A GRE tunnel is configured between a local and a remote site. Where should the service policy be applied to classify packets based on the pretunnel header? ()A、in global configuration mode, apply the service policy and use the qos pre-classifyB、in global configuration mode, apply the service policy but do not use the qos pre-classify commandC、apply the service policy on the physical interface but do not use the qos pre-classifyD、apply the service policy on the tunnel interface but do not use the qos pre-classify command E、apply the service policy on the tunnel interface and use the qos pre-classify command
A GRE tunnel is configured between a local and a remote site. Where should the service policy be applied to classify packets based on the pretunnel header? ()
- A、in global configuration mode, apply the service policy and use the qos pre-classify
- B、in global configuration mode, apply the service policy but do not use the qos pre-classify command
- C、apply the service policy on the physical interface but do not use the qos pre-classify
- D、apply the service policy on the tunnel interface but do not use the qos pre-classify command
- E、apply the service policy on the tunnel interface and use the qos pre-classify command
相关考题:
Your network consists of numerous domains within a LAN, plus one remote location that is configured as another domain within the tree. Each domain contains several organizational units. The remote domain is connected to the main office network by using 56-Kbps connection, as shown in the Exhibit.The remote location is running a previous service pack for Windows 2000, and the LAN is running the most recent service pack.You want to configure a group policy for the remote location so that users can repair a problem with a service pack system file. You also want to reduce the traffic on the LAN and ease administration of the group policies. You want to retain the domain administrator's access to the group policy configuration.What should you do?A.Configure a group policy for each OU in the west.litware.com domain. Configure a service pack software package for each group policy.B.Configure a group policy for each OU in the litware.com domain. Configure a service pack software package for each group policy.C.Configure a group policy for west.litware.com domain. Configure a service pack software package for the group policy.D.Configure a group policy for the litware.com domain. Configure a service pack software package for the group policy.
How can Cisco NetFlow be used to aid in the operation and troubleshooting of QoS issues? () A. NetFlow can report on the number of traffic matches for each class map in a configured QoS policy configuration.B. NetFlow records can be used to understand traffic profiles per class of service for data, voice, and video traffic.C. NetFlow can discover the protocols in use and automatically adjust QoS traffic classes to meet policy-map requirements.D. NetFlow can be configured to identify voice and video traffic flows and place them into a lowlatency queue for expedited processing.
Which two models are the models of DiffServ-Award traffic Engineering?()A、Class-based ModelB、Maximum Allocation ModelC、Russian Doll ModelD、Global Tunnel ModelE、Policy-based Model
Choose the true statement regarding QoS pre-classify.()A、QoS pre-classify permits making QoS decisions based on elements from the unencrypted IP packet.B、QoS pre-classify is required when encrypting voice.C、QoS pre-classify is an advantage to Service Providers transporting encrypted packets.D、QoS pre-classify is not designed for IPSec/GRE configurations.
Which QoS mechanism will allow a single policy to be applied to multiple interfaces?()A、policy mapB、class mapC、ACLD、service policy
What does qos pre-classify provides inregardto implementing QoS over GRE/IPSec VPN tunnels?()A、 enables IOS to copy the ToS field from the inner (original) IPheader to theouter tunnel IP headerB、 enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header.C、 enables IOS to classify packets based on the ToS field in the inner (original) IP headerD、 enables IOS to classify packets based on the ToS field in the outer tunnel IP headerE、 enables the IOS classification engine to only see a single encrypted and tunneledflow to reduce classification complexity
You are working with a client to deploy QoS on their Frame Relay WAN. They would like to be able to allow packets to cross the Frame Relay WAN but have them marked as discard eligible if they exceed the QoS policy. How would you accomplish this task?()A、Configure a class map that sets the DE bit so that the policy map can correctly apply a violate-action if the policy is exceeded.B、Configure a service policy that sets the DE bit and apply it to the serial interface connected to the Frame Relay WAN.C、Configure a policy map that has a burst-max action of setting the DE bit if the policy is exceeded.D、Configure a policy map that has a violate-action to change the DE bit from 0 to 1.
Which two statements or sets of statements are true about the application of the qos pre-classify command?()A、 If the classification policy is based upon the ToS byte, the qos pre-classify command is required because the ToS byte only appears in the inner IP header.B、 The ToS byte is copied to the outer header by default. Therefore, the qos pre-classify command is not necessary.C、 With GRE encapsulation, the qos pre-classify command is applied on the tunnel interface. This practice allows for different OoS configurations on each tunnel.D、 With GRE encapsulation, the qos pre-classify command is applied on the physical interface. This practice allows for different OoS configurations on each interface.E、 With IPsec encapsulation, the qos pre-classify command is applied on the physical interface. This practice allows for different OoS configurations on each interface.
ASA/PIXversion 7.0 introduced ModularPolicyFramework (MPF) as anextensible wayto classify traffic,and then apply policies (or actions) to that traffic. MPF at aminimum requires which three commands?()A、 http-map, tcp-map, class-mapB、 class-map, tcp-map, policy-mapC、 class-map, policy-map, service-mapD、 class-map, service-policy, policy-map
Which two statements are true about the various methods of implementing QoS?()A、Cisco AutoQoS can be used repeatedly to apply a single QoS policy to multiple interfaces.B、Cisco AutoQoS includes an optional web-based GUI for automating the configuration of QoS services.C、Cisco AutoQoS provides capabilities to automate VoIP deployments.D、The auto qos global configuration command is used to configure Cisco AutoQoS.E、The Modular QoS CLI (MQC) is the best way to fine tune QoS configurations.F、The SDM QoS wizard is the fastest way to implement QoS.
Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }A、set policy tunnel-traffic then tunnel remote-vpnB、set policy tunnel-traffic then permit tunnel remote-vpnC、set policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitD、set policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
Which two models are the models of DiffServ-Aware Traffic Engineering? ()A、Policy-based ModelB、Class based ModelC、Russian Doll ModelD、Global Tunnel ModelE、Maximum Allocation Model
What is true about Quality of Service (QoS) for VPNs?()A、QoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNsB、QoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNsC、QoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNsD、the QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfacesE、with IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header
Which statement about MPLS traffic engineering policy-based tunnel selection (PBTS) is not true?()A、The tunnel that is not configured with the policy-class command acts as the defaultB、EXP selection is between multiple tunnels to the same destinationC、There is no requirement for IGP extensionsD、Tunnels are configured using the policy-class command and carry multiple EXP valuesE、It supports VRF traffic, IP-to-MPLS switching, and MPLS-to-MPLS switching
Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?()A、to the zone-pairB、to the zoneC、to the interfaceD、to the global service policy
How do you apply UTM enforcement to security policies on the branch SRX series?()A、UTM profiles are applied on a security policy by policy basis.B、UTM profiles are applied at the global policy level.C、Individual UTM features like anti-spam or anti-virus are applied directly on a security policy by policy basis.D、Individual UTM features like anti-spam or anti-virus are applied directly at the global policy level.
our network contains a server that runs window server 2008. The serve has the network policy server(NPS) service role installed. You need to allow only members of a global group named group1 VPN access to the network. What should you do?()A、Add group1 to the RAS and IAS servers group.B、Add group1 to the network configuration operators group..C、Create a new network policy and define a group-based connection for group1. Set the access permission of the policy to access granted. Set the processing order of the policy to 1.D、Create a new network policy and define a group-based condition for group1. Set the access permission of the policy to acces granted. Set the processing of the policy to 3.
You upgrade your computer from Windows NT Workstation to a Windows 2000 Professional computer. Your computer is a member of justtalks.com domain. Prior to this upgrade your computer was configured by a system policy to require at-least a 12 alphanumeric character password. After the upgrade your computer will not apply security policy. What should you do?()A、Use secedit.exe to refresh the security policy.B、Use the local computer policy to configure the local security policy.C、Use security configuration and analysis to support the security files as a .pol file.D、Use computer management to configure the security policy setting.
You need to recommend an RD Gateway configuration that meets the company’s technical requirements. What should you recommend?()A、Create two Remote Desktop connection authorization policies (RD CAPs) and one Remote Desktop resource authorization policy (RD RAP).B、Create one Remote Desktop connection authorization policy(RD CAP)and two Remote Desktop resource authorization policies (RD RAPs).C、Create one Remote Desktop resource authorization policy(RD RAP)and deploy the Remote Desktop Connection Broker(RD Connection Broker) role service.D、Create one Remote Desktop connection authorization policy(RD CAP) and deploy the Remote Desktop Connection Broker (RD Connection Broker) role service.
You need to design a method of communication between the IT and HR departments. Your solution must meet business requirements. What should you do?()A、Design a custom IPSec policy to implement Encapsulating Security Payload (ESP) for all IP traffic Design the IPSec policy to use certificate-based authentication between the two departments’ computersB、Design a customer IPSec policy to implement Authentication Header (AH) for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computersC、Design a customer IPSec policy to implement Encapsulating Payload (ESP) for all IP traffic. Desing the IPSec policy to use preshared key authentication between the two departments’ computersD、Design a customer IPSec policy to implement Authentication Header (AH) for all IP traffic. Desing the IPSec policy to use certificate-based authentication between the two departments’ computers
单选题Refer to Cisco IOS Zone-Based Policy Firewall, where will the inspection policy be applied?()Ato the zone-pairBto the zoneCto the interfaceDto the global service policy
单选题What does qos pre-classify provides inregardto implementing QoS over GRE/IPSec VPN tunnels?()A enables IOS to copy the ToS field from the inner (original) IPheader to theouter tunnel IP headerB enables IOS to make a copy of the inner (original) IP header and to run a QoS classification before encryption, based on fields in the inner IP header.C enables IOS to classify packets based on the ToS field in the inner (original) IP headerD enables IOS to classify packets based on the ToS field in the outer tunnel IP headerE enables the IOS classification engine to only see a single encrypted and tunneledflow to reduce classification complexity
单选题Which command is needed to change this policy to a tunnel policy for a policy-based VPN?() [edit security policies from-zone trust to-zone untrust] user@host# show policy tunnel-traffic { match { source-address local-net; destination-address remote-net; application any; then { permit; } }Aset policy tunnel-traffic then tunnel remote-vpnBset policy tunnel-traffic then permit tunnel remote-vpnCset policy tunnel-traffic then tunnel ipsec-vpn remote-vpn permitDset policy tunnel-traffic then permit tunnel ipsec-vpn remote-vpn
单选题A GRE tunnel is configured between a local and a remote site. Where should the service policy be applied to classify packets based on the pretunnel header? ()Ain global configuration mode, apply the service policy and use the qos pre-classifyBin global configuration mode, apply the service policy but do not use the qos pre-classify commandCapply the service policy on the physical interface but do not use the qos pre-classifyDapply the service policy on the tunnel interface but do not use the qos pre-classify command Eapply the service policy on the tunnel interface and use the qos pre-classify command
多选题Which two statements or sets of statements are true about the application of the qos pre-classify command?()AIf the classification policy is based upon the ToS byte, the qos pre-classify command is required because the ToS byte only appears in the inner IP header.BThe ToS byte is copied to the outer header by default. Therefore, the qos pre-classify command is not necessary.CWith GRE encapsulation, the qos pre-classify command is applied on the tunnel interface. This practice allows for different OoS configurations on each tunnel.DWith GRE encapsulation, the qos pre-classify command is applied on the physical interface. This practice allows for different OoS configurations on each interface.EWith IPsec encapsulation, the qos pre-classify command is applied on the physical interface. This practice allows for different OoS configurations on each interface.
单选题What is true about Quality of Service (QoS) for VPNs?()AQoS preclassification is only supported on generic routing encapsulation (GRE) and IPsec VPNsBQoS preclassification is not required in Layer 2 Tunneling Protocol (L2TP), Layer2 Forwarding (L2F), and Point-to-Point Tunneling Protocol (PPTP) VPNsCQoS preclassification is supported on IPsec AH VPNs, but not on IPsec ESP VPNsDthe QoS-for-VPNs feature (QoS preclassification) is designed for VPN transport interfacesEwith IPsec tunnel mode, the type of service (ToS) byte value is copied automatically from the original IP header to the tunnel header
单选题Choose the true statement regarding QoS pre-classify.()AQoS pre-classify permits making QoS decisions based on elements from the unencrypted IP packet.BQoS pre-classify is required when encrypting voice.CQoS pre-classify is an advantage to Service Providers transporting encrypted packets.DQoS pre-classify is not designed for IPSec/GRE configurations.