【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
推荐试题
【单选题】
下列关于法的效力的说法正确的是___。
A. 法律不经公布,就不具有效力
B. 一切法律的效力级别高低和范围大小是由刑法、民法、行政法等基本法律所规定的
C. “法律仅仅适用于将来,没有溯及力”,这项规定在法学上被称为“从新原则”
D. 法律生效后,应该使一国之内的所有公民知晓,所谓“不知法者得免其罪”
【单选题】
下列有关法律责任的说法正确的是___。
A. 甲违章停车,暴力抗拒民警检查,并将其打成轻伤,则其除承担行政责任外,还将承担刑事责任
B. 甲、乙双方签订一份买卖合同,按照合同规定,甲应在合同签订后3日内向乙交付面粉10吨,在履行期内,乙享有民事权利而甲承担民事义务
C. 宪法是国家根本大法,其他基本法律都据此制定,所以,触犯了刑法中强制性规定的行为都是违宪行为,要承担违宪责任
D. 民事责任属于法定责任,因此不允许当事人协商免除
【单选题】
法与统治阶级道德的一致性,主要体现在___。
A. 相互渗透
B. 相辅相成
C. 都是统治阶级意志的体现
D. 都是上层建筑的组成部分
【单选题】
张某在城市街道上以滋扰方式乞讨,因不满民警态度生硬,在民警查处过程中暴力抗法。经媒体报道,人们议论纷纷,下列说法错误的是___。
A. 民警的执法行为具有权威性
B. 民警执法不仅要合法,还要强调公平合理,其执法方式应让一般社会公众能够接受
C. 如果老百姓认为执法不公,就有奋起反抗的权利
D. 守法是公民的义务,民警执法不当,可以采用行政复议、行政诉讼的方式寻求救济,暴力抗法显然是不对的
【单选题】
张某过马路闯红灯,司机李某开车躲闪不及将张某撞伤,法院查明李某没有违章,依据《道路交通安全法》的规定判李某承担10%的赔偿责任。关于本案,下列选项错误的是___。
A. 《道路交通安全法》属于正式的法的渊源
B. 违法行为并非是承担法律责任的唯一根源
C. 李某承担的是民事责任
D. 李某所承担的是一种竞合的责任
【单选题】
法的规范作用不包括___。
A. 对人的行为的指引作用
B. 判断、衡量人的行为合法与否的评价作用
C. 对一般人的行为产生影响的教育作用
D. 对社会经济生活各方面关系的调整作用
【单选题】
警卫国家规定的特定人员,守卫重要的场所和设施,是公安机关人民警察的法定职责。___
【单选题】
管理国籍事务,是公安机关人民警察的法定职责。___
【单选题】
维护国(边)境地区的治安秩序,不是公安机关人民警察的职责。___
【单选题】
监督管理计算机信息系统的安全保护工作,是公安机关人民警察的职责。___
【单选题】
陈某精神病发作期间,在甲县汽车站持刀砍伤5人、砍死1人,甲县公安局决定将其送往指定的场所加以监护。___
【单选题】
人民警察对有违反公安行政管理嫌疑的人员,可以直接带至公安机关继续盘问。___
【单选题】
对被盘问人的留置时间自被送入候问室之时起不得超过24小时。___
【单选题】
民警李某认为赵某有违法犯罪嫌疑且身份不明,可以直接决定对其继续盘问48小时。___
【单选题】
对涉嫌违反治安管理行为的法定最高处罚为警告、罚款或者其他非限制人身自由的行政处罚的人员,不得适用继续盘问。___
【单选题】
紧急情况下,公安机关的人民警察可以优先使用公共交通工具,但使用私人交通工具必须事先征得个人同意。___
【单选题】
公安机关因侦查犯罪的需要,必要时,按照国家有关规定,可以优先使用机关、团体、企业事业组织和个人的交通工具、通信工具、场地和建筑物,用后应当及时归还,并支付适当费用;造成损失的,应当赔偿。11、公安机关因侦查犯罪的需要,使用有关组织的交通工具造成损失的,由该组织自行承担修复费用。___
【单选题】
公安派出所为预防和制止严重危害社会治安秩序的行为,可以在一定的区域和时间,限制人员、车辆的通行或者停留,必要时可以决定实行交通管制。___
【单选题】
县级以上公安机关实行现场管制,必须报经省级公安机关和市级人民政府批准。___
【单选题】
公安机关的人民警察依照前款规定,可以采取必要手段强行驱散,并对拒不服从的人员强行带离现场或者立即予以拘留14、民警在现场管制时,可以采取必要手段强行驱散,对拒不服从的人员可以强行带离现场或者立即予以拘留。___
【单选题】
人民警察在非工作时间,遇有其职责范围内的紧急情况,应当履行职责。___
【单选题】
民警刘某下班回家路上听见有人在呼叫“有人抢劫”,由于已经下班,刘某可以不履行职责。___
【单选题】
人民警察对公民提出解决纠纷的要求,应当给予帮助。___
【单选题】
人民警察不得从事营利性的经营活动或者受雇于任何个人或者组织。___
【单选题】
年满22周岁的公民才能担任人民警察。___
【单选题】
具有法律专业大学专科以上学历,是担任人民警察领导职务的必备条件。___
【单选题】
人民警察认为决定和命令有错误的,可以按照规定提出意见,但不得中止或者改变决定和命令的执行。___
【单选题】
某派出所所长认为当地镇政府下达的要求派出所参加殡葬改革中“起尸火化”联合执法活动的指令超越人民警察的职责范围,他可以按照规定提出意见,但不得中止或者改变决定和命令的执行。___
【单选题】
上级公安机关对下级公安机关在执法活动中作出的错误决定,应当责令下级公安机关予以纠正,不能直接予以撤销。___
【单选题】
人民警察对超越法律、法规规定的人民警察职责范围的指令,有权拒绝执行,并同时向同级公安机关督察部门报告。___
【单选题】
对受处分的人民警察,应当同时降低或取消警衔。___
【单选题】
人民警察在执行职务中,侵犯公民或者组织的合法权益造成损害的,应当依照《国家赔偿法》和其他有关法律、法规的规定给予赔偿。___
【单选题】
对受奖励的人民警察,按照国家有关规定,可以提前晋升警衔,并给予一定的物质奖励。___
【单选题】
人民警察个人或者集体在工作中表现突出,有显著成绩和特殊贡献的,给予奖励。奖励分为:嘉奖、三等功、二等功、一等功、授予光荣称号。___
【单选题】
下列选项中属于公安机关人民警察法定职责的是___。
A. 维护社会治安秩序
B. 打击非法网络经营活动
C. 引导文化市场秩序
D. 维护市场公平竞争
【单选题】
下列选项中属于公安机关人民警察依法应履行的职责的有___。
A. 对被判处管制的罪犯执行刑罚
B. 对被判处拘役的罪犯执行刑罚
C. 对被判处没收财产的罪犯执行刑罚
D. 对被宣告缓刑的罪犯实行监督、考察
【单选题】
下列关于公安机关人民警察职责说法正确的是___。
A. 公安机关人民警察不负责管理外国人在中国旅行的有关事务
B. 对被判处管制的罪犯执行刑罚不是公安机关人民警察的法定职责
C. 负责管理外国人在中国境内居留事务的机关是外交部
D. 维护国(边)境地区的治安秩序不是公安机关人民警察的职责
【单选题】
甲县公安局民警李某认为已采取保护性约束措施的精神病人陈某需要送往指定单位、场所加以监护,应当报经___批准。
A. 县公安局
B. 县政府
C. 县卫生局
D. 办案部门
【单选题】
对被盘问人的继续盘问时间自___之时起不超过24小时。
A. 被盘问开始
B. 安全检查结束
C. 被关进候问室
D. 带至公安机关
【单选题】
根据《人民警察法》的规定,继续盘问时限延长至48小时的,应当报___审批。
A. 上一级公安机关
B. 办案部门负责人
C. 县级以上公安机关负责人
D. 公安派出所所长