Which statement best describes Cisco IOS Zone-Based Policy Firewall？（）A、A router interface can belong to multiple zones.B、Policy maps are used to classify traffic into different traffic classes， and class maps are used to assignaction to the traffic class

第1题：

Which statement is true about the SDM QoS wizard and its ability to enable a QoS policy on router interfaces？（）

• A、QoS can be enabled on interfaces used for Easy VPN clients
• B、QoS can be enabled on IPsec VPN interfaces and tunnels
• C、QoS can be enabled on interfaces with an existing QoS policy
• D、the QoS policy can be enabled for incoming and outgoing traffic on the interface

第2题：

Which two steps are executed in the deployment of Cisco AutoQoS for Enterprise？（）

• A、The customer uses SNMP statistics to create the policy.
• B、QoS policy templates are generated and installed on the interface.
• C、RTP is used to generate the policy.
• D、LLQ，cRTP，and LFI are used to automatically discover the policy.
• E、The auto-generated policy is manually optimized before implementation.
• F、Auto-discovery is used to determine what traffic is on the interface.

第3题：

What is the default Quality of Service traffic class used by the ERX Edge Router?（）

• A、bronze forwarding
• B、assured forwarding
• C、expedited forwarding
• D、best effort forwarding

第4题：

Which Cisco IOS traffic-shaping mechanism statement is true？ （）

• A、class-based policing is configured using the Modular QoS command-line （MQC）
• B、only the Frame Relay traffic-shaping （FRTS） mechanism can interact with a Frame Relay network， adapting to indications of Layer2 congestion in the WAN links
• C、Distributed Traffic Shaping （DTS） is configured with the police command under the policy map configuration
• D、both Frame Relay traffic shaping （FRTS） and virtual IP （VIP）-based Distributed Traffic Shaping （DTS） have the ability to mark traffic

第5题：

Which IOS QoS mechanism is used strictly to rate limit traffic destinedto the router itself？（）

• A、 Class-Based Policing
• B、 Control Plane Policing
• C、 Dual-Rate Policier
• D、 Single-Rate Policier
• E、 Class-BasedTraffic Shaper

第6题：

Which two statements are true about the Cisco Classic （CBAC） IOS Firewall set？（）

• A、It can be used to block bulk encryption attacks
• B、It can be used to protect against denial of service attacks
• C、Traffic originating from the router is considered trusted， so it is not inspected
• D、Based upon the custom firewall rules， an ACL entry is statically created and added to theexisting ACL permanently
• E、Temporary ACL entries that allow selected traffic to pass are created and persist for theduration of the communication session

第7题：

What is true about access control on bridged and routed VLAN traffic？ （）

• A、 Router ACLs can be applied to the input and output directions of a VLAN interface.
• B、 Bridged ACLs can be applied to the input and output directions of a VLAN interface.
• C、 Only router ACLs can be applied to a VLAN interface.
• D、 VLAN maps and router ACLs can be used in combination.
• E、 VLAN maps can be applied to a VLAN interface

第8题：

What accurately describes the usage of a Cisco AutoQoS command？（）

• A、on Catalyst switches， the show auto discovery qos command is used to display the data collected during the Auto-Discovery phase
• B、on Catalyst switches， the show auto qos command is used to display packet statistics of all classes that are configured for all service policies
• C、on Cisco routers， the show mls qos maps command is used to verify the CoS-to-DSCP maps for egress packet queuing
• D、on Cisco routers， the show auto qos command is used to display the AutoQoS interface templates， policy maps， class maps， and ACLs

第9题：

Users can define policy to control traffic flow between which two components? （）(Choose two.)

• A、from a zone to the router itself
• B、from a zone to the same zone
• C、from a zone to a different zone
• D、from one interface to another interface

第10题：

第11题：

第12题：

第13题：

ASA/PIXversion 7.0 introduced ModularPolicyFramework （MPF） as anextensible wayto classify traffic，and then apply policies （or actions） to that traffic. MPF at aminimum requires which three commands？（）

• A、 http-map， tcp-map， class-map
• B、 class-map， tcp-map， policy-map
• C、 class-map， policy-map， service-map
• D、 class-map， service-policy， policy-map

第14题：

Which statement describes the behavior of a security policy？（）

• A、The implicit default security policy permits all traffic.
• B、Traffic destined to the device itself always requires a security policy.
• C、Traffic destined to the device’s incoming interface does not require a security policy.
• D、The factory-default configuration permits all traffic from all interfaces.

第15题：

As an experienced network administrator, you are asked to troubleshoot a QoS problem. In which way might the Cisco NetFlow be helpful during the troubleshooting process?（）

• A、NetFlow can discover the protocols in use and automatically adjust QoS traffic classes to meet policy-map requirements.
• B、NetFlow records can be used to understand traffic profiles per class of service for data, voice, and video traffic.
• C、NetFlow can be configured to identify voice and video traffic flows and place them into a low-latency queue for expedited processing.
• D、NetFlow can report on the number of traffic matches for each class map in a configured QoS policy configuration.

第16题：

Which statement describes the Authentication Proxy feature？（）

• A、All traffic is permitted from the inbound to the outbound interface upon successful authentication of the user.
• B、A specific access profile is retrieved from a TACACS+ or RADIUS server and applied to an IOS Firewall based on user provided credentials.
• C、Prior to responding to a proxy ARP，the router will prompt the user for a login and password which are authenticated based on the configured AAA policy.
• D、The proxy server capabilities of the IOS Firewall are enabled upon successful authentication of the user.

第17题：

Which statement about MPLS traffic engineering policy-based tunnel selection （PBTS） is not true？（）

• A、The tunnel that is not configured with the policy-class command acts as the default
• B、EXP selection is between multiple tunnels to the same destination
• C、There is no requirement for IGP extensions
• D、Tunnels are configured using the policy-class command and carry multiple EXP values
• E、It supports VRF traffic， IP-to-MPLS switching， and MPLS-to-MPLS switching

第18题：

Which two statements about QoS options in a Cisco UCS environment are true？（）

• A、 The QoS policy assigns a system class to the outgoing traffic for a vNIC or vHBA.
• B、 Flow-control policies determine whether the uplink Ethernet ports in a Cisco UCS environment send and receive IEEE 802.3x pause frames when the send buffer for a port fills.
• C、 If no system class is configured as CoS 0， the Fibre Channel system class is used.
• D、 The user can configure QoS for these system classes： platinum， gold， silver， best effort， Fibre Channel.
• E、 When configuring a system class， the type of adapter in a server may limit the maximum MTU supported.

第19题：

What is true about access control on bridged and routed VLAN traffic？（）

• A、Router ACLs can be applied to the input and output directions of a VLAN interface
• B、Bridged ACLs can be applied to the input and output directions of a VLAN interface
• C、Only router ACLs can be applied to a VLAN interface
• D、VLAN maps and router ACLs can be used in combination
• E、VLAN maps can be applied to a VLAN interfac

第20题：

Which utility is used to assign a flow of data to a traffic class?（）

• A、ip profile
• B、policy-list
• C、classifier-list
• D、rate-limit-profile

第21题：

第22题：

第23题：