CCNA题库难点分析 - 图文

1.Which two addresses can be assigned to a host with a subnet mask of 255.255.254.0? (Choose two.) A. 113.10.4.0 B. 186.54.3.0 C. 175.33.3.255 D. 26.35.2.255 E. 17.35.36.0 Answer: BD

Explanation/Reference:

哪两个地址可以分配给主机其中掩码为255.255.254.0？ 113.10.4.0 可分配网段地址113.10.4.1-113.10.5.254 186.54.3.0 可分配网段地址186.54.2.1-186.54.3.254 175.33.3.255 可分配网段地址175.33.2.1-175.33.3.254 26.35.2.255 可分配网段地址26.35.2.1-26.35.3.254 17.35.36.0 可分配网段地址17.35.36.1-17.35.37.254 2.QUESTION 8

Workstation A has been assigned an IP address of 192.0.2.24/28. Workstation B has been assigned an IP

address of 192.0.2.100/28. The two workstations are connected with a straight-through cable. Attempts to

ping between the hosts are unsuccessful. What two things can be done to allow communications between the hosts? (Choose two.)

A. Replace the straight-through cable with a crossover cable. B. Change the subnet mask of the hosts to /25. C. Change the subnet mask of the hosts to /26.

D. Change the address of Workstation A to 192.0.2.15. E. Change the address of Workstation B to 192.0.2.111. Answer: AB

Explanation/Reference:

A工作站被指派的IP地址是192.0.2.24/28，B工作站被指派的IP地址是192.0.2.100/28，两个工作站之间用一

直通线缆连接，尝试让两主机互ping显示失败， 以下哪两种操作可以使两个主机通信成功呢？

考点分析：两台主机是相同设备，所以要用交叉线相连。 然后判断两台主机是否在同一子网下，网络位都是28位： 24 = 0001 1000 100= 0110 0100

很明显主机A、B不在同一个网段，要想在同一网段，前面相同的比特位为网络位。

24=0 0011000 100=0 1100100 所以网段是/25，答案为AB。 3.QUESTION 29 A network administrator must configure 200 switch ports to accept traffic from only the currently attached

host devices. What would be the most efficient way to configure MAC-level security on all these ports?

A. Visually verify the MAC addresses and then telnet to the switches to enter the switchport-port security mac-address command.

B. Have end users e-mail their MAC addresses. Telnet to the switch to enter the switchport-port security mac-address command.

C. Use the switchport port-security MAC address sticky command on all the switch ports that have end devices connected to them.

D. Use show mac-address-table to determine the addresses that are associated with each port and then

enter the commands on each switch for MAC address port-security. Answer: C

Explanation/Reference:

A网络管理员必须配置200个交换端口来容纳来自目前附加的主机设备的流量。要为所有的端口设定MAC级

安全，哪一种是最高效的方法？

考点分析：这道题考的是端口安全。黏性可靠的MAC地址能让交换机自动学习来绑定，这个设置会被保存在

MAC地址中和运行设置文件中，保存设置后，交换机重起后不用再自动重新学习MAC地址

A：先验证mac安全性，然后在交换机上绑定。错误，工作量太大 B：用户发送邮件认证再在交换机上配置，错误，不科学。 C：使用port-security，正确。 D：错误，工作量太大。 4.QUESTION 37

What are two characteristics of RIPv2? (Choose two.) A. classful routing protocol B. variable-length subnet masks C. broadcast addressing

D. manual route summarization

E. uses SPF algorithm to compute path Answer: BD

Explanation/Reference: RIPV2的两个特点是什么？ A：有类路由协议，错误

B：可变长度子网掩码，正确 C：采用广播地址更新，错误 D：手动路由汇总，正确

E:使用spf算法计算路径，错误。 5.QUESTION 38

Which two Ethernet fiber-optic modes support distances of greater than

550 meters? A. 1000BASE-CX B. 100BASE-FX C. 1000BASE-LX D. 1000BASE-SX E. 1000BASE-ZX Answer: CE

Explanation/Reference:

哪两个以太网光纤模块支持超过550米的距离？ A：最长距离25米 B：最长距离100米 C：最长距离3000米 D：最长距离550米 E：最长距离70千米

鸿鹄论坛：http://bbs.hh010.com/ 鸿鹄书院：http://book.hh010.com/ 6.QUESTION 39

What two things will a router do when running a distance vector routing protocol? (Choose two.)

A. Send periodic updates regardless of topology changes.

B. Send entire routing table to all routers in the routing domain. C. Use the shortest-path algorithm to the determine best path.

D. Update the routing table based on updates from their neighbors. E. Maintain the topology of the entire network in its database. Answer: AD

Explanation/Reference:

一个路由器运行距离矢量路由的时候有哪两个特点？ A：周期性更新，正确

B：发送整个路由表到整个路由域，错误，只发送给邻居 C：使用SPF算法，错误

D：依靠邻居发送更新来更新路由表，正确 E：在数据库中维护整个网络的拓扑。错误

7.Which command shows if an access list is assigned to an interface? A. show ip interface [interface] access-lists B. show ip access-lists interface [interface] C. show ip interface [interface] D. show ip access-lists [interface] Answer: C

8.QUESTION 49

Which two statements describe the Cisco implementation of VLANs? (Choose two.)

A. VLAN 1 is the default Ethernet VLAN.

B. CDP advertisements are only sent on VLAN 1002. C. By default, the management VLAN is VLAN 1005.

D. By default, the switch IP address is in VLAN 1005.

E. VLAN 1002 through 1005 are automatically created and cannot be deleted. Answer: AE

Explanation/Reference: 考点：考查vlan知识点。

A：缺省都存在vlan1，端口都属于vlan1，正确

B：CDP信息只发送到vlan1002，错误，vlan1002是fddi网络的vlan号。

C：缺省情况交换机IP配置在vlan1005，错误，vlan1005trnet网络的vlan号。缺省在vlan1里面。

D：vlan1002-1005自动生成并不能被删除，正确，他们都是被保留的特殊vlan。

9.Refer to the exhibit. The user at Workstation B reports that Server A cannot be reached. What is

preventing Workstation B from reaching Server A?

A. The IP address for Server A is a broadcast address. B. The IP address for Workstation B is a subnet address. C. The gateway for Workstation B is not on the same subnet. D. The gateway for Server A is not on the same subnet. Answer: D

Explanation/Reference:

如图，主机B报告说服务器A不可达，是什么原因阻止主机B访问服务器A ? 131.1.123.24/27所在网络范围为：131.1.123.0-31/27。很明显网关131.1.123.33不再范围内。

11.QUESTION 60

What are three advantages of VLANs? (Choose three.)

A. VLANs establish broadcast domains in switched networks.

B. VLANs utilize packet filtering to enhance network security.

C. VLANs provide a method of conserving IP addresses in large networks. D. VLANs provide a low-latency internetworking alternative to routed networks.

E. VLANs allow access to network services based on department, not physical location.

F. VLANs can greatly simplify adding, moving, or changing hosts on the network. Answer: AEF

Explanation/Reference:

A：VLAN在交换网络中建立广播域，正确

B：利用VLAN的数据包过滤，增强网络的安全性。错误，没有这个特性。 C：提供了在大型网络中的保护IP地址的方法。错误。 D：提供低延迟互联网络替代路由网络。错误

E：vlan允许基于逻辑划分的网络访问，不是物理位置。正确。 F：VLAN可以大大简化添加，移动或更改网络上的主机。正确。

12.QUESTION 61

An administrator would like to configure a switch over a virtual terminal connection from locations outside

of the local LAN. Which of the following are required in order for the switch to be configured from a remote location? (Choose two.)

A. The switch must be configured with an IP address, subnet mask, and default gateway.

B. The switch must be connected to a router over a VLAN trunk. C. The switch must be reachable through a port connected to its management VLAN.

D. The switch console port must be connected to the Ethernet LAN. E. The switch management VLAN must be created and have a membership of at least one switch port.

F. The switch must be fully configured as an SNMP agent. Answer: AC

Explanation/Reference:

一网络管理员希望通过虚拟终端配置交换机连接本地及本地以外的局域网，以下哪些命令需要在交换机上配 置从远程位置？

考点分析：要远程配置交换机。首先要让交换机可达，即要给交换机配置ip地址，子网掩码和网关地址；然

后需要能访问交换机的管理vlan，从而配置交换机。 要想远程管理VLAN，1、交换机配置IP，2、路由可达。 13.QUESTION 65

Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three.)

A. ping B. tracert C. ipconfig

D. show ip route E. winipcfg

F. show interfaces Answer: ADF

Explanation/Reference: A：测试连通性

D：查看是否有路由 F：查看接口是否可用 14.QUESTION 73

Use the output from the router shown in the graphic above to determine which of the following are correct.

A. Router John uses a link-state routing protocol.

B. Router John will receive routing updates on the Serial0/0 interface. C. Router John will receive routing updates on the Serial0/1 interface. D. Router John will send routing updates out the Serial0/0 interface.

E. Router John will send routing updates out the FastEthernet0/0 interface.

F. Router John will send routing updates out the Serial0/1 interface. Answer: BD

由图中、的地方可

知只有s0/0发送和接受路由信息

16.QUESTION 86

What can be determined from the line of show ip route output shown in the exhibit? (Choose two.)

A. The next routing update can be expected in 35 seconds. B. The IP address 10.10.10.6 is configured on S0/1. C. The IP address 10.10.10.8 is configured on S0/1.

D. This route is using the default administrative distance. E. The 10.10.10.8 network is two hops away from this router. Answer: DE

Explanation/Reference:

考点：考查RIP的路由条目。通过RIP学习到一条到达10.10.10.8的路由，下一跳是10.10.10.6，出接口是 s/1。

A：错误。rip更新周期为30s， B：错误，这个ip是对端接口ip C：错误。s0/1的ip无法得知

D：正确，rip缺省的管理距离是120 E：正确。

17.Refer to the exhibit. From RouterA, a network administrator is able

to ping the serial interface of RouterB

but unable to ping any of the subnets attached to RouterB. Based on the partial outputs in the exhibit, what could be the problem?

A. EIGRP does not support VLSM.

B. The EIGRP network statements are incorrectly configured.

C. The IP addressing on the serial interface of RouterA is incorrect. D. The routing protocol has summarized on the classful boundary.

E. EIGRP has been configured with an invalid autonomous system number. Answer: D

Explanation/Reference:

考点分析：由于EIGRP没有关闭自动汇总，导致路由在R1上汇总成了172.16.0.0网段，并 且指向null 0接口

18.Refer to the exhibit. The switch in the graphic has a default

configuration and the MAC table is fully

populated. In addition, this network is operating properly. The graphic represents selected header

information in a frame leaving host A. What can be concluded from this information?

A. The MAC address of host A is FFFF.FFFF.FFFF.

B. The router will forward the packet in this frame to the Internet. C. The switch will only forward this frame to the attached router interface.

D. All devices in this LAN except host A will pass the packet to Layer 3.

Answer: D

Explanation/Reference:

在图中，有交换机默认的配 置和完整的MAC表,另外这个网络,在真实运行当中。在从主机A发出的一个数据

帧中的头信息也在图表中，在这个信息中包含什么内容？

FFFF.FFFF.FFFF是全网广播地址，向除自己以外所有广播域中所有的设备都发送信息

AHost A的Mac地址是000a.8a47.e612，错误

B目的ip地址是私网地址，路由器不会向外网发送，错误 C目的地址是广播地址，除自己的所有设备都能收到，错误 D目的地址是广播地址，除自己的所有设备都能收到，正确

19.Refer to the exhibit. Two routers have just been configured by a new technician. All interfaces are up.

However, the routers are not sharing their routing tables. What is the problem?

A. Split horizon is preventing Router2 from receiving routing information from Router1.

B. Router1 is configured for RIP version 2, and Router2 is configured for RIP version 1.

C. Router1 has an ACL that is blocking RIP version 2.

D. There is a physical connectivity problem between Router1 and Router2. E. Router1 is using authentication and Router2 is not. Answer: B

Explanation/Reference:

考点：考查RIP版本知识点。两种版本不兼容。由提示信息可知R2发送V1，收到V2。

A：水平分割 保护R2从R1接收路由信息。错误。 B：R2配置为V2，R2配置为V1,正确 C：R1使用了acl拒绝了rip的V2

D：R1和R2之间的物理链路有问题。错误。 E：R1使用了认证，R2没有。错误

20.QUESTION 109

Select the action that results from executing these commands. Switch(config-if)# switchport port-security

Switch(config-if)# switchport port-security mac-address sticky

A. A dynamically learned MAC address is saved in the startup-configuration file.

B. A dynamically learned MAC address is saved in the running-configuration file.

C. A dynamically learned MAC address is saved in the VLAN database. D. Statically configured MAC addresses are saved in the startup-configuration file if frames from that address are received.

E. Statically configured MAC addresses are saved in the running-configuration file if frames from that address are received. Answer: B

Explanation/Reference:

考点：考查交换机端口安全。sticky 关键字使静态配置和动态学习的mac方式优势相结合

range(1006 through 4094) on a cisco catalyst 3750 series switch? A. Configure the switch to be in VTP client mode. B. Configure the switch to be in VTP domaint mode.

C. Configure the switch to be in VTP transparent mode. D. Configure the switch to be in VTPv2. Answer: C

Explanation/Reference:

vlan 号1006-4094属于扩展vlan，只能在透明模式配置

81.You are working in a data center environment and are assigned the address range 10.188.31.0/23.You are

asked to develop an IP addressing plan to allow the maximum number of subnets with as many as 30 hosts

each.Which IP address range meets these requirements? A. 10.188.31.0/27 B. 10.188.31.0/26 C. 10.188.31.0/29 D. 10.188.31.0/28 E. 10.188.31.0/25 Answer: B

Explanation/Reference:

30台主机还需要一个网关，所以需要31个有效IP地址

82.Which three statements accurately describe layer 2 Ethernet switches?(choose three)

A. Microsegmentation decreases the number of collisions on the network. B. if a switch receives a frame for an unkown destination,it uses ARP to resolve the address.

C. Spanning Tree Protocol allows switches to automatically share vlan information.

D. In a properly functioning network with redundant switched paths,each switched segment will contain one

root bridge with all its ports in the forwarding state.All other switches in that broadcast domain will have only one root port.

E. Establishing vlans increases the number of broadcast domains.

F. Switches that are configured with vlans make forwarding decisions based on both layer 2 and layer 3 address information. Answer: ADE

Explanation/Reference:

A为分割减少冲突的数量，这里是冲突并不是冲突域，正确 B收到未知目的帧会产生泛洪 C这是vtp的特性，不是stp的

D在一个能够正常运行的网络冗余交换路径，每一个交换网段将包括一个跟桥。所有端口都在转发状态，其

他本广播域的交换机有一个根端口。正确 E.VLAN增加了广播域。正确 F vlan使转发基于二层和三层IP。题目要求对2层交换机的描述，二层交换机不能基于3层IP转发

83.Refer to the exhibit.The Lakside Company has the internetwork in the exhibit.The administrator would like

to reduce the size of routing table on the Central router.Which partial routing table entry in the Central route

represents a route summary that represents the vlans in Phoenix but no additional subnets?

A. 10.0.0.0/22 is subnetted,1 subnets

D 10.4.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1(NOT C) B. 10.0.0.0/28 is subnetted,1 subnets

D 10.2.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1 C. 10.0.0.0/22 is subnetted,1 subnets

D 10.0.0.0[90/20514560] via 10.2.0.2,6w0d,serial0/1 D. 10.0.0.0/30 is subnetted,1 subnets

D 10.2.2.0[90/20514560] via 10.2.0.2,6w0d,serial0/1 E. 10.0.0.0/28 is subnetted,1 subnets

D 10.4.4.0[90/20514560] via 10.2.0.2,6w0d,serial0/1 F. 10.0.0.0/30 is subnetted,1 subnets

D 10.4.4.4[90/20514560] via 10.2.0.2,6w0d,serial0/1 Answer: A

Explanation/Reference: 对PHOENIX做路由汇总 84.QUESTION 441

Which two of these are characteristics of the 802.1Q protocol?(choose two) A. it is a layer 2 messaging protocol which maintains vlan configurations across network.

B. it includes an 8-bit field which specifies the priority of a frame.

C. it is used exclusively for tagging vlan frames and dose not address network reconvergence following

switched network topology changes.

D. it modifies the 802.3 frame header,and thus requires that the FCS be recomputed.

E. it is a trunking protocol capable of carring untagged frames. Answer: DE

Explanation/Reference: A描述的是vtp的特性 B应该是3bit

Cexclusively是唯一的意思。802.1Q不是唯一的 D修改帧的头部，需要重新进行FCS校验，正确 B. E是一个trunk协议并支持不打标记的帧，正确

85.Refer to the exhibit.Which two statements are true of the interfaces on switch1?(choose two)

86.

A. A hub is connected directly to FastEthernet0/5 B. FastEthernet0/1 is configured as a trunk link.

C. FastEthernet0/5 has statically assigned mac address D. Interface FastEthernet0/2 has been disable.

E. Multiple devices are connected directly to FastEthernet0/1. F. FastEthernet0/1 is connected to a host with multiple network interface cards.

Answer: AB

Explanation/Reference:

87.图中可以看出F0/1,F0/2为trunk。F0/5端口有多个mac地址，而且不是trunk，只能是接了一个hub

88.What is the most likely reason for the dispartly between the actual network numbers at the branches and the routes in the routing table on Gateway-Router?

A. Branch-Router2 is configured to send both RIPv1 and RIPv2 updates. B. Gateway-Router is configured to only receive RIPv2 updates. C. Gateway-router is configured to receive only RIPv1 updates. D. Branch-Router1 is configured to only send RIPv1 updates Answer: D

Explanation/Reference:

RIPV1是有类路由，路由表中可以看出R1的路由是主类的 89.QUESTION 450

A network administrator needs to configure port security on a switch.which two statements are true?(choose two)

A. The network administrator can apply port security to dynamic access ports B. The network administrator can configure static secure or sticky secure mac addresses in the voice vlan.

C. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.

D. The network administrator can apply port security to EtherChannels.

E. When dynamic mac address learning is enabled on an interface,the switch can learn new addresses,up to the maximum defined. Answer: CE

Explanation/Reference:

A.动态端口不能应用的端口安全 B.in the vioce vlan不正确

C.保存在running configuratin 正确 D.EtherChannels 不能应用端口安全

E自动学习mac地址可以学到所设置的最大数量，正确

90.The network technician is planning to use the 255.255.255.224 subent mask on the network.which three

valid IP addresses can the technician use for the hosts?(choose three) A. 172.22.243.127 B. 172.22.243.191 C. 172.22.243.190 D. 10.16.33.98 E. 10.17.64.34 F. 192.168.1.160 Answer: CDE

Explanation/Reference:

块大小是32，所以最后一位是32的倍数或32倍数-1都不可以

91.Which IEEE standard protocol is initiated as a result of successful DTP completion in a switch over FastEthernet? A. 802.3ad B. 802.1w C. 802.1Q D. 802.1d Answer: C

Explanation/Reference:

动态中继协议DTP，是 VLAN 组中思科的私有协议，主要用于协商两台设备间链路上的中继过程及中继封 装 802.1Q 类型

92.Refer to the exhibit.Why are two OSPF designated routers identified on Core-Router?

A. Core-Router is connected more than one multi-access network

B. The router at 208.149.23.130 is a secondary DR in case the primary fails. C. Two router IDs have the same OSPF priority and are therefore tied for DR election

D. The DR ecection is still underway and there are two contenders for the role. Answer: A

A. Configure the no ip subnet-zero command on R1, R2, and R3.

B. Dynamic routing protocols such as RIPv2 cannot be used across Frame Relay networks.

C. Configure the S0/0 interface on R1 as two subinterfaces and configure point-to-point links to R2 and R3.

D. Change the 172.16.2.0/25 and 172.16.2.128/25 subnetworks so that at least two bits are borrowed from the last octet.

E. Change the network address configuration to eliminate the discontiguous 172.16.2.0/25 and 172.16.2.128/25 subnetwork. Answer: C

Explanation/Reference:

中心节点在ping两边没有问题.因为rip中心节点可以收到来自两边的路由.但是因为水平分割的问题,中心节点

不会讲路由更新再从这个接口发送出去.解决此问题最好的办法就是中心节点设置子接口对每一个分支机构,

这样从一个子接口收到的路由更新可以从另外一个字节口发送出去.保证了网络的连通性

32.QUESTION 175

Refer to the exhibit. Give this output for SwitchC, what should the network administrator's next action be?

A. Check the trunk encapsulation mode for SwitchC's fa0/1 port. B. Check the duplex mode for SwitchC's fa0/1 port. C. Check the duplex mode for SwitchA's fa0/2 port.

D. Check the trunk encapsulation mode for SwitchA's fa0/2 port. Answer: C

Explanation/Reference:

出现错误报文,可能是因为双工不匹配或者链路不稳定等因素造成的 QUESTION

33.Refer to the exhibit. Which of these statements correctly describes the state of the switch once the boot process has been completed?

A. Only the default VLANs are configured on SwitchA. B. SwitchA does not have a VTP domain name configured. C. VTP pruning needs to be enabled on SwitchA.

D. SwitchC needs to have the VTP domain name configured. E. SwitchB is in transparent mode. Answer: B

Explanation/Reference:

vtp同步需要在一个domain之内的交换局同步.并且password需要一直。sever配置domain name，client没有

配置domain name，也可以正常使用。 34.What can be done to secure the virtual terminal interfaces on a router? (Choose two.)

A. Administratively shut down the interface. B. Physically secure the interface.

C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.

D. Configure a virtual terminal password and login process.

E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command. Answer: DE

Explanation/Reference:

保障vty线路的安全,第一可以配置密码.第二可以使用ACL来控制访问的IP地址.但是ACL在vty线路下调用的命令是access-class,这个大家需要注意

35.What are two advantages of Layer 2 Ethernet switches over hubs? (Choose two.)

A. decreasing the number of collision domains B. filtering frames based on MAC addresses C. allowing simultaneous frame transmissions D. increasing the size of broadcast domains

E. increasing the maximum length of UTP cabling between devices Answer: BC

Explanation/Reference:

二层以太交换机在那两个方面优于集线器？

SW和HUB的区别在于，SW可以对frame给予mac地址的过滤，支持同时传播多个数据帧，分割冲突域。而

HUB只是傻瓜的转发，没有MAC地址学习的功能，SW是一个全双工的设备。而hub工作在半双工当中所以

hub不支持同时传输Frame，它使用的是CSMA/CD机制

36.Refer to the exhibit. Assume that the routing protocol referenced in each choice below is configured with its

default settings and the given routing protocol is running on all the routers. Which two conditional statements accurately state the path that will be chosen between networks 10.1.0.0 and 10.3.2.0 for the

routing protocol mentioned? (Choose two.)

A. If OSPF is the routing protocol, the path will be from R1 to R3 to R4 to R5.

B. If OSPF is the routing protocol, the path will be from R1 to R2 to R5.

C. If OSPF is the routing protocol, the path will be from R1 to R5. D. If RIPv2 is the routing protocol, the path will be from R1 to R3 to R4 to R5.

E. If RIPv2 is the routing protocol, the path will be from R1 to R5. Answer: AE

Explanation/Reference:

假定参考的路由协议在下面的每个选项都已经使用默认设置配置完毕，并且给定的路由协议在所有路由器上

正在运行。哪两个有条件的状态信息准确的描述了这条在网络10.1.0.0和10.3.2.0之间被选择的路径？

考点分析：RIP是距离矢量协议，选择路径时的度量值是跳数，跳数最少的是最优路径。OSPF是链路状态协

议，选择路径时的度量值是带宽，如图，100BaseT这条链路的带宽最高，所以R1-R3-R4-R5这条路径是最 优路径。

37.Which two benefits are provided by creating VLANs? (Choose two.) A. added security

B. dedicated bandwidth C. provides segmentation

D. allows switches to route traffic between subinterfaces E. contains collisions Answer: AC

Explanation/Reference:

vlan的主要特点第一个提供网络安全因为默认vlan间是不能够通信的,第二个提供了网络分段.因为一个vlan就 是一个逻辑子网

38.Which series of commands will configure router R1 for LAN-to-LAN communication with router R2? The

enterprise network address is 192.1.1.0/24 and the routing protocol in use is RIP. (Choose three.)

A. R1(config)# interface ethernet 0

R1(config-if)# ip address 192.1.1.129 255.255.255.192 R1(config-if)# no shutdown

B. R1(config)# interface ethernet 0

R1(config-if)# ip address 192.1.1.97 255.255.255.192 R1(config-if)# no shutdown

C. R1(config)# interface serial 0

R1(config-if)# ip address 192.1.1.4 255.255.255.252 R1(config-if)# clock rate 56000

D. R1(config)# interface serial 0

R1(config-if)# ip address 192.1.1.6 255.255.255.252 R1(config-if)# no shutdown E. R1(config)# router rip

R1(config-router)# network 192.1.1.4 R1(config-router)# network 192.1.1.128 F. R1(config)# router rip R1(config-router)# version 2

R1(config-router)# network 192.1.1.0 Answer: ADF

39.A network administrator wants to ensure that only the server can connect to port Fa0/1 on a Catalyst

switch. The server is plugged into the switch Fa0/1 port and the network administrator is about to bring the

server online. What can the administrator do to ensure that only the MAC address of the server is allowed by switch port Fa0/1? (Choose two.)

A. Configure port Fa0/1 to accept connections only from the static IP address of the server.

B. Employ a proprietary connector type on Fa0/1 that is incompatible with other host connectors.

C. Configure the MAC address of the server as a static entry associated with port Fa0/1.

D. Bind the IP address of the server to its MAC address on the switch to prevent other hosts from spoofing the server IP address.

E. Configure port security on Fa0/1 to reject traffic with a source MAC address other than that of the server.

F. Configure an access list on the switch to deny server traffic from entering any port other than Fa0/1. Answer: CE

Explanation/Reference:

服务器接到f0/1口，有什么方法使仅服务器才能接入？ B：静态配置ARP E：port security 40.Refer to the exhibit. The network shown in the diagram is experiencing connectivity problems. Which of the

following will correct the problems? (Choose two.)

to Manchester. B. Configure a dynamic routing protocol on London to advertise summarized routes to Manchester.

C. Configure a dynamic routing protocol on Manchester to advertise a default route to the London router. D. Configure a static default route on London with a next hop of 10.1.1.1. E. Configure a static route on London to direct all traffic destined for 172.16.0.0/22 to 10.1.1.2.

F. Configure Manchester to advertise a static default route to London. Answer: E

Explanation/Reference:

网络管理员必须建立一条目的从伦敦的网络转发到曼彻斯特的网络，最简单的方法是什么？

london 要访问manchester的主机，那么我们只要知道那个一个静态路由讲数据包发出去就可以，通过子网汇

总172.16.0.0/22可以代表manchester的3个网段。并且制定吓一跳为10.1.1.2 48.Refer to the exhibit. This command is executed on 2960Switch:

2960Switch(config)# mac-address-table static 0000.00aa.aaaa vlan 10 interface fa0/1

Which two of these statements correctly identify results of executing the command? (Choose two.)

A. Port security is implemented on the fa0/1 interface.

B. MAC address 0000.00aa.aaaa does not need to be learned by this switch. C. Only MAC address 0000.00aa.aaaa can source frames on the fa0/1 segment. D. Frames with a Layer 2 source address of 0000.00aa.aaaa will be forwarded out fa0/1.

E. MAC address 0000.00aa.aaaa will be listed in the MAC address table for interface fa0/1 only.

Answer: BE（没有AC） Explanation/Reference:

考点分析：题中这条命令的作用是将0000.00aa.aaaa这个Mac地址关联到交换机

的fa0/1口，并且静态的写入

Mac地址表，Mac地址属于vlan10。放入Mac地址表时静态写入的Mac地址要优先于自动学习到的。

我们在一个接口静态制定了mac地址的话。那么这个接口指接搜这个mac地址的frame，并且mac地址会保存

在mac add table 表明是static制定的

49.A system administrator installed a new switch using a script to configure it. IP connectivity was tested

using pings to SwitchB. Later attempts to access NewSwitch using Telnet from SwitchA failed. Which statement is true?

A. Executing password recovery is required.

B. The virtual terminal lines are misconfigured.

C. Use Telnet to connect to RouterA and then to NewSwitch to correct the error.

D. Power cycle of NewSwitch will return it to a default configuration. Answer: B

Explanation/Reference:

如图，新加了台交换机，IP连通性用ping测试过了，没问题，但是telnet就是不行，什么原因？

B.虚拟终端（VTY）配置不正确

50.Which two of these statements regarding RSTP are correct? (Choose two.)

A. RSTP cannot operate with PVST+. B. RSTP defines new port roles.

C. RSTP defines no new port states.

D. RSTP is a proprietary implementation of IEEE 802.1D STP. E. RSTP is compatible with the original IEEE 802.1D STP. Answer: BE

Explanation/Reference:

RSTP定义了新的端口类型，包括隔离端口，备份端口等，rstp如果与stp同时存在的话。那么将兼容成stp 51.QUESTION 295

Which three of these statements regarding 802.1Q trunking are correct? (Choose three.)

A. 802.1Q native VLAN frames are untagged by default. B. 802.1Q trunking ports can also be secure ports. C. 802.1Q trunks can use 10 Mb/s Ethernet interfaces.

D. 802.1Q trunks require full-duplex, point-to-point connectivity. E. 802.1Q trunks should have native VLANs that are the same at both ends. Answer: ACE

Explanation/Reference:

802.1q native vlan是不做标记的，并且在trunk两边的native需要一致

52.Refer to the exhibit. A junior network administrator was given the

task of configuring port security on

SwitchA to allow only PC_A to access the switched network through port fa0/1. If any other device is

detected, the port is to drop frames from this device. The administrator configured the interface and tested

it with successful pings from PC_A to RouterA, and then observes the output from these two show commands.

Which two of these changes are necessary for SwitchA to meet the requirements? (Choose two.)

A. Port security needs to be globally enabled.

B. Port security needs to be enabled on the interface.

C. Port security needs to be configured to shut down the interface in the event of a violation.(题目没要求说要关闭)

D. Port security needs to be configured to allow only one learned MAC address.

E. Port security interface counters need to be cleared before using the show command.

F. The port security configuration needs to be saved to NVRAM before it can become active. Answer: BD

Explanation/Reference:

题目大意是说在交换机A上端口f0/1上配置端口安全，目的是只允许 PC_A连接网络,其他设备连接上将被丢

弃,并且PCA可以ping通RA,问在swa上必须改变的哪两个配置？

考点分析：一般端口安全是在接口下配置的。如题，只允许PC_A连接交换机的Fa0/1口，所以应该限制接口

所允许的最大MAC地址数为1，即答案为BD。

53.Which two commands correctly verify whether port security has been

configured on port FastEthernet 0/12 on a switch?(choose two)

A. SW1#show swithport port-security interface FastEthernet 0/12 B. SW1# show swithport port-secure interface FastEthernet 0/12 C. SW1# show port-secure interface FastEthernet 0/12 D. SW1#show running-config

E. SW1#show port-security interface FastEthernet 0/12 Answer: DE

Explanation/Reference:

54.Which of the following are true regarding the debug output shown in the graphic?(choose two)

A. This router was configured with the commands: RtrA(config)#router rip

RtrA(config-router)#version 2

RtrA(config-router)#network 172.16.0.0 RtrA(config-router)#network 10.0.0.0

B. This router was configured with the commands: RtrA(config)#router rip

RtrA(config-router)#network 172.16.0.0 RtrA(config-router)#network 10.0.0.0

C. Network 10.0.0.0 will be displayed in the routing table.

D. Network 192.168.168.0 will be displayed in the routing table. E. This router was configured with the commands: RtrA(config)#router rip

RtrA(config-router)#network 192.168.1.0 RtrA(config-router)#network 10.0.0.0

RtrA(config-router)#network 192.168.168.0

F. split-horizon was disabled on this router. Answer: BC

Explanation/Reference:

从信息中可以看到协议为RIPv1，192.168.168.0in 16 hops，将要从路由表中清除 55.The network administrator is asked to configure 113 point-to-point links.Which IP addressing scheme best

defines the address range and subnet mask that meet the requirement and waste the fewest subnet and host addresses?

A. 10.10.0.0/18 subnetted with mask 255.255.255.252 B. 10.10.0.0/25 subnetted with mask 255.255.255.252 C. 10.10.0.0/24 subnetted with mask 255.255.255.252 D. 10.10.0.0/23 subnetted with mask 255.255.255.252 E. 10.10.0.0/16 subnetted with mask 255.255.255.252 Answer: D

Explanation/Reference:

113个point-to-point链路而不是IP。每个链路需要2个有效的IP地址，即2个主机位。113个需要7位，一共需 要9位，所以掩码为23

56.What is the function of the command switchport trunk native vlan 999 on a switch?

A. It designates VLAN 999 for untagged traffic.

B. It blocks VLAN 999 traffic from passing on the trunk. C. It creates a VLAN 999 interface.

D. It designates VLAN 999 as the default for all unkown tagged traffic. Answer: A

Explanation/Reference:

设置vlan999为本征vlan，交换机默认本征vlan为vlan1.此题正确答案为A.

不是D，

56.Refer to the exhibit.The speed of all serial links is E1 and the speed of

the all Ethernet links is 100Mb/s.A static route will be established on the Manchester router to the direct traffic toward the internet over the

most direct path available.What configuration on the Manchester router will establish a router toward the

internet for traffic that originates from workstation on the Manchester LAN?

A. ip route 0.0.0.0 255.255.255.0 172.16.100.2 B. ip route 0.0.0.0 255.255.255.252 128.107.1.1 C. ip route 0.0.0.0 0.0.0.0 128.107.1.1 D. ip route 0.0.0.0 0.0.0.0 172.16.100.1

E. ip route 0.0.0.0 255.255.255.255 172.16.100.2

F. ip route 0.0.0.0 0.0.0.0 172.16.100.2（not 100.1，必须使用下一跳地址） Answer: F

Explanation/Reference: 设置静态路由

58.What is the purpose of the inverse ARP? A. to map a known DLCI to an IP address

B. to map a known IP address to a MAC address C. to map known SPID to a MACaddress D. to map a known DLCI to a MAC address E. to map a known IP address to a SPID.

F. to map a known MAC address to an IP address Answer: A

Explanation/Reference:

反向ARP的作用，前面已经讲过

59.Which three statements about RSTP are true?(choose three)

A. RSTP significantly reduces topology reconverging time after a link failure. B. RSTP expends the STP port roles by adding the alternate and backup roles. C. RSTP port states are blocking,discarding,learing,or forwarding. D. RSTP also uses the STP proprsal-agreement sequence.

E. RSTP use the same timer-baseed process as STP on point-to-point links. F. RSTP provides a faster transition to the forwarding state on point-to-point links than STP does. Answer: ABF

Explanation/Reference: A能够减少汇聚时间

B比STP增加了端口角色alternat和backup F在点到点链路提供比STP更快的传输和转发

60.Refer to the exhibit.which address and mask combination a summary of the routes learned by EIGRP?

61.

A. 192.168.25.0 255.255.255.240 B. 192.168.25.16 255.255.255.252 C. 192.168.25.0 255.255.255.252 D. 192.168.25.28 255.255.255.240 E. 192.168.25.16 255.255.255.240 62.F. 192.168.25.28 255.255.255.240

Explanation/Reference:路由汇总一定要汇总为最小的网段

62.Refer to the exhibit A frame on vlan 1on switch s1 is sent to switch s2 when the frame is received on vlan 2,what causes this behavior?

A. trunk mode mismatches

B. vlans that do not correspond to a unique IP subnet C. native vlan mismatches

D. allowing only vlan 2 on the destination. Answer: C

Explanation/Reference:

两交换机本征vlan不一样，不能正常通信 63.Refer to the exhibit.The network administrator normally establishes a telnet session with the switch from host A.However,host A is unavailable.The administrator′s attempt to the switch from host B fails,but pings

to the other two hosts are successful.what is the issue?

A. Host B and the switch need to be in the same subnet.

B. The switch needs and appropriate default gateway assigned. C. The switch interface connected to the router is down. D. Host B need to be assigned an IP address in vlan 1. Answer: B

Explanation/Reference:

远程管理交换机需要在交换机上设置default gateway和vlan IP

64.Why do large OSPF networks use a hierarchical design?(choose three) A. to confine network instability to single areas of the network. B. to reduce the complexity of router configuration C. to speed up convergence

D. to lower costs by replacing routers with distribution layer switches E. to decrease latency by increasing bandwidth F. to reduce routing overhead Answer: ACF

Explanation/Reference:

65.Which two are advantages of static routing when compared to dynamic routing?(choose two)

A. Security increases security because only the network administrator may change the routing tables.

B. Configuration complexity decreases as network size increases. C. Routing updates are automatically sent to neighbors.

D. Route summarization iscompued automatically by the router.

E. Routing traffic load is reduced when used in stub network links

F. An efficient algorithm is used to build routing tables,using automatic updates.

G. Routing tables adapt automatically to topology changes. Answer: AE

Explanation/Reference: 静态路由相比动态路由的好处

66.Refer to the exhibt.Host A has tested connectivity to a remote network.What is the default gateway for host

A. 172.16.182.1 B. 192.168.1.1 C. 10.16.176.1 D. 192.168.1.6 Answer: A

Explanation/Reference: 与外网通信先送网关 67.QUESTION 384

What is one benefit of PVST+?

A. PVST+reduces the CPU cycles for all the switches in the network

B. PVST+automatically selects the root bridge location,to provide optimized bandwidth usage.

C. PVST+allow the root switch location to be optimized per vlan. D. PVST+supports Layer 3 load balancing without loops. Answer: C

68.Which can be done to secure the virtual terminal interfaces on a router?(choose two)

A. Administratively shut down the interfaces. B. Physically secure the interfaces.

C. Configure a virtual terminal password and login process.

D. Enter an access list and apply it to the terminal interfaces using the

access-class command.

E. Create an access list and apply it to the terminal interfaces using the

access-group command.

A. Configure the gateway on Host A as 10.1.1.1. B. Configure the gateway on Host B as 10.1.2.254. C. Configure the IP address of Host A as 10.1.2.2. D. Configure the IP address of Host B as 10.1.2.2.

E. Configure the masks on both hosts to be 255.255.255.224. F. Configure the masks on both hosts to be 255.255.255.240. Answer: BD

Explanation/Reference:

考查VLSM。网关和主机IP需在同一个子网。路由器子接口IP为这个vlan中主机的网关

41.What are three valid reasons to assign ports to VLANs on a switch? (Choose three.)

A. to make VTP easier to implement B. to isolate broadcast traffic

C. to increase the size of the collision domain D. to allow more devices to connect to the network E. to logically group hosts according to function F. to increase network security Answer: BEF

Explanation/Reference:

考点：考查vlan的特性，选出三个把端口分配到vlan的原因。 A:使VTP更容易部署，错误，答非所问 B：限制广播流量，正确

C：较少冲突域的范围，错误，没有这个作用 D：允许更多的设备接入，错误，答非所问

E：逻辑划分网段，正确，一个vlan一个网段。

F：增加网络安全，正确。不同vlan不能直接通信。

42.Which statements describe two of the benefits of VLAN Trunking Protocol? (Choose two.)

A. VTP allows routing between VLANs.

B. VTP allows a single switch port to carry information to more than one VLAN.

C. VTP allows physically redundant links while preventing switching

loops.

D. VTP simplifies switch administration by allowing switches to automatically share VLAN configuration information.

E. VTP helps to limit configuration errors by keeping VLAN naming consistent across the VTP domain. F. VTP enhances security by preventing unauthorized hosts from connecting to the VTP domain. Answer: DE

Explanation/Reference: 考点：考查VTP的特性

没有B，这个是trunk接口特性，不是VTP特性。 A:允许vlan间路由，错误，答非所问

B：允许单一链路承载多个vlan信息，错误，答非所问 C：允许物理冗余，错误，这个是STP的功能。 D：自动分享vlan配置信息，正确。

E：减少vtp域中vlan名字错误配置，正确，仅需配置一个，其他的自带学习，减少配置量从而减少错误概 率。

F：增强安全性，未通过认证的主机不能加入。错误。没有这个功能。

43.A Catalyst 2950 needs to be reconfigured. What steps will ensure that the old configuration is erased? (Choose three.) A. Erase flash.

B. Restart the switch.

C. Delete the VLAN database.

D. Erase the running configuration. E. Erase the startup configuration. F. Modify the configuration register. Answer: BCE

Explanation/Reference: 考点：考查恢复交换机出厂配置。有两点，1、配置信息，保存在startup-config中；2、vlan数据库，存放在 vlan.dat中。

A：删除flash，错误，这样把IOS都删除了 B：重启交换机，正确，删除后重启 C：删除vlan数据库，正确

44.Refer to the exhibit. The two connected ports on the switch are not turning orange or green. What would be

the most effective steps to troubleshoot this physical layer problem? (Choose three.)

A. Ensure that the Ethernet encapsulations match on the interconnected router and switch ports.

B. Ensure that cables A and B are straight-through cables. C. Ensure cable A is plugged into a trunk port. D. Ensure the switch has power. E. Reboot all of the devices. F. Reseat all cables. Answer: BDF没有C

Explanation/Reference:

考点：考查交换机端口颜色的定义。绿色正常，橘黄色有故障。 A：确认以太网封装是否匹配，错误。封装错误不会在端口LED显示 B：确认线缆A/B是否为直通线，正确。异构设备使用直通线 C：确认线缆A是否插到trunk口，错误。 D：确认是否通电，正确。 E：重启设备，错误。

F：重置所有电缆，正确。 45.QUESTION 277

Refer to the exhibit. Which three statements correctly describe Network Device A? (Choose three.)

A. With a network wide mask of 255.255.255.128, each interface does not require an IP address.

B. With a network wide mask of 255.255.255.128, each interface does require an IP address on a unique IP subnet.

C. With a network wide mask of 255.255.255.0, must be a Layer 2 device for the PCs to communicate with each other.

D. With a network wide mask of 255.255.255.0, must be a Layer 3 device for the PCs to communicate with each other.

E. With a network wide mask of 255.255.254.0, each interface does not require an IP address. Answer: BDE

Explanation/Reference:

如图，哪三个选项正确的描述了网络设备A？

考点分析：这题考的是子网掩码的问题。使用掩码255.255.255.128和255.255.255.0时，两台主机的IP地址

属于两个网段，所以A要用路由器（三层设备）才能通信，所以A设备每个接口需要设置IP地址。使用掩码

255.255.254.0是，两台主机属于同一个网段，所以A要使用switch或hub就能通信，且不需要ip地址

46.Switch ports operating in which two roles will forward traffic according to the IEEE 802.1w standard? (Choose two.) A. alternate B. backup

C. designated D. disabled E. root Answer: CE

Explanation/Reference:

根据IEEE 802.1w标准，交换机端口处于哪两种角色时将进行转发？

考点分析：题目考查的是802.1w 也就是RSTP。 根端口或指定端口在拓扑结构中发挥着积极作用，而替代或

备份端口不参与主动拓扑结构。在稳定的网络中，根和指定端口处于转发状态，替代和备份端口则处于放弃 状态。 47.Refer to the exhibit. The network administrator must establish a route by which London workstations can

forward traffic to the Manchester workstations. What is the simplest way to accomplish this?

A. Configure a dynamic routing protocol on London to advertise all routes

本文来源：https://www.bwwdw.com/article/zn7f.html