최신 GB0-392 무료덤프 - H3CSE-RS-NSO
两台路由器间配置 IPSec polic ,将策略下发到相应接口上后,使用 ping 命令检查被保护数据流互通性,发现数据 100% 通过。使用 displa ike sa 和 displa ipsec sa 命令,显示为 IPSec SA 未建立。则 IPSec 配置失败原因在于。(选择一项或多项)
정답: A
在 MSR 路由器上配置了如下命令:
Acl number 3000
Rule o permit ip source 100.0.10
Acl number 3002
Rule o permit ip source 100.0.0.0.0.0.0.255
Interface GigabitEthemet0/1
Port link -mode-route
Ip.address 200.0.0.1255.255.255.0
Qos gts acl 3002 cir 200 cbs 12500 ebs o queue-length50
Qos gts acl 3000cir 100 cbs 6250 ebs o queue-length50
则当端口 G0/1 出方向转发源 IP 地址为 100.0.0.1 的报文时以下说法正确的是(选择一项或多项)
Acl number 3000
Rule o permit ip source 100.0.10
Acl number 3002
Rule o permit ip source 100.0.0.0.0.0.0.255
Interface GigabitEthemet0/1
Port link -mode-route
Ip.address 200.0.0.1255.255.255.0
Qos gts acl 3002 cir 200 cbs 12500 ebs o queue-length50
Qos gts acl 3000cir 100 cbs 6250 ebs o queue-length50
则当端口 G0/1 出方向转发源 IP 地址为 100.0.0.1 的报文时以下说法正确的是(选择一项或多项)
정답: C,D,E
用 PC 作为客户机,采用客户 LAC 模式通过 iNode 与 LNS 建立 L2TP 隧道,用户登录成功了,但无法正常通信,则出现此问题可能的原因为。(选择一项或多项)
정답: A
主叫 UA 发送一条请求消息并收到被叫 UA 的 200OK 响应,此主叫如何撤销刚才的请求 ?
정답: C
用户使用电话时,拿起电话手柄输入被叫号码后,被叫电话机的振铃属于下列哪种信令。
정답: A
在 BGP MPLS VPN 的组网中,下列关于私网标签和公网标签的描述正确的是。
정답: C
下列关于 PKI 工作流程的说法正确的有
정답: B,C
从网络结构上来分析,网络安全威胁在于。
정답: A,B,D
在 EPCN 网络的常用 VLAN 划分方法中,哪种方式采用了双层 VLAN 的规划 ?
정답: D
HDLC 具有以下哪些特点 ?
정답: A,B,D
以下哪些 VPN 技术适用于出差在外的企业员工,通过 Internet 远程接入企业似网的情况 ?
정답: C
下列属于保障数据完整性手段的有。
정답: B,D
两台安全网关的配置分别为:
RTA
[RTA] ike peer 123
[RTA-ike-peer-123] pre-shared-ke simple 123
[RTA-ike-peer-123] remote-address 10.2.1.2
[RTA-ike-peer-123] local-address 10.2.1.1
[RTA-ike-peer-123] quit
[RTA] ipsec proposal 1
[RTA-ipsec-proposal-1] quit
[RTA] acl number 3000
[RTA-acl-adv-3000] rule 0 permit ip source 10.1.1.0 0.255.255.255
[RTA] ipsec polic 1 1 isakmp
[RTA-ipsec-polic-isakmp-1-1] securit acl 3000
[RTA-ipsec-polic-isakmp-1-1] ike-peer 123
[RTA-ipsec-polic-isakmp-1-1] proposal 1
[RTA-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA] interface Serial 0/2/1
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA-Serial0/2/1] ipsec polic 1
RTB :
[RTB] ike peer 123
[RTB-ike-peer-123] pre-shared-ke simple 123
[RTB-ike-peer-123] remote-address 10.2.1.1
[RTB-ike-peer-123] local-address 10.2.1.2
[RTB-ike-peer-123] quit
[RTB] ipsec proposal 1
[RTB-ipsec-proposal-1] quit
[RTB] acl number 3000
[RTB-acl-adv-3000] rule 0 permit ip source 10.3.1.0 0.255.255.255
[RTB] ipsec polic 1 1 isakmp
[RTB-ipsec-polic-isakmp-1-1] securit acl 3000
[RTB-ipsec-polic-isakmp-1-1] ike-peer 123
[RTB-ipsec-polic-isakmp-1-1] proposal 1
[RTB-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.3.1.1 255.255.255.0
[RTB] interface Serial0/2/1
[RTB-Serial0/2/1] ip address 10.2.1.2 255.255.255.0
[RTB-Serial0/2/1] ipsec polic 1
由此可知。
RTA
[RTA] ike peer 123
[RTA-ike-peer-123] pre-shared-ke simple 123
[RTA-ike-peer-123] remote-address 10.2.1.2
[RTA-ike-peer-123] local-address 10.2.1.1
[RTA-ike-peer-123] quit
[RTA] ipsec proposal 1
[RTA-ipsec-proposal-1] quit
[RTA] acl number 3000
[RTA-acl-adv-3000] rule 0 permit ip source 10.1.1.0 0.255.255.255
[RTA] ipsec polic 1 1 isakmp
[RTA-ipsec-polic-isakmp-1-1] securit acl 3000
[RTA-ipsec-polic-isakmp-1-1] ike-peer 123
[RTA-ipsec-polic-isakmp-1-1] proposal 1
[RTA-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA] interface Serial 0/2/1
[RTA-Serial0/2/1] ip address 10.2.1.1 255.255.255.0
[RTA-Serial0/2/1] ipsec polic 1
RTB :
[RTB] ike peer 123
[RTB-ike-peer-123] pre-shared-ke simple 123
[RTB-ike-peer-123] remote-address 10.2.1.1
[RTB-ike-peer-123] local-address 10.2.1.2
[RTB-ike-peer-123] quit
[RTB] ipsec proposal 1
[RTB-ipsec-proposal-1] quit
[RTB] acl number 3000
[RTB-acl-adv-3000] rule 0 permit ip source 10.3.1.0 0.255.255.255
[RTB] ipsec polic 1 1 isakmp
[RTB-ipsec-polic-isakmp-1-1] securit acl 3000
[RTB-ipsec-polic-isakmp-1-1] ike-peer 123
[RTB-ipsec-polic-isakmp-1-1] proposal 1
[RTB-ipsec-polic-isakmp-1-1] quit
[RTA] interface Ethernet 0/1/0
[RTA-Serial0/2/1] ip address 10.3.1.1 255.255.255.0
[RTB] interface Serial0/2/1
[RTB-Serial0/2/1] ip address 10.2.1.2 255.255.255.0
[RTB-Serial0/2/1] ipsec polic 1
由此可知。
정답: B
在 MSR 路由器显示信息如下:
Acl number 2000
Rule 0 permit source 192.168.0.0 0.0.0.255
Acl number 2002
Rule 0 permit source 192.168.2.0 0.0.0.255
#
Traffic classifier 2 operator and
If-match acl 2002
Traffic classifier 1 operator and
If-match acl 2000
#
Traffic behavior 2
Queue af bandwidth pct 30
Traffic behavior 1
Queue ef bandwidth pct 30 cbs-ratio 25
#
Qos polic test
Classifier 1 behavior 1
Classifier 2 behavior 2 #
Interface GigabitEthernet0/1
Port link-mode route
Duplex full
Speed 10
Ip address 192.168.1.1 255.255.255.0
Qos appl polic test outbound
当源地址为 192.168.0.2 、 192.168.2.2 、 192.168.3.2 的报文流量速率分别为 4Mbps 、 4Mbps 、 6Mbps ,无其它背景流量,从端口 G0/1 _ 向外转发时。则以下说法正确是
Acl number 2000
Rule 0 permit source 192.168.0.0 0.0.0.255
Acl number 2002
Rule 0 permit source 192.168.2.0 0.0.0.255
#
Traffic classifier 2 operator and
If-match acl 2002
Traffic classifier 1 operator and
If-match acl 2000
#
Traffic behavior 2
Queue af bandwidth pct 30
Traffic behavior 1
Queue ef bandwidth pct 30 cbs-ratio 25
#
Qos polic test
Classifier 1 behavior 1
Classifier 2 behavior 2 #
Interface GigabitEthernet0/1
Port link-mode route
Duplex full
Speed 10
Ip address 192.168.1.1 255.255.255.0
Qos appl polic test outbound
当源地址为 192.168.0.2 、 192.168.2.2 、 192.168.3.2 的报文流量速率分别为 4Mbps 、 4Mbps 、 6Mbps ,无其它背景流量,从端口 G0/1 _ 向外转发时。则以下说法正确是
정답: A,E
下列关于 SSL VPN 部署方式说法正确的是。
정답: A,B
IP over IP 的 GRE 封装中, IP 用协议号标示 GRE 头。
정답:
47
建议的设备安全加固手段包括。
정답: A,D
PPP 链路在 ? 情况下可以使用压缩减少需要传递的数据量,从而间接增大链路吞吐量
정답: A,B,C
下列技术本身不具有数据加密功能的是
정답: A,B,C