《CCNP&CCIE Security SCOR思科认证网络工程师题库6.docx》由会员分享,可在线阅读,更多相关《CCNP&CCIE Security SCOR思科认证网络工程师题库6.docx(58页珍藏版)》请在三一办公上搜索。
1、CCNP/CCIESecuritySCOR题库6QUESTION1DRAGDROPDraganddroptheOSsfromtheleftontothecorrectdescriptionsontheright.SelectandPlace:CorrectAnswerSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION2PElP2P3PE4Refertotheexhibit.P3andPE4areattheedgeoftheserviceprovidercoreandserveasABRrouters.A
2、ggregationareasareoneithersideofthecore.Whichstatementaboutthearchitectureistrue?A. TosupportseamlessMPLS1theBGProutereflectorfeaturemustbedisabled.B. IfeachareaisrunningitsownIGP1BGPmustprovideanend-to-endMPLSLSP.C. IfeachareaisrunningitsownIGP1theABRroutersmustredistributetheIGProutingtableintoBGP
3、.D. TosupportseamlessMPLS1TDPmustbeusedasthelabelprotocol.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:Reference:12/configuration_guide/mpls/b_1612_mpls_9600_cg/configuring_seamless_mpls.htmlQUESTION3WhichcomponentissimilartoanEVPNinstance?A. routerdistinguisherB. MPLSlabelC. I
4、GProuterIDD. VRFCorrectAnswer:DSection:ArchitectureExplanationExpIanationZReference:QUESTION4WhydoCiscoMPLSTEtunnelsrequirealink-stateroutingprotocol?A. Thelink-statedatabaseprovidessegmentationbyarea,whichimprovesthepath-selectionprocess.B. Thelink-statedatabaseprovidesadatarepositoryfromwhichthetu
5、nnelendpointscandynamicallyselectasourceID.C. 1.ink-stateroutingprotocolsuseSPFcalculationsthatthetunnelendpointsleveragetoimplementthetunnel.D. Thetunnelendpointsusethelink-statedatabasetoevaluatetheentiretopologyanddeterminethebestpath.CorrectAnswerDSection:ArchitectureExplanationExpIanationZRefer
6、ence:QUESTION5R1R3AS65512AS65514Refertotheexhibit.BGPsecisimplementedonRl1R2,R3,andR4.BGPpeeringisestablishedbetweenneighboringautonomoussystems.Whichstatementaboutimplementationistrue?A. BGPupdatesfromtheiBGPpeersareappendedwithacommunityoflocal-as.B. BGPupdatesfromtheallBGPpeersareappendedwithacom
7、munityofno-export.C. BGPupdatesfromtheeBGPpeersareappendedwithanadditionalASpathvaluethatisstaticallysetbythedomainadministrator.D. BGPupdatesfromtheeBGPpeersareappendedwithaBGPsecattributesequencethatincludesapublickeyhashanddigitalsignature.CorrectAnswer:DSection:ArchitectureExplanationExpIanation
8、ZReference:QUESTION6YouareconfiguringMPLStraffic-engineeringtunnelsinthecore.Whichtwowaysexistforthetunnelpathacrossthecore?(Choosetwo.)A. ThedynamicpathoptionissupportedonlywithIS-IS.B. Tunnelscanbeconfiguredwithdynamicpathorexplicitlydefinedpath.C. Azerobandwidthtunnelisnotavalidoption.D. hebandwi
9、dthstatementcreatesauhard,reservationonthelink.E. TunnellinksinheritIGPmetricsbydefaultunlessoverridden.CorrectAnswerBESection:ArchitectureExplanationExpIanationZReference:QUESTION7WhichconfigurationmodedoyouusetoapplythemplsIdpgraceful-restartcommandinIOSXESoftware?A. MPLSLDPneighborB. interfaceC.
10、MPLSD. globalCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION8Afteryouanalyzeyournetworkenvironment,youdecidetoimplementafullseparationmodelforInternetaccessandMPLSL3VPNservices.Forwhichreasondoyoumakethisdecision?A. ItenablesEGPandIGPtooperateindependently.B. It
11、enablesyoutochoosewhethertoseparateorcentralizeeachindividualservice.C. Itiseasiertomanageasysteminwhichservicesaremixed.D. Itrequiresonlyoneedgerouter.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION9WhichstatementabouttheCiscoMPLSTEforwardingadjacencyfeatureistrue?A. It
12、enablestheMPLScoretouse日GRPastheroutingprotocol.B. ItenablestheCiscoMPLSTEtunneltobeadvertisedintotherunningIGP.C. Itenablesthetailendroutertoadvertiseroutestotheheadendrouteroverthetunnel.D. Itenablestheheadendandtailendrouterstoestablishabidirectionaltunnel.CorrectAnswer:BSection:ArchitectureExpla
13、nationExpIanationZReference:Reference:https:WWW.cisco.Comcenustddocsios-XmI/ios/mptepathsetup/configuration/xe-16/mptepathsetupxe16book/mplstrafficengineering-forwarding-adjacency.pdfWhileimplementingTTLsecurity,youissuethePE(config-router-af)#neighbor2.2.2.2ttl-securityhops2command.Afteryouissuethi
14、scommand,whichBGPpacketsdoesthePEaccept?A. to2.2.2.2,withaTTLof2ormoreB. from2.2.2.2,withaTTLoflessthan2C. to2.2.2.2twithaTTLoflessthan253D. from2.2.2.2,withaTTLof253ormoreCorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:Reference:https:/www.cisco.eom/c/en/us/td/docs/ios/12_2sx/fea
15、ture/guide/fsxebtsh.html#wpl059215QUESTION11ipflow-exportdestination192.168.1.2ipflow-exportversion9interfacegigabitethernet1ipflowingressRefertotheexhibits.Whichinformationisprovidedfortracebackanalysiswhenthisconfigurationisapplied?A. sourceinterfaceB. packetsizedistributionC. IPsubflowcacheD. BGP
16、versionCorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Refertotheexhibit.RlisconnectedtotwoserviceprovidersandisunderaDDoSattack.WhichstatementaboutthisdesignistrueifURPFinstrictmodeisconfiguredonbothinterfaces?A. RldropsalltrafficthatigresseseitherinterfacethathasaFIBentrythatexi
17、tsadifferentinterface.B. Rldropsdestinationaddressesthatareroutedtoanullinterfaceontherouter.C. RlpermitsasymmetricroutingaslongastheAS-PATHattributeentrymatchestheconnectedAS.D. Rlacceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddresses.CorrectAnswerASection:ArchitectureExplanationE
18、xpIanationZReference:QUESTION13ipcefinterfacegigabitethernet1ipverifyunicastsourcereachable-viaanyRefertotheexhibit.Router1wasexperiencingaDDoSattackthatwastracedtointerfacegigabitethernetl.Whichstatementaboutthisconfigurationistrue?A. Router1acceptsalltrafficthatingressesandegressesinterfacegigabit
19、ethernetl.B. Router1dropsalltrafficthatingressesinterfacegigabitethernetlthathasaFIBentrythatexitsadifferentinterface.C. Router1acceptssourceaddressesthathaveamatchintheFIBthatindicatesitisreachablethrougharealinterface.D. Router1acceptssourceaddressesoninterfacegigabitethernetlthatareprivateaddress
20、es.CorrectAnswer:CSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION14Router1:iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setlocalpreference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:Interfacegigabitethernet
21、1ipverifyunicastreverse-pathRefertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router2istherouterreceivingtheDDoSattack.B. Router1mustbeconfiguredwithuRPFfortheRTBHimplementationtobeeffective.C. Router1isthetriggerrouterinaR
22、TBHimplementation.D. Router2mustconfigurearoutetonull0fornetwork192.168.1.0/24fortheRTBHimplementationtobecomplete.CorrectAnswer:ASection:ArchitectureExplanationExpIanationZReference:QUESTION15WhichconfigurationmodifiesLocalPacketTransportServiceshardwarepolicies?A.configureIptspoliceexceptioninvali
23、drate400protocolcdprate50protocolarprate5000B.configureIptspifibpolicehardwareflowospfunicastdefaultrate200flowbgpconfiguredrate200flowbgpdefaultrate100!Iptspifibpolicehardwarelocation0/2flowospfunicastdefaultrate100flowbgpconfiguredrate300flowicmpapplicationrate100flowicmpdefaultrate100c.configureI
24、ptspuntpolicelocation00CPU0exceptioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200D.configureIptspuntpolicelocation00CPU0exceptioninvalidrate400protocolcdprate50protocolarprate5000protocolipv4optionsrate100exceptionicmprate200CorrectAnswerCSection:Ar
25、chitectureExplanationExpIanationZReference:Reference:l/addr_serv/command/reference/b_ipaddr_cr41crs/b_ipaddr_cr41crs_chapter_0111.html#wpl754734006QUESTION16WhichadditionalfeaturedoesMPLSDiffServtunneIingsupport?A. matchingEXPandDSCPvaluesB. PHBlayermanagementC. usingGREtunnelstohidemarkingsD. inter
26、actionbetweenMPLSandIGPCorrectAnswer:BSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION17YouarecreatingnewCiscoMPLSTEtunnels.WhichtypeofRSVPmessagedoestheheadendroutersendtoreservebandwidthonthepathtothetailendrouter?A. pathB. tearC. errorD. reservationCorrectAnswerASection:Arc
27、hitectureExplanationExpIanationZReference:Reference:QUESTION18WhichstatementdescribestheadvantageofaMulti-Layercontrolplane?A. ItprovidesmultivendorconfigurationcapabilitiesforLayer3toLayer1.B. Itautomaticallyprovisions,monitors,andmanagestrafficacrossLayer0toLayer3.C. Itsupportsdynamicwavelengthres
28、torationinLayer0.D. Itminimizeshumanerrorconfiguringconvergednetworks.CorrectAnswerASection:ArchitectureExplanationExpIanationZReference:QUESTION19DRAGDROPDraganddropthetechnologiesfromtheleftontothecorrectdefinitionsontheright.SelectandPlace:CorrectAnswer:Section:ArchitectureExplanationExpIanationZ
29、Reference:QUESTION20AnengineerissettingupoverlappingVPNstoallowVRFABCandXYZtocommunicatewithVRFCENTRALbutwantstomakesurethatVRFABCandXYZcannotcommunicate.Whichconfigurationaccomplishestheseobjectives?A.vrfABCaddress-familyipv4unicasti11ortroute-target65000:111165000:4444Iexportroute-target65000:1111
30、65000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:4444Iexportroute-target65000:222265000:3333!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexportroute-target65000:4444B.vrfABCaddress-familyipv4unicastimportroute-target65000:1111!exportroute-target65000:11
31、11IvrfXYZaddress-familyipv4unicastimportroute-target65000:2222!exportroute-target65000:222265000:1111!vrfCENTRALaddress-familyipv4unicastimportroute-target65000:333365000:111165000:2222!exportroute-target65000:333365000:111165000:2222C.vrfABCaddress-familyipv4unicastimportroute-target65000:111165000
32、:4444fexportroute-target65000:111165000:3333IvrfXYZaddress-familyipv4unicastimportroute-target65000:222265000:3333!exportroute-target65000:222265000:4444IvrfCENTRALaddress-familyipv4unicastimportroute-target65000:3333Iexportroute-target65000:4444D.vrfABCaddress-familyipv4unicastimportroute-target650
33、00:111165000:3333Iexportroute-target65000:111165000:3333IvrfXYZaddress-famiIyipv4unicastimportroute-target65000:222265000:3333!exportroute-target65000:222265000:3333IvrfCENTRALaddress-famiIyipv4unicastimportroute-target65000:3333Iexportroute-target65000:3333CorrectAnswer:BSection:ArchitectureExplana
34、tionExpIanationZReference:QUESTION21Router1:iproute192.0.2.0255.255.255.0null0iproute192.168.1.0255.255.255.0null0tag1route-mapddosmatchtag1setipnext-hop192.0.2.1setlocal-preference150setcommunitynoexportroute-mapddospermit20routerbgp65513redistributestaticroute-mapddosRouter2:iproute192.0.2.0255.25
35、5.255.0null0Refertotheexhibit.Anengineerispreparingtoimplementdataplanesecurityconfiguration.Whichstatementaboutthisconfigurationistrue?A. Router1andRouter2advertisetherouteto192.0.2.0toallBGPpeers.B. Alltrafficto192.168.1.0/24isdropped.C. Alltrafficisdropped.D. Router1dropsalltrafficwithalocal-pref
36、erencesetto150.CorrectAnswerASection:ArchitectureExplanationQUESTION22WhichMPLSdesignattributecanyouusetoprovideInternetaccesstoamajorcustomerthroughaseparatededicatedVPN?A. TheInternetgatewayrouterisconnectedasaPEroutertotheMPLSbackbone.B. TheCEroutersupportsVRF-LiteandthefullBGProutingtable.C. The
37、InternetgatewayinsertsthefullInternetBGProutingtableintotheInternetaccessVPN.D. ThecustomerthatneedstheInternetaccessserviceisassignedtothesameRTsastheInternetgateway.CorrectAnswerDSection:ArchitectureExplanationExpIanationZReference:QUESTION23WhichconfigurationenablesBGPFIowSpecclientfunctionandins
38、tallationofpoliciesonalllocalinterfaces?A. flowspecaddress-familyipv4local-installinterface-allB. flowspecaddress-familyipv4installinterface-alllocalC. flowspecaddress-familyipv4installinterface-allD. flowspecaddress-familyipv4local-installall-interfaceCorrectAnswerASection:ArchitectureExplanationEx
39、pIanationZReference:Reference:QUESTION24CE1#interfaceFastEthernet/0/0/1description*HUBCEnonrouteripaddress10.0.12.1255.255.255.0routerospf100log-adjacency-changesnetwork10.0.12.00.0.255.255area0CE2#interfaceSerial009description*SPOKECErouter*encapsulationpppipaddress10.0.12.12255.255.255.0routerospf
40、100log-adjacency-changesnetwork10.0.12.00.0.255.255area0Refertotheexhibit.AnetworkengineerisconfiguringcustomeredgerouterstofinalizeaL2VPNoverMPLSdeployment.AssumethattheAToML2VPNservicethatconnectsthetwoCEsisconfiguredcorrectlyontheserviceprovidernetwork.Whichactioncausesthesolutiontofail?A. OSPFdo
41、esnotworkwithL2VPNservices.B. Theroutingprotocolnetworktypesarenotcompatible.C. Aloopbackwitha/32IPaddresshasnotbeenused.D. Thexconectstatementhasnotbeendefined.CorrectAnswerBSection:ArchitectureExplanationExpIanationZReference:QUESTION25AnengineerworkingfortelecommunicationcompanyneedstosecuretheLA
42、Nnetworkusingaprefixlist.Whichbestpracticeshouldtheengineerfollowwhenheimplementsaprefixlist?A. Anengineermustidentifytheprefixlistwithanumberonly.B. Thefinalentryinaprefixlistmustbe/32.C. Anengineermustincludeonlytheprefixesforwhichheneedstologactivity.D. Anengineermustusenonsequentialsequencenumbe
43、rsintheprefixlistsothathecaninsertadditionalentrieslater.CorrectAnswerDSection:ArchitectureExplanationQUESTION26interfacegigabitethernet10xconnect192.168.0.112encapsulationmplspw-classciscoRefertotheexhibit.Whicheffectofthisconfigurationistrue?A. ItenablesMPLSontheinterface.B. Itcreatesapseudowirecl
44、assnamedcisco.C. ItenablesAToMoninterfacegigabitethernetl/O.D. ItenablestaggingforVLAN12ontheinterface.CorrectAnswerCSection:ArchitectureExplanationExpIanationZReference:Reference:QUESTION27PE-A#showipbgpvpnv4vrfCustomer-Aneighbors10.10.10.2routesBGPtableversionis13148019,localrouterIDis10.10.10.10Statuscod
