【单选题】
Which type of Layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?___
A. BPDU attack
B. DHCP starvation I LAB
C. MAC address spoofing
D. CAM table overflow
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
推荐试题
【填空题】
根据《铁路建设项目变更设计管理办法》<铁建设[2012]253号文>规定,建设单位应对I类变更设计文件进行初审,涉及环水保的重大问题的变更设计,应先向___主管部门报告,经同意后,再形成初审意见连同I类变更设计文件一并报送总公司
【填空题】
根据《铁路建设项目变更设计管理办法》<铁建设[2012]253号文>规定,包干外II类变更设计由建设单位组织审定,费用在___中列支。
【填空题】
根据《铁路建设项目变更设计管理办法》<铁建设[2012]253号文>规定,铁路项目涉及___的II类变更设计,建设单位应在现场组织确定变更设计方案,按确定的方案先进行施工准备和应急处理。
【填空题】
根据《铁路建设项目变更设计管理办法》<铁建设[2012]253号文>规定,非责任原因引起的I类变更设计,勘察设计费按变更设计批复支付;责任原因引起的I类变更设计,勘察设计费由___单位承担。
【填空题】
根据《铁路建设项目变更设计管理办法》<铁建设[2012]253号文>规定,改沟改河改渠工程,超出合同清单数量的,要办理___,由业主承担或纳入清概。
【单选题】
Netware的核心协议(NCP)提供了一系列的__。
A. 通信协议
B. 服务协议
C. 网络协议
D. 控制协议
【单选题】
UNIX系统中具有最高权限的用户名是__。
A. admin
B. supervisor
C. root
D. administrator
【单选题】
为了使POP3客户能够从他们的邮箱发送因特网邮件,还有其它什么组件必须运行?
A. SMTP
B. NNTP
C. LDAP
D. Active Server Components
【单选题】
以下哪些路由表项要由网络管理员手动配置?
A. 动态路由
B. 其他三项说法都不正确
C. 直接路由
D. 静态路由
【单选题】
关于距离矢量算法以下哪些说法是错误的?
A. 使用距离矢量算法的协议只从自己的邻居获得信息
B. 距离矢量算法不会产生路由环路问题
C. 距离矢量算法是靠传递路由信息来实现的
D. 路由信息的矢量表示法是(目标网络,metric)
【单选题】
以下内容哪些是路由信息中所不包含的?
A. 路由权值
B. 源地址
C. 目标网络
D. 下一跳
【单选题】
以太网交换机一个端口在接收到数据帧时,如果没有在MAC地址中查找到目的MAC地址,通常如何处理?
A. 丢弃该帧
B. 把以太网帧发送到除本端口以外的所有端口
C. 把以太网帧复制到所有端口
D. 把以太网帧发送到一组特定的端口
【单选题】
交换机如何知道将帧转发到哪个端口?
A. 读取源ARP地址
B. 用ARP地址表
C. 用MAC地址表
D. 读取源MAC地址
【单选题】
下面哪条命令用于在路由器上添加进入telnet的登录口令?
A. Router(Config)#line vty 0 4
B. Router#password kkk
C. Router(Config)#login password kkk
D. Router#line vty 0 4
【单选题】
下面哪条命令用于在路由器上添加一条默认路由?
A. Router#ip route 0.0.0.0 0.0.0.0 192.168.100.1
B. Router#ip route 0.0.0.0 255.255.255.255 192.168.100.1
C. Router(Config)#ip route 0.0.0.0 0.0.0.0 192.168.100.1
D. Router(Config)#ip route 0.0.0.0 255.255.255.255 192.168.100.1
【单选题】
下列选项中哪个是正确的交换机默认网关配置命令?
A. ip default-gateway ip 地址
B. ip gateway ip 地址
C. ip default ip 地址
D. ip ip 地址
【单选题】
以太网媒体访问控制技术CSMA/CD的机制是__。
A. 循环使用带宽
B. 按优先级分配带宽
C. 预约带宽
D. 争用带宽
【单选题】
全双工以太网传输技术的特点是__。
A. 能同时发送和接收帧,不受CSMA/CD限制
B. 能同时发送和接收帧,受CSMA/CD限制
C. 不能同时发送和接收帧,不受CSMA/CD限制
D. 不能同时发送和接收帧,受CSMA/CD限制
【单选题】
以下叙述正确的是__。
A. 若媒体忙,则等待一段随机时间再发送
B. 完成接收后,则解开帧,提交给高层协议
C. 若在帧发过程中检测到碰撞,则停止发送,等待一段随机时间再发送
D. 网络上站点处在接收状态时,只要媒体上有帧传输就接收该帧,即使帧碎片也会接收
【单选题】
对网络用户来说,操作系统是指__。
A. 一个资源管理者
B. 提供一系列的功能、接口等工具来编写和调试程序的祼机
C. 实现数据传输和安全保证的计算机环境
D. 能够运行自己应用软件的平台
【单选题】
下面哪个功能属于操作系统中的安全功能__。
A. 保护系统程序和作业,禁止不合要求的对程序和数据的访问
B. 控制用户的作业排序和运行
C. 实现主机和外设的并行处理以及异常情况的处理
D. 对计算机用户访问系统和资源的情况进行记录
【单选题】
对于ADSL的正确理解是__。
A. 高速数字用户环路
B. 非对称数字用户环路
C. 甚高速数字用户环路
D. 以上三项都不对
【多选题】
网络安全威胁常见的可以分为哪几类?
A. 截获
B. 中断
C. 控制
D. 伪造
E. 篡改
【多选题】
以下哪些属于路由器安全配置?
A. 严格控制可以访问路由器的管理员
B. 可以远程访问路由器
C. 建议采用权限分级策略
D. 控制对VTY的访问
E. 配置文件的备份建议使用ftp代替tftp
【多选题】
可实现防火墙功能的为__。
A. HUB
B. 交换机
C. 路由器
D. 中继器
【多选题】
计算机病毒的危害性有以下几种表现?
A. 烧毁主板
B. 删除数据
C. 阻塞网络
D. 信息泄漏
【多选题】
计算机病毒按传染方式分为____。
A. 引导型病毒
B. 良性病毒
C. 文件型病毒
D. 复合型病毒
【多选题】
从系统整体看,下述那些问题属于系统安全漏洞?
A. 缺少足够的安全知识
B. 产品缺少安全功能
C. 人为错误
D. 产品有Bugs
E. 缺少针对安全的系统设计
【多选题】
Windows NT的"域"控制机制具备哪些安全特性?
A. 访问控制
B. 审计(日志)
C. 用户身份验证
D. 数据通讯的加密
【多选题】
防病毒时从_________方向入手。
A. 病毒的寄生对象
B. 内存驻留方式
C. 传染途径
D. 系统弱口令
【多选题】
下列说法错误的是_________。
A. 注册表被修改后只有重装系统
B. 解决IE 窗口定时弹出的问题不需要重装IE
C. 解决IE 窗口定时弹出的问题必须重装IE
D. 感染禁止使用电脑的病毒后无需重装系统
【多选题】
地址翻译主要用在哪两个方面?
A. 网络内有需要对外发布服务的服务器
B. 网络管理员希望隐藏内部网络的IP地址
C. 网络内主机是动态分配IP地址的
D. 内部网络的IP地址是私有的IP地址
【多选题】
防火墙的局限性主要有哪些?
A. 不能防范不经过防火墙的攻击
B. 不能解决来自内网的攻击和安全问题
C. 对网络流量进行审计影响了转发速度
D. 安全策略配置复杂,影响管理员实施细致的访问控制策略
【多选题】
( )主要用于对所关心的数据进行详细的数据收集,并将结果纪录在文件中,以便于以后分析整理。
A. 图表方式
B. 报警方式
C. 日志方式
D. 报表方式
【多选题】
下列哪些访问列表范围符合IP范围?( )
A. 1-99
B. 100-199
C. 800-899
D. 900-999
【判断题】
信息战的军事目标是指一个国家军队的网络系统、信息系统、数据资源。
【判断题】
ARP表的作用是提供常用目标地址的快捷方式来减少网络流量。
【判断题】
定义信息安全策略,描述的是信息安全在单位内的重要性,提出管理信息安全的方法,为信息安全管理提供方向和支持。
【判断题】
安全措施需要满足系统安全保护要求,对抗系统所面临的风险。
