1. In a distributed gateway scenario, VNIs are classified into L2VNIs and L3VNIs.

An L2VNI is
mapped to a BD in 1:1 mode for forwarding of VXLAN packets within a subnet. An L3VNI is
associated with VPN instance for forwarding of VXLAN packets across subnets.
o True
o False

2. When BGP/MPLS IP VPN is deployed, the VPN route tag of OSPF is not transmitted in the MP-
BGP extended community attribute. The VPN route tag is valid only on the PEs that receive
MP-BGP routes and generate OSPF LSAs.
o True
o False

3. Prefix segments and adjacency segments are globally visible and unique
o True
o False

4. In Huawei’s free mobility solution, if one device functions as both an authentication point and
a policy enforcement point, the administrator needs to subscribe to IP-security group entries
to view IP-security group information.
o True
o False

5. Free mobility implements policy management and permission control based on user’s VLAN
IDs and IP addresses.
o True
o False

6. OSPFv3 link LSAs are advertised in the entire area

o True
o False

7. An Engineer often remotely logs in to the device to check the device status. The engineer can
use the python Paramiko and telnetlib libraries to implement automatic remote login through
Python scripts. The remote login implemented using telnetlib is more secure.
o True
o False

8. The difference between SRv6 and SR-MPLS is that segments in the SRv6 SRH are not popped
out after being processed by nodes. Therefore, SRv6 headers retain path information for path
tracing.
o True
o False

9. A fault is any phenomenon that adversely affects services for users

o True
o False
10. /ifm/interfaces/interface in Huawei Open Programmability system (OPS) is the URL used to
identify device’s managed object.
o True
o False

11. As shown in the following figure, OSPF is deployed on the campus network, and area 1 is
deployed as an NSSA. By default, R2 automatically generates a Type 7 LSA carrying default
routes information and floods it in the NSSA.

o True
o False

12. In the Huawei SD-WAN solution, the topologies of different VNs must be the same.
o True
o False

13. As shown in the following figure, by using a route-policy changes the Local-Pref value of the
route sent from R1 to R2, the network administrator can control the traffic through which
path leaves AS 100

o True
o False
14. Which of the following statements about BIER and PIM are correct. (Multiple)
▪ On a PIM-based multicast network, an MDT covering all nodes that multicast traffic traverses
needs to be established.
▪ On a BIER-based multicast network, an MDT covering all nodes that multicast traffic traverses
does not needs to be established.
▪ On a BIER-based multicast network, multicast users must send group join messages hop by hop.
▪ On a BIER-based multicast network, packets sent by the multicast source must be encapsulated
by BitString filed

15. Which of the following statement are correct about the authentication protocols used in
Portal authentication. (Multiple)
▪ When HTTP and HTTPS is used as authentication protocol, none of the device involved in the
authentication process needs to support the portal protocol.
▪ When Portal is used as the authentication protocol, the portal server and access device only
need to support the portal protocol but not the HTTP and HTTPS protocol.
▪ When HTTP and HTTPS is used as authentication protocol, the client needs to send
authentication information to the access device which then send the information to the
authentication server for identify authentication
▪ When Portal is used as the authentication protocol, the portal server needs to exchange
authentication information with the access device, which then sends the information to the
authentication server for identify authentication.

16. Which of the following inter-AS MPLS L3VPN solution need VPN user data packets to carry
MPLS labels when being forwarded between ASs. (Multiple)
▪ Option A
▪ Option B
▪ Option C
▪ Option D

17. Which of the following are potential risks in HTTP communication? (Multiple)
▪ Eavesdropping: third parties can obtain communication data.
▪ Tempering: Third partied can temper with communication data.
▪ Pretending: Third parties can impersonate another user
▪ Lost: There is a low probability that data is lost during transmission.

18. Which of the following types of authentication can be delivered by radius server after a client
passes 802.1X authentication. (Multiple)
▪ MAC address
▪ ACL
▪ VLAN ID
▪ UCL group

19. On a VXLAN campus network, which of the following resources can be invoked for VNs?
(Multiple)
▪ Network Service resource
▪ IP address segment and VLAN of terminal users belonging to the VN
▪ External network
▪ Wired access ports end/or wireless access devices.
20. Which of the following are key technologies used to implement SRv6 policies based on
Huawei’s CloudWAN solution architecture. (Multiple)
▪ BGP-LS
▪ BGP IPv6 SR policy
▪ PCEP
▪ Netconf

21. Network administrator A wants to use an IP prefix-list to match specific routes. Which of the
following routes can be matched by the IP prefix list shown in this figure? (Multiple)
ip ip-prefix TEST permit 10.0.0.0 24 less-equal 30
▪ 10.0.0.0/24
▪ 10.0.0.0/30
▪ 10.0.1.0/24
▪ 10.0.2.0/24

22. On the campus network iMaster NCE-Campus is used to deploy two VNs. R&D VN and
marketing VN users in these two VNs belongs to two security groups, respectively. The
campus network requires R&D personal and sales personals to communicate with each other.
To meet this requirement, which of the following tasks does a network administrator need to
perform? (Multiple)
▪ Configure inter-VN communication
▪ Deploy network service resources
▪ Deploy a policy control matrix
▪ Deploy an external network

23. MPLS supports both static and dynamic LSP establishment. Which of the following protocols
cannot dynamically establish LSPs in MPLS TE scenario? (Multiple)
▪ BGP
▪ RSVP-TE
▪ OSPF
▪ IS-IS

24. Port security changes some MAC addresses learned by an interface into secure MAC
addresses, so that only hosts with secure MAC addresses can communicate with the device
through the interface, thereby enhancing device security. Which of the following types of
MAC address are secure MAC addresses? (Multiple)
▪ Dynamic secure MAC address
▪ Static secure MAC address
▪ Sticky MAC address
▪ Protected MAC address

25. A company has two types of network services. UDP based real time video streaming services
and TCP-based FTP download services. The company’s network administrator often receives
complaints that FTP download speed is slow or unstable. What are the possible causes?
▪ The video service has a higher priority and preempts the bandwidth of the FTP service
 ▪ The device uses the tail drop technology. As a result global TCP synchronization affects the
FTP rate
▪ The device limits the FTP traffic to a small value
▪ The device perform PQ scheduling for FTP services and WFQ scheduling for video services.
As a result, the FTP service bandwidth is preempted

26. An O&M platform mainly provides unified monitoring and management for network devices.
Which of the following protocols or technologies can be used by the O&M platform to obtain
device monitoring data? (Multiple)
▪ SNMP
▪ Syslog
▪ Netstream
▪ Telemetry

27. As the network scale increases, users need to quickly optimize the network or rectify fault by
referring to device information. The following display the telemetry configuration on the
CloudEngine switch. Which of the following statements are correct? (Multiple)

▪ The sampling sensor group name is Sensor1

▪ When the CPU usage of device is exceeds 40%, device sends sampled data to the collector
▪ The IP address of the collector is 10.20.2.1 and the port number is 10001
▪ Telemetry dynamic subscription is configured

28. In the following figure, OSPF is enabled on all router interfaces. The IP addresses marked in
the figure belong to Loopback0 of the routers. The loopback0 addresses of R1, R2 and R3 are
advertised in the area1, the loopback0 address of R4 is advertised in area 0 and the loopback0
address of R5 is advertised in area 2. Given this, which of the following IP addresses can ping
each other? (Multiple)
 ▪ 10.0.4.4 and 10.0.2.2
▪ 10.0.2.2 and 10.0.3.3
▪ 10.0.2.2 and 10.0.5.5
▪ 10.0.3.3 and 10.0.5.5

29. Refer to the following command output on the router R3 which of the following statement are
correct? (Multiple)
Display interface tunnel

▪ The tunnel destination IP address is 10.0.1.1

▪ The tunnel source IP address is 10.0.1.1
▪ The tunnel interface IP address is 20.1.1.2/24
30. What can be the determined from the following figure?

▪ R1 has six IS_IS IPv6 routes

▪ R1 does not have IS_IS IPv6 routes
▪ R1 is not a level-1 device
▪ IS-IS is enabled on interface g0/0/1

31. Assuming that the display current-configuration command display IS-IS configurations, while
display saved-configuration command does not display IS-IS configuration which of the
following statements is correct.
• The IS-IS configuration that are running in the memory have not been saved to the flash
memory
• The IS-IS configuration that are running in the memory have been saved to the flash
memory
• No IS-IS commands are run
• The IS-IS configuration that are running in the flash memory have not been saved to the
memory

32. Which of the following commands needs to be run in the BGP view to enable a VPN instance
to advertise IP routes to the BGP-EVPN address family?
• Advertise irbv6
• Advertise irb
• Advertise l2vpn evpn
• Advertise vpnv4

33. A VPDN is a VPN constructed on a public network. Which of the following is a VPDN?
• L2TP
• VPLS
 • GRE VPN
• IPsec

34. Which of the following technologies can be used to measure performance based on actual
service traffic in Huawei’s CloudWAN solution?
• TWAMP
• iFIT
• Telemetry
• BGP flowSpec
35. In Huawei SD-WAN Solution, which of the following tunneling technologies is used to establish
data channels?
• MPLS
• VXLAN
• GRE over IPsec
• Ipsec

36. Which of the following statements about SR-MPLS BE and SR-MPLS TE is correct?
• When creating an SR-MPLS BE tunnel, you can specify explicit routers
• Both SR-MPLS BE and SR-MPLS TE tunnels can be established based on specified explicit
adjacency SIDs
• SR-MPLS TE tunnels can be established based on both specified node SIDs and adjacency
SIDs
• SR-MPLS BE tunnels can be established based on both specified node SIDs and adjacency
SIDs

37. The southbound interface of iMaster NCE-Campusinsight are connected to devices, enabling
iMaster NCE-Campusinsight to manage devices. Which of the following southbound interface
types is not supported by iMaster NCE-Campusinsight?
• SNMP
• Syslog
• NETCONF
• HTTP2 + ProtoBuf

38. Telemetry is a technology that remotely collects data from physical or virtual devices at high
speed. When gRPC is used to push telemetry data, which of the following is not involved in
the data model layer?
• Notification message layer
• RPC layer
• Telemetry layer
• Service data layer

39. In the firewall hot standby scenario, which of the following information is not carried by
VGMP packets?
• Status of the local VGMP group
• Priority of the local VGMP group
• Software version of the local device
 • Whether the local device is busy
40. EVPN supports multiple services modes, which of the following services modes allows an
interface to be used only by single user?
• Port-based mode
• VLAN-based mode
• VLAN bundle mode
• VLAN-aware bundle mode

41. An enterprise has three types of services Voice and video services are key services and need to
be guaranteed, and FTP services are non-key services. Which of the following scheduling
modes is optimal for satisfying the service requirements?
• PQ scheduling is configured for IP voice, video and FTP download services
• LPQ scheduling is configured for IP voice, PQ scheduling is configured for video services and
WFQ scheduling is configured for FTP download services.
• PQ scheduling is configured for IP voice, video and WFQ scheduling is configured for FTP
download services
• WFQ scheduling is configured for IP voice and FTP download services

42. Which of the following statements about GRE is incorrect?

• GRE is easy to implement and puts little burden on devices at both ends of tunnel
• GRE can encapsulate IPv4 unicast packets
• GRE can encapsulate IPv6 unicast packets
• GRE can encapsulate IPv6 broadcast packets

43. On CloudCampus virtualized campus network, service data enters different VNs from physical
networks through edge nodes and the VN that the data will enter is determined by the VLANs
to which users belong. Which of the following statement about dynamic VLAN authorization is
incorrect?
• When wired users pass MAC address authentication, they join the authorization VLANs
delivered to edge nodes.
• When wired users pass 802.1X authentication, they join the authorization VLANs delivered
to edge nodes.
• When wireless users pass Portal authentication, they join the authorization VLANs delivered
to edge nodes.
• When wireless users pass 802.1X authentication, they join the authorization VLANs
delivered to edge nodes.

44. During MSTP troubleshooting, the display current-configuration command is executed to

obtain the configuration file of the device. Which of the following statement is incorrect?
• Check the port configuration to verify that the MSTP-enabled port is configured (for
example, using the bpdu enable command) to send protocol packets.
• The port connected to a user device has MSTP disabled or is configured as edge port.
• The BPDU tunnel configuration has no impact on MSTP
• Check whether the interface is added to the correct VLAN

45. SRv6 inserts a routing extension header SRH into IPv6 packets to implement hop-by-hope
packet forwarding. Which of the following statement about SRH is incorrect?
 • The extension header specifies an IPv6 explicit path and store IPv6 segment list information
• When the value of the routing type field is 4, it indicates an SRH
• The segments left field indicates the number of explicitly listed transit nodes to be visited
before traffic reaches the destination
• A segment list is in the IPv6 address format and indicates the destination IPv6 address of the
node to be accessed

46. Which of the following statement about VXLAN principles is incorrect?

• VXLAN used MAC-in-UDP encapsulation to encapsulate Ethernet packets into UDP packets
and thereby extend Layer 2 network.
• VXLAN can be deployed on campus network to implement Layer 2 and Layer 3
communication.
• VXLAN packets are forwarded through routes on the underlay network, and the MAC
address of the terminal in the inner data frame is not considered during underlay
forwarding.
• When VXLAN is deployed in the addition to the devices at the both ends of VXLAN tunnel,
intermediate forwarding devices are also required to support VXLAN. Otherwise VXLAN
packets cannot be forwarded

47. Which of the following status code will not be returned by the server when a resource is
successfully created?
• 200
• 201
• 202
• 301

48. Both RESTCONF and NETCONF are used to manage network device configuration. Which of the
following statements is incorrect about RESTCONF and NETCONF?
• RESTCONF uses an XML or JSON-based data encoding format.
• RESTCONF operations includes GET, POST, PUT, PATCH, and DELETE
• NETCONF operations take place on multiple configuration datastores of a network device.
The configuration datastores provide transaction and rollback mechanisms.
• NETCONF uses HTTP methods RESTCONF is stateless and provides transaction and rollback
mechanisms.

49. When deploying virtual networks on iMaster NCE-Campus you need to configure
authentication and authorization after creating user accounts. Which of the following does
not need to be configured?
• Authentication rule
• Authentication result
• Authorization result
• Authorization rule

50. The Python Paramiko library implements the SSH protocol. In the Python Paramiko module,
which of the following methods can be used to enable an interactive SSH session?
• From_transport()
• Connect()
 • Transport()
• Invoke_shell()

51. Both SNMP and NETCONF can be used to manage network devices. Which of the following
statements about the two protocols is correct?
• When SNMP is used to manage Huawei switches, SNMP parameters must be manually
configured for each switch by default.
• When NETCONF is used to manage Huawei switches, NETCONF parameters must be
manually configured for each switch by default
• Both SNMP and NETCONF manage objects through management information MIBs on
network devices.
• Both SNMP and NETCONF use the client/server architecture. The network management
station NMS functions as server, and the managed devices function as clients

52. In the following figure, GRE tunnel is established between R1 and R4 to transmit data from
PC1 to PC2. The TTL of the packet sent from G0/0/1 of R1 is 126. What is the TTL of packet
sent from G0/0/3 of R3?

• 125
• 126
• 127
• 124

53. As shown in the following figure, an engineer tests network interconnection between two
branches. Two implement network interconnection OSPF is deployed on R1, R2 and R3 of
branch 1 and IS-IS is deployed on R2, R3 and R4 of branch 2.which of the following operation
need to be performed to allow R1 to access R4’s loopback interface address
• No configuration required
• Run the default-route advertise command only in the OSPF view on R2
• Run the default-route advertise command only in the IS-IS view on R2
• Run the default-route advertise command only in both OSPF and IS-IS view on R2
54. OSPFv2 is an IGP running on IPv4 networks, whereas OSPFv3 is an IGP running on IPv6
networks. On the network shown, an engineer uses three routers to test IPv6 services. The
Engineer wants to OSPFv3 for IPv6 network connectivity. Which of the following statement
about the DR election on the network is correct.

• R1 becomes the DR after the network converges

• R3 becomes the DR after the network converges. R1 is restarted and then the network
converges again
• After the network converges the engineer changes R1’s priority to 100 and R2’s priority to
10, R3’s priority remains at the default value. After the network converges again. R1
becomes the DR and R2 becomes the BDR.
• After the network converges. R4 with priority of 150 is added to the broadcast domain.
After the network converges again R4 becomes the DR.
55. In the following figure, OSPF is enabled on the all router interfaces, and link costs are marked.
The loopback0 address of R2 is advertised in the area 1. Given this, what is the cost of the
routes from R1 to 10.0.2.2/32?

• 50
• 100
• 150
• 200
56. Client1 and Client2 function as the clients of RR1 and RR2, respectively RR1 and RR2 are in the
same cluster and R1 has imported 10 routes. If the BGP configuration are correct and at BGP
peer relationship have been established. How many routes will be in the BGP routing table of
Client2?

• 5
• 10
• 20
• 15

57. As shown in the figure, the arp distribute-gateway enable command is run on VBDif 20 of
VTEP1. Which of the following Arp entries exists on VTEP1?

• Entry of 10.0.2.1
• Entry of 10.0.2.2
• Entry of 10.0.2.3
• Entry of 10.0.2.4
58. MPLS supports forwarding equivalence class (FEC). Which of the following cannot be used as a
FEC allocation standard?
A. Fragment offset
B. Destination address
C. Application protocol
D. Class of Service (CoS)

59. An NVE is a network entity that implement network virtualization and must be a physical
switch.
o True
o False
60. MPLS LDP can be enabled for GRE tunnels.
o True
o False

61. The VNI field of vxlan packets is 24 bits long.

o True
o False

62. The SBFD state machine running on the initiator has only one the up and down state and can
alternate only between the two states.
o True
o False

63. When a router receive an ipv6 packet with the next header field value in the basic header
being 43. The next header must be SRH.
o True
o False

64. SSH connection are usually established based TCP/IP connections. In specific cases. SSH
connection can be established based on UDB connection.
o True
o False

65. The RR is critical to the Huawei SDWAN solution and its deployment mode varies based on the
scenario. In which of the following modes can an RR be deployed?

▪ Co-deployment of the RR and sub site

▪ Independent deployment of the RR
▪ Multi-area deployment of the RR
▪ Partially independent deployment of the RR
66. Which of the following devices provides access for wired and wireless users in the three-layer
networking architecture of small and midsize campus network.
▪ AP
▪ AR
▪ FW
▪ SW

67. Which of the following Statement about internal priorities are incorrect?
▪ All external priorities can be mapped to internal priorities in a one-to-one relationship
▪ There are eight internal priorities
▪ The highest internal priority is CS7
▪ The highest internal priority is EF

68. Which of the following statement about SR-MPLS Policy candidate path are correct.
▪ One SR-MPLS TE Policy can contain multiple candidate paths with the preference
attribute.
▪ The valid candidate path with the highest preference functions as the primary path of
the SR-MPLS TE Policy
▪ A candidate path can contain multiple segment lists, each of which carries a Weight
attribute.
▪ Multiple segment lists of a candidate path work in load balancing mode.

69. When a client invokes the iMaster NCE Campus RESTFul API. It sends amd HTTPrwquest. The
server then return the status code 401. Which of the following errors has occured?
▪ Access denied
▪ Unauthorized
▪ The request resources does not exist
▪ The service is unavailable

70. Which of the following parameters is not included in an IPsec security association (SA)
A. Source IP address
B. Destination address
C. Security parameter index SPI
D. Security protocol ID (AH or ESP)

71. Which of the following is a Data encryption algorithm

A. DES
B. MD5
C. SHA1
D.SHA-256
 72. Which of the following internet access modes can be used to implement centralized security
control over internet access traffic.
A. Centralized internet access
B. local internet access
C. Hybrid internet access
D. Priority based internet access

73. The architecture of the SDWAN solution consist of the management layer, control layer and
network layer. Which of the following devices are deployed at the network layer.
A. RR
B. Edge
C. Firewall
D.CPE

74. EVPN support multiple services modes. Which of the following service modes allows an
interface to be used only by single user.
A. Port-based mode
B. vlan based mode
C. vlan bundle based mode
D. vlan-aware bundle mode

75. To prevent hackers from attacking user devices or networks using MAC addresses. You can
configure MAC addresses of untrusted as Blackhole MAC addresses to filter out such invalid
MAC addresses. When receiving a packet whose source or destination MAC address is blackhole
MAC address on the device. The device discards the packets.
o True
o False
NCE campus northbound open API port
18008

OPS python script.

Create
Modify
Delete
Query