111. Which of these is mandatory when configuring Cisco IOS Firewall?
那个被强制配置在 CISCO 的防火墙上
A. Cisco IOS IPS enabled on the untrusted interface
B. NBAR enabled to perform protocol discovery and deep packet inspection
C. a route map to define the trusted outgoing traffic
D. a route map to define the application inspection rules
E. an inbound extended ACL applied to the untrusted interface
一个在 in 方向上的扩展 ACL 应用在不可信的端口上
Answer: E
112. Which of these statements accurately identifies how Unicast Reverse Path Forwarding can be employed to prevent the use of malformed or forged IP sources addresses?
下面哪一项准确的说明了,单播逆向转发可以用来防止恶意破坏和伪造IP地址
A. It is applied only on the input interface of a router.
他只能应用在路由器接口的入方向上
B. It is applied only on the output interface of a router.
C. It can be configured either on the input or output interface of a router.
D. It cannot be configured on a router interface. E. It is configured under any routing protocol process.
Answer: A
113. Unicast Reverse Path Forwarding can perform all of these actions except which one?
单播逆向转发不能使用下面哪一个
A. examine all packets received to make sure that the source addresses and source interfaces appear in the routing table and match the interfaces where the packets were received
B. check to see if any packet received at a router interface arrives on the best return path
C. combine with a configured ACL
D. log its events, if you specify the logging options for the ACL entries used by the unicast rpf command E. inspect IP packets encapsulated in tunnels, such as GRE
对IP包进行通道封装,比如GRE
Answer: E
114. If a certificate authority trustpoint is not configured when enabling HTTPS and the remote
HTTPS server requires client authentication, connections to the secure HTTP client will fail. Which command must be enabled for correct operation?
如果一个HTTPS服务器依赖的HTTPs认证没有配置时, 连接到这个HTTP服务的链接会失效, 一下那个命令是正确的操作。
A. ip http client secure-ciphersuite 3des-ede-cbc-sha
B. ip https max-connections 10
C. ip http timeout-policy idle 30 life 120 requests 100
D. ip http client secure-trustpoint trustpoint-name
Answer: D
115. When troubleshooting a network, the output of the command show interfaces indicates a large number of runts. What is a runt?
当解决一个网络问题时,运行命令show interfaces 短数据包有一个很大的数字。什么是短 数据包
A. the number of packets that are discarded because they exceed the maximum packet size of the medium
B. errors created when the CRC generated by the originating LAN station or far-end device does not match the checksum calculated from the data received.
C. the number of packets that are discarded because they are smaller than the minimum packet size of the medium
该被丢弃的数据包的数量,因为他们比最小的数据包还小
D. the number of received packets that were ignored by the interface because the interface hardware ran low on internal buffers E. the number of times that the interface requested another interface within the router to slow down
Answer: C
116. Which two of these elements need to be configured prior to enabling SSH? (Choose two.)
那两个东西配置之前可能使用SSH
A. hostname
B. loopback address
C. default gateway
D. domain name E. SSH peer address
Answer: AD
117. Refer to the exhibit. Voice traffic is marked "precedence 5." How much bandwidth is allocated for voice traffic during periods of congestion?
如图所示,语音流量的特点是“五优先”。在网络挤塞的时间有多少带宽是分配给传输过程 中的语音流量?
A. a minimum of 48 kb/s
B. a maximum of 48 kb/s
最大48kb每秒
C. a minimum of 48% of the available bandwidth
D. a maximum of 48% of the available bandwidth
Answer: B
118. Refer to the exhibit. Which of these is applied to the Bearer class?
如图所示,这个配置适用于哪些负载。
A. WRED
B. traffic shaping
C. packet marking
D. packet classification
E. FIFO queuing within the class
Answer: E
有类的先进先出的负载
119. Refer to the exhibit. What is the overall type of queuing being used on the outgoing data for interface Ethernet0/1?
如图所示,什么样的列队技术适用于充E 0/1接口出去的数据
A. LLQ
B. FIFO
C. CBWFQ
LLQ 低延迟排队
D. priority queuing E. weighted fair queuing F. IP RTP priority queuing
Answer: A
120. Which two of these are differences between traffic policing and traffic shaping? (Choose two.)
哪些是传输管制和流量整形之间的差别
A. with traffic shaping, a router stores excess traffic in packet buffers until bandwidth is available again
流量整形,路由器的数据包存储在缓冲区超出流量带宽可以再次被传输。
B. with policing you can tune the buffer usage for traffic exceeding the specified CIR
C. with shaping you can tune the buffer usage for traffic exceeding the specified CIR 流量整形,你可以规定缓存的使用来非常好的使用信息速率
D. shaping should only be applied for ingress traffic, policing only for egress E. policing uses a token bucket algorithm, shaping uses an SPD algorithm Answer: AC
