《2022上半年网络工程师模拟冲刺卷下午.docx》由会员分享,可在线阅读,更多相关《2022上半年网络工程师模拟冲刺卷下午.docx(13页珍藏版)》请在课桌文档上搜索。
1、2022上半年网络工程师模拟冲刺卷下午2022上半年网络工程师模拟冲刺卷下午1.材料型问答题】13分I【问题1】(每空1分)下面是防火墙的部分配置,请完善配置。(1)FWinterfaceGigabitEthernet1/0/1FW-GigabitEthernetl/0/1ipaddress192.168.10.25424FW-GigabitEthernetl/0/1quitFWinterfaceGigabitEthernet1/0/2FW-GigabitEthernetl/0/2ipaddress(2)FW-GigabitEthernetl/0/2quitFWinterfaceGigabit
2、Ethernet1/0/3FW-GigabitEthernetl/0/3ipaddress201.23.36.8929FW-GigabitEthernetl/0/3quitFWfirewallzonedmzFW-zone-dmzaddinterfaceGigabitEthernet1/0/1FW-zone-dmzquitFWfirewallzonetrustFW-zone-trustaddinterfaceGigabitEthernet1/0/2FW-zone-trustquitFWfirewallzoneuntrustFW-zone-untrustaddinterface(3)FW-zone
3、-untrustquit# 配置名称为server_deny的地址集,将几个不允许访问服务器的IP地址加入地址集。FWipaddress-setserver_denytypeobjectFW-object-address-set-server_denyaddress(4)FW-object-address-set-server_denyquit# 配置名称为time.deny的时间段,指定PC不允许访问服务器的时间。FWtime-rangeFW-time-range-time_denyperiod-range(5)FW-time-range-time_denyquit# 分别为Serverll
4、Server2配置自定义服务集serverl_port和server2_port,将服务器的非知名端口加入服务集。FWipservice-setserverl_porttypeobjectFW-object-service-set-serverl_portserviceprotocol(6)source-port0to65535destination-port(7)FW-object-service-set-serverl_portquit# 限制一般用户规定时间使用SerVerl对外提供的服务的安全策略FWsecurity-policyFW-policy-securityrulenamepo
5、licy_sec_denylFW-policy-security-rule-policy_sec_denylsource-zonetrustFW-policy-security-rule-policy_sec_denyldestination-zonedmzFW-policy-security-rule-policy_sec_denyldestination-addressaddress-set(8)FW-policy-security-rule-policy_sec_denylsource-addressrange(9)FW-policy-security-rule-policy_sec_d
6、enylservice(10)FW-policy-security-rule-policy_sec_denyltime-range(11)FW-policy-security-rule-policy_sec_denylaction(12)FW-policy-security-rule-policy_sec_denylquit# 允许一般用户使用SerVerl对外提供的服务的安全策略FW-policy-securityrulenamepolicy_sec_permitFW-policy-security-rule-policy_sec_permitsource-zonetrustFW-polic
7、y-security-rule-policy_sec_permitdestination-zonedmzFW-policy-security-rule-policy_sec_permitserviceserverl_portFW-policy-security-rule-policy_sec_permitaction(13)FW-policy-security-rule-policy_sec_permitquit2 .材料型问答题】5分I【问题2】(每空1分)在Switch上配置ACL禁止除财务部门之外的所有用户访问财务Server,将Switch数据规划表1-3内容中的空缺项补充完整。3 .
8、材料型问答题】2分I【问题3】(每空1分)Web服务器需要对外提供Web服务时,必须对其做地址变换,内部服务器映射公共地址使用基于(18)的NATo企业申请了域名,防火墙在默认配置下,内网能否直接访问https?为什么?4 .材料型问答题】6分I【问题1】(6分)其中在LinUX目录结构中,最高层的目录是根目录,用(1)表示。系统中的所有设备都当做(2)来处理,其中存放终端和磁盘等各种设备文件的目录是(3)o.材料型问答题】4分I问题2(4分)1.inUX下共有7个运行级别,其中(4),仅有root权限,用于系统维护,不能远程登录,类似WindoWS的安全模式。(5),系统默认运行级别不能设置
9、为0,否则不能正常启动,导致机器直接关闭。A.0:系统停机状态B.1:单用户工作状态.材料型问答题】2分I问题3(2分)1.inux系统中常用的DNS服务器软件主要是(6)。其主配置文件为etcnamed.confo.材料型问答题】8分I问题4(8分)1.inux系统中FTP服务器常用的是VSFTPD,以下是其主要配置文件VSftPd.conf的部分配置,在空(7)(10)中填写命令的含义。1.isten_address=192.168.1.1#listen_port=21#max_per_ip=10#max_clients=1000anonymous_enable=YES(7)IocaLen
10、abIe=YES(8)write_enable=YES(9)userlist_enable=NO(10)5 .材料型问答题】1分I问题1(1分):目前支持VPN技术的协议有多种,本企业合理的VPN协议是(1)备选答案:APPTPB.L2TPC.IPSecD.SSL6 .材料型问答题】13分I问题2(13分):请将相关配置补充完整。总部防火墙firewalll的部分配置如下。system-viewFIREWALL1interfaceGigabitEthernet1/0/2FIREWALLl-GigabitEthernetl/0/2ipaddress192.168.1.124FIREWALLl-G
11、igabitEthernetl/0/2quitFIREWALL1interfaceGigabitEthernet1/0/1FIREWALLl-GigabitEthernetl/0/1ipaddress202.1.3.124FIREWALLl-GigabitEthernetl/0/1quit# 配置接口加入相应的安全区域。FIREWALL1(2)FIREWALLl-zone-trust(3)FIREWALLl-zone-trustquitFIREWALL1(4)FIREWALLl-Zone-Untrust(5)FIREWALLl-Zone-Untrustquit# 配置Trust域与Untrus
12、t域的安全策略,允许封装前和解封后的报文能通过FIREWALL1(6)FIREWALLl-policy-securityrulename1FIREWALLl-policy-security-rule-1source-zonetrustFIREWALLl-policy-security-rule-1destination-zoneuntrustFIREWALLl-policy-security-rule-1source-address(7)FIREWALLl-policy-security-rule-1destination-address(8)FIREWALLl-policy-security
13、-rule-1(9)FIREWALLl-policy-security-rule-1quit# 配置Local域与Untrust域的安全策略,允许IKE协商报文能正常通过FirewallIoFIREWALLl-policy-securityrulename3FIREWALLl-policy-security-rule-3source-zonelocalFIREWALLl-policy-security-rule-3destination-zoneuntrustFIREWALLl-policy-security-rule-3source-address202.1.3.132FIREWALLl-p
14、olicy-security-rule-3destination-address202.1.5.132FIREWALLl-policy-security-rule-3actionpermitFIREWALLl-policy-security-rule-3quitFIREWALLl-policy-securityrulename4FIREWALLl-policy-security-rule-4source-zoneuntrustFIREWALLl-policy-security-rule-4destination-zonelocalFIREWALLl-policy-security-rule-4
15、source-address202.1.5.132FIREWALLl-policy-security-rule-4destination-address202.1.3.132FIREWALLl-policy-security-rule-4actionpermitFIREWALLl-policy-security-rule-4quitFIREWALLl-policy-securityquit# 配置访问控制列表,定义需要保护的数据流。FIREWALL1acl3000FIREWALLl-acl-adv-3000rule(10)ipsource192.168.100.00.0.0.255destin
16、ation192.168.200.00.0.0.255FIREWALLl-acl-adv-3000quit# 配置名称为tranl的IPSec安全提议。FIREWALL1(11)FIREWALLl-ipsec-proposal-tranlencapsulation-modetunnelFIREWALLl-ipsec-proposal-tranltransformespFIREWALLl-ipsec-proposal-tranlespauthentication-algorithmsha2-256FIREWALLl-ipsec-proposal-tranlespencryption-algori
17、thmaesFIREWALLl-ipsec-proposal-tranlquit# 配置序号为10的IKE安全提议。FIREWALL1ikeproposal10FIREWALLl-ike-proposal-10authentication-methodpre-shareFIREWALLl-ike-proposal-10authentication-algorithmsha2-256FIREWALLl-ike-proposal-10quit# 配置IKE用户信息表。FIREWALL1ikeuser-table1FIREWALLl-ike-user-table-1userid-typeip(12)
18、pre-shared-keyAdmingkysFIREWALLl-ike-user-table-1quit# 配置IKEPeeroFIREWALL1ikepeerbFIREWALLl-ike-peer-bike-proposal10FIREWALLl-ike-peer-buser-table1FIREWALLl-ike-peer-bquit# 配置名称为map_temp序号为1的IPSec安全策略模板。FIREWALL1ipsecpolicy-templatemap-temp1FIREWALLl-ipsec-policy-template-map-tmp-lsecurityacl(13)FIR
19、EWALLl-ipsec-policy-template-map-tmp-lproposaltranlFIREWALLl-ipsec-policy-template-map-tmp-like-peerbFIREWALLl-ipsec-policy-template-map_temp-lreverse-routeenableFIREWALLl-ipsec-policy-template-map_temp-lquit#在IPSec安全策略mapl中引用安全策略模板map_temp。FIREWALL1ipsecpolicymapl10isakmptemplatemap_temp#在接口Gigabit
20、Ethernet1/0/1上应用安全策略mapl。FIREWALL1interfaceGigabitEthernet1/0/1FIREWALLl-GigabitEthernetl/0/1ipsecpolicymaplFIREWALLl-GigabitEthernetl/0/1quitSwitchaclnumber2022Switch-acl-basic-2022rulepermitsource172.16.105.00.0.0.255/允许172.16.105.0/24网段的所有用户在任意时间都可以访问FTP服务器Switch-acl-basic-2022rulepermitsource172
21、.16.107.00.0.0.255time-range甘1限制172.16.107.0/24网段的所有用户只能在tri时间段定义的时间范围内访问FTP服务器Switch-acl-basic-2022ruledenysourceany限制其他用户不可以访问FTP服务器Switch-acl-basic-2022quit10 .材料型问答题】6分I问题3(6分)IPSeC工作在TCP/IP协议栈的(14)层,为TCP/IP通信提供访问控制机密性、数据源验证、抗重放、数据完整性等多种安全服务。IPSeC是实现建立安全分组流的密钥交换协议是(15)协议。IPSeC在传输数据的过程中,若所有数据经过处理
22、之后,重新封装一个新的IP头在发送。则IPSeC工作在(16)模式。11 .材料型问答题】1分I【问题1】(1分)VLAN的划分方法有静态划与动态划分为两大类,PCl和PC2属于部门A,PC3个PC4属于部门B,PC5属于部门C,在SW3上把端口GE0/0/2和GE0/0/3加入到同一VLAN,这种VLAN划分方式为(I)O12 .材料型问答题】13分I【问题2】(13分)按照网络设计要求,部门B的PC3和PC4属于VLANlO,部门C的PC5属于VLAN20,需对SW3完成基本配置,请将下面的配置代码补充完整。display(2)查看交换机型号操作系统版本信息运行时间等(3)Entersys
23、temview,returnuserviewwithCtrl+Z.HuaweisysnameSW3SW3vlan(4)1020批量仓IJ建VLAN10和VLAN20SW3vlan10SW3-vlanl0(5)department_BSW3-vlanlOquitSW3port-group(6)GigabitEthernet0/0/2GigabitEthernet0/0/3SW3-port-groupportlink-type(7)SW3-port-groupportdefaultvlan(8)SW3-port-groupquitSW3interfaceGigabitEthernet0/0/4SW
24、3-GigabitEthernet004portlink-typeaccessSW3-GigabitEthernet004portdefaultvlan20SW3-GigabitEthernet004quitSW3interfaceVlanif10SW3-VlaniflOdescriptiondepartment_BSW3-VlaniflOipaddress10.10.10.124SW3-VlaniflOdhcpselectinterfaceError:PleaseenableDHCPintheglobalviewfirst.请填写产生该错误的原因(9)SW3-VlaniflOquitSW3d
25、hcpenableInfo:Theoperationmaytakeafewseconds.Pleasewaitforamoment.done.SW3interfaceVlanif10SW3-VlaniflOdhcpselect(10)SW3-VlaniflOdhcpserverdns-list10.2.3.410.2.3.5SW3-VlaniflOdhcpserverdomain-SW3-VlaniflOdhcpserverecluded-ip-address10.10.10.210.10.10.30SW3-VlaniflOdhcpserverleaseday0hour8SW3-Vlanifl
26、Odhcpserverstatic-bind ip-address 10.10.10.3mac-address0012-3333-3333ErronTheIPaddresssstatusiserror.请填写产生该错误的原因(11)SW3-VlaniflOdhcpserverstatic-bindip-address10.10.10.35mac-address0012-3333-4444SW3-VlaniflOdisplay(12)#interfaceVIaniflOipaddress10.10.10.1255.255.255.0dhcpselectinterfacedhcpserverexc
27、luded-ip-address10.10.10.210.10.10.30dhcpserverstatic-bindip-address10.10.10.35mac-address0012-3333-4444dhcpserverleasedayOhour8minute0dhcpserverdns-list10.2.3.410.2.3.5dhcpserverdomain-#returnSW3-VlaniflOquitSW3interfacevlanif20SW3-Vlanif20descriptiondepartment_CSW3-Vlanif20ipaddress10.10.20.124SW3
28、-Vlanif20dhcpselectglobalSW3-Vlanif20quitSW3ippoolvlan20SW3-ip-pool-vlan20network10.10.20.0(13)24SW3-ip-pool-vlan20(14)10.10.20.1SW3-ip-pool-vlan20dns-list10.2.3,410.2.3.5SW3-ip-pool-vlan20domain-SW3-ip-pool-vlan20excluded-ip-address10.10.20.210.10.20.30SW3-ip-pool-vlan20leaseday1SW3-ip-pool-vlan20d
29、isplaythis#ippoolvlan20gateway-list10.10.20.1network10.10.20.0mask255.255.255.0excluded-ip-address10.10.20.210.10.20.30dns-list10.2.3.410.2.3.5domain-#13.材料型问答题】1分I【问题3】(1分)在SW3上的全局地址池vlan20中配置了IeaSeday1的参数,但是在查看全局地址池vlan20中的配置时,发现该参数并不存在,其原因是(15)_o(15)备选答案A.该参数语法错误,在配置过程中出现了语法错误导致的报错,所以配置没有生效B.该参数并不属于全局DHCP地址池下的参数,所以无法在全局DHCP地址池下配置C.该参数为DHCP地址的默认参数,即使手工配置了也不会显示出来D.交换机的该版本有bug,导致配置该参数无法显示