1. Which mechanism provides a scalable multiprotocol tunneling framework with optional dynamic routing?以下哪项技术提供了可扩展的多协议隧道架构,并支持动态路由协议?
A.NHRP
B.IPsec
C.GRE
D.802.1X
E.None of these answers are correct. 以上皆不对。
A B C D E
C
2. Which mechanism provides dynamic mutual discovery of spoke devices?以下哪项技术支持分支设备之间的动态发现?
A.GRE
B.IKE
C.NHRP
D.DHCP
E.Expired Certificate List过期证书列表
A B C D E
C
3. Which mechanism provides key management and transmission protection?以下哪项技术提供了密钥管理和传输保护的功能?
A.NHRP
B.GRE
C.mGRE
D.IDS/IPS
E.IKE+IPsec
A B C D E
E
4. To integrate PKI-based authentication with site-to-site VPNs, which protocol must be configured to use PKI-based authentication?为了整合基于PKI的认证与站点到站点VPN,你必须配置以下哪项协议才能使用基于PKI的认证?
A.IKE
B.GRE
C.AAA
D.RSA
E.VPN
A B C D E
A
5. DMVPNs can use pre-shared keys or PKI-based IKE authentication. Either choice is acceptable for a hub-and-spoke network, but which of the following is recommended for a fully meshed network? DMVPN支持使用预共享密钥或基于PKI的IKE认证。对于中心到分支模型的拓扑,这两种认证方法都是可接受的;但是对于全互连模型的拓扑,你应当优选使用以下哪项认证方法?
A.IPsec
B.DH group 14
C.Pre-shared keys预共享密钥
D.PKI-based authentication基于PKI的认证
A B C D
D
6. GRE uses which IP protocol in combination with IPsec VPNs to pass routing information between connected networks?当与IPSec VPN结合使用,并在两个网络之间传递路由更新信息时,GRE所使用的IP协议号字段为?
A.89
B.50
C.47
D.51
E.None of these answers are correct.以上皆不对。
A B C D E
C
7. When a spoke router initially connects to a DMVPN, it registers its inner (tunnel) and outer (physical interface) IP address with which of the following?当一台分支路由器发起到DMVPN的连接时,它需要向谁注册自己的内部(隧道)及外部(物理接口)IP地址?
A.NHRP server NHRP服务器
B.DHCP server DHCP服务器
C.Cisco ACS Server Cisco ACS服务器
D.Cisco Security Manager Cisco安全管理器
E.None of these answers are correct. 以上皆不对
A B C D E
A
8. What Cisco IOS Software command designates the tunnel interface as multipoint GRE mode? 以下哪条Cisco IOS软件命令能够指定隧道接口为多点GRE模式?
A.tunnel source
B.tunnel destination
C.tunnel mode gre multipoint
D.interface gre 0/0 multipoint
A B C D
C
9. If a DMVPN spoke router is configured with a point-to-point GRE interface, the spoke will only participate in which type of topology? 如果DMVPN分支路由器配置了点到点的GRE接口,那么该分支只能参与哪种类型的拓扑?
A.Strict hub-and-spoke严格的中心到分支
B.Partial mesh部分互连
C.Full mesh全互连
D.Token ring令牌环网
E.None of these answers are correct. 以上皆不对
A B C D E
A
10. On the hub,what is the main factor that determines whether the DMVPN will operate as strict hub-and-spoke or as partially/full mesh?在中心站点上,以下哪项决定了DMVPN是以严格的中心到分支模型,还是以全互连/部分互连模型来操作的主要因素?
A.Routing protocol functions路由协议的限制
B.Network administrator preference网络管理员的优选
C.Bandwidth to the hub去往中心站点的带宽
D.Cisco router hardware model Cisco路由器的硬件型号
E.Cisco IOS Soft-ware Release Cisco IOS软件版本
A B C D E
A
11. What can be used to mitigate device failure?以下哪项可被用于规避设备故障?
A.Single ISP transport networks单个ISP传输网络
B.Multiple ISP transport networks多个ISP传输网络
C.Multiple devices at a site一个站点部署多个设备
D.Redundant interfaces on a VPN device VPN设备上的多个接口
A B C D
C
12. What can be done to provide high availability when the cost of redundant devices cannot be justified?当部署冗余设备的成本过高时,以下哪项可被用于提供高可用性?
A.Use single ISP transport networks使用单个ISP传输网络
B.Use multiple ISP transport networks使用多个ISP传输网络
C.Use redundant interfaces使用冗余接口
D.Use multiple devices at a site一个站点多个设备
A B C D
C
13. When a transport network is not under organizational control, it might be necessary to choose which of the following?当传输网络不在企业或机构的管辖之内时,以下哪项可被用于提供冗余?
A.A different VPN technology另一种VPN技术
B.Traditional WAN circuits传统的WAN电路
C.Point-to-multipoint topology点到多点技术
D.Redundant routers冗余路由器
E.Multiple independent transport networks多个独立的传输网络
A B C D E
E
14. Which interface command can be used to choose the best path when deploying the dynamic routing protocol OSPF?当部署OSPF作为动态路由协议时,以下哪条接口命令能被用于调整最佳的路径选择?
A.ip ospf cost
B.ip ospf tuning
C.ip ospf path
D.ip ospf router
E.None of these answers are correct. 以上皆不对
A B C D E
A
15. In a VTI-based IPsec VPN, traffic that should be protected by the VPN tunnel should be routed how?在基于VTI的IPSec VPN中,VPN隧道所保护的流量应当被怎样地路由?
A.Carefully小心地
B.Redundantly冗余地
C.Dynamically动态地
D.Statically静态地
A B C D
D
16. What should be used to provide a virtual gateway for clients at the spoke site?你应当使用以下哪项技术来为分支站点的客户提供虚拟的网关?
A.IPsec
B.DHCP
C.HSRP
D.AAA
E.None of these answers are correct. 以上皆不对
A B C D E
C
17. IPsec shared SAs are enabled with what command?以下哪条命令可以启用IPSec共享SA?
A.tunnel protection ipsec profile shared
B.ipsec dual SA
C.ip split sa
D.crypto ipsec sa redundant
E.None of these answers are correct. 以上皆不对
A B C D E
A
18. Which high-availability scenario provides the highest level of redundancy because it mitigates failures of devices, interfaces, access links, and transport networks? 以下哪种情景提供了最高等级的高可用性,即能够有效规避设备、接口、访问链路和传输网络的故障?
A.Static VTI-based VPN静态的基于VTI的VPN
B.Single DMVPN单个DMVPN
C.Dual DMVPN双重DMVPN
D.Dual ISPs双重ISP
A B C D
C
19. GET VPNs use which feature to provide large-scale transmission protection that uses the existing routing infrastructure? (Select all that apply.) GET VPN凭借以下哪些特性的支持,使得它能够在现有的路由基础设施上提供大规模的传输保护?(选择所有正确答案)
A.Tunnel-free无隧道
B.X.500
C.Connectionless无连接
D.ISAKMP
E.Encrypted加密
A B C D E
AC
20. GET VPNs use a concept of which of the following to provide transmission protection? (Select all that apply.) GET VPN的组件主要包括以下哪些概念?(选择所有正确答案)
A.Certificates证书
B.IPsec
C.Key servers密钥服务器
D.Group members组成员
E.None of these answers are correct. 以上皆不对
A B C D E
CD
21. To implement a GET VPN over the Internet,which type of IP addresses must be used on all networks?为了在Internet上实施GET VPN,所有网络必须使用哪种类型的IP地址?
A.Private私有的
B.Class A A类
C.NAT
D.Routable可路由的
E.None of these answers are correct. 以上皆不对
A B C D E
D
22. GET VPNs maintain which aspect of the data packet? GET VPN保留了数据包的哪项内容?
A.Original IP header原始IP包头
B.Size大小
C.MAC address MAC地址
D.Don't Fragment bit setting DF比特位(不允许分片比特)
E.None of these answers are correct. 以上皆不对
A B C D E
A
23. Which of the following are the two choices of rekeying used by key servers?密钥服务器可以选择以下哪两种方法来进行密钥更新?
A.Unicast单播
B.Symmetric对称更新
C.Asymmetric非对称更新
D.Multicast多播
A B C D
AD
24. Which of the following do you configure to prevent traffic from traversing an untrusted interface unless the group member is registered into a GET VPN?在组成员尚未成功注册到GETVPN时,你可以配置以下哪项来阻止流量在不可信任的接口发送?
A.ACL
B.Policy map
C.Fail-closed policy失效即关闭策略
D.GET VPN key server GET VPN密钥服务器
E.None of these answers are correct. 以上皆不对
A B C D E
C
25. What event might lead to several independent groups of key servers rekeying group members with different session keys?以下哪种情况可能导致本应协同工作的密钥服务器分离为多个独立的组,并使用不同的会话密钥对组成员进行密钥更新?
A.Network split网络分离
B.Route reconvergence路由重收敛
C.Network merge网络合并
D.None of these answers are correct. 以上皆不对
A B C D
A
26. There can be up to how many key servers on a network?同一个GET VPN拓扑中最多能够部署几台密钥服务器?
A.Six 6
B.Seven 7
C.Eight 8
D.Ten 10
A B C D
C
二、填空题
1. A ______ cloud is a collection of routers that are configured with either an mGRE interface or a point-to-point GRE interface (or a combination of the two) and that share the same subnet. ______网云是一个配置了mGRE接口或点到点GRE接口(或两者共存)的路由器集合,这些路由器共享相同的子网。
DMVPN
2. The ______ created on the mGRE interface on the hub must be large enough to accommodate all the spoke routers' GRE interfaces. 在中心路由器的mGRE接口上所使用的______必须足够大,以便容纳所有分支路由器的GRE接口。
子网大小
3. The NHRP network ID must be the same on the NHRP ______ and its NHRP ______. NHRP ______和NHRP ______上的NHRP网络ID必须一致。
服务器 客户端
4. The Cisco DMVPN solution integrates NHRP, ______, and ______. Cisco DMVPN 解决方案整合了NHRP,______和______。
GRE IPsec
5. DMVPN greatly simplifies the configuration requirements on the ______ router. DMVPN极大地简化了在______路由器上的配置需求。
中心
6. NHRP on the hub provides DMVPN spokes with the ability to locate other ______ routers. 中心路由器的NHRP为DMVPN分支提供了定位其他______路由器的能力。
分支
7. ______ populates each spoke's routing table so that each spoke knows about the subnets behind the other spokes. 由于______的运行和参与,使得分支路由器能够学习到位于其他分支内部的子网。
动态路由协议
8. In a hub-and-spoke deployment, all traffic between spokes must flow through the ______. 在中心到分支模型的DMVPN中,从—个分支到另一个分支的流量必须经过______中转。
中心路由器
9. In the case of redundant DMVPNs with multiple GRE tunnels establishing between the same spokes, it is necessary to use ______ for IPsec SAs to establish properly. 在冗余的DMVPN解决方案中,由于分支之间可能建立多条GRE隧道,因此你应当使用______来优化IPSec SA的数量。
共享的IPSec SA
10. The routing protocol detects both device and path failures using its ______. 路由协议使用______同时检测设备和路径的失效。
保活机制
11. You should design the VPN to meet an organization's requirements for availability. The design should provide a level of high availability that is commensurate with the ______ of meeting availability needs. 设计VPN满足企业或机构的可用性需求。这种设计应当在高可用性的等级与满足可用性需求所带来的______之间寻找一种平衡
万销
12. If ______ are needed,you should either deploy a completely redundant network path that is under the control of local administration or use multiple-transport networks(two ISPs)and connect them to either redundant interfaces or redundant VPN devices. 如果要求建立______,那么你可以在本地管理范围之内的传输网络上建立完全冗余的网络路径,或是启用多个传输网络(如两个ISP)并使用冗余接口或冗余VPN设备进行连接。
彻底冗余的路径
13. ______ will automatically detect peer failures and path failures and then automatically reroute around the failure if redundant paths and devices are in place. ______可以自动检测对等体的故障和路径的失效,同时在冗余路径和设备已经就位的情况下,它还能够自动收敛并绕过当前的故障点。
动态路由协议
14. In a VTI-based IPsec VPN topology, an interior routing protocol will see the VTI-based VPN tunnel as a ______ link. 在基于VTI的IPSec VPN拓扑中,动态路由协议把基于VTI的VPN隧道视为______链路。
点到点
15. An interior routing protocol will view a ______ as either point-to-multipoint (for strict hub-and-spoke DMVPNs) or as a broadcast network (partial or full mesh DMVPNs). 动态路由协议将把______看作一个点到多点网络(严格的中心到分支模型的DMVPN)或广播网络(部分互连或全互连模型的DMVPN)。
DMVPN
16. To provide redundancy for a DMVPN topology, it is recommended to create two separate DMVPN networks by using ______ and one or two spoke routers at remote sites. 为了在DMVPN网络中建立冗余性,推荐部署______,并在远程站点上部署一台或两台分支路由器,同时基于这样的硬件设备架构创建两个相互独立的DMVPN拓扑。
两台中心路由器
17. Routing protocols can detect both ______ and ______. 动态路由协议能够同时检测______和______。
路径失效 设备故障
18. Reducing ______ on group members is recommended to reduce the load on the key server. 推荐减少组成员的______,从而降低密钥服务器的资源消耗。
IKE存活时间
19. If the key server fails to get a ______ to a rekey message from the group member after three rekeys, it removes the group member. 如果密钥服务器连续3次没有从组成员那里接收到关于密钥更新消息的______,那么密钥服务器将移除组成员关系。
确认回复
20. By distributing ______ across multiple key servers and controlling the order of the key servers in the configurations, some load balancing can be achieved. 通过在多台密钥服务器上注册数量均等的 ______ ,并在配置中控制密钥服务器的运行次序,从而在一定程度上实现负载均衡。
组成员
21. The ______ defines the encapsulation and cryptographic settings that will be distributed to the group members by the key server as part of the SA. ______定义了封装及加密的策略,并且这些策略将被密钥服务器分发给组成员作为安全关联(SA)的一部分。
IPSec profile
22. GET VPNs use ______ as the group keying mechanism. GET VPN使用______作为组密钥分发机制。
IKE GDOI
23. GET VPNs provide connectionless, tunnel-free encryption that leverages the existing ______ infrastructure. GET VPN利用现有的______基础设施,提供了无连接、无隧道的加密保护。
路由
24. GET VPNs are based on GDOI, which is defined in RFC ______. GETVPN基于定义在RFC______文档中的GDOI协议。
3547
25. GDOI is a standards-based ISAKMP group key management protocol meant to provide secure communication within a ______. GDOI是一个基于标准的Internet安全关联和密钥管理协议(ISAKMP)组密钥管理协议,它能够提供安全的______内通信。
深色:已答题 浅色:未答题