Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                

Exam H12-222 - V2.5-ENU: The Safer, Easier Way To Help You Pass Any IT Exams

Download as pdf or txt
Download as pdf or txt
You are on page 1of 91

The safer , easier way to help you pass any IT exams.

Exam : H12-222_V2.5-ENU

Title : HCIP-Routing &


Switching-IENP V2.5

Version : V8.02

1 / 91
The safer , easier way to help you pass any IT exams.

1.In the IP message, the Tos field is used to mark the Qos, and the first 6 bits are used to mark the DSCP
in the Tos field.
A. True
B. False
Answer: A

2. The traditional packet loss strategy adopts the tail-drop method, which will cause the TCP global
synchronization phenomenon.
A. True
B. False
Answer: A

3. Among the following options, the highlight of the service orchestration of the Agile controller is: (Multiple
Choice)
A. Based on the three-layer GRE tunnel arrangement, the networking mode and deployment location of
business equipment are more flexible.
B. Perform business orchestration through topology visualization, with simple configuration and
convenient management.
C. The addition and deletion of service equipment does not change the forwarding route of the existing
network, and does not change the physical topology of the existing network.
D. No manual maintenance is required, and the business is analyzed and arranged automatically.
Answer: ABC

4. Among the following application scenarios, the one that does not belong to the guest access
management of the Agile controller is:
A. Customer communication, exchanges, visits, etc. access the corporate network and access corporate
public resources or the Internet.
B. Ordinary people access the Internet through the network provided by public institutions.
C. Customers consume in the enterprise and connect to the enterprise network to access the Internet.
D. Company employees travel to the branch office and connect to the branch office network to access the
company network
Answer: D

5. The main functions of the VIM management module in NFV include resource discovery, resource
allocation, resource management and _______.
A. Resource scheduling
B. Resource monitoring
C. Resource recovery
D. Troubleshooting
Answer: D

6. The main technical genres of SDN advocate that SDN adopts a layered open architecture, so what is
used to advocate, define a centralized architecture and Openflow?
A. ONF

2 / 91
The safer , easier way to help you pass any IT exams.

B. IEIF
C. ETSI
D. ITUa
Answer: A

7. In order to avoid the TCP global synchronization phenomenon, the congestion avoidance mechanisms
that can be used are: (Multiple Choice)
A. RED
B. WRED
C. Tail-Drop
D. WFQ
Answer: AB

8. Which of the following is the command to configure the listening address of the SDN controller?
A. Openflow Listening-ip 1.1.1.1
B. Sdn controller souce-address 1.1.1.1
C. controller-ip 1.1.1.1
D. Sdn Listening-ip 1.1.1.1
Answer: A

9. The dynamic IP address assigned by the DHCP server to the client usually has a certain lease period,
so regarding the description of the lease period, which of the following is wrong?
A. The lease renewal timer is 50% of the total lease. When the "lease renewal timer" expires, the DHCP
client must update the IP address.
B. The rebinding timer is 87.5% of the total lease period.
C. If the "rebinding timer" expires, but the client is still there; after receiving a response from the server, it
will continue to send DHCP REQUEST messages to the DHCP server that has previously assigned an IP
address until the total lease expires
D. During the lease period, if the client receives a DHCP NAK message, the client will immediately stop
using this IP address, return to the initialization state, and apply for a new IP address again.
Answer: C

10. NFV is often deployed in which of the following application environments? (Multiple Choice)
A. Data Center
B. Network node
C. User access side
D. Client/Server
Answer: ABC

11. ASPF (Application Specific Packet Filter) is a packet filter based on the application layer. It checks the
application layer protocol information and monitors the connected application layer protocol status, and
implements a special security mechanism through the Server MAP table.
Regarding the statement about ASPF and Server map table, which of the following is wrong?
A. ASPF monitors the messages in the communication process.

3 / 91
The safer , easier way to help you pass any IT exams.

B. ASPF dynamically creates and deletes filtering rules.


C. ASPF uses Ser; ermak table to dynamically allow multi-channel protocol data to pass.
D. The five-tuple Server map table entry implements a function similar to the session table.
Answer: D

12. Stream mirroring is divided into two modes: local stream mirroring and remote stream mirroring.
A. True
B. False
Answer: A

13. Which of the following modules is not a functional component within the NFV framework?
A. VIM
B. VNF
C. VNFM
D. OSS
Answer: D

14. The role of the Agile Controller server does not include which of the following options?
A. Business Manager
B. Business Controller
C. Security Posture Manager
D. Business Inspector
Answer: D

15. MPLS, also known as multi-protocol label switching technology, it can be said that the core of MPLS
technology is label switching.
A. True
B. False
Answer: A

16. As shown in the figure, if MPLS LSP is configured in the network and a local LDP session is
implemented between SWA and SWB, which of the following statement is correct?

4 / 91
The safer , easier way to help you pass any IT exams.

A. The configuration is correct


B. The Mpls lsr-id of two devices cannot be configured to be the same
C. No need to enable MPLS globally
D. No need to enable MPLS on the port
Answer: B

17. The three elements of the Servermap table of the USG series firewalls do not include:
A. Destination IP
B. Destination port number
C. Agreement number
D. Source IP
Answer: D

18. In inter-domain packet filtering, which of the following options belongs to the outbound direction?
A. Trust → untrust
B. Untrust→trust
C. Untrust→dmz
D. trust→local
Answer: A

19. The remote alarm notification methods supported by Esight network management include: (Multiple
Choice)
A. Mail
B. Voice
C. SMS
D. WeChat
Answer: AC

20. Which common configuration methods does VXLAN support? (Multiple Choice)

5 / 91
The safer , easier way to help you pass any IT exams.

A. Configuration via virtualization software


B. Configure via SDN controller
C. Configure via SNMP protocol
D. Automatic configuration
Answer: AB

21. In response to different needs, the DHCP server supports multiple types of address allocation
strategies, not including:
A. Automatic allocation method
B. Dynamic allocation method
C. Duplicate allocation method
D. Manual allocation method
Answer: C

22. Regarding the description of the LDP Session establishment process, which of the following is correct?
(Multiple Choice)
A. Two LSRs send HELLO messages to each other. The HELLO message carries the transmission
address, and the party with the larger transmission address acts as the active party to initiate the
establishment of a TCP connection.
B. If the Hello Message does not carry the Transport Address, the destination IP address of the Hello
Message is used to establish a TCP connection, and the party with the larger IP address is the active
party to initiate the establishment of the TCP connection.
C. The proactive party will send an Advertisement Message to negotiate the relevant parameters for
establishing an LDP session, including the LDP protocol version and label distribution method. KeePalive
maintains the timer value, maximum PDU length, and label space.
D. If the passive party can accept the relevant parameters, it will send Initialization I, message, and at the
same time send a keepalive message to the active party.
Answer: AD

23. The interface IP address and virtual IP address of VRRP can be the same.
A. True
B. False
Answer: A

24. Man-in-the-middle attacks or IP/MAC spoofing attacks can cause information leakage and other
hazards, and they are more common in intranets.
In order to prevent man-in-the-middle attacks or IP/MAC spoofing attacks, the configuration methods that
can be taken are:
A. Configure Trusted/Untrusted interface.
B. Limit the maximum number of MAC addresses that can be learned on the switch interface.
C. Enable DHCP snooping to check the function of CHADDR field in the DHCP REQUEST message.
D. Configure the linkage between DHCP snooping and DAI or IPSG on the switch.
Answer: D

6 / 91
The safer , easier way to help you pass any IT exams.

25. Regarding the description of the MAC address spoofing attack, which of the following is wrong?
A. MAC address spoofing attack mainly uses the MAC address learning mechanism of the switch.
B. The attacker can implement MAC address spoofing attacks by sending a forged source Mac address
data frame to the switch.
C. MAC address spoofing attacks will cause the switch to learn the wrong mapping relationship between
MAC address and IP address.
D. MAC address spoofing attacks will cause the switch to send data to the correct destination instead of
the attacker.
Answer: C

26. The command to configure the linkage between BFD and static default route is:
A. IP route-static 0.0.0.0.0.0.0.0 10.0.12.2 bfd-session 1
B. IP route-static 0.0.0.0.0.0.0.0 10.0.12.2 track bfd-session 1
C. IP route-static 0.0.0.0.0.0.0.0 10.0.12.2 track 1
D. IP route-static 0.0.0.0.0.0.0.0 10.0.12.2 track session1
Answer: B

27. Intserv model, before the application sends a message, needs to apply to the network to reserve
resources.
A. True
B. False
Answer: A

28. NAT technology can realize data secure transmission by encrypting data.
A. True
B. False
Answer: B

29. To realize all interfaces of the device, the command to enable the linkage function between BFD and
OSPF is:
A. bfd enable
B. bfd all-interface enable
C. all-interface bfd enable
D. undo bfdall-interface disable
Answer: B

30. Single-packet attack means that an attacker controls a zombie host and sends a large number of
attack messages to the target network, causing the congestion of the attacked network link and
exhaustion of system resources.
A. True
B. False
Answer: B

31. Among the following options, the technologies that do not belong to the OVERLAY VPN model are:

7 / 91
The safer , easier way to help you pass any IT exams.

A. GRE
B. IPSec VPN
C. SSL VPN
D. L2TP VPN
Answer: D

32. In the admission control scenario of the Agile Controller, which of the following options about the roles
of the RAD IUS server and client is correct?
A. The Agile Controller integrates all the functions of the RADIUS server and client.
B. The Agile Controller acts as a RADIUS server, and the user terminal acts as a RADIUS client.
C. The authentication device (such as an 802.1X switch) acts as a RADIUS server, and the user terminal
acts as a RADIUS client.
D. The Agile Controller acts as a RADIUS server and an authentication device (such as an 802.1X switch)
as a RADIUS client.
Answer: D

33. In ESIGTH, what conditions can be used to set alarm shielding rules? (Multiple Choice)
A. Effective time
B. Effective period
C. Alarm source
D. Alarm
Answer: ABCD

34. When the host and server in the same security zone communicate with each other, it is not necessary
to use NAT for address translation.
A. True
B. False
Answer: B

35. Regarding the following description of the firewall's inter-domain security strategy, which of the
following is correct?
A. The inter-domain security policy is matched according to the order of arrangement, and the first one is
matched first
B. The inter-domain security policy is matched according to the size of the ID number, and the smaller
number is matched first.
C. The inter-domain security policy is matched according to the size of the ID number, and the larger
number is matched first.
D. The inter-domain security policy is automatically arranged according to the size of the serial number.
When the arrangement order is changed, the number also changes.
Answer: A

36. Regarding the configuration description, which of the following is wrong?


A. Configure GigabitEthernet0/0/1 as a trusted interface.
B. If there is no SUBOPTION1 information of OPTION82 in the DHCF request message received by the

8 / 91
The safer , easier way to help you pass any IT exams.

GigabitEthernet0/0/1 interface, the device will generate OPTION82 and insert it into the message
C. Enabling the DHCP Snooping configuration can be used to prevent the DHCP server counterfeiters
from attacking.
D. Enabling the DHCP Snooping configuration can be used to prevent ARP spoofing attacks
Answer: B

37. The configuration command of the NAT address pool is as follows, the meaning of the no-pat
parameter is: nat address-group 1 section 0 202.202.168.10 202.202 168.20 nat-mode no-pat
A. No address translation
B. Perform port multiplexing
C. Do not convert the source port
D. Do not convert the destination port
Answer: C

38. Regarding the description about business accompanying of Agile Controller, which of the following is
correct? (Multiple Choice)
A. The administrator should select the appropriate user authentication point and policy enforcement point
when configuring the business accompanying.
B. In business accompanying, you can define user-class security groups. The members of this part of the
security group mainly refer to a static network segment or server resource of the network. Their IP needs
to be manually bound to the security group.
C. In business accompanying, a matrix relationship is used to describe the access authority relationship
from one security group (such as a user) to another security group (such as a server).
D. In business accompanying, by specifying the forwarding priority of the security group to which certain
VIP users belong, the network experience of these people is guaranteed.
Answer: ACD

39. MPLS has the concept of forwarding equivalence class (FEC-Forwarding Equivalence Class), so FEC
cannot be allocated based on which of the following standards?
A. Fragment offset
B. Destination Access
C. Application Protocol
D. Class of Service
Answer: A

40. Rapid detection technology can detect communication failures with neighboring equipment as early as
possible, so that the system can take measures in time to ensure uninterrupted business.
A. True
B. False
Answer: A

41. During the establishment of the LDP session, the openSent state will be experienced. When the
openSent state receives the Initialization message and then sends the keepAlive Message, its state will
migrate to:

9 / 91
The safer , easier way to help you pass any IT exams.

A. Initialization
B. Openrec
C. operational
D. Non-existent
Answer: B

42. The VPN configuration on a certain device is as follows, which of the following description about the
configuration command is correct?
A. This command is configured on the CE device of the customer network.
B. Route-Distinguisher 1:1 indicates that the value of RD is 1:1, and RD does not have to be globally
unique
C. vpn-target 1:1 exportcommunity indicates that the export target of the VPN is 1:1
D. vpn-target 2:2 importcommunity indicates that the import target of VPN is 2:2, and only one import
target can be set.
Answer: C

43. Which of the following options is correct about the description of RT? (Multiple Choice)
A. Each VPN instance is associated with one or more pairs of VPN target attributes to control the
publishing and receiving of VPN routing information between sites.
B. RT can be divided into two types of VPN target attributes: export target and impor target
C. The settings of export target and impor target are independent of each other, and multiple values can
be set to achieve flexible VPN access control.
D. The RT value is advertised to neighbors through Update messages in the form of BGP extended
community attributes.
Answer: ABCD

44. LDF is a protocol specially formulated for label distribution. There are many types of messages.
Among them, the messages used to announce and maintain the existence of an LSR in the network are:
A. Discovery message
B. Session message
C. Advertisement message
D. notifcation message
Answer: A

45. The methods of data collection are mainly divided into: (Multiple Choice)
A. Spectroscope physical collection
B. Collect through port mirroring
C. NMS centralized collection
D. Automatic collection
Answer: ABC

46. In the network shown in the following figure, if you want to realize the remote LAP session between
SWA and SWC, which of the following statement is correct?

10 / 91
The safer , easier way to help you pass any IT exams.

A. The configuration in the figure can be achieved


B. Need to configure the direct connection port to establish a TCP connection
C. Need to create a remote peer, and then specify the Isr-id of the peer
D. Specify the Isr-id of the peer in the system view
Answer: C

47. Complex flow classification refers to the classification of messages based on information such as
quintuples (source/destination address, source/destination port number, protocol type), etc., and is
usually applied at the core of the network.
A. True
B. False
Answer: B

48. When two devices with the same priority compete for the role of Master at the same time, the device
with the interface with the smaller IP address should be selected as the Master device.
A. True
B. False
Answer: B

49. Which of the following steps are included in the basic working process of SDN? (Multiple Choice)
A. Topological information collection
B. Network element resource information collection
C. One forwarding information collection
D. Generate internal switching routes
Answer: ABD

50. Regarding the following statements about packet loss in QoS, which is wrong?
A. When the router receives a data packet, it may be unable to process the data packet because the CPU
is busy, resulting in packet loss.
B. When data packets are scheduled to the queue, packet loss may occur because the queue is full.
C. When data packets are transmitted on the link, they may be lost due to link failures and other reasons.
D. Packet loss is generally caused by delay. When the queue is full, tail drop is generally used to drop

11 / 91
The safer , easier way to help you pass any IT exams.

packets.
Answer: D

51. When pinging the IP address of a certain interface of the firewall on the firewall, these messages will
be handed over to the internal module of the firewall for processing and will not be forwarded.
A. True
B. False
Answer: A

52. According to IP Precedence, MPLS EXP or 802.1P information, packets can be divided into how many
types of services?
A. 2
B. 4
C. 6
D. 8
Answer: D

53. In the MPLS system, there are two ways to publish labels, namely: (Multiple Choice)
A. Free way
B. Independent
C. Conservative approach
D. Orderly approach
Answer: BD

54. Which of the following are the main goals of network management? (Multiple Choice)
A. Ensure that network users receive the expected network service quality and technical service
information.
B. Reduce equipment relocation costs.
C. Reduce the service life of network equipment and extend the service cycle.
D. Help network engineers face complex network data, and ensure that the data can be quickly and
comprehensively presented to users.
Answer: AD

55. For IPv4 packets, we can perform simple flow classification according to what information in the
packet? (Multiple Choice)
A. DSCP information
B. IP Precedence Information
C. Traffic Class information
D. 802.1P information
Answer: AB

56. Which of the following description about the function of traffic supervision is correct? (Multiple Choice)
A. The message cannot be colored
B. Colorize the message

12 / 91
The safer , easier way to help you pass any IT exams.

C. Cache the packets that exceed the traffic limit


D. The packets that exceed the traffic limit cannot be cached
Answer: BD

57. Compared with traffic policing, traffic shaping introduces queues for buffering traffic exceeding the
limit.
Regarding traffic shaping, which of the following description is incorrect?
A. Compared with traffic policing, traffic shaping has better anti-burst capabilities.
B. Traffic shaping allows packets to be sent out at a relatively uniform speed.
C. Due to the introduction of queues, when congestion occurs, the delay of messages increases relatively
D. Voice services are more suitable for traffic shaping rather than traffic policing
Answer: D

58. In the MPLS VPN network, when the data packet enters the public network and is forwarded, it will be
encapsulated with two layers of MPLS labels. Regarding the description of the two layers of labels, which
of the following options is wrong? (Multiple Choice)
A. The outer label of MPLS VPN is called the private network label, and the inner label is called the public
network label.
B. The outer label of MPLS VPN is allocated by LDP protocol or statically, and the inner label is allocated
by the MP-BGP neighbor of the opposite end.
C. By default, the outer label is ejected before the packet is forwarded to the last-hop device.
D. The outer label is used to correctly send the data packet to the corresponding VPN on the PE device.
Answer: AD

59. Regarding the description about the VRRP, which of the following is wrong?
A. The routers in the VRRP group elect a Master based on priority
B. The master router sends a gratuitous ARP message to notify its virtual MAC address to the device
connected to it.
C. If the Master router fails, the Backup router in the virtual router will re-elect a new Master based on the
priority
D. Because the priority range is 1-255, when the priority value in the VRRP notification message received
by the Backup device is 0, Backup will discard the message without any processing.
Answer: D

60. Qos service model includes: (Multiple Choice)


A. Best-EffortService model
B. Integrated Service. Model
C. Differentiated Service model
D. FIFO Service model
Answer: ABC

61. In the MPLS network as shown in the figure, which of the following descriptions is correct? (Multiple
Choice)

13 / 91
The safer , easier way to help you pass any IT exams.

A. The switch uses a straight connection port to establish a TCP connection.


B. The neighbor LDP ID of the switch is the port IP address
C. The neighbor LDP ID of the switch is the neighbor's MPLS lsr-id
D. The switch uses lsr-id to establish a TCP connection
Answer: AC

62. Regarding the description of the default security zone of the USG series of security firewalls, which is
correct?
A. The default security zone can be deleted
B. The default security zone can modify the security level.
C. The default security zone cannot be deleted, but the security level can be modified.
D. There are 4 default security zones.
Answer: D

63. In the firewall inter-domain security policy, which of the following data flows is not in the outbound
direction?
A. Data flow from the DMZ zone to the untrust zone
B. Data flow from the trust zone to the DMZ zone
C. Data flow from trust zone to untrust zone
D. Data flow from DMZ area to local area
Answer: D

64. Configure the remote port mirroring function on the Huawei router to realize the remote port mirroring
message, which can be transmitted to the monitoring equipment through the three-layer IP network, the
command is:
A. mirror-sever destination-IP 10.1.0.1 source-ip 192.168.1.1
B. monitor-sever destination-ip10.1.0.1 source-ip 192.168.1.1
C. Abserve-sever destination-IP 10.1.0.1 source-ip 192.168.1.1
D. sever destination-IP 10.1.0 1 source-ip 192.168.1.1

14 / 91
The safer , easier way to help you pass any IT exams.

Answer: C

65. VPN models are mainly divided into two types, one is Overlay VPN, and the other is Peer-to-Peer
VPN.
A. True
B. False
Answer: A

66. In the process of the client applying for an IP address through DHCP and assigning an IP address to
the DHCP server, which of the following messages are usually unicast? (Multiple Choice)
A. DHCP OFFER
B. DHCP REQUEST
C. DHCP DISCOVER
D. DHCP ACK
Answer: AD

67. If the two interfaces of the firewall are divided into the same area, then the flow of data packets
between the two interfaces must also go through the inter-domain packet filtering process.
A. True
B. False
Answer: A

68. The eSight single server mode allows only one user to log in at most. When other users log in, it will
prompt the user to log in.
A. True
B. False
Answer: B

69. The broadcast domain of VXLAN is called:


A. Broadcast domain
B. Exchange domain
C. Bridge domain
D. VLAN domain
Answer: C

70. Among the following options, which of the following the description about the Agile Controllerr guest
account application method is incorrect?
A. Can be created by the administrator.
B. It can be created by employees with guest management authority.
C. Can be created by the reception staff.
D. Visitors can register themselves.
Answer: C

71. Regarding the description of Network Address Port Translation (NAPT) and Only Translating Network

15 / 91
The safer , easier way to help you pass any IT exams.

Address (NO-PAT), which of the following statements is correct?


A. After NAPT conversion, for external users, all messages will only come from the same IP address.
B. NO-PAT only supports protocol port conversion at the transport layer.
C. NAT only supports protocol address translation at the network layer.
D. NO-PAT supports protocol address translation at the network layer.
Answer: D

72. Among the following options, which describes the Agile Controller's business orchestration concept
correctly? (Multiple Choice)
A. In business orchestration, the User Control List refers to user-level ACL control, using rules defined by
the source security group, destination security group, and port number of the data packet.
B. Orchestration equipment refers to equipment that guides business flows in an orderly manner,
generally refers to switches.
C. Business equipment refers to equipment that performs secure business processing on the business
flow introduced by the orchestration equipment, which mainly includes firewall equipment, anti-virus
equipment, and Internet behavior control equipment.
D. The business chain refers to the business data processed by the GRE tunnel.
Answer: ABC

73. Which of the following attacks is not a thousand network layer attacks?
A. IP spoofing attack
B. Smurf attack
C. ARP spoofing attack
D. ICMP attack
Answer: C

74. LDP is a protocol specially formulated for label distribution. It has many types of messages, among
which the messages used to generate, change and delete FEC label mapping are:
A. Discovery message
B. Session message
C. Advertisement message
D. Notification message
Answer: C

75. Regarding the default security zones Trustt and untrust of firewalls, which of the following statement is
correct? (Multiple Choice)
A. The direction of access from the Trust zone to the untrust zone is the outboud direction.
B. Access the outboud direction from the trust zone.
C. The security level of Trust is 85.
D. The security level of Untrust is 50.
Answer: AC

76. In the Diff-Serv network, the maximum number of values that can be defined with DSCP is:
A. 3

16 / 91
The safer , easier way to help you pass any IT exams.

B. 6
C. 8
D. 64
Answer: D

77. If DSCP (the first 6 bits of the Tos field) is used, how many categories can the message be divided into
at most?
A. 8
B. 16
C. 32
D. 64
Answer: D

78. What kind of information of message can be used for simple flow classification for tags?
A. DSCP information
B. IP Precedence Information
C. MPLS EXP information
D. 802.1P information
Answer: C

79. In the TCP/IP v4 version, which of the following security risks exist? (Multiple Choice)
A. Lack of data source verification mechanism
B. Lack of confirmation mechanism for data packets
C. Lack of a verification mechanism for data integrity
D. Lack and password guarantee mechanism
Answer: ACD

80. Jitter is caused by unequal end-to-end delay of packets belonging to the same stream.
A. True
B. False
Answer: A

81. In eSight, which types of protocols are supported by the NE discovery method? (Multiple Choice)
A. SNMP protocol
B. ICMP protocol
C. Telnet protocol
D. Netconf protocol
Answer: AB

82. Regarding the description of the stateful inspection firewall, which is correct?
A. Stateful inspection firewalls need to match rules for each packet entering the firewall
B. Because the UDP protocol is a connectionless protocol, the stateful inspection firewall cannot match
the state table of UDP packets
C. When the stateful inspection firewall checks the packets, the packets before and after the same

17 / 91
The safer , easier way to help you pass any IT exams.

connection are irrelevant.


D. The state detection firewall needs to match the access rules of the first packet of the connection, and
the subsequent packets of the connection are directly matched in the state table
Answer: D

83. MPLS forwards data based on labels. If there is no label, how to send IP packets passing through the
MPLS domain?
A. Normal IP forwarding
B. ATM forwarding
C. Multi-label MPLS forwarding
D. Single-label MPLS forwarding
Answer: A

84. On Huawei AR routers, the command to configure interface Eth2/0/3 as a local observation port is:
A. observe-port interface Etherenet2/0/3
B. mirror-port interface Ethernet2/0/3
C. monitor-port interface Ethernet2/0/3
D. server-port interface Ethernet2/0/3
Answer: A

85. The Multi-Protocol Label Switching Technology (MPLS) defined by IFTF is a third-layer switching
technology used to provide connection services to the IP layer. MPLS is composed of (). (Multiple choice)
A. Label switch router
B. Label Edge Router
C. Label distribution router
D. Label transmission router
Answer: AB

86. In the label forwarding table of the running MPLS device, for different routes (but the next hop is the
same), the label is output:
A. Must be different
B. Must be the same
C. May be the same
Answer: A

87. In QOS, the main difference between Differentiated Service and Integrated Service is: (Multiple
Choice)
A. Differentiated Service, the services obtained by packets to different destinations are different.
In B. Differentiated Service, the services obtained by groups from different sources are different.
C. There is no need to maintain status information for each flow in Differentiated Service.
D. Differentiated Service is suitable for application on large-scale backbone networks.
Answer: CD

88. The command to configure VRRP preemption delay is:

18 / 91
The safer , easier way to help you pass any IT exams.

A. vrrp vrid 1 preempt -timer 20


B. vrrp vrid 1 preempt-mode timer delay 20
C. vrrp vrid 1 timer delay 20
D. vrrp vrid 1 preempt-delay 20
Answer: B

89. During the establishment of the LSP, there are many types of label distribution control methods used
when the LSR assigns labels. Which of the following descriptions are incorrect?
A. The label distribution control method can be divided into independent label distribution control and
ordered label distribution control.
B. If the label distribution mode is DU and the label distribution control mode is independent, the LSR
does not need to wait for the downstream label, and will directly distribute the label to the upstream.
C. If the label distribution mode is DoD, the label distribution control mode is independent, if the label
distribution mode is DU, and the label distribution control mode is Ordered,
D. The LSR (Transit) will only release the label to the upstream (ingress) when it receives the label
mapping message from the downstream (Egress).
Answer: C

90. The configuration on the PE device is as follows, which of the following description of the configuration
command is correct?
A. The peer PE is in AS 500 and has an EBGP neighbor relationship with the local PE.
B. PE is connected to the CE equipment of two customer networks, one is set to VPN1, the other is set to
VPN3.
C. Access two VPN clients on the PE side, and delay BGP protocol to exchange routes with the PE.
D. The local PE equipment delays the direct interface to establish a BGP neighbor relationship with the
opposite PE.
Answer: C

91. QOS provides different quality of service in response to various requirements. The following functions
provided by QOS are: (Multiple Choice)
A. Support to provide users with dedicated broadband
B. Can reduce the loss rate of messages
C. Avoid and manage network congestion
D. You can set the source address of the message
Answer: ABC

92. The definition of CAPEX is:


A. Cost expenditure
B. Capital expenditure
C. One-time expenditure
D. Daily expenses
Answer: B

93. Which of the following statement about DSCP in QOS is wrong?

19 / 91
The safer , easier way to help you pass any IT exams.

A. Use the 6 bits (higher 6 bits) before the TOS field to identify different service types, called DSCP
B. DSCP can be used to divide traffic into 32 categories.
C. Each DSCP value corresponds to a BA (Behavior Aggregate), and then a PHB can be specified for
each BA.
D. Some QOS mechanisms can be used to implement PHB
Answer: B

94. Which of the following values can be set for the security level of the customized security zone of the
USG series firewall? (Multiple Choice)
A. 150
B. 100
C. 80
D. 40
Answer: CD

95. During the operation of the DHCP protocol, the process from the client application to the acquisition of
an IP address is:
A. ①→②→③→④
B. ①→④→③→②
C. ③→②→①→④
D. ③→④→①→②
Answer: C

96. The IP protocol number of the VRRP message is:


A. 112
B. 114
C. 116
D. 118
Answer: A

97. How many bits are there in the label field of MPLS?
A. 8
B. 3
C. 1
D. 20
Answer: D

98. For a device running MPLS, there will be label forwarding, so the incoming label of everyone in the
label forwarding table:
A. Must be different
B. Must be the same
C. May be the same
Answer: C

20 / 91
The safer , easier way to help you pass any IT exams.

99. There is a TTL field in the MPLS label message. In the network as shown in the figure, the TTL in the
MPLS message sent by the SWB to the SWC and the TTL in the IP message are respectively:

A. 255, 9
B. 254, 10
C. 10, 10
D. 254, 9
Answer: B

100. The SDN controller can intelligently adjust the flow path according to the network status to achieve
the purpose of increasing the throughput of the entire network.
A. True
B. False
Answer: A

101. Which of the following are multi-channel protocols?


A. FTP
B. Telnet
C. H.323
D. SNMP
Answer: AC

102. A VRRP virtual router is configured with a VRID of 3 and a virtual IP address of 100.1.1.10, so what
is the virtual MAC address?
A. 00-00-5E-00-01-64
B. 00-00-5E-00-01-03
C. 01-00-5E-00-01-64
D. 01-00-5E-00-01-03
Answer: B

103. Without using the BFD detection mechanism, an OSPF router that establishes a neighbor
relationship through an Ethernet link will take up to 40 seconds to interrupt the neighbor relationship at the
end of the link failure.
A. True

21 / 91
The safer , easier way to help you pass any IT exams.

B. False
Answer: A

104. Among the following queue scheduling technologies, which queue scheduling technology has better
fairness?
A. WFQ
B. PQ
C. FIFO
D. RR
Answer: A

105. The BFD mechanism uses TCP to establish a connection, and its destination port number is 3784.
A. True
B. False
Answer: B

106. VXLAN itself has nothing to do with SDN technology.


A. True
B. False
Answer: A

107. Which of the description regarding the application scenario of Agile Controller's admission control
technology is wrong?
A. In MAC authentication, the user terminal uses the MAC address as the identity credential to go to the
authentication server for authentication. MAC address authentication is mainly used for authentication of
dumb terminal devices such as phones and printers.
B. 802.1X authentication uses EAP authentication protocol to realize the exchange of authentication
information between the client, the device and the authentication server
C. Portal authentication is also called WEB authentication. Users can enter the user account information
through the WEB authentication page to realize the authentication of the terminal user's identity.
D. SACG certification adopts USG firewall to hang on the router and very strong switch, and control
terminal access through manual interface
Answer: D

108. DHCP relay is also called DHCP relay. Which of the following statements about DHCP relay is
correct? (Multiple Choice)
A. The DHCP protocol uses broadcast messages. If there are multiple subnets, they cannot be traversed,
so a DHCP Relay device is required.
B. The DHCP Relay device can be a router or a switch
C. The DHCP Relay device can be a host
D. The DHCP Relay does not change the content of the message, and the message is forwarded as it is
Answer: AC

109. Mirroring requires the collected data to be real-time, true and reliable.

22 / 91
The safer , easier way to help you pass any IT exams.

A. True
B. False
Answer: A

110. The default priority of VRRP devices in the backup group is:
A. 200
B. 150
C. 100
D. 0
Answer: C

111. MPLS is called multi-protocol label switching. Regarding the label description in MPLS, the correct
one is: (Multiple Choice)
A. A label is a segment identifier with a fixed length and only local meaning, which is used to uniquely
identify the FEC to which a packet belongs
B. The label is similar to the VPI/VCI of ATM and the DLCI of Frame Relay, and is a connection identifier
C. The label is carried by the header of the message, does not include topology information, and has
global significance
D. MPLS supports single-layer labels as well as multi-layer labels
E. The MPLS system consists of a variety of label distribution protocols, such as LDP is a label
distribution protocol.
Answer: ABDE

112. VXLAN users can access the internet through the VXLAN interface.
A. True
B. False
Answer: A

113. When using eSight to query historical alarms, which of the following conditions can be used to filter
alarms? (Multiple choice)
A. Warning level
B. Time of first occurrence
C. Alarm source
D. Alarm name
Answer: ABCD

114. In the USG series firewall, what is the security level of the Untrust zone?
A. 5
B. 10
C. 15
D. 50
Answer: A

115. The following description of the DiffServ model, which is wrong?

23 / 91
The safer , easier way to help you pass any IT exams.

A. You can inform the network node of its QOS requirements by setting the qos parameter information in
the IP packet header
B. Each device on the message propagation path can learn the service requirement category of the
message through the analysis of the IP message header
C. When implementing DiffServ, downstream routers must classify packets
D. DiffServ is a message-based QoS solution
Answer: C

116. After using eSight to initially add devices, the arrangement of the topology elements is random and
cannot reflect the actual network structure. Therefore, it is necessary to adjust the position according to
the actual network or select the terminal layout function provided by the topology.
A. True
B. False
Answer: A

117. Which layer of data packets does the packet filtering firewall inspect?
A. Application layer
B. Physical layer
C. Network layer
D. Link layer
Answer: C

118. When the virtual router responds to the ARP request, it uses the real MAC address of the main
router.
A. True
B. False
Answer: B

119. Physical interface total rate limit (check LR) can limit the total rate of messages (including emergency
messages) occurring on the interface on a physical interface.
A. True
B. False
Answer: A

120. There is the concept of forwarding equivalent FEC in MPLS, which is wrong? (Multiple choice)
A. The packets of the same FEC will be processed differently in the MPLS network.
B. The division of FEC is very flexible. It can be based on any combination of source address, destination
address, source port, destination port, protocol type, or VPN.
C. MPLS classifies packets with the same forwarding processing method into one category, which is
called FEC.
D. A forwarding equivalence class FEC will only have a unique label mark
Answer: AD

121. In the USG series firewall, what is the security level of the DMZ area?

24 / 91
The safer , easier way to help you pass any IT exams.

A. 5
B. 50
C. 85
D. 100
Answer: B

122. The main features of packet filtering firewall include?


A. With the increase of ACL complexity and length, the filtering performance of firewalls tends to decrease
exponentially
B. Static ACL rules are difficult to adapt to dynamic security filtering requirements
C. Do not check the session state or analyze the data, which is easy for hackers to get confused.
D. Ability to completely control the exchange of network information, control the session process and
have high security
Answer: D

123. The SDN architecture mainly includes two interfaces: NBI northbound interface and SBI southbound
interface.
A. True
B. False
Answer: B

124. MPLS is a label forwarding technology. Which is wrong about the following description of MPLS?
A. Adopt a connection-oriented control plane and a connectionless data plane.
B. The control plane realizes the transmission of routing information and the distribution of labels, and the
data plane realizes the message transmission on the label forwarding path of the resume.
C. The switch in the MPLS domain only needs to forward according to the label encapsulated outside the
IP header
D. For traditional IP forwarding, MPLS label forwarding greatly improves the efficiency of data forwarding
Answer: A

125. The Multi-Protocol Label Switching Technology (MPLS) defined by the IETF is a third-layer switching
technology, which consists of different equipment, among which the equipment responsible for
adding/removing tags for network flows?
A. Label distribution router
B. Label Edge Router
C. Label Switch Router
D. Label transfer router
Answer: B

126. The DHCP server can use different address ranges to assign clients. Regarding the description of
the assigned address, which is correct? (Multiple choice)
A. It can be an IP address that is statically bound to the client's MAC address in the database of the
DHCP server
B. It can be the IP address used by the client, that is, the address of the Requested IP Addr Option

25 / 91
The safer , easier way to help you pass any IT exams.

(Requested IP Addr Option) in the DHCP_DISCOVER message sent by the client


C. In the DHCP address pool, search for the IP addresses available for allocation in order, that is, find the
IP address first
D. Regarding the IP address that the DHCP server finds out of the lease and conflicts, if it finds an
available IP address, it can be assigned
E. It can be an IP address that the client used to conflict with other clients
Answer: ABCD

127. The description of the business free mobility application scenario of the Agile Controller, which is
wrong?
A. When each department's office staffs scopes server resources, the authority policy is uniformly
deployed by Agile Control, and the administrator only needs to pay attention to the setting of the
inter-departmental exchange relationship, and select the key location equipment in the park as the policy
enforcement point. After the department is completed, no matter where the user is and how to access it,
he can get his access rights.
B. Collaboration between outsourced personnel and internal employees can be realized. Based on the
strategy and IP, combined with the "strategy automatic deployment" function, multiple teams can work
together quickly, while ensuring that each user has the correct physical access rights. Control the data
sharing behavior among team members as needed to ensure the security of enterprise data
C. When the network management resources are limited, it can be combined with the limited online
selection of the automatic selection gateway VIP to ensure that VIP users enjoy a high-quality network
experience.
D. The office needs of personnel are automatically identified by the Agile Controller, no manual
configuration is required, and users can obtain their access rights no matter when and where they are
Answer: D

128. In the VAP application scenario, which functions of the AR router can be virtualized to the server?
(Multiple choice)
A. Firewall
B. VOIP
C. NAT
D. VPN
Answer: ABCD

129. DHCP Snooping is a DHCP security feature that can be used to defend against multiple attacks,
which include in? (Multiple choice)
A. Defend against starvation attacks that change the CHADDR value
B. Defend DHCP as a counterfeiter attack
C. Defend against TCP flag attacks
D. Defend against man-in-the-middle attacks and IP/MAC spoofing attacks
Answer: ABD

130. There are many types of LDP messages. Which of the following functions can be achieved by
session message? (Multiple choice)

26 / 91
The safer , easier way to help you pass any IT exams.

A. Monitor the integrity of the TCP connection of the LDP session


B. Terminate the unfinished Label Request Message
C. Release label
D. Negotiate parameters during LDP session establishment
Answer: AD

131. In the Peer-to-Peer VPN network, which device is directly connected to the client device and is
responsible for VPN service access to the operator's network?
A. CE equipment
B. PE equipment
C. P equipment
D. Client equipment
Answer: B

132. The emergence of MPLS VPN is mainly to solve the inherent defects of traditional VPN technology.
The most important thing is to solve which of the following types of relationship problems?
A. Private network routing cannot communicate
B. Private lines are expensive
C. Broadband resources cannot be retransmitted and used
D. Address space overlap
Answer: D

133. The definition of NFV is?


A. Network infrastructure virtualization
B. Network function virtualization
C. Network bus virtualization
D. Network structure virtualization
Answer: B

134. Regarding the description of the security level of the configuration firewall security zone, which is
wrong?
A. The newly created security zone, the system defaults its security level to 1
B. Only a custom security level can be set to a security level.
C. Once the security level is set, it is not allowed to change
D. In the same system, two security zones are not allowed to configure the same security level
Answer: A

135. LDP sessions are used to exchange label mapping and release messages between LSRs.
Regarding the description of the LDP session establishment process, which is correct? (Multiple choice)
A. The two LSR exchange hello messages to trigger the establishment of LDP session
B. The initialization Message is used to negotiate parameters during the LDP Session establishment
process
C. Keep Alive Message is used to monitor the integrity of the LDP Session's TCP connection
D. When the ingress node LSR receives the label mapping message, it completes the establishment of

27 / 91
The safer , easier way to help you pass any IT exams.

the LDP session


Answer: ABC

136. What mechanisms can VRRP be combined with to monitor the connectivity of the uplink? (Multiple
choice)
A. Interface track
B. BFD
C. NQA
D. ip-link
Answer: ABCD

137. Which of the following options does not support by Agile Controller?
A. 802.1x
B. portal
C. MAC bypass
D. SACG
E. AAA
Answer: E

138. ASPF technology enables the firewall to support multi-channel protocols such as FTP, and it can also
formulate corresponding security policies for complex applications.
A. True
B. False
Answer: A

139. When traffic classification is performed, certain rules are used to identify messages that meet certain
characteristics, and messages with different characteristics can enjoy different services.
Therefore, because the classification rules are based on different information, traffic classification can be
divided into simple flow classification and complex flow classification.
A. True
B. False
Answer: A

140. Usually when configuring Diff-Serv in QOS, the border router will classify the message according to
the source address and destination address of the message, and set different IP priorities for different
messages, other routers only need to identify the message according to the IP priority.
A. True
B. False
Answer: A

141. The BFD control message is encapsulated in UDP message for transmission, so what is the
destination port number of the multi-hop BFD control message?
A. 2784
B. 3784

28 / 91
The safer , easier way to help you pass any IT exams.

C. 4784
D. 5784
Answer: C

142. What is the version numbers of BFD supported by the VRP version?
A. version1
B. version2
C. version3
D. version4
Answer: A

143. VXLAN technology is to build a secondary network across DC.


A. True
B. False
Answer: B

144. Which of the following options is the default created by deploying Huawei SIGHT?
A. Administrator
B. Monitor
C. Operator
D. End-User
Answer: D

145. Which of the following is not included in the limitations of traditional access networks?
A. The network protocol is complex to implement, and the operation and maintenance is difficult
B. The ability to adjust the flow path is not flexible enough
C. The actual speed of new network business is slow
D. The implementation mechanism of equipment from different manufacturers is similar, and the
operating commands are small and easy to operate.
Answer: D

146. The DHCP server, which is responsible for the client IP address allocation. When configuring the
DHCP Server, which of the following steps need to be included? (Multiple choice)
A. Enable DHCP function globally
B. Configure option82 of DHCP
C. When using the DHCP server mode of the global address pool, configure the global address pool
D. When using the DHCP server mode of the port address pool, configure the port address pool
Answer: ACD

147. The following statement about the integrated Service model in QOS, which is wrong?
A. The command to transmit the QOS request is RSVP, which is used to notify the router application of
the QOS requirements
B. It can provide guaranteed bandwidth and delay to meet application requirements
C. It can provide load control service (Controlled-Load service) to ensure that even in the case of network

29 / 91
The safer , easier way to help you pass any IT exams.

overload (overload), it can provide a service similar to the network not overloaded, that is, in the case of
network congestion, guarantee certain These applications have low latency and high throughput of
packets.
D. Under this model, the network will maintain a state for each flow (by the IP and port number of the
source and destination), and perform packet classification, traffic management (policing), queuing and
scheduling based on this state to meet the commitment to the program.
Answer: D

148. The main roles of the mirror port are divided into? (Multiple choice)
A. Mirror port
B. Local Observation Port
C. Remote mirror port
D. Relay port
Answer: ABC

149. Which of the following types of firewalls have the highest forwarding efficiency when processing data
streams other than the first packet?
A. Packet filtering firewall
B. Proxy firewall
C. Stateful inspection firewall
D. Software firewall
Answer: C

150. Which of the following is the main feature of a stateful inspection firewall?
A. Processing speed is slow
B. Subsequent package processing performance difference
C. Only the physical layer can be detected
D. Perform packet filtering inspection for each packet
Answer: B

151. The following figure shows a network running MPLS, and looking at the LDP session information on
SWA, which of the following statement is wrong? (Multiple choice)

30 / 91
The safer , easier way to help you pass any IT exams.

A. 2.2.2.2: The 2.2.2.2 in 0 represents the neighbor lsr-id


B. 2.2.2.2: The 0 in 0 means it is a label space based on the platform
C. Operational indicates that the LDP process is in operation and has not yet been fully established
D. Passive means SWA is on the passive side
E. Passive means SWB is on the passive side
Answer: CE

152. PQ's classification mechanism supports delay standards or extended IP access lists
A. True
B. False
Answer: A

153. Regarding the label space of MPLS, which description is wrong?


A. 16-1023 are static LSP and static CR-LSP sharing label space
B. 1024 or more is the label space shared by dynamic signaling protocols such as LDP, RSVP-TE,
MP-BGP, etc.
C. The last hop receives a packet with a label control of 0 and directly forwards it through IP or forwards
the next layer of label
D. When the penultimate hop LSR performs label switching, if it finds that the exchanged label is 3, it will
eject the label and send the message to the last hop.
Answer: C

154. If two devices are connected, one device supports the BFD detection function, but the other device
does not support the BFD detection function, then the device that supports the BFD detection function
can use which feature of BFD to realize the link detection?
A. Quick handshake
B. Interface status linkage
C. One-arm echo

31 / 91
The safer , easier way to help you pass any IT exams.

D. Two-way detection
Answer: C

155. Among the following obtained values of IP Precedence, which one represents the immediate service
link?
A. 0
B. 2
C. 5
D. 6
Answer: B

156. Both firewalls and routers can implement security functions, so they can be used interchangeably.
A. True
B. False
Answer: B

157. The length of the MPLS header is 32 bits, including a label of 20 bits, which is used for packet
forwarding; dxp with a length of 32 bits is usually used to carry the priority of IP packets; a label S at the
bottom of the stack with a length of 1 bit is used to indicate release Is the last label (MPLS labels can be
nested in multiple layers)
A. The function is similar to the TTL of the IP header, which is used to prevent packet loops.
B. Mainly used for label management control
C. Used to control the upstream equipment during label distribution
D. Restrictions on LSR
Answer: A

158. Which is not included in the discarding packet strategy in the congestion avoidance mechanism?
(Multiple choice)
A. FIFO
B. RED
C. ERED
D. WFQ
Answer: AD

159. In the process of establishing BFD session between devices, which of the following states will not go
through?
A. 2-way
B. down
C. init
D. up
Answer: A

160. Regarding the establishment of BFD session, which of the following is wrong?
A. BFD sessions can only be established in a stateful way

32 / 91
The safer , easier way to help you pass any IT exams.

B. Static configuration of a BFD session refers to the use of command lines, manual configuration, and
BFD session parameters, including local identifiers and remote identifiers.
C. When a BFD session is statically established, the local identifier is dynamically allocated
D. The system distinguishes between static BFD sessions and dynamic BFD sessions by dividing the
identifier area.
Answer: A

161. In the USG series firewall, which of the following security zones can be deleted by the administrator?
A. Security area
B. Trust zone
C. Untrust zone
D. DMZ area
Answer: A

162. Regarding the description of the label encapsulation format in MPLS, which is correct? (Multiple
choice)
A. The total length of a single MPLS label is 4 bytes (32bit)
B. The TTL field in the label has the same meaning as the TTL (time to live) in the IP packet, and it also
has the effect of preventing loops.
C. The S field in the label: 1bit, used to identify the label at the bottom of the label release stack, when the
value is 1, it indicates the second-to-last label
D. For Ethernet and PPP packets, the label stack is like a "cushion", located between the layer 2 header
and the data. When there is a VLAN tag, it is placed before the vlan tag.
Answer: AB

163. During the DHCP operation, if the client's IP address has not been renewed in the past 87.5% of the
appointment, what message will the client send to renew the contract?
A. DHCP discover broadcast message
B. DHCP release unicast message
C. DHCP request broadcast message
D. DHCP request unicast message
Answer: C

164. During the operation of DHCP, multiple message types will be exchanged, so which of the following
messages are not sent from the client to the server?
A. DHCP NAK
B. DHCP REQUEST
C. DHCP DISCOVER
D. DHCP RELEASE
Answer: A

165. At the network layer, which of the following cannot be used to classify IP packets?
A. Message length
B. VLAN ID

33 / 91
The safer , easier way to help you pass any IT exams.

C. Source IP address and destination IP address


D. ToS field
Answer: B

166. Configure the remote port mirroring function on the Huawei router to realize the remote port mirroring
message, which command can be transmitted to the monitoring equipment through the third-level IP
network?
A. mirror-sever destination-ip 10.1.0.1 source-ip 192.168.1.1
B. monitor-server destination-ip 10.1.0.1 source-ip 192.168.1.1
C. observe-server destination-ip 10.1.0.1 source-ip 192.168.1.1
D. server destination-ip 10.1.0.1 source-ip 192.168.1.1
Answer: C

167. Regarding the description of VRRP, which of the following description is wrong?
A. VRRP is a redundant backup protocol designed for LANs with multicast or broadcast capabilities (such
as Ethernet) to ensure that when the next hop router device of a host in the LAN fails, another router can
be used in a timely manner Instead, to maintain the continuity and reliability of network communications.
B. When using the VRRP protocol, you need to configure the virtual router number and virtual IP address
on the router, and directly use the real MAC of the main router, so that a virtual router is added to the
network
C. The host on the network communicates with the virtual router, and there is no need to know all the
information of the physical router on this network
D. A virtual router is composed of a main router and several backup routers. The main router realizes the
real forwarding function. When the main router fails, a backup router will become the new main router and
take over its work.
Answer: B

168. In the DU label distribution mode, if the Liberal retention mode is adopted, the device will retain all
the labels sent by the LDP Peer, regardless of whether the LDP Peer is the next hop to the destination
network segment.
A. True
B. False
Answer: A

169. Regarding delay and jitter, which of the following descriptions is correct? (Multiple choice)
A. The end-to-end delay is equal to the sum of the processing delay and the queue delay
B. Jitter is caused by the unequal end-to-end delay of each packet
C. The size of the jitter is related to the size of the delay, the smaller the delay, the smaller the jitter range,
and the larger the delay, the larger the jitter range
D. The magnitude of jitter is not related to delay
Answer: BC

170. NFV and SDN are highly complementary and interdependent, so they must be used in combination.
A. True

34 / 91
The safer , easier way to help you pass any IT exams.

B. False
Answer: B

171. Regarding the description of the VRRP master device, which is wrong?
A. Periodically send VRRP packets
B. Respond to the ARP request for the virtual IP address with the virtual MAC address
C. Forward IP packets whose destination MAC address is a virtual MAC address
D. Even if the router has become the master, it will be preempted by the backup router with high priority
Answer: D

172. The flow mirroring port can realize the function of transmitting the packets of a specific service flow
on the mirroring port to the monitoring equipment for analysis and monitoring.
A. True
B. False
Answer: A

173. Regarding the description of the firewall security zone, which of the following statements is correct?
A. Different security zones of the firewall can have the same priority.
B. The same excuse of the firewall can belong to different security zones
C. Different interfaces of the firewall can belong to the same security zone
D. The built-in security zone of the firewall can be deleted
Answer: C

174. LDP requires reliable and orderly delivery of messages. Except for which of the following messages
use UDP, all others need to use TCP messages?
A. Discovery message
B. Session message
C. Advertisement message
D. Notification message
Answer: A

175. Which device discovery methods does Huawei eSight network management software support?
(Multiple choice)
A. Specify an IP address
B. Specify an IP address segment
C. Specify product model
D. Import via Excel (specify IP address)
Answer: ABD

176. What are the advantages of NFV? (Multiple choice)


A. Reduce equipment costs and energy costs
B. Shorten the cycle of network operation business innovation
C. Network equipment can be unified version, unified management enters tenants
D. A single platform serves different applications and tenants

35 / 91
The safer , easier way to help you pass any IT exams.

Answer: ABD

177. The following description about Huawei eSight network management software, which is wrong?
A. Wizard installation, lightweight system
B. Using the C/S architecture, you can directly use the browser to access the network anytime and
anywhere.
C. Provide corresponding solutions to different customers
D. Support unified management of equipment from multiple vendors
Answer: B

178. Regarding the description of the VRRP slave device, which is correct? (Multiple choice)
A. When the slave receives the VRRP packet sent by the Master, it can determine whether the status of
the Masterd is normal
B. When receiving a VRRP packet with priority 0, Slave will directly switch to Master
C. Slave will discard IP packets whose destination MAC address is virtual MAC address
D. Slave will respond to IP packets whose destination IP address is virtual.
Answer: ABC

179. The core router in the Diff-serv domain usually only needs to perform simple flow classification.
A. True
B. False
Answer: A

180. In MPLS VPN network, when a data packet enters the public network and is forwarded, the upper
two layers of MPLS labels will be used. The following options are the processing process for the data
packet. Which is correct? (Multiple choice)
A. The packet is forwarded to the peer PE device after being ejected from the outer label on the
penultimate hop device
B. The peer PE device receives an IP packet without a label
C. The basis for the second-to-last hop device to pop up the outer label is that the outer label carried in
the packet shows an empty label 3
D. The peer PE device correctly sends the data packet to the corresponding VPN according to the inner
label
Answer: AD

181. The network architecture of SDN is mainly divided into? (Multiple choice)
A. Collaborative application layer
B. Control layer
C. Logical layer
D. Forwarding layer
Answer: ABD

182. Which configuration statement is correct? (Multiple choice)


A. This command is used to configure and enable the DHCP server

36 / 91
The safer , easier way to help you pass any IT exams.

B. This command configures all clients on the VLANIF10 interface to obtain IP addresses from the global
address pool
C. The interface address pool takes precedence over the global address pool to assign addresses, that is,
if there is an interface address pool on the interface, even if the global address pool also exists, the client
will preferentially obtain addresses from the interface address pool
D. The maximum number of ping packets sent by the DHCP server is 10
E. The maximum number of ping packets received by the DHCP server is 10
Answer: ABCD

183. A company consists of a head office and two branches, and uses MPLS VPN technology to deliver
private network routing. In the Hub&Spoke networking mode, the branch offices can only communicate
with the head office, and the branch offices cannot communicate with each other. (Multiple choice)
A. Head office: import Target: 1:1, 2:2; Export Target: 3:3.
Branch 1: Import Target: 3: 3; Export Target: 1: 1
Branch 2: import Target: 3: 3; Export Target: 2: 2
B. Headquarters: import Target: 12: 3; Export Target: 3: 12.
Branch 1: Import Target: 3: 12; Export Target: 12: 3
Branch 2: import Target: 3: 12; Export Target: 12: 3
C. Head Office: import Target: 1:1; Export Target: 3:3.
Branch 1: Import Target: 3: 3; Export Target: 1: 1
Branch 2: import Target: 3: 3; Export Target: 2: 2
D. Head Office: import Target: 2:2; Export Target: 3:3.
Branch 1: Import Target: 3: 3; Export Target: 1: 1
Branch 2: import Target: 3: 3; Export Target: 2: 2
Answer: AB

184. There are different ways of MPLS encapsulation. Which one of the following options says about the
encapsulation method is correct? (Multiple choice)
A. MPLS encapsulation has frame mode and cell mode
B. Ehernet and PPP use frame mode encapsulation
C. ATM uses cell mode encapsulation
D. In cell mode encapsulation, if a sentence in the message carries an MPLS Header, the first cell will
retain the MPLS Header for forwarding.
Answer: ABC

185. In order to prevent some attacks, you can enable DHCP Snooping on the switch and set
trusted/untrusted ports. In the following network, which port of the S9300 should be set as a trusted port?

37 / 91
The safer , easier way to help you pass any IT exams.

A. Port connected to network A


B. Port connected to network B
C. Port connected to network C
D. Port connected to network D
Answer: D

186. In the NFV architecture, what are the specific underlying physical devices? (Multiple choice)
A. Storage equipment
B. For equipment
C. Server
D. Air conditioning system
Answer: ABC

187. The attacker responds to the request by sending ICMP and sets the destination address of the
request packet to the broadcast address of the victim network to achieve the purpose of the attack. So
what kind of attack does this behavior belong to?
A. IP spoofing attack
B. Smart attack
C. ICMP redirect attack
D. SYN flood attack
Answer: B

188. A socket is composed of quintuples, so which of the following options does not belong to the
quintuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Answer: B

189. Regarding the relationship between the two technologies of 802.1X and RADLUS, which one of the

38 / 91
The safer , easier way to help you pass any IT exams.

following options describes is correct?


A. 802.1X and RADLUS are different names for the same group of technologies
B. 802.1X is a technical system, which includes the RADLUS technology
C. RADLUS is a technology system that includes 802.1X technology
D. 802.1X and RADLUS are different technologies, but they are often used together to complete the
access control of the peer.
Answer: D

190. If you need to configure DHCP Replay, which of the following steps need to be included? (Multiple
choice)
A. Configure the name of the DHCP server group
B. Configure the DHCP server IP address in the DHCP server group
C. Configure the interface number and IP address of the interface to enable the DHCP replay function
D. Configure option82 insert function
Answer: ABC

191. Which of the following options are the functional components of the Agile Controller? (Multiple
choice)
A. Accompanying business
B. Business Orchestration
C. Access control
D. Security assistance
E. Resource follow-up
Answer: ABCD

192. MPLS supports multi-layer labels and the continuity-oriented characteristics of the forwarding plane,
and has been widely used in many aspects. So, which of the following is not included in the deployment of
MPLS?
A. Standards of various manufacturers are generally recognized
B. Traffic engineering capabilities
C. Simplify route lookup on software-based routers
D. Ability to use VPN services
Answer: A

193. In VRRP, when the device status changes to Master, it will immediately send a gratuitous ARP to
refresh the MAC table entries of the downstream device, thereby directing the traffic to this device.
A. True
B. False
Answer: A

194. In the Diff-Serv network, the main purpose of defining EF business types is?
A. Provide guarantee to ensure that broadband services are prioritized with low latency, low loss, and low
jitter.
B. Provide a channel for message forwarding

39 / 91
The safer , easier way to help you pass any IT exams.

C. Ensure broadband for specific traffic


D. Ensure the lowest possible delay in packet forwarding
Answer: A

195. In the wireless admission control scenario of the Agile Controller, which of the following methods is
recommended to control the access of internal employees and guests to the network?
A. Control access based on different user names
B. Control access according to whether the wireless terminal MAC address is registered
C. Set different SSID for internal employees and visitors to control access
D. Control access according to the type of wireless terminal
Answer: C

196. According to the different reference information of the classification rules, the traffic classification can
be divided into? (Multiple choice)
A. Simple flow classification
B. Complex flow classification
C. On-demand flow classification
D. Business flow classification
Answer: AB

197. Suppose that for the packets marked AF21, the set WRED drop strategy is: the lower limit is set to
35, the upper limit is set to 40, and the drop probability is 50%.
Then when the AF21 message arrives, the description of the processing result of the message by wred,
which is wrong? (Multiple choice)
A. If the average length of the current queue is less than 35, packets start to be discarded
B. If the average length of the current queue is greater than the lower limit of 35 and less than the upper
limit of 40, the probability of the packet being discarded is 50
C. If the average length of the current queue is greater than the upper limit of 40, the packet starts to enter
the queue.
D. If the average length of the current queue is greater than the upper limit of 40, the packet will be
discarded.
Answer: AC

198. In port queue scheduling, which queue has no fairness, and different flows cannot be isolated from
each other?
A. CQ+WFQ
B. PQ+WFQ
C. FIFO
D. WRR
Answer: C

199. DDOS attack means that the attacker sends a large number of carefully constructed attack
messages to the target network by controlling a large number of zombie hosts, so that the attacked
person has the effect of refusing to provide services to normal requests.

40 / 91
The safer , easier way to help you pass any IT exams.

A. True
B. False
Answer: A

200. Using nat technology, only the network layer information (ip address) in the data message can be
exchanged.
A. True
B. False
Answer: B

201. Which of the following information can the DHCP binding table contain? (Multiple choice)
A. MAC address
B. IP address
C. Meet time
D. Port and UDP port
Answer: ABC

202. VPN instance is also called VPN routing and forwarding table (VRF), so which description is wrong?
A. The VPN instances on the PE are independent of each other
B. Each VPN instance can be regarded as a virtual device, maintaining an independent address space
and having an interface connected to the private network.
C. There are multiple routing and forwarding tables on the PE, including one public network routing and
forwarding table, and one or more VPN routing and forwarding tables.
D. One VPN instance can correspond to multiple sites, and multiple sites can also correspond to one VPN
instance
Answer: D

203. LSR reserves the received labels, and there are many ways to reserve them, then the following
about LDP label reservation-free way, which is correct? (Multiple choice)
A. Keep all labels sent by neighbors
B. Need more memory and label space
C. Only keep labels from next-hop neighbors, discard all labels sent by non-next-hop neighbors
D. Save memory and label space
E. When the IP route converges and the next hop changes, the LSP convergence time is reduced
Answer: ABE

204. BFD (Bidirectional Forwarding Detection) technology is a fast detection technology, but it is more
complicated and requires special vendor equipment to support.
A. True
B. False
Answer: B

205. Which traffic can be mirrored by port mirroring? (Multiple choice)


A. Packets received by the port.

41 / 91
The safer , easier way to help you pass any IT exams.

B. Packets sent by the port


C. Messages sent and received by the port
D. Packets discarded by the port
Answer: ABC

206. The following statements about different types of firewalls, which are wrong?
A. The packet filtering firewall performs ACL matching check for each packet passing through the firewall
B. Stateful inspection firewall detachment did not hit the first packet of the session for security policy
inspection
C. The stateful inspection firewall needs to be configured with security policies in both the "go" and "back"
directions of packets.
D. Proxy firewall proxy services between internal network and external network users
Answer: C

207. In the label forwarding table of the running MPLS device, for the same route (the same is the same
for surprise), the label is output?
A. Must be different
B. Must be the same
C. May be the same
Answer: B

208. The advantages of address translation technology do not include?


A. Address translation can be used by internal network users (private IP addresses) to facilitate access to
the Internet
B. Address translation can be that many hosts in the internal LAN share an IP address to go online
C. Address translation can handle the case of IP header encryption
D. Address translation can shield users on the internal network and improve the security of the internal
network
Answer: C

209. The Round Robin scheduling method is polled and sent according to the number of bytes defined by
each queue, and the bandwidth ratio occupied by each queue is equal to the ratio of the number of bytes
defined in this queue to the sum of the number of bytes in all queues.
A. True
B. False
Answer: A

210. When configuring source NAT with no-pat configuration parameters, which of the following
statements is correct?
A. Only source IP address translation
B. Only the destination IP address conversion
C. Simultaneous conversion of source IP address and source port
D. Perform destination IP address and destination port conversion
Answer: A

42 / 91
The safer , easier way to help you pass any IT exams.

211. In the Trust zone view of the USG series firewall, after configuring add interface Gigabiethernet0/0/1,
Gigabiethernet0/0/1 no longer belongs to the Local zone.
A. True
B. False
Answer: B

212. Which command is used to apply the flow strategy on the AR router interface?
A. traffic-policy p1 inbound
B. traffic classifier p1 inbound
C. traffic behavior p1 inbound
D. services-policy p1 inbound
Answer: A

213. Packet loss only occurs at the sender of the message.


A. True
B. False
Answer: B

214. In the MPLS forwarding process, which description of the Ingress node forwarding is correct?
(Multiple choice)
A. After receiving the data packet, the ingress node will first check the ILM table to find Tunnel D
B. Find the corresponding NHLFE entry according to the Tunnel ID of the ILM table, and associate the
LFIB entry with the NHLFE entry
C. Check the NHLFE entry, you can get the outgoing interface, startled, out the label and label operation
type, the label operation type is PUSH
D. Press the obtained label into the IP packet, and process EXP according to the Qos strategy, and TTL at
the same time, and then send the MPLS packet with the encapsulation number to surprise
Answer: CD

215. Regarding the description of the eSight physical topology monitoring function, which of the following
is correct? (Multiple choice)
A. Graphically display the layout and status of network elements, subnets and links
B. Accurately visually monitor the operation status of the entire network
C. Systematic display of the network structure of the entire network and the business relationship
between network entities
D. Entrance to the entire network monitoring to achieve efficient operation and maintenance for
customers
Answer: ABCD

216. What queuing technology is used to implement the Best-Effort Service model?
A. FIFO
B. WFQ
C. PQ

43 / 91
The safer , easier way to help you pass any IT exams.

D. LQ
Answer: A

217. Assuming that there are four traffic a.b.c.d of 50M respectively, the total port bandwidth is 100M,
traffic congestion occurs, and congestion management is performed on it.
Among them, traffic a belongs to PQ queue scheduling; traffic b.c.d belongs to WFQ queue scheduling,
with a weight ratio of 1:2:2, then the description of the scheduling results for the four types of traffic, which
is wrong? (Multiple choice)
A. Flow a through 100m
B. Flow a through 50m
C. Flow b through 10m, flow c, d through 20m respectively
D. Flow b through 25m, flow c, d through 12.5m respectively
Answer: AD

218. With which protocol modules can BFD detection be linked? (Multiple choice)
A. VRRP
B. OSPF
C. BFP
D. Static routing
Answer: ABCD

219. The description of the configuration on this switch, which is correct? (Multiple choice)
A. By default, both DHCP server and DHCP delay must be enabled for DHCP service
B. The VLANf100 interface will send the received DHCP message to the external DHCP server through
the relay
C. Specify the DHCP server group as a DHCP group for the vlanf100 interface
D. First, you need to create DHCP server group and add DHCP server to the server group
E. By default, dhcpgroup1 will automatically add the dhcp server in the network
Answer: ABCD

220. MPLS technology uses labels instead of ip forwarding. When MPAS runs on Ethernet, which
encapsulation mode does it use?
A. Package mode
B. Frame mode
C. Transmission mode
D. Channel mode
E. Channel mode
Answer: B

221. SDN and NFV are essentially a concept, both about the description of network function virtualization
A. True
B. False
Answer: B

44 / 91
The safer , easier way to help you pass any IT exams.

222. Assuming that the outbound port traffic is congested, message A and message B are buffered in their
respective queues, message B belongs to the PQ queue, and message A belongs to the WFQ queue.
Then which kind of message will be dispatched first?
A. Message A takes precedence
B. Message B takes precedence
C. Go out at the same time
D. All are discarded
Answer: B

223. The following description of the MPLS forwarding process, which is wrong?
A. In MPLS, if the LSP fails to forward data, the MPLS control plane responsible for establishing the LSP
can detect this error
B. The main function of MPLS forwarding is to add and delete labels to IP packets, and at the same time
forward the received packets according to the label forwarding table
C. When IP packets enter the MPLS network, the LER at the MPLS entry will analyze the content of the IP
packets and add appropriate labels to these IP packets
D. MPLS can still use PING or Tranceroute to find LSP errors and locate the failed node in time
Answer: A

224. In a stateful inspection firewall, when the stateful inspection mechanism is turned on, when the
second packet (SYN+ACK) of the three-way handshake arrives at the firewall, if there is no corresponding
session table on the firewall, which is correct?
A. If the firewall security policy allows packets to pass, the packets can pass through the firewall
B. If the firewall security policy allows packets to pass, create a session table
C. In the default state, after the state function is turned off, and the permission policy is configured then
can pass
D. The message must pass through the firewall and establish a session table
Answer: C

225. Which of the following description about the terminal security management characteristics of AGILE
CONTROLLER is correct? (Multiple choice)
A. One-click repair, reducing terminal management and maintenance costs
B. Only standard software is allowed to be installed to realize desktop office standardization
C. Control the way of terminal leakage, through access control to ensure that the terminal is forced to
install the client and meet the security requirements
D. Prohibit the installation of non-standard software to reduce the risk of virus infection
Answer: ABCD

226. A VRRP virtual router can only have a virtual IP address.


A. TRUE
B. FALSE
Answer: B

227. During the establishment of an LDP session, the active party will first send initialization information

45 / 91
The safer , easier way to help you pass any IT exams.

for parameter negotiation. If the passive party does not accept the negotiation parameters, what will it
send?
A. Error Notificationg Message
B. Hello Keepalive
C. Message
D. Initialization
Answer: A

228. In the security assistance of the Agile controller, which of the following description of the security
linkage component is correct? (Multiple choice)
A. The log reporting equipment is the network equipment deployed in the network, security equipment,
policy servers, third-party systems, etc., which are mainly responsible for providing network information
and security logs
B. The client device is the generator of network information and security logs
C. The linkage strategy enforcement equipment is borne by the switch, which is mainly responsible for the
security response of the linkage part of the equipment after the safety time occurs. It is the equipment that
implements the blocking or diversion strategy.
D. The security assistance component of the Agile Controller is responsible for log collection, processing,
event correlation, security situation displays, and security response
Answer: ACD

229. The online user status check function in eSight can check whether there are unauthorized users to
improve the security monitoring capabilities of the network management.
A. TRUE
B. FALSE
Answer: A

230. Mirroring requires that the data collected are real-time, true, and reliable.
A. TRUE
B. FALSE
Answer: A

231. For eSight network management to be able to receive and manage the alarms reported by the
device, what conditions need to be met? (Multiple choice)
A. The device is managed by the network management
B. The correct Trap parameters are configured on the device side
C. The managed device on the network management should be configured with the correct SNMP
protocol and parameters
D. Network management and equipment must be connected
Answer: ABCD

232. In an MPLS network, there are different types of operations for labels, among which the meaning of
the "pop" action is ____.
A. Remove the top label from the MPLS label stack

46 / 91
The safer , easier way to help you pass any IT exams.

B. Add the top label to the MPLS label stack


C. Replace the top label with another value
D. Replace the top label with another set of labels
Answer: A

233. Which of the following statements about ASPE and Servermap are correct? (Multiple choice)
A. ASPF checks application layer protocol information and monitors the connected application layer
protocol status
B. ASPF dynamically generates ACLs to determine whether packets pass through the firewall
C. Configure the static server-map generated by the NAT server
D. The servermap table uses a five-tuple to represent a session
Answer: AC

234. Which of the following statements is wrong?


A. LSP is divided into static LSP and dynamic LSP. The static LSP is manually configured by the
administrator, and the dynamic LSP is dynamically established using the routing protocol and the label
distribution protocol
B. The principle to be followed for manual label allocation is: the value of the outgoing label of the
upstream node is the value of the incoming label of the downstream node
C. The LSP established by statically assigning labels can also be dynamically adjusted according to
network topology changes, without the intervention of the administrator
D. Dynamic LSP is dynamically established through label distribution protocols, such as MP-BGP,
RSVP-TE, LDP
Answer: C

235. DHCP snooping is a security feature of DHCP. Regarding DHCP snooping, which of the following
description is wrong?
A. DHCP snooping binding table is divided into dynamic binding table and static binding table
B. DHCP snooping distinguishes between trusted ports and untrusted ports. For untrusted ports, DHCP
reply messages are not processed
C. The static binding table is manually entered at the ingress port of the message, or the aging time of the
table entry can be manually set
D. When DHCP snooping is applied on the second layer, the interface information required by the binding
table can be obtained without setting the option 82 function
Answer: C

236. When congestion occurs, which indicators of QOS are usually affected? (Multiple choice)
A. Transmission delay
B. Transmission jitter
C. Transmission bandwidth
D. Transmission distance
Answer: ABC

237. MPLS is based on two different planes to realize data forwarding. Regarding the description in the

47 / 91
The safer , easier way to help you pass any IT exams.

forwarding mechanism, which of the following are correct? (Multiple choice)


A. When an IF packet enters the MPLS domain, the FIB table is the first to be checked
B. The system automatically assigns an ID to the upper application that uses the tunnel, also known as
TUNNEL ID
C. If the tunnel ID value is 0x0, enter the MPLS forwarding process
D. If the tunnel ID value is not 0x0, enter the normal IP forwarding process
Answer: AB

238. Which of the following are the security zones provided by Huawei firewall by default? (Multiple
choice)
A. local area
B. trust area
C. untrust area
D. security area
Answer: ABC

239. Which of the following description belong to the process of establishing an LSP using the
downstream independent label distribution method and the ordered label control method? (Multiple
choice)
A. The edge node finds that there is a new destination address that does not belong to any existing FEC
in its routing table, and it will not create a new FEC corresponding to it.
B. The establishment process of LSP is actually to bind FEC and label, and advertise this binding to the
adjacent LSR on the LSP
C. If the egress node has a label available for allocation, it will allocate a label for the FEC and actively
send a label mapping message to the upstream.
D. When the node LSR receives the label mapping message, it needs to add a corresponding entry in the
label forwarding table
Answer: BCD

240. In the alarm management interface of .e Sight, when an alarm has a green background, it means
that the alarm has been confirmed.
A. TRUE
B. FALSE
Answer: B

241. For different application scenarios, the DHCP server has different address allocation methods. When
assigning addresses to a host that is temporarily connected to the network, or sharing a limited set of IP in
a group of hosts that do not need a permanent IP address When addressing, which of the following
address allocation methods should be used by the DHCP server?
A. Automatic allocation method
B. Dynamic allocation method
C. Manual distribution method
D. Both manual and dynamic allocation are possible
Answer: B

48 / 91
The safer , easier way to help you pass any IT exams.

242. In the SDN network architecture, which of the following is used to calculate the path and issue the
flow table?
A. Application Service
B. Controller
C. Coordinator
D. Equipment
Answer: B

243. In an operator's MPLS VPN network, there are two devices, PE1 and PE2, for MPLS VPN data
forwarding. PE1 receives a 172.16.1.0/4 private network route from the client, and converts it to VPN4 on
PE1. The routing and distribution label is 1027 and sent to PE 2, and the label distributed by PE2 to PE1
is 1025. When the client on PE2 accesses the route, the data is also forwarded on the carrier network.
Which combination of the following options is the inner and outer label?
A. Outer label, 1027; inner label: 1025
B. Outer label, 1025; inner label: 1025
C. Outer label, 1027; inner label: 1027
D. Outer label, 1025; inner label: 1027
Answer: D

244. For data with AF DSCP marks, they should be given a certain amount of guaranteed bandwidth. If
there is unused bandwidth, they cannot occupy these additional bandwidths.
A. TRUE
B. FALSE
Answer: B

245. Among the following values of IP precedence, which is the one representing Immediate business
traffic?
A. 0
B. 2
C. 5
D. 6
Answer: C

246. The proxy firewall works at the transport layer of the TCP/IP protocol stack, and its essence is to act
as a proxy to handle the business between the internal network and the external network users.
A. TRUE
B. FALSE
Answer: B

247. What is the multicast destination address of VRRP packets?


A. 224.0.0.18
B. 224.0.0.20
C. 224.0.1.18

49 / 91
The safer , easier way to help you pass any IT exams.

D. 224.0.1.20
Answer: A

248. The traditional congestion avoidance mechanism is tail-drop. Its disadvantages do not include ____.
A. TCP global synchronization
B. High jitter and high latency
C. High cost
D. Discard indiscriminately, without distinguishing between packets with different priorities
Answer: C

249. Which of the following statement about the diff-serv service model in qos is wrong?
A. It requires signaling, that is, the application does not need to notify the router before sending a
message, and the network does not need to maintain the state for each flow.
B. It can use different methods to specify the qos of the message, such as the ip precedence bit (ip
precedence), the source address and destination address of the message, etc.
C. It is generally used to provide end-to-end qos guarantee for some important applications
D. It can be achieved through technologies such as CAR or queuing
Answer: A

250. Different message types in DHCP realize different functions, among which the role of DHCP OFFER
message is ___.
A. Broadcast by the client to find available servers
B. The server responds to the client's DHCP DISCOVER message and specifies the configuration
parameters of the response
C. A client sends to the server to request configuration parameters or request configuration confirmation
or lease renewal
D. There is a server sent to the client, and the configuration parameters in the message include
information such as IP address
Answer: B

251. Which of the following belong to the visitor lifecycle management links of the Agile controller?
(Multiple choice)
A. Account registration
B. Account approval and distribution
C. Account Verification
D. Account audit and cancellation
Answer: ABCD

252. The central content of congestion management is to determine the order of data packet processing
by customizing the scheduling strategy.
A. TRUE
B. FALSE
Answer: A

50 / 91
The safer , easier way to help you pass any IT exams.

253. The session-based state detection firewall has different processing procedures for the first packet
and subsequent packets. Which of the following description are correct? (Multiple choice)
A. When a packet arrives at the firewall, it will look up the session table. If there is no match, the firewall
will process the first packet
B. When the packet arrives at the firewall, it will look up the session table. If it matches, the firewall will
proceed with the subsequent packet processing flow.
C. When the state inspection mechanism is turned on, only SYN packets can establish a session when
firewall TCP packets
D. When the status check mechanism is turned on, the follow-up and other security policy checks are
required
Answer: ABC

254. Regarding the description of the traditional IP network when forwarding data, which of the following
is correct? (Multiple choice)
A. Traditional IP forwarding is based on connection, and the efficiency is relatively low
B. Traditional IP network calculates the optimal path based on IGP METRIC
C. All routers in a traditional IP network need to know the route or default route of the entire network
D. Traditional IP forwarding uses hop-by-hop transmission
E. Traditional IP network cannot provide good qos guarantee
Answer: BCD

255. Which of the following mirroring methods does Huawei S series switches support? (Multiple choice)
A. Local port mirroring
B. Remote port mirroring
C. Global Mirror
D. Stream mirroring
Answer: ACD

256. MPLS network can use different ways to publish labels.

As shown in the figure, DU is used to advertise labels between SWB and SWA, and SWA is used as the
upstream switch, then____. (Multiple choice)
A. SWA does not request a label from SWB, SWE still sends label mapping information to SWA
B. SWA does not request a label from SWB, and SWE will not send label mapping information to SWA

51 / 91
The safer , easier way to help you pass any IT exams.

C. SWA does not request a label from SWB, SWE still sends label mapping information to SWB
D. SWA does not request a label from SWB, and SWE will not send label mapping information to SWB
Answer: AD

257. Information security technology issues are mainly technical issues. Only through the introduction of
the latest technology and the deployment of the highest performance equipment, and then the security
work can be done well.
A. TRUE
B. FALSE
Answer: B

258. While adopting QOS in the network to improve the service quality of certain types of business, it will
definitely damage the service quality of other businesses.
A. TRUE
B. FALSE
Answer: A

259. Which of the following is the configuration commands for the linkage between VRRP and BFD?
A. vrrp vrid 1 track bfd-session session-name 1 reduced 100
B. bfd-sesssion vrrp vrid 1 track session-name 1 reduced 100
C. track vrrp vrid 1 bfd-session session-name 1 reduced 100
D. VRRP vrid 1 track bfd-session-name 1 reduced 100
Answer: A

260. Which of the following description of the relationship between delay and jitter is correct?
A. The magnitude of jitter is directly related to the magnitude of delay
B. Jitter is caused by the unequal end-to-end delay of data packets belonging to different streams
C. The larger the delay, the smaller the jitter range, and the smaller the delay, the larger the possible jitter
range.
D. The magnitude of jitter is not related to the magnitude of delay.
Answer: A

261. In the MPLS network, the switch assigns labels. Regarding the mode of label distribution, which of
the following is correct?
A. The downstream LSR can determine the label assignment to a specific FEC, and then notify the
upstream LSR
B. Downstream on-demand DOD means that for a specific FEC, the LSR does not need to request a
message from the upstream active label to perform label allocation and distribution.
C. The downstream allocation method means that for a specific FEC, the label allocation and distribution
can only be performed after the LSR obtains the label request message.
D. The label distribution mode of the upstream LSR and the downstream LSR with a label distribution
adjacency relationship may be inconsistent
Answer: A

52 / 91
The safer , easier way to help you pass any IT exams.

262. The end-to-end delay is equal to the sum of all processing delays and queue delays on the path.
A. TRUE
B. FALSE
Answer: B

263. Which of the following description of "message marking" is incorrect?


A. The QoS information field of the message can be marked
B. DSCP and IP Precedence information of IP packets can be marked
C. The 802.1P information of VLAN packets can be tagged
D. The MAC of the message can be marked
Answer: D

264. BFD is just a universal fast detection technology, which can realize fast switching function by itself,
and it is not necessary to use it with other fast switching technologies.
A. TRUE
B. FALSE
Answer: B

265. There are different ways to use LDP to distribute labels in MPLS. Which of the following statement
about the LDP label distribution control method is wrong? (Multiple choice)
A. LDP label control can be marked in an orderly manner.
B. In an orderly manner, when the LSR is the originating node of the router, the LSR does not need to wait
for the next-hop label mapping to be sent upstream.
C. LDP label control cannot be marked independently
D. In an independent manner, the LSR can send out a label mapping to the upstream, and must wait for a
label mapping message from the next hop of the LSR
Answer: CD

266. When configuring the RADLUS server template on a Huawei switch, which of the following is the
optional configuration parameters?
A. Authentication server address and port
B. RADLUS automatically detects users
C. Accounting server address and port
D. shared-key
Answer: B

267. In the label forwarding table of the running MPLS device, for the same route, the incoming label and
outgoing label ___.
A. Must be different
B. Must be the same
C. May be the same
Answer: C

268. In the label forwarding table of the running MPLS device, for different routers (the next hop is also

53 / 91
The safer , easier way to help you pass any IT exams.

different), the outgoing label ___.


A. Must be different
B. Must be the same
C. May be the same
Answer: A

269. LDP neighbor discovery has different implementation mechanisms and fixes. Which of the following
description of LDP neighbor discovery is wrong?
A. LDP discovery mechanism does not include LDP basic discovery mechanism and LDP extended
discovery mechanism
B. LDP basic discovery mechanism can automatically discover LDP Peers directly connected on the
same link
C. LDP extended discovery mechanism can discover non-directly connected LDP Peerds
D. All LDP discovery mechanisms need to clearly specify the LDP Peer
Answer: D

270. The bandwidth determines the data transmission rate, and the maximum transmission bandwidth is
determined by the minimum link bandwidth on the transmission path.
A. TRUE
B. FALSE
Answer: A

271. Which of the following is commonly used QOS technology for congestion avoidance?
A. GTS
B. LR
C. Car
D. WRED
Answer: D

272. In the alarm management function of esight, which of the following four types are the alarm levels
divided into?
A. Urgent, minor, general, reminder
B. Urgent, important, major, reminder
C. Urgent, important, warning, reminder
D. Urgent, important, minor, reminder
Answer: D

273. Which of the following is the default interval for sending BFD detection packets?
A. 5S
B. 100ms
C. 1000ms
D. 10s
Answer: C

54 / 91
The safer , easier way to help you pass any IT exams.

274. Which of the following are the three basic characteristics of SDN's network architecture?
A. Separation of control, centralized control, open interface
B. Separation of control, decentralized control, open interface
C. Centralized transfer control, centralized control, open interface
D. Separate transfer and control, centralized control, closed interface
Answer: A

275. Different virtual machines can use the VTEP tunnel established by vswitch to communicate with
VXLAN. Then the communication process of VXLAN is:
1. The ARP broadcast sent by the VTEP source VM is encapsulated as a multicast leopard and sent to
the L3 network,
2. After receiving the multicast packet, the VTEP learns the mapping relationship between the source VM
and the source VTEP, and forwards the multicast packet to the local VM
3. The VM makes a unicast response.
4. VTEP encapsulates the Vxian tunnel, and establishes a mapping table to seal the final unicast to the
source VTEP
5. VTEP received should establish the mapping relationship between target VM and target VTEP, remove
the tunnel forwarding source VM
6. The VM and the target carry out unicast message communication through the tunnel.
A. 1-3-2-4-6-5
B. 3-5-2 -4-1-3
C. 1-2 3-4-5-6
D. 1-5-6-4-3-2
Answer: C

276. When configuring MPLS VPN, the administrator configured the following commands. Which of the
following description of the command is wrong?
interface GigabitEthernet0/0/0
ip binding vpn-instance VPN1
#
interface GigabitEetelnet0/0/1
ip binding vol-instance VPN2
A. This configuration command is usually configured on the PE device
B. The function of this command is to bind the GO/0/1 and GO/0/2 interfaces on the PE device with the
VPN instance assigned to the customer network
C. After the interface on the device is bound with the VPN instance, the interface will become a private
network interface, and the private network address can be configured and the private network routing
protocol can be run.
D. If cancel the binding of the interface and the VPN instance, the device will not automatically clear the
IPV4 or IPV6 related configuration under the interface bound to the VPN instance.
Answer: D

277. In the process of LDP session establishment, in order to establish TCP, which party initiates the
initialization message?

55 / 91
The safer , easier way to help you pass any IT exams.

A. The party with the smaller transfer address


B. The party with the smaller router-id
C. The party with the larger router-id
D. The party with the larger transfer address
Answer: D

278. A TCP connection needs to be established before the LDP session is established, and the active and
passive parties will be selected before the connection. In the network shown in the figure, which device
will become the active party initiated by the TCP?

A. If the Hello Message carries a Transport Address, the smallest Transport Address becomes the active
party.
B. If the Hello Message does not carry the Transport Address, SWB will become the active party.
C. If the Hello Message does not carry the Transport Address, SWA will become the active party.
D. If the Hello Message carries a Transport Address, the one with the larger Transport Address will
become the active party.
Answer: D

279. The main feature of Overlay VPN is that the customer's routing protocol is always exchanged
between the customer's equipment, and the service provider knows nothing about the customer's internal
structure.
A. TRUE
B. FALSE
Answer: A

280. Under the trend of mobilization, which of the following are the new requirements that the enterprises
put forward to traditional networks? (Multiple choice)
A. Unified wired and wireless management
B. Consistent business experience anytime, anywhere
C. Strict hierarchical networking
D. Support rapid deployment of mobile applications
Answer: ABD

281. Which of the following do not belong to the default roles created by Huawei eSight?
A. Administrator
B. Monitor
C. End-User
D. Operator
Answer: C

56 / 91
The safer , easier way to help you pass any IT exams.

282. Which of the following are the advantages of PQ+WFQ? (Multiple choice)
A. Realize bandwidth allocation by weight
B. It can ensure that low-latency services are dispatched in time
C. Realize the demand for flexible classification of messages according to user definitions
D. Do not treat packets with different priorities differently
Answer: AB

283. The NAT Server function maps a public IP address to the server's private IP address, which is a way
to translate the destination IP address of the message.
A. TRUE
B. FALSE
Answer: A

284. Which of the following statements about Regarding ASPF and Server-map are correct? (Multiple
choice)
A. After the channel is established, the message is still forwarded according to the Server-map.
B. Only ASPF will generate Server-map table
C. The Server-map table entry will be deleted after a certain aging time because there has been no
packet matching. This mechanism ensures that the looser channel of Server-map entries can be deleted
in time, ensuring network security. When a new data connection is subsequently initiated, the
establishment of Server-map entries will be triggered again.
D. Server-map can usually only be used to check the first message, and the message after the channel is
established is still forwarded according to the session table.
Answer: CD

285. Which of the following are the working modes under the firewall interface? (Multiple choice)
A. Exchange mode
B. Routing mode
C. Transmission mode
D. Transparent mode
Answer: BD

286. By default, the VRRP of Huawei AR routers runs in preemptive mode.


A. TRUE
B. FALSE
Answer: A

287. Regarding the description of VRRP load sharing, which of the following is correct? (Multiple choice)
A. Load sharing method refers to the establishment of two or more backup groups, and multiple routers
carry services at the same time.
B. Load sharing means that multiple routers undertake services at the same time. Therefore, the load
sharing method requires two or more virtual routers.
C. When configuring priorities, the VRRP masters of the three virtual routers can be on different routers.
D. Multiple virtual routers can be created on one interface of the router, so that the router can be used as

57 / 91
The safer , easier way to help you pass any IT exams.

a master router in one virtual router, and at the same time as a backup router in other virtual routers.
Answer: ABCD

288. The routing protocol can detect the fault through the Hello message, so BFD is not required.
A. TRUE
B. FALSE
Answer: B

289. The BFD single-arm echo function can be used for two devices that are not directly connected.
A. TRUE
B. FALSE
Answer: A

290. If two devices are connected, and one of the devices supports the BFD detection function, but the
other device does not support the BFD detection function, which feature of BFD can the device that
supports the BFD detection function use to realize the link connectivity detection?
A. Quick handshake
B. Interface status linkage
C. Two-way detection
D. One-arm echo
Answer: D

291. VXLAN adopts the Mac in TCP encapsulation method to encapsulate the Layer 2 message with the
Layer 3 protocol.
A. TRUE
B. FALSE
Answer: B

292. The central content of congestion management is to determine the sequence of data packet
processing by formulating scheduling strategies.
A. TRUE
B. FALSE
Answer: A

293. The Integrated Service model releases bandwidth resources when there is no traffic, and the
resource utilization is high.
A. TRUE
B. FALSE
Answer: B

294. The path that an IP packet traverses in the MPLS network is called LSP (Label Swithed Path). This
path is determined and established through various protocols before the packet is forwarded. The packet
will be passed on a specific LSP.
A. TRUE

58 / 91
The safer , easier way to help you pass any IT exams.

B. FALSE
Answer: A

295. LDP's Discovery message is used for neighbor discovery, and LDP has different discovery
mechanisms when discovering neighbors, so which of the following statement about Discovery message
in the basic discovery mechanism is correct? (Multiple choice)
A. This message is encapsulated in a UDP message, and the destination port number is 646
B. The message is sent to the designated LDP Peer
C. The destination IP address of the message is the multicast IP address 224.0.0.2
D. After the TCP connection is established, the LSR does not continue to send Hello Message
Answer: AB

296. BFD can only be used in conjunction with the protocol modules of the network layer and the data link
layer.
A. TRUE
B. FALSE
Answer: B

297. Which of the following description of VRRP is wrong?


A. When two routers with the same priority compete for the Master at the same time, compare the size of
the interface IP address, and the one with the larger interface address is elected as the Master.
B. VRRP determines the status of each router in the virtual router based on priority.
C. If the Backup router works in non-preemptive mode, as long as the Master router does not fail, the
Backup router will not become the Master router even if it is subsequently configured with a higher priority.
D. If the Master already exists, Backup will also preempt.
Answer: D

298. Regarding the description of VRRP fast switching, which of the following is wrong?
A. When the VRRP backup group monitors ordinary BFD, when the BFD status changes, it will modify the
priority of the backup group to change the active and standby status. When the monitored BFD session
status is restored, the priority of the router in the backup group will be restored to original value
B. If configure and monitor multiple BFDs at the same time. Then the various configurations are related to
each other and may have an impact
C. Use VRRP to monitor the BFD session or EFM function. After the BFD session or EFM session status
changes, the VRRP module will be notified to achieve rapid VRRP switching
D. A VRRP backup group cannot monitor Peer BFD, Link BFD and Normal BFD at the same time
Answer: B

299. In the esight subnet, the resources that can be managed, which of the following descriptions are
correct? (Multiple choice)
A. Link
B. Equipment
C. Subnet
D. It is not possible to nest other subnets under the subnet

59 / 91
The safer , easier way to help you pass any IT exams.

Answer: ABC

300. Regarding the PC to obtain an address from the DHCP Server, which of the following description
about the command used is correct? (Multiple choice)
A. Use the ipconfig/release command in the Windows 7/windows XP environment of the user's PC to
actively release the IP address. At this time, the user's PC sends a DHCPRELEASE message to the
DHCP server.
B. In the Windows 7/windows XP environment of the user's PC, use the ipconfig/renew command to apply
for a new 1P address. At this time, the PC is used to send a DHCP RENEW message to the DHCP server.
C. Use the ipconfig/renew command to apply for a new 1P address in the Windows 7/windows XP
environment of the user's PC. At this time, the user's PC sends a DHCPDISCOVER message to the
DHCP server.
D. Use the ipconfig/release command in the windows 7/windows XP environment of the user's PC to
actively release the IP address. At this time, the user's PC sends a DHCPREQUEST message to the
DHCP server.
Answer: AC

301. LDP has two different mechanisms for discovering peers. Which of the following description is
correct? (Multiple choice)
A. The extended discovery mechanism is that the LSR periodically sends Hello messages to the specified
address to discover LDP peers
B. The two mechanisms are the basic discovery mechanism and the extended discovery mechanism
C. The basic discovery mechanism is to discover LDP peers by periodically sending Hello messages
D. The extended discovery mechanism is used to discover non-directly connected LSRs on the link
E. The basic discovery mechanism is used to discover directly connected LSRs on the link
Answer: ABCDE

302. Which of the following is the command to configure the listening address of the SDN controller?
A. sdn controller souce-address 1.1.1.1
B. openflow listening-ip 1.1.1.1
C. controller-ip1.1.1.1
D. sdn listening-ip 1.1.1.1
Answer: B

303. In addition to Advertisement messages, VRRP message types also include Hello messages for the
election of Mater and Backup.
A. TRUE
B. FALSE
Answer: B

304. In the SDN network architecture, what is used to calculate the path and issue the flow table?
A. Application Service
B. Controller
C. Equipment

60 / 91
The safer , easier way to help you pass any IT exams.

D. Coordinator
Answer: B

305. The configuration on the PE device is as follows, which of the following description of the
configuration command is correct?
bgp 500
peer 5.5.5.5 as-number 500
peer5.5.5.5 connect-interface LoopBacko
#
ipv4-family vpnv4
peer 5.5.5.5 enable
#
ipv4-family vpn-instance VPNI”
peer 10.1.13.1 as-number 100
#
ipt4-family vpn-instance VPX2
peer 10.1.23.2 as-number 200
A. The local PE device uses a direct connection port to establish a BGP neighbor relationship with the
peer PE
B. The peer PE is in AS 500 and has an EBGP neighbor relationship with the local PE
C. PE is connected to the CE equipment of two customer networks, one is set to VPN1, the other is set to
VPN3
D. The two VPN clients connected to the PE end use the BGP protocol to exchange routes with the PE.
Answer: D

306. Intranet users of a certain company use NAT's No-pat method to access the Internet. If all public IP
addresses are used, what will happen to intranet users who subsequently go online?
A. Automatically switch NAT to PAT and then surf the Internet
B. Subsequent intranet users will not be able to access the Internet
C. Synchronize packets to other NAT translation devices for NAT translation
D. Squeeze out the previous user and force NAT conversion to access the Internet
Answer: B

307. The simple flow classification in QoS technology refers to the use of simple rules, such as the DSCP
value in the IP message, the EXP value in the MPLS message, and the 802.1p value in the Vlan message
header to simply divide the message.
A. TRUE
B. FALSE
Answer: A

308. Which of the following description on the characteristics of Agile Controller's terminal security
management is correct? (Multiple choice)
A. If the terminal does not comply with the corporate security strategy, the user often wants to provide an
automatic repair function. Now the automatic repair of the non-compliant state is fully realized. The user

61 / 91
The safer , easier way to help you pass any IT exams.

only needs to click the mouse to achieve a one-key repair in the shortest time.
B. Through the MC management center, you can centrally configure and distribute policies to the
lower-level terminal security management server
C. Can control illegal web access
D. The terminal security client checks the terminal according to the assigned security policy. After the
check is passed, the server can notify the access control device to open the network authority to the
terminal. If the check fails, the terminal can be isolated and repaired.
Answer: ABCD

309. Which of the following description of the buffer overflow attack is wrong?
A. Buffer overflow attacks are the most common method of attacking software systems
B. Buffer overflow attacks have nothing to do with operating system vulnerabilities and architecture
C. Buffer overflow attacks are application layer attacks
D. Buffer overflow attack is the use of software system's flaws in memory operations to run attack codes
with high operating privileges
Answer: B

310. In MPLS VPN, regarding the relationship between VPN, Site, and VPN instance, which of the
following description is correct?
A. VPN instance and VPN are one-to-one Corresponding relationship
B. There is a one-to-one correspondence between VPN instances and Sites
C. A site can only belong to one VPN
D. VPN instance and VPN routing and forwarding table VRF (VPN Routing and Forwarding table) are
different concepts.
Answer: B

311. The hardware detection mechanism in the SDH transmission network can quickly find faults and is
applicable to all media.
A. TRUE
B. FALSE
Answer: B

312. What is the difference between traffic monitoring and traffic shaping? (Multiple choice)
A. Traffic shaping colors packets
B. Traffic policing colors packets
C. Traffic shaping introduces delay and jitter, and requires more buffer resources to buffer packets
D. Traffic policing introduces delay and jitter, and requires more buffer resources to buffer packets
Answer: BC

313. As shown in the figure, it is the LDP session establishment process. After the TCP connection is
established, the SWB will become the active party to start parameter negotiation and establish an LDP
session.

62 / 91
The safer , easier way to help you pass any IT exams.

Which of the following steps are the correct order?


A. 2-1-3-4
B. 2-1-4-3
C. 1-3-2-4
D. 1-2-3-4
Answer: D

314. The packet filtering firewall has () problems, so a stateful firewall is proposed. (Multiple choice)
A. Unable to detect certain attacks from the transport layer and application layer (such as TCP SYN, Java
Applets, etc.)
B. For multi-channel application layer protocols (such as FTP, SIP, etc.), some security policy
configurations cannot be predicted
C. For TCP connections, the first packet is required to be a SYN packet, and the first TCP packet that is
not a SYN packet will be discarded
D. Unable to identify the forged ICMP error messages from the network, so that ICMP malicious attacks
cannot be avoided
Answer: AB

315. Which of the following deployment methods can Agile Controller have? (Multiple choice)
A. Hierarchical deployment, the management center is deployed in the headquarters, and the business
manager is deployed in the branch.
B. Centralized deployment. The server components of the Agile Controller-Campus are deployed in a

63 / 91
The safer , easier way to help you pass any IT exams.

relatively centralized location, usually the enterprise data center.


C. Distributed deployment. The business manager and database server are deployed in the headquarters,
while the business controller is deployed in the branch.
D. Distributed deployment. The business manager and database server are deployed in the branch, and
the business controller is deployed in the headquarters.
Answer: BC

316. Both the firewall and the switch can realize the function of security protection, the switch focuses on
(), and the firewall focuses on ().
A. Forwarding, control
B. Connectivity, forwarding
C. Control, forwarding
D. Forwarding, connectivity
Answer: A

317. A 3-bit PRI field is included in the 802.1Q header. The PRI field defines 8 types of service priority
CoS, and the values are 0, 1, 2, ..., 6, and 7 in the order of priority from high to low.
A. TRUE
B. FALSE
Answer: B

318. Which of the following descriptions about Huawei eSight network management software is correct?
(Multiple choice)
A. If the password of the admin user is lost, the default password can only be restored by reinstalling
eSight
B. eSight supports hierarchical management. In the hierarchical deployment mode, the upper-level
network administrator can add the lower-level network management to the system and provide a link to
open the lower-level network management interface.
C. The eSight application platform supports integration with the upper-level OSS system, and realizes
network alarm reporting through SNMP, and connects with the OSS alarm system.
D. The password of the admin user is lost. You can reset the password by dialing 400.
Answer: BC

319. Port mirroring is divided into local port mirroring and remote port mirroring according to the location
of the monitoring equipment in the network.
A. TRUE
B. FALSE
Answer: A

320. Which of the following belong to the delivery process of MPLS VPN routing? (Multiple choice)
A. The process of MP-BGP route injection into VRF
B. Routing exchange between CE and PE
C. The distribution process of the public network label
D. Process of VRF route injection into MP-BGP

64 / 91
The safer , easier way to help you pass any IT exams.

Answer: ABD

321. With the development of ASIC technology, MPLS no longer has obvious advantages in improving
forwarding speed, but due to which of the following reasons, MPLS is still widely used? (Multiple choice)
A. MPLS combines the powerful Layer 3 routing function of the IP network with the efficient forwarding
mechanism of the traditional Layer 2 network.
B. MPLS supports multi-layer labels and is connection-oriented.
C. TE (Traffic Engineering), VPN (Virtual Private Network), Qos (Quality of Service) and other applications
provide better solutions.
D. MPLS is not easy to achieve seamless integration of IP, ATM, frame relay and other Layer 2 networks.
Answer: ABC

322. Which of the following description of the Agile Controller campus network access control deployment
plan is incorrect?
A. Enable the 802.1X function on the access layer switch/aggregation layer switch or AC, and control
permissions through VLAN, ACL, UCL (agile switch support)
B. The authentication domain is divided into pre-authentication domain, isolation domain and
post-authentication domain
C. Combining the user's identity, the type of terminal used, the current access location, access time and
other matching conditions to implement access strategies for devices between different departments
D. The terminal can provide user name and password interface
Answer: D

323. The information security system is the interaction of (), () and ().
A. Equipment
B. Technology
C. Personnel
D. Management
Answer: BCD

324. Why can it be said that the QoS of the network can be improved by increasing the link bandwidth
capacity? (Multiple choice)
A. The increase in link bandwidth can support higher traffic
B. The increase in link bandwidth reduces the probability of congestion, thereby reducing the number of
lost packets
C. The increase in link bandwidth means smaller delay and jitter
D. The increase in link bandwidth can increase the available bandwidth of the control protocol
Answer: ABCD

325. Regarding the difference between GTS, LR and CAR, which of the following descriptions is correct?
(Multiple choice)
A. When performing packet flow control, LR discards packets that exceed the flow limit.
B. When performing packet flow control, CAR discards packets that exceed the flow limit.
C. In the process of message flow control, LR can not only buffer the messages that exceed the flow limit,

65 / 91
The safer , easier way to help you pass any IT exams.

but also make the messages enter the oos queue for processing.
D. When performing message flow control, CTs buffers the messages that exceed the flow limit in the
GTS queue.
Answer: BCD

326. What are the common queue scheduling technologies?


A. CIR
B. FIFO
C. PQ
D. WFQ
E. WRR
Answer: BCDE

327. By viewing DHCP configuration information and message statistics, you can view the operating
status of the device and the count of received and sent DHCP messages to facilitate problem location
during routine maintenance.
Which of the following commands can be used to look up DHCP messages? (Multiple choice)
A. display dhcp relay statistics
B. display dhcp
C. display dhcp statistics
D. display dhcp server statistics
Answer: AD

328. Which of the following description of MPLS is wrong? (Multiple choice)


A. The corresponding network connection must be established before transmitting packets with IPLS tags
B. The router can aggregate multiple IP streams together according to the forwarding target to form a
forwarding equivalence class (FEC)
C. MPLS supports various network layer protocols, and packets with MPLS labels must be encapsulated
in frames for transmission
D. MPLS replaces IP forwarding with label switching
E. MPLS "label" is the unique identifier of a specific group in each subnet
Answer: BC

329. MPLS is a label forwarding technology, which of the following description of MPLS is wrong?
A. The IP Routing Protocol module in the control plane is used to transmit routing information and
generate routing information tables
B. The Label Distribution Protocol module in the data plane is used to complete the exchange of label
information and establish a label forwarding path
C. The data plane includes the IP Forwarding Information Base. When a normal Ir message is received, if
it is a normal IP forwarding, it will look up the IP routing table and forward it.
D. When receiving a labeled message, if it needs to be forwarded according to the label, it is forwarded
according to the label forwarding table, if it needs to be forwarded to the IP network, it is forwarded
according to the IP forwarding table after removing the label
Answer: C

66 / 91
The safer , easier way to help you pass any IT exams.

330. RouterA and RouterB belong to a VRRP group, RouteA has a priority of 120 and RoaterB has a
priority of 100. The virtual IP address of VRID is the same as the interface address of RouterB.
When the network is running well, the master device in this VRRP group is ().
A. RouterA
B. RouterB
Answer: B

331. Which of the following description of the service priority in DSCP is correct?
A. AF11 has high packet loss probability AF12
B. AE has a higher priority than EF
C. CS has the highest priority
D. AF1 has a higher priority than AF4
Answer: C

332. The packet filtering firewall provides support for detecting and filtering fragmented packets.
Which of the following are the fragmented packets that can be filtered by the packet filtering firewall?
(Multiple choice)
A. The first fragmented message
B. Subsequent fragmented message
C. Forged ICMP error message
D. Non-fragmented messages
Answer: BD

333. According to which information of the message can be classified into the link layer complex flow?
(Multiple choice)
A. Destination MAC address
B. 802.1p
C. Source MAC address
D. Port number
Answer: BD

334. In an IP network, the service level is identified by the IP priority or DSCP of the IP message. But for
the MPLS network, since the IP header of the packet is invisible to LSR (Label Switching Router) devices,
it is necessary to mark the EXP field of the MPLS packet at the edge of the MPLS network.
A. TRUE
B. FALSE
Answer: A

335. In order to provide different services to different users or businesses, users or businesses can be
finely divided according to message information (such as message priority, source IP, destination IP, port
number, etc.), then in order to achieve the division function, which of the following is the QoS technologies
we usually use?
A. Congestion avoidance

67 / 91
The safer , easier way to help you pass any IT exams.

B. Traffic policing
C. Complex flow classification
D. Congestion management
Answer: C

336. Congestion management refers to how the network is managed and controlled when congestion
occurs. The processing method is to use queue scheduling technology.
A. TRUE
B. FALSE
Answer: A

337.What are the characteristics of guest access? (Multiple choice)


A. The access rights of visitors and employees are the same
B. Access your own device to access the network
C. The visitor's access to the corporate network is not controlled
D. Uncontrolled speech and behavior of visitors
Answer: BD

338.In the MPLS system, there are two ways of distributing labels, what are they? (Multiple choice)
A. Downstream autonomous DoD
B. Downstream on-demand DU
C. Downstream autonomous DoD
D. Downstream on-demand DU
Answer: AB

339. As a network resource automation control system, Agile Controller can provide a unified policy
engine, implement unified access policies throughout the organization, and implement access based on
user identity, access time, access address, access type, and access method (5H1W for short) )
Authentication and authorization.
A. TRUE
B. FALSE
Answer: A

340.VRRP packets do not support authentication.


A. TRUE
B. FALSE
Answer: B

341.If there is no security policy configured between the firewall domains, or when the security policy is
checked, all the security policies are not matched, the packet filtering action between the domains will be
executed by default ( )
A. Only part of the pass is allowed
B. Rejected
C. Report to the administrator

68 / 91
The safer , easier way to help you pass any IT exams.

D. Different applications have different default actions


Answer: B

342.Which of the following working modes does the firewall interface have? (Multiple choice)
A. Exchange mode
B. Transparent mode
C. Transmission mode
D. Routing mode
Answer: BD

343.When setting the WRED drop policy, set the lower limit of traffic marked AF21 to 35, the upper limit to
40, the lower limit of traffic marked AF22 to 30, the upper limit to 40, the lower limit of traffic marked AF23
to 25, and the upper limit to It is 40. In addition, the drop probability when the upper limit is reached is 10%,
so before the occurrence of congestion, which priority data packet can be guaranteed to a certain extent?
A. All the same
B. AF22
C. AF21
D. AF23
Answer: A

344.What information of the message can be marked or remarked? (Multiple choice)


A. MAC Address information
B. Any information in the message
C. IP Source, Destination Address, EXP information
D. IP DSCP, IP Precedence, 802.1p, EXP information
Answer: ACD

345.What information in the message can be used to classify complex traffic? (Multiple choice)
A. Source and destination MAC address information
B. Type of agreement
C. Source and destination address information
D. Packet length of the message
Answer: ABCD

346. WRR (Weight Round Robin) evolved on the basis of RR (Round Robin). It performs round-robin
scheduling among queues, and schedules the packet flow in each queue according to the weight of each
queue.
A. TRUE
B. FALSE
Answer: A

347.The DHCP protocol can assign some TCP/IP-related parameter information to the client. In this
process, DHCP defines a variety of messages. What encapsulation is used for these messages?
A. TCP encapsulation

69 / 91
The safer , easier way to help you pass any IT exams.

B. UDP encapsulation
C. PPP encapsulation
D. IP encapsulation
Answer: B

347. Configure as shown in the figure. Which of the following descriptions are wrong? (Multiple choice)
[LSRA] mpls lsr-id 1.1.1.9
[LSRA] ip
[LSRA] interface vlanif 10
[LSRA-Vlanif] mpls
[LSRA-Vlanif] quit
[LSRA] static lsp ranges SA to SD destination 4.4.4.9 32 nexthop 10.1.1.2 out-label
A. The last command is to configure LSRA as the access interface LSR, and configure a static LSP
B. After enabling mpls globally, there is no need to enable mpls again in the interface view
C. mpls lsr-id is the ID for configuring the LSR. It is the prerequisite for configuring other MPLS commands.
It is not configured by default.
D. mpls is to enable the mpls function in the system view and interface view, lsr-id can be configured only
after enabling mpls
Answer: BD

349.Which of the following description is wrong about the method of establishing a BFD session?
A. When dynamically establishing a BFD session, dynamically assign a local identifier
B. Statically configuring a BFD session refers to manually configuring BFD session parameters through
the command line, including local identifiers and remote identifiers, etc.
C. The system distinguishes between static BFD sessions and dynamic BFD sessions by dividing the
identifier area
D. BFD sessions can only be established dynamically
Answer: D

350.What are the reasons for the shortcomings of RED?


A. Tail drop cannot distinguish traffic drop
B. The high threshold setting is unreasonable
C. The queue length setting is unreasonable
D. The low threshold setting is unreasonable
Answer: C

351. Among the three service models of Best-Effort, Integrated Service, and Differentiated Service, only
Integrated Service and Differentiated Service can be guaranteed by multi-service QoS. In actual network
construction, the integrated service method should be used at the edge of the network and the
differentiated service method at the core of the network.
A. Ture
B. False
Answer: B

70 / 91
The safer , easier way to help you pass any IT exams.

352.Which description is correct about the DHCP address pool? (Multiple choice)
A. Configure the interface-based address allocation method, and only respond to DHCP requests
received by the interface
B. Only when configuring the address allocation method based on the global address pool, can you set
the IP address range that does not participate in the automatic allocation
C. Configure the address allocation method based on the global address pool, which can respond to
DHCP requests received by all ports
D. Configure the interface-based address allocation method, which can respond to DHCP requests
received by all ports
Answer: AC

352. During the establishment of an LDP session, what message will be sent if the other party's relevant
parameters cannot be accepted?
A. advertisement
B. notification
C. initial
D. keepalive
Answer: B

353. In VRRP, when the device status changes to Master, it will immediately send a gratuitous ARP to
refresh the MAC table entries of the downstream device, thereby directing the user's traffic to this device.
A. Ture
B. False
Answer: A

355.Regarding the difference between GTS, LR and CAR, which of the following description is wrong?
A. When performing packet flow control, CAR discards packets that exceed the flow limit
B. When performing packet flow control, GTS buffers the packets that exceed the flow limit in the GTS
queue
C. When performing packet flow control, LR discards packets that exceed the flow limit
D. When performing message flow control, LR can not only buffer the messages that exceed the flow limit,
but also make the messages enter the QoS queue for processing
Answer: C

356.Which descriptions are correct about the label concept in MPLS? (Multiple choice)
A. Some tags are local identifiers, and some tags are global identifiers
B. On a device, a label can only represent one FEC
C. On one device, there may be multiple incoming tags corresponding to one FEC
D. The label is used to uniquely identify the FEC to which a group belongs
Answer: CD

357.In the MPLS label, if the label value assigned by the egress node to the penultimate hop node is 0,
the penultimate hop LSR needs to normally push the label with the value 0 onto the top of the packet label
value and forward it to the last hop. When the last hop finds that the label value carried in the packet is 0,

71 / 91
The safer , easier way to help you pass any IT exams.

the label is ejected. The 0 tag is only valid when it appears at the bottom of the stack.
A. True
B. False
Answer: A

358.What are the main features of stateful inspection firewalls?


A. The subsequent package processing performance is excellent
B. For each packet mirrored packet filtering inspection
C. Slow processing speed
D. Can only detect the network layer
Answer: A

359.In an MPLS network, the device will forward the MPLS data frame according to the label. Where is
the label of the MPLS?
A. In the third floor
B. Behind the third floor and in front of the second floor
C. Behind the second floor and in front of the third floor
D. In front of the second floor
Answer: C

360. Which of the following is not part of the label release agreement?
A. LSP
B. RSVP-TE
C. MP-BGP
D. LDP
Answer: B

361.The DHCP server can use different address ranges to assign clients. Which of the following
descriptions are correct about the assigned addresses? (Multiple choice)
A. It can be the IP address that the client used to conflict with other clients
B. It can be an IP address that is statically bound to the client's MAC address in the database of the
DHCP server
C. It can be the IP address used by the client, that is, the address of the Requested IP Addr Option
(Requested IP Addr Option) in the DHCP_DISCOVER message sent by the client
D. Regarding the IP addresses that the DHCP server has queried over the lease period and conflicts, if an
available IP address is found, it can be assigned
E. In the DHCP address pool, sequentially search for the IP addresses available for allocation, that is, the
IP address found first
Answer: BCDE

362.When network congestion occurs intermittently and delay-sensitive services require higher quality
QoS services than non-delay-sensitive services, congestion management is required; if congestion still
occurs after congestion management is configured, bandwidth needs to be increased.
A. TRUE

72 / 91
The safer , easier way to help you pass any IT exams.

B. FALSE
Answer: A

363.What are the situations in which packet loss may occur? (Multiple choice)
A. Packet loss occurs during receiving
B. Packet loss occurs during transmission
C. Packet loss occurs in the queue
D. Packet loss may be caused by the CPU being busy and unable to process packets
Answer: ABCD

364. There is no concept of forwarding plane, control plane and management plane in traditional IP
network in SDN.
A. TRUE
B. FALSE
Answer: A

365.In SDN, the OpenFlow protocol is a control protocol between the controller and the repeater.
A. TRUE
B. FALSE
Answer: A

366.Any two security zones constitute an interzone and have a separate security interzone view. Most of
the firewall configuration is configured in the security interzone view.
A. TRUE
B. FALSE
Answer: A

367.As shown in the figure, all devices are running in the PLS network. The downstream switch SWA
sends a 1.1.1.1 label mapping message to SWB. After receiving the label distributed by the downstream
switch SA, the SB distributes the label to the SC, and the SWC receives the SWB.
Send the label to SWD after the label is sent.
So what are the label control methods and label distribution methods in this network?

73 / 91
The safer , easier way to help you pass any IT exams.

A. Ordered+DU
B. Independent+DU
C. Ordered+DoD
D. Independent+DoD
Answer: A

368. The single-arm echo function of BFD can be used for two devices that are not directly connected.
A. TRUE
B. FALSE
Answer: A

369. NFV and SDN are complementary, but they are not dependent on each other.
A. TRUE
B. FALSE
Answer: A

370.Which descriptions are correct about the characteristics of high-availability networks? (Multiple
choice)
A. Can recover quickly after failure
B. Once a failure occurs, the business can only be restored through manual intervention
C. No failure
D. Cannot fail frequently
Answer: AD

371.There is the concept of forwarding equivalence class in MPLS. What is the function of forwarding
equivalence class?
A. The forwarding equivalence class determines how to add tags on the LSP
B. The forwarding equivalence class determines how to establish the LSP path
C. The forwarding equivalence class determines how IP data packets are forwarded on the MPLS LSP
D. Forwarding equivalence class determines the correspondence between LSP and IP data packet group
Answer: D

372.MPLS forwards data based on labels. If the data is not tagged with MPLS labels when forwarding,
which of the following methods is used by the device to forward packets?
A. Multi-label MPLS forwarding
B. Normal IP forwarding
C. ATM forwarding
D. Single-label MPLS forwarding
Answer: B

373.As shown in the figure, Site1 and Site2 need to communicate with each other through the operator's
BGP/MPLS IP VPN. It is known that the public network tunnel between PE1 and PE2 has been
established (the label information is shown in the figure), and PE1 has
The route of the 192.168.1.0/24 network segment is advertised to PE2 through the MP-IBGP neighbor

74 / 91
The safer , easier way to help you pass any IT exams.

relationship, and the route learning is normal. When grabbing data between P and PE1 and Site2
accessing the 192.168.1.0/24 data of Site1, which label should be the outermost label?
BGP Update
100:1:192.168.1.0/24
RT=100:1
I
FEC
LDP LSP
Out Label
LoopbackO:
1.1.1.1

---
NextHop=l.l.l.l
Label=8888
1.1.1.1/32

/(
6662
Site1
CE1 PE1 P
LDP
MPLSDomain
LDP LSP
FEC
1.1.1.1/32
In/Out Label
6662/3
A3
B. 8888
C. 6661
D. 6662
Answer:B

374.How many types of data streams with different service levels can be identified based on MPLS
labels?
A.8

75 / 91
The safer , easier way to help you pass any IT exams.

B.4
C.16
D.2
Answer: A

375.Which of the following options is the main function of the DHCP DISCOVER message?
A. The server's confirmation response to the REQUEST message.
B. The client is used to find the DHCP server.
C. The client requests configuration confirmation, or renews the lease.
D. The DHCP server is used to respond to the DHCP DISCOVER message, which carries various
configuration information.
Answer: B

376. Huawei AR G3 series routers have all SNMP versions (SNMPv1, SNMPv2c and SNMlPv3) by
default.
A. TRUE
B. FALSE
Answer: A

377. The network management system can only view the operating status of the device through the
SNMP protocol, but cannot issue configurations.
A. TRUE
B. FALSE
Answer: B

378.Which of the following solutions can improve network service quality? (Multiple choice)
A. Reasonable use of queue scheduling and congestion avoidance mechanisms
B. Arrange different businesses to provide services at different times
C. Improve link bandwidth
D. Replace high-performance equipment
Answer: ACD

378. Which of the following values can be set for the security level of the custom security zone of the USG
series firewall?
A. 150
B. 100
C. 80
D. 40
Answer:B

380.There are hosts in a private network that need to access the Internet. To achieve this requirement,
which of the following configurations should be done by the administrator on the edge firewall of the
network? (Multiple choice)
A. STP

76 / 91
The safer , easier way to help you pass any IT exams.

B. DHCP
C. Default routing
D. NAT
Answer: CD

381. Among the following VPN technologies, which VPN technology may have two IP packet headers in a
packet? (Multiple choice)
A. GRE
B. L2TP
C. SSL VPN
D. IPsec VPN
Answer: AB

382. Which of the following commands is used to configure VRRP to track the status of a physical
interface?
A. track vrrp vrid 1 interface GigabitEthernet0/0/0
B. vrrp vrid 1 interface GigabitEthernet0/0/0
C. vrrp vrid 1 track interface GigabitEthernet0/0/0
D. vrrp vrid 1 interface GigabitEthernet0/0/0 track
Answer: C

383.The origin of SDN is the separation of transfer and control. The separation of transfer and control is a
way to realize SDN, not the essence.
A. TRUE
B. FALSE
Answer: A

384.The classic network forwarding method is based on routing table forwarding. The forwarding method
of OpenFlow switches is based on flow table forwarding. Regarding these two forwarding methods, which
of the following statements are correct? (Multiple choice)
A. The flow table is variable length. A network device can only have one flow table.
B. The matching method of the flow table is to match the MAC address and IP address of the flow at the
same time.
C. The matching method of the routing table is to match the route of the destination network segment with
the longest mask.
D. The routing table is of fixed length. A device can only have one public routing table.
Answer: CD

385. The technology that separates the control plane from the forwarding plane is SDN.
A. TRUE
B. FALSE
Answer: B

386. The role of the business collaboration layer in the SDN architecture is to complete business

77 / 91
The safer , easier way to help you pass any IT exams.

deployment based on user intentions, and OpenStack belongs to the business collaboration layer.
A. TRUE
B. FALSE
Answer: A

387.Which of the following is not part of the SDN network architecture?


A. Device layer
B. Controller layer
C. Chip layer
D. Application collaboration layer
Answer: C

387. VXLAN is based on UDP encapsulation, encapsulating Ethernet data frames on UDP in IP packets,
so it is called MAC in UDP encapsulation.
A. TRUE
B. FALSE
Answer: A

388. The length of the VNI field of the VXLAN packet is 24 bits.
A. TRUE
B. FALSE
Answer: A

390.Which of the following statements about VXLAN is wrong?


A. Introducing VXLAN technology into the campus network can realize Layer 2 and Layer 3
communication
B. When deploying VXLAN, in addition to the devices at both ends of the VXLAN tunnel that need to
support VXLAN, the forwarding device in the middle must also support it, otherwise VXLAN packets
cannot be forwarded normally
C. VXLAN packets are forwarded by routing in the Underlay network, and the Underlay does not pay
attention to the terminal MAC address of the inner data frame when forwarding
D. VXLAN uses MAC in UDP encapsulation to extend the Layer 2 network, encapsulating Ethernet
packets on top of IP packets
Answer: B

391.VXLAN uses VNI to distinguish tenants. A tenant can have one or more VNIs. The length of VNI is 24
bits, so VXLAN supports up to 12M tenants.
A. TRUE
B. FALSE
Answer: A

392. VXLAN uses MAC in TCP encapsulation to extend the Layer 2 network, and encapsulates Ethernet
packets on IP packets to achieve VXLAN network intercommunication.
A. TRUE

78 / 91
The safer , easier way to help you pass any IT exams.

B. FALSE
Answer: B

393. The eSight application platform is in B/S mode and supports simultaneous access by multiple
browsers.
A. TRUE
B. FALSE
Answer: A

394.QoS is a tool for effective use of network resources. It allows different traffic to compete for network
resources unequally. Voice, video, and important data applications can be served first in network
equipment.
A. TRUE
B. FALSE
Answer: A

395.The TTL field in the MPLS label header encapsulation can prevent the endless loop forwarding of
packets. Which of the following descriptions about TTL is correct? (Multiple choice)
A. There is TTL only in frame mode MPLS encapsulation, and there is no TTL in cell mode MPLS
encapsulation.
B. MPLS has two ways to deal with TTL. One is to copy the IP TTL value of the TTL of the MPLS header
when an IP packet enters the MPLS network; the other is to uniformly set the TTL of the MPLS header to
255 at the ingress LER.
C. The processing method of copying the IP TTL value hides the LSR of the MPLS domain and plays a
certain security role.
D. When copying TTL is prohibited, tracert can see the LSR of the MPLS domain that it passes through
Answer: AB

396.As shown in the figure, the carrier's BGP/MPLS IP VPN backbone network builds LSPs through LDP.
If you want to achieve intercommunication between the two sites using X through the BGP/MPLS IP VPN
network, you must use a 32-bit mask between PE1 and PE2. Loopback interface address to establish
MP-IBGP peer relationship.

A. TRUE
B. FALSE
Answer: B

397.In an MPLS domain, LSRs can be divided into Ingress LSR, Transit LSR, and Egress LSR according
to the way the LSR processes data. For the same FEC, a certain LSR can be the Ingress LSR of the FEC

79 / 91
The safer , easier way to help you pass any IT exams.

or the transit LSR of the FEC.


A. TRUE
B. FALSE
Answer: A

398. The administrator has configured the router as shown in the figure. At the same time, the
administrator wants to assign a shorter lease period to the DHCP address. Which of the following
commands should be used?

A. lease day 0 hour 10


B. lease 24
C. dhcp select relay
D. lease 0
Answer: A

399. Network equipment running the SNMP protocol can take the initiative to report alarm information so
that network administrators can find faults in time.
A. TRUE
B. FALSE
Answer: A

400.Which of the following description is wrong about the Integrated Service and RSVP in QoS? (Multiple
choice)
A. Integrated Service is suitable for a large number of applications on the backbone network.
B. RSVP is a multi-purpose protocol. In addition to Integrated Service, RSVP can also be used in other
fields.
C. Integrated Service uses RSVP as its signaling mechanism.
D. Integrated Service is actually RSVP.
Answer: AD

401.Which of the following technologies is necessary to enable a host with an IP address of 10.0.0.1 to
access the Internet?
A. NAT
B. Route import
C. Static routing
D. Dynamic routing
Answer: A

402.BFD can implement link status detection at the ms (millisecond) level.


A. TRUE
B. FALSE
Answer: A

80 / 91
The safer , easier way to help you pass any IT exams.

403.Which of the following statements about static VXI AN tunnel configuration are correct? (Multiple
choice)
A. For a VXLAN tunnel, a one-to-one corresponding NVE interface needs to be created, in which the
source IP address and destination IP address are clearly specified. Therefore, there are multiple VLAN
tunnels on the VTEP and the corresponding number of NVE interfaces must be configured.
B. A BD needs to create an NVE interface, when there are multiple BDs, multiple NVE interfaces must be
created
C. One NVE interface can be associated with multiple VNIs, so when there are multiple BDs, only one
NVE interface can be created
D. In the NVE interface, the destination address of the VLAN tunnel can be specified by the address in the
head-end copy list. Multiple VXLAN tunnels can only create one NVE interface
Answer: CD

404.If only some devices in a network run MPLS (the MPLS domain is embedded in the IP domain), then
labels will only be generated for the routes generated locally by the devices running MPLS (MPLS
domain), and for routes originated by other devices (IP domain) No label will be generated.
A. TRUE
B. FALSE
Answer: B

405.Regarding BGP/MPLS IP VPN routing interaction, which of the following description is wrong?
A. The egress PE can send IPv4 routes to the remote CE through BGP, IGP or static routing.
B. The exchange between PE and CE is IPv4 routing information.
C. After the egress PE receives the VPNv4 route advertised by the ingress PE, it filters the VPNv4 route
according to the RT attribute carried by the route.
D. The ingress PE changes the IPv4 route received from the CE to the VPNv4 route, and saves it
according to different VPN instances.
Answer: D

406. Which of the following commands can be used to view BGP VPNv 4 routing and BGP private network
routing information on the PE?
A. display bgp routing -table address- family vpnv4
B. display bgp routing -table ipv4- family vpnv4
C. display vpnv4 bgp routing-table
D. display bgp vpnv4 routing-table
Answer: D

407.Which of the following descriptions is correct about configuring static LSPs in MPLS networks?
A. When a certain LSR is a Transit LSR, In Labe1 and Out label need to be configured at the same time,
both in the range of 16~1023.
B. When a certain LSR is an Ingress LSR, you only need to configure Out Label, the range is
16~1048575.
C. When a certain LSR is an Egress LSR, only In Label needs to be configured, and the range is

81 / 91
The safer , easier way to help you pass any IT exams.

16~1023.
D. When an LSR is an Iransit LSR, In Label and Out label need to be configured at the same time. The
range of In Labe1 is 16~1023, and the range of Out Labe1 is 16~1048575.
Answer: D

408.Which of the following is not the discard strategy of the cache queue?
A. Tail discard
B. WRR
C. WRED
D. RED
Answer: B

409.Which of the following description is wrong about the firewall?


A. The firewall can isolate networks of different security levels.
B. The firewall can implement access control between different networks.
C. The firewall cannot implement network address translation.
D. The firewall can realize user identity authentication.
Answer: C

410. As shown in the figure, the stateful inspection firewall will forward the message because the message
conforms to the firewall's session state.

A. TRUE
B. FALSE
Answer: A

411.When the administrator configures VRRP, which of the following are not mandatory? (Multiple choice)
A. Preemption mode
B. Priority of virtual routers
C. Preemption delay
D. Virtual IP address
Answer: ABC

82 / 91
The safer , easier way to help you pass any IT exams.

412.To enable the linkage between BFD and OSPF on all interfaces of the device, which of the following
commands should be used?
A. undo bfd all-interface disable
B. bfd enable
C. all-interface bfd enable
D. bfd all-interface enable
Answer: D

413.Which of the following statements about the format of VXLAN packets are correct? (Multiple choice)
A. The length of the VNI field is 24bit
B. The source and destination IPs of the outer encapsulation are the IP addresses of the source and
destination VTEPs respectively
C. The source and destination port numbers of the UDP header are 4789
D. The destination port number of the UDP header is 4789
Answer: ABD

414.Which of the following statements about VXLAN are correct? (Multiple choice)
A. VXLAN uses MAC in UDP encapsulation
B. The VXLAN feature is essentially a VPN technology, which can superimpose a Layer 2 virtual network
on any routable network, and realize the intercommunication within the VLAN network through the
VXLAN gateway. At the same time, it can also realize the connection with the traditional non-VXLAN
network. Intercommunication
C. When VXLAN is applied in the network, all devices required to pass through the tunnel support VXLAN
D. VXLAN is only a Layer 2 tunneling technology and cannot realize Layer 3 communication
Answer: AB

415.Which of the following definitions of OPEX is correct?


A. Maintenance costs
B. Operating costs
C. Operation and maintenance costs
D. Total cost of ownership
Answer: B

416.Regarding the BGP/MPLS IP VPN network architecture, which of the following description is wrong?
A. The BGP/MPLS IP VPN network architecture consists of three parts: CE (Customer Edge), PE
(Provider Edge), and P (Provider). E and P are operator equipment, and CE is BGP/MPLS IP VPN user
equipment.
B. In general, CE equipment does not perceive the existence of VPN, and CE equipment does not need
to support MPLS, MP-BGP, etc.
C. The P device only needs to have basic MPLS forwarding capabilities and does not maintain
VPN-related information.
D. Sites can visit each other through VPN, and a site can only belong to one VPN.
Answer: D

83 / 91
The safer , easier way to help you pass any IT exams.

417. Which of the following fields does the MPLS header include? (Multiple choice)
A. EXP
B. Tos
C. Label
D. TTL
Answer: ACD

418. In an MPLS network, LSRs running the LDP protocol exchange LDP clearing information to realize
functions such as neighbor discovery, session establishment and maintenance, and label management.
In order to ensure the reliability of message delivery, all LDP message sending and receiving must be
based on TCP connection.
A. TRUE
B. FALSE
Answer: B

419. The MAC address of a certain PC is 5489-98FB 65D8, and the administrator wants this PC to obtain
the designated IP address 192.168.1.11/24 from the DHCP server. So which command should be
configured by the administrator?
A. dhcp server static-bind ip-address 192.168.1.11 mac-address 5489-98FB-65D8
B. dhcp static-bind ip-address 192.168.1.11 mac-address 5489-98FB-65D8
C. dhcp server static-bind ip-address 192.168.1.11 255.255.255.0 mac-address 5489-98FB-65D8
D. dhcp static-bind ip-address 192.168. 1.11 24 mac-address 5489-98FB-65D8
Answer: B

420.Which parts of SNMP consist of? (Multiple choice)


A. Managed objects
B. Management Information Base
C. Agent process
D. Network Management System
Answer: ABCD

421.A medium-sized campus network manages the network through the SNMP protocol. The campus has
high requirements for network security. Which version of SNMP is recommended for management?
A. SNMPv3
B. SNMPv2C
C. All versions can be implemented
D. SNMPv1
Answer: A

422. SNMPv1 defines five protocol operations.


A. TRUE
B. FALSE
Answer: A

84 / 91
The safer , easier way to help you pass any IT exams.

423. The traffic shaping technology temporarily caches data that exceeds the forwarding threshold. For
the data in the cache, congestion management technology can be used to discard data packets from the
cache queue in advance to prevent the cache queue from being full.
A. TRUE
B. FASLE
Answer: A

424.NAPT distinguishes the IP addresses of different users through the protocol numbers in TCP, UDP, or
IP packets.
A. TRUE
B. FALSE
Answer: B

424. As shown in the figure is an IP packet header, which of the following statements is correct?

A. The protocol number is 51, which means that the packet after the IP Header is the AH header.
B. The protocol number is 51, which means that the packet after the IP Header is the ESP header.
C. The message is an IPsec VPI message, and the data part of the message is encrypted.
D. The message must be an IPsec VPN message encapsulated by AH only.
Answer: B

425. BFD can detect the connectivity of directly connected links, but cannot detect the connectivity of
multi-hop links across routers.
A. TRUE
B. FALSE
Answer: B

427.In the MPLS label forwarding table, there may be different FECs (but the next hop is the same).
Which of the following descriptions about the EC output labels is correct?

85 / 91
The safer , easier way to help you pass any IT exams.

A. The output labels must be the same


B. The output label may be the same
C. The output label must be different
Answer: B

428.Regarding BGP/MPLS IP VPN data forwarding, which of the following description is wrong?
A. The inner label during data forwarding is allocated by MP-BGP.
B. When data is transmitted on the BGP/MNPLS IP VPN backbone network, it always carries two layers
of labels.
C. The data sent by the PE to the CE is an IPv4 packet.
D. The outer label during data forwarding can be allocated by LDP.
Answer: B

429.For a device running MPLS, there will be a label forwarding table. Which of the following statements
about the entry of labels in the label forwarding table is correct?
A. Different EFC's incoming tags must be different
B. The incoming tags of different EFCs must be the same
C. The incoming tags of different EFCs may be the same
Answer: C

430.Which of the following descriptions about the S field in the MPLS packet header is correct? (Multiple
choice)
A. The S bit exists in every MPLS packet header.
B. The S bit has only 1 bit in the frame mode and 2 bits in the cell mode.
C. It is used to mark whether there are other labels after this label, 1 means yes, 0 means no.
D. It is used to mark whether there are other labels after this label, 0 means yes, 1 means no.
Answer: AC

431.Configuring DHCP Snooping can be used to prevent counterfeit attacks. Which of the following steps
should be included in the configuration process? (Multiple choice)
A. Configure interface trust status
B. Enable global DHCP function
C. Enable DHCP Snooping on the interface or VLAN
D. Enable the global DAI Snooping function
Answer: ABC

432.Which of the following descriptions about the authentication domain of the Agile Controller are correct?
(Multiple choice)
A. The authentication domain is divided into pre-authentication domain, isolation domain and
post-authentication domain.
B. The post-authentication domain refers to the area that end users can access after passing the
authentication. The network resources (such as ERP system, financial system, database system) that
require controlled access are deployed in this area.
C. Pre-authentication domain refers to the area that the terminal host can access before passing the

86 / 91
The safer , easier way to help you pass any IT exams.

identity authentication, and public network resources (such as DNS server, external authentication source,
service controller, service manager, etc.) that can be accessed without authentication Deploy in this area.
D. Isolation domain refers to the area that the terminal host is allowed to access when the terminal user
passes the identity authentication but fails the security authentication. Relevant resources (such as patch
server, antivirus server, etc.) that can help the end user eliminate illegal information are deployed in this
area.
Answer: AC

433.Which of the following descriptions about the various versions of the SNMP protocol are correct?
(Multiple choice)
A. SNMPv2c follows the five protocol operations defined by the vI version and adds two additional
operations.
B. SNMPv1 uses UDP as the transport layer protocol, while SNMPv2c and SNMPv3 use TCP as the
transport layer protocol, so the reliability is higher.
C. SNIPv2c messages have the functions of identity verification and encryption processing.
D. SNMPv3 messages have the functions of identity verification and encryption processing.
Answer: AD

434.The network management workstation manages network devices through the SNMP protocol. When
an abnormality occurs in the managed device, which SNMP message will the network management
workstation receive?
A. Get-Response message
B. Set-Request message
C. Get-Request message
D. Trap message
Answer: D

435.When the BFD detection interval at both ends is 30ms and 40ms respectively, which of the following
descriptions is correct?
A. The bfd session cannot be established.
B. The bfd session can be established, 30ms after negotiation.
C. The bfd session can be established, and it takes 40ms after negotiation.
D. The bfd session can be established, and each is sent at its own time interval.
Answer: D

436.As shown in the figure, in order to enable the traffic between Site1 and Site2 to pass through Hub-CE,
two VPN instances on Spoko-PE have been configured. Two VPN instances need to be created on
Hub-PE. The instance VPN_in is used to receive
For routes sent by Spoke-PE, instance VPN_out is used to advertise routes to Spoke-PE. Please select
the Import RT and Export RT of these two instances respectively.

87 / 91
The safer , easier way to help you pass any IT exams.

Answer:

437.Which of the following is the broadcast domain of VXLAN called?


A. Exchange domain
B. Bridge domain
C. VLAN domain
D. Wide finger area
Answer: B

438. The firewall has the concept of a security zone, and its interface itself belongs to the local zone.

88 / 91
The safer , easier way to help you pass any IT exams.

A. TRUE
B. FALSE
Answer: A

439.When the stateful inspection firewall forwards subsequent data packets (not the first packet), which of
the following is the main basis?
A. MAC address table
B. Session table
C. Route table
D. FIB table
Answer: B

439. FIFO can assign weights to different services and has better control over time delay and jitter.
A. TRUE
B. FALSE
Answer: B

441.Which of the following statements about traffic shaping are correct? (Multiple choice)
A. Traffic shaping can only be used in the outbound direction
B. Traffic shaping will discard excess traffic
C. Traffic shaping will cache the excess traffic
D. Traffic shaping can only be used in the inbound direction
Answer: AC

442. Network devices running the SNMP protocol run an agent process locally.
A. TRUE
B. FALSE
Answer: A

443.What types of protocols can eSight use to discover network elements? (Multiple choice)
A. SNMP protocol
B. netconf protocol
C. Telnet protocol
D. ICMP protocol
Answer: ABC

443. Which of the following SNMP packets are sent to the NMS by the Agent on the managed device?
A. Response
B. Get-Request
C. Get-Next-Request
D. Set-Request
Answer: A

444. The administrator has configured the router as shown in the figure, then which of the following IP

89 / 91
The safer , easier way to help you pass any IT exams.

addresses can be obtained by a host connected to the G1/0/0 interface of the router through DHCP?

A. The IP address obtained by the host belongs to the 10.10.10.0/24 network


B. The IP address obtained by the host may belong to the 10.10.10.0/24 network, or it may belong to the
10.20.20.0/24 network
C. The IP address obtained by the host belongs to the 10.20.20.0/24 network.
D. The host cannot obtain an IP address.
Answer: A

446.As shown in the figure, MPLS/BGP IP VPN is deployed in the network, and the MP-BGP neighbor
relationship is established between PE1 and PE2 through the loopback0 interface. After the configuration
is completed, it is found that CE1 and CE2 cannot learn from each other.
Therefore, use the command on PE2 to view neighbor information as shown in the figure. What is the
most likely cause of the problem?

A. PE or PE2 is not enabled with neighbors in the BGP-VPNv4 unicast address family view.
B. The VPN instance parameter configuration on P1 or PE2 is incorrect.
C. The routing protocol configuration between PE or PE2 and the respective CE is incorrect.
D. The LSP tunnel between PE1 and PE2 is not established.
Answer: D

90 / 91
The safer , easier way to help you pass any IT exams.

447. BGP/MPLS IP VPN can only use LDP to construct public network tunnels.
A. TRUE
B. FALSE
Answer: B

448.As shown in the figure, there is a message containing three-layer label headers. Please select the
corresponding values (in decimal) of the X, Y, and Z fields in the figure.

Select and Place:

Answer:

91 / 91

You might also like