【单选题】
Which about nested policy maps in a zone-based firewall is true ?___
A. They are limited to two leve ls in a hierarchical policy
B. Parent policies are previously defined policies that are defined by using the service policy command
C. A child policy is a new policy that uses a pre-existing policy.
D. A child policy is a new that uses a pre-existing policy
查看试卷,进入试卷练习
微信扫一扫,开始刷题
相关试题
【单选题】
In which configuration do you configure the ip ospf authentication key 1 command?___
A. routing process
B. interface
C. privileged
D. global
【单选题】
Which statement about command authorization and security contexts is true?___
A. If command authorization is configured, it must be enabled on all contexts.
B. The change to command invokes a new context session with the credentials of the currently
C. AAA settings are applied on a per-context basis
D. The enable. 15 user ang admins with chang to permission ha e dfferent command authorization levels pertontext
【单选题】
Which command do you enter to enable authentication for OSPF on an interface?___
A. router(config-if)#ip ospf message-digest-key 1 md5 CIS COPASS
B. router(config-if)#ip ospf authentication message-digest
C. router(config-if)#ip ospf authentication-key CISCOPASS
D. router(config-if)#area 0 authentication message-digest
【单选题】
What feature defines a campus area network?___
A. It has a single geographic location
B. It lacks external connectivity.
C. It has a limited number of segments.
D. It has limited or restricted Internet access
【单选题】
Which type of attack most commonly involves a direct attack on a network?___
A. :phishing
B. Trojan horse
C. denial of service
D. social engineering
【单选题】
What information does the key length provide in an encryption algorithm?___
A. the cipher block size
B. the hash bloc k size
C. the number of permutations
D. the packet size
【单选题】
How do you verify TaCACS+ connectivity to a device?___
A. You successfully log in to the device by using the local credentials
B. You connect via console port and receive the login prompt.
C. You connect to the device using SSH and receive the login prompt.
D. You successfully log in to the device by using ACS credentials
【单选题】
Which term best describes the concept of preventing the modification of data in transit and in storage?___
A. availability
B. confidentially
C. fidelity
D. integrity
【单选题】
Which loS command is used to define the authentication key for ntp?___
A. switch(config )#ntp authentication-key 1 mds Clcs
B. switch(config )#ntp authenticate
C. switch(config)#ntp trusted-key 1
D. switch(config)#ntp source 192.168.0.1
【单选题】
What is true about the cisco lOS Resilient Configuration feature ?___
A. The feature can be disabled through a remote session
B. There is additional space required to secure the primary cisco lOS image file.
C. The feature automatically detects image or configuration version mismatch.
D. Remote storage is used for securing files
【单选题】
When is the default deny all policy an exception in zone-based firewalls?___
A. when traffic terminates on the router via the self zone
B. when traffic traverses two interfaces in different zones
C. when traffic traverses two interfaces in the same zone
D. when traffic sources from the router via the self zone
【单选题】
.If an access port is assigned as an isolated port in a PVLAN, which network ports can it communicate with?___
A. promiscuous ports in the same PLVAN
B. isolated ports in the same PVLAN
C. all ports in the same PAVLAN at ILAR
D. all ports in the adjacent PVLAN
【单选题】
Which IPSEC mode is used to encypt traffic directly between a client and a server VPN endpoint?___
A. quick mode
B. transport mode
C. aggressive mode
D. tunnel mode
【单选题】
Which command do you enter to verify that a vpn connection is established between two endpoints and that the connection is passing traffic? ___
A. Firewall#sh crypto session
B. Firewall#debug crypto isakmp
C. Firewall#tsh crypto ipsec sa
D. Firewall#sh crypto isakmp sa
【单选题】
which type of Pvlan port allows communication from all port types?___
A. isolated
B. in -line
C. community
D. promiscuous
【单选题】
Which command do you enter to configure your firewall to conceal internal addresses?___
A. no ip directed-broadcast
B. no ip logging facility
C. no proxy-arp
D. no ip inspect audit-trial
E. no ip inspect
F. route
【单选题】
Which feature defines a campus area network? ___
A. It has a limited number of segments.
B. It has limited or restricted Internet access
C. It lacks ex1ternal connectivity.
D. It has a single geographic location
【单选题】
What technology can you use to provide data confidentiality data integrity and data origin authentication on your network?___
A. IPSec
B. Certificate Authority
C. IKE
D. Data
E. ncryption Standards
【单选题】
which standard is a hybrid protocol that uses oakley and skerne ke y exchanges is an ISAKMP framework?___
【单选题】
What is the actual los privilege level of User Exec mode?___
【单选题】
What is the effect of the asa command crypto isakmp nat-traversal?___
A. It opens port 500 only on the out side interface
B. It opens port 500 only on the inside interface
C. It opens port 4500 on all interfaces that are IPSec enabled
D. It opens port 4500 only on the out side interfac
【单选题】
Which Fire POWER preproce ssor engine is used to prevent SYN attacks?___
A. Inline normalization
B. IP Defragmentation
C. Ports can
D. etection
【单选题】
Which NAT type allows objects or groups to reference an IP address ?___
A. identity NAt
B. static NAT
C. dynamic
D. dynamic NAT
【单选题】
Which Auto NAT policies are processed first?___
A. Dynamic NAT with longest prefix
B. Dynamic NAT with shortest prefix
C. static NAT with longest prefix
D. static NAT with shortest prefix
【单选题】
Which feature allows a dynamic Pat pool to se lect the next address in the pat pool instead of the next port of an existing address?___
A. next IP
B. round robin
C. dynamic rotation
D. NAT address rotation
【单选题】
Which IPS detection method can you use to detect attacks that are based on the attackers IP address?___
A. anomally-based
B. policy-based
C. signature-based
D. reputation-based
【单选题】
Which type of encryption technology has the broadest platform support?___
A. software
B. middleware
C. file-level
D. hardware
【单选题】
Which type of address translation supports the initiation of comm unications bidirectionally ?___
A. multi-session PAT
B. dynamic NAT
C. dynamic PAT
D. static NAT
【单选题】
Which label is given to a person who uses existing computer scripts to hack into computers while lacking the expertise to write the own?___
A. script kiddy
B. white hat hacker
C. hacktivist
D. phreaker
【单选题】
What is the primary purpose of a defined rule in an IPS?___
A. to configure an event action that takes place when a signature is triggered
B. to define a set of actions that occur when a specific user logs in to the system
C. to configure an event action that is pre-defined by the system administrator
D. to detect internal attacks
【单选题】
Which option is the default valuce for the Diffie- Hell man group when configuring a site-to-site VPn on an asa device ?___
A. Group 1
B. Group 2
C. Group 5
D. Group 7
【单选题】
Which feature filters CoPP packets?___
A. access control lists
B. class maps
C. policy maps
D. route maps
【单选题】
Which command is used in global configuration mode to enable AAA?___
A. configure-model aaa
B. configure aaa-modelA
C. aaa new-model
D. aaa
E. XEC
【单选题】
Which statement about the given configuration is true?___
A. The single-connection command causes the device to establish one connection for all TACACS
B. The single-connection command causes the device to process one TacAcs request and then move to the next server
C. The timeout com mand causes the device to move to the next server after 20 seconds of TACACS inactive
【多选题】
What are two well-known security terms?___
A. phishing//网络钓鱼
B. ransomware //勒索软件
C. BPDU guard
D. LACP
E. hair-pinning
【多选题】
Which two commands must you enter to securely archive the primary bootset of a device___
A. router(config )#secure boot-config
B. router(config)#auto secure
C. router(config)#secure boot-image
D. router(config)#service passw ord-encryption
【多选题】
Which two functions can SIEM provide ?___
A. correlation between logs and events from multiple systems
B. event aggregation that allows for reduced log storage requirements
C. proactive malware analysis to block malicious traffic
D. dual-factor authentication
E. centralized firewall management
【多选题】
Which two features of Cisco Web Reputation tracking can mitigate web-based threats?___
A. buffer overflow filterin dhsuowip
B. Bayesian filters
C. web reputation filters
D. outbreak filtering
E. exploit filtering
【多选题】
What are two challenges when deploying host- level IPS? ___
A. The deployment must support multiple operating systems.
B. It is unable to provide a complete networ k picture of an attack.
C. It is unable to determine the outcome of e very attack that it detects
D. It does not provide protection for offsite computers
E. It is unable to detect fragmentation attacks
【多选题】
Which technology can be used to rate data fidelity and to provide an authenticated hash for data?___
A. file reputation
B. file analysis
C. signature updates
D. network blocking
推荐试题
【判断题】
塔式起重机在拆除作业中,机械不得同时回转、行走。
【判断题】
高处施工使用吊篮施行电焊作业时,为方便起见可以用吊篮钢丝绳代替接地线。
【判断题】
电动吊篮的配重应准确,并牢固地安装在配重点上。
【判断题】
施工单位应做好高处作业人员的安全教育及相关的安全预防工作。
【判断题】
将由配电线路及变电站(所)组成的网络称为电力网。
【判断题】
机械拆除时,应先拆除非承重结构,再拆除承重结构。
【判断题】
织带折头连接使用线缝,可使用铆钉、胶粘、热合等工艺。
【判断题】
使用多板式下降器时,工作绳被这几个短圆柱交叉叠压,倚靠绳子与短圆柱之间的摩擦力控制下降速度。
【判断题】
在处理受约束物体的动力学问题时,约束(即限值物运动的其他物体)常用理想的刚化模型简化。
【判断题】
处于高处作业状态,如脚手架,大型设备拆除时,必须使用安全带。
【判断题】
广告施工高处作业现场桁架、广告字等较大物体现场存放应留出合理通道按施工顺序码放。
【判断题】
高处作业吊篮使用中安全绳上端应与吊篮悬挂机构部件分开固定。
【判断题】
模板工程在绑扎钢筋、粉刷模板、支撑模板时应保证作业人员有可靠立足点,作业面应固定设置安全防护措施。
【判断题】
作业时,一旦发生自锁器失效,应坚持吧工作做完,再更换自锁器。
【判断题】
输电线路的建设工作分准备工作、施工安装、启动验收三个阶段。
【判断题】
施工外用电梯应按有关规定电梯轿厢内乘人、载物时,严禁超载,载荷应均匀分布,防止偏重。
【判断题】
广告施工中吊装重物时,重物应在吊钩正下方方可起吊。
【判断题】
采用双机抬吊作业时,施工中必须保持两台起重机同步作业。
【判断题】
输电电压特高压(UHV)是指550kV以上的电压等级。
【判断题】
施工操作人员必须严格遵守国家的法律、法规和企业的安全劳动纪律。
【判断题】
施工图是在建筑工程中十分准确的表达出建筑物外形轮廓、大小尺寸、结构构造和材料做法的图样。
【判断题】
坠落冲击发生后,自锁器在安全绳上的下滑距离最大不超过1m。
【判断题】
广告施工高处作业中如有人意外触电又无法立即切断电源,合理的施救方法是:用绝缘物将电源挑开。
【判断题】
施工现场临时用电必须按照国家现行标准《施工现场临时用电安全技术规范》(JGJ46)的有关规定执行。
【判断题】
拆除吊装作业的起重机司机,必须严格执行操作规程。
【判断题】
不准将电动吊篮作为垂直运输和载人设备使用。
【判断题】
使用座板式单人吊具作业时,距离高压线15m区域内无特殊安全防护措施禁止作业。
【判断题】
广告施工高处作业区域下方为保证行人和车辆安全通过,设置警示标志后不必设安全巡视人员。
【判断题】
高处作业的危险有害因素与工作环境系很大。
【判断题】
按性质和规律分,力学中常见的力有引力(重力)、弹性力、摩擦力、介质的阻力、电场力洛伦兹力等。
【判断题】
空调机的连接铜管,在连接之前,应封闭两端的端口。
【判断题】
外保温墙上安装空调室外机,固定三角架的膨胀螺栓必须是加长型的。
【判断题】
工作前应由使用人对使用的工具、器材进行检查。每季度进行一次全面检查。
【判断题】
排水立管暗装后吊直找正,校核预留甩口高度、方向是否正确。准确无误后进行防腐处理并用卡件固定牢固。
