思科认证考试(CCNA)考试模拟题01—19及答案(6)
添加时间: 2007-9-3 22:07:56 作者: Cisco认证考试 阅读次数:78 来源: http://www.d9soft.com
Router_B#show protocol
Global values:
Internet Protocol routing is enabled
Appletalk routing is enabled
BRI0 is administratively down, line protocol is down
BRI0:1 is administratively down, line protocol is down
BRI0:2 is administratively down, line protocol is down
Serial0 is administratively down, line protocol is down
Serial1 is administratively down, line protocol is down
Serial2 is administratively down, line protocol is down
Serial3 is administratively down, line protocol is down
TokenRing0 is administratively down, line protocol is down
14. [xxNx] Which of the following are true of access lists?
a) Access list should have at least one permit statement.
b) The last configured line should always be a permit statement.
c) Every access-list will implicitly deny all traffic.
d) Access-lists are processed top down.
e) All of the above.
Answer
e) All of the above.
Every access list has an implicit deny all at the end. What would the need be to create a access list with just deny statements. Access-list are processed from the top down therefore the order of each statement could be critical, for instance suppose you created an access list and the first line was a permit any and the next line was a deny. Since it’s top down processing a packet would be permitted to pass on the first line and the second line would never be executed. An extended list will give you a "match count" that will help in determining what the most efficient order should be.
15. [xxNx] If the access-group command is configured on an interface and there is no access-list created which of the following is most correct?
a) An error message will appear.
b) The command will be executed and deny all traffic out.
c) The command will be executed and permit all traffic out.
d) The command will be executed and permit all traffic in and out.
e) The command will be executed and deny all traffic in and out.
Answer
d) The command will be executed and permit all traffic in and out.
There are two steps to use an access list .
1. Create the list
2. Place the access list on a interface
The analogy I use in class is:
Suppose you reside in a gated community. The community is not protected until you hire the guard and then place him at the gate. If you hire the guard and never place him at the gate all traffic will be permitted.
When there is no access list on an interface it is implicit permit any
When an access list is placed on a interface it is implicit deny any
16. [xxNx] What is the result of the command?
" access-list 101 permit tcp any 172.16.0.0 0.0.255.255 established"
a) telnet sessions will be permitted regardless of the source address
b) telnet sessions will be denied regardless of the source address
c) telnet sessions will be denied if initiated from any address other than 172.16.0.0 network
d) telnet sessions will be permitted to the 172.16.0.0 network only
e) telnet sessions will be denied to the 172.16.0.0 network only
Answer
c) telnet sessions will be denied if initiated from any address other than 172.16.0.0 network
The secret to this question is the key word "established." Established means that the packet will be permitted unless it is the first part of the three way handshake. Recall that when we initiate a TCP connection we have no ACK. How can we acknowledge a sequence number from the other side when we have not established a session with him?
17. [xxNx] Which is generally true of the location of access-lists? (Choose all that apply.)
a) Standard lists will most likely be placed close to the destination.
b) Standard lists will most likely be placed close to the source.
c) Extended lists will most likely be placed close to the destination.
d) Extended lists will most likely be placed close to the source.
e) It does not matter.
Answer
a) Standard lists will most likely be placed close to the destination.
d) Extended lists will most likely be placed close to the source.
A standard list will only check the source address. It makes no difference where the packet is going. If you place a standard list close to the source you could very well be denying that traffic to go to other destinations. An extended list can be placed close to the source because we can permit or deny traffic based upon the source and destination address. This insures that only traffic we wish to have denied is denied.
18. [RxNx] Which of the following is most correct?
a) IP is to TCP. as IPX is to SPX.
b) RTMP is to Appletalk as IP RIP is to IP.
c) NLSP is to IPX as OSPF is to IP.
d) a is true.
e) b is true.
f) a & b are true.
g) c is true.
h) b & c are true.
i) a, b and c are true.
Answer
i) a, b and c are true.
19. [ExNx] If Host A sends a packet to Host B over ethernet and Host B is not active:
a) The packet will time out.
b) The packet will be removed by Host A.
c) The NVRAM of Host B will remove the packet.
d) The packet will "die" when it reaches the terminator.
e) The packet will be removed by the token monitor.
Answer
d) The packet will "die" when it reaches the terminator.
上一篇文章: 思科认证考试(CCNA)考试模拟题01—19及答案(5) 下一篇文章: 思科认证考试(CCNA)考试模拟题20—39及答案(1)
相关文章: