【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
推荐试题
【单选题】
单位通知存款按存款单位通知的期限分为7天通知存款和( )天通知存款。 ___
【单选题】
存款单位可就同一账户内容申请开具( )单位存款证明书,农业银行对每份证明书按有关规定收取手续费。 ___
【单选题】
单位定期存款部分提前支取的,提前支取部分按支取日总行规定的( )存款利率计息。 ___
A. 三个月
B. 六个月
C. 一年
D. 活期
【单选题】
单位活期存款结息日为( )。 ___
A. 每月20日
B. 每月30日
C. 季度末月的20日
D. 季度末月的30日
【单选题】
存款单位申请办理单位定期存款,开户行审核相关证明文件并收妥票款后,为存款单位开具( )。 ___
A. 单位定期存单
B. 单位活期存单
C. 单位定期存款证实书
D. 定期一本通折
【单选题】
单位支取定期存款须采取( )方式 。 ___
A. 现金
B. 转账
C. 网银
D. 电话银行
【单选题】
单位定期存款部分提前支取后,留存部分不足起存金额的则( )。 ___
A. 续存
B. 无规定
C. 另开新存单
D. 清户
【单选题】
单位通知存款在到期日前,取款人可取消通知,并将原( )交回。 ___
A. 单位定期存款证实书
B. 单位定期存单
C. 单位活期存单
D. 通知存款取款通知书
【单选题】
协定存款协议的期限最长不超过( )年。 ___
【单选题】
扣划单位存款需到( )办理。 ___
A. 省内任意营业机构
B. 存款人开户的营业分支机构
C. 地市内任意营业机构
D. 指定营业机构
【单选题】
营业网点协助司法机关等部门查询业务,相关内容应登记《查询、冻结、扣划登记簿》并由有权机关执法人员和( )签字。 ___
A. 网点负责人
B. 低柜柜面经理
C. 后台柜面经理
D. 金融机构经办人
【单选题】
有权扣划存款的机关有税务机关、人民法院、( )。 ___
A. 人民检察院
B. 公安机关
C. 海关
D. 国家安全机关
【单选题】
查询、冻结、扣划存款通知书与解除冻结、扣划存款通知书由( )依法送达。 ___
A. 邮寄送达
B. 有权机关执法人员送达
C. 银行工作人员送达
D. 被执行人送达
【单选题】
保证金孳生息,按法定或当事人约定计入保证金账户或( )。 ___
A. 出资人结算账户
B. 单位结算账户
C. 个人结算账户
D. 内部账户
【单选题】
客户申请办理保证金账户要素维护业务,须填写《开立/变更保证金账户申请书》,交由( )审核。 ___
A. 信贷部门
B. 客户经理
C. 客户部门
D. 网点负责人
【单选题】
保证金资金来源于结算账户的,转出方结算账户信息应与( )一致。 ___
A. 合同账户
B. 借方凭证
C. 待核销过渡信息凭证
D. 追加账户
【单选题】
定期保证金账户允许( )。 ___
A. 部提一次
B. 部提二次
C. 部提三次
D. 部提多次
【单选题】
保证金合同账户无( )时才能销户。 ___
A. 追加账户
B. 凭证账户
C. 结算账户
D. 协定存款账户
【单选题】
对公非活期存款开户,执行优惠利率的,需提供经审批的优惠利率审批表 ___
A. 资产负债部门
B. 运营管理部门
C. 客户管理部门
D. 风险管理部门
【单选题】
对公通知存款支取金额不得低于最低取款额(等值人民币 万元) ___
【单选题】
支取后留存金额不得低于最低留存金额(等值人民币100万元)。 ___
【单选题】
基本存款账户是存款人因办理( )需要开立的银行结算账户 ___
A. 日常转账结算和现金收付
B. 借款转存
C. 特殊资金管理
D. 异地经营
【单选题】
存款人异地临时经营活动,可以申请开立临时存款账户 ___
A. 基本存款账户
B. 一般存款账户
C. 专用存款账户
D. 临时存款账户
【单选题】
CCS等级为( )的客户,禁止办理单位结算账户开户、变更、销户业务,并进行可疑交易报告。 ___
A. “低风险”
B. “中风险”
C. “高风险”
D. “禁止类”
【单选题】
开立QFII人民币结算账户,除开立基本存款账户规定的资料外还应提供证( )的证券投资业务许可证。 ___
A. 证券管理部门
B. 基金管理部门
C. 保险管理部门
D. 外汇管理部门
【单选题】
对账签约管理( )业务主要包括集中对账服务签约、集中对账服务解约、账单信息查询、账单信息管理、账单账户管理、账单账户信息查询等业务。 ___
【单选题】
对账单是指银行( )记录单位资金情况的记录单。分为余额对账单和明细对账单,余额对账单反映某一时点存款人银行账户账面余额,明细对账单记录某一时段内,存款人银行账户交易明细信息。 ___
【单选题】
账单号是由BoEing生产系统按照签约顺序自动产生的一个对账编号。账单号共12位,由省市代码(2位)+营业机构号(4位)+顺序号(6位)组成。 ___
【单选题】
对账账单名称是指银行与客户约定的,余额对账单上使用的( )名称。 ___
【单选题】
单位存款人在农业银行各级营业机构规范开立的( )账户、定期存款账户、通知存款账户、保证金账户和贷款账户,都在集中对账管理系统支持的对账范围之内。 ___
【单选题】
对账周期是余额核对的频率,包括按月、按季、按半年和默认( )种,只能四选一、不支持多选。按月、按季、按半年是指不论账户种类、余额、发生额等变化情况,对账周期一律按约定的执行。 ___
【单选题】
客户( )与我行办理对账服务的,要签订《银企对账服务协议》及《银企对账要素表》。 ___
A. 首次
B. 第二次
C. 第三次
D. 第四次
【单选题】
客户变更对账要素时,必须重新签订《银企对账要素表》,( )重新签订《银企对账服务协议》。 ___
【单选题】
对账( )包括对账基本信息、账单账户、对账方式、对账签章、对账周期和纸质账单寄送,以及网银对账操作人权限设置等。 ___
【单选题】
对账基本信息是对账工作开展的前提和基础,主要内容有单位名称、收件人、纸质账单寄送地址、邮政编码、对账联系人、联系电话、对账签约( )姓名和证件号码。 ___
A. 经办人
B. 复核人
C. 联系人
D. 证明人
【单选题】
账单账户是指同一份账单中所包括的客户账户。同一份账单中,可以只有一个账号,也可以有多个账号,最多不超过( )个。 ___
A. 999
B. 1999
C. 2999
D. 3999
【单选题】
营业( )遗留库外或遗留自助设备箱体外的,给予记大过至撤职处分;造成不良后果的,给予留用察看至开除处分。 ___
【单选题】
汇款错汇、( )无法追回且拒不承担赔偿责任的,给予记过至降级处分;造成不良后果的,给予撤职至开除处分。 ___
A. 重汇款
B. 正确汇款
C. 汇款不及时
D. 汇款金额无误
【单选题】
资金清算业务发生差错时,未按规定处理或( )的,给予警告至记过处分;造成不良后果的,给予记大过至降级处分;造成严重后果的,给予撤职至开除处分。 ___
A. 主动承担
B. 积极处理
C. 相互推诿
D. 承责态度
【单选题】
未按规定或违反国家外汇管理局对外币账户管理规定,为客户办理( )收付的,未造成严重后果的,给予警告至记大过处分;造成严重后果的,给予降级至留用察看处分。 ___
A. 外汇资金
B. 人民币
C. 票据
D. 单折
