Which of the following parameters does not need to be configured in an authorization result when you configure a virtualized campus network using iMaster NCE-Campus.
ASite to which the authorization result applies
BAuthorization result name
CAssociated authentication rule
DSecurity group to be authorized
Which of the following is not one of the three roles defined in policy association?
AAccess device
BPortal server
CTerminal
DControl device
Which of the following statements about the fabric global resource pool is false?
AA bridge domain is a Layer 2 broadcast domain used to forward data packets on a VXLAN.
BVLANs for connecting to external networks, VLANs for connecting to network service resources, and VLANs for connecting underlay devices are allocated from the VLAN resource pool.
CA VXLAN network identifier identifies a VXLAN.
DConfigure a service VLAN pool when you need to configure external gateway interconnection VLANs, network service resource interconnection VLANs, management VLANs for policy association, and VN access VLANs.
On a campus network, iMaster NCE-Campus is used to deploy two VNs: R&D VN and marketing VN, users in these two VNs belong to two security groups, respectively. The campus network requires R&D personnel and sales personnel to communicate with each other. To meet this requirement, which of the following tasks does a network administrator need to perform?
ADeploy a policy control matrix.
BDeploy an external network.
CConfigure access management.
DConfigure inter-VN communication.
The following figure shows a policy control matrix on a virtualized network deployed using iMaster NCE-Campus. Which of the following statements about the policy control matrix are true? (Choose all that apply.)
AUsers in Guest_Group cannot communicate with those in Research_Group.
BUsers within Sales_Group can communicate with each other.
CIf a user is not within Guest Group, Research Group, or Sales Group, that user cannot access any network resources.
DUsers in Research_Group cannot communicate with those in Guest_Group.
On the Device Management page of iMaster NCE-Campus, which of the following functions will automatically enable the SSH proxy tunnel of the network device?
ACommand Line
BEntry Query
CSummary
DDevice Configuration
To isolate communication between wired terminals, you can enable port isolation on the access switches. However, APs cannot implement wireless user isolation.
ATRUE
BFALSE
Assuming BGP EVPN Type 2 routes are used to advertise host MAC addresses, which of the following statements is true?
ABGP EVPN Type 2 routes carry specific L3VNIs.
BBGP EVPN Type 2 routes carry specific L2VNIs and L3VNIs.
CThe RT carried in the routes is the export RT of the IP VPN instance.
DThe IP Address and IP Address Length fields do not carry specific content.
Which of the following are iMaster NCE-Campus license business models? (Choose all that apply.)
AGlobal perpetual license (N1 mode)
BTenant Subscription license (SaaS Mode)
CGlobal perpetual license (a-la-carte mode)
DGlobal subscription license (IaaS Mode)
As shown in the figure, SW1 and SW2 use asymmetric IRB forwarding, and PC1 and PC2 communicate with each other. Which of the following is the destination MAC address of the original data frame in the packet sent from VTEP1 to VTEP2?
AMAC D
BMAC A
CMAC В
DMAC D
During WLAN planning and design, channels 1, 6, and 11 are recommended on the 2.4 GHz frequency band, and channels 1, 5, 9, and 13 are recommended in high-density scenarios. On the 5 GHz frequency band, it is recommended that high-frequency and low-frequency channels of adjacent APs be staggered to prevent overlapping.
ATRUE
BFALSE
On a VXLAN-based virtualized campus network, terminals communicate with each other through VXLAN tunnel. When the campus network needs to communicate with external networks, the data must pass through border nodes.
ATRUE
BFALSE
On a CloudCampus virtualized campus network, which of the following modes can be used by a fabric to connect to external networks? (Choose all that apply.)
ALayer 3 shared egress
BLayer 2 exclusive egress
CLayer 2 shared egress
DLayer 3 exclusive egress
Which of the following items are included in a quality evaluation report provided by iMaster NCE-CampusInsight? (Choose all that apply.)
AOptimization solution
BRectification solution
CIndicator details
DNetwork overview
On a virtualized campus network deployed using iMaster NCE-Campus, implementing mutual access between users in different virtual networks only requires the administrator to deploy a policy control matrix on iMaster NCE-Campus.
ATRUE
BFALSE
On a CloudCampus virtualized campus network, service data enters different VNs from physical networks through edge nodes and the VN that the data will enter is determined by the VLANs to which users belong. Which of the following statements about dynamic VLAN authorization is false?
AWhen wireless users pass Portal authentication, they join the authorization VLANs delivered to edge nodes.
BWhen wireless users pass 802.1X authentication, they join the authorization VLANs delivered to edge nodes.
CWhen wired users pass MAC address authentication, they join the authorization VLANs delivered to edge nodes.
DWhen wired users pass 802.1X authentication, they join the authorization VLANs delivered to edge nodes.
Which of the following advantages are provided by Telemetry compared with SNMP? (Choose all that apply.)
ATelemetry supports various data types based on the YANG model.
BTelemetry establishes sessions based on SSH, ensuring security.
CTelemetry configures and manages different databases of managed devices.
DTelemetry supports second-level data collection with higher precision.
DRAG DROP -
When planning a VXLAN-based virtualized campus network, you need to design underlay, fabric, and overlay networks. Drag the modules on the left to the correct locations on the right. (Token is reusable)
In Huawei's free mobility solution, after receiving user traffic, the policy enforcement device searches for the corresponding policy based on the information carried in the traffic, and enforces the policy to forward or discard the traffic. What is the information carried in the traffic?
ASource or destination security group
BSource or destination port number
CSource or destination MAC address
DSource or destination IP address
What are the respective protocol numbers of AH and ESP?
A6 and 17
B51 and 50
C50 and 51
D17 and 57
The following figure shows the MAC address table of a Layer 2 VXLAN gateway. Which of the following statements are true? (Choose all that apply.)
ABoth 0000-0000-0010 and 5489-9893-48a3 belong to BD 10 and are in the same Layer 2 broadcast domain.
BThe outbound interface corresponding to 5489-982d-77e2 is GE1/0/1.20. Because this interface belongs to BD 20, the host with 5489-982d-77e2 can directly communicate with the host with 5489-9893-48a3 at Layer 2.
CThe MAC address entry with the outbound interface 10.3.3.3 is learned from the remote VTEP through the VXLAN tunnel.
DThe outbound interface corresponding to 5489-9893-48a3 is GE 1/0/1.10, which belongs to BD 10.
Which of the following negotiation modes are supported in IKEv1 negotiation phase 1?
ANormal mode
BMain mode
CAggressive mode
DQuick mode
MAC address learning of a static VXLAN tunnel depends on exchange of packets, such as ARP packets, between hosts.
ATRUE
BFALSE
DHCP snooping is a security feature of DHCP that prevents DHCP servers and clients from being attacked. Which of the following statements about DHCP snooping are true? (Choose all that apply.)
AA DHCP snooping-enabled device listens to DHCP messages and records client information obtained from DHCP Offer messages.
BAfter DHCP snooping is enabled on a switch, you need to configure the interface that receives DHCP messages from a DHCP server as a trusted interface.
CThe device discards messages, such as DHCP ACK and DHCP Offer messages, received on untrusted interfaces from a DHCP server.
DWhen the interface directly connected to a DHCP client goes Down, the corresponding DHCP snooping entry does not disappear until the IP address lease of the DHCP client expires.
Preview
