【单选题】
Which type of Layer 2 attack enables the attacker to intercept traffic that is intended for one specific recipient?___
A. BPDU attack
B. DHCP starvation I LAB
C. MAC address spoofing
D. CAM table overflow
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
推荐试题
【判断题】
年金基金投资运营收益分配计入个人账户时,个人暂不缴纳个人所得税.
【判断题】
在年金领取环节,个人达到国家规定的退休年龄领取的企业年金或职业年金,不缴纳个人所得税。
【判断题】
个人转让股权,以股权转让收入减除股权原值后的余额为应纳税所得额,按“财产转让所得”缴纳个人所得税。
【判断题】
扣缴义务人应于股权转让相关协议签订后15日内,将股权转让的有关情况报告主管税务机关。
【判断题】
股权转让方拒不提供股权转让收入的有关资料,主管税务机关可以核定个人所得税股权转让收入。
【判断题】
12个月内再次发生股权转让且被投资企业净资产未发生重大变化的,主管税务机关可参照上一次股权转让时被投资企业的资产评估报告核定此次股权转让收入。
【判断题】
被投资企业发生个人股东或股东所持股权变动的,应在次月15日内向主管税务机关报送含有股东变动信息的《个人所得税基础信息表(B表)》及股东变更情况说明。
【判断题】
根据股权转让所得个人所得税管理办法规定,股权转让行为发生后,纳税人、扣缴义务人应在次月10日内向主管税务机关申报纳税。
【判断题】
根据股权转让所得个人所得税管理办法规定,被投资企业应在董事会或股东会结束后在次月15日内,向主管税务机关报送与股权变动事项相关的董事会或股东会决议、会议纪要等资料。
【判断题】
根据股权转让所得个人所得税管理办法规定,扣缴义务人应于股权转让相关协议签订后15个工作日内,将股权转让的有关情况报告主管税务机关。
【判断题】
主管税务机关在正确股权转让收入进行核定时,必须按照净资产核定法、类比法、其他合理方法的先后顺序进行选择。
【判断题】
被投资企业的土地使用权、房屋、房地产企业未销售房产、知识产权、探矿权、采矿权、股权等资产占企业总资产比例超过25%的,主管税务机关可参照纳税人提供的具有法定资质的中介机构出具的资产评估报告核定股权转让收入。
【判断题】
承包、承租人正确企业经营成果不拥有所有权,仅是按合同(协议)规定取得一定所得的,其所得按工资、薪金所得项目征税。
【判断题】
承包、承租人按合同(协议)的规定只向发包、出租方交纳一定费用后,企业经营成果归其所有的,承包、承租人取得的所得,按经营所得项目征税。
【判断题】
酒店产权式经营业主在约定的时间内提供房产使用权与酒店进行合作经营,如房产产权并未归属新的经济实体,业主按照约定取得的固定收入和分红收入均应视为租金收入,根据有关税收法律、行政法规的规定,应按照经营所得项目征收个人所得税。
【判断题】
个人因各种原因终止投资、联营、经营合作等行为,从被投资企业或合作项目、被投资企业的其他投资者以及合作项目的经营合作人取得股权转让收入、违约金、补偿金、赔偿金及以其他名目收回的款项等,均属于个人所得税应税收入,应按照“利息、股息、红利所得”项目适用的规定计算缴纳个人所得税。
【判断题】
非上市公司实施符合条件的股权激励,本公司最近3个月在职职工平均人数,按照股票(权)期权行权、限制性股票解禁、股权奖励获得之上月起前3个月“工资薪金所得”项目全员全额扣缴明细申报的平均人数确定。
【判断题】
非上市公司授予本公司员工的股票期权、股权期权、限制性股票和股权奖励,符合规定条件的,经向主管税务机关备案,可实行递延纳税政策,即员工在取得股权激励时可暂不纳税,递延至转让该股权时纳税;股权转让时,按照股权转让收入减除股权取得成本以及合理税费后的差额,适用工资薪金所得项目缴纳个人所得税。
【判断题】
股权转让时,股票(权)期权取得成本按行权价确定,限制性股票取得成本按实际出资额确定,股权奖励取得成本为零。
【判断题】
个体工商户业主的工资薪金支出不得税前扣除。
【判断题】
在享受就业创业税收政策时,无论是从事个体经营还是企业招录,建档立卡贫困人口无需提供任何证件证明。
【判断题】
纳税人享受个人所得税专项附加扣除的,学历教育和学历(学位)继续教育的期间,不包含因病或其他非主观原因休学但学籍继续保留的休学期间
【判断题】
纳税人同时从两处以上取得工资、薪金所得,并由扣缴义务人办理上述专项附加扣除的,对专项附加扣除不同项目,一个纳税年度内,纳税人只能选择从其中一处扣除。
【判断题】
纳税人年度中间更换工作单位的,在原单位任职、受雇期间已享受的专项附加扣除金额,不得在新任职、受雇单位扣除。
【判断题】
取得劳务报酬所得、稿酬所得、特许权使用费所得也可由扣缴义务人办理个人所得税专项附加扣除。
【判断题】
更换工作单位的纳税人,需要由新任职、受雇扣缴义务人办理专项附加扣除的,应当在入职的当月,填写并向扣缴义务人报送《扣除信息表》。
【判断题】
扣缴义务人应当将纳税人报送的专项附加扣除信息,在次月办理扣缴申报时一并报送至主管税务机关。
【判断题】
2019年王某在东方运输公司和太平洋保险公司同时任职取得工资,按规定他符合享受子女教育、继续教育、住房租金、赡养老人四项个人所得税专项附加条件,王某可以选择东方运输公司办理子女教育、继续教育专项附加扣除,同时选择太平洋保险公司办理住房租金、赡养老人专项附加扣除。
【判断题】
享受子女教育、继续教育、大病医疗、住房贷款利息或者住房租金、赡养老人专项附加扣除的纳税人,自符合条件开始,可以向支付工资、薪金所得的扣缴义务人提供上述专项附加扣除有关信息,由扣缴义务人在预扣预缴税款时,按其在本单位本年可享受的累计扣除额办理扣除;也可以在次年3月1日至6月30日内,向汇缴地主管税务机关办理汇算清缴申报时扣除。
【判断题】
子女教育专项附加扣除的扣除主体是子女的法定监护人,包括生父母、继父母、养父母,父母之外的其他人担任未成年人的法定监护人的,比照执行。
【判断题】
残障儿童接受的特殊教育,父母也可以扣除子女教育。
【判断题】
本科毕业之后,准备考研究生的期间,父母可以继续扣除子女教育。
【判断题】
子女6月高中毕业,9月上大学,7-8月父母可以继续扣除子女教育。
【判断题】
大学期间参军,学校保留学籍,父母可以按子女教育扣除。
【判断题】
张某参加了学历(学位)教育,最后没有取得学历(学位)证书,张某可以按规定享受继续教育扣除。
【判断题】
纳税人参加夜大、函授、现代远程教育、广播电视大学等教育,所读学校为其建立学籍档案的,可以享受学历(学位)继续教育扣除。
【判断题】
夫妻两人同时有符合条件的大病医疗支出,可以选择都在男方扣除,扣除限额分别计算,每人最高扣除限额为8万元,合计最高扣除限额为16万元。
【判断题】
张某父母的大病医疗支出可以选择在张某进行个人所得税专项附加扣除。
【判断题】
首套房的贷款还清后,贷款购买第二套房屋时,银行仍旧按照首套房贷款利率发放贷款,首套房没有享受过扣除,第二套房屋可以享受住房贷款利息扣除。
【判断题】
张某有一套住房,是公积金和商贷的组合贷款,公积金中心按首套贷款利率发放,商业银行贷款按普通商业银行贷款利率发放,张某可以享受住房贷款利率扣除。
