Portal authentication is also called Web authentication. Users can authenticate user identities through the Web authentication page. Which of the following descriptions of Porta1 authentication is wrong?
- A . Generally, Portal authentication does not require the installation of specialized client software, so it is mainly used in terminal access scenarios that do not require client software.
- B . Porta1 authentication can authenticate users based on the combination of user name, VLAN, IP address, and MAC address.
- C . When Porta1 authentication is deployed on the network, the authenticated client needs to support the Porta1 protocol.
- D . Before performing Porta1 authentication, the client must obtain an IP address and the IP address must be reachable with the Porta1 server.
In a virtualized campus network scenario deployed through iMaster NCE-Campus, some key parameters need to be configured when configuring the authorization results for access authentication. Which of the following does not include?
- A . Authorized security groups
- B . Authorization result name
- C . Binding site
- D . Bind authentication rules
Which of the following descriptions of BGP/MPLS IP VPN network architecture is wrong?
- A . The P device only needs to have basic MPLS forwarding capabilities and does not maintain VPN related information.
- B . Under normal circumstances, CE devices are not aware of the existence of VPN, and CE devices do not need to support MPLS, MP-BGP, etc.
- C . The BGP/MPLS IP VPN network architecture consists of three parts: CE (Customer Edge), PE (Provider Edge) and P (Provider). PE and P are operator equipment, and CE is BGP/MPLS IP VPN user equipment.
- D . Sites can access each other through VPN, and a site can only belong to one VPN.
Which of the following descriptions about DHCP Snooping is wrong?
- A . If the DHCP Snooping function is enabled in the interface view, all DHCP message command functions under the interface will take effect.
- B . DHCP Snooping can prevent illegal attacks by setting trusted ports
- C . Enable DHCP Snooping globally. Without any post-parameters, the device only processes DHCPv4 messages by default.
- D . If the DHCP Snooping function is enabled in the VLAN view, the command function will take effect on the DHCP messages belonging to the VLAN received by all interfaces of the device.
In different scenarios, RSTP provides different protection functions. Which of the following is wrong?
- A . For a designated port with root protection enabled, its port role can only remain as a designated port.
- B . After enabling the anti-TC-BPDU packet attack function, the number of times the switching device processes IC BPDU packets within a unit time can be configured.
- C . After the BPDU protection function is enabled on the switching device, if the edge port receives RST BPDU, the edge port will be set as a non-edge port and the spanning tree calculation will be re-calculated.
- D . Enable root protection on the designated port. When the port receives a better RST BPDU, the port will enter the Discarding state and no longer forward packets. If the port does not receive a better RST BPDU within a period of time, it will automatically return to the normal Forwarding state.
Regarding the description of Network Address Port Translation (NAPT) and Network Address Only Translation (No-PAT), which of the following statements is correct?
- A . After NAPT conversion, for external network users, all packets will only come from the same IP address.
- B . No-PAT supports protocol address translation at the network layer
- C . NAPT only supports protocol address translation at the network layer
- D . No-PAT only supports protocol port conversion at the transport layer
Regarding the description of configuring the security level of the firewall security zone, which of the following statements is correct?
- A . For the newly created security zone, the system default security level is 1.
- B . The security level can only be set for customized security zones.
- C . In the same system, two security zones are not allowed to configure the same security level.
- D . Security level – once set, no changes are allowed
Regarding the description of MAC address spoofing attack, which of the following statements is correct?
- A . A MAC address spoofing attack will cause the data that the switch intends to send to the correct destination to be sent to the attacker.
- B . An attacker can implement a MAC address spoofing attack by sending forged source Mac address data frames to the switch.
- C . MAC address spoofing attacks mainly utilize the switch’s Mac address learning mechanism.
- D . MAC address spoofing attacks will cause the switch to learn the wrong mapping relationship between Mac addresses and IP addresses.
The default priority of VRRP devices in the backup group is?
- A . 0
- B . 100
- C . 150
- D . 200
The default sending interval of BFD detection packets is?
- A . 1000ms
- B . 10s
- C . 5s
- D . 100ms
What is the default lease period of the DHCP address pool?
- A . 1 month
- B . 1 hour
- C . 1 day
- D . 1 week
In scenarios with dense rooms such as dormitories, hotels, and wards, deploying an AP in each room will cause a large number of packets to be sent to the AC, which can easily cause performance bottlenecks on the AC. In order to cope with this challenge, which networking architecture can be adopted?
- A . FAT AP
- B . Leader AP
- C . Agile distributed AP
- D . AC+FIT AP
SR-MPLS Policy needs to introduce business traffic into the tunnel for forwarding. If there are different business traffic going to the same destination address, in order to better ensure the quality of different services, which of the following traffic diversion methods is best to use?
- A . Drainage based on quintuple
- B . Driving traffic based on End Point
- C . Traffic diversion based on DSCP
- D . Driving traffic based on Color
Which of the following descriptions about the purpose of configuring LSP fragmentation on IS-IS equipment is correct?
- A . Prevent the device from learning IS-IS routing information
- B . Without any practical purpose
- C . Prevent the device from establishing IS-IS neighbors
- D . Allow the device to support more IS-IS routing entries
When troubleshooting MSTP, the network administrator executed the display current-configuration command to obtain the configuration file of the device. Which of the following description of troubleshooting ideas is wrong?
- A . Whether the MSTP port connected to the user terminal device is disabled or configured as an edge port
- B . Check whether the device port is added to the correct VLAN
- C . Regardless of whether BPDU Tunnel is configured on the device, it will not affect STP.
- D . Check the port configuration and confirm whether the protocol packet sending command is enabled on the STP-enabled port, such as bpdu enable
When the network administrator tried to access the internal network device through Telnet, he found that he could not access it. Which of the following reasons is impossible?
- A . The route is unreachable and the client and server cannot establish a TCP connection.
- B . ACL is bound in the VTY user interface
- C . Protocol inbound all is configured in the VTY user interface.
- D . The number of users logged into the device has reached the upper limit.
Which of the following is the meaning of the ipv6 enable topology ipv6 command in IS-IS protocol view?
- A . IPv4 and IPv6 use the same topology for SPF calculation
- B . SPF calculation is performed separately in IPv4 and IPv6 topologies.
- C . SPF calculation for IPv6 routing is not supported
- D . Does not have any meaning
There are many types of token buckets. Which type of token bucket should be used for long-term burst traffic?
- A . Double bucket double speed token bucket
- B . Single bucket double speed token bucket
- C . Single bucket single speed token bucket
- D . Single bucket double speed token bucket
Which of the following options is not the discarding strategy of the cache queue?
- A . Tail discard
- B . WRR
- C . RED
- D . WRED
How many bits are there in the MPLS label field?
- A . 8
- B . 1
- C . 3
- D . 20
There are three different roles in strategic linkage. Which of the following is not a role defined in strategic linkage?
- A . Authentication execution point
- B . Authentication Control Point
- C . Policy execution point
- D . Terminal
A company’s headquarters network and branch network are interconnected through the Internet. If you want to use VPN technology to ensure safe and reliable data transmission between headquarters users and branch users, which of the following VPN technologies is the most suitable?
- A . IPsec VPN
- B . SSL VPN
- C . L2TP VPN
- D . MPLS VPN
In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, when EVPN Type2 is used to advertise host ARP and host IP routes respectively, which option is wrong in the following description?
- A . Both carry L2 VNI
- B . Both carry host IP information
- C . Both carry L3 VNI
- D . Both carry MAC information
In the campus network, in order to facilitate the management of servers, printers, video surveillance and other equipment, which of the following methods is recommended for address allocation?
- A . DHCP dynamically obtains a non-fixed IP address
- B . Use BOOT protocol to dynamically obtain an IP address
- C . Use PPPoE authentication and perform address binding during authorization
- D . DHCP static address allocation based on MAC address
For scenarios where advanced security functions such as UR filtering, IPS, security defense, and AV anti-virus need to be supported, and multi-link uplink needs to be supported, which of the following can be selected for the egress device?
- A . FW
- B . AC
- C . AP
- D . AR
In the scenario of dynamically establishing a VXLAN tunnel through BCP EVPN, when using BGP EVPN Type2 routing for host MAC address advertisement, which of the following descriptions is correct?
- A . It will carry specific L2 VNI and L3 VNI values at the same time.
- B . Will carry specific L3 VNI value
- C . The RT value carried is the Export RT in the IP VPN instance.
- D . The IP Address and IP Address Length fields will not carry specific content.
Which of the following BGP routing attributes cannot control BGP route selection?
- A . Originator ID
- B . MED
- C . AS_Path
- D . Community
Which of the following descriptions of Underlay in VXLAN virtualized campus applications is wrong?
- A . When using IMaster NCE-Camspus to implement automatic orchestration of Underlay network routing domains, only OSPF routing protocol is supported.
- B . The virtualized campus solution uses VXLAN technology and adopts MAC IN UDP encapsulation method to virtualize a layer of logical network on the traditional IP network.
- C . The underlay network implements IP reachability so that VXLAN-encapsulated service packets can be communicated between VTEP nodes.
- D . When using IMaster NCE-Campus to implement automatic orchestration of Underlay network routing domains, only single-area deployment of routing protocols is supported.
In the firewall dual-machine hot standby scenario, when VGMP is working in load sharing mode, in order to avoid the return traffic being discarded because it does not match the session table entry in the scenario where the round-trip paths are inconsistent, what functions do the firewall need to enable?
- A . Session quick backup
- B . Manual batch backup
- C . Automatic backup
- D . Turn on BFD detection
After the interface Sticky MAC function is enabled on the device, what is the number of MAC addresses learned by the interface by default?
- A . 10
- B . 15
- C . 5
- D . 1
According to the information given in the figure, which of the following descriptions of the IPv6 routing information calculated by the R router through ISIS is correct?
- A . R4 has no IS-IS routing entry
- B . R4 has 2 equal-cost IS-IS default routes
- C . R4 has 2 non-equivalent IS-1S default routes
- D . R4 has 1 1S-IS default route
Which of the following descriptions of MPLS label space is wrong?
- A . When the penultimate hop LSR performs label exchange, if it is found that the exchanged label value is 3, the label will be popped up by default and the packet will be sent to the last hop.
- B . 16~1023 is the label space shared by static LSP and static CR-LSP
- C . If the outgoing label value is 0, the router will directly discard the packet.
- D . Above 1024 is the label space shared by dynamic signaling protocols such as LDP, RSVP-TE, MP-BGP and so on.
Part of the configuration of device H is as shown in the figure. Which item is wrong in the following description of this configuration?
- A . Configure GigabitEthernet0/0/1 interface as a trusted interface
- B . Enable DHCP Snooping configuration to prevent ARP spoofing attacks
- C . If the DHCP request message received by the GigabitEthernet0/0/1 interface does not contain the SubOption information of Option82, the device will generate Option82 and insert it into the message.
- D . Enabling DHCP Snooping configuration can be used to prevent DHCP Server bogus attacks.
Which of the following descriptions of BGP/MPLSIPVPN routing interactions is wrong?
- A . PE and CE exchange IPv4 routing information.
- B . The egress PE can send IPv4 routes to the remote CE through BGP, IGP or static routing.
- C . The ingress PE changes the IPv4 routes received from the CE into VPNv4 routes and saves them according to different VPN instances.
- D . After receiving the VPNv4 routes advertised by the ingress PE, the egress PE filters the VPNv4 routes based on the RT attributes carried by the routes.
An interface has the following configuration: isitimerhello5level-2. Which of the following descriptions is correct?
- A . The CSNP packet sending interval for Level-2 on this interface is 5s.
- B . The hello packet sending interval for Level- on this interface is 5s.
- C . The hello packet sending interval for Level -2 of this interface is 5s.
- D . The hello packet sending interval for Level-1 and Level-2 of this interface is both 5s.
In the following MPLSL3VPN cross-domain solution, which one of the VPNv4 routes needs to be transmitted between ASBRs?
- A . Option B
- B . Option D
- C . Option A
- D . Option C
Which of the following NAT64 prefixes does not require manual configuration by the administrator?
- A . 64:FF9B::/32
- B . 64:FF9B::/16
- C . 64:FF9B::/64
- D . 64:FF9B::/96
As shown in the figure, the OSPF protocol is enabled on all interfaces of the router. Which of the following descriptions is correct?
- A . The Type5 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
- B . The Type1 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
- C . The Type2 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/24
- D . The Type3 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
As shown in the figure is the output information of a network engineer when troubleshooting OSPF faults.
Based on this judgment, which of the following reasons may cause the adjacency relationship to fail to be established normally?
- A . Hello message sending intervals are inconsistent
- B . Authentication passwords are inconsistent
- C . The IP address masks of the interfaces are inconsistent
- D . Inconsistent area types
Based on the information given in the figure, which of the following descriptions is correct?
- A . R4 and ee8c. a0c2. baf3 established IPv4 and IPv6 IS-IS neighbors.
- B . R4 does not have any IS-IS neighbors
- C . R4 and ee8c.a0c2.baf3 only established IPv4 IS-IS neighbor
- D . R4 and ee8c a0c2.baf3 have only established IPv6 IS-IS neighbors.
Which of the following descriptions about traffic policing is correct?
- A . Traffic policing will discard traffic that exceeds the limit.
- B . Traffic policing will cache traffic that exceeds the limit.
- C . Traffic policing can only be used in the outbound direction.
- D . Traffic policing can only be used in the inbound direction.
As shown in the figure, if you want to allow only legal users (users who obtain IP addresses through a legal DHCP server or specific static IP users) to access the network in the network, which of the following solutions can be used?
- A . DAI+IPSG
- B . DHCP Snooping+DAI
- C . DAI+Port Security
- D . DHCP Snooping+IPSG
In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, which of the following descriptions about the role of BGP EVPN Type3 routing is wrong?
- A . Type3 routing transmits Layer 2 VNI and VTEP IP address information
- B . When the Type3 routing VTEP IP address is reachable at Layer 3, if the peer VNI is the same as the local end, create a head-end replication table for subsequent BUM packet forwarding.
- C . Type3 routing will carry L3 VNI
- D . If the VTEP IP address carried by the received Type3 route is reachable by Layer 3 routes, a VXLAN tunnel will be established to the opposite end.
Which of the following descriptions of data encryption methods is wrong?
- A . Data encryption methods are divided into symmetric encryption and asymmetric encryption
- B . Asymmetric encryption uses public key encryption and private key decryption
- C . The keys used in the symmetric encryption algorithm must be exchanged via email, otherwise there is a risk of key leakage
- D . Symmetric encryption algorithms use the same key to encrypt and decrypt data.
In Huawei’s SD-WAN solution, the topology orchestration results are delivered to the RR through which of the following methods?
- A . BGP configuration
- B . Flow table
- C . OSPF configuration
- D . SNMP configuration
As shown in the figure, PE1 enables the SR-MPLS function based on OSPF. Based on this, it can be inferred that the label when PE1 forwards the data packet to 10.0.3.3 is?
- A . 24001
- B . 24004
- C . 24003
- D . 3
All routers in a network enable the SR-MPLS function based on OSPF. The SRGB of each router is as shown in the figure. By default, when R3 forwards a packet with the destination address 10.0.4.4, the SRGB carried is as shown in the figure. It shows that by default, when R3 forwards a packet with the destination address 10.0.4.4, which of the following MPLS labels is carried?
- A . 50100
- B . 40100
- C . 100
- D . 3
When the client calls iMaster NCE Campus RESTful When using the API, if the server returns status code 401, which of the following descriptions is correct?
- A . The requested resource does not exist
- B . Unauthorized
- C . No access allowed
- D . Service is unavailable
During the HTTP communication process, the client only sends a request for each HTTP connection. Once the server response data is sent, the connection will be released.
To solve this problem, which header field extension can be used to maintain the HTTP session without immediately disconnecting?
- A . Cookies
- B . Session
- C . Connection
- D . Set-Cookie
Which of the following descriptions about labels is wrong?
- A . The LSP established by statically assigning labels can also be dynamically adjusted according to network topology changes without administrator intervention.
- B . The principle to be followed when manually assigning labels is that the value of the outgoing label of the upstream node is the value of the incoming label of the downstream node.
- C . LSP is divided into two types: static LSP and dynamic LS: Static LP is manually configured by the administrator, and dynamic LSP is dynamically established using label protocol.
- D . Dynamic SP is dynamically established through label publishing protocols, such as MP-BGP, RSVP-TE, and LDP