【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
推荐试题
【多选题】
电工仪表测量误差有哪几种表达形式?___
A. 偶然误差
B. 读数误差
C. 绝对误差
D. 相对误差
E. 引用误差
【多选题】
基尔霍夫定律有___。
A. 节点电流定律
B. 节点电压定律
C. 回路电压定律
D. 回路电流定律
E. 以上都是
【多选题】
并联电路的特点有___。
A. 电流与电阻成反比
B. 流过的电流相同
C. 功率与电阻成反比
D. 总电阻总是大于分电阻
E. 承受的电压相同
【多选题】
串联电路的特点有___。
A. 功率与电阻成反比
B. 电压与电阻成正比
C. 承受的电压相同
D. 总电阻总是大于分电阻
E. 流过的电流相同
【多选题】
电路的状态通常有___。
A. A、闭路
B. 回路
C. 短路
D. 开路
E. 以上都是
【多选题】
功率的单位有___。
A. 瓦[特]
B. 度电
C. 千瓦
D. 兆瓦
E. 毫瓦
【多选题】
电能的单位有 ___。
A. 焦[耳]
B. 伏特
C. 千瓦小时
D. 瓦[特]
E. 度电
【判断题】
运行中空压机打风不止,本站或下一站退出服务。
【判断题】
紧急制动制动命令一旦触发不需要列车停稳就能缓解。
【判断题】
在列车运行中,若警惕按钮松开后, 3S内重新按下有效,不会出现紧急制动。
【判断题】
一个或两个空压机图标黄色可继续运营,终点站复位压缩机控制微断开关(=34-F302)。
【判断题】
一个空压机图标红色,查看主司机台风压表,如果总风缸压力可以持续上升至600KPa及以上,继续运营。
【判断题】
察看司机室双针压力表,可以了解动车停放制动缸的压力。
【判断题】
车门紧急解锁被激活会导致列车产生紧急制动。
【判断题】
有ATP保护下,车门紧急解锁导致列车紧急制动。
【判断题】
列车常用制动压力为210±20kPa。
【判断题】
列车紧急制动压力为232±20kPa。
【判断题】
每台空调机组包含有两个单独运行的制冷循环。
【判断题】
SIV恢复正常工作后,TCMS立即撤销“扩展供电”指令,5S后再撤销“空调减载”指令。
【判断题】
TCMS从IO单元采集硬线指令,从MVB总线上采集牵引制动单元反馈的硬线指令,当二者发生4S以上不一致,触发紧急制动。
【判断题】
TCMS还检测显示器轮径值的有效性,判断轮径值是否在770mm~820mm之间,如果超出范围,TCMS在显示器上报警提示司机。
【判断题】
单个车门有故障需要切除时,门切除装置旁路了本车门电气回路。
【判断题】
列车运行中HSCB断开,在HMI屏中相应牵引逆变器正常。
【判断题】
接地故障引起的“高速断路器合”和“高速断路器分”灯不亮禁止重新合高速断路器。
【判断题】
运行中显示PECU报警,同时有报警声,按确认键后,继续运营。
【判断题】
运行中一个或两个辅助逆变器轻微故障,进行相应的处理后,无论故障消除与否继续运营。
【判断题】
运行中两个辅助逆变器严重故障,直接退出服务。
【判断题】
运行中一个DC/DC无论是轻微、中级、严重故障,都可继续运营。
【判断题】
当一台辅助逆变器发生故障时,另外一台会进行扩展供电。
【判断题】
蓄电池充电机自检完成后,检测到有1500V电压就自动启动工作。
【判断题】
当辅助逆变器故障时,按压司机室继电器柜MVB复位(=41-S101)按钮必须超过5S。
【判断题】
当辅助逆变器故障时,分合=31-F107时间间隔不少于5S。
【判断题】
一旦列车开始运行后,TCMS将锁定当前列车的方向信号,直到列车停止运行后才解锁。
【填空题】
1.___命令一旦触发需要列车停稳后方能缓解。
