拖图题
QoS;policing:dropped,no delay;shaping:buffers,delay;policing有TCP和no。shaping有buffer缓冲器和delay延迟;警察安全不丢失,定型过多延迟又延迟
traffic policing:流量监管
causes TCP retransmissions when traffic is dropped导致TCP重传时流量下降
introduces no delay and jitter引入无延迟和抖动
drops excessive traffic减少过多的流量
警察产生介绍不丢失
traffic shaping:流量定形
buffers excessive traffic缓冲过多的流量
introduces delay and jitter引入延迟和抖动
typically delays,rather than drops traffic通常是延迟,而不是减少交通
定型缓冲介绍电信
QoS;缺少题目11
policy map:mechanism to create a
service policy:mechanism to apply a Qos
DSCP:portion of the IP header used
shaping:bandwidth management
policing:tool to enforce-rate-limiting
Cos:portion of the 802.1Q header
QoS;Mark和convey(Mark和information标记信息),Classification和distinguish(Class和type分类类型),shapping和buffer缓冲(shap和rate定型速率),Trust和permits(放行信任);定型过量
applied on traffic to convey Information to a downstream device:Marking
应用于流量,将信息传递给下游设备:做记号
distinguish traffic types:Classification
区分交通类型:分类
process used to buffer traffic that exceeds a predefined rate:shapping
用于缓冲超过预定义速率的流量的进程:定型
permits traffic to pass through the device while retaining DSCP/COS values:Trust
允许流量通过设备,同时保留DSCP/COS值:信任
联想:应用记号,区分类别,定型进程,信任允许
QoS mechanisms;缺少题目
service policy:mechanism to apply
policy map:mechansim to create
DSCP:portion of the IP
OSPF和EIGRP(OSPF<EIGRP)
OSPF: link、only equal、manual、 simple、 specific part、cost、 process、DSPF
EIGRP:vector、unequal、automatically、complex、anywhere、 metic、ADVR、 DUAL
routing protocol;OSPF有link和only equal。EIGRP有advanced和unequal(高级所以能支持不等成本的)。
OSPF:
link state链路状态
supports only equal cost path load balancing只支持等成本路径负载均衡
EIGRP:
advanced distance vector高级距离矢量协议
supports unequal cost path load balancing支持不等成本路径负载均衡
routing protocols;OSPF有link和equal。EIGRP有alternative,DUAL和ADVP。
OSPF:
Link State Protocol链路状态协议
supports only equal multipath load balancing只支持等多路径负载均衡
quickly computes new path upon link failure在链路故障时快速计算新的路径
EIGRP:
maintains alternative loop-free backup path if available维护可选的无循环备份路径(如果可用)
selects routes using the DUAL algorithm使用DUAL算法选择路由
Advanced Distance Vector Protocol高级距离向量协议
routing protocol;OSPF有link。EIGRP有alternative和DUAL。
OSPF:quickly computes new path upon link failure在链路故障时快速计算新的路径
EIGRP:
maintains alternative loop-free backup path if available维护可选的无循环备份路径(如果可用)
selects routes using the DUAL algorithm使用DUAL算法选择路由
routing protocols;OSPF有link和manual。EIGRP有automatically。
OSPF:
supports virtual links支持虚连接
requires manual configuration of network summarization需要手动配置网络摘要
EIGRP:
can automatically summarize networks at the boundary能否在边界处自动总结网络
routing protocol types;OSPF有simple和not。EIGRP有complex和be(yes)。
OSPF:
The path metric is simple and based on interface cost
路径度量很简单,并且基于接口成本
The route summary is not interface based
路由汇总不是基于接口的
EIGRP:
The path metrics are complex
路径度量是复杂的
The summary can be interface based
摘要可以是基于接口的
routing protocol;OSPF有specific part和area。EIGRP有anywhere和DUAL。
OSPF:
summarizes can be created in specific parts of the IGP topology
可以在IGP拓扑的特定部分创建摘要
uses areas to segment a network
使用区域对网络进行分段
EIGRP:
DUAL algorithm
对偶算法
summaries can be created anywhere in the IGP topology
摘要可以在IGP拓扑的任何地方创建
routing protocols;OSPF有defalut/AD、backbone/virtual links和process ID。EIGRP有AS,ADVRP和DUAL。
OSPF:
The defalut Administrative Distance is equal to 110.默认的管理距离等于110。
It uses virtual links to connect two parts of a pratitioned backbone through a non-backbone area.它使用虚拟链路,通过一个非骨干区域连接一个专用骨干网的两个部分。
It requires a process ID that is local to the router.它需要路由器本地的进程ID。
EIGRP:
It requires an Autonomous System number to create a routing instance for exchanging routing infromation.它需要一个自治系统号来创建路由实例以交换路由信息。
It is an Advanced Distance Vector routing protocol.它是一种高级距离向量路由协议。
It relies on the Diffused Update Algorithm to calculate the shortest path to ad destination.它依赖于扩散更新算法来计算到达目标的最短路径。
routing protocol types;OSPF有link,segment和table。EIGRP有unequal、DVRP和reliability
OSPF:
link state routing protocol链路状态路由协议
makes it easy to segment the network logically使其易于在逻辑上划分网络
constructs three tables as part ofits operation:neighbor table, topology table, and routing table构造三个表作为其操作的一部分:邻居表、拓扑表和路由表
EIGRP:
supports unequal path load balancing支持非均衡路径负载均衡
distance vector routing protocol距离矢量路由协议
metric based on delay and reliability by default默认情况下,基于延迟和可靠性的度量
routing protocols;OSPF有link和cost。EIGRP有metic和5
OSPF:
uses virtual links to link an area that does not have a connection to the backbone使用虚连接将没有连接的区域连接到主干网
cost is based on interface bandwidth开销基于接口带宽
EIGRP:
hello packets are sent by default every 5 seconds on high-bandwith links缺省情况下,在高带宽链路上每5秒发送一次Hello报文
metic is calculated using bandwidth and delay by default默认情况下使用带宽和延迟计算
protocols;OSPF有shortest和process。EIGRP有DUAL和metric
OSPF:
uses Dijkstra’s Shortest Path First algorithm使用Dijkstra最短路径优先算法
uses an election process使用选举过程
EIGRP:
uses Diffused Update Algorithm使用扩散更新算法
uses bandwidth, delay, reliability and load for routing metric使用带宽、延迟、可靠性和负载作为路由度量
On-Premises和Cloud(On-Premises<Cloud)
On-Premises:hardware/own、security、underutill、high capital、slow upgrade、lower reoccurring cost、longer deployment、complex customization
Cloud:internet/provider、easy、recovery、low capital、fast upgrade、pay-as-you-go、scalable deployment、on-demand self-service
| 对比者 | 设备 | 对象 | 资源 | 资本 | 升级 | 成本 | 部署 | 服务 | |
|---|---|---|---|---|---|---|---|---|---|
| On-Premises | hardware/own | security | underutill | high capital | slow upgrade | lower reoccurring cost | longer deployment | complex customization | |
| Cloud | internet/provider | easy | recovery | low capital | fast upgrade | pay-as-you-go | scalable deployment | on-demand self-service |
infrastructure;On-Premises私有云有hardware,specific和undertutilized。Cloud有easy,strong和automated。;On-Premises要有硬件,特殊要求和未充分利用。Cloud公有云要有简单,强大和自动。
On Premises:
customizable hardware, purpose-built systems可定制的硬件,专用的系统
more suitable for companies with specific regulatory or security requirements更适合有特定监管或安全要求的公司
resources can be over or underutilized as requirements vary随着需求的变化,资源可能被过度利用或未充分利用
Cloud:
easy to scale and upgrade易于扩展和升级
requires a strong and stable internet connection需要强大而稳定的互联网连接
built-in, automated data backups and recovery内置,自动数据备份和恢复
infrastructure;On-Premises有hardward,slow upgrade和high capital。Cloud有provider,fast upgrade和low capital。;Cloud比On-Premise好。
On-Premises Infrastructure:
enterprise owns the hardware企业拥有硬件
high capital expenditure高资本支出
slow upgrade lifecycle升级周期慢
Cloud-Hosted Infrastructure:
provider maintains the infrastructure提供者维护基础设施
low capital expenditure低资本支出
fast upgrade lifecycle快速升级生命周期
infrastructure;On-premises有control和lower。Cloud有go,data和fast。
On-premises:
significant initial investment but lower reoccurring costs初期投资可观,但重复成本较低
company has control over the physical security of equipment公司对设备的物理安全有控制
Cloud:
pay-as-you-go model现收现付制
physical location of data can be defined in contract with provider数据的物理位置可以在与提供商的合同中定义
very scalable and fast delivery of changes in scale非常可扩展和快速交付规模上的变化
infrastructure;On-Prem有control和longer。Cloud有shared和quick。
On-Prem:
Requires purpose built applications
Complete control and accessibility完全控制和可访问性
Longer deployment cycle更长的部署周期
Cloud:
Shared ownership and accessibility共享所有权和可访问性
Quick and scalable deployment快速、可伸缩的部署
infrastructure;On-Premises有control和cost。Cloud有improve和reduce。
On-Premises:
This model enables complete control of the servers.该模型支持对服务器的完全控制。
Costs for this model are considered CapEx.该模型的成本被认为是资本支出。
Cloud:
This model improves elasticity of resources.该模型提高了资源的弹性。
This model reduces management overhead by leveraging provider-managed resources.该模型通过利用提供者管理的资源来减少管理开销。
infrastructure;On-Premises有complex和long。Cloud有self-service。
On-Premises:
long implementetion timeframe
较长的实现时间框架
offers complex customization
提供复杂的定制
Cloud:
on-demand self-service
按需自助服务
orchestration;Ansible有primary/secondary,push;Puppet有multi-master,pull;push和ansible都有s;puppet和pull都有重复的字母;Ansible有an提示primary一级;
Ansible:安塞波
utilizes a push model利用推送模型
primary/secondary architecture一级/二级架构
Puppet:傀儡
utilizes a pull model利用拉模型
multi-master architecture多主架构
orchestration;Ansible有prodect book产品书、Puppety有pull declarative拉起公告;Ansible有play,prode、Puppet有pull和declarative;
Ansible:
uses playbooks使用剧本
prodectural
Puppet:木偶
uses a pull model使用拉模型
declarative公告的
orchestration;;Configuration Management有con提示consistent、有an提示Ansible。Orchestration;CM有ansible安塞波和consistent基础。orchestration有puppet木偶和automation自动化。;CM有an和en(an:ansible;en:enable);o有pp和do。
Configuration Management:配置管理
Ansible is used for this type of technology.Ansible用于这种技术。
This type of technology enables consistent configuration of lnfrastructure resources.这种类型的技术可以实现基础设施资源的一致配置。
Orchestration:编配
Puppet is used for this type of technology.Puppet用于这种类型的技术。
This type of technology provides automation across multiple technologies and domains.这种类型的技术提供了跨多个技术和领域的自动化。
snippet;192.168.5.0,mask 255.255.255.0;number是192.168.5.0;mask是255.255.255.0
snippets;edit-config对config,loopback对name 100,address对primary,mask对255.255.255.0;loopback和100都有两个0;primary后可接address
prefix list;target后接running(跑目标);prefixes接name 100;permit 接10 set local-preference;match 接 ip address prefix-list;target目标running奔跑;prefix前缀name名字;permit允许10;match匹配ip;
Cisco Cyber Threat Defense;少题目
Cisco DNA Center API;delete对remove。put对应update。get对应extract。post对应create。;put提高就是update升级,get得到extract提取,post工作create创建;post邮寄element元素;put和update的pu和up相反;get和extract的et和ext都有et;
DELETE:remove an element using the API使用API删除一个元素
PUT:update an element更新元素
GET:extract information from the API从API中提取信息
POST:create an element创建一个元素
AAA;ACE group,AAA RADIUS,case-sensitive format,if;不要non和没有AAA的ACE;注意四个顺序还有前后顺序要求;ACE group、AAA RADIUS、case-sensitive、if;短A,长A,长local,if如果;
AAA servers of ACE group:ACE集团AAA服务器
AAA servers of AAA RADIUS group:AAA RADIUS组的AAA服务器
local configured username in case-sensitive format:本地配置的用户名,区分大小写
if no method works,then deny login:如果没有有效的方法,则拒绝登录
AAA servers of AAA RADIUS group:AAA RADIUS组的AAA服务器
local configured username in non-case-sensitive format:本地配置的用户名,不区分大小写
local configured username in case-sensitive format:本地配置的用户名,区分大小写
AAA servers of ACE group:ACE集团AAA服务器
tacacs servers of group ACE:tacacs组ACE服务器
if no method works,then deny login:如果没有有效的方法,则拒绝登录
An engineer creates the configuration below. Drag and drop the authentication methods from the left into the order of priority on the right. Not all options are used.工程师创建下面的配置。将身份验证方法从左边拖放到右边的优先级顺序中。并非所有选项都被使用。
ACL;先permit靠action drop拒绝;permit、permit、action drop、action forward
Refer to the exhibit.An engineer must deny HTTP traffic from host A to host V while allowing all othercommunication between the hosts , drag and drop the commands into the configuration to achieve theseresults.参考展品。工程师必须拒绝从主机A到主机V的HTTP流量,同时允许主机之间的所有其他通信,将命令拖放到配置中以实现这些结果。
VSS;2、4500+6500、geograp地理;two,series,separated;两份礼系列
VSS:
combines exactly two devices
恰好结合两个设备
supported on the Cisco 4500 and 6500 series
支持思科4500和6500系列
supports devices that are geographically separated
支持地理位置分离的设备
combines exactly two devices:恰好结合两个设备
supported on Cisco 3750 and 3850 devices:支持思科3750和3850设备
supported on the Cisco 4500 and 6500 series:支持思科4500和6500系列
supports devices that are geographically separated:支持地理位置分离的设备
supports up to nine devices:最多支持9台设备
uses proprietary cabling:使用专用布线
virtual component;缺少题目
OVA:zip file containing a virtual
VMDK:file containing a virtual
VMX:configuration file containing
vNIC:component of a virtual machine
LISP;resolver和accept,server和learn,proxy和receives&send,ITR和receives;resolver和request都有re;server和learn;ETR与ITR都有receive,ITR有interface,都有i。ETR有site,et和te;解析器resolver解析啥,就是解析request请求、服务器server负责learn、代理proxy负责receive traffic接收流量、receive packet接收包;
LISP map resolver:accepts LISP encapsulated map requests
LISP映射解析器:接受LISP封装的映射请求
LISP map server:learns of EID prefix mapping entries from an ETR
LISP映射服务器:从ETR学习EID前缀映射项
LISP proxy ETR:receives traffic from LISP sites and sends it to non-LISP sites
LISP代理ETR:接收来自LISP站点的流量,并将其发送到非LISP站点
LISP ITR:receives packets from site-facing interfaces
LISP ITR:接收面向站点接口的报文
LIPS;EID有endpoint。map server有learn。ETR有site,et和te。
EID:IPv4 or IPv6 address of an endpoint within a LISP site
EID: LISP站点中端点的IPv4 或IPv6地址
map server:network infrastructure component that learns of EID-prefix mapping entries from an ETR
映射服务器:从ETR学习eid前缀映射条目的网络基础设施组件
ETR:de-encapsulates LISP packets coming from outside of the LISP site to destinations inside of the site
ETR:将来自LISP站点外部的LISP数据包解封装到站点内部的目的地
LACP-based;第一是physical and data link。第二是add xx to the existing bundle(2a)。第三是bundle 3。第四是network layer;先底层,加bundle,再3 bundle,最后网络层。;五岁三王
setp1:Validate the physical and data link layers of the 10Gbps link
步骤1:验证10Gbps链路的物理层和数据链路层
setp2:Execute the channel-group number mode active command to add the 10Gbps link to the existing bundle
步骤2:使用channel-group number mode active命令将10Gbps链路添加到现有的bundle中
setp3:Execute the lacp min-bundle 3 command to set the minimum number of ports threshold
步骤3:执行lacp min-bundle 3命令设置最小端口数阈值
setp4:Validate the network layer of the 10Gbps link
步骤4:验证10Gbps链路的网络层
不选
execute the channel-group number mode on command to add the 10Gbps link to the existing bundle.
执行channel-group number mode on命令将10Gbps链路添加到现有的bundle中。
execute the channel-group number mode auto command to add the 10Gbps link to the existing bundle.
执行channel-group number mode auto命令将10Gbps链路添加到现有的bundle中。
A network engineer is adding an additional 10Gps link to an exiting 2x10Gps LACP-based LAG to augmentits capacity. Network standards require a bundle interface to be taken out of service if one of its memberlinks goes down, and the new link must be added with minimal impact to the production network. Drag anddrop the tasks that the engineer must perform from the left into the sequence on the right.Not all optionsare used.
一名网络工程师正在向现有的基于2x10Gps lacp的LAG添加额外的10Gps链路,以增加容量。网络标准要求,如果其中一个成员链接出现故障,必须将捆绑包接口从服务中移除,并且必须在对生产网络影响最小的情况下添加新链接。将工程师必须执行的任务从左边拖放到右边的序列中。并不是所有的选项都被使用。
REST API;公共API资源是安全库。HTTP要有用户和密码。API依赖Token。OAuth依赖身份提供者。;secure和public、basic有用户和密码(最基本也要有用户和密码)、token和secret、oauth有autho;
Secure Vault:Public API Resources
安全库:公共API资源
HTTP Basic Authentication:Username and Password in an enciosed string
HTTP基本身份验证:用户名和密码在一个附带的字符串
Token Based Authentication:API Dependent Secret
基于令牌的身份验证:API相关的秘密
OAuth:Authorization through ldentity Provider
OAuth:通过ldentity Provider进行授权
RESTCONF;natvie/interface/GigabitEthernet/1、HTTP Verb-GET、Headers-Accept;GET是请求方法、属于Verb动词;accept header接收头部;
PIM Dense Mode;build要source不要share、use要push和prune不要pull;要source-base不要shared。要push不要pull。要stop不要deliver。source、push、prune原退件
PIM Dense Mode:PIM密集模式:
builds source-based distribution trees构建基于源代码的分发树
uses a push model to distribute multicast traffic使用推模型分配多播流量
uses prune mechanisms to stop unwanted multicast traffic使用剪枝机制来停止不需要的多播流量
uses a pull model to distribute multicast traffic.使用拉模型来分配多播流量。
builds shared distribution trees.构建共享分布树。
requires a rendezvous point to deliver multicast traffic.需要一个集合点来传送多播通信。
threat defense;
AMP4E:provides malware protection on endpoints.
FTD:provides IPS/IDS capabilities.
StealthWatch:performs security analytics by collecting network flows.
ESA:protects against email threat vector.
Umbrelia:provides DNS protection.
AMP4E:提供终端恶意软件保护。
FTD:提供IPS/IDS能力。
StealthWatch:通过收集网络流执行安全分析。
ESA:防范电子邮件威胁向量。
雨伞:提供DNS保护功能。
wireless elements;gain对increase、radiation对show、beamwidth对measure、polarization对influence;gain increase增益提高;gain和given都有gin;patterns和space都有pas;beamwidth和below都有bew;
gain:the relative increase in signal strength of an antenna in a given direction
增益:天线在给定方向上信号强度的相对增加
radiation patterns:a graph that shows the relative intensity of the signal strength of an antenna within its space
辐射模式:显示天线在其空间内信号强度的相对强度的图形
beamwidth:measures the angle of an antennapattern in which the relative signal strength is half-power below the maximum value
波束宽度:测量天线模式的角度,其中相对信号强度低于最大值的一半功率
polarization:radiated electromagnetic waves that influence the orientation of an antenna within its electromagnetic field
极化:在电磁场范围内影响天线方向的辐射电磁波
packet switching architecture;PS有software和general、CEF有high;CEF比PS高咯;Process Switching有两个switching;CEF有high。
Process Switching:进程交换
It is referred as “software” switching
它被称为“软件”切换
It uses General Purpose CPU to perform that switching
它使用通用CPU来执行切换
Cisco Express Forwading:思科快速转发:
lt is used when you have to perform in high packet volume
它用于必须在高数据包容量下执行的情况
DHCP;1是发现,2是提供,3是请求,4是确认。;联想马路边捡到1块钱(发现),交给jingcha叔叔手里边(提供),有人来认领(请求),叔叔进行身份(确认)。;首字母,dora都让
1:DHCP discover
DHCP发现
2:DHCP offer
DHCP提供
3:DHCP request
DHCP请求
4:DHCP ack
DHCP确认
BGP;bdp接65001、neighbor 192.168.1.1、remote-as 65000、neighbor 192.168.1.1;看图从做左到右,按顺序来填写,注意neighbor是对端的地址;看图你就知道了
