CCNA Q&A - HackMD

# CCNA Q&A :::success 5.What facilitates a Telnet connection between devices by entering the device name? :::danger ANS: B. DNS lookup > Talnet連線時，需輸入要連接設備的IP或主機名稱，為了將主機名稱能轉換為IP位址，需要DNS查詢。 ::: :::success 7.After installing a new Cisco ISE server, which task must the engineer perform on the Cisco WLC to connect wireless clients on a specific VLAN based on their credentials? :::danger ANS: A. Enable the allow AAA Override > "allow AAA Override"是一個設定選項。 > > 它允許使用AAA（Authentication, Authorization, and Accounting，驗證、授權和計費）服務器的授權規則覆蓋WLC上的本地授權規則。 > 這將使得WLC能夠根據Cisco ISE伺服器上配置的用戶憑證來決定無線客戶端的VLAN分配。 > > 通常情況下，無線客戶端連接到WLC並進行802.1X驗證。在這種情況下，WLC將AAA請求轉發到Cisco ISE伺服器進行驗證和授權。如果"allow AAA Override"功能被啟用，ISE伺服器可以根據用戶的身份或其他屬性返回適當的VLAN信息，並將其應用到WLC上的無線客戶端。 ::: :::success 8.Which API is used in controller-based architectures to interact with edge devices? :::danger ANS: D.southbound >Software Defined Networking (SDN),軟體定義網路 >![](https://i.imgur.com/YPU4Rys.png) >在SDN中,所有物理網路元件，都要聽命於控制器，來聯合提供網路服務。 >向下為南向(Southbound API),向下傳達控制物理網路元件指令的API >向上為北上(Northbound API),向上接受服務請求的API ::: :::success 11. ::: :::success 12.What is the benefit of using FHRP? :::danger ANS: C.higher degree of availibility > FHRP（First Hop Redundancy Protocol）是一種網絡協議，用於提高網絡裝置的可用性、擴展性。 > > 當使用FHRP時，多個網絡設備可以一起協作，並提供一個共同的虛擬IP地址，稱為虛擬路由器冗餘協議（VRRP）或熱備援路由協議（HSRP）地址。 > > 當一個網絡設備發生故障時，其他網絡設備會自動接管該設備的工作，以保持網絡的連接和可用性。 > > ※同時，使用FHRP還可以實現負載均衡，從而更好地分配網絡流量，提高網絡的整體性能和效率。 ::: :::success 18.Which 802.11 management frame type is sent when a client roams between access points on the same SSID? :::danger ANS: A. Reassociation Request > 當一個Wi-Fi客戶端從一個接入點（AP）漫遊到同一SSID下的另一個AP時，它需要通知新的AP以建立連接。在這種情況下，客戶端會發送一個重新關聯請求（Reassociation Request）管理幀類型。 > > 重新關聯請求幀包含客戶端的身份驗證信息、原始AP的MAC地址以及新AP的MAC地址等信息。它用於通知新AP，客戶端已經與原始AP建立了連接，並希望新AP接管這個連接。 > > 新AP接收到重新關聯請求後，會向原始AP發送一個重新關聯響應（Reassociation Response）幀，確認已經接收到重新關聯請求並確認建立新的連接。然後，客戶端就可以在新的AP下繼續使用Wi-Fi網絡。 ::: :::success 19.Aside from discarding, which two states does the switch port transition through while using RSTP (802.1w)? (Choose two) :::danger ANS: C. forwarding D. learning > RSTP（Rapid Spanning Tree Protocol，快速生成樹協議）是一種用於生成樹算法的協議，它是IEEE 802.1w標準的一部分。RSTP是STP（生成樹協議）的進化版，它可以更快地收斂拓撲，並且能夠避免產生STP中的廣播風暴問題。RSTP還可以在交換機之間建立多條並行路徑，提高網絡的可用性和帶寬利用率。RSTP具有快速收斂、端口狀態轉換快、對於拓撲變化的適應性強等特點，被廣泛應用於企業網絡和數據中心等網絡環境中。 ::: :::success 20.What are two functions of an SDN controller? (Choose two) :::danger ANS: B.coordinating VTNS D.managing the topology > B.coordinating VTNS：SDN控制器可以管理和控制多個虛擬網絡，協調它們之間的通信和資源分配。通過使用虛擬網絡，SDN可以實現更好的資源利用率，提高網絡的靈活性和可擴展性，並且可以更好地支持多租戶網絡。 > > D.managing the topology：SDN控制器可以管理網絡拓撲，確定網絡中的各個設備之間的連接關係，並且可以更好地適應拓撲變化。控制器可以通過獲取網絡拓撲資訊，自動調整網絡配置，優化網絡流量，並且可以更好地支持網絡安全和性能管理。 ::: :::success 22.Drag the IPv6 DNS record types from the left onto the description on the right. :::danger ANS: >NS → correlates a domain with its authoritative name servers >(將域與其權威名稱服務器相關聯) > SOA → associates the domain serial number with its owner > CNAME → aliases one name to another > PTR → supports reverse name lookups > AAAA → correlates a host name with an ip address #### NS: Name Server(名稱服務器),將域名解析與之相關的IP位址。 #### SOA: Start of Authority(權威記錄起始)，用於指定特定域名的主要權威伺服器。 #### CNAME: 「Canonical Name」又稱「別名解析」，它為一個域名的別名。當查詢CNAME(別名)的域名時，會導向目標域名(A紀錄的域名)上。主要用於簡化管理及重定向。 #### PTR: PTR Record(PTR紀錄)，主要用途為反向DNS查詢，用於將IP位址轉換為主機名稱，與A紀錄相反。 #### AAAA:用於指定主機的IPv6地址。 >以上都是域名系統(Domain Name System)中的紀錄類型 ::: :::success 23.In software-defined architecture, which place handles switching for traffic through a Cisco router? :::danger ANS: C.Data > 軟體定義網路架構通常包含以下不同功能： > > 控制平面(Control)：負責管理網路架構的中央軟體組件，如控制器。 > 管理平面(Management)：負責管理網路設備和網路服務，如配置管理、性能監控等。 > 資料平面(Data)：負責實際轉發網路流量的網路設備，如交換機、路由器等。 > 應用平面(Application)：負責管理網路應用程序，如虛擬化網路、安全機制等。 ::: :::success 24.What are two roles of Domain Name Services (DNS)? (Choose Two) :::danger ANS: D,E >其餘答案不是的原因: > >A.builds a flat structure of DNS names for more efficient IP operations >不是DNS的主要功能，DNS主要域名解析而非建立名稱架構。且DNS為層次化的架構進而提供高效的域名解析和IP查詢，而非扁平架構。 > >B.encrypts network Traffic as it travels across a WAN by default >DNS不涉及網路流量的傳輸。 > >C.improves security by protecting IP addresses under Fully Qualified Domain Names (FQDNs) >DNS並不會直接提供IP位址的保護或安全性功能。 ::: :::success 38.What are two southbound APIs? (Choose two) :::danger ANS: A. OpenFlow B. NETCONF >A. OpenFlow 是一個開放標準，用於軟件定義網絡（SDN）中的網絡控制平面。它定義了一組通信協議，使上層控制器能夠直接控制網絡交換機和路由器的轉發行為。OpenFlow 提供了一個靈活的方式來編程和管理網絡設備，使網絡能夠根據應用程序的需求進行動態配置和控制。 > >B. NETCONF（Network Configuration Protocol）是一種網絡配置協議，用於配置和管理網絡設備的各種屬性和參數。它使用XML格式進行配置，並使用安全通道（如SSH）進行傳輸。NETCONF 提供了一種統一的方式來配置和管理網絡設備，並支持交互式操作和批量配置。 ::: :::success 40. :::danger ::: :::success 43.Which configuration on RTR-1 denies SSH access from PC-1 to any RTR-1 interface and allows all other traffic? :::danger ANS: B.B. access-list 100 deny tcp host 172.16.1.33 any eq 22 access-list 100 permit ip any any line vty 0 15 access-class 100 in >- access-list 100 deny tcp host 172.16.1.33 any eq 22：這個命令表示拒絕源IP地址為 172.16.1.33 的主機對目的端口為 22（SSH）的任何流量。 >- access-list 100 permit ip any any：這個命令表示允許任何IP流量通過，即除了上面明確拒絕的SSH流量之外的所有流量。 line vty 0 15：這個命令進入虛擬終端線路配置模式。 >- access-class 100 in：這個命令應用了上述訪問列表 100，並指定其應用於入站流量，即限制對虛擬終端的入站訪問。 ::: :::success 47.An access list is required to permit traffic from any host on interface G0/0 and deny traffic from interface G/0/1. Which access list must be applied? :::danger ANS: A.ip access-list standard 99 permit 10.100.100.0 0.0.0.255 deny 192.168.0.0 0.0.255.255 >Standard Access Control List(標準ACL) 為1 ~ 99、1300 ~ 1999 >Extended Access Control List(延展ACL) 為100 ~ 199、2000 ~ 2699 ::: :::success 50. :::danger ::: :::success 53.What software defined architecture plane assists network devices with making packet-forwarding decisions by providing Layer 2 reachability and Layer 3 routing information? :::danger ANS: B. control plane >SDN(Software-Defined Networking),軟體定義網路 >Control plane(控制平面)主要用於轉發數據包,管理及維護路由。 ::: :::success 55.55.Which implementation provides the strongest encryption combination for the wireless environment? :::danger ANS: A.WPA2 + AES >WPA2(Wireless Protocol Access v2): 無線網路安全協議,提供加密演算法和安全機制,其中包含AES演算法。 >AES（Advanced Encryption Standard）: 對稱加密演算法,替代原先的DES（Data Encryption Standard）算法。 >使用128位、192位或256位密钥进行数据加密和解密操作。 > >TKIP:WPA的加密演算法,被更安全的AES演算法替代。 ::: :::success 56.What is a recommended approach to avoid co-channel congestion while installing access points that use the 2.4 GHz frequency? :::danger ANS: A.different nonoverlapping channels >在設置WIFI的頻道時,通常希望範圍不要重疊,因重疊會相互干擾 >一班來說會選用1、6、11的位置作為WIFI頻道。 ::: :::success 63.A port security violation has occurred on a switch port due to the maximum MAC address count being exceeded. Which command must be configured to increment the security-violation count and forward an SNMP trap? :::danger ANS: C. switchport port-security violation restrict >當發生連接埠安全違規（port security violation）時，超過最大MAC地址數限制，需要配置switchport port-security violation restrict命令來增加違規計數並發送SNMP Trap。 > >選項A中的access違規動作將丟棄違規流量，並不會增加違規計數或發送SNMP Trap。 > >選項B中的protect違規動作會保護網路連接，但不會增加違規計數或發送SNMP Trap。 > >選項D中的shutdown違規動作會關閉連接埠，阻止所有流量通過，但也不會增加違規計數或發送SNMP Trap。 ::: :::success 76. :::danger ::: :::success 79. :::danger ::: :::success 88. :::danger ::: :::success 92. :::danger ::: :::success 95.Drag and Drop :::danger ANS: Config VACL <-> 802.1q double tagging >VACL(Virtual Access Control List): 虛擬訪問控制列表,交換器、路由器上的一種功能,主要用於控制網絡中的數據包流動。 Config dynamic ARP inspection <-> ARP spoofing >ARP spoofing(ARP欺騙攻擊): 攻擊者發送假的ARP消息,欺騙主機將數據發送至錯誤的MAC位址,以便竊取、竄改數據包。 > >使用動態ARP檢查,會驗證每一個ARP消息的合法性。 >交換機會檢查以下: >1.ARP Request >2.來源IP位址 >3.目的IP位址 >4.接口埠消息 >確保以上跟ARP Table是一致的。 > >當檢測到ARP欺騙攻擊,採取以下動作: >1.阻止該ARP消息的傳遞 >2.發送警告或日誌消息給管理員 Config root guard <-> unwanted superior BPDUs >STP中,會根據擁有較低BPDU的設備去作為Root Bridge >啟用Root Guard時,會防止較低BPDU的設備成為Root Bridge,端口會被標記為"root inconsistent",與根橋不一致。 >阻止未經授權的設備成為"Root Bridge" >這樣一來可防止路徑重新計算導致的網路不穩定、中間人攻擊 Config BPDU guard <-> unwanted BPDUs on PortFast-enabled interfaces >啟用BPDU Guard時,會防止未經授權的交換器BPDU進入。 >當檢測到錯誤的BPDU進入時,會將該端口設置為"禁用狀態" >加強網路的穩定性、安全性,防止中間人攻擊、網路干擾。 ::: :::success 97.What is a role of wireless controllers in an enterprise network? :::danger ANS: A. centralize the management of access points in an enterprise network >透過無線控制器,管理員可以集中管理及配置所有接入點,實現統一管理。 >集中管理: 簡化配置和管理上的複雜性。 >統一配置: 提高網絡的一致性、安全性。 >集中監控和故障排除: 可以集中查看所有接入點的狀態,以及故障時遠程排除問題。 >漫遊支持: 支持無縫漫遊功能,在接入點切換時保持連續性、穩定性。 ::: :::success 98.Which mode must be used to configure EtherChannel between two switches without using a negotiation protocol? :::danger ANS: >A. on >設置"on"狀態時,EtherChannel自動形成,不須兩端進行協商。 > >其餘選項: > >B. auto >當端口啟動"auto"狀態時,會等對端發送協商訊息,若對端發送協商訊息則成為EtherChannel,否則以單鏈路形式運作。 > >C. active >主動協商,嘗試與對端交換器協商以形成EtherChannel。 >若對端的狀態為active、desirable、auto模式即可形成EtherChannel。 > >D. desirable >主動協商,嘗試與對端交換器協商以形成EtherChannel。 >若對端的狀態為desirable、auto模式即可形成EtherChannel。 ::: :::success 99.Router R1 must send all traffic without a matching routing-table entry to 192.168.1.1. Which configuration accomplishes this task? :::danger ANS: C. R1#config t R1(config)#ip routing R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1 >使用默認路由將流量發送至192.168.1.1 ::: :::success 102.Which two components are needed to create an Ansible script that configures a VLAN on a switch? (Choose two.) :::danger ANS: B. task C. playbook ::: :::success 103.Which type of address is the public IP address of a NAT device? :::danger ANS: C. inside global >* Inside local address – The IP address assigned to a host on the inside network. The address is usually not an IP address assigned by the Internet Network Information Center (InterNIC) or service provider. This address is likely to be an RFC 1918 private address. > > * Inside global address – A legitimate IP address assigned by the InterNIC or service provider that represents one or more inside local IP addresses to the outside world. > > * Outside local address – The IP address of an outside host as it is known to the hosts on the inside network. > > * Outside global address – The IP address assigned to a host on the outside network. The owner of the host assigns this address. ::: :::success 104.Which two events occur automatically when a device is added to Cisco DNA Center? (Choose two.) :::danger ANS: A. The device Is assigned to the Global site. D. The device is placed into the Managed state. ::: :::success 113.Which feature on the Cisco Wireless LAN Controller when enabled restricts management access from specific networks? :::danger ANS: A. CPU ACL >CPU ACL: 一種安全功能,可以限定特定網路的訪問權限。 >允許管理員針對IP位址或其他規則限制WLC的訪問。 > >其他選項: >B.TACACS: 網路訪問控制協議,主要用於"驗證"和"授權",並非限制管理訪問。 >C.Flex ACL: 用於控制數據流動,並非限制管理訪問。 >D:RADIUS: 用於身分驗證、授權和帳務管理的網路協議,通常用於遠程訪問服務器或認證服務器,並非限制管理訪問。 ::: :::success 119.Which technology is appropriate for communication between an SDN controller and applications running over the network? :::danger ANS: B.REST API >REST API: 用於SDN Controller和Application之間的通信技術。 >使用HTTP作為基礎的通信協議,採用資源的URL技術,透過發送HTTP請求和HTTP回應來跟SND Controller交互。 > >其餘選項: >A.OpenFlow: 定義了交換器跟SDN控制器之間的流量轉發規則,並非控制器和應用程式之間。 > >C.NETCONF（Network Configuration Protocol）: 網路設備配置和管理的協議。 >D.Southbound API: 定義SDN控制器與網路設備的通信和交互。 ::: :::success 120.What is a similarity between OM3 and OM4 fiber optic cable? :::danger ANS: A.Both have a 50 micron core diameter ::: :::success 122.What is a practice that protects a network from VLAN hopping attacks? :::danger ANS: C. Change native VLAN to an unused VLAN ID >將原生VLAN ID改掉,防止VLAN跳躍攻擊。 ::: :::success 124.All routers in the network are configured R2 must be the DR. After the engineer connected the devices, R1 was elected as the DR. Which command sequence must be configure on R2 to Be elected as the DR in the network? :::danger ANS: B. >OSPF的DR選舉主要看優先級(0~255)和IP位址大小,越大者則當選。 ::: :::success 125.A manager asks a network engineer to advise which cloud service models are used so employees do not have to waste their time installing, managing, and updating software which is only used occasionally. Which cloud service model does the engineer recommend? :::danger ANS: D. software-as-a-service >SaaS(軟體及服務)的雲架構在於允許用戶直接訪問雲端上的應用程式,用戶只需登錄至雲平台,即可使用應用程式,無須在本地進行安裝、管理、更新。 ::: :::success 130.Which command enables a router to become a DHCP client? :::danger ANS: A. ip address dhcp >ip address dhcp -> DHCP Client >ip helper-address -> DHCP Relay Agent ::: :::success 137. Drag and Drop :::danger ::: :::success 139. :::danger ::: :::success 144.In which two ways does a password manager reduce the chance of a hacker stealing a users password? (Choose two.) :::danger ANS: C. It protects against keystroke logging on a compromised device or web site. >防止輸入的按鍵紀錄在設備或是網站上 E. It encourages users to create stronger passwords. >鼓勵用戶建立更強的密碼 ::: :::success 147.When a site-to-site VPN is configured, which IPsec mode provides encapsulation and encryption of the entire original P packet? :::danger ANS: C.IPsec tunnel mode with ESP ::: :::success 151.What is a difference between local AP mode and FiexConnet AP mode? :::danger ANS: A. Local AP mode creates two CAPWAP tunnels per AP to the WLC ::: :::success 153.Which QoS Profile is selected in the GUI when configuring a voice over WLAN deployment? :::danger ANS: B. Platinum >Cisco的QoS(Quality of Service)等級通常使用DSCP（Differentiated Services Code Point）或CoS（Class of Service）標記實現。 > >以下為常見的QoS等級: >Platinum (DSCP 46 / CoS 5): 最高優先級，用於即時、延遲敏感的應用,例如VoIP(Vioce of IP)或視訊，通常會擁有最高的頻寬。 >Gold (DSCP 34-36 / CoS 4): 高優先級，用於常規的業務應用和數據流，例如一般的企業應用和影片，擁有較高的頻寬。 >Silver (DSCP 26-28 / CoS 3): 中等優先級，用於常規的業務應用和數據流，例如一般的Web瀏覽或文件傳輸，擁有較低的頻寬。 >Bronze (DSCP 8-10 / CoS 1): 低優先級，用於文件下載和背景任務，如果資源有限，會獲得較低的頻寬。 ::: :::success 154.Which network action occurs within the data plane? :::danger ANS: A. compare the destination IP address to the IP routing table. >數據平面(Data plane): 主要根據建立的轉發規則處理流量的實際轉發和處理。 **其餘答案不是的原因:** > B. run routing protocols (OSPF, EIGRP, RIP, BGP) >通常在控制平面(Control plane)執行，主要負責網路設備之間的路由信息交換和更新，以確保路由表是正確的。 C. make a configuration change from an incoming NETCONF RPC >配置通常在管理平面(Management plane)處理，負責設備的配置、監控、管理任務。 D. reply to an incoming ICMP echo request >ICMP操作主要在網路層進行，雖然數據平面會轉發ICMP數據包，但僅僅是ICMP請求不足以體現數據平面的功能。 ::: :::success 155.On workstations running Microsoft Windows, which protocol provides the default gateway for the device? :::danger ANS: A. DHCP >DHCP會自動分配IP位址給設備，同時也提供默認路由、子網路遮罩、DNS及其他配置參數。 **其餘答案不是的原因:** B.STP >STP是在交換器中用於防止環路及建議冗餘的協議，不會提供默認的路由。 C. SNMP >SNMP是負責管理網路和監控的協議，不會提供默認的路由。 D. DNS >DNS主要工作為將域名解析為IP位址，不會提供默認的路由。 ::: :::success 159.A network administrator is asked to configure VLANS 2, 3 and 4 for a new implementation. Some ports must be assigned to the new VLANS with unused remaining. Which action should be taken for the unused ports? :::danger ANS: B. configure ports in a black hole VLAN >black hole vlan又稱"**黑洞vlan**"是專門設置將不必要或惡意的流量丟棄的vlan。 >可以提供網絡的安全性和性能。 ::: :::success 160.How are VLAN hopping attacks mitigated? :::danger ANS: B. manually implement trunk ports and disable DTP >Vlan Hop Attack(Vlan跳躍攻擊)為攻擊者未經授權訪問自身vlan之外的其他vlan的漏洞 >透過禁用DTP(Dynamic Trunk Protocol)協議，可以防止未經授權的設備自動協商和建立連接，進而限制其訪問其他vlan的能力。 ::: :::success 171.Drag Drop :::danger ::: :::success 174.What are two improvements provided by automation for network management in an SDN environment? (Choose two) :::danger ::: :::success 175. :::danger ::: :::success 177. :::danger ::: :::success 179.Drap Drop :::danger ::: :::success 188.A router reserved these five routes from different routing information sources. Which two routes does the router install in its routing table? (Choose two) :::danger ::: :::success 190.Refer to the exhibit. switch(config)#interface gigabitEthernet 1/11 switch(config-if)#switchport mode access switch(config-if)#spanning-tree portfast switch(config-if)#spanning-tree bpduguard enable What is the result if Gig1/11 receives an STP BPDU? :::danger ANS: D. The port goes into error-disable state > 啟用 "**bpduguard**"後，接收到BPDU就會被當成非法的BPDU來源，此時會將端口設置為禁用狀態。 ::: :::success 192.What describes the operation of virtual machines? :::danger ::: :::success 201.Refer to the exhibit. A network administrator must permit SSH access to remotely manage routers in a network. The operations team resides on the 10.20.1.0/25 network. Which command will accomplish this task? :::danger ANS: D. no access-list 2699 deny ip any 10.20.1.0 0.0.0.255 ::: :::success 204.Drag Drop Drag and drop the IPv4 network subnets from the left onto the correct usable host ranges on the right :::danger ::: :::success 209.Why was the RFC 1918 address space defined? :::danger ANS: A. conserve public IPv4 addressing >RFC 1918定義用於節省IPv4位址，使內部網路可使用私人IP位址，而不用為每一個設備配置一個公用IP位址。 >定義了三個私人地址區塊: >10.0.0.0/8 >172.16.0.0/12 >192.168.0.0/16 ::: :::success 211.Refer to the exhibit. cisco_ospf_vrf {"R1 default": ensure => 'present', auto_cost => '100', } Which type of configuration is represented in the output? :::danger ANS: A. Ansible >cisco_ospf_vrf 是 Ansible特有語法。 ::: :::success 224. :::danger ::: :::success 225.When configuring a WLAN with WPA2 PSK in the Cisco Wireless LAN Controller GUI, which two formats are available to select? (Choose two) :::danger ANS: A. ASCII E. hexadecimal ::: :::success 226.DRAG DROP Drag and drop the 802.11 wireless standards from the left onto the matching statements on the right :::danger ::: :::success 228.Refer the Exhebit. Which type of route does R1 use to reach host 10.10.13.10/32? :::danger ANS: D. network route ::: :::success 233.Which technology is used to improve web traffic performance by proxy caching? :::danger ANS: A. WSA >WSA(Web Security Appliance)，WEB的安全設備。 >是一種通過代理緩存來提高WEB流量的技術。 ::: :::success 249.DRAG DROP Refer to the exhibit. An engineer is required to verify that the network parameters are valid for the users wireless LAN connectivity on a /24 subnet. Drag and drop the values from the left onto the network parameters on the right. Not all values are used. :::danger ::: :::success 254. An office has 8 floors with approximately 30-40 users per floor. What command must be configured on the router Switched Virtual Interface to use address space efficiently? :::danger ANS: B. ip address 192.168.0.0 255.255.254.0 ::: :::success 259. :::danger ::: :::success 262.Where is the interface between the control plane and data plane within the software-defined architecture? :::danger ANS: A. control layer and the infrastructure layer >軟體定義架構中,控制平面(Control plane)和數據平面(Data plane)之間的接口是位於控制層(Control layer)和基礎設施層(Infrastructure layer)之間。 > >在軟體定義網路（SDN）中，控制平面負責決策和管理網路中的路由和流量轉發策略，而資料平面負責實際的資料包轉發和處理。控制平面和資料平面之間需要一個介面來進行通訊和交換資訊。 > >控制層位於軟體定義架構的頂層，它包含控制器和相關的網路管理和控制軟體。基礎設施層位於底層，包含實際的網路設備，如交換機和路由器。 ::: :::success 266. :::danger ::: :::success 268.An engineer observes high usage on the 2.4GHz channels and lower usage on the 5GHz channels. What must be configured to allow clients to preferentially use 5GH2 access points? :::danger ANS: D. Client Band Select >客戶端頻段選擇(Client Band Select)是一種功能，可通過設置無線訪問點(AP)，讓客戶端更優先的選擇5GHz的頻段。 ::: :::success 269.Which type of traffic is sent with pure iPsec? :::danger ANS: D. unicast messages from a host at a remote site to a server at headquarters >純IPsec是指用IPsec協議加密和保護數據包的傳輸，不使用其他特定協議或功能。 > ::: :::success 271.An engineer is configuring the NEW York router to reach the Lo1 interface of the Atlanta router using interface Se0/0/0 as the primary path. Which two commands must be configured on the New York router so that it can reach the Lo1 interface of the Atlanta router via Washington when the link between New York and Atlanta goes down? (Choose two) :::danger ANS: A. ipv6 router 2000::1/128 2012::1 E. ipv6 router 2000::1/128 2023::3 5 ::: :::success 272.Which technology can prevent client devices from arbitrarily connecting to the network without state remediation? :::danger ANS: A.802.1x >802.1x 是一種網絡存取控制技術，可以防止客戶端設備在沒有狀態修復的情況下任意連接到網絡。它要求客戶端在與網絡進行身份驗證和授權之前進行身份驗證。 > 通過使用 802.1x，網絡可以實施基於使用者身份的存取控制。客戶端設備在連接到網絡之前需要提供有效的憑證進行身份驗證，如用戶名和密碼、數字證書等。只有通過身份驗證的設備才能獲得網絡存取權限。 ::: :::success 274.Which QoS tool is used to optimize voice traffic on a network that is primarily intended for data traffic? :::danger ANS: C.PQ >PQ(Priority Queueing，優先隊列):會先服務優先級較高的對列。 ::: :::success 275.DRAG DROP Drag and drop the lightweight access point operation modes from the left onto the descriptions on the right :::danger ::: :::success 283.Refer to the exhibit. If R1 receives a packet destined to 172.161.1, to which IP address does it send the packet? :::danger ANS: C. 192.168.14.4 ::: :::success 287.Which protocol requires authentication to transfer a backup configuration file from a router to a remote server? :::danger ANS: B.FTP >FTP(File Transfer Protocol): 用於網路上傳輸文件的協議，需要身分驗證才能進行傳輸動作。 > >**其他答案不是的原因:** > >A.DTP(Dynamic Trunk Protocol): 用於交換機之間動態協商鏈路的協議，不涉及文件傳輸。 >C.SMTP(Simple Mail Transfer Protocol): 用於電子郵件傳輸的協議，不涉及文件傳輸。 >D.TFTP(Trivial File Transfer Protocol): 簡化的文件傳輸協議，不需要身分驗證。 ::: :::success 296.Refer to the exhibit. The default-information originate command is configured under the R1 OSPF configuration After testing workstations on VLAN 20 at Site B cannot reach a DNS server on the Internet. :::danger ANS: B. Configure the ip route 0.0.0.0 0.0.0.0 10.10.10.18 command on R1 ::: :::success 298. An engineer is configuring NAT to translate the source subnet of 10.10.0.0/24 to any of three addresses 192.168.30.1, 192.168.3.2, 192.168.3.3. Which configuration should be used? :::danger ANS: C. enable configure terminal ip nat pool mypool 192.168.3.1 192.168.3.3 prefix-length 30 access-list 1 permit 10.10.0 0.0 0.255 ip nat inside source list 1 pool mypool interface g1/1 ip nat inside interface g1/2 ip nat outside ::: :::success 299.Refer to the exhibit. Based on the LACP neighbor status, in which mode is the SW1 port channel configured? :::danger ANS: D.active ::: :::success 301.A network engineer must create a diagram of a multivendor network. Which command must be configured on the Cisco devices so that the topology of the network can be mapped? :::danger ANS: A. Device(Config)#lldp run >CDP跟LLDP一樣都是發現網路設備的協議，而CDP是Cisco專屬的協議，預設是啟動的，所以要打開lldp協議。 ::: :::success 303.What is the purpose of an SSID? :::danger ANS: D. It identifies a WLAN > SSID（服務集識別碼）是無線區域網（WLAN）中用於識別特定網絡的名稱。 > > SSID是在無線存取點（Wireless Access Point）上配置的，它讓無線設備（如筆記型電腦、智能手機、平板電腦等）能夠識別並連接到特定的無線網絡。當無線設備掃描周圍的無線網絡時，它們會看到廣播的SSID列表，用戶可以從中選擇要連接的網絡。 > > SSID的主要用途是實現無線網絡的識別和區分。通過為每個網絡分配唯一的SSID，用戶可以輕鬆區分不同的無線網絡，並選擇他們想要連接的網絡。SSID還用於控制訪問權限，管理員可以配置無線存取點以隱藏或廣播特定的SSID，從而限制特定用戶或設備的訪問。 > > 需要注意的是，SSID並不提供加密或安全性，它只是一個網絡的標識符。為了保護無線網絡的安全，必須使用其他安全機制（如WPA2加密、預共享密鑰等）來防止未經授權的訪問。 ::: :::success 311.A network administrator enabled port security on a switch interface connected to a printer. What is the next configuration action in order to allow the port to learn the MAC address of the printer and insert it into the table automatically? :::danger ANS: C. enable sticky MAC addressing >MAC黏滯功能: 會將與交換機首次通信的設備MAC位址加入到MAC Table中，是一種端口安全特性。 >可以確保只有該設備能在該端口上運行，防止一些未經允許的設備連入。 ::: :::success 314.Which technology must be implemented to configure network device monitoring with the highest security? :::danger ANS: D.SNMPv3 >SNMPv3（Simple Network Management Protocol version 3）: SNMPv3提供加密和認證功能，可以確保在通過網絡監控設備時的數據傳輸的機密性和完整性。它支持基於使用者名稱和密碼的認證，以及基於加密密鑰的數據加密。使用SNMPv3，管理員可以確保監控數據在傳輸過程中得到保護，只有授權的用戶能夠訪問和解讀監控信息。 ::: :::success 315.Which protocol prompts the Wireless LAN Controller to generate its own local web administration SSL certificate for GUI access? :::danger ANS: A.HTTPS >當使用HTTPS（HyperText Transfer Protocol Secure）協議訪問無線局域網控制器的GUI時，它會提示控制器生成自己的本地Web管理SSL憑證。HTTPS是一種安全的HTTP協議，使用SSL（Secure Sockets Layer）或TLS（Transport Layer Security）協議對數據進行加密和身份驗證，以保護在網絡上傳輸的數據的安全性。 > 其他答案不是的原因: >B. RADIUS：RADIUS（Remote Authentication Dial-In User Service）是一種用於網絡設備和用戶身份驗證的協議，與無線局域網控制器生成本地Web管理SSL憑證無直接關聯。 > >C. TACACS+：TACACS+（Terminal Access Controller Access-Control System Plus）是一種用於網絡設備和用戶身份驗證的協議，與無線局域網控制器生成本地Web管理SSL憑證無直接關聯。 > >D. HTTP：HTTP（HyperText Transfer Protocol）是一種用於在網絡上傳輸超文本文檔的協議，不提供加密和安全性。無線局域網控制器通常不會為HTTP訪問生成本地Web管理SSL憑證。 ::: :::success 320.A router running EIGRP has learned the same route from two different paths. Which parameter does the router use to select the best path? :::danger ANS: C. metric >EIGRP是採用metric去選擇路徑。 ::: :::success 324.What is a characteristic of private IPv4 addressing? :::danger ANS: D. used without tracking or registration >私有IP是不需要追蹤或註冊下就可以使用的。 ::: :::success 347.What makes Cisco DNA Center different from traditional network management applications and their management of networks? :::danger ANS: C. It abstracts policy from the actual device configuration >Cisco DNA Center 與 Traditional Network不同之處在於DNA Center用策略去管理網路設備，而不用實際配置實體設備上的設置。 >這種將策略和實體設備配置分離的方法提高更高的靈活性、可擴展性。 ::: :::success 352.Drag Drop :::danger ::: :::success 358.The service password-encryption command is entered on a router. What is the effect of this configuration? :::danger ANS: A. restricts unauthorized users from viewing clear-text passwords in the running configuration >service password-encryption 在路由器中會加密明文密碼。 >密碼會以加密形式顯示，可防止未經授權的用戶查看，提高密碼外洩的可能，增強網路的安全性。 ::: :::success 359.Refer to the exhibit. For security reasons, automatic neighbor discovery must be disabled on the R5 Gi0/1 interface. These tasks must be completed: • Disable all neighbor discovery methods on R5 interface Gi0/1. • Permit neighbor discovery on R5 interface Gi0/2. • Verify there are no dynamically learned neighbors on R5 interface Gi0/1. • Display the IP address of R6*s interface Gi0/2. Which configuration must be used? :::danger ANS: C. R5(config)#int Gi0/1 R5(config-if)#no cdp enable R5(config-if)#exit R5(config)#no lldp run R5(config)#cdp run R5#sh cdp neighbor detail R5#sh lldp neighbor ::: :::success 360.Which action must be taken to assign a global unicast IPv6 address on an interface that is derived from the MAC address of that interface? :::danger ANS: B. enable SLAAC on an interface >SLAAC是IPv6中一種自動配置地址的功能。 >利用埠口的MAC位址和網路前綴自動生成IPv6的global unicast。 ::: :::success 363.Which action is taken by a switch port enabled for PoE power classification override? :::danger ANS: D. Should a monitored port exceeds the maximum administrative value for power, the port is shutdown and err-disabled >PoE（Power over Ethernet）是一種技術，允許乙太網路為連接的設備提供電力。 >當啟用PoE功率覆蓋時，交換機會對連接的設備進行功率分類，分配適當的電力。 >所以如果超過端口管理最大值時，也同時超出的交換機的支援上限，為了防止設備超載或故障，端口會關閉並變成禁用狀態。 ::: :::success 364.While examining excessive traffic on the network, it is noted that all incoming packets on an interface appear to be allowed even though an IPv4 ACL is applied to the interface. Which two misconfigurations cause this behavior? (Choose two) :::danger ANS: B. A matching permit statement is too high in the access test C. A matching permit statement is too broadly defined >A不是的原因: 當設置ACL後，就具有默認的拒絕狀態，基本上ACL不能為空 ::: :::success 365.which IPv6 address block forwards packets to a multicast address rather than a unicast address? :::danger ANS: D. FF00::/12 >IPv6使用多播地址来將數據包發送到多个目标設備。多播地址範圍是FF00::/8，其中前12位为固定的值FF。因此，FF00::/12表示IPv6的多播地址範圍。 ::: :::success 366.Which configuration management mechanism uses TCP port 22 by default when communicating with managed nodes? :::danger ANS: A. Ansible >Ansible: 開源自動化工具，用於配置管理、部屬應用程式和任務自動化。 >使用SSH協議通信，默認端口為TCP Port 22。 > >其他答案不適的原因: >B. Python: 高級編程語言，用於開發各種腳本和應用程式。並非配置管理機制，而是一種編程語言。 >C. Puppet: 自動化配置管理工具，用於部屬、管理和維護系統配置。使用自己的通信協議，而非TCP Port 22。 >D.Chef: 自動化配置管理工具，用於管理基礎架構的配置和部屬。使用自己的通信協議，而非TCP Port 22。 ::: :::success 371.A network administrator needs to aggregate 4 ports into a single logical link which must negotiate layer 2 connectivity to ports on another switch. What must be configured when using active mode on both sides of the connection? :::danger ANS: D. LACP >LACP(Link Aggregation Control Protocol)鏈路聚合協定，用於將多個物理接口形成一個邏輯街口，進而增加頻寬和可靠性。 >LACP有兩種模式: 主動模式(Active mode)和被動模式(Passive mode)。 >當兩端設備都設置為主動模式，會發送LACP數據包進行協商並建立鏈路聚合，這種配置通常用於實現對等的鏈路聚合，以增加頻寬和冗餘。 ::: :::success 373.Drag Drop :::danger ::: :::success 376.Refer to the exhibit. What is the effect of this configuration? :::danger ANS: A. The switch port interface trust state becomes untrusted ::: :::success 378.Refer to the exhibit. If configuring a static default route on the router with the ip route 0.0.0.0 0.0.0.0 10.13.0.1 120 command how does the router respond? :::danger ANS: A. It ignores the new static route until the existing OSPF default route is removed ::: :::success 380.Refer to the exhibit. Which IPv6 configuration is required for R17 to successfully ping the WAN interface on R18? :::danger B. Option B ::: :::success 397.Refer to the exhit. Router R1 is running three different routing protocols. Which route characteristic is used by the router to forward the packet that it receives for destination IP 172.16.32.1? :::danger A.longest prefix >最長前綴: 在不同的網絡之下，較大的最長前綴優先權較高。 >管理距離: 在相同的網路之下，較低的管理距離優先權較高。 ::: :::success 415.An engineer must configure traffic for a VLAN that is untagged by the switch as it crosses a trunk link. Which command should be used? :::danger ANS: B. switchport trunk native vlan 10 >要能讓數據流量通過交換機而不被打上Vlan Tag，就要將trunk port設置在原生Vlan上。 ::: :::success 416.Refer to the exhibit. A packet is being sent across router R1 to host 172.16.3.14. What is the destination route for the packet? :::danger ANS: A. 209.165.200.254 via Serial0/0/1 ::: :::success 417.A device detects two stations transmitting frames at the same time. This condition occurs after the first 64 bytes of the frame is received interface counter increments? :::danger ANS: D.late collision ::: :::success - [ ] 420.Refer to the exhibit. Which command configures a floating static route to provide a backup to the primary link? :::danger ANS: D. ip route 209.165.200.224 255.255.255.224 209.165.202.129 254 ::: :::success 423.What is a function of TFTP in network operations? :::danger ANS: D. transfers IOS images from a server to a router for firmware upgrades >TFTP（Trivial File Transfer Protocol）是一種簡單的文件傳輸協議。 >在網路運維中，常將TFTP用於傳輸Router的IOS Image從伺服器傳送至路由器，進行硬體的更新。 >雖然TFTP是傳輸的協議，但一般傳輸文件會由FTP去執行。 ::: :::success 427.How does CAPWAP communicate between an access point in local mode and a WLC? :::danger ANS: D. The access point has the ability to link to any switch in the network, assuming connectivity to the WLC >CAPWAP（Control and Provisioning of Wireless Access Points）是一種網路協議，定義了AP和控制器之間的**通信方式**和**消息格式**。 >用於**管理**和**配置**無線接入點（Wireless Access Points，APs)，是一種輕量級的協議，在於簡化無線網路的**管理**和**部屬**。 >CAPWAP允許集中式的網路控制器(例如無線網域控制器，Wireless LAN Controller，WLC)與多個AP通信。 >可以透過CAPWAP統一發送配置、管理命令、硬體更新到AP上，同時蒐集AP上的狀態信息和事件報告。 >CAPWAP通過在AP和WLC之間建立**邏輯隧道**，將**控制命令**和**數據流量**分開。 >控制命令會在CAPWAP隧道中傳輸，而數據流量會在AP和客戶端之間傳輸，提升網路效能。 >CAPWAP能使管理員集中管理和配置AP，同時提供統一的驗證和安全策略，也支援動態調整AP的配置和管理，以適應網絡的變化和需求。 ::: :::success - [ ] 429.Refer to the exhibit. An access list is created to deny Telnet access from host PC-1 to RTR-1 and allow access from all other hosts A Telnet attempt from PC-2 gives this message:"% Connection refused by remote host" Without allowing Telnet access from PC-1, which action must be taken to permit the traffic? :::danger ANS: A. Add the access-list 10 permit any command to the configuration ::: :::success - [ ] 430.Refer to the exhibit. An engineer configured the New York router with state routes that point to the Atlanta and Washington sites. When command must be configured on the Atlanta and Washington routers so that both sites are able to reach the loopback2 interface on the New York router? :::danger ANS: C. ipv6 route ::/0 Serial 0/0/0 ::: :::success - [ ] 431.Refer to Exhibit. Which configuration must be applied to the router that configures PAT to translate all addresses in VLAN 200 while allowing devices on VLAN 100 to use their own IP addresses? :::danger ANS: D. Option D ::: :::success 436.Refer to the exhibit. To which device does Router1 send packets that are destined to host 10.10.13.165? :::danger B. Router3 >因為題目中10.10.13.165包含在路由表10.10.13.160/29中，而10.10.13.160/29又是通過10.10.10.5。 >而Router 3的10.10.10.4/30中，包含可用主機10.10.10.5和10.10.10.6，因此選Router 3。 ::: :::success 437.Where does a switch maintain DHCP snooping information? :::danger ANS: D. in the frame forwarding database >DHCP Snooping(動態主機配置協議監聽)是一種網路安全的功能。 >用於防止惡意DHCP Server和惡意DHCP的攻擊，通過監視和驗證特定端口的DHCP回應來保護網絡。 >而DHCP Snooping的相關信息都會存放在綁定資料庫中。 ::: :::success 440.Which mode must be set for APs to communicate to a Wireless LAN Controller using the Control and Provisioning of Wireless Access Points (CAPWAP) protocol? :::danger D. lightweight >在WLC使用CAPWAP協議和APs通信時，AP需設置為lightweight(輕量級)模式下，才會與WLC建立CAPWAP隧道，將管理和控制數據傳送給WLC。 ::: :::success 442.An engineer requires a scratch interface to actively attempt to establish a trunk link with a neighbor switch. What command must be configured? :::danger ANS: B. switchport mode dynamic desirable >題目中說到 "attempt" 主動嘗試與鄰居建立關係。 >desirable mode -> 主動嘗試將端口轉為trunk port。 >auto mode -> 願意將端口轉為trunk port ::: :::success 443.What is the same for both copper and fiber interfaces when using SFP modules? :::danger ANS: B. They provide minimal interruption to services by being hot-swappable >SFP(Small Form-factor Pluggable) Module -SFP模組，是一種用於網路設備的熱插拔光模組。 >可用於(交換機、路由器)的SFP插槽中使用。 >SFP Module廣泛用於乙太網路和光纖網路中，提升了靈活性和可升級性，使網絡可以支援不同的光纖類型(單模、多模)和不同的傳輸速率。 >SFP Module亦可用熱插拔的方式進行更換和升級，無須中斷網路設備的運行，大幅提升，也讓網路管理和維護變得更加靈活和便捷。 ::: :::success 448.Refer to the exhibit. An engineer assumes a configuration task from a peer Router A must establish an OSPF neighbor relationship with neighbor 172 1 1 1. The output displays the status of the adjacency after 2 hours. What is the next step in the configuration process for the routers to establish an adjacency? :::danger >A. Configure router A to use the same MTU size as router >運行OSPF的情況下，若Router MTU大於相鄰的Router，則會被忽略該數據包，所以要在兩端設置相同的MTU。 ::: :::success 449.Which QoS per-hop behavior changes the value of the ToS field in the IPv4 packet header? :::danger ANS: D. marking >Marking是一種QoS的策略，通過修改數據包的Header，來區分數據包的類別或優先級。 >在IPv4數據包中，ToS(現在通常稱為DSCP字段，Differentiated Services Code Point)，用於指定數據包的服務質量要求。 >網絡中的路由器或交換器可以根據ToS字段進行相應的處理和轉發。 ::: :::success - [ ] 459.Which two components comprise part of a PKI? (Choose two.) :::danger ANS: C. CA that grants certificates E. one or more CRLs >PKI(Public Key Infrastructure)由兩部分組成: > >1.CA(Certificate Authority)-證書頒發機構: >是頒發證書的實體機構。 >驗證使用者的身分，會向使用者生成一個帶有公鑰和身分信息的證書。 > >2.CRL(Certificate Revocation List)-證書撤銷列表: >CRL是CA維護的列表，用於標示已經撤銷的證書。 >包含撤銷證書的序列號和相關信息，客戶端可以從CRL驗證證書的有效性，查看證書是否被撤銷。 ::: :::success 461.An engineer must configure R1 for a new user account. The account must meet these requirements: * It must be configured in the local database. * The username is engineer. * It must use the strongest password configurable. Which command must the engineer configure on the router? :::danger ANS: B. R1(config)# username engineer2 secret 5 .password S1$b1Ju$kZbBS1Pyh4QzwXyZ > secret 5指的是 SHA-256的加密演算法，密碼也符合最高強度。 ::: :::success - [ ] 462.Which interface mode must be configured to connect the lightweight APs in a centralized architecture? :::danger ANS: D. access ::: :::success - [ ] 469.DRAG DROP Drag and drop the Rapid PVST+ forwarding slate actions from the loft to the right. Not all actions are used. :::danger ::: :::success - [ ] 484.Which PoE mode enables powered-device detection and guarantees power when the device is detected? :::danger ANS: B. static ::: :::success 491.Refet to the exhibit. The link between PC1 and the switch is up. but it is performing poorly. Which interface condition is causing the performance problem? :::danger ANS: B. There is an issue with the fiber on the switch interface. >在 "auto" 模式下，能檢測到正確的速率，但無法正確檢測到雙功模式。 >因此，可能會產生 auto 模式配置為半雙功模式，導致兩邊端口雙功模式不匹配，導致性能下降。 ::: :::success 494.Refer to the exhibit. What is a reason for poor performance on the network interface? :::danger ANS: B. The cable connection between the two devices is faulty. ::: :::success 500.What is one reason to implement LAG on a Cisco WLC? :::danger ANS: B. to provide link redundancy and load balancing >LAG(Link Aggregation Group)-鏈路聚合組。 >鏈路聚合主要功能為將多個物理街口合併成一個邏輯接口，進而增加冗餘性和可用性。 ::: :::success - [ ] 526.CORRECT TEXT Drag and drop the functions of SNMP fault-management from the left onto the definitions on the right. :::danger ::: :::success 532.Refer to the exhibit. Which two commands when used together create port channel 10? (Choose two.) :::danger ANS: A. int range g0/0-1 channel-group 10 mode active C. int range g0/0-1 channel-group 10 mode passive ::: :::success 535.Refer to the exhibit. A company is configuring a failover plan and must implement the default routes in such a way that a floating static route will assume traffic forwarding when the primary link goes down. Which primary route configuration must be used? :::danger ANS: A. ip route 0.0.0.0 0.0.0.0 192.168.0.2 GigabitEthernetl/0 >一個正確的指定路由-> destIP | Interface | Next Hop ::: :::success 540.Refer to the exhibit. An engineer built a new L2 LACP EtherChannel between SW1 and SW2 and executed these show commands to verify the work. Which additional task allows the two switches to establish an LACP port channel? :::danger D. Change the channel-group mode on SW1 to active or passive. >要建立LACP Channel，兩端的配置必須一個為主動一個為被動 >mode on = active >因此，要將SW1的Chaneel-Group改成主動或被動。 ::: :::success 547.Refer to the exhibit. Users need to connect to the wireless network with IEEE 802. 11r-compatible devices. The connection must be maintained as users travel between floors or to other areas in the building. What must be the configuration of the connection? :::danger ANS: C. Enable Fast Transition and select the FT 802.1x option. >IEEE 802. 11r 是快速漫遊的IEEE標準。 >其漫遊技術稱為快速轉換(FT) >https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/80211r-ft/b-80211r-dg.html ::: :::success 550.Refer to the exhibit. An engineer is configuring the HO router. Which IPv6 address configuration must be applied to the router fa0'1 interface for the router to assign a unique 64-brt IPv6 address to Itself? :::danger ANS: A. ipv6 address 2001:DB8:0:1:C601:42FF:FE0F:7/64 >要生成IPv6地址有眾多方法，其中一種便是"**EUI-64**"。 >EUI-64從MAC位址生成64位元的Interface ID。其使用設備一部分的MAC位址，並以特定的位元操作，生成一個唯一的64位元接口標示符(Interface ID)。 >具體來說，是使用設備的48位元MAC位址，並將其分成兩半於中間插入固定的位元模式(FF:FE)，確保生成的IPv6位址是唯一的。 >因此在題目中，儘管A選項沒有遵照EUI-64的方式，但是是唯一相似的。 ::: :::success 551.Refer to the exhibit. Host A switch interface is configured in VLAN 2. Host D sends a unicast packet destined for the IP address of host A. What does the switch do when it receives the frame from host D? :::danger C. It shuts down the source port and places It In err-disable mode. >若Host D的MAC位址沒有在Sw1的MAC Table中，當Host A收到單播數據包時，可能會認為是欺騙攻擊或是異常的地址學習，進而關閉該端口將狀態變成err-disable 模式，提醒網絡管理員檢查設備安全。 ::: :::success - [ ] 554.Refer to the exhibit. How many objects are present in the given JSON-encoded data? :::danger ANS: C. seven ::: ::: :::success 570.Refer to the exhibit. How many JSON objects are presented? :::danger ANS: D.4 >JSON的每一個物件都會以逗號區隔。 ::: :::success 573.What is the role of community strings in SNMP operations? :::danger B. It serves as a password lo protect access to MIB objects. >Community strings在SNMP中是作為"**密碼**"。 >用於驗證和保護對網絡設備的訪問。 ::: :::success - [ ] 576.Refer to the exhibit. A network engineer must update the configuring on switch2 so that it sends LLDP packets. :::danger A. Switch2(config)#lldp timer 60 Switch2(config)#lldp holdtime 180 ::: :::success - [ ] 584.Refer to the exhibit. :::danger 此題有爭議。 ::: :::success 586.A WLC sends alarms about a rogue AP, and the network administrator verifies that the alarms are caused by a legitimate autonomous AP. :::danger ANS: D. Set the AP Class Type to Friendly. >當WLC檢測到不在旗下的AP時，會發送惡意AP的警報。 >所以當網絡中安裝了自治性的合法AP時，便會跳出惡意警報的通知。 >因此要此類型AP設置為"友好"，告訴WLC不再發送惡意警報。 ::: :::success 589.Refer to the exhibit. What is represented by the word "switch’’ in line 2 of the JSON schema? :::danger ANS: B.key >JSON的資料格式: > >{"**switch**":"**3750**"} >↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑↑ >{"**name**":"**value**"} ::: :::success - [ ] 590.Refer to the exhibit. Which next-hop IP address has the least desirable metric when sourced from R1? :::danger ANS: C. 10.10.10.4 此題有爭議。 ::: :::success - [ ] 593.DRAG DROP Drag and drop the statements about access-point modes from the left onto the corresponding modes on the right. :::danger ::: :::success - [ ] 609.Refer to the exhibit. A network engineer must provide configured IP addressing details to investigate a firewall rule Issue. Which subnet and mask Identify what is configured on the en0 interface? :::danger ANS: C. 10.8.128.0/19 >ffff = 1111 1111 = 255 >e0 = 1110 0000 = 224 >00 = 0000 0000 = 0 ::: :::success 610.DRAG DROP Drag and drop the IPv6 addresses from the left onto the corresponding address types on the right. :::danger ::: :::success - [ ] 611.What is the MAC address used with VRRP as a virtual address? :::danger ANS: B. 00-00-5E-00-01-0a >0000.5E00.01xx 是 VRRP 虛擬 MAC（答案 A，xx=0A 組） >0000.0c07.acxx 是 HSRP 虛擬 MAC 地址（答案 C，xx=99） >0007.b400.xxyy 是 GLBP 虛擬 MAC（不在答案中) ::: :::success - [ ] 612.What determines the sequence in which materials are planned during the material requirements planning (MRP) run? :::danger ANS: C. The low-level code of the materials ::: :::success 619.When should an engineer implement a collapsed-core architecture? :::danger ANS: A. for small networks with minimal need for growth >摺疊核心架構較適合小型組織 ::: :::success - [ ] 630.A router has two static routes to the same destination network under the same OSPF process. How does the router forward packets to the destination if the next-hop devices are different? :::danger ASN: D. The router chooses the next hop with the lowest IP address. 有疑慮 ::: :::success 644.The clients and OHCP server reside on different subnets. Which command must be used to forward requests and replies between clients on the 10.10.0.1/24 subnet and the DHCP server at 192.168.10.1? :::danger ANS: C. ip helper-address 192.168.10.1 >"ip helper-address"命令用於將特定IP地址配置為輔助地址，用于轉發特定類型的網絡流量，例如DHCP請求，通常設置在路由器或三層交換器上。 >因此將192.168.10.1配置為輔助地址，客戶端就可以將請求發送給DHCP Server。 ::: :::success - [ ] 647.DRAG DROP Drag and drop the elements of a security program from the left onto the corresponding descriptions on the right :::danger ::: :::success 651.A Cisco engineer at a new branch office is configuring a wireless network with access points that connect to a controller that is based at corporate headquarters Wireless client traffic must terminate at the branch office and access-point survivability is required in the event of a WAN outage. Which access point mode must be selected? :::danger ANS: D. FlexConnect with local switching enabled >FlexConnet Mode可以在WAN斷開連接後，依舊為本地網絡提供連接和服務。 ::: :::success 653.Which functionality is provided by the console connection on a Cisco WLC? :::danger ANS: A. out-of-band management >ANS: >Out-of-band management*(帶外管理)，指的是遠程的獨立管理通道，允許系統管理員遠端監控及管理。 ::: :::success 654.What is the collapsed layer in collapsed core architectures? :::danger ANS: D. core and distribution >Collapsed core architecture(摺疊核心架構)是一種傳統網路結構中的核心層和分發層合併。 >優點有: >1.簡化網絡結構: 減少設備數量和連接點，簡化了結構，且降低維護和管理需求。 >2.提高網絡效率: 減少設備之間的轉發和延遲，提升傳輸速率和回應時間。 >3.節省成本: 由於設備數量需求較小，降低硬體成本。 >4.增強可伸縮性: 可適應不斷增長的網絡需求。 ::: :::success 657.A packet from a company's branch office is destined to host 172.31.0.1 at headquarters. The sending router has three possible matches in its routing table for the packet: prefixes 172.31.0.0/16, 172.31.0.0/24, and 172.31.0.0/25. How does the router handle the packet? :::danger ANS: D. It sends the traffic via prefix 172.31.0.0/25 >路由器在選擇路徑時，會根據: > >最長前綴 > AD值 > 路由協定 ::: :::success 658.What is the put method within HTTP? :::danger ANS: C. It replaces data at the destination. >在HTTP中，PUT方法是用於向指定的URL位址存儲資源或是替換目標資源的方法。 >其他幾種方式: >GET: 從指定的URL位址獲取資源，即向服務器請求特定位置的數據。常用於獲取網頁、圖片、文檔或靜態資。 > >POST: 向服務器提交新的數據，通常是建立新的資源或是將數據發送至服務器進行處理。與"**PUT**"方法不同，POST方法通常不會替換掉現有資源，而是建立一個新的資源。POST方法不是幂等地，多次POST可能會產生不同結果 > >DELETE: 用於從服務器刪除指定URL位址的資源。DELETE是幂等的，多次結果是相同的。 > >HEAD: 類似於"**GET**"方法。但不返回實際的數據。客戶端發送HEAD請求至服務器，服務器回應內容類型、內容長度等數據。這對於只需要知道資源的元數據而不需要整個實際內容的情況非常好用。 > >PATCH: 用於對現有資源進行局部的更新。客戶端發送PATCH請求只需要傳送需要修改的部分數據而不是整個資源，允許對資源進行增量更新。 >通常用於更新特定屬性或特定內容。 ::: :::success - [ ] 663.Refer to the exhibit. What is the next hop for traffic entering R1 with a destination of 10.1.2 126? :::danger ANS: C. 10.165.20.166 有疑慮 ::: :::success 665.Refer to the exhibit. A network administrator must permit traffic from the 10.10.0.0/24 subnet to the WAN on interlace Seria10. What is the effect of the configuration as the administrator applies the command? :::danger ANS: D. The router fails to apply the access list to the interface. >因為ip access-list 10 in不是一個有效的語法，正確語法是ip access-group 10 in。 ::: :::success - [ ] 668.DRAG DROP Drag and drop the IPv6 address description from the left onto the IPv6 address types on the right. Not all options are used. :::danger 答案有問題 ::: :::success - [ ] 675.Which advantage does the network assurance capability of Cisco DNA Center provide over traditional campus management? :::danger ANS: C. Cisco DNA Center leverages YANG and NETCONF to assess the status of fabric and nonfabric devices, and traditional campus management uses CLI exclusively. >答案有疑慮 ::: :::success - [ ] 683.DRAG DROP Drag and drop the wireless architecture benefits from the left onto the architecture types on the right. :::danger ::: :::success 687.What are two examples of multifactor authentication? (Choose two.) :::danger ANS: B. unique user knowledge D. soft tokens >Unique User knowledage: 回答一個該用戶才知道的問題。 >Soft Tokens: 提供單個對話登錄的OTP密碼。 ::: :::success - [ ] 688.Refer to the exhibit. Rapid PVST+ mode is on the same VLAN on each switch. Which switch becomes the root bridge and why? :::danger ANS: 答案有疑慮 ::: :::success 691.What is the purpose of using First Hop Redundancy Protocol on a specific subnet? :::danger ANS: D. forwards multicast hello messages between routers >FHRP的目的在於建立一個子網內可靠的第一跳冗餘。 >當多個路由器作為第一跳路由時，FHRP可以保證在其中一個路由器故障時，仍然有備用路由器可以進行接收和轉發數據。 >而在多個路由器之間進行Hello消息的傳送，目的在於: >1.發現故障: 若發送Hello消息給其他路由器，若該路由器時間內沒做回應，則會將其視為故障，排除在冗餘之外。 >2.最佳路徑: 當有多個路由器作為第一跳存在時，FHRP可以根據路由器的優先級(Priority)或是其他標準去選擇最佳的路徑，以提高網絡的效率。 >3.實施快速故障切換: 若當前所使用的路由器出現故障時，可以快速地將流量切換至備用的路由器，降低故障的時間，確保網絡的可靠性。 ::: :::success - [ ] 709.Refer to the exhibit. Traffic from R1 to the 10.10.2.0/24 subnet uses 192.168.1.2 as its next hop. An network engineer wants to update the R1 configuration so that traffic with destination 10.10.2.1 passes through router R3, and all other traffic to the 10.10.20/24 subnet passes through r2. Which command must be used? :::danger ANS: D. Ip route 10.10.2.1 255.255.255.255 192.168.1.4 100 >這題看不懂 ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger ::: :::success :::danger :::