Which of the following commands will display a router’s crypto map IPsec security associationsettings?()A、show crypto map ipsec saB、show crypto mapC、show crypto engine connections activeD、show ipsec crypto mapE、show crypto map saF、show ipsec crypto map sa
题目
Which of the following commands will display a router’s crypto map IPsec security associationsettings?()
- A、show crypto map ipsec sa
- B、show crypto map
- C、show crypto engine connections active
- D、show ipsec crypto map
- E、show crypto map sa
- F、show ipsec crypto map sa
相似考题
更多“Which of the following commands will display a router’s crypto map IPsec security associationsettings?()A、show crypto map ipsec saB、show crypto mapC、show crypto engine connections activeD、show ipsec crypto mapE、show crypto map saF、show ipsec crypto map sa”相关问题
-
第1题:
根据网络拓扑和R1的配置,解释并完成路由器R3的部分配置。 R3(config)ctypto isakmp key(7)address(8)
R3(config)crypto transform-set testvpn ah—rod5—hmac esp-des esp-rod5-hmac(9)
R3(cfg—crypto—ttans)exit
R3(config)crypto map test 20 ipsec-isakmp
R3(config—crypto—map)set peer 192.168.1.1
R3(config—crypto—map)set transform-seI(10)
正确答案:(7)378 (8)192.168.1.1 (9)设置IPSec变换集testvpnAH鉴别采用ah-rod5-hmaeESP加密采用esp—desESP认证采用esp-md5-hmac。 (10)testvpn
(7)378 (8)192.168.1.1 (9)设置IPSec变换集testvpn,AH鉴别采用ah-rod5-hmae,ESP加密采用esp—des,ESP认证采用esp-md5-hmac。 (10)testvpn 解析:由R1(config)#crypto isakmp key 378 address 192.168.2.2得(7)(8)题答案。用crypto ipsee transform-set命令配置变换集;例如:crypt。ipsec transform-set transform-set-Dame transforml[transform2[transform3]]。set peer××.××.××.××(指定此VPN链路,对端的IP地址)。routerA(config-crypto-map)#set transform-set test(IPSec传输模式的名字) -
第2题:
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network.Which of the following answers best describes the router‘s logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()
A. When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interface
B. When routing the packet, matching a route whose outgoing interface is the GRE tunnel interface
C. When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interface
D. When permitted by an ACL that was referenced in the associated crypto map
参考答案:B
-
第3题:
Refer to the exhibit. A new TAC engineer came to you for advice. A GRE over IPsec tunnel was configured, but the tunnel is not coming up. W hat did the TAC engineer configure incorrectly?()
A. The crypto isakmp configuration is not correct.
B. The crypto map configuration is not correct.
C. The interface tunnel configuration is not correct.
D. The network configuration is not correct; netw ork 172.16.1.0 is missing.
参考答案:A
-
第4题:
With a VPN Accelerator Module 2+ (VAM2+) installed in a Cisco 7200 series router, what will be the resulting action when entering the command no crypto engine accelerator slot number?()
- A、disables OIR on the VAM2+ module
- B、removes the VAM2+ crypto engine feature and disables the associated configuration commands from the router
- C、disables dual VAM2+ hardware stateful failover capabilities
- D、disables the crypto engine hardware acceleration, resulting in all crypto functions to be performed in software
正确答案:A -
第5题:
Which of the following commands will display the name of the IOS image file being used in a Cisco router?()
- A、Router# show IOS
- B、Router# show version
- C、Router# show image
- D、Router# show protocols
- E、Router# show flash
正确答案:B,E -
第6题:
What is the purpose of this command in a Cisco Application Control Engine?() switch/Admin# show np 1 me-stats "-F0 v"
- A、 It displays the status of the internal SSL proxy structure associated with a vserver.
- B、 It displays the crypto-related statistics for a single NP.
- C、 It is the same output of a "show stats crypto" client/server.
- D、 It shows details on HTTP session entries.
正确答案:A -
第7题:
Which operational mode command displays all active IPsec phase 2 security associations?()
- A、show ike security-associations
- B、show ipsec security-associations
- C、show security ike security-associations
- D、show security ipsec security-associations
正确答案:D -
第8题:
The number of packets (or flows) dropped because they do not conform to the ASA/PIX security policy can be viewed using what command? ()
- A、 show asp drop
- B、 show counters drop
- C、 show security-policy
- D、 show policy-map
正确答案:A -
第9题:
Which command will allow you to display the configured QoS group and the ingress buffer allocated to each QoS group?()
- A、 show interface priority-flow-control
- B、 show interface queuing
- C、 show queuing interface
- D、 show policy-map system type queuing
- E、 show policy-map interface ethernet
type queuing
正确答案:C -
第10题:
单选题Which of the following statements is correct regarding a hybridcrypto system?()Auses symmetric crypto for keys distribution
Buses symmetric crypto for proof of origin
Cuses symmetric crypto for fast encrypted/decryption
Duses asymmetric crypto for message confidentiality
Euses symmetric crypto to transmit the asymmetric keys that is thenused to encrypt a session
正确答案: E解析: 暂无解析 -
第11题:
单选题Which of the following commands will display a router’s crypto map IPsec security associationsettings?()Ashow crypto map ipsec sa
Bshow crypto map
Cshow crypto engine connections active
Dshow ipsec crypto map
Eshow crypto map sa
Fshow ipsec crypto map sa
正确答案: C解析: 暂无解析 -
第12题:
单选题Which command will allow you to display the configured QoS group and the ingress buffer allocated to each QoS group?()Ashow interface priority-flow-control
Bshow interface queuing
Cshow queuing interface
Dshow policy-map system type queuing
Eshow policy-map interface ethernet
type queuing 正确答案: B解析: 暂无解析 -
第13题:
试题五(共15分)
阅读以下说明,回答问题1至问题2,将解答填入答题纸对应的解答栏内。
【说明】
某公司总部内采用RIP协议,网络拓扑结构如图5-1所示。根据业务需求,公司总部的192.168.40.0/24网段与分公司192.168.100.0/24网段通过VPN实现互联。
在网络拓扑图中的路由器各接口地址如表5-1所示:
【问题1】(6分,每空1分)
根据网络拓扑和需求说明,完成路由器R2的配置:
R2config t
R2 (config)interface seria1 0/0
R2 (config-if)ip address (1) (2)
R2 (config-if)no shutdown
R2(config-if)exit
R2 (config)ip routing
R2(config)router(3) ;(进入RIP协议配置子模式)
R2 (config-router)network (4)
R2 (config-router)network (5)
R2 (config-router)network (6)
R2 (config-router)version 2 :(设置RIP协议版本2)
R2(config-router)exit
【问题2】(9分,每空1.5分)
根据网络拓扑和需求说明,完成(或解释)路由器R1的配置。
Rl(config) interface seria1 0/0
Rl(config-if) ip address (7) (8)
Rl(config-if) no shutdown
Rl(config)ip route 192.168.100.0 0.0.0.255 202.100.2.3 ;(9)
Rl(config)crypto isakmp policy 1
Rl (config-isakmp)authentication pre-share ;(1 0)
Rl(config-isakmp)encryption 3des ;加密使用3DES算法
Rl(config-isakmp)hash md5 ;定义MD5算法
Rl(config)crypto isakmp key test123 address (11) ;设置密钥为test123和对端地址
Rl(config)crypto isakmp transform-set link ah-md5-h esp-3des;指定VPN的加密和认证算法。
Rl(config)accress-list 300 permit ip 192.168.100.0 0.0.0.255 ;配置ACL
Rl(config)crypto map vpntest 1 ipsec-isakmp ;创建crypto map名字为vpntest
Rl(config-crypto-map)set peer 202.100.2.3 ;指定链路对端lP地址
Rl(config-crypto-map)set transfrom-set link ;指定传输模式link
Rl(config-crypto-map)match address 300 ;指定应用访控列表
Rl(config) interface seria10/0
Rl(config)crypto map(12) ;应用到接口
正确答案:【问题1】(6分)
(1) 192.168.10.2
(2) 255.255.255.0
(3) RIP
(4) 192.168.10.0
(5) 192.168.20.0
(6) 192.168.30.0
【问题2】(9分)
(7) 212.34.17.9
(8) 255.255.255.224
(9)配置静态路由(指向VPN的对端)
(10)定义预共享密钥
(11) 202.100.2.3
(12) vpntest -
第14题:
Refer to the exhibit. Which command would verify if PBR reacts to packets sourced from 172.16.0.0/16?()
A. show ip route
B. show policy - map
C. show access - lists
D. show route - map
参考答案:D
-
第15题:
Router R1, a branch router, connects to the Internet using DSL. Some traffic flows through a GRE and IPsec tunnel, over the DSL connection, destined for an Enterprise network. Which of the following answers best describes the router's logic that tells the router, for a given packet, to apply GRE encapsulation to the packet?()
- A、When the packet received on the LAN interface is permitted by the ACL listed on the tunnel greacl command under the incoming interface
- B、When routing the packet, matching a route whose outgoing interface is the GRE tunnel interface
- C、When routing the packet, matching a route whose outgoing interface is the IPsec tunnel interface
- D、When permitted by an ACL that was referenced in the associated crypto map
正确答案:B -
第16题:
You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()
- A、The crypto ACL number
- B、The IPSEC mode (tunnel or transport)
- C、The GRE tunnel interface IP address
- D、The GRE tunnel source interface or IP address, and tunnel destination IP address
- E、The MTU size of the GRE tunnel interface
正确答案:C,D -
第17题:
What method in a Cisco IOS router can confirm that packets marked for a particular QoS marking are being matched?()
- A、Issue a show policy-map interface command.
- B、Assuming Netflow is enabled, issue a show ip cache verbose flow command.
- C、Issue a show crypto ipsec session command.
- D、Issue a debug qos set command and a terminal monitor command.
正确答案:A -
第18题:
Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()
- A、allows dynamic routing over the tunnel
- B、supports multi-protocol (non-IP) traffic over the tunnel
- C、reduces IPsec headers overhead since tunnel mode is used
- D、simplifies the ACL used in the crypto map
- E、uses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
正确答案:A,B,D -
第19题:
When is an IPSec SA built on the Teleworker Router?()
- A、when the router is booted up
- B、when the router administratively does a no shutdown" on the IPSec SA
- C、when traffic matches a line of the access-list tied into the crypto-map in the router configuration, and that particular IPSec SA is not already up
- D、when the ISAKMP SA completes negotiation of all IPSec SAs (one per access-list line in the crypto ACL), it will be brought up immediately
正确答案:C -
第20题:
Which of the following statements is correct regarding a hybridcrypto system?()
- A、 uses symmetric crypto for keys distribution
- B、 uses symmetric crypto for proof of origin
- C、 uses symmetric crypto for fast encrypted/decryption
- D、 uses asymmetric crypto for message confidentiality
- E、 uses symmetric crypto to transmit the asymmetric keys that is thenused to encrypt a session
正确答案:C -
第21题:
单选题What is the purpose of this command in a Cisco Application Control Engine?() switch/Admin# show np 1 me-stats "-F0 v"AIt displays the status of the internal SSL proxy structure associated with a vserver.
BIt displays the crypto-related statistics for a single NP.
CIt is the same output of a show stats crypto client/server.
DIt shows details on HTTP session entries.
正确答案: A解析: 暂无解析 -
第22题:
多选题You need to configure a GRE tunnel on a IPSec router. When you are using the SDM to configurea GRE tunnel over IPsec, which two parameters are required when defining the tunnel interfaceinformation?()AThe crypto ACL number
BThe IPSEC mode (tunnel or transport)
CThe GRE tunnel interface IP address
DThe GRE tunnel source interface or IP address, and tunnel destination IP address
EThe MTU size of the GRE tunnel interface
正确答案: A,D解析: 暂无解析 -
第23题:
多选题Which three features are benefits of using GRE tunnels in conjunction with IPsec for building site-to-site VPNs?()Aallows dynamic routing over the tunnel
Bsupports multi-protocol (non-IP) traffic over the tunnel
Creduces IPsec headers overhead since tunnel mode is used
Dsimplifies the ACL used in the crypto map
Euses Virtual Tunnel Interface (VTI) to simplify the IPsec VPN configuration
正确答案: B,E解析: 暂无解析