1.IP packet is marked with Tos field, and DSCP is marked with the first 6 bits of Tos field.
A. Right B. Wrong
Correct answer: a
2. The traditional packet loss strategy adopts [〔Tail-Drop〕], which will lead to TCP global synchronization.
A. Right B. Wrong
Correct answer: a
3. Among the following options, the highlight of agile controller's business arrangement is: [multiple choices]
A. The setting of the three-layer GRE tunnel makes the networking mode and deployment location of business equipment more flexible.
B. Business arrangement through topology visualization is simple in configuration and convenient in management.
C the addition or deletion of service equipment does not change the forwarding route of the existing network or the physical topology of the existing network.
D. analyze and arrange business automatically without manual maintenance.
Correct answer: ABC
4. In the following application scenarios, what does not belong to the guest access management of Qianjie controller is:
A. Customers visit the corporate network for communication, exchange and access, and access corporate public resources or the Internet.
B. Ordinary people access the Internet through the network provided by public institutions.
C. Customers spend money in the enterprise and connect the enterprise network to access the Internet.
D. Company employees go to the branch office on business trip, and connect the branch office network to access the company network.
Correct answer,: d
5. The main function of 5.VIM management module is in 5. NFV includes resource discovery, resource allocation, resource management and _ _ _
A. resource scheduling B. resource monitoring C. resource recovery D. fault handling
Correct answer,: d
6. The main technical schools of SDN advocate that SDN adopts layered open architecture, so what advocates and defines centralized architecture and Openflow is
A.ONF· Yves ·ETSI· Itua
Correct answer: a
7. In order to avoid the phenomenon of TCP global synchronization, the congestion avoidance mechanisms that can be used are: (multiple choices)
A. red B. wred C. vertical tail D. WFQ
Correct answer: AB
8. Which of the following is the command to configure the listening address of the SDN controller?
A.Openflow interception-IP1.1.1.1
B.Sdn controller resource-address1.1.1.1
C. controller-IP1.1.1.1
D.Sdn monitoring-IP1.1.1.1
Correct answer: a
9. Dynamic IP address assigned to the client by 9. DHCP servers usually have a certain lease term, so the description of the lease term is wrong:
A the renewal time of the lease term is 50% of the total lease term. When the Lease Renewal Timer expires, the DHCP client must update the IP address.
B. The rebinding timer accounts for 87.5% of the total lease term.
C. If the "rebinding timer" expires, but the client is still; When it receives a response from the server, it will always send a DHCP request message to the DHCP server that has been assigned an iP address before.
Until the expiration of the total lease term.
D during the lease period, if the Hao client receives the DHCP NAK message, the client will immediately stop using the IP address and return to the initialization state to apply for a new IP address.
Correct answer: C.
10.NFV is usually deployed in which of the following application environments, [multiple choices]
A. data center B. network node C. user access terminal D. client/server
Correct answer: ABC
11.aspf (application specific packet filter) is a kind of packet filtering in the application layer, which checks the application layer protocol information and monitors the application layer protocol status of the connection, and realizes a special security mechanism through the server mapping table. Then it is wrong to say that thousands of ASPF and server mapping tables are closed:
A.ASPF monitors information during communication.
B.ASPF dynamically creates and deletes filtering rules.
C.ASPF can dynamically allow multi-channel protocol data to pass through the Ser Ermak table.
D. Five-tuple server mapping table entries realize functions similar to session tables.
Correct answer,: d
12. Stream mirroring can be divided into local stream mirroring and remote stream mirroring.
A. Right B. Wrong
Correct answer: a
13. Which of the following modules is not a functional component within the NFV framework?
A. WIM VNFM
Correct answer,: d
14. Which of the following options is not included in the role of Agile Controller server?
A. service manager B. service controller C. safety manager D. service inspector
Correct answer,: d
15.MPLS is also called multi-protocol label switching technology. It can be said that the core of MPLS technology is label switching.
A. Right B. Wrong
Correct answer: a
16. As shown in the figure, MPLS LSP is configured in the network, and local LDP session is realized between SWA and SWB, so the following statement is correct:
A. the configuration is correct
B. Mpls lsr-id of two devices cannot be configured the same.
C.MPLS does not need to be enabled globally.
D.MPLS does not need to be enabled on the port.
Correct answer: b
Three elements of the Servermap table of 17. USG series firewall, excluding:
A. destination IP B. destination port number C. protocol number D. source IP
Correct answer,: d
18. Which of the following options belongs to the outbound direction of inter-domain packet filtering?
A. trust → distrust B. distrust → trust C. distrust → quarantine D. trust → local
Correct answer: a
19. The remote alarm notification methods supported by eSight network management include: (multiple choices)
A. E-mail B. Voice C. SMS D. WeChat
Correct answer: AC
20. What common configuration methods does VX LAN support? (multiple choice)
A. configuration through virtualization software B. configuration through SDN controller C. configuration through SNMP protocol D. automatic configuration
Correct answer: AB2 1. According to different requirements, DHCP server supports many types of address allocation policies, excluding:
A. Automatic allocation mode
B. Dynamic allocation model
C. Repeated distribution pattern
D. Manual distribution method
Correct answer: C.
22. The description of the LDP session establishment process is correct: (multiple choices)
A. two lsrs send HELLO messages to each other. HELLO message carries the transmission address, and the party with the larger transmission address initiates the establishment of TCP connection as the active party.
B. If the Hello message does not carry the transmission address, the destination IP address of the Hello message is used to establish a TCP connection, and the party with the larger IP address initiates the establishment of a D-C connection.
C. The active party will send an advertisement message to negotiate relevant parameters for establishing an LDP session, including LDP protocol version, label distribution method, KeePalive holding timer value, maximum PDU length and label space.
D, if the passive party can accept the relevant parameters, sending initialization I, message message and keep-alive message to the active party.
Correct answer: A.D.
23. The interface lP address and virtual lP address of VRRP can be the same.
A. Right B. Wrong
Correct answer: a
24. Man-in-the-middle attacks or IP/MAC spoofing attacks can lead to information leakage and other hazards, which are common in intranets.
In order to prevent man-in-the-middle attack or IP/MAC spoofing attack, the following configuration methods can be adopted:
A. configure trusted/untrusted interfaces.
B limit the maximum number of MAC addresses allowed to learn on the switch interface.
C. turn on the DHCP snooping function and check the CHADDR field in the DHCP request message.
D configure DHCP listening on the switch to link with DAI or IPSG.
Correct answer,: d
25. The description of MAC address spoofing attack is wrong:
A.MAC address spoofing mainly uses the MAC address learning mechanism of the switch.
B. Attackers can implement Mac address spoofing attacks by sending forged source MAC address data frames to the switch.
C.MAC address spoofing attack will cause the switch to learn the wrong mapping relationship between MAC address and ip address.
D.MAC address spoofing attacks will cause the data that the switch wants to send to the correct destination to be sent to the attacker.
Correct answer: C.
26. The command to configure the link between BFD and static default route is:
A.IP routing-static 0.0.0.0.0.0 1 0.0.12.2bfd-session1
B.IP routing-static 0.0.0.0.0.0 1 0.012.2 tracking bfd- session1
C.IP routing-static 0.0.0.0.0.0 1 0.0.12.2 tracking1
D.IP routing-static 0.0.0.0.0.0 1 0.0.12.2 tracking session1
Correct answer: b
27.Intserv model, before sending messages, you need to apply to the network for reserved resources.
A. Right B. Wrong
Correct answer: a
28.NAT technology can realize secure data transmission by encrypting data.
A. Right B. Wrong
Correct answer: b
29. In order to realize all interfaces of equipment, the command to open the linkage function between BFD and OSPF is:
A.bfd enabling
B.bfd full interface enable
C. full interface bfd enabling
D. cancel bfd all- interface disable.
Correct answer: b
30. Single-packet attack means that the attacker controls the zombie host and sends a large number of attack messages to the target network, which leads to the link congestion of the attacked network and the exhaustion of system resources.
A. Right B. Wrong
Correct answer: b
3 1. Among the following options, technologies that do not belong to the overlay VPN model are:
A.GRE B. IPSec VPN C. SSL VPN D. L2TP VPN
Correct answer,: d
32. In the admission control scenario of Agile Controller, the following options are related to the role description of RAD IUS server and client:
A.Agile Controller integrates all functions of RADIUS server and client.
B. Agile controller is used as RADIUS server and user terminal is used as RADIUS client.
C. Authentication equipment (such as 802. 1X switch) serves as a RADIUS server, and the user terminal serves as a RADIUS client.
D. As a RADIUS server, the agile controller authenticates the RADIUS client of the equipment (such as 802. 1X switch).
Correct answer,: d
33. In ESIGTH, what conditions can be used to set alarm shielding rules? (multiple choice)
A. Effective time B. Effective period C. Alarm source D. Alarm
Correct answer: ABCD
34. When hosts and servers in the same security area access each other, NAT is not needed for address translation.
A. Right B. Wrong
Correct answer: b
35. The following description of firewall inter-domain security policy is correct.
A. Match the inter-domain security policies according to the arrangement order, and match the first one first.
B. Inter-domain security policies are matched according to the size of the ID number, and the smaller number takes precedence.
C. the inter-domain security policies are matched according to the size of the ID number, and the one with the larger number is matched first.
D, inter-domain security policies are automatically arranged according to the serial number, and when the arrangement order changes, the serial number also changes.
Correct answer: a
36. The configuration description error for this paragraph is
A. configure GigabitEthernet0/0/ 1 interface as a trust interface.
B. If there is no sub-OPTION 1 information of OPTION82 in the DHCF request message received by Gigabit Ethernet 0/0/ 1 interface, the device will generate OPTION82 and insert it into the message.
C. turning on DHCP snooping configuration can be used to prevent attacks by DHCP server counterfeiters.
D. Opening DHCP listening configuration can be used to prevent ARP spoofing attacks.
Correct answer: b
37. The configuration command to lock NAT address pool is as follows, in which the no-pat parameter means:
Nat address-group 1
Part 0 202.202. 168. 10
Nat mode no-pat
A. No address translation B. Port multiplexing C. No source port translation D. No destination port translation.
Correct answer: C.
38. Among the following options, the business accompanying the description of the agile controller is correct: (multiple choices)
A. When configuring business companion, the administrator should select the appropriate user authentication point and policy enforcement point.
B in business accompanying, you can define user-level security groups. Members in this security group mainly refer to a static network segment or server resource of the network, and their IP needs to be bound to the security group manually.
C. In the process of business accompanying, the access right relationship between one security group (such as users) and another security group (such as servers) is described by a matrix relationship.
D during the business trip, the network experience of some VIP users is ensured by specifying the forwarding priority of the security group to which they belong.
Correct answer: ACD
39. There is a concept of forwarding equivalence class (FEC-forwarding equivalent class) in MPLS, so FEC cannot be allocated based on which of the following standards?
A. fragment migration
B. Destination visit
C. application protocol (application protocol)
D. Service level]
Correct answer: a
40. Rapid detection technology can detect the communication failure with neighboring equipment as early as possible, so that the system can take timely measures to ensure uninterrupted business.
A. Right B. Wrong
Correct answer: A4 1. In the process of establishing an LDP session, it will go through the openSent state. When the openSent state receives an initialization message and then sends a keepAlive message, its state will be migrated to:
A. initialization
B.Openrec
C. operational
D. non-existent
Correct answer: b
42. The VPN configuration on the device is as follows, so the description of the configuration command is correct:
A. this command is configured on the CE device of the customer network.
B.route-distinguisher 1: 1 indicates that the value of RD is1:1,and RD does not have to be globally unique.
C.VPN-target 1: 1 Export Community indicates that the export target of VPN is 1: 1.
D.vpn-target 2:2 importcommunity means that the import target of vpn is 2:2, and only one import target can be set.
Correct answer: C.
43. Among the following options, the description of RT is correct: (multiple choices)
A. Each VPN instance is associated with one or more pairs of VPN target attributes, which are used to control the publishing and receiving of VPN routing information between sites.
B.RT can be divided into two types of VPN target attributes: export target and import target.
C. The settings of export target and import target are independent of each other, and multiple values can be set, which can realize flexible VPN access control.
The value of D. RT is published to neighbors by updating messages in the way of BGP extending community attributes.
Correct answer: ABCD
44.LDF is a protocol specially designed for label distribution. There are many types of messages, among which the messages used to announce and maintain the existence of LSR in the network are:
A. Discover the news
B. Session message
C. advertising messages
D. notification message
Correct answer: a
45. Data collection methods are mainly divided into: (multiple choices)
A. optical splitter physical acquisition B. port mirroring acquisition C. NMS centralized acquisition D. automatic acquisition
Correct answer: ABC
46. In the network shown in the figure below, to realize the remote LAP session between Southwest Aluminum and SWC, the following statement is correct:
A. the configuration in the figure has been realized.
B. You need to configure a direct interface to establish a TCP connection.
C. You need to create a remote peer and then specify the Isr-id of the peer.
D. specify the Isr-id of the peer in the system view.
Correct answer: C.
47. Complex flow classification refers to the classification of messages according to five-tuple [source/destination address, source/destination port number, protocol type] and other information, which is usually applied to the core position of the network.
A. Right B. Wrong
Correct answer: b
48. When two devices with the same priority compete for the master device at the same time, the device with the smaller IP address should be selected as the master device.
A. Right B. Wrong
Correct answer: b
49. The basic workflow of SDN includes the following steps. (multiple choice)
A. topology information collection B. network element resource information collection C. forwarding information collection D. generating internal switching routes
Correct answer: ABD
50. The following statement about packet loss in QoS is wrong:
A. When the router receives the data packet, the CPU may be busy and unable to process the data packet, resulting in packet loss.
B when a packet is scheduled to a queue, it may be lost because the queue is full.
C when the data packet is transmitted on the link, it may be lost due to link failure and other reasons.
D. Packet loss is generally caused by time delay. When the queue is full, tail discarding is generally adopted.
Correct answer,: d
5 1. When Ping the IP address of an interface on the firewall, these messages will be handed over to the internal module of the firewall for processing without being forwarded.
A. Right B. Wrong
Correct answer: a
52. According to IP priority, MPLS EXP or 802. 1P information, messages can be classified into several service types.
A.2 B. 4 C. 6 D. 8
Correct answer,: d
53. In MPLS system, there are two ways to publish labels, namely, [multiple choice].
A. Free mode B. Independent mode C. Conservative mode D. Ordered mode
Correct answer: BD
54. What are the main objectives of network management? [multiple choices]
A. Ensure that network users receive the expected network service quality and technical service information.
B. reduce the cost of mobile devices.
C reduce the service life of network equipment and extend the service cycle.
D. Help network engineers to face complex network data and ensure that the data can be presented to users quickly and comprehensively.
Correct answer: A.D.
55. For IPv4 messages, we can classify simple flows according to what information of the message (multiple choices).
A.DSCP information B. IP priority information C. traffic category information D. 802. 1 P information
Correct answer: AB
56. The following description of the traffic supervision function is correct: (multiple choices)
A. mail cannot be colored.
Second, color the information.
C. cache messages that exceed the traffic limit.
D. unable to cache messages that exceed the traffic limit.
Correct answer: BD
57. In contrast to traffic throttling, traffic shaping introduced queues to buffer traffic that exceeds the limit.
About traffic shaping, the following description is incorrect:
A. Compared with traffic supervision, traffic shaping has better anti-sudden ability.
B traffic shaping can send messages at a relatively uniform speed.
C due to the introduction of queues, when congestion occurs, the message delay increases relatively.
D voice service is more suitable for traffic shaping than traffic supervision.
Correct answer,: d
58. In MPLS VPN networks, when packets enter the public network and are forwarded, they will be encapsulated with two layers of MPLS labels. The description of two layers of labels in the following options is wrong: [Multiple Selection]
A the outer label of A.MPLS VPN is called private label, and the inner label is called public label.
B. The outer label of B.MPLS VPN is assigned by LDP protocol or statically, and the inner label is assigned by the MP-BGP neighbor at the opposite end.
By default, the external label pops up before the packet is forwarded to the last hop device.
D the outer layer label is used to send the data packet to the corresponding VPN on the PE device correctly.
Correct answer: A.D.
59. The description of imprisoned VRRP is wrong:
A. the routers in the A.vrrp group elect the main router according to the priority.
B. The main server notifies its own virtual MAC address to the devices connected to it by sending free ARP messages.
C. If the primary router fails, the backup router in the virtual router will re-elect a new primary router according to the priority.
D. Since the priority range is 1-255, when the priority value in the VRRP notification message received by the backup device is 0, the backup will discard the message without any processing.
Correct answer,: d
60.Qos service model includes: (multiple choice)
A. Best effort service model
B. Integrated services. Models
C. Differentiated service model
D. first-in first-out service model
Correct answer: ABC