DUMPS
BASE
QUESTION & ANSWER
HIGHER QUALITY
BETTER SERVICE
Provide One Year Free Update!
https://www.dumpsbase.com
The safer , easier way to help you pass any IT exams.
Exam
: H12-891_V1.0-ENU
Title
: HCIE-Datacom V1.0
Version : V9.02
1 / 149
The safer , easier way to help you pass any IT exams.
1.According to different network conditions, Layer 2 Portal authentication or Layer 3 Portal1
authentication can be deployed in the network. Which of the following descriptions is wrong?
A. When there is a Layer 2 network between the client and the access device, that is, the client and the
access device are directly connected (or only Layer 2 devices exist between them), then Layer 2 Portal
authentication can be configured.
B. When using Layer 2 authentication, the access device can learn the MAC address of the client, and the
access device can only use the MAC address to identify the user
C. When there is a Layer 3 network between the client and the access device, that is, there is a Layer 3
forwarding device between the client and the access device, you need to configure Layer 3 Portal
authentication.
D. When using Layer 3 authentication, the access device can learn the IP address of the client and use
the IP address to identify the user
Correct
Answer: B
2.In the campus VXLAN network, which of the following equipment is used to connect the Fabric and the
external network of the Fabric?
A. Extended
B. Brder
C. Transparent
D. Edge
Correct
Answer: B
3.In the scenario of establishing a VXLAN tunnel in the BGP EVPN state, which of the following
descriptions about the role of BGP EVPN Type 3 routes is wrong?
A. If the VTEP IP address carried by the received Type3 route is reachable by the Layer 3 route, a VXLAN
tunnel to the peer will be established.
B. Type3 routing will carry L3 VNI
C. Type3 routing transmits Layer 2 and VTEP IP address information
D. In the case where the VTEP IP address of the Type3 route is reachable at Layer 3, if the peer end is
the same as the local end, a headend replication table is created for subsequent BUM packet forwarding
Answer: B
Correct
4.The GRE tunnel supports the MPLS LDP function.
A. TRUE
B. FALSE
Correct
Answer: A
5.BIER, as a new forwarding technology, adopts the basic IGP routing protocol and unicast routing
forwarding mechanism, so that there is no need to run IGMP between the multicast receiver and the
multicast router.
A. TRUE
B. FALSE
Could be correct
Answer: B
Correct
2 / 149
The safer , easier way to help you pass any IT exams.
6.In the process of client SSH login to a server configured with username and password authentication
only, it will not go through the key exchange stage (no key will be generated).
A. TRUE
B. FALSE
Correct, always dose KEX
Answer: B
7.As shown in the figure, which of the following descriptions is wrong?
The packet information of VLAN configuration delivered by NETCONF protocol is as follows:
A. The purpose of this NETCONF message is to create VLAN 10 on the device.
B. The <target> tag indicates the configuration library used by the NETCONF message. In this example, it
is the startup configuration library.
C. <edit-config> indicates that the function of the message is to modify, create or delete configuration
data
D. <protocol Vlan xc: operation="merge"> means modify the existing or non-existing target data in the
configuration database, create if the target data does not exist, and modify if the target data exists
Answer: B
Correct
8.Which of the following descriptions about BGP/MPLS IP VPN routing interaction is wrong?
A. After receiving the VPNv4 route advertised by the ingress PE, the egress PE filters the VPNv4 routes
according to the RT attribute carried by the route.
B. The egress PE can send IPv4 routes to the remote CE through BGP, IGP or static routes
C. The exchange between PE and CE is IPv4 routing information
D. The ingress PE converts the IPv4 routes received from the CE into VNPv4 routes, and saves them
according to different VPP instances
https://www.h3c.com/en/d_202307/1892543_294551_0.htm
Answer: A
https://support.huawei.com/enterprise/en/doc/EDOC1100270080/e68f24ef/understanding-bgp-mpls-ip-vpn#concept5
9.Network slicing technology can divide exclusive network resources in the network to carry high-value
service traffic. Which of the following descriptions about network slicing is wrong?
A. The channelized sub-interface technology adopts single-layer scheduling to realize flexible and refined
management of interface resources and provide bandwidth guarantee
3 / 149
The safer , easier way to help you pass any IT exams.
B. Generally, network slicing can be realized based on the channelized sub-interface FlexE technology
C. The layer used by the network slicing technology is different from that of the SR tunnel, and can be
used at the same time as the SR tunnel
D. FlexE technology divides resources according to TDM time slots, satisfies the requirements of
exclusive resource sharing and isolation, and realizes flexible and refined management of interface
resources
Answer: A
Correct, scheduling is hierachical
10.Based on the information given in the figure, which of the following statements is correct?
A. Unable to determine the device type of R3
B. The device type of R3 must be Level-1-2
C. The device type of R3 must be Level-2
D. The device type of R3 must be Level-1
Answer: B
Correct
11.Which of the following regular expressions can match only the BGP route entries that pass through
AS300 and then AS200?
A. ^200|^300
B. 200$|300$
C. _200 (200 300) _
D. _200[200 300]_
4 / 149
The safer , easier way to help you pass any IT exams.
Answer: C
Correct
12.As shown in the figure, the host implementing the 10.0.1.0/24 network segment accesses 10.0.4.0/25
unidirectionally through virtual system a (vsysa) and virtual system b (vsysb). Which of the following
commands need to be used to configure the route?
A. Configure the following command on virtual execution system b: ip router-static vpn-instance vsysb 10.
0.1.0 255.255. 255.0 vpn-instance vsysa
B. Configure the following command on virtual system a: ip route-static 10.0.1.0 255. 255.255.0 10.1.2.1
C. Configure the following command on virtual system a: ip route-static vpn-instance vsysa 10.0.4.0
255.255.255.0 vpn-instance vsysb
D. Configure the following command on virtual execution system b: ip route-static 10.0.4.0 255. 255.
The multicast addresses used by OSPFv3 are as follows: FF02::5—This address
255.0 10. 0.34.4
represents all SPF routers on the link-local scope; it is equivalent to 224.0. 0.5 in
Answer: C
Correct
OSPFv2. FF02::6—This address represents all designated routers (DRs) on the
link-local scope; it is equivalent to 224.0.
13.Which of the following descriptions about the difference between SPFv2 and SPFv3 are correct?
A. Both SPFv2 and SPFv3 support interface authentication, and OSPFv3 authentication is still
implemented based on the fields in the SPF packet header
B. SPFv3 is similar to SPFv2 and uses the multicast address as the destination address of SPF packets
C. SPEv2 and OSPFv3 have the same type of packets: Hello, ODD, LSR, LSU, LSAack, and their packet
formats are the same
D. The protocol number of SPFv2 in the IPv4 header is 89, and the next header number of OSPFv3 in the
IPv6 header is 89
OSPFv2 and OSPFv3 both have the same protocol number of 89, although
Answer: B
OSPFv3, being an IPv6 protocol, more accurately has a Next Header value of
B and D are correct i think
89
14.When troubleshooting the BGP neighbor relationship, the network administrator finds that two directly
connected devices use the Loopack port to establish a connection, so run display current-configuration
configuration bgp to check the configuration of peer ebgp-mat-h p h p-c tnt.
Which of the following descriptions about the command is correct?
A. h p-c unt must be greater than 15
B. h p-c unt must be greater than 255
C. h p-c unt must be greater than 12
D. h p-c unt must be greater than 1
Answer: D
Correct
15.When there are multiple redundant links in the IS-IS network, there may be multiple equal-cost routes.
Which of the following descriptions about equal-cost routing in an IS-IS network is wrong?
A. When the number of equal-cost routes in the network is greater than the number configured by the
command, and these routes have the same priority, the route with the larger system ID of the next hop
device is preferred for load balancing
If routes have the same weight, those with small system IDs are selected for load balancing.
5 / 149
The safer , easier way to help you pass any IT exams.
B. If load balancing is configured, the traffic will be evenly distributed to each link
C. After the equal-cost route priority is configured, when the IS-IS device forwards the traffic reaching the
destination network segment, it will not adopt the load balancing method, but forward the traffic to the next
hop with the highest priority
D. For each route in the equal-cost route, a priority can be specified, the route with the highest priority will
be preferred, and the rest will be used as backup routes
Answer: C
A is incorrect
16.Which of the following descriptions about traffic policing is correct?
A. Traffic policing can only be used in the inbound direction
B. Traffic policing will cache traffic that exceeds the limit
C. Traffic policing can only be done in the outbound direction
D. Traffic policing will drop traffic that exceeds the limit
Answer: D
correct
17.IS-IS is a link-state routing protocol that uses the SPF algorithm for route calculation.
As shown in the figure, a campus deploys both IPv4 and IPv6 and runs IS-IS to achieve network
interconnection. R2 only supports IPv4.
If IS-IS MT is not used, Device A, Device B,
Device C, and Device D consider the IPv4
and IPv6 topologies the same when using the
SPF algorithm for route calculation. The
shortest path from Device A to Device D is
Device A -> Device B- > Device D. Device B
does not support IPv6 and cannot forward
IPv6 packets to Device D.
Which of the following statements about the topology calculation of this network is correct?
A. If you want IPv4 and IPv6 network computation to form the same shortest path tree, you need to run
the ipv6 enable topology ipv6 command to enable the IPv6 capability in the IS-IS process
B. By default, since R2 does not support IPv6, in the shortest path tree formed by IPv6 network
calculation, the path from R1 to R4 is: R1-R3-R4
C. By default, IPv4 and IFv6 networks will be calculated separately to form different shortest path trees
D. By default, in the shortest path tree formed by IFv6 network calculation, the path from R1 to R4 is
R1-R2-R4. Since R2 does not support IFv6, R2 will directly discard IPv6 packets after receiving them,
causing traffic lost
correct
Answer: D
18.When the switch is deployed with DHCP option 148, which of the following information will not be
provided by the DHCP server to the switch to be deployed?
A. The IP address of the cloud management platform
6 / 149
The safer , easier way to help you pass any IT exams.
B. The port number of the cloud management platform
C. The port number of the device to be deployed
D. The IP address of the device to be deployed
Answer: D Correct
19.When the user encounters different events during the authentication process, the user is in an
unsuccessful authentication state. At this time, you can configure the authentication event authorization to
meet the needs of these users to access specific network resources.
Which of the following descriptions about authentication event authorization is wrong?
A. If the user's network access rights are not configured when the authentication fails or the authentication
server is Down, after the user authentication fails, the user remains in the pre-connected state and has
the network access rights of the pre-connected user Correct
B. Authentication event authorization can support authorization parameters including VLAN, user group
and business scheme Correct
C. Events that can trigger authentication event authorization include authentication server Down,
authentication server unresponsive, and pre-connection, etc. Authentication failure cannot trigger
Incorrect, auth failure can trigger event auth
authentication event authorization
D. Authorization of a non-authentication success state, also known as escape. For different authentication
methods, there are different escape schemes. Some escape schemes are shared, and some escape
Correct
schemes are only supported by specific authentication methods.
Answer: C correct
20.In the virtualized campus network deployed through ilMaster NCE-Campus, some key parameters
need to be configured in the authorization rules for access authentication. Which of the following is not
included?
A. Binding authentication rules
B. Access method
C. Bind the authorization result
D. Authorization Rule Name
0x06
Answer: B
0x00
21.Which of the following extended community attributes is used by BGP EVPN to advertise the migration
0x0600
of connected VMs?
A. RT
1536
B. EVPN Router’s MAC Extend Community
C. MAC Mobility
EVPN MAC
D. RD
Mobility
I
think
its
C
Answer: B
Correct i think
22.In the Huawei SD-WAN solution, which of the following routing protocols are used to transmit VPN
routes between CPEs?
A. BGP
B. RIP
C. SPF
7 / 149
The safer , easier way to help you pass any IT exams.
D. IS-IS
Answer: A
Correct I think
23.The OSPF-based SR-MPLS function is enabled on all routers in a network. The SREB of each router
is shown in the figure. By default, when R3 forwards a packet whose destination address is 10.0.4.4,
which of the following MFLS labels is carried item?
A. 3
B. 100
C. 40100
D. 50100
Answer: D
https://support.huawei.com/enterprise/de/doc/EDOC1000173015/3ee10304/understand
Correct
24.SR-MPLS Policy can use BGP extension to transmit tunnel information, as shown in the figure.
Among them, SR-MPLS Policy is optimized by which of the following parameters?
A. Priority
A SID list can have a weight value. After an SR-MPLS TE
B. Preference
policy chooses a candidate path with multiple SID lists, the
C. Weight
traffic will be load shared among the subpaths based on
D. Binding SID
weight values.
Answer: C
Looks correct
25.The network administrator enters display telemetry subscription on the device to view the Telemetry
subscription information, and the output is as follows. Which of the following descriptions is wrong?
8 / 149
The safer , easier way to help you pass any IT exams.
A. The subscription name is Sub1
B. The device sends sampling data every second
C. The IP address of the device is 192.168.56.1
D. The subscription method is static subscription
Answer: C
Correct
26.Which of the following statements about the difference between NSR and NSF is correct?
NSF - F is family and friends
A. NSF must rely on neighbor routers to complete
B. Both NSR and NSF require neighbor routers to complete
C. NSF can be done without neighbor routers
D. NSR must rely on neighbor routers to complete
Correct
Answer: A
27.The RF function of the BGP protocol can control the routing entries sent by the neighbors.
Which of the following tools does a BGP router need to use for this purpose?
A. Filter-Policy
Prefix-based BGP Outbound Route Filtering
B. IP Prefix List
C. ACL
D. Route-Policy
Answer: B
Correct
28.In the process of establishing an LDP session, the active party will first send Initialization information to
negotiate parameters. If the passive party does not accept the negotiated parameters, which of the
following messages will be sent?
A. Error Notification Message
If LSR_2 rejects the parameters in the Initialization message,
B. Initialization Message
LSR_2 sends a
C. Hell Message
Notification message
D. Keepalive Message
to LSR_1 to stop the establishment process.
Answer: A
Correct
9 / 149
The safer , easier way to help you pass any IT exams.
29.If the configuration of IS-IS can be found through the display current-configuration command, but the
configuration of IS-IS cannot be found through the display saved-configuration command, which of the
following is the possible reason?
A. The running IS-IS configuration in the memory is not saved to Flash
B. No IS-IS command entered
C. Flash running IS-IS configuration, not saved to memory
D. The running IS-IS configuration in memory has been saved to Flash
Answer: A
Correct
30.The IS-IS Level-1 neighbor relationship between R3 and R4 is not established.
[R3] display isis error
Hell packet errors：
... ...
Repeated System ID：0 Bad Circuit Type：0
Bad TLV Length：0 Zer Holding Time：0
Unusable IP Addr：0 Repeated IPV4 Addr：0
Mismatched Area Addr（L1）：13 Mismatched Prot：0
SNPA Conflicted（LAN）：0 Mismatched Level：0
Mismatched Max Area Addr：0 Bad Authentication：0
... ...
[R3]
Based on the information in this graph, which of the following is the likely cause?
A. The IIH authentication of R3 and R1 failed
B. The circuit-type of the interconnection interface of R3 and R4 does not match
C. The IS-Level of R3 and R4 do not match
D. The area numbers of R3 and R4 are different
Answer: D
Correct
31.Which of the following does not belong to the scope of dynamic data collection on the live network
before cutover?
A. Routing Protocol Status
Snapshot before each step. Record the status of all ports, connection
B. ARP entry
marks, protocol status (number of IGP neighbors, number of IGP routes,
C. Port Status
number of BGP peers, and number of BGP routes) of the device in the first
D. SNMP version
few minutes, and back up the configuration file of the device.
Answer: C
Should be D?
32.The network administrator uses ACL and only wants to match the four routing entries whose Num
numbers are 1, 3, 5, and 7 in the figure. What are minimum numbers of ACL ruler need to be configured
by the network administrator?
10 / 149
The safer , easier way to help you pass any IT exams.
Deny ip 10.0.1.0 0.0.254.0
A. 3
B. 3
C. 1
D. 2
Answer: C
Correct
https://support.huawei.com/enterprise/en/doc/EDOC1100127112/
f3be3db6/centralized-vxlan-gateway-deployment-in-static-mode
33.As shown in the figure, the ARP broadcast suppression function is enabled in the BD20 domain on
VTEP1, and VTEP1 has learned the ARP information of PC2 through the BGP EVPN route. When the
ARP request sent by PC1 for PC2 is forwarded by VIEP1 to VIEP2, which of the following is the
destination MAC address of the inner data frame?
A. MAC C
B. MAC A
C. MAC B
D. MAC D
Answer: D
https://support.huawei.com/enterprise/en/doc/EDOC1100198463/c7801b0d/
arp-broadcast-suppression-on-a-vxlan
Correct
34.Which of the following statements about choosing an authentication point location in a network is
incorrect?
A. Deploying authentication at the access layer of the network is conducive to fine-grained management
of permissions and high network security
B. After the user authentication point is moved from the access layer to the aggregation layer, the user's
MAC authentication may fail
C. Setting the user authentication point at the access layer has advantages and disadvantages compared
to setting it at the aggregation layer or the core layer. Policy linkage can be used as a solution.
11 / 149
The safer , easier way to help you pass any IT exams.
D. When the user authentication point is moved from the access layer to the aggregation layer and the
core layer, the number of authentication points is greatly reduced, which can effectively relieve the
pressure on the AAA server
Answer: B
The any group can be configured only as a destination group
Probably Correct
and cannot be configured as a source group.
35.Which of the following descriptions about "security group" and "resource group" is wrong in Business
Travel?
A. The resource group supports static binding of IP addresses or address segments
B. On iMaster NCE-Campus, the UCL group is the security group
C. The any group can be used as both a source group and a destination group
D. The security group supports static binding of IP addresses or address segments
Answer: C
correct
36.Compared with traditional networks, SD-WAN can better ensure application experience. Which of the
following is the main reason?
A. SD-WAN can use IPsec technology to realize encrypted transmission of packets
B. SD-WAN can provide different routing strategies and different QoS strategies for different applications
C. SD-WAN can build various networking types such as Full Mesh, Hub-Spoke, Partial Mesh, etc.
D. SD-WAN can realize multi-department business isolation based on VRF
Answer: B
correct
37.Assuming that there are 5 segment IDs in the SRH of an SRv6 packet, when the packet reaches the
third router on the forwarding path, the node will set the segment ID numbered by which of the following
as the IPv6 destination address?
https://documentation.nokia.com/sr/
23-3-1/books/7x50-shared/segmentA.5
routing-pce-user/segment-rout-withB.2
ipv6-data-plane-srv6.html
C. Not sure
https://support.huawei.com/enterprise/tr/doc/EDOC1000173015/d169625f/
D.3
understanding-segment-routing-ipv6
Answer: D
I think its SID = 2 B
38.Which of the following descriptions about Prefix Segmente is incorrect?
A. On Huawei devices, Prefix Segment ID supports manual configuration and automatic protocol
configuration
B. Prefix Segment is identified by Prefix Segment ID (SID)
C. Prefix Segment is used to identify a destination address prefix in the network
D. Prefix Segment spreads to other network elements through IGP protocol, globally unique
Answer: D
An IGP propagates the prefix segment of an NE to the other NEs. The prefix segment is
I think its A
visible and takes effect globally.
39.The following is a part of the NETCONF protocol message, <rpc xmlns="urn:ietf:params:xml:ns:netc
nf:base:1.0" message-id="1024">Where is it located in the NETCONF architecture layer?
A. Transport layer
B. Message layer
C. Content Layer
D. Operation layer
12 / 149
The safer , easier way to help you pass any IT exams.
Answer: B
40.There are multiple protocols that can change or obtain network device data. Which of the following
protocols cannot be used to change network device data?
A. SNMP
B. NETCONF
C. RESTC NF
D. IPsec
Correct
Answer: D
41.When the client calls the iMaster NCE-Campus login authentication RESTful interface, the method
used is POST, and the request message body format is {"userName": "xxx", "password": "xxx"}
A. TRUE
B. FALSE
Answer: B
I think itsTRUE - A
42.BGP-LS (BGP Link State) carries information such as links, nodes and topology prefixes.
A. TRUE
B. FALSE
Answer: A
Correct
43.Enterprises can access the Internet through dial-up connection, xDSL, xPON, etc.
A. TRUE
B. FALSE
Answer: B
They could but not practicle so proably Correct
44.NVE is a network entity that realizes the function of network virtualization, and can only be a hardware
switch.
A. TRUE
B. FALSE
Answer: B
Correct
45.Switch stacking and cross-device link aggregation can be deployed to achieve link reliability in small
and medium-sized campus scenarios.
A. TRUE
B. FALSE
Answer: A
Correct
46.Using BGP EVPN as the control plane of VXLAN can completely avoid traffic flooding in the VXLAN
network, such as ARP broadcast packets.
A. TRUE
B. FALSE
Answer: B Correct
13 / 149
The safer , easier way to help you pass any IT exams.
47.When MPLS is deployed in the network and the network layer protocol is IP, the route corresponding
False, LSR only swaps lable so entry must be in LFIB
to the FEC must exist in the IP routing table of the LSR, otherwise the label forwarding entry of the FEC
will not take effect.
A. TRUE
B. FALSE
Answer: A
48.When there is a relay device between the DHCP client and the server, if the IP address in the global
address pool of the DHCP server is not in the same network segment as the IP address of the VLANIF
interface connected to the client on the relay device, it will cause a DHCP failure.
A. TRUE
The device can select a global address pool based on the primary and secondary IP
B. FALSE
addresses of an interface only in scenarios where the DHCP server and DHCP clients
Answer: A
are on the same network segment.
Correct
49.In order to speed up the sensing speed of link failure in IS-IS network, IS-IS can be linked with BFD.
A. TRUE
B. FALSE
Correct
Answer: A
50.In the dual-system hot backup scenario of the firewall, the heartbeat interface can be directly
connected physically, or it can be connected through an intermediate device such as a switch or router.
A. TRUE
B. FALSE
Correct
Answer: A
51.BGP/MPLS IP VPN can only use LDP to build public network tunnels.
A. TRUE
The LDP can be MPLS LDP or Resource
B. FALSE
Reservation Protocol-Traffic Engineering (RSVP-TE).
Correct
Answer: B
52.YANG technology originated from netconf but is not only used for netconf.
A. TRUE
B. FALSE
Answer: A
Correct
53.For the telemetry side, both json and GPE are supported.
A. TRUE
JSON and GPB - Google Protocol Buffers
B. FALSE
Answer: B
Correct
maybe SPR - smart policy routing
54.The SRP technology can flexibly select the egress link based on the link quality.
A. TRUE
B. FALSE
Correct
Answer: A
14 / 149
The safer , easier way to help you pass any IT exams.
55.When the Next header is 43, it must be SRH.
A. TRUE
B. FALSE
Correct
Answer: B
56.protobus is a language-independent and platform-independent method of serializing structured data,
which pays more attention to efficiency, resulting in poor space, speed, and read and write speeds.
A. TRUE
B. FALSE
Correct
Answer: B
57.For telemetry data push, devices and collectors can be based on TLS. If GRPC is used, TLS must be
(Optional.) Provides channel encryption and mutual certificate authentication.
used.
A. TRUE
B. FALSE
Answer: B
58.Netconf uses SSL to achieve secure transmission, and uses the mechanism of RPC remote invocation
to achieve client to server communication.
A. TRUE
B. FALSE
Answer: B
Correct
59.In the Huawei SD-WAN networking solution, the RR must use an independent device and cannot be
deployed on the same device with the CPE.
A. TRUE
CPEs at the headquarters or large branch sites can function as RRs.
B. FALSE
Correct
Answer: B
60.iFIT supports the measurement of end-to-end service packets, so as to obtain performance indicators
such as packet loss rate and delay of real service packets in the IP network.
A. TRUE
B. FALSE
Answer: A
Correct
61.In SRv6, every time an SRv6 endpoint node passes through, the Segments Left field is decremented
by 1, and the IPv6 destination address information is converted once.
A. TRUE
B. FALSE
Should be FALSE IPv6 DA is changed at each hop
Answer: A
62.The MAC address learning of the static VXLAN channel depends on the exchange of packets between
hosts (such as the exchange of ARP packets).
15 / 149
The safer , easier way to help you pass any IT exams.
A. TRUE
B. FALSE
Answer: A
Correct
63.The iMaster NCE-Campus controller connects to various applications through open APIs in the
northbound direction, and delivers configurations to campus network devices through the Telemetry
technology in the southbound direction.
Master NCE-Campus provides a collection of RESTful
A. TRUE
APIs. Northbound applications can invoke these APIs
B. FALSE
using HTTPS to deliver services to southbound devices
and query data.
Answer: B
Correct
64.By default, LDP adjacencies will trigger the establishment of LSPs based on IP routes of 32-bit
addresses.
By default, LDP uses IP host routes with 32-bit addresses (excluding host
A. TRUE
routes with 32-bit interface addresses) to establish LSPs.
B. FALSE
So strictly speaking above is not 100% correct
Answer: B
65.IETF takes advantage of the strong scalability of OSPF to expand the functions of OSPF so that it can
support IPv6 networks. The expanded protocol is called OSPFv3. OSPFv3 is compatible with OSPPv2.
A. TRLE
B. FALSE
Correct
Answer: B
66.Traffic shaping can only be used in the outgoing direction, and its function is to control the rate of
outgoing packets.
A. TRLE
B. FALSE
Correct
Answer: A
67.When configuring the DHCP Relay function on the device, the VLANTF interface of the relay
connection client must be bound to a DHCP server group, and the bound DHCP server group must be
configured with the IP address of the proxy DHCP server.
A. TRUE
IP address of real DHCP server - not proxy server
B. FALSE
Correct
Answer: B
68.The following figure shows the MPLS VPN cross-domain Option B solution. In the scenario where an
RR exists within the domain, PE1 and ASBR-PE1 establish a VPNv4 neighbor relationship with RR1. By
default, user traffic must be forwarded through RR1.
16 / 149
The safer , easier way to help you pass any IT exams.
A. TRUE
B. FALSE
Answer: B
Assume correct until proven otherwise
69.When deploying BGP/MPLS IP VPN, when two VPNs have a common site, the common site must not
use overlapping address space with other sites of the two VPNs.
A. TRUE
VPNs can use overlapped address spaces in the following situations:
B. FALSE
Two VPNs do not cover the same site.
Two VPNs cover the same site, but devices at the site and devices using addresses in
Answer: A
Correct
overlapped address spaces in the VPNs do not access each other.
70.The OPS (Open Programmability System) function of Huawei network equipment provides the open
programmability of network equipment. To facilitate users to write scripts, Huawei provides a Python
script template for the OPS function. The OPSComnection class is created in the script template. Among
them, the member function of creating device resource operation is def post (self, uri, req_data).
A. TRUE
Should be - def create(self, uri, req_data)
B. FALSE
Answer: B
Correct
71.In the virtualized campus network scenario deployed by iMaster INCE-Canrpus, to realize user mutual
access between different VNs, the administrator can deploy a policy control matrix on the controller.
Correct I think policy matrix is for comms between groups not VNs
A. TRUE
imported routes of external networks fr inter VN config
B. FALSE
Answer: B
72.During the process of establishing the SSH connection, the two communicating parties conduct
version negotiation. Which of the following data is not included in the version negotiation packet sent by
both parties?
A. Client Device Type
B. Minor Protocol Version Number
C. Software version number
D. Main agreement version number
Answer: A
correct
73.The NETCONF protocol provides a set of mechanisms for managing network devices, which can be
divided into the following layers?
17 / 149
The safer , easier way to help you pass any IT exams.
A. Security transport layer, message layer, operation layer, content layer
B. Encrypted transport layer, message layer, configuration layer, content layer
C. Security transport layer, message layer, configuration layer, content layer
D. Encrypted transport layer, message layer, operation layer, content layer
Answer: A
Correct
Secure Transport
Message/RPC
Operations
Content
SMOC
74.The SSH server has been configured and correct. Which of the following Pythom codes can be run on
the SSH client to successfully establish an SSH connection (the private key file is id_rsa, which is in the
same path as the client Python script?
A. import paramiko
client=paramiko.client.SSHClient()
client.connect(hostname='192.168.1.1', username='huawei', key_filename='id_rsa')
I dont think we need
B. import paramiko
paramiko.Transport as we
client = paramiko.Transport(('192.168.1.1', 22))
are trying to ssh not build
client.connect(username='huawei', key_filename='id_rsa')
an ssh tunnel, that rules
C. import paramiko
out B and D :(
client=paramiko.client.SSHClient()
I think A
client.connect(hostname='192.168.1.1', username=1 huawei', pkey='idrsa')
D. import paramiko
c as well if it says
key = paramiko.RSAKey.from_private_key_file('id_rsa')
pkey=‘id_rsa’
client = paramiko.Transport((192.168.1.1', 22)
client.connect(username=huawei', pkey-key
pkey-key
Answer: B
Maybe B will check tomorrow
75.YANG is the data modeling language of NETCONF. The client can compile RPC operations into
XML-formatted messages. XML follows the constraints of the YANG model for communication between
the client and the server.
Which of the following XML content is written against this data model?
A)
B)
18 / 149
The safer , easier way to help you pass any IT exams.
C)
D)
A. Option A
B. Option B
C. Option C
19 / 149
The safer , easier way to help you pass any IT exams.
D. Option D
Answer: C
I think D - its the example on
https://support.huawei.com/enterprise/en/doc/EDOC1100270080/ddcce2b6/yang-model
76.Which of the following is the default port number for the northbound API of iMaster NCE-Campus?
A. 18000
B. 18002
C. 18008
D. 18006
Correct
Answer: B
77.In the request header field of the HTTP request message, which of the following fields is used to
identify the MIME type?
A. Content-Type
B. Data-Type
C. Referer
D. MIME-Type
Answer: A
Correct
78.The engineer wants to log in to the Huawei device remotely. When writing the SSH Python script, the
Paramiko library is used to write the following code:
Cli=ssh.invoke_shell（）
Cli. send（‘screen-length 0 temporary\n'）
Which of the following is the role of screen-length 0 temporary?
A. Cancel split screen display
B. Do word wrapping
C. Cancel word wrap
D. Perform split screen display
Correct
Answer: A
79.As shown in the figure, the gateway of the PC is located in the aggregation switch. If you want to
realize the load sharing of the gateway device, which of the following descriptions is wrong?
20 / 149
The safer , easier way to help you pass any IT exams.
A. Set different gateway addresses on the PC so that traffic is sent to different gateways in a balanced
manner
B. The VRID parameter only has local significance, so the VRIDs of the two aggregation switches about
the same virtual router can be different
C. It is necessary to configure the priority to make the aggregation switch become the master device of
the two virtual routers respectively
D. Multiple VRRP backup groups need to be configured on the aggregation switch
Two devices in a single VRRP backup group must be
Answer: B Correct
configured with the same virtual router ID (VRID)
80.In BGP4+, which of the following descriptions is correct about the content of the next hop network
address field carried by the MP_REACH NLRI attribute in the Update message?
A. Only link-local addresses
B. Can only be a global unicast address
C. Can carry link-local addresses and global unicast addresses at the same time
D. Can be just a link-local address The Next_Hop attribute of BGP4+ is in the format of an IPv6 address,
Answer: C Correct
and can be an IPv6 global unicast address or the link-local address of
a next hop.
81.After the interface sticky MAC function is enabled on the device, what is the number of MAC
addresses learned by the interface by default?
A. 5
By default, an interface enabled with the sticky MAC address function
B. 15
can learn only one sticky MAC address.
C. 1
D. 10
correct
Answer: C
82.Which of the following token bucket technologies is used in traffic shaping??
A. Double barrel single speed
single-rate-single-bucket
B. Single barrel double speed
C. Single barrel single speed
If others needed
D. Double barrel double speed
single-rate-dual-bucket
dual-rate-single-bucket
Answer: C
83.In the controller public cloud deployment scenario, if you use the Huawei Registration Query Center to
deploy, you do not need to configure DHCP Option148 on the campus DHCP server.
If an independent DHCP server is deployed on the campus network, you can configure an
A. TRUE
IP address pool and the DHCP Option 148 field on the DHCP server. When the device to
B. FALSE
be deployed obtains an IP address from the DHCP server, it also obtains the IP address/
Answer: B
URL and port number of iMaster NCE-Campus to complete the registration and
I think correct
onboarding process.
84.In free mobility, if the authentication point device and the policy enforcement point device belong to the
same device, you need to subscribe to the IP-Group entry to view the user IP-Group information.
A. TRUE
B. FALSE
The IP-security group entry subscription function is used if Policy
enforcement points are deployed on a different device from authentication
Answer: B
Correct
control points or if Multiple authentication control points exist
21 / 149
The safer , easier way to help you pass any IT exams.
85.In the scenario of dynamically establishing a VXLA tunnel through BGP EVPN, BGP EVPN advertises
the host's MAC address information to the remote VTEP through Type 5 routes.
A. TRUE
B. FALSE
Answer: B
Correct
86.View the running configuration in memory through the "display current-configuration" command.
A. TRUE
EVPN Type 1 Ethernet auto-discovery (A-D) route
B. FALSE
EVPN Type 2 routes, also called MAC/IP advertisement route
Answer: A
EVPN Type 3 routes are used by VTEPs to advertise L2VNIs
and VTEP IP addresses to each other
87.As long as FIT-AP is added in NCE, the AP can go online normally.
A. TRUE
EVPN Type 5 routes, also called IP prefix routes, are used to transmit network segment
B. FALSE
from Type 2 routes that transmit only 32-bit (IPv4) or 128-bit (IPv6) host routes, Type 5 r
Answer: B
transmit network segment routes with mask lengths ranging from 0 to 32 or 0 to 128 bit
88.In the HUAWEI CLOUD WAN, the controller can plan paths in real time and deliver path information
through PCEP or BGPLS.
A. TRUE
B. FALSE
Answer: A
89.On the premise that the 32-bit host route of the remote host exists on the VXLAN L3 gateway, the L3
gateway can enable the local ARP proxy under the VBDIF interface to reduce the broadcast of ARP
packets. For packets destined for the remote host, the L3 gateway will match the host route for Layer 3
forwarding. BGP-LS is used by the SDN controller to collect network topology information from forwarder.
PCEP is used by the controller to control tunnel paths on forwarders in MPLS network
A. TRUE
B. FALSE optimization scenarios
Answer: A I think its false, BGP LS dose not deliver path info, just collects info
Should be B - False
90.The Huawei iMaster NCE-WAN controller delivers the configuration to the CPE through the NETCONF
protocol.
A. TRUE
: iMaster NCE-WAN manages CPEs via NETCONF and interconnects
B. FALSE
with third-party applications via RESTful APIs
Answer: A
Correct
91.In the virtualized campus network scenario deployed by iMaster NCE-Campus, which of the following
descriptions about configuring network service resources is correct?
A. Network service resources include DHCP server, RADIUS server, Portal server, and other servers, etc.
B. If the scene is selected as "Directly Connected Switch", it means that Border adds the interconnection
port to the interconnection VLAN in an untagged way
C. The interconnection address in the network service resource must belong to the "interconnection IP" in
the "Underlay Automation Resource Pool"
D. Configuring network service resources is to configure the global resource pool of Fabric
22 / 149
The safer , easier way to help you pass any IT exams.
Answer: A
92.How many bits are there in the label field of MPLS?
A. 1
B. 8
C. 20
D. 3
Answer: C
93.In the description of DHCP Snooping, which one is wrong?
A. DHCP Snooping can prevent illegal attacks by setting trusted ports
B. When the DHCP snooping function is enabled in the interface view, the function of assigning all DHCP
packets on the interface will take effect.
C. If DHP Snooping is enabled in VLAN view, the command function of DHCP packets received by all
interfaces of the device belonging to the VLAN will take effect.
D. Enable DHCP Snooping globally, and the device only processes DHCPv4 packets by default without
any post-parameters
Answer: D
94.Which of the following routing types does EVPN use to achieve fast convergence and split horizon?
A. Inclusive Multicast Route
B. MAC/IP Advertisement Route
C. Ethernet Segment Route
D. Ethernet Auto-discovery Route
Answer: D
95.Which of the following is the meaning of the ipv6 enable topology ipv6 command in IS-IS protocol
view?
A. has no meaning
B. SPF calculation is performed separately in the topology of IPv4 and IPv6
C. SFF calculation without IPv6 support
D. IPv4 and IPv6 use the same topology for SPF calculation
Answer: B
96.Which of the following descriptions about the principle of DHCP is wrong?
A. DHCP supports assigning a fixed IP address to a specified terminal. This assignment mechanism is
called DHCP static assignment.
B. When the DHCP client and the DHCP server are on different Layer 3 networks, a DHCP relay needs to
be configured to forward packets between the client and the server
C. The Options field in the DHCP packet adopts a TLV structure, which can carry parameter information
such as the NTP server address, AC address, and log server address.
D. If only the information of the gateway and DNS server needs to be delivered to the DHCP client, the
DHCP Offer packet sent by the DHCP server to the client will not carry the Options field
Answer: D
23 / 149
The safer , easier way to help you pass any IT exams.
97.Which of the following descriptions about the VXLAN gateway is wrong?
A. XLAN Layer 3 gateway is used for cross-subnet communication of VXLAN virtual network and access
to external network (non-VXLA network)
B. VBDIF is a logical interface created based on BD, similar to the concept of VLANIF in traditional
networks
C. Both XLAN Layer 2 and Layer 3 gateways must maintain the VBDIF interface, otherwise users cannot
communicate normally through this interface
D. The XLAN Layer 2 gateway enables traffic to enter the VXLAN virtual network, and can also be used to
implement the same subnet communication within the same VXLAN virtual network
Answer: C
98.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, for the VTEP peer to
generate BGP EVPN Type 2 routes based on the local terminal ARP information, which of the following
commands needs to be enabled on the VBDIF interface?
A. arp collect host enable
B. arp-proxy enable
C. mac-address xxxx-xxxx-xxxx
D. arp distribute-gateway enable
Answer: A
99.When configuring access authentication, it is necessary to define the contents authorized to the user in
the authorization result, which one of the following is not included?
A. Security Group
B. ACL
C. VLAN
D. IP address
Answer: D
100.In the Huawei SD-WAN solution, which of the following protocols is used for the control channel?
A. Static routing
B. BGP4
C. BGP VPNv4
D. BGP EVPN
Answer: D
101.Which of the following descriptions about SR-MPLS BE and SR-MPLS TE is correct?
A. SR-MPLS BE supports creating a tunnel by specifying Node SID and Adjacency SID at the same time
B. Both SR-MPLS BE and SR-MPLS TE support tunnel creation by specifying the Adjacency SID
C. SR-MPLS TE supports creating a tunnel by specifying Node SID and Adjacency SID at the same time
D. When creating an SR-MPLS BE, you can specify the necessary routers
Answer: C
24 / 149
The safer , easier way to help you pass any IT exams.
102.The network administrator enters display telemetry sensor Sensor1 on the device to view the related
information of the Telemetry sampling sensor Sensor1, and the output is as follows. Which of the
following descriptions is wrong?
A. Telemetry samples CPU information, memory information, and MAC address table
B. The device is configured with three Telemetry sampling paths
C. For the sampling path huawei-mac: mac/macAddrSurmarys/macAddrSurmary, when the capacity of
the mac address table does not reach 40000, the device will continue sampling
D. The device can continue to add Telemetry sampling paths
Answer: B
103.The <config> operation of the NETCONF protocol may contain an optional "operation" attribute, that
is used to specify the operation type "operation" for configuration data that does not include which of the
following?
A. create
B. remove
C. update
D. merge
Answer: C
104.There are various types of northbound interfaces, ranging from SUMP, CORBA, SMP to REST, but
nowadays the northbound interfaces of various devices are gradually evolving to REST interfaces.
Which of the following is NOT a reason to use REST?
25 / 149
The safer , easier way to help you pass any IT exams.
A. REST adopts a stateless design
B. REST standardizes URI naming
C. REST realizes front-end and back-end coupling
D. REST has good cross-platform compatibility
Answer: A
105.Which of the following protocols can be used by the iMaster NCE service open and programmable to
complete the device configuration?
A. BGP
B. CLI/SSH
C. NETCONF
D. SNMP
Answer: C
106.Which of the following descriptions about labels is wrong?
A. The principle to be followed when manually assigning labels is: the value of the outgoing label of the
upstream node is the value of the incoming label of the downstream node
B. Dynamic LSPs are dynamically established through label distribution protocols, such as MP-BGP,
RSVP-TE, LDP
C. LSPs are classified into two types: static LSPs and dynamic LSPs: static LSPs are manually
configured by the administrator, and dynamic LSPs are dynamically established using label protocols.
D. LSPs established by statically assigning labels can also be dynamically adjusted according to network
topology changes without administrator intervention
Answer: D
107.In the data header, which of the following fields cannot be used for simple flow classification?
A. DSCP
B. Protocol
C. EXP
D. 802.1P
Answer: B
108.Which of the following descriptions about the functions of Ping and Tracert is correct?
A. Tracert has the same function as Ping, but the name is different
B. Tracert must be able to trace the IP address of each hop from the source to the destination
C. Ping verifies the reachability from the local end to the peer end, but it does not mean that the peer end
to the local end must be reachable
D. Ping detects the two-way reachability with the peer through the one-way icmp echo request message
Answer: C
109.Which of the following NPLS L3VPN cross-domain solutions does not need to run MPLS between
ASBRs?
A. Option B
B. Option D
26 / 149
The safer , easier way to help you pass any IT exams.
C. Option A
D. Option C
Answer: C
110.When the network administrator tried to access the internal network device through Telnet, it was
found that it could not be accessed.
Which of the following is impossible?
A. The protocol inbound all is configured on the VTY user interface
B. The route is unreachable, and the client and server cannot establish a TCP connection
C. ACL is bound in the VTY user interface
D. The number of users logged into the device has reached the upper limit
Answer: A
111.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, which of the
following routes is used by BGP EVPN for MAC address advertisement, ARP information advertisement
and IRB route advertisement?
A. Type1
B. Type3
C. Type4
D. Type2
Answer: D
112.A company's headquarters network and branch network are interconnected through the Internet. If
VPN technology is used to realize secure and reliable data transmission between headquarters users and
branch users, which of the following VPN technologies is most suitable?
A. SSL VPN
B. MPLS VPN
C. L2TP VPN
D. IPsec VPN
Answer: D
113.Which of the following descriptions about access control for small and medium-sized campuses is
wrong?
A. iMaster NCE supports directly as an authentication server
B. Cloud AP supports Portal local authentication
C. iMaster NCE supports connection to third-party RADIUS servers
D. iMaster NCE supports as a portal relay device
Answer: D
114.Which of the following descriptions about data encryption methods is wrong?
A. Data encryption methods are divided into symmetric encryption and asymmetric encryption
B. Symmetric encryption algorithms use the same key to encrypt and decrypt data
C. Asymmetric encryption uses public key encryption and private key decryption
27 / 149
The safer , easier way to help you pass any IT exams.
D. The key used by the symmetric encryption algorithm must be exchanged by mail, otherwise there is a
risk of key leakage
Answer: D
115.IPsec SA (Security Association) triple does not include which of the following parameters?
A. Source IP address
B. Security protocol number (AH or ESP)
C. Destination IP address
D. Security Parameter Index SPI (Security Parameter Indez)
Answer: A
116.Which of the following descriptions about GRE tunnels is incorrect?
A. GRE can encapsulate IPv4 unicast packets
B. The implementation mechanism of GRE is simple, and the burden on the devices at both ends of the
tunnel is small.
C. GRE can encapsulate IPv6 unicast packets
D. GRE can encapsulate IPv6 broadcast packets
Answer: D
117.If there are multiple service packets on the same link, in order to give priority to the use of
high-priority applications when the link is congested, and low-priority applications to avoid high-priority
applications when congestion occurs, then you should choose Which of the following is an intelligent
routing strategy?
A. Routing based on link priority
B. Routing based on application priority
C. Routing based on link bandwidth
D. Routing based on link quality
Answer: B
118.SR-MPLS TE distributes MPLS labels through which of the following protocols?
A. RSVP-TE
B. PCEP
C. IGP
D. LDP
Answer: C
119.The deployment of a virtualized campus network is shown in the figure. In this scenario, which
method should be used to interconnect the fabric with the external network?
28 / 149
The safer , easier way to help you pass any IT exams.
A. Layer 2 shared egress
B. Layer 3 Shared Export Mode
C. Layer 2 exclusive export method
D. Layer 3 exclusive export method
Answer: A
120.Which of the following is not a principle that needs to be followed when designing an SR-MPLS Policy
tunnel?
A. The traffic of a single tunnel should not be too large. To facilitate progress in bandwidth tuning
B. Business traffic and tunnel association. Achieve a certain level of path visibility
C. Consider possible future network expansion
D. Increase the number of tunnels as much as possible. The more the number of tunnels, the more
refined the high-level service can be separated and the service quality can be guaranteed
Answer: D
121.The OPS (Open Progrannability System. Open Programmable System) function of Huawei network
equipment uses the HTTP protocol method to access the management objects of network equipment. To
facilitate users to write scripts, Huawei provides Fython script templates for the OPS function. Which of
the following is the content of the header fields "Content-type" and "Ahccept" in the HTTP request
message sent in the Pythorn script template?
A. text/xml, text/json
B. text/json, tcxt/xml
C. text/json. text/json
D. text/xml, text/xsml
Answer: D
122.Which of the following descriptions cannot be the cause of the dual-active failure of the VRRP backup
group?
A. The master device sends 1 notification message per second
B. VRRP backup group IDs on both ends are different
C. The link that transmits VRRP advertisement packets is faulty
29 / 149
The safer , easier way to help you pass any IT exams.
D. The low-priority VRRP backup group discards the received VRRP advertisement packets as illegal
packets
Answer: A
123.MACsec can provide users with secure MAC layer data transmission and reception services.
Which of the following is not a service provided by MACsec?
A. Integrity Check
B. Controllability Check
C. User Data Encryption
D. Data source authenticity verification
Answer: B
124.Which of the following regular expressions can match only the EGP route entries that pass through
AS300 and then AS200?
A. 200$/300$
B. _[200 300]_
C._(200 300)_
D.^200l^300
Answer: B
125.Which of the following descriptions about TTL in MPLS Header is correct?
A. To control label distribution
B. Limiting LSR
C. Similar to the TTL in the IP header, it is used to prevent packet loops
D. Control of upstream equipment for label distribution
Answer: C
126.As shown in the figure, OSPF is enabled on all interfaces of the router. Which of the following
statements is correct?
30 / 149
The safer , easier way to help you pass any IT exams.
A. The Type1 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
B. The Type5 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
C. The Type2 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/24
D. The Type3 LSA generated by R2 in area 0 contains the routing information of 10.0.2.2/32
Answer: A
127.During HTTP communication, the client only sends one request for each HTTP connection, and once
the server response data is sent, the connection will be released.
To solve this problem, which header field extension is used so that the HTTP session can be maintained
without immediate disconnection?
A. Session
B. Cookie
C. Set-Cookie
D. Connection
Answer: D
128.As shown in the figure, if you want to realize that only legitimate users (users who obtain IP
addresses through a legitimate DHCP server or specific static IP users) are allowed to access the network
in this network, which of the following solutions can be used?
A. DAI +Port Security
B. DHCP Snooping+IPSG
C. DHCP Snooping+DAI
D. DAI+IPSG
31 / 149
The safer , easier way to help you pass any IT exams.
Answer: B
129.In order to enable the VPN instance to advertise IP routes to the BGP-EVPN address family, which of
the following commands needs to be enabled in the BGP view?
A. advertise 12vpn evpn
B. advertise irb
C. advertise vpnv4
D. advertise irbv6
Answer: A
130.An enterprise wants to centrally and securely manage and control Internet traffic. Which of the
following Internet access methods is more appropriate?
A. Internet access by priority
B. Centralized Internet access
C. Hybrid Internet access
D. Local Internet access
Answer: B
131.In the MA network environment, all IS-IS routers enable the SR-MPLS function. Which of the
following descriptions is correct?
A. DIS will collect the SRGB of each device in the MA network and advertise it to other routers
B. If SR-MPLS is enabled, there is no need to elect DIS
C. The LSP generated by DIS will describe all IS-IS routers in the network
D. DIS will generate a special Node ID
Answer: A
132.As shown in the figure, PE1 has enabled the OSPF-based SR-MPLS function. Based on this, it is
inferred that the label when PE1 forwards data packets to 10.0.3.3 is which of the following?
32 / 149
The safer , easier way to help you pass any IT exams.
A. 24003
B. 24004
C. 3
D. 24001
Answer: A
133.MPLS LDP can be used to build BGP/MPLS IP VPN bearer tunnels. Which of the following
descriptions about MPLS LDP is wrong?
A. The default label publishing and management methods adopted by Huawei devices are: downstream
autonomous mode (DU) + ordered label control mode (Ordered) + free label retention mode (Liberal)
B. MPLS LDP tunnels are established based on IP shortest paths, and tunnel forwarding path planning
cannot be performed
C. LDP, RSVP-TE, MP-BGP share the label space of 1024~1048575
D. Due to its relatively simple configuration and maintenance, BGP/MPLS IP VPNs are widely used in
carrier WAN bearer networks and enterprise WAN bearer networks
Answer: B
134.SR-MPLS Policy is one of the current mainstream ways to implement SR-MPLS. Which of the
following descriptions about SR-MPLS Policy is wrong?
A. Common SR-MPLS Policy application scenarios the controller collects information such as network
topology, network bandwidth, link delay, etc., calculates the SR-MPLS Policy tunnel according to service
requirements, and delivers the policy to the head node
B. A candidate path can contain multiple forwarding lists, load balancing based on weights
C. An SR-MPLS Policy is identified by the triplet <headend, color, endpoint>
D. Multiple candidate paths can be defined, and the candidate paths form a master-standby or
load-sharing relationship according to their priorities
Answer: D
33 / 149
The safer , easier way to help you pass any IT exams.
135.The NETCONF protocol provides a mechanism for managing network devices. The operation object
of NETCONF is the configuration library of network devices. Which of the following descriptions of the
configuration library is wrong?
A. <delete-config> is an operation on the startup configuration library
B. The configuration library of network devices can be divided into candidate configuration library, running
configuration library, and startup configuration library
C. <validate> is the operation on the candidate configuration library
D. <commit> will submit the configuration in the startup configuration library as the configuration in the
running configuration library
Answer: D
136.The establishment of an SSH connection needs to go through multiple stages in turn. Which of the
following descriptions is correct?
A. Version negotiation stage, algorithm negotiation stage, key exchange stage, user authentication stage,
session interaction stage
B. Version negotiation phase, user authentication phase, key exchange phase, algorithm negotiation
phase, session interaction phase
C. Version negotiation stage, user authentication stage, algorithm negotiation stage, key exchange stage,
session interaction stage
D. Version negotiation stage, key exchange stage, algorithm negotiation stage, user authentication stage,
session interaction stage
Answer: A
137.Which of the following descriptions about the purpose of configuring LSP fragmentation on IS-IS
equipment is correct?
A. Make the device unable to establish IS-IS neighbors
B. Enable the device to support more IS-IS routing entries
C. Have no practical purpose
D. Prevent the device from learning IS-IS routing information
Answer: B
138.Which of the following tools cannot be used to match BGP routing entries?
A. Community Filter
B. IP Prefix List
C. Basic ACL
D. Advanced ACL
Answer: D
139.Which of the following NAT64 prefixes do not require manual configuration by the administrator?
A. 64:FF9B::/16
B. 64:FF9B::/32
C. 64:FF9B::/64
D. 64:FF9B::/96
34 / 149
The safer , easier way to help you pass any IT exams.
Answer: D
140.In order to advertise IPv6 routes in BGP4+, what fields are added to the Update message?
A. A new path attribute: IPv6_REACH_NLRI
B. A new path attribute: MP_REACH_NLRI
C. A new path attribute: MP_UNREACH_NLRI
D. A new NLR type: IPv6_NLRI, which carries IPv6 NLRI prefix 1ength and IPv6 NLRI prefix
Answer: B
141.In the VXLAN network, which of the following is used to realize cross-subnet communication within
the VXLAN network and access to the external network (non-VXLAN network) from the VXLAN network?
A. VXLAN L2Gateway
B. VLANIF interface
C. NVE interface
D. VXLAN L3 Gateway
Answer: D
142.For scenarios that need to support advanced security functions such as URL filtering, IPS, security
defense, and AV anti-virus, and need to support multi-link uplinks, which one of the following can the
export device choose?
A. AP
B. AR
C. AC
D. FW
Answer: D
143.In the VXLAN network, similar to the traditional network using VLAN to divide the broadcast domain,
VXLAN identifies the broadcast domain locally according to which of the following?
A. VRF
B. BD
C. VNI
D. NVE
Answer: B
144.EVPH supports multiple service modes. In which of the following service modes, an interface can
only be used by a single user?
A. VLAN Based
B. Port Based
C. VLAN Bundle
D. VLAN-Aware Bundle
Answer: A
35 / 149
The safer , easier way to help you pass any IT exams.
145.During the implementation of the Wi-Fi-based location service of iMaster NCE-Campus, the terminal
data is reported to the location service platform by HTTP request. Which of the following HTTP methods
is used for this HTTP request?
A. PUI
B. POST
C. DELETE
D. GET
Answer: D
146.In Huawei's access control solution, which of the following user authentication methods is not
supported by portal authentication?
A. Based on Passcode
B. SMS-based verification code
C. Based on the user's MAC address
D. Username based password
Answer: C
147.Which of the following tunneling technologies is used in Huawei SD-WAN solution to establish data
channels?
A. GRE over IPsec
B. MPLS
C. IPsec
D. Vxlan
Answer: A
148.NCE-campus has some key parameters when configuring access authentication and authorization,
which one of the following is not included?
A. Certification Rules
B. Result name
C. Site binding
D. Authorized Security Groups
Answer: C
149.Which AP is independent, can manage a small number of APs, has low cost, and does not require
high management skills?
A. Leader AP
B. FIT AP+AC
C. FAT AP
D. Agile distribution of AP
Answer: A
150.Before the SSH client uses public key authentication to connect to the SSH server, it needs to create
a key pair in advance. The client uses Git Bash to create a DSS key pair. Which of the following
commands is used to create it?
36 / 149
The safer , easier way to help you pass any IT exams.
A. ssh-keygen -t rsa
B. ssh-keygen -t dss
C. ssh-keygen -t ecc
D. ssh-keygen -t dsa
Answer: B
151.In SD-WAN, after deploying NAT in RR, what kind of features are required?
A. NAT SERVER
B. 1:1 NAT
C. NAT444
D. ALG
Answer: B
152.Which of the NCE-Campus descriptions about the access management configuration is wrong?
A. A template can only have one authentication method
B. NCE device can be used as Radius server or portal server
C. Fabric needs to specify wired or wireless templates
D. Before creating a user template, you must first create a server template
Answer: A
153.When configuring SR-MPLS, which of the following is not mandatory?
A. Enable MPLS
B. Enable SR
C. Configure LSR-ID
D. Link configuration Adj-Sid
Answer: D
154.Traffic monitoring does not include monitoring which of the following?
A. Management plane traffic
B. Control Plane Traffic
C. Monitor plane traffic
D. Data plane traffic
Answer: C
155.There are three roles in strategy linkage. Which of the following is not?
A. Authentication Control Point
B. Terminal
C. Policy enforcement point
D. Certification enforcement point
Answer: C
156.In SD-WAN, CPE is located in the private network area behind the NAT device. NAT technology is
required between CPE. Which technology in SD-WAN enables NAT between CPE?
A. STUN
37 / 149
The safer , easier way to help you pass any IT exams.
B. IPSEC
C.NAT SERVER
D. ALG
Answer: A
157.Engineers often log in to the device remotely to check the status of the device. Now engineers want
to realize automatic remote login through Python script, they can use Python Paramiko library and
telnetlib library to achieve the above requirements. Using telnetlib to achieve remote login is more secure.
A. TRUE
B. FALSE
Answer: B
158.In an MPLS domain, LSR can be divided into Ingress LSR, Transit LSR and gross LSR according to
the different processing methods of LSR for data. For the same FEC, a certain LSR can be the Ingress
LSR of the FEC or the Transit LSR of the FEC.
A. TRUE
B. FALSE
Answer: A
159.The business package (Specific Service Plugin, SSP) implements the mapping by using the jinja2
template. The jinja2 syntax {%...%} contains control structures (ControllStructures), such as for loops.
A. TRUE
B. FALSE
Answer: A
160.When OSPFv2 evolves to OSPFv3, the LSA format and function are exactly the same, but the
network layer address in the LSA is changed from IPv4 to IPv6.
A. TRUE
B. FALSE
Answer: B
161.. Which of the following security protection actions can be performed by a secure MAC address does
not include?
A. Remark
B.Shutdown
C. Restrict
D. Protect
Answer: A
162.In the SSH algorithm negotiation phase, the two parties exchange the list of algorithms they support.
The symmetric encryption algorithm list of the SSH server is: aes256-ctr, aes192-ctr, aes128-ctr,
aes256-cbc.
The list of symmetric encryption algorithms of the SSH client is: aes128-c9-ctr, aes256-ctr, aes256-cbc.
Which of the following is the symmetric encryption algorithm that both parties will use?
38 / 149
The safer , easier way to help you pass any IT exams.
A. aes128-ctr
B. aes192-ctr
C. aes256-cbc
D. aes256-ctr
Answer: A
163.Huawei network equipment provides the OPS function. Which of the following commands can view
the information of the OPS script installed on the network equipment?
A. check ops script
B. display ops file
C. display ops script
D. check ops file
Answer: C
164.Which of the following descriptions about the application scenarios of the 0PS function is wrong?
A. In the scenario of using the OPS function to automatically deploy devices with empty configuration, the
function of the Python script is to obtain the server addresses of software and configuration files, and to
download system software and configuration files
B. The user needs to realize the function of automatically sending the configuration file to the server after
the network device configuration is saved. This can be achieved by creating a timer type trigger condition
through the maintenance assistant and executing the Python script regularly.
C. Using the OPS function can reduce the impact of the network environment in some cases. For
example, when transmitting collected information to the server, the Python script can realize that when
the network is unavailable. The function of temporarily storing the execution result in the device and
transferring it to the server after the network is restored.
D. Using OPS can realize the function of automatically checking the health status of the device.
Answer: B
165.Which of the following protocols does not support SR-MPLS?
A. BGP
B. IS-IS
C. OSPF
D. RSVP-TE
Answer: D
166.Telemetry is a technology that collects data remotely from physical or virtual devices at high speed.
Which of the following is NOT a component of the data layer for a mode that uses gRPC push?
A. Notification message layer
B. Telmetry layer
C. RPC layer
D. Business data layer
Answer: A
39 / 149
The safer , easier way to help you pass any IT exams.
167.In the virtualized campus network deployed through iMaster NCE-Campus, in the "network planning"
stage, which of the following is not an operation that the administrator needs to complete?
A. Deploy Overlay Access Resource Pool
B. Create an authentication template
C. Deploy the Fabric global resource pool
D. Deploy the Underlay automation resource pool
Answer: A
168.In the virtualized campus network design, which of the following descriptions about the Fabric
networking design is wrong?
A. Single/dual Border networking can be selected according to different scenarios, in which the VXLAN
centralized gateway supports single Border or dual Border deployment at the same time.
B. If users in multiple VNs want to access the same external network, and the security policies of each VN
are different, you can configure the VN to connect to the external network through Layer 3 exclusive
egress.
C. If you want to use the original access switches (which do not support VXLAN), you can deploy VXLAN
covering the core layer to the aggregation layer
D. When the terminal scale is small, a centralized gateway network can be selected, in which Border acts
as a gateway to manage the network uniformly.
Answer: A
169.Both SNMP and NETCONF can be used for the management of network devices. Which of the
following descriptions about these two protocols is correct?
A. When Huawei switches need to be managed through NETCONF, the NETCONF parameters of each
switch must be manually configured by default.
B. Both protocols adopt the Client/Server architecture, with NMS as the server and the managed network
device as the client
C. When Huawei switches need to be managed through SNMP, the SNMP parameters of each switch
must be manually configured by default.
D. Both protocols manage different objects through MIB on network devices
Answer: C
170.Which of the following commands can be used to adjust the link cost of the IS-IS interface?
A. isis cost
B. isis timer hello
C. isis circuit-type
D. isis circuit-level
Answer: A
171.Execute the print(r.json()) command in the Python script, and the print output is as follows;
The output contains multiple elements, and now the value of token_id needs to be filtered out and
assigned to the variable id. Which of the following is the correct command?
{'data': {'token_id': 'x-eonsfw', 'expirelate': '2020-07-07-07:30:00' }, 'errcode': '0', 'errmsg': 'get token'
successfully' }
40 / 149
The safer , easier way to help you pass any IT exams.
A. id=r.json()['data']['token_id']
B. id=r.json(){'data'}{'token_id'}
C. id= r.json()('data')('token_id')
D. id = r.json()('token_id')
Answer: A
172.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, when using BGP
EVPN Type 2 routes for host MAC address advertisement, which of the following descriptions is correct?
A. Will carry specific L2 VNI and L3 VNI values at the same time
B. Will carry the specific L3 VNI value
C. The RT value carried is the Export RT in the IP VPN instance
D. IP Address and IP Address Length fields will not carry specific content
Answer: D
173.In the virtual campus network scenario deployed through iMaster NCE-Campus, after VN are created,
VN interworking needs to be configured.
Which of the following descriptions about configuring VN interworking is correct?
A. Actually, OSPF is deployed for the VPN-Instance corresponding to the VN
B. Actually, a static route is created for the VPN-Instance corresponding to the VN
C. Actually deploying routing strategies
D. Actually deploying traffic filtering
Answer: B
174.In a small and medium-sized cloud-managed campus network scenario based on the HUAWEI
CLOUD campus network solution, which of the following components provides query services for devices
to automatically go online?
A. WLAN Planner
B. Registration Inquiry Center
C. CloudCampus APP
D. iMaster NCE-campusInsight
Answer: C
175.A campus network deploys the Free Mobility function through iMaster NCE-campus, and the
configured policy control matrix is shown in the figure.
Policy Control Matrix:
41 / 149
The safer , easier way to help you pass any IT exams.
Which of the following statements about the policy control matrix is wrong?
A. If the policy enforcement point does not find the security group corresponding to an IP address, the
traffic of the IP address can access the server group
B. The sales group cannot communicate with the guest group
C. The guest group can access the guest group
D. If the server group is a resource group, you can configure the policy source for the server group
Answer: D
176.Man-in-the-middle attacks or IP/MAC spoofing attacks can lead to information leakage and other
hazards, and are more common in intranets. Which of the following configuration methods can be taken
to prevent man-in-the-middle attacks or IP/MAC spoofing attacks?
A. Limit the maximum number of MAC addresses that can be learned on the switch interface
B. Enable DHCP Snooping to check the CHADDR field in the DHCP REQUEST message
C. Configure DHCP Snooping on the switch to associate with DAI or IPSG
D. Configure the Trusted/Untrusted interface
Answer: C
177.In the firewall dual-system hot backup scenario, which protocol is used between the active and
standby devices to implement session table backup?
A. VRRP
B. VCMP
C. HRP
D. BFD
Answer: C
178.When using EVPN to carry VPLS, which of the following descriptions about the advantages of EVPN
is wrong?
A. PE does not need to learn the MAC address of CE
B. Support automatic discovery of PE members
C. EVPN supports CE multi-active access to PE
D. Loop avoidance without hard running STP
Answer: D
42 / 149
The safer , easier way to help you pass any IT exams.
179.Which of the following descriptions about the BGP/MPLS IP VPN network architecture is wrong?
A. In general, CE devices cannot perceive the existence of VPN, and CE devices do not need to support
MPLS, MP-BGP, etc.
B. The P device only needs to have basic MPLS forwarding capabilities and does not maintain
VPN-related information
C. The BGP/MPLS IP VPN network architecture consists of three parts: CE, PE and P. PE and P are
operator equipment, and CE is BGP/MPLS IP VPN user equipment
D. Sites can access each other through VPN, and a site can only belong to one VPN
Answer: D
180.RESTCONF and NETCONF are both protocols used to manage the configuration of network devices.
Which of the following statements about RESTCONF and NETCONF is wrong?
A. The data encoding format of RESTCONF supports XML or JSON
B. RESTCONF uses HTTP operations, stateless, with transaction mechanism, with rollback
C. The operation methods of RESTCONF are GET, POST, PUT, PATCH, DELETE
D. NETCONF operates multiple configuration libraries for devices, with transaction mechanism and
rollback
Answer: B
181.The role of Link-LSA in OSPFv3 does not include which of the following?
A. Advertise the IPv6 prefix list of this interface to other routers on the link
B. Advertise the options set in the Network-LSA originating from this link to other routers on the link
C. Advertise the link-local address of this interface to other routers on the link
D. Advertise the router's interface ID to other routers on the link
Answer: D
182.Which of the following is not part of the operation process in the intermediate stage of cutover?
A. Business testing
B. Cutover Preparation
C. Cutover Implementation
D. Field Defence
Answer: D
183.Which of the following descriptions about the OSPFv3 Router-ID is correct?
A. 100-bit value
B. 64-bit value
C. 128-bit value
D. 32-bit value
Answer: D
184.As shown in the figure, SW1 and SW2 use asymmetric IRB forwarding. When PC1 communicates
with PC2, which of the following is the destination MAC address of the original data frame in the message
sent by VTEP1 to VTEP2?
43 / 149
The safer , easier way to help you pass any IT exams.
A. MAC A
B. MAC D
C. MAC C
D. MAC B
Answer: B
185.As shown in the figure, R1 and R4 establish a GRE tunnel to transmit data sent from PC1 to PC2.
The TTL of the inner header of the packet sent from the GEO/0/1 interface of R1 is 126. Which of the
following is the inner TTL of a packet sent by interface 0/3?
A. 124
B. 125
C. 127
D. 126
Answer: C
186.The figure shows the IPv6 SR-Policy routing information on a router. Which of the following does [10]
mean?
A. distinguisher
B. policycolor
C. Turnnel ID
D. endpoint
Answer: A
44 / 149
The safer , easier way to help you pass any IT exams.
187.The OPS (Open Progranmrability System) function of Huawei network equipment uses the HTTP
protocol method to access the management objects of network equipment. To facilitate users to write
scripts, Huawei provides Python script templates for the OPS function.
The following is the internal call method rest_call of the OPSCornection class in the OPS script template.
Which of the following descriptions is correct?
A. The response.status in the rest_call method is the status code
B. The response.reason in the rest_call method is the reason phrase used to interpret the status code
C. The parameter method in rest_call (self, method, uri, req_data), the value can be DELETE, GET, SET,
CREATE
D. The values of self.host and self.port in the rest_call method are "localhost".80 respectively
Answer: C
188.Based on the information given in the figure, which of the following statements is correct?
A. The IS-IS interface type of the GE0/0/0 interface on R1 is Leve1-1-2
B. IS-IS IPv6 is not enabled on the GE0/0/1 interface of R1
C. IS-IS IPv6 is enabled on the GE0/0/0 interface of R1
D. The IS-IS interface type of the GE0/0/1 interface of R1 is Level-1
Answer: A
189.All routers in a network enable SR-MPLS, and the label information encapsulated by R1 to a data
packet is shown in the figure. At this time, which of the following is the MPLS label carried when the data
packet is sent from R2 to R4?
45 / 149
The safer , easier way to help you pass any IT exams.
A. 2046
B. 2024
C. Unlabeled
D. 2032
Answer: B
190.Huawei provides Python script templates for OPS functions.
The code of the Main method in the script template is as follows. Which item is wrong in the following
description?
A. ops_conn.close() means to close the HTTP connection
B. rsp_data = get_startup_info (ops_corn) means to call the get_startup_infc method, which will send an
HTP request to the device and store the device's response data in rsp_data
C. ops_conn = OPSConnecticn (host) means to create an instance of the OPSC onnection class
ops_cornn
D. When executing the Python script on the local PC, the value of host needs to be set to the IP address
of the network device
Answer: C
46 / 149
The safer , easier way to help you pass any IT exams.
191.A user wrote the clear_start_info method. Use the oPS function to clear the configuration file of the
current network device, the code is as follows:
Which of the following descriptions is wrong?
A. ret is the HTIP status code
B. When ops_corn.create(uri, req_data) is executed, an HTTP request of the "TPUT" operation type is
sent
C. rsp_data is the response data of the system after the request is executed, the format can refer to the
RESTful API of the network device
D. req_data data is stored in the body part of the HTTP request
Answer: C
192.How to deliver the results of topology arrangement in SD-WAN to RR?
A. Flow table
B. NSPF
C. BGP
D. SNMP
Answer: C
193.Which of the following descriptions about Multi-VPN-Instance CE (MCE) is wrong?
A. On the MCE device, you need to create their own routing and forwarding tables for different VPNs and
bind them to the corresponding interfaces
B. Users who are connected to the same MCE but do not belong to a VPN instance cannot access each
other
C. There must be multiple physical links between MCE and PE to achieve isolation between different VPN
instances
D. Devices with MCE function can access multiple VPN instances in BGP/MPLS IP VPN applications,
reducing the investment in user network equipment
Answer: C
194.OSPFv2 is an IGP running on IPv4 networks, and OSPv3 is an IGP running on IPv6 networks. The
basic working mechanism of OSPFv3 is the same as that of OSFv2, such as the election of DR and BDR.
An engineer uses three routers to test IPv6 services. He wants to realize the interconnection of IPv6
networks by running OSPFv3.
47 / 149
The safer , easier way to help you pass any IT exams.
Which of the following descriptions about the DR election for this network is correct?
A. After the network converges, R1 is the DR
B. After the network converges, the engineer changes the priority of R1 to 100, the priority of R2 to 10,
and the default value of R3. When the network converges again, R1 is DR and R2 is BDR
C. After the network converges, a new device R4 is added to the broadcast link, and the priority of R4 is
150. When the network converges again, R4 is DR
D. After the network converges, R1 is powered off and restarted. When the network converges again. R3
is DR
Answer: B
195.Which of the following EVPN route types does not carry MPLS labels?
A. MAC/IP Advertisement Route
B. Ethernet Segment Route
C. Ethernet AD Route
D. Inclusive Multicast Route
Answer: B
196.Which of the following descriptions about configuring user access authentication is wrong?
A. Configure an 802.1X access profile, MAC access profile, Portal access profile or hybrid authentication
profile based on the authentication requirements of the actual networking
B. To implement network access control for users, it is necessary to determine the domain to which the
user belongs and the AAA scheme used
C. The access profile needs to be bound in the authentication profile to confirm the authentication method
of the user, and then the authentication profile needs to be applied to the interface to enable the network
admission control function
D. If authentication needs to be performed through a RADIUS or HWTACACS server, you need to
configure the relevant parameters for connecting with the authentication server in the AAA scheme
Answer: C
48 / 149
The safer , easier way to help you pass any IT exams.
197.802.1X authentication is deployed in the network shown in the figure. Which of the following packets
cannot trigger 802.1X authentication?
A. DHCP
B. ICMP
C. EAPoL
D. ND
Answer: B
198.Which of the following descriptions about AH (Authentication Header, message authentication
header protocol) is wrong?
A. AH provides anti-message replay function
B. AH provides message encryption function
C. AH provides data source verification
D. AH provides data integrity verification
Answer: B
199.Which of the following protocols is used for the management of Huawei iMaster NCE-WAN
controllers?
A. SNMP
B. HIIP/2
C. NETCONF over DTLS
D. NETCONF over SSH
Answer: D
200.In the MA network environment, all IS-IS routers enable the SR-MPLS function. Which of the
following descriptions is correct?
A. If SR-MPLS is enabled, there is no need to elect DIS
B. DIS will generate a special Node ID
C. DIS will collect the SRGB of each device in the MA network and advertise it to other routers
D. The LSP generated by DIS will describe all IS-IS routers in the network
Answer: C
201.If the SRH extension header is carried, the numbers filled in the next-header of IPv6 are:
A.43
B.49
C.50
D.16
Answer: A
202.Regarding the tunnel, which statement is wrong?
49 / 149
The safer , easier way to help you pass any IT exams.
A. The tunnel is a GRE tunnel
B. The destination address of the tunnel is 10.3.3.3
C. The tunnel enables keepalive detection
D. Keyword detection is not enabled for this tunnel
Answer: C
203.Part of the configuration on the device is shown in the figure. In the following description of this
configuration, which one is wrong?
A. Configure the GigabitEthernet0/0/1 interface as a trusted interface
B. Enabling DHCP Snooping configuration can be used to prevent DHCP Server spoofing
C. Attacks Enabling DHCP Snooping configuration can be used to prevent ARP spoofing attacks
D. If there is no Sub0ptionl information of Option82 in the DHCP request packet received by the
GigabitEthernet0/0/1 interface, the device will generate Option82 and insert it into the packet
Answer: C
204.Which of the following descriptions about MPLS label space is wrong?
A. If the outgoing label value is 0, the router will directly discard the packet
B. Above 1024 is the label space shared by dynamic signaling protocols such as LDP, RSVP-TE,
MP-BGP, etc.
C. When the penultimate LSR performs label switching, if the value of the label after the exchange is
found to be 3, the label will be popped by default and the packet will be sent to the last hop
D. 16~1023 is the label space shared by static LSP and static CR-LSP
Answer: A
205.In free mobility, after the policy enforcement point device receives user traffic.
According to which of the following information carried by the traffic, find the corresponding policy and
execute it, and then forward/discard the traffic?
A. Source/Destination Security Group
B. Source/destination IP address
C. Source/destination port number
D. Source/destination MAC address
Answer: B
206.In the accompanying business travel, which of the following descriptions about "security group" and
"resource group" is correct?
A. When using resource groups, a policy will be generated based on each resource group on the policy
enforcement point device
B. The user IP address of the dynamic security group is not fixed, and the IP address is dynamically
associated with the security group after user authentication
50 / 149
The safer , easier way to help you pass any IT exams.
C. When configuring the policy control matrix, the resource group can be used as the source group and
destination group of the policy
D. For service resources with overlapping IP address sets, they can be distinguished by static security
groups
Answer: B
207.To achieve isolation between different users in the same VLAN, which of the following techniques
can be adopted?
A. IPSG
B. Port isolation
C. Ethernet Port Security
D. Super VLAN
Answer: B
208.A network means that all routers enable SR-MPLS, and the label information encapsulated by R1 for
a data packet is shown in the figure. At this time, which of the following is the forwarding path of the data
packet?
A. R1-R3-R5-R6
B. R1-R2-R3-R5-R6
C. R1-R2-R4-R6
D. R1-R3-R2-R4-R6
Answer: D
209.OSPF supports SR-MPLS through which of the following types of LSA?
A. Type10 opaque LSA
B. Type1 Router L5A
C. Type7 NSSA External LSA
D. Type2 Network LSA
Answer: A
210.As shown in the figure, it is a typical network of "two places and three centers". Which device in the
figure is responsible for branch access to the WAN bearer network?
51 / 149
The safer , easier way to help you pass any IT exams.
A. DC-PE
B. BR-PE
C. BR-CE
D. WAN-P
Answer: C
211.For the following Python code, which description is incorrect?
A. The HTTP request data (message body) is encoded in XML format
B. There are two header fields in the HTTP request, 'Content-Type': 'application/json' and 'Accept':
'application/json'
C. This code implements the sending of HTTP request messages, and the request method is POST
D. The Python code imports the requests library to implement the interaction process of the HTTP
protocol
Answer: A
212.Which of the following is not a principle that needs to be followed when designing an SR-MPLS Policy
tunnel?
A. The traffic of a single tunnel should not be too large to facilitate the progress of bandwidth tuning
B. The service traffic is associated with the tunnel to achieve a certain degree of path visibility
C. Increase the number of tunnels as much as possible. The more tunnels there are, the more refined the
service isolation and service quality can be guaranteed.
D. Consider possible future network expansion
Answer: B
52 / 149
The safer , easier way to help you pass any IT exams.
213.The home broadband service requirements of an operator are as follows: the maximum downlink
bandwidth of the broadband is 100M when it is idle, and the guaranteed downlink available bandwidth is
50M when it is busy. The home broadband service needs to bear the home IP telephone service in
addition to the home Internet service.
Which of the following configurations best matches the business requirement?
A. qos car inbound cir 100000
B. qos car inbound cir 100000 pir 50000
C. qos car inbound cir 50000 pir 100000
D. qos gts cir 100000
Answer: C
214.Assume that the neighbor relationship between BGP routers has been established successfully, and
the configuration on R1 is as shown in the figure.
Which router can the routing entry 10.10.10.0/24 advertised by R1 be delivered to the farthest?
A. R2
B. R1
C. R4
D. R3
Answer: D
215.The number of tunnels established in Huawei SD-WAN solution can be controlled through specific
parameters.
53 / 149
The safer , easier way to help you pass any IT exams.
A network topology is shown in the figure. How many trails can be established in this topology?
A.3
B.4
C.2
D.1
Answer: B
216.According to the configuration information shown in the figure, it can be inferred that how many
interfaces on R4 that are advertised into ISIS?
A. 3
B. 1
C. 0
D. 2
Answer: A
217.In the virtualized campus network scenario deployed by iMaster NCE-Campus, which of the following
descriptions about the access management configuration is wrong?
A. When creating a user authentication template, a template can only contain one authentication method
B. Before creating a user authentication template, you need to create a server template
C. iMaster NCE-Campus can be used as RADIUS server or Portal server
D. The authentication template bound to the wired and wireless access points needs to be specified in the
access management of the Fabric
Answer: A
54 / 149
The safer , easier way to help you pass any IT exams.
218.An engineer uses two routers to test IPv6 services, and simulates the interconnection between the
headquarters and branches by running BGP4+.
As shown in the figure, an engineer captures packets to view the Update packets sent by R1.
Which of the following descriptions about the message information is correct?
A. This packet describes the currently withdrawn IPv6 route
B. The next hop address of the route described in this packet is: 2001:db8:2345:1::1
C. The route described in this packet may be imported through import
D. The routing address prefix and prefix length described in this packet are: 2001:db8:2345:1::1/128
Answer: D
219.Which of the following descriptions about the SP scheduling algorithm is wrong?
A. SP scheduling algorithm prioritizes queues with high priority
B. When using the SP scheduling algorithm to schedule multiple low-priority queues, the packets that
enter the queue first will be forwarded first
C. In order to ensure the quality of key services, the service can be scheduled through the SP algorithm,
and the minimum bandwidth can be set
D. When using the SP scheduling algorithm, if the high priority occupies a lot of bandwidth, it may cause
the low priority queue to death
Answer: B
220.In the firewall dual-system hot backup scenario, each firewall has a VGMP group. By default, which
of the following working states is the VGMP group in?
A. Standy
B. Initialize
C. Active
D. Load Balance
Answer: C
221.In the design of small and medium-sized campus network, when mutual visits are required between
branches and the number of branches is large (over 100), which of the following interconnection
networking models is recommended?
A. Partial-Mesh networking
B. Hub-Spoke Networking
55 / 149
The safer , easier way to help you pass any IT exams.
C. Direct networking
D. Full-Mesh networking
Answer: D
222.Which of the following descriptions about configuring authentication templates is correct?
A. Under the same interface of the same device, all authentications can only be configured with the same
default domain or mandatory domain
B. When multiple access profiles are bound to the authentication profile, the order of triggering
authentication is 802.1X-->Portal-->MAC
C. If the user's mandatory domain is configured, the user will be forced to authenticate in the mandatory
domain regardless of whether the user name carries the domain name or not.
D. The domain that the user accesses by default is the default domain, which cannot be modified by
commands
Answer: C
223.In the VXLAN implementation, which of the following is the mapping relationship between VNI and
BD?
A. 1:1
B. N: 1
C. 1: N
D. N: M
Answer: A
224.Configure ISIS IPv6 cost 50 under the interface, which of the following is the meaning of this
command?
A. The IS-IS IPv6 Level-1 cost of the interface is 50
B. The IS-IS IPv6 Level-1 and Level-2 costs of the interface are both 50
C. The IS-IS IPv6 Level-2 cost of the interface is 50
D. The IS-IS IPv6 Level-1 and Level-2 costs of the interface are both 60
Answer: B
225.Which of the following MPLS L3VPN cross-domain solutions needs to transmit VPNv4 routes
between ASBR?
A. Option D
B. Option B
C. Option A
D. Option C
Answer: B
226.After configuring the VLAN-based MAC address flapping detection function, if the MAC address flaps,
you can configure the actions of the interface as required. Which of the following is NOT a configurable
action?
A. Interface blocking
B. Send an alert
56 / 149
The safer , easier way to help you pass any IT exams.
C. Traffic filtering
D. MAC address blocking
Answer: C
227.The value range of DSCP is 0~63, some of which have proper names.
Which of the following DSCP values represent EF?
A. 46
B. 30
C. 22
D. 38
Answer: A
228.The network administrator executes the display current-configuration command to obtain the
configuration file of the device when troubleshooting MSTP faults. In the following description of the
troubleshooting ideas, which one is the wrong?
A. Check the port configuration to check whether the MSTP-enabled port is enabled with the protocol
packet sending command. Such as bpdu enable
B. Whether the MSTP port connected to the user terminal device is disabled or configured as an edge
port
C. Check whether the device port is added to the correct VLAN
D. No matter whether BPDU Tunnel is configured on the device, it will not affect MSTP
Answer: D
229.All routers in a network enable the OSPF-based SR-MPLS function. The SRGB of each router is as
shown in the figure. By default, when R2 forwards a packet whose destination address is 10.0.4.4, which
of the following MPLS labels are carried?
A. 100
B. 40100
C. 30100
D. 3
Answer: B
230.Python Paramiko implements the SSH protocol. In the Python Paramiko module, which of the
following classes is used to create an SFTP session connection and perform remote file operations?
A. Channel class
B. SFTP Client class
C. Packetizer class
D. Transport class
Answer: B
57 / 149
The safer , easier way to help you pass any IT exams.
231.Which of the following statements about MP-BGP is wrong?
A. When the PE and CE exchange routes through BGP, a BGP process needs to be created on the CE
for each VPN instance
B. MP-BGP advertises VPNv4 routes through MP_REACHNLRI and MP_UREACH NLRI attributes
C. MP-BGP needs to assign private network labels to VPNv4 routes
D. The packet types and VPNv4 route advertisement policies of MP-BGP are the same as those of BGP-4
Answer: A
232.As shown in the figure, the OSPF protocol is running between CE and PE. When CE1 advertises the
route of this site to CE2, which one of the following descriptions is wrong?
A. When PE2 receives the BGP route sent from PE1 with the same Domain ID as the local one, for Type3
LSA, PE2 will generate Type5 LSA
B. The Domain ID configured on PE1 can be used as the BGP extension community attribute and sent to
PE2 along with the route
C. When PE2 receives a BGP route from PE1 with a different Domain ID from the local one, PE2 will
generate Type5 LSA or Type7 LSA for all LSA
D. When PE2 receives the BGP route sent by PE1 and carries the same Domain ID as the local one, for
Type1 LSA and Type2 LSA, PE2 will generate Type3 LSA
Answer: A
233.As shown in the figure is the output information of a network engineer when troubleshooting OSPF
faults. Based on this, which of the following reasons may cause the adjacency relationship to fail to be
established normally?
A. Inconsistency between Hello messages sent
58 / 149
The safer , easier way to help you pass any IT exams.
B. Inconsistent authentication passwords
C. The IP address mask of the interface is inconsistent
D. Inconsistent area types
Answer: C
234.As shown in the figure, the OSPF protocol is enabled on all interfaces of the router, the cost value of
the link is marked in the figure, and the Loopback0 interface of R2 is advertised in area 1.
Based on this, which one of the following is the cost of R1 reaching 10.0.2.2/32?
A. 50
B. 150
C. 200
D. 100
Answer: C
235.In the large and medium-sized virtualized campus network scenario, which of the following
descriptions about the security design of the campus network egress is wrong?
A. Special security devices such as firewalls and intrusion prevention systems can be deployed, and
routers with security functions can also be deployed
B. The exit area can deploy security policies and intrusion prevention to prevent illegal access and attacks
C. Anti-virus and URL filtering can be deployed in the exit area to realize virus detection and URL access
control
D. Security zone division is required, and the Trust zone is usually used to define the zone where the
servers that provide services are located.
Answer: D
236.Which of the following descriptions about Underlay in VXLAN virtualized campus applications is
wrong?
A. The virtualized campus solution uses VXLAN technology and uses MAC in UDP encapsulation to
virtualize a layer of logical network on the traditional IP network
B. When using iMaster NCE-Campus to realize automatic arrangement of two routing domains underlay,
only OSPF routing protocol is supported
C. When using astor NCE-Campus to realize the automatic arrangement of the routing domain of the
underlay network, only the single-area deployment of the routing protocol is supported
59 / 149
The safer , easier way to help you pass any IT exams.
D. Underlay achieves IP reachability with the same network, so that service packets encapsulated by
VXLAN can communicate with each other between VTEP nodes
Answer: C
237.Which of the following is the three-layer logical interface used to implement different VXLAN virtual
network communication on the XLAN L3 Gateway?
A. VBDIF interface
B. Layer 2 sub-interface
C. VLANIF interface
D. NVE interface
Answer: A
238.In the virtual campus network scenario deployed through iMaster NCE-campus, which of the
following statements about "adding devices" is wrong?
A. iMaster NCE-campus supports adding devices in batches
B. iMaster NCE-campus supports adding devices through device roles
C. iMaster NCE-campus supports adding devices through device ESN
D. iMaster NCE-campus supports adding devices by device type
Answer: B
239.When a wireless user passes Portal authentication, which of the following parameters is not
supported to authorize the user?
A. free-rule
B. UCL
C. IP address
D. ACL
Answer: A
240.Which of the following descriptions about the GRE security mechanism is wrong?
A. A GRE tunnel can be established only when the identification keywords set at both ends of the tunnel
are exactly the same
B. If the checksum is configured on the local end but not on the peer end, the local end will not check the
checksum of the received packets, but will check the sent packets.
C. If the key word is configured on the local end of the tunnel but not on the opposite end, the tunnel can
normally forward user packets
D. If the local end is configured with a checksum and the opposite end is configured, the local end checks
the checksum of the packets sent from the opposite end, and does not check the checksum of the sent
packets.
Answer: C
241.Network information collection is a prerequisite for network tuning, including network topology and
interface bandwidth collection, link delay collection, and traffic statistics collection. Which of the following
technologies cannot be used for volume statistics collection?
A. Telemetry
60 / 149
The safer , easier way to help you pass any IT exams.
B. PCEP
C. Netstream
D. SNMP
Answer: B
242.Which of the following technologies does not support SR-MPLS?
A. BGP
B. IS-IS
C. LDP
D. OSPF
Answer: C
243.Which of the following is correct about the meaning of the display current-configuration | include vlan
command?
A. View all configurations that contain the "VLAN" keyword
B. View the IP address of the VLANIF interface
C. View information about physical interfaces bound to each VLAN
D. Check which VLANs are currently created
Answer: A
244.Which of the following statements about VXLAN capabilities is true?
A. VXLAN uses MAC in UDP encapsulation mode.
B. VXLAN is essentially a VPN technology that can be used to build a Layer 2 virtual network over any
network with reachable routes. The VXLAN gateway is used to implement communication within the
VXLAN network and between the VXLAN network and non-VXLAN network.
C. VXLAN is a Layer 2 tunneling technology and cannot implement Layer 3 communication.
D. When using VXLAN on the network, all intermediate devices on the VXLAN channel must support
VXLAN.
Answer: A
245.In the Huawei CloudCampus solution, which of the following onboarding modes does APs support?
A. CloudCampus Application
B. Registration Center Inquiry
C. Network System
D. CLI
Answer: A
246.In a broadcast network, if the DR priority of the interconnecting interface of two routers is both set to 0,
which state will the OSPF neighbor stay in?
A. DOWN
B. Exchange
C.Full
D. 2-way
Answer: D
61 / 149
The safer , easier way to help you pass any IT exams.
247.Assume that the SRH of an SRv6 packet has five segment IDs. When a packet is sent from the third
endpoint, which segment ID will the node use as the IPv6 destination address?
A. 5
B. 3
C. 2
D. 1
Answer: B
248.The Huawei Open Programmable System (OPS) uses HTTP methods to access managed objects to
manage network devices. To facilitate script compilation, Huawei OPS provides Python script templates.
In a Python script template, what are the contents of the Content type and Accept fields in the HTTP
request packet header?
A. text/xml, text/json
B. text/xml, text/xsml
C. text/json, text/json
D. text/json, text/xml
Answer: B
249.Which of the following fields represents the MIME type of the data in the HTTP request header?
A. MIME-Type
B. Content-Type
C. Data-Type
D. Referer
Answer: B
250.Huawei's Open Programmable System (OPS) provides openness and programmability for network
equipment, and users can carry out secondary development to realize customized functions.
Which of the following commands can be used to view information about OPS scripts installed on network
devices?
A. display ops script
B. display ops file
C. check ops script
D. check ops file
Answer: A
251.During the implementation of iMaster NCE Campus Wi-Fi Location Service (LBS), terminal location
data is sent to the LBS platform through HTTP requests.
Which of the following methods is used in this HTTP request?
A. GET
B. PUT
C. POST
D. DELETE
Answer: A
62 / 149
The safer , easier way to help you pass any IT exams.
252.Which of the following scenarios is the SD-WAN solution suitable for?
A. Enterprise branch interconnection
B. Internal interconnection of enterprise data center network
C. Enterprise Campus Wireless Network Deployment
Answer: A
253.When running OSPFv3 on a Huawei router, the OSPFv3 process will automatically select an
interface address as the router ID of the process.
A. True
B. False
Answer: B
254.OSPFv3 adopts the same route advertisement method as OSPFv2: advertise through the network
command in the OSPFv3 area view
A. True
B. False
Answer: B
255.What are the key components of jointly building an IP WAN bearer network solution with Huawei
NetEngine smart routers?
A. iMaster NCE-Fabric
B. iMaster NCE-IP
C. iMaster NCE-Campus
D. iMaster NCE-WAN
Answer: D
256.As shown in the figure, a campus has deployed IPv6 for service testing, and there are 4 routers in the
network. Run OSPFV3 to realize network interconnection.
Which of the following statements is false about the LSA generated by this OSPFV3 network?
A. R1 will generate Router-LSA to describe the device interface information, and will also receive
Router-LSA generated by R2 and R3
63 / 149
The safer , easier way to help you pass any IT exams.
B. There is a Network LSA generated by R3 in the LSDB of R1, indicating that R3 may be the DR of this
link
C. R1 will receive 2 Link-LSAs generated by R2, describing the information of the two links connected by
R2 respectively
D. As an ABR, R2 will generate an Inter-Area-Prefix-LSA describing the IPv6 address prefix of Area 1 and
advertise it to R1 and R3
Answer: C
257.Which of the following is not a preliminary preparation for the cutover plan?
A. Field Defence
B. Cutover target
C. Existing network root description
D. Risk Assessment
Answer: A
258.The dynamic IP address assigned to the client by the DHCP server. Usually there is a certain rental
period, so which is wrong description of the rental period?
A. The lease renewal timer is 50% of the total lease period. When the "lease renewal timer" expires, the
DHCP client must perform an HP-only renewal
B. The rebinding timer is 87.5% of the total lease period
C. If the "rebinding timer" expires but the client has not received a response from the server, it will always
send a DHCPREQUEST message to the DHCP server that has previously assigned an IP address until
the total lease expires
D. During the lease period, if the client receives an OHCP NAK message, the client will immediately stop
using this IP address and return to the initialization state, and Kangxin will apply for a new IP address
Answer: C
259.In a VXLAN campus network, which of the following resources can a virtual network call? (Multiple
Choice)
A. External network
B. Wired Access Port and/or Wireless Access Point
C. End user IP address segment, VANL belonging to the VN
D. Web Services Resources
Answer: ABCD
260.If SRv6 is deployed in a wide area bearer network, which of the following technologies are required?
(Multiple Choice)
A. BGP
B. MPLS
C. IGP
D. BGP-LU
Answer: ACD
64 / 149
The safer , easier way to help you pass any IT exams.
261.The naming of SRv6 instructions follows certain rules, and the function of the instruction can be
quickly judged from the naming combination.
Which of the following descriptions of keywords in SRv6 directive names are correct? (Multiple Choice)
A. M: Query the Layer 2 forwarding table for unicast forwarding
B. X: Specify one or a group of Layer 3 interfaces to forward packets
C. T: Query the routing table and forward the packet
D. V: Look-up table forwarding according to the VPN instance routing table
Answer: BC
262.The Telemetry network model is divided into two types: generalized and chivalrous. What horizontal
blocks are included in generalized Telemetry? (Multiple Choice)
A. Controller
B. Analyzer
C. Equipment
D. Collector
Answer: ABCD
263.The SSH connection protocol multiplexes encrypted session connections into several logical
channels. What types of logical channels can be created based on an SSH session connection? (Multiple
Choice)
A. TCP/IP forwarding channel
B. X11 channel
C. SFTP channel
D. Session channel
Answer: ABD
264.Which of the following are commonly used techniques for the differentiated service model? (Multiple
Choice)
A. Congestion management techniques
B. Flow rate limiting technology
C. WAN Acceleration Technology
D. Congestion Free Technology
Answer: ABD
265.In MPLS VPN, in order to distinguish IPv4 prefixes that use the same address space, the RD value is
added to the IPv4 address. Which of the following statements about RD is correct? (Multiple Choice)
A. On a PE device, each VPN instance corresponds to an RD value. On the same PE device, the RD
value must be unique.
B. RD is encapsulated in the Update message as the extended community attribute of BGP during the
delivery process
C. RD can be used to control the publication of VPN routing information
D. After the PE receives the IPv4 route from the CE, it adds RD to the IPv4 route to convert it into a
globally unique VPN-IPv4 route, and publishes it on the public network
Answer: AD
65 / 149
The safer , easier way to help you pass any IT exams.
266.Which of the following statements about MPLS L3VPN cross-domain solutions are correct? (Multiple
Choice)
A. In the cross-domain potion B solution, ASBR does not need to bind an interface for each VPN instance
B. In the cross-domain potion C solution, two layers of MPLS labels are carried when forwarding user
data between ASBR
C. In the cross-domain potion A solution, MPLS must be enabled on the interfaces interconnected
between ASBRs
D. In the cross-domain potion C solution, VPNv4 routes can be directly transmitted between PEs in
different AS
Answer: ABD
267.Telemetry technology supports specific sampling sensor paths to collect specified data information.
What sampling paths does Telemetry currently support? (Multiple Choice)
A. CPU Information
B. Interface Statistics
C. Memory Information
D. Optical module information on the interface
Answer: ABCD
268.As shown in the figure, the MAC address table of a VXLAN L2 Gateway device is shown. Which of
the following description are correct? (Multiple Choice)
A. The outgoing interface of 5489-922d-77e2 is GE1/0/1.20 and its BD is 20. It can directly communicate
with 5489-9893-48a3 at Layer 2
B. 0000-0000-0010 and 5489-9893-48a3 are both in BD10, they belong to the same Layer 2 broadcast
domain
C. The MAC address entry with the outgoing interface 10.3.3.3 is learned from the remote VTEP through
the VXLAN tunnel
D. The outgoing interface of 5489-9893-48a3 is GE1/0/1.10, and its BD is 10
Answer: BD
269.The channelized sub-interface FlexE technology can be used to implement network slicing, but the
application scenarios of the two technologies are slightly different.
66 / 149
The safer , easier way to help you pass any IT exams.
Which of the following descriptions of these two technologies is correct? (Multiple Choice)
A. It is recommended to use channelized interface technology for resource reservation for interfaces
below 50GE
B. Only network slices based on channelized sub-interfaces can be deployed when cross-domain MSTP
devices are used in the network
C. Only network slicing based on FlexE technology can be deployed when TN devices are deployed in the
network
D. It is recommended to use FlexE technology for resource reservation on 50GE and above interfaces in
the network
Answer: ABD
270.As shown in the figure, R1 and R2 establish a GRE tunnel, and execute "Ping-a 10.1.1.1 10.3.1.1" on
R1. At this time, the description of the ICMP packet sent from the GE0/0/1 interface of R1, which is wrong?
(Multiple Choice)
A. The packet will be encapsulated with GRE, the source IP address of the inner IP header is 10.1.1.1,
and the destination IP address of the inner IP header is 10.0.12.2
B. The packet is not encapsulated by GRE, the source IP address is 10.0.12.1, and the destination IP
address is 10.0.12.2
C. The packet is not encapsulated by GRE, the source IP address is 10.1.1.1, and the destination IP
address is 10.3.1.1
D. The packet will be encapsulated with GRE, the source IP address of the outer IP header is 10.1.12.1,
and the destination IP address of the outer IP header is 10.3.1.1
Answer: ABCD
271.The following descriptions about IKEv1 are summarized, which items are correct? (Multiple Choice)
A. There are two negotiation modes in the first phase of IKE: Main Mode and Aggressive Mode
B. IKE Phase 2 negotiation to establish IPSec SA
C. The first phase of IKE negotiation to establish an IKE SA
D. There are two negotiation modes in the second phase of IKE, fast mode (Quick M de) and slow mode
Answer: AB
67 / 149
The safer , easier way to help you pass any IT exams.
272.Which of the following descriptions about the Portal protocol are correct? (Multiple Choice)
A. This protocol describes the protocol interaction between the Portal server and the access device, and
can be used to pass parameters such as username and password
B. The protocol adopts a client/server structure and operates based on UDP
C. The protocol supports CHAP and PAP authentication methods. Compared with PAP, CHAP has higher
security
D. The protocol packet uses TLV format to carry attribute information such as username, password, and
user MAC.
Answer: ABCD
273.View the information as shown in the figure through the command on VTEP1, which one of the
following descriptions is correct? (Multiple Choice)
A. The route must carry L3 VNI information when it is advertised to the outside world
B. This is an EVPN Type 5 route
C. This is an EVPN Type 3 route
D. The route carries both MAC information and host IP information
Answer: ACD
274.As shown in the figure, the network has a loop because STP is not enabled. Which of the following
phenomena may be caused? (Multiple Choice)
68 / 149
The safer , easier way to help you pass any IT exams.
A. MAC address table flapping
B. Host E can receive a large number of broadcast packets
C. Device CPU usage is too high
D. The device will have a loop alarm
Answer: ABCD
275.After completing the project investigation, in order to clarify the project cutover plan, what needs of
the customer for the network need to be understood? (Multiple Choice)
A. Packet Loss Rate
B. Bandwidth Utilization
C. New business carrying capacity
D. QS
Answer: BC
276.In the VXLAN scenario, in order to reduce the flooding of ARP packets between VTEP, which of the
following features can be enabled? (Multiple Choice)
A. Port isolation
B. Host Information Collection
C. APR broadcast suppression
D. Local APR Proxy
Answer: ACD
277.In a virtualized campus network scenario deployed through iMaster NCE-Campus, when creating a
Fabric network service resource, the parameter information that needs to be configured, including which
of the following? (Multiple Choice)
A. Interconnected Information
B. Server Type
C. Scene Selection
D. Server address
Answer: ACD
69 / 149
The safer , easier way to help you pass any IT exams.
278.A campus network deploys the Free Mobility function through iMaster NCE-Campu. Which of the
following information should the administrator pay attention to? (Multiple Choice)
A. Distribution of policies between groups
B. Definition of Security Groups
C. Selection of Policy Enforcement Points
D. Deployment of the Policy Control Matrix
Answer: ABCD
279.A router has the SRv6 function enabled and is configured as shown in the figure.
Which of the following descriptions about the configuration are correct? (Multiple Choice)
[Router-segment-routing ipv6] locator srv6_locator1 ipv6-prefix
2001:DB8:ABCD::64 static 32
A. The l cat r of this node is 2001:DB8:ABCD::
B. The static segment of the node occupies 32 bits
C. The dynamic segment of the node occupies 32 bits
D. The args field of the node occupies 32 bits
Answer: AD
280.The NETC NE content layer is the device configuration data. For the following NETC NEF information,
which description are correct? (Multiple Choice)
A. The configuration adopts the Huawei-YANG method
B. The configuration is to create VLAN 10 on the device
C. The configuration uses the NETCONF <edit-config> operation to load the configuration data into the
startup configuration library
D. <config> contains the "peration" attribute, which is a merge operation
Answer: ABCD
70 / 149
The safer , easier way to help you pass any IT exams.
281.The SSH server has been configured and correct. Which of the following Python codes can be run on
the SSH client to successfully establish an SSH connection (the private key file is id_rsa, which is in the
same path as the client station Python script)? (Multiple Choice)
A. import paramiko
Client-paramiko.client.SSHClient()
Client.connect(hostname='192.168.1.1', username='huawei', key filename='id_rsa')
B. import paramiko
Client-paramiko.client.SSHclient()
Client.connect(hostname='192.168.1.1', username='huawei', pkey='id_rsa)
C. import paramik
Client = paramik.Transp rt(('192.168.1.1', 22))
Client.connect(username='huawei', key_filename='id_rsa')
D. import paramiko
Key=paramiko.RSAKey.from_private_key_file('id_rsa')
Client = paramiko.Transport(('192.168.1.1', 22))
Client.connect(username='huawei', pkey=key))
Answer: BD
282.Engineers need to collect the running status of existing network equipment. Currently, there is a
Huawei CE12800 switch with an SSH server configured on the live network. The authentication method is
username and password authentication. The device information is IP address: 192.168.1.1, SSH
username: huawei, SSH password: 123456, and SSH slogan: 22.
Engineers need SSH to log in to the switch to check the memory usage of the device. Which of the
following Python codes can implement this function? (Multiple Choice)
A. import paramiko
Client = paramiko.client.SSHClient()
Client.connect(hostname='192.168.1.1', username='huawei', password='123456')
stdin, stdout, stderr = client.exec_command('display memory')
print(stdout)
Client.close()
B. import paramiko
Client = paramiko.Transport(('192.168, 1.1', 22)
Client.connect(username='huawei', password='123456')
Cli = client.inv ker_she11()
Cli.send('display memory\n')
Dis = clli.recv(999999).dec de()
Cli.cl se()
C. imp rt paramiko
Client = paramiko.Transp rt(('192.168.1.1', 22)
Client.connect(username='huawei', passw rd='123456')
stdin, stdout, stderr = client.exec_command('display memory')
Result=std ut.resd()
For line in result:
Print(line)
71 / 149
The safer , easier way to help you pass any IT exams.
Ssh.close()
D. import paramiko
Client = paramiko.client.SSHClient()
Client.connect(h stname='192.168.1.1', username='huawei', password='123456')
Cli = client.inv ker_she11()
Cli.send('display memory\n')
Dis = clli.recv(999999).dec de()
Print(dis)
Cli.close()
Answer: CD
283.There is a Linux SSH server on the existing network. The network administrator uses his own PC
SSH to log in to the server for the first time and receives the following information. Which of the following
descriptions are correct?
The authenticity of host'server (192.168.1.1) can't ba establfished.ECDSA key fingerprint is
53:b9:f9:30:67:ec:34:88:e8:bc:2a:a4:6f:3e :97:95.
Are you sure you want to continue conneacting? (Multiple Choice)
A. The client does not save the public key of the Linuk server
B. The prompt information can be skipped through the SSH method in the Python Paramik library,
set_missing_host_key_policy (WarningPolicy()
C. This prompt can be skipped by the SSH method in the Python Paramik library,
set_missing_host_key_policy(Aut AddPolicy())
D. The client does not save the private key of the Linux server
Answer: AC
284.Which of the following reasons may cause BGP neighbor relationship failure? (Multiple Choice)
A. The loopback interface is used to establish an EBGP neighbor without peer ebgp-max-hop configured
B. ACL filters TCP port 179
C. The peer connect-interface is not configured when establishing neighbors through the loopback port
D. Conflict of router ID of neighbors
Answer: ABCD
285.The network administrator wants to use AS-Path Filter to match the routing entries of BGP routing
ASP_PATH[100 200 300]. The network administrator sorts out the four configurations in the figure, which
configurations in the figure can meet the requirements of the network administrator? (Multiple Choice)
A. Method D
B. Method C
C. Method A
D. Method B
72 / 149
The safer , easier way to help you pass any IT exams.
Answer: ACD
286.Please judge according to the information given in the figure, which of the following descriptions are
correct? (Multiple Choice)
A. There is no IS-IS routing entry in R1's IP routing table
B. There are 6 routing entries generated by IS-IS in the IP routing table of R1
C. A route entry with prefix 172.16.1.4/32 exists on R1
D. R1 has no route entry to 172.16.1.4/32
Answer: BC
287.After the client passes 802.1X authentication, which of the following authorization information does
the RADIUS server support? (Multiple Choice)
A. VLAN
B. MAC
C. UCL group
D. ACL
Answer: ACD
288.Which of the following are the intelligent operation and maintenance functions supported by the
Huawei Cloud Campus Network Solution? (Multiple choice)
A. Based on big data + AI, providing predictive intelligent tuning capabilities
B. Based on Telemetry technology, monitor the network quality on the wireless side from three
dimensions: AP, radio, and user
C. Ability to analyze network failures based on individual and group problems
D. Visually monitor network quality through network health
Answer: ABCD
289.IPsec is not a separate protocol, but an open standard technical solution. Which of the following
protocols are included in the IPsec protocol framework? (Multiple choice)
A. PKI
B. AH
C. SSL
D. ESP
Answer: ABD
73 / 149
The safer , easier way to help you pass any IT exams.
290.All routers in a network enable the OSPF-based SR-MPLS TE function, as shown in the figure for the
network diagram of adjacency label assignment. Which of the following adjacency labels are assigned by
router P3? (Multiple choice)
A. 9003
B. 9005
C. 9006
D. 9002
Answer: CD
291.Which of the following descriptions about Prefix Segment and Adjacency Segment are correct?
(Multiple choice)
A. Prefix Segment is used to identify a destination address prefix in the network
B. Adjacency Segment is used to identify an adjacency in the network
C. Prefix SID is a local SID outside the SRGB range
D. Adjacency SID is the offset value within the SRGB range published by the source
Answer: AB
292.Taking the typical networking of "two places and three centers" as an example, which of the following
levels are generally divided into the WAN bearer network? (Multiple choice)
A. Control layer
B. Core layer
C. Aggregation layer
D. Access layer
Answer: BCD
293.What information carried in the packet does simple flow classification support setting the internal
priority of a packet based on? (Multiple choice)
74 / 149
The safer , easier way to help you pass any IT exams.
A. Traffic Class
B. Source or destination IP address
C. MPLS EXP
D. DSCP
Answer: CD
294.Which of the following functional parameter configuration errors will affect the establishment of BGP
neighbors? (Multiple choice)
A. BGP Certification
B. BGP GTSM
C. ebgp max hop
D. BGP route filtering
Answer: ABC
295.Which of the following descriptions about internal priority is wrong? (Multiple choice)
A. The highest internal priority level is EF
B. The highest internal priority level is CS7
C. All external priority garbage can be mapped one-to-one to internal priority
D. There are 8 levels of internal priority
Answer: AC
296.SR MPLS directly uses the forwarding plane of MPLS. Therefore, the MPLS function needs to be
enabled when deploying SR MPLS. When which of the following conditions are met, the interface will
automatically enable the MPLS function? (Multiple choice)
A. Enable Segment Routing in the global view
B. Configure the static adjacency label of the corresponding interface in the Segment Routing view
C. Enable Segment Routing on IGP and enable IGP on the interface
D. Configure SRGB under the IGP process
Answer: AD
297.An enterprise's wide-area bearer network needs to support IPv4 and IPv6 networks, and needs to
deploy SRv6, which of the following parameters need to be planned when planning the IP address of the
network? (Multiple choice)
A. IPv6 address
B. IPv4 address
C. SRv6 Locator
D. SRv6 Function
Answer: ABCD
298.In order to ensure the reliability of Huawei iMlater NCE-WAN controllers, active and standby
controllers can be deployed.
In order to ensure the access of the active and standby controllers, some IP addresses need to be
configured as the same IP. Which of the following addresses need to be configured as the same IP?
(Multiple choice)
75 / 149
The safer , easier way to help you pass any IT exams.
A. Southbound private address
B. Northbound address
C. The controller's southbound public network address
D. The Controller's internal interconnection address
Answer: BC
299.RR rules for advertising routes violate the rules of IBGP split horizon, so it may cause loops in the AS.
What routing attributes does RR use to prevent loops? (Multiple choice)
A. Cluster List
B. Originator ID
C. Nexthop
D. AS-PATH
Answer: AB
300.In a small and medium-sized cloud management campus network scenario based on HUAWEI
CLOUD campus network solution, which of the following devices are supported as Portal authentication
point devices? (Multiple choice)
A. FW
B. SW
C. AR
D. AP
Answer: ABCD
301.NETCONF can flexibly read and edit the configuration library, and realize the distribution, verification
and rollback of the overall configuration. Which of the following configuration libraries does NETCONF
support? (Multiple choice)
A. Startup configuration library <startup>
B. Running Configuration library <running>
C. Candidate configuration library <candidate>
D. Backup configuration library <backup>
Answer: ABC
302.A network runs SR-MPLS, and now R1 wants to access R7, and its label stack is as shown in the
figure.
Which of the following may be the path for R1 to access R7? (Multiple choice)
A. R1-R3-R5-R7
76 / 149
The safer , easier way to help you pass any IT exams.
B. R1-R2-R4-R6-R7
C. R1-R3-R5-R4-R7
D. R1-R2-R4-R5-R7
Answer: BD
303.In an SR-MPLS network, the manually configured Prefix SIDs on different devices may conflict with
labels.
If there are four routes (prefix/mask SID) as shown in the options, which of the following routes will be
preferred in the end according to the conflict handling principle? (Multiple choice)
A. 3.3.3.3/32 1
B. 1.1.1.1/32 2
C. 1.1.1.1/32 1
D. 2.2.2.2/32 3
Answer: CD
304.As shown in the figure, R1 and R2 establish a GRE tunnel. If it is required that the R1 device "Ping -a
10.1.1.1 10.3.1.1" can be successfully pinged, which of the following commands needs to be configured
on R1 or R2? (Multiple choice)
A. Configure the following command on R1, "ip route-static 10.3.1.1 255.255.255.255 10.0.12.2";
Configure the following command on R2, "ip route-static 10.1.1.1 255.255.255.255 Tunnel0/0/0"
B. Configure the following command on R1, "ip route-static 10.3.1.1 255.255.25.255 Tunnel0/0/0";
Configure the following command on R2, "ip route-static 10.1.1.1 255.255.255.255 Tunnel0/0/0"
C. Configure the following command on R1, "ip route-static 10.3.1.1 255.255.255.255 10.0.12.2";
Configure the following command on R2, "ip route-static 10.1.1.1 255.255.255.255 10.0.12.1"
D. Configure the following command on R1, "ip route-static 10.3.1.1 25.255.255.255 Turnel0/0/0";
Configure the following command on R2, "ip route-static 10.1.1.1 255.255.255.255 10.0.12.1"
Answer: ABCD
305.According to the information given in the figure, which of the following descriptions are correct?
(Multiple choice)
77 / 149
The safer , easier way to help you pass any IT exams.
A. R1 does not have routes for 3002::3/128 and 3002::4/128
B. If no routing policy about AS_Path is configured, then 3002::4/128 must not originate from AS 65001
C. If no routing policy about AS_Path is configured, then 3002::4/128 must originate from AS 65001
D. R1 has routes for 3002::3/128 and 3002::4/128
Answer: CD
306.ping -a X -c Y -s Z -vpn-instance M 10.5.16.2, which of the following descriptions of this command is
correct? (Multiple choice)
A. The ping packet belongs to VPN instance M
B. The ping sends Y ICMP requests
C. The source IP address of the ping packet is X
D. The ICMP request of the ping, the packet size is Z (excluding IP and ICMP headers)
Answer: ABCD
307.Which LSAs in OSPFv3 can be flooded within an area? (Multiple choice)
A. Link-LSA
B. Intra-Area-Prefix-LSA
C. Inter-Area-Router-LSA
D. Inter-Area-Prefix-LSA
Answer: BCD
308.Which of the following key technologies need to be used to implement SRv6 Policy based on the
HUAWEI CLOUD WAN solution architecture? (Multiple choice)
A. PCEP
B. NETCONF
C. BGP-LS
D. BGP IPv6 SR Policy
Answer: ACD
78 / 149
The safer , easier way to help you pass any IT exams.
309.Which of the following stages of the SSH session is encrypted transmission? (Multiple choice)
A. Version Negotiation Phase
B. User Authentication Phase
C. Key Exchange Phase
D. Session Interaction Phase
Answer: BCD
310.What are the risks in the communication process of the HTTP protocol? (Multiple choice)
A. Tampering: The third party can modify the content of communications
B. Eavesdropping: The third party can learn the content of communications
C. Losting: communication content may be lost with a small probability during transmission
D. Pretending: the third party can impersonate another person to participate in the communication
Answer: ABD
311.A campus has deployed IPv6 for service testing. There are 4 routers in the network, running OSFv3
to realize the interconnection of IPv6 networks. As shown in the figure, an engineer checked the LSDB of
R2 and intercepted one of the Link-LSAs.
Which of the following statements about the LSA is correct? (Multiple choice)
A. The LSA shows that R2 does not support external routing, but participates in IPv6 routing calculation
B. The link-local address of the R2 interface GE0/0/0 is: FE80::2E0:FCFF:FECD:4F79
C. The router that generated the LSA is R2
D. The IPv6 address prefix of the R2 interface GE0/0/0: 2001:DB8:2345:23::/64
Answer: BCD
312.Which of the following descriptions about the OSPFv3 packet format are correct? (Multiple choice)
A. There is no change in the option field of the Hello message
B. Removed Authentication, Auth Type fields
C. OSPF version number changed from 2 to 3
D. Hello packets no longer contain address information and carry Interface ID
Answer: BCD
313.In the HUAWEI CLOUD campus network solution, which of the following are the deployment
79 / 149
The safer , easier way to help you pass any IT exams.
methods supported by HUAWEI switches? (Multiple choice)
A. WEB interface
B. Based on DHCP Option148
C. Command Line Interface (CLI)
D. Huawei Registration and Inquiry Center
Answer: ABCD
314.According to the information given in the figure, which of the following descriptions are correct?
(Multiple choice)
A. R1 is IBGP neighbor with 3000:FDEA::3
B. The optimal outgoing interface for R1 to access 3000:FDEA::3 is GigabitEthernet0/0/1
C. R1 has a TCP connection with 3000:FDEA::3
D. R1 learned route 3002::3/128 through IBGP
Answer: ACD
315.Which of the following descriptions about 802.1X authentication are correct? (Multiple choice)
A. 802.1X authentication uses EAPoL (Extensible Authentication Protocol over LAN) to realize the
exchange of authentication information between the client, the device and the authentication server
B. EAPoL defines EAP encapsulation on a network using the IEEE 802.3 protocol, and EAPoW is
required to implement EAP encapsulation on a network using the IEEE 802.11 protocol
C. When using EAP relay mode, EAP packets are directly encapsulated into RADIUS packets (EAP over
RADIUS, referred to as EAPoR) by the network access device, and the network access device uses
EAPoR to perform authentication, authorization and accounting with the AAA server. fee
D. When the EAP termination method is used, the EAP packets are terminated at the network access
device and re-encapsulated into RADIUS packets. The standard RADIUS protocol is used to complete
authentication, authorization and accounting between the network access device and the AAA server.
Answer: ABC
80 / 149
The safer , easier way to help you pass any IT exams.
316.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, run the command
on the VTEP to view the BGP EVPN route, and see the route entry as shown in the figure. Which of the
following descriptions of these route entries are correct? (Multiple choice)
A. These route entries are all Type3 routes. which carries the VTEP IP address
B. These route entries are all Type2 routes. It carries the host IP information
C. These routing entries are all Type 3 routes. If the VTEP IP address carried in them is reachable with a
Layer 3 route, a VXLAN tunnel to the peer will be established.
D. These route entries are all Type3 routes. The local end will create a headend replication list after
receiving it
Answer: ACD
317.Which of the following descriptions about the security protocols used by IPsec are correct? (Multiple
choice)
A. The encryption range of ESP is the entire IP packet
B. ESP is an IP-based transport layer protocol with protocol number 50
C. Both AH and ESP support tunnel mode encapsulation
D. The integrity verification scope of AH is the entire IP packet
Answer: BCD
318.Network traffic optimization solves network congestion through a series of behaviors, which of the
following stages are mainly included? (Multiple choice)
A. Network bandwidth reservation
B. Network Information Collection
C. Network Traffic Tuning Calculations
D. Delivery of tuning results
Answer: ABCD
319.Which of the following descriptions about HTTP messages are correct? (Multiple choice)
A. The body of the HTTP response message is the data that the web server wants to return to the client
B. Header fields are used to supplement additional information about HTTP requests and responses
C. The start line is used to describe the execution result in the HTTP request message, and the operation
to be performed is described in the response message
D. The body of the HTTP request message is the data that the client wants to send to the Web server
Answer: ABCD
81 / 149
The safer , easier way to help you pass any IT exams.
320.Which of the following descriptions about the forwarding of the Ingress node in the MPLS forwarding
process are correct? (Multiple choice)
A. Find the corresponding NHLFE entry according to the Turn1 ID of the ILM table, and associate the
LFIB entry with the NHLFE entry
B. View the NELFE entry, you can get the outgoing interface, next hop, outgoing label and label operation
type, the label operation type is Push
C. After the Ingress node receives the data packet, it will first check the ILM table to find the Tunnel ID
D. Press the obtained label into the IP packet, process EXP according to the QoS policy, and process the
TTL at the same time, and then send the encapsulated MPLS packet to the next hop
Answer: BD
321.Which of the following descriptions about the REST software architecture design concepts and
principles are correct? (Multiple choice)
A. Each resource has a unique resource identifier, and operations on the resource will not change these
identifiers
B. All operations are stateless
C. Everything on the web can be abstracted as resources
D. Use standard methods to operate resources, the core operations are GET, PUI, POST, DELETE
defined by the HTTP specification
Answer: CD
322.Configuring DHCP Snooping can be used to prevent spoofing attacks. Which of the following steps
should be included in the configuration process? (Multiple choice)
A. Enable the global DAI Snooping function
B. Enable the global DHCP function
C. Enable DHCP Snooping on an interface or VLAN
D. Configure the interface trust state
Answer: ABCD
323.Which of the following descriptions about the multicast addresses used by OSFFv3 are correct?
(Multiple choice)
A. The DR router uses FF08::6
B. The DR router uses FF2::6
C. All OSFF Routers use FF02::5
D. All OSPF Routers use FF08:5
Answer: BC
324.A network administrator wants to use ACLs to match specific routing entries. Which of the following
routing entries will be matched by the ACL rules in the figure? (Multiple choice)
82 / 149
The safer , easier way to help you pass any IT exams.
A. 10.0.0.0/24
B. 10.0.2.0/24
C. 10.0.0.1/32
D. 10.0.1.0/24
Answer: AB
325.The following figure shows the MPLS VPN cross-domain Option C solution. In the scenario where RR
exists within the domain, if Option C mode 1 is used, which of the following descriptions about the
neighbor relationship between devices are correct? (Multiple choice)
A. Establish a unicast BGP neighbor relationship between RR1 and RR2
B. Establish a VPNv4 neighbor relationship and a unicast BGP neighbor relationship simultaneously
between PE1 and RR1
C. Establish a VPNv4 neighbor relationship between RR1 and RR2
D. Establish a VPNv4 neighbor relationship and a unicast BGP neighbor relationship between ASBR1
and ASBR2 at the same time
Answer: BC
326.The Discovery message of LDP is used for neighbor discovery, and LDP has different discovery
mechanisms when discovering neighbors, so which of the following descriptions of the Discovery
message in the discovery mechanism are correct? (Multiple choice)
A. This message is encapsulated in a UDP packet, and the destination port number is 646
B. The destination IP address of the message is the multicast IP address 224.0.0.2
C. After the TCP connection is established, the LSR does not continue to send Hello Message
D. The message is sent to the specified LDP Peer
Answer: AB
327.A campus deploys the OSPF protocol to achieve network interoperability, and the LSDB information
of R2 is shown in the figure.
83 / 149
The safer , easier way to help you pass any IT exams.
Which of the following information from this LSDB is correct? (Multiple choice)
A. R2 delivers the default route in the OSPF process
B. R2 converts the default route of Type7 LSA to the default route of Type5 LSA
C. There is no Type3 LSA in Area1, it may be that R2 has filtered the Type3 LSA in the outbound direction
of Area1
D. Area1 is the NSSA area
Answer: AD
328.In the VXLAN scenario, in order to reduce the flooding of ARP packets between VTEPs. Which of the
following features can be enabled? (Multiple choice)
A. ARP broadcast suppression
B. Host Information Collection
C. Local ARP proxy
D. Port isolation
Answer: ABC
84 / 149
The safer , easier way to help you pass any IT exams.
329.Which of the following reasons may cause OSPF neighbors to fail to reach the Full state? (Multiple
choice)
A. The router IDs of the neighbors are the same
B. The link works abnormally
C. The OSPF network types at both ends of the link are inconsistent
D. Interface OSPF MTU configuration are different
Answer: ABCD
330.Which of the following reasons may cause IS-IS neighbor relationship failure? (Multiple choice)
A. The IP addresses of the interfaces at both ends of the storage route are not in the same network
segment
B. The devices on both ends of the link are configured with the same System ID
C. The IS-IS Levels at both ends of the link do not match
D. When an interface establishes an IS-IS Level-1 neighbor relationship, the area numbers of the devices
at both ends of the link do not match.
Answer: BCD
331.Which of the following Commmity attributes can ensure that the propagation scope of EGP routing
entries is only within the AS? (Multiple choice)
A. No_Export_Subconfed
B. No_Export
C. Internet
D. No_Advertise
Answer: AB
332.In an intra-domain MPLS VPN network, when a data packet enters the public network and is
forwarded, it will be encapsulated with two layers of MPLS labels.
Which of the following descriptions about the two-layer label is wrong? (Multiple choice)
A. The outer label is used to correctly send the data packet to the corresponding VPN on the PE device
B. The outer label of MPLS VPN is assigned by LDP or statically, and the inner label is assigned by the
MP-BGP neighbor of the opposite end
C. By default, the outer label is popped before the packet is forwarded to the last hop device
D. The outer label of MPLS VPN is called the private network label, and the inner label is called the public
network label
Answer: AD
333.When configuring an SFTP server on Huawei devices, which of the following commands are not
required (the server uses user Name and password authentication, user name: huawei, password:
123456)? (Multiple choice)
A. [Server] ssh user huawei authentication-type rsa
B. [Server] ssh server enable
C. [Server] aaa
[Server-aaa] local-user huawei password irreversible-cipher 123456
[Server-aaa] 1ocal-user huawei user-group manage-ug
85 / 149
The safer , easier way to help you pass any IT exams.
[Server-aaa] 1ocal-user huawei service-type ssh
[Server-aaa] quit
D. [Server] sftp server enable
Answer: AB
334.Which of the following technologies may be used to improve the reliability of the bearer network?
(Multiple choice)
A. BFD/SBFD
B. PIM-SM
C. Anycast FRR
D. Mirror SID
Answer: ACD
335.In which of the following ways can traffic be introduced into the SR-MPLS TE tunnel? (Multiple
choice)
A. In the execution statement of policy routing, use the SR-MPLS TE tunnel interface as the outgoing
interface
B. Use the SR-MPLS TE tunnel as a logical link to participate in IGP routing calculation
C. By configuring the tunnel policy
D. By configuring a static route, specify the outgoing interface of the static route as the tunnel interface of
SR-MPLS TE
Answer: ABCD
336.In the Huawei SD-WAN solution, which of the following items are included in the information
transmitted using EVPN? (Multiple choice)
A. IPsec SA Information
B. NAT Configuration information
C. TNP routing
D. Business Routing
Answer: ACD
337.A company consists of a head office and two branch offices, and uses MPLS VPN technology to
transmit private network routes. In the Hub&Spoke networking mode, branch offices can only send and
receive routes to and from the head office, and branch offices cannot directly send and receive routes to
each other.
Which of the following RT setup schemes can achieve the above requirements? (Multiple choice)
A. Head Office
Import Target: 12:3 Export Target: 3:12 Branch 1:
Import Target: 3:12 Export Target: 12:3 Branch 2:
Import Target: 3:12 Export Target: 12:3
B. Head Office:
Import Target: 1:1, 2:2 Export Target: 3:3
Branch 1:
Import Target: 3:3 Export Target: 1:1 Branch 2:
86 / 149
The safer , easier way to help you pass any IT exams.
Import Target: 3:3 Export Target: 2:2
C. head office
Import Target: 1:1 Export Target: 3:3 Branch 1:
Import Target: 3:3 Export Target: 1:1 Branch 2:
Import Target: 3:3 Export Target: 2:2
D. Head Office:
Import Target: 2:2 Export Target: 3:3 Branch 1:
Import Target: 3:3 Export Target: 1:1 Branch 2:
Import Target: 3:3 Export Target: 2:2
Answer: AB
338.As shown in the figure, if you want to realize that the network does not allow users to access the
network through statically configured IP addresses, which of the following solutions can be used?
(Multiple choice)
A. DAI+IPSG
B. DHCP Snooping+IPSG
C. DAI+Port Security
D. DHCP Snooping+DAI
Answer: BC
339.A campus network deploys two virtual networks through iMaster NCE-Campus: the R&D VN and the
market VN. The R&D personnel belong to the R&D security group and access the R&D VN, and the sales
personnel belong to the sales security group and access the market VN.
87 / 149
The safer , easier way to help you pass any IT exams.
Now the campus network requires R&D personnel and sales personnel to be able to achieve mutual visits.
For the realization of mutual visit requirements, which of the following tasks should network administrators
complete? (Multiple choice)
A. Deploying an external network
B. Configuring VN Interworking
C. Deployment Policy Control Matrix
D. Configure network service resources
Answer: BC
340.In the accompanying business, which of the following descriptions of authentication points and policy
enforcement points are correct? (Multiple choice)
A. The authentication point device will execute the policy according to the source/destination security
group corresponding to the source/destination IP address of the traffic
B. Authentication point and policy enforcement point can be different devices
C. Authentication point and policy enforcement point must be unified
D. The policy enforcement point is responsible for enforcing inter-group policies based on security groups
Answer: BD
341.As shown in the figure, a VP-BCP neighbor relationship is established between PE1 and PE2 through
the Loopback0 interface. After the configuration is complete, it is found that CE1 and CE2 cannot learn
routes from each other. Which of the following items will cause this problem? (Multiple choice)
A. The PH instance parameters on PE1 or PE2 are incorrectly configured
B. Misconfiguration of routing protocols between PE1 or PE2 and their respective CEs
C. The LSP tunnel between PE1 and PE2 is not established
D. PE1 or PE2 does not have neighbors enabled in the BGP-VPv4 unicast address family view
Answer: ABC
342.As shown in the figure, RI, R, R3, and R4 all belong to OSP area 0, and the cost value of the link is
listed in the figure. The LoopbackO interfaces of R1, R2, R3, and R4 have been advertised into OSPF. R1,
R2, R3, and R4 use Loopback0 as the connection interface to establish an IBGP peer relationship. R1,
R2, and R3 are clients of R4. The directly connected network segment 172.20.1.4/32 of R4 has been
advertised into the BGP protocol.
88 / 149
The safer , easier way to help you pass any IT exams.
Judging from the above information, regarding the traffic trend of R1 accessing 172.20.1.4/32, which of
the following descriptions are correct? (Multiple choice)
A. If R3 is configured with Stub router on-startup, packets will be lost when R3 is powered off, and no
packets will be lost during R3 startup.
B. The preferred route is R1-R2-R4
C. During the two processes of power failure and startup of R3, there will be packet loss
D. The preferred route is R1-R3-R4
Answer: AD
343.A campus has deployed IPv6 for service testing. There are 4 routers (R1, R2, R3, and R4) in the
network, running OSPFv3 to realize the interconnection of IPv6 networks. A new router R5 needs to be
connected to the network for testing. An engineer introduces a direct route into the OSPFv3 process of R4
to enable devices in the campus network to access the CE0/0/1 port address of R5.
Which of the following statements about the scene is correct? (Multiple choice)
A. R2 will generate a Type4 LSA and only flood in Area 0
B. R4 will generate a Type5 LSA and only flood in Area 1
C. R2 will generate a Type4 LSA describing the Router ID of R4
D. R4 will generate a Type5 LSA describing the imported IPv6 routing prefix
Answer: ACD
344.Which of the following items does the Huawei Cloud Campus Network Solution include? (Multiple
choice)
A. NetEngine AR series routers
B. iMaster NCE-Carpus
C. CloudEngine S-Series Switches
D. iMaster NCE-CampusInsight
Answer: ABCD
345.In the campus network, which of the following problems exist when creating static VXLAN tunnels
manually? (Multiple choice)
A. Static VXLAN tunnels also use related protocols on the control plane. Will cause equipment resource
consumption
B. N devices establish static VXLAN tunnels. Then, at most N (N-1)/2 tunnels need to be manually
configured, and the amount of configuration is large.
C. VTEP can only rely on data flooding to learn the remote MAC address
89 / 149
The safer , easier way to help you pass any IT exams.
D. Although the static VXLAN tunnel mode can support distributed gateway application scenarios, the
configuration workload is large and the configuration adjustment is complicated
Answer: BC
346.As shown in the figure, 802.1X authentication is deployed on GE0/0/1 of ST2. Which of the following
descriptions are correct? (Multiple choice)
A. Assuming that SW2 adopts interface-based access control and 802.1x client A passes the
authentication first, if 802.1x client A goes down first, then 802.1x client B will lose the corresponding
network access rights
B. When using interface-based access control, assuming that 802.1X client A is successfully
authenticated, then 802.1X client B can use network resources without authentication
C. When MAC address-based access control is used, both 802.1.x authentication client A and 802.1.x
authentication client B need to be authenticated separately to obtain the corresponding network access
rights
D. Assuming that SW2 adopts MAC-based access control and 802.1X client A passes the authentication
first, if 802.1X client A goes offline first, since the port status has not changed, 802.1X client B will
continue Retain appropriate network access rights
Answer: BCD
347.Which of the following descriptions about the authentication protocol used in the Portal authentication
process are correct? (Multiple choice)
A. When the HTTP/HTTPS protocol is used as the authentication protocol, all devices involved in the
authentication process do not need to support the Portal protocol
B. When the Portal protocol is used as the authentication protocol, the Portal server and access device
only need to support the Portal protocol, and do not need to support the HTTP/HTTPS protocol
C. When the Portal protocol is used as the authentication protocol, the Portal server needs to exchange
authentication information with the access device, and then the access device sends this part of the
information to the authentication server for identity authentication
D. When using HTTP/HTTPS to access the device, the access device sends this part of the information to
the authentication server for identity authentication
Answer: BC
90 / 149
The safer , easier way to help you pass any IT exams.
348.Network tuning calculation is to select an appropriate tuning purpose, apply a corresponding
algorithm, and globally or locally compute an optimized path.
Which of the following constraints can the controller take when calculating the path? (Multiple choice)
A. Explicit path
B. Hop count
C. Priority
D. Bandwidth
Answer: ACD
349.Considering the dimensions of transformation cost, technological advancement and the scope of
impact of transformation, which of the following principles should be followed during IPv6 transformation?
(Multiple choice)
A. Select an appropriate IPv6 upgrade and evolution plan from a global perspective, make reasonable
use of the old, and avoid wasting assets
B. Deploy a dual-stack network to achieve long-term coexistence of IPv4 and IPv6 networks
C. Ensure that existing users are unaware and service migration is smooth
D. Build an advanced next-generation enterprise IPv6 network system architecture to fully support the
long-term development and stable operation of enterprise business systems, and avoid network
re-engineering and repeated investment
Answer: ABCD
350.During the SSH public key authentication process, the server decrypts the digital signature generated
by the client through the public key to complete user authentication.
Which of the following objects need to be involved in the generation of SSH digital signatures? (Multiple
choice)
A. Username
B. Public key
C. Public key algorithm
D. Private key
Answer: ABCD
351.What are the parts of the response message of the HTTP/1.1 protocol? (Multiple choice)
A. Response body
B. Response headers
C. Status line
D. Blank line
Answer: ABCD
352.Which of the following are the deployment methods of iMaster NCE-CampusInsight? (Multiple
choice)
A. MSP self-built cloud CloudCampus deployment
B. Local Standalone Deployment
C. Local CloudCampus Deployment
D. Huawei Public Cloud CloudCampus Deployment
91 / 149
The safer , easier way to help you pass any IT exams.
Answer: ABCD
353.From the perspective of architecture, Huawei SD-WAN solution can be divided into management
layer, control layer and network layer.
Which of the following devices belong to the network layer? (Multiple choice)
A. FW
B. EDGE
C. GW
D. RR
Answer: BC
354.SRv6 has strong network programming ability, which is reflected in those fields of SRH? (Multiple
choice)
A. Each SRv6 SID
B. Flags
C. Segment List
D. Optional TLV
Answer: ACD
355.IFIT implements end-to-end delay and packet loss statistics by inserting packet headers into service
flows to make color markings. Which of the following is correct? (Multiple choice)
A. Whether in MPLS or SRv6 scenarios, IFIT is in-band detection, so it can sense the service flow status
Flags in real time
B. In the IFIT for SRv6 scenario, the Option TLV in the SRH extension header carries the IFIT-related
information Optional TLV
C. The network device reports information to the controller through Telemetry. The controller obtains
information such as delay and packet loss through calculation
D. In the IFIT for SR/MPLS scenario, the IFIT header is indicated by label 12
Answer: BCD
356.Yangon is the data modeling language of NETCONF. Which of the following belongs to the basic
data model of yangon? (Multiple choice)
A. LEAF node
B. LIST node
C. SER node
D. TREE node
Answer: AB
357.Which of the following is not a function provided by MACsec? (Multiple choice)
A. Controllability
B. Authenticity
C. Encryption
D. Integrity
Answer: BCD
92 / 149
The safer , easier way to help you pass any IT exams.
358.In the small and medium-sized campus network, which of the following devices support the
registration center method? (Multiple choice)
A. AP
B. FW
C. AR
D. SW
Answer: ABCD
359.Which of the following protocols does IPsec include? (Multiple choice)
A. PKI
B. SSL
C. AH
D. ESP
Answer: CD
360.Which of the following source node behaviors allow devices to be inserted into the SRH? (Multiple
choice)
A. Insert
B. insert.red
C. encaps
D. encaps.red
Answer: AB
361.In SR-MPLS, the manually configured prefix sid of different devices may conflict, so according to the
conflict handling principle, which of the following will be selected in the end? (Multiple choice)
A. 1.1.1.1/32 1
B. 1.1.1.1/32 2
C. 3.3.3.3/32 1
D. 2.2.2.2/32 3
Answer: AD
362.Which of the following types of SIDs does BGP EPE assign to inter-domain paths? (Multiple choice)
A. peer-prefix
B. peer-set
C. peer-adj
D. peer-node
Answer: BCD
363.Which of the following about IKEv1 is correct? (Multiple choice)
A. Phase 2 Negotiation of IPSec SA
B. The first phase of negotiation to establish an IKE SA
C. Two modes in the first stage: main mode, brutal mode
D. Two modes in the second stage: fast and slow
93 / 149
The safer , easier way to help you pass any IT exams.
Answer: ABC
364.Which of the following descriptions about the label encapsulation format in MPLS is correct? (Multiple
choice)
A. For Ethernet and PPP packets, the label stack is like a "shim" between the Layer 2 header and the data.
When there is a VLAN tag, the MPLS header is placed between the Ethernet header and the VLAN tag
B. The total length of a single MPLS label is 4 bytes
C. The TTL field in the label is similar to the TTL (Time To Live) in the IP packet, and it also has the effect
of preventing loops.
D. The length of the S field in the label is 1 bit, which is used to identify whether the label is the bottom
label of the stack. When the value is 1, it indicates the second-to-last layer label.
Answer: BC
365.For which packets can Huawei equipment perform traffic suppression? (Multiple choice)
A. Broadcast
B. Multicast
C. Unknown Unicast
D. Known Unicast
Answer: BCD
366.Which of the following descriptions about the MPLS header TTL is correct? (Multiple choice)
A. MPLS handles TTL in two ways. One is to copy the IP TTL value of the TTL of the MPLS header when
the IP packet enters the MPLS network; the other is to set the TIL of the MPLS header to 255 at the
ingress LER.
B. It can prevent infinite loop forwarding of messages
C. When copy TTL is prohibited, Tracert can see the LSR of the passing MPLS domain
D. The processing method of copying the IP TTL value hides the LSR of the MPLS domain and plays a
certain security role
Answer: AB
367.DHCP Snooping is a DHCP security feature that can be used to defend against various attacks.
Which of the following about the types of attacks that DHCP Snooping can defend against are correct?
(Multiple choice)
A. A starvation attack where the defense department changes the CHADDR value
B. Defense against man-in-the-middle attacks and IP/MAC spoofing attacks
C. Defense Against DHCP Bogus Attacks
D. Anti-TCP flag attack
Answer: AC
368.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, which of the
following descriptions about symmetric IRB forwarding are correct? (Multiple choice)
A. Ingress VTEP only performs L2 table lookup
B. The VNI carried in the VXLAN header is L3 VNI when forwarding cross-network segment user
communication packets between VTEPs
94 / 149
The safer , easier way to help you pass any IT exams.
C. Egress VTEP only performs L2 table lookup and forwarding
D. Ingress VTEP and Egress VIEP will perform L3 table lookup and forwarding
Answer: BD
369.Port Security enhances the security of the device by converting part of the MAC address into a
secure MAC address and preventing hosts other than the secure MAC from communicating with the
device through this interface.
Which of the following is a secure MAC? (Multiple choice)
A. Secure Static MAC Address
B. Protected MAC address
C. Sticky MAC address
D. Secure Dynamic MAC Address
Answer: ACD
370.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, when BGP EVPN
Type 2 routes are used to transmit IRB type routes, which of the following information is carried? (Multiple
choice)
A. Layer 2 VNI
B. Layer 3 VNI
C. Host MAC address
D. Host IP address
Answer: ABCD
371.In the Huawei SD-WAN solution, which of the following routing protocols can be used on the LAN
side to connect to the Layer 3 network? (Multiple choice)
A. RIP
B. IS-IS
C. OSPF
D. BGP
Answer: CD
372.MPLS supports the establishment of LSPs in a static or dynamic manner. In the MPLS TE scenario,
which of the following protocols can establish dynamic LSPs? (Multiple choice)
A. OSPF
B. RSVP-TE
C. BGP
D. IS-IS
Answer: ABD
373.SR-MPLS can use the IGP protocol to advertise topology information, prefix information, SRGB and
label information. In order to complete the above functions, OSPF defines TLVs for SIDs and SR-MPLS
capabilities of network elements.
Which of the following TLVs does OSPF use to advertise the Prefix SID and Adjacency SID of SR-MPLS?
(Multiple choice)
95 / 149
The safer , easier way to help you pass any IT exams.
A. LAN Aaj-SID Sub-TLV
B. SID/Label Sub-TLV
C. Prefix SID Sub-TLV
D. Adj-SID Sub-TLV
Answer: CD
374.Which of the following is included in the SR Policy triple? (Multiple choice)
A. color
B. dscp
C. endpoint
D. headend
Answer: ACD
375.XML is the encoding format of the NETCONF protocol. NETCONF uses text files to represent
complex hierarchical data.
<?xml version="1.0" encoding="UTF-8“?>
<note>
<to>Learners</to>
<from>Huawei</from>
<heading>Reminder</heading>
<body>Don't forget Reading!</body>
</note>
For the following XML file, which of the following descriptions are correct? (Multiple choice)
A. encoding: Indicates the character set encoding format, currently only UTF-8 encoding is supported
B. <?: Indicates the start of an instruction
C. /: Indicates the end of the current label
D. ?>: Indicates the end of an instruction
Answer: ABCD
376.The enterprise wide-area bearer network needs to provide different quality of service guarantees for
various services. At this time, QoS planning can be used to ensure that various services are reasonably
forwarded on the bearer network. Which of the following descriptions about QoS planning principles are
correct? (Multiple choice)
A. Reasonable: Allocate reasonable resources based on the importance of the business
B. Maintainability: Actual business changes rapidly, and QoS policy may need to be adjusted frequently
during routine maintenance. It needs to be easily adjusted and maintained.
C. Scalability: the current QoS policy needs to consider subsequent business expansion
D. Consistency: QoS planning involves business classification, marking, scheduling, speed limiting and
other behaviors, and the entire network needs to be consistent
Answer: ABCD
377.Which of the following location reporting methods does the iMaster NCE-Campus support to
implement Wi-Fi-based location services? (Multiple choice)
A. After the network device is transferred, it is reported to the LBS Server
96 / 149
The safer , easier way to help you pass any IT exams.
B. WLAN AP reports terminal location data through Bluetooth Beacon packets
C. WLAN AP directly reports terminal location data
D. iMaster NCE-Campus relay reports terminal location data
Answer: ABCD
378.Which of the following statement about LDP is correct? (Multiple choice)
A. Relying on hello packets to establish LDP session
B. After receiving the label mapping relationship sent by the other party, the establishment of the LDP
session is completed
C. Maintain LDP sessions by keepalive packets.
D. Negotiate parameters by init message.
Answer: ACD
379.Which of the following sequences can be represented by the regular expression [100200]$? (Multiple
choice)
A. 300 200 100
B. 100 300 200
C. 200 100 300
D. 100 200 300
Answer: CD
380.Part of the configuration of the switch is shown in the figure.
Which of the following descriptions about the configuration on this switch is correct? (Multiple choice)
A. First you need to create a DHCP server group and add a DHCP server to the server group
B. The VLANIF 100 interface will send the received DHCP packets to the external DHCP Server through
the relay
C. Both DHCP server and DHCP Delay must be configured with DHCP enabled globally
D. Specify the DHCP server group for the VLANIF100 interface as dhcp group1
Answer: ABCD
381.According to the information given in the figure, which of the following descriptions are correct?
(Multiple choice)
A. There are 2 equivalent paths for R1 to access 172.16.1.4
97 / 149
The safer , easier way to help you pass any IT exams.
B. There are 4 equivalent paths for R1 to access 172.16.1.4
C. R1 needs to go through a 4-hop router to access 172.16.1.4
D. R1 needs to go through a 2-hop router to access 172.16.1.4
Answer: AD
382.Which of the following description of the MPLS header TTL are correct? (Multiple choice)
A. The processing method of copying the IP TTL value hides the LSR of the MPLS domain and plays a
certain security role
B. MPLS handles TTL in two ways. One is to copy the IP TTL value of the TTL of the MPLS header when
the IP packet enters the MPLS network, and the other is to uniformly set the TTL of the MPLS header to
255 in the ingress LER.
C. When copy TTL is prohibited, Tracert can see the LSR of the passing MPLS domain
D. It can prevent infinite loop forwarding of messages
Answer: BD
383.According to the information given in the figure, which of the following statements are correct?
(Multiple choice)
A. There is a loop when R1 accesses 172.17.1.5
B. R1 has a route between 172.17.1.5
C. R1 has no problem accessing the path of 172.17.1.5
D.R1 has no route to access 172.17.1.5
Answer: AB
98 / 149
The safer , easier way to help you pass any IT exams.
384.In a virtualized network scenario deployed through iMaster NCE-Campus, when creating a fabric, it is
necessary to configure the fabric global resource pool, which of the following items are included? (Multiple
choice)
A. Bridged Broadcast Domain (BD)
B. Interconnecting IP Address Resources
C. XLAN Network Identity (VNI)
D. VLAN resources
Answer: ACD
385.In the Huawei SD-WAN solution, which of the following descriptions of the Hub-Spoke topology are
correct? (Multiple choice)
A. Hub-Spoke topology mode supports dual-Hub site networking
B. Hub-Spoke topology mode supports network-segment-based hub site active-active
C. Hub-Spoke topology mode supports active-active hub site based on Spoke site
D. Hub-Spoke topology mode supports four-Hub site networking
Answer: ABC
386.As shown in the figure, R1 and R2 establish a GRE tunnel. If it is required to successfully ping when
R1 "Ping 10.3.1.1", which of the following commands needs to be configured on R1 or R2? (Multiple
choice)
A. Configure the following command on R2: "ip route-static 10.1.1.1 255.255.255.255 Turnnel0/0/0"
B. Configure the following command on R1: "ip route-static 10.3.1.1 255.255.255.255 10.0.12.2"
C. Configure the following command on R2: "ip route-static 10.1.1.1 255.255.255.255 10.0.12.1"
D. Configure the following command on R1: "ip route-static 10.3.1.1 255.255.255.255 Turnnel0/0/0"
Answer: AD
387.Which of the following descriptions about the SD-WAN resale scenario by operators are correct?
(Multiple choice)
A. Enterprises can realize the connection between SD-WAN network and traditional operator backbone
network through SD-WAN GW
B. Operators provide a unified SD-WAN controller to provide SD-WAN services for multiple enterprises
C. Enterprises can manage and control their own SD-WAN services through the tenant rights assigned by
the operators, or they can be hosted by the operators, and the operators can manage and control the
SD-WAN services of the enterprises
99 / 149
The safer , easier way to help you pass any IT exams.
D. Enterprises can act as tenants and rent SD-WAN services provided by operators. Enterprise tenants
can control SD-WAN services of all sites within the enterprise, but cannot see SD-WAN services of other
tenants
Answer: ABCD
388.In the scenario of dynamically establishing a VLAN tunnel through BGP EVPN, run commands on the
VTEP to view the detailed information of the BGP EVPN route and see the route information as shown in
the figure. Which of the following descriptions are correct? (Multiple choice)
A. This is an IRB type Type2 route
B. This route contains RT and EVPN Router's MAC Extended Community extended community attributes
C. This is a Type5 route
D. Import RT contains 0:2 or 0:3 VPN instances can learn the host routing information contained in this
route
Answer: AD
389.As shown in the figure, in the scenario of dynamically establishing a VLAN tunnel through BGP EVPN,
VTEP1 transmits a BGP EVPN Type2 route to VTEP2, where the EVPN RT value is 20:1, then which of
the following description about this scenario are wrong? (Multiple choice)
A. VTEP2 will drop the route directly
B. VTEP2 compares the RT value carried by the route, which is different from the IRT value of the EVPN
instance bound to BD20, so VTEP2 will discard the route
100 / 149
The safer , easier way to help you pass any IT exams.
C. VTEP2 compares the RT value carried by the route, which is the same as the IRT value bound to the
IP VPN instance VTEP_VBDIF20, so VTBP2 will learn the IP routing entry carried in the route
advertisement packet into the IP routing table corresponding to the IP VPN instance
D. VTEP2 compares the RT value carried by the route, which is different from the IRT value of the EVPIt
instance bound to R20, so TEP2 will not learn the MAC address entry carried by the route into the MAC
address table of BD20
Answer: BD
390.As shown in the figure, if 802.1x authentication needs to be enabled on the GE0/0/2 and GE0/0/3
interfaces of SW3, the RADIUS server needs to be used for user authentication and authorization
delivery.
Which of the following configuration steps are required? (Multiple choice)
A. Configure the 802.1X access profile
B. Configure certificate horizontal pole
C. Configure the AAA scheme
D. Configure the authentication domain
Answer: ABCD
391.The topology shown in the figure adopts VXLAN distributed gateway, VBDIF10 on SW1 is configured,
and the arp-proxy local enable command is used, which of the following descriptions are correct?
(Multiple choice)
101 / 149
The safer , easier way to help you pass any IT exams.
A. The ARP entry on PC1 is, 172.16.1.2 MAC B
B. The ARP entry on PC1 is, 172.16.1.2 MAC D
C. SW1 receives the message sent from PC1 to PC2, and will perform L2 table lookup and forwarding
D. SW1 receives the message sent by PC1 to PC2, and will perform L3 table lookup and forwarding
Answer: BD
392.As shown in the figure, in the scenario of dynamically establishing a BXLAN tunnel through BGP
EVPN, VTEP1 transmits a BGP EVPN Type2 route about PC1 to VTEP2. Which of the following
descriptions about this scenario are correct? (Multiple Choice)
A. The route is an IRB type route
B. The RT value carried by this route is 10:1
C. The RT value carried by this route is 100:1
D. The RD value carried by the route is 103:1
Answer: ABD
393.Ethernet is a broadcast-enabled network, and once there are loops in the network, this simple
broadcast mechanism can have catastrophic consequences.
Which of the following phenomena may be caused by loops? (Multiple choice)
A. Serious packet loss during network test via ping command
B. CPU usage exceeds 70%
102 / 149
The safer , easier way to help you pass any IT exams.
C. Use the display interfacet command on the device to view interface statistics and find that the interface
receives a large number of broadcast packets
D. The device cannot record remotely
Answer: ABCD
394.In the following description of OSPF Router LSA and Network LSA, which items are wrong? (Multiple
choice)
A. Routers running OSPF must generate Router LSAs
B. There must be both Router LSA and Network LSA in the NSPF network
C. A router running OSPF must generate a Network LSA
D. Network LSA carries both topology and routing information
Answer: BC
395.In the virtualized campus network deployed through iMaster NCE-campus, administrators should
configure the parameters as shown in the figure.
Which of the following statements about this operation is correct? (Multiple choice)
A. The administrator is configuring VN interworking
B. After this step is completed, the controller will deliver the static route corresponding to the
VPN-Instance to the device
C. After this step is completed, the controller will deploy OSPF on the device
D. The administrator is creating the VN
Answer: AB
396.Overlay network topology in Huawei SD-WAN solution system, which of the following items are
included? (Multiple choice)
A. Full-Mesh
B. Hierarchical Topology
C. Partial-Mesh
D. Hub- Spoke
Answer: ABCD
397.In Huawei SD-WAN solution, which of the following items are mainly included in the application
optimization function? (Multiple choice)
A. Application Identification
B. Intelligent routing
C. QoS
103 / 149
The safer , easier way to help you pass any IT exams.
D. Wide-area optimization
Answer: ABCD
398.The NETCONF content layer configures data for the device. Configuration data requires a modeling
language. Which of the following are the content layers currently supported by Huawei devices? (Multiple
choice)
A. ONF-YANG
B. OpenConfig-YANG
C. Huawei-YANG
D. IETF-YAG
Answer: BCD
399.HTTP/1.1 is the mainstream standard today. Regarding the HTTP/1.1 request message, which of the
following request methods are included? (Multiple choice)
A. GET
B. POST
C. PATCH
D. DELETE
Answer: ABCD
400.The unified monitoring and performance management of network equipment is an important function
of the operation and maintenance platform. Which of the following protocols or technologies does the
operation and maintenance platform obtain equipment monitoring data? (Multiple choice)
A. Telemetry
B. Netstream
C. Syslog
D. SNMP
Answer: ABCD
401.Which of the following description about configuring static VXLAN access are correct? (Multiple
choice)
A. An NVE interface can be associated with multiple VNIs. So when there are multiple BDs, only one NVE
interface can be created
B. For a VXLAN tunnel, a corresponding NVE interface needs to be created, in which the source IP
address and destination IP address are clearly specified. Therefore, if there are multiple VXLAN tunnels
on the VIEP, the corresponding number of NVE interfaces must be configured.
C. In the NVE interface, the destination address of the VXLAN tunnel is specified by the address in the
headend replication list. Multiple VXLAN tunnels can create only one NVE interface
D. A BD needs to create an NVE interface when there are multiple BDs. Multiple NVE interfaces must be
created
Answer: AC
402.In the firewall dual-system hot backup scenario, which of the following situations will cause the local
device to actively send VGMP packets? (Multiple choice)
104 / 149
The safer , easier way to help you pass any IT exams.
A. The dual-system hot backup function is enabled
B. Link Detection Packet Timeout
C. Priority increase
D. The dual-system hot-standby function is turned off
Answer: ACD
403.Which of the following are the Features of HTTP? (Multiple choice)
A. Using UDP encapsulation
B. Media independence
C. Stateless
D. No connection
Answer: BCD
404.Which of the following information needs to be planned for network cutover? (Multiple choice)
A. QoS
B. Bandwidth Utilization
C. Packet Loss Rate
D. Business situation
Answer: BD
405.After the port security function is enabled, if the number of MAC addresses learned on the interface
reaches the upper limit, which of the following processing methods may be taken by the port? (Multiple
choice)
A. Discard the message with the new MAC address and report an alarm
B. Discard the message with the new MAC address and do not report an alarm
C. The interface is error-down, and the alarm is reported.
D. The interface is error-down, and the alarm is not reported.
Answer: ABC
406.Which of the following statements about MPLS VPN cross-domain solutions are correct? (Multiple
choice)
A. In the OPTION C scheme, when transferring between ASBRs, carry two layers of labels
B. In the OPTION A scheme, ASBR cannot open MPLS
C. In the OPTION C scheme, PEs can directly exchange VPNv4 routing information
D. In the OPTION B scheme, the intermediate link does not need to process the label information.
Answer: ACD
407.Which of the following statement is correct? (Multiple choice)
A. The next hop of this packet is 2001::xxxxxx
B. This packet only carries one attribute, and multi-protocol cannot reach NLRI
C. The prefix carried by this packet is 2001::xxxxxx
D. This message is used to revoke the relevant routing information.
Answer: BCD
105 / 149
The safer , easier way to help you pass any IT exams.
408.Regarding ISIS equivalent routing, which of the following statements is correct? (Multiple choice)
A. If load balancing is used, the data packets are evenly distributed on each link
B. The priority of an equal-cost route can be adjusted, the route with higher priority is forwarded first, and
the rest of the links are backed up
C. If the priority is the same, the packet will be preferentially forwarded to a certain link according to the
principle that the smaller the system-id, the better
D. If the number of equal-cost routing entries exceeds the number set by the device, the entire load will be
shared.
Answer: ABC
409.Which of the following layers does the telemetry protocol include? (Multiple choice)
A. Transport layer
B. Communication layer
C. Data encoding layer
D. Data Model Layer
Answer: ABCD
410.There are three families in a residential building: A, B, and C.
Family A leases 30M network bandwidth, and purchases voice phone, Internet TV and broadband
Internet access services.
Family B leases 20M of network bandwidth and purchases Internet TV and broadband Internet access
services.
Family C rents 10M network broadband and only purchases broadband Internet access services.
The operator has made the HoS configuration on the access device as shown in the figure below. Which
of the following descriptions are correct? (Multiple choice)
A. The Internet TV service of family A can obtain a maximum bandwidth of 30M, and the broadband
Internet service of family C can obtain a maximum bandwidth of 10M
B. Home A's voice and telephone services can obtain a bandwidth of 30M at most, and home B's Internet
TV service can obtain a maximum bandwidth of 10M
C. Family A's broadband Internet access service can obtain a maximum bandwidth of 30M, and family B's
Internet TV service can obtain a maximum bandwidth of 20M
D. The broadband Internet service of family A can obtain a maximum bandwidth of 10M, and the
broadband Internet service of family C can obtain a maximum bandwidth of 10M
Answer: AC
106 / 149
The safer , easier way to help you pass any IT exams.
411.Which of the following aspects should be considered in the cutover risk assessment? (Multiple
choice)
A. Location of key risk points
B. Losses from Risk
C. Timing of Risk Impact
D. Scope of Risk Impact
Answer: ABCD
412.Which of the following is the key technology for implementing SRv6 strategy based on Huawei Cloud
WAN solution architecture? (Multiple choice)
A. BGP-LS
B. BGP IPv6 SR Policy
C. PCEP
D. Network form
Answer: ABC
413.LDP uses discovery messages to discover neighbors. Which of the following statements about the
basic discovery mechanism is true? (Multiple choice)
A. The destination IP address of the LDP discovery message is the multicast IP address 224.0.0.2.
B. LDP discovery messages are sent to the specified LDP peers.
C. After the TCP connection is established, the LSR no longer sends Hello messages.
D. LDP discovery messages are encapsulated into UDP packets with destination port number 646.
Answer: ACD
414.Ethernet supports broadcasting. In the event of a network loop, this simple broadcast mechanism can
lead to catastrophic consequences.
Which of the following symptoms may be caused by a loop? (Multiple choice)
A. Users cannot log in to the device remotely.
B. The display interface command outputs a large number of broadcast packets received on the display
interface.
C. CPU usage exceeds 70%.
D. During the ping test, many ICMP packets are lost.
Answer: ABCD
415.Regarding forwarding equivalence classes (FEC) in MPLS, which of the following statements is
incorrect? (Multiple choice)
A. Packets with the same FEC are handled differently on MPLS networks.
B. FEC can be flexibly divided according to source IP address, destination IP address, source port,
destination port, protocol type, VPN or any combination of them.
C. MPLS classifies packets with the same forwarding processing mode into one FEC.
D. An FEC is marked with only one unique label.
Answer: AB
107 / 149
The safer , easier way to help you pass any IT exams.
416.Regarding the security protocols used by IPsec, which of the following statements is true? (Multiple
choice)
A. AH performs an integrity check on the entire IP packet.
B. ESP encrypts the entire IP packet.
C. Both AH and ESP support tunnel encapsulation.
D. ESP is an IP-based transport layer protocol with protocol number 50.
Answer: ACD
417.Regarding the hub-and-spoke topology in Huawei SD-WAN solution, which of the following
statements is correct? (Multiple choice)
A. The hub-and-spoke topology mode supports dual hub networks.
B. The hub-and-spoke topology mode supports segment-based active hub sites.
C. The hub-and-spoke topology mode supports active hub sites based on spoke sites.
D. The hub-and-spoke topology mode supports networking with four hub sites.
Answer: ABC
418.Which of the following intelligent operation and maintenance functions does Huawei CloudCampus
solution support? (Multiple choice)
A. Use telemetry to monitor AP, radio, and user wireless network quality.
B. Provide visual monitoring of network quality based on network health.
C. Analyze network failures based on individual and group failures.
D. Provide predictive intelligence optimization capabilities based on big data and artificial intelligence.
Answer: ABCD
419.Huawei CloudCampus solution supports the free mobility function. Which of the following
descriptions about the free mobility function is correct? (Multiple choice)
A. Administrators can centrally manage network-wide policies on the controller and execute business
policies on devices
B. In the free mobility solution, the administrator does not need to repeat the configuration for each device
C. The controller is not only the authentication center in the campus network, but also the management
center of the business policy
D. Administrators do not need to pay attention to users' IP addresses when configuring policies
Answer: ABCD
420.In PIM, which of the following description about DR is correct? (Multiple choice)
A. PIM routers become PIM neighbors by exchanging Hello packets. The Hello packets carry the DR
priority and the interface address of the network segment.
B. On the shared network segment of the connected group members, the DR is responsible for sending a
Register join message to the RP. The DR connected to the group member is called the group member
side DR
C. On the shared network segment connected to the multicast source, the DR is responsible for sending
the Join registration message to the RP. The DR connected to the multicast source is called the source
DR
108 / 149
The safer , easier way to help you pass any IT exams.
D. If the current DR fails, the PIM neighbor relationship will time out, and a new round of DR election will
be triggered between other PIM neighbors
Answer: AD
421.RTA is the source DR router, RTB is the RP router, the multicast source sends multicast data to RTA,
but the multicast source registered to it through the PIM Register message cannot be seen on RTB, what
are the possible reasons? (Multiple choice)
A. There is no unicast route from RTB to RTA, which causes RTB to fail the RPF check of the source
B. The multicast network dynamically elects the RP, but the RTA fails to check the RPF of the BSR
C. RP elected by RTA is not RTB
D. The multicast network is statically configured with RP, but the RTA router is not statically configured
with RP
Answer: ACD
422.Which of the following descriptions about Filter-Policy are correct? (Multiple choice)
A. Filter-Policy can be used on both OSPFv2 and OSPFv3
B. In the distance vector protocol, because routing information is passed between devices, Filter-Policy
can directly
C. Filtering In the link state routing protocol, the routing table is generated by LSDB, so Filter-Policy is
essentially filtering the LSAs in the LSDB
D. In the distance vector protocol, if you want to filter out the route from the upstream device to the
downstream device, you need to configure filter-policy export on the downstream device.
Answer: AB
423.What functions can Huawei iMaster NCE products achieve? (Multiple choice)
A. Devices can be managed across manufacturers
B. Network Automation
C. Provide a variety of open API interfaces
D. Predictive maintenance based on big data and Al
Answer: ABCD
424.In the security assistance of Agile Controller, which of the following description of security linkage
components are correct? (Multiple choice)
A. The log reporting device is undertaken by the network devices, security devices, policy servers,
third-party systems, etc. in the middle of the network. It is mainly responsible for providing network
information and security logs.
B. Client devices are producers of network information and security logs
C. The linkage policy execution device is undertaken by the switch, which is mainly responsible for the
security response of the dark part of the linkage between the devices after the security time occurs.
D. The security defense component of Agile Controller is responsible for log collection and processing,
event correlation, security situation presentation, and security response.
Answer: ACD
109 / 149
The safer , easier way to help you pass any IT exams.
425.In order for the eSight network management to be able to receive and manage devices and report
alarms, what conditions must be met? (Multiple choice)
A. The device is managed by the network management
B. The correct trap parameters are configured on the device side
C. The managed devices on the network management should be configured with the correct SNMP
protocol and parameters
D. The network management and equipment should be connected
Answer: ABCD
426.Which of the following statements about ASPF and Servermap are correct? (Multiple choice)
A. ASPF checks the application layer protocol information and monitors the application layer protocol
status of the connection
B. ASPF determines whether packets pass through the firewall by dynamically generating ACLs
C. Configure NAT Server to generate static Server-map
D. The Servermap table uses a five-tuple to represent a conversation
Answer: AC
427.When congestion occurs, which of the following indicators of Qos are usually affected? (Multiple
choice)
A. Transmission delay
B. Transmission Jitter
C. Transmission bandwidth
D. Transmission distance
Answer: ABC
428.What information of the message can be marked or remarked? (Multiple choice)
A. MAC Address information
B. Any information in the message
C. IP Source, Destination Address, EXP information
D. IP DSCP. IP Precedence, 802.1p.EXP information
Answer: ACD
429.Regarding the statement of ASPF and Server-map, which of the following is correct? (Multiple
choice)
A. Server-map is usually only used to check whether the message after the first message channel is
established or forwarded according to the session table
B. After the channel is established, the message is still forwarded according to the Server-map
C. The server-map entry will be deleted after a certain aging time because there is no packet matching.
This mechanism ensures that the looser channel such as the Server-map entry can be deleted in time; it
ensures the security of the network. When a new data connection is subsequently initiated, the
establishment of the Server-map entry will be re-triggered
D. Only ASPF will generate the Sever-map table
Answer: AC
110 / 149
The safer , easier way to help you pass any IT exams.
430.Which of the following working modes does the interface of the firewall have? (Multiple choice)
A. Exchange Mode
B. Transparent Mode
C. Transmission Mode
D. Routing Mode
Answer: BD
431.LSR retains the received label, and there are several ways to retain it, then which of the following
statement about LDP label retention - free mode is correct? (Multiple choice)
A. Keep all labels sent by neighbors
B. Requires more memory and label space
C. Keep only labels from next-hop neighbors and discard all labels from non-next-hop neighbors
D. Save memory and label space
E. Reduced LSP convergence time when IP route convergence next hop changes
Answer: ABE
432.Which protocol modules can BFD detection be linked with? (Multiple Choice)
A. VRRP
B. OSPF
C. BGP
D. Static routing
Answer: ABCD
433.Which description is correct for the configuration on this switch? (Multiple Choice)
A. By default, both DHCP server and DHCP delay must be enabled to enable DHCP service
B. VLANIF100: The interface will send the received DHCP packets to the external DHCP Server through
the relay
C. Specify the DHCP server group as dhcpgroup for the VLANIF1O0 interface
D. First you need to create a DHCP server group and add a DHCP server to the server group
E. By default, DHCPgroup1 will automatically add a DHCP server in the network
Answer: ABCD
434.By default, the D main ID of each SPF process running on the router is the same as the process ID of
the process, which can be modified through the d main-id command under the process.
A. True
B. False
Answer: B
435.BFD can implement link status detection at the ms (millisecond) level.
A. True
B. False
Answer: A
111 / 149
The safer , easier way to help you pass any IT exams.
436.In the DU label distribution mode, if the Libera1 retention mode is adopted, the device will retain the
labels distributed by all LDP peers, regardless of whether the LDP peer is the optimal next hop to the
destination network segment.
A. True
B. False
Answer: A
437.Traditional BGP-4 can only manage IPv4 unicast routing information. MP-BGP extends BGP-4 in
order to support multiple network layer protocols.
The feature that MP-BGP supports for IPv6 unicast networks is called BGP4+, and BGP4+ carries routing
next-hop address information through the Next_Hop attribute.
A. True
B. False
Answer: B
438.The request header field Accept-Language indicates the language type desired by the client.
A. True
B. False
Answer: A
439.In the MA network, if IS-IS is used to publish the Adjacency SID, since every IS-IS router will publish
the Adjacency SID, it is not necessary to select DIS at this time.
A. True
B. False
Answer: B
440.Node Segments in SR-MPLS must be manually configured.
A. True
B. False
Answer: B
441.The enterprise WAN connects the enterprise headquarters and branches, the enterprise and the
cloud, and also realizes the interconnection between the clouds.
A. True
B. False
Answer: A
442.When configuring an IPsec tunnel on Huawei AR series routers, you must create an IPSec tunnel
interface. Otherwise, user data cannot be encrypted.
A. True
B. False
Answer: B
112 / 149
The safer , easier way to help you pass any IT exams.
443.To isolate the communication between wired user terminals, you can enable port isolation on the
access switch; however, for wireless users, APs cannot implement user isolation.
A. True
B. False
Answer: B
444.As shown in the figure, the SPF protocol is enabled for all classes of the router, the cost of the link is
marked in the figure, and the Lookback class end announcement of R2 is in area 0.
In area 1, both R2 and R3 transmit the routing information of 10.0.2.2/32 in the form of Type3 LSA.
A. True
B. False
Answer: A
445.The down of the BFD session causes the direct link to fail.
A. True
B. False
Answer: B
446.A campus deployed IPv6 for service testing. In the initial stage of deployment, engineers wanted to
implement network interoperability through IPv6 static routes. When creating an IPv6 static route, you can
specify both the outbound interface and the next hop, or you can specify only the outbound interface or
only the next hop.
A. True
B. False
Answer: B
447.When there is a relay between the DHCP client and the DHCP server. If the IP address in the global
address pool of the DHCP server is not in the same network segment as the IP address of the VLANIF
interface connected to the client on the relay device, a DHCP failure will occur.
113 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: A
448.As shown in the figure, on the R1 router, the network administrator can control the path of the traffic
entering AS100 after modifying the MED value of the routing entry sent to R2 through the routing policy.
A. True
B. False
Answer: A
449.The ipv6 enable topology standard is configured in the IS-IS protocol view. The meaning of this
command is that IPv4 and IPv6 share the same topology.
A. True
B. False
Answer: B
450.SR-MPLS issues labels and reserves bandwidth through the extended IGP, thereby supporting
large-bandwidth services.
A. True
B. False
Answer: B
451.For the same MAC address, manually configured MAC entries have higher priority than automatically
generated entries.
A. True
B. False
Answer: A
452.VXLAN uses VNI to distinguish tenants. A tenant can have one or more VNIs, and the VNI length is
24 bits, so VXLAN supports up to 12 M tenants.
A. True
B. False
Answer: B
453.As shown in the figure, all interfaces of the router enable the SPF protocol, in which R4 and R5 can
establish an OSPF virtual connection.
114 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: B
454.When deploying a BGP/MPLS VPN, when two VPNs have a common site, the common site must not
use overlapping address spaces with other sites of the two VPNs.
A. True
B. False
Answer: B
455.The traffic shaping technology will temporarily cache the data that exceeds the forwarding threshold.
For the data in the cache, you can use the congestion management technology to discard the data
packets from the cache queue in advance to prevent the cache queue from being full.
A. True
B. False
Answer: A
456.The traffic shaping technology will temporarily cache the data that exceeds the forwarding threshold.
For the data in the cache, you can use the congestion management technology to discard the data
packets from the cache queue in advance to prevent the cache queue from being full.
A. True
B. False
Answer: A
457.In the dual-system hot backup scenario of the firewall, service interfaces need to be added to the
security zone, and heartbeat interfaces do not need to be added to the security zone.
A. True
B. False
Answer: B
458.iMaster NCE-CampusInsight uses SNMP technology to collect performance indicators and log data
of network devices, and discover network anomalies based on real business traffic.
A. True
B. False
Answer: B
115 / 149
The safer , easier way to help you pass any IT exams.
459.iMaster NCE-Campus control does not support device management through SNMP.
A. True
B. False
Answer: B
460.In the Huawei SD-WAN solution, the CPE needs to establish a control channel before being
managed by the iMaster NCE-WAN controller.
A. True
B. False
Answer: B
461.MPLS LDP sends a large number of packets to maintain the protocol neighbor relationship and path
status.
A. True
B. False
Answer: A
462.NETCONF uses SSL to implement secure transmission, and uses the RPC (Remote Procedure Call)
remote call mechanism to implement the communication between the client and the server.
A. True
B. False
Answer: A
463.As shown in the figure, the operator's BGP/MPLS IP VPN backbone network constructs LSPs
through LDP. If the two sites of user X are to communicate through the BGP/MPLS IP VPN network, PE1
and PE2 must use a 32-bit mask. Loopback interface address to establish MP-IBGP peer relationship.
A. True
B. False
Answer: A
464.In an SR network, if IS-IS is used to transmit the SID, the Node SID advertised by the Level-2 router
is only transmitted within the same area by default.
A. True
B. False
Answer: B
465.The difference between SRv6 and SR-MPLS is that the segment in the SRv6 SRH will not be ejected
after being processed by the node, so the SRv6 header can be used for path backtracking.
116 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: B
466.When BGP/MPLS IP VPN is deployed, the OSPF VPN Route Tag is not transmitted in the extended
community attribute of MP-BGP, but is only a local concept, only on the PE router that receives MP-BGP
routes and generates OSPF LSA Significant.
A. True
B. False
Answer: B
467.The OPS (Open Programmability System) function of Huawei network equipment enables users to
run Python scripts on the local PC and call the open RESTful API interface of the equipment.
A. True
B. False
Answer: B
468.The path of the SR-MPLS TE tunnel can be calculated by the controller or the tunnel head node.
A. True
B. False
Answer: A
469.In the Huawei SD-WAN solution, the RR is automatically selected after the CPE goes online, and the
iMaster NCE-WAN controller does not need to be involved.
A. True
B. False
Answer: B
470.In the scenario of dynamically establishing a VXLAN tunnel through BGP EVPN, when a BGP EVPN
route is passed between VTEPs, the BGP EVPN route will be discarded only if the RT value carried by
the route is different from the EVPN IRT and IP VPN IRT.
A. True
B. False
Answer: B
471.When an administrator creates a policy control matrix, when a source security group has policies for
multiple destination groups, the matching order of different policies needs to be distinguished by priority.
A. True
B. False
Answer: A
472.Free Mobility implements policy management and permission control based on the user's VLAN and
IP.
A. True
117 / 149
The safer , easier way to help you pass any IT exams.
B. False
Answer: B
473.Under the distributed gateway, VNI is divided into L2 VNI and L3 VNI. The L2 VNI is a common VNI,
which is mapped to the broadcast domain BD in a 1:1 manner to implement the forwarding of VXLAN
packets on the same subnet; the L3 VNI is associated with the VPN instance. It is used to forward VXLAN
packets across subnets.
A. True
B. False
Answer: A
474.Traffic policing can only be used in the inbound direction. Its function is to monitor the traffic entering
the device to ensure that the upstream device does not abuse network resources.
A. True
B. False
Answer: B
475.When encountering a large-scale network cutover project, it can be divided into several relatively
independent but related small cutovers.
A. True
B. False
Answer: A
476.After snetconf server enable is configured on a Huawei network device, the client can establish a
NETCONF connection with the device through port 830.
A. True
B. False
Answer: B
477.When policy linkage is deployed in the campus network, a CAPWAP (Control And Provisioning of
Wireless Access Points) tunnel is established between the control point and the enforcement point device,
and CAPWAP is used to implement user association, message communication, user authorization policy
issuance, and user services data forwarding, etc.
A. True
B. False
Answer: A
478.The following figure shows the MPLS VPN cross-domain Option B solution. If ASBR-PE1 and
ASBR-PE2 are only responsible for transmitting VPNv4 routes, you can configure the following command
on ASBR-PE1: [ASBR-PE1-bgp-af-vpnv4] undo peer 10.0 .34.4 enable
118 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: B
479.ESI (Ethernet Segment Identifier) has a total length of 10 bytes and is unique in the entire network.
A. True
B. False
Answer: A
480.As shown in the figure, all routers in the figure run the OSPF protocol.
Because R3 is in the backbone area, there are no three types of LSAs in the LSDB of R3.
A. True
B. False
Answer: B
481.The public key is public and does not need to be kept secret. Private keys are held by individuals and
are not disclosed and disseminated to the public.
A. True
B. False
Answer: A
482.Currently, Huawei uses the TLS protocol as the bearer protocol of the NETCONF protocol.
A. True
B. False
Answer: B
483.In an SRv6 network, a Locator is an identifier of a network node in the network topology, which is
used to route and forward packets to the node. In the SR domain, the Locator of each node must be
unique.
119 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: A
484.The full name of HTTP is Hypertext Transfer Protocol, which is an application layer protocol for
distributed, collaborative, and hypermedia information systems.
A. True
B. False
Answer: A
485.Segment Routing SR (Segment Routing) is a technical architecture designed to forward data packets
on the network based on the concept of source routing. Segment Routing MPLS refers to SR based on
MPLS label forwarding, referred to as SR-MPLS.
A. True
B. False
Answer: A
486.If network admission control is deployed on the campus network, if a terminal device fails the
admission authentication, the terminal cannot access all network resources.
A. True
B. False
Answer: B
487.LLDP (Link Layer Dizcovary Protocol) is a link discovery protocol defined in IEEE 802.1ab. Because
it works at the data link layer, it cannot obtain the management address of neighbors.
A. True
B. False
Answer: B
488.In the small and medium-sized campus network based on HUAWEI CLOUD campus network
solution, the On-Premise mode is recommended for the controller deployment mode.
A. True
B. False
Answer: A
489.The terminal management of iMaster NCE-Campus provides terminal identification function, which
can display terminal type, operating system, and manufacturer information.
A. True
B. False
Answer: A
490.In a virtualized campus network scenario, all devices in the VXLAN domain must support the VXLAN
feature.
A. True
120 / 149
The safer , easier way to help you pass any IT exams.
B. False
Answer: B
491.The <config> operation of the NETCONF protocol may contain an optional "operation" attribute, if not
specified, the default action is creat.
A. True
B. False
Answer: B
492.The VN on i-master-nce is equivalent to VPN-instance, which plays the role of business isolation.
A. True
B. False
Answer: A
493.After traffic shaping is deployed, congestion avoidance techniques are used in the cache queue to
prevent the cache queue from being filled.
A. True
B. False
Answer: A
494.The function of using the command ipv6 preference in the ISIS process is to adjust the routing priority
of IPv6.
A. True
B. False
Answer: A
495.In 6PE and 6VPE networking scenarios, it is not necessary to enable VPN-instance on PEs.
A. True
B. False
Answer: B
496.In SR-MPLS, segment-NOD must be manually configured
A. True
B. False
Answer: B
497.EVPN's L2VPN and L3VPN use two address clusters.
A. True
B. False
Answer: A
498.In the MPLS L3VPN inter-AS Option C solution, if there is an RR, the RR cannot transmit the VPNv4
route without changing the next hop address when it reflects the VPNv4 route to the neighbor.
A. True
121 / 149
The safer , easier way to help you pass any IT exams.
B. False
Answer: B
499.HTTP/2 is a low-latency Internet transport layer protocol based on UDP.
A. True
B. False
Answer: B
500.Node segments in SR-MPLS must be configured manually.
A. True
B. False
Answer: B
501.The enterprise WAN provides the interconnection between the enterprise headquarters and
branches, between the enterprise and the cloud, and between the cloud.
A. True
B. False
Answer: A
502.BFD can implement millisecond-level link status detection.
A. True
B. False
Answer: A
503.If you run the ipv6 enable topology standard command in the is-is view, then IPv4 and ipv6 share the
same topology.
A. True
B. False
Answer: A
504.Traffic shaping can only be used in the outbound direction. Its purpose is to control the rate of
outgoing packets.
A. True
B. False
Answer: A
505.During the evolution from OSPFv2 to OSPFv3, the format and function of the LSA remain unchanged,
except that the network layer address in the LSA is changed from IPv4 to IPv6.
A. True
B. False
Answer: B
506.In Huawei SD-WAN solution, the topology of different VNs must be the same.
A. True
122 / 149
The safer , easier way to help you pass any IT exams.
B. False
Answer: B
507.iMaster provides terminal identification, displaying terminal type, operating system and manufacturer
information.
A. True
B. False
Answer: A
508.Network admission control can be deployed at different network layers according to actual network
requirements. Deploying it at the access layer enables finer-grained rights management and higher
network security than deploying at the aggregation or core layers.
A. True
B. False
Answer: A
509.When establishing a VXLAN tunnel between VTEPs, it is recommended to use the IP address of the
loopback interface on the VTER instead of the IP address of the physical interface as the VTEP IP
address of the VXLAN tunnel.
A. True
B. False
Answer: A
510.A company purchased private lines from two operators. In order to optimize the lines, the company
used the 6GP protocol to learn the routing entries of the two operators. However, the enterprise found that
after this configuration, the traffic of the egress route increased greatly. After the network engineering
investigation, it was found that the traffic of the two operators was transmitted to each other through the
enterprise egress router.
Therefore, the enterprise intends to use the routing strategy so that the traffic of the packets of different
carriers is no longer transmitted to each other. Is the configuration in the following figure correct?
A. True
B. False
123 / 149
The safer , easier way to help you pass any IT exams.
Answer: A
511.As shown in the figure, OSPF is deployed in a campus, and Area1 is deployed as an NSSA area.
In the case of missing header, R2 will automatically generate the missing header route of Type7 LSA and
flood it in the NSSA area.
A. True
B. False
Answer: A
512.To prevent hackers from attacking user devices or networks through MAC addresses, you can
configure the MAC addresses of untrusted users as black hole MAC addresses to filter out illegal MAC
addresses.
A. True
B. False
Answer: A
513.In an MPLS network, SRs running the DP protocol exchange LDP messages to implement functions
such as neighbor discovery, session establishment and maintenance, and label management. To ensure
the reliability of message delivery, all LDP messages are sent and received based on TCP connections.
A. True
B. False
Answer: B
514.There are two types of stream mirroring: local stream mirroring and remote stream mirroring.
A. True
B. False
Answer: A
515.BFD determines whether a fault occurs by periodically detecting packets. It is a fast fault detection
mechanism that relies on routing protocols.
124 / 149
The safer , easier way to help you pass any IT exams.
A. True
B. False
Answer: B
516.BFD (Bidirectional Forwarding Detection) technology is a fast detection technology, but it is relatively
complex and requires special manufacturer equipment support.
A. True
B. False
Answer: B
517.The traffic of the traditional network is connected to the VXLAN network by the edge node, and the
VXLAN network accesses the VXLAN external network through the ( ) node. (Fill in English, the first letter
is capitalized)
Answer: Border
518.When L3VPNv4 ver SRv6 BE is configured, if RR is used in the SR domain, you need to configure
the () command on the RR to ensure that the PEs at both ends can correctly learn VPNv4 routes. (Please
enter the complete command, no extra spaces, all letters are lowercase)
Answer: display bgp vpnv4 all routing-table
519.DiffServ-based horizontal QS has four major components: traffic classification and marking, traffic
policing and shaping, congestion management and ().
Answer: avoid
520.There are many SR-MPLS TE tunnel protection mechanisms, among which ( ) FRR adopts the
method of constructing a virtual node, converts multiple identical route advertisement nodes into a single
route advertisement node, and then calculates the backup downlink of the virtual node according to the
TT-LFA algorithm. One hop, thus realizing fast switching of traffic when a fault occurs. (Fill in English
terms, capitalize only the first letter)
Answer: Anycast
521.Huawei AR series routers are configured with GRE tunnels and enable keepalive detection. By
default, the interval for sending keepalives is ( ) seconds.
Answer: 5
522.To configure a static VXLAN tunnel, the parameters that need to be manually configured are: ( ),
VTEP IP address, and headend replication list. (All letters capitalized)
Answer: VNI
523.In a campus, SPF is deployed to achieve network interoperability, and SPF is also enabled on the
GE0/0/2 interface of R3.
Among them, Area1 is deployed as an NSSA area, and the addresses of each device are shown in the
figure.
125 / 149
The safer , easier way to help you pass any IT exams.
An engineer configures a static route on R3 to access the loopback interface address of R4, and imports
the static route in the SPF process. At this time, in the Type5 LSA received by R1, the forwarding address
(FA) is: ( ) (please fill in the IP address without mask)
Answer: 10.1.34.4
524.VGMP packets are encapsulated by UDP packet headers and VGMP packet headers. By default, the
UDP port used by VGMP packets is ( ).
Answer: 18514
525.In order to improve network security, a company uses static MAC address binding for all internal
computers. Now buy a new host with MAC address 5489-98FD-7B7F. The network administrator
connects the host to the corporate network by executing the mac-address ( ) 5489-98FD-7B7F
GigabiteEthernet 0/0/1 vlan10 command. (Please use English lowercase letters to complete the
command, and the command cannot be abbreviated)
Answer: static
526.For VXLAN external networks, VTEP transmits network segment routes through Type ( ) BGP EVPN
routes, which are used to instruct VXLAN internal hosts to access external networks. (Arabic numerals)
Answer: 5
126 / 149
The safer , easier way to help you pass any IT exams.
527.In the Vxlan-based virtualized campus network, the Fabric networking can select Vxlan to the access
layer. The nodes in this networking include: Border, transparent node, ( ). (expressed in English, and the
first letter is capitalized)
Answer: Edge
528.The scheduling algorithm used by the LPQ queue is ( ).
Answer: SP
529.The VxLAN network is connected to the external network through the ( ) node.
Answer: border
530.<rpc xm/ns="xxxx" message-id="1024" belongs to layer( ) in netconf.
Answer: message
531.( ) in SRv6 is the identifier of the network node, so in the SR domain, it is necessary to ensure that
this parameter of each node is unique. (The first letter is capitalized, spelled out)
Answer: Segment Identifier
532.There are two subscription methods for telemetry, of which the shorter subscription time is ( ). (full
name)
Answer: Dynamic subscription
533.NCE uses ( ) technology to collect network performance indicators and logs. (Capitalized)
Answer: Telemetry
534.According to different bearer technologies, the bearer modes of traditional wide area bearer networks
can be divided into MPLS bearer modes and ( ) bearer modes. (English terms are used with all capital
letters)
Answer: SDH
535.Ingress VTEP performs L2 and L3 table lookup and forwarding at the same time. The forwarding
mode is _( )_IRB forwarding.
Answer: symmetry
536.As shown in the figure, when PE1 receives an ARP request, PE1 will forward the ARP request to PE4
and carry two layers of label information, in which the label value 201 is defined by the EVPN type ( ).
(only fill in Arabic numerals)
127 / 149
The safer , easier way to help you pass any IT exams.
Answer: 1
537.VxLAN tunnel has several contents that must be configured: ( ), tunnel source address, headend
replication list.
Answer: VNI
538.The Cost value of the loopback0 port from AR5 to AR1 is ( ).
Answer: 3
539.In OSPFv3, the LSA whose propagation range is one area has the ( ) class. (Fill in Arabic only)
Answer: 129
540.IS-IS is a link-state routing protocol that uses the SPF algorithm for route calculation. A campus
deploys both IPv4 and IPv6 and runs IS-IS to achieve network interconnection.
As shown in the figure, the network IPv4 and IPv6 have the same overhead, and R1 and R4 only support
IPv4.
128 / 149
The safer , easier way to help you pass any IT exams.
By default, in the IPv6 shortest path tree formed by calculation, the next hop device for R2 to access R6 is
( ). (Note: The device name must be consistent with the picture, such as: R1)
Answer: R3
541.Please complete the configuration of the following static VXLAN tunnels and drag the corresponding
configuration to the corresponding area.
129 / 149
The safer , easier way to help you pass any IT exams.
Answer:
542.Please match the classification related to the MPLS label of Huawei routers with the default method.
Answer:
543.When encountering network failures, engineers often use the hierarchical failure method. Because all
models follow the same basic premise, when all of a model's lower-level structures work properly, its
130 / 149
The safer , easier way to help you pass any IT exams.
higher-level structures can only work properly. Please match the following check items to the
corresponding levels according to the hierarchical method.
Answer:
544.The network administrator needs to permit or deny some specific routes, but the network
administrator is not proficient in configuration, please help him sort the configuration reasonably so that
the device can permit or deny specific routes according to the requirements in the figure.
131 / 149
The safer , easier way to help you pass any IT exams.
Answer:
545.As shown in the figure, to enable the traffic between Site1 and Site2 to pass through the Hub-CE,
VPN instances on two Spoke-PEs have been configured. Two VPN instances need to be created on the
Hub-PE. The instance VPN_in is used to receive routes from Spoke-PE, and the instance VPN_ut is used
to advertise routes to Spoke-PE. Please select Import RT of VPN_in and Export RT of VPN_ut
respectively.
132 / 149
The safer , easier way to help you pass any IT exams.
Answer:
200：1 ——VPN_in imp rt RT
100：1 —— VPN_ut exp rt RT
546.Please arrange the development process of iMaster NCE business open and programmable in order
1HLD Design
2 Demand analysis
3 Business package development
4 Enter the production environment
5 Network element driver package development
Answer: 2-1-5-3-4
547.NETCONF defines a series of operations, please match NETCONF operations and functions
accordingly.
133 / 149
The safer , easier way to help you pass any IT exams.
Answer:
548.In the network shown in the figure, user access authentication needs to be deployed. Please select
the appropriate authentication method at different authentication points.
134 / 149
The safer , easier way to help you pass any IT exams.
Answer:
549.CE1 and CE2 belong to the same VPN, and the name of the VPN instance is vpna. Through option C
mode 1, CE1 and CE2 can communicate with each other.
To accomplish this, match the following command line with the device number.
135 / 149
The safer , easier way to help you pass any IT exams.
Answer:
550.There is a certain order in the execution of QOS, please sort the following QOS function modules in
the correct order.
136 / 149
The safer , easier way to help you pass any IT exams.
Answer:
551.There are three types of channels in the Huawei SD-WAN solution architecture. Please correspond
the channels and their names in the figure one by one.
137 / 149
The safer , easier way to help you pass any IT exams.
Answer:
552.gRPC is a language-neutral, platform-neutral, open source remote procedure call (RPC) system. The
gRPC protocol stack has five layers, please arrange the gRPC protocol stack in order from the lower layer
to the upper layer.
Answer:
138 / 149
The safer , easier way to help you pass any IT exams.
553.Authentication header AH (Authentication Header, packet authentication header protocol) in IPsec is
an IP-based transport layer protocol, and its IP protocol number is ( ). (fill in Arabic numerals).
Answer: 51
554.As shown in the figure, the entire network of a company uses OSPF to connect the network, but
Router S and Router E cannot establish an OSPF neighbor relationship. When network administrators
detect OSPF faults, they can run the display ospf 100 interface CE0/0/1 ( ) command on RouterS to
obtain error-related information. Users can diagnose OSPF faults based on the information. (Please use
English lowercase letters to complete the command, and the command cannot be abbreviated)
Answer: error
555.As shown in the figure, R1, R2, R3, and R4 are in the same MPLS domain, and LDP is used to
distribute MPLS labels between devices. R4 is the Egress LSR of the FEC 4.4.4.0/24. If R1 wants to
access 4.4.4.0/24, R4 does not need to query the label table but can know the forwarding priority of the
data, then the outgoing label of R3 for the FEC is ( ). (Please fill in the Arabic numerals directly without
symbols).
Answer: 0
556.By executing the ( ) command, users on different ports in the same VLAN can be completely isolated
at Layer 2 and Layer 3 and cannot communicate. (Please use English lowercase letters to complete the
command, and the command cannot be abbreviated)
Answer: port-isolate mode all
557.CE1 and CE2 belong to the same VPN, and the name of the VPN instance is vpna. Through Option C
mode 1, CE 1 and CE 2 can communicate with each other. To meet this requirement, ASBR-PE1 is
configured with two routing policies ( ) for [ASBR-PE1-bgp]peer route-policy policy2 export (only fill in the
IP address).
139 / 149
The safer , easier way to help you pass any IT exams.
Answer:
10.0.34.4/10.0.4.4
558.NCE has five security groups are ( ). (separated with commas)
Answer:
Static security group, dynamic security group, Any security group, escape security group, unknown
security group
559.As shown in the figure, please associate the user authentication result with the corresponding access
authority. (Drag and drop)
Answer:
Before certification 1
Failed certification or failed security check2
Certification passed 3
140 / 149
The safer , easier way to help you pass any IT exams.
560.Please match the following commands to their functions.
Answer:
561.The figure shows an enterprise WAN bearer network. Please plan appropriate metric values for the
four links in the figure.
Answer:
562.The Python script of the OPS (Open Programability System) function of Huawei network equipment
uses the HTTP method to access the management objects of the network equipment. Please drag the
HTTP method to correspond to its function.
141 / 149
The safer , easier way to help you pass any IT exams.
Answer:
563.There are three levels of queues in HQoS: Level1l, Level2, and Level3. Please map the following
queue names to the queue levels one by one. (Drag and drop)
Answer:
564.For VXLAN-based virtualized campus network planning, three main module designs need to be
considered, including underlay network design, fabric design, and overlay network design. Please drag
the module on the left below to the corresponding current module on the right for specific considerations.
(Drag and drop)
142 / 149
The safer , easier way to help you pass any IT exams.
Answer:
565.Please match the following authentication technologies to their applicable scenarios. (Drag and drop)
Answer:
566.As shown in the figure, there is a packet containing a three-layer label header. Please select the
values (decimal) corresponding to the X, Y, and Z fields in the figure.
143 / 149
The safer , easier way to help you pass any IT exams.
Answer:
567.CE1 and CE2 belong to the same WPN, and the name of the VPN instance is vpna. CE1 and CE2
can communicate with each other through OptionC mode 1. To accomplish this, match the following
command line with the device number. (Drag and drop)
144 / 149
The safer , easier way to help you pass any IT exams.
Answer:
568.The virtualized campus network deployed through the iMaster NCE-Campus is shown in the figure,
and the parameters and the positions where the parameters are deployed are in one-to-one
correspondence.
145 / 149
The safer , easier way to help you pass any IT exams.
Answer:
123456
1. Export interconnect vlan
2. Loopback
3. Vxlan tunnel
4. BD
5. Transparent transmission of BPDUs
6. Access vlan
569.The configuration shown in the figure is executed on R2 to filter all the received routes. Suppose
there is a BGP route with the AS_Path attribute of [100 200 300 400] on R1 that needs to be sent to R2.
Please help the network administrator to adjust the route on R1. The order of AS in the AS_Path attribute
ensures that routing entries will not be filtered by R2's routing policy.
100 This space corresponds to the [A] space in the routing policy
200 This space corresponds to the [B] space in the routing policy
300 This space corresponds to the [C] space in the routing policy
400 This space corresponds to the [D] space in the routing policy
Answer:
200 400 100 300
570.As shown in the figure, if the packet describes an IPsec packet in tunnel mode, please insert the
corresponding packet header into the correct position. (Drag and drop)
Answer:
New IP Header 1
AH Header 2
ESP Header 3
Raw IP Header 4
571.During the SSH algorithm negotiation phase, the two parties send SSH packets to each other, and
the packets contain a list of multiple algorithms supported by them. For the composition of the algorithm
list. Please sort them in the order of negotiation (that is, which class algorithm is negotiated first, which
class algorithm is negotiated second, and so on).
146 / 149
The safer , easier way to help you pass any IT exams.
Answer:
572.Please match the OSPFv3 LSA with its delivery range.
Answer:
573.The following is the main process for the controller to issue an SR-MPLS Policy. Please sort the
processes in order.
147 / 149
The safer , easier way to help you pass any IT exams.
Answer:
574.VGMP defines multiple packet types. Please match the packet type and function.
Answer:
575.Please sort the traffic categories: marking, policing, shaping, congestion management, congestion
avoidance:
A. Policing
148 / 149
The safer , easier way to help you pass any IT exams.
B. Marking
C. Congestion Avoidance
D. Congestion Management
E. Shaping
Answer: BACDE
149 / 149