种主要算法：距离向量法（Distance Vector Routing）和链路状态算法（Link-State Routing）。由此可分为距离矢量（如：RIP、IGRP、EIGRP）&链路状态路由协议（如：OSPF、IS-IS）。路由协议是路由器之间实现路由信息共享的一种机制，它允许路由器之间相互交换和维护各自的路由表。当一台路由器的路由表由于某种原因发生变化时，它需要及时地将这一变化通知与之相连接的其他路由器，以保证数据的正确传递。路由协议不承担网络上终端用户之间的数据传输任务。简单说下OSPF的操作过程 ①路由器发送HELLO报文；②建立邻接关系；③形成链路状态④SPF算法算出最优路径⑤形成路由表 ※OSPF路由协议的基本工作原理，DR、BDR的选举过程，区域的作用及LSA的传输情况（注：对方对OSPF的相关知识提问较细，应着重掌握）。特点是：1、收敛速度快；2、支持无类别的路由表查询、VLSM和超网技术；3、支持等代价的多路负载均衡；4、路由更新传递效率高（区域、组播更新、DR/BDR）；5、根据链路的带宽（cost）进行最优选路。通过发关HELLO报文发现邻居建立邻接关系，通过泛洪LSA形成相同链路状态数据库，运用SPF算法生成路由表。

ccna真题

C C N A测试真题1 router1下面有120个PC router2下面有60个PC router3下面有28个PC router4下面有12个PC 解决方案：根据题目的要求，进行子网划分 router1 router2 router3 router4 直连地址： router0*router1:地址242/30 router0*router2:246/30 router0*router3:250/30 router0*router4:254/30 配置： Router0(config)#ints0/3/0 Router0(config-if)#nosh Router0(config-if)#ipadd Router0(config-if)#ints0/3/1 Router0(config-if)#nosh Router0(config-if)#ipadd Router0(config-if)#ints0/2/0 Router0(config-if)#nosh Router0(config-if)#ipadd Router0(config-if)#ints0/2/1 Router0(config-if)#nosh Router0(config-if)#ipadd Router1(config)#intg0/0 Router1(config-if)#nosh Router1(config-if)#ipadd Router1(config-if)#ints0/3/0 Router1(config-if)#nosh Router1(config-if)#ipadd Router2(config)#intg0/0 Router2(config-if)#nosh Router2(config-if)#ipadd Router2(config)#ints0/3/0 Router2(config-if)#nosh Router2(config-if)#ipadd

ccna真题

CCNA测试真题 1 要求公司进行IP子网规划，内网网段是192.168.1.0/24，进行一下子网划分 router1下面有120个PC router2下面有60个PC router3下面有28个PC router4下面有12个PC 要求PC都能自动获得地址，并且只有router0是DHCP服务器，DNS地址是10.10.10.100 router0，router1,router2,router3,router4的互联地址也在192.168.1.0/24这个子网。解决方案：根据题目的要求，进行子网划分 router1 是192.168.1.0/25 网关地址192.168.1.1 router2 是192.168.1.128/26 网关地址192.168.1.129 router3 是192.168.1.192/27 网关地址192.168.1.193 router4 是192.168.1.224/28 网关地址192.168.1.225 直连地址： router0*router1 :地址192.168.1.241/30 *192.168.1.242/30 router0*router2 :地址192.168.1.245/30 *192.168.1.246/30 router0*router3 :地址192.168.1.249/30 *192.168.1.250/30 router0*router4 :地址192.168.1.253/30 *192.168.1.254/30 配置： Router0(config)#int s0/3/0 Router0(config-if)#no sh Router0(config-if)#ip add 192.168.1.241 255.255.255.252 Router0(config-if)#int s0/3/1 Router0(config-if)#no sh Router0(config-if)#ip add 192.168.1.245 255.255.255.252 Router0(config-if)#int s0/2/0 Router0(config-if)#no sh Router0(config-if)#ip add 192.168.1.249 255.255.255.252 Router0(config-if)#int s0/2/1 Router0(config-if)#no sh Router0(config-if)#ip add 192.168.1.253 255.255.255.252 Router1(config)#int g0/0 Router1(config-if)#no sh Router1(config-if)#ip add 192.168.1.1 255.255.255.128 Router1(config-if)#int s0/3/0 Router1(config-if)#no sh Router1(config-if)#ip add 192.168.1.242 255.255.255.252

CCNA(200-301)题库及答案

Exam A QUESTION 1 A network engineer must create a diagram of a multivendor network.which command must be configured on the Cisco devices so that the topology of the network can be mapped? A.Device(config)#lldp run B.Device(config)#cdp run C.Device(config)# cdp enable D.Device(config)# flow-sampler-map topology Correct Answer: A Section: (none) Explanation Explanation/Reference: QUESTION 2 Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks? A.CPU ACL B.TACACS C.Flex ACL D.RADIUS Correct Answer: A Section: (none) Explanation Explanation/Reference: Reference: https://https://www.wendangku.net/doc/e615204807.html,/c/en/us/support/docs/wireless-mobility/wlan-security/71978-acl-wlc.html QUESTION 3 When a site-to-site VPN is used, which protocol is responsible for the transport of user data?

CCNA考试试题

复习提纲： 1、路由产生的方式直链路由、静态路由、动态路由 2、管理距离 3、rip \eigrp\ospf的基本特点、所使用的组播地址 4、RIP更新周期，RIP路由协议采用UDP的端口、rip协议避免路由环路的方法, 5、Enable password和enable secret命令的作用？ 6、running-config、startup-config文件的是什么？ 7、ospf的配置；route-id 确定原则；DR选举的原则；域内路由、域间路由、域外路由的概念；ospf汇总的种类；ospf的网络类型；ospf 的度量值(比如以太)、理解ospf的特殊区域 8.什么是后继和可行后继？如何通过RD和FD理解可行性条件？9．PPP的两种认证的特点？ 10、NAT的类型与差别是什么？查看及其清除Nat 映射表 11、acl的种类,及其功能 12、ipv6地址分类及其配置命令 13、路由重分布的命令(metric等参数)、ospf 14、路由器配置寄存器选择题例题 1、255.255.0.0是哪类地址的默认掩码？ A、B B、A C、 C D、E 2、基于距离矢量算法的路由协议是：（）

A、ICMP B、EIGRP C、OSPF D、IS-IS 3、OSPF路由协议的度量标准是： A、带宽 B、延迟 C、开销（cost） D、可靠性 5、路由器工作在OSI的第几层？ A、3 B、2 C、4 D、5 6、可以解决路由环路问题的解决方法是：（） A、采用水平分割 B、加快路由更新报文的发送频率 C、重分布 D、配置静态路由 7、下列选择中哪个是表示路由器的快速以太网口： A、console 0 B、s0/0 C、f0/0 D、e0 8、用来检查到一台主机的网络层是否连通命令是（） A、 Ip Router B、 PING和TRACERT C、 TELNET D、 IPCONFIG 9、路由器提示为：Router(config)#,问现在是处在什么模式？ A、全局配置模式 B、特权用户模式 C、普通用户模式 D、接口模式 10、计算机和交换机的以太口直接连接用什么网络线？ A、直通线 B、反转线 C、交叉线 D、串口线 11、第一次对路由器进行配置时，采用哪种配置方式：（） A、通过CONSOLE口配置 B、通过拨号远程配置 C、通过TELNET方式配置 D、通过哑终端配置 12、作为一个网络维护人员，对于OSPF区域体系结构的原则必须有清楚的了解，下面的论述表达正确的是：（） A 、所有的OSPF区域必须通过域边界路由器与区域0相连，或采用OSPF虚链路。 B、单个区域不能包含没有物理链路的两个区域边界路由器。 C、虚链路可以穿越stub区域。 13、静态路由的缺点是____。 A、不适合小型网络 B、占用CPU资源大 C、当拓扑发生变化时，管理员需要手工改路由信息。 D、在小型局域网内，很容易暴露网络拓扑结构. 14、逆向地址解析协议（Inverse ARP）在帧中继网络的主要功能是：

最新CCNA题库,Word版

CCNA中英对照题库(0-10.pdf概论

最新CCNA认证考试真题

CCNA期末考试试题

CCNA试题

ccna考试题库101-125

CCNA测试题

CCNA基础测试题及答案

CCNA最新题库

CCNA考试题库中英文翻译版及答案

最新ccna题库_251-300知识讲解

CCNA四考试答案

网络工程师面试题——CCNA

ccna真题

最新CCNA题库 V102上卷(含答案无水印)

ccna真题

CCNA(200-301)题库及答案

CCNA考试试题