The total length of an MPLS label is 4 bytes (32 bits).

The TTL field in an MPLS label has the same meaning as that in an IP packet, and can prevent loops.

The S field in an MPLS label has 1 bit and is used to identify whether the label is the bottom-of-stack label. If the value is 1, the label is a penultimate-layer label.

For Ethernet and PPP packets, a label stack is located between the Layer 2 packet header and data. If a VLAN tag is available, the label stack is placed before the VLAN tag.

After NAFT translation, all packets are from the same IP address for external users.

In No-PAT mode, only the transport layer protocol port number can be converted.

In NAFT mode, only the network layer protocol address can be converted.

In No-PAT mode, the network layer protocol address can be converted.

MPLS uses the connection-oriented control plane and connectionless data plane.

The control plane transmits route information and distributes labels. The data plane transmits packets along the created label switched path (ISP).

Switches in an MPLS domain only need to forward packets based on the label added before the IP header.

Compared with traditional IP forwarding, MPLS label forwarding greatly improves the data forwarding efficiency.

Traffic from the DMZ to the untrusted zone

Traffic from the trusted zone to the DMZ

Traffic from the trusted zone to the untrusted zone

Traffic from the trusted zone to the local zone

This field is used to prevent packet forwarding loops, similar to the TTL field in an IP header.

This field is used for label management.

This field used to control the upstream device in label distribution.

This field limitation the LSR.

TRUE

FALSE

MPLS supports multi-layer labels, and the connection-oriented.

MPLS integrates the powerful Layer 3 routing function of the IP network and the highly effective forwarding mechanism of the traditional Layer 2 network.

MPLS cannot easily implement seamless integration between IP and Layer 2 networks such as the ATM and frame relay.

Support Applications like traffic engineering (TE), virtual private network (VPN), quality of service (QoS) provide better solutions.

Application server

Controller

Orchestrator

Device

TRUE

FALSE

TRUE

FALSE

Starvation attacks by changing the CHADDR field value

Bogus DHCP server attacks

TCP flag attacks

Man-in-the-middle attacks and IP/MAC spoofing attacks

The network protocol implementation is complex, and the O&M is difficult.

The traffic path cannot be adjusted flexibly.

The upgrade of new network services is slow.

Different vendors' devices provide similar implementation, there is less difference in operation commands, and operations are easy.

FIFO

LR

WRR

CIR

CQ

WFQ

TRUE

FALSE

In 2.2.2.2:0, 2.2.2.2 indicates the LSR ID of the neighbor.

In 2.2.2.2:0, 0 indicates the global label space.

The value Operational indicates that the LDP process is running and the LDP session has not been set up.

The value Passive indicates that SWA is the responder.

The value Passive indicates that SWB is the responder.

TRUE

FALSE

The interzone security policies are arranged in the order of the match, the listed first is matched preferentially.

The interzone security policy with the smaller ID is matched preferentially.

The interzone security policy with the larger ID is matched preferentially.

The interzone security policies are listed automatically based on sequence numbers. When the order is changed, the number is changed.

TRUE

FALSE

TRUE

FALSE

TRUE

FALSE

Common IP forwarding

ATM forwarding

Multi-label MPLS forwarding

Single-label MPLS forwarding

TRUE

FALSE

Liberal

Independent

Conservative

Ordered

TRUE

FALSE

initialized

openrec

operational

non-existent

The packet filtering firewall checks each data packet against ACL rules.

The stateful inspection firewall uses security policies to check only the first packet of non-matched sessions.

The security policies in two directions need to be configured on the stateful inspection firewall.

The proxy firewall processes services of users on internal and external networks.

TRUE

FALSE

Only the source IP address is translated.

Only the destination IP address is translated.

The source IP address and source port number are both translated.

The destination IP address and destination port number are both translated.

TRUE

FALSE

Signaling is required. Before transmitting packets, an application does not need to notify a router and the network does not need to maintain the status for each flow.

Different methods can be used to specify QoS of packets, for example, IP precedence, source IP address, and destination IP address of IP packets.

The DiffServ model provides the E2E QoS guarantee for important applications.

It can be implemented through technologies such as CAR or queue scheduling technologies.

Email

Voice

SMS message

WeChat

Multiple users can be created for network management.

Users may be asked to log in to eSight from specified IP addresses in specific time ranges.

The administrator can force unauthorized login users to log out.

The login time of the administrator role also can be limited.

The buffer overflow attack indicates that an attacker uses defects of memory operations of the software system and runs attack codes with high operation rights.

The buffer overflow attack is irrelevant to the OS vulnerabilities and architecture.

The buffer overflow attack is the most common attack of the software system.

The buffer overflow attack is an application-layer attack.

ONF

IETF

ETSI

ITU

Network devices, security devices, policy servers, and third-party systems can report network information and security logs.

Network information and security logs are generated by customer devices.

A switch can function as the policy execution device to respond to security events by executing security policies to restrict or block insecure access.

The United Security component of the Agile Controller is responsible for log collection, processing, event association, security trend display, and security response.

TRUE

FALSE

The lease renewal timer is 50% of the total lease. When the lease renewal timer expires, the DHCP server must renew the IP address lease.

The rebinding timer is 87.5% of the total lease.

If the rebinding timer expires but the DHCP client does not receive any responses from the DHCP server, the DHCP client keeps sending DHCP Request packets to the DHCP server which assigned an IP address to it before, until the total lease expires.

If the DHCP client receives a DHCP NAK packet within the lease, the client stops using the current IP address immediately and returns to the initialization state. The DHCP client then applies for a new IP address.

You can run the ipconfig/release command on a PC running Windows 7/Windows XPto actively release the IP address. In this case, the PC sends a DHCP Request packet to the DHCP server.

You can run the ipconfig/release command on a PC running Windows 7/Windows XP to actively release the IP address. In this case, the PC sends a DHCP Release packet to the DHCP server.

You can run the ipconfig/renew command on a PC running Windows 7/Windows XP to apply for a new IP address. In this case, the PC sends a DHCP Renew packet to the DHCP server.

You can run the ipconfig/renew command on a PC running Windows 7/Windows XP to apply for a new IP address. In this case, the PC sends a DHCP Discover packet to the DHCP server.