QUESTION N 245
As the figure shows, RTR A is a Cisco router that is connected to a non-Cisco router. The two routers are
unable to ping each other. When a show interface serial 0/0 is permitted on RTR A, the line status shows
the following:
RTR A#show interface s0/0
serial 0/0 is up, line protocol is down
What could be the cause of the line protocol showing down?
A. The IP addresses are not in the same subnet.
B. The IP address is a non routable private address.
C. There is a bad cable connecting the two routers.
D. The encapsulation type on RTR A Serial0/0 interface is incorrect.
Answer:D

重点稍微放在拖拽题目上：具体题目为：
12题：关于队列的介绍
22题：关于ISND BRI的参考点和设备
70题：WAN的协议介绍！（PPP。SLIP。FRMAE RELAY等）
133题：还是关于队列的介绍
137题：关于IPSEC VPN的术语
172题：关于ISDN的几个命令
186题：关于T1/E1 PRI模块灯颜色的意义

实验：
37题目，（MODEM的AT配置）
97题目，（也是MODEM的AT配置）
131题目，（配置NAT）
185题目（帧中继的配置实验）

正确的配置：1个是关于MODEM的配置一个是关于帧中继的配置：

enable
config t
int s0/1
physical-layer async
no shut
exit
line 2
login
password cisco
flowcontrol hardware
speed 33600
stopbits 1
transport input all
modem inout
exit
int loopback 1
ip address 192.168.1.1 255.255.255.255
exit
ip host modem 2002 192.168.1.1
exit
copy run start
telnet 192.168.1.1 2002
at

enable
config t
int s0/0
no ip address
encapsulation frame-relay
no shut
int s0/0.100 point-to-point
ip address 192.116.1.1 255.255.255.252
frame-relay interface-dlci 100
exit
exit
int s0/0
int s0/0.200 point-to-point
ip address 192.168.1.5 255.255.255.252
frame-relay interface-dlci 200
exit
exit
ip route 10.10.142.0 255.255.255.0 192.168.1.2
ip route 10.10.143.0 255.255.255.0 192.168.1.6
exit
copy run start
show frame-relay pvc
show frame-relay map
ping 10.10.142.1
ping 10.10.143.1

里面的密码和ip地址大家视实际情况改变

还有一些自己当时注意到的题目：（带解释）

QUESTION NO: 13
You are a technician at TestKing.com. Your newly appointed TestKing trainee wants to know what the
circumstances are where the use of Kerberos authentication system would be necessary because
TACACS+ or RADIUS will not be suitable.
What would your reply be?
A. The usage of various router functions needs to be accounted for by user name.
B. Multiple level of authorization need to be applied to various router commands.
C. DES encrypted authentication is required.
D. Authentication, authorization and accounting need to use a single database.
E. The utilization of authentication functions needs to be authorized by user names and passwords.
Answer: C
Cisco IOS路由器支持三种安全协议:TACACS+,RUDIUS,Kerberos.

ACS+,RUDIUS支持3A--------Authentication, authorization and accounting!而Kerberos使用DES(数据加密标准),只支持Authentication!所
以用得不太多,TACACS+是cisco专有,用得也不多,RUDIUS是IETF制定的标准,用得比较多!

QUESTION NO: 21
The Frame Relay connection type is the interconnection process between which types of equipment?
(Choose all that apply.)
A. DCE
B. DTE
C. CPE
D. PDN
E. DSLAM
Answer: A, C（争议题目，BC？但是个人认为应该是AC）
帧中继定义的客户端设备——Customer Premises Equipment ,CPE——也被称为数据终端设备DTE！意思也就是说DTE在帧中继里叫CPE.
帧中继并不定义数据在服务提供商的帧中继网络云图中被传输的方式，它只定义CPE和服务提供商的本地接入交换设备DCE之间的互连过程！

QUESTION NO: 26
Which of the following statements regarding Frame Relay subinterface configurations are true? (Choose
all that apply.)
A. The configuration must be added to the D channel.
B. The physical interface and subinterface can each be configured with IP addresses.
C. Subinterface is configured either multipoint or point-to-point.
D. Any IP address must be removed from the subinterface.
Answer: B, C（错题目，B不对，帧中继如果有子接口就不应该在物理接口上配置IP地址，有冲突）
这里我对B选择项目的英文理解有错误。B是说各自都可以配置。晕死~~呵呵~BC OK啦~

QUESTION NO: 30
You are a network technician at TestKing. Your newly appointed TestKing trainee wants to know what
physical factors will have a negative affect on the maximum available speed of a DSL connection.
What would your reply be? (Choose all that apply.)
A. Number of telephones attached to the local loop.
B. Gauge of wire used on the local loop.
C. Distance between the CPE and the DSLAM.
D. Bridge taps in the local loop.
E. Loading coils in the subscriber’s line.
Answer: B, C（这个题目要注意，其实A也应该算是对的，在本地如果连了分机或者更多的电话会是DSL的速度变慢）
这个题目始终是个密~不过考试的时候还是要选择BC。哎~真是不服气啊~

QUESTION NO: 66
With regard to the Multilink PPP protocol, which of the following statements are true? (Choose all that
apply.)
A. MLP can identify bundles only through the authenticated name.
B. MLP can be applied to any link type utilizing PPP encapsulation.
C. MLP is a negotiated option only during the LCP phase of PPP.
D. For MLP to bind links, configuring AAA authentication is a required.
Answer: A, B（？？？）
“只要所用的协议支持多链路捆绑，就可以实施，与介质无关！”这是也前培训时一个9xxx的IE说的，而这里用的是utilizing PPP  encapsulation，而PPP是支持MLP的！

当LCP协商完成后，远程的目的地必须经过认证，并且必须有用远程系统名配置的一个拨号映射！认证的用户名会被用来决定将该链路加入到哪
个bundle中！

QUESTION NO: 76
You are the network administrator at TestKing.com. You need to configure a T1 controller for ISDN PRI
operation. Which T1 controller command would you use?
A. linecode
B. framing
C. pri-group
D. isdn switch-type
E. barcode
Answer: D（正确答案就是C吧。奇怪~）
这个题目就没啥说的啦~只有配置交换类型这句是必须的，其他都是任选的~可以做实验看看~

QUESTION NO: 88
Which one of the following interface configuration combinations will result in inverse ARP to resolve
addresses in a Frame Relay hub and spoke topology?
A. Main interface at the hub router.
Point-to-point subinterface at the spoke routers.
B. Point-to-point subinterface at the hub router.
Multipoint subinterface at the spoke routers.
C. Point-to-point subinterface at the hub router.
Main interface at the spoke routers.
D. Multipoint subinterface at the hub router.
Point-to-point subinterface at the spoke routers.
Answer: BD（但是有人说选择AB？。这个题目真的是一点都不明白啦！。
问的是要实现IN ARP来学习地址。那么谁可以告诉我什么时候它不能用来学习地址啊？）
搞定~在这种环境里：中心的ROUTER如果采用一个物理接口或者采用多点子接口都会产生水平分割带来的幅面作用（为啥？自己想吧。）
而SPOKE的环境里的ROUTER呢，其实用什么都没关系。~不过要注意，如果要用一个物理借口到没啥，如果用子接口的话，
如果要动态学习DLCI的影射关系的话必要要人位指定他的DLCI号~所以这里BC比较爽~

QUESTION NO: 99
You are a technician at TestKing. Your newly appointed TestKing trainee wants to know what services
AH and ESP provides
What would your reply be?
A. Data origin authentication, confidentiality, and anti-replay service
B. Confidentiality, data integrity, and anti-replay service
C. Data integrity, data origin authentication, and anti-replay service
D. Confidentiality, data integrity, and data origin authentication
E. Confidentiality, data integrity and authorization.
Answer: C
IPsec是一组用于确保网络层数据安全的协议和算法.它由两种协议和两种保护模式组成,这两个协议一个是AH,一个是ESP,

ESP提供了:保密性-----Confidentiality,无连接完整性------data integrity,数据来源验证-------data origin authentication,防重发服
务---------anti-replay service;

而AH只提供了:无连接完整性------data integrity,数据来源验证-------data origin authentication,防重发服务---------anti-replay 
service;
但是我始终想不明白为什么这个题目选择C。难道题目问的是AH和ESP两个协议共有的特点么？
哎~总觉得这个题目应该是多选择。CD~（难道我英语这里还是理解不透彻？）

QUESTION NO: 125
You are a technician at TestKing. Your newly appointed TestKing trainee wants to know more about
WRED.
What would your reply be?
A. It is effective on UDP packets and will not allow tail drops.
B. It is effective on UDP packets and will allow tail drops.
C. It is effective on TCP packets and will not allow tail drops.
D. It is effective on TCP packets and will allow tail drops.
Answer: D(应该选择D吧。有人说是C。我就奇怪的！！）
这个题有些人说要选择C其实那是错的。WRED的功能在TCP下，由于拥塞而丢弃包，将导致重传，多台TCP主机将降低其传输速度，使得更加拥塞
！WRED采取随机丢弃，而不单纯的只是尾部丢弃。WRED在接口上的每个队列保持两个阀值，如果队列水平低于最小阀值，则不丢任何包，当在
最小阀值和最大阀值之间时，WRED可以用与队列水平相称的速率随机地丢包，当队列水平超过了最大阀值，则所有新到的数据包将会被丢弃，
也就是尾部丢弃！

QUESTION NO: 128
You are a network technician at TestKing. TestKing makes use of a VNP which has users dial in from
remote locations to an Internet service provider (ISP). The ISP-owned devices then establish a secure
tunnel to the TestKing network. Your newly appointed TestKing trainee wants to know what type of
VPN this is.
What would your reply be?
A. An intranet VPN
B. An extranet VPN
C. A client initiated VPN
D. A Network Access Server initiated VPN
Answer: D（就题目给的这点东西能知道VPN是这种类型的么？）
VPN分两大类:远程接入VPN和场点到场点VPN.

远程接入VPN:    安全地将远程用户连接到企业网络.

场点到场点VPN:   安全将企业或者公司分部分连接到企业网络.

远程接入VPN又分为两类:

客户发起的:远程用户通过使用客户端软件通过ISP共享网络建立的一条到企业网络的安全隧道.

网络接入服务器(NAS)发起的:远程用户拨入ISP,.NAS建立一条到企业私有网络的安全隧道,该隧道支持多个远程用户发起的会话,.

注意题目的词：The ISP-owned devices。

两端都是自己的设备,就选C.

场点到场点VPN又分外An intranet VPN和An extranet VPN.

An intranet VPN主要是指所连的场点都是公司内部的办事处,分支等,是同一个公司的机构.

而An extranet VPN是指连接客户,供应商,合作伙伴等.

QUESTION NO: 138
You are a trainee technician at TestKing. Your instructor asks to name the dial feature that provides
reliable connectivity, but does not rely on traffic defined as interesting to trigger outgoing calls to a
remote router, and is triggered by a lost route.
What would your reply be?
A. floating static routes.
B. dialer backup.
C. dialer watch.
D. static routes.
E. dialer route.
Answer: E（这个词儿还不是很了解！。通过丢失一个陆游而触发拨号么？）
理解DIALER ROUTE的意义
对于DDR备份技术共有5种，分别如下：

1.拨号备份，就是书上说的那种，在主连路的接口下用backup interface命令。

2.浮动静态路由，书上也有说，这一备用路由也是有DDR接口所提供的。

3.按需电路，demain cricult。对这个技术不是很清楚。

4.Sanpshot，快照，tk上也多次提到这个，详细看tk解释

5.Dialer watch：监控路由表信息，当没有了就拨号，采用备份链路。
而题目要求的是问不要配置感性区流量的~
所以就是E喽~

QUESTION NO: 161
on a serial interface?
A. show interface
B. show frame-relay pvc
C. show frame-relay map
D. show frame-relay status
E. show frame-relay interface
Answer: B(有人说选择A。谁可以给个正确的答案啊。我觉得B对着的呀）
还是觉得B比较好~

QUESTION NO: 166
Which three statements are true regarding reachability issues in a multipoint Frame Relay
configuration? (Choose three)
A. Split horizon can cause problems in NBMA environments.
B. Subinterfaces can resolve split horizon issues.
C. Subinterfaces do not apply in Frame Relay networks.
D. Split horizon is an issue with point-to-point subinterfaces.
E. Split horizon is not an issue with multipoint subinterfaces.
F. A single physical interface simulates multiple logical interfaces.
Answer: B, E, F（正确答案应该是ABF吧）在多点子接口的情况里水平分割是会引起问题的呀~~
确定答案是ABF啦。E简直就是湖说。在多点子接口的时候水平分割能引起陆游的问题~

QUESTION NO: 178
What is the purpose of CSU/DSU in a leased T1 WAN configuration?
A. It provides encryption and compression for the security of transmitted data.
B. It multiplexes individual 64K channels into a single circuit.
C. It channelizes the leased T1 line into multiple 65K circuits.
D. It provides signal timing for communications and interfaces to the digital transmission facility.
E. It converts the analog T1 signals into digital signals for the router interface.
Answer: B（CSU/DSU的目的是？？能有些资料就好了！难道就是为了使链路多元化到多个64K的CHANNELS？）
CSU连接到服务提供商网络，而DSU连接到网络设备的串行接口。CSU/DSU有时是两台独立的设备，用于对诸如路由器等数据终端设备（DTE）的
介质格式进行转换，使之与ISP的设备就介质格式匹配。CSU/DUS也提供时钟，确保设备之间能够同步。C错在digital transmission。

一个T1=.544Mb/s，而一个数字信号级别DS0=64Kb/s，也就是一个channel，所以需要24个multiplexes individual 64K channels ！

QUESTION NO: 189
Which two commands assign multiple ISDN BRI interfaces to a single hunt group? (Choose two)
A. dialer-group
B. multilink ppp
C. interface dialer
D. dialer hunt-group
E. dialer rotary-group
Answer: B, E（到底是选择CE好点呢还是...?不知道E的意思，感觉只选择B)指定多个ISDN BRI接口为一个单一的组~不是PPP多链路么？）
CE正确。~

QUESTION NO: 216
Which three phrases are correct about IPSec IKE Phase 2? (Choose three)
A. determine the key distribution method
B. negotiate ISAKMP policies for peers
C. select IPSec algorithms and parameters for optimal security and performance
D. identify IPSec peer details
E. select manual or IKE-initiated SAs
F. determine the authentication method
Answer: B, C, E（记忆。IKE的第2阶段任务~不过有人说应该是CDE？？？）
在phase 1,有4种:

1.选择密钥的分发方法.

2.选择验证方法.

3.确定IPsce对等体的IP地址和主机名.

4.确定对等体的ISAMKP的policy.

在phase 2,有5种:

1.选择IPsec的算法和参数也获得最佳的安全性和性能;

2.选择变化集.

3.确定IP对等题的细节.

4.选择SA的建立方式.

5.确定要保护的数据流.

所以选择C.D.E.