1. The central processing unit of each device is tasked to not do which of these?设备CPU不具备以下哪种功能?
A.Process fast-path data plane traffic处理快路径数据面流量
B.Process control plane traffic处理控制面流量
C.Process management plane traffic处理管理面流量
D.Process slow-path data plane traffic处理慢路径数据面流量
A B C D
A
2. The route processor is divided into which of the following parts?路由处理器可以划分为以下哪几个部分?
A.Distributed switch engine分布式交换引擎
B.Management plane管理面
C.Central switch engine中央交换引擎
D.Control plane控制面
A B C D
CD
3. The purpose of a slow-path denial of service attack is to force packets to be what?慢路径拒绝服务攻击的目的是强制设备对数据包进行以下哪种操作?
A.Distributed switched分布式交换操作
B.Process switched进程交换操作
C.Routed路由操作
D.Switched交换操作
A B C D
B
4. When using Control Plane Policing,the two types of policing types include which of the following?控制面监管包括以下哪两种类型?
A.Distributed control plane services分布式控制面服务
B.Summarized control plane services汇总控制面服务
C.Processed control plane services进程控制面服务
D.Aggregate control plane services聚合控制面服务
A B C D
AD
5. Which of the following traffic is classified as always destined for the control plane?以下哪种流量的目的地总是控制面?
A.Data traffic packets数据流量包
B.Routing protocol control packets路由协议控制包
C.Management protocol packets管理协议包
D.Marked QoS packets标记QoS包
A B C D
BC
6. When using Control Plane Protection,which of the following subinterfacesare notused to further refine control plane security?控制面保护不采用以下哪些子接口来进一步增强控制面的安全?
7. Which of the following features were added with Control Plane Protection?控制面保护具备哪些增强特性?
A.Port filtering端口过滤
B.Queue thresholding队列阈值
C.Protocol filtering协议过滤
D.Port thresholding端口阈值
A B C D
AB
8. Which of the CPPr features provide the ability to early-drop specific packets beforethey get to the process level?哪种CPPr特性允许设备在指定数据包到达进程级之前就将其丢弃?
A.Queue thresholding队列阈值
B.Packet filtering包过滤
C.Protocol filtering协议过滤
D.Port filtering端口过滤
A B C D
D
9. What security mechanism works by creating a hash that is then transmitted to verify authenticity?哪种安全机制使用散列函数验证通信双方的身份?
A.MD4
B.CPPr
C.MD5
D.AES
A B C D
C
10. Which of the following steps is not used by the MQC to create and deploy a trafficpolicy? 使用MQC创建与部署流量策略时,不需要以下哪一步?
A.Creation of a class map创建类型图
B.Application of a class map应用类型图
C.Creation of a policy map创建策略图
D.Application of a policy map应用策略图
A B C D
B
11. Which type of management plane attack type works by creating or taking over amanagement session?哪种管理面攻击通过创建或接管管理会话来实现?
A.Slow-path denial of service慢路径拒绝服务攻击
B.Management session spoofing管理会话欺骗
C.Man-in-the-middle attacks中间人攻击
D.DoS session spoofing DoS会话欺骗
A B C D
B
12. Which of the following type of password is used to secure SSH connections?以下哪种密码用于保护SSH连接的安全?
A.Terminal line远程登录密码
B.Console控制台密码
C.Async异步密码
D.Enable使能密码
A B C D
A
13. Which of the following is the highest level of privilege supported?可以为设备配置的最高权限等级是多少?
A.1
B.16
C.15
D.0
A B C D
C
14. What is the minimum modulus(key size) that must be used to enable SSH version 2? SSH-2支持的最小模数(密钥尺寸)是多少?
A.2048
B.512
C.1024
D.768
A B C D
D
15. Which of the following SNMP components is run directly on the device?以下哪种SNMP组件可以直接在设备上运行?
A.Manager管理器
B.Agent代理
C.MIB管理信息库
D.Supervisor监管器
A B C D
B
16. Which of the following SNMP operations notify the manager of an event without requiringan acknowledgment?通知SNMP管理器发生某个事件后,以下哪种SNMP操作不要求管理器返回确认消息?
A.Get
B.Trap
C.Put
D.Inform
A B C D
B
17. Which of the following authentication mechanisms can be used with SNMP version 3? SNMPv3支持以下哪些认证机制?
A.MD5
B.3DES
C.AES
D.SHA
A B C D
AD
18. Which of the following protocols are supposed by MPP? MPP支持以下哪些协议?
A.CDP
B.Rsync
C.SSH
D.FTP
A B C D
CD
19. Which of the following global services are disabled by the Auto Secure feature?启用Auto Secure后,以下哪些全局服务将被禁用?
A.HTTP server
B.SSH
C.NTP
D.AAA
A B C D
AC
20. Which of the following are valid types of keys when using digitally signed Ciscosoftware?使用数字签名Cisco软件时,以下哪些密钥类型是合法的?
A.Rollover翻转密钥
B.Development开发密钥
C.Global全局密钥
D.Special特殊密钥
A B C D
AD
二、填空题
1. The control plane includes the group of processes that are run at the ______ level and control most high-level control IOS functions. 控制面包括运行在______并控制最高级IOS功能的进程组。
进程级
2. The ______ is responsible for the high-speed routing of packets that typically come from nondistributed interfaces. ______负责对分布式接口收到的数据包进行高速路由。
中央交换引擎
3. ______ control plane services are considered first, and then the conditioned traffic is passed through to ______ control plane services. 应首先考虑使用______控制面服务,再使用______控制面服务。
分布式 聚合
4. Output control plane services are applied after the packet exits the control plane and are only available with ______ control plane services. 输出控制面服务在流量离开控制面后执行,且仅在 ______ 控制面服务中可用。
聚合
5. ______ allows the control plane to be considered like a separate entity with its own in put and output interface. ______将控制面视为一个拥有输入与输出接口的独立实体。
控制面策略
6. With Control Plane Protection, the control plane interface is split into four pieces, a(n) ______ and ______. 控制面保护(CPPr)将控制而接口划分为4类,它们是______与______。
一个聚合接口 3个子接口
7. The ______ receives all control plane IP traffic that is directed at one of the device's interfaces. ______接收所有被引导到设备某个接口的控制面IP流量。
控制面主机子接口
8. The ______ feature enhances Control Plane Protection by providing a mechanism for limiting the number of matched protocol packets allowed at the process level. ______特性在进程级限制特定协议能容纳的未处理数据包,从而增强了控制面保护(CPPr)的功能。
列队阀值
9. ______ works by creating a one-way hash out of a shared secret and sending this hash between source and destination. 在______中,发方根据共享密钥产生一个单向的散列函数,收方采用预配置的共享密钥计算该散列函数,以验证发方身份的真实性。
MD5
10. A ______ is essentially an electronic repository of keys and their respective shared secretand validity schedules. ______是保存密钥及其共享密钥与有效期的一种存储机制。
密钥链
11. The highest available configuration mode is ______, which is used to configure featureoptions for the entire device. 最高级别的命令配置模式是______,该模式用于对整台设备的特性进行配置。
全局配置模式
12. When using the enable secret command, the password is secured using the ______ algorithm. 使用命令enable secret时,密码通过______算法加密。
MD5
13. Role-based CLI access provides the ability to set up as many as ______ CLI views, which are configured to run commands that are configured for different job functions. 基于角色的CLI访问可以配置最多______种CLI视图供不同命令使用。
15
14. The configuration of SSH without the use of labels requires that the ______ and ______ be configured first. 如果不采用密钥对标签配置SSH,则需要首先设置______与______。
主枧名 域名
15. The ______ is a virtual information storage location that contains collections of managedobjects. ______是一种虚拟的信息存储空间,可以将其视为一系列受控对象的集合。
管理信息库(MIB)
16. The ______ and ______ versions of SNMP utilize community name-based security. 在3种SNMP版本中,______与______采用基于团体名的安全机制。
版本1 版本2
17. The ______ SNMP security model supports both authentication and encryption. ______ SNMP安全模型同时支持认证与加密。
authPriv
18. ______ gives you the ability to limit the source of management traffic to a specific interfaceon a device. ______具备限制指定的设备接口接收管理流量的能力。
MPP
19. Cisco recommends that the ______ feature not be used in production environments. Cisco不建议在生产环境中启用______特性。
AutoSecure
20. A ______ threshold is triggered when the CPU utilization exceeds a configured threshold. 当CPU使用率高于某个预设值一段时间后,将触发______阈值。