《CCNP&CCIE Security SCOR思科认证网络工程师题库5.docx》由会员分享,可在线阅读,更多相关《CCNP&CCIE Security SCOR思科认证网络工程师题库5.docx(31页珍藏版)》请在三一办公上搜索。
1、CCNP/CCIESecuritySCOR题库5QUESTION1DRAGDROPDraganddroptheOSsfromtheleftontothecorrectdescriptionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZReference:Reference:QUESTION2Refertotheexhibit.P3andPE4areattheedgeoftheserviceprovidercoreandserveasABRrouters.Aggregatio
2、nareasareoneithersideofthecore.Whichstatementaboutthearchitectureistrue?A. TosupportseamlessMPLS1theBGProutereflectorfeaturemustbedisabled.B. IfeachareaisrunningitsownIGP1BGPmustprovideanend-to-endMPLSLSP.C. IfeachareaisrunningitsownIGP1theABRroutersmustredistributetheIGProutingtableintoBGP.D. Tosup
3、portseamlessMPLStTDPmustbeusedasthelabelprotocol.CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:12/configuration_guide/mpls/b_1612_mpls_9600_cg/configuring_seamless_mpls.htmlQUESTION3WhichcomponentissimilartoanEVPNinstance?A. routerdistiguisherB. MPLSlabelC. IGProuterI
4、DD. VRFCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:QUESTION4WhydoCiscoMPLSTEtunnelsrequirealink-stateroutingprotocol?A. Thelink-statedatabaseprovidessegmentationbyarea,whichimprovesthepath-selectionprocess.B. Thelink-statedatabaseprovidesadatarepositoryfromwhichthetunnelendpoi
5、ntscandynamicallyselectasourceID.C. 1.ink-stateroutingprotocolsuseSPFcalculationsthatthetunnelendpointsleveragetoimplementthetunnel.D. Thetunnelendpointsusethelink-statedatabasetoevaluatetheentiretopologyanddeterminethebestpath.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUES
6、TION5Refertotheexhibit.BGPsecisimplementedonRl1R2,R3,andR4.BGPpeeringisestablishedbetweenneighboringautonomoussystems.Whichstatementaboutimplementationistrue?A. BGPupdatesfromtheiBGPpeersareappendedwithacommunityoflocal-as.B. BGPupdatesfromtheallBGPpeersareappendedwithacommunityofno-export.C. BGPupd
7、atesfromtheeBGPpeersareappendedwithanadditionalASpathvaluethatisstaticallysetbythedomainadministrator.D. BGPupdatesfromtheeBGPpeersareappendedwithaBGPsecattributesequencethatincludesapublickeyhashanddigitalsignature.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION6Youarec
8、onfiguringMPLStraffic-engineeringtunnelsinthecore.Whichtwowaysexistforthetunnelpathacrossthecore?(Choosetwo.)A. ThedynamicpathoptionissupportedonlywithIS-IS.B. Tunnelscanbeconfiguredwithdynamicpathorexplicitlydefinedpath.C. Azerobandwidthtunnelisnotavalidoption.D. Thebandwidthstatementcreatesa,*hard
9、,reservationonthelink.E. TunnellinksinheritIGPmetricsbydefaultunlessoverridden.CorrectAnswer:BESection:ArchitectureExplanationExpIanationZReference:QUESTION7WhichconfigurationmodedoyouusetoapplythemplsIdpgraceful-restartcommandinIOSXESoftware?A. MPLSLDPneighborB. interfaceC. MPLSD. globalCorrectAnsw
10、erDSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION8Afteryouanalyzeyournetworkenvironment,youdecidetoimplementafullseparationmodelforInternetaccessandMPLSL3VPNservices.Forwhichreasondoyoumakethisdecision?A. ItenablesEGPandIGPtooperateindependently.B. Itenablesyoutochoosewhethe
11、rtoseparateorcentralizeeachindividualservice.C. Itiseasiertomanageasysteminwhichservicesaremixed.D. Itrequiresonlyoneedgerouter.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION9WhichstatementabouttheCiscoMPLSTEforwardingadjacencyfeatureistrue?A. ItenablestheMPLScoretouse日G
12、RPastheroutingprotocol.B. ItenablestheCiscoMPLSTEtunneltobeadvertisedintotherunningIGP.C. Itenablesthetailendroutertoadvertiseroutestotheheadendrouteroverthetunnel.D. Itenablestheheadendandtailendrouterstoestablishabidirectionaltunnel.CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReferen
13、ce:Reference:xml/ios/mp_te_path_setup/configuration/xe-16/mp-te-path-setup-xe-16-book/mpls-traffic-engineering-forwarding-adjacency.pdfQUESTION10WhileimplementingTTLsecurity,youissuethePE(config-router-af)#neighbor2.2.2.2ttl-securityhops2command.Afteryouissuethiscommand,whichBGPpacketsdoesthePEaccep
14、t?A. to2.2.2.2,withaTTLof2ormoreB. from2.2.2.2,withaTTLoflessthan2C. to2.2.2.2,withaTTLoflessthan253D. from2.2.2.2,withaTTLof253ormoreCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/ios/12_2sx/feature/guide/fsxebtsh.html#wpl059215QUES
15、TION11ipflow-exportdestination192.168.1.2ipflow-exportversion9interfacegigabitethernet1ipflowingressRefertotheexhibits.Whichinformationisprovidedfortracebackanalysiswhenthisconfigurationisapplied?A. sourceinterfaceB. packetsizedistributionC. IPsubflowcacheD. BGPversionCorrectAnSWe匚CSection:Architect
16、ureExplanationExpIanationZReference:Refertotheexhibit.RlisconnectedtotwoserviceprovidersandisunderaDDoSattack.WhichstatementaboutthisdesignistrueifURPFinstrictmodeisconfiguredonbothinterfaces?A. RldropsalltrafficthatingresseseitherinterfacethathasaFIBentrythatexitsadifferentinterface.B. Rldropsdesti
17、nationaddressesthatareroutedtoanullinterfaceontherouter.C. RlpermitsasymmetricroutingaslongastheAS-PATHattributeentrymatchestheconnectedAS.D. Rlacceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION13ipcef
18、interfacegigabitethernet1ipverifyunicastsourcereachable-viaanyRefertotheexhibit.Router1wasexperiencingaDDoSattackthatwastracedtointerfacegigabitetheretl.Whichstatementaboutthisconfigurationistrue?A. Router1acceptsalltrafficthatingressesandegressesinterfacegigabitetheretl.B. Router1dropsalltraffictha
19、tingressesinterfacegigabitethernetlthathasaFIBentrythatexitsadifferentinterface.C. Router1acceptssourceaddressesthathaveamatchintheFIBthatindicatesitisreachablethrougharealinterface.D. Router1acceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswerCSection:ArchitectureE
20、xplanationExpIanationZReference:Reference:os/security/configuration/guide/sec_nx-os-cfg/sec_urpf.htmlQUESTION14Router1:iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setlocalpreference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroutemapddosRouter2:Inter
21、facegigabitethernet1ipverifyunicastreverse-pathRefertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router2istherouterreceivingtheDDoSattack.B. Router1mustbeconfiguredwithuRPFfortheRTBHimplementationtobeeffective.C. Router1ist
22、hetriggerrouterinaRTBHimplementation.D. Router2mustconfigurearoutetonull0fornetwork192.168.1.0/24fortheRTBHimplementationtobecomplete.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION15WhichconfigurationmodifiesLocalPacketTransportServiceshardwarepolicies?A.configureIptspo
23、liceexceptioninvalidrate400protocolcdprate50protocolarprate5000B.configureIptspifibpolicehardwareflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibpolicehardwarelocation0/2flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefault
24、rate100C.configureIptspifibhardwarepoliceflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibhardwarepolicelocation02CPU0flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefaultrate100!D.configureIptspuntpolicelocation00CPU0except
25、ioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference:l/addr_serv/command/reference/b_ipaddr_cr41crs/b_ipaddr_cr41crs_chapter_0111.html#wpl754734006QUESTION16Whichadditionalfeat
26、uredoesMPLSDiffServtunnelingsupport?A. matchingEXPandDSCPvaluesB. PHBlayermanagementC. usingGREtunnelstohidemarkingsD. interactionbetweenMPLSandIGPCorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:mtmp-te-diffserv-15-mt-bookmp-diffserv-tun-mode.htmlQUESTION17Youarecreatin
27、gnewCiscoMPLSTEtunnels.WhichtypeofRSVPmessagedoestheheadendroutersendtoreservebandwidthonthepathtothetailendrouter?A. pathB. tearC. errorD. reservationCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION18WhichstatementdescribestheadvantageofaMulti-Layercontrolplane?
28、A. ItprovidesmultivendorconfigurationcapabilitiesforLayer3toLayer1.B. Itautomaticallyprovisions,monitors,andmanagestrafficacrossLayerOtoLayer3.C. ItsupportsdynamicwavelengthrestorationinLayerO.D. Itminimizeshumanerrorconfiguringconvergednetworks.CorrectAnswerASection:ArchitectureExplanationExpIanati
29、onZReference:QUESTION19DRAGDROPDraganddropthetechnologiesfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZReference:QUESTION20AnengineerissettingupOVerl叩PingVPNstoallowVRFABCandXYZtocommunicatewithVRFCENTRALbutwantstomakesurethatV
30、RFABCandXYZcannotcommunicate.Whichconfigurationaccomplishestheseobjectives?A.vrfABCad(ress-familyipv4unicastimportr*oute-tarbge七65000:1111Iexportroute-target65000:1111!vrfXYZad-dxess-familyipv4unicastimportroute-target65000:22221exportroute-target65000:222265000:111165000:333365000:111165000:2222!vr
31、fCENTRALaddress-familyipv4unicastimportrout,e-tarcjetexportrou七e-targe七65000:333365000:Illl65000:2222B.vrfABCaddress-familyipv4UniUaS七lnortroute-targe七65000:111165000:4444!exportroute-target65000:111165000:3333!vrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:4444!exportroute-target6
32、5000:222265000:3333!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexport.route-target65000:4444C.vrfABCaddress-familyipv4unicastiortroute-target65000:111165000:4444Iexportroute-target65000:111165000:3333!vrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3333!exportro
33、ute-target65000:222265000:4444!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333!exportroute-target65000:4444D.vrfABCaddress-familyipv4unicastimportroute-target65000:111165000:3333Iexportroute-target65000:111165000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3
34、333Iexportroute-target65000:222265000:3333IvrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333!exportroute-target65000:3333CorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:QUESTION21Router1:iproute192.0.2.0255.255.255.0null0iproute192.168.1.0255.255.255.0null0tag1route
35、-mapddosmatchtag1setipnext-hop192.0.2.1setlocal-preference150setCcxnmunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:iproute192.0.2.0255.255.256.0null0Refertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfig
36、urationistrue?A. Router1andRouter2advertisetherouteto192.0.2.0toallBGPpeers.B. Alltrafficto192.168.1.0/24isdropped.C. Alltrafficisdropped.D. Router1dropsalltrafficwithalocal-preferencesetto150.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION22WhichMPLSdesignattributecanyo
37、uusetoprovideInternetaccesstoamajorcustomerthroughaseparatededicatedVPN?A. TheInternetgatewayrouterisconnectedasaPEroutertotheMPLSbackbone.B. TheCEroutersupportsVRF-LiteandthefullBGProutingtable.C. TheInternetgatewayinsertsthefullInternetBGProutingtableintotheInternetaccessVPN.D. Thecustomerthatneed
38、stheInternetaccessserviceisassignedtothesameRTsastheInternetgateway.CorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION23QUESTION23WhichconfigurationenablesBGPFIowSpecclientfunctionandinstallationofpoliciesonalllocalinterfaces?A. flowspecaddress-familyipv4local-installinterf
39、ace-allB. flowspecaddress-familyipv4installinterface-alllocalC. flowspecaddress-familyipv4installinterface-allD. flowspecaddress-familyipv4local-installall-interfaceCorrectAnswerASection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION24CE1#interfaceFastEthernet/0/0/1description*HUBCE
40、nonrouter*ipaddress10.0.12.1255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0CE2#interfaceSerial009description*SPOKECErouter*encapsulationpppipaddress10.0.12.12255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0Refertotheexhibit.Anetworkengin
41、eerisconfiguringcustomeredgerouterstofinalizeaL2VPNoverMPLSdeployment.AssumethattheAToML2VPNservicethatconnectsthetwoCEsisconfiguredcorrectlyontheserviceprovidernetwork.Whichactioncausesthesolutiontofail?A. OSPFdoesnotworkwithL2VPNservices.B. Theroutingprotocolnetworktypesarenotcompatible.C. Aloopba
42、ckwitha/32IPaddresshasnotbeenused.D. Thexconectstatementhasnotbeendefined.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:QUESTION25AnengineerworkingfortelecommunicationcompanyneedstosecuretheLANnetworkusingaprefixlist.Whichbestpracticeshouldtheengineerfollowwhenheimplementsaprefi
43、xlist?A. Anengineermustidentifytheprefixlistwithanumberonly.B. Thefinalentryinaprefixlistmustbe/32.C. Anengineermustincludeonlytheprefixesforwhichheneedstologactivity.D. Anengineermustusenonsequentialsequencenumbersintheprefixlistsothathecaninsertadditionalentrieslater.CorrectAnswer:DSection:Archite
44、ctureExplanationExpIanationZReference:QUESTION26interfacegigabitethernet10xconnect192.168.0.112encapsulationmplspw-classciscoRefertotheexhibit.Whicheffectofthisconfigurationistrue?A. ItenablesMPLSontheinterface.B. Itcreatesapseudowireclassnamedcisco.C. ItenablesAToMoninterfacegigabitethernetl/O.D. ItenablestaggingforVLAN12ontheinterface.CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference: